llm-cli-gateway 1.15.2 → 1.15.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +23 -0
- package/README.md +4 -20
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -4,6 +4,29 @@ All notable changes to the llm-cli-gateway project.
|
|
|
4
4
|
|
|
5
5
|
## Unreleased
|
|
6
6
|
|
|
7
|
+
## [1.15.3] - 2026-05-29 — remove retired PyPI plugin
|
|
8
|
+
|
|
9
|
+
Patch release removing the retired Python `llm` plugin integration so the
|
|
10
|
+
project no longer depends on Simon Willison's `llm` package.
|
|
11
|
+
|
|
12
|
+
### Removed
|
|
13
|
+
|
|
14
|
+
- Removed `integrations/llm-plugin/`, including the `gateway-claude`,
|
|
15
|
+
`gateway-codex`, and `gateway-gemini` aliases that were registered through
|
|
16
|
+
the external `llm` package.
|
|
17
|
+
- Removed the PyPI trusted-publishing workflow. Releases now publish npm and
|
|
18
|
+
signed GitHub installer artifacts only.
|
|
19
|
+
- Removed the plugin-specific Dependabot and security-lint wiring for the
|
|
20
|
+
deleted Python package.
|
|
21
|
+
|
|
22
|
+
### Changed
|
|
23
|
+
|
|
24
|
+
- Removed README guidance that advertised `llm install llm-gateway` and
|
|
25
|
+
`llm -m gateway-*` usage.
|
|
26
|
+
- Added an archived PyPI retirement description explaining the supported npm
|
|
27
|
+
and direct-MCP install paths for users who discover the historical PyPI
|
|
28
|
+
package.
|
|
29
|
+
|
|
7
30
|
## [1.15.2] - 2026-05-29 — security quality follow-up
|
|
8
31
|
|
|
9
32
|
Patch release for GitHub Security & quality follow-up findings and Scorecard
|
package/README.md
CHANGED
|
@@ -5,6 +5,9 @@
|
|
|
5
5
|
[](https://scorecard.dev/viewer/?uri=github.com/verivus-oss/llm-cli-gateway)
|
|
6
6
|
[](https://www.bestpractices.dev/projects/13025)
|
|
7
7
|
[](https://www.npmjs.com/package/llm-cli-gateway)
|
|
8
|
+
[](https://www.npmjs.com/package/llm-cli-gateway)
|
|
9
|
+
[](https://www.npmjs.com/package/llm-cli-gateway)
|
|
10
|
+
[](https://github.com/verivus-oss/llm-cli-gateway/releases)
|
|
8
11
|
[](LICENSE)
|
|
9
12
|
[](SECURITY.md#release-signing)
|
|
10
13
|
|
|
@@ -173,7 +176,7 @@ Opt-in flags (all default off) live under `[cache_awareness]` in `~/.llm-cli-gat
|
|
|
173
176
|
- **No Secret Leakage**: Generic session descriptions only (file permissions 0o600)
|
|
174
177
|
- **No ReDoS**: Bounded regex patterns prevent catastrophic backtracking
|
|
175
178
|
- **Type Safety**: Strict TypeScript with comprehensive error handling
|
|
176
|
-
- **Supply-chain hardening**: a dedicated `.github/workflows/security.yml` runs actionlint, zizmor, shellcheck, typos, osv-scanner, gitleaks,
|
|
179
|
+
- **Supply-chain hardening**: a dedicated `.github/workflows/security.yml` runs actionlint, zizmor, shellcheck, typos, osv-scanner, gitleaks, and lychee on every push and PR (see `SECURITY.md` for the threat model)
|
|
177
180
|
|
|
178
181
|
## Prerequisites
|
|
179
182
|
|
|
@@ -967,25 +970,6 @@ Each CLI can be configured through its own configuration files:
|
|
|
967
970
|
- Codex: `~/.codex/config.toml`
|
|
968
971
|
- Gemini: `~/.gemini/config.json`
|
|
969
972
|
|
|
970
|
-
## For Fans of Simon Willison
|
|
971
|
-
|
|
972
|
-
Simon's `llm` tool made it trivially easy to talk to any LLM from the command line. But as AI-assisted development matures, the challenge shifts from "how do I call a model" to "how do I orchestrate multiple models reliably, and what did they actually do?"
|
|
973
|
-
|
|
974
|
-
**Multiple models increase the confidence factor.** When Claude writes code, Codex reviews it, and Gemini checks for bugs -- each bringing different training data and reasoning patterns -- the result is more robust than any single model alone. And often this isn't even enough. Having the models do iterative reviews is where you start getting real confidence.
|
|
975
|
-
|
|
976
|
-
**Every interaction should be queryable data.** Inspired by `llm`'s SQLite logging philosophy, the gateway records every request and response to a local SQLite database. Not just prompts and responses -- retry counts, circuit breaker states, approval decisions, thinking blocks, cost estimates. Open it with Datasette and you have a complete operational picture of your AI usage:
|
|
977
|
-
|
|
978
|
-
datasette ~/.llm-cli-gateway/logs.db
|
|
979
|
-
|
|
980
|
-
**The `llm-gateway` plugin bridges both worlds.** Install it, and your existing `llm` workflows gain orchestration features without changing how you work:
|
|
981
|
-
|
|
982
|
-
llm install llm-gateway
|
|
983
|
-
llm -m gateway-claude "explain this function"
|
|
984
|
-
|
|
985
|
-
Your gateway interactions appear in both `llm logs` (for your personal history) and the gateway's flight recorder (for operational observability). Two audiences, one workflow.
|
|
986
|
-
|
|
987
|
-
**Composability over monoliths.** The gateway doesn't replace `llm` -- it complements it. Use `llm` directly when you want simplicity. Route through the gateway when you want resilience, multi-model coordination, or detailed operational telemetry. The plugin is the bridge, not the destination.
|
|
988
|
-
|
|
989
973
|
## Development
|
|
990
974
|
|
|
991
975
|
### Project Structure
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "llm-cli-gateway",
|
|
3
|
-
"version": "1.15.
|
|
3
|
+
"version": "1.15.3",
|
|
4
4
|
"mcpName": "io.github.verivus-oss/llm-cli-gateway",
|
|
5
5
|
"description": "MCP server providing unified access to Claude Code, Codex, Gemini, Grok, and Mistral Vibe CLIs with session management, retry logic, async job orchestration, durable job results, and cross-LLM validation.",
|
|
6
6
|
"license": "MIT",
|