llm-cli-gateway 2.13.1 → 2.14.0-rc.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +140 -0
- package/README.md +53 -26
- package/dist/acp/client.d.ts +29 -1
- package/dist/acp/client.js +78 -4
- package/dist/acp/errors.d.ts +9 -1
- package/dist/acp/errors.js +19 -0
- package/dist/acp/event-normalizer.d.ts +12 -0
- package/dist/acp/event-normalizer.js +16 -0
- package/dist/acp/flight-redaction.d.ts +3 -0
- package/dist/acp/flight-redaction.js +3 -0
- package/dist/acp/permission-bridge.js +11 -5
- package/dist/acp/process-manager.d.ts +2 -1
- package/dist/acp/process-manager.js +43 -4
- package/dist/acp/provider-registry.js +19 -11
- package/dist/acp/runtime.d.ts +8 -0
- package/dist/acp/runtime.js +47 -4
- package/dist/acp/types.d.ts +3083 -55
- package/dist/acp/types.js +242 -5
- package/dist/async-job-manager.d.ts +2 -0
- package/dist/async-job-manager.js +11 -0
- package/dist/codex-json-parser.d.ts +1 -0
- package/dist/codex-json-parser.js +6 -0
- package/dist/config.d.ts +16 -0
- package/dist/config.js +105 -19
- package/dist/connector-setup.d.ts +39 -0
- package/dist/connector-setup.js +86 -0
- package/dist/doctor.d.ts +39 -1
- package/dist/doctor.js +182 -3
- package/dist/flight-recorder.d.ts +2 -0
- package/dist/flight-recorder.js +20 -0
- package/dist/gemini-json-parser.d.ts +2 -0
- package/dist/gemini-json-parser.js +45 -8
- package/dist/grok-json-parser.d.ts +14 -0
- package/dist/grok-json-parser.js +156 -0
- package/dist/http-transport.js +27 -3
- package/dist/index.d.ts +48 -2
- package/dist/index.js +633 -144
- package/dist/job-store.d.ts +45 -7
- package/dist/job-store.js +138 -17
- package/dist/model-registry.d.ts +1 -0
- package/dist/model-registry.js +46 -0
- package/dist/oauth.js +17 -16
- package/dist/postgres-job-store-worker.d.ts +1 -0
- package/dist/postgres-job-store-worker.js +327 -0
- package/dist/pricing.d.ts +3 -2
- package/dist/provider-acp-capabilities.d.ts +52 -0
- package/dist/provider-acp-capabilities.js +101 -0
- package/dist/provider-admin-tools.d.ts +100 -0
- package/dist/provider-admin-tools.js +572 -0
- package/dist/provider-capability-cache.d.ts +46 -0
- package/dist/provider-capability-cache.js +248 -0
- package/dist/provider-capability-discovery.d.ts +85 -0
- package/dist/provider-capability-discovery.js +461 -0
- package/dist/provider-capability-resolver.d.ts +29 -0
- package/dist/provider-capability-resolver.js +92 -0
- package/dist/provider-definition-assertions.d.ts +9 -0
- package/dist/provider-definition-assertions.js +147 -0
- package/dist/provider-definitions.d.ts +127 -0
- package/dist/provider-definitions.js +758 -0
- package/dist/provider-help-parser.d.ts +34 -0
- package/dist/provider-help-parser.js +203 -0
- package/dist/provider-model-discovery.d.ts +30 -0
- package/dist/provider-model-discovery.js +229 -0
- package/dist/provider-output-metadata.d.ts +7 -0
- package/dist/provider-output-metadata.js +68 -0
- package/dist/provider-schema-builder.d.ts +22 -0
- package/dist/provider-schema-builder.js +55 -0
- package/dist/provider-surface-generator.d.ts +98 -0
- package/dist/provider-surface-generator.js +140 -0
- package/dist/provider-tool-capabilities.d.ts +3 -2
- package/dist/provider-tool-capabilities.js +77 -62
- package/dist/remote-url.d.ts +28 -0
- package/dist/remote-url.js +61 -0
- package/dist/request-helpers.d.ts +37 -4
- package/dist/request-helpers.js +134 -0
- package/dist/resources.d.ts +6 -1
- package/dist/resources.js +67 -193
- package/dist/session-manager.d.ts +2 -0
- package/dist/session-manager.js +34 -8
- package/dist/stream-json-parser.d.ts +1 -0
- package/dist/stream-json-parser.js +3 -0
- package/dist/upstream-contracts.d.ts +17 -1
- package/dist/upstream-contracts.js +209 -36
- package/dist/workspace-registry.d.ts +9 -0
- package/dist/workspace-registry.js +24 -4
- package/npm-shrinkwrap.json +2 -2
- package/package.json +8 -3
- package/setup/status.schema.json +75 -0
package/dist/http-transport.js
CHANGED
|
@@ -57,6 +57,27 @@ function isLocalHost(host) {
|
|
|
57
57
|
const hostname = host.split(":")[0]?.toLowerCase() ?? "";
|
|
58
58
|
return hostname === "localhost" || hostname === "127.0.0.1" || hostname === "::1";
|
|
59
59
|
}
|
|
60
|
+
function isLoopbackHostname(hostname) {
|
|
61
|
+
const h = hostname.toLowerCase().replace(/^\[|\]$/g, "");
|
|
62
|
+
return h === "localhost" || h === "::1" || /^127\./.test(h);
|
|
63
|
+
}
|
|
64
|
+
function isPubliclyExposed(env, host) {
|
|
65
|
+
if (!isLocalHost(host))
|
|
66
|
+
return true;
|
|
67
|
+
if (env.LLM_GATEWAY_TUNNEL_PROVIDER && env.LLM_GATEWAY_TUNNEL_PROVIDER.trim().length > 0) {
|
|
68
|
+
return true;
|
|
69
|
+
}
|
|
70
|
+
const publicUrl = env.LLM_GATEWAY_PUBLIC_URL;
|
|
71
|
+
if (publicUrl && publicUrl.trim().length > 0) {
|
|
72
|
+
try {
|
|
73
|
+
if (!isLoopbackHostname(new URL(publicUrl).hostname))
|
|
74
|
+
return true;
|
|
75
|
+
}
|
|
76
|
+
catch {
|
|
77
|
+
}
|
|
78
|
+
}
|
|
79
|
+
return false;
|
|
80
|
+
}
|
|
60
81
|
function requestBaseUrl(req) {
|
|
61
82
|
const configured = process.env.LLM_GATEWAY_PUBLIC_URL;
|
|
62
83
|
if (configured) {
|
|
@@ -85,9 +106,12 @@ export async function startHttpGateway(options) {
|
|
|
85
106
|
const oauthConfig = loadRemoteOAuthConfig(logger);
|
|
86
107
|
if (oauthConfig.enabled &&
|
|
87
108
|
(oauthConfig.allowPublicClients || oauthConfig.registrationPolicy === "open_dev") &&
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
`
|
|
109
|
+
isPubliclyExposed(process.env, host)) {
|
|
110
|
+
const exposure = !isLocalHost(host)
|
|
111
|
+
? `a non-loopback bind (host=${host})`
|
|
112
|
+
: "a public URL / tunnel (LLM_GATEWAY_PUBLIC_URL or LLM_GATEWAY_TUNNEL_PROVIDER)";
|
|
113
|
+
throw new Error(`Refusing to start: remote OAuth with ${oauthConfig.allowPublicClients ? "public clients" : "open_dev registration"} is exposed via ${exposure}. A loopback bind fronted by a public tunnel is still ` +
|
|
114
|
+
`publicly reachable. Front the gateway with an authenticating proxy, or switch to ` +
|
|
91
115
|
`registration_policy=static_clients with confidential client secrets.`);
|
|
92
116
|
}
|
|
93
117
|
const oauthServer = oauthConfig.enabled
|
package/dist/index.d.ts
CHANGED
|
@@ -4,13 +4,14 @@ import { z } from "zod/v3";
|
|
|
4
4
|
import { ISessionManager, type CliType, type ProviderType } from "./session-manager.js";
|
|
5
5
|
import { ResourceProvider } from "./resources.js";
|
|
6
6
|
import { PerformanceMetrics } from "./metrics.js";
|
|
7
|
-
import { type PersistenceConfig, type CacheAwarenessConfig, type ProvidersConfig, type ApiProviderRuntime, type AcpConfig } from "./config.js";
|
|
7
|
+
import { type PersistenceConfig, type CacheAwarenessConfig, type ProvidersConfig, type ApiProviderRuntime, type AcpConfig, type AdminConfig } from "./config.js";
|
|
8
8
|
import { DatabaseConnection } from "./db.js";
|
|
9
|
+
import { type DevinAcpAgentType } from "./provider-definitions.js";
|
|
9
10
|
import { AsyncJobManager } from "./async-job-manager.js";
|
|
10
11
|
import { ApprovalManager, ApprovalPolicy, ApprovalRecord } from "./approval-manager.js";
|
|
11
12
|
import { ReviewIntegrityResult } from "./review-integrity.js";
|
|
12
13
|
import { ClaudeMcpConfigResult, ClaudeMcpServerName } from "./claude-mcp-config.js";
|
|
13
|
-
import { type MistralAgentMode, type ClaudePermissionMode, type CodexSandboxMode, type CodexAskForApproval, type ClaudeEffortLevel } from "./request-helpers.js";
|
|
14
|
+
import { type MistralAgentMode, type ClaudePermissionMode, type CodexSandboxMode, type CodexAskForApproval, type CodexLocalProvider, type CodexColorMode, type ClaudeEffortLevel } from "./request-helpers.js";
|
|
14
15
|
import { FlightRecorderLike } from "./flight-recorder.js";
|
|
15
16
|
import { type PromptParts } from "./prompt-parts.js";
|
|
16
17
|
import { type WorkspaceRegistry } from "./workspace-registry.js";
|
|
@@ -77,6 +78,7 @@ export interface GatewayServerDeps {
|
|
|
77
78
|
cacheAwareness?: CacheAwarenessConfig;
|
|
78
79
|
providers?: ProvidersConfig;
|
|
79
80
|
acpConfig?: AcpConfig;
|
|
81
|
+
adminConfig?: AdminConfig;
|
|
80
82
|
workspaces?: WorkspaceRegistry;
|
|
81
83
|
}
|
|
82
84
|
export interface GatewayServerRuntime {
|
|
@@ -92,6 +94,7 @@ export interface GatewayServerRuntime {
|
|
|
92
94
|
cacheAwareness: CacheAwarenessConfig;
|
|
93
95
|
providers: ProvidersConfig;
|
|
94
96
|
acpConfig: AcpConfig;
|
|
97
|
+
adminConfig: AdminConfig;
|
|
95
98
|
workspaces: WorkspaceRegistry;
|
|
96
99
|
}
|
|
97
100
|
export declare function resolveGatewayServerRuntime(deps?: GatewayServerDeps, options?: {
|
|
@@ -104,6 +107,7 @@ export declare function runAcpTransport(deps: HandlerDeps, params: {
|
|
|
104
107
|
model?: string;
|
|
105
108
|
sessionId?: string;
|
|
106
109
|
correlationId?: string;
|
|
110
|
+
agentType?: string;
|
|
107
111
|
}): Promise<ExtendedToolResponse>;
|
|
108
112
|
export interface ResolvedWorktree {
|
|
109
113
|
cwd?: string;
|
|
@@ -120,6 +124,7 @@ export declare function resolveWorktreeForRequest(worktreeOpt: boolean | {
|
|
|
120
124
|
workspaceRoot?: string;
|
|
121
125
|
}): Promise<ResolvedWorktree>;
|
|
122
126
|
export declare function formatWorktreePrefix(worktreePath?: string): string;
|
|
127
|
+
export declare function remoteSafeWorktreePath(worktreePath?: string, workspaceRoot?: string): string | undefined;
|
|
123
128
|
export declare function createErrorResponse(cli: string, code: number, stderr: string, correlationId?: string, error?: Error, apiError?: {
|
|
124
129
|
httpStatus?: number | null;
|
|
125
130
|
responseBody?: string;
|
|
@@ -164,6 +169,7 @@ export declare function extractUsageAndCost(cli: CliType, output: string, output
|
|
|
164
169
|
cacheCreationTokens?: number;
|
|
165
170
|
costUsd?: number;
|
|
166
171
|
};
|
|
172
|
+
export declare function registerBaseResources(server: McpServer, runtime: GatewayServerRuntime): void;
|
|
167
173
|
interface CliRequestPrep {
|
|
168
174
|
corrId: string;
|
|
169
175
|
effectivePrompt: string;
|
|
@@ -212,6 +218,17 @@ export declare function prepareClaudeRequest(params: {
|
|
|
212
218
|
settingSources?: string;
|
|
213
219
|
settings?: string;
|
|
214
220
|
tools?: string[];
|
|
221
|
+
includeHookEvents?: boolean;
|
|
222
|
+
replayUserMessages?: boolean;
|
|
223
|
+
systemPromptFile?: string;
|
|
224
|
+
appendSystemPromptFile?: string;
|
|
225
|
+
name?: string;
|
|
226
|
+
pluginDir?: string[];
|
|
227
|
+
pluginUrl?: string[];
|
|
228
|
+
safeMode?: boolean;
|
|
229
|
+
bare?: boolean;
|
|
230
|
+
debug?: string | boolean;
|
|
231
|
+
debugFile?: string;
|
|
215
232
|
}, runtime?: GatewayServerRuntime): CliRequestPrep | ExtendedToolResponse;
|
|
216
233
|
export interface CodexRequestPrep extends CliRequestPrep {
|
|
217
234
|
cleanup?: () => void;
|
|
@@ -245,6 +262,14 @@ export declare function prepareCodexRequest(params: {
|
|
|
245
262
|
ignoreRules?: boolean;
|
|
246
263
|
workingDir?: string;
|
|
247
264
|
addDir?: string[];
|
|
265
|
+
enable?: string[];
|
|
266
|
+
disable?: string[];
|
|
267
|
+
strictConfig?: boolean;
|
|
268
|
+
oss?: boolean;
|
|
269
|
+
localProvider?: CodexLocalProvider;
|
|
270
|
+
color?: CodexColorMode;
|
|
271
|
+
outputLastMessage?: string;
|
|
272
|
+
dangerouslyBypassHookTrust?: boolean;
|
|
248
273
|
}, runtime?: GatewayServerRuntime): CodexRequestPrep | ExtendedToolResponse;
|
|
249
274
|
export declare function prepareGeminiRequest(params: {
|
|
250
275
|
prompt?: string;
|
|
@@ -268,6 +293,7 @@ export declare function prepareGeminiRequest(params: {
|
|
|
268
293
|
yolo?: boolean;
|
|
269
294
|
project?: string;
|
|
270
295
|
newProject?: boolean;
|
|
296
|
+
printTimeout?: string;
|
|
271
297
|
}, runtime?: GatewayServerRuntime): CliRequestPrep | ExtendedToolResponse;
|
|
272
298
|
export declare function prepareGrokRequest(params: {
|
|
273
299
|
prompt?: string;
|
|
@@ -412,6 +438,7 @@ export interface GeminiRequestParams {
|
|
|
412
438
|
yolo?: boolean;
|
|
413
439
|
project?: string;
|
|
414
440
|
newProject?: boolean;
|
|
441
|
+
printTimeout?: string;
|
|
415
442
|
workspace?: string;
|
|
416
443
|
worktree?: boolean | {
|
|
417
444
|
name?: string;
|
|
@@ -501,6 +528,12 @@ export interface DevinRequestParams {
|
|
|
501
528
|
model?: string;
|
|
502
529
|
permissionMode?: "auto" | "smart" | "dangerous";
|
|
503
530
|
promptFile?: string;
|
|
531
|
+
config?: string;
|
|
532
|
+
sandbox?: boolean;
|
|
533
|
+
exportSession?: boolean | string;
|
|
534
|
+
respectWorkspaceTrust?: boolean;
|
|
535
|
+
agentConfig?: string;
|
|
536
|
+
agentType?: DevinAcpAgentType;
|
|
504
537
|
transport?: "cli" | "acp";
|
|
505
538
|
sessionId?: string;
|
|
506
539
|
resumeLatest?: boolean;
|
|
@@ -516,6 +549,11 @@ export declare function prepareDevinRequest(params: {
|
|
|
516
549
|
model?: string;
|
|
517
550
|
permissionMode?: DevinRequestParams["permissionMode"];
|
|
518
551
|
promptFile?: string;
|
|
552
|
+
config?: string;
|
|
553
|
+
sandbox?: boolean;
|
|
554
|
+
exportSession?: boolean | string;
|
|
555
|
+
respectWorkspaceTrust?: boolean;
|
|
556
|
+
agentConfig?: string;
|
|
519
557
|
correlationId?: string;
|
|
520
558
|
optimizePrompt: boolean;
|
|
521
559
|
operation: string;
|
|
@@ -628,6 +666,14 @@ export declare function handleCodexRequestAsync(deps: AsyncHandlerDeps, params:
|
|
|
628
666
|
ignoreRules?: boolean;
|
|
629
667
|
workingDir?: string;
|
|
630
668
|
addDir?: string[];
|
|
669
|
+
enable?: string[];
|
|
670
|
+
disable?: string[];
|
|
671
|
+
strictConfig?: boolean;
|
|
672
|
+
oss?: boolean;
|
|
673
|
+
localProvider?: CodexLocalProvider;
|
|
674
|
+
color?: CodexColorMode;
|
|
675
|
+
outputLastMessage?: string;
|
|
676
|
+
dangerouslyBypassHookTrust?: boolean;
|
|
631
677
|
workspace?: string;
|
|
632
678
|
worktree?: boolean | {
|
|
633
679
|
name?: string;
|