llm-cli-gateway 1.1.0 → 1.5.4

package/dist/provider-login-guidance.d.ts

@@ -0,0 +1,21 @@
+import type { CliType } from "./session-manager.js";
+export interface ProviderLoginGuidance {
+    provider: CliType;
+    displayName: string;
+    install: {
+        summary: string;
+        commands: string[];
+        documentationUrl?: string;
+    };
+    login: {
+        summary: string;
+        commands: string[];
+        credentialHandling: string;
+    };
+    verification: {
+        command: string;
+        expected: string;
+    };
+}
+export declare function getProviderLoginGuidance(provider: CliType): ProviderLoginGuidance;
+export declare function getAllProviderLoginGuidance(): Record<CliType, ProviderLoginGuidance>;

package/dist/provider-login-guidance.js

@@ -0,0 +1,98 @@
+const GUIDANCE = {
+    claude: {
+        provider: "claude",
+        displayName: "Claude Code",
+        install: {
+            summary: "Install Claude Code using Anthropic's current official installer.",
+            commands: ["npm install -g @anthropic-ai/claude-code"],
+            documentationUrl: "https://docs.anthropic.com/claude-code",
+        },
+        login: {
+            summary: "Sign in through Claude Code's official browser/device flow.",
+            commands: ["claude auth login"],
+            credentialHandling: "Do not paste Claude passwords, OAuth tokens, or credential files into the gateway or a remote chat.",
+        },
+        verification: {
+            command: "claude auth status --json",
+            expected: "loggedIn is true",
+        },
+    },
+    codex: {
+        provider: "codex",
+        displayName: "Codex CLI",
+        install: {
+            summary: "Install Codex CLI using OpenAI's npm package or the current official installer.",
+            commands: ["npm install -g @openai/codex"],
+            documentationUrl: "https://developers.openai.com/codex",
+        },
+        login: {
+            summary: "Sign in through Codex's official login flow.",
+            commands: ["codex login", "codex login --device-auth"],
+            credentialHandling: "Prefer browser or device-code login. Do not paste API keys or access tokens into assistant prompts.",
+        },
+        verification: {
+            command: "codex login status",
+            expected: "command reports that Codex is logged in",
+        },
+    },
+    gemini: {
+        provider: "gemini",
+        displayName: "Gemini CLI",
+        install: {
+            summary: "Install Gemini CLI using Google's npm package or current official installer.",
+            commands: ["npm install -g @google/gemini-cli"],
+            documentationUrl: "https://github.com/google-gemini/gemini-cli",
+        },
+        login: {
+            summary: "Run Gemini CLI and complete Google's official sign-in flow when prompted.",
+            commands: ["gemini"],
+            credentialHandling: "Let Gemini CLI store credentials in its own local store. Do not paste OAuth files or API keys into chat.",
+        },
+        verification: {
+            command: "gemini --version",
+            expected: "CLI is installed; doctor checks the local Gemini credential store for login evidence",
+        },
+    },
+    grok: {
+        provider: "grok",
+        displayName: "Grok CLI",
+        install: {
+            summary: "Install Grok CLI using xAI's current official installer or managed update flow.",
+            commands: ["npm install -g grok-build"],
+            documentationUrl: "https://docs.x.ai/build/cli",
+        },
+        login: {
+            summary: "Sign in through Grok's official OAuth or device-code flow.",
+            commands: ["grok login --oauth", "grok login --device-auth"],
+            credentialHandling: "Do not paste xAI API keys, OAuth tokens, or Grok auth files into the gateway or a remote chat.",
+        },
+        verification: {
+            command: "grok inspect --json",
+            expected: "CLI can inspect local configuration and a local auth store is present",
+        },
+    },
+    mistral: {
+        provider: "mistral",
+        displayName: "Mistral Vibe CLI",
+        install: {
+            summary: "Install Mistral Vibe CLI via pip, uv, or Homebrew (Vibe does not self-update; cli_upgrade dispatches to the installer it detects).",
+            commands: ["pip install vibe-cli", "uv tool install vibe-cli", "brew install mistral-vibe"],
+            documentationUrl: "https://docs.mistral.ai/agents/vibe-cli",
+        },
+        login: {
+            summary: "Sign in through Mistral's official auth flow and enable session_logging in ~/.vibe/config.toml.",
+            commands: ["vibe auth login", "vibe config set session_logging.enabled true"],
+            credentialHandling: "Do not paste Mistral API keys, OAuth tokens, or ~/.vibe/credentials into the gateway or a remote chat.",
+        },
+        verification: {
+            command: "vibe --version",
+            expected: "Vibe CLI is installed; doctor additionally checks ~/.vibe/config.toml for session_logging.enabled=true",
+        },
+    },
+};
+export function getProviderLoginGuidance(provider) {
+    return GUIDANCE[provider];
+}
+export function getAllProviderLoginGuidance() {
+    return { ...GUIDANCE };
+}

package/dist/provider-status.d.ts

@@ -0,0 +1,41 @@
+import type { CliType } from "./session-manager.js";
+import { type ProviderLoginGuidance } from "./provider-login-guidance.js";
+export type ProviderLoginStatus = "authenticated" | "not_authenticated" | "unknown" | "not_checked";
+export interface ProviderRuntimeStatus {
+    provider: CliType;
+    displayName: string;
+    command: string;
+    installed: boolean;
+    version: string | null;
+    versionCommand: string[];
+    loginStatus: ProviderLoginStatus;
+    loginCheck: {
+        method: "cli" | "credential_store" | "not_checked";
+        command: string[] | null;
+        credentialStore: "present" | "not_found" | "not_checked";
+        detail: string;
+    };
+    guidance: ProviderLoginGuidance;
+}
+export declare const PROVIDER_COMMANDS: Record<CliType, string>;
+export declare function listProviderRuntimeStatuses(): Record<CliType, ProviderRuntimeStatus>;
+export declare function getProviderRuntimeStatus(provider: CliType): ProviderRuntimeStatus;
+export interface GeminiAuthMethods {
+    oauth: boolean;
+    geminiApiKey: boolean;
+    googleApiKey: boolean;
+    vertexAi: boolean;
+}
+export interface GeminiAuthStatus {
+    status: "present" | "not_found";
+    methods: GeminiAuthMethods;
+}
+/**
+ * U27: Detect Gemini auth across all supported methods.
+ * Returns "present" if ANY of:
+ *   - OAuth credential file present (~/.gemini/oauth_creds.json, etc.)
+ *   - GEMINI_API_KEY env var set and non-empty
+ *   - GOOGLE_API_KEY env var set and non-empty
+ *   - GOOGLE_CLOUD_PROJECT set AND GOOGLE_GENAI_USE_VERTEXAI=true
+ */
+export declare function geminiAuthStatus(env?: NodeJS.ProcessEnv, home?: string): GeminiAuthStatus;

package/dist/provider-status.js

@@ -0,0 +1,203 @@
+import { existsSync } from "node:fs";
+import { homedir } from "node:os";
+import { join } from "node:path";
+import { spawnSync } from "node:child_process";
+import { getProviderLoginGuidance } from "./provider-login-guidance.js";
+const PROVIDERS = ["claude", "codex", "gemini", "grok", "mistral"];
+const VERSION_ARGS = {
+    claude: ["--version"],
+    codex: ["--version"],
+    gemini: ["--version"],
+    grok: ["--version"],
+    mistral: ["--version"],
+};
+// Mistral Vibe ships as the `vibe` binary (PyPI package vibe-cli); the gateway
+// uses `mistral` as the provider key but invokes `vibe` on the shell.
+export const PROVIDER_COMMANDS = {
+    claude: "claude",
+    codex: "codex",
+    gemini: "gemini",
+    grok: "grok",
+    mistral: "vibe",
+};
+const LOGIN_CHECKS = {
+    claude: ["auth", "status", "--json"],
+    codex: ["login", "status"],
+    grok: ["inspect", "--json"],
+    mistral: ["auth", "status"],
+};
+export function listProviderRuntimeStatuses() {
+    return Object.fromEntries(PROVIDERS.map(provider => [provider, getProviderRuntimeStatus(provider)]));
+}
+export function getProviderRuntimeStatus(provider) {
+    const guidance = getProviderLoginGuidance(provider);
+    const command = PROVIDER_COMMANDS[provider];
+    const version = runCommand(command, VERSION_ARGS[provider], 5_000);
+    const installed = version.exitCode === 0 || Boolean(version.output);
+    const versionText = installed ? firstLine(version.output) : null;
+    const base = {
+        provider,
+        displayName: guidance.displayName,
+        command,
+        installed,
+        version: versionText,
+        versionCommand: [command, ...VERSION_ARGS[provider]],
+        loginStatus: installed ? "unknown" : "not_checked",
+        loginCheck: {
+            method: installed ? "not_checked" : "not_checked",
+            command: null,
+            credentialStore: "not_checked",
+            detail: installed
+                ? "No safe non-interactive login check is available."
+                : "Runtime is not installed.",
+        },
+        guidance,
+    };
+    if (!installed)
+        return base;
+    if (provider === "gemini") {
+        const auth = geminiAuthStatus();
+        const store = auth.status;
+        const matchedMethods = Object.entries(auth.methods)
+            .filter(([, v]) => v)
+            .map(([k]) => k);
+        return {
+            ...base,
+            loginStatus: store === "present" ? "authenticated" : "unknown",
+            loginCheck: {
+                method: "credential_store",
+                command: null,
+                credentialStore: store,
+                detail: store === "present"
+                    ? `Gemini auth detected via: ${matchedMethods.join(", ")}; contents were not inspected.`
+                    : "Gemini CLI is installed, but no credential store or auth env vars were found (oauth_creds.json, GEMINI_API_KEY, GOOGLE_API_KEY, or GOOGLE_CLOUD_PROJECT+GOOGLE_GENAI_USE_VERTEXAI).",
+            },
+        };
+    }
+    const args = LOGIN_CHECKS[provider];
+    if (!args)
+        return base;
+    const login = runCommand(command, args, 5_000);
+    const status = inferLoginStatus(provider, login.exitCode, login.output);
+    const credentialStore = provider === "grok"
+        ? grokCredentialStoreStatus()
+        : provider === "mistral"
+            ? mistralCredentialStoreStatus()
+            : "not_checked";
+    return {
+        ...base,
+        loginStatus: status,
+        loginCheck: {
+            method: "cli",
+            command: [command, ...args],
+            credentialStore,
+            detail: loginCheckDetail(provider, status, login.exitCode),
+        },
+    };
+}
+function runCommand(command, args, timeoutMs) {
+    const result = spawnSync(command, args, {
+        encoding: "utf8",
+        input: "",
+        timeout: timeoutMs,
+        windowsHide: true,
+    });
+    const output = sanitizeOutput(`${result.stdout || ""}\n${result.stderr || ""}`);
+    return {
+        exitCode: typeof result.status === "number" ? result.status : null,
+        output,
+    };
+}
+function firstLine(text) {
+    return (text
+        .split(/\r?\n/)
+        .map(line => line.trim())
+        .find(Boolean) || null);
+}
+function inferLoginStatus(provider, exitCode, output) {
+    if (provider === "claude") {
+        try {
+            const parsed = JSON.parse(output);
+            if (parsed.loggedIn === true)
+                return "authenticated";
+            if (parsed.loggedIn === false)
+                return "not_authenticated";
+        }
+        catch {
+            // Fall through to text heuristics.
+        }
+    }
+    if (/not\s+(logged|signed|authenticated)\s*in|unauthenticated|login required|not authorized/i.test(output)) {
+        return "not_authenticated";
+    }
+    if (/logged\s*in|signed\s*in|authenticated|authorized|using chatgpt|auth store/i.test(output)) {
+        return "authenticated";
+    }
+    if (provider === "grok" && grokCredentialStoreStatus() === "present") {
+        return "authenticated";
+    }
+    if (provider === "mistral" && mistralCredentialStoreStatus() === "present") {
+        return "authenticated";
+    }
+    if (exitCode && exitCode !== 0)
+        return "unknown";
+    return "unknown";
+}
+function loginCheckDetail(provider, status, exitCode) {
+    if (status === "authenticated")
+        return `${provider} login check indicates an authenticated local runtime.`;
+    if (status === "not_authenticated")
+        return `${provider} login check indicates the provider is not authenticated.`;
+    if (exitCode && exitCode !== 0)
+        return `${provider} login check exited non-zero without exposing credential material.`;
+    return `${provider} login check completed, but the output did not clearly indicate login state.`;
+}
+/**
+ * U27: Detect Gemini auth across all supported methods.
+ * Returns "present" if ANY of:
+ *   - OAuth credential file present (~/.gemini/oauth_creds.json, etc.)
+ *   - GEMINI_API_KEY env var set and non-empty
+ *   - GOOGLE_API_KEY env var set and non-empty
+ *   - GOOGLE_CLOUD_PROJECT set AND GOOGLE_GENAI_USE_VERTEXAI=true
+ */
+export function geminiAuthStatus(env = process.env, home = homedir()) {
+    const candidates = [
+        join(home, ".gemini", "oauth_creds.json"),
+        join(home, ".gemini", "google_accounts.json"),
+        join(home, ".config", "gemini", "oauth_creds.json"),
+    ];
+    const oauth = candidates.some(p => existsSync(p));
+    const geminiApiKey = Boolean(env.GEMINI_API_KEY && env.GEMINI_API_KEY.length > 0);
+    const googleApiKey = Boolean(env.GOOGLE_API_KEY && env.GOOGLE_API_KEY.length > 0);
+    const vertexAi = Boolean(env.GOOGLE_CLOUD_PROJECT &&
+        env.GOOGLE_CLOUD_PROJECT.length > 0 &&
+        env.GOOGLE_GENAI_USE_VERTEXAI === "true");
+    const methods = { oauth, geminiApiKey, googleApiKey, vertexAi };
+    const status = oauth || geminiApiKey || googleApiKey || vertexAi ? "present" : "not_found";
+    return { status, methods };
+}
+/** Back-compat shim retained for callers that only need the binary store status. */
+function geminiCredentialStoreStatus() {
+    return geminiAuthStatus().status;
+}
+function grokCredentialStoreStatus() {
+    const home = homedir();
+    const candidates = [join(home, ".grok", "auth.json"), join(home, ".config", "grok", "auth.json")];
+    return candidates.some(path => existsSync(path)) ? "present" : "not_found";
+}
+function mistralCredentialStoreStatus() {
+    const home = homedir();
+    const candidates = [
+        join(home, ".vibe", "credentials.json"),
+        join(home, ".vibe", "auth.json"),
+        join(home, ".config", "vibe", "credentials.json"),
+    ];
+    return candidates.some(path => existsSync(path)) ? "present" : "not_found";
+}
+function sanitizeOutput(output) {
+    return output
+        .replace(/([A-Z0-9._%+-]+)@([A-Z0-9.-]+\.[A-Z]{2,})/gi, "<redacted-email>")
+        .replace(/\b[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}\b/gi, "<redacted-id>")
+        .replace(/((?:token|secret|credential|password|authorization|api[_-]?key|access[_-]?key)[=:]\s*)\S+/gi, "$1<redacted>")
+        .trim();
+}