llm-cli-gateway 1.0.1 → 1.4.0

package/dist/optimizer.js

@@ -5,18 +5,18 @@ const COURTESY_PATTERNS = [
     /\bI would like\b\s*/gi,
     /\bI need you to\b\s*/gi,
     /\bI just implemented\b\s*/gi,
-    /\bPlease do the following:?\s*/gi
+    /\bPlease do the following:?\s*/gi,
 ];
 const ADJECTIVE_PATTERNS = [
     /\bcomprehensive\b/gi,
     /\bdetailed\b/gi,
     /\bthorough\b/gi,
     /\boverall\b/gi,
-    /\bcritical\b/gi
+    /\bcritical\b/gi,
 ];
 const TASK_PREFIXES = [
     /^(First|Then|After that|Finally),?\s*/i,
-    /^(First|Then|After that|Finally),?\s*you should\s*/i
+    /^(First|Then|After that|Finally),?\s*you should\s*/i,
 ];
 export function estimateTokens(text) {
     const trimmed = text.trim();
@@ -49,15 +49,15 @@ function optimizeText(text, mode) {
 function optimizeSegment(segment, mode) {
     const inlineParts = segment.split(/(`[^`]*`)/g);
     return inlineParts
-        .map((part) => (part.startsWith("`") ? part : optimizePlain(part, mode)))
+        .map(part => (part.startsWith("`") ? part : optimizePlain(part, mode)))
         .join("");
 }
 function optimizePlain(text, mode) {
     let output = text;
-    COURTESY_PATTERNS.forEach((pattern) => {
+    COURTESY_PATTERNS.forEach(pattern => {
         output = output.replace(pattern, "");
     });
-    ADJECTIVE_PATTERNS.forEach((pattern) => {
+    ADJECTIVE_PATTERNS.forEach(pattern => {
         output = output.replace(pattern, "");
     });
     output = output.replace(/\bfound in the [^:.\n]+/gi, "");
@@ -147,7 +147,7 @@ function compressTaskLists(text) {
 }
 function cleanTaskItem(item) {
     let cleaned = item.trim();
-    TASK_PREFIXES.forEach((pattern) => {
+    TASK_PREFIXES.forEach(pattern => {
         cleaned = cleaned.replace(pattern, "");
     });
     cleaned = cleaned.replace(/^you should\s*/i, "");
@@ -157,7 +157,7 @@ function cleanTaskItem(item) {
 }
 function applyArrowNotation(text) {
     const lines = text.split("\n");
-    const output = lines.map((line) => {
+    const output = lines.map(line => {
         let updated = line;
         updated = updated.replace(/\bChange\s+(?:the\s+)?([A-Za-z][\w-]*)\s+to\s+(?:a\s+|an\s+)?([A-Za-z][\w-]*)([.!?]|$)/gi, (_m, from, to, end) => {
             return `${from.trim()} → ${to.trim()}${end || ""}`;
@@ -172,7 +172,7 @@ function applyArrowNotation(text) {
 }
 function applySlashNotation(text) {
     const lines = text.split("\n");
-    const output = lines.map((line) => {
+    const output = lines.map(line => {
         const trimmed = line.trim();
         if (trimmed.length < 50 && /^[A-Za-z0-9][A-Za-z0-9\s/&-]+$/.test(trimmed)) {
             return line.replace(/\s+and\s+/, "/");

package/dist/process-monitor.js

@@ -68,7 +68,14 @@ export class ProcessMonitor {
         }
         catch (err) {
             if (err.code === "ESRCH") {
-                return { pid, alive: false, state: null, cpuPercent: null, memoryRssKb: null, sampledAt: now };
+                return {
+                    pid,
+                    alive: false,
+                    state: null,
+                    cpuPercent: null,
+                    memoryRssKb: null,
+                    sampledAt: now,
+                };
             }
             // EPERM = process exists but we can't signal it
             if (err.code === "EPERM") {
@@ -87,7 +94,7 @@ export class ProcessMonitor {
                 const totalJiffies = getTotalCpuJiffies();
                 const prev = this.prevSamples.get(pid);
                 if (prev && totalJiffies !== null) {
-                    const processJiffiesDelta = (parsed.utime + parsed.stime) - (prev.utime + prev.stime);
+                    const processJiffiesDelta = parsed.utime + parsed.stime - (prev.utime + prev.stime);
                     const totalJiffiesDelta = totalJiffies - prev.totalJiffies;
                     if (totalJiffiesDelta > 0) {
                         cpuPercent = (processJiffiesDelta / totalJiffiesDelta) * 100;
@@ -96,8 +103,10 @@ export class ProcessMonitor {
                 // Store for next delta
                 if (totalJiffies !== null) {
                     this.prevSamples.set(pid, {
-                        utime: parsed.utime, stime: parsed.stime,
-                        totalJiffies, timestamp: Date.now()
+                        utime: parsed.utime,
+                        stime: parsed.stime,
+                        totalJiffies,
+                        timestamp: Date.now(),
                     });
                 }
             }
@@ -121,17 +130,24 @@ export class ProcessMonitor {
             const runningForMs = Date.now() - new Date(job.startedAt).getTime();
             if (!job.pid) {
                 return {
-                    jobId: job.jobId, cli: job.cli, status: job.status,
-                    processHealth: null, isDead: false, isZombie: false, runningForMs
+                    jobId: job.jobId,
+                    cli: job.cli,
+                    status: job.status,
+                    processHealth: null,
+                    isDead: false,
+                    isZombie: false,
+                    runningForMs,
                 };
             }
             const health = this.sampleProcess(job.pid);
             return {
-                jobId: job.jobId, cli: job.cli, status: job.status,
+                jobId: job.jobId,
+                cli: job.cli,
+                status: job.status,
                 processHealth: health,
                 isDead: job.status === "running" && !health.alive,
                 isZombie: job.status === "running" && health.state === "Z",
-                runningForMs
+                runningForMs,
             };
         });
     }

package/dist/request-helpers.d.ts

@@ -18,8 +18,56 @@ export declare function validateSessionId(sessionId: string): void;
  * Pure function: determine --resume args and session provenance from request flags.
  * Does NOT perform any session I/O — callers handle create/update separately.
  */
+/**
+ * Reject CLI arg values that start with "-" to prevent argument injection.
+ * spawn() doesn't invoke a shell so there's no shell injection, but a value
+ * like "--dangerously-skip-permissions" passed as a tool name would be
+ * interpreted as a flag by the child CLI.
+ */
+export declare function sanitizeCliArgValues(values: string[], fieldName: string): string[];
 export declare function resolveSessionResumeArgs(opts: {
     sessionId?: string;
     resumeLatest?: boolean;
     createNewSession?: boolean;
 }): SessionResumeResult;
+/**
+ * Codex-specific resume planning.
+ *
+ * Codex CLI ≥ 0.30 exposes session resume as a subcommand (`codex exec resume`),
+ * not a flag pair like Claude/Gemini/Grok. So we can't return a simple list of
+ * args — we describe the *mode* and let the caller branch when building argv:
+ *
+ *   - "new"            → `codex exec [...flags] PROMPT`
+ *   - "resume-by-id"   → `codex exec resume [...resume-safe flags] <SESSION_ID> PROMPT`
+ *   - "resume-latest"  → `codex exec resume --last [...resume-safe flags] PROMPT`
+ *
+ * `codex exec resume` rejects `--full-auto`; the original session's approval
+ * policy is inherited. Callers MUST filter `--full-auto` out of the flag set
+ * when mode is one of the resume forms (see `prepareCodexRequest`).
+ *
+ * `sessionId` MUST be a real Codex session UUID (as recorded under
+ * `~/.codex/sessions/`). Gateway-generated `gw-*` IDs are rejected, since
+ * they are bookkeeping handles and would 404 against `codex resume`.
+ */
+export type CodexSessionMode = "new" | "resume-by-id" | "resume-latest";
+export interface CodexSessionPlan {
+    mode: CodexSessionMode;
+    /** Real Codex session UUID. Present only when mode === "resume-by-id". */
+    sessionId?: string;
+}
+export declare function resolveCodexSessionArgs(opts: {
+    sessionId?: string;
+    resumeLatest?: boolean;
+    createNewSession?: boolean;
+}): CodexSessionPlan;
+/**
+ * Grok-specific resume args. Grok accepts `--resume <id>` to resume a named session,
+ * and `--continue` to resume the most recent session for the current working directory.
+ * Unlike `resolveSessionResumeArgs`, "resume latest" maps to `--continue` (not `--resume latest`)
+ * because Grok would interpret a literal "latest" as a session ID.
+ */
+export declare function resolveGrokSessionArgs(opts: {
+    sessionId?: string;
+    resumeLatest?: boolean;
+    createNewSession?: boolean;
+}): SessionResumeResult;

package/dist/request-helpers.js

@@ -17,16 +17,78 @@ export function validateSessionId(sessionId) {
  * Pure function: determine --resume args and session provenance from request flags.
  * Does NOT perform any session I/O — callers handle create/update separately.
  */
+/**
+ * Reject CLI arg values that start with "-" to prevent argument injection.
+ * spawn() doesn't invoke a shell so there's no shell injection, but a value
+ * like "--dangerously-skip-permissions" passed as a tool name would be
+ * interpreted as a flag by the child CLI.
+ */
+export function sanitizeCliArgValues(values, fieldName) {
+    for (const v of values) {
+        if (v.startsWith("-")) {
+            throw new Error(`Invalid ${fieldName} value "${v}": values must not start with "-" (argument injection prevention)`);
+        }
+    }
+    return values;
+}
 export function resolveSessionResumeArgs(opts) {
     if (opts.createNewSession) {
         return { resumeArgs: [], effectiveSessionId: undefined, userProvidedSession: false };
     }
     if (opts.resumeLatest && !opts.sessionId) {
-        return { resumeArgs: ["--resume", "latest"], effectiveSessionId: undefined, userProvidedSession: false };
+        return {
+            resumeArgs: ["--resume", "latest"],
+            effectiveSessionId: undefined,
+            userProvidedSession: false,
+        };
+    }
+    if (opts.sessionId) {
+        validateSessionId(opts.sessionId);
+        return {
+            resumeArgs: ["--resume", opts.sessionId],
+            effectiveSessionId: opts.sessionId,
+            userProvidedSession: true,
+        };
+    }
+    return { resumeArgs: [], effectiveSessionId: undefined, userProvidedSession: false };
+}
+export function resolveCodexSessionArgs(opts) {
+    if (opts.createNewSession) {
+        return { mode: "new" };
+    }
+    if (opts.sessionId) {
+        validateSessionId(opts.sessionId);
+        return { mode: "resume-by-id", sessionId: opts.sessionId };
+    }
+    if (opts.resumeLatest) {
+        return { mode: "resume-latest" };
+    }
+    return { mode: "new" };
+}
+/**
+ * Grok-specific resume args. Grok accepts `--resume <id>` to resume a named session,
+ * and `--continue` to resume the most recent session for the current working directory.
+ * Unlike `resolveSessionResumeArgs`, "resume latest" maps to `--continue` (not `--resume latest`)
+ * because Grok would interpret a literal "latest" as a session ID.
+ */
+export function resolveGrokSessionArgs(opts) {
+    if (opts.createNewSession) {
+        return { resumeArgs: [], effectiveSessionId: undefined, userProvidedSession: false };
+    }
+    if (opts.resumeLatest && !opts.sessionId) {
+        return {
+            resumeArgs: ["--continue"],
+            effectiveSessionId: undefined,
+            userProvidedSession: false,
+        };
     }
     if (opts.sessionId) {
         validateSessionId(opts.sessionId);
-        return { resumeArgs: ["--resume", opts.sessionId], effectiveSessionId: opts.sessionId, userProvidedSession: true };
+        return {
+            resumeArgs: ["--resume", opts.sessionId],
+            effectiveSessionId: opts.sessionId,
+            userProvidedSession: true,
+        };
     }
     return { resumeArgs: [], effectiveSessionId: undefined, userProvidedSession: false };
 }

package/dist/resources.js

@@ -18,8 +18,8 @@ export class ResourceProvider {
                 annotations: {
                     audience: ["user", "assistant"],
                     priority: 0.7,
-                    lastModified: new Date().toISOString()
-                }
+                    lastModified: new Date().toISOString(),
+                },
             },
             {
                 uri: "sessions://claude",
@@ -29,8 +29,8 @@ export class ResourceProvider {
                 mimeType: "application/json",
                 annotations: {
                     audience: ["user", "assistant"],
-                    priority: 0.6
-                }
+                    priority: 0.6,
+                },
             },
             {
                 uri: "sessions://codex",
@@ -40,8 +40,8 @@ export class ResourceProvider {
                 mimeType: "application/json",
                 annotations: {
                     audience: ["user", "assistant"],
-                    priority: 0.6
-                }
+                    priority: 0.6,
+                },
             },
             {
                 uri: "sessions://gemini",
@@ -51,8 +51,19 @@ export class ResourceProvider {
                 mimeType: "application/json",
                 annotations: {
                     audience: ["user", "assistant"],
-                    priority: 0.6
-                }
+                    priority: 0.6,
+                },
+            },
+            {
+                uri: "sessions://grok",
+                name: "Grok Sessions",
+                title: "⚡ Grok Sessions",
+                description: "List of Grok conversation sessions",
+                mimeType: "application/json",
+                annotations: {
+                    audience: ["user", "assistant"],
+                    priority: 0.6,
+                },
             },
             {
                 uri: "models://claude",
@@ -62,8 +73,8 @@ export class ResourceProvider {
                 mimeType: "application/json",
                 annotations: {
                     audience: ["user", "assistant"],
-                    priority: 0.8
-                }
+                    priority: 0.8,
+                },
             },
             {
                 uri: "models://codex",
@@ -73,8 +84,8 @@ export class ResourceProvider {
                 mimeType: "application/json",
                 annotations: {
                     audience: ["user", "assistant"],
-                    priority: 0.8
-                }
+                    priority: 0.8,
+                },
             },
             {
                 uri: "models://gemini",
@@ -84,8 +95,19 @@ export class ResourceProvider {
                 mimeType: "application/json",
                 annotations: {
                     audience: ["user", "assistant"],
-                    priority: 0.8
-                }
+                    priority: 0.8,
+                },
+            },
+            {
+                uri: "models://grok",
+                name: "Grok Models",
+                title: "⚡ Grok Models & Capabilities",
+                description: "Available Grok models and their capabilities",
+                mimeType: "application/json",
+                annotations: {
+                    audience: ["user", "assistant"],
+                    priority: 0.8,
+                },
             },
             {
                 uri: "metrics://performance",
@@ -95,9 +117,9 @@ export class ResourceProvider {
                 mimeType: "application/json",
                 annotations: {
                     audience: ["user", "assistant"],
-                    priority: 0.9
-                }
-            }
+                    priority: 0.9,
+                },
+            },
         ];
     }
     // Read a specific resource by URI
@@ -110,19 +132,20 @@ export class ResourceProvider {
                 mimeType: "application/json",
                 text: JSON.stringify({
                     total: sessions.length,
-                    sessions: sessions.map((s) => ({
+                    sessions: sessions.map(s => ({
                         id: s.id,
                         cli: s.cli,
                         description: s.description,
                         createdAt: s.createdAt,
-                        lastUsedAt: s.lastUsedAt
+                        lastUsedAt: s.lastUsedAt,
                     })),
                     activeSessions: {
                         claude: (await this.sessionManager.getActiveSession("claude"))?.id || null,
                         codex: (await this.sessionManager.getActiveSession("codex"))?.id || null,
-                        gemini: (await this.sessionManager.getActiveSession("gemini"))?.id || null
-                    }
-                }, null, 2)
+                        gemini: (await this.sessionManager.getActiveSession("gemini"))?.id || null,
+                        grok: (await this.sessionManager.getActiveSession("grok"))?.id || null,
+                    },
+                }, null, 2),
             };
         }
         if (uri === "sessions://claude") {
@@ -134,8 +157,8 @@ export class ResourceProvider {
                     cli: "claude",
                     total: sessions.length,
                     sessions,
-                    activeSession: (await this.sessionManager.getActiveSession("claude"))?.id || null
-                }, null, 2)
+                    activeSession: (await this.sessionManager.getActiveSession("claude"))?.id || null,
+                }, null, 2),
             };
         }
         if (uri === "sessions://codex") {
@@ -147,8 +170,8 @@ export class ResourceProvider {
                     cli: "codex",
                     total: sessions.length,
                     sessions,
-                    activeSession: (await this.sessionManager.getActiveSession("codex"))?.id || null
-                }, null, 2)
+                    activeSession: (await this.sessionManager.getActiveSession("codex"))?.id || null,
+                }, null, 2),
             };
         }
         if (uri === "sessions://gemini") {
@@ -160,8 +183,21 @@ export class ResourceProvider {
                     cli: "gemini",
                     total: sessions.length,
                     sessions,
-                    activeSession: (await this.sessionManager.getActiveSession("gemini"))?.id || null
-                }, null, 2)
+                    activeSession: (await this.sessionManager.getActiveSession("gemini"))?.id || null,
+                }, null, 2),
+            };
+        }
+        if (uri === "sessions://grok") {
+            const sessions = await this.sessionManager.listSessions("grok");
+            return {
+                uri,
+                mimeType: "application/json",
+                text: JSON.stringify({
+                    cli: "grok",
+                    total: sessions.length,
+                    sessions,
+                    activeSession: (await this.sessionManager.getActiveSession("grok"))?.id || null,
+                }, null, 2),
             };
         }
         // Model capability resources
@@ -170,7 +206,7 @@ export class ResourceProvider {
             return {
                 uri,
                 mimeType: "application/json",
-                text: JSON.stringify(cliInfo.claude, null, 2)
+                text: JSON.stringify(cliInfo.claude, null, 2),
             };
         }
         if (uri === "models://codex") {
@@ -178,7 +214,7 @@ export class ResourceProvider {
             return {
                 uri,
                 mimeType: "application/json",
-                text: JSON.stringify(cliInfo.codex, null, 2)
+                text: JSON.stringify(cliInfo.codex, null, 2),
             };
         }
         if (uri === "models://gemini") {
@@ -186,14 +222,22 @@ export class ResourceProvider {
             return {
                 uri,
                 mimeType: "application/json",
-                text: JSON.stringify(cliInfo.gemini, null, 2)
+                text: JSON.stringify(cliInfo.gemini, null, 2),
+            };
+        }
+        if (uri === "models://grok") {
+            const cliInfo = getCliInfo();
+            return {
+                uri,
+                mimeType: "application/json",
+                text: JSON.stringify(cliInfo.grok, null, 2),
             };
         }
         if (uri === "metrics://performance") {
             return {
                 uri,
                 mimeType: "application/json",
-                text: JSON.stringify(this.performanceMetrics.snapshot(), null, 2)
+                text: JSON.stringify(this.performanceMetrics.snapshot(), null, 2),
             };
         }
         return null;

package/dist/retry.js

@@ -27,15 +27,17 @@ const isDefaultTransient = (error) => {
         return false;
     }
     // Shell command-related errors
-    if (error.code === 124) { // wall-clock timeout (explicit, caller-set) — transient
+    if (error.code === 124) {
+        // wall-clock timeout (explicit, caller-set) — transient
         return true;
     }
     // Note: exit code 125 = idle timeout (stuck process) — intentionally non-transient
-    if (error.code === 'ENOENT') { // command not found
+    if (error.code === "ENOENT") {
+        // command not found
         return false;
     }
     // Node.js network errors
-    const transientErrorCodes = ['ECONNRESET', 'ETIMEDOUT', 'ECONNREFUSED', 'EPIPE'];
+    const transientErrorCodes = ["ECONNRESET", "ETIMEDOUT", "ECONNREFUSED", "EPIPE"];
     if (transientErrorCodes.includes(error.code)) {
         return true;
     }
@@ -142,5 +144,5 @@ export async function withRetry(operation, circuitBreaker, retryOptions, logger)
             await new Promise(resolve => setTimeout(resolve, delay));
         }
     }
-    throw new Error('[Retry] Operation failed after all retry attempts.');
+    throw new Error("[Retry] Operation failed after all retry attempts.");
 }

package/dist/review-integrity.d.ts

@@ -1,17 +1,6 @@
-/**
- * Review Integrity Bypass Detection
- *
- * Detects when orchestrating agents neuter the multi-LLM review process by:
- * - Embedding tool-suppression language in review prompts
- * - Inlining full code instead of letting reviewers read files directly
- * - Setting allowedTools:[] to strip tool access from reviewers
- *
- * Two-gate design: violations only emitted when BOTH review context AND
- * a restriction are detected. This avoids false positives on non-review
- * prompts that happen to contain similar language.
- */
+export type ReviewIntegrityViolationType = "empty_allowed_tools" | "critical_tools_disallowed" | "tool_suppression";
 export interface ReviewIntegrityViolation {
-    type: "tool_suppression" | "inlined_code" | "empty_allowed_tools" | "critical_tools_disallowed";
+    type: ReviewIntegrityViolationType;
     score: number;
     detail: string;
 }
@@ -20,31 +9,10 @@ export interface ReviewIntegrityResult {
     violations: ReviewIntegrityViolation[];
     totalScore: number;
 }
-/**
- * Detect whether the prompt is a review/audit context.
- * Uses two-part detection: unambiguous phrases match alone,
- * ambiguous verbs (review, analyze, etc.) require a code anchor.
- * Normalizes Unicode before matching to prevent confusable bypasses.
- */
-export declare function isReviewContext(prompt: string): boolean;
-/**
- * Detect tool-suppression language in a prompt.
- * Returns the matched patterns for diagnostics.
- */
-export declare function detectToolSuppression(prompt: string): string[];
-/**
- * Detect inlined code blocks that look like full file dumps.
- * Two detection strategies:
- * 1. Any single code block with 200+ chars is flagged.
- * 2. Fallback: if total chars across ALL code blocks (even small ones)
- *    exceeds 1000, flag to catch split-block bypass attempts.
- */
-export declare function detectInlinedCode(prompt: string): {
-    count: number;
-    totalChars: number;
-};
-export declare function checkReviewIntegrity(params: {
+export interface ReviewIntegrityInput {
     prompt: string;
     allowedTools?: string[];
     disallowedTools?: string[];
-}): ReviewIntegrityResult;
+}
+export declare function isReviewContext(prompt: string): boolean;
+export declare function checkReviewIntegrity(input: ReviewIntegrityInput): ReviewIntegrityResult;