llm-cli-gateway 1.17.9 → 2.0.0

package/CHANGELOG.md

@@ -4,6 +4,107 @@ All notable changes to the llm-cli-gateway project.
 
 ## Unreleased
 
+## [2.0.0] - 2026-06-04: node:sqlite migration — native module out of the prod graph
+
+Major release. Persistence moves from the native `better-sqlite3` binding to
+Node's built-in `node:sqlite` module behind a thin adapter. The entire
+1.17.6-1.17.8 supply-chain incident class — every one of which traced to
+`better-sqlite3`'s install path (`prebuild-install → tar-fs → tar-stream`),
+not its runtime — is now **structurally** gone: the production dependency
+graph contains zero native modules, zero install scripts, and no
+`prebuild-install`/`tar-fs`/`tar-stream` chain. Verified end to end against a
+verdaccio registry reproduction (`scripts/verify-registry-install.sh`):
+consumer tree reified at 94 packages (down from ~124 in 1.17.9), `npm ls`
+exits 0, and no `better-sqlite3`/`tar-stream`/`prebuild-install` appears
+anywhere in the consumer tree.
+
+### BREAKING
+
+- **`engines.node` is now `>=24.4.0`** (was `>=20.0.0`). Node 20 is EOL
+  (April 2026). The 24.4 floor is required because `node:sqlite`'s
+  `allowBareNamedParameters` defaults to `true` only from Node 24.4 — the
+  persistence layer binds bare `{ id: ... }` objects to `@id` placeholders
+  throughout, and on 24.0-24.3 that would need a per-statement
+  `setAllowBareNamedParameters(true)` call. The adapter unit tests assert
+  bare-name binding works, so a regression in either direction is caught.
+
+### Added
+
+- `src/sqlite-driver.ts`: thin adapter over `node:sqlite`'s `DatabaseSync`.
+  Exports `openDatabase`, `openReadOnly`, and a `GatewayDatabase` /
+  `GatewayStatement` surface (`exec`/`prepare`/`run`/`get`/`all`/
+  `withTransaction`/`close`). It is the ONLY production module that touches
+  `node:sqlite`; the release security audit hard-fails if any other
+  production module references it. Preserves the flight recorder's
+  graceful-degradation path (constructor failure → recorder disabled, gateway
+  still runs).
+- Read-only `queryRequests` connection: `openReadOnly` opens the DB with
+  `{ readOnly: true }`, so write-disguised-as-read SQL fails at the SQLite
+  engine level (`SQLITE_READONLY`). This is **stronger** than the old
+  better-sqlite3 `stmt.readonly` JS-property check it replaces — enforcement
+  is at the engine, not in JavaScript — with one belt-and-braces guard: the
+  read-only connection also rejects `VACUUM`/`VACUUM INTO`, the one statement
+  that writes a new file to disk despite `{ readOnly: true }` (and that
+  `stmt.readonly` previously blocked). ATTACH-then-write and
+  `writable_schema` schema edits are already engine-rejected.
+- Cross-engine WAL crash-recovery fixtures in both directions
+  (`src/__tests__/cross-engine-wal.test.ts`): a `better-sqlite3`-written DB
+  (SQLite 3.53.1) with live `-wal`/`-shm` from a simulated unclean stop is
+  opened and exercised under `node:sqlite` (3.51.3), and the reverse for the
+  rollback direction. These gate the "zero data migration" claim across the
+  engine-version skew.
+
+### Changed
+
+- `better-sqlite3` **moved from `dependencies` to `devDependencies`** (same
+  `^12.10.0` range; `@types/better-sqlite3` stays in devDependencies). It is
+  retained at dev time deliberately: two suites seed legacy-schema DB files
+  with it (`src/__tests__/flight-recorder.test.ts`,
+  `src/__tests__/test-veracity-regressions-slice-kappa.test.ts`) to simulate
+  databases written by pre-2.0.0 gateways — that realism is the point, and it
+  makes them standing old-engine-writer → node:sqlite-reader coverage on every
+  CI run — and the cross-engine WAL fixtures need a better-sqlite3 writer.
+  Consumers never see it: devDependencies do not install transitively, and the
+  prod-only shrinkwrap excludes the whole subtree.
+- `flight-recorder.ts` / `job-store.ts` now open SQLite through the adapter
+  (`openDatabase`/`openReadOnly`/`withTransaction`) instead of
+  `require("better-sqlite3")`. SQL, schema, migrations, and pragmas are
+  unchanged.
+- `package.json#overrides`: the `tar-stream` pin is **removed** (the chain
+  that needed it is gone from the prod graph). The `type-is` and `content-type`
+  pins stay — unrelated to this chain.
+- `scripts/release-security-audit.sh`: the `consumerAdvisory` carve-out is
+  **deleted** — blocked `tar-stream` versions are now hard-fail tripwires
+  everywhere (the chain no longer exists in any prod tree). The packed-consumer
+  policy now hard-fails on ANY `tar-stream` in the consumer tree (was an
+  advisory warning). The repo-lockfile tripwire skips dev-only entries so the
+  deliberate devDependency `tar-stream@2.2.0` does not false-fail, while still
+  hard-failing any blocked version that re-enters the prod graph. The
+  better-sqlite3 PRAGMA scan is repointed at the adapter: it now also asserts
+  `node:sqlite` is referenced only by `src/sqlite-driver.ts`.
+- `scripts/pre-release.sh`: the better-sqlite3 native-binding sanity guard is
+  removed (the test suite exercises the binding as a devDep and fails loudly if
+  broken); the `npm ls tar-stream` step is replaced by an absence assertion
+  against the generated prod-only shrinkwrap
+  (`better-sqlite3`/`prebuild-install`/`tar-fs`/`tar-stream` must be absent).
+- `scripts/verify-registry-install.sh`: assertions updated for 2.0.0 —
+  `tar-stream`/`better-sqlite3`/`prebuild-install` must be ABSENT from the
+  consumer tree; consumer `npm ls` must exit 0 (the out-of-range pin that
+  caused ELSPROBLEMS is gone); a `node:sqlite` runtime smoke
+  (`new DatabaseSync(':memory:')`) confirms the engine; and the reified package
+  count is asserted at 94 ±2.
+- README, `socket.yml`, and `docs/personal-mcp/RELEASE_READINESS.md` updated to
+  reflect the node:sqlite reality (no native binding, no install scripts,
+  Node >=24.4.0, adapter-isolation audit replacing the PRAGMA-helper note).
+
+### Rollback
+
+Reverting the 2.0.0 commit re-adds `better-sqlite3` to `dependencies`, the
+`tar-stream` override, and the audit advisory carve-out. DB files are
+compatible in both directions — exactly what the cross-engine WAL fixtures
+prove (the rollback claim inherits that gate; it is not asserted
+independently).
+
 ## [1.17.9] - 2026-06-04: prod-only shrinkwrap + registry-fidelity verification
 
 Patch release shipping a prod-only `npm-shrinkwrap.json` and correcting the

package/README.md

@@ -214,6 +214,8 @@ Opt-in flags (all default off) live under `[cache_awareness]` in `~/.llm-cli-gat
 
 ## Prerequisites
 
+**Node.js >= 24.4.0** is required (`engines.node` in `package.json`). The gateway uses Node's built-in `node:sqlite` module for persistence — there is no native binding to compile and no install scripts run. The 24.4 floor is where `allowBareNamedParameters` defaults to `true`, which the persistence layer relies on.
+
 Before using this gateway, you need to install the CLI tools you want to use:
 
 ### Claude Code CLI
@@ -1180,8 +1182,8 @@ If you're vetting `llm-cli-gateway` through [Socket](https://socket.dev/npm/pack
 | **Network access**               | `src/http-transport.ts` opens an HTTP MCP transport when started via `npm run start:http`. `src/endpoint-exposure.ts` issues a HEAD probe to verify configured public/tunnel URLs. Socket also flagged `dist/upstream-contracts.js` in v1.17.2 from descriptive text, not a network call. | The transport binds to `127.0.0.1` by default and requires `LLM_GATEWAY_AUTH_TOKEN` to be set. The default stdio MCP entry point (`npm start`) opens no sockets. `src/upstream-contracts.ts` stores provider CLI metadata and imports no HTTP client APIs.                                                                                                  |
 | **Shell access**                 | `src/executor.ts` uses `child_process.spawn(cmd, args, …)` to invoke the underlying LLM CLIs.                                                                                                    | `spawn` is called with an argument array and **never** `shell: true`, so there is no shell interpolation path for caller input. The command name is restricted to an allow-list of known CLI binaries (`claude`, `codex`, `gemini`, `grok`, `vibe`).                                                                                                         |
 | **Uses eval**                    | None in our source. Transitive: `@modelcontextprotocol/sdk` → `ajv@8` uses `new Function(...)` in `ajv/dist/compile/index.js` to compile JSON Schema validators.                                 | This is ajv's standard codegen path. Only known schemas (defined in our source and the MCP SDK) flow into it; no caller-supplied data ever reaches the compiled function body.                                                                                                                                                                               |
-| **better-sqlite3 PRAGMA helper** | Transitive: `better-sqlite3/lib/methods/pragma.js` interpolates its caller-provided `source` into a `PRAGMA ${source}` statement.                                                                | We do not call `db.pragma()` from production source. Internal SQLite setup uses fixed literal `db.exec("PRAGMA ...")` statements, and `npm run security:audit` fails the release if production code reintroduces `.pragma()` calls.                                                                                                                          |
-| **Dependency ownership**         | A handful of small transitive packages (e.g. `bindings` via `better-sqlite3`, `media-typer` via `@modelcontextprotocol/sdk`) trip Socket's "unstable ownership" or "obfuscated code" heuristics. | These are pinned, well-known micro-deps in the Node ecosystem with no known issues. We pin direct override versions of `content-type` and `type-is` in `package.json#overrides`. Our previous direct dependency on `toml@3.0.0` (also single-maintainer, last released 2020) was replaced with the actively-maintained `smol-toml` to reduce inherited risk. |
+| **SQLite adapter isolation**     | Persistence uses Node's built-in `node:sqlite` module (no native binding, no install scripts) through a single adapter, `src/sqlite-driver.ts`.                                                  | `node:sqlite` is touched by exactly one production module (the adapter); every other module talks to SQLite through its typed surface. We never call any `db.pragma()` helper (it does not exist on `node:sqlite`); SQLite setup uses fixed literal `db.exec("PRAGMA ...")` statements. `npm run security:audit` fails the release if production code references `node:sqlite` outside the adapter or reintroduces a `.pragma()` call.                                                            |
+| **Dependency ownership**         | A handful of small transitive packages (e.g. `media-typer` via `@modelcontextprotocol/sdk`) trip Socket's "unstable ownership" or "obfuscated code" heuristics.                                  | These are pinned, well-known micro-deps in the Node ecosystem with no known issues. We pin direct override versions of `content-type` and `type-is` in `package.json#overrides`. As of 2.0.0 the prod graph carries no native module (`better-sqlite3` moved to devDependencies; `node:sqlite` is built into Node), eliminating the entire `prebuild-install`/`tar-fs`/`tar-stream` install-time chain. Our earlier direct dependency on `toml@3.0.0` was replaced with `smol-toml`.        |
 
 See [`socket.yml`](./socket.yml) for the same context in machine-readable form.
 

package/dist/flight-recorder.d.ts

@@ -34,6 +34,9 @@ interface LoggerLike {
 export declare function resolveFlightRecorderDbPath(): string | null;
 export declare class FlightRecorder {
     private db;
+    private readOnlyDb;
+    private closed;
+    private readonly dbPath;
     private insertStartTxn;
     private updateCompleteTxn;
     constructor(dbPath: string);

package/dist/flight-recorder.js

@@ -1,10 +1,10 @@
-import { chmodSync, existsSync, mkdirSync } from "fs";
+import { chmodSync } from "fs";
 import os from "os";
 import path from "path";
-import { createRequire } from "module";
+import { openDatabase, openReadOnly } from "./sqlite-driver.js";
 const MAX_THINKING_BYTES = 1_000_000;
 function ensureRequestsCacheColumns(db) {
-    const rows = db.prepare("PRAGMA table_info(requests)").all?.() ?? [];
+    const rows = db.prepare("PRAGMA table_info(requests)").all();
     const names = new Set(rows.map((row) => (row && typeof row.name === "string" ? row.name : "")));
     if (!names.has("cache_read_tokens")) {
         db.exec("ALTER TABLE requests ADD COLUMN cache_read_tokens INTEGER");
@@ -14,7 +14,7 @@ function ensureRequestsCacheColumns(db) {
     }
 }
 function ensureStablePrefixColumns(db) {
-    const rows = db.prepare("PRAGMA table_info(requests)").all?.() ?? [];
+    const rows = db.prepare("PRAGMA table_info(requests)").all();
     const names = new Set(rows.map((row) => (row && typeof row.name === "string" ? row.name : "")));
     if (!names.has("stable_prefix_hash")) {
         db.exec("ALTER TABLE requests ADD COLUMN stable_prefix_hash TEXT");
@@ -25,7 +25,7 @@ function ensureStablePrefixColumns(db) {
     db.exec("CREATE INDEX IF NOT EXISTS idx_requests_stable_hash ON requests(stable_prefix_hash)");
 }
 function ensureCacheControlBlocksColumn(db) {
-    const rows = db.prepare("PRAGMA table_info(requests)").all?.() ?? [];
+    const rows = db.prepare("PRAGMA table_info(requests)").all();
     const names = new Set(rows.map((row) => (row && typeof row.name === "string" ? row.name : "")));
     if (!names.has("cache_control_blocks")) {
         db.exec("ALTER TABLE requests ADD COLUMN cache_control_blocks INTEGER");
@@ -77,16 +77,14 @@ function truncateThinkingBlocks(blocks) {
 }
 export class FlightRecorder {
     db;
+    readOnlyDb = null;
+    closed = false;
+    dbPath;
     insertStartTxn;
     updateCompleteTxn;
     constructor(dbPath) {
-        const require = createRequire(import.meta.url);
-        const BetterSqlite3 = require("better-sqlite3");
-        const directory = path.dirname(dbPath);
-        if (!existsSync(directory)) {
-            mkdirSync(directory, { recursive: true });
-        }
-        this.db = new BetterSqlite3(dbPath);
+        this.dbPath = dbPath;
+        this.db = openDatabase(dbPath);
         this.db.exec("PRAGMA journal_mode = WAL");
         this.db.exec("PRAGMA foreign_keys = ON");
         this.db.exec(`
@@ -165,7 +163,7 @@ export class FlightRecorder {
       INSERT INTO gateway_metadata (request_id, async_job_id, status)
       VALUES (@request_id, @async_job_id, 'started')
     `);
-        this.insertStartTxn = this.db.transaction((entry) => {
+        this.insertStartTxn = this.db.withTransaction((entry) => {
             insertRequest.run({
                 id: entry.correlationId,
                 cli: entry.cli,
@@ -206,7 +204,7 @@ export class FlightRecorder {
           status = @status
       WHERE request_id = @id AND status = 'started'
     `);
-        this.updateCompleteTxn = this.db.transaction((correlationId, result) => {
+        this.updateCompleteTxn = this.db.withTransaction((correlationId, result) => {
             const thinkingBlocks = result.thinkingBlocks && result.thinkingBlocks.length > 0
                 ? JSON.stringify(truncateThinkingBlocks(result.thinkingBlocks))
                 : null;
@@ -240,18 +238,22 @@ export class FlightRecorder {
         this.updateCompleteTxn(correlationId, result);
     }
     queryRequests(sql, ...params) {
-        const stmt = this.db.prepare(sql);
-        if (stmt.readonly === false) {
-            throw new Error("FlightRecorder.queryRequests refuses non-readonly SQL — use a transaction or a separate write surface for INSERT/UPDATE/DELETE.");
+        if (this.closed) {
+            throw new Error("flight recorder is closed");
         }
-        if (!stmt.all) {
-            return [];
+        if (!this.readOnlyDb) {
+            this.readOnlyDb = openReadOnly(this.dbPath);
         }
-        return stmt.all(...params);
+        return this.readOnlyDb.prepare(sql).all(...params);
     }
     flush() {
     }
     close() {
+        this.closed = true;
+        if (this.readOnlyDb) {
+            this.readOnlyDb.close();
+            this.readOnlyDb = null;
+        }
         this.db.close();
     }
 }

package/dist/job-store.js

@@ -1,8 +1,8 @@
-import { chmodSync, existsSync, mkdirSync } from "fs";
+import { chmodSync } from "fs";
 import os from "os";
 import path from "path";
 import { createHash } from "crypto";
-import { createRequire } from "module";
+import { openDatabase } from "./sqlite-driver.js";
 import { noopLogger } from "./logger.js";
 export function resolveJobStoreDbPath() {
     const configured = process.env.LLM_GATEWAY_JOBS_DB ?? process.env.LLM_GATEWAY_LOGS_DB;
@@ -74,13 +74,7 @@ export class SqliteJobStore {
     deleteExpiredStmt;
     constructor(dbPath, logger = noopLogger, options = {}) {
         this.logger = logger;
-        const require = createRequire(import.meta.url);
-        const BetterSqlite3 = require("better-sqlite3");
-        const directory = path.dirname(dbPath);
-        if (!existsSync(directory)) {
-            mkdirSync(directory, { recursive: true });
-        }
-        this.db = new BetterSqlite3(dbPath);
+        this.db = openDatabase(dbPath);
         this.db.exec("PRAGMA journal_mode = WAL");
         this.db.exec("PRAGMA synchronous = NORMAL");
         this.db.exec(`
@@ -211,7 +205,7 @@ export class SqliteJobStore {
     markOrphanedOnStartup() {
         const now = new Date().toISOString();
         const expiresAt = new Date(Date.now() + this.retentionMs).toISOString();
-        const rows = (this.selectRunningOrphansStmt.all?.() ?? []);
+        const rows = this.selectRunningOrphansStmt.all();
         const orphaned = rows.map(row => ({
             id: row.id,
             correlationId: row.correlation_id,
@@ -221,12 +215,12 @@ export class SqliteJobStore {
             exitCode: row.exit_code,
         }));
         const result = this.markOrphanedStmt.run(now, expiresAt);
-        return { count: result?.changes ?? 0, orphaned };
+        return { count: Number(result.changes), orphaned };
     }
     evictExpired() {
         const now = new Date().toISOString();
         const result = this.deleteExpiredStmt.run(now);
-        return result?.changes ?? 0;
+        return Number(result.changes);
     }
     close() {
         try {

package/dist/sqlite-driver.d.ts

@@ -0,0 +1,16 @@
+export interface GatewayStatement {
+    run(...args: unknown[]): {
+        changes: number;
+        lastInsertRowid: number | bigint;
+    };
+    get(...args: unknown[]): unknown;
+    all(...args: unknown[]): unknown[];
+}
+export interface GatewayDatabase {
+    exec(sql: string): void;
+    prepare(sql: string): GatewayStatement;
+    withTransaction<A extends unknown[]>(fn: (...args: A) => void): (...args: A) => void;
+    close(): void;
+}
+export declare function openDatabase(dbPath: string): GatewayDatabase;
+export declare function openReadOnly(dbPath: string): GatewayDatabase;

package/dist/sqlite-driver.js

@@ -0,0 +1,149 @@
+import { existsSync, mkdirSync } from "fs";
+import path from "path";
+import { createRequire } from "module";
+function loadNodeSqlite() {
+    const require = createRequire(import.meta.url);
+    return require("node:sqlite");
+}
+function wrapStatement(stmt) {
+    return {
+        run(...args) {
+            return stmt.run(...args);
+        },
+        get(...args) {
+            return stmt.get(...args);
+        },
+        all(...args) {
+            return stmt.all(...args);
+        },
+    };
+}
+function statementLeadingKeywords(sql) {
+    const keywords = [];
+    let i = 0;
+    const skipTrivia = () => {
+        for (;;) {
+            while (i < sql.length && /\s|;/.test(sql[i] ?? ""))
+                i++;
+            if (sql.startsWith("--", i)) {
+                i += 2;
+                while (i < sql.length && sql[i] !== "\n")
+                    i++;
+                continue;
+            }
+            if (sql.startsWith("/*", i)) {
+                const end = sql.indexOf("*/", i + 2);
+                i = end === -1 ? sql.length : end + 2;
+                continue;
+            }
+            break;
+        }
+    };
+    const skipQuoted = (quote) => {
+        i++;
+        while (i < sql.length) {
+            if (sql[i] === quote) {
+                if (sql[i + 1] === quote) {
+                    i += 2;
+                    continue;
+                }
+                i++;
+                return;
+            }
+            i++;
+        }
+    };
+    while (i < sql.length) {
+        skipTrivia();
+        const m = /^[a-zA-Z]+/.exec(sql.slice(i));
+        if (m) {
+            keywords.push(m[0].toUpperCase());
+        }
+        while (i < sql.length && sql[i] !== ";") {
+            if (sql.startsWith("--", i)) {
+                i += 2;
+                while (i < sql.length && sql[i] !== "\n")
+                    i++;
+            }
+            else if (sql.startsWith("/*", i)) {
+                const end = sql.indexOf("*/", i + 2);
+                i = end === -1 ? sql.length : end + 2;
+            }
+            else if (sql[i] === "'" || sql[i] === '"' || sql[i] === "`") {
+                skipQuoted(sql[i]);
+            }
+            else if (sql[i] === "[") {
+                i++;
+                while (i < sql.length && sql[i] !== "]")
+                    i++;
+                if (i < sql.length)
+                    i++;
+            }
+            else {
+                i++;
+            }
+        }
+    }
+    return keywords;
+}
+class GatewayDatabaseImpl {
+    db;
+    readOnly;
+    inTransaction = false;
+    constructor(db, readOnly = false) {
+        this.db = db;
+        this.readOnly = readOnly;
+    }
+    guardReadOnly(sql) {
+        if (this.readOnly && statementLeadingKeywords(sql).includes("VACUUM")) {
+            throw new Error("read-only connection rejects VACUUM (writes to disk despite readOnly)");
+        }
+    }
+    exec(sql) {
+        this.guardReadOnly(sql);
+        this.db.exec(sql);
+    }
+    prepare(sql) {
+        this.guardReadOnly(sql);
+        return wrapStatement(this.db.prepare(sql));
+    }
+    withTransaction(fn) {
+        return (...args) => {
+            if (this.inTransaction) {
+                throw new Error("nested transaction");
+            }
+            this.db.exec("BEGIN");
+            this.inTransaction = true;
+            try {
+                fn(...args);
+                this.db.exec("COMMIT");
+            }
+            catch (error) {
+                try {
+                    this.db.exec("ROLLBACK");
+                }
+                catch {
+                }
+                throw error;
+            }
+            finally {
+                this.inTransaction = false;
+            }
+        };
+    }
+    close() {
+        this.db.close();
+    }
+}
+export function openDatabase(dbPath) {
+    const { DatabaseSync } = loadNodeSqlite();
+    const directory = path.dirname(dbPath);
+    if (!existsSync(directory)) {
+        mkdirSync(directory, { recursive: true });
+    }
+    return new GatewayDatabaseImpl(new DatabaseSync(dbPath));
+}
+export function openReadOnly(dbPath) {
+    const { DatabaseSync } = loadNodeSqlite();
+    return new GatewayDatabaseImpl(new DatabaseSync(dbPath, { readOnly: true }), true);
+}

package/npm-shrinkwrap.json

@@ -1,16 +1,15 @@
 {
   "name": "llm-cli-gateway",
-  "version": "1.17.9",
+  "version": "2.0.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "llm-cli-gateway",
-      "version": "1.17.9",
+      "version": "2.0.0",
       "license": "MIT",
       "dependencies": {
         "@modelcontextprotocol/sdk": "^1.29.0",
-        "better-sqlite3": "^12.10.0",
         "content-type": "1.0.5",
         "smol-toml": "^1.6.1",
         "type-is": "2.0.1",
@@ -20,7 +19,7 @@
         "llm-cli-gateway": "dist/index.js"
       },
       "engines": {
-        "node": ">=20.0.0"
+        "node": ">=24.4.0"
       },
       "peerDependencies": {
         "pg": "^8.12.0"
@@ -129,35 +128,6 @@
         }
       }
     },
-    "node_modules/b4a": {
-      "version": "1.6.4",
-      "resolved": "https://registry.npmjs.org/b4a/-/b4a-1.6.4.tgz",
-      "integrity": "sha512-fpWrvyVHEKyeEvbKZTVOeZF3VSKKWtJxFIxX/jaVPf+cLbGUSitjb49pHLqPV2BUNNZ0LcoeEGfE/YCpyDYHIw==",
-      "license": "ISC"
-    },
-    "node_modules/better-sqlite3": {
-      "version": "12.10.0",
-      "resolved": "https://registry.npmjs.org/better-sqlite3/-/better-sqlite3-12.10.0.tgz",
-      "integrity": "sha512-CyzaZRQKyHkB2ZInfTTl2nvT33EbDpjkLEbE8/Zck3Ll6O0qqvuGdrJ45HgtH+HykRg88ITY3AdreBGN70aBSQ==",
-      "hasInstallScript": true,
-      "license": "MIT",
-      "dependencies": {
-        "bindings": "^1.5.0",
-        "prebuild-install": "^7.1.1"
-      },
-      "engines": {
-        "node": "20.x || 22.x || 23.x || 24.x || 25.x || 26.x"
-      }
-    },
-    "node_modules/bindings": {
-      "version": "1.5.0",
-      "resolved": "https://registry.npmjs.org/bindings/-/bindings-1.5.0.tgz",
-      "integrity": "sha512-p2q/t/mhvuOj/UeLlV6566GD/guowlr0hHxClI0W9m7MWYkL1F0hLo+0Aexs9HSPCtR1SXQ0TD3MMKrXZajbiQ==",
-      "license": "MIT",
-      "dependencies": {
-        "file-uri-to-path": "1.0.0"
-      }
-    },
     "node_modules/body-parser": {
       "version": "2.2.2",
       "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-2.2.2.tgz",
@@ -220,12 +190,6 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
-    "node_modules/chownr": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/chownr/-/chownr-1.1.4.tgz",
-      "integrity": "sha512-jJ0bqzaylmJtVnNgzTeSOs8DPavpbYgEr/b0YL8/2GO3xJEhInFmhKMUnEJQjZumK7KXGFhUy89PrsJWlakBVg==",
-      "license": "ISC"
-    },
     "node_modules/content-disposition": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-1.1.0.tgz",
@@ -314,30 +278,6 @@
         }
       }
     },
-    "node_modules/decompress-response": {
-      "version": "6.0.0",
-      "resolved": "https://registry.npmjs.org/decompress-response/-/decompress-response-6.0.0.tgz",
-      "integrity": "sha512-aW35yZM6Bb/4oJlZncMH2LCoZtJXTRxES17vE3hoRiowU2kWHaJKFkSBDnDR+cm9J+9QhXmREyIfv0pji9ejCQ==",
-      "license": "MIT",
-      "dependencies": {
-        "mimic-response": "^3.1.0"
-      },
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
-    "node_modules/deep-extend": {
-      "version": "0.6.0",
-      "resolved": "https://registry.npmjs.org/deep-extend/-/deep-extend-0.6.0.tgz",
-      "integrity": "sha512-LOHxIOaPYdHlJRtCQfDIVZtfw/ufM8+rVj649RIHzcm/vGwQRXFt6OPqIFWsm2XEMrNIEtWR64sY1LEKD2vAOA==",
-      "license": "MIT",
-      "engines": {
-        "node": ">=4.0.0"
-      }
-    },
     "node_modules/depd": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz",
@@ -347,15 +287,6 @@
         "node": ">= 0.8"
       }
     },
-    "node_modules/detect-libc": {
-      "version": "2.1.2",
-      "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-2.1.2.tgz",
-      "integrity": "sha512-Btj2BOOO83o3WyH59e8MgXsxEQVcarkUOpEYrubB0urwnN10yQ364rsiByU11nZlqWYZm05i/of7io4mzihBtQ==",
-      "license": "Apache-2.0",
-      "engines": {
-        "node": ">=8"
-      }
-    },
     "node_modules/dunder-proto": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz",
@@ -385,15 +316,6 @@
         "node": ">= 0.8"
       }
     },
-    "node_modules/end-of-stream": {
-      "version": "1.4.5",
-      "resolved": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.5.tgz",
-      "integrity": "sha512-ooEGc6HP26xXq/N+GCGOT0JKCLDGrq2bQUZrQ7gyrJiZANJ/8YDTxTpQBXGMn+WbIQXNVpyWymm7KYVICQnyOg==",
-      "license": "MIT",
-      "dependencies": {
-        "once": "^1.4.0"
-      }
-    },
     "node_modules/es-define-property": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz",
@@ -460,15 +382,6 @@
         "node": ">=18.0.0"
       }
     },
-    "node_modules/expand-template": {
-      "version": "2.0.3",
-      "resolved": "https://registry.npmjs.org/expand-template/-/expand-template-2.0.3.tgz",
-      "integrity": "sha512-XYfuKMvj4O35f/pOXLObndIRvyQ+/+6AhODh+OKWj9S9498pHHn/IMszH+gt0fBCRWMNfk1ZSp5x3AifmnI2vg==",
-      "license": "(MIT OR WTFPL)",
-      "engines": {
-        "node": ">=6"
-      }
-    },
     "node_modules/express": {
       "version": "5.2.1",
       "resolved": "https://registry.npmjs.org/express/-/express-5.2.1.tgz",
@@ -536,12 +449,6 @@
       "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==",
       "license": "MIT"
     },
-    "node_modules/fast-fifo": {
-      "version": "1.3.2",
-      "resolved": "https://registry.npmjs.org/fast-fifo/-/fast-fifo-1.3.2.tgz",
-      "integrity": "sha512-/d9sfos4yxzpwkDkuN7k2SqFKtYNmCTzgfEpz82x34IM9/zc8KGxQoXg1liNC/izpRM/MBdt44Nmx41ZWqk+FQ==",
-      "license": "MIT"
-    },
     "node_modules/fast-uri": {
       "version": "3.1.2",
       "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.1.2.tgz",
@@ -558,12 +465,6 @@
       ],
       "license": "BSD-3-Clause"
     },
-    "node_modules/file-uri-to-path": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/file-uri-to-path/-/file-uri-to-path-1.0.0.tgz",
-      "integrity": "sha512-0Zt+s3L7Vf1biwWZ29aARiVYLx7iMGnEUl9x33fbB/j3jR81u/O2LbqK+Bm1CDSNDKVtJ/YjwY7TUd5SkeLQLw==",
-      "license": "MIT"
-    },
     "node_modules/finalhandler": {
       "version": "2.1.1",
       "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-2.1.1.tgz",
@@ -649,12 +550,6 @@
         "node": ">= 0.4"
       }
     },
-    "node_modules/github-from-package": {
-      "version": "0.0.0",
-      "resolved": "https://registry.npmjs.org/github-from-package/-/github-from-package-0.0.0.tgz",
-      "integrity": "sha512-SyHy3T1v2NUXn29OsWdxmK6RwHD+vkj3v8en8AOBZ1wBQ/hCAQ5bAQTD02kW4W9tUp/3Qh6J8r9EvntiyCmOOw==",
-      "license": "MIT"
-    },
     "node_modules/gopd": {
       "version": "1.2.0",
       "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz",
@@ -742,12 +637,6 @@
       "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==",
       "license": "ISC"
     },
-    "node_modules/ini": {
-      "version": "1.3.8",
-      "resolved": "https://registry.npmjs.org/ini/-/ini-1.3.8.tgz",
-      "integrity": "sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew==",
-      "license": "ISC"
-    },
     "node_modules/ip-address": {
       "version": "10.2.0",
       "resolved": "https://registry.npmjs.org/ip-address/-/ip-address-10.2.0.tgz",
@@ -854,45 +743,12 @@
         "url": "https://opencollective.com/express"
       }
     },
-    "node_modules/mimic-response": {
-      "version": "3.1.0",
-      "resolved": "https://registry.npmjs.org/mimic-response/-/mimic-response-3.1.0.tgz",
-      "integrity": "sha512-z0yWI+4FDrrweS8Zmt4Ej5HdJmky15+L2e6Wgn3+iK5fWzb6T3fhNFq2+MeTRb064c6Wr4N/wv0DzQTjNzHNGQ==",
-      "license": "MIT",
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
-    "node_modules/minimist": {
-      "version": "1.2.8",
-      "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz",
-      "integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==",
-      "license": "MIT",
-      "funding": {
-        "url": "https://github.com/sponsors/ljharb"
-      }
-    },
-    "node_modules/mkdirp-classic": {
-      "version": "0.5.3",
-      "resolved": "https://registry.npmjs.org/mkdirp-classic/-/mkdirp-classic-0.5.3.tgz",
-      "integrity": "sha512-gKLcREMhtuZRwRAfqP3RFW+TK4JqApVBtOIftVgjuABpAtpxhPGaDcfvbhNvD0B8iD1oUr/txX35NjcaY6Ns/A==",
-      "license": "MIT"
-    },
     "node_modules/ms": {
       "version": "2.1.3",
       "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
       "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
       "license": "MIT"
     },
-    "node_modules/napi-build-utils": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/napi-build-utils/-/napi-build-utils-2.0.0.tgz",
-      "integrity": "sha512-GEbrYkbfF7MoNaoh2iGG84Mnf/WZfB0GdGEsM8wz7Expx/LlWf5U8t9nvJKXSp3qr5IsEbK04cBGhol/KwOsWA==",
-      "license": "MIT"
-    },
     "node_modules/negotiator": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-1.0.0.tgz",
@@ -902,18 +758,6 @@
         "node": ">= 0.6"
       }
     },
-    "node_modules/node-abi": {
-      "version": "3.89.0",
-      "resolved": "https://registry.npmjs.org/node-abi/-/node-abi-3.89.0.tgz",
-      "integrity": "sha512-6u9UwL0HlAl21+agMN3YAMXcKByMqwGx+pq+P76vii5f7hTPtKDp08/H9py6DY+cfDw7kQNTGEj/rly3IgbNQA==",
-      "license": "MIT",
-      "dependencies": {
-        "semver": "^7.3.5"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
     "node_modules/object-assign": {
       "version": "4.1.1",
       "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz",
@@ -993,33 +837,6 @@
         "node": ">=16.20.0"
       }
     },
-    "node_modules/prebuild-install": {
-      "version": "7.1.3",
-      "resolved": "https://registry.npmjs.org/prebuild-install/-/prebuild-install-7.1.3.tgz",
-      "integrity": "sha512-8Mf2cbV7x1cXPUILADGI3wuhfqWvtiLA1iclTDbFRZkgRQS0NqsPZphna9V+HyTEadheuPmjaJMsbzKQFOzLug==",
-      "deprecated": "No longer maintained. Please contact the author of the relevant native addon; alternatives are available.",
-      "license": "MIT",
-      "dependencies": {
-        "detect-libc": "^2.0.0",
-        "expand-template": "^2.0.3",
-        "github-from-package": "0.0.0",
-        "minimist": "^1.2.3",
-        "mkdirp-classic": "^0.5.3",
-        "napi-build-utils": "^2.0.0",
-        "node-abi": "^3.3.0",
-        "pump": "^3.0.0",
-        "rc": "^1.2.7",
-        "simple-get": "^4.0.0",
-        "tar-fs": "^2.0.0",
-        "tunnel-agent": "^0.6.0"
-      },
-      "bin": {
-        "prebuild-install": "bin.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
     "node_modules/proxy-addr": {
       "version": "2.0.7",
       "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz",
@@ -1033,16 +850,6 @@
         "node": ">= 0.10"
       }
     },
-    "node_modules/pump": {
-      "version": "3.0.4",
-      "resolved": "https://registry.npmjs.org/pump/-/pump-3.0.4.tgz",
-      "integrity": "sha512-VS7sjc6KR7e1ukRFhQSY5LM2uBWAUPiOPa/A3mkKmiMwSmRFUITt0xuj+/lesgnCv+dPIEYlkzrcyXgquIHMcA==",
-      "license": "MIT",
-      "dependencies": {
-        "end-of-stream": "^1.1.0",
-        "once": "^1.3.1"
-      }
-    },
     "node_modules/qs": {
       "version": "6.15.2",
       "resolved": "https://registry.npmjs.org/qs/-/qs-6.15.2.tgz",
@@ -1058,12 +865,6 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
-    "node_modules/queue-tick": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/queue-tick/-/queue-tick-1.0.1.tgz",
-      "integrity": "sha512-kJt5qhMxoszgU/62PLP1CJytzd2NKetjSRnyuj31fDd3Rlcz3fzlFdFLD1SItunPwyqEOkca6GbV612BWfaBag==",
-      "license": "MIT"
-    },
     "node_modules/range-parser": {
       "version": "1.2.1",
       "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
@@ -1088,30 +889,6 @@
         "node": ">= 0.10"
       }
     },
-    "node_modules/rc": {
-      "version": "1.2.8",
-      "resolved": "https://registry.npmjs.org/rc/-/rc-1.2.8.tgz",
-      "integrity": "sha512-y3bGgqKj3QBdxLbLkomlohkvsA8gdAiUQlSBJnBhfn+BPxg4bc62d8TcBW15wavDfgexCgccckhcZvywyQYPOw==",
-      "license": "(BSD-2-Clause OR MIT OR Apache-2.0)",
-      "dependencies": {
-        "deep-extend": "^0.6.0",
-        "ini": "~1.3.0",
-        "minimist": "^1.2.0",
-        "strip-json-comments": "~2.0.1"
-      },
-      "bin": {
-        "rc": "cli.js"
-      }
-    },
-    "node_modules/rc/node_modules/strip-json-comments": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-2.0.1.tgz",
-      "integrity": "sha512-4gB8na07fecVVkOI6Rs4e7T6NOTki5EmL7TUduTs6bu3EdnSycntVJ4re8kgZA+wx9IueI2Y11bfbgwtzuE0KQ==",
-      "license": "MIT",
-      "engines": {
-        "node": ">=0.10.0"
-      }
-    },
     "node_modules/require-from-string": {
       "version": "2.0.2",
       "resolved": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz",
@@ -1137,44 +914,12 @@
         "node": ">= 18"
       }
     },
-    "node_modules/safe-buffer": {
-      "version": "5.2.1",
-      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
-      "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==",
-      "funding": [
-        {
-          "type": "github",
-          "url": "https://github.com/sponsors/feross"
-        },
-        {
-          "type": "patreon",
-          "url": "https://www.patreon.com/feross"
-        },
-        {
-          "type": "consulting",
-          "url": "https://feross.org/support"
-        }
-      ],
-      "license": "MIT"
-    },
     "node_modules/safer-buffer": {
       "version": "2.1.2",
       "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
       "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==",
       "license": "MIT"
     },
-    "node_modules/semver": {
-      "version": "7.7.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.3.tgz",
-      "integrity": "sha512-SdsKMrI9TdgjdweUSR9MweHA4EJ8YxHn8DFaDisvhVlUOe4BF1tLD7GAj0lIqWVl+dPb/rExr0Btby5loQm20Q==",
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
     "node_modules/send": {
       "version": "1.2.1",
       "resolved": "https://registry.npmjs.org/send/-/send-1.2.1.tgz",
@@ -1319,51 +1064,6 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
-    "node_modules/simple-concat": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/simple-concat/-/simple-concat-1.0.1.tgz",
-      "integrity": "sha512-cSFtAPtRhljv69IK0hTVZQ+OfE9nePi/rtJmw5UjHeVyVroEqJXP1sFztKUy1qU+xvz3u/sfYJLa947b7nAN2Q==",
-      "funding": [
-        {
-          "type": "github",
-          "url": "https://github.com/sponsors/feross"
-        },
-        {
-          "type": "patreon",
-          "url": "https://www.patreon.com/feross"
-        },
-        {
-          "type": "consulting",
-          "url": "https://feross.org/support"
-        }
-      ],
-      "license": "MIT"
-    },
-    "node_modules/simple-get": {
-      "version": "4.0.1",
-      "resolved": "https://registry.npmjs.org/simple-get/-/simple-get-4.0.1.tgz",
-      "integrity": "sha512-brv7p5WgH0jmQJr1ZDDfKDOSeWWg+OVypG99A/5vYGPqJ6pxiaHLy8nxtFjBA7oMa01ebA9gfh1uMCFqOuXxvA==",
-      "funding": [
-        {
-          "type": "github",
-          "url": "https://github.com/sponsors/feross"
-        },
-        {
-          "type": "patreon",
-          "url": "https://www.patreon.com/feross"
-        },
-        {
-          "type": "consulting",
-          "url": "https://feross.org/support"
-        }
-      ],
-      "license": "MIT",
-      "dependencies": {
-        "decompress-response": "^6.0.0",
-        "once": "^1.3.1",
-        "simple-concat": "^1.0.0"
-      }
-    },
     "node_modules/smol-toml": {
       "version": "1.6.1",
       "resolved": "https://registry.npmjs.org/smol-toml/-/smol-toml-1.6.1.tgz",
@@ -1385,39 +1085,6 @@
         "node": ">= 0.8"
       }
     },
-    "node_modules/streamx": {
-      "version": "2.15.0",
-      "resolved": "https://registry.npmjs.org/streamx/-/streamx-2.15.0.tgz",
-      "integrity": "sha512-HcxY6ncGjjklGs1xsP1aR71INYcsXFJet5CU1CHqihQ2J5nOsbd4OjgjHO42w/4QNv9gZb3BueV+Vxok5pLEXg==",
-      "license": "MIT",
-      "dependencies": {
-        "fast-fifo": "^1.1.0",
-        "queue-tick": "^1.0.1"
-      }
-    },
-    "node_modules/tar-fs": {
-      "version": "2.1.4",
-      "resolved": "https://registry.npmjs.org/tar-fs/-/tar-fs-2.1.4.tgz",
-      "integrity": "sha512-mDAjwmZdh7LTT6pNleZ05Yt65HC3E+NiQzl672vQG38jIrehtJk/J3mNwIg+vShQPcLF/LV7CMnDW6vjj6sfYQ==",
-      "license": "MIT",
-      "dependencies": {
-        "chownr": "^1.1.1",
-        "mkdirp-classic": "^0.5.2",
-        "pump": "^3.0.0",
-        "tar-stream": "^2.1.4"
-      }
-    },
-    "node_modules/tar-stream": {
-      "version": "3.1.7",
-      "resolved": "https://registry.npmjs.org/tar-stream/-/tar-stream-3.1.7.tgz",
-      "integrity": "sha512-qJj60CXt7IU1Ffyc3NJMjh6EkuCFej46zUqJ4J7pqYlThyd9bO0XBTmcOIhSzZJVWfsLks0+nle/j538YAW9RQ==",
-      "license": "MIT",
-      "dependencies": {
-        "b4a": "^1.6.4",
-        "fast-fifo": "^1.2.0",
-        "streamx": "^2.15.0"
-      }
-    },
     "node_modules/toidentifier": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz",
@@ -1427,18 +1094,6 @@
         "node": ">=0.6"
       }
     },
-    "node_modules/tunnel-agent": {
-      "version": "0.6.0",
-      "resolved": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz",
-      "integrity": "sha512-McnNiV1l8RYeY8tBgEpuodCC1mLUdbSN+CYBL7kJsJNInOP8UjDDEwdk6Mw60vdLLrr5NHKZhMAOSrR2NZuQ+w==",
-      "license": "Apache-2.0",
-      "dependencies": {
-        "safe-buffer": "^5.0.1"
-      },
-      "engines": {
-        "node": "*"
-      }
-    },
     "node_modules/type-is": {
       "version": "2.0.1",
       "resolved": "https://registry.npmjs.org/type-is/-/type-is-2.0.1.tgz",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "llm-cli-gateway",
-  "version": "1.17.9",
+  "version": "2.0.0",
   "mcpName": "io.github.verivus-oss/llm-cli-gateway",
   "description": "MCP server providing unified access to Claude Code, Codex, Gemini, Grok, and Mistral Vibe CLIs with session management, retry logic, async job orchestration, durable job results, and cross-LLM validation.",
   "license": "MIT",
@@ -40,7 +40,7 @@
     "llm-cli-gateway": "dist/index.js"
   },
   "engines": {
-    "node": ">=20.0.0"
+    "node": ">=24.4.0"
   },
   "files": [
     "dist/**/*.js",
@@ -87,7 +87,6 @@
   },
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.29.0",
-    "better-sqlite3": "^12.10.0",
     "content-type": "1.0.5",
     "smol-toml": "^1.6.1",
     "type-is": "2.0.1",
@@ -104,6 +103,7 @@
   "devDependencies": {
     "@eslint/js": "^10.0.1",
     "@types/better-sqlite3": "^7.6.0",
+    "better-sqlite3": "^12.10.0",
     "@types/node": "^25.9.1",
     "@types/pg": "^8.11.10",
     "@typescript-eslint/eslint-plugin": "^8.59.4",
@@ -120,8 +120,7 @@
   },
   "overrides": {
     "type-is": "2.0.1",
-    "content-type": "1.0.5",
-    "tar-stream": "3.1.7"
+    "content-type": "1.0.5"
   },
   "directories": {
     "doc": "docs"

package/socket.yml

@@ -25,10 +25,15 @@ version: 2
 #     imported or called from upstream-contracts.ts. The wording now uses
 #     "remote retrieval" to avoid that heuristic.
 #
-#     Transitive tar-stream@2.2.0 (better-sqlite3 → prebuild-install → tar-fs)
-#     triggered Socket "Potential vulnerability" (tar path traversal at install
-#     only). v1.17.7+ overrides tar-stream to 3.1.7 and blocks 2.x in the
-#     release security audit.
+#     Historical (resolved in 2.0.0): transitive tar-stream@2.2.0
+#     (better-sqlite3 → prebuild-install → tar-fs) triggered Socket "Potential
+#     vulnerability" (tar path traversal at install only). v1.17.7-1.17.9 worked
+#     around it with a tar-stream 3.1.7 override + prod-only shrinkwrap. As of
+#     2.0.0 the gateway uses Node's built-in `node:sqlite` for persistence;
+#     better-sqlite3 is a devDependency only, so the prod graph has NO native
+#     module and NO tar-stream/prebuild-install/tar-fs install chain. The
+#     release security audit now hard-fails if any of those packages re-enter
+#     the prod graph (and still blocks the flagged tar-stream 2.x versions).
 #
 #   shellAccess
 #     This alert fires on every module that imports node:child_process, and
@@ -69,12 +74,16 @@ version: 2
 #     This is ajv's standard codegen path; no caller-supplied data flows
 #     into the compiled function body.
 #
-#   better-sqlite3 PRAGMA helper
-#     Socket may flag better-sqlite3/lib/methods/pragma.js because it
-#     constructs PRAGMA SQL from its caller-provided `source` string. The
-#     gateway does not call db.pragma() from production code; SQLite setup
-#     uses fixed literal db.exec("PRAGMA ...") statements, and the release
-#     security audit fails future production `.pragma()` calls.
+#   SQLite (node:sqlite) adapter isolation
+#     As of 2.0.0 persistence uses Node's built-in `node:sqlite` module (no
+#     native binding, no install scripts) through a single adapter,
+#     src/sqlite-driver.ts. No `db.pragma()` helper exists on node:sqlite and
+#     the gateway never calls one; SQLite setup uses fixed literal
+#     db.exec("PRAGMA ...") statements. The release security audit hard-fails
+#     if production code references node:sqlite outside the adapter or
+#     reintroduces a `.pragma()` call. (better-sqlite3 — and its
+#     lib/methods/pragma.js that older Socket scans flagged — is now a
+#     devDependency only and is absent from the published prod artifact.)
 
 issueRules:
   # Defaults from Socket. Listed explicitly so future contributors see what
@@ -84,7 +93,7 @@ issueRules:
   didYouMean: true
   installScripts: true
   telemetry: true
-  hasNativeCode: true            # better-sqlite3 — known and expected
+  hasNativeCode: true            # devDependency-only as of 2.0.0 (better-sqlite3); prod artifact has no native code
   shellAccess: false             # reviewed gateway capability; see rationale above
   shellScriptOverride: true
   gitDependency: true