llm-cli-gateway 2.10.0 → 2.11.1

package/dist/job-store.d.ts

@@ -1,6 +1,7 @@
 import type { Logger } from "./logger.js";
 import type { PersistenceConfig } from "./config.js";
 export type JobStoreStatus = "running" | "completed" | "failed" | "canceled" | "orphaned";
+export type JobTransport = "process" | "http";
 export interface JobRecord {
     id: string;
     correlationId: string;
@@ -19,6 +20,9 @@ export interface JobRecord {
     pid: number | null;
     expiresAt: string;
     ownerPrincipal: string | null;
+    transport: JobTransport;
+    httpStatus: number | null;
+    payloadJson: string | null;
 }
 export declare function resolveJobStoreDbPath(): string | null;
 export declare function resolveJobRetentionMs(): number;
@@ -35,6 +39,8 @@ export interface JobStore {
         startedAt: string;
         pid: number | null;
         ownerPrincipal?: string | null;
+        transport?: JobTransport;
+        payloadJson?: string | null;
     }): void;
     recordOutput(id: string, stdout: string, stderr: string, outputTruncated: boolean): void;
     recordComplete(input: {
@@ -46,6 +52,7 @@ export interface JobStore {
         outputTruncated: boolean;
         error: string | null;
         finishedAt: string;
+        httpStatus?: number | null;
     }): void;
     getById(id: string): JobRecord | null;
     findByRequestKey(requestKey: string): JobRecord | null;
@@ -63,6 +70,8 @@ export interface OrphanedJobSnapshot {
     stdout: string;
     stderr: string;
     exitCode: number | null;
+    transport: JobTransport;
+    httpStatus: number | null;
 }
 export declare class SqliteJobStore implements JobStore {
     private logger;
@@ -91,6 +100,8 @@ export declare class SqliteJobStore implements JobStore {
         startedAt: string;
         pid: number | null;
         ownerPrincipal?: string | null;
+        transport?: JobTransport;
+        payloadJson?: string | null;
     }): void;
     recordOutput(id: string, stdout: string, stderr: string, outputTruncated: boolean): void;
     recordComplete(input: {
@@ -102,6 +113,7 @@ export declare class SqliteJobStore implements JobStore {
         outputTruncated: boolean;
         error: string | null;
         finishedAt: string;
+        httpStatus?: number | null;
     }): void;
     getById(id: string): JobRecord | null;
     findByRequestKey(requestKey: string): JobRecord | null;
@@ -131,6 +143,8 @@ export declare class MemoryJobStore implements JobStore {
         startedAt: string;
         pid: number | null;
         ownerPrincipal?: string | null;
+        transport?: JobTransport;
+        payloadJson?: string | null;
     }): void;
     recordOutput(id: string, stdout: string, stderr: string, outputTruncated: boolean): void;
     recordComplete(input: {
@@ -142,6 +156,7 @@ export declare class MemoryJobStore implements JobStore {
         outputTruncated: boolean;
         error: string | null;
         finishedAt: string;
+        httpStatus?: number | null;
     }): void;
     getById(id: string): JobRecord | null;
     findByRequestKey(requestKey: string): JobRecord | null;

package/dist/job-store.js

@@ -58,6 +58,9 @@ function rowToRecord(row) {
         pid: row.pid,
         expiresAt: row.expires_at,
         ownerPrincipal: row.owner_principal ?? null,
+        transport: row.transport ?? "process",
+        httpStatus: row.http_status ?? null,
+        payloadJson: row.payload_json ?? null,
     };
 }
 function ensureJobsOwnerColumn(db) {
@@ -67,6 +70,19 @@ function ensureJobsOwnerColumn(db) {
         db.exec("ALTER TABLE jobs ADD COLUMN owner_principal TEXT");
     }
 }
+function ensureJobsTransportColumns(db) {
+    const cols = db.prepare("PRAGMA table_info(jobs)").all();
+    const names = new Set(cols.map(col => col?.name));
+    if (!names.has("transport")) {
+        db.exec("ALTER TABLE jobs ADD COLUMN transport TEXT NOT NULL DEFAULT 'process'");
+    }
+    if (!names.has("http_status")) {
+        db.exec("ALTER TABLE jobs ADD COLUMN http_status INTEGER");
+    }
+    if (!names.has("payload_json")) {
+        db.exec("ALTER TABLE jobs ADD COLUMN payload_json TEXT");
+    }
+}
 export class SqliteJobStore {
     logger;
     db;
@@ -103,7 +119,10 @@ export class SqliteJobStore {
         finished_at TEXT,
         pid INTEGER,
         expires_at TEXT NOT NULL,
-        owner_principal TEXT
+        owner_principal TEXT,
+        transport TEXT NOT NULL DEFAULT 'process',
+        http_status INTEGER,
+        payload_json TEXT
       );
       CREATE INDEX IF NOT EXISTS idx_jobs_request_key ON jobs(request_key);
       CREATE INDEX IF NOT EXISTS idx_jobs_status ON jobs(status);
@@ -111,6 +130,7 @@ export class SqliteJobStore {
       CREATE INDEX IF NOT EXISTS idx_jobs_request_key_finished ON jobs(request_key, finished_at);
     `);
         ensureJobsOwnerColumn(this.db);
+        ensureJobsTransportColumns(this.db);
         if (process.platform !== "win32") {
             try {
                 chmodSync(dbPath, 0o600);
@@ -123,10 +143,12 @@ export class SqliteJobStore {
         this.insertStmt = this.db.prepare(`
       INSERT INTO jobs (id, correlation_id, request_key, cli, args_json, output_format,
                         status, exit_code, stdout, stderr, output_truncated, error,
-                        started_at, finished_at, pid, expires_at, owner_principal)
+                        started_at, finished_at, pid, expires_at, owner_principal,
+                        transport, http_status, payload_json)
       VALUES (@id, @correlation_id, @request_key, @cli, @args_json, @output_format,
               @status, @exit_code, @stdout, @stderr, @output_truncated, @error,
-              @started_at, @finished_at, @pid, @expires_at, @owner_principal)
+              @started_at, @finished_at, @pid, @expires_at, @owner_principal,
+              @transport, @http_status, @payload_json)
     `);
         this.updateOutputStmt = this.db.prepare(`
       UPDATE jobs SET stdout = @stdout, stderr = @stderr, output_truncated = @output_truncated
@@ -135,7 +157,8 @@ export class SqliteJobStore {
         this.updateCompleteStmt = this.db.prepare(`
       UPDATE jobs SET status = @status, exit_code = @exit_code, stdout = @stdout, stderr = @stderr,
                       output_truncated = @output_truncated, error = @error,
-                      finished_at = @finished_at, expires_at = @expires_at
+                      finished_at = @finished_at, expires_at = @expires_at,
+                      http_status = @http_status
       WHERE id = @id
     `);
         this.getByIdStmt = this.db.prepare(`SELECT * FROM jobs WHERE id = ?`);
@@ -148,7 +171,7 @@ export class SqliteJobStore {
       LIMIT 1
     `);
         this.selectRunningOrphansStmt = this.db.prepare(`
-      SELECT id, correlation_id, started_at, stdout, stderr, exit_code
+      SELECT id, correlation_id, started_at, stdout, stderr, exit_code, transport, http_status
       FROM jobs WHERE status = 'running'
     `);
         this.markOrphanedStmt = this.db.prepare(`
@@ -180,6 +203,9 @@ export class SqliteJobStore {
             pid: input.pid,
             expires_at: FAR_FUTURE_ISO,
             owner_principal: input.ownerPrincipal ?? null,
+            transport: input.transport ?? "process",
+            http_status: null,
+            payload_json: input.payloadJson ?? null,
         });
     }
     recordOutput(id, stdout, stderr, outputTruncated) {
@@ -202,6 +228,7 @@ export class SqliteJobStore {
             error: input.error,
             finished_at: input.finishedAt,
             expires_at: expiresAt,
+            http_status: input.httpStatus ?? null,
         });
     }
     getById(id) {
@@ -224,6 +251,8 @@ export class SqliteJobStore {
             stdout: row.stdout ?? "",
             stderr: row.stderr ?? "",
             exitCode: row.exit_code,
+            transport: row.transport ?? "process",
+            httpStatus: row.http_status ?? null,
         }));
         const result = this.markOrphanedStmt.run(now, expiresAt);
         return { count: Number(result.changes), orphaned };
@@ -270,6 +299,9 @@ export class MemoryJobStore {
             pid: input.pid,
             expiresAt: FAR_FUTURE_ISO,
             ownerPrincipal: input.ownerPrincipal ?? null,
+            transport: input.transport ?? "process",
+            httpStatus: null,
+            payloadJson: input.payloadJson ?? null,
         });
     }
     recordOutput(id, stdout, stderr, outputTruncated) {
@@ -292,6 +324,8 @@ export class MemoryJobStore {
         row.error = input.error;
         row.finishedAt = input.finishedAt;
         row.expiresAt = new Date(Date.parse(input.finishedAt) + this.retentionMs).toISOString();
+        if (input.httpStatus !== undefined)
+            row.httpStatus = input.httpStatus;
     }
     getById(id) {
         const row = this.rows.get(id);

package/dist/mcp-registry.d.ts

@@ -0,0 +1,17 @@
+export interface ClaudeServerDef {
+    command: string;
+    args: string[];
+    env?: Record<string, string>;
+}
+export interface RegistryEntry {
+    defaultDef: () => ClaudeServerDef;
+    forwardEnv?: readonly string[];
+    requireEnv?: readonly string[];
+    requireCommandOnPath?: boolean;
+    approval?: {
+        score: number;
+        reason: string;
+    };
+}
+export declare const INTERNAL_MCP_REGISTRY: Record<string, RegistryEntry>;
+export declare const CLAUDE_MCP_SERVER_NAMES: readonly string[];

package/dist/mcp-registry.js

@@ -0,0 +1,5 @@
+// Stripped at release time by scripts/strip-internal-mcp.mjs.
+// The internal MCP registry is intentionally empty in published builds; the
+// gateway resolves MCP server names from the host's Codex MCP config instead.
+export const INTERNAL_MCP_REGISTRY = {};
+export const CLAUDE_MCP_SERVER_NAMES = [];

package/dist/metrics.js

@@ -6,7 +6,12 @@ const createEmptyMetrics = () => Object.fromEntries(PROVIDER_TYPES.map(provider
 export class PerformanceMetrics {
     metrics = createEmptyMetrics();
     recordRequest(provider, durationMs, success) {
-        const metrics = this.metrics[provider];
+        const metrics = (this.metrics[provider] ??= {
+            requestCount: 0,
+            successCount: 0,
+            failureCount: 0,
+            totalResponseTimeMs: 0,
+        });
         metrics.requestCount += 1;
         const normalizedDurationMs = Number.isFinite(durationMs) ? Math.max(0, durationMs) : 0;
         metrics.totalResponseTimeMs += normalizedDurationMs;
@@ -22,7 +27,7 @@ export class PerformanceMetrics {
         let totalRequests = 0;
         let totalSuccesses = 0;
         let totalFailures = 0;
-        for (const provider of PROVIDER_TYPES) {
+        for (const provider of Object.keys(this.metrics)) {
             const metrics = this.metrics[provider];
             const averageResponseTimeMs = metrics.requestCount > 0 ? metrics.totalResponseTimeMs / metrics.requestCount : 0;
             const successRate = metrics.requestCount > 0 ? metrics.successCount / metrics.requestCount : 0;

package/dist/model-registry.js

@@ -47,6 +47,15 @@ const FALLBACK_INFO = {
         },
         modelOrder: ["mistral-medium-3.5", "devstral-small"],
     },
+    devin: {
+        description: "Cognition's Devin CLI - agentic coding agent that runs in your terminal, multi-model, with handoff to cloud Devin",
+        models: {
+            opus: "Anthropic Opus frontier model exposed by Devin CLI (e.g. --model opus).",
+            "gpt-5.5": "OpenAI GPT frontier model exposed by Devin CLI.",
+            "swe-1.6": "Cognition's SWE-1.6 model (also reachable via the /fast slash command).",
+        },
+        modelOrder: ["opus", "gpt-5.5", "swe-1.6"],
+    },
 };
 const MODEL_CACHE_TTL_MS = 2 * 60 * 1000;
 const MAX_GEMINI_HISTORY_FILES = 200;
@@ -74,6 +83,7 @@ export function getAvailableCliInfo(forceRefresh = false) {
         gemini: filterUnverifiedModelHints(info.gemini),
         grok: filterUnverifiedModelHints(info.grok),
         mistral: filterUnverifiedModelHints(info.mistral),
+        devin: filterUnverifiedModelHints(info.devin),
     };
 }
 export function clearModelRegistryCache() {
@@ -111,6 +121,7 @@ function buildCliInfo() {
         gemini: cloneInfo(FALLBACK_INFO.gemini),
         grok: cloneInfo(FALLBACK_INFO.grok),
         mistral: cloneInfo(FALLBACK_INFO.mistral),
+        devin: cloneInfo(FALLBACK_INFO.devin),
     };
     applyClaudeOverrides(info.claude);
     applyCodexOverrides(info.codex);

package/dist/prompt-parts.d.ts

@@ -21,32 +21,32 @@ export declare const PromptPartsSchema: z.ZodObject<{
         tools: z.ZodOptional<z.ZodBoolean>;
         context: z.ZodOptional<z.ZodBoolean>;
     }, "strict", z.ZodTypeAny, {
-        tools?: boolean | undefined;
         system?: boolean | undefined;
+        tools?: boolean | undefined;
         context?: boolean | undefined;
     }, {
-        tools?: boolean | undefined;
         system?: boolean | undefined;
+        tools?: boolean | undefined;
         context?: boolean | undefined;
     }>>;
 }, "strip", z.ZodTypeAny, {
     task: string;
-    tools?: string | undefined;
     system?: string | undefined;
+    tools?: string | undefined;
     context?: string | undefined;
     cacheControl?: {
-        tools?: boolean | undefined;
         system?: boolean | undefined;
+        tools?: boolean | undefined;
         context?: boolean | undefined;
     } | undefined;
 }, {
     task: string;
-    tools?: string | undefined;
     system?: string | undefined;
+    tools?: string | undefined;
     context?: string | undefined;
     cacheControl?: {
-        tools?: boolean | undefined;
         system?: boolean | undefined;
+        tools?: boolean | undefined;
         context?: boolean | undefined;
     } | undefined;
 }>;

package/dist/provider-login-guidance.js

@@ -94,6 +94,27 @@ const GUIDANCE = {
             expected: "Vibe CLI is installed; doctor checks ~/.vibe/config.toml for an explicit session_logging.enabled=false override",
         },
     },
+    devin: {
+        provider: "devin",
+        displayName: "Devin CLI",
+        install: {
+            summary: "Install Devin CLI using Cognition's current official installer.",
+            commands: [
+                "curl -fsSL https://cli.devin.ai/install.sh | bash",
+                "irm https://static.devin.ai/cli/setup.ps1 | iex",
+            ],
+            documentationUrl: "https://docs.devin.ai/cli",
+        },
+        login: {
+            summary: "Sign in through Devin CLI's official browser OAuth flow.",
+            commands: ["devin auth login", "devin auth login --force-manual-token-flow"],
+            credentialHandling: "Let Devin store credentials via `devin auth login` (or WINDSURF_API_KEY for ACP). Do not paste Devin tokens or cog_* keys into the gateway or a remote chat.",
+        },
+        verification: {
+            command: "devin auth status",
+            expected: "CLI is installed and `devin auth status` reports an authenticated session",
+        },
+    },
 };
 export function getProviderLoginGuidance(provider) {
     return GUIDANCE[provider];

package/dist/provider-status.js

@@ -4,13 +4,14 @@ import { join } from "node:path";
 import { spawnSync } from "node:child_process";
 import { getProviderLoginGuidance } from "./provider-login-guidance.js";
 import { envWithExtendedPath, getExtendedPath, providerCommandName, resolveCommandForSpawn, } from "./executor.js";
-const PROVIDERS = ["claude", "codex", "gemini", "grok", "mistral"];
+const PROVIDERS = ["claude", "codex", "gemini", "grok", "mistral", "devin"];
 const VERSION_ARGS = {
     claude: ["--version"],
     codex: ["--version"],
     gemini: ["--version"],
     grok: ["--version"],
     mistral: ["--version"],
+    devin: ["--version"],
 };
 export const PROVIDER_COMMANDS = {
     claude: "claude",
@@ -18,12 +19,14 @@ export const PROVIDER_COMMANDS = {
     gemini: providerCommandName("gemini"),
     grok: "grok",
     mistral: providerCommandName("mistral"),
+    devin: providerCommandName("devin"),
 };
 const LOGIN_CHECKS = {
     claude: ["auth", "status", "--json"],
     codex: ["login", "status"],
     grok: ["inspect", "--json"],
     mistral: ["auth", "status"],
+    devin: ["auth", "status"],
 };
 export function listProviderRuntimeStatuses() {
     return Object.fromEntries(PROVIDERS.map(provider => [provider, getProviderRuntimeStatus(provider)]));

package/dist/provider-tool-capabilities.d.ts

@@ -7,7 +7,8 @@ export interface ProviderToolControl {
     cliFlag?: string;
     behavior: string;
 }
-export type ProviderCapabilityId = CliType | "grok_api";
+export type KnownProviderCapabilityId = CliType | "grok_api";
+export type ProviderCapabilityId = KnownProviderCapabilityId | (string & {});
 export type ProviderKind = "cli" | "api";
 export type UnsupportedInputBehavior = "reject" | "ignored" | "not_supported" | "approval_tracking_only" | "deprecated";
 export type ProviderToolConfidence = "high" | "medium" | "low";
@@ -87,7 +88,7 @@ export interface AcpContractMetadata {
     adapterSupportIsNotNative: true;
     contractDoc: "docs/acp-contract.md";
     nonGoals: readonly string[];
-    providers: Readonly<Record<ProviderCapabilityId, AcpProviderContract>>;
+    providers: Readonly<Record<KnownProviderCapabilityId, AcpProviderContract>>;
 }
 export declare const ACP_CONTRACT: AcpContractMetadata;
 export interface ProviderToolCapabilities {
@@ -132,4 +133,8 @@ export type ProviderToolCapabilitiesMap = Partial<Record<ProviderCapabilityId, P
 export declare function getProviderToolCapabilities(queryOrCli?: ProviderCapabilityQuery | ProviderCapabilityId): ProviderToolCapabilitiesMap;
 export declare function getOneProviderToolCapabilities(cli: ProviderCapabilityId, queryOrCli?: ProviderCapabilityQuery | ProviderCapabilityId): ProviderToolCapabilities;
 export declare function clearProviderToolCapabilitiesCache(): void;
-export declare function providerCapabilityIds(): readonly ProviderCapabilityId[];
+export declare function _getCapabilityCacheForTest(): Map<string, {
+    loadedAt: number;
+    value: ProviderToolCapabilities;
+}>;
+export declare function providerCapabilityIds(): readonly KnownProviderCapabilityId[];

package/dist/provider-tool-capabilities.js

@@ -49,12 +49,16 @@ export const ACP_CONTRACT = {
         },
         gemini: {
             classification: "absent_watchlist",
-            summary: "Google Antigravity agy 1.0.7 has no ACP surface; watchlist item only.",
+            summary: "Google Antigravity agy 1.0.10 has no ACP surface; watchlist item only.",
         },
         grok_api: {
             classification: "absent_watchlist",
             summary: "Grok API is an HTTP provider with no ACP process transport; watchlist item only.",
         },
+        devin: {
+            classification: "native_candidate",
+            summary: "Cognition Devin CLI exposes a native ACP server via `devin acp` (stdio); Slice D1 initialize + session/new smoke passed (protocolVersion 1, third runtime pilot). Runtime routing stays config-gated.",
+        },
     },
 };
 const ACP_DOCS_REFERENCE = "docs/plans/first-class-acp-gateway-extension.dag.toml";
@@ -62,7 +66,7 @@ const ACP_CAPABILITIES = {
     mistral: {
         status: "native_smoke_passed",
         mediation: "native",
-        targetVersion: "vibe 2.14.1",
+        targetVersion: "vibe 2.17.1",
         entrypoint: { command: "vibe-acp", args: [] },
         runtimeEnabled: false,
         smokeSupported: true,
@@ -76,7 +80,7 @@ const ACP_CAPABILITIES = {
     grok: {
         status: "native_smoke_passed",
         mediation: "native",
-        targetVersion: "grok 0.2.50 (cadf94855)",
+        targetVersion: "grok 0.2.60 (474c2bbfc)",
         entrypoint: { command: "grok", args: ["agent", "stdio"] },
         runtimeEnabled: false,
         smokeSupported: true,
@@ -91,7 +95,7 @@ const ACP_CAPABILITIES = {
     codex: {
         status: "adapter_mediated_deferred",
         mediation: "adapter_mediated",
-        targetVersion: "codex-cli 0.139.0",
+        targetVersion: "codex-cli 0.141.0",
         entrypoint: null,
         runtimeEnabled: false,
         smokeSupported: false,
@@ -105,7 +109,7 @@ const ACP_CAPABILITIES = {
     claude: {
         status: "adapter_mediated_deferred",
         mediation: "adapter_mediated",
-        targetVersion: "claude 2.1.175",
+        targetVersion: "claude 2.1.185",
         entrypoint: null,
         runtimeEnabled: false,
         smokeSupported: false,
@@ -119,13 +123,13 @@ const ACP_CAPABILITIES = {
     gemini: {
         status: "absent_watchlist",
         mediation: "none",
-        targetVersion: "agy 1.0.7",
+        targetVersion: "agy 1.0.10",
         entrypoint: null,
         runtimeEnabled: false,
         smokeSupported: false,
         smokeStatus: "unsupported",
         caveats: [
-            "Antigravity agy 1.0.7 has no ACP flag or subcommand.",
+            "Antigravity agy 1.0.10 has no ACP flag or subcommand.",
             "Legacy Gemini CLI ACP evidence does not transfer to agy; kept on the upstream drift watchlist.",
         ],
         docs: ACP_DOCS_REFERENCE,
@@ -141,6 +145,21 @@ const ACP_CAPABILITIES = {
         caveats: ["ACP is a CLI-stdio transport; the HTTP API provider has no ACP surface."],
         docs: ACP_DOCS_REFERENCE,
     },
+    devin: {
+        status: "native_smoke_passed",
+        mediation: "native",
+        targetVersion: "devin 2026.7.23 (3bd47f77)",
+        entrypoint: { command: "devin", args: ["acp"] },
+        runtimeEnabled: false,
+        smokeSupported: true,
+        smokeStatus: "passed",
+        caveats: [
+            'Native ACP via `devin acp` (stdio JSON-RPC); Slice D1 initialize + session/new smoke passed (protocolVersion 1, agent "Affogato").',
+            "Credentials come from `devin auth login` or WINDSURF_API_KEY; empty-env smoke is not expected to pass.",
+            "Runtime routing stays disabled until ACP is enabled in gateway config.",
+        ],
+        docs: ACP_DOCS_REFERENCE,
+    },
 };
 function cloneAcpCapability(acp) {
     return {
@@ -151,7 +170,13 @@ function cloneAcpCapability(acp) {
         caveats: [...acp.caveats],
     };
 }
-const PROVIDER_CAPABILITY_IDS = [...CLI_TYPES, "grok_api"];
+const PROVIDER_CAPABILITY_IDS = [
+    ...CLI_TYPES,
+    "grok_api",
+];
+function isKnownProviderCapabilityId(cli) {
+    return PROVIDER_CAPABILITY_IDS.includes(cli);
+}
 const KNOWN_PROVIDER_TOOLS = {
     grok: [
         "image_gen",
@@ -382,7 +407,7 @@ const TOOL_CONTROLS = {
     gemini: {
         providerKind: "cli",
         gatewayRequestTools: ["gemini_request", "gemini_request_async"],
-        summary: "Antigravity/Gemini owns its runtime tool catalog; this gateway rejects non-empty tool allow-list and MCP-server inputs for that CLI.",
+        summary: "Antigravity/Gemini owns its runtime tool catalog and MCP configuration; this gateway rejects non-empty tool allow-list inputs and tracks requested MCP servers for approvals.",
         controls: {
             allowlist: {
                 supported: false,
@@ -396,7 +421,7 @@ const TOOL_CONTROLS = {
             mcpServers: {
                 supported: false,
                 requestField: "mcpServers",
-                behavior: "Non-empty values are rejected; Antigravity CLI manages tool access itself.",
+                behavior: "Accepted for approval tracking only; Antigravity manages its own MCP configuration outside the gateway.",
             },
             nativeSkills: {
                 supported: true,
@@ -438,8 +463,8 @@ const TOOL_CONTROLS = {
             },
             {
                 input: "mcpServers",
-                behavior: "reject",
-                details: "Non-empty mcpServers values are rejected for the current Antigravity path.",
+                behavior: "approval_tracking_only",
+                details: "Accepted only for gateway approval tracking; Antigravity owns MCP configuration.",
             },
             {
                 input: "attachments",
@@ -594,7 +619,7 @@ const TOOL_CONTROLS = {
             permissionMode: {
                 supported: true,
                 requestField: "permissionMode",
-                behavior: "Passes Vibe agent modes such as plan, auto-approve, chat, explore, and lean.",
+                behavior: "Passes any Vibe --agent name through (builtins like plan/auto-approve, plus install-gated and custom agents).",
             },
             outputFormat: {
                 supported: true,
@@ -726,8 +751,62 @@ const TOOL_CONTROLS = {
             },
         ],
     },
+    devin: {
+        providerKind: "cli",
+        gatewayRequestTools: ["devin_request", "devin_request_async"],
+        summary: "Cognition Devin CLI runs an agentic coding session; the gateway passes the prompt, model, permission mode, and session resume. Devin owns its own tools, MCP, skills, and rules.",
+        controls: {
+            allowlist: {
+                supported: false,
+                behavior: "Devin CLI has no per-request tool allow-list flag; tool gating is via permission modes.",
+            },
+            denylist: {
+                supported: false,
+                behavior: "Devin CLI has no per-request tool deny-list flag.",
+            },
+            mcpServers: {
+                supported: false,
+                requestField: "mcpServers",
+                behavior: "Accepted for approval tracking only; Devin manages its own MCP config via `devin mcp`.",
+            },
+            nativeSkills: {
+                supported: false,
+                behavior: "Devin manages its own skills (`devin skills`); the gateway does not discover them.",
+            },
+            permissionMode: {
+                supported: true,
+                requestField: "permissionMode",
+                cliFlag: "--permission-mode",
+                behavior: "Maps to Devin CLI --permission-mode: auto auto-approves read-only tools; smart additionally auto-runs actions a fast model judges safe; dangerous auto-approves all.",
+            },
+            promptControl: {
+                supported: true,
+                requestField: "promptFile",
+                cliFlag: "--prompt-file",
+                behavior: "Loads the initial prompt from a file.",
+            },
+            session: {
+                supported: true,
+                requestField: "sessionId/resumeLatest/createNewSession",
+                cliFlag: "--resume/--continue",
+                behavior: "Resumes a Devin CLI session (--resume <id>) or the most recent in cwd (--continue).",
+            },
+        },
+        features: baseFeatures({
+            sessionContinuity: true,
+            approvalAndSandboxControls: true,
+            promptControl: true,
+        }),
+        unsupportedInputs: [
+            {
+                input: "mcpServers",
+                behavior: "approval_tracking_only",
+                details: "Accepted only for gateway approval tracking; Devin owns MCP config via `devin mcp`.",
+            },
+        ],
+    },
 };
-let capabilityCache = new Map();
+const CAPABILITY_CACHE = new Map();
 export function getProviderToolCapabilities(queryOrCli = {}) {
     const query = normalizeQuery(queryOrCli);
     const providers = query.cli ? [query.cli] : PROVIDER_CAPABILITY_IDS;
@@ -740,22 +819,29 @@ export function getProviderToolCapabilities(queryOrCli = {}) {
 export function getOneProviderToolCapabilities(cli, queryOrCli = {}) {
     const query = normalizeQuery(typeof queryOrCli === "string" ? { cli: queryOrCli } : queryOrCli);
     const cacheKey = capabilityCacheKey(cli, query);
-    const cached = capabilityCache.get(cacheKey);
+    const cached = CAPABILITY_CACHE.get(cacheKey);
     if (!query.refresh && cached && Date.now() - cached.loadedAt < CAPABILITY_CACHE_TTL_MS) {
         return cached.value;
     }
     const value = buildOneProviderToolCapabilities(cli, query);
-    capabilityCache.set(cacheKey, { loadedAt: Date.now(), value });
+    CAPABILITY_CACHE.set(cacheKey, { loadedAt: Date.now(), value });
     return value;
 }
 export function clearProviderToolCapabilitiesCache() {
-    capabilityCache = new Map();
+    CAPABILITY_CACHE.clear();
+}
+export function _getCapabilityCacheForTest() {
+    return CAPABILITY_CACHE;
 }
 export function providerCapabilityIds() {
     return PROVIDER_CAPABILITY_IDS;
 }
 function buildOneProviderToolCapabilities(cli, query) {
     const warnings = [];
+    if (!isKnownProviderCapabilityId(cli)) {
+        throw new Error(`No tool-capability metadata for provider "${cli}". ` +
+            `Known providers: ${PROVIDER_CAPABILITY_IDS.join(", ")}.`);
+    }
     const definition = TOOL_CONTROLS[cli];
     const discoveredSkills = query.includeSkills && cli !== "grok_api" ? discoverSkills(cli, warnings, query) : [];
     const discoveredProviderTools = query.includeProviderTools
@@ -837,6 +923,8 @@ function skillRoots(cli) {
             ];
         case "mistral":
             return [{ path: path.join(home, ".vibe", "skills"), source: "user" }];
+        case "devin":
+            return [];
     }
 }
 function readSkill(cli, skillPath, fallbackName, source, warnings, query) {
@@ -989,6 +1077,8 @@ function discoverConfigSurfaces(cli, query, discoveredSkills) {
         case "mistral":
             addVibeConfigSurfaces(surfaces, query);
             break;
+        case "devin":
+            break;
     }
     return surfaces;
 }