llm-cli-gateway 1.4.0 → 1.5.13

package/dist/async-job-manager.d.ts

@@ -1,7 +1,7 @@
 import type { Logger } from "./logger.js";
 import { type JobHealth } from "./process-monitor.js";
 import { JobStore } from "./job-store.js";
-export type LlmCli = "claude" | "codex" | "gemini" | "grok";
+export type LlmCli = "claude" | "codex" | "gemini" | "grok" | "mistral";
 export type AsyncJobStatus = "running" | "completed" | "failed" | "canceled" | "orphaned";
 export interface AsyncJobSnapshot {
     id: string;
@@ -29,6 +29,22 @@ export interface StartJobOptions {
     outputFormat?: string;
     /** Bypass dedup and force a fresh CLI run even if a recent matching job exists. */
     forceRefresh?: boolean;
+    /**
+     * Extra environment variables to inject when spawning the child CLI.
+     * Used by Mistral Vibe to pass `VIBE_ACTIVE_MODEL` (Vibe has no `--model` flag).
+     *
+     * IMPORTANT: env vars participate in the dedup key (canonicalised by sorted
+     * keys + JSON-stringified). Two requests that differ only in env (e.g. two
+     * Mistral requests with the same prompt but different VIBE_ACTIVE_MODEL)
+     * therefore do NOT collide on dedup.
+     */
+    env?: Record<string, string>;
+    /**
+     * Optional hook fired exactly once when the job reaches a terminal state.
+     * Used by callers that own per-request resources (outputSchema temp files,
+     * etc.) that must persist for the lifetime of the spawned CLI process.
+     */
+    onComplete?: () => void;
 }
 export interface StartJobOutcome {
     snapshot: AsyncJobSnapshot;
@@ -45,13 +61,26 @@ export declare class AsyncJobManager {
     private processMonitor;
     private store;
     constructor(logger?: Logger, onJobComplete?: ((cli: LlmCli, durationMs: number, success: boolean) => void) | undefined, store?: JobStore | null);
+    /**
+     * True iff a durable (or memory) job store is attached. The MCP-tool
+     * registration layer ANDs this with persistence.asyncJobsEnabled when
+     * deciding whether to register the *_request_async / llm_job_* tools.
+     * Without a store, async tools must not be registered, otherwise we
+     * re-open the silent in-memory loss path the structural invariant closes.
+     */
+    hasStore(): boolean;
     private emitMetrics;
     private evictCompletedJobs;
     /**
      * Compute the dedup key for a job. Stable across re-issues of the same request,
      * which is exactly what allows agents to safely retry without restarting the run.
+     *
+     * U22 fix: env vars participate in the key via a deterministic canonicalisation
+     * (sorted keys → JSON-stringified). This prevents two Mistral requests with the
+     * same argv but different `VIBE_ACTIVE_MODEL` from deduping onto each other.
      */
     private buildRequestKey;
+    private fireOnComplete;
     private safeStoreCall;
     /**
      * Flush in-memory stdout/stderr to the durable store if anything changed
@@ -71,7 +100,7 @@ export declare class AsyncJobManager {
      * Existing callers keep working unchanged; forceRefresh is exposed as a trailing
      * optional param for the dedup-aware path.
      */
-    startJob(cli: LlmCli, args: string[], correlationId: string, cwd?: string, idleTimeoutMs?: number, outputFormat?: string, forceRefresh?: boolean): AsyncJobSnapshot;
+    startJob(cli: LlmCli, args: string[], correlationId: string, cwd?: string, idleTimeoutMs?: number, outputFormat?: string, forceRefresh?: boolean, env?: Record<string, string>, onComplete?: () => void): AsyncJobSnapshot;
     /**
      * Start a job, with optional dedup against recent identical requests.
      * Returns `{ snapshot, deduped }` so callers can log/report the short-circuit.
@@ -82,6 +111,7 @@ export declare class AsyncJobManager {
      */
     startJobWithDedup(cli: LlmCli, args: string[], correlationId: string, opts?: StartJobOptions): StartJobOutcome;
     getJobSnapshot(jobId: string): AsyncJobSnapshot | null;
+    getJobSnapshots(jobIds: string[]): Record<string, AsyncJobSnapshot | null>;
     getJobResult(jobId: string, maxChars?: number): AsyncJobResult | null;
     cancelJob(jobId: string): {
         canceled: boolean;

package/dist/async-job-manager.js

@@ -1,6 +1,5 @@
-import { spawn } from "child_process";
 import { randomUUID } from "crypto";
-import { getExtendedPath, killProcessGroup, registerProcessGroup, unregisterProcessGroup, } from "./executor.js";
+import { getExtendedPath, killProcessGroup, spawnCliProcess, unregisterProcessGroup, } from "./executor.js";
 import { noopLogger } from "./logger.js";
 import { ProcessMonitor } from "./process-monitor.js";
 import { computeRequestKey } from "./job-store.js";
@@ -8,6 +7,35 @@ const MAX_OUTPUT_SIZE = 50 * 1024 * 1024;
 const JOB_TTL_MS = 60 * 60 * 1000; // 1 hour in-memory retention; durable store has its own (longer) retention
 const EVICTION_INTERVAL_MS = 5 * 60 * 1000; // Check every 5 minutes
 const OUTPUT_FLUSH_INTERVAL_MS = 1000; // Throttle DB writes for streaming stdout/stderr
+function describeProcessLaunchError(cli, error) {
+    const code = error.code;
+    if (code === "ENOENT") {
+        return {
+            exitCode: 127,
+            message: `The '${cli}' command was not found. Install the ${cli} CLI and make sure it is on PATH. (${error.message})`,
+        };
+    }
+    return {
+        exitCode: 126,
+        message: `Failed to launch ${cli} CLI: ${error.message}`,
+    };
+}
+/**
+ * U22 fix: deterministic canonicalisation of an env-var map for the dedup key.
+ * Returns "" when env is undefined or empty (preserves dedup key continuity for
+ * pre-U22 callers that pass no env).
+ */
+function canonicaliseEnvForKey(env) {
+    if (!env)
+        return "";
+    const entries = Object.entries(env)
+        .filter(([, v]) => v !== undefined && v !== null)
+        .map(([k, v]) => [k, String(v)]);
+    if (entries.length === 0)
+        return "";
+    entries.sort((a, b) => (a[0] < b[0] ? -1 : a[0] > b[0] ? 1 : 0));
+    return JSON.stringify(entries);
+}
 function truncateText(value, maxChars) {
     if (value.length <= maxChars) {
         return { text: value, truncated: false };
@@ -46,6 +74,16 @@ export class AsyncJobManager {
             this.evictionTimer.unref();
         }
     }
+    /**
+     * True iff a durable (or memory) job store is attached. The MCP-tool
+     * registration layer ANDs this with persistence.asyncJobsEnabled when
+     * deciding whether to register the *_request_async / llm_job_* tools.
+     * Without a store, async tools must not be registered, otherwise we
+     * re-open the silent in-memory loss path the structural invariant closes.
+     */
+    hasStore() {
+        return this.store !== null;
+    }
     emitMetrics(job) {
         if (job.metricsRecorded)
             return;
@@ -82,6 +120,7 @@ export class AsyncJobManager {
                         this.logger.error(`Job ${id} process ${job.process.pid} no longer exists, marking as failed`);
                         this.emitMetrics(job);
                         this.persistComplete(job);
+                        this.fireOnComplete(job);
                     }
                     // EPERM: process exists but we can't signal it — ignore
                 }
@@ -96,6 +135,7 @@ export class AsyncJobManager {
                 this.logger.error(`Job ${id} has exited flag but was still in running state, marking as failed`);
                 this.emitMetrics(job);
                 this.persistComplete(job);
+                this.fireOnComplete(job);
             }
         }
         for (const [id, job] of this.jobs) {
@@ -126,9 +166,26 @@ export class AsyncJobManager {
     /**
      * Compute the dedup key for a job. Stable across re-issues of the same request,
      * which is exactly what allows agents to safely retry without restarting the run.
+     *
+     * U22 fix: env vars participate in the key via a deterministic canonicalisation
+     * (sorted keys → JSON-stringified). This prevents two Mistral requests with the
+     * same argv but different `VIBE_ACTIVE_MODEL` from deduping onto each other.
      */
-    buildRequestKey(cli, args) {
-        return computeRequestKey(cli, args);
+    buildRequestKey(cli, args, env) {
+        return computeRequestKey(cli, args, canonicaliseEnvForKey(env));
+    }
+    fireOnComplete(job) {
+        if (job.onCompleteFired)
+            return;
+        if (!job.onComplete)
+            return;
+        job.onCompleteFired = true;
+        try {
+            job.onComplete();
+        }
+        catch (err) {
+            this.logger.error(`Job ${job.id} onComplete hook threw`, err);
+        }
     }
     safeStoreCall(label, fn) {
         if (!this.store)
@@ -234,12 +291,14 @@ export class AsyncJobManager {
      * Existing callers keep working unchanged; forceRefresh is exposed as a trailing
      * optional param for the dedup-aware path.
      */
-    startJob(cli, args, correlationId, cwd, idleTimeoutMs, outputFormat, forceRefresh) {
+    startJob(cli, args, correlationId, cwd, idleTimeoutMs, outputFormat, forceRefresh, env, onComplete) {
         return this.startJobWithDedup(cli, args, correlationId, {
             cwd,
             idleTimeoutMs,
             outputFormat,
             forceRefresh,
+            env,
+            onComplete,
         }).snapshot;
     }
     /**
@@ -251,8 +310,8 @@ export class AsyncJobManager {
      * is returned without spawning a new process. forceRefresh skips dedup entirely.
      */
     startJobWithDedup(cli, args, correlationId, opts = {}) {
-        const { cwd, idleTimeoutMs, outputFormat, forceRefresh } = opts;
-        const requestKey = this.buildRequestKey(cli, args);
+        const { cwd, idleTimeoutMs, outputFormat, forceRefresh, env: extraEnv, onComplete } = opts;
+        const requestKey = this.buildRequestKey(cli, args, extraEnv);
         if (!forceRefresh && this.store) {
             try {
                 const existing = this.store.findByRequestKey(requestKey);
@@ -268,6 +327,19 @@ export class AsyncJobManager {
                             originalCorrelationId: record.correlationId,
                             status: record.status,
                         });
+                        // U26 fix: the caller's per-request resources (e.g. outputSchema temp
+                        // file) are NOT consumed by the deduped job, which reuses its own
+                        // original resources. Release the new request's cleanup immediately
+                        // to avoid an orphaned temp file. The original job's onComplete (if
+                        // any) remains attached to that original job record.
+                        if (onComplete) {
+                            try {
+                                onComplete();
+                            }
+                            catch (err) {
+                                this.logger.error("dedup onComplete cleanup threw", err);
+                            }
+                        }
                         return {
                             snapshot: this.snapshot(record),
                             deduped: true,
@@ -282,15 +354,14 @@ export class AsyncJobManager {
         }
         const id = randomUUID();
         const startedAt = new Date().toISOString();
-        const child = spawn(cli, args, {
+        // Mistral Vibe ships as the `vibe` binary; the gateway uses `mistral` as the
+        // provider key but spawns `vibe` on the shell.
+        const command = cli === "mistral" ? "vibe" : cli;
+        const child = spawnCliProcess(command, args, {
             cwd,
-            detached: true,
             stdio: ["ignore", "pipe", "pipe"],
-            env: { ...process.env, PATH: getExtendedPath() },
+            env: { ...process.env, PATH: getExtendedPath(), ...(extraEnv ?? {}) },
         });
-        if (child.pid)
-            registerProcessGroup(child.pid);
-        child.unref();
         // Single cleanup flag to prevent double-unregister
         let groupCleaned = false;
         const cleanupGroup = () => {
@@ -320,6 +391,8 @@ export class AsyncJobManager {
             metricsRecorded: false,
             outputFormat,
             cleanupGroup,
+            onComplete,
+            onCompleteFired: false,
             outputDirty: false,
             lastOutputFlushAt: Date.now(),
         };
@@ -356,6 +429,7 @@ export class AsyncJobManager {
                 });
                 this.emitMetrics(job);
                 this.persistComplete(job);
+                this.fireOnComplete(job);
                 setTimeout(() => {
                     if (!job.exited && job.process)
                         killProcessGroup(job.process, "SIGKILL");
@@ -380,12 +454,16 @@ export class AsyncJobManager {
             job.clearIdleTimer?.();
             job.cleanupGroup?.();
             if (job.status === "running") {
+                const launchError = describeProcessLaunchError(cli, error);
                 job.status = job.canceled ? "canceled" : "failed";
-                job.error = error.message;
+                job.exitCode = launchError.exitCode;
+                job.error = launchError.message;
+                job.stderr = job.stderr ? `${job.stderr}\n${launchError.message}` : launchError.message;
                 job.finishedAt = new Date().toISOString();
-                this.logger.error(`Job ${id} error: ${error.message}`, { correlationId });
+                this.logger.error(`Job ${id} error: ${launchError.message}`, { correlationId });
                 this.emitMetrics(job);
                 this.persistComplete(job);
+                this.fireOnComplete(job);
             }
         });
         child.on("close", (code) => {
@@ -396,12 +474,13 @@ export class AsyncJobManager {
                 job.cleanupGroup?.();
             }
             if (job.status !== "running") {
-                job.exitCode = code ?? job.exitCode;
+                job.exitCode = job.exitCode ?? code ?? null;
                 if (!job.finishedAt) {
                     job.finishedAt = new Date().toISOString();
                 }
                 // Ensure terminal state reaches the durable store (idle-timeout/output-overflow already persisted).
                 this.persistComplete(job);
+                this.fireOnComplete(job);
                 return;
             }
             job.exitCode = code ?? 0;
@@ -417,6 +496,7 @@ export class AsyncJobManager {
             }
             this.emitMetrics(job);
             this.persistComplete(job);
+            this.fireOnComplete(job);
         });
         return { snapshot: this.snapshot(job), deduped: false };
     }
@@ -429,6 +509,9 @@ export class AsyncJobManager {
         }
         return this.snapshot(job);
     }
+    getJobSnapshots(jobIds) {
+        return Object.fromEntries(jobIds.map(jobId => [jobId, this.getJobSnapshot(jobId)]));
+    }
     getJobResult(jobId, maxChars = 200000) {
         let job = this.jobs.get(jobId);
         if (!job) {
@@ -468,6 +551,7 @@ export class AsyncJobManager {
         killProcessGroup(job.process, "SIGTERM");
         this.logger.info(`Job ${jobId} canceled`, { correlationId: job.correlationId });
         this.persistComplete(job);
+        this.fireOnComplete(job);
         setTimeout(() => {
             if (!job.exited && job.process)
                 killProcessGroup(job.process, "SIGKILL");
@@ -539,6 +623,7 @@ export class AsyncJobManager {
                 });
                 this.emitMetrics(job);
                 this.persistComplete(job);
+                this.fireOnComplete(job);
                 setTimeout(() => {
                     if (!job.exited && job.process)
                         killProcessGroup(job.process, "SIGKILL");

package/dist/auth.d.ts

@@ -0,0 +1,15 @@
+import type { IncomingMessage, ServerResponse } from "node:http";
+export interface AuthConfig {
+    required: boolean;
+    tokenConfigured: boolean;
+    source: "env" | "disabled";
+}
+export interface AuthResult {
+    ok: boolean;
+    status?: number;
+    message?: string;
+}
+export declare function loadAuthConfig(env?: NodeJS.ProcessEnv): AuthConfig;
+export declare function getRequiredBearerToken(env?: NodeJS.ProcessEnv): string | null;
+export declare function authorizeBearerRequest(req: IncomingMessage, token?: string | null): AuthResult;
+export declare function writeAuthFailure(res: ServerResponse, result: AuthResult): void;

package/dist/auth.js

@@ -0,0 +1,46 @@
+const AUTH_SCHEME = "Bearer ";
+export function loadAuthConfig(env = process.env) {
+    const token = env.LLM_GATEWAY_AUTH_TOKEN;
+    const disabled = env.LLM_GATEWAY_AUTH_DISABLED === "1";
+    return {
+        required: !disabled,
+        tokenConfigured: Boolean(token),
+        source: disabled ? "disabled" : "env",
+    };
+}
+export function getRequiredBearerToken(env = process.env) {
+    const config = loadAuthConfig(env);
+    if (!config.required)
+        return null;
+    return env.LLM_GATEWAY_AUTH_TOKEN || null;
+}
+export function authorizeBearerRequest(req, token = getRequiredBearerToken()) {
+    if (!loadAuthConfig().required) {
+        return { ok: true };
+    }
+    if (!token) {
+        return {
+            ok: false,
+            status: 503,
+            message: "HTTP transport requires LLM_GATEWAY_AUTH_TOKEN",
+        };
+    }
+    const header = req.headers.authorization;
+    const value = Array.isArray(header) ? header[0] : header;
+    if (!value || !value.startsWith(AUTH_SCHEME)) {
+        return { ok: false, status: 401, message: "Unauthorized" };
+    }
+    const supplied = value.slice(AUTH_SCHEME.length);
+    if (supplied !== token) {
+        return { ok: false, status: 401, message: "Unauthorized" };
+    }
+    return { ok: true };
+}
+export function writeAuthFailure(res, result) {
+    const status = result.status ?? 401;
+    res.writeHead(status, {
+        "content-type": "application/json",
+        "www-authenticate": 'Bearer realm="llm-cli-gateway"',
+    });
+    res.end(JSON.stringify({ error: result.message || "Unauthorized" }));
+}

package/dist/cli-updater.d.ts

@@ -1,11 +1,15 @@
 import type { Logger } from "./logger.js";
 import type { CliType } from "./session-manager.js";
+import { type ProviderLoginStatus } from "./provider-status.js";
+import type { ProviderLoginGuidance } from "./provider-login-guidance.js";
 export interface CliVersionInfo {
     cli: CliType;
     command: string;
     args: string[];
     installed: boolean;
     version?: string;
+    loginStatus?: ProviderLoginStatus;
+    loginGuidance?: ProviderLoginGuidance["login"];
     stdout: string;
     stderr: string;
     error?: string;
@@ -15,10 +19,23 @@ export interface CliUpgradePlan {
     target: string;
     command: string;
     args: string[];
-    strategy: "self-update" | "npm-global-install";
+    strategy: "self-update" | "npm-global-install" | "pip-install" | "uv-tool-upgrade" | "brew-upgrade";
     requiresNetwork: boolean;
     note?: string;
 }
+export type MistralInstallMethod = "pip" | "uv" | "brew" | "unknown";
+/**
+ * Detect how Vibe was installed on this machine. Vibe does not self-update, so
+ * cli_upgrade has to dispatch to the package manager that owns the binary.
+ *
+ * Probe order: pip → uv → brew. The first one that returns a positive signal
+ * wins; if none do, callers should surface an actionable error rather than
+ * blindly running `vibe update` (a command that does not exist).
+ */
+export declare function detectMistralInstallMethod(exec?: (cmd: string, args: string[]) => {
+    exitCode: number | null;
+    stdout: string;
+}): MistralInstallMethod;
 export interface CliUpgradeResult {
     dryRun: boolean;
     plan: CliUpgradePlan;
@@ -26,7 +43,7 @@ export interface CliUpgradeResult {
     stderr?: string;
     exitCode?: number;
 }
-export declare function buildCliUpgradePlan(cli: CliType, target?: string): CliUpgradePlan;
+export declare function buildCliUpgradePlan(cli: CliType, target?: string, detectMistral?: () => MistralInstallMethod): CliUpgradePlan;
 export declare function getCliVersion(cli: CliType): Promise<CliVersionInfo>;
 export declare function getCliVersions(cli?: CliType): Promise<CliVersionInfo[]>;
 export declare function runCliUpgrade(params: {

package/dist/cli-updater.js

@@ -1,16 +1,51 @@
+import { spawnSync } from "node:child_process";
 import { executeCli } from "./executor.js";
+import { getProviderRuntimeStatus } from "./provider-status.js";
+/**
+ * Detect how Vibe was installed on this machine. Vibe does not self-update, so
+ * cli_upgrade has to dispatch to the package manager that owns the binary.
+ *
+ * Probe order: pip → uv → brew. The first one that returns a positive signal
+ * wins; if none do, callers should surface an actionable error rather than
+ * blindly running `vibe update` (a command that does not exist).
+ */
+export function detectMistralInstallMethod(exec = (cmd, args) => {
+    const result = spawnSync(cmd, args, { encoding: "utf8", timeout: 5_000, windowsHide: true });
+    return {
+        exitCode: typeof result.status === "number" ? result.status : null,
+        stdout: result.stdout || "",
+    };
+}) {
+    const pip = exec("pip", ["show", "vibe-cli"]);
+    if (pip.exitCode === 0 && /Name:\s*vibe-cli/i.test(pip.stdout)) {
+        return "pip";
+    }
+    const uv = exec("uv", ["tool", "list"]);
+    if (uv.exitCode === 0 && /\bvibe(?:-cli)?\b/i.test(uv.stdout)) {
+        return "uv";
+    }
+    const brew = exec("brew", ["list", "mistral-vibe"]);
+    if (brew.exitCode === 0) {
+        return "brew";
+    }
+    return "unknown";
+}
 const VERSION_ARGS = {
     claude: ["--version"],
     codex: ["--version"],
     gemini: ["--version"],
     grok: ["--version"],
+    mistral: ["--version"],
 };
 const NPM_PACKAGES = {
     codex: "@openai/codex",
     gemini: "@google/gemini-cli",
 };
-export function buildCliUpgradePlan(cli, target = "latest") {
+export function buildCliUpgradePlan(cli, target = "latest", detectMistral = detectMistralInstallMethod) {
     const normalizedTarget = normalizeTarget(target);
+    if (cli === "mistral") {
+        return buildMistralUpgradePlan(normalizedTarget, detectMistral);
+    }
     if (cli === "claude") {
         if (normalizedTarget === "latest") {
             return {
@@ -79,18 +114,23 @@ export function buildCliUpgradePlan(cli, target = "latest") {
 export async function getCliVersion(cli) {
     const args = VERSION_ARGS[cli];
     try {
-        const result = await executeCli(cli, args, { timeout: 15_000 });
+        const status = getProviderRuntimeStatus(cli);
         return {
             cli,
             command: cli,
             args,
-            installed: true,
-            version: extractVersion(result.stdout, result.stderr),
-            stdout: result.stdout,
-            stderr: result.stderr,
+            installed: status.installed,
+            version: status.version || undefined,
+            loginStatus: status.loginStatus,
+            loginGuidance: status.guidance.login,
+            stdout: status.version || "",
+            stderr: "",
         };
     }
     catch (error) {
+        const result = await fallbackCliVersion(cli, args);
+        if (result)
+            return result;
         const message = error instanceof Error ? error.message : String(error);
         return {
             cli,
@@ -104,9 +144,72 @@ export async function getCliVersion(cli) {
     }
 }
 export async function getCliVersions(cli) {
-    const clis = cli ? [cli] : ["claude", "codex", "gemini", "grok"];
+    const clis = cli ? [cli] : ["claude", "codex", "gemini", "grok", "mistral"];
     return Promise.all(clis.map(item => getCliVersion(item)));
 }
+function buildMistralUpgradePlan(normalizedTarget, detectMistral) {
+    const method = detectMistral();
+    // Vibe ships no self-update command. cli_upgrade dispatches to the installer
+    // it detects; if none can be detected the caller gets an actionable error
+    // (we surface it as a no-op plan with `command: ""` so runCliUpgrade can
+    // throw before spawning anything).
+    if (method === "pip") {
+        const pkg = normalizedTarget === "latest" ? "vibe-cli" : `vibe-cli==${normalizedTarget}`;
+        return {
+            cli: "mistral",
+            target: normalizedTarget,
+            command: "pip",
+            args: ["install", "-U", pkg],
+            strategy: "pip-install",
+            requiresNetwork: true,
+            note: "Mistral Vibe has no self-update command; gateway detected a pip install.",
+        };
+    }
+    if (method === "uv") {
+        return {
+            cli: "mistral",
+            target: normalizedTarget,
+            command: "uv",
+            args: ["tool", "upgrade", "vibe-cli"],
+            strategy: "uv-tool-upgrade",
+            requiresNetwork: true,
+            note: normalizedTarget === "latest"
+                ? "Mistral Vibe has no self-update command; gateway detected a uv tool install."
+                : "uv tool upgrade does not honour explicit version targets; running upgrade to latest.",
+        };
+    }
+    if (method === "brew") {
+        return {
+            cli: "mistral",
+            target: normalizedTarget,
+            command: "brew",
+            args: ["upgrade", "mistral-vibe"],
+            strategy: "brew-upgrade",
+            requiresNetwork: true,
+            note: normalizedTarget === "latest"
+                ? "Mistral Vibe has no self-update command; gateway detected a Homebrew install."
+                : "brew upgrade does not honour explicit version targets; running upgrade to latest.",
+        };
+    }
+    throw new Error("Could not detect how Mistral Vibe was installed. Install it via pip (`pip install vibe-cli`), uv (`uv tool install vibe-cli`), or Homebrew (`brew install mistral-vibe`) before running cli_upgrade.");
+}
+async function fallbackCliVersion(cli, args) {
+    try {
+        const result = await executeCli(cli, args, { timeout: 15_000 });
+        return {
+            cli,
+            command: cli,
+            args,
+            installed: true,
+            version: extractVersion(result.stdout, result.stderr),
+            stdout: result.stdout,
+            stderr: result.stderr,
+        };
+    }
+    catch {
+        return null;
+    }
+}
 export async function runCliUpgrade(params) {
     const plan = buildCliUpgradePlan(params.cli, params.target);
     if (params.dryRun) {

package/dist/codex-json-parser.d.ts

@@ -0,0 +1,34 @@
+/**
+ * Parser for Codex CLI `--json` JSONL event stream.
+ *
+ * Codex emits one JSON object per line, e.g.:
+ *   {"type":"thread.started","thread_id":"t-abc"}
+ *   {"type":"turn.started","turn_id":"u-001"}
+ *   {"type":"item.started","item":{...}}
+ *   {"type":"item.completed","item":{"type":"agent_message","text":"..."}}
+ *   {"type":"turn.completed","usage":{"input_tokens":...,"output_tokens":...,...}}
+ *   {"type":"turn.failed","error":{...}}
+ *   {"type":"error","message":"..."}
+ *
+ * This parser is lenient: malformed lines are skipped, partial streams are
+ * tolerated (usage is `undefined` if no turn.completed event arrived), and
+ * error events are surfaced.
+ *
+ * Cost is intentionally NOT computed here — Codex does not price client-side
+ * and U23 only plumbs tokens. A future unit can compute cost from the model
+ * registry.
+ */
+export interface CodexUsage {
+    input_tokens: number;
+    output_tokens: number;
+    cache_read_tokens?: number;
+    cache_creation_tokens?: number;
+    cost_usd?: number;
+}
+export interface CodexJsonParseResult {
+    usage?: CodexUsage;
+    error?: string;
+    threadId?: string;
+    finalMessage?: string;
+}
+export declare function parseCodexJsonStream(stdout: string): CodexJsonParseResult;