feat(specs): update translation refactoring specs and add cli refactoring specs

- Update requirements, design, and tasks for cross-api-translation-refactoring
- Add initial specs for cli-god-object-refactoring
- Update CHANGELOG.md

Author: Mateusz

.kiro/specs/cli-god-object-refactoring/design.md

@@ -0,0 +1,134 @@
+# Requirements Document
+
+## Introduction
+
+This document specifies the requirements for refactoring `src/core/cli.py`, a 3.1k LOC "God Object" that violates multiple architectural principles. The CLI entry point currently contains significant business logic that should be distributed across specialized services following SOLID principles, DRY, proper DI container usage, and OOP design patterns. The refactoring must preserve all public APIs and maintain 100% backward compatibility while achieving a modular, layered architecture with strong separation of concerns.
+
+## Glossary
+
+- **CLI_Module**: The `src/core/cli.py` module serving as the command-line entry point for the LLM proxy server
+- **AppConfig**: The application configuration object (`src/core/config/app_config.py`) that holds all runtime settings
+- **ParameterResolution**: A tracking mechanism for recording the source of configuration parameters (CLI, env, config file)
+- **ArgumentParser**: The `argparse.ArgumentParser` instance that defines and parses CLI arguments
+- **ConfigurationApplicator**: A proposed service responsible for applying parsed CLI arguments to AppConfig
+- **ServerLifecycleManager**: A proposed service responsible for server startup, shutdown, and daemon mode handling
+- **PrivilegeChecker**: A proposed service responsible for cross-platform privilege/admin detection
+- **LoggingConfigurator**: A proposed service responsible for configuring logging based on AppConfig
+- **ErrorHandler**: A proposed service responsible for user-friendly error message formatting
+
+## Requirements
+
+### Requirement 1
+
+**User Story:** As a developer, I want the CLI argument parsing to be separated from configuration application, so that I can test and maintain each concern independently.
+
+#### Acceptance Criteria
+
+1. WHEN the CLI_Module parses arguments THEN the ArgumentParser SHALL be constructed by a dedicated `ArgumentParserBuilder` class
+2. WHEN CLI arguments are parsed THEN the CLI_Module SHALL delegate to a `ConfigurationApplicator` service for applying arguments to AppConfig
+3. WHEN the `ConfigurationApplicator` applies arguments THEN the service SHALL record parameter sources via ParameterResolution
+4. WHEN argument validation fails THEN the CLI_Module SHALL receive a structured error from the validation service
+5. WHEN a new CLI argument is added THEN the developer SHALL only need to modify the `ArgumentParserBuilder` and `ConfigurationApplicator`
+
+### Requirement 2
+
+**User Story:** As a developer, I want server lifecycle management extracted into a dedicated service, so that startup, shutdown, and daemon mode logic are testable in isolation.
+
+#### Acceptance Criteria
+
+1. WHEN the server starts THEN the ServerLifecycleManager SHALL coordinate port availability checks, privilege verification, and uvicorn startup
+2. WHEN daemon mode is requested THEN the ServerLifecycleManager SHALL handle platform-specific daemonization (Unix fork, Windows subprocess)
+3. WHEN the server encounters a startup error THEN the ServerLifecycleManager SHALL delegate to ErrorHandler for user-friendly messages
+4. WHEN multiple servers start (main + Anthropic) THEN the ServerLifecycleManager SHALL coordinate their concurrent execution
+5. WHEN the server shuts down THEN the ServerLifecycleManager SHALL ensure graceful cleanup of all resources
+
+### Requirement 3
+
+**User Story:** As a developer, I want privilege checking extracted into a dedicated service, so that cross-platform admin detection is reusable and testable.
+
+#### Acceptance Criteria
+
+1. WHEN privilege checking is invoked THEN the PrivilegeChecker SHALL detect admin/root status on Windows, Linux, and macOS
+2. WHEN running as admin without `--allow-admin` THEN the PrivilegeChecker SHALL raise a structured exception
+3. WHEN the platform lacks privilege functionality THEN the PrivilegeChecker SHALL return a safe default without crashing
+4. WHEN privilege checking is tested THEN the PrivilegeChecker SHALL accept injectable platform detection for mocking
+
+### Requirement 4
+
+**User Story:** As a developer, I want logging configuration extracted into a dedicated service, so that log setup is consistent and testable.
+
+#### Acceptance Criteria
+
+1. WHEN logging is configured THEN the LoggingConfigurator SHALL apply log level, file path, and color settings from AppConfig
+2. WHEN log file paths need timestamp suffixes THEN the LoggingConfigurator SHALL apply them consistently
+3. WHEN logging configuration fails THEN the LoggingConfigurator SHALL provide clear error messages
+4. WHEN the LoggingConfigurator is tested THEN it SHALL accept injectable logging handlers for verification
+
+### Requirement 5
+
+**User Story:** As a developer, I want error handling extracted into a dedicated service, so that user-friendly error messages are consistent and maintainable.
+
+#### Acceptance Criteria
+
+1. WHEN an application build error occurs THEN the ErrorHandler SHALL format a user-friendly message with actionable guidance
+2. WHEN OAuth token expiration is detected THEN the ErrorHandler SHALL provide specific re-authentication instructions
+3. WHEN API key errors occur THEN the ErrorHandler SHALL list required environment variables
+4. WHEN an unknown error occurs THEN the ErrorHandler SHALL provide generic troubleshooting guidance
+5. WHEN error messages are displayed THEN the ErrorHandler SHALL write to stderr with consistent formatting
+
+### Requirement 6
+
+**User Story:** As a developer, I want the `apply_cli_args` function decomposed into smaller, focused functions, so that each configuration domain is handled independently.
+
+#### Acceptance Criteria
+
+1. WHEN CLI arguments are applied THEN the ConfigurationApplicator SHALL delegate to domain-specific applicators (server, logging, backends, session, auth, etc.)
+2. WHEN a domain applicator processes arguments THEN it SHALL only modify its relevant configuration section
+3. WHEN environment variables are set THEN the domain applicator SHALL handle them within its scope
+4. WHEN a new configuration domain is added THEN the developer SHALL create a new domain applicator without modifying existing ones
+5. WHEN domain applicators are tested THEN each SHALL be testable in isolation with mock AppConfig
+
+### Requirement 7
+
+**User Story:** As a developer, I want the refactored CLI to maintain 100% backward compatibility, so that existing scripts and integrations continue to work.
+
+#### Acceptance Criteria
+
+1. WHEN the refactored CLI is invoked THEN all existing command-line arguments SHALL be accepted with identical behavior
+2. WHEN the refactored CLI produces output THEN log messages and error formats SHALL match the original implementation
+3. WHEN the refactored CLI is tested THEN all existing CLI tests SHALL pass without modification
+4. WHEN the `main()` function is called THEN its signature and behavior SHALL remain unchanged
+5. WHEN `parse_cli_args()` or `apply_cli_args()` are called externally THEN their signatures and return types SHALL remain unchanged
+
+### Requirement 8
+
+**User Story:** As a developer, I want the refactored code to follow proper dependency injection patterns, so that services are loosely coupled and testable.
+
+#### Acceptance Criteria
+
+1. WHEN services are instantiated THEN they SHALL receive dependencies through constructor injection
+2. WHEN services need configuration THEN they SHALL receive AppConfig or relevant subsections through injection
+3. WHEN services are tested THEN mock dependencies SHALL be injectable without modifying production code
+4. WHEN the DI container is used THEN services SHALL be registered and resolved through the container
+
+### Requirement 9
+
+**User Story:** As a developer, I want the refactored code to have comprehensive test coverage, so that regressions are caught early.
+
+#### Acceptance Criteria
+
+1. WHEN new services are created THEN each SHALL have unit tests covering its public methods
+2. WHEN the refactoring is complete THEN the full test suite SHALL pass with zero regressions
+3. WHEN edge cases are identified THEN property-based tests SHALL verify behavior across input ranges
+4. WHEN integration points are modified THEN integration tests SHALL verify end-to-end behavior
+
+### Requirement 10
+
+**User Story:** As a developer, I want the refactored code organized into a clear module structure, so that related functionality is easy to locate.
+
+#### Acceptance Criteria
+
+1. WHEN the refactoring is complete THEN new services SHALL reside in `src/core/cli/` subdirectory
+2. WHEN the CLI module is imported THEN the public API SHALL be exposed through `src/core/cli/__init__.py`
+3. WHEN a developer looks for CLI-related code THEN the module structure SHALL clearly indicate each service's purpose
+4. WHEN the original `cli.py` is retained THEN it SHALL serve as a thin facade delegating to the new services

.kiro/specs/cli-god-object-refactoring/requirements.md

@@ -0,0 +1,180 @@
+# Implementation Plan
+
+- [ ] 1. Set up package structure and base interfaces
+  - [ ] 1.1 Create `src/core/cli/` package directory structure
+    - Create `src/core/cli/__init__.py` with public API exports
+    - Create `src/core/cli/applicators/__init__.py` for domain applicators
+    - _Requirements: 10.1, 10.2, 10.3_
+  - [ ] 1.2 Define `DomainApplicator` protocol and base types
+    - Create `src/core/cli/protocols.py` with `DomainApplicator` protocol
+    - Define common type aliases and constants
+    - _Requirements: 6.1, 8.1, 8.2_
+  - [ ] 1.3 Write property test for domain applicator isolation
+    - **Property 3: Domain Applicator Isolation**
+    - **Validates: Requirements 6.2**
+
+- [ ] 2. Extract ArgumentParserBuilder
+  - [ ] 2.1 Create `ArgumentParserBuilder` class
+    - Create `src/core/cli/argument_parser_builder.py`
+    - Extract `build_cli_parser()` logic into builder methods organized by domain
+    - Implement `_add_server_arguments`, `_add_backend_arguments`, `_add_logging_arguments`, etc.
+    - _Requirements: 1.1, 1.5_
+  - [ ] 2.2 Update `cli.py` to use `ArgumentParserBuilder`
+    - Replace `build_cli_parser()` with delegation to `ArgumentParserBuilder().build()`
+    - Maintain backward compatibility of `build_cli_parser()` function signature
+    - _Requirements: 7.1, 7.5_
+  - [ ] 2.3 Write unit tests for ArgumentParserBuilder
+    - Test that all expected arguments are present
+    - Test argument groups are correctly organized
+    - _Requirements: 9.1_
+
+- [ ] 3. Extract domain applicators
+  - [ ] 3.1 Create ServerApplicator
+    - Create `src/core/cli/applicators/server_applicator.py`
+    - Extract host, port, timeout, command_prefix, context_window logic
+    - _Requirements: 6.1, 6.2_
+  - [ ] 3.2 Create LoggingApplicator
+    - Create `src/core/cli/applicators/logging_applicator.py`
+    - Extract log_file, log_level, capture settings, CBOR capture logic
+    - _Requirements: 6.1, 6.2_
+  - [ ] 3.3 Create BackendApplicator
+    - Create `src/core/cli/applicators/backend_applicator.py`
+    - Extract default_backend, API keys, static_route, hybrid settings, debugging overrides
+    - _Requirements: 6.1, 6.2_
+  - [ ] 3.4 Create SessionApplicator
+    - Create `src/core/cli/applicators/session_applicator.py`
+    - Extract session flags, planning phase, tool access, pytest settings
+    - _Requirements: 6.1, 6.2_
+  - [ ] 3.5 Create AuthApplicator
+    - Create `src/core/cli/applicators/auth_applicator.py`
+    - Extract auth flags, SSO settings, brute force protection
+    - _Requirements: 6.1, 6.2_
+  - [ ] 3.6 Create AssessmentApplicator
+    - Create `src/core/cli/applicators/assessment_applicator.py`
+    - Extract LLM assessment configuration
+    - _Requirements: 6.1, 6.2_
+  - [ ] 3.7 Create MemoryApplicator
+    - Create `src/core/cli/applicators/memory_applicator.py`
+    - Extract ProxyMem configuration
+    - _Requirements: 6.1, 6.2_
+  - [ ] 3.8 Create FailureHandlingApplicator
+    - Create `src/core/cli/applicators/failure_handling_applicator.py`
+    - Extract failure handling configuration
+    - _Requirements: 6.1, 6.2_
+  - [ ] 3.9 Create additional applicators for remaining domains
+    - Create `EditPrecisionApplicator`, `IdentityApplicator`, `RoutingApplicator`, `CompactionApplicator`
+    - _Requirements: 6.1, 6.2_
+  - [ ] 3.10 Write unit tests for domain applicators
+    - Test each applicator modifies only its domain
+    - Test environment variable handling
+    - _Requirements: 6.5, 9.1_
+
+- [ ] 4. Checkpoint - Ensure all tests pass
+  - Ensure all tests pass, ask the user if questions arise.
+
+- [ ] 5. Extract ConfigurationApplicator
+  - [ ] 5.1 Create `ConfigurationApplicator` class
+    - Create `src/core/cli/configuration_applicator.py`
+    - Implement coordination of domain applicators
+    - Handle ParameterResolution recording
+    - _Requirements: 1.2, 1.3, 6.1_
+  - [ ] 5.2 Update `cli.py` to use `ConfigurationApplicator`
+    - Replace `apply_cli_args()` internals with delegation to `ConfigurationApplicator`
+    - Maintain backward compatibility of `apply_cli_args()` signature
+    - _Requirements: 7.1, 7.5_
+  - [ ] 5.3 Write property test for argument parsing round-trip
+    - **Property 1: Argument Parsing Round-Trip Consistency**
+    - **Validates: Requirements 1.1, 1.2, 7.1**
+  - [ ] 5.4 Write property test for parameter source recording
+    - **Property 2: Parameter Source Recording Completeness**
+    - **Validates: Requirements 1.3**
+
+- [ ] 6. Extract ErrorHandler
+  - [ ] 6.1 Create `ErrorHandler` class
+    - Create `src/core/cli/error_handler.py`
+    - Extract `_handle_application_build_error()` logic
+    - Implement `ErrorType` enum and `classify_error()` method
+    - Implement specialized message formatters
+    - _Requirements: 5.1, 5.2, 5.3, 5.4, 5.5_
+  - [ ] 6.2 Update `cli.py` to use `ErrorHandler`
+    - Replace `_handle_application_build_error()` with delegation to `ErrorHandler`
+    - _Requirements: 5.1_
+  - [ ] 6.3 Write property test for error classification
+    - **Property 4: Error Classification Consistency**
+    - **Validates: Requirements 5.1, 5.2, 5.3, 5.4**
+
+- [ ] 7. Extract LoggingConfigurator
+  - [ ] 7.1 Create `LoggingConfigurator` class
+    - Create `src/core/cli/logging_configurator.py`
+    - Extract `_configure_logging()`, `_with_timestamp_suffix()`, `_apply_pid_suffixes()` logic
+    - _Requirements: 4.1, 4.2, 4.3_
+  - [ ] 7.2 Update `cli.py` to use `LoggingConfigurator`
+    - Replace logging configuration functions with delegation to `LoggingConfigurator`
+    - _Requirements: 4.1_
+  - [ ] 7.3 Write property test for timestamp suffix format
+    - **Property 5: Timestamp Suffix Format Validity**
+    - **Validates: Requirements 4.2**
+
+- [ ] 8. Extract PrivilegeChecker
+  - [ ] 8.1 Create `PrivilegeChecker` class with injectable platform detector
+    - Create `src/core/cli/privilege_checker.py`
+    - Extract `_is_admin()`, `_has_privilege_functionality()`, `_check_privileges()` logic
+    - Define `PlatformDetector` protocol for testability
+    - _Requirements: 3.1, 3.2, 3.3, 3.4_
+  - [ ] 8.2 Update `cli.py` to use `PrivilegeChecker`
+    - Replace privilege checking functions with delegation to `PrivilegeChecker`
+    - _Requirements: 3.1_
+  - [ ] 8.3 Write property test for privilege enforcement
+    - **Property 6: Privilege Check Enforcement**
+    - **Validates: Requirements 3.2**
+
+- [ ] 9. Checkpoint - Ensure all tests pass
+  - Ensure all tests pass, ask the user if questions arise.
+
+- [ ] 10. Extract ServerLifecycleManager
+  - [ ] 10.1 Create `ServerLifecycleManager` class
+    - Create `src/core/cli/server_lifecycle_manager.py`
+    - Extract `is_port_in_use()`, `_daemonize()`, `_maybe_run_as_daemon()` logic
+    - Implement server startup coordination
+    - _Requirements: 2.1, 2.2, 2.3, 2.4, 2.5_
+  - [ ] 10.2 Update `cli.py` to use `ServerLifecycleManager`
+    - Replace server lifecycle logic in `main()` with delegation to `ServerLifecycleManager`
+    - _Requirements: 2.1_
+  - [ ] 10.3 Write unit tests for ServerLifecycleManager
+    - Test port availability checking
+    - Test daemon mode handling
+    - Test server coordination
+    - _Requirements: 9.1_
+
+- [ ] 11. Refactor main() to thin facade
+  - [ ] 11.1 Simplify `main()` function
+    - Reduce `main()` to orchestration of extracted services
+    - Ensure all business logic is delegated to services
+    - _Requirements: 10.4_
+  - [ ] 11.2 Update `src/core/cli/__init__.py` with public API
+    - Export `parse_cli_args`, `apply_cli_args`, `main`, `build_cli_parser`
+    - Export `ArgumentParserBuilder`, `ConfigurationApplicator` for advanced usage
+    - _Requirements: 10.2, 7.4, 7.5_
+  - [ ] 11.3 Write property test for public API signature preservation
+    - **Property 7: Public API Signature Preservation**
+    - **Validates: Requirements 7.4, 7.5**
+
+- [ ] 12. Checkpoint - Ensure all tests pass
+  - Ensure all tests pass, ask the user if questions arise.
+
+- [ ] 13. Backward compatibility verification
+  - [ ] 13.1 Run existing CLI tests
+    - Execute all tests in `tests/` related to CLI functionality
+    - Verify zero test modifications required
+    - _Requirements: 7.3, 9.2_
+  - [ ] 13.2 Run full test suite
+    - Execute `./.venv/Scripts/python.exe -m pytest -m "integration or unit"`
+    - Verify zero regressions
+    - _Requirements: 9.2_
+  - [ ] 13.3 Write integration tests for end-to-end CLI behavior
+    - Test full CLI invocation with various argument combinations
+    - Verify output matches original implementation
+    - _Requirements: 7.2, 9.4_
+
+- [ ] 14. Final Checkpoint - Ensure all tests pass
+  - Ensure all tests pass, ask the user if questions arise.