llm-cli-gateway 2.7.0 → 2.9.0

package/dist/upstream-contracts.js

@@ -1,6 +1,65 @@
 import { spawnSync } from "node:child_process";
 import { createHash } from "node:crypto";
 import { envWithExtendedPath, getExtendedPath, resolveCommandForSpawn } from "./executor.js";
+export const ACP_ENTRYPOINT_CONTRACTS = {
+    mistral: {
+        cli: "mistral",
+        displayName: "Mistral Vibe",
+        status: "native",
+        executable: "vibe-acp",
+        entrypointArgs: [],
+        targetVersion: "vibe 2.14.1",
+        probeArgs: [["--version"], ["--help"]],
+        evidence: "Native ACP executable vibe-acp; manual initialize + session/new smoke passed. First runtime pilot.",
+        docsRef: "docs/plans/first-class-acp-gateway-extension.dag.toml#provider_matrix.mistral",
+    },
+    grok: {
+        cli: "grok",
+        displayName: "xAI Grok CLI",
+        status: "native",
+        executable: "grok",
+        entrypointArgs: ["agent", "stdio"],
+        targetVersion: "grok 0.2.50 (cadf94855)",
+        probeArgs: [["agent", "stdio", "--help"]],
+        evidence: "Native ACP via `grok agent stdio`; initialize + session/new smoke passed with isolated leader socket. Second runtime pilot.",
+        docsRef: "docs/plans/first-class-acp-gateway-extension.dag.toml#provider_matrix.grok",
+    },
+    codex: {
+        cli: "codex",
+        displayName: "OpenAI Codex CLI",
+        status: "adapter_mediated_deferred",
+        executable: "codex",
+        entrypointArgs: [],
+        targetVersion: "codex-cli 0.139.0",
+        probeArgs: [],
+        adapterCandidates: ["zed-industries/codex-acp", "agentclientprotocol/codex-acp"],
+        evidence: "No native ACP entrypoint at codex-cli 0.139.0. Adapter evidence tracked as documentation only; not native gateway ACP support.",
+        docsRef: "docs/plans/first-class-acp-gateway-extension.dag.toml#provider_matrix.codex",
+    },
+    claude: {
+        cli: "claude",
+        displayName: "Anthropic Claude Code",
+        status: "adapter_mediated_deferred",
+        executable: "claude",
+        entrypointArgs: [],
+        targetVersion: "claude 2.1.175",
+        probeArgs: [],
+        adapterCandidates: ["Claude Agent SDK ACP adapter"],
+        evidence: "No native Claude Code CLI ACP entrypoint at claude 2.1.175. Adapter ownership/permission bridging unresolved; deferred.",
+        docsRef: "docs/plans/first-class-acp-gateway-extension.dag.toml#provider_matrix.claude",
+    },
+    gemini: {
+        cli: "gemini",
+        displayName: "Google Antigravity",
+        status: "absent_watchlist",
+        executable: "agy",
+        entrypointArgs: [],
+        targetVersion: "agy 1.0.7",
+        probeArgs: [],
+        evidence: "agy 1.0.7 has no ACP flag or subcommand. Legacy Gemini CLI ACP evidence does not transfer. Watchlist item.",
+        docsRef: "docs/plans/first-class-acp-gateway-extension.dag.toml#provider_matrix.gemini",
+    },
+};
 const PERMISSION_MODES = [
     "default",
     "acceptEdits",
@@ -2084,6 +2143,74 @@ function probeInstalledCliSubcommands(cli, timeoutMs) {
     }
     return probes;
 }
+export function probeInstalledAcpEntrypoint(cli, timeoutMs = 5_000) {
+    const contract = ACP_ENTRYPOINT_CONTRACTS[cli];
+    const warnings = [];
+    const checkedProbeCommands = contract.probeArgs.map(args => [...args]);
+    if (contract.status !== "native" || contract.probeArgs.length === 0) {
+        return {
+            cli,
+            status: contract.status,
+            executable: contract.executable,
+            entrypointArgs: contract.entrypointArgs,
+            targetVersion: contract.targetVersion,
+            checkedProbeCommands,
+            available: null,
+            entrypointDrift: false,
+            warnings,
+            probedAt: new Date().toISOString(),
+        };
+    }
+    let anyProbeSucceeded = false;
+    for (const probeArgs of contract.probeArgs) {
+        const extendedPath = getExtendedPath();
+        const env = envWithExtendedPath(process.env, extendedPath);
+        const resolved = resolveCommandForSpawn(contract.executable, [...probeArgs], {
+            envPath: extendedPath,
+        });
+        const result = spawnSync(resolved.command, resolved.args, {
+            encoding: "utf8",
+            timeout: timeoutMs,
+            maxBuffer: 1024 * 1024,
+            env,
+            windowsHide: true,
+            windowsVerbatimArguments: resolved.windowsVerbatimArguments,
+        });
+        if (result.error) {
+            warnings.push(`${contract.executable} ${probeArgs.join(" ")} unavailable: ${result.error.message}`);
+            continue;
+        }
+        anyProbeSucceeded = true;
+        if (result.status !== 0) {
+            warnings.push(`${contract.executable} ${probeArgs.join(" ")} exited with status ${result.status}`);
+        }
+    }
+    return {
+        cli,
+        status: contract.status,
+        executable: contract.executable,
+        entrypointArgs: contract.entrypointArgs,
+        targetVersion: contract.targetVersion,
+        checkedProbeCommands,
+        available: anyProbeSucceeded,
+        entrypointDrift: !anyProbeSucceeded,
+        warnings,
+        probedAt: new Date().toISOString(),
+    };
+}
+function serializeAcpEntrypointContract(contract) {
+    return {
+        status: contract.status,
+        native: contract.status === "native",
+        executable: contract.executable,
+        entrypointArgs: contract.entrypointArgs,
+        targetVersion: contract.targetVersion,
+        probeArgs: contract.probeArgs.map(args => [...args]),
+        adapterCandidates: contract.adapterCandidates ?? [],
+        evidence: contract.evidence,
+        docsRef: contract.docsRef,
+    };
+}
 export function buildUpstreamContractReport(options = {}) {
     const selected = options.cli ? [options.cli] : Object.keys(UPSTREAM_CLI_CONTRACTS);
     const contracts = Object.fromEntries(selected.map(cli => {
@@ -2130,6 +2257,7 @@ export function buildUpstreamContractReport(options = {}) {
                     description: fixture.description,
                     expect: fixture.expect,
                 })),
+                acpEntrypoint: serializeAcpEntrypointContract(ACP_ENTRYPOINT_CONTRACTS[cli]),
             },
         ];
     }));
@@ -2140,5 +2268,8 @@ export function buildUpstreamContractReport(options = {}) {
         installedProbe: options.probeInstalled
             ? Object.fromEntries(selected.map(cli => [cli, probeInstalledCliContract(cli)]))
             : null,
+        acpInstalledProbe: options.probeInstalled
+            ? Object.fromEntries(selected.map(cli => [cli, probeInstalledAcpEntrypoint(cli)]))
+            : null,
     };
 }

package/migrations/004_session_owner_principal.sql

@@ -0,0 +1,10 @@
+-- F3: per-principal isolation. Add an ownership principal to PostgreSQL-backed
+-- sessions, mirroring the file backend's `ownerPrincipal` and the job store's
+-- `owner_principal`. Additive and nullable: rows created before this migration
+-- keep NULL and are treated as legacy-unowned by F3b enforcement.
+
+ALTER TABLE sessions ADD COLUMN IF NOT EXISTS owner_principal TEXT;
+
+INSERT INTO schema_migrations (version, name)
+VALUES (4, '004_session_owner_principal')
+ON CONFLICT (version) DO NOTHING;

package/npm-shrinkwrap.json

@@ -1,12 +1,12 @@
 {
   "name": "llm-cli-gateway",
-  "version": "2.7.0",
+  "version": "2.9.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "llm-cli-gateway",
-      "version": "2.7.0",
+      "version": "2.9.0",
       "license": "MIT",
       "dependencies": {
         "@modelcontextprotocol/sdk": "^1.29.0",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "llm-cli-gateway",
-  "version": "2.7.0",
+  "version": "2.9.0",
   "mcpName": "io.github.verivus-oss/llm-cli-gateway",
   "description": "MCP server providing unified access to Claude Code, Codex, Gemini, Grok, and Mistral Vibe CLIs with session management, retry logic, async job orchestration, durable job results, and cross-LLM validation.",
   "license": "MIT",