llm-cli-gateway 2.7.0 → 2.9.0

package/dist/index.js

@@ -9,7 +9,7 @@ import { fileURLToPath } from "url";
 import { z } from "zod/v3";
 import { executeCli, killAllProcessGroups, providerCommandName } from "./executor.js";
 import { parseStreamJson } from "./stream-json-parser.js";
-import { parseCodexJsonStream } from "./codex-json-parser.js";
+import { parseCodexJsonStream, codexDisplayText, codexFrResponse } from "./codex-json-parser.js";
 import { parseGeminiJson, parseGeminiStreamJson } from "./gemini-json-parser.js";
 import { parseVibeMetaJson } from "./mistral-meta-json-parser.js";
 import { homedir } from "os";
@@ -25,7 +25,7 @@ import { clearModelRegistryCache, getAvailableCliInfo, getCliInfo, resolveModelA
 import { getProviderToolCapabilities } from "./provider-tool-capabilities.js";
 import { AsyncJobManager, } from "./async-job-manager.js";
 import { createJobStore } from "./job-store.js";
-import { ApprovalManager } from "./approval-manager.js";
+import { ApprovalManager, bypassAllowedByOperator, } from "./approval-manager.js";
 import { checkReviewIntegrity } from "./review-integrity.js";
 import { buildClaudeMcpConfig, CLAUDE_MCP_SERVER_NAMES, } from "./claude-mcp-config.js";
 import { resolveGrokSessionArgs, resolveMistralSessionArgs, resolveCodexSessionArgs, sanitizeCliArgValues, prepareMistralRequest as buildMistralCliInvocation, MISTRAL_AGENT_MODES, GATEWAY_SESSION_PREFIX, resolveClaudePermissionFlags, resolveCodexSandboxFlags, CLAUDE_PERMISSION_MODES, GEMINI_APPROVAL_MODES, CODEX_SANDBOX_MODES, CODEX_ASK_FOR_APPROVAL_MODES, CLAUDE_EFFORT_LEVELS, prepareClaudeHighImpactFlags, validateClaudeAgentsMap, prepareCodexHighImpactFlags, prepareCodexForkRequest, CODEX_CONFIG_OVERRIDES_SCHEMA, resolveGeminiSessionPlan, GEMINI_HIGH_IMPACT_PARAMS_SCHEMA, } from "./request-helpers.js";
@@ -34,7 +34,7 @@ import { resolvePromptInput, PromptPartsSchema, assembleClaudeCacheBlocks, } fro
 import { computeSessionCacheStats, computeTtlRemaining, readPersistedRequest, PERSISTED_REQUEST_DEFAULT_MAX_CHARS, } from "./cache-stats.js";
 import { getCliVersions, runCliUpgrade } from "./cli-updater.js";
 import { startHttpGateway } from "./http-transport.js";
-import { getRequestContext } from "./request-context.js";
+import { getRequestContext, resolveOwnerPrincipal, principalCanAccess } from "./request-context.js";
 import { printDoctorJson } from "./doctor.js";
 import { createWorkspace, describeWorkspace, getWorkspace, loadWorkspaceRegistry, registerExistingWorkspace, resolveWorkspaceForProvider, validatePathInsideWorkspace, } from "./workspace-registry.js";
 import { generateSecret, hashSecret } from "./oauth.js";
@@ -489,13 +489,10 @@ async function resolveWorkspaceAndWorktreeForRequest(args) {
     else if (isGatewayAppDirCwd()) {
         throw new Error("No workspace selected. Configure [workspaces].default or pass a registered workspace alias.");
     }
-    if (!workspace && getRequestContext()?.authKind === "oauth") {
-        throw new Error("Remote OAuth provider requests require a registered workspace alias or [workspaces].default.");
-    }
-    if (!workspace &&
-        (args.workingDir || (args.addDir?.length ?? 0) > 0) &&
-        !args.runtime.workspaces.allowUnregisteredWorkingDir) {
-        throw new Error("workingDir/addDir require a registered workspace alias unless [workspaces].allow_unregistered_working_dir is explicitly enabled.");
+    const requestContext = getRequestContext();
+    const isRemoteTransport = requestContext?.transport === "http" || requestContext?.authKind === "oauth";
+    if (!workspace && isRemoteTransport) {
+        throw new Error("Remote HTTP provider requests require a registered workspace alias, session workspace, or [workspaces].default.");
     }
     if (workspace) {
         if (args.workingDir) {
@@ -720,7 +717,7 @@ export function extractUsageAndCost(cli, output, outputFormat, ctx) {
             costUsd: parsed.costUsd ?? undefined,
         };
     }
-    if (cli === "codex" && outputFormat === "json") {
+    if (cli === "codex") {
         const parsed = parseCodexJsonStream(output);
         if (!parsed.usage) {
             return {};
@@ -1277,7 +1274,8 @@ export function prepareClaudeRequest(params, runtime = resolveGatewayServerRunti
         args.push("--disallowed-tools", ...params.disallowedTools);
     }
     if (params.approvalStrategy === "mcp_managed") {
-        args.push("--permission-mode", "bypassPermissions");
+        const managedMode = bypassAllowedByOperator() ? "bypassPermissions" : "acceptEdits";
+        args.push("--permission-mode", managedMode);
     }
     else {
         const permFlags = resolveClaudePermissionFlags({
@@ -1420,9 +1418,7 @@ export function prepareCodexRequest(params, runtime = resolveGatewayServerRuntim
     if (params.dangerouslyBypassApprovalsAndSandbox) {
         args.push("--dangerously-bypass-approvals-and-sandbox");
     }
-    if (params.outputFormat === "json") {
-        args.push("--json");
-    }
+    args.push("--json");
     args.push("--skip-git-repo-check");
     let highImpactCleanup;
     if (sessionPlan.mode === "new") {
@@ -1544,7 +1540,11 @@ export function prepareGeminiRequest(params, runtime = resolveGatewayServerRunti
             return createApprovalDeniedResponse(params.operation, approvalDecision);
         }
     }
-    const effectiveApprovalMode = params.approvalStrategy === "mcp_managed" ? "yolo" : params.approvalMode;
+    const effectiveApprovalMode = params.approvalStrategy === "mcp_managed"
+        ? bypassAllowedByOperator()
+            ? "yolo"
+            : "default"
+        : params.approvalMode;
     const unsupported = (field, detail) => createErrorResponse(params.operation, 1, "", corrId, new Error(`${field} is not supported by Antigravity CLI (agy): ${detail}`));
     if (effectiveApprovalMode &&
         effectiveApprovalMode !== "default" &&
@@ -1651,14 +1651,22 @@ export function prepareGrokRequest(params, runtime = resolveGatewayServerRuntime
             return createApprovalDeniedResponse(params.operation, approvalDecision);
         }
     }
-    const effectiveAlwaysApprove = params.approvalStrategy === "mcp_managed" ? true : Boolean(params.alwaysApprove);
+    const managedGrokBypass = params.approvalStrategy === "mcp_managed" && bypassAllowedByOperator();
     const grokContract = UPSTREAM_CLI_CONTRACTS.grok;
     const genParams = params;
     const args = ["-p", effectivePrompt];
     if (resolvedModel)
         args.push("--model", resolvedModel);
     args.push(...buildArgvFromGeneration(grokContract, GROK_GEN_OUTPUT_FORMAT, genParams));
-    if (effectiveAlwaysApprove) {
+    if (params.approvalStrategy === "mcp_managed") {
+        if (managedGrokBypass) {
+            args.push("--always-approve");
+        }
+        else {
+            args.push("--permission-mode", "acceptEdits");
+        }
+    }
+    else if (Boolean(params.alwaysApprove)) {
         args.push("--always-approve");
     }
     else if (params.permissionMode) {
@@ -1765,7 +1773,9 @@ export function prepareMistralRequest(params, runtime = resolveGatewayServerRunt
         }
     }
     const effectivePermissionMode = params.approvalStrategy === "mcp_managed"
-        ? "auto-approve"
+        ? bypassAllowedByOperator()
+            ? "auto-approve"
+            : "accept-edits"
         : (params.permissionMode ?? "auto-approve");
     const prep = buildMistralCliInvocation({
         prompt: effectivePrompt,
@@ -1816,7 +1826,9 @@ export function buildMistralRetryPrep(params, recoveryModel) {
         resolvedModel: recoveryModel,
         outputFormat: params.outputFormat,
         permissionMode: params.approvalStrategy === "mcp_managed"
-            ? "auto-approve"
+            ? bypassAllowedByOperator()
+                ? "auto-approve"
+                : "accept-edits"
             : (params.permissionMode ?? "auto-approve"),
         allowedTools: params.allowedTools,
         disallowedTools: params.disallowedTools,
@@ -1830,6 +1842,9 @@ export function buildMistralRetryPrep(params, recoveryModel) {
 }
 function buildCliResponse(cli, stdout, optimizeResponse, corrId, sessionId, prep, durationMs, resumable, outputFormat, warnings) {
     let finalStdout = stdout;
+    if (cli === "codex" && outputFormat !== "json") {
+        finalStdout = codexDisplayText(stdout);
+    }
     if (optimizeResponse && outputFormat !== "json") {
         const optimized = optimizeResponseText(finalStdout);
         logOptimizationTokens("response", corrId, finalStdout, optimized);
@@ -3619,7 +3634,7 @@ export function createGatewayServer(deps = {}) {
         outputFormat: z
             .enum(["text", "json"])
             .default("text")
-            .describe("Codex output format. `json` emits --json (JSONL events) so token usage and cost are parsed and reported in the flight recorder. `text` is the default."),
+            .describe("Codex caller-facing output format. Token/cache usage is recorded in the flight recorder regardless. `text` (default) returns the plain reply; `json` returns the raw `--json` JSONL event stream."),
         outputSchema: z
             .union([z.string(), z.record(z.string(), z.unknown())])
             .optional()
@@ -3779,7 +3794,7 @@ export function createGatewayServer(deps = {}) {
             logger.info(`[${corrId}] codex_request completed successfully in ${durationMs}ms`);
             const codexUsage = extractUsageAndCost("codex", stdout, outputFormat);
             safeFlightComplete(corrId, {
-                response: stdout,
+                response: codexFrResponse(outputFormat, stdout),
                 durationMs,
                 retryCount: 0,
                 circuitBreakerState: "closed",
@@ -4622,7 +4637,7 @@ export function createGatewayServer(deps = {}) {
             outputFormat: z
                 .enum(["text", "json"])
                 .default("text")
-                .describe("Codex output format. `json` emits --json (JSONL events) for token usage extraction."),
+                .describe("Codex caller-facing output format. Token/cache usage is recorded in the flight recorder regardless. `text` (default) returns the plain reply; `json` returns the raw `--json` JSONL event stream."),
             outputSchema: z
                 .union([z.string(), z.record(z.string(), z.unknown())])
                 .optional()
@@ -5160,7 +5175,8 @@ export function createGatewayServer(deps = {}) {
             openWorldHint: false,
         }, async ({ jobId }) => {
             const job = asyncJobManager.getJobSnapshot(jobId);
-            if (!job) {
+            const caller = resolveOwnerPrincipal(getRequestContext());
+            if (!job || !principalCanAccess(asyncJobManager.getJobOwner(jobId), caller)) {
                 return {
                     content: [
                         {
@@ -5204,7 +5220,8 @@ export function createGatewayServer(deps = {}) {
             openWorldHint: false,
         }, async ({ jobId, maxChars }) => {
             const result = asyncJobManager.getJobResult(jobId, maxChars);
-            if (!result) {
+            const caller = resolveOwnerPrincipal(getRequestContext());
+            if (!result || !principalCanAccess(asyncJobManager.getJobOwner(jobId), caller)) {
                 return {
                     content: [
                         {
@@ -5224,6 +5241,11 @@ export function createGatewayServer(deps = {}) {
             if (outputFormat === "stream-json" && result.stdout) {
                 parsed = parseStreamJson(result.stdout);
             }
+            if (asyncJobManager.getJobCli(jobId) === "codex" &&
+                outputFormat !== "json" &&
+                result.stdout) {
+                result.stdout = codexDisplayText(result.stdout);
+            }
             return {
                 content: [
                     {
@@ -5256,6 +5278,23 @@ export function createGatewayServer(deps = {}) {
             idempotentHint: true,
             openWorldHint: false,
         }, async ({ jobId }) => {
+            const caller = resolveOwnerPrincipal(getRequestContext());
+            if (asyncJobManager.getJobSnapshot(jobId) &&
+                !principalCanAccess(asyncJobManager.getJobOwner(jobId), caller)) {
+                return {
+                    content: [
+                        {
+                            type: "text",
+                            text: JSON.stringify({
+                                success: false,
+                                jobId,
+                                reason: "Job not found",
+                            }, null, 2),
+                        },
+                    ],
+                    isError: true,
+                };
+            }
             const cancel = asyncJobManager.cancelJob(jobId);
             if (!cancel.canceled) {
                 return {
@@ -5312,7 +5351,8 @@ export function createGatewayServer(deps = {}) {
             maxChars,
             includePrompt,
         });
-        if (!record) {
+        const caller = resolveOwnerPrincipal(getRequestContext());
+        if (!record || !principalCanAccess(record.ownerPrincipal, caller)) {
             return {
                 content: [
                     {
@@ -5738,11 +5778,15 @@ export function createGatewayServer(deps = {}) {
         openWorldHint: false,
     }, async ({ cli }) => {
         try {
-            const sessions = await sessionManager.listSessions(cli);
-            const activeSessions = Object.fromEntries(await Promise.all(SESSION_PROVIDER_VALUES.map(async (provider) => [
-                provider,
-                await sessionManager.getActiveSession(provider),
-            ])));
+            const caller = resolveOwnerPrincipal(getRequestContext());
+            const sessions = (await sessionManager.listSessions(cli)).filter(s => principalCanAccess(s.ownerPrincipal, caller));
+            const activeSessions = Object.fromEntries(await Promise.all(SESSION_PROVIDER_VALUES.map(async (provider) => {
+                const active = await sessionManager.getActiveSession(provider);
+                return [
+                    provider,
+                    active && principalCanAccess(active.ownerPrincipal, caller) ? active : null,
+                ];
+            })));
             const sessionList = sessions.map(s => ({
                 id: s.id,
                 cli: s.cli,
@@ -5782,6 +5826,24 @@ export function createGatewayServer(deps = {}) {
         openWorldHint: false,
     }, async ({ cli, sessionId }) => {
         try {
+            if (sessionId) {
+                const caller = resolveOwnerPrincipal(getRequestContext());
+                const target = await sessionManager.getSession(sessionId);
+                if (!target || !principalCanAccess(target.ownerPrincipal, caller)) {
+                    return {
+                        content: [
+                            {
+                                type: "text",
+                                text: JSON.stringify({
+                                    success: false,
+                                    error: "Session not found or does not belong to the specified provider",
+                                }, null, 2),
+                            },
+                        ],
+                        isError: true,
+                    };
+                }
+            }
             const success = await sessionManager.setActiveSession(cli, sessionId || null);
             if (!success) {
                 return {
@@ -5826,7 +5888,8 @@ export function createGatewayServer(deps = {}) {
     }, async ({ sessionId }) => {
         try {
             const session = await sessionManager.getSession(sessionId);
-            if (!session) {
+            const caller = resolveOwnerPrincipal(getRequestContext());
+            if (!session || !principalCanAccess(session.ownerPrincipal, caller)) {
                 return {
                     content: [
                         {
@@ -5873,7 +5936,8 @@ export function createGatewayServer(deps = {}) {
     }, async ({ sessionId }) => {
         try {
             const session = await sessionManager.getSession(sessionId);
-            if (!session) {
+            const caller = resolveOwnerPrincipal(getRequestContext());
+            if (!session || !principalCanAccess(session.ownerPrincipal, caller)) {
                 return {
                     content: [
                         {
@@ -5941,7 +6005,13 @@ export function createGatewayServer(deps = {}) {
         openWorldHint: false,
     }, async ({ cli }) => {
         try {
-            const count = await sessionManager.clearAllSessions(cli);
+            const caller = resolveOwnerPrincipal(getRequestContext());
+            const owned = (await sessionManager.listSessions(cli)).filter(s => principalCanAccess(s.ownerPrincipal, caller));
+            let count = 0;
+            for (const s of owned) {
+                if (await sessionManager.deleteSession(s.id))
+                    count++;
+            }
             logger.info(`Cleared ${count} sessions${cli ? ` for ${cli}` : ""}`);
             return {
                 content: [

package/dist/job-store.d.ts

@@ -18,6 +18,7 @@ export interface JobRecord {
     finishedAt: string | null;
     pid: number | null;
     expiresAt: string;
+    ownerPrincipal: string | null;
 }
 export declare function resolveJobStoreDbPath(): string | null;
 export declare function resolveJobRetentionMs(): number;
@@ -33,6 +34,7 @@ export interface JobStore {
         outputFormat?: string;
         startedAt: string;
         pid: number | null;
+        ownerPrincipal?: string | null;
     }): void;
     recordOutput(id: string, stdout: string, stderr: string, outputTruncated: boolean): void;
     recordComplete(input: {
@@ -88,6 +90,7 @@ export declare class SqliteJobStore implements JobStore {
         outputFormat?: string;
         startedAt: string;
         pid: number | null;
+        ownerPrincipal?: string | null;
     }): void;
     recordOutput(id: string, stdout: string, stderr: string, outputTruncated: boolean): void;
     recordComplete(input: {
@@ -127,6 +130,7 @@ export declare class MemoryJobStore implements JobStore {
         outputFormat?: string;
         startedAt: string;
         pid: number | null;
+        ownerPrincipal?: string | null;
     }): void;
     recordOutput(id: string, stdout: string, stderr: string, outputTruncated: boolean): void;
     recordComplete(input: {

package/dist/job-store.js

@@ -57,8 +57,16 @@ function rowToRecord(row) {
         finishedAt: row.finished_at,
         pid: row.pid,
         expiresAt: row.expires_at,
+        ownerPrincipal: row.owner_principal ?? null,
     };
 }
+function ensureJobsOwnerColumn(db) {
+    const cols = db.prepare("PRAGMA table_info(jobs)").all();
+    const hasOwner = cols.some(col => col?.name === "owner_principal");
+    if (!hasOwner) {
+        db.exec("ALTER TABLE jobs ADD COLUMN owner_principal TEXT");
+    }
+}
 export class SqliteJobStore {
     logger;
     db;
@@ -94,13 +102,15 @@ export class SqliteJobStore {
         started_at TEXT NOT NULL,
         finished_at TEXT,
         pid INTEGER,
-        expires_at TEXT NOT NULL
+        expires_at TEXT NOT NULL,
+        owner_principal TEXT
       );
       CREATE INDEX IF NOT EXISTS idx_jobs_request_key ON jobs(request_key);
       CREATE INDEX IF NOT EXISTS idx_jobs_status ON jobs(status);
       CREATE INDEX IF NOT EXISTS idx_jobs_expires_at ON jobs(expires_at);
       CREATE INDEX IF NOT EXISTS idx_jobs_request_key_finished ON jobs(request_key, finished_at);
     `);
+        ensureJobsOwnerColumn(this.db);
         if (process.platform !== "win32") {
             try {
                 chmodSync(dbPath, 0o600);
@@ -113,10 +123,10 @@ export class SqliteJobStore {
         this.insertStmt = this.db.prepare(`
       INSERT INTO jobs (id, correlation_id, request_key, cli, args_json, output_format,
                         status, exit_code, stdout, stderr, output_truncated, error,
-                        started_at, finished_at, pid, expires_at)
+                        started_at, finished_at, pid, expires_at, owner_principal)
       VALUES (@id, @correlation_id, @request_key, @cli, @args_json, @output_format,
               @status, @exit_code, @stdout, @stderr, @output_truncated, @error,
-              @started_at, @finished_at, @pid, @expires_at)
+              @started_at, @finished_at, @pid, @expires_at, @owner_principal)
     `);
         this.updateOutputStmt = this.db.prepare(`
       UPDATE jobs SET stdout = @stdout, stderr = @stderr, output_truncated = @output_truncated
@@ -163,12 +173,13 @@ export class SqliteJobStore {
             exit_code: null,
             stdout: "",
             stderr: "",
-            output_truncated: 0,
             error: null,
+            output_truncated: 0,
             started_at: input.startedAt,
             finished_at: null,
             pid: input.pid,
             expires_at: FAR_FUTURE_ISO,
+            owner_principal: input.ownerPrincipal ?? null,
         });
     }
     recordOutput(id, stdout, stderr, outputTruncated) {
@@ -258,6 +269,7 @@ export class MemoryJobStore {
             finishedAt: null,
             pid: input.pid,
             expiresAt: FAR_FUTURE_ISO,
+            ownerPrincipal: input.ownerPrincipal ?? null,
         });
     }
     recordOutput(id, stdout, stderr, outputTruncated) {

package/dist/oauth.d.ts

@@ -33,6 +33,8 @@ export declare class OAuthServer {
     private registrationAllowedByPolicy;
     private handleRegister;
     private handleAuthorize;
+    private verifyConsent;
+    private renderConsentPage;
     private handleToken;
     private pruneExpiredCodes;
 }

package/dist/oauth.js

@@ -1,5 +1,6 @@
 import { createHash, randomBytes, randomUUID, scryptSync, timingSafeEqual } from "node:crypto";
 import { URLSearchParams } from "node:url";
+import { readCappedRawBody, maxOAuthBodyBytes } from "./request-limits.js";
 import { issueOAuthAccessToken, timingSafeStringEqual, } from "./auth.js";
 export const OAUTH_CODE_TTL_MS = 5 * 60 * 1000;
 const GENERATED_SECRET_BYTES = 32;
@@ -52,6 +53,30 @@ export function redactSecret(value) {
 function firstHeader(value) {
     return Array.isArray(value) ? value[0] : value;
 }
+const HTML_ESCAPES = {
+    "&": "&",
+    "<": "&lt;",
+    ">": "&gt;",
+    '"': "&quot;",
+    "'": "&#39;",
+};
+function escapeHtml(value) {
+    return value.replace(/[&<>"']/g, char => HTML_ESCAPES[char] ?? char);
+}
+function readCookie(req, name) {
+    const header = firstHeader(req.headers.cookie);
+    if (!header)
+        return null;
+    for (const part of header.split(";")) {
+        const idx = part.indexOf("=");
+        if (idx < 0)
+            continue;
+        if (part.slice(0, idx).trim() === name) {
+            return decodeURIComponent(part.slice(idx + 1).trim());
+        }
+    }
+    return null;
+}
 function methodNotAllowed(res) {
     res.writeHead(405, { allow: "GET, POST", "content-type": "application/json" });
     res.end(JSON.stringify({ error: "Method not allowed" }));
@@ -105,12 +130,7 @@ function extractStringArray(value, params, key) {
     return values.filter((item) => typeof item === "string" && item.length > 0);
 }
 async function readRawBody(req) {
-    return new Promise((resolve, reject) => {
-        const chunks = [];
-        req.on("data", chunk => chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk)));
-        req.on("error", reject);
-        req.on("end", () => resolve(chunks.length ? Buffer.concat(chunks).toString("utf8") : ""));
-    });
+    return readCappedRawBody(req, maxOAuthBodyBytes());
 }
 async function readOAuthBody(req) {
     const raw = await readRawBody(req);
@@ -272,8 +292,7 @@ export class OAuthServer {
     registrationAllowedByPolicy(req, params) {
         const policy = this.opts.config.registrationPolicy;
         if (policy === "open_dev") {
-            const host = firstHeader(req.headers.host) ?? "";
-            return isLocalHost(host) || process.env.LLM_GATEWAY_OAUTH_OPEN_DEV === "1";
+            return process.env.LLM_GATEWAY_OAUTH_OPEN_DEV === "1";
         }
         if (policy === "static_clients")
             return false;
@@ -372,6 +391,17 @@ export class OAuthServer {
             res.end();
             return;
         }
+        if (this.opts.config.requireConsent) {
+            const isSubmission = req.method === "POST" && params.get("gw_consent") === "1";
+            if (!isSubmission) {
+                this.renderConsentPage(res, params, clientId, requestedScopes);
+                return;
+            }
+            if (!this.verifyConsent(req, params)) {
+                this.renderConsentPage(res, params, clientId, requestedScopes, "Incorrect access code.");
+                return;
+            }
+        }
         this.pruneExpiredCodes();
         const code = randomUUID();
         this.codes.set(code, {
@@ -389,6 +419,58 @@ export class OAuthServer {
         res.writeHead(302, { location: target.toString() });
         res.end();
     }
+    verifyConsent(req, params) {
+        const cookie = readCookie(req, "gw_oauth_csrf");
+        const formCsrf = params.get("gw_csrf");
+        if (!cookie || !formCsrf || !timingSafeStringEqual(cookie, formCsrf))
+            return false;
+        const secret = params.get("consent_secret") ?? "";
+        const hash = this.opts.config.consentSecretHash;
+        return Boolean(hash && secret && verifySecret(secret, hash));
+    }
+    renderConsentPage(res, params, clientId, requestedScopes, error) {
+        const csrf = randomUUID();
+        const carried = [
+            ["response_type", params.get("response_type")],
+            ["client_id", clientId],
+            ["redirect_uri", params.get("redirect_uri")],
+            ["scope", params.get("scope")],
+            ["state", params.get("state")],
+            ["code_challenge", params.get("code_challenge")],
+            ["code_challenge_method", params.get("code_challenge_method")],
+            ["gw_consent", "1"],
+            ["gw_csrf", csrf],
+        ];
+        const hidden = carried
+            .filter(([, value]) => value != null && value !== "")
+            .map(([key, value]) => `<input type="hidden" name="${escapeHtml(key)}" value="${escapeHtml(String(value))}">`)
+            .join("\n      ");
+        const scopeList = requestedScopes.map(escapeHtml).join(", ");
+        const errorBlock = error ? `<p class="err">${escapeHtml(error)}</p>` : "";
+        const html = `<!doctype html>
+<html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1">
+<title>Authorize access</title>
+<style>body{font-family:system-ui,sans-serif;max-width:32rem;margin:3rem auto;padding:0 1rem}
+.box{border:1px solid #ddd;border-radius:8px;padding:1.5rem}label{display:block;margin:.75rem 0 .25rem}
+input[type=password]{width:100%;padding:.5rem;box-sizing:border-box}button{margin-top:1rem;padding:.6rem 1.2rem}
+.err{color:#b00020}.muted{color:#555;font-size:.9rem}</style></head>
+<body><div class="box"><h2>Authorize access</h2>
+<p>Application <strong>${escapeHtml(clientId)}</strong> is requesting access to: <strong>${scopeList}</strong>.</p>
+${errorBlock}
+<form method="post" autocomplete="off">
+      ${hidden}
+      <label for="consent_secret">Gateway access code</label>
+      <input id="consent_secret" type="password" name="consent_secret" required autofocus>
+      <button type="submit">Approve</button>
+</form>
+<p class="muted">Only approve if you initiated this connection.</p></div></body></html>`;
+        res.writeHead(200, {
+            "content-type": "text/html; charset=utf-8",
+            "set-cookie": `gw_oauth_csrf=${csrf}; HttpOnly; SameSite=Lax; Path=/oauth`,
+            "cache-control": "no-store",
+        });
+        res.end(html);
+    }
     async handleToken(req, res) {
         if (req.method !== "POST") {
             methodNotAllowed(res);

package/dist/pricing.d.ts

@@ -3,6 +3,6 @@ export interface PricePerMillion {
     outputUsd: number;
     cacheReadMultiplier: number;
 }
-export declare const PRICING_AS_OF = "2026-05-26";
+export declare const PRICING_AS_OF = "2026-06-13";
 export declare function getPricing(cli: "claude" | "codex" | "gemini" | "grok" | "mistral", model: string): PricePerMillion;
 export declare function estimateCacheSavingsUsd(cli: "claude" | "codex" | "gemini" | "grok" | "mistral", model: string, cacheReadTokens: number): number;

package/dist/pricing.js

@@ -1,4 +1,4 @@
-export const PRICING_AS_OF = "2026-05-26";
+export const PRICING_AS_OF = "2026-06-13";
 const ANTHROPIC_SONNET = {
     inputUsd: 3,
     outputUsd: 15,
@@ -19,6 +19,41 @@ const OPENAI_GPT5 = {
     outputUsd: 10,
     cacheReadMultiplier: 0.5,
 };
+const GEMINI_25_PRO = {
+    inputUsd: 1.25,
+    outputUsd: 10,
+    cacheReadMultiplier: 0.1,
+};
+const GEMINI_FLASH = {
+    inputUsd: 0.3,
+    outputUsd: 2.5,
+    cacheReadMultiplier: 0.1,
+};
+const GEMINI_3_PRO = {
+    inputUsd: 2,
+    outputUsd: 12,
+    cacheReadMultiplier: 0.1,
+};
+const GROK_4 = {
+    inputUsd: 1.25,
+    outputUsd: 2.5,
+    cacheReadMultiplier: 0.16,
+};
+const GROK_BUILD = {
+    inputUsd: 1,
+    outputUsd: 2,
+    cacheReadMultiplier: 0.2,
+};
+const MISTRAL_MEDIUM = {
+    inputUsd: 1.5,
+    outputUsd: 7.5,
+    cacheReadMultiplier: 0.1,
+};
+const MISTRAL_DEVSTRAL = {
+    inputUsd: 0.1,
+    outputUsd: 0.3,
+    cacheReadMultiplier: 0.1,
+};
 const ZERO = {
     inputUsd: 0,
     outputUsd: 0,
@@ -33,13 +68,43 @@ export function getPricing(cli, model) {
             return ANTHROPIC_OPUS;
         if (lower.includes("haiku"))
             return ANTHROPIC_HAIKU;
-        return ZERO;
+        return ANTHROPIC_SONNET;
     }
     if (cli === "codex") {
         if (lower.includes("gpt-5") || lower.includes("o3"))
             return OPENAI_GPT5;
         return ZERO;
     }
+    if (cli === "gemini") {
+        const specialtyVariant = lower.includes("lite") ||
+            lower.includes("image") ||
+            lower.includes("audio") ||
+            lower.includes("tts");
+        if (!specialtyVariant) {
+            if (lower.includes("2.5-flash"))
+                return GEMINI_FLASH;
+            if (lower.includes("2.5-pro"))
+                return GEMINI_25_PRO;
+            if (lower.includes("gemini-3") && lower.includes("pro"))
+                return GEMINI_3_PRO;
+        }
+        return ZERO;
+    }
+    if (cli === "grok") {
+        if (lower.includes("grok-build") || lower.includes("grok-code"))
+            return GROK_BUILD;
+        if (lower.includes("grok-4") || lower.includes("grok-3") || lower.includes("grok-latest")) {
+            return GROK_4;
+        }
+        return ZERO;
+    }
+    if (cli === "mistral") {
+        if (lower.includes("devstral-small"))
+            return MISTRAL_DEVSTRAL;
+        if (lower.includes("mistral-medium-3.5"))
+            return MISTRAL_MEDIUM;
+        return ZERO;
+    }
     return ZERO;
 }
 export function estimateCacheSavingsUsd(cli, model, cacheReadTokens) {