llm-cli-gateway 1.6.0 → 1.7.0

package/CHANGELOG.md

@@ -2,6 +2,211 @@
 
 All notable changes to the llm-cli-gateway project.
 
+## [1.7.0] - 2026-05-26 — cache-awareness slice 1.5 (async-path flight recorder + codex parser fix)
+
+Closes the two telemetry gaps that v1.6.0 explicitly deferred: async-path
+flight-recorder integration and Codex parser support for the actual
+`cached_input_tokens` field the current Codex CLI emits. Both ship
+together because they jointly close out `cache_state://*` completeness
+for the async tools and the codex CLI.
+
+### Added — async-path flight recorder writes
+
+- `AsyncJobManager` now accepts a `FlightRecorderLike` constructor
+  dependency (defaults to `NoopFlightRecorder` for tests that don't
+  inject one). `StartJobOptions` extended with `writeFlightStart`,
+  `flightRecorderEntry`, and `extractUsage` — pure async tools
+  (`*_request_async`) pass `writeFlightStart: true` so the manager owns
+  the row. The legacy positional `startJob(...)` signature was extended
+  with trailing optional params so existing callers keep working.
+- New private `writeFlightComplete` helper inside the manager fires on
+  every terminal-state code path (close handler, error handler, idle
+  timeout, output overflow, cancelJob, evictCompletedJobs dead-process
+  and exited-mismatch branches). Failure payload mirrors sync-helper
+  semantics: `response = stderr || stdout` on failure, `errorMessage`
+  falls back through override → `job.error` → `job.stderr` →
+  `"Exit code N"`. Single-shot guard set only on successful write so a
+  thrown `logComplete` can be retried by a later terminal callback.
+- New public `armFlightCompleteForDeferral(jobId)` on AsyncJobManager.
+  Called by `awaitJobOrDefer` in `src/index.ts` immediately before
+  returning a `DeferredJobResponse` — this lets the sync handler keep
+  ownership of the rich-metadata `safeFlightComplete` write for
+  sync-inline completions, while still ensuring deferred-from-sync rows
+  get a terminal `logComplete` from the manager when the underlying job
+  finishes. Includes a race-mitigation immediate-write path if the job
+  already terminated before the arm signal landed.
+- `JobStore.markOrphanedOnStartup()` return shape extended from `number`
+  to `{ count, orphaned: Array<{ id, correlationId, startedAt, stdout,
+  stderr, exitCode }> }` so the manager constructor can write FR
+  `logComplete` rows for previously orphaned jobs with proper audit data
+  (durationMs from `startedAt`, response from `stderr || stdout`,
+  errorMessage `"orphaned after gateway restart"`). `SqliteJobStore`
+  SELECTs the per-orphan fields before the orphan-flip UPDATE; no
+  transaction wrapper needed because gateway boot is single-threaded
+  before any new jobs can arrive. `MemoryJobStore` returns
+  `{ count: 0, orphaned: [] }` (in-process state can't be orphaned).
+  Breaking change to the `JobStore` interface; the `PostgresJobStore`
+  stub was updated to match (the impl is still not yet shipped).
+- `cache_state://global`, `cache_state://session/{id}`, and
+  `cache_state://prefix/{hash}` aggregates now include async-job
+  activity. No query changes — `cache_state://*` already didn't filter
+  on `asyncJobId`, so the new rows participate naturally.
+
+### Fixed — Codex parser accepts current CLI's cache-token field
+
+- `src/codex-json-parser.ts` now reads `cached_input_tokens` (preferred,
+  what Codex CLI ≥0.133.0 emits) in addition to the legacy
+  `cache_read_input_tokens` and the bare `cache_read_tokens` fallback.
+  Live smoke-tested against Codex CLI on 2026-05-26 — see
+  `docs/personal-mcp/PROVIDER_CACHE_SURFACES.md` "Codex — field name
+  divergence" for the exact invocation. Cache hits on codex rows now
+  populate the FR's `cache_read_tokens` column.
+
+### Known limitation — sync-deferred-dedup orphan rows
+
+When a sync request dedup-hits an in-flight original job AND the sync
+deadline expires before the original finishes, the dedup'd caller's
+sync-side `logStart` row stays at `status='started'` forever. The
+manager's `logComplete` writes to the ORIGINAL job's correlationId, not
+the dedup'd caller's. This is a pre-existing limitation surfaced by the
+slice's clearer accounting; it predates v1.7.0 and is not a regression.
+A future slice can address it via per-request corrId fan-out.
+
+### Cross-table asymmetry — `canceled` / `orphaned` jobs in the FR
+
+`FlightLogResult.status` only carries `"completed" | "failed"`, so
+canceled and orphaned async jobs are encoded as `"failed"` plus a
+distinguishing `errorMessage`. The underlying `jobs` table in JobStore
+retains the distinct `"canceled"` / `"orphaned"` statuses for
+`getJobSnapshot` callers. External consumers of `~/.llm-cli-gateway/
+logs.db` that filter `status='failed'` will count cancels and boot-time
+orphans as errors; `cache_state://*` aggregation does not distinguish.
+
+### No config or schema changes
+
+No migration. No new opt-in flag. The new behaviour is gated solely on
+whether the caller (handler or `awaitJobOrDefer`) supplies a
+`flightRecorderEntry` to `startJobWithDedup`. Tests/callers that don't
+opt in see no behaviour change (the constructor's default
+`NoopFlightRecorder` short-circuits the FR writes).
+
+### Migration impact
+
+None. SQLite schema and TOML config surface are byte-identical to
+v1.6.1. Rollback is non-destructive (revert the release commit).
+
+### Documentation
+
+- `docs/plans/async-flight-recorder.dag.toml` — new slice plan (Unit A
+  unanimously approved across Codex/Gemini/Grok/Mistral).
+- `docs/plans/async-flight-recorder.pr-body.md` — new PR description.
+- `docs/personal-mcp/ASYNC_FLIGHT_RECORDER_SURFACES.md` — new research
+  note documenting every terminal state, the data contract per FR write
+  site, the sync-path responsibility split table, and the cancel /
+  orphan / dedup limitations.
+- `docs/personal-mcp/PROVIDER_CACHE_SURFACES.md` — Codex section updated
+  to reflect that the parser now accepts `cached_input_tokens`; slice 2
+  "Populated for **claude only** today" claim corrected to include
+  codex.
+- `docs/launch/blog-cache-awareness.md` — slice 1.5 follow-up note in
+  the "What's next" section.
+
+## [1.6.1] - 2026-05-26 — docs-only follow-up to 1.6.0
+
+Pure documentation release; zero source-code changes since 1.6.0.
+
+### Changed — agent-install guidance current with v1.6.0 + five providers
+
+- New `setup/providers/mistral-vibe.md` provider snippet (Mistral was the
+  fifth provider but had no setup/providers/ page; install agents had
+  nothing to point at when the user asked for Mistral coverage).
+- New `setup/assistants/mistral-install-prompt.md` per-assistant install
+  prompt (mirrors the Grok prompt; outbound-only framing,
+  session_logging walk-through, `VIBE_ACTIVE_MODEL` guidance, secret-
+  safety rules preserved).
+- `setup/assistants/ASSISTANT_CONTRACT.md`: Mistral added to "Applies
+  to" and outbound providers; new "Doctor Report Notes (v1.6.0)"
+  paragraph clarifying that the `cache_awareness` block is structural
+  (always present) and that all `[cache_awareness]` flags default off.
+- All 6 per-assistant install prompts (universal, chatgpt, claude,
+  codex, gemini, grok) extended to enumerate all five providers and
+  reference the cache_awareness doctor block.
+- `setup/install-plan.dag.toml` choose-targets / check-diagnostics /
+  apply-client-snippet steps generalised to all five providers; Mistral
+  named outbound-only; cache_awareness must-not-treat-as-blocker note
+  added inline. TOML re-validated.
+- 6 `docs/personal-mcp/connect-*.md` legacy pages now carry an
+  admonition pointing to `setup/providers/` + `ASSISTANT_CONTRACT.md`
+  as canonical.
+
+### Changed — 12 SKILL.md files current with v1.6.0
+
+- All 12 skills (7 under `skills/`, 5 under `.agents/skills/`) extended
+  with `promptParts`, `cache_state://` MCP resources, and (where the
+  skill's centre of gravity is session continuity) the
+  `cache_ttl_expiring_soon` warning. Depth tiered by skill audience:
+  multi-llm-orchestration, model-routing, multi-llm-consensus,
+  implement-review-fix, multi-llm-review, async-job-orchestration,
+  session-workflow, secure-orchestration carry full sections or
+  examples; agent-codex-gate, codex-review-gate, design-review-cycle,
+  red-team-assessment carry tip-level mentions.
+- Plugin-namespaced skills (`.agents/skills/*`) version-bumped 1.5 → 1.6.
+- Exact runtime strings cross-checked against `src/index.ts` (the
+  `provide exactly one of …` / `one of … is required` mutex errors and
+  the `cache_ttl_expiring_soon` warning code).
+
+### Fixed — README / BEST_PRACTICES / integrations doc drift
+
+- README.md: headline + Core Capabilities now name Mistral as the fifth
+  provider; test counts 284 / 221 → 681; new Supply-chain hardening
+  call-out under Security & Quality.
+- BEST_PRACTICES.md: testing coverage / performance lines 284 → 681.
+- integrations/llm-plugin/README.md: Grok + Mistral added to providers
+  list, usage examples, and the "at least one of" requirements list.
+- ENFORCEMENT.md: self-enforcement checklist provider list now Claude /
+  Codex / Gemini / Grok / Mistral.
+
+### Fixed — `docs/launch/blog-cache-awareness.md` accuracy + voice
+
+Technical corrections from the multi-LLM voice + technical review:
+- Mutually-exclusive error-string quotation reformatted so the
+  ``provide exactly one of `prompt` or `promptParts``` example renders
+  correctly in markdown.
+- `lastWriteAt` references corrected to `lastRequestAt` (the actual
+  public field name on `SessionCacheStats`).
+- Security tools sentence rewritten: separates SHA-pinned actions,
+  version-pinned Python/Go tools, and the SHA256-verified gitleaks
+  binary; clarifies that `eslint-plugin-security` runs via the existing
+  eslint config (not security.yml); replaces the inaccurate "Top-level
+  `permissions: contents: read` on every workflow" claim with the
+  accurate least-privilege phrasing.
+- "Signed installer artefacts" → "SHA256-verifiable installer artefacts"
+  (no signing today); npm note adds the sigstore-provenance context.
+- Haiku 3.5 Vertex 2048 caveat added: the in-code alias table
+  conservatively collapses all Haiku variants to 4096.
+- Solorigate / Codecov / xz now link separately.
+- Codex smoke-test evidence now links to
+  `docs/personal-mcp/PROVIDER_CACHE_SURFACES.md` and the CHANGELOG.
+- Three broken links surfaced by lychee CI fixed: Mistral Vibe URL,
+  bare CLAUDE.md link (the file lives outside the gateway repo), and
+  the agent-assurance exclude regex tightened to match bare URLs.
+
+### Fixed — `socket.yml` networkAccess false-positive documentation
+
+- Documented that the `globalThis["fetch"]` flag on `dist/index.js` /
+  `dist/job-store.js` is a substring-match false positive. Neither file
+  contains any actual fetch call; the matches are English-prose
+  occurrences in an error message, the `fetchWith` JSON field name, and
+  a code comment. Verified by sub-agent investigation, no code change
+  required, no attack-surface delta vs 1.5.35.
+
+### Fixed — `lychee.toml` exclusions
+
+- Added `https://npmjs.com/`, `https://help.openai.com/`, and bare
+  `github.com/verivus-oss/agent-assurance` URLs to the exclude list
+  (each is a Cloudflare bot-blocked / private host that returns
+  4xx/5xx to anonymous CI requests). Rationale documented inline.
+
 ## [1.6.0] - 2026-05-26 — cache-awareness phase 1 + security posture
 
 Also includes (beyond cache-awareness):

package/README.md

@@ -3,7 +3,7 @@
 > *"Without consultation, plans are frustrated, but with many counselors they succeed."*
 > — Proverbs 15:22 (LSB)
 
-A Model Context Protocol (MCP) server providing unified access to Claude Code, Codex, Gemini, and Grok CLIs with session management, retry logic, and async job orchestration.
+A Model Context Protocol (MCP) server providing unified access to Claude Code, Codex, Gemini, Grok, and Mistral (Vibe) CLIs with session management, retry logic, and async job orchestration.
 
 ## Personal MCP Appliance MVP
 
@@ -79,7 +79,7 @@ docker compose -f docker-compose.personal.yml run --rm doctor
 ## Features
 
 ### Core Capabilities
-- **Multi-LLM Orchestration**: Unified interface for Claude Code, Codex, Gemini, and Grok CLIs
+- **Multi-LLM Orchestration**: Unified interface for Claude Code, Codex, Gemini, Grok, and Mistral (Vibe) CLIs
 - **Session Management**: Track and resume conversations across all CLIs with persistent storage
 - **Token Optimization**: Automatic 44% reduction on prompts, 37% on responses (opt-in)
 - **Correlation ID Tracking**: Full request tracing across all LLM interactions
@@ -127,12 +127,12 @@ Opt-in flags (all default off) live under `[cache_awareness]` in `~/.llm-cli-gat
 - **Long-Running Jobs**: Non-time-bound async execution via `*_request_async` + polling tools
 
 ### Security & Quality
-- **Comprehensive Testing**: 284 tests covering unit, integration, and regression scenarios
+- **Comprehensive Testing**: 681 tests covering unit, integration, and regression scenarios with real CLI execution
 - **Input Validation**: Zod schemas prevent injection attacks
 - **No Secret Leakage**: Generic session descriptions only (file permissions 0o600)
 - **No ReDoS**: Bounded regex patterns prevent catastrophic backtracking
 - **Type Safety**: Strict TypeScript with comprehensive error handling
-- **221 Tests**: Unit, integration, and regression tests with real CLI execution
+- **Supply-chain hardening**: a dedicated `.github/workflows/security.yml` runs actionlint, zizmor, shellcheck, typos, osv-scanner, gitleaks, ruff, bandit, and lychee on every push and PR (see `SECURITY.md` for the threat model)
 
 ## Prerequisites
 

package/dist/async-job-manager.d.ts

@@ -1,8 +1,35 @@
 import type { Logger } from "./logger.js";
 import { type JobHealth } from "./process-monitor.js";
 import { JobStore } from "./job-store.js";
+import { type FlightRecorderLike } from "./flight-recorder.js";
 export type LlmCli = "claude" | "codex" | "gemini" | "grok" | "mistral";
 export type AsyncJobStatus = "running" | "completed" | "failed" | "canceled" | "orphaned";
+/**
+ * Slice 1.5 flight-recorder payload supplied via StartJobOptions.
+ * Decomposed to primitive fields (no nested handler-locals) so retaining
+ * a reference on the in-memory job record doesn't pin large promptParts
+ * or attachments via closure scope.
+ */
+export interface AsyncJobFlightRecorderEntry {
+    model: string;
+    prompt: string;
+    sessionId?: string;
+    stablePrefixHash?: string;
+    stablePrefixTokens?: number;
+}
+/**
+ * Slice 1.5 usage-extraction callback. Closures MUST be constructed from
+ * primitive locals only (e.g. const fmt = params.outputFormat; closure
+ * captures fmt). Capturing the handler's full `params` object pins large
+ * promptParts/attachments for JOB_TTL_MS.
+ */
+export type AsyncJobUsageExtractor = (stdout: string) => {
+    inputTokens?: number;
+    outputTokens?: number;
+    cacheReadTokens?: number;
+    cacheCreationTokens?: number;
+    costUsd?: number;
+};
 export interface AsyncJobSnapshot {
     id: string;
     cli: LlmCli;
@@ -45,6 +72,23 @@ export interface StartJobOptions {
      * etc.) that must persist for the lifetime of the spawned CLI process.
      */
     onComplete?: () => void;
+    /**
+     * Slice 1.5: when true, AsyncJobManager writes a flight-recorder logStart
+     * row at startJob entry using `flightRecorderEntry`. Pure async handlers
+     * (handle*RequestAsync) pass true because they have no upstream
+     * safeFlightStart writer. The sync-deferred path (awaitJobOrDefer) passes
+     * false because the upstream sync handler already wrote logStart keyed on
+     * the same correlationId — a second INSERT would crash on the PK.
+     */
+    writeFlightStart?: boolean;
+    /** Slice 1.5: payload for the FR logStart and the terminal logComplete. */
+    flightRecorderEntry?: AsyncJobFlightRecorderEntry;
+    /**
+     * Slice 1.5: invoked only on terminal `completed` to populate token-usage
+     * fields in the FR logComplete payload. Construct from primitive locals
+     * only (see AsyncJobUsageExtractor doc).
+     */
+    extractUsage?: AsyncJobUsageExtractor;
 }
 export interface StartJobOutcome {
     snapshot: AsyncJobSnapshot;
@@ -60,7 +104,8 @@ export declare class AsyncJobManager {
     private evictionTimer;
     private processMonitor;
     private store;
-    constructor(logger?: Logger, onJobComplete?: ((cli: LlmCli, durationMs: number, success: boolean) => void) | undefined, store?: JobStore | null);
+    private flightRecorder;
+    constructor(logger?: Logger, onJobComplete?: ((cli: LlmCli, durationMs: number, success: boolean) => void) | undefined, store?: JobStore | null, flightRecorder?: FlightRecorderLike);
     /**
      * True iff a durable (or memory) job store is attached. The MCP-tool
      * registration layer ANDs this with persistence.asyncJobsEnabled when
@@ -81,6 +126,29 @@ export declare class AsyncJobManager {
      */
     private buildRequestKey;
     private fireOnComplete;
+    /**
+     * Slice 1.5: write the terminal flight-recorder row. Mirrors sync-path
+     * failure semantics (response = stderr||stdout on failure, errorMessage
+     * falls back through overrideErrorMessage → job.error → job.stderr →
+     * "Exit code N"). Single-shot guard set only on SUCCESSFUL write so a
+     * thrown logComplete can be retried by a later terminal callback; the
+     * FR's WHERE status='started' UPDATE guard remains the actual
+     * idempotency mechanism for the common "retry succeeds, original
+     * succeeded too" case.
+     */
+    private writeFlightComplete;
+    private safeExtractUsage;
+    /**
+     * R2 Codex-Unit-B F1: awaitJobOrDefer calls this when returning a
+     * deferred response. From this point on the sync handler will not write
+     * its own safeFlightComplete, so the manager takes over.
+     *
+     * Race mitigation: if the job already terminated between the sync
+     * deadline expiring and this method firing, write logComplete
+     * synchronously here so the previously-skipped terminal callback's
+     * write isn't lost.
+     */
+    armFlightCompleteForDeferral(jobId: string): void;
     private safeStoreCall;
     /**
      * Flush in-memory stdout/stderr to the durable store if anything changed
@@ -100,7 +168,7 @@ export declare class AsyncJobManager {
      * Existing callers keep working unchanged; forceRefresh is exposed as a trailing
      * optional param for the dedup-aware path.
      */
-    startJob(cli: LlmCli, args: string[], correlationId: string, cwd?: string, idleTimeoutMs?: number, outputFormat?: string, forceRefresh?: boolean, env?: Record<string, string>, onComplete?: () => void): AsyncJobSnapshot;
+    startJob(cli: LlmCli, args: string[], correlationId: string, cwd?: string, idleTimeoutMs?: number, outputFormat?: string, forceRefresh?: boolean, env?: Record<string, string>, onComplete?: () => void, flightRecorderEntry?: AsyncJobFlightRecorderEntry, extractUsage?: AsyncJobUsageExtractor, writeFlightStart?: boolean): AsyncJobSnapshot;
     /**
      * Start a job, with optional dedup against recent identical requests.
      * Returns `{ snapshot, deduped }` so callers can log/report the short-circuit.

package/dist/async-job-manager.js

@@ -3,6 +3,7 @@ import { envWithExtendedPath, getExtendedPath, killProcessGroup, spawnCliProcess
 import { noopLogger } from "./logger.js";
 import { ProcessMonitor } from "./process-monitor.js";
 import { computeRequestKey } from "./job-store.js";
+import { NoopFlightRecorder } from "./flight-recorder.js";
 const MAX_OUTPUT_SIZE = 50 * 1024 * 1024;
 const JOB_TTL_MS = 60 * 60 * 1000; // 1 hour in-memory retention; durable store has its own (longer) retention
 const EVICTION_INTERVAL_MS = 5 * 60 * 1000; // Check every 5 minutes
@@ -61,16 +62,40 @@ export class AsyncJobManager {
     evictionTimer = null;
     processMonitor;
     store;
-    constructor(logger = noopLogger, onJobComplete, store = null) {
+    flightRecorder;
+    constructor(logger = noopLogger, onJobComplete, store = null, flightRecorder = new NoopFlightRecorder()) {
         this.logger = logger;
         this.onJobComplete = onJobComplete;
         this.processMonitor = new ProcessMonitor(logger);
         this.store = store;
+        this.flightRecorder = flightRecorder;
         if (this.store) {
             try {
-                const orphaned = this.store.markOrphanedOnStartup();
-                if (orphaned > 0) {
-                    this.logger.info(`Marked ${orphaned} in-flight job(s) as orphaned after gateway restart`);
+                const { count, orphaned } = this.store.markOrphanedOnStartup();
+                if (count > 0) {
+                    this.logger.info(`Marked ${count} in-flight job(s) as orphaned after gateway restart`);
+                }
+                // Slice 1.5: close out the FR row for each orphaned job. The FR
+                // logComplete UPDATE has WHERE status='started' so pre-1.7.0 rows
+                // (where the prior gateway never wrote a logStart) silently
+                // no-op. Wrapped per-orphan so a single bad row can't tank boot.
+                for (const orphan of orphaned) {
+                    try {
+                        const durationMs = Math.max(0, Date.now() - new Date(orphan.startedAt).getTime());
+                        this.flightRecorder.logComplete(orphan.correlationId, {
+                            response: orphan.stderr || orphan.stdout,
+                            durationMs,
+                            retryCount: 0,
+                            circuitBreakerState: "closed",
+                            optimizationApplied: false,
+                            exitCode: orphan.exitCode ?? 1,
+                            errorMessage: "orphaned after gateway restart",
+                            status: "failed",
+                        });
+                    }
+                    catch (err) {
+                        this.logger.error(`Async-path FR logComplete for orphaned job ${orphan.id} failed`, err);
+                    }
                 }
             }
             catch (err) {
@@ -129,6 +154,7 @@ export class AsyncJobManager {
                         this.logger.error(`Job ${id} process ${job.process.pid} no longer exists, marking as failed`);
                         this.emitMetrics(job);
                         this.persistComplete(job);
+                        this.writeFlightComplete(job, "failed");
                         this.fireOnComplete(job);
                     }
                     // EPERM: process exists but we can't signal it — ignore
@@ -144,6 +170,7 @@ export class AsyncJobManager {
                 this.logger.error(`Job ${id} has exited flag but was still in running state, marking as failed`);
                 this.emitMetrics(job);
                 this.persistComplete(job);
+                this.writeFlightComplete(job, "failed");
                 this.fireOnComplete(job);
             }
         }
@@ -196,6 +223,96 @@ export class AsyncJobManager {
             this.logger.error(`Job ${job.id} onComplete hook threw`, err);
         }
     }
+    /**
+     * Slice 1.5: write the terminal flight-recorder row. Mirrors sync-path
+     * failure semantics (response = stderr||stdout on failure, errorMessage
+     * falls back through overrideErrorMessage → job.error → job.stderr →
+     * "Exit code N"). Single-shot guard set only on SUCCESSFUL write so a
+     * thrown logComplete can be retried by a later terminal callback; the
+     * FR's WHERE status='started' UPDATE guard remains the actual
+     * idempotency mechanism for the common "retry succeeds, original
+     * succeeded too" case.
+     */
+    writeFlightComplete(job, finalStatus, overrideErrorMessage) {
+        if (!job.flightRecorderEntry)
+            return; // never opted in
+        // R2 Codex-Unit-B F1: only write when armed. Sync-inline requests are
+        // NOT armed at startJob — the sync handler owns the rich-metadata
+        // safeFlightComplete write. Pure async + sync-deferred ARE armed.
+        if (!job.flightCompleteArmed)
+            return;
+        if (job.flightRecorderComplete)
+            return; // already wrote successfully
+        const durationMs = Math.max(0, Date.now() - new Date(job.startedAt).getTime());
+        const usage = finalStatus === "completed" && job.extractUsage ? this.safeExtractUsage(job) : {};
+        const isFailure = finalStatus === "failed";
+        const response = isFailure ? job.stderr || job.stdout : job.stdout;
+        const exitCode = job.exitCode ?? (finalStatus === "completed" ? 0 : 1);
+        const errorMessage = isFailure
+            ? (overrideErrorMessage ?? job.error ?? job.stderr ?? `Exit code ${exitCode}`)
+            : undefined;
+        try {
+            this.flightRecorder.logComplete(job.correlationId, {
+                response,
+                durationMs,
+                retryCount: 0,
+                circuitBreakerState: "closed",
+                optimizationApplied: false,
+                exitCode,
+                errorMessage,
+                status: finalStatus,
+                inputTokens: usage.inputTokens,
+                outputTokens: usage.outputTokens,
+                cacheReadTokens: usage.cacheReadTokens,
+                cacheCreationTokens: usage.cacheCreationTokens,
+                costUsd: usage.costUsd,
+            });
+            // Only mark complete on successful write so a thrown logComplete
+            // can be retried by the next terminal callback.
+            job.flightRecorderComplete = true;
+            // Clear retained references so the GC can reclaim anything the
+            // extractUsage closure captured.
+            job.flightRecorderEntry = undefined;
+            job.extractUsage = undefined;
+        }
+        catch (err) {
+            this.logger.error("Async-path flight recorder logComplete failed", err);
+        }
+    }
+    safeExtractUsage(job) {
+        try {
+            return job.extractUsage?.(job.stdout) ?? {};
+        }
+        catch (err) {
+            this.logger.error(`Job ${job.id} extractUsage threw`, err);
+            return {};
+        }
+    }
+    /**
+     * R2 Codex-Unit-B F1: awaitJobOrDefer calls this when returning a
+     * deferred response. From this point on the sync handler will not write
+     * its own safeFlightComplete, so the manager takes over.
+     *
+     * Race mitigation: if the job already terminated between the sync
+     * deadline expiring and this method firing, write logComplete
+     * synchronously here so the previously-skipped terminal callback's
+     * write isn't lost.
+     */
+    armFlightCompleteForDeferral(jobId) {
+        const job = this.jobs.get(jobId);
+        if (!job)
+            return;
+        if (job.flightCompleteArmed)
+            return; // pure async already armed
+        job.flightCompleteArmed = true;
+        if (job.status === "running")
+            return;
+        // Job already terminal — the close handler's writeFlightComplete
+        // saw flightCompleteArmed=false and skipped. Write now to recover.
+        const finalStatus = job.status === "completed" ? "completed" : "failed";
+        const override = job.canceled ? "canceled by caller" : undefined;
+        this.writeFlightComplete(job, finalStatus, override);
+    }
     safeStoreCall(label, fn) {
         if (!this.store)
             return;
@@ -300,7 +417,7 @@ export class AsyncJobManager {
      * Existing callers keep working unchanged; forceRefresh is exposed as a trailing
      * optional param for the dedup-aware path.
      */
-    startJob(cli, args, correlationId, cwd, idleTimeoutMs, outputFormat, forceRefresh, env, onComplete) {
+    startJob(cli, args, correlationId, cwd, idleTimeoutMs, outputFormat, forceRefresh, env, onComplete, flightRecorderEntry, extractUsage, writeFlightStart) {
         return this.startJobWithDedup(cli, args, correlationId, {
             cwd,
             idleTimeoutMs,
@@ -308,6 +425,9 @@ export class AsyncJobManager {
             forceRefresh,
             env,
             onComplete,
+            flightRecorderEntry,
+            extractUsage,
+            writeFlightStart,
         }).snapshot;
     }
     /**
@@ -319,7 +439,7 @@ export class AsyncJobManager {
      * is returned without spawning a new process. forceRefresh skips dedup entirely.
      */
     startJobWithDedup(cli, args, correlationId, opts = {}) {
-        const { cwd, idleTimeoutMs, outputFormat, forceRefresh, env: extraEnv, onComplete } = opts;
+        const { cwd, idleTimeoutMs, outputFormat, forceRefresh, env: extraEnv, onComplete, flightRecorderEntry, extractUsage, writeFlightStart, } = opts;
         const requestKey = this.buildRequestKey(cli, args, extraEnv);
         if (!forceRefresh && this.store) {
             try {
@@ -405,6 +525,14 @@ export class AsyncJobManager {
             onCompleteFired: false,
             outputDirty: false,
             lastOutputFlushAt: Date.now(),
+            flightRecorderEntry,
+            extractUsage,
+            flightRecorderComplete: false,
+            // R2 Codex-Unit-B F1: pure async path arms now (writeFlightStart=true
+            // means the manager is the only FR writer). Sync-deferred path
+            // arrives with writeFlightStart=false and arms later via
+            // armFlightCompleteForDeferral when awaitJobOrDefer decides to defer.
+            flightCompleteArmed: writeFlightStart === true,
         };
         this.jobs.set(id, job);
         this.safeStoreCall("recordStart", () => this.store.recordStart({
@@ -417,6 +545,27 @@ export class AsyncJobManager {
             startedAt,
             pid: child.pid ?? null,
         }));
+        // Slice 1.5: only opt-in callers (pure async handlers) write logStart
+        // here. The sync-deferred path passes writeFlightStart=false because
+        // the upstream sync handler already wrote a logStart row keyed on the
+        // same correlationId; a duplicate INSERT would crash on the PK.
+        if (writeFlightStart && flightRecorderEntry) {
+            try {
+                this.flightRecorder.logStart({
+                    correlationId,
+                    cli,
+                    model: flightRecorderEntry.model,
+                    prompt: flightRecorderEntry.prompt,
+                    sessionId: flightRecorderEntry.sessionId,
+                    asyncJobId: id,
+                    stablePrefixHash: flightRecorderEntry.stablePrefixHash,
+                    stablePrefixTokens: flightRecorderEntry.stablePrefixTokens,
+                });
+            }
+            catch (err) {
+                this.logger.error("Async-path flight recorder logStart failed", err);
+            }
+        }
         this.logger.info(`Job ${id} started for ${cli}`, { correlationId });
         // Idle timeout: kill process if no output activity for idleTimeoutMs
         let idleTimerId;
@@ -439,6 +588,7 @@ export class AsyncJobManager {
                 });
                 this.emitMetrics(job);
                 this.persistComplete(job);
+                this.writeFlightComplete(job, "failed");
                 this.fireOnComplete(job);
                 setTimeout(() => {
                     if (!job.exited && job.process)
@@ -473,6 +623,7 @@ export class AsyncJobManager {
                 this.logger.error(`Job ${id} error: ${launchError.message}`, { correlationId });
                 this.emitMetrics(job);
                 this.persistComplete(job);
+                this.writeFlightComplete(job, "failed");
                 this.fireOnComplete(job);
             }
         });
@@ -490,6 +641,12 @@ export class AsyncJobManager {
                 }
                 // Ensure terminal state reaches the durable store (idle-timeout/output-overflow already persisted).
                 this.persistComplete(job);
+                // Slice 1.5: retry the FR complete write iff the earlier terminal
+                // callback's logComplete threw. The single-shot guard in
+                // writeFlightComplete makes this a no-op in the common case.
+                const fallbackFlightStatus = job.status === "completed" ? "completed" : "failed";
+                const fallbackOverride = job.status === "canceled" ? "canceled by caller" : undefined;
+                this.writeFlightComplete(job, fallbackFlightStatus, fallbackOverride);
                 this.fireOnComplete(job);
                 return;
             }
@@ -512,6 +669,7 @@ export class AsyncJobManager {
             }
             this.emitMetrics(job);
             this.persistComplete(job);
+            this.writeFlightComplete(job, job.status === "completed" ? "completed" : "failed", job.status === "canceled" ? "canceled by caller" : undefined);
             this.fireOnComplete(job);
         });
         return { snapshot: this.snapshot(job), deduped: false };
@@ -567,6 +725,7 @@ export class AsyncJobManager {
         killProcessGroup(job.process, "SIGTERM");
         this.logger.info(`Job ${jobId} canceled`, { correlationId: job.correlationId });
         this.persistComplete(job);
+        this.writeFlightComplete(job, "failed", "canceled by caller");
         this.fireOnComplete(job);
         setTimeout(() => {
             if (!job.exited && job.process)
@@ -639,6 +798,7 @@ export class AsyncJobManager {
                 });
                 this.emitMetrics(job);
                 this.persistComplete(job);
+                this.writeFlightComplete(job, "failed", "Output exceeded maximum size (50MB)");
                 this.fireOnComplete(job);
                 setTimeout(() => {
                     if (!job.exited && job.process)

package/dist/codex-json-parser.js

@@ -47,7 +47,10 @@ export function parseCodexJsonStream(stdout) {
                         input_tokens: typeof u.input_tokens === "number" ? u.input_tokens : 0,
                         output_tokens: typeof u.output_tokens === "number" ? u.output_tokens : 0,
                     };
-                    if (typeof u.cache_read_input_tokens === "number") {
+                    if (typeof u.cached_input_tokens === "number") {
+                        usage.cache_read_tokens = u.cached_input_tokens;
+                    }
+                    else if (typeof u.cache_read_input_tokens === "number") {
                         usage.cache_read_tokens = u.cache_read_input_tokens;
                     }
                     else if (typeof u.cache_read_tokens === "number") {

package/dist/index.js

@@ -17,7 +17,7 @@ import { estimateTokens, optimizePrompt as optimizePromptText, optimizeResponse
 import { loadConfig, loadPersistenceConfig, loadCacheAwarenessConfig, } from "./config.js";
 import { checkHealth } from "./health.js";
 import { clearModelRegistryCache, getAvailableCliInfo, getCliInfo, resolveModelAlias, } from "./model-registry.js";
-import { AsyncJobManager } from "./async-job-manager.js";
+import { AsyncJobManager, } from "./async-job-manager.js";
 import { createJobStore } from "./job-store.js";
 import { ApprovalManager } from "./approval-manager.js";
 import { checkReviewIntegrity } from "./review-integrity.js";
@@ -213,10 +213,10 @@ function getJobStore(runtimeLogger = logger) {
     }
     return jobStore;
 }
-function newAsyncJobManager(metrics, runtimeLogger, store = getJobStore(runtimeLogger)) {
+function newAsyncJobManager(metrics, runtimeLogger, store = getJobStore(runtimeLogger), fr = getFlightRecorder(runtimeLogger)) {
     return new AsyncJobManager(runtimeLogger, (cli, durationMs, success) => {
         metrics.recordRequest(cli, durationMs, success);
-    }, store);
+    }, store, fr);
 }
 function getAsyncJobManager(runtimeLogger = logger) {
     asyncJobManager ??= newAsyncJobManager(performanceMetrics, runtimeLogger);
@@ -239,17 +239,19 @@ function resolveGatewayServerRuntime(deps = {}, options = {}) {
     const runtimeSessionManager = deps.sessionManager ?? sessionManager;
     const runtimePerformanceMetrics = deps.performanceMetrics ??
         (options.isolateState ? new PerformanceMetrics() : performanceMetrics);
+    // Resolve flight recorder BEFORE async manager so isolateState managers
+    // can be wired with the same recorder instance the runtime exposes.
+    const runtimeFlightRecorder = deps.flightRecorder ?? getFlightRecorder(runtimeLogger);
     const runtimeAsyncJobManager = deps.asyncJobManager ??
         (options.isolateState
             ? // Factory-created test/HTTP session servers must not mark another instance's
                 // durable jobs orphaned. Stdio startup injects the process-global manager.
-                newAsyncJobManager(runtimePerformanceMetrics, runtimeLogger, null)
+                newAsyncJobManager(runtimePerformanceMetrics, runtimeLogger, null, runtimeFlightRecorder)
             : getAsyncJobManager(runtimeLogger));
     const runtimeApprovalManager = deps.approvalManager ??
         (options.isolateState
             ? new ApprovalManager(undefined, runtimeLogger)
             : getApprovalManager(runtimeLogger));
-    const runtimeFlightRecorder = deps.flightRecorder ?? getFlightRecorder(runtimeLogger);
     return {
         sessionManager: runtimeSessionManager,
         resourceProvider: deps.resourceProvider ??
@@ -286,7 +288,16 @@ const SYNC_POLL_INTERVAL_MS = 1_000;
  * Start an async job and poll until completion or deadline.
  * Returns the job result if it finishes in time, or a deferral marker.
  */
-async function awaitJobOrDefer(cli, args, corrId, idleTimeoutMs, outputFormat, forceRefresh, runtime = resolveGatewayServerRuntime(), env, onComplete) {
+async function awaitJobOrDefer(cli, args, corrId, idleTimeoutMs, outputFormat, forceRefresh, runtime = resolveGatewayServerRuntime(), env, onComplete, 
+/**
+ * Slice 1.5: when the sync handler has already written a logStart row
+ * keyed on `corrId`, pass these so the manager can write logComplete
+ * (with usage extraction) when the underlying async job terminates —
+ * even if the sync handler returned a deferred response.
+ * `writeFlightStart` is NEVER true on this path: the sync handler is
+ * always the upstream logStart writer.
+ */
+flightRecorderEntry, extractUsage) {
     // U26 fix: ownership of onComplete is a contract. Once this function returns
     // OR throws, the caller MUST consider onComplete consumed — i.e. it has
     // either been run, or the AsyncJobManager has taken ownership of it. The
@@ -336,6 +347,13 @@ async function awaitJobOrDefer(cli, args, corrId, idleTimeoutMs, outputFormat, f
             forceRefresh,
             env,
             onComplete,
+            // Sync-deferred path: the upstream sync handler already wrote
+            // logStart for this corrId, so writeFlightStart stays false. The
+            // manager still writes logComplete on terminal state (which UPDATEs
+            // the sync handler's row), closing the previously-orphaned
+            // sync-deferred case.
+            flightRecorderEntry,
+            extractUsage,
         });
         // Handoff succeeded: AsyncJobManager owns onComplete (it'll fire via
         // fireOnComplete on terminal status, or run inline immediately for dedup).
@@ -369,7 +387,14 @@ async function awaitJobOrDefer(cli, args, corrId, idleTimeoutMs, outputFormat, f
         }
         await new Promise(resolve => setTimeout(resolve, SYNC_POLL_INTERVAL_MS));
     }
-    // Deadline exceeded — return deferral
+    // Deadline exceeded — return deferral.
+    // R2 Codex-Unit-B F1: hand FR-complete ownership to the manager. Until
+    // this call, the manager skips writeFlightComplete on terminal so the
+    // sync handler's safeFlightComplete (with rich approvalDecision /
+    // optimizationApplied metadata) wins for sync-inline completions. From
+    // here on the sync handler returns deferred and will NOT write
+    // safeFlightComplete, so the manager must.
+    runtime.asyncJobManager.armFlightCompleteForDeferral(job.id);
     runtime.logger.info(`[${corrId}] ${cli} sync deadline exceeded (${SYNC_DEADLINE_MS}ms), deferring to async job ${job.id}`);
     return {
         deferred: true,
@@ -495,6 +520,30 @@ function extractUsageAndCost(cli, output, outputFormat) {
     // once we resolve the session id post-run.
     return {};
 }
+/**
+ * Slice 1.5: build the async-job-manager's FR payload from a prep object
+ * (which every prepare*Request returns), plus the bound CLI and output
+ * format primitives needed by extractUsageAndCost. Returning the closure
+ * separately means it captures `cliName` and `fmt` ONLY — never `params`
+ * or `prep` — so retention on AsyncJobRecord is O(constant).
+ */
+function buildAsyncFlightRecorderHandoff(cliName, prep, sessionId, outputFormat) {
+    // Extract primitives BEFORE building the closure — capturing `prep` or
+    // `params` directly would pin large attachments / promptParts on the
+    // AsyncJobRecord for JOB_TTL_MS.
+    const cli = cliName;
+    const fmt = outputFormat;
+    return {
+        flightRecorderEntry: {
+            model: prep.resolvedModel || "default",
+            prompt: prep.effectivePrompt,
+            sessionId,
+            stablePrefixHash: prep.stablePrefixHash ?? undefined,
+            stablePrefixTokens: prep.stablePrefixTokens ?? undefined,
+        },
+        extractUsage: (stdout) => extractUsageAndCost(cli, stdout, fmt),
+    };
+}
 function safeFlightStart(entry, runtime = resolveGatewayServerRuntime()) {
     try {
         runtime.flightRecorder.logStart(entry);
@@ -1542,7 +1591,8 @@ export async function handleGeminiRequest(deps, params) {
         args.push(...sessionPlan.args);
         const userProvidedSession = sessionPlan.resumed;
         const effectiveSessionIdHint = sessionPlan.resumed ? params.sessionId : undefined;
-        const result = await awaitJobOrDefer("gemini", args, corrId, resolveIdleTimeout("gemini", params.idleTimeoutMs), params.outputFormat, params.forceRefresh, runtime);
+        const geminiFrHandoff = buildAsyncFlightRecorderHandoff("gemini", prep, params.sessionId, params.outputFormat);
+        const result = await awaitJobOrDefer("gemini", args, corrId, resolveIdleTimeout("gemini", params.idleTimeoutMs), params.outputFormat, params.forceRefresh, runtime, undefined, undefined, geminiFrHandoff.flightRecorderEntry, geminiFrHandoff.extractUsage);
         // Deferred — job still running, return async reference
         if (isDeferredResponse(result)) {
             return buildDeferredToolResponse(result, effectiveSessionIdHint);
@@ -1675,7 +1725,10 @@ export async function handleGeminiRequestAsync(deps, params) {
         // surfaces it in the snapshot).
         assertUpstreamCliArgs("gemini", args);
         assertUpstreamCliEnv("gemini", undefined);
-        const job = deps.asyncJobManager.startJob("gemini", args, corrId, undefined, resolveIdleTimeout("gemini", params.idleTimeoutMs), params.outputFormat, params.forceRefresh);
+        // Slice 1.5: pure async path — no upstream safeFlightStart, so the
+        // manager owns both logStart and logComplete for this corrId.
+        const geminiAsyncFrHandoff = buildAsyncFlightRecorderHandoff("gemini", prep, effectiveSessionId, params.outputFormat);
+        const job = deps.asyncJobManager.startJob("gemini", args, corrId, undefined, resolveIdleTimeout("gemini", params.idleTimeoutMs), params.outputFormat, params.forceRefresh, undefined, undefined, geminiAsyncFrHandoff.flightRecorderEntry, geminiAsyncFrHandoff.extractUsage, true);
         deps.logger.info(`[${corrId}] gemini_request_async started job ${job.id}`);
         const asyncResponse = {
             success: true,
@@ -1745,7 +1798,8 @@ export async function handleGrokRequest(deps, params) {
             createNewSession: params.createNewSession,
         });
         args.push(...sessionResult.resumeArgs);
-        const result = await awaitJobOrDefer("grok", args, corrId, resolveIdleTimeout("grok", params.idleTimeoutMs), params.outputFormat, params.forceRefresh, runtime);
+        const grokFrHandoff = buildAsyncFlightRecorderHandoff("grok", prep, params.sessionId, params.outputFormat);
+        const result = await awaitJobOrDefer("grok", args, corrId, resolveIdleTimeout("grok", params.idleTimeoutMs), params.outputFormat, params.forceRefresh, runtime, undefined, undefined, grokFrHandoff.flightRecorderEntry, grokFrHandoff.extractUsage);
         // Deferred — job still running, return async reference
         if (isDeferredResponse(result)) {
             return buildDeferredToolResponse(result, sessionResult.effectiveSessionId);
@@ -1875,7 +1929,8 @@ export async function handleGrokRequestAsync(deps, params) {
         // Start job only after all session I/O succeeds
         assertUpstreamCliArgs("grok", args);
         assertUpstreamCliEnv("grok", undefined);
-        const job = deps.asyncJobManager.startJob("grok", args, corrId, undefined, resolveIdleTimeout("grok", params.idleTimeoutMs), params.outputFormat, params.forceRefresh);
+        const grokAsyncFrHandoff = buildAsyncFlightRecorderHandoff("grok", prep, effectiveSessionId, params.outputFormat);
+        const job = deps.asyncJobManager.startJob("grok", args, corrId, undefined, resolveIdleTimeout("grok", params.idleTimeoutMs), params.outputFormat, params.forceRefresh, undefined, undefined, grokAsyncFrHandoff.flightRecorderEntry, grokAsyncFrHandoff.extractUsage, true);
         deps.logger.info(`[${corrId}] grok_request_async started job ${job.id}`);
         const asyncResponse = {
             success: true,
@@ -1943,7 +1998,8 @@ export async function handleMistralRequest(deps, params) {
             createNewSession: params.createNewSession,
         });
         args.push(...sessionResult.resumeArgs);
-        let result = await awaitJobOrDefer("mistral", args, corrId, resolveIdleTimeout("mistral", params.idleTimeoutMs), params.outputFormat, params.forceRefresh, runtime, mistralEnv);
+        const mistralFrHandoff = buildAsyncFlightRecorderHandoff("mistral", prep, params.sessionId, params.outputFormat);
+        let result = await awaitJobOrDefer("mistral", args, corrId, resolveIdleTimeout("mistral", params.idleTimeoutMs), params.outputFormat, params.forceRefresh, runtime, mistralEnv, undefined, mistralFrHandoff.flightRecorderEntry, mistralFrHandoff.extractUsage);
         if (isDeferredResponse(result)) {
             return buildDeferredToolResponse(result, sessionResult.effectiveSessionId);
         }
@@ -1964,7 +2020,9 @@ export async function handleMistralRequest(deps, params) {
                     disallowedTools: params.disallowedTools,
                 });
                 const retryArgs = [...retryPrep.args, ...sessionResult.resumeArgs];
-                result = await awaitJobOrDefer("mistral", retryArgs, corrId, resolveIdleTimeout("mistral", params.idleTimeoutMs), params.outputFormat, true, runtime, retryPrep.env);
+                // Reuse the FR handoff built above — the retry preserves corrId,
+                // so the manager's logComplete still updates the original row.
+                result = await awaitJobOrDefer("mistral", retryArgs, corrId, resolveIdleTimeout("mistral", params.idleTimeoutMs), params.outputFormat, true, runtime, retryPrep.env, undefined, mistralFrHandoff.flightRecorderEntry, mistralFrHandoff.extractUsage);
                 if (isDeferredResponse(result)) {
                     return buildDeferredToolResponse(result, sessionResult.effectiveSessionId);
                 }
@@ -2092,7 +2150,8 @@ export async function handleMistralRequestAsync(deps, params) {
         }
         assertUpstreamCliArgs("mistral", args);
         assertUpstreamCliEnv("mistral", mistralEnv);
-        const job = deps.asyncJobManager.startJob("mistral", args, corrId, undefined, resolveIdleTimeout("mistral", params.idleTimeoutMs), params.outputFormat, params.forceRefresh, mistralEnv);
+        const mistralAsyncFrHandoff = buildAsyncFlightRecorderHandoff("mistral", prep, effectiveSessionId, params.outputFormat);
+        const job = deps.asyncJobManager.startJob("mistral", args, corrId, undefined, resolveIdleTimeout("mistral", params.idleTimeoutMs), params.outputFormat, params.forceRefresh, mistralEnv, undefined, mistralAsyncFrHandoff.flightRecorderEntry, mistralAsyncFrHandoff.extractUsage, true);
         deps.logger.info(`[${corrId}] mistral_request_async started job ${job.id}`);
         const asyncResponse = {
             success: true,
@@ -2193,9 +2252,10 @@ export async function handleCodexRequestAsync(deps, params) {
         // registering the record, ownership stays here and we run it in the catch.
         assertUpstreamCliArgs("codex", args);
         assertUpstreamCliEnv("codex", undefined);
+        const codexAsyncFrHandoff = buildAsyncFlightRecorderHandoff("codex", prep, effectiveSessionId, params.outputFormat);
         let job;
         try {
-            job = deps.asyncJobManager.startJob("codex", args, corrId, undefined, resolveIdleTimeout("codex", params.idleTimeoutMs), params.outputFormat, params.forceRefresh, undefined, prepCleanup);
+            job = deps.asyncJobManager.startJob("codex", args, corrId, undefined, resolveIdleTimeout("codex", params.idleTimeoutMs), params.outputFormat, params.forceRefresh, undefined, prepCleanup, codexAsyncFrHandoff.flightRecorderEntry, codexAsyncFrHandoff.extractUsage, true);
             // Handoff succeeded: AsyncJobManager will fire prepCleanup on terminal
             // status. Release our local ownership claim so the catch path doesn't
             // double-fire.
@@ -2461,7 +2521,8 @@ export function createGatewayServer(deps = {}) {
             }
             // Idle timeout only for stream-json (text/json produce no output until done)
             const effectiveIdleTimeout = outputFormat === "stream-json" ? resolveIdleTimeout("claude", idleTimeoutMs) : undefined;
-            const result = await awaitJobOrDefer("claude", args, corrId, effectiveIdleTimeout, outputFormat, forceRefresh, runtime);
+            const claudeSyncFrHandoff = buildAsyncFlightRecorderHandoff("claude", prep, effectiveSessionId, outputFormat);
+            const result = await awaitJobOrDefer("claude", args, corrId, effectiveIdleTimeout, outputFormat, forceRefresh, runtime, undefined, undefined, claudeSyncFrHandoff.flightRecorderEntry, claudeSyncFrHandoff.extractUsage);
             // Deferred — job still running, return async reference
             if (isDeferredResponse(result)) {
                 return buildDeferredToolResponse(result, effectiveSessionId);
@@ -2703,7 +2764,8 @@ export function createGatewayServer(deps = {}) {
         // completion or deferred). The outer finally MUST NOT clean again.
         const prepCleanup = "cleanup" in prep && typeof prep.cleanup === "function" ? prep.cleanup : undefined;
         try {
-            const result = await awaitJobOrDefer("codex", args, corrId, resolveIdleTimeout("codex", idleTimeoutMs), outputFormat, forceRefresh, runtime, undefined, prepCleanup);
+            const codexSyncFrHandoff = buildAsyncFlightRecorderHandoff("codex", prep, sessionId, outputFormat);
+            const result = await awaitJobOrDefer("codex", args, corrId, resolveIdleTimeout("codex", idleTimeoutMs), outputFormat, forceRefresh, runtime, undefined, prepCleanup, codexSyncFrHandoff.flightRecorderEntry, codexSyncFrHandoff.extractUsage);
             // Deferred — job still running, return async reference. Cleanup
             // ownership belongs to AsyncJobManager via onComplete.
             if (isDeferredResponse(result)) {
@@ -3344,7 +3406,8 @@ export function createGatewayServer(deps = {}) {
                     : undefined;
                 assertUpstreamCliArgs("claude", args);
                 assertUpstreamCliEnv("claude", undefined);
-                const job = asyncJobManager.startJob("claude", args, corrId, undefined, effectiveIdleTimeout, outputFormat, forceRefresh);
+                const claudeAsyncFrHandoff = buildAsyncFlightRecorderHandoff("claude", prep, effectiveSessionId, outputFormat);
+                const job = asyncJobManager.startJob("claude", args, corrId, undefined, effectiveIdleTimeout, outputFormat, forceRefresh, undefined, undefined, claudeAsyncFrHandoff.flightRecorderEntry, claudeAsyncFrHandoff.extractUsage, true);
                 logger.info(`[${corrId}] claude_request_async started job ${job.id}, outputFormat=${outputFormat}`);
                 const asyncResponse = {
                     success: true,

package/dist/job-store.d.ts

@@ -51,10 +51,35 @@ export interface JobStore {
     }): void;
     getById(id: string): JobRecord | null;
     findByRequestKey(requestKey: string): JobRecord | null;
-    markOrphanedOnStartup(): number;
+    /**
+     * Flip every `status='running'` row to `'orphaned'` at gateway boot.
+     *
+     * Returns the row count AND a snapshot of every row that was flipped, so
+     * AsyncJobManager can write a flight-recorder logComplete with the full
+     * sync-helper-equivalent payload (response from stderr||stdout,
+     * durationMs from startedAt). Pre-slice-1.5 rows that never wrote a
+     * logStart degrade silently to a no-op UPDATE inside the FR.
+     */
+    markOrphanedOnStartup(): {
+        count: number;
+        orphaned: Array<OrphanedJobSnapshot>;
+    };
     evictExpired(): number;
     close(): void;
 }
+/**
+ * Per-orphan snapshot returned by `markOrphanedOnStartup` so the
+ * AsyncJobManager constructor can build a faithful FlightLogResult for
+ * each row it flipped.
+ */
+export interface OrphanedJobSnapshot {
+    id: string;
+    correlationId: string;
+    startedAt: string;
+    stdout: string;
+    stderr: string;
+    exitCode: number | null;
+}
 /**
  * SQLite-backed job store. Default backend for production. Durable across
  * gateway restarts; safe for single-instance deployments.
@@ -69,6 +94,7 @@ export declare class SqliteJobStore implements JobStore {
     private updateCompleteStmt;
     private getByIdStmt;
     private findByRequestKeyStmt;
+    private selectRunningOrphansStmt;
     private markOrphanedStmt;
     private deleteExpiredStmt;
     constructor(dbPath: string, logger?: Logger, options?: {
@@ -114,8 +140,15 @@ export declare class SqliteJobStore implements JobStore {
     /**
      * On gateway boot, flip any jobs that were 'running' to 'orphaned'.
      * The child processes were detached but can't be reattached to in this process.
+     *
+     * Returns the row count + a per-orphan snapshot so AsyncJobManager can
+     * write a flight-recorder logComplete with proper audit data
+     * (durationMs from startedAt, response from stderr||stdout).
      */
-    markOrphanedOnStartup(): number;
+    markOrphanedOnStartup(): {
+        count: number;
+        orphaned: Array<OrphanedJobSnapshot>;
+    };
     /**
      * Delete rows whose expires_at has passed. Returns number of rows deleted.
      */
@@ -171,7 +204,10 @@ export declare class MemoryJobStore implements JobStore {
      * In-memory stores have no cross-process state, so any "running" rows here
      * came from this very process and aren't actually orphaned. No-op.
      */
-    markOrphanedOnStartup(): number;
+    markOrphanedOnStartup(): {
+        count: number;
+        orphaned: Array<OrphanedJobSnapshot>;
+    };
     evictExpired(): number;
     close(): void;
 }
@@ -188,7 +224,10 @@ export declare class PostgresJobStore implements JobStore {
     recordComplete(): void;
     getById(): JobRecord | null;
     findByRequestKey(): JobRecord | null;
-    markOrphanedOnStartup(): number;
+    markOrphanedOnStartup(): {
+        count: number;
+        orphaned: Array<OrphanedJobSnapshot>;
+    };
     evictExpired(): number;
     close(): void;
 }

package/dist/job-store.js

@@ -73,6 +73,7 @@ export class SqliteJobStore {
     updateCompleteStmt;
     getByIdStmt;
     findByRequestKeyStmt;
+    selectRunningOrphansStmt;
     markOrphanedStmt;
     deleteExpiredStmt;
     constructor(dbPath, logger = noopLogger, options = {}) {
@@ -148,6 +149,16 @@ export class SqliteJobStore {
         AND status IN ('running', 'completed')
       ORDER BY started_at DESC
       LIMIT 1
+    `);
+        // Snapshot every in-flight row's audit data BEFORE the orphan-flip
+        // UPDATE so AsyncJobManager can construct a full FlightLogResult per
+        // orphan. No transaction wrapper required: gateway boot is
+        // single-threaded before any new jobs can arrive, so no
+        // status='running' row can be inserted between this SELECT and the
+        // UPDATE below.
+        this.selectRunningOrphansStmt = this.db.prepare(`
+      SELECT id, correlation_id, started_at, stdout, stderr, exit_code
+      FROM jobs WHERE status = 'running'
     `);
         this.markOrphanedStmt = this.db.prepare(`
       UPDATE jobs
@@ -227,14 +238,29 @@ export class SqliteJobStore {
     /**
      * On gateway boot, flip any jobs that were 'running' to 'orphaned'.
      * The child processes were detached but can't be reattached to in this process.
+     *
+     * Returns the row count + a per-orphan snapshot so AsyncJobManager can
+     * write a flight-recorder logComplete with proper audit data
+     * (durationMs from startedAt, response from stderr||stdout).
      */
     markOrphanedOnStartup() {
         const now = new Date().toISOString();
         // Orphaned jobs retain a short window so callers can fetch the partial output,
         // then evict. Reuse the standard retention.
         const expiresAt = new Date(Date.now() + this.retentionMs).toISOString();
+        // SELECT before UPDATE — gateway boot is single-threaded so no row can
+        // appear in 'running' between the two statements.
+        const rows = (this.selectRunningOrphansStmt.all?.() ?? []);
+        const orphaned = rows.map(row => ({
+            id: row.id,
+            correlationId: row.correlation_id,
+            startedAt: row.started_at,
+            stdout: row.stdout ?? "",
+            stderr: row.stderr ?? "",
+            exitCode: row.exit_code,
+        }));
         const result = this.markOrphanedStmt.run(now, expiresAt);
-        return result?.changes ?? 0;
+        return { count: result?.changes ?? 0, orphaned };
     }
     /**
      * Delete rows whose expires_at has passed. Returns number of rows deleted.
@@ -341,7 +367,7 @@ export class MemoryJobStore {
      * came from this very process and aren't actually orphaned. No-op.
      */
     markOrphanedOnStartup() {
-        return 0;
+        return { count: 0, orphaned: [] };
     }
     evictExpired() {
         const nowIso = new Date().toISOString();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "llm-cli-gateway",
-  "version": "1.6.0",
+  "version": "1.7.0",
   "mcpName": "io.github.verivus-oss/llm-cli-gateway",
   "description": "MCP server providing unified access to Claude Code, Codex, Gemini, Grok, and Mistral Vibe CLIs with session management, retry logic, async job orchestration, durable job results, and cross-LLM validation.",
   "license": "MIT",

package/socket.yml

@@ -14,6 +14,25 @@ version: 2
 #     src/endpoint-exposure.ts also issues a HEAD probe when verifying
 #     tunnel reachability — opt-in via the start:http entry point only.
 #
+#     Additionally, Socket may flag `dist/index.js` and `dist/job-store.js`
+#     against the `globalThis["fetch"]` rule. This is a substring-match
+#     false positive (verified for v1.6.0 by sub-agent investigation on
+#     2026-05-26; same matches exist in v1.5.35). Neither file contains
+#     any `fetch(`, `globalThis.fetch`, polyfill import, or any other
+#     network-call construct. The matches are:
+#       - dist/index.js — the English word "fetch" inside an async-defer
+#         error message ("Poll with llm_job_status, fetch with
+#         llm_job_result.") AND the JSON field name `fetchWith:
+#         "llm_job_result"` (part of the deferred-job response contract).
+#       - dist/job-store.js — the word "fetch" inside a code comment on
+#         markOrphanedOnStartup() describing how callers retrieve partial
+#         output from SQLite.
+#     Verify with: `grep -rEn "\bfetch\(|globalThis\.fetch|globalThis\[" dist/`
+#     — returns empty. Production code does not import undici / node-fetch
+#     / axios / got. The cache-awareness slice (v1.6.0) introduced zero
+#     new network surfaces; all I/O is filesystem (SQLite, sessions.json)
+#     or in-process.
+#
 #   shellAccess
 #     src/executor.ts uses child_process.spawn(cmd, args, { ... }) with a
 #     fixed allow-list of CLI binaries (claude / codex / gemini / grok /