llm-cli-gateway 2.13.2 → 2.14.0-rc.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +97 -0
- package/README.md +53 -26
- package/dist/acp/client.d.ts +29 -1
- package/dist/acp/client.js +78 -4
- package/dist/acp/errors.d.ts +9 -1
- package/dist/acp/errors.js +19 -0
- package/dist/acp/event-normalizer.d.ts +12 -0
- package/dist/acp/event-normalizer.js +16 -0
- package/dist/acp/flight-redaction.d.ts +3 -0
- package/dist/acp/flight-redaction.js +3 -0
- package/dist/acp/permission-bridge.js +11 -5
- package/dist/acp/process-manager.d.ts +2 -1
- package/dist/acp/process-manager.js +43 -4
- package/dist/acp/provider-registry.js +19 -11
- package/dist/acp/runtime.d.ts +8 -0
- package/dist/acp/runtime.js +47 -4
- package/dist/acp/types.d.ts +3083 -55
- package/dist/acp/types.js +242 -5
- package/dist/async-job-manager.d.ts +2 -0
- package/dist/async-job-manager.js +11 -0
- package/dist/codex-json-parser.d.ts +1 -0
- package/dist/codex-json-parser.js +6 -0
- package/dist/config.d.ts +8 -0
- package/dist/config.js +47 -0
- package/dist/flight-recorder.d.ts +2 -0
- package/dist/flight-recorder.js +20 -0
- package/dist/gemini-json-parser.d.ts +2 -0
- package/dist/gemini-json-parser.js +45 -8
- package/dist/grok-json-parser.d.ts +14 -0
- package/dist/grok-json-parser.js +156 -0
- package/dist/index.d.ts +47 -2
- package/dist/index.js +484 -119
- package/dist/job-store.d.ts +45 -7
- package/dist/job-store.js +138 -17
- package/dist/model-registry.d.ts +1 -0
- package/dist/model-registry.js +46 -0
- package/dist/oauth.js +2 -2
- package/dist/postgres-job-store-worker.d.ts +1 -0
- package/dist/postgres-job-store-worker.js +327 -0
- package/dist/pricing.d.ts +3 -2
- package/dist/provider-acp-capabilities.d.ts +52 -0
- package/dist/provider-acp-capabilities.js +101 -0
- package/dist/provider-admin-tools.d.ts +100 -0
- package/dist/provider-admin-tools.js +572 -0
- package/dist/provider-capability-cache.d.ts +46 -0
- package/dist/provider-capability-cache.js +248 -0
- package/dist/provider-capability-discovery.d.ts +85 -0
- package/dist/provider-capability-discovery.js +461 -0
- package/dist/provider-capability-resolver.d.ts +29 -0
- package/dist/provider-capability-resolver.js +92 -0
- package/dist/provider-definition-assertions.d.ts +9 -0
- package/dist/provider-definition-assertions.js +147 -0
- package/dist/provider-definitions.d.ts +127 -0
- package/dist/provider-definitions.js +758 -0
- package/dist/provider-help-parser.d.ts +34 -0
- package/dist/provider-help-parser.js +203 -0
- package/dist/provider-model-discovery.d.ts +30 -0
- package/dist/provider-model-discovery.js +229 -0
- package/dist/provider-output-metadata.d.ts +7 -0
- package/dist/provider-output-metadata.js +68 -0
- package/dist/provider-schema-builder.d.ts +22 -0
- package/dist/provider-schema-builder.js +55 -0
- package/dist/provider-surface-generator.d.ts +98 -0
- package/dist/provider-surface-generator.js +140 -0
- package/dist/provider-tool-capabilities.d.ts +3 -2
- package/dist/provider-tool-capabilities.js +77 -62
- package/dist/request-helpers.d.ts +37 -4
- package/dist/request-helpers.js +134 -0
- package/dist/resources.d.ts +6 -1
- package/dist/resources.js +64 -192
- package/dist/session-manager.js +18 -11
- package/dist/stream-json-parser.d.ts +1 -0
- package/dist/stream-json-parser.js +3 -0
- package/dist/upstream-contracts.d.ts +17 -1
- package/dist/upstream-contracts.js +209 -36
- package/npm-shrinkwrap.json +2 -2
- package/package.json +8 -3
package/dist/pricing.d.ts
CHANGED
|
@@ -1,8 +1,9 @@
|
|
|
1
|
+
import type { CliType } from "./provider-types.js";
|
|
1
2
|
export interface PricePerMillion {
|
|
2
3
|
inputUsd: number;
|
|
3
4
|
outputUsd: number;
|
|
4
5
|
cacheReadMultiplier: number;
|
|
5
6
|
}
|
|
6
7
|
export declare const PRICING_AS_OF = "2026-06-13";
|
|
7
|
-
export declare function getPricing(cli:
|
|
8
|
-
export declare function estimateCacheSavingsUsd(cli:
|
|
8
|
+
export declare function getPricing(cli: CliType, model: string): PricePerMillion;
|
|
9
|
+
export declare function estimateCacheSavingsUsd(cli: CliType, model: string, cacheReadTokens: number): number;
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
import type { AcpConfig } from "./config.js";
|
|
2
|
+
import type { ParsedAcpInitialize } from "./provider-capability-discovery.js";
|
|
3
|
+
import type { CliType } from "./session-manager.js";
|
|
4
|
+
export interface AcpHostServicePolicy {
|
|
5
|
+
readonly filesystemRead: "deny-by-default";
|
|
6
|
+
readonly filesystemWriteAllowed: boolean;
|
|
7
|
+
readonly terminalAllowed: boolean;
|
|
8
|
+
readonly mutatingSessionOpsAllowed: boolean;
|
|
9
|
+
readonly permissionRouting: "approval-manager";
|
|
10
|
+
readonly unknownToolKind: "deny-by-default";
|
|
11
|
+
}
|
|
12
|
+
export interface ProviderAcpInitializeDetail {
|
|
13
|
+
readonly source: "discovered" | "static-fallback";
|
|
14
|
+
readonly degraded: boolean;
|
|
15
|
+
readonly protocolVersion: number | string | null;
|
|
16
|
+
readonly agentInfo: {
|
|
17
|
+
readonly name?: string;
|
|
18
|
+
readonly version?: string;
|
|
19
|
+
} | null;
|
|
20
|
+
readonly authMethods: readonly string[];
|
|
21
|
+
readonly promptCapabilities: readonly string[];
|
|
22
|
+
readonly mcpCapabilities: readonly string[];
|
|
23
|
+
readonly sessionCapabilities: readonly string[];
|
|
24
|
+
readonly extensionMethods: readonly string[];
|
|
25
|
+
}
|
|
26
|
+
export interface ProviderAcpCapabilityRecord {
|
|
27
|
+
readonly schemaVersion: "provider-acp-capability.v1";
|
|
28
|
+
readonly provider: CliType;
|
|
29
|
+
readonly displayName: string;
|
|
30
|
+
readonly native: boolean;
|
|
31
|
+
readonly nativeEntrypoint: string | null;
|
|
32
|
+
readonly entrypoint: {
|
|
33
|
+
readonly command: string;
|
|
34
|
+
readonly args: readonly string[];
|
|
35
|
+
} | null;
|
|
36
|
+
readonly probeArgv: readonly (readonly string[])[];
|
|
37
|
+
readonly agentTypes: readonly {
|
|
38
|
+
readonly id: string;
|
|
39
|
+
readonly description: string;
|
|
40
|
+
}[];
|
|
41
|
+
readonly evidence: string;
|
|
42
|
+
readonly initialize: ProviderAcpInitializeDetail | null;
|
|
43
|
+
readonly supportedSessionMethods: readonly string[];
|
|
44
|
+
readonly hostServicePolicy: AcpHostServicePolicy;
|
|
45
|
+
}
|
|
46
|
+
export declare function deriveSupportedMethodsFromDiscovered(parsed: ParsedAcpInitialize): readonly string[];
|
|
47
|
+
export interface BuildProviderAcpRecordOptions {
|
|
48
|
+
readonly discovered?: ParsedAcpInitialize | null;
|
|
49
|
+
readonly discoveredDegraded?: boolean;
|
|
50
|
+
readonly acpConfig?: AcpConfig | null;
|
|
51
|
+
}
|
|
52
|
+
export declare function buildProviderAcpCapabilityRecord(provider: CliType, options?: BuildProviderAcpRecordOptions): ProviderAcpCapabilityRecord;
|
|
@@ -0,0 +1,101 @@
|
|
|
1
|
+
import { redactAcpMessage } from "./acp/errors.js";
|
|
2
|
+
import { BASELINE_ACP_METHODS, deriveAcpMethodAvailability, } from "./acp/types.js";
|
|
3
|
+
import { getProviderDefinition } from "./provider-definitions.js";
|
|
4
|
+
export function deriveSupportedMethodsFromDiscovered(parsed) {
|
|
5
|
+
const init = {
|
|
6
|
+
protocolVersion: typeof parsed.protocolVersion === "number" ? parsed.protocolVersion : 0,
|
|
7
|
+
agentCapabilities: parsed.agentCapabilities ?? undefined,
|
|
8
|
+
authMethods: parsed.authMethods.map(id => ({ id })),
|
|
9
|
+
};
|
|
10
|
+
const methods = new Set(deriveAcpMethodAvailability(init));
|
|
11
|
+
for (const method of parsed.knownMethods) {
|
|
12
|
+
methods.add(method);
|
|
13
|
+
}
|
|
14
|
+
return [...methods].sort();
|
|
15
|
+
}
|
|
16
|
+
function hostServicePolicy(config) {
|
|
17
|
+
return {
|
|
18
|
+
filesystemRead: "deny-by-default",
|
|
19
|
+
filesystemWriteAllowed: config?.allowWriteHostServices ?? false,
|
|
20
|
+
terminalAllowed: config?.allowTerminalHostServices ?? false,
|
|
21
|
+
mutatingSessionOpsAllowed: config?.allowMutatingSessionOps ?? false,
|
|
22
|
+
permissionRouting: "approval-manager",
|
|
23
|
+
unknownToolKind: "deny-by-default",
|
|
24
|
+
};
|
|
25
|
+
}
|
|
26
|
+
export function buildProviderAcpCapabilityRecord(provider, options = {}) {
|
|
27
|
+
const def = getProviderDefinition(provider);
|
|
28
|
+
const acp = def.acp;
|
|
29
|
+
const native = acp.classification === "native";
|
|
30
|
+
const policy = hostServicePolicy(options.acpConfig);
|
|
31
|
+
if (!native) {
|
|
32
|
+
return {
|
|
33
|
+
schemaVersion: "provider-acp-capability.v1",
|
|
34
|
+
provider,
|
|
35
|
+
displayName: def.displayName,
|
|
36
|
+
native: false,
|
|
37
|
+
nativeEntrypoint: null,
|
|
38
|
+
entrypoint: null,
|
|
39
|
+
probeArgv: [],
|
|
40
|
+
agentTypes: [],
|
|
41
|
+
evidence: acp.evidence,
|
|
42
|
+
initialize: null,
|
|
43
|
+
supportedSessionMethods: [],
|
|
44
|
+
hostServicePolicy: policy,
|
|
45
|
+
};
|
|
46
|
+
}
|
|
47
|
+
const discovered = options.discovered ?? null;
|
|
48
|
+
const initialize = discovered
|
|
49
|
+
? {
|
|
50
|
+
source: "discovered",
|
|
51
|
+
degraded: options.discoveredDegraded ?? false,
|
|
52
|
+
protocolVersion: discovered.protocolVersion,
|
|
53
|
+
agentInfo: discovered.agentInfo
|
|
54
|
+
? {
|
|
55
|
+
...(discovered.agentInfo.name !== undefined
|
|
56
|
+
? { name: redactAcpMessage(discovered.agentInfo.name) }
|
|
57
|
+
: {}),
|
|
58
|
+
...(discovered.agentInfo.version !== undefined
|
|
59
|
+
? { version: redactAcpMessage(discovered.agentInfo.version) }
|
|
60
|
+
: {}),
|
|
61
|
+
}
|
|
62
|
+
: null,
|
|
63
|
+
authMethods: discovered.authMethods,
|
|
64
|
+
promptCapabilities: discovered.promptCapabilities,
|
|
65
|
+
mcpCapabilities: discovered.mcpCapabilities,
|
|
66
|
+
sessionCapabilities: discovered.sessionCapabilities,
|
|
67
|
+
extensionMethods: discovered.extensionMethods,
|
|
68
|
+
}
|
|
69
|
+
: {
|
|
70
|
+
source: "static-fallback",
|
|
71
|
+
degraded: false,
|
|
72
|
+
protocolVersion: null,
|
|
73
|
+
agentInfo: null,
|
|
74
|
+
authMethods: [],
|
|
75
|
+
promptCapabilities: [],
|
|
76
|
+
mcpCapabilities: [],
|
|
77
|
+
sessionCapabilities: [],
|
|
78
|
+
extensionMethods: [],
|
|
79
|
+
};
|
|
80
|
+
const supportedSessionMethods = discovered
|
|
81
|
+
? deriveSupportedMethodsFromDiscovered(discovered)
|
|
82
|
+
: [...BASELINE_ACP_METHODS].sort();
|
|
83
|
+
return {
|
|
84
|
+
schemaVersion: "provider-acp-capability.v1",
|
|
85
|
+
provider,
|
|
86
|
+
displayName: def.displayName,
|
|
87
|
+
native: true,
|
|
88
|
+
nativeEntrypoint: acp.nativeEntrypoint,
|
|
89
|
+
entrypoint: acp.entrypoint
|
|
90
|
+
? { command: acp.entrypoint.command, args: [...acp.entrypoint.args] }
|
|
91
|
+
: null,
|
|
92
|
+
probeArgv: acp.probeArgv.map(argv => [...argv]),
|
|
93
|
+
agentTypes: acp.agentTypes
|
|
94
|
+
? acp.agentTypes.map(t => ({ id: t.id, description: t.description }))
|
|
95
|
+
: [],
|
|
96
|
+
evidence: acp.evidence,
|
|
97
|
+
initialize,
|
|
98
|
+
supportedSessionMethods,
|
|
99
|
+
hostServicePolicy: policy,
|
|
100
|
+
};
|
|
101
|
+
}
|
|
@@ -0,0 +1,100 @@
|
|
|
1
|
+
import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
|
|
2
|
+
import { type ExecuteResult } from "./executor.js";
|
|
3
|
+
import { type Logger } from "./logger.js";
|
|
4
|
+
import { type CliType, type ProviderAdminFamily, type ProviderDefinition } from "./provider-definitions.js";
|
|
5
|
+
import type { DiscoveredCapabilitySet } from "./provider-capability-discovery.js";
|
|
6
|
+
import { type CliSubcommandExposure, type CliSubcommandRisk } from "./upstream-contracts.js";
|
|
7
|
+
import type { ApprovalManager } from "./approval-manager.js";
|
|
8
|
+
import { type GatewayRequestContext } from "./request-context.js";
|
|
9
|
+
export declare function adminRiskToExposure(risk: CliSubcommandRisk): CliSubcommandExposure;
|
|
10
|
+
export declare function classifyOperationRisk(operationName: string, familyRisk: CliSubcommandRisk, opts?: {
|
|
11
|
+
isSubcommand?: boolean;
|
|
12
|
+
}): CliSubcommandRisk;
|
|
13
|
+
export declare function familyBaseRisk(provider: CliType, fam: ProviderAdminFamily): CliSubcommandRisk;
|
|
14
|
+
export type AdminDiscoverySource = "subcommand-help" | "root-help" | "not-advertised" | "no-discovery";
|
|
15
|
+
export interface AdminOperation {
|
|
16
|
+
readonly provider: CliType;
|
|
17
|
+
readonly family: string;
|
|
18
|
+
readonly operationId: string;
|
|
19
|
+
readonly argv: readonly string[];
|
|
20
|
+
readonly risk: CliSubcommandRisk;
|
|
21
|
+
readonly exposure: CliSubcommandExposure;
|
|
22
|
+
readonly mutating: boolean;
|
|
23
|
+
readonly available: boolean;
|
|
24
|
+
readonly discoverySource: AdminDiscoverySource;
|
|
25
|
+
readonly summary: string;
|
|
26
|
+
}
|
|
27
|
+
export declare function projectProviderAdminOperations(def: ProviderDefinition, discovered: DiscoveredCapabilitySet | null): AdminOperation[];
|
|
28
|
+
export interface AdminCatalogRow {
|
|
29
|
+
readonly provider: CliType;
|
|
30
|
+
readonly operationId: string;
|
|
31
|
+
readonly family: string;
|
|
32
|
+
readonly argv: readonly string[];
|
|
33
|
+
readonly risk: CliSubcommandRisk;
|
|
34
|
+
readonly exposure: CliSubcommandExposure;
|
|
35
|
+
readonly mutating: boolean;
|
|
36
|
+
readonly available: boolean;
|
|
37
|
+
readonly discoverySource: AdminDiscoverySource;
|
|
38
|
+
readonly summary: string;
|
|
39
|
+
}
|
|
40
|
+
export declare function buildProviderAdminCatalog(options?: {
|
|
41
|
+
provider?: CliType;
|
|
42
|
+
lookup?: (id: CliType) => DiscoveredCapabilitySet | null;
|
|
43
|
+
includeUnavailable?: boolean;
|
|
44
|
+
}): AdminCatalogRow[];
|
|
45
|
+
export declare function redactAdminOutput(text: string): string;
|
|
46
|
+
export type AdminCommandRunner = (executable: string, argv: readonly string[], options: {
|
|
47
|
+
timeoutMs?: number;
|
|
48
|
+
}) => Promise<ExecuteResult>;
|
|
49
|
+
export declare function isSafeAdminToken(token: string): boolean;
|
|
50
|
+
export interface AdminRunResult {
|
|
51
|
+
readonly ok: boolean;
|
|
52
|
+
readonly provider: CliType;
|
|
53
|
+
readonly operationId: string;
|
|
54
|
+
readonly argv: readonly string[];
|
|
55
|
+
readonly exitCode: number | null;
|
|
56
|
+
readonly stdout: string;
|
|
57
|
+
readonly stderr: string;
|
|
58
|
+
readonly redacted: true;
|
|
59
|
+
readonly error?: string;
|
|
60
|
+
}
|
|
61
|
+
export declare function runReadOnlyAdminOperation(op: AdminOperation, deps?: {
|
|
62
|
+
runner?: AdminCommandRunner;
|
|
63
|
+
timeoutMs?: number;
|
|
64
|
+
logger?: Logger;
|
|
65
|
+
}): Promise<AdminRunResult>;
|
|
66
|
+
export interface AdminAuditRecord {
|
|
67
|
+
readonly ts: string;
|
|
68
|
+
readonly provider: CliType;
|
|
69
|
+
readonly operationId: string;
|
|
70
|
+
readonly argv: readonly string[];
|
|
71
|
+
readonly outcome: "gate_closed" | "denied" | "approved" | "executed";
|
|
72
|
+
readonly approvalId?: string;
|
|
73
|
+
readonly exitCode?: number | null;
|
|
74
|
+
readonly principal?: string;
|
|
75
|
+
}
|
|
76
|
+
export declare function defaultAdminAuditPath(): string;
|
|
77
|
+
export type AdminAuditSink = (record: AdminAuditRecord) => void;
|
|
78
|
+
export declare function defaultAdminAuditSink(auditPath?: string): AdminAuditSink;
|
|
79
|
+
export declare function appendAdminAudit(record: AdminAuditRecord, auditPath?: string): void;
|
|
80
|
+
export interface AdminMutateContext {
|
|
81
|
+
readonly allowMutating: boolean;
|
|
82
|
+
readonly remoteCaller?: boolean;
|
|
83
|
+
readonly remoteAdminAllowed?: boolean;
|
|
84
|
+
readonly approvalManager: ApprovalManager;
|
|
85
|
+
readonly runner?: AdminCommandRunner;
|
|
86
|
+
readonly timeoutMs?: number;
|
|
87
|
+
readonly logger?: Logger;
|
|
88
|
+
readonly principal?: string;
|
|
89
|
+
readonly auditPath?: string;
|
|
90
|
+
readonly auditSink?: AdminAuditSink;
|
|
91
|
+
}
|
|
92
|
+
export declare function runMutatingAdminOperation(op: AdminOperation, ctx: AdminMutateContext): Promise<AdminRunResult>;
|
|
93
|
+
export declare function isRemoteAdminCaller(ctx: GatewayRequestContext | undefined): boolean;
|
|
94
|
+
export declare function remoteCliAdminEnabled(ctx: GatewayRequestContext | undefined): boolean;
|
|
95
|
+
export interface ProviderAdminToolRuntime {
|
|
96
|
+
readonly approvalManager: ApprovalManager;
|
|
97
|
+
readonly logger: Logger;
|
|
98
|
+
readonly allowMutatingCliAdminOps: boolean;
|
|
99
|
+
}
|
|
100
|
+
export declare function registerProviderAdminTools(server: McpServer, runtime: ProviderAdminToolRuntime): void;
|