llm-cli-gateway 2.13.2 → 2.14.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (79) hide show
  1. package/CHANGELOG.md +139 -0
  2. package/README.md +68 -29
  3. package/dist/acp/client.d.ts +29 -1
  4. package/dist/acp/client.js +78 -4
  5. package/dist/acp/errors.d.ts +9 -1
  6. package/dist/acp/errors.js +19 -0
  7. package/dist/acp/event-normalizer.d.ts +12 -0
  8. package/dist/acp/event-normalizer.js +16 -0
  9. package/dist/acp/flight-redaction.d.ts +3 -0
  10. package/dist/acp/flight-redaction.js +3 -0
  11. package/dist/acp/permission-bridge.js +11 -5
  12. package/dist/acp/process-manager.d.ts +2 -1
  13. package/dist/acp/process-manager.js +43 -4
  14. package/dist/acp/provider-registry.js +19 -11
  15. package/dist/acp/runtime.d.ts +8 -0
  16. package/dist/acp/runtime.js +47 -4
  17. package/dist/acp/types.d.ts +3083 -55
  18. package/dist/acp/types.js +242 -5
  19. package/dist/async-job-manager.d.ts +38 -1
  20. package/dist/async-job-manager.js +287 -20
  21. package/dist/codex-json-parser.d.ts +1 -0
  22. package/dist/codex-json-parser.js +6 -0
  23. package/dist/config.d.ts +19 -0
  24. package/dist/config.js +84 -1
  25. package/dist/flight-recorder.d.ts +2 -0
  26. package/dist/flight-recorder.js +20 -0
  27. package/dist/gemini-json-parser.d.ts +2 -0
  28. package/dist/gemini-json-parser.js +45 -8
  29. package/dist/grok-json-parser.d.ts +14 -0
  30. package/dist/grok-json-parser.js +156 -0
  31. package/dist/index.d.ts +47 -2
  32. package/dist/index.js +504 -122
  33. package/dist/job-store.d.ts +119 -11
  34. package/dist/job-store.js +372 -42
  35. package/dist/model-registry.d.ts +1 -0
  36. package/dist/model-registry.js +46 -0
  37. package/dist/oauth.js +2 -2
  38. package/dist/postgres-job-store-worker.d.ts +1 -0
  39. package/dist/postgres-job-store-worker.js +444 -0
  40. package/dist/pricing.d.ts +3 -2
  41. package/dist/provider-acp-capabilities.d.ts +52 -0
  42. package/dist/provider-acp-capabilities.js +101 -0
  43. package/dist/provider-admin-tools.d.ts +100 -0
  44. package/dist/provider-admin-tools.js +572 -0
  45. package/dist/provider-capability-cache.d.ts +46 -0
  46. package/dist/provider-capability-cache.js +248 -0
  47. package/dist/provider-capability-discovery.d.ts +85 -0
  48. package/dist/provider-capability-discovery.js +461 -0
  49. package/dist/provider-capability-resolver.d.ts +29 -0
  50. package/dist/provider-capability-resolver.js +92 -0
  51. package/dist/provider-definition-assertions.d.ts +9 -0
  52. package/dist/provider-definition-assertions.js +147 -0
  53. package/dist/provider-definitions.d.ts +127 -0
  54. package/dist/provider-definitions.js +758 -0
  55. package/dist/provider-help-parser.d.ts +34 -0
  56. package/dist/provider-help-parser.js +203 -0
  57. package/dist/provider-model-discovery.d.ts +30 -0
  58. package/dist/provider-model-discovery.js +229 -0
  59. package/dist/provider-output-metadata.d.ts +7 -0
  60. package/dist/provider-output-metadata.js +68 -0
  61. package/dist/provider-schema-builder.d.ts +22 -0
  62. package/dist/provider-schema-builder.js +55 -0
  63. package/dist/provider-surface-generator.d.ts +98 -0
  64. package/dist/provider-surface-generator.js +140 -0
  65. package/dist/provider-tool-capabilities.d.ts +3 -2
  66. package/dist/provider-tool-capabilities.js +77 -62
  67. package/dist/request-helpers.d.ts +37 -4
  68. package/dist/request-helpers.js +134 -0
  69. package/dist/resources.d.ts +6 -1
  70. package/dist/resources.js +64 -192
  71. package/dist/session-manager.js +18 -11
  72. package/dist/sqlite-driver.d.ts +1 -1
  73. package/dist/sqlite-driver.js +2 -1
  74. package/dist/stream-json-parser.d.ts +1 -0
  75. package/dist/stream-json-parser.js +3 -0
  76. package/dist/upstream-contracts.d.ts +17 -1
  77. package/dist/upstream-contracts.js +209 -36
  78. package/npm-shrinkwrap.json +2 -2
  79. package/package.json +8 -3
@@ -0,0 +1,101 @@
1
+ import { redactAcpMessage } from "./acp/errors.js";
2
+ import { BASELINE_ACP_METHODS, deriveAcpMethodAvailability, } from "./acp/types.js";
3
+ import { getProviderDefinition } from "./provider-definitions.js";
4
+ export function deriveSupportedMethodsFromDiscovered(parsed) {
5
+ const init = {
6
+ protocolVersion: typeof parsed.protocolVersion === "number" ? parsed.protocolVersion : 0,
7
+ agentCapabilities: parsed.agentCapabilities ?? undefined,
8
+ authMethods: parsed.authMethods.map(id => ({ id })),
9
+ };
10
+ const methods = new Set(deriveAcpMethodAvailability(init));
11
+ for (const method of parsed.knownMethods) {
12
+ methods.add(method);
13
+ }
14
+ return [...methods].sort();
15
+ }
16
+ function hostServicePolicy(config) {
17
+ return {
18
+ filesystemRead: "deny-by-default",
19
+ filesystemWriteAllowed: config?.allowWriteHostServices ?? false,
20
+ terminalAllowed: config?.allowTerminalHostServices ?? false,
21
+ mutatingSessionOpsAllowed: config?.allowMutatingSessionOps ?? false,
22
+ permissionRouting: "approval-manager",
23
+ unknownToolKind: "deny-by-default",
24
+ };
25
+ }
26
+ export function buildProviderAcpCapabilityRecord(provider, options = {}) {
27
+ const def = getProviderDefinition(provider);
28
+ const acp = def.acp;
29
+ const native = acp.classification === "native";
30
+ const policy = hostServicePolicy(options.acpConfig);
31
+ if (!native) {
32
+ return {
33
+ schemaVersion: "provider-acp-capability.v1",
34
+ provider,
35
+ displayName: def.displayName,
36
+ native: false,
37
+ nativeEntrypoint: null,
38
+ entrypoint: null,
39
+ probeArgv: [],
40
+ agentTypes: [],
41
+ evidence: acp.evidence,
42
+ initialize: null,
43
+ supportedSessionMethods: [],
44
+ hostServicePolicy: policy,
45
+ };
46
+ }
47
+ const discovered = options.discovered ?? null;
48
+ const initialize = discovered
49
+ ? {
50
+ source: "discovered",
51
+ degraded: options.discoveredDegraded ?? false,
52
+ protocolVersion: discovered.protocolVersion,
53
+ agentInfo: discovered.agentInfo
54
+ ? {
55
+ ...(discovered.agentInfo.name !== undefined
56
+ ? { name: redactAcpMessage(discovered.agentInfo.name) }
57
+ : {}),
58
+ ...(discovered.agentInfo.version !== undefined
59
+ ? { version: redactAcpMessage(discovered.agentInfo.version) }
60
+ : {}),
61
+ }
62
+ : null,
63
+ authMethods: discovered.authMethods,
64
+ promptCapabilities: discovered.promptCapabilities,
65
+ mcpCapabilities: discovered.mcpCapabilities,
66
+ sessionCapabilities: discovered.sessionCapabilities,
67
+ extensionMethods: discovered.extensionMethods,
68
+ }
69
+ : {
70
+ source: "static-fallback",
71
+ degraded: false,
72
+ protocolVersion: null,
73
+ agentInfo: null,
74
+ authMethods: [],
75
+ promptCapabilities: [],
76
+ mcpCapabilities: [],
77
+ sessionCapabilities: [],
78
+ extensionMethods: [],
79
+ };
80
+ const supportedSessionMethods = discovered
81
+ ? deriveSupportedMethodsFromDiscovered(discovered)
82
+ : [...BASELINE_ACP_METHODS].sort();
83
+ return {
84
+ schemaVersion: "provider-acp-capability.v1",
85
+ provider,
86
+ displayName: def.displayName,
87
+ native: true,
88
+ nativeEntrypoint: acp.nativeEntrypoint,
89
+ entrypoint: acp.entrypoint
90
+ ? { command: acp.entrypoint.command, args: [...acp.entrypoint.args] }
91
+ : null,
92
+ probeArgv: acp.probeArgv.map(argv => [...argv]),
93
+ agentTypes: acp.agentTypes
94
+ ? acp.agentTypes.map(t => ({ id: t.id, description: t.description }))
95
+ : [],
96
+ evidence: acp.evidence,
97
+ initialize,
98
+ supportedSessionMethods,
99
+ hostServicePolicy: policy,
100
+ };
101
+ }
@@ -0,0 +1,100 @@
1
+ import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
2
+ import { type ExecuteResult } from "./executor.js";
3
+ import { type Logger } from "./logger.js";
4
+ import { type CliType, type ProviderAdminFamily, type ProviderDefinition } from "./provider-definitions.js";
5
+ import type { DiscoveredCapabilitySet } from "./provider-capability-discovery.js";
6
+ import { type CliSubcommandExposure, type CliSubcommandRisk } from "./upstream-contracts.js";
7
+ import type { ApprovalManager } from "./approval-manager.js";
8
+ import { type GatewayRequestContext } from "./request-context.js";
9
+ export declare function adminRiskToExposure(risk: CliSubcommandRisk): CliSubcommandExposure;
10
+ export declare function classifyOperationRisk(operationName: string, familyRisk: CliSubcommandRisk, opts?: {
11
+ isSubcommand?: boolean;
12
+ }): CliSubcommandRisk;
13
+ export declare function familyBaseRisk(provider: CliType, fam: ProviderAdminFamily): CliSubcommandRisk;
14
+ export type AdminDiscoverySource = "subcommand-help" | "root-help" | "not-advertised" | "no-discovery";
15
+ export interface AdminOperation {
16
+ readonly provider: CliType;
17
+ readonly family: string;
18
+ readonly operationId: string;
19
+ readonly argv: readonly string[];
20
+ readonly risk: CliSubcommandRisk;
21
+ readonly exposure: CliSubcommandExposure;
22
+ readonly mutating: boolean;
23
+ readonly available: boolean;
24
+ readonly discoverySource: AdminDiscoverySource;
25
+ readonly summary: string;
26
+ }
27
+ export declare function projectProviderAdminOperations(def: ProviderDefinition, discovered: DiscoveredCapabilitySet | null): AdminOperation[];
28
+ export interface AdminCatalogRow {
29
+ readonly provider: CliType;
30
+ readonly operationId: string;
31
+ readonly family: string;
32
+ readonly argv: readonly string[];
33
+ readonly risk: CliSubcommandRisk;
34
+ readonly exposure: CliSubcommandExposure;
35
+ readonly mutating: boolean;
36
+ readonly available: boolean;
37
+ readonly discoverySource: AdminDiscoverySource;
38
+ readonly summary: string;
39
+ }
40
+ export declare function buildProviderAdminCatalog(options?: {
41
+ provider?: CliType;
42
+ lookup?: (id: CliType) => DiscoveredCapabilitySet | null;
43
+ includeUnavailable?: boolean;
44
+ }): AdminCatalogRow[];
45
+ export declare function redactAdminOutput(text: string): string;
46
+ export type AdminCommandRunner = (executable: string, argv: readonly string[], options: {
47
+ timeoutMs?: number;
48
+ }) => Promise<ExecuteResult>;
49
+ export declare function isSafeAdminToken(token: string): boolean;
50
+ export interface AdminRunResult {
51
+ readonly ok: boolean;
52
+ readonly provider: CliType;
53
+ readonly operationId: string;
54
+ readonly argv: readonly string[];
55
+ readonly exitCode: number | null;
56
+ readonly stdout: string;
57
+ readonly stderr: string;
58
+ readonly redacted: true;
59
+ readonly error?: string;
60
+ }
61
+ export declare function runReadOnlyAdminOperation(op: AdminOperation, deps?: {
62
+ runner?: AdminCommandRunner;
63
+ timeoutMs?: number;
64
+ logger?: Logger;
65
+ }): Promise<AdminRunResult>;
66
+ export interface AdminAuditRecord {
67
+ readonly ts: string;
68
+ readonly provider: CliType;
69
+ readonly operationId: string;
70
+ readonly argv: readonly string[];
71
+ readonly outcome: "gate_closed" | "denied" | "approved" | "executed";
72
+ readonly approvalId?: string;
73
+ readonly exitCode?: number | null;
74
+ readonly principal?: string;
75
+ }
76
+ export declare function defaultAdminAuditPath(): string;
77
+ export type AdminAuditSink = (record: AdminAuditRecord) => void;
78
+ export declare function defaultAdminAuditSink(auditPath?: string): AdminAuditSink;
79
+ export declare function appendAdminAudit(record: AdminAuditRecord, auditPath?: string): void;
80
+ export interface AdminMutateContext {
81
+ readonly allowMutating: boolean;
82
+ readonly remoteCaller?: boolean;
83
+ readonly remoteAdminAllowed?: boolean;
84
+ readonly approvalManager: ApprovalManager;
85
+ readonly runner?: AdminCommandRunner;
86
+ readonly timeoutMs?: number;
87
+ readonly logger?: Logger;
88
+ readonly principal?: string;
89
+ readonly auditPath?: string;
90
+ readonly auditSink?: AdminAuditSink;
91
+ }
92
+ export declare function runMutatingAdminOperation(op: AdminOperation, ctx: AdminMutateContext): Promise<AdminRunResult>;
93
+ export declare function isRemoteAdminCaller(ctx: GatewayRequestContext | undefined): boolean;
94
+ export declare function remoteCliAdminEnabled(ctx: GatewayRequestContext | undefined): boolean;
95
+ export interface ProviderAdminToolRuntime {
96
+ readonly approvalManager: ApprovalManager;
97
+ readonly logger: Logger;
98
+ readonly allowMutatingCliAdminOps: boolean;
99
+ }
100
+ export declare function registerProviderAdminTools(server: McpServer, runtime: ProviderAdminToolRuntime): void;