# Provider Feature Manifests
`CliSubprocessCore.ProviderFeatures` is the public, canonical metadata layer for
the built-in provider profiles.
It exists so higher-level adapter layers can discover provider-native
terminology and partial common-surface support without reimplementing profile
knowledge in separate lookup tables.
## What It Owns
- provider-native permission mode metadata
- rendered CLI args for those permission modes
- partial feature manifests for built-in providers
Today the partial-feature manifest covers Ollama-backed model routing and the
permission metadata covers each first-party provider's native permission
terminology.
## Permission Metadata
Use `permission_mode!/2` or `permission_args/2` when a caller needs to present
or render the provider-native form of a normalized approval choice.
```elixir
iex> CliSubprocessCore.ProviderFeatures.permission_mode!(:codex, :yolo)
%{
native_mode: :yolo,
cli_args: ["--dangerously-bypass-approvals-and-sandbox"],
cli_excerpt: "--dangerously-bypass-approvals-and-sandbox",
label: "yolo"
}
iex> CliSubprocessCore.ProviderFeatures.permission_args(:amp, :dangerously_allow_all)
["--dangerously-allow-all"]
iex> CliSubprocessCore.ProviderFeatures.permission_args(:cursor, :bypass)
["--force"]
iex> CliSubprocessCore.ProviderFeatures.permission_args(:cursor, :plan)
["--mode", "plan"]
iex> CliSubprocessCore.ProviderFeatures.permission_args(:antigravity, :bypass)
["--dangerously-skip-permissions"]
```
This keeps provider profiles authoritative for the real CLI contract while
still giving adapter layers a stable public lookup surface.
Important boundary:
- this metadata is about provider-native permission terminology and rendered
CLI args
- it is not a general sandbox, approval-policy, or thread-options catalog
- if a provider has extra knobs outside the shared permission concept, those
remain in the provider profile or the provider SDK layer
Examples:
- Codex `--dangerously-bypass-approvals-and-sandbox` appears here because it is
the provider-native rendering of a permission choice
- Cursor `:ask` is not a permission mode. It is an operational Cursor `mode`
rendered by the Cursor profile or SDK as `--mode ask`.
- Antigravity `--sandbox` is provider-native runtime behavior, while
`--dangerously-skip-permissions` is the permission-mode rendering.
## Partial Features
Use `partial_feature!/2` when you need to know whether a built-in provider
supports a feature that is shared by some, but not all, providers.
```elixir
iex> CliSubprocessCore.ProviderFeatures.partial_feature!(:claude, :ollama)
%{
supported?: true,
activation: %{provider_backend: :ollama},
model_strategy: :canonical_or_direct_external,
notes: [...]
}
```
Codex's manifest also carries compatibility metadata for the shared Ollama
route:
```elixir
iex> CliSubprocessCore.ProviderFeatures.partial_feature!(:codex, :ollama)
%{
supported?: true,
activation: %{provider_backend: :oss, oss_provider: "ollama"},
model_strategy: :direct_external,
compatibility: %{
acceptance: :runtime_validated_external_model,
default_model: "gpt-oss:20b",
validated_models: ["gpt-oss:20b"]
},
notes: [...]
}
```
Current built-in `:ollama` support:
- Claude: supported through `provider_backend: :ollama`
- Codex: supported through `provider_backend: :oss, oss_provider: "ollama"`
- Cursor: unsupported on the common CLI surface
- Amp: unsupported on the common CLI surface
- Antigravity: unsupported on the common CLI surface
For Codex, the compatibility manifest describes the validated default and the
acceptance rule separately:
- acceptance: any Ollama model that passes runtime validation
- validated default: `gpt-oss:20b`
- non-default models: allowed, but may run with upstream fallback metadata
## Design Rule
`CliSubprocessCore.ProviderFeatures` should only describe built-in provider
profile behavior that the core itself owns.
It should not become a generic SDK catalog or an adapter-specific policy layer.
Higher-level packages such as ASM may wrap this metadata to describe their own
common surfaces, but the source of truth for built-in CLI behavior stays here.
## Session-Control Capability Vocabulary
Provider manifests may now advertise the following session-control capabilities
when the runtime really supports them:
- `:session_history`
- `:session_resume`
- `:session_pause`
- `:session_intervene`
These names are intentionally shared with the upper orchestration layers. A
profile should only publish them when the runtime can surface a truthful
provider-native history/resume/pause path; the manifest is not the place for
speculative claims.