npm - llm-cli-gateway - Versions diffs - 2.10.0 → 2.11.0 - Mend

llm-cli-gateway 2.10.0 → 2.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (64) hide show

package/CHANGELOG.md +52 -0
package/README.md +7 -5
package/dist/acp/event-normalizer.d.ts +42 -0
package/dist/acp/event-normalizer.js +71 -0
package/dist/acp/flight-redaction.d.ts +25 -0
package/dist/acp/flight-redaction.js +40 -0
package/dist/acp/host-services.d.ts +16 -0
package/dist/acp/host-services.js +29 -0
package/dist/acp/permission-bridge.d.ts +15 -0
package/dist/acp/permission-bridge.js +90 -0
package/dist/acp/process-manager.js +7 -1
package/dist/acp/provider-registry.d.ts +1 -1
package/dist/acp/provider-registry.js +13 -0
package/dist/acp/runtime.d.ts +35 -0
package/dist/acp/runtime.js +125 -0
package/dist/acp/session-map.d.ts +42 -0
package/dist/acp/session-map.js +67 -0
package/dist/acp/smoke-harness.d.ts +28 -0
package/dist/acp/smoke-harness.js +90 -0
package/dist/api-http.d.ts +18 -0
package/dist/api-http.js +122 -0
package/dist/api-provider.d.ts +83 -0
package/dist/api-provider.js +258 -0
package/dist/api-request.d.ts +30 -0
package/dist/api-request.js +51 -0
package/dist/approval-manager.d.ts +1 -1
package/dist/approval-manager.js +6 -7
package/dist/async-job-manager.d.ts +19 -4
package/dist/async-job-manager.js +211 -35
package/dist/claude-mcp-config.d.ts +2 -2
package/dist/claude-mcp-config.js +42 -52
package/dist/cli-updater.js +16 -1
package/dist/config.d.ts +20 -0
package/dist/config.js +93 -35
package/dist/doctor.d.ts +1 -1
package/dist/flight-recorder.d.ts +1 -0
package/dist/flight-recorder.js +11 -0
package/dist/index.d.ts +56 -5
package/dist/index.js +639 -38
package/dist/job-store.d.ts +15 -0
package/dist/job-store.js +39 -5
package/dist/mcp-registry.d.ts +17 -0
package/dist/mcp-registry.js +5 -0
package/dist/metrics.js +7 -2
package/dist/model-registry.js +11 -0
package/dist/prompt-parts.d.ts +6 -6
package/dist/provider-login-guidance.js +21 -0
package/dist/provider-status.js +4 -1
package/dist/provider-tool-capabilities.d.ts +4 -3
package/dist/provider-tool-capabilities.js +93 -6
package/dist/request-helpers.d.ts +6 -6
package/dist/request-helpers.js +1 -4
package/dist/session-manager-pg.js +2 -9
package/dist/session-manager.d.ts +9 -4
package/dist/session-manager.js +13 -4
package/dist/upstream-contracts.js +112 -2
package/dist/validation-normalizer.d.ts +2 -2
package/dist/validation-orchestrator.d.ts +2 -0
package/dist/validation-orchestrator.js +28 -7
package/dist/validation-tools.d.ts +61 -0
package/dist/validation-tools.js +36 -21
package/migrations/005_provider_type_open_api_names.sql +28 -0
package/npm-shrinkwrap.json +4 -3
package/package.json +12 -9

package/dist/index.js CHANGED Viewed

@@ -18,7 +18,11 @@ import { createWorktree, createWorktreeSessionCleanupHook, } from "./worktree-ma
 import { ResourceProvider } from "./resources.js";
 import { PerformanceMetrics } from "./metrics.js";
 import { estimateTokens, optimizePrompt as optimizePromptText, optimizeResponse as optimizeResponseText, } from "./optimizer.js";
-import { loadConfig, loadPersistenceConfig, loadCacheAwarenessConfig, loadProvidersConfig, defaultGatewayConfigPath, isXaiProviderEnabled, minStableTokensForModel, } from "./config.js";
+import { loadConfig, loadPersistenceConfig, loadCacheAwarenessConfig, loadProvidersConfig, loadAcpConfig, defaultGatewayConfigPath, isXaiProviderEnabled, enabledApiProviders, minStableTokensForModel, } from "./config.js";
+import { runAcpRequest } from "./acp/runtime.js";
+import { isAcpError } from "./acp/errors.js";
+import { createApiProvider, runApiRequest, apiProviderBreakerState, } from "./api-provider.js";
+import { prepareApiRequest, apiProviderCatalogEntry, ApiModelNotAllowedError, } from "./api-request.js";
 import { createXaiResponse, XaiApiError, } from "./xai-api-provider.js";
 import { checkHealth } from "./health.js";
 import { clearModelRegistryCache, getAvailableCliInfo, getCliInfo, resolveModelAlias, } from "./model-registry.js";
@@ -28,7 +32,7 @@ import { createJobStore } from "./job-store.js";
 import { ApprovalManager, bypassAllowedByOperator, } from "./approval-manager.js";
 import { checkReviewIntegrity } from "./review-integrity.js";
 import { buildClaudeMcpConfig, CLAUDE_MCP_SERVER_NAMES, } from "./claude-mcp-config.js";
-import { resolveGrokSessionArgs, resolveMistralSessionArgs, resolveCodexSessionArgs, sanitizeCliArgValues, prepareMistralRequest as buildMistralCliInvocation, MISTRAL_AGENT_MODES, GATEWAY_SESSION_PREFIX, resolveClaudePermissionFlags, resolveCodexSandboxFlags, CLAUDE_PERMISSION_MODES, GEMINI_APPROVAL_MODES, CODEX_SANDBOX_MODES, CODEX_ASK_FOR_APPROVAL_MODES, CLAUDE_EFFORT_LEVELS, prepareClaudeHighImpactFlags, validateClaudeAgentsMap, prepareCodexHighImpactFlags, prepareCodexForkRequest, CODEX_CONFIG_OVERRIDES_SCHEMA, resolveGeminiSessionPlan, GEMINI_HIGH_IMPACT_PARAMS_SCHEMA, } from "./request-helpers.js";
+import { resolveGrokSessionArgs, resolveMistralSessionArgs, resolveCodexSessionArgs, sanitizeCliArgValues, prepareMistralRequest as buildMistralCliInvocation, GATEWAY_SESSION_PREFIX, resolveClaudePermissionFlags, resolveCodexSandboxFlags, CLAUDE_PERMISSION_MODES, GEMINI_APPROVAL_MODES, CODEX_SANDBOX_MODES, CODEX_ASK_FOR_APPROVAL_MODES, CLAUDE_EFFORT_LEVELS, prepareClaudeHighImpactFlags, validateClaudeAgentsMap, prepareCodexHighImpactFlags, prepareCodexForkRequest, CODEX_CONFIG_OVERRIDES_SCHEMA, resolveGeminiSessionPlan, GEMINI_HIGH_IMPACT_PARAMS_SCHEMA, } from "./request-helpers.js";
 import { createFlightRecorder } from "./flight-recorder.js";
 import { resolvePromptInput, PromptPartsSchema, assembleClaudeCacheBlocks, } from "./prompt-parts.js";
 import { computeSessionCacheStats, computeTtlRemaining, readPersistedRequest, PERSISTED_REQUEST_DEFAULT_MAX_CHARS, } from "./cache-stats.js";
@@ -183,6 +187,7 @@ let flightRecorder = null;
 let persistenceConfig = null;
 let cacheAwarenessConfig = null;
 let providersConfig = null;
+let acpConfig = null;
 let jobStore = null;
 let jobStoreInitialized = false;
 let asyncJobManager = null;
@@ -195,6 +200,10 @@ function getPersistenceConfig(runtimeLogger = logger) {
     persistenceConfig ??= loadPersistenceConfig(runtimeLogger);
     return persistenceConfig;
 }
+function getAcpConfig(runtimeLogger = logger) {
+    acpConfig ??= loadAcpConfig(runtimeLogger);
+    return acpConfig;
+}
 function getCacheAwarenessConfig(runtimeLogger = logger) {
     cacheAwarenessConfig ??= loadCacheAwarenessConfig(runtimeLogger);
     return cacheAwarenessConfig;
@@ -229,7 +238,11 @@ function getApprovalManager(runtimeLogger = logger) {
     approvalManager ??= new ApprovalManager(undefined, runtimeLogger);
     return approvalManager;
 }
-const MCP_SERVER_ENUM = z.enum(CLAUDE_MCP_SERVER_NAMES);
+function mcpServerEnum() {
+    return CLAUDE_MCP_SERVER_NAMES.length > 0
+        ? z.enum(CLAUDE_MCP_SERVER_NAMES)
+        : z.string();
+}
 const CLI_TYPE_ENUM = z.enum(CLI_TYPES);
 export const MAX_TURNS_SCHEMA = z.number().int().positive().safe().max(10_000);
 const GROK_GENERATED_SHAPE = deriveZodShapeFromGeneration(UPSTREAM_CLI_CONTRACTS.grok, GROK_FLAG_GENERATION);
@@ -299,6 +312,7 @@ export function resolveGatewayServerRuntime(deps = {}, options = {}) {
         persistence: deps.persistence ?? getPersistenceConfig(runtimeLogger),
         cacheAwareness: deps.cacheAwareness ?? getCacheAwarenessConfig(runtimeLogger),
         providers: deps.providers ?? getProvidersConfig(runtimeLogger),
+        acpConfig: deps.acpConfig ?? getAcpConfig(runtimeLogger),
         workspaces: deps.workspaces ?? loadWorkspaceRegistry(runtimeLogger),
     };
 }
@@ -317,6 +331,44 @@ function resolveIdleTimeout(cli, override) {
         return override;
     return CLI_IDLE_TIMEOUTS[cli];
 }
+export async function runAcpTransport(deps, params) {
+    const runtime = resolveHandlerRuntime(deps);
+    const operation = `${params.provider}_request`;
+    const corrId = params.correlationId ?? randomUUID();
+    const prompt = (params.prompt ?? "").trim();
+    if (!prompt) {
+        return createErrorResponse(operation, 1, "prompt is required and cannot be empty", corrId);
+    }
+    try {
+        const result = await runAcpRequest({
+            config: runtime.acpConfig,
+            sessionManager: runtime.sessionManager,
+            approvalManager: runtime.approvalManager,
+            flightRecorder: runtime.flightRecorder,
+            logger: runtime.logger,
+        }, {
+            provider: params.provider,
+            prompt,
+            model: params.model,
+            sessionId: params.sessionId,
+            correlationId: corrId,
+        });
+        return {
+            content: [
+                {
+                    type: "text",
+                    text: `[gateway] transport=acp session=${result.gatewaySessionId}\n${result.text}`,
+                },
+            ],
+        };
+    }
+    catch (err) {
+        if (isAcpError(err)) {
+            return createErrorResponse(operation, 1, err.userMessage, corrId);
+        }
+        return createErrorResponse(operation, 1, "", corrId, err);
+    }
+}
 const SYNC_POLL_INTERVAL_MS = 1_000;
 async function awaitJobOrDefer(cli, args, corrId, idleTimeoutMs, outputFormat, forceRefresh, runtime = resolveGatewayServerRuntime(), env, onComplete, flightRecorderEntry, extractUsage, stdin, cwd) {
     let onCompleteOwnedByCaller = onComplete !== undefined;
@@ -406,6 +458,79 @@ async function awaitJobOrDefer(cli, args, corrId, idleTimeoutMs, outputFormat, f
         message: `Execution exceeded sync deadline (${SYNC_DEADLINE_MS}ms). Poll with llm_job_status, collect with llm_job_result.`,
     };
 }
+async function awaitApiJobOrDefer(provider, apiRequest, corrId, runtime = resolveGatewayServerRuntime(), onComplete, flightRecorderEntry, extractUsage) {
+    let onCompleteOwnedByCaller = onComplete !== undefined;
+    const consumeOnComplete = () => {
+        if (!onCompleteOwnedByCaller || !onComplete)
+            return;
+        onCompleteOwnedByCaller = false;
+        try {
+            onComplete();
+        }
+        catch (err) {
+            runtime.logger.error(`awaitApiJobOrDefer onComplete (${provider.name}) threw`, err);
+        }
+    };
+    const deferralAvailable = runtime.persistence.backend !== "none" &&
+        runtime.persistence.asyncJobsEnabled &&
+        runtime.asyncJobManager.hasStore();
+    if (SYNC_DEADLINE_MS === 0 || !deferralAvailable) {
+        try {
+            const result = await runApiRequest(provider, apiRequest, runtime.logger);
+            return { stdout: result.text, stderr: "", code: 0 };
+        }
+        catch (err) {
+            return { stdout: "", stderr: err.message, code: 1 };
+        }
+        finally {
+            consumeOnComplete();
+        }
+    }
+    let outcome;
+    try {
+        outcome = runtime.asyncJobManager.startHttpJob({
+            provider,
+            apiRequest,
+            correlationId: corrId,
+            onComplete,
+            flightRecorderEntry,
+            extractUsage,
+        });
+        onCompleteOwnedByCaller = false;
+    }
+    catch (err) {
+        consumeOnComplete();
+        throw err;
+    }
+    const job = outcome.snapshot;
+    if (outcome.deduped) {
+        runtime.logger.info(`[${corrId}] api request deduped onto job ${job.id} (original corrId=${outcome.originalCorrelationId})`);
+    }
+    const deadline = Date.now() + SYNC_DEADLINE_MS;
+    while (Date.now() < deadline) {
+        const snapshot = runtime.asyncJobManager.getJobSnapshot(job.id);
+        if (snapshot && snapshot.status !== "running") {
+            const result = runtime.asyncJobManager.getJobResult(job.id);
+            if (!result)
+                return { stdout: "", stderr: "Job result unavailable", code: 1 };
+            return {
+                stdout: result.stdout,
+                stderr: result.stderr || result.error || "",
+                code: result.exitCode ?? 1,
+            };
+        }
+        await new Promise(resolve => setTimeout(resolve, SYNC_POLL_INTERVAL_MS));
+    }
+    runtime.asyncJobManager.armFlightCompleteForDeferral(job.id);
+    runtime.logger.info(`[${corrId}] ${provider.name} sync deadline exceeded (${SYNC_DEADLINE_MS}ms), deferring to async job ${job.id}`);
+    return {
+        deferred: true,
+        jobId: job.id,
+        cli: provider.name,
+        correlationId: corrId,
+        message: `Execution exceeded sync deadline (${SYNC_DEADLINE_MS}ms). Poll with llm_job_status, collect with llm_job_result.`,
+    };
+}
 function isDeferredResponse(result) {
     return "deferred" in result && result.deferred === true;
 }
@@ -795,7 +920,7 @@ function createApprovalDeniedResponse(operation, decision) {
 }
 function normalizeMcpServers(mcpServers) {
     if (!mcpServers || mcpServers.length === 0) {
-        return ["sqry"];
+        return [];
     }
     return [...new Set(mcpServers)];
 }
@@ -1552,9 +1677,6 @@ export function prepareGeminiRequest(params, runtime = resolveGatewayServerRunti
     if (params.allowedTools && params.allowedTools.length > 0) {
         return unsupported("allowedTools", "agy has no non-interactive allowed-tools flag");
     }
-    if (requestedMcpServers.length > 0) {
-        return unsupported("mcpServers", "agy has no non-interactive allowed MCP server allowlist flag");
-    }
     if (params.outputFormat && params.outputFormat !== "text") {
         return unsupported("outputFormat", "agy print mode currently emits text only");
     }
@@ -2182,6 +2304,120 @@ export async function handleGrokApiRequest(deps, params) {
         runtime.performanceMetrics.recordRequest("grok-api", durationMs || Math.max(0, Date.now() - startTime), wasSuccessful);
     }
 }
+function buildApiProviderCall(providerRuntime, params) {
+    const apiRequest = prepareApiRequest(providerRuntime, {
+        prompt: params.prompt ?? "",
+        system: params.system,
+        model: params.model,
+        maxOutputTokens: params.maxOutputTokens,
+        temperature: params.temperature,
+        topP: params.topP,
+        reasoningEffort: params.reasoningEffort,
+        timeoutMs: params.timeoutMs,
+    });
+    const provider = createApiProvider(providerRuntime.name, providerRuntime.kind);
+    return { provider, apiRequest };
+}
+function buildApiSuccessResponse(text, corrId, providerName) {
+    return {
+        content: [{ type: "text", text }],
+        structuredContent: {
+            response: text,
+            correlationId: corrId,
+            cli: providerName,
+            exitCode: 0,
+        },
+    };
+}
+export async function handleApiProviderRequest(runtimeArg, providerRuntime, params) {
+    const toolName = `api_${providerRuntime.name}_request`;
+    const corrId = params.correlationId ?? randomUUID();
+    const startTime = Date.now();
+    let wasSuccessful = false;
+    try {
+        if (!params.prompt || params.prompt.trim().length === 0) {
+            return createErrorResponse(toolName, 1, "prompt is required and cannot be empty", corrId);
+        }
+        const { provider, apiRequest } = buildApiProviderCall(providerRuntime, params);
+        const result = await awaitApiJobOrDefer(provider, apiRequest, corrId, runtimeArg);
+        if (isDeferredResponse(result))
+            return buildDeferredToolResponse(result);
+        if (result.code !== 0) {
+            return createErrorResponse(toolName, result.code, result.stderr, corrId);
+        }
+        wasSuccessful = true;
+        return buildApiSuccessResponse(result.stdout, corrId, providerRuntime.name);
+    }
+    catch (err) {
+        if (err instanceof ApiModelNotAllowedError) {
+            return createErrorResponse(toolName, 1, err.message, corrId, err);
+        }
+        return createErrorResponse(toolName, 1, "", corrId, err);
+    }
+    finally {
+        runtimeArg.performanceMetrics.recordRequest(providerRuntime.name, Math.max(0, Date.now() - startTime), wasSuccessful);
+    }
+}
+export function handleApiProviderRequestAsync(runtimeArg, providerRuntime, params) {
+    const toolName = `api_${providerRuntime.name}_request_async`;
+    const corrId = params.correlationId ?? randomUUID();
+    try {
+        if (!params.prompt || params.prompt.trim().length === 0) {
+            return createErrorResponse(toolName, 1, "prompt is required and cannot be empty", corrId);
+        }
+        const { provider, apiRequest } = buildApiProviderCall(providerRuntime, params);
+        const outcome = runtimeArg.asyncJobManager.startHttpJob({
+            provider,
+            apiRequest,
+            correlationId: corrId,
+            writeFlightStart: true,
+        });
+        return buildDeferredToolResponse({
+            deferred: true,
+            jobId: outcome.snapshot.id,
+            cli: providerRuntime.name,
+            correlationId: corrId,
+            message: outcome.deduped
+                ? `Deduped onto existing job ${outcome.snapshot.id}. Poll with llm_job_status.`
+                : `Started async job ${outcome.snapshot.id}. Poll with llm_job_status, collect with llm_job_result.`,
+        });
+    }
+    catch (err) {
+        if (err instanceof ApiModelNotAllowedError) {
+            return createErrorResponse(toolName, 1, err.message, corrId, err);
+        }
+        return createErrorResponse(toolName, 1, "", corrId, err);
+    }
+}
+const ApiReasoningEffortSchema = z.enum(["none", "low", "medium", "high"]);
+export function registerApiProviderTools(server, runtime, providers, asyncJobsEnabled) {
+    const registered = [];
+    const inputSchema = {
+        prompt: z.string().min(1).max(100000).optional().describe("Prompt text for the API provider"),
+        system: z.string().max(100000).optional().describe("Optional system instruction"),
+        model: z
+            .string()
+            .min(1)
+            .optional()
+            .describe("Model id; defaults to the provider default_model"),
+        correlationId: z.string().optional().describe("Request trace ID (auto if omitted)"),
+        maxOutputTokens: z.number().int().positive().max(100000000).optional(),
+        temperature: z.number().finite().min(0).max(2).optional(),
+        topP: z.number().finite().min(0).max(1).optional(),
+        reasoningEffort: ApiReasoningEffortSchema.optional(),
+        timeoutMs: z.number().int().min(30_000).max(3_600_000).optional(),
+    };
+    for (const providerRuntime of enabledApiProviders(providers)) {
+        const name = providerRuntime.name;
+        server.tool(`api_${name}_request`, `Run a request against the "${name}" API provider (kind: ${providerRuntime.kind}) synchronously. Registered only when [providers.${name}] is configured and enabled.`, inputSchema, { title: `${name} API request`, readOnlyHint: false, openWorldHint: true }, async (params) => handleApiProviderRequest(runtime, providerRuntime, params));
+        registered.push(`api_${name}_request`);
+        if (asyncJobsEnabled) {
+            server.tool(`api_${name}_request_async`, `Start an async request against the "${name}" API provider; returns a jobId to poll with llm_job_status.`, inputSchema, { title: `${name} API request (async)`, readOnlyHint: false, openWorldHint: true }, async (params) => handleApiProviderRequestAsync(runtime, providerRuntime, params));
+            registered.push(`api_${name}_request_async`);
+        }
+    }
+    return registered;
+}
 function maybeBuildCacheTtlWarning(args) {
     if (args.cli !== "claude")
         return null;
@@ -2467,6 +2703,15 @@ export async function handleGeminiRequestAsync(deps, params) {
     }
 }
 export async function handleGrokRequest(deps, params) {
+    if (params.transport === "acp") {
+        return runAcpTransport(deps, {
+            provider: "grok",
+            prompt: params.prompt,
+            model: params.model,
+            sessionId: params.sessionId,
+            correlationId: params.correlationId,
+        });
+    }
     const runtime = resolveHandlerRuntime(deps);
     const startTime = Date.now();
     const prep = prepareGrokRequest({
@@ -2761,7 +3006,222 @@ export async function handleGrokRequestAsync(deps, params) {
         return createErrorResponse("grok_request_async", 1, "", corrId, error);
     }
 }
+export function prepareDevinRequest(params, _runtime) {
+    const corrId = params.correlationId ?? randomUUID();
+    let prompt = (params.prompt ?? "").trim();
+    if (!prompt) {
+        return createErrorResponse(params.operation, 1, "prompt is required and cannot be empty", corrId);
+    }
+    if (params.optimizePrompt)
+        prompt = optimizePromptText(prompt);
+    const resolvedModel = resolveModelAlias("devin", params.model, getCliInfo());
+    const args = ["-p", prompt];
+    if (resolvedModel)
+        args.push("--model", resolvedModel);
+    if (params.permissionMode)
+        args.push("--permission-mode", params.permissionMode);
+    if (params.promptFile)
+        args.push("--prompt-file", params.promptFile);
+    return {
+        corrId,
+        effectivePrompt: prompt,
+        resolvedModel,
+        requestedMcpServers: [],
+        approvalDecision: null,
+        args,
+        stablePrefixHash: null,
+        stablePrefixTokens: null,
+    };
+}
+export async function handleDevinRequest(deps, params) {
+    if (params.transport === "acp") {
+        return runAcpTransport(deps, {
+            provider: "devin",
+            prompt: params.prompt,
+            model: params.model,
+            sessionId: params.sessionId,
+            correlationId: params.correlationId,
+        });
+    }
+    const runtime = resolveHandlerRuntime(deps);
+    const startTime = Date.now();
+    const prep = prepareDevinRequest({
+        prompt: params.prompt,
+        model: params.model,
+        permissionMode: params.permissionMode,
+        promptFile: params.promptFile,
+        correlationId: params.correlationId,
+        optimizePrompt: params.optimizePrompt,
+        operation: "devin_request",
+    }, runtime);
+    if (!("args" in prep))
+        return prep;
+    const { corrId, args } = prep;
+    let durationMs = 0;
+    let wasSuccessful = false;
+    safeFlightStart({
+        correlationId: corrId,
+        cli: "devin",
+        model: prep.resolvedModel || "default",
+        prompt: prep.effectivePrompt,
+        sessionId: params.sessionId,
+    }, runtime);
+    try {
+        const sessionResult = resolveGrokSessionArgs({
+            sessionId: params.sessionId,
+            resumeLatest: params.resumeLatest,
+            createNewSession: params.createNewSession,
+        });
+        if (sessionResult.userProvidedSession) {
+            await getExistingSessionForProvider(deps.sessionManager, sessionResult.effectiveSessionId, "devin");
+        }
+        args.push(...sessionResult.resumeArgs);
+        const devinFrHandoff = buildAsyncFlightRecorderHandoff("devin", prep, params.sessionId, undefined);
+        const result = await awaitJobOrDefer("devin", args, corrId, resolveIdleTimeout("devin", params.idleTimeoutMs), undefined, params.forceRefresh, runtime, undefined, undefined, devinFrHandoff.flightRecorderEntry, devinFrHandoff.extractUsage);
+        if (isDeferredResponse(result)) {
+            return buildDeferredToolResponse(result, sessionResult.effectiveSessionId);
+        }
+        const { stdout, stderr, code } = result;
+        durationMs = Math.max(0, Date.now() - startTime);
+        if (code !== 0) {
+            safeFlightComplete(corrId, {
+                response: stderr || "",
+                durationMs,
+                retryCount: 0,
+                circuitBreakerState: "closed",
+                optimizationApplied: false,
+                exitCode: code,
+                errorMessage: stderr || `Exit code ${code}`,
+                status: "failed",
+            }, runtime);
+            return createErrorResponse("devin", code, stderr, corrId);
+        }
+        wasSuccessful = true;
+        let effectiveSessionId = sessionResult.effectiveSessionId;
+        if (sessionResult.userProvidedSession && effectiveSessionId) {
+            const existing = await deps.sessionManager.getSession(effectiveSessionId);
+            if (!existing) {
+                try {
+                    await deps.sessionManager.createSession("devin", "Devin Session", effectiveSessionId);
+                }
+                catch {
+                    const rechecked = await deps.sessionManager.getSession(effectiveSessionId);
+                    if (!rechecked)
+                        throw new Error(`Failed to create or find session ${effectiveSessionId}`);
+                }
+            }
+            await deps.sessionManager.updateSessionUsage(effectiveSessionId);
+        }
+        else if (!params.createNewSession && !effectiveSessionId) {
+            const newSession = await deps.sessionManager.createSession("devin", "Devin Session", `${GATEWAY_SESSION_PREFIX}${randomUUID()}`);
+            effectiveSessionId = newSession.id;
+        }
+        const response = buildCliResponse("devin", stdout, params.optimizeResponse ?? false, corrId, effectiveSessionId, prep, durationMs, sessionResult.userProvidedSession);
+        safeFlightComplete(corrId, {
+            response: stdout,
+            durationMs,
+            retryCount: 0,
+            circuitBreakerState: "closed",
+            optimizationApplied: params.optimizePrompt || (params.optimizeResponse ?? false),
+            exitCode: 0,
+            status: "completed",
+        }, runtime);
+        return response;
+    }
+    catch (error) {
+        const elapsedMs = Math.max(0, Date.now() - startTime);
+        safeFlightComplete(corrId, {
+            response: "",
+            durationMs: elapsedMs,
+            retryCount: 0,
+            circuitBreakerState: "closed",
+            optimizationApplied: false,
+            exitCode: 1,
+            errorMessage: error.message,
+            status: "failed",
+        }, runtime);
+        return createErrorResponse("devin", 1, "", corrId, error);
+    }
+    finally {
+        runtime.performanceMetrics.recordRequest("devin", Math.max(0, durationMs || Date.now() - startTime), wasSuccessful);
+    }
+}
+export async function handleDevinRequestAsync(deps, params) {
+    const runtime = resolveHandlerRuntime(deps);
+    const prep = prepareDevinRequest({
+        prompt: params.prompt,
+        model: params.model,
+        permissionMode: params.permissionMode,
+        promptFile: params.promptFile,
+        correlationId: params.correlationId,
+        optimizePrompt: params.optimizePrompt,
+        operation: "devin_request_async",
+    }, runtime);
+    if (!("args" in prep))
+        return prep;
+    const { corrId, args } = prep;
+    try {
+        const sessionResult = resolveGrokSessionArgs({
+            sessionId: params.sessionId,
+            resumeLatest: params.resumeLatest,
+            createNewSession: params.createNewSession,
+        });
+        if (sessionResult.userProvidedSession) {
+            await getExistingSessionForProvider(deps.sessionManager, sessionResult.effectiveSessionId, "devin");
+        }
+        args.push(...sessionResult.resumeArgs);
+        let effectiveSessionId = sessionResult.effectiveSessionId;
+        if (sessionResult.userProvidedSession && effectiveSessionId) {
+            const existing = await deps.sessionManager.getSession(effectiveSessionId);
+            if (!existing) {
+                try {
+                    await deps.sessionManager.createSession("devin", "Devin Session", effectiveSessionId);
+                }
+                catch {
+                    const rechecked = await deps.sessionManager.getSession(effectiveSessionId);
+                    if (!rechecked)
+                        throw new Error(`Failed to create or find session ${effectiveSessionId}`);
+                }
+            }
+            await deps.sessionManager.updateSessionUsage(effectiveSessionId);
+        }
+        else if (!params.createNewSession && !effectiveSessionId) {
+            const newSession = await deps.sessionManager.createSession("devin", "Devin Session", `${GATEWAY_SESSION_PREFIX}${randomUUID()}`);
+            effectiveSessionId = newSession.id;
+        }
+        assertUpstreamCliArgs("devin", args);
+        assertUpstreamCliEnv("devin", undefined);
+        const devinAsyncFrHandoff = buildAsyncFlightRecorderHandoff("devin", prep, effectiveSessionId, undefined);
+        const job = deps.asyncJobManager.startJob("devin", args, corrId, undefined, resolveIdleTimeout("devin", params.idleTimeoutMs), undefined, params.forceRefresh, undefined, undefined, devinAsyncFrHandoff.flightRecorderEntry, devinAsyncFrHandoff.extractUsage, true);
+        deps.logger.info(`[${corrId}] devin_request_async started job ${job.id}`);
+        return {
+            content: [
+                {
+                    type: "text",
+                    text: JSON.stringify({
+                        success: true,
+                        job,
+                        sessionId: effectiveSessionId || null,
+                        resumable: sessionResult.userProvidedSession,
+                    }, null, 2),
+                },
+            ],
+        };
+    }
+    catch (error) {
+        return createErrorResponse("devin_request_async", 1, "", corrId, error);
+    }
+}
 export async function handleMistralRequest(deps, params) {
+    if (params.transport === "acp") {
+        return runAcpTransport(deps, {
+            provider: "mistral",
+            prompt: params.prompt,
+            model: params.model,
+            sessionId: params.sessionId,
+            correlationId: params.correlationId,
+        });
+    }
     const runtime = resolveHandlerRuntime(deps);
     const startTime = Date.now();
     const prep = prepareMistralRequest({
@@ -3157,8 +3617,15 @@ export function createGatewayServer(deps = {}) {
     const asyncJobsEnabled = persistence.backend !== "none" && persistence.asyncJobsEnabled && asyncJobManager.hasStore();
     const server = newGatewayMcpServer(asyncJobsEnabled, grokApiToolsEnabled);
     registerBaseResources(server, runtime);
-    registerValidationTools(server, { asyncJobManager });
+    registerValidationTools(server, {
+        asyncJobManager,
+        apiProviders: enabledApiProviders(providers),
+    });
     registerWorkspaceTools(server, runtime);
+    const apiProviderTools = registerApiProviderTools(server, runtime, providers, asyncJobsEnabled);
+    if (apiProviderTools.length > 0) {
+        runtime.logger.info(`Registered API provider tools: ${apiProviderTools.join(", ")}`);
+    }
     if (grokApiToolsEnabled) {
         server.tool("grok_api_request", "Run an xAI Grok API request synchronously through the Responses API. Requires exactly one of prompt or promptParts. Registered only when [providers.xai] is configured and its API-key env var is present.", {
             prompt: z
@@ -3352,10 +3819,7 @@ export function createGatewayServer(deps = {}) {
             .enum(["strict", "balanced", "permissive"])
             .optional()
             .describe("Approval policy override"),
-        mcpServers: z
-            .array(MCP_SERVER_ENUM)
-            .default(["sqry"])
-            .describe("MCP servers exposed to Claude"),
+        mcpServers: z.array(mcpServerEnum()).default([]).describe("MCP servers exposed to Claude"),
         strictMcpConfig: z
             .boolean()
             .default(false)
@@ -3626,8 +4090,8 @@ export function createGatewayServer(deps = {}) {
             .optional()
             .describe("Approval policy override"),
         mcpServers: z
-            .array(MCP_SERVER_ENUM)
-            .default(["sqry"])
+            .array(mcpServerEnum())
+            .default([])
             .describe("MCP server names for approval tracking (Codex manages its own MCP config)"),
         sessionId: z
             .string()
@@ -3994,9 +4458,9 @@ export function createGatewayServer(deps = {}) {
             .optional()
             .describe("Approval policy override"),
         mcpServers: z
-            .array(MCP_SERVER_ENUM)
+            .array(mcpServerEnum())
             .default([])
-            .describe("Unsupported for Antigravity CLI; non-empty values are rejected"),
+            .describe("MCP server names accepted for approval tracking only; Antigravity manages its own MCP configuration."),
         allowedTools: z
             .array(z.string())
             .optional()
@@ -4082,6 +4546,10 @@ export function createGatewayServer(deps = {}) {
             .describe("Prompt text for Grok (mutually exclusive with promptParts)"),
         promptParts: PromptPartsSchema.optional().describe("Cache-aware structured prompt: { system?, tools?, context?, task }. Mutually exclusive with prompt. Stable parts hash into cache_state for prefix-discipline tracking."),
         model: z.string().optional().describe("Model name or alias (e.g. grok-build, latest)"),
+        transport: z
+            .enum(["cli", "acp"])
+            .default("cli")
+            .describe("Transport: 'cli' (default) runs the Grok CLI; 'acp' routes through `grok agent stdio` when [acp].enabled and the provider's runtime_enabled are set (fails closed otherwise)."),
         ...GROK_GENERATED_SHAPE,
         sessionId: z
             .string()
@@ -4109,8 +4577,8 @@ export function createGatewayServer(deps = {}) {
             .optional()
             .describe("Approval policy override"),
         mcpServers: z
-            .array(MCP_SERVER_ENUM)
-            .default(["sqry"])
+            .array(mcpServerEnum())
+            .default([])
             .describe("MCP server names for approval tracking (Grok manages its own MCP config via `grok mcp`)"),
         correlationId: z.string().optional().describe("Request trace ID (auto if omitted)"),
         optimizePrompt: z.boolean().default(false).describe("Optimize prompt before execution"),
@@ -4146,11 +4614,12 @@ export function createGatewayServer(deps = {}) {
         destructiveHint: true,
         idempotentHint: false,
         openWorldHint: true,
-    }, async ({ prompt, promptParts, model, outputFormat, sessionId, resumeLatest, createNewSession, alwaysApprove, permissionMode, effort, reasoningEffort, approvalStrategy, approvalPolicy, mcpServers, allowedTools, disallowedTools, correlationId, optimizePrompt, optimizeResponse, idleTimeoutMs, forceRefresh, maxTurns, workingDir, sandbox, rules, systemPromptOverride, allow, deny, compactionMode, compactionDetail, agent, bestOfN, check, disableWebSearch, todoGate, verbatim, agents, promptFile, promptJson, single, experimentalMemory, noAltScreen, noMemory, noPlan, noSubagents, oauth, restoreCode, leaderSocket, nativeWorktree, workspace, worktree, }) => {
+    }, async ({ prompt, promptParts, model, transport, outputFormat, sessionId, resumeLatest, createNewSession, alwaysApprove, permissionMode, effort, reasoningEffort, approvalStrategy, approvalPolicy, mcpServers, allowedTools, disallowedTools, correlationId, optimizePrompt, optimizeResponse, idleTimeoutMs, forceRefresh, maxTurns, workingDir, sandbox, rules, systemPromptOverride, allow, deny, compactionMode, compactionDetail, agent, bestOfN, check, disableWebSearch, todoGate, verbatim, agents, promptFile, promptJson, single, experimentalMemory, noAltScreen, noMemory, noPlan, noSubagents, oauth, restoreCode, leaderSocket, nativeWorktree, workspace, worktree, }) => {
         return handleGrokRequest({ sessionManager, logger, runtime }, {
             prompt,
             promptParts,
             model,
+            transport,
             outputFormat,
             sessionId,
             resumeLatest,
@@ -4201,6 +4670,72 @@ export function createGatewayServer(deps = {}) {
             worktree,
         });
     });
+    server.tool("devin_request", "Run a Cognition Devin CLI request synchronously (auto-defers to a pollable job past the sync deadline when async jobs are enabled; otherwise runs to completion). Headless print mode (`devin -p`).", {
+        prompt: z
+            .string()
+            .min(1, "Prompt cannot be empty")
+            .max(100000, "Prompt too long (max 100k chars)")
+            .optional()
+            .describe("Prompt text for Devin CLI"),
+        model: z.string().optional().describe("Model name or alias (e.g. opus, latest)"),
+        transport: z
+            .enum(["cli", "acp"])
+            .default("cli")
+            .describe("Transport: 'cli' (default) runs the Devin CLI; 'acp' routes through `devin acp` when [acp].enabled and the provider's runtime_enabled are set (fails closed otherwise)."),
+        permissionMode: z
+            .enum(["normal", "auto", "dangerous", "yolo", "bypass"])
+            .optional()
+            .describe("Devin CLI permission mode (--permission-mode). normal (alias auto) auto-approves read-only tools; dangerous (aliases yolo, bypass) auto-approves all."),
+        promptFile: z
+            .string()
+            .optional()
+            .describe("Load the initial prompt from a file (--prompt-file)"),
+        sessionId: z
+            .string()
+            .optional()
+            .describe("Devin session ID to resume (emits --resume <id>; use resumeLatest for --continue)"),
+        resumeLatest: z
+            .boolean()
+            .default(false)
+            .describe("Resume the most recent Devin session in cwd (--continue)"),
+        createNewSession: z.boolean().default(false).describe("Force a new session"),
+        correlationId: z.string().optional().describe("Request trace ID (auto if omitted)"),
+        optimizePrompt: z.boolean().default(false).describe("Optimize prompt before execution"),
+        optimizeResponse: z.boolean().default(false).describe("Optimize response output"),
+        idleTimeoutMs: z
+            .number()
+            .int()
+            .min(30_000)
+            .max(3_600_000)
+            .optional()
+            .describe("Idle timeout in ms (min 30s, max 1h, omit=CLI default)"),
+        forceRefresh: z
+            .boolean()
+            .default(false)
+            .describe("Bypass dedup and force a fresh CLI run even if a recent identical request exists"),
+    }, {
+        title: "Devin CLI request",
+        readOnlyHint: false,
+        destructiveHint: true,
+        idempotentHint: false,
+        openWorldHint: true,
+    }, async ({ prompt, model, transport, permissionMode, promptFile, sessionId, resumeLatest, createNewSession, correlationId, optimizePrompt, optimizeResponse, idleTimeoutMs, forceRefresh, }) => {
+        return handleDevinRequest({ sessionManager, logger, runtime }, {
+            prompt,
+            model,
+            transport,
+            permissionMode,
+            promptFile,
+            sessionId,
+            resumeLatest,
+            createNewSession,
+            correlationId,
+            optimizePrompt,
+            optimizeResponse,
+            idleTimeoutMs,
+            forceRefresh,
+        });
+    });
     server.tool("mistral_request", "Run a Mistral Vibe CLI request synchronously (when async jobs are enabled, auto-defers to a pollable job past the sync deadline; otherwise runs to completion). Requires exactly one of prompt or promptParts.", {
         prompt: z
             .string()
@@ -4213,6 +4748,10 @@ export function createGatewayServer(deps = {}) {
             .string()
             .optional()
             .describe("Model alias (e.g. mistral-medium-3.5, latest). Resolved alias is injected via VIBE_ACTIVE_MODEL env var; Vibe has no --model flag."),
+        transport: z
+            .enum(["cli", "acp"])
+            .default("cli")
+            .describe("Transport: 'cli' (default) runs the Vibe CLI; 'acp' routes through `vibe-acp` when [acp].enabled and the provider's runtime_enabled are set (fails closed otherwise)."),
         outputFormat: z
             .enum(["text", "plain", "json", "streaming", "stream-json"])
             .optional()
@@ -4227,9 +4766,9 @@ export function createGatewayServer(deps = {}) {
             .describe("Resume most recent Vibe session in cwd (--continue)"),
         createNewSession: z.boolean().default(false).describe("Force new session"),
         permissionMode: z
-            .enum(MISTRAL_AGENT_MODES)
+            .string()
             .optional()
-            .describe("Vibe agent mode (default|plan|accept-edits|auto-approve|chat|explore|lean). Defaults to auto-approve for programmatic use."),
+            .describe("Vibe --agent name. Builtins: default|plan|accept-edits|auto-approve; Vibe also accepts install-gated builtins (e.g. lean) and custom agents from ~/.vibe/agents, so any name is passed through. Defaults to auto-approve for programmatic use."),
         approvalStrategy: z
             .enum(["legacy", "mcp_managed"])
             .default("legacy")
@@ -4239,8 +4778,8 @@ export function createGatewayServer(deps = {}) {
             .optional()
             .describe("Approval policy override"),
         mcpServers: z
-            .array(MCP_SERVER_ENUM)
-            .default(["sqry"])
+            .array(mcpServerEnum())
+            .default([])
             .describe("MCP server names for approval tracking (Vibe manages its own MCP config via `vibe mcp`)"),
         allowedTools: z
             .array(z.string())
@@ -4288,11 +4827,12 @@ export function createGatewayServer(deps = {}) {
         destructiveHint: true,
         idempotentHint: false,
         openWorldHint: true,
-    }, async ({ prompt, promptParts, model, outputFormat, sessionId, resumeLatest, createNewSession, permissionMode, approvalStrategy, approvalPolicy, mcpServers, allowedTools, disallowedTools, correlationId, optimizePrompt, optimizeResponse, idleTimeoutMs, forceRefresh, trust, maxTurns, maxPrice, maxTokens, workingDir, addDir, workspace, worktree, }) => {
+    }, async ({ prompt, promptParts, model, transport, outputFormat, sessionId, resumeLatest, createNewSession, permissionMode, approvalStrategy, approvalPolicy, mcpServers, allowedTools, disallowedTools, correlationId, optimizePrompt, optimizeResponse, idleTimeoutMs, forceRefresh, trust, maxTurns, maxPrice, maxTokens, workingDir, addDir, workspace, worktree, }) => {
         return handleMistralRequest({ sessionManager, logger, runtime }, {
             prompt,
             promptParts,
             model,
+            transport,
             outputFormat,
             sessionId,
             resumeLatest,
@@ -4437,10 +4977,7 @@ export function createGatewayServer(deps = {}) {
                 .enum(["strict", "balanced", "permissive"])
                 .optional()
                 .describe("Approval policy override"),
-            mcpServers: z
-                .array(MCP_SERVER_ENUM)
-                .default(["sqry"])
-                .describe("MCP servers exposed to Claude"),
+            mcpServers: z.array(mcpServerEnum()).default([]).describe("MCP servers exposed to Claude"),
             strictMcpConfig: z
                 .boolean()
                 .default(false)
@@ -4630,8 +5167,8 @@ export function createGatewayServer(deps = {}) {
                 .optional()
                 .describe("Approval policy override"),
             mcpServers: z
-                .array(MCP_SERVER_ENUM)
-                .default(["sqry"])
+                .array(mcpServerEnum())
+                .default([])
                 .describe("MCP server names for approval tracking (Codex manages its own MCP config)"),
             sessionId: z
                 .string()
@@ -4756,9 +5293,9 @@ export function createGatewayServer(deps = {}) {
                 .optional()
                 .describe("Approval policy override"),
             mcpServers: z
-                .array(MCP_SERVER_ENUM)
+                .array(mcpServerEnum())
                 .default([])
-                .describe("Unsupported for Antigravity CLI; non-empty values are rejected"),
+                .describe("MCP server names accepted for approval tracking only; Antigravity manages its own MCP configuration."),
             allowedTools: z
                 .array(z.string())
                 .optional()
@@ -4877,8 +5414,8 @@ export function createGatewayServer(deps = {}) {
                 .optional()
                 .describe("Approval policy override"),
             mcpServers: z
-                .array(MCP_SERVER_ENUM)
-                .default(["sqry"])
+                .array(mcpServerEnum())
+                .default([])
                 .describe("MCP server names for approval tracking (Grok manages its own MCP config via `grok mcp`)"),
             allowedTools: z
                 .array(z.string())
@@ -5071,6 +5608,65 @@ export function createGatewayServer(deps = {}) {
                 worktree,
             });
         });
+        server.tool("devin_request_async", "Start a Cognition Devin CLI request as a durable background job. Poll with llm_job_status, collect with llm_job_result.", {
+            prompt: z
+                .string()
+                .min(1, "Prompt cannot be empty")
+                .max(100000, "Prompt too long (max 100k chars)")
+                .optional()
+                .describe("Prompt text for Devin CLI"),
+            model: z.string().optional().describe("Model name or alias (e.g. opus, latest)"),
+            permissionMode: z
+                .enum(["normal", "dangerous", "bypass"])
+                .optional()
+                .describe("Devin CLI permission mode (--permission-mode)"),
+            promptFile: z
+                .string()
+                .optional()
+                .describe("Load the initial prompt from a file (--prompt-file)"),
+            sessionId: z
+                .string()
+                .optional()
+                .describe("Devin session ID to resume (--resume <id>; use resumeLatest for --continue)"),
+            resumeLatest: z
+                .boolean()
+                .default(false)
+                .describe("Resume the most recent Devin session in cwd (--continue)"),
+            createNewSession: z.boolean().default(false).describe("Force a new session"),
+            correlationId: z.string().optional().describe("Request trace ID (auto if omitted)"),
+            optimizePrompt: z.boolean().default(false).describe("Optimize prompt before execution"),
+            idleTimeoutMs: z
+                .number()
+                .int()
+                .min(30_000)
+                .max(3_600_000)
+                .optional()
+                .describe("Idle timeout in ms (min 30s, max 1h, omit=CLI default)"),
+            forceRefresh: z
+                .boolean()
+                .default(false)
+                .describe("Bypass dedup and force a fresh CLI run even if a recent identical request exists"),
+        }, {
+            title: "Devin CLI request (async)",
+            readOnlyHint: false,
+            destructiveHint: true,
+            idempotentHint: false,
+            openWorldHint: true,
+        }, async ({ prompt, model, permissionMode, promptFile, sessionId, resumeLatest, createNewSession, correlationId, optimizePrompt, idleTimeoutMs, forceRefresh, }) => {
+            return handleDevinRequestAsync({ sessionManager, asyncJobManager, logger, runtime }, {
+                prompt,
+                model,
+                permissionMode,
+                promptFile,
+                sessionId,
+                resumeLatest,
+                createNewSession,
+                correlationId,
+                optimizePrompt,
+                idleTimeoutMs,
+                forceRefresh,
+            });
+        });
         server.tool("mistral_request_async", "Start a Mistral Vibe CLI request as a durable background job. Poll with llm_job_status, collect with llm_job_result.", {
             prompt: z
                 .string()
@@ -5097,9 +5693,9 @@ export function createGatewayServer(deps = {}) {
                 .describe("Resume most recent Vibe session in cwd (--continue)"),
             createNewSession: z.boolean().default(false).describe("Force new session"),
             permissionMode: z
-                .enum(MISTRAL_AGENT_MODES)
+                .string()
                 .optional()
-                .describe("Vibe agent mode (default|plan|accept-edits|auto-approve|chat|explore|lean). Defaults to auto-approve for programmatic use."),
+                .describe("Vibe --agent name. Builtins: default|plan|accept-edits|auto-approve; Vibe also accepts install-gated builtins (e.g. lean) and custom agents from ~/.vibe/agents, so any name is passed through. Defaults to auto-approve for programmatic use."),
             approvalStrategy: z
                 .enum(["legacy", "mcp_managed"])
                 .default("legacy")
@@ -5109,8 +5705,8 @@ export function createGatewayServer(deps = {}) {
                 .optional()
                 .describe("Approval policy override"),
             mcpServers: z
-                .array(MCP_SERVER_ENUM)
-                .default(["sqry"])
+                .array(mcpServerEnum())
+                .default([])
                 .describe("MCP server names for approval tracking (Vibe manages its own MCP config via `vibe mcp`)"),
             allowedTools: z
                 .array(z.string())
@@ -5439,6 +6035,11 @@ export function createGatewayServer(deps = {}) {
                     defaultModel: null,
                     mode: "disabled",
                 },
+            apiProviders: enabledApiProviders(providers).map(p => ({
+                ...apiProviderCatalogEntry(p),
+                baseUrl: p.baseUrl,
+                breakerState: apiProviderBreakerState(p.name),
+            })),
             sources: providers.sources,
         };
         return {