llm-cli-gateway 2.6.3 → 2.7.0

package/CHANGELOG.md

@@ -4,6 +4,52 @@ All notable changes to the llm-cli-gateway project.
 
 ## Unreleased
 
+## [2.7.0] - 2026-06-12: Provider capability inventory
+
+### Added
+
+- Added `provider_tool_capabilities`, a read-only MCP tool that reports the
+  gateway request tools, provider kind, supported controls, feature flags,
+  model info, config-surface hints, local skill discovery, provider-native tool
+  discovery, unsupported/degraded inputs, warnings, and cache metadata for
+  Claude Code, Codex CLI, Gemini/Antigravity (`agy`), Grok CLI, optional
+  `grok_api`, and Mistral Vibe.
+- Added `provider-tools://catalog` and per-provider resources
+  `provider-tools://claude`, `provider-tools://codex`,
+  `provider-tools://gemini`, `provider-tools://grok`,
+  `provider-tools://grok_api`, and `provider-tools://mistral` for clients that
+  prefer resource discovery over tool calls.
+- Added `doctor --json` `provider_capabilities`, a compact setup-assistant
+  summary with schema version, resource URIs, per-provider request tools,
+  supported feature names, unsupported input names, config-surface counts,
+  discovered skill/tool counts, and warnings without raw local paths.
+- Added bounded, redacted local skill/config discovery for provider capability
+  reporting. Grok local/bundled skills can now surface provider-native tools
+  such as Imagine `image_gen`, `image_edit`, `image_to_video`, and
+  `reference_to_video` when present, while keeping execution routed through
+  `grok_request`.
+
+### Changed
+
+- Updated agent skills so LLM agents have provider-specific gateway usage
+  guidance for Claude, Codex, Gemini/Antigravity (`agy`), Grok, and Mistral
+  Vibe, and so orchestration skills check `provider_tool_capabilities` before
+  assuming tool allowlists, MCP-server semantics, sessions, output formats, or
+  provider-native tools.
+- Updated setup assistant guidance and `setup/status.schema.json` so install
+  agents treat `doctor.provider_capabilities` as the compact source of truth
+  for outbound provider capability claims.
+- Documented the intentionally published prod-only `npm-shrinkwrap.json` in
+  README and `socket.yml`, including the release audit and packed-consumer
+  checks that bound the shrinkwrap and shell-spawn Socket alerts.
+
+### Fixed
+
+- Corrected stale internal skill guidance that described Codex continuity as
+  bookkeeping-only, described Gemini allowlists/MCP allowlists as pass-through,
+  omitted Mistral async from async orchestration docs, or encouraged copying
+  Claude tool names into other provider allowlists.
+
 ## [2.6.3] - 2026-06-12: Claude cache-control veracity and Grok 0.2.50
 
 ### Fixed

package/README.md

@@ -62,6 +62,8 @@ The next documentation focus is provider-specific skill and DAG-TOML pairs for e
 - Security CI runs actionlint, zizmor, shellcheck, typos, osv-scanner, gitleaks, and lychee.
 - GitHub release installer artifacts are checksummed and signed with Sigstore keyless signing.
 - npm releases use provenance through OIDC trusted publishing.
+- The npm package intentionally ships a generated, prod-only `npm-shrinkwrap.json` so registry installs resolve the audited release tree. Release gates regenerate it from `package-lock.json`, compare for parity, and run a registry-fidelity consumer install before publishing.
+- Socket behavioural alerts are documented in [`socket.yml`](./socket.yml) and under "Security Considerations" below. `shellAccess` and `shrinkwrap` are reviewed package capabilities/configuration for this CLI appliance, not hidden install behaviour.
 
 ## Personal MCP Appliance
 
@@ -167,6 +169,7 @@ docker compose -f docker/personal.compose.yml run --rm doctor
 - **SQLite Flight Recorder**: Every request/response logged to `~/.llm-cli-gateway/logs.db` with correlation IDs, token usage, duration, retry counts, and circuit breaker state. Browse with [Datasette](https://datasette.io/): `datasette ~/.llm-cli-gateway/logs.db`
 - **Structured Metadata**: Tool responses include machine-readable `structuredContent` (model, cli, correlationId, sessionId, durationMs, token counts)
 - **Cache observability resources**: `cache-state://global`, `cache-state://session/{id}`, and `cache-state://prefix/{hash}` MCP resources return aggregate cache hit/miss/savings — tokens and hashes only, no prompt text. `session_get` includes a `cacheState` block when the session has prior requests.
+- **Provider capability inventory**: `provider_tool_capabilities` and `provider-tools://catalog` expose the gateway request fields, supported/degraded provider controls, local skill/tool discovery, and safe config-surface hints for Claude Code, Codex CLI, Gemini/Antigravity, Grok CLI/API, and Mistral Vibe. `doctor --json` includes a compact `provider_capabilities` summary for setup assistants.
 
 ### Cache-aware operation
 
@@ -1019,6 +1022,42 @@ GEMINI_HISTORY_ROOT=/path/to/.gemini/tmp
 LLM_GATEWAY_DISABLE_MODEL_DISCOVERY=1
 ```
 
+##### `provider_tool_capabilities`
+
+Report the provider tool and feature capability catalog. Use this before
+orchestrating provider-specific requests so callers can distinguish supported
+controls, provider-owned configuration, ignored parity fields, and unsupported
+inputs.
+
+**Parameters:**
+
+- `cli` (string, optional): Provider filter (`"claude"`, `"codex"`, `"gemini"`, `"grok"`, `"grok_api"`, or `"mistral"`)
+- `includeSkills` (boolean, default `true`): Include bounded local skill discovery
+- `includeProviderTools` (boolean, default `true`): Include provider-native tools extracted from discovered skills
+- `includeUnsupported` (boolean, default `true`): Include explicit unsupported/degraded input records
+- `includePaths` (boolean, default `false`): Include raw local filesystem paths in discovery output
+- `refresh` (boolean, default `false`): Bypass the short-lived capability cache
+
+The response schema is `provider-tool-capabilities.v2`. Capability discovery is
+read-only and bounded; raw local paths are redacted unless `includePaths` is
+explicitly true, and secret-bearing auth files are not read.
+
+Equivalent MCP resources:
+
+- `provider-tools://catalog`: full provider catalog
+- `provider-tools://claude`
+- `provider-tools://codex`
+- `provider-tools://gemini`
+- `provider-tools://grok`
+- `provider-tools://grok_api`
+- `provider-tools://mistral`
+
+`doctor --json` also emits a compact `provider_capabilities` block with the
+same schema version, per-provider request tool names, supported feature names,
+unsupported input names, config-surface counts, discovery counts, and resource
+URIs. This block is intended for setup assistants that need a concise capability
+summary without local skill bodies or raw paths.
+
 ##### `cli_versions`
 
 Report installed CLI versions.
@@ -1299,15 +1338,18 @@ The gateway supports concurrent requests across different CLIs. Each request spa
 
 ### Socket alerts — context for reviewers
 
-If you're vetting `llm-cli-gateway` through [Socket](https://socket.dev/npm/package/llm-cli-gateway) or a similar supply-chain scanner, you'll see behavioural alerts and some dependency-ownership alerts. They are accurate descriptions of what the package does and what it depends on. The reviewed `shellAccess` capability is configured in `socket.yml` for repository/PR policy surfaces, but Socket's public package page may still display it for the published npm artifact; the rationale remains documented here and in the package.
+If you're vetting `llm-cli-gateway` through [Socket](https://socket.dev/npm/package/llm-cli-gateway) or a similar supply-chain scanner, you'll see behavioural alerts and some dependency-ownership alerts. They are accurate descriptions of what the package does and what it depends on. The reviewed `shellAccess` and `shrinkwrap` entries are configured in `socket.yml` for repository/PR policy surfaces, but Socket's public package page may still display them for the published npm artifact; the rationale remains documented here and in the package.
+
+The currently flagged surfaces are not new in 2.6.x: the 2.3.0, 2.4.0, 2.5.0, and 2.6.3 npm tarballs all include `npm-shrinkwrap.json`, and all include the same `dist/executor.js` child-process spawn surface used to run provider CLIs. The `socket.yml` policy for 2.4.0, 2.5.0, 2.6.0, and 2.6.3 is materially the same for `shellAccess`; this README now adds the missing shrinkwrap disclosure as well.
 
-| Alert                            | Where                                                                                                                                                                                            | Why it's bounded                                                                                                                                                                                                                                                                                                                                             |
-| -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| **Network access**               | `src/http-transport.ts` opens an HTTP MCP transport when started via `npm run start:http`. `src/endpoint-exposure.ts` issues a HEAD probe to verify configured public/tunnel URLs. Socket also flagged `dist/upstream-contracts.js` in v1.17.2 from descriptive text, not a network call. | The transport binds to `127.0.0.1` by default and requires `LLM_GATEWAY_AUTH_TOKEN` to be set. The default stdio MCP entry point (`npm start`) opens no sockets. `src/upstream-contracts.ts` stores provider CLI metadata and imports no HTTP client APIs.                                                                                                  |
-| **Shell access**                 | `src/executor.ts` uses `child_process.spawn(cmd, args, …)` to invoke the underlying LLM CLIs.                                                                                                    | `spawn` is called with an argument array and **never** `shell: true`, so there is no shell interpolation path for caller input. The command name is restricted to an allow-list of known CLI binaries (`claude`, `codex`, `agy`, `grok`, `vibe`).                                                                                                         |
-| **Uses eval**                    | None in our source. Transitive: `@modelcontextprotocol/sdk` → `ajv@8` uses `new Function(...)` in `ajv/dist/compile/index.js` to compile JSON Schema validators.                                 | This is ajv's standard codegen path. Only known schemas (defined in our source and the MCP SDK) flow into it; no caller-supplied data ever reaches the compiled function body.                                                                                                                                                                               |
-| **SQLite adapter isolation**     | Persistence uses Node's built-in `node:sqlite` module (no native binding, no install scripts) through a single adapter, `src/sqlite-driver.ts`.                                                  | `node:sqlite` is touched by exactly one production module (the adapter); every other module talks to SQLite through its typed surface. We never call any `db.pragma()` helper (it does not exist on `node:sqlite`); SQLite setup uses fixed literal `db.exec("PRAGMA ...")` statements. `npm run security:audit` fails the release if production code references `node:sqlite` outside the adapter or reintroduces a `.pragma()` call.                                                            |
-| **Dependency ownership**         | A handful of small transitive packages (e.g. `media-typer` via `@modelcontextprotocol/sdk`) trip Socket's "unstable ownership" or "obfuscated code" heuristics.                                  | These are pinned, well-known micro-deps in the Node ecosystem with no known issues. We pin direct override versions of `content-type` and `type-is` in `package.json#overrides`. As of 2.0.0 the prod graph carries no native module (`better-sqlite3` moved to devDependencies; `node:sqlite` is built into Node), eliminating the entire `prebuild-install`/`tar-fs`/`tar-stream` install-time chain. Our earlier direct dependency on `toml@3.0.0` was replaced with `smol-toml`.        |
+| Alert                        | Where                                                                                                                                                                                                                                                                                     | Why it's bounded                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |
+| ---------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| **Network access**           | `src/http-transport.ts` opens an HTTP MCP transport when started via `npm run start:http`. `src/endpoint-exposure.ts` issues a HEAD probe to verify configured public/tunnel URLs. Socket also flagged `dist/upstream-contracts.js` in v1.17.2 from descriptive text, not a network call. | The transport binds to `127.0.0.1` by default and requires `LLM_GATEWAY_AUTH_TOKEN` to be set. The default stdio MCP entry point (`npm start`) opens no sockets. `src/upstream-contracts.ts` stores provider CLI metadata and imports no HTTP client APIs.                                                                                                                                                                                                                             |
+| **Shell access**             | `src/executor.ts` uses `child_process.spawn(cmd, args, …)` to invoke the underlying LLM CLIs.                                                                                                                                                                                             | `spawn` is called with an argument array and **never** `shell: true`, so there is no shell interpolation path for caller input. The command name is restricted to an allow-list of known CLI binaries (`claude`, `codex`, `agy`, `grok`, `vibe`).                                                                                                                                                                                                                                      |
+| **Published shrinkwrap**     | The npm artifact includes `npm-shrinkwrap.json`; `package.json#files` includes it and `scripts/make-prod-shrinkwrap.mjs` generates it from `package-lock.json`.                                                                                                                           | This is a CLI/application package. npm documents the shrinkwrap use case for applications, daemons, and command-line tools published through the registry. Our shrinkwrap is a prod-only projection, not a committed full dev lockfile: `scripts/release-security-audit.sh` verifies parity with the audited lockfile, and `scripts/verify-registry-install.sh` proves fresh registry consumers receive no `better-sqlite3`/`prebuild-install`/`tar-fs`/`tar-stream` production chain. |
+| **Uses eval**                | None in our source. Transitive: `@modelcontextprotocol/sdk` → `ajv@8` uses `new Function(...)` in `ajv/dist/compile/index.js` to compile JSON Schema validators.                                                                                                                          | This is ajv's standard codegen path. Only known schemas (defined in our source and the MCP SDK) flow into it; no caller-supplied data ever reaches the compiled function body.                                                                                                                                                                                                                                                                                                         |
+| **SQLite adapter isolation** | Persistence uses Node's built-in `node:sqlite` module (no native binding, no install scripts) through a single adapter, `src/sqlite-driver.ts`.                                                                                                                                           | `node:sqlite` is touched by exactly one production module (the adapter); every other module talks to SQLite through its typed surface. We never call any `db.pragma()` helper (it does not exist on `node:sqlite`); SQLite setup uses fixed literal `db.exec("PRAGMA ...")` statements. `npm run security:audit` fails the release if production code references `node:sqlite` outside the adapter or reintroduces a `.pragma()` call.                                                 |
+| **Dependency ownership**     | A handful of small transitive packages (e.g. `media-typer` via `@modelcontextprotocol/sdk`) trip Socket's "unstable ownership" or "obfuscated code" heuristics.                                                                                                                           | These are pinned, well-known micro-deps in the Node ecosystem with no known issues. We pin direct override versions of `content-type` and `type-is` in `package.json#overrides`. As of 2.0.0 the prod graph carries no native module (`better-sqlite3` moved to devDependencies; `node:sqlite` is built into Node), eliminating the entire `prebuild-install`/`tar-fs`/`tar-stream` install-time chain. Our earlier direct dependency on `toml@3.0.0` was replaced with `smol-toml`.   |
 
 See [`socket.yml`](./socket.yml) for the same context in machine-readable form.
 

package/dist/doctor.d.ts

@@ -2,6 +2,7 @@ import { type EndpointExposureReport } from "./endpoint-exposure.js";
 import { type ProviderLoginStatus } from "./provider-status.js";
 import type { FlightRecorderQuery } from "./flight-recorder.js";
 import { type CacheAwarenessConfig } from "./config.js";
+import { type ProviderCapabilityId, type ProviderKind } from "./provider-tool-capabilities.js";
 export type CliType = "claude" | "codex" | "gemini" | "grok" | "mistral";
 export interface CacheAwarenessReport {
     enabled_features: Array<"anthropic_cache_control" | "ttl_warnings">;
@@ -17,6 +18,26 @@ export interface CacheAwarenessReport {
         total_cache_read_tokens: number;
     }>>;
 }
+export interface ProviderCapabilitySummaryReport {
+    schema_version: "provider-tool-capabilities.v2";
+    tool: "provider_tool_capabilities";
+    resources: {
+        catalog: "provider-tools://catalog";
+        providers: Record<ProviderCapabilityId, string>;
+    };
+    cache_ttl_ms: number;
+    providers: Record<ProviderCapabilityId, {
+        provider_kind: ProviderKind;
+        cli_available: boolean;
+        gateway_request_tools: string[];
+        supported_features: string[];
+        unsupported_inputs: string[];
+        config_surface_count: number;
+        discovered_skill_count: number;
+        discovered_provider_tool_count: number;
+        warnings: string[];
+    }>;
+}
 export interface VibeSessionLoggingStatus {
     config_path: string;
     config_present: boolean;
@@ -116,6 +137,7 @@ export interface DoctorReport {
         vibe_session_logging: VibeSessionLoggingStatus;
     };
     cache_awareness: CacheAwarenessReport;
+    provider_capabilities: ProviderCapabilitySummaryReport;
     upstream: {
         note: string;
         recommendation: string;

package/dist/doctor.js

@@ -11,6 +11,7 @@ import { loadWorkspaceRegistry } from "./workspace-registry.js";
 import { computeGlobalCacheStats } from "./cache-stats.js";
 import { FlightRecorder, resolveFlightRecorderDbPath } from "./flight-recorder.js";
 import { buildUpstreamContractReport } from "./upstream-contracts.js";
+import { getProviderToolCapabilities, providerCapabilityIds, } from "./provider-tool-capabilities.js";
 export function checkVibeSessionLogging(home = homedir()) {
     const configPath = join(home, ".vibe", "config.toml");
     if (!existsSync(configPath)) {
@@ -226,6 +227,49 @@ function buildCacheAwarenessReport(opts) {
         per_cli: perCli,
     };
 }
+function buildProviderCapabilitySummary(providerStatuses) {
+    const capabilities = getProviderToolCapabilities({
+        includeSkills: true,
+        includeProviderTools: true,
+        includeUnsupported: true,
+        includePaths: false,
+    });
+    const providers = Object.fromEntries(providerCapabilityIds().map(provider => {
+        const capability = capabilities[provider];
+        if (!capability) {
+            throw new Error(`Missing provider capability record for ${provider}`);
+        }
+        const cliAvailable = provider === "grok_api"
+            ? capability.gatewayRequestTools.includes("grok_api_request")
+            : providerStatuses[provider].installed;
+        return [
+            provider,
+            {
+                provider_kind: capability.providerKind,
+                cli_available: cliAvailable,
+                gateway_request_tools: capability.gatewayRequestTools,
+                supported_features: Object.entries(capability.features)
+                    .filter(([, feature]) => feature.supported)
+                    .map(([name]) => name),
+                unsupported_inputs: capability.unsupportedInputs.map(input => input.input),
+                config_surface_count: capability.configSurfaces.length,
+                discovered_skill_count: capability.discoveredSkills.length,
+                discovered_provider_tool_count: capability.discoveredProviderTools.length,
+                warnings: capability.warnings,
+            },
+        ];
+    }));
+    return {
+        schema_version: "provider-tool-capabilities.v2",
+        tool: "provider_tool_capabilities",
+        resources: {
+            catalog: "provider-tools://catalog",
+            providers: Object.fromEntries(providerCapabilityIds().map(provider => [provider, `provider-tools://${provider}`])),
+        },
+        cache_ttl_ms: 60_000,
+        providers,
+    };
+}
 export function createDoctorReport(envOrOptions = process.env) {
     const opts = isCreateDoctorReportOptions(envOrOptions)
         ? envOrOptions
@@ -316,6 +360,7 @@ export function createDoctorReport(envOrOptions = process.env) {
         endpoint_exposure: endpointExposure,
         client_config: clientConfigStatus(),
         cache_awareness: buildCacheAwarenessReport(opts),
+        provider_capabilities: buildProviderCapabilitySummary(providerStatuses),
         upstream,
         next_actions: [],
     };

package/dist/index.js

@@ -22,6 +22,7 @@ import { loadConfig, loadPersistenceConfig, loadCacheAwarenessConfig, loadProvid
 import { createXaiResponse, XaiApiError, } from "./xai-api-provider.js";
 import { checkHealth } from "./health.js";
 import { clearModelRegistryCache, getAvailableCliInfo, getCliInfo, resolveModelAlias, } from "./model-registry.js";
+import { getProviderToolCapabilities } from "./provider-tool-capabilities.js";
 import { AsyncJobManager, } from "./async-job-manager.js";
 import { createJobStore } from "./job-store.js";
 import { ApprovalManager } from "./approval-manager.js";
@@ -1049,6 +1050,27 @@ function registerBaseResources(server, runtime) {
         const contents = await runtime.resourceProvider.readResource(uri.href);
         return { contents: contents ? [contents] : [] };
     });
+    server.registerResource("provider-tools-catalog", "provider-tools://catalog", {
+        title: "Provider Tool Capabilities Catalog",
+        description: "Read-only catalog of gateway tool controls and discovered provider skills",
+        mimeType: "application/json",
+    }, async (uri) => {
+        runtime.logger.debug("Reading provider-tools://catalog resource");
+        const contents = await runtime.resourceProvider.readResource(uri.href);
+        return { contents: contents ? [contents] : [] };
+    });
+    server.registerResource("provider-tools", new ResourceTemplate("provider-tools://{provider}", { list: undefined }), {
+        title: "Provider Tool Capabilities",
+        description: "Read-only gateway tool controls and discovered local skills for one provider CLI",
+        mimeType: "application/json",
+    }, async (uri, variables) => {
+        const provider = Array.isArray(variables.provider)
+            ? variables.provider[0]
+            : variables.provider;
+        runtime.logger.debug(`Reading provider-tools://${provider}`);
+        const contents = await runtime.resourceProvider.readResource(uri.href);
+        return { contents: contents ? [contents] : [] };
+    });
 }
 function resolvePromptOrPartsForPrep(args) {
     const hasPrompt = typeof args.prompt === "string" && args.prompt.length > 0;
@@ -5415,6 +5437,44 @@ export function createGatewayServer(deps = {}) {
         const result = cli ? { [cli]: cliInfo[cli] } : cliInfo;
         return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
     });
+    server.tool("provider_tool_capabilities", "Report provider tool/feature capabilities and discovered local skill/tool integrations for claude|codex|gemini|grok|grok_api|mistral.", {
+        cli: z
+            .preprocess(value => (value === "" || value === null ? undefined : value), z.enum(["claude", "codex", "gemini", "grok", "grok_api", "mistral"]).optional())
+            .describe("Provider filter (claude|codex|gemini|grok|grok_api|mistral)"),
+        includeSkills: z
+            .boolean()
+            .default(true)
+            .describe("Include bounded local skill discovery results"),
+        includeProviderTools: z
+            .boolean()
+            .default(true)
+            .describe("Include provider-native tools extracted from local skills"),
+        includeUnsupported: z
+            .boolean()
+            .default(true)
+            .describe("Include explicit unsupported/degraded input records"),
+        includePaths: z
+            .boolean()
+            .default(false)
+            .describe("Include raw local filesystem paths in discovery output"),
+        refresh: z.boolean().default(false).describe("Bypass the short-lived capability cache"),
+    }, {
+        title: "Provider tool capabilities",
+        readOnlyHint: true,
+        destructiveHint: false,
+        idempotentHint: true,
+        openWorldHint: false,
+    }, async ({ cli, includeSkills, includeProviderTools, includeUnsupported, includePaths, refresh, }) => {
+        const capabilities = getProviderToolCapabilities({
+            cli,
+            includeSkills,
+            includeProviderTools,
+            includeUnsupported,
+            includePaths,
+            refresh,
+        });
+        return { content: [{ type: "text", text: JSON.stringify(capabilities, null, 2) }] };
+    });
     server.tool("cli_versions", "Report installed provider CLI versions, availability, and login status for all five providers or one.", {
         cli: z
             .preprocess(value => (value === "" || value === null ? undefined : value), z.enum(["claude", "codex", "gemini", "grok", "mistral"]).optional())

package/dist/provider-tool-capabilities.d.ts

@@ -0,0 +1,97 @@
+import { type CliInfo } from "./model-registry.js";
+import { type CliType } from "./session-manager.js";
+export interface ProviderToolControl {
+    name?: string;
+    supported: boolean;
+    requestField?: string;
+    cliFlag?: string;
+    behavior: string;
+}
+export type ProviderCapabilityId = CliType | "grok_api";
+export type ProviderKind = "cli" | "api";
+export type UnsupportedInputBehavior = "reject" | "ignored" | "not_supported" | "approval_tracking_only" | "deprecated";
+export type ProviderToolConfidence = "high" | "medium" | "low";
+export type ProviderToolExtractionReason = "exact-tool-section" | "known-tool-name" | "backtick-heuristic" | "low-confidence";
+export interface ProviderSkillCapability {
+    name: string;
+    source: "user" | "bundled";
+    path?: string;
+    description?: string;
+    declaredTools: string[];
+    declaredToolReasons?: Partial<Record<string, ProviderToolExtractionReason>>;
+}
+export interface ProviderNativeToolCapability {
+    name: string;
+    source: string;
+    skillName?: string;
+    path?: string;
+    confidence: ProviderToolConfidence;
+    reason: ProviderToolExtractionReason;
+}
+export interface ProviderConfigSurface {
+    name: string;
+    kind: "file" | "directory" | "env" | "gateway" | "provider";
+    present: boolean;
+    path?: string;
+    entries?: string[];
+    details?: string;
+}
+export interface ProviderUnsupportedInput {
+    input: string;
+    behavior: UnsupportedInputBehavior;
+    details: string;
+}
+export interface ProviderFeatureCapability {
+    supported: boolean;
+    details?: string;
+    values?: string[];
+}
+export type ProviderFeatureMap = Record<string, ProviderFeatureCapability>;
+export interface ProviderCapabilityControls {
+    allowlist: ProviderToolControl;
+    denylist: ProviderToolControl;
+    mcpServers: ProviderToolControl;
+    nativeSkills: ProviderToolControl;
+    [name: string]: ProviderToolControl;
+}
+export interface ProviderToolCapabilities {
+    schemaVersion: "provider-tool-capabilities.v2";
+    generatedAt: string;
+    cli: ProviderCapabilityId;
+    providerKind: ProviderKind;
+    gatewayRequestTools: string[];
+    modelInfo: CliInfo | GrokApiModelInfo;
+    summary: string;
+    controls: ProviderCapabilityControls;
+    features: ProviderFeatureMap;
+    discoveredSkills: ProviderSkillCapability[];
+    discoveredProviderTools: ProviderNativeToolCapability[];
+    configSurfaces: ProviderConfigSurface[];
+    unsupportedInputs: ProviderUnsupportedInput[];
+    warnings: string[];
+    metadata: {
+        deprecatedFields?: Record<string, string>;
+        cacheTtlMs: number;
+    };
+    gatewayRequestTool: string;
+}
+export interface GrokApiModelInfo {
+    description: string;
+    models: Record<string, string>;
+    defaultModel?: string;
+    defaultModelSource?: string;
+    warnings?: string[];
+}
+export interface ProviderCapabilityQuery {
+    cli?: ProviderCapabilityId;
+    includeSkills?: boolean;
+    includeProviderTools?: boolean;
+    includeUnsupported?: boolean;
+    includePaths?: boolean;
+    refresh?: boolean;
+}
+export type ProviderToolCapabilitiesMap = Partial<Record<ProviderCapabilityId, ProviderToolCapabilities>>;
+export declare function getProviderToolCapabilities(queryOrCli?: ProviderCapabilityQuery | ProviderCapabilityId): ProviderToolCapabilitiesMap;
+export declare function getOneProviderToolCapabilities(cli: ProviderCapabilityId, queryOrCli?: ProviderCapabilityQuery | ProviderCapabilityId): ProviderToolCapabilities;
+export declare function clearProviderToolCapabilitiesCache(): void;
+export declare function providerCapabilityIds(): readonly ProviderCapabilityId[];