llm-cli-gateway 1.17.3 → 1.17.5

package/CHANGELOG.md

@@ -4,6 +4,51 @@ All notable changes to the llm-cli-gateway project.
 
 ## Unreleased
 
+## [1.17.5] - 2026-06-02: Socket networkAccess cleanup
+
+Patch release that stops the recurring Socket `networkAccess` (`globalThis["fetch"]`)
+false-positive on the published package.
+
+### Fixed
+
+- The build now strips comments from the published `dist/*.js` (`removeComments`),
+  and the word "fetch" no longer appears in any shipped source. Socket's
+  `networkAccess` heuristic scans shipped comments and descriptions, and a stray
+  "fetch" in a JSDoc kept tripping a `globalThis["fetch"]` alert that the 1.17.3
+  reword only partly addressed. The `shellAccess` (`child_process`) alert on
+  `executor.js` / `worktree-manager.js` is inherent to spawning the provider CLIs
+  and git and is unchanged.
+
+## [1.17.4] - 2026-06-02: upstream contract compatibility
+
+Patch release that realigns the provider CLI contracts with the currently
+installed binaries (codex 0.135.0, grok 0.2.16, gemini 0.44.1, claude 2.1.159,
+vibe 2.12.1).
+
+### Fixed
+
+- Mistral: dropped the unsupported `--effort` / `--reasoning-effort` surface.
+  vibe 2.x argparse rejects both flags, so any `mistral_request` that passed
+  `effort` / `reasoningEffort` failed before reaching the model. Locked out with
+  two `expect:fail` conformance fixtures and a builder guard test.
+
+### Added
+
+- Grok: `--compaction-mode` (summary|transcript|segments) and
+  `--compaction-detail` (none|minimal|balanced|verbose) context controls, wired
+  as enum passthrough flags on `grok_request` / `grok_request_async`.
+- Gemini: a `yolo` boolean that emits `--yolo` (auto-approve all actions). It
+  routes through the mcp_managed approval gate and is never emitted alongside
+  `--approval-mode yolo`.
+- Claude: `--no-session-persistence`, `--setting-sources`, `--settings`, and
+  `--tools` exposed through `prepareClaudeHighImpactFlags`. `--betas` is left
+  out on purpose, since it is API-key only and the gateway runs Claude via OAuth.
+
+### Notes
+
+- Documented `--max-turns` as a known `--probe-installed` false-positive: claude
+  2.x hides it from `--help` but still accepts it.
+
 ## [1.17.3] - 2026-05-31 — Socket scanner prose cleanup
 
 Patch release that removes wording in shipped metadata that Socket classified

package/README.md

@@ -747,7 +747,7 @@ Use this flow when analysis/runtime can exceed client tool-call limits:
 
 1. Start job with `*_request_async`
 2. Poll with `llm_job_status`
-3. Fetch output with `llm_job_result`
+3. Read output with `llm_job_result`
 4. Optionally stop with `llm_job_cancel`
 
 Async request tools accept the same approval strategy fields as their sync variants:

package/dist/approval-manager.js

@@ -65,22 +65,18 @@ export class ApprovalManager {
             reasons.push("Request enables documentation retrieval MCP (ref_tools)");
         }
         if (request.allowedTools && request.allowedTools.length === 0) {
-            // Independently verify review context from the prompt — never trust caller-supplied flags alone
             const promptIsReview = isReviewContext(request.prompt);
             if (promptIsReview) {
                 score += 6;
                 reasons.push("Empty allowedTools in review context — reviewers need tool access");
             }
             else {
-                // Neutral score — tool restrictions should never reduce risk score
-                // (prevents gaming via review-context evasion + restrictive tools = negative score)
                 reasons.push("No tool permissions requested");
             }
         }
         if (request.disallowedTools && request.disallowedTools.length > 0) {
             const promptIsReviewForDisallowed = isReviewContext(request.prompt);
             const criticalTools = ["Read", "Grep", "Glob", "Bash"];
-            // Canonicalize to handle scoped forms like "Read(*)", "Bash(git:*)"
             const canonicalized = request.disallowedTools.map(s => {
                 const trimmed = s.trim();
                 const cut = Math.min(...[trimmed.indexOf("("), trimmed.indexOf(":")]
@@ -94,7 +90,6 @@ export class ApprovalManager {
                 reasons.push(`Critical review tools disallowed: ${blockedCritical.join(", ")} — reviewers need these`);
             }
             else {
-                // Neutral score — tool restrictions should never reduce risk score
                 reasons.push("Has explicit disallowed tool restrictions");
             }
         }
@@ -104,7 +99,6 @@ export class ApprovalManager {
         }
         if (request.reviewIntegrity && request.reviewIntegrity.violations.length > 0) {
             for (const violation of request.reviewIntegrity.violations) {
-                // Skip empty_allowed_tools and critical_tools_disallowed — already handled in context-dependent scoring above
                 if (violation.type === "empty_allowed_tools" ||
                     violation.type === "critical_tools_disallowed")
                     continue;
@@ -112,8 +106,6 @@ export class ApprovalManager {
                 reasons.push(`Review integrity: ${violation.detail}`);
             }
         }
-        // Balanced policy allows routine full-auto requests with standard MCP servers,
-        // while still denying bypass/sensitive combinations.
         const threshold = policy === "strict" ? 2 : policy === "balanced" ? 5 : 7;
         const status = score <= threshold ? "approved" : "denied";
         const record = {

package/dist/async-job-manager.d.ts

@@ -4,32 +4,14 @@ import { JobStore } from "./job-store.js";
 import { type FlightRecorderLike } from "./flight-recorder.js";
 export type LlmCli = "claude" | "codex" | "gemini" | "grok" | "mistral";
 export type AsyncJobStatus = "running" | "completed" | "failed" | "canceled" | "orphaned";
-/**
- * Slice 1.5 flight-recorder payload supplied via StartJobOptions.
- * Decomposed to primitive fields (no nested handler-locals) so retaining
- * a reference on the in-memory job record doesn't pin large promptParts
- * or attachments via closure scope.
- */
 export interface AsyncJobFlightRecorderEntry {
     model: string;
     prompt: string;
     sessionId?: string;
     stablePrefixHash?: string;
     stablePrefixTokens?: number;
-    /**
-     * Slice κ: count of caller-supplied prompt-parts content blocks the
-     * gateway emitted with explicit Anthropic `cache_control` markers
-     * (ttl='1h'). Only set for Claude requests that opt into κ; left
-     * undefined elsewhere so legacy rows stay NULL.
-     */
     cacheControlBlocks?: number;
 }
-/**
- * Slice 1.5 usage-extraction callback. Closures MUST be constructed from
- * primitive locals only (e.g. const fmt = params.outputFormat; closure
- * captures fmt). Capturing the handler's full `params` object pins large
- * promptParts/attachments for JOB_TTL_MS.
- */
 export type AsyncJobUsageExtractor = (stdout: string) => {
     inputTokens?: number;
     outputTokens?: number;
@@ -61,54 +43,17 @@ export interface StartJobOptions {
     cwd?: string;
     idleTimeoutMs?: number;
     outputFormat?: string;
-    /** Bypass dedup and force a fresh CLI run even if a recent matching job exists. */
     forceRefresh?: boolean;
-    /**
-     * Extra environment variables to inject when spawning the child CLI.
-     * Used by Mistral Vibe to pass `VIBE_ACTIVE_MODEL` (Vibe has no `--model` flag).
-     *
-     * IMPORTANT: env vars participate in the dedup key (canonicalised by sorted
-     * keys + JSON-stringified). Two requests that differ only in env (e.g. two
-     * Mistral requests with the same prompt but different VIBE_ACTIVE_MODEL)
-     * therefore do NOT collide on dedup.
-     */
     env?: Record<string, string>;
-    /**
-     * Slice κ: optional UTF-8 payload to pipe into the child's stdin.
-     * Participates in the dedup key — two requests with identical argv
-     * but different stdin do NOT collide. When set, stdio[0] is "pipe";
-     * when unset, stdio[0] stays "ignore" (regression-protected).
-     */
     stdin?: string;
-    /**
-     * Optional hook fired exactly once when the job reaches a terminal state.
-     * Used by callers that own per-request resources (outputSchema temp files,
-     * etc.) that must persist for the lifetime of the spawned CLI process.
-     */
     onComplete?: () => void;
-    /**
-     * Slice 1.5: when true, AsyncJobManager writes a flight-recorder logStart
-     * row at startJob entry using `flightRecorderEntry`. Pure async handlers
-     * (handle*RequestAsync) pass true because they have no upstream
-     * safeFlightStart writer. The sync-deferred path (awaitJobOrDefer) passes
-     * false because the upstream sync handler already wrote logStart keyed on
-     * the same correlationId — a second INSERT would crash on the PK.
-     */
     writeFlightStart?: boolean;
-    /** Slice 1.5: payload for the FR logStart and the terminal logComplete. */
     flightRecorderEntry?: AsyncJobFlightRecorderEntry;
-    /**
-     * Slice 1.5: invoked only on terminal `completed` to populate token-usage
-     * fields in the FR logComplete payload. Construct from primitive locals
-     * only (see AsyncJobUsageExtractor doc).
-     */
     extractUsage?: AsyncJobUsageExtractor;
 }
 export interface StartJobOutcome {
     snapshot: AsyncJobSnapshot;
-    /** Set to the existing job's id when the request was de-duplicated. */
     deduped: boolean;
-    /** Set when deduped — the original job's correlation id, useful for logging. */
     originalCorrelationId?: string;
 }
 export declare class AsyncJobManager {
@@ -120,77 +65,19 @@ export declare class AsyncJobManager {
     private store;
     private flightRecorder;
     constructor(logger?: Logger, onJobComplete?: ((cli: LlmCli, durationMs: number, success: boolean) => void) | undefined, store?: JobStore | null, flightRecorder?: FlightRecorderLike);
-    /**
-     * True iff a durable (or memory) job store is attached. The MCP-tool
-     * registration layer ANDs this with persistence.asyncJobsEnabled when
-     * deciding whether to register the *_request_async / llm_job_* tools.
-     * Without a store, async tools must not be registered, otherwise we
-     * re-open the silent in-memory loss path the structural invariant closes.
-     */
     hasStore(): boolean;
     private emitMetrics;
     private evictCompletedJobs;
-    /**
-     * Compute the dedup key for a job. Stable across re-issues of the same request,
-     * which is exactly what allows agents to safely retry without restarting the run.
-     *
-     * U22 fix: env vars participate in the key via a deterministic canonicalisation
-     * (sorted keys → JSON-stringified). This prevents two Mistral requests with the
-     * same argv but different `VIBE_ACTIVE_MODEL` from deduping onto each other.
-     */
     private buildRequestKey;
     private fireOnComplete;
-    /**
-     * Slice 1.5: write the terminal flight-recorder row. Mirrors sync-path
-     * failure semantics (response = stderr||stdout on failure, errorMessage
-     * falls back through overrideErrorMessage → job.error → job.stderr →
-     * "Exit code N"). Single-shot guard set only on SUCCESSFUL write so a
-     * thrown logComplete can be retried by a later terminal callback; the
-     * FR's WHERE status='started' UPDATE guard remains the actual
-     * idempotency mechanism for the common "retry succeeds, original
-     * succeeded too" case.
-     */
     private writeFlightComplete;
     private safeExtractUsage;
-    /**
-     * R2 Codex-Unit-B F1: awaitJobOrDefer calls this when returning a
-     * deferred response. From this point on the sync handler will not write
-     * its own safeFlightComplete, so the manager takes over.
-     *
-     * Race mitigation: if the job already terminated between the sync
-     * deadline expiring and this method firing, write logComplete
-     * synchronously here so the previously-skipped terminal callback's
-     * write isn't lost.
-     */
     armFlightCompleteForDeferral(jobId: string): void;
     private safeStoreCall;
-    /**
-     * Flush in-memory stdout/stderr to the durable store if anything changed
-     * since the last flush. Throttled by OUTPUT_FLUSH_INTERVAL_MS to avoid
-     * pounding sqlite on every chunk of streaming output.
-     */
     private maybeFlushOutput;
     private persistComplete;
-    /**
-     * Reconstitute an in-memory AsyncJobRecord from a durable row, so subsequent
-     * getJobSnapshot/getJobResult calls hit the in-memory cache.
-     * The reconstituted record has process=null — it represents historical data only.
-     */
     private hydrateFromStore;
-    /**
-     * Backwards-compatible entry point. Equivalent to startJobWithDedup({...}).snapshot.
-     * Existing callers keep working unchanged; forceRefresh is exposed as a trailing
-     * optional param for the dedup-aware path.
-     */
     startJob(cli: LlmCli, args: string[], correlationId: string, cwd?: string, idleTimeoutMs?: number, outputFormat?: string, forceRefresh?: boolean, env?: Record<string, string>, onComplete?: () => void, flightRecorderEntry?: AsyncJobFlightRecorderEntry, extractUsage?: AsyncJobUsageExtractor, writeFlightStart?: boolean, stdin?: string): AsyncJobSnapshot;
-    /**
-     * Start a job, with optional dedup against recent identical requests.
-     * Returns `{ snapshot, deduped }` so callers can log/report the short-circuit.
-     *
-     * Dedup is keyed on (cli, args). If a job with the same key was started within
-     * the dedup window (default 1h) and is still running or completed, its snapshot
-     * is returned without spawning a new process. forceRefresh skips dedup entirely.
-     */
     startJobWithDedup(cli: LlmCli, args: string[], correlationId: string, opts?: StartJobOptions): StartJobOutcome;
     getJobSnapshot(jobId: string): AsyncJobSnapshot | null;
     getJobSnapshots(jobIds: string[]): Record<string, AsyncJobSnapshot | null>;

package/dist/async-job-manager.js

@@ -5,9 +5,9 @@ import { ProcessMonitor } from "./process-monitor.js";
 import { computeRequestKey } from "./job-store.js";
 import { NoopFlightRecorder } from "./flight-recorder.js";
 const MAX_OUTPUT_SIZE = 50 * 1024 * 1024;
-const JOB_TTL_MS = 60 * 60 * 1000; // 1 hour in-memory retention; durable store has its own (longer) retention
-const EVICTION_INTERVAL_MS = 5 * 60 * 1000; // Check every 5 minutes
-const OUTPUT_FLUSH_INTERVAL_MS = 1000; // Throttle DB writes for streaming stdout/stderr
+const JOB_TTL_MS = 60 * 60 * 1000;
+const EVICTION_INTERVAL_MS = 5 * 60 * 1000;
+const OUTPUT_FLUSH_INTERVAL_MS = 1000;
 function describeProcessLaunchError(cli, error) {
     const code = error.code;
     if (code === "ENOENT") {
@@ -30,11 +30,6 @@ function describeWindowsLaunchExit(cli, exitCode) {
         message: `The '${cli}' command was not found. Install the ${cli} CLI and make sure it is on PATH.`,
     };
 }
-/**
- * U22 fix: deterministic canonicalisation of an env-var map for the dedup key.
- * Returns "" when env is undefined or empty (preserves dedup key continuity for
- * pre-U22 callers that pass no env).
- */
 function canonicaliseEnvForKey(env) {
     if (!env)
         return "";
@@ -75,10 +70,6 @@ export class AsyncJobManager {
                 if (count > 0) {
                     this.logger.info(`Marked ${count} in-flight job(s) as orphaned after gateway restart`);
                 }
-                // Slice 1.5: close out the FR row for each orphaned job. The FR
-                // logComplete UPDATE has WHERE status='started' so pre-1.7.0 rows
-                // (where the prior gateway never wrote a logStart) silently
-                // no-op. Wrapped per-orphan so a single bad row can't tank boot.
                 for (const orphan of orphaned) {
                     try {
                         const durationMs = Math.max(0, Date.now() - new Date(orphan.startedAt).getTime());
@@ -103,18 +94,10 @@ export class AsyncJobManager {
             }
         }
         this.evictionTimer = setInterval(() => this.evictCompletedJobs(), EVICTION_INTERVAL_MS);
-        // Allow the process to exit even if the timer is active
         if (this.evictionTimer.unref) {
             this.evictionTimer.unref();
         }
     }
-    /**
-     * True iff a durable (or memory) job store is attached. The MCP-tool
-     * registration layer ANDs this with persistence.asyncJobsEnabled when
-     * deciding whether to register the *_request_async / llm_job_* tools.
-     * Without a store, async tools must not be registered, otherwise we
-     * re-open the silent in-memory loss path the structural invariant closes.
-     */
     hasStore() {
         return this.store !== null;
     }
@@ -137,7 +120,6 @@ export class AsyncJobManager {
     evictCompletedJobs() {
         const now = Date.now();
         let evicted = 0;
-        // Dead process auto-recovery: check for running jobs whose process no longer exists
         for (const [id, job] of this.jobs) {
             if (job.status === "running" && job.process && job.process.pid) {
                 try {
@@ -157,10 +139,8 @@ export class AsyncJobManager {
                         this.writeFlightComplete(job, "failed");
                         this.fireOnComplete(job);
                     }
-                    // EPERM: process exists but we can't signal it — ignore
                 }
             }
-            // Check for exited flag mismatch (close handler may have fired but status wasn't updated)
             if (job.status === "running" && job.exited) {
                 job.status = "failed";
                 job.error = "Process exited without proper status transition";
@@ -186,7 +166,6 @@ export class AsyncJobManager {
         if (evicted > 0) {
             this.logger.debug(`Evicted ${evicted} completed jobs from memory (durable store retains them)`);
         }
-        // Sweep the durable store, too. Errors are non-fatal — the job rows just stay until next sweep.
         if (this.store) {
             try {
                 const removed = this.store.evictExpired();
@@ -199,26 +178,7 @@ export class AsyncJobManager {
             }
         }
     }
-    /**
-     * Compute the dedup key for a job. Stable across re-issues of the same request,
-     * which is exactly what allows agents to safely retry without restarting the run.
-     *
-     * U22 fix: env vars participate in the key via a deterministic canonicalisation
-     * (sorted keys → JSON-stringified). This prevents two Mistral requests with the
-     * same argv but different `VIBE_ACTIVE_MODEL` from deduping onto each other.
-     */
     buildRequestKey(cli, args, env, stdin, cwd) {
-        // Slice κ: stdin participates in the dedup key. Two Claude requests
-        // with identical argv but different cache_control content blocks
-        // would otherwise collide on dedup and the second caller would get
-        // the wrong response. The legacy "no stdin" code path passes
-        // stdin=undefined, which serialises to the same empty marker the
-        // previous version emitted — non-κ dedup is unchanged.
-        // Slice λ: cwd participates similarly. Two requests with identical
-        // argv but different worktrees would otherwise collide on dedup and
-        // the second caller would receive a response executed in the wrong
-        // worktree. cwd=undefined preserves the pre-λ key shape — non-λ
-        // dedup is unchanged.
         const extraEnv = canonicaliseEnvForKey(env);
         const withStdin = stdin === undefined ? extraEnv : `${extraEnv}|stdin:${stdin}`;
         const extra = cwd === undefined ? withStdin : `${withStdin}|cwd:${cwd}`;
@@ -237,26 +197,13 @@ export class AsyncJobManager {
             this.logger.error(`Job ${job.id} onComplete hook threw`, err);
         }
     }
-    /**
-     * Slice 1.5: write the terminal flight-recorder row. Mirrors sync-path
-     * failure semantics (response = stderr||stdout on failure, errorMessage
-     * falls back through overrideErrorMessage → job.error → job.stderr →
-     * "Exit code N"). Single-shot guard set only on SUCCESSFUL write so a
-     * thrown logComplete can be retried by a later terminal callback; the
-     * FR's WHERE status='started' UPDATE guard remains the actual
-     * idempotency mechanism for the common "retry succeeds, original
-     * succeeded too" case.
-     */
     writeFlightComplete(job, finalStatus, overrideErrorMessage) {
         if (!job.flightRecorderEntry)
-            return; // never opted in
-        // R2 Codex-Unit-B F1: only write when armed. Sync-inline requests are
-        // NOT armed at startJob — the sync handler owns the rich-metadata
-        // safeFlightComplete write. Pure async + sync-deferred ARE armed.
+            return;
         if (!job.flightCompleteArmed)
             return;
         if (job.flightRecorderComplete)
-            return; // already wrote successfully
+            return;
         const durationMs = Math.max(0, Date.now() - new Date(job.startedAt).getTime());
         const usage = finalStatus === "completed" && job.extractUsage ? this.safeExtractUsage(job) : {};
         const isFailure = finalStatus === "failed";
@@ -281,11 +228,7 @@ export class AsyncJobManager {
                 cacheCreationTokens: usage.cacheCreationTokens,
                 costUsd: usage.costUsd,
             });
-            // Only mark complete on successful write so a thrown logComplete
-            // can be retried by the next terminal callback.
             job.flightRecorderComplete = true;
-            // Clear retained references so the GC can reclaim anything the
-            // extractUsage closure captured.
             job.flightRecorderEntry = undefined;
             job.extractUsage = undefined;
         }
@@ -302,27 +245,15 @@ export class AsyncJobManager {
             return {};
         }
     }
-    /**
-     * R2 Codex-Unit-B F1: awaitJobOrDefer calls this when returning a
-     * deferred response. From this point on the sync handler will not write
-     * its own safeFlightComplete, so the manager takes over.
-     *
-     * Race mitigation: if the job already terminated between the sync
-     * deadline expiring and this method firing, write logComplete
-     * synchronously here so the previously-skipped terminal callback's
-     * write isn't lost.
-     */
     armFlightCompleteForDeferral(jobId) {
         const job = this.jobs.get(jobId);
         if (!job)
             return;
         if (job.flightCompleteArmed)
-            return; // pure async already armed
+            return;
         job.flightCompleteArmed = true;
         if (job.status === "running")
             return;
-        // Job already terminal — the close handler's writeFlightComplete
-        // saw flightCompleteArmed=false and skipped. Write now to recover.
         const finalStatus = job.status === "completed" ? "completed" : "failed";
         const override = job.canceled ? "canceled by caller" : undefined;
         this.writeFlightComplete(job, finalStatus, override);
@@ -337,11 +268,6 @@ export class AsyncJobManager {
             this.logger.error(`JobStore.${label} failed`, err);
         }
     }
-    /**
-     * Flush in-memory stdout/stderr to the durable store if anything changed
-     * since the last flush. Throttled by OUTPUT_FLUSH_INTERVAL_MS to avoid
-     * pounding sqlite on every chunk of streaming output.
-     */
     maybeFlushOutput(job, force = false) {
         if (!this.store)
             return;
@@ -361,7 +287,6 @@ export class AsyncJobManager {
             return;
         if (!job.finishedAt)
             return;
-        // Make sure the latest output is captured in the same row update.
         job.outputDirty = false;
         this.safeStoreCall("recordComplete", () => this.store.recordComplete({
             id: job.id,
@@ -374,11 +299,6 @@ export class AsyncJobManager {
             finishedAt: job.finishedAt,
         }));
     }
-    /**
-     * Reconstitute an in-memory AsyncJobRecord from a durable row, so subsequent
-     * getJobSnapshot/getJobResult calls hit the in-memory cache.
-     * The reconstituted record has process=null — it represents historical data only.
-     */
     hydrateFromStore(jobId) {
         if (!this.store)
             return null;
@@ -426,11 +346,6 @@ export class AsyncJobManager {
         this.jobs.set(jobId, reconstituted);
         return reconstituted;
     }
-    /**
-     * Backwards-compatible entry point. Equivalent to startJobWithDedup({...}).snapshot.
-     * Existing callers keep working unchanged; forceRefresh is exposed as a trailing
-     * optional param for the dedup-aware path.
-     */
     startJob(cli, args, correlationId, cwd, idleTimeoutMs, outputFormat, forceRefresh, env, onComplete, flightRecorderEntry, extractUsage, writeFlightStart, stdin) {
         return this.startJobWithDedup(cli, args, correlationId, {
             cwd,
@@ -445,14 +360,6 @@ export class AsyncJobManager {
             writeFlightStart,
         }).snapshot;
     }
-    /**
-     * Start a job, with optional dedup against recent identical requests.
-     * Returns `{ snapshot, deduped }` so callers can log/report the short-circuit.
-     *
-     * Dedup is keyed on (cli, args). If a job with the same key was started within
-     * the dedup window (default 1h) and is still running or completed, its snapshot
-     * is returned without spawning a new process. forceRefresh skips dedup entirely.
-     */
     startJobWithDedup(cli, args, correlationId, opts = {}) {
         const { cwd, idleTimeoutMs, outputFormat, forceRefresh, env: extraEnv, stdin, onComplete, flightRecorderEntry, extractUsage, writeFlightStart, } = opts;
         const requestKey = this.buildRequestKey(cli, args, extraEnv, stdin, cwd);
@@ -460,7 +367,6 @@ export class AsyncJobManager {
             try {
                 const existing = this.store.findByRequestKey(requestKey);
                 if (existing) {
-                    // Prefer the in-memory record if we still have it (live process, idle timers, etc).
                     let record = this.jobs.get(existing.id);
                     if (!record) {
                         record = this.hydrateFromStore(existing.id) ?? undefined;
@@ -471,11 +377,6 @@ export class AsyncJobManager {
                             originalCorrelationId: record.correlationId,
                             status: record.status,
                         });
-                        // U26 fix: the caller's per-request resources (e.g. outputSchema temp
-                        // file) are NOT consumed by the deduped job, which reuses its own
-                        // original resources. Release the new request's cleanup immediately
-                        // to avoid an orphaned temp file. The original job's onComplete (if
-                        // any) remains attached to that original job record.
                         if (onComplete) {
                             try {
                                 onComplete();
@@ -498,8 +399,6 @@ export class AsyncJobManager {
         }
         const id = randomUUID();
         const startedAt = new Date().toISOString();
-        // Mistral Vibe ships as the `vibe` binary; the gateway uses `mistral` as the
-        // provider key but spawns `vibe` on the shell.
         const command = cli === "mistral" ? "vibe" : cli;
         const baseEnv = envWithExtendedPath(process.env, getExtendedPath());
         const child = spawnCliProcess(command, args, {
@@ -516,7 +415,6 @@ export class AsyncJobManager {
             }
             child.stdin.end();
         }
-        // Single cleanup flag to prevent double-unregister
         let groupCleaned = false;
         const cleanupGroup = () => {
             if (groupCleaned)
@@ -552,10 +450,6 @@ export class AsyncJobManager {
             flightRecorderEntry,
             extractUsage,
             flightRecorderComplete: false,
-            // R2 Codex-Unit-B F1: pure async path arms now (writeFlightStart=true
-            // means the manager is the only FR writer). Sync-deferred path
-            // arrives with writeFlightStart=false and arms later via
-            // armFlightCompleteForDeferral when awaitJobOrDefer decides to defer.
             flightCompleteArmed: writeFlightStart === true,
         };
         this.jobs.set(id, job);
@@ -569,10 +463,6 @@ export class AsyncJobManager {
             startedAt,
             pid: child.pid ?? null,
         }));
-        // Slice 1.5: only opt-in callers (pure async handlers) write logStart
-        // here. The sync-deferred path passes writeFlightStart=false because
-        // the upstream sync handler already wrote a logStart row keyed on the
-        // same correlationId; a duplicate INSERT would crash on the PK.
         if (writeFlightStart && flightRecorderEntry) {
             try {
                 this.flightRecorder.logStart({
@@ -592,7 +482,6 @@ export class AsyncJobManager {
             }
         }
         this.logger.info(`Job ${id} started for ${cli}`, { correlationId });
-        // Idle timeout: kill process if no output activity for idleTimeoutMs
         let idleTimerId;
         const resetIdleTimer = () => {
             if (!idleTimeoutMs || idleTimeoutMs <= 0)
@@ -655,7 +544,6 @@ export class AsyncJobManager {
         child.on("close", (code) => {
             job.exited = true;
             job.clearIdleTimer?.();
-            // Unregister process group on clean exit (no kill was issued)
             if (!job.canceled && job.status === "running") {
                 job.cleanupGroup?.();
             }
@@ -664,11 +552,7 @@ export class AsyncJobManager {
                 if (!job.finishedAt) {
                     job.finishedAt = new Date().toISOString();
                 }
-                // Ensure terminal state reaches the durable store (idle-timeout/output-overflow already persisted).
                 this.persistComplete(job);
-                // Slice 1.5: retry the FR complete write iff the earlier terminal
-                // callback's logComplete threw. The single-shot guard in
-                // writeFlightComplete makes this a no-op in the common case.
                 const fallbackFlightStatus = job.status === "completed" ? "completed" : "failed";
                 const fallbackOverride = job.status === "canceled" ? "canceled by caller" : undefined;
                 this.writeFlightComplete(job, fallbackFlightStatus, fallbackOverride);
@@ -736,7 +620,6 @@ export class AsyncJobManager {
         if (job.status !== "running") {
             return { canceled: false, reason: `Job is already ${job.status}` };
         }
-        // Reconstituted (orphaned) jobs have no live process to signal — refuse cancel.
         if (!job.process) {
             return {
                 canceled: false,
@@ -777,7 +660,6 @@ export class AsyncJobManager {
     getJobHealth() {
         const running = this.getRunningJobs();
         const health = this.processMonitor.checkJobHealth(running);
-        // Clean up stale CPU samples for PIDs that are no longer running
         const activePids = new Set(running.map(j => j.pid).filter((p) => p !== null));
         this.processMonitor.cleanupSamples(activePids);
         return {