llm-cli-gateway 1.6.1 → 1.8.0

package/dist/index.js

@@ -10,6 +10,8 @@ import { executeCli, killAllProcessGroups } from "./executor.js";
 import { parseStreamJson } from "./stream-json-parser.js";
 import { parseCodexJsonStream } from "./codex-json-parser.js";
 import { parseGeminiJson } from "./gemini-json-parser.js";
+import { parseVibeMetaJson } from "./mistral-meta-json-parser.js";
+import { homedir } from "os";
 import { createSessionManager } from "./session-manager.js";
 import { ResourceProvider } from "./resources.js";
 import { PerformanceMetrics } from "./metrics.js";
@@ -17,7 +19,7 @@ import { estimateTokens, optimizePrompt as optimizePromptText, optimizeResponse
 import { loadConfig, loadPersistenceConfig, loadCacheAwarenessConfig, } from "./config.js";
 import { checkHealth } from "./health.js";
 import { clearModelRegistryCache, getAvailableCliInfo, getCliInfo, resolveModelAlias, } from "./model-registry.js";
-import { AsyncJobManager } from "./async-job-manager.js";
+import { AsyncJobManager, } from "./async-job-manager.js";
 import { createJobStore } from "./job-store.js";
 import { ApprovalManager } from "./approval-manager.js";
 import { checkReviewIntegrity } from "./review-integrity.js";
@@ -213,10 +215,10 @@ function getJobStore(runtimeLogger = logger) {
     }
     return jobStore;
 }
-function newAsyncJobManager(metrics, runtimeLogger, store = getJobStore(runtimeLogger)) {
+function newAsyncJobManager(metrics, runtimeLogger, store = getJobStore(runtimeLogger), fr = getFlightRecorder(runtimeLogger)) {
     return new AsyncJobManager(runtimeLogger, (cli, durationMs, success) => {
         metrics.recordRequest(cli, durationMs, success);
-    }, store);
+    }, store, fr);
 }
 function getAsyncJobManager(runtimeLogger = logger) {
     asyncJobManager ??= newAsyncJobManager(performanceMetrics, runtimeLogger);
@@ -239,17 +241,19 @@ function resolveGatewayServerRuntime(deps = {}, options = {}) {
     const runtimeSessionManager = deps.sessionManager ?? sessionManager;
     const runtimePerformanceMetrics = deps.performanceMetrics ??
         (options.isolateState ? new PerformanceMetrics() : performanceMetrics);
+    // Resolve flight recorder BEFORE async manager so isolateState managers
+    // can be wired with the same recorder instance the runtime exposes.
+    const runtimeFlightRecorder = deps.flightRecorder ?? getFlightRecorder(runtimeLogger);
     const runtimeAsyncJobManager = deps.asyncJobManager ??
         (options.isolateState
             ? // Factory-created test/HTTP session servers must not mark another instance's
                 // durable jobs orphaned. Stdio startup injects the process-global manager.
-                newAsyncJobManager(runtimePerformanceMetrics, runtimeLogger, null)
+                newAsyncJobManager(runtimePerformanceMetrics, runtimeLogger, null, runtimeFlightRecorder)
             : getAsyncJobManager(runtimeLogger));
     const runtimeApprovalManager = deps.approvalManager ??
         (options.isolateState
             ? new ApprovalManager(undefined, runtimeLogger)
             : getApprovalManager(runtimeLogger));
-    const runtimeFlightRecorder = deps.flightRecorder ?? getFlightRecorder(runtimeLogger);
     return {
         sessionManager: runtimeSessionManager,
         resourceProvider: deps.resourceProvider ??
@@ -286,7 +290,16 @@ const SYNC_POLL_INTERVAL_MS = 1_000;
  * Start an async job and poll until completion or deadline.
  * Returns the job result if it finishes in time, or a deferral marker.
  */
-async function awaitJobOrDefer(cli, args, corrId, idleTimeoutMs, outputFormat, forceRefresh, runtime = resolveGatewayServerRuntime(), env, onComplete) {
+async function awaitJobOrDefer(cli, args, corrId, idleTimeoutMs, outputFormat, forceRefresh, runtime = resolveGatewayServerRuntime(), env, onComplete, 
+/**
+ * Slice 1.5: when the sync handler has already written a logStart row
+ * keyed on `corrId`, pass these so the manager can write logComplete
+ * (with usage extraction) when the underlying async job terminates —
+ * even if the sync handler returned a deferred response.
+ * `writeFlightStart` is NEVER true on this path: the sync handler is
+ * always the upstream logStart writer.
+ */
+flightRecorderEntry, extractUsage) {
     // U26 fix: ownership of onComplete is a contract. Once this function returns
     // OR throws, the caller MUST consider onComplete consumed — i.e. it has
     // either been run, or the AsyncJobManager has taken ownership of it. The
@@ -336,6 +349,13 @@ async function awaitJobOrDefer(cli, args, corrId, idleTimeoutMs, outputFormat, f
             forceRefresh,
             env,
             onComplete,
+            // Sync-deferred path: the upstream sync handler already wrote
+            // logStart for this corrId, so writeFlightStart stays false. The
+            // manager still writes logComplete on terminal state (which UPDATEs
+            // the sync handler's row), closing the previously-orphaned
+            // sync-deferred case.
+            flightRecorderEntry,
+            extractUsage,
         });
         // Handoff succeeded: AsyncJobManager owns onComplete (it'll fire via
         // fireOnComplete on terminal status, or run inline immediately for dedup).
@@ -369,7 +389,14 @@ async function awaitJobOrDefer(cli, args, corrId, idleTimeoutMs, outputFormat, f
         }
         await new Promise(resolve => setTimeout(resolve, SYNC_POLL_INTERVAL_MS));
     }
-    // Deadline exceeded — return deferral
+    // Deadline exceeded — return deferral.
+    // R2 Codex-Unit-B F1: hand FR-complete ownership to the manager. Until
+    // this call, the manager skips writeFlightComplete on terminal so the
+    // sync handler's safeFlightComplete (with rich approvalDecision /
+    // optimizationApplied metadata) wins for sync-inline completions. From
+    // here on the sync handler returns deferred and will NOT write
+    // safeFlightComplete, so the manager must.
+    runtime.asyncJobManager.armFlightCompleteForDeferral(job.id);
     runtime.logger.info(`[${corrId}] ${cli} sync deadline exceeded (${SYNC_DEADLINE_MS}ms), deferring to async job ${job.id}`);
     return {
         deferred: true,
@@ -452,7 +479,14 @@ function createErrorResponse(cli, code, stderr, correlationId, error) {
         },
     };
 }
-function extractUsageAndCost(cli, output, outputFormat) {
+export function extractUsageAndCost(cli, output, outputFormat, 
+/**
+ * Optional context for off-stdout telemetry sources. Today only Mistral
+ * uses this — its meta.json lives on disk keyed by sessionId. Threading
+ * this in keeps the closure built by `buildAsyncFlightRecorderHandoff`
+ * primitives-only (no `params`/`prep` retention on AsyncJobRecord).
+ */
+ctx) {
     if (cli === "claude" && outputFormat === "stream-json") {
         const parsed = parseStreamJson(output);
         if (!parsed.usage) {
@@ -490,11 +524,44 @@ function extractUsageAndCost(cli, output, outputFormat) {
             cacheReadTokens: parsed.usage.cache_read_tokens,
         };
     }
-    // Mistral/Vibe: does not surface usage in its stdout/stream-json output. A
-    // future unit can read it from `~/.vibe/logs/session/<id>/metadata.json`
-    // once we resolve the session id post-run.
+    // Mistral/Vibe: usage/cost live on disk in `~/.vibe/logs/session/<id>/meta.json`
+    // (Phase 4 slice β). Best-effort: if we don't know the sessionId (fresh
+    // session whose Vibe-assigned UUID we never observed) or the file is
+    // missing/malformed, the parser returns `{}` and the FR row simply lacks
+    // usage data — matching pre-slice behaviour. No stdout fallback exists.
+    if (cli === "mistral") {
+        return parseVibeMetaJson(ctx?.home ?? homedir(), ctx?.sessionId);
+    }
     return {};
 }
+/**
+ * Slice 1.5: build the async-job-manager's FR payload from a prep object
+ * (which every prepare*Request returns), plus the bound CLI and output
+ * format primitives needed by extractUsageAndCost. Returning the closure
+ * separately means it captures `cliName` and `fmt` ONLY — never `params`
+ * or `prep` — so retention on AsyncJobRecord is O(constant).
+ */
+function buildAsyncFlightRecorderHandoff(cliName, prep, sessionId, outputFormat) {
+    // Extract primitives BEFORE building the closure — capturing `prep` or
+    // `params` directly would pin large attachments / promptParts on the
+    // AsyncJobRecord for JOB_TTL_MS. Phase 4 slice β: `sid` and `home` are
+    // primitives too, threaded through so the Mistral branch of
+    // extractUsageAndCost can read `~/.vibe/logs/session/<id>/meta.json`.
+    const cli = cliName;
+    const fmt = outputFormat;
+    const sid = sessionId;
+    const home = homedir();
+    return {
+        flightRecorderEntry: {
+            model: prep.resolvedModel || "default",
+            prompt: prep.effectivePrompt,
+            sessionId,
+            stablePrefixHash: prep.stablePrefixHash ?? undefined,
+            stablePrefixTokens: prep.stablePrefixTokens ?? undefined,
+        },
+        extractUsage: (stdout) => extractUsageAndCost(cli, stdout, fmt, { sessionId: sid, home }),
+    };
+}
 function safeFlightStart(entry, runtime = resolveGatewayServerRuntime()) {
     try {
         runtime.flightRecorder.logStart(entry);
@@ -1032,11 +1099,12 @@ export function prepareCodexRequest(params, runtime = resolveGatewayServerRuntim
         args.push("--json");
     }
     args.push("--skip-git-repo-check");
-    // U26: High-impact feature flags. Some of these (`--output-schema`,
-    // `--search`, `-C`, `--add-dir`) are rejected by `codex exec resume`, so we
-    // only emit them on a NEW session. Images / ephemeral / profile /
-    // ignore-rules / ignore-user-config are allowed on resume per the audited
-    // CLI help; we emit them in both branches.
+    // U26: High-impact feature flags. `--search` is rejected by
+    // `codex exec resume` (resume inherits the original session's web-search
+    // state), so we only emit it on a NEW session. `--output-schema`,
+    // `-c key=value`, profile, ephemeral, images, and the ignore-* flags are
+    // all accepted on resume per `codex exec resume --help` (codex-cli 0.133.0)
+    // and are emitted in both branches.
     let highImpactCleanup;
     if (sessionPlan.mode === "new") {
         const high = prepareCodexHighImpactFlags({
@@ -1056,12 +1124,10 @@ export function prepareCodexRequest(params, runtime = resolveGatewayServerRuntim
         highImpactCleanup = high.cleanup;
     }
     else {
-        // On resume, emit only the resume-safe subset (profile, ephemeral,
-        // images, ignoreUserConfig, ignoreRules). outputSchema, search, and
-        // configOverrides are dropped silently to mirror existing behavior for
-        // sandbox/ask-for-approval on resume.
         const high = prepareCodexHighImpactFlags({
+            outputSchema: params.outputSchema,
             profile: params.profile,
+            configOverrides: params.configOverrides,
             ephemeral: params.ephemeral,
             images: params.images,
             ignoreUserConfig: params.ignoreUserConfig,
@@ -1191,6 +1257,10 @@ export function prepareGeminiRequest(params, runtime = resolveGatewayServerRunti
     if (params.outputFormat === "json") {
         args.push("-o", "json");
     }
+    // Phase 4 slice γ: opt-in trust-prompt bypass for fresh workspaces.
+    if (params.skipTrust) {
+        args.push("--skip-trust");
+    }
     return {
         corrId,
         effectivePrompt,
@@ -1362,6 +1432,7 @@ export function prepareMistralRequest(params, runtime = resolveGatewayServerRunt
         reasoningEffort: params.reasoningEffort,
         allowedTools: params.allowedTools,
         disallowedTools: params.disallowedTools,
+        trust: params.trust,
     });
     if (prep.ignoredDisallowedTools) {
         runtime.logger.info(`[${corrId}] Mistral does not support disallowedTools; ignoring (caller passed ${params.disallowedTools?.length ?? 0} entries)`);
@@ -1417,7 +1488,10 @@ function buildCliResponse(cli, stdout, optimizeResponse, corrId, sessionId, prep
             correlationId: corrId,
             sessionId: sessionId || null,
             durationMs,
-            ...extractUsageAndCost(cli, stdout, outputFormat),
+            // Phase 4 slice β: thread sessionId + home so the Mistral branch of
+            // extractUsageAndCost can read `~/.vibe/logs/session/<dir>/meta.json`.
+            // Other CLIs ignore the ctx (their usage source is stdout).
+            ...extractUsageAndCost(cli, stdout, outputFormat, { sessionId, home: homedir() }),
             exitCode: 0,
             retryCount: 0,
         },
@@ -1515,6 +1589,7 @@ export async function handleGeminiRequest(deps, params) {
         policyFiles: params.policyFiles,
         adminPolicyFiles: params.adminPolicyFiles,
         attachments: params.attachments,
+        skipTrust: params.skipTrust,
     }, runtime);
     if (!("args" in prep))
         return prep;
@@ -1542,7 +1617,8 @@ export async function handleGeminiRequest(deps, params) {
         args.push(...sessionPlan.args);
         const userProvidedSession = sessionPlan.resumed;
         const effectiveSessionIdHint = sessionPlan.resumed ? params.sessionId : undefined;
-        const result = await awaitJobOrDefer("gemini", args, corrId, resolveIdleTimeout("gemini", params.idleTimeoutMs), params.outputFormat, params.forceRefresh, runtime);
+        const geminiFrHandoff = buildAsyncFlightRecorderHandoff("gemini", prep, params.sessionId, params.outputFormat);
+        const result = await awaitJobOrDefer("gemini", args, corrId, resolveIdleTimeout("gemini", params.idleTimeoutMs), params.outputFormat, params.forceRefresh, runtime, undefined, undefined, geminiFrHandoff.flightRecorderEntry, geminiFrHandoff.extractUsage);
         // Deferred — job still running, return async reference
         if (isDeferredResponse(result)) {
             return buildDeferredToolResponse(result, effectiveSessionIdHint);
@@ -1642,6 +1718,7 @@ export async function handleGeminiRequestAsync(deps, params) {
         policyFiles: params.policyFiles,
         adminPolicyFiles: params.adminPolicyFiles,
         attachments: params.attachments,
+        skipTrust: params.skipTrust,
     }, runtime);
     if (!("args" in prep))
         return prep;
@@ -1675,7 +1752,10 @@ export async function handleGeminiRequestAsync(deps, params) {
         // surfaces it in the snapshot).
         assertUpstreamCliArgs("gemini", args);
         assertUpstreamCliEnv("gemini", undefined);
-        const job = deps.asyncJobManager.startJob("gemini", args, corrId, undefined, resolveIdleTimeout("gemini", params.idleTimeoutMs), params.outputFormat, params.forceRefresh);
+        // Slice 1.5: pure async path — no upstream safeFlightStart, so the
+        // manager owns both logStart and logComplete for this corrId.
+        const geminiAsyncFrHandoff = buildAsyncFlightRecorderHandoff("gemini", prep, effectiveSessionId, params.outputFormat);
+        const job = deps.asyncJobManager.startJob("gemini", args, corrId, undefined, resolveIdleTimeout("gemini", params.idleTimeoutMs), params.outputFormat, params.forceRefresh, undefined, undefined, geminiAsyncFrHandoff.flightRecorderEntry, geminiAsyncFrHandoff.extractUsage, true);
         deps.logger.info(`[${corrId}] gemini_request_async started job ${job.id}`);
         const asyncResponse = {
             success: true,
@@ -1745,7 +1825,8 @@ export async function handleGrokRequest(deps, params) {
             createNewSession: params.createNewSession,
         });
         args.push(...sessionResult.resumeArgs);
-        const result = await awaitJobOrDefer("grok", args, corrId, resolveIdleTimeout("grok", params.idleTimeoutMs), params.outputFormat, params.forceRefresh, runtime);
+        const grokFrHandoff = buildAsyncFlightRecorderHandoff("grok", prep, params.sessionId, params.outputFormat);
+        const result = await awaitJobOrDefer("grok", args, corrId, resolveIdleTimeout("grok", params.idleTimeoutMs), params.outputFormat, params.forceRefresh, runtime, undefined, undefined, grokFrHandoff.flightRecorderEntry, grokFrHandoff.extractUsage);
         // Deferred — job still running, return async reference
         if (isDeferredResponse(result)) {
             return buildDeferredToolResponse(result, sessionResult.effectiveSessionId);
@@ -1875,7 +1956,8 @@ export async function handleGrokRequestAsync(deps, params) {
         // Start job only after all session I/O succeeds
         assertUpstreamCliArgs("grok", args);
         assertUpstreamCliEnv("grok", undefined);
-        const job = deps.asyncJobManager.startJob("grok", args, corrId, undefined, resolveIdleTimeout("grok", params.idleTimeoutMs), params.outputFormat, params.forceRefresh);
+        const grokAsyncFrHandoff = buildAsyncFlightRecorderHandoff("grok", prep, effectiveSessionId, params.outputFormat);
+        const job = deps.asyncJobManager.startJob("grok", args, corrId, undefined, resolveIdleTimeout("grok", params.idleTimeoutMs), params.outputFormat, params.forceRefresh, undefined, undefined, grokAsyncFrHandoff.flightRecorderEntry, grokAsyncFrHandoff.extractUsage, true);
         deps.logger.info(`[${corrId}] grok_request_async started job ${job.id}`);
         const asyncResponse = {
             success: true,
@@ -1920,6 +2002,7 @@ export async function handleMistralRequest(deps, params) {
         correlationId: params.correlationId,
         optimizePrompt: params.optimizePrompt,
         operation: "mistral_request",
+        trust: params.trust,
     }, runtime);
     if (!("args" in prep))
         return prep;
@@ -1943,7 +2026,8 @@ export async function handleMistralRequest(deps, params) {
             createNewSession: params.createNewSession,
         });
         args.push(...sessionResult.resumeArgs);
-        let result = await awaitJobOrDefer("mistral", args, corrId, resolveIdleTimeout("mistral", params.idleTimeoutMs), params.outputFormat, params.forceRefresh, runtime, mistralEnv);
+        const mistralFrHandoff = buildAsyncFlightRecorderHandoff("mistral", prep, params.sessionId, params.outputFormat);
+        let result = await awaitJobOrDefer("mistral", args, corrId, resolveIdleTimeout("mistral", params.idleTimeoutMs), params.outputFormat, params.forceRefresh, runtime, mistralEnv, undefined, mistralFrHandoff.flightRecorderEntry, mistralFrHandoff.extractUsage);
         if (isDeferredResponse(result)) {
             return buildDeferredToolResponse(result, sessionResult.effectiveSessionId);
         }
@@ -1962,9 +2046,15 @@ export async function handleMistralRequest(deps, params) {
                     reasoningEffort: params.reasoningEffort,
                     allowedTools: params.allowedTools,
                     disallowedTools: params.disallowedTools,
+                    // Phase 4 slice γ: preserve --trust on the model-selection retry
+                    // so a fresh untrusted workspace doesn't block headlessly on the
+                    // second attempt after surviving the first.
+                    trust: params.trust,
                 });
                 const retryArgs = [...retryPrep.args, ...sessionResult.resumeArgs];
-                result = await awaitJobOrDefer("mistral", retryArgs, corrId, resolveIdleTimeout("mistral", params.idleTimeoutMs), params.outputFormat, true, runtime, retryPrep.env);
+                // Reuse the FR handoff built above — the retry preserves corrId,
+                // so the manager's logComplete still updates the original row.
+                result = await awaitJobOrDefer("mistral", retryArgs, corrId, resolveIdleTimeout("mistral", params.idleTimeoutMs), params.outputFormat, true, runtime, retryPrep.env, undefined, mistralFrHandoff.flightRecorderEntry, mistralFrHandoff.extractUsage);
                 if (isDeferredResponse(result)) {
                     return buildDeferredToolResponse(result, sessionResult.effectiveSessionId);
                 }
@@ -2060,6 +2150,7 @@ export async function handleMistralRequestAsync(deps, params) {
         correlationId: params.correlationId,
         optimizePrompt: params.optimizePrompt,
         operation: "mistral_request_async",
+        trust: params.trust,
     }, runtime);
     if (!("args" in prep))
         return prep;
@@ -2092,7 +2183,8 @@ export async function handleMistralRequestAsync(deps, params) {
         }
         assertUpstreamCliArgs("mistral", args);
         assertUpstreamCliEnv("mistral", mistralEnv);
-        const job = deps.asyncJobManager.startJob("mistral", args, corrId, undefined, resolveIdleTimeout("mistral", params.idleTimeoutMs), params.outputFormat, params.forceRefresh, mistralEnv);
+        const mistralAsyncFrHandoff = buildAsyncFlightRecorderHandoff("mistral", prep, effectiveSessionId, params.outputFormat);
+        const job = deps.asyncJobManager.startJob("mistral", args, corrId, undefined, resolveIdleTimeout("mistral", params.idleTimeoutMs), params.outputFormat, params.forceRefresh, mistralEnv, undefined, mistralAsyncFrHandoff.flightRecorderEntry, mistralAsyncFrHandoff.extractUsage, true);
         deps.logger.info(`[${corrId}] mistral_request_async started job ${job.id}`);
         const asyncResponse = {
             success: true,
@@ -2193,9 +2285,10 @@ export async function handleCodexRequestAsync(deps, params) {
         // registering the record, ownership stays here and we run it in the catch.
         assertUpstreamCliArgs("codex", args);
         assertUpstreamCliEnv("codex", undefined);
+        const codexAsyncFrHandoff = buildAsyncFlightRecorderHandoff("codex", prep, effectiveSessionId, params.outputFormat);
         let job;
         try {
-            job = deps.asyncJobManager.startJob("codex", args, corrId, undefined, resolveIdleTimeout("codex", params.idleTimeoutMs), params.outputFormat, params.forceRefresh, undefined, prepCleanup);
+            job = deps.asyncJobManager.startJob("codex", args, corrId, undefined, resolveIdleTimeout("codex", params.idleTimeoutMs), params.outputFormat, params.forceRefresh, undefined, prepCleanup, codexAsyncFrHandoff.flightRecorderEntry, codexAsyncFrHandoff.extractUsage, true);
             // Handoff succeeded: AsyncJobManager will fire prepCleanup on terminal
             // status. Release our local ownership claim so the catch path doesn't
             // double-fire.
@@ -2461,7 +2554,8 @@ export function createGatewayServer(deps = {}) {
             }
             // Idle timeout only for stream-json (text/json produce no output until done)
             const effectiveIdleTimeout = outputFormat === "stream-json" ? resolveIdleTimeout("claude", idleTimeoutMs) : undefined;
-            const result = await awaitJobOrDefer("claude", args, corrId, effectiveIdleTimeout, outputFormat, forceRefresh, runtime);
+            const claudeSyncFrHandoff = buildAsyncFlightRecorderHandoff("claude", prep, effectiveSessionId, outputFormat);
+            const result = await awaitJobOrDefer("claude", args, corrId, effectiveIdleTimeout, outputFormat, forceRefresh, runtime, undefined, undefined, claudeSyncFrHandoff.flightRecorderEntry, claudeSyncFrHandoff.extractUsage);
             // Deferred — job still running, return async reference
             if (isDeferredResponse(result)) {
                 return buildDeferredToolResponse(result, effectiveSessionId);
@@ -2703,7 +2797,8 @@ export function createGatewayServer(deps = {}) {
         // completion or deferred). The outer finally MUST NOT clean again.
         const prepCleanup = "cleanup" in prep && typeof prep.cleanup === "function" ? prep.cleanup : undefined;
         try {
-            const result = await awaitJobOrDefer("codex", args, corrId, resolveIdleTimeout("codex", idleTimeoutMs), outputFormat, forceRefresh, runtime, undefined, prepCleanup);
+            const codexSyncFrHandoff = buildAsyncFlightRecorderHandoff("codex", prep, sessionId, outputFormat);
+            const result = await awaitJobOrDefer("codex", args, corrId, resolveIdleTimeout("codex", idleTimeoutMs), outputFormat, forceRefresh, runtime, undefined, prepCleanup, codexSyncFrHandoff.flightRecorderEntry, codexSyncFrHandoff.extractUsage);
             // Deferred — job still running, return async reference. Cleanup
             // ownership belongs to AsyncJobManager via onComplete.
             if (isDeferredResponse(result)) {
@@ -2944,7 +3039,11 @@ export function createGatewayServer(deps = {}) {
         policyFiles: GEMINI_HIGH_IMPACT_PARAMS_SCHEMA.shape.policyFiles.describe("Policy file paths (--policy <path>, one per file). Paths must exist."),
         adminPolicyFiles: GEMINI_HIGH_IMPACT_PARAMS_SCHEMA.shape.adminPolicyFiles.describe("Admin policy file paths (--admin-policy <path>, one per file). Paths must exist."),
         attachments: GEMINI_HIGH_IMPACT_PARAMS_SCHEMA.shape.attachments.describe("Absolute file paths prepended as @<path> tokens to the prompt"),
-    }, async ({ prompt, promptParts, model, sessionId, resumeLatest, createNewSession, approvalMode, approvalStrategy, approvalPolicy, mcpServers, allowedTools, includeDirs, correlationId, optimizePrompt, optimizeResponse, idleTimeoutMs, forceRefresh, outputFormat, sandbox, policyFiles, adminPolicyFiles, attachments, }) => {
+        skipTrust: z
+            .boolean()
+            .default(false)
+            .describe("Emit `--skip-trust` so Gemini trusts the workspace for this session and skips the interactive trust prompt (Phase 4 slice γ). Required for headless runs in fresh workspaces."),
+    }, async ({ prompt, promptParts, model, sessionId, resumeLatest, createNewSession, approvalMode, approvalStrategy, approvalPolicy, mcpServers, allowedTools, includeDirs, correlationId, optimizePrompt, optimizeResponse, idleTimeoutMs, forceRefresh, outputFormat, sandbox, policyFiles, adminPolicyFiles, attachments, skipTrust, }) => {
         return handleGeminiRequest({ sessionManager, logger, runtime }, {
             prompt,
             promptParts,
@@ -2968,6 +3067,7 @@ export function createGatewayServer(deps = {}) {
             policyFiles,
             adminPolicyFiles,
             attachments,
+            skipTrust,
         });
     });
     //──────────────────────────────────────────────────────────────────────────────
@@ -3138,7 +3238,11 @@ export function createGatewayServer(deps = {}) {
             .boolean()
             .default(false)
             .describe("Bypass dedup and force a fresh CLI run even if a recent identical request exists"),
-    }, async ({ prompt, promptParts, model, outputFormat, sessionId, resumeLatest, createNewSession, permissionMode, effort, reasoningEffort, approvalStrategy, approvalPolicy, mcpServers, allowedTools, disallowedTools, correlationId, optimizePrompt, optimizeResponse, idleTimeoutMs, forceRefresh, }) => {
+        trust: z
+            .boolean()
+            .default(false)
+            .describe("Emit `--trust` so Vibe trusts the cwd for this invocation only (not persisted to trusted_folders.toml) and skips the interactive trust prompt (Phase 4 slice γ)."),
+    }, async ({ prompt, promptParts, model, outputFormat, sessionId, resumeLatest, createNewSession, permissionMode, effort, reasoningEffort, approvalStrategy, approvalPolicy, mcpServers, allowedTools, disallowedTools, correlationId, optimizePrompt, optimizeResponse, idleTimeoutMs, forceRefresh, trust, }) => {
         return handleMistralRequest({ sessionManager, logger, runtime }, {
             prompt,
             promptParts,
@@ -3160,6 +3264,7 @@ export function createGatewayServer(deps = {}) {
             optimizeResponse,
             idleTimeoutMs,
             forceRefresh,
+            trust,
         });
     });
     //──────────────────────────────────────────────────────────────────────────────
@@ -3344,7 +3449,8 @@ export function createGatewayServer(deps = {}) {
                     : undefined;
                 assertUpstreamCliArgs("claude", args);
                 assertUpstreamCliEnv("claude", undefined);
-                const job = asyncJobManager.startJob("claude", args, corrId, undefined, effectiveIdleTimeout, outputFormat, forceRefresh);
+                const claudeAsyncFrHandoff = buildAsyncFlightRecorderHandoff("claude", prep, effectiveSessionId, outputFormat);
+                const job = asyncJobManager.startJob("claude", args, corrId, undefined, effectiveIdleTimeout, outputFormat, forceRefresh, undefined, undefined, claudeAsyncFrHandoff.flightRecorderEntry, claudeAsyncFrHandoff.extractUsage, true);
                 logger.info(`[${corrId}] claude_request_async started job ${job.id}, outputFormat=${outputFormat}`);
                 const asyncResponse = {
                     success: true,
@@ -3549,7 +3655,11 @@ export function createGatewayServer(deps = {}) {
             policyFiles: GEMINI_HIGH_IMPACT_PARAMS_SCHEMA.shape.policyFiles.describe("Policy file paths (--policy <path>, one per file). Paths must exist."),
             adminPolicyFiles: GEMINI_HIGH_IMPACT_PARAMS_SCHEMA.shape.adminPolicyFiles.describe("Admin policy file paths (--admin-policy <path>, one per file). Paths must exist."),
             attachments: GEMINI_HIGH_IMPACT_PARAMS_SCHEMA.shape.attachments.describe("Absolute file paths prepended as @<path> tokens to the prompt"),
-        }, async ({ prompt, promptParts, model, sessionId, resumeLatest, createNewSession, approvalMode, approvalStrategy, approvalPolicy, mcpServers, allowedTools, includeDirs, correlationId, optimizePrompt, idleTimeoutMs, forceRefresh, outputFormat, sandbox, policyFiles, adminPolicyFiles, attachments, }) => {
+            skipTrust: z
+                .boolean()
+                .default(false)
+                .describe("Emit `--skip-trust` so Gemini trusts the workspace for this session and skips the interactive trust prompt (Phase 4 slice γ). Required for headless runs in fresh workspaces."),
+        }, async ({ prompt, promptParts, model, sessionId, resumeLatest, createNewSession, approvalMode, approvalStrategy, approvalPolicy, mcpServers, allowedTools, includeDirs, correlationId, optimizePrompt, idleTimeoutMs, forceRefresh, outputFormat, sandbox, policyFiles, adminPolicyFiles, attachments, skipTrust, }) => {
             return handleGeminiRequestAsync({ sessionManager, asyncJobManager, logger, runtime }, {
                 prompt,
                 promptParts,
@@ -3572,6 +3682,7 @@ export function createGatewayServer(deps = {}) {
                 policyFiles,
                 adminPolicyFiles,
                 attachments,
+                skipTrust,
             });
         });
         server.tool("grok_request_async", {
@@ -3733,7 +3844,11 @@ export function createGatewayServer(deps = {}) {
                 .boolean()
                 .default(false)
                 .describe("Bypass dedup and force a fresh CLI run even if a recent identical request exists"),
-        }, async ({ prompt, promptParts, model, outputFormat, sessionId, resumeLatest, createNewSession, permissionMode, effort, reasoningEffort, approvalStrategy, approvalPolicy, mcpServers, allowedTools, disallowedTools, correlationId, optimizePrompt, idleTimeoutMs, forceRefresh, }) => {
+            trust: z
+                .boolean()
+                .default(false)
+                .describe("Emit `--trust` so Vibe trusts the cwd for this invocation only (not persisted to trusted_folders.toml) and skips the interactive trust prompt (Phase 4 slice γ)."),
+        }, async ({ prompt, promptParts, model, outputFormat, sessionId, resumeLatest, createNewSession, permissionMode, effort, reasoningEffort, approvalStrategy, approvalPolicy, mcpServers, allowedTools, disallowedTools, correlationId, optimizePrompt, idleTimeoutMs, forceRefresh, trust, }) => {
             return handleMistralRequestAsync({ sessionManager, asyncJobManager, logger, runtime }, {
                 prompt,
                 promptParts,
@@ -3754,6 +3869,7 @@ export function createGatewayServer(deps = {}) {
                 optimizePrompt,
                 idleTimeoutMs,
                 forceRefresh,
+                trust,
             });
         });
         server.tool("llm_job_status", {

package/dist/job-store.d.ts

@@ -51,10 +51,35 @@ export interface JobStore {
     }): void;
     getById(id: string): JobRecord | null;
     findByRequestKey(requestKey: string): JobRecord | null;
-    markOrphanedOnStartup(): number;
+    /**
+     * Flip every `status='running'` row to `'orphaned'` at gateway boot.
+     *
+     * Returns the row count AND a snapshot of every row that was flipped, so
+     * AsyncJobManager can write a flight-recorder logComplete with the full
+     * sync-helper-equivalent payload (response from stderr||stdout,
+     * durationMs from startedAt). Pre-slice-1.5 rows that never wrote a
+     * logStart degrade silently to a no-op UPDATE inside the FR.
+     */
+    markOrphanedOnStartup(): {
+        count: number;
+        orphaned: Array<OrphanedJobSnapshot>;
+    };
     evictExpired(): number;
     close(): void;
 }
+/**
+ * Per-orphan snapshot returned by `markOrphanedOnStartup` so the
+ * AsyncJobManager constructor can build a faithful FlightLogResult for
+ * each row it flipped.
+ */
+export interface OrphanedJobSnapshot {
+    id: string;
+    correlationId: string;
+    startedAt: string;
+    stdout: string;
+    stderr: string;
+    exitCode: number | null;
+}
 /**
  * SQLite-backed job store. Default backend for production. Durable across
  * gateway restarts; safe for single-instance deployments.
@@ -69,6 +94,7 @@ export declare class SqliteJobStore implements JobStore {
     private updateCompleteStmt;
     private getByIdStmt;
     private findByRequestKeyStmt;
+    private selectRunningOrphansStmt;
     private markOrphanedStmt;
     private deleteExpiredStmt;
     constructor(dbPath: string, logger?: Logger, options?: {
@@ -114,8 +140,15 @@ export declare class SqliteJobStore implements JobStore {
     /**
      * On gateway boot, flip any jobs that were 'running' to 'orphaned'.
      * The child processes were detached but can't be reattached to in this process.
+     *
+     * Returns the row count + a per-orphan snapshot so AsyncJobManager can
+     * write a flight-recorder logComplete with proper audit data
+     * (durationMs from startedAt, response from stderr||stdout).
      */
-    markOrphanedOnStartup(): number;
+    markOrphanedOnStartup(): {
+        count: number;
+        orphaned: Array<OrphanedJobSnapshot>;
+    };
     /**
      * Delete rows whose expires_at has passed. Returns number of rows deleted.
      */
@@ -171,7 +204,10 @@ export declare class MemoryJobStore implements JobStore {
      * In-memory stores have no cross-process state, so any "running" rows here
      * came from this very process and aren't actually orphaned. No-op.
      */
-    markOrphanedOnStartup(): number;
+    markOrphanedOnStartup(): {
+        count: number;
+        orphaned: Array<OrphanedJobSnapshot>;
+    };
     evictExpired(): number;
     close(): void;
 }
@@ -188,7 +224,10 @@ export declare class PostgresJobStore implements JobStore {
     recordComplete(): void;
     getById(): JobRecord | null;
     findByRequestKey(): JobRecord | null;
-    markOrphanedOnStartup(): number;
+    markOrphanedOnStartup(): {
+        count: number;
+        orphaned: Array<OrphanedJobSnapshot>;
+    };
     evictExpired(): number;
     close(): void;
 }

package/dist/job-store.js

@@ -73,6 +73,7 @@ export class SqliteJobStore {
     updateCompleteStmt;
     getByIdStmt;
     findByRequestKeyStmt;
+    selectRunningOrphansStmt;
     markOrphanedStmt;
     deleteExpiredStmt;
     constructor(dbPath, logger = noopLogger, options = {}) {
@@ -148,6 +149,16 @@ export class SqliteJobStore {
         AND status IN ('running', 'completed')
       ORDER BY started_at DESC
       LIMIT 1
+    `);
+        // Snapshot every in-flight row's audit data BEFORE the orphan-flip
+        // UPDATE so AsyncJobManager can construct a full FlightLogResult per
+        // orphan. No transaction wrapper required: gateway boot is
+        // single-threaded before any new jobs can arrive, so no
+        // status='running' row can be inserted between this SELECT and the
+        // UPDATE below.
+        this.selectRunningOrphansStmt = this.db.prepare(`
+      SELECT id, correlation_id, started_at, stdout, stderr, exit_code
+      FROM jobs WHERE status = 'running'
     `);
         this.markOrphanedStmt = this.db.prepare(`
       UPDATE jobs
@@ -227,14 +238,29 @@ export class SqliteJobStore {
     /**
      * On gateway boot, flip any jobs that were 'running' to 'orphaned'.
      * The child processes were detached but can't be reattached to in this process.
+     *
+     * Returns the row count + a per-orphan snapshot so AsyncJobManager can
+     * write a flight-recorder logComplete with proper audit data
+     * (durationMs from startedAt, response from stderr||stdout).
      */
     markOrphanedOnStartup() {
         const now = new Date().toISOString();
         // Orphaned jobs retain a short window so callers can fetch the partial output,
         // then evict. Reuse the standard retention.
         const expiresAt = new Date(Date.now() + this.retentionMs).toISOString();
+        // SELECT before UPDATE — gateway boot is single-threaded so no row can
+        // appear in 'running' between the two statements.
+        const rows = (this.selectRunningOrphansStmt.all?.() ?? []);
+        const orphaned = rows.map(row => ({
+            id: row.id,
+            correlationId: row.correlation_id,
+            startedAt: row.started_at,
+            stdout: row.stdout ?? "",
+            stderr: row.stderr ?? "",
+            exitCode: row.exit_code,
+        }));
         const result = this.markOrphanedStmt.run(now, expiresAt);
-        return result?.changes ?? 0;
+        return { count: result?.changes ?? 0, orphaned };
     }
     /**
      * Delete rows whose expires_at has passed. Returns number of rows deleted.
@@ -341,7 +367,7 @@ export class MemoryJobStore {
      * came from this very process and aren't actually orphaned. No-op.
      */
     markOrphanedOnStartup() {
-        return 0;
+        return { count: 0, orphaned: [] };
     }
     evictExpired() {
         const nowIso = new Date().toISOString();

package/dist/mistral-meta-json-parser.d.ts

@@ -0,0 +1,6 @@
+export interface VibeMetaJsonUsage {
+    inputTokens?: number;
+    outputTokens?: number;
+    costUsd?: number;
+}
+export declare function parseVibeMetaJson(home: string, sessionId: string | undefined): VibeMetaJsonUsage;