llm-cli-gateway 1.6.1 → 1.8.0

package/CHANGELOG.md

@@ -2,6 +2,187 @@
 
 All notable changes to the llm-cli-gateway project.
 
+## [1.8.0] - 2026-05-27 — Phase 4 openers (codex resume fix, mistral telemetry, headless trust flags)
+
+Ships the first three slices of the Phase 4 provider-modernisation
+backlog, one bug fix and two small features. Multi-LLM review surfaced
+five additional bug classes during the cycle (path traversal, UUID→dir
+resolution gap, sync usage ctx drop, retry-path flag drop, symlink
+boundary bypass); all are addressed in the two follow-up fix commits.
+
+### Fixed — Codex `--output-schema` + `-c/--config` on `exec resume`
+
+- `prepareCodexRequest` previously dropped `outputSchema` and
+  `configOverrides` on the resume branch because the U26 audit assumed
+  `codex exec resume` rejected both flags. Live re-verification against
+  `codex exec resume --help` (codex-cli 0.133.0) confirms both ARE
+  accepted on resume; only `--search` remains resume-incompatible. The
+  resume branch now threads both fields through, reusing the existing
+  outputSchema temp-file materialisation + cleanup contract.
+  `CODEX_RESUME_FILTERED_FLAGS` no longer strips `--output-schema`.
+
+### Added — Mistral Vibe `meta.json` usage / cost telemetry
+
+- New `src/mistral-meta-json-parser.ts` reads
+  `~/.vibe/logs/session/session_<YYYYMMDD>_<HHMMSS>_<first8hex>/meta.json`
+  (the actual filename — an earlier TODO at `src/index.ts:750` said
+  `metadata.json`, which was incorrect). Maps `stats.session_prompt_tokens`,
+  `stats.session_completion_tokens`, and `stats.session_cost` onto the
+  gateway's `inputTokens`/`outputTokens`/`costUsd` flight-recorder
+  columns. Cache-token surfaces stay undefined — Vibe doesn't expose
+  them today.
+- The gateway's mistral sessionId surface accepts the full UUID (to match
+  `vibe --resume <uuid>`), but Vibe persists telemetry under
+  `session_<ts>_<first8>` directories. The new resolver globs by the
+  leading 8-hex prefix and verifies each candidate's `session_id` field
+  before returning — required for every UUID input including
+  single-match cases, so two UUIDs sharing the leading 8 hex chars never
+  cross-attribute usage.
+- `extractUsageAndCost` and `buildAsyncFlightRecorderHandoff` thread a
+  primitives-only `{ sessionId, home }` context so the AsyncJobRecord
+  retention stays O(constant). `buildCliResponse` passes the same ctx so
+  sync `mistral_request` resume calls populate structured usage in their
+  response (not just the flight-recorder row).
+
+### Added — Headless trust-prompt bypass for Gemini + Mistral
+
+- New optional `skipTrust?: boolean` field on `gemini_request` and
+  `gemini_request_async`, defaulting `false`. When set, emits
+  `--skip-trust` so fresh workspaces don't block headless invocations on
+  Gemini's interactive trust prompt.
+- New optional `trust?: boolean` field on `mistral_request` and
+  `mistral_request_async`, defaulting `false`. When set, emits `--trust`
+  (per-invocation only, not persisted to `trusted_folders.toml`) so
+  fresh workspaces don't block headless Vibe runs. Preserved on the
+  stale-model recovery retry path so a fresh untrusted workspace can't
+  deadlock on the second attempt.
+- Default `false` preserves existing prompt behaviour for legacy
+  callers.
+
+### Security
+
+- `parseVibeMetaJson` enforces a strict input charset (UUID-shape OR
+  `^session_\d{8}_\d{6}_[0-9a-f]{8}$` Vibe dir basename) before any
+  filesystem access.
+- New `readInBase(realBase, candidate)` helper realpath-resolves both
+  ends and rejects targets whose final inode lives outside the session
+  log root. Both the resolver's disambiguation reads and the final
+  parser read route through it, so an in-tree symlink to an
+  out-of-tree directory (or symlinked meta.json) cannot leak file
+  contents outside `~/.vibe/logs/session/`.
+- Test coverage: traversal inputs (`../`, absolute, control-char,
+  embedded `../`), single-candidate prefix-collision rejection,
+  symlink-to-outside-baseDir rejection.
+
+## [1.7.0] - 2026-05-26 — cache-awareness slice 1.5 (async-path flight recorder + codex parser fix)
+
+Closes the two telemetry gaps that v1.6.0 explicitly deferred: async-path
+flight-recorder integration and Codex parser support for the actual
+`cached_input_tokens` field the current Codex CLI emits. Both ship
+together because they jointly close out `cache_state://*` completeness
+for the async tools and the codex CLI.
+
+### Added — async-path flight recorder writes
+
+- `AsyncJobManager` now accepts a `FlightRecorderLike` constructor
+  dependency (defaults to `NoopFlightRecorder` for tests that don't
+  inject one). `StartJobOptions` extended with `writeFlightStart`,
+  `flightRecorderEntry`, and `extractUsage` — pure async tools
+  (`*_request_async`) pass `writeFlightStart: true` so the manager owns
+  the row. The legacy positional `startJob(...)` signature was extended
+  with trailing optional params so existing callers keep working.
+- New private `writeFlightComplete` helper inside the manager fires on
+  every terminal-state code path (close handler, error handler, idle
+  timeout, output overflow, cancelJob, evictCompletedJobs dead-process
+  and exited-mismatch branches). Failure payload mirrors sync-helper
+  semantics: `response = stderr || stdout` on failure, `errorMessage`
+  falls back through override → `job.error` → `job.stderr` →
+  `"Exit code N"`. Single-shot guard set only on successful write so a
+  thrown `logComplete` can be retried by a later terminal callback.
+- New public `armFlightCompleteForDeferral(jobId)` on AsyncJobManager.
+  Called by `awaitJobOrDefer` in `src/index.ts` immediately before
+  returning a `DeferredJobResponse` — this lets the sync handler keep
+  ownership of the rich-metadata `safeFlightComplete` write for
+  sync-inline completions, while still ensuring deferred-from-sync rows
+  get a terminal `logComplete` from the manager when the underlying job
+  finishes. Includes a race-mitigation immediate-write path if the job
+  already terminated before the arm signal landed.
+- `JobStore.markOrphanedOnStartup()` return shape extended from `number`
+  to `{ count, orphaned: Array<{ id, correlationId, startedAt, stdout,
+  stderr, exitCode }> }` so the manager constructor can write FR
+  `logComplete` rows for previously orphaned jobs with proper audit data
+  (durationMs from `startedAt`, response from `stderr || stdout`,
+  errorMessage `"orphaned after gateway restart"`). `SqliteJobStore`
+  SELECTs the per-orphan fields before the orphan-flip UPDATE; no
+  transaction wrapper needed because gateway boot is single-threaded
+  before any new jobs can arrive. `MemoryJobStore` returns
+  `{ count: 0, orphaned: [] }` (in-process state can't be orphaned).
+  Breaking change to the `JobStore` interface; the `PostgresJobStore`
+  stub was updated to match (the impl is still not yet shipped).
+- `cache_state://global`, `cache_state://session/{id}`, and
+  `cache_state://prefix/{hash}` aggregates now include async-job
+  activity. No query changes — `cache_state://*` already didn't filter
+  on `asyncJobId`, so the new rows participate naturally.
+
+### Fixed — Codex parser accepts current CLI's cache-token field
+
+- `src/codex-json-parser.ts` now reads `cached_input_tokens` (preferred,
+  what Codex CLI ≥0.133.0 emits) in addition to the legacy
+  `cache_read_input_tokens` and the bare `cache_read_tokens` fallback.
+  Live smoke-tested against Codex CLI on 2026-05-26 — see
+  `docs/personal-mcp/PROVIDER_CACHE_SURFACES.md` "Codex — field name
+  divergence" for the exact invocation. Cache hits on codex rows now
+  populate the FR's `cache_read_tokens` column.
+
+### Known limitation — sync-deferred-dedup orphan rows
+
+When a sync request dedup-hits an in-flight original job AND the sync
+deadline expires before the original finishes, the dedup'd caller's
+sync-side `logStart` row stays at `status='started'` forever. The
+manager's `logComplete` writes to the ORIGINAL job's correlationId, not
+the dedup'd caller's. This is a pre-existing limitation surfaced by the
+slice's clearer accounting; it predates v1.7.0 and is not a regression.
+A future slice can address it via per-request corrId fan-out.
+
+### Cross-table asymmetry — `canceled` / `orphaned` jobs in the FR
+
+`FlightLogResult.status` only carries `"completed" | "failed"`, so
+canceled and orphaned async jobs are encoded as `"failed"` plus a
+distinguishing `errorMessage`. The underlying `jobs` table in JobStore
+retains the distinct `"canceled"` / `"orphaned"` statuses for
+`getJobSnapshot` callers. External consumers of `~/.llm-cli-gateway/
+logs.db` that filter `status='failed'` will count cancels and boot-time
+orphans as errors; `cache_state://*` aggregation does not distinguish.
+
+### No config or schema changes
+
+No migration. No new opt-in flag. The new behaviour is gated solely on
+whether the caller (handler or `awaitJobOrDefer`) supplies a
+`flightRecorderEntry` to `startJobWithDedup`. Tests/callers that don't
+opt in see no behaviour change (the constructor's default
+`NoopFlightRecorder` short-circuits the FR writes).
+
+### Migration impact
+
+None. SQLite schema and TOML config surface are byte-identical to
+v1.6.1. Rollback is non-destructive (revert the release commit).
+
+### Documentation
+
+- `docs/plans/async-flight-recorder.dag.toml` — new slice plan (Unit A
+  unanimously approved across Codex/Gemini/Grok/Mistral).
+- `docs/plans/async-flight-recorder.pr-body.md` — new PR description.
+- `docs/personal-mcp/ASYNC_FLIGHT_RECORDER_SURFACES.md` — new research
+  note documenting every terminal state, the data contract per FR write
+  site, the sync-path responsibility split table, and the cancel /
+  orphan / dedup limitations.
+- `docs/personal-mcp/PROVIDER_CACHE_SURFACES.md` — Codex section updated
+  to reflect that the parser now accepts `cached_input_tokens`; slice 2
+  "Populated for **claude only** today" claim corrected to include
+  codex.
+- `docs/launch/blog-cache-awareness.md` — slice 1.5 follow-up note in
+  the "What's next" section.
+
 ## [1.6.1] - 2026-05-26 — docs-only follow-up to 1.6.0
 
 Pure documentation release; zero source-code changes since 1.6.0.

package/dist/async-job-manager.d.ts

@@ -1,8 +1,35 @@
 import type { Logger } from "./logger.js";
 import { type JobHealth } from "./process-monitor.js";
 import { JobStore } from "./job-store.js";
+import { type FlightRecorderLike } from "./flight-recorder.js";
 export type LlmCli = "claude" | "codex" | "gemini" | "grok" | "mistral";
 export type AsyncJobStatus = "running" | "completed" | "failed" | "canceled" | "orphaned";
+/**
+ * Slice 1.5 flight-recorder payload supplied via StartJobOptions.
+ * Decomposed to primitive fields (no nested handler-locals) so retaining
+ * a reference on the in-memory job record doesn't pin large promptParts
+ * or attachments via closure scope.
+ */
+export interface AsyncJobFlightRecorderEntry {
+    model: string;
+    prompt: string;
+    sessionId?: string;
+    stablePrefixHash?: string;
+    stablePrefixTokens?: number;
+}
+/**
+ * Slice 1.5 usage-extraction callback. Closures MUST be constructed from
+ * primitive locals only (e.g. const fmt = params.outputFormat; closure
+ * captures fmt). Capturing the handler's full `params` object pins large
+ * promptParts/attachments for JOB_TTL_MS.
+ */
+export type AsyncJobUsageExtractor = (stdout: string) => {
+    inputTokens?: number;
+    outputTokens?: number;
+    cacheReadTokens?: number;
+    cacheCreationTokens?: number;
+    costUsd?: number;
+};
 export interface AsyncJobSnapshot {
     id: string;
     cli: LlmCli;
@@ -45,6 +72,23 @@ export interface StartJobOptions {
      * etc.) that must persist for the lifetime of the spawned CLI process.
      */
     onComplete?: () => void;
+    /**
+     * Slice 1.5: when true, AsyncJobManager writes a flight-recorder logStart
+     * row at startJob entry using `flightRecorderEntry`. Pure async handlers
+     * (handle*RequestAsync) pass true because they have no upstream
+     * safeFlightStart writer. The sync-deferred path (awaitJobOrDefer) passes
+     * false because the upstream sync handler already wrote logStart keyed on
+     * the same correlationId — a second INSERT would crash on the PK.
+     */
+    writeFlightStart?: boolean;
+    /** Slice 1.5: payload for the FR logStart and the terminal logComplete. */
+    flightRecorderEntry?: AsyncJobFlightRecorderEntry;
+    /**
+     * Slice 1.5: invoked only on terminal `completed` to populate token-usage
+     * fields in the FR logComplete payload. Construct from primitive locals
+     * only (see AsyncJobUsageExtractor doc).
+     */
+    extractUsage?: AsyncJobUsageExtractor;
 }
 export interface StartJobOutcome {
     snapshot: AsyncJobSnapshot;
@@ -60,7 +104,8 @@ export declare class AsyncJobManager {
     private evictionTimer;
     private processMonitor;
     private store;
-    constructor(logger?: Logger, onJobComplete?: ((cli: LlmCli, durationMs: number, success: boolean) => void) | undefined, store?: JobStore | null);
+    private flightRecorder;
+    constructor(logger?: Logger, onJobComplete?: ((cli: LlmCli, durationMs: number, success: boolean) => void) | undefined, store?: JobStore | null, flightRecorder?: FlightRecorderLike);
     /**
      * True iff a durable (or memory) job store is attached. The MCP-tool
      * registration layer ANDs this with persistence.asyncJobsEnabled when
@@ -81,6 +126,29 @@ export declare class AsyncJobManager {
      */
     private buildRequestKey;
     private fireOnComplete;
+    /**
+     * Slice 1.5: write the terminal flight-recorder row. Mirrors sync-path
+     * failure semantics (response = stderr||stdout on failure, errorMessage
+     * falls back through overrideErrorMessage → job.error → job.stderr →
+     * "Exit code N"). Single-shot guard set only on SUCCESSFUL write so a
+     * thrown logComplete can be retried by a later terminal callback; the
+     * FR's WHERE status='started' UPDATE guard remains the actual
+     * idempotency mechanism for the common "retry succeeds, original
+     * succeeded too" case.
+     */
+    private writeFlightComplete;
+    private safeExtractUsage;
+    /**
+     * R2 Codex-Unit-B F1: awaitJobOrDefer calls this when returning a
+     * deferred response. From this point on the sync handler will not write
+     * its own safeFlightComplete, so the manager takes over.
+     *
+     * Race mitigation: if the job already terminated between the sync
+     * deadline expiring and this method firing, write logComplete
+     * synchronously here so the previously-skipped terminal callback's
+     * write isn't lost.
+     */
+    armFlightCompleteForDeferral(jobId: string): void;
     private safeStoreCall;
     /**
      * Flush in-memory stdout/stderr to the durable store if anything changed
@@ -100,7 +168,7 @@ export declare class AsyncJobManager {
      * Existing callers keep working unchanged; forceRefresh is exposed as a trailing
      * optional param for the dedup-aware path.
      */
-    startJob(cli: LlmCli, args: string[], correlationId: string, cwd?: string, idleTimeoutMs?: number, outputFormat?: string, forceRefresh?: boolean, env?: Record<string, string>, onComplete?: () => void): AsyncJobSnapshot;
+    startJob(cli: LlmCli, args: string[], correlationId: string, cwd?: string, idleTimeoutMs?: number, outputFormat?: string, forceRefresh?: boolean, env?: Record<string, string>, onComplete?: () => void, flightRecorderEntry?: AsyncJobFlightRecorderEntry, extractUsage?: AsyncJobUsageExtractor, writeFlightStart?: boolean): AsyncJobSnapshot;
     /**
      * Start a job, with optional dedup against recent identical requests.
      * Returns `{ snapshot, deduped }` so callers can log/report the short-circuit.

package/dist/async-job-manager.js

@@ -3,6 +3,7 @@ import { envWithExtendedPath, getExtendedPath, killProcessGroup, spawnCliProcess
 import { noopLogger } from "./logger.js";
 import { ProcessMonitor } from "./process-monitor.js";
 import { computeRequestKey } from "./job-store.js";
+import { NoopFlightRecorder } from "./flight-recorder.js";
 const MAX_OUTPUT_SIZE = 50 * 1024 * 1024;
 const JOB_TTL_MS = 60 * 60 * 1000; // 1 hour in-memory retention; durable store has its own (longer) retention
 const EVICTION_INTERVAL_MS = 5 * 60 * 1000; // Check every 5 minutes
@@ -61,16 +62,40 @@ export class AsyncJobManager {
     evictionTimer = null;
     processMonitor;
     store;
-    constructor(logger = noopLogger, onJobComplete, store = null) {
+    flightRecorder;
+    constructor(logger = noopLogger, onJobComplete, store = null, flightRecorder = new NoopFlightRecorder()) {
         this.logger = logger;
         this.onJobComplete = onJobComplete;
         this.processMonitor = new ProcessMonitor(logger);
         this.store = store;
+        this.flightRecorder = flightRecorder;
         if (this.store) {
             try {
-                const orphaned = this.store.markOrphanedOnStartup();
-                if (orphaned > 0) {
-                    this.logger.info(`Marked ${orphaned} in-flight job(s) as orphaned after gateway restart`);
+                const { count, orphaned } = this.store.markOrphanedOnStartup();
+                if (count > 0) {
+                    this.logger.info(`Marked ${count} in-flight job(s) as orphaned after gateway restart`);
+                }
+                // Slice 1.5: close out the FR row for each orphaned job. The FR
+                // logComplete UPDATE has WHERE status='started' so pre-1.7.0 rows
+                // (where the prior gateway never wrote a logStart) silently
+                // no-op. Wrapped per-orphan so a single bad row can't tank boot.
+                for (const orphan of orphaned) {
+                    try {
+                        const durationMs = Math.max(0, Date.now() - new Date(orphan.startedAt).getTime());
+                        this.flightRecorder.logComplete(orphan.correlationId, {
+                            response: orphan.stderr || orphan.stdout,
+                            durationMs,
+                            retryCount: 0,
+                            circuitBreakerState: "closed",
+                            optimizationApplied: false,
+                            exitCode: orphan.exitCode ?? 1,
+                            errorMessage: "orphaned after gateway restart",
+                            status: "failed",
+                        });
+                    }
+                    catch (err) {
+                        this.logger.error(`Async-path FR logComplete for orphaned job ${orphan.id} failed`, err);
+                    }
                 }
             }
             catch (err) {
@@ -129,6 +154,7 @@ export class AsyncJobManager {
                         this.logger.error(`Job ${id} process ${job.process.pid} no longer exists, marking as failed`);
                         this.emitMetrics(job);
                         this.persistComplete(job);
+                        this.writeFlightComplete(job, "failed");
                         this.fireOnComplete(job);
                     }
                     // EPERM: process exists but we can't signal it — ignore
@@ -144,6 +170,7 @@ export class AsyncJobManager {
                 this.logger.error(`Job ${id} has exited flag but was still in running state, marking as failed`);
                 this.emitMetrics(job);
                 this.persistComplete(job);
+                this.writeFlightComplete(job, "failed");
                 this.fireOnComplete(job);
             }
         }
@@ -196,6 +223,96 @@ export class AsyncJobManager {
             this.logger.error(`Job ${job.id} onComplete hook threw`, err);
         }
     }
+    /**
+     * Slice 1.5: write the terminal flight-recorder row. Mirrors sync-path
+     * failure semantics (response = stderr||stdout on failure, errorMessage
+     * falls back through overrideErrorMessage → job.error → job.stderr →
+     * "Exit code N"). Single-shot guard set only on SUCCESSFUL write so a
+     * thrown logComplete can be retried by a later terminal callback; the
+     * FR's WHERE status='started' UPDATE guard remains the actual
+     * idempotency mechanism for the common "retry succeeds, original
+     * succeeded too" case.
+     */
+    writeFlightComplete(job, finalStatus, overrideErrorMessage) {
+        if (!job.flightRecorderEntry)
+            return; // never opted in
+        // R2 Codex-Unit-B F1: only write when armed. Sync-inline requests are
+        // NOT armed at startJob — the sync handler owns the rich-metadata
+        // safeFlightComplete write. Pure async + sync-deferred ARE armed.
+        if (!job.flightCompleteArmed)
+            return;
+        if (job.flightRecorderComplete)
+            return; // already wrote successfully
+        const durationMs = Math.max(0, Date.now() - new Date(job.startedAt).getTime());
+        const usage = finalStatus === "completed" && job.extractUsage ? this.safeExtractUsage(job) : {};
+        const isFailure = finalStatus === "failed";
+        const response = isFailure ? job.stderr || job.stdout : job.stdout;
+        const exitCode = job.exitCode ?? (finalStatus === "completed" ? 0 : 1);
+        const errorMessage = isFailure
+            ? (overrideErrorMessage ?? job.error ?? job.stderr ?? `Exit code ${exitCode}`)
+            : undefined;
+        try {
+            this.flightRecorder.logComplete(job.correlationId, {
+                response,
+                durationMs,
+                retryCount: 0,
+                circuitBreakerState: "closed",
+                optimizationApplied: false,
+                exitCode,
+                errorMessage,
+                status: finalStatus,
+                inputTokens: usage.inputTokens,
+                outputTokens: usage.outputTokens,
+                cacheReadTokens: usage.cacheReadTokens,
+                cacheCreationTokens: usage.cacheCreationTokens,
+                costUsd: usage.costUsd,
+            });
+            // Only mark complete on successful write so a thrown logComplete
+            // can be retried by the next terminal callback.
+            job.flightRecorderComplete = true;
+            // Clear retained references so the GC can reclaim anything the
+            // extractUsage closure captured.
+            job.flightRecorderEntry = undefined;
+            job.extractUsage = undefined;
+        }
+        catch (err) {
+            this.logger.error("Async-path flight recorder logComplete failed", err);
+        }
+    }
+    safeExtractUsage(job) {
+        try {
+            return job.extractUsage?.(job.stdout) ?? {};
+        }
+        catch (err) {
+            this.logger.error(`Job ${job.id} extractUsage threw`, err);
+            return {};
+        }
+    }
+    /**
+     * R2 Codex-Unit-B F1: awaitJobOrDefer calls this when returning a
+     * deferred response. From this point on the sync handler will not write
+     * its own safeFlightComplete, so the manager takes over.
+     *
+     * Race mitigation: if the job already terminated between the sync
+     * deadline expiring and this method firing, write logComplete
+     * synchronously here so the previously-skipped terminal callback's
+     * write isn't lost.
+     */
+    armFlightCompleteForDeferral(jobId) {
+        const job = this.jobs.get(jobId);
+        if (!job)
+            return;
+        if (job.flightCompleteArmed)
+            return; // pure async already armed
+        job.flightCompleteArmed = true;
+        if (job.status === "running")
+            return;
+        // Job already terminal — the close handler's writeFlightComplete
+        // saw flightCompleteArmed=false and skipped. Write now to recover.
+        const finalStatus = job.status === "completed" ? "completed" : "failed";
+        const override = job.canceled ? "canceled by caller" : undefined;
+        this.writeFlightComplete(job, finalStatus, override);
+    }
     safeStoreCall(label, fn) {
         if (!this.store)
             return;
@@ -300,7 +417,7 @@ export class AsyncJobManager {
      * Existing callers keep working unchanged; forceRefresh is exposed as a trailing
      * optional param for the dedup-aware path.
      */
-    startJob(cli, args, correlationId, cwd, idleTimeoutMs, outputFormat, forceRefresh, env, onComplete) {
+    startJob(cli, args, correlationId, cwd, idleTimeoutMs, outputFormat, forceRefresh, env, onComplete, flightRecorderEntry, extractUsage, writeFlightStart) {
         return this.startJobWithDedup(cli, args, correlationId, {
             cwd,
             idleTimeoutMs,
@@ -308,6 +425,9 @@ export class AsyncJobManager {
             forceRefresh,
             env,
             onComplete,
+            flightRecorderEntry,
+            extractUsage,
+            writeFlightStart,
         }).snapshot;
     }
     /**
@@ -319,7 +439,7 @@ export class AsyncJobManager {
      * is returned without spawning a new process. forceRefresh skips dedup entirely.
      */
     startJobWithDedup(cli, args, correlationId, opts = {}) {
-        const { cwd, idleTimeoutMs, outputFormat, forceRefresh, env: extraEnv, onComplete } = opts;
+        const { cwd, idleTimeoutMs, outputFormat, forceRefresh, env: extraEnv, onComplete, flightRecorderEntry, extractUsage, writeFlightStart, } = opts;
         const requestKey = this.buildRequestKey(cli, args, extraEnv);
         if (!forceRefresh && this.store) {
             try {
@@ -405,6 +525,14 @@ export class AsyncJobManager {
             onCompleteFired: false,
             outputDirty: false,
             lastOutputFlushAt: Date.now(),
+            flightRecorderEntry,
+            extractUsage,
+            flightRecorderComplete: false,
+            // R2 Codex-Unit-B F1: pure async path arms now (writeFlightStart=true
+            // means the manager is the only FR writer). Sync-deferred path
+            // arrives with writeFlightStart=false and arms later via
+            // armFlightCompleteForDeferral when awaitJobOrDefer decides to defer.
+            flightCompleteArmed: writeFlightStart === true,
         };
         this.jobs.set(id, job);
         this.safeStoreCall("recordStart", () => this.store.recordStart({
@@ -417,6 +545,27 @@ export class AsyncJobManager {
             startedAt,
             pid: child.pid ?? null,
         }));
+        // Slice 1.5: only opt-in callers (pure async handlers) write logStart
+        // here. The sync-deferred path passes writeFlightStart=false because
+        // the upstream sync handler already wrote a logStart row keyed on the
+        // same correlationId; a duplicate INSERT would crash on the PK.
+        if (writeFlightStart && flightRecorderEntry) {
+            try {
+                this.flightRecorder.logStart({
+                    correlationId,
+                    cli,
+                    model: flightRecorderEntry.model,
+                    prompt: flightRecorderEntry.prompt,
+                    sessionId: flightRecorderEntry.sessionId,
+                    asyncJobId: id,
+                    stablePrefixHash: flightRecorderEntry.stablePrefixHash,
+                    stablePrefixTokens: flightRecorderEntry.stablePrefixTokens,
+                });
+            }
+            catch (err) {
+                this.logger.error("Async-path flight recorder logStart failed", err);
+            }
+        }
         this.logger.info(`Job ${id} started for ${cli}`, { correlationId });
         // Idle timeout: kill process if no output activity for idleTimeoutMs
         let idleTimerId;
@@ -439,6 +588,7 @@ export class AsyncJobManager {
                 });
                 this.emitMetrics(job);
                 this.persistComplete(job);
+                this.writeFlightComplete(job, "failed");
                 this.fireOnComplete(job);
                 setTimeout(() => {
                     if (!job.exited && job.process)
@@ -473,6 +623,7 @@ export class AsyncJobManager {
                 this.logger.error(`Job ${id} error: ${launchError.message}`, { correlationId });
                 this.emitMetrics(job);
                 this.persistComplete(job);
+                this.writeFlightComplete(job, "failed");
                 this.fireOnComplete(job);
             }
         });
@@ -490,6 +641,12 @@ export class AsyncJobManager {
                 }
                 // Ensure terminal state reaches the durable store (idle-timeout/output-overflow already persisted).
                 this.persistComplete(job);
+                // Slice 1.5: retry the FR complete write iff the earlier terminal
+                // callback's logComplete threw. The single-shot guard in
+                // writeFlightComplete makes this a no-op in the common case.
+                const fallbackFlightStatus = job.status === "completed" ? "completed" : "failed";
+                const fallbackOverride = job.status === "canceled" ? "canceled by caller" : undefined;
+                this.writeFlightComplete(job, fallbackFlightStatus, fallbackOverride);
                 this.fireOnComplete(job);
                 return;
             }
@@ -512,6 +669,7 @@ export class AsyncJobManager {
             }
             this.emitMetrics(job);
             this.persistComplete(job);
+            this.writeFlightComplete(job, job.status === "completed" ? "completed" : "failed", job.status === "canceled" ? "canceled by caller" : undefined);
             this.fireOnComplete(job);
         });
         return { snapshot: this.snapshot(job), deduped: false };
@@ -567,6 +725,7 @@ export class AsyncJobManager {
         killProcessGroup(job.process, "SIGTERM");
         this.logger.info(`Job ${jobId} canceled`, { correlationId: job.correlationId });
         this.persistComplete(job);
+        this.writeFlightComplete(job, "failed", "canceled by caller");
         this.fireOnComplete(job);
         setTimeout(() => {
             if (!job.exited && job.process)
@@ -639,6 +798,7 @@ export class AsyncJobManager {
                 });
                 this.emitMetrics(job);
                 this.persistComplete(job);
+                this.writeFlightComplete(job, "failed", "Output exceeded maximum size (50MB)");
                 this.fireOnComplete(job);
                 setTimeout(() => {
                     if (!job.exited && job.process)

package/dist/codex-json-parser.js

@@ -47,7 +47,10 @@ export function parseCodexJsonStream(stdout) {
                         input_tokens: typeof u.input_tokens === "number" ? u.input_tokens : 0,
                         output_tokens: typeof u.output_tokens === "number" ? u.output_tokens : 0,
                     };
-                    if (typeof u.cache_read_input_tokens === "number") {
+                    if (typeof u.cached_input_tokens === "number") {
+                        usage.cache_read_tokens = u.cached_input_tokens;
+                    }
+                    else if (typeof u.cache_read_input_tokens === "number") {
                         usage.cache_read_tokens = u.cache_read_input_tokens;
                     }
                     else if (typeof u.cache_read_tokens === "number") {

package/dist/index.d.ts

@@ -81,6 +81,23 @@ interface GatewayServerRuntime {
     persistence: PersistenceConfig;
     cacheAwareness: CacheAwarenessConfig;
 }
+export declare function extractUsageAndCost(cli: "claude" | "codex" | "gemini" | "grok" | "mistral", output: string, outputFormat?: string, 
+/**
+ * Optional context for off-stdout telemetry sources. Today only Mistral
+ * uses this — its meta.json lives on disk keyed by sessionId. Threading
+ * this in keeps the closure built by `buildAsyncFlightRecorderHandoff`
+ * primitives-only (no `params`/`prep` retention on AsyncJobRecord).
+ */
+ctx?: {
+    sessionId?: string;
+    home?: string;
+}): {
+    inputTokens?: number;
+    outputTokens?: number;
+    cacheReadTokens?: number;
+    cacheCreationTokens?: number;
+    costUsd?: number;
+};
 interface CliRequestPrep {
     corrId: string;
     effectivePrompt: string;
@@ -191,6 +208,12 @@ export declare function prepareGeminiRequest(params: {
     policyFiles?: string[];
     adminPolicyFiles?: string[];
     attachments?: string[];
+    /**
+     * Phase 4 slice γ: emit `--skip-trust` so first-run workspaces don't
+     * block headless invocations on the interactive trust prompt. Default
+     * is undefined (preserves current prompt behaviour for legacy callers).
+     */
+    skipTrust?: boolean;
 }, runtime?: GatewayServerRuntime): CliRequestPrep | ExtendedToolResponse;
 export declare function prepareMistralRequest(params: {
     prompt?: string;
@@ -208,6 +231,11 @@ export declare function prepareMistralRequest(params: {
     correlationId?: string;
     optimizePrompt: boolean;
     operation: string;
+    /**
+     * Phase 4 slice γ: emit `--trust` to bypass Vibe's interactive trust
+     * prompt for this invocation only (not persisted). Default undefined.
+     */
+    trust?: boolean;
 }, runtime?: GatewayServerRuntime): (CliRequestPrep & {
     mistralEnv: Record<string, string>;
 }) | ExtendedToolResponse;
@@ -235,6 +263,8 @@ export interface GeminiRequestParams {
     policyFiles?: string[];
     adminPolicyFiles?: string[];
     attachments?: string[];
+    /** Phase 4 slice γ: emit `--skip-trust` for fresh-workspace headless runs. */
+    skipTrust?: boolean;
 }
 export interface HandlerDeps {
     sessionManager: ISessionManager;
@@ -297,6 +327,8 @@ export interface MistralRequestParams {
     optimizeResponse?: boolean;
     idleTimeoutMs?: number;
     forceRefresh?: boolean;
+    /** Phase 4 slice γ: emit `--trust` for fresh-workspace headless runs. */
+    trust?: boolean;
 }
 export declare function handleMistralRequest(deps: HandlerDeps, params: MistralRequestParams): Promise<ExtendedToolResponse>;
 export declare function handleMistralRequestAsync(deps: AsyncHandlerDeps, params: Omit<MistralRequestParams, "optimizeResponse">): Promise<ExtendedToolResponse>;