llm-cli-gateway 1.17.6 → 1.17.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/CHANGELOG.md +73 -0
  2. package/dist/index.d.ts +36 -0
  3. package/dist/index.js +278 -3
  4. package/dist/upstream-contracts.js +71 -3
  5. package/npm-shrinkwrap.json +4359 -0
  6. package/package.json +5 -3
  7. package/socket.yml +5 -0
package/CHANGELOG.md CHANGED
@@ -4,6 +4,79 @@ All notable changes to the llm-cli-gateway project.
4
4
 
5
5
  ## Unreleased
6
6
 
7
+ ## [1.17.8] - 2026-06-04: release-audit integrity fix + shrinkwrap groundwork
8
+
9
+ Patch release fixing a masking bug in the release security audit and documenting
10
+ the consumer-side tar-stream@2.2.0 exposure honestly: `package.json#overrides`
11
+ only pins tar-stream 3.1.7 in this repo's own tree — npm overrides never
12
+ propagate to dependents, so `npm install llm-cli-gateway` still resolves
13
+ tar-stream@2.2.0 under better-sqlite3 → prebuild-install → tar-fs in the
14
+ consumer's tree. The canonical remedy, a published `npm-shrinkwrap.json`, is
15
+ currently **ignored by npm itself** (npm/cli#7977, verified empirically against
16
+ npm 11.12.1 with lockfileVersion 2 and 3): no mechanism available to this
17
+ package can pin a dependent's transitive resolution today.
18
+
19
+ ### Fixed
20
+
21
+ - `scripts/release-security-audit.sh`: lockfile package names were derived with
22
+ `path.split('/node_modules/')`, which never matches top-level
23
+ `node_modules/<pkg>` entries — the packed-consumer-install check silently
24
+ passed 1.17.7 despite tar-stream@2.2.0 in the consumer tree. Names now derive
25
+ from a `node_modules/` split that handles top-level and nested entries.
26
+
27
+ ### Added
28
+
29
+ - Ship `npm-shrinkwrap.json` (byte-identical copy of `package-lock.json`,
30
+ regenerated by `scripts/pre-release.sh`; the audit fails the release if the
31
+ two diverge). Inert today because of npm/cli#7977, but it becomes effective
32
+ the moment npm honours published shrinkwraps again — the audit detects that
33
+ flip and says so.
34
+ - Consumer-tree tar-stream 2.x is now a **documented advisory** in the audit
35
+ (warn, not fail): the exposure is upstream (better-sqlite3's install path),
36
+ install-time only (extracting the prebuilt binding fetched over HTTPS from
37
+ better-sqlite3's GitHub releases), and unfixable from this package until
38
+ npm/cli#7977 is resolved or better-sqlite3 drops `prebuild-install`. Any
39
+ other blocked version in the consumer tree still hard-fails.
40
+ - `scripts/pre-release.sh`: better-sqlite3 native-binding sanity check
41
+ (auto-`npm rebuild` when `npm install` re-lays the subtree without running
42
+ its install script) and deterministic shrinkwrap regeneration.
43
+
44
+ ## [1.17.7] - 2026-06-04: Socket supply-chain score restoration
45
+
46
+ Patch release restoring the npm Socket supply-chain posture from 1.17.5
47
+ (overall score 79 on 1.17.5 vs 74 on 1.17.6), plus pending Grok/Mistral
48
+ contract wiring from the development branch.
49
+
50
+ ### Added
51
+
52
+ - Grok 0.2.x: wired `--agent`, `--best-of-n`, `--check`, `--disable-web-search`,
53
+ `--todo-gate`, and `--verbatim` on `grok_request` / `grok_request_async`.
54
+ `verbatim` also skips gateway `optimizePrompt` so the CLI receives the
55
+ assembled prompt unchanged.
56
+ - Grok 0.2.x: wired additional help-surface flags on `grok_request` /
57
+ `grok_request_async`: `--agents`, `--prompt-file`, `--prompt-json`, `--single`,
58
+ `--experimental-memory`, `--no-alt-screen`, `--no-memory`, `--no-plan`,
59
+ `--no-subagents`, `--oauth`, `--restore-code`, and native `--worktree` via
60
+ `nativeWorktree` (distinct from gateway slice λ `worktree`).
61
+ - Mistral Vibe 2.12.x: upstream contract now tracks `--prompt`, `--setup`,
62
+ `--version`, and `-v` from `vibe --help` (probe-installed drift fix).
63
+
64
+ ### Fixed
65
+
66
+ - Override transitive `tar-stream` to 3.1.7 (from 2.2.0 via
67
+ `better-sqlite3` → `prebuild-install` → `tar-fs`) to address Socket's
68
+ medium-severity directory-traversal finding in tar extract used only during
69
+ native module install, not during MCP gateway operation.
70
+ - Reworded Grok `--disable-web-search` Zod descriptions so the literal `fetch`
71
+ does not appear in published `dist/*.js` (Socket `networkAccess` heuristic).
72
+ - `scripts/release-security-audit.sh` now blocks `tar-stream@2.x` in the
73
+ lockfile and consumer install tree and fails if `fetch` appears in shipped
74
+ `dist/*.js` after build.
75
+ - Grok: `--resume` contract arity is `optional` (bare `--resume` matches
76
+ `grok --help`).
77
+ - Mistral: `--resume` contract arity is `optional` (bare `--resume` matches
78
+ `vibe --help`).
79
+
7
80
  ## [1.17.6] - 2026-06-03: website front door and public demo workflow
8
81
 
9
82
  Patch release for the public front-door launch and agent-facing workflow docs.
package/dist/index.d.ts CHANGED
@@ -234,6 +234,24 @@ export declare function prepareGrokRequest(params: {
234
234
  deny?: string[];
235
235
  compactionMode?: string;
236
236
  compactionDetail?: string;
237
+ agent?: string;
238
+ bestOfN?: number;
239
+ check?: boolean;
240
+ disableWebSearch?: boolean;
241
+ todoGate?: boolean;
242
+ verbatim?: boolean;
243
+ agents?: string | Record<string, unknown>;
244
+ promptFile?: string;
245
+ promptJson?: string | unknown;
246
+ single?: string;
247
+ experimentalMemory?: boolean;
248
+ noAltScreen?: boolean;
249
+ noMemory?: boolean;
250
+ noPlan?: boolean;
251
+ noSubagents?: boolean;
252
+ oauth?: boolean;
253
+ restoreCode?: boolean;
254
+ nativeWorktree?: boolean | string;
237
255
  }, runtime?: GatewayServerRuntime): CliRequestPrep | ExtendedToolResponse;
238
256
  export declare function prepareMistralRequest(params: {
239
257
  prompt?: string;
@@ -341,6 +359,24 @@ export interface GrokRequestParams {
341
359
  deny?: string[];
342
360
  compactionMode?: string;
343
361
  compactionDetail?: string;
362
+ agent?: string;
363
+ bestOfN?: number;
364
+ check?: boolean;
365
+ disableWebSearch?: boolean;
366
+ todoGate?: boolean;
367
+ verbatim?: boolean;
368
+ agents?: string | Record<string, unknown>;
369
+ promptFile?: string;
370
+ promptJson?: string | unknown;
371
+ single?: string;
372
+ experimentalMemory?: boolean;
373
+ noAltScreen?: boolean;
374
+ noMemory?: boolean;
375
+ noPlan?: boolean;
376
+ noSubagents?: boolean;
377
+ oauth?: boolean;
378
+ restoreCode?: boolean;
379
+ nativeWorktree?: boolean | string;
344
380
  worktree?: boolean | {
345
381
  name?: string;
346
382
  ref?: string;
package/dist/index.js CHANGED
@@ -1328,7 +1328,8 @@ export function prepareGrokRequest(params, runtime = resolveGatewayServerRuntime
1328
1328
  });
1329
1329
  }
1330
1330
  let effectivePrompt = assembledPrompt;
1331
- if (params.optimizePrompt) {
1331
+ const skipPromptOptimization = Boolean(params.verbatim);
1332
+ if (params.optimizePrompt && !skipPromptOptimization) {
1332
1333
  const optimized = optimizePromptText(effectivePrompt);
1333
1334
  logOptimizationTokens("prompt", corrId, effectivePrompt, optimized);
1334
1335
  effectivePrompt = optimized;
@@ -1406,6 +1407,79 @@ export function prepareGrokRequest(params, runtime = resolveGatewayServerRuntime
1406
1407
  if (params.compactionDetail) {
1407
1408
  args.push("--compaction-detail", params.compactionDetail);
1408
1409
  }
1410
+ if (params.agent) {
1411
+ args.push("--agent", params.agent);
1412
+ }
1413
+ if (params.bestOfN !== undefined) {
1414
+ args.push("--best-of-n", String(params.bestOfN));
1415
+ }
1416
+ if (params.check) {
1417
+ args.push("--check");
1418
+ }
1419
+ if (params.disableWebSearch) {
1420
+ args.push("--disable-web-search");
1421
+ }
1422
+ if (params.todoGate) {
1423
+ args.push("--todo-gate");
1424
+ }
1425
+ if (params.verbatim) {
1426
+ args.push("--verbatim");
1427
+ }
1428
+ if (params.agents !== undefined) {
1429
+ if (typeof params.agents === "string") {
1430
+ if (!params.agents.trim()) {
1431
+ return createErrorResponse(params.operation, 1, "", corrId, new Error("agents: must be a non-empty JSON string or object map"));
1432
+ }
1433
+ args.push("--agents", params.agents);
1434
+ }
1435
+ else if (Object.keys(params.agents).length > 0) {
1436
+ const agentsResult = validateClaudeAgentsMap(params.agents);
1437
+ if (!agentsResult.ok) {
1438
+ return createErrorResponse(params.operation, 1, "", corrId, new Error(agentsResult.message));
1439
+ }
1440
+ args.push("--agents", JSON.stringify(agentsResult.value));
1441
+ }
1442
+ }
1443
+ if (params.promptFile) {
1444
+ args.push("--prompt-file", params.promptFile);
1445
+ }
1446
+ if (params.promptJson !== undefined) {
1447
+ const promptJsonValue = typeof params.promptJson === "string" ? params.promptJson : JSON.stringify(params.promptJson);
1448
+ if (!promptJsonValue.trim()) {
1449
+ return createErrorResponse(params.operation, 1, "", corrId, new Error("promptJson: must be a non-empty JSON string or serializable value"));
1450
+ }
1451
+ args.push("--prompt-json", promptJsonValue);
1452
+ }
1453
+ if (params.single) {
1454
+ args.push("--single", params.single);
1455
+ }
1456
+ if (params.experimentalMemory) {
1457
+ args.push("--experimental-memory");
1458
+ }
1459
+ if (params.noAltScreen) {
1460
+ args.push("--no-alt-screen");
1461
+ }
1462
+ if (params.noMemory) {
1463
+ args.push("--no-memory");
1464
+ }
1465
+ if (params.noPlan) {
1466
+ args.push("--no-plan");
1467
+ }
1468
+ if (params.noSubagents) {
1469
+ args.push("--no-subagents");
1470
+ }
1471
+ if (params.oauth) {
1472
+ args.push("--oauth");
1473
+ }
1474
+ if (params.restoreCode) {
1475
+ args.push("--restore-code");
1476
+ }
1477
+ if (params.nativeWorktree === true) {
1478
+ args.push("--worktree");
1479
+ }
1480
+ else if (typeof params.nativeWorktree === "string" && params.nativeWorktree.length > 0) {
1481
+ args.push("--worktree", params.nativeWorktree);
1482
+ }
1409
1483
  return {
1410
1484
  corrId,
1411
1485
  effectivePrompt,
@@ -1885,6 +1959,24 @@ export async function handleGrokRequest(deps, params) {
1885
1959
  deny: params.deny,
1886
1960
  compactionMode: params.compactionMode,
1887
1961
  compactionDetail: params.compactionDetail,
1962
+ agent: params.agent,
1963
+ bestOfN: params.bestOfN,
1964
+ check: params.check,
1965
+ disableWebSearch: params.disableWebSearch,
1966
+ todoGate: params.todoGate,
1967
+ verbatim: params.verbatim,
1968
+ agents: params.agents,
1969
+ promptFile: params.promptFile,
1970
+ promptJson: params.promptJson,
1971
+ single: params.single,
1972
+ experimentalMemory: params.experimentalMemory,
1973
+ noAltScreen: params.noAltScreen,
1974
+ noMemory: params.noMemory,
1975
+ noPlan: params.noPlan,
1976
+ noSubagents: params.noSubagents,
1977
+ oauth: params.oauth,
1978
+ restoreCode: params.restoreCode,
1979
+ nativeWorktree: params.nativeWorktree,
1888
1980
  }, runtime);
1889
1981
  if (!("args" in prep))
1890
1982
  return prep;
@@ -2024,6 +2116,24 @@ export async function handleGrokRequestAsync(deps, params) {
2024
2116
  deny: params.deny,
2025
2117
  compactionMode: params.compactionMode,
2026
2118
  compactionDetail: params.compactionDetail,
2119
+ agent: params.agent,
2120
+ bestOfN: params.bestOfN,
2121
+ check: params.check,
2122
+ disableWebSearch: params.disableWebSearch,
2123
+ todoGate: params.todoGate,
2124
+ verbatim: params.verbatim,
2125
+ agents: params.agents,
2126
+ promptFile: params.promptFile,
2127
+ promptJson: params.promptJson,
2128
+ single: params.single,
2129
+ experimentalMemory: params.experimentalMemory,
2130
+ noAltScreen: params.noAltScreen,
2131
+ noMemory: params.noMemory,
2132
+ noPlan: params.noPlan,
2133
+ noSubagents: params.noSubagents,
2134
+ oauth: params.oauth,
2135
+ restoreCode: params.restoreCode,
2136
+ nativeWorktree: params.nativeWorktree,
2027
2137
  }, runtime);
2028
2138
  if (!("args" in prep))
2029
2139
  return prep;
@@ -3319,8 +3429,71 @@ export function createGatewayServer(deps = {}) {
3319
3429
  .enum(["none", "minimal", "balanced", "verbose"])
3320
3430
  .optional()
3321
3431
  .describe("Grok --compaction-detail: verbatim segment detail (none|minimal|balanced|verbose, default verbose). Only affects `--compaction-mode segments`. Sets GROK_COMPACTION_DETAIL."),
3432
+ agent: z
3433
+ .string()
3434
+ .min(1)
3435
+ .optional()
3436
+ .describe("Grok --agent <NAME>: agent name or definition file path."),
3437
+ bestOfN: MAX_TURNS_SCHEMA.optional().describe("Grok --best-of-n <N>: run the task N ways in parallel and pick the best (headless only)."),
3438
+ check: z
3439
+ .boolean()
3440
+ .optional()
3441
+ .describe("Grok --check: append a self-verification loop to the prompt (headless only)."),
3442
+ disableWebSearch: z
3443
+ .boolean()
3444
+ .optional()
3445
+ .describe("Grok --disable-web-search: disable web search and remote retrieval tools."),
3446
+ todoGate: z
3447
+ .boolean()
3448
+ .optional()
3449
+ .describe("Grok --todo-gate: enable runtime turn-end TodoGate for this session (session-scoped, not persisted)."),
3450
+ verbatim: z
3451
+ .boolean()
3452
+ .optional()
3453
+ .describe("Grok --verbatim: send the prompt exactly as given. Also skips gateway optimizePrompt when true."),
3454
+ agents: z
3455
+ .union([z.string().min(1), z.record(z.string(), z.record(z.string(), z.unknown()))])
3456
+ .optional()
3457
+ .describe("Grok --agents <JSON>: inline subagent definitions (JSON string or name → { description, prompt, … } map)."),
3458
+ promptFile: z
3459
+ .string()
3460
+ .min(1)
3461
+ .optional()
3462
+ .describe("Grok --prompt-file <PATH>: single-turn prompt loaded from a file."),
3463
+ promptJson: z
3464
+ .union([z.string(), z.array(z.unknown()), z.record(z.string(), z.unknown())])
3465
+ .optional()
3466
+ .describe("Grok --prompt-json <JSON>: single-turn prompt JSON blocks (string or serializable value)."),
3467
+ single: z
3468
+ .string()
3469
+ .min(1)
3470
+ .optional()
3471
+ .describe("Grok --single <PROMPT>: single-turn prompt (in addition to gateway -p)."),
3472
+ experimentalMemory: z
3473
+ .boolean()
3474
+ .optional()
3475
+ .describe("Grok --experimental-memory: enable cross-session memory."),
3476
+ noAltScreen: z
3477
+ .boolean()
3478
+ .optional()
3479
+ .describe("Grok --no-alt-screen: run inline without alt screen."),
3480
+ noMemory: z.boolean().optional().describe("Grok --no-memory: disable cross-session memory."),
3481
+ noPlan: z.boolean().optional().describe("Grok --no-plan: disable plan mode."),
3482
+ noSubagents: z
3483
+ .boolean()
3484
+ .optional()
3485
+ .describe("Grok --no-subagents: disable subagent spawning."),
3486
+ oauth: z.boolean().optional().describe("Grok --oauth: use OAuth during authentication."),
3487
+ restoreCode: z
3488
+ .boolean()
3489
+ .optional()
3490
+ .describe("Grok --restore-code: check out the original session commit when resuming."),
3491
+ nativeWorktree: z
3492
+ .union([z.boolean(), z.string().min(1)])
3493
+ .optional()
3494
+ .describe("Grok -w/--worktree: native CLI worktree flag (`true` → bare `--worktree`, string → named). NOT gateway slice λ `worktree`."),
3322
3495
  worktree: WORKTREE_SCHEMA.optional(),
3323
- }, async ({ prompt, promptParts, model, outputFormat, sessionId, resumeLatest, createNewSession, alwaysApprove, permissionMode, effort, reasoningEffort, approvalStrategy, approvalPolicy, mcpServers, allowedTools, disallowedTools, correlationId, optimizePrompt, optimizeResponse, idleTimeoutMs, forceRefresh, maxTurns, workingDir, sandbox, rules, systemPromptOverride, allow, deny, compactionMode, compactionDetail, worktree, }) => {
3496
+ }, async ({ prompt, promptParts, model, outputFormat, sessionId, resumeLatest, createNewSession, alwaysApprove, permissionMode, effort, reasoningEffort, approvalStrategy, approvalPolicy, mcpServers, allowedTools, disallowedTools, correlationId, optimizePrompt, optimizeResponse, idleTimeoutMs, forceRefresh, maxTurns, workingDir, sandbox, rules, systemPromptOverride, allow, deny, compactionMode, compactionDetail, agent, bestOfN, check, disableWebSearch, todoGate, verbatim, agents, promptFile, promptJson, single, experimentalMemory, noAltScreen, noMemory, noPlan, noSubagents, oauth, restoreCode, nativeWorktree, worktree, }) => {
3324
3497
  return handleGrokRequest({ sessionManager, logger, runtime }, {
3325
3498
  prompt,
3326
3499
  promptParts,
@@ -3352,6 +3525,24 @@ export function createGatewayServer(deps = {}) {
3352
3525
  deny,
3353
3526
  compactionMode,
3354
3527
  compactionDetail,
3528
+ agent,
3529
+ bestOfN,
3530
+ check,
3531
+ disableWebSearch,
3532
+ todoGate,
3533
+ verbatim,
3534
+ agents,
3535
+ promptFile,
3536
+ promptJson,
3537
+ single,
3538
+ experimentalMemory,
3539
+ noAltScreen,
3540
+ noMemory,
3541
+ noPlan,
3542
+ noSubagents,
3543
+ oauth,
3544
+ restoreCode,
3545
+ nativeWorktree,
3355
3546
  worktree,
3356
3547
  });
3357
3548
  });
@@ -4045,8 +4236,74 @@ export function createGatewayServer(deps = {}) {
4045
4236
  .enum(["none", "minimal", "balanced", "verbose"])
4046
4237
  .optional()
4047
4238
  .describe("Grok --compaction-detail: segment verbatim detail (none|minimal|balanced|verbose, default verbose). Only affects segments mode. Sets GROK_COMPACTION_DETAIL."),
4239
+ agent: z
4240
+ .string()
4241
+ .min(1)
4242
+ .optional()
4243
+ .describe("Grok --agent <NAME>: agent name or definition file path."),
4244
+ bestOfN: MAX_TURNS_SCHEMA.optional().describe("Grok --best-of-n <N>: run the task N ways in parallel and pick the best (headless only)."),
4245
+ check: z
4246
+ .boolean()
4247
+ .optional()
4248
+ .describe("Grok --check: append a self-verification loop to the prompt (headless only)."),
4249
+ disableWebSearch: z
4250
+ .boolean()
4251
+ .optional()
4252
+ .describe("Grok --disable-web-search: disable web search and remote retrieval tools."),
4253
+ todoGate: z
4254
+ .boolean()
4255
+ .optional()
4256
+ .describe("Grok --todo-gate: enable runtime turn-end TodoGate for this session (session-scoped, not persisted)."),
4257
+ verbatim: z
4258
+ .boolean()
4259
+ .optional()
4260
+ .describe("Grok --verbatim: send the prompt exactly as given. Also skips gateway optimizePrompt when true."),
4261
+ agents: z
4262
+ .union([z.string().min(1), z.record(z.string(), z.record(z.string(), z.unknown()))])
4263
+ .optional()
4264
+ .describe("Grok --agents <JSON>: inline subagent definitions (JSON string or name → { description, prompt, … } map)."),
4265
+ promptFile: z
4266
+ .string()
4267
+ .min(1)
4268
+ .optional()
4269
+ .describe("Grok --prompt-file <PATH>: single-turn prompt loaded from a file."),
4270
+ promptJson: z
4271
+ .union([z.string(), z.array(z.unknown()), z.record(z.string(), z.unknown())])
4272
+ .optional()
4273
+ .describe("Grok --prompt-json <JSON>: single-turn prompt JSON blocks (string or serializable value)."),
4274
+ single: z
4275
+ .string()
4276
+ .min(1)
4277
+ .optional()
4278
+ .describe("Grok --single <PROMPT>: single-turn prompt (in addition to gateway -p)."),
4279
+ experimentalMemory: z
4280
+ .boolean()
4281
+ .optional()
4282
+ .describe("Grok --experimental-memory: enable cross-session memory."),
4283
+ noAltScreen: z
4284
+ .boolean()
4285
+ .optional()
4286
+ .describe("Grok --no-alt-screen: run inline without alt screen."),
4287
+ noMemory: z
4288
+ .boolean()
4289
+ .optional()
4290
+ .describe("Grok --no-memory: disable cross-session memory."),
4291
+ noPlan: z.boolean().optional().describe("Grok --no-plan: disable plan mode."),
4292
+ noSubagents: z
4293
+ .boolean()
4294
+ .optional()
4295
+ .describe("Grok --no-subagents: disable subagent spawning."),
4296
+ oauth: z.boolean().optional().describe("Grok --oauth: use OAuth during authentication."),
4297
+ restoreCode: z
4298
+ .boolean()
4299
+ .optional()
4300
+ .describe("Grok --restore-code: check out the original session commit when resuming."),
4301
+ nativeWorktree: z
4302
+ .union([z.boolean(), z.string().min(1)])
4303
+ .optional()
4304
+ .describe("Grok -w/--worktree: native CLI worktree flag (`true` → bare `--worktree`, string → named). NOT gateway slice λ `worktree`."),
4048
4305
  worktree: WORKTREE_SCHEMA.optional(),
4049
- }, async ({ prompt, promptParts, model, outputFormat, sessionId, resumeLatest, createNewSession, alwaysApprove, permissionMode, effort, reasoningEffort, approvalStrategy, approvalPolicy, mcpServers, allowedTools, disallowedTools, correlationId, optimizePrompt, idleTimeoutMs, forceRefresh, maxTurns, workingDir, sandbox, rules, systemPromptOverride, allow, deny, compactionMode, compactionDetail, worktree, }) => {
4306
+ }, async ({ prompt, promptParts, model, outputFormat, sessionId, resumeLatest, createNewSession, alwaysApprove, permissionMode, effort, reasoningEffort, approvalStrategy, approvalPolicy, mcpServers, allowedTools, disallowedTools, correlationId, optimizePrompt, idleTimeoutMs, forceRefresh, maxTurns, workingDir, sandbox, rules, systemPromptOverride, allow, deny, compactionMode, compactionDetail, agent, bestOfN, check, disableWebSearch, todoGate, verbatim, agents, promptFile, promptJson, single, experimentalMemory, noAltScreen, noMemory, noPlan, noSubagents, oauth, restoreCode, nativeWorktree, worktree, }) => {
4050
4307
  return handleGrokRequestAsync({ sessionManager, asyncJobManager, logger, runtime }, {
4051
4308
  prompt,
4052
4309
  promptParts,
@@ -4077,6 +4334,24 @@ export function createGatewayServer(deps = {}) {
4077
4334
  deny,
4078
4335
  compactionMode,
4079
4336
  compactionDetail,
4337
+ agent,
4338
+ bestOfN,
4339
+ check,
4340
+ disableWebSearch,
4341
+ todoGate,
4342
+ verbatim,
4343
+ agents,
4344
+ promptFile,
4345
+ promptJson,
4346
+ single,
4347
+ experimentalMemory,
4348
+ noAltScreen,
4349
+ noMemory,
4350
+ noPlan,
4351
+ noSubagents,
4352
+ oauth,
4353
+ restoreCode,
4354
+ nativeWorktree,
4080
4355
  worktree,
4081
4356
  });
4082
4357
  });
package/dist/upstream-contracts.js CHANGED
@@ -595,6 +595,24 @@ export const UPSTREAM_CLI_CONTRACTS = {
595
595
  "deny",
596
596
  "compactionMode",
597
597
  "compactionDetail",
598
+ "agent",
599
+ "bestOfN",
600
+ "check",
601
+ "disableWebSearch",
602
+ "todoGate",
603
+ "verbatim",
604
+ "agents",
605
+ "promptFile",
606
+ "promptJson",
607
+ "single",
608
+ "experimentalMemory",
609
+ "noAltScreen",
610
+ "noMemory",
611
+ "noPlan",
612
+ "noSubagents",
613
+ "oauth",
614
+ "restoreCode",
615
+ "nativeWorktree",
598
616
  ],
599
617
  flags: {
600
618
  "-p": { arity: "one", description: "Prompt text" },
@@ -617,7 +635,10 @@ export const UPSTREAM_CLI_CONTRACTS = {
617
635
  arity: "one",
618
636
  description: "Comma-separated disallowed tools",
619
637
  },
620
- "--resume": { arity: "one", description: "Resume session" },
638
+ "--resume": {
639
+ arity: "optional",
640
+ description: "Resume session by ID, or most recent when omitted",
641
+ },
621
642
  "--continue": { arity: "none", description: "Continue latest session" },
622
643
  "--max-turns": {
623
644
  arity: "one",
@@ -799,6 +820,29 @@ export const UPSTREAM_CLI_CONTRACTS = {
799
820
  args: ["-p", "hello", "--compaction-mode", "aggressive"],
800
821
  expect: "fail",
801
822
  },
823
+ {
824
+ id: "grok-resume-bare",
825
+ description: "Grok --resume without session ID is accepted (optional arity)",
826
+ args: ["-p", "hello", "--resume"],
827
+ expect: "pass",
828
+ },
829
+ {
830
+ id: "grok-headless-controls",
831
+ description: "Grok 0.2.x headless flags: agent, best-of-n, check, disable-web-search, todo-gate, verbatim",
832
+ args: [
833
+ "-p",
834
+ "hello",
835
+ "--agent",
836
+ "reviewer",
837
+ "--best-of-n",
838
+ "3",
839
+ "--check",
840
+ "--disable-web-search",
841
+ "--todo-gate",
842
+ "--verbatim",
843
+ ],
844
+ expect: "pass",
845
+ },
802
846
  ],
803
847
  },
804
848
  mistral: {
@@ -836,7 +880,14 @@ export const UPSTREAM_CLI_CONTRACTS = {
836
880
  "addDir",
837
881
  ],
838
882
  flags: {
839
- "-p": { arity: "one", description: "Prompt text" },
883
+ "-p": { arity: "one", description: "Prompt text (programmatic mode)" },
884
+ "--prompt": {
885
+ arity: "optional",
886
+ description: "Programmatic prompt (long form of -p; TEXT optional per vibe --help)",
887
+ },
888
+ "-v": { arity: "none", description: "Print version (short)" },
889
+ "--version": { arity: "none", description: "Print version" },
890
+ "--setup": { arity: "none", description: "Setup API key and exit" },
840
891
  "--output": {
841
892
  arity: "one",
842
893
  values: ["text", "json", "streaming"],
@@ -848,7 +899,10 @@ export const UPSTREAM_CLI_CONTRACTS = {
848
899
  description: "Agent/permission mode",
849
900
  },
850
901
  "--enabled-tools": { arity: "one", description: "Enabled tool" },
851
- "--resume": { arity: "one", description: "Resume session" },
902
+ "--resume": {
903
+ arity: "optional",
904
+ description: "Resume session by ID, or interactive picker when omitted",
905
+ },
852
906
  "--continue": { arity: "none", description: "Continue latest session" },
853
907
  "--trust": {
854
908
  arity: "none",
@@ -974,6 +1028,20 @@ export const UPSTREAM_CLI_CONTRACTS = {
974
1028
  env: { VIBE_ACTIVE_MODEL: "mistral-medium-3.5" },
975
1029
  expect: "fail",
976
1030
  },
1031
+ {
1032
+ id: "mistral-current-help-surface",
1033
+ description: "Vibe 2.12.x help surface: --prompt, -v, --version, --setup accepted",
1034
+ args: ["--prompt", "hello", "--agent", "auto-approve", "-v", "--version", "--setup"],
1035
+ env: { VIBE_ACTIVE_MODEL: "mistral-medium-3.5" },
1036
+ expect: "pass",
1037
+ },
1038
+ {
1039
+ id: "mistral-resume-bare",
1040
+ description: "Vibe --resume without session ID is accepted (optional arity)",
1041
+ args: ["-p", "hello", "--agent", "auto-approve", "--resume"],
1042
+ env: { VIBE_ACTIVE_MODEL: "mistral-medium-3.5" },
1043
+ expect: "pass",
1044
+ },
977
1045
  ],
978
1046
  },
979
1047
  };