llm-cli-gateway 1.17.0 → 1.17.2

package/CHANGELOG.md

@@ -4,6 +4,34 @@ All notable changes to the llm-cli-gateway project.
 
 ## Unreleased
 
+## [1.17.2] - 2026-05-31 — upstream contract compatibility
+
+Patch release that keeps the gateway aligned with current provider CLI surfaces
+and fixes the reviewed outstanding-work blockers.
+
+### Fixed
+
+- Updated `doctor --json` schema coverage for the top-level upstream contract
+  report.
+- Stopped emitting removed Codex CLI flags such as `--ask-for-approval`,
+  `--full-auto`, `--search`, and resume-mode `--profile`.
+- Made `upstream:scan -- --probe-installed` compare installed CLI help surfaces
+  in offline mode.
+- Updated Grok Build contract metadata, install guidance, and public auth copy
+  for current xAI docs.
+
+## [1.17.1] - 2026-05-30 — Socket shell-access suppression
+
+Patch release updating the package's Socket policy for the reviewed gateway
+process-launching capability.
+
+### Changed
+
+- Suppressed Socket's `shellAccess` alert in `socket.yml` now that the
+  child-process surface is documented and release-audited.
+- Updated README Socket-alert wording so reviewers still get the bounded
+  shell-access rationale without seeing the same package alert on every release.
+
 ## [1.17.0] - 2026-05-30 — upstream provider tracking
 
 Feature release adding repeatable upstream-provider contract tracking for the

package/README.md

@@ -4,7 +4,6 @@
 [![Security](https://github.com/verivus-oss/llm-cli-gateway/actions/workflows/security.yml/badge.svg?branch=main)](https://github.com/verivus-oss/llm-cli-gateway/actions/workflows/security.yml)
 [![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/verivus-oss/llm-cli-gateway/badge)](https://scorecard.dev/viewer/?uri=github.com/verivus-oss/llm-cli-gateway)
 [![npm](https://img.shields.io/npm/v/llm-cli-gateway.svg)](https://www.npmjs.com/package/llm-cli-gateway)
-[![npm monthly downloads](https://img.shields.io/npm/dm/llm-cli-gateway.svg)](https://www.npmjs.com/package/llm-cli-gateway)
 [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)
 
 > _"Without consultation, plans are frustrated, but with many counselors they succeed."_
@@ -14,7 +13,7 @@ A Model Context Protocol (MCP) gateway for running Claude Code, Codex, Gemini, G
 
 **Why developers try it:** one local MCP endpoint for cross-LLM validation, multi-agent coding workflows, and repeatable assistant-led setup across five provider CLIs.
 
-**Current signals:** crossed 5k monthly npm downloads in May 2026; live npm downloads are shown above. CI and security workflows pass on `main`, OpenSSF Scorecard is published, OpenSSF Best Practices is passing, releases use Sigstore signing, and the package is MIT licensed.
+**Current signals:** CI and security workflows pass on `main`, OpenSSF Scorecard is published, OpenSSF Best Practices is passing, releases use Sigstore signing, and the package is MIT licensed.
 
 ## Quick Start
 
@@ -55,8 +54,6 @@ The next documentation focus is provider-specific skill and DAG-TOML pairs for e
 ## Trust & Supply Chain
 
 [![OpenSSF Best Practices](https://www.bestpractices.dev/projects/13025/badge)](https://www.bestpractices.dev/projects/13025)
-[![npm weekly downloads](https://img.shields.io/npm/dw/llm-cli-gateway.svg)](https://www.npmjs.com/package/llm-cli-gateway)
-[![GitHub release downloads](https://img.shields.io/github/downloads/verivus-oss/llm-cli-gateway/total.svg)](https://github.com/verivus-oss/llm-cli-gateway/releases)
 [![Releases: Sigstore signed](https://img.shields.io/badge/releases-Sigstore%20signed-2e7d32.svg)](SECURITY.md#release-signing)
 
 - CI runs build, lint, format, tests, package checks, and npm audit.
@@ -80,7 +77,7 @@ Current personal-appliance artifacts include:
 - Machine-readable diagnostics: `npm run doctor`
 - Go bootstrapper: `installer/` with `setup`, `doctor --json`, `start`, `stop`, `status`, `repair`, `upgrade`, `uninstall`, `print-client-config`, and verified bundle download commands.
 - Release packaging: the release workflow builds Linux binaries on the local self-hosted runner, builds Windows/macOS binaries on GitHub-hosted runners, then publishes checksummed platform bundles with the gateway, production dependencies, and a managed Node runtime; see [installer/packaging/README.md](installer/packaging/README.md).
-- Docker Compose fallback: [docker-compose.personal.yml](docker-compose.personal.yml) + [Dockerfile.personal](Dockerfile.personal) for users who already manage containers.
+- Docker Compose fallback: [docker/personal.compose.yml](docker/personal.compose.yml) + [docker/Dockerfile.personal](docker/Dockerfile.personal) for users who already manage containers.
 - Local setup UI artifact: [setup/ui/index.html](setup/ui/index.html)
 - Provider setup snippets: [setup/providers/](setup/providers/)
 - Cross-validation tools: `validate_with_models`, `second_opinion`, `compare_answers`, `red_team_review`, `consensus_check`, `ask_model`, `synthesize_validation`, `job_status`, and `job_result`.
@@ -148,8 +145,8 @@ Docker fallback:
 
 ```bash
 LLM_GATEWAY_AUTH_TOKEN=$(openssl rand -hex 32) \
-  docker compose -f docker-compose.personal.yml up -d
-docker compose -f docker-compose.personal.yml run --rm doctor
+  docker compose -f docker/personal.compose.yml up -d
+docker compose -f docker/personal.compose.yml run --rm doctor
 ```
 
 ## Features
@@ -241,12 +238,12 @@ npm install -g @google/gemini-cli
 # Or: https://github.com/google-gemini/gemini-cli
 ```
 
-### Grok CLI (xAI)
+### Grok Build CLI (xAI)
 
 ```bash
-npm install -g grok-build
-grok login   # OAuth flow, or set GROK_CODE_XAI_API_KEY
-# Docs: https://docs.x.ai/build/cli
+curl -fsSL https://x.ai/cli/install.sh | bash
+grok login   # OAuth flow; for headless auth, set XAI_API_KEY
+# Docs: https://docs.x.ai/build/overview
 ```
 
 ### Mistral Vibe CLI
@@ -1176,15 +1173,15 @@ The gateway supports concurrent requests across different CLIs. Each request spa
 
 ### Socket alerts — context for reviewers
 
-If you're vetting `llm-cli-gateway` through [Socket](https://socket.dev/npm/package/llm-cli-gateway) or a similar supply-chain scanner, you'll see three behavioural alerts and some dependency-ownership alerts. They are accurate descriptions of what the package does and what it depends on; we've left them visible (not silenced in `socket.yml`) so you don't have to take our word for it. Here's the context for each:
+If you're vetting `llm-cli-gateway` through [Socket](https://socket.dev/npm/package/llm-cli-gateway) or a similar supply-chain scanner, you'll see behavioural alerts and some dependency-ownership alerts. They are accurate descriptions of what the package does and what it depends on. The reviewed `shellAccess` capability is suppressed in `socket.yml` to avoid a repeat finding on every release; the rationale remains documented here and in the package.
 
-| Alert                            | Where                                                                                                                                                                                            | Why it's bounded                                                                                                                                                                                                                                                                                                                                                                                     |
-| -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| **Network access**               | `src/http-transport.ts` opens an HTTP MCP transport when started via `npm run start:http`. `src/endpoint-exposure.ts` issues a HEAD probe to verify configured public/tunnel URLs.               | The transport binds to `127.0.0.1` by default and requires `LLM_GATEWAY_AUTH_TOKEN` to be set. The default stdio MCP entry point (`npm start`) opens no sockets.                                                                                                                                                                                                                                     |
-| **Shell access**                 | `src/executor.ts` uses `child_process.spawn(cmd, args, …)` to invoke the underlying LLM CLIs.                                                                                                    | `spawn` is called with an argument array and **never** `shell: true`, so there is no shell interpolation path for caller input. The command name is restricted to an allow-list of known CLI binaries (`claude`, `codex`, `gemini`, `grok`, `vibe`).                                                                                                                                                 |
-| **Uses eval**                    | None in our source. Transitive: `@modelcontextprotocol/sdk` → `ajv@8` uses `new Function(...)` in `ajv/dist/compile/index.js` to compile JSON Schema validators.                                 | This is ajv's standard codegen path. Only known schemas (defined in our source and the MCP SDK) flow into it; no caller-supplied data ever reaches the compiled function body.                                                                                                                                                                                                                       |
-| **better-sqlite3 PRAGMA helper** | Transitive: `better-sqlite3/lib/methods/pragma.js` interpolates its caller-provided `source` into a `PRAGMA ${source}` statement.                                                                | We do not call `db.pragma()` from production source. Internal SQLite setup uses fixed literal `db.exec("PRAGMA ...")` statements, and `npm run security:audit` fails the release if production code reintroduces `.pragma()` calls.                                                                                                                                                                  |
-| **Dependency ownership**         | A handful of small transitive packages (e.g. `bindings` via `better-sqlite3`, `media-typer` via `@modelcontextprotocol/sdk`) trip Socket's "unstable ownership" or "obfuscated code" heuristics. | These are pinned, well-known micro-deps in the Node ecosystem with no known issues. We pin direct override versions of `content-type` and `type-is` in `package.json#overrides`. Our previous direct dependency on `toml@3.0.0` (also single-maintainer, last released 2020) was replaced with the actively-maintained `smol-toml` to reduce inherited risk.                                         |
+| Alert                            | Where                                                                                                                                                                                            | Why it's bounded                                                                                                                                                                                                                                                                                                                                             |
+| -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| **Network access**               | `src/http-transport.ts` opens an HTTP MCP transport when started via `npm run start:http`. `src/endpoint-exposure.ts` issues a HEAD probe to verify configured public/tunnel URLs.               | The transport binds to `127.0.0.1` by default and requires `LLM_GATEWAY_AUTH_TOKEN` to be set. The default stdio MCP entry point (`npm start`) opens no sockets.                                                                                                                                                                                             |
+| **Shell access**                 | `src/executor.ts` uses `child_process.spawn(cmd, args, …)` to invoke the underlying LLM CLIs.                                                                                                    | `spawn` is called with an argument array and **never** `shell: true`, so there is no shell interpolation path for caller input. The command name is restricted to an allow-list of known CLI binaries (`claude`, `codex`, `gemini`, `grok`, `vibe`).                                                                                                         |
+| **Uses eval**                    | None in our source. Transitive: `@modelcontextprotocol/sdk` → `ajv@8` uses `new Function(...)` in `ajv/dist/compile/index.js` to compile JSON Schema validators.                                 | This is ajv's standard codegen path. Only known schemas (defined in our source and the MCP SDK) flow into it; no caller-supplied data ever reaches the compiled function body.                                                                                                                                                                               |
+| **better-sqlite3 PRAGMA helper** | Transitive: `better-sqlite3/lib/methods/pragma.js` interpolates its caller-provided `source` into a `PRAGMA ${source}` statement.                                                                | We do not call `db.pragma()` from production source. Internal SQLite setup uses fixed literal `db.exec("PRAGMA ...")` statements, and `npm run security:audit` fails the release if production code reintroduces `.pragma()` calls.                                                                                                                          |
+| **Dependency ownership**         | A handful of small transitive packages (e.g. `bindings` via `better-sqlite3`, `media-typer` via `@modelcontextprotocol/sdk`) trip Socket's "unstable ownership" or "obfuscated code" heuristics. | These are pinned, well-known micro-deps in the Node ecosystem with no known issues. We pin direct override versions of `content-type` and `type-is` in `package.json#overrides`. Our previous direct dependency on `toml@3.0.0` (also single-maintainer, last released 2020) was replaced with the actively-maintained `smol-toml` to reduce inherited risk. |
 
 See [`socket.yml`](./socket.yml) for the same context in machine-readable form.
 

package/dist/cache-stats.d.ts

@@ -136,3 +136,50 @@ export interface GlobalCacheStatsOpts {
     lastNHours?: number;
 }
 export declare function computeGlobalCacheStats(db: FlightRecorderQuery, opts?: GlobalCacheStatsOpts): GlobalCacheStats;
+/** Default response truncation budget, matching llm_job_result's maxChars. */
+export declare const PERSISTED_REQUEST_DEFAULT_MAX_CHARS = 200000;
+export interface PersistedRequestRecord {
+    correlationId: string;
+    cli: string;
+    model: string;
+    sessionId: string | null;
+    datetimeUtc: string;
+    durationMs: number | null;
+    status: string | null;
+    exitCode: number | null;
+    errorMessage: string | null;
+    retryCount: number | null;
+    circuitBreakerState: string | null;
+    costUsd: number | null;
+    /** NULL for sync requests; the async job UUID for *_request_async rows. */
+    asyncJobId: string | null;
+    inputTokens: number | null;
+    outputTokens: number | null;
+    cacheReadTokens: number | null;
+    cacheCreationTokens: number | null;
+    /** Full character length of the persisted prompt (always reported). */
+    promptChars: number;
+    /** Full character length of the persisted response (pre-truncation). */
+    responseChars: number;
+    /** True when `response` was clipped to `maxChars`. */
+    responseTruncated: boolean;
+    /** Persisted response text, truncated to maxChars. NULL if the row never completed. */
+    response: string | null;
+    /** Only present when includePrompt = true. */
+    prompt?: string;
+    /** Parsed thinking blocks (claude), or null. */
+    thinkingBlocks: string[] | null;
+}
+export interface ReadPersistedRequestOptions {
+    /** Truncate the returned response to this many characters. Default 200000. */
+    maxChars?: number;
+    /** Include the full persisted prompt text in the result. Default false. */
+    includePrompt?: boolean;
+}
+/**
+ * Fetch a single persisted request by correlation id from the flight recorder.
+ * Returns null when no row matches (including a NoopFlightRecorder, which
+ * yields no rows — i.e. flight recording disabled). The response is truncated
+ * to `maxChars`; the full pre-truncation length is reported via responseChars.
+ */
+export declare function readPersistedRequest(db: FlightRecorderQuery, correlationId: string, opts?: ReadPersistedRequestOptions): PersistedRequestRecord | null;

package/dist/cache-stats.js

@@ -235,8 +235,11 @@ export function computeGlobalCacheStats(db, opts = {}) {
             continue;
         stablePrefixReuseCount += 1;
         arr.sort((a, b) => a.datetime_utc < b.datetime_utc ? -1 : a.datetime_utc > b.datetime_utc ? 1 : 0);
-        for (let i = 1; i < arr.length; i++) {
-            creationAfterFirstSum += arr[i].cache_creation_tokens;
+        // Every row after the first-by-time in this prefix group (the reuse
+        // calls). Iterate the tail directly rather than index-walking `arr`.
+        const [, ...afterFirst] = arr;
+        for (const entry of afterFirst) {
+            creationAfterFirstSum += entry.cache_creation_tokens;
             creationAfterFirstCount += 1;
         }
     }
@@ -266,3 +269,83 @@ export function computeGlobalCacheStats(db, opts = {}) {
         avgCacheCreationAfterFirstCall,
     };
 }
+//──────────────────────────────────────────────────────────────────────────────
+// Read-back of a single persisted request by correlation id.
+//
+// The flight recorder already persists every request's `response` column on
+// logComplete (flight-recorder.ts), regardless of sync vs async. But the only
+// MCP read-back surface — llm_job_result — is keyed on an async job id and
+// reads the AsyncJobManager, not the recorder. So a *sync* response (which has
+// async_job_id = NULL and is handed back inline exactly once) has no retrieval
+// path after the fact. This helper closes that gap: given the correlationId
+// that every sync/async response echoes in `structuredContent.correlationId`,
+// it returns the persisted row from the recorder. Pure read-only — uses the
+// same FlightRecorderQuery surface as the cache aggregates above.
+//──────────────────────────────────────────────────────────────────────────────
+/** Default response truncation budget, matching llm_job_result's maxChars. */
+export const PERSISTED_REQUEST_DEFAULT_MAX_CHARS = 200_000;
+function parseThinkingBlocks(raw) {
+    if (!raw)
+        return null;
+    try {
+        const parsed = JSON.parse(raw);
+        return Array.isArray(parsed) ? parsed.filter((b) => typeof b === "string") : null;
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Fetch a single persisted request by correlation id from the flight recorder.
+ * Returns null when no row matches (including a NoopFlightRecorder, which
+ * yields no rows — i.e. flight recording disabled). The response is truncated
+ * to `maxChars`; the full pre-truncation length is reported via responseChars.
+ */
+export function readPersistedRequest(db, correlationId, opts = {}) {
+    const maxChars = opts.maxChars ?? PERSISTED_REQUEST_DEFAULT_MAX_CHARS;
+    const rows = db.queryRequests(`SELECT r.id, r.cli, r.model, r.prompt, r.response, r.session_id,
+            r.datetime_utc, r.duration_ms, r.input_tokens, r.output_tokens,
+            r.cache_read_tokens, r.cache_creation_tokens,
+            m.retry_count, m.circuit_breaker_state, m.cost_usd,
+            m.exit_code, m.error_message, m.async_job_id, m.status,
+            m.thinking_blocks
+     FROM requests r
+     LEFT JOIN gateway_metadata m ON m.request_id = r.id
+     WHERE r.id = ?
+     LIMIT 1`, correlationId);
+    const [row] = rows;
+    if (!row)
+        return null;
+    const fullResponse = row.response;
+    const responseChars = fullResponse ? fullResponse.length : 0;
+    const responseTruncated = fullResponse != null && responseChars > maxChars;
+    const response = fullResponse == null ? null : fullResponse.slice(0, maxChars);
+    const record = {
+        correlationId: row.id,
+        cli: row.cli,
+        model: row.model,
+        sessionId: row.session_id,
+        datetimeUtc: row.datetime_utc,
+        durationMs: row.duration_ms,
+        status: row.status,
+        exitCode: row.exit_code,
+        errorMessage: row.error_message,
+        retryCount: row.retry_count,
+        circuitBreakerState: row.circuit_breaker_state,
+        costUsd: row.cost_usd,
+        asyncJobId: row.async_job_id,
+        inputTokens: row.input_tokens,
+        outputTokens: row.output_tokens,
+        cacheReadTokens: row.cache_read_tokens,
+        cacheCreationTokens: row.cache_creation_tokens,
+        promptChars: row.prompt ? row.prompt.length : 0,
+        responseChars,
+        responseTruncated,
+        response,
+        thinkingBlocks: parseThinkingBlocks(row.thinking_blocks),
+    };
+    if (opts.includePrompt) {
+        record.prompt = row.prompt ?? "";
+    }
+    return record;
+}

package/dist/config.js

@@ -2,7 +2,7 @@ import { existsSync, readFileSync } from "fs";
 import os from "os";
 import path from "path";
 import { createRequire } from "module";
-import { z } from "zod";
+import { z } from "zod/v3";
 import { logWarn, noopLogger } from "./logger.js";
 // Zod schemas for configuration validation
 const DatabaseUrlSchema = z

package/dist/doctor.d.ts

@@ -132,6 +132,19 @@ export interface DoctorReport {
         vibe_session_logging: VibeSessionLoggingStatus;
     };
     cache_awareness: CacheAwarenessReport;
+    upstream: {
+        note: string;
+        recommendation: string;
+        how_to_check: string;
+        /** Whether the expensive installed binary probe was performed (requires --probe-upstream). */
+        probed: boolean;
+        /** Cheap installed versions (always present when CLIs are detected). */
+        installed_versions: Partial<Record<CliType, string | null>>;
+        /** Lightweight declared contracts (always present, no spawning). */
+        contracts: ReturnType<typeof import("./upstream-contracts.js").buildUpstreamContractReport>;
+        /** Full probed report only when --probe-upstream was used. */
+        probe_report?: ReturnType<typeof import("./upstream-contracts.js").buildUpstreamContractReport>;
+    };
     next_actions: string[];
 }
 export interface CreateDoctorReportOptions {
@@ -147,6 +160,14 @@ export interface CreateDoctorReportOptions {
      * absent, `enabled_features` is empty (all behaviour considered off).
      */
     cacheAwareness?: CacheAwarenessConfig;
+    /**
+     * When true, perform the (potentially slow) installed CLI --help probe
+     * for upstream contract drift detection. This is opt-in because it
+     * spawns the real provider CLIs.
+     */
+    probeUpstream?: boolean;
 }
 export declare function createDoctorReport(envOrOptions?: NodeJS.ProcessEnv | CreateDoctorReportOptions): DoctorReport;
-export declare function printDoctorJson(): void;
+export declare function printDoctorJson(opts?: {
+    probeUpstream?: boolean;
+}): void;

package/dist/doctor.js

@@ -9,6 +9,7 @@ import { CLAUDE_MCP_SERVER_NAMES } from "./claude-mcp-config.js";
 import { loadCacheAwarenessConfig } from "./config.js";
 import { computeGlobalCacheStats } from "./cache-stats.js";
 import { FlightRecorder, resolveFlightRecorderDbPath } from "./flight-recorder.js";
+import { buildUpstreamContractReport } from "./upstream-contracts.js";
 /**
  * Probe ~/.vibe/config.toml to see whether session_logging is enabled. Current
  * Mistral Vibe defaults session logging to enabled; an explicit
@@ -274,6 +275,25 @@ export function createDoctorReport(envOrOptions = process.env) {
     const publicUrl = redactDiagnosticUrl(rawPublicUrl);
     const endpointExposure = createEndpointExposureReport(env, publicUrl);
     const providerStatuses = listProviderRuntimeStatuses();
+    const installedVersions = {};
+    for (const [name, status] of Object.entries(providerStatuses)) {
+        installedVersions[name] = status.version;
+    }
+    const lightweightContracts = buildUpstreamContractReport({ probeInstalled: false });
+    const probeReport = opts.probeUpstream
+        ? buildUpstreamContractReport({ probeInstalled: true })
+        : undefined;
+    const upstream = {
+        note: "The gateway declares strict contracts for what flags, output modes, permission modes, and session/resume behaviour each provider CLI is expected to support.",
+        recommendation: "After upgrading any provider CLI (especially fast-moving vendor binaries like grok), run the installed binary probe to detect drift between what the gateway expects and what your installed CLI actually advertises.",
+        how_to_check: "llm-cli-gateway contracts --json --probe-installed   (or with --cli=grok etc.)",
+        probed: !!opts.probeUpstream,
+        installed_versions: installedVersions,
+        contracts: lightweightContracts,
+    };
+    if (probeReport) {
+        upstream.probe_report = probeReport;
+    }
     const report = {
         schema_version: "1.0",
         ok: true,
@@ -315,6 +335,7 @@ export function createDoctorReport(envOrOptions = process.env) {
         endpoint_exposure: endpointExposure,
         client_config: clientConfigStatus(),
         cache_awareness: buildCacheAwarenessReport(opts),
+        upstream,
         next_actions: [],
     };
     if (transport === "http" && auth.required && !auth.tokenConfigured) {
@@ -346,9 +367,21 @@ export function createDoctorReport(envOrOptions = process.env) {
     if (report.next_actions.length === 0) {
         report.next_actions.push("Run a client setup guide and verify with doctor --json after each step.");
     }
+    // Upstream drift detection recommendation — surfaced for habitual use after provider upgrades.
+    const hasAnyCli = Object.values(report.providers).some(p => p.cli_available);
+    if (hasAnyCli) {
+        if (report.upstream.probed) {
+            report.next_actions.push("Upstream probe was run (see upstream.probe_report for installed vs declared drift).");
+        }
+        else {
+            report.next_actions.push("After upgrading provider CLIs, check for contract drift: " +
+                report.upstream.how_to_check +
+                "  (add --probe-upstream to this doctor command for one-shot probing)");
+        }
+    }
     return report;
 }
-export function printDoctorJson() {
+export function printDoctorJson(opts = {}) {
     // Load cache-awareness config + open the flight recorder so the doctor
     // command can populate cache_awareness.last_24h. Both are best-effort —
     // failures degrade to the zeroed block (buildCacheAwarenessReport
@@ -373,6 +406,7 @@ export function printDoctorJson() {
         env: process.env,
         cacheAwareness,
         flightRecorder,
+        probeUpstream: opts.probeUpstream,
     });
     process.stdout.write(`${JSON.stringify(report, null, 2)}\n`);
     if (flightRecorder) {

package/dist/index.d.ts

@@ -1,6 +1,6 @@
 #!/usr/bin/env node
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
-import { z } from "zod";
+import { z } from "zod/v3";
 import { ISessionManager } from "./session-manager.js";
 import { ResourceProvider } from "./resources.js";
 import { PerformanceMetrics } from "./metrics.js";