llm-cli-gateway 2.8.0 → 2.10.0

package/dist/resources.d.ts

@@ -33,5 +33,7 @@ export declare class ResourceProvider {
     readCacheStateSession(sessionId: string): SessionCacheStats;
     readCacheStateForPrefix(stablePrefixHash: string): PrefixCacheStats;
     listResources(): ResourceDefinition[];
+    private ownedSessions;
+    private ownedActiveId;
     readResource(uri: string): Promise<ResourceContents | null>;
 }

package/dist/resources.js

@@ -1,4 +1,5 @@
 import { CLI_TYPES, PROVIDER_TYPES } from "./session-manager.js";
+import { getRequestContext, principalCanAccess, resolveOwnerPrincipal } from "./request-context.js";
 import { getAvailableCliInfo } from "./model-registry.js";
 import { computeGlobalCacheStats, computePrefixCacheStats, computeSessionCacheStats, computeTtlRemaining, } from "./cache-stats.js";
 import { buildProviderSubcommandsCompactCatalog, getCliSubcommandContract, serializeCliSubcommandContract, } from "./upstream-contracts.js";
@@ -201,13 +202,21 @@ export class ResourceProvider {
             })),
         ];
     }
+    ownedSessions(sessions) {
+        const caller = resolveOwnerPrincipal(getRequestContext());
+        return sessions.filter(s => principalCanAccess(s.ownerPrincipal, caller));
+    }
+    async ownedActiveId(provider) {
+        const active = await Promise.resolve(this.sessionManager.getActiveSession(provider));
+        if (!active)
+            return null;
+        const caller = resolveOwnerPrincipal(getRequestContext());
+        return principalCanAccess(active.ownerPrincipal, caller) ? active.id : null;
+    }
     async readResource(uri) {
         if (uri === "sessions://all") {
-            const sessions = await this.sessionManager.listSessions();
-            const activeSessions = Object.fromEntries(await Promise.all(PROVIDER_TYPES.map(async (provider) => [
-                provider,
-                (await this.sessionManager.getActiveSession(provider))?.id || null,
-            ])));
+            const sessions = this.ownedSessions(await this.sessionManager.listSessions());
+            const activeSessions = Object.fromEntries(await Promise.all(PROVIDER_TYPES.map(async (provider) => [provider, await this.ownedActiveId(provider)])));
             return {
                 uri,
                 mimeType: "application/json",
@@ -225,7 +234,7 @@ export class ResourceProvider {
             };
         }
         if (uri === "sessions://claude") {
-            const sessions = await this.sessionManager.listSessions("claude");
+            const sessions = this.ownedSessions(await this.sessionManager.listSessions("claude"));
             return {
                 uri,
                 mimeType: "application/json",
@@ -233,12 +242,12 @@ export class ResourceProvider {
                     cli: "claude",
                     total: sessions.length,
                     sessions,
-                    activeSession: (await this.sessionManager.getActiveSession("claude"))?.id || null,
+                    activeSession: await this.ownedActiveId("claude"),
                 }, null, 2),
             };
         }
         if (uri === "sessions://codex") {
-            const sessions = await this.sessionManager.listSessions("codex");
+            const sessions = this.ownedSessions(await this.sessionManager.listSessions("codex"));
             return {
                 uri,
                 mimeType: "application/json",
@@ -246,12 +255,12 @@ export class ResourceProvider {
                     cli: "codex",
                     total: sessions.length,
                     sessions,
-                    activeSession: (await this.sessionManager.getActiveSession("codex"))?.id || null,
+                    activeSession: await this.ownedActiveId("codex"),
                 }, null, 2),
             };
         }
         if (uri === "sessions://gemini") {
-            const sessions = await this.sessionManager.listSessions("gemini");
+            const sessions = this.ownedSessions(await this.sessionManager.listSessions("gemini"));
             return {
                 uri,
                 mimeType: "application/json",
@@ -259,12 +268,12 @@ export class ResourceProvider {
                     cli: "gemini",
                     total: sessions.length,
                     sessions,
-                    activeSession: (await this.sessionManager.getActiveSession("gemini"))?.id || null,
+                    activeSession: await this.ownedActiveId("gemini"),
                 }, null, 2),
             };
         }
         if (uri === "sessions://grok") {
-            const sessions = await this.sessionManager.listSessions("grok");
+            const sessions = this.ownedSessions(await this.sessionManager.listSessions("grok"));
             return {
                 uri,
                 mimeType: "application/json",
@@ -272,12 +281,12 @@ export class ResourceProvider {
                     cli: "grok",
                     total: sessions.length,
                     sessions,
-                    activeSession: (await this.sessionManager.getActiveSession("grok"))?.id || null,
+                    activeSession: await this.ownedActiveId("grok"),
                 }, null, 2),
             };
         }
         if (uri === "sessions://mistral") {
-            const sessions = await this.sessionManager.listSessions("mistral");
+            const sessions = this.ownedSessions(await this.sessionManager.listSessions("mistral"));
             return {
                 uri,
                 mimeType: "application/json",
@@ -285,7 +294,7 @@ export class ResourceProvider {
                     cli: "mistral",
                     total: sessions.length,
                     sessions,
-                    activeSession: (await this.sessionManager.getActiveSession("mistral"))?.id || null,
+                    activeSession: await this.ownedActiveId("mistral"),
                 }, null, 2),
             };
         }

package/dist/secret-redaction.d.ts

@@ -0,0 +1,3 @@
+export declare function isRedactionEnabled(env?: NodeJS.ProcessEnv): boolean;
+export declare function redactSecrets(text: string): string;
+export declare function redactIfEnabled(value: string | null | undefined, enabled: boolean): typeof value;

package/dist/secret-redaction.js

@@ -0,0 +1,53 @@
+const REDACTED = "[REDACTED]";
+const RULES = [
+    {
+        label: "private-key",
+        pattern: /-----BEGIN (?:RSA |EC |DSA |OPENSSH |PGP |ENCRYPTED )?PRIVATE KEY-----[\s\S]*?-----END (?:RSA |EC |DSA |OPENSSH |PGP |ENCRYPTED )?PRIVATE KEY-----/g,
+    },
+    { label: "anthropic-key", pattern: /\bsk-ant-[A-Za-z0-9_-]{16,}/g },
+    { label: "openai-key", pattern: /\bsk-(?:proj-)?[A-Za-z0-9_-]{16,}/g },
+    { label: "xai-key", pattern: /\bxai-[A-Za-z0-9]{16,}/g },
+    { label: "google-key", pattern: /\bAIza[0-9A-Za-z_-]{35}\b/g },
+    { label: "aws-access-key-id", pattern: /\b(?:AKIA|ASIA)[0-9A-Z]{16}\b/g },
+    { label: "github-token", pattern: /\bgh[pousr]_[A-Za-z0-9]{36,}\b/g },
+    { label: "slack-token", pattern: /\bxox[baprs]-[A-Za-z0-9-]{10,}/g },
+    {
+        label: "jwt",
+        pattern: /\beyJ[A-Za-z0-9_-]{10,}\.eyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\b/g,
+    },
+    {
+        label: "bearer",
+        pattern: /\bBearer\s+[A-Za-z0-9._~+/=-]{12,}/g,
+        replace: () => `Bearer ${REDACTED}`,
+    },
+    {
+        label: "url-credential",
+        pattern: /([a-z][a-z0-9+.-]*:\/\/[^\s/:@]+):[^\s/@]+@/gi,
+        replace: (_m, prefix) => `${prefix}:${REDACTED}@`,
+    },
+    {
+        label: "secret-assignment",
+        pattern: /\b(password|passwd|pwd|secret[_-]?key|client[_-]?secret|api[_-]?key|access[_-]?key|auth[_-]?token)\b(\s*[:=]\s*)(?:"[^"\n]{6,}"|'[^'\n]{6,}'|[^\s"'\n,;]{6,})/gi,
+        replace: (_m, key, sep) => `${key}${sep}${REDACTED}`,
+    },
+];
+export function isRedactionEnabled(env = process.env) {
+    const raw = (env.LLM_GATEWAY_REDACT_LOGGED_SECRETS ?? "").trim().toLowerCase();
+    return raw !== "0" && raw !== "false" && raw !== "off" && raw !== "no";
+}
+export function redactSecrets(text) {
+    if (!text)
+        return text;
+    let out = text;
+    for (const rule of RULES) {
+        out = rule.replace
+            ? out.replace(rule.pattern, rule.replace)
+            : out.replace(rule.pattern, REDACTED);
+    }
+    return out;
+}
+export function redactIfEnabled(value, enabled) {
+    if (!enabled || !value)
+        return value;
+    return redactSecrets(value);
+}

package/dist/session-manager-pg.js

@@ -1,4 +1,5 @@
 import { randomUUID } from "crypto";
+import { getRequestContext, resolveOwnerPrincipal } from "./request-context.js";
 const DEFAULT_SESSION_DESCRIPTIONS = {
     claude: "Claude Session",
     codex: "Codex Session",
@@ -16,11 +17,12 @@ export class PostgreSQLSessionManager {
         const id = sessionId || randomUUID();
         const sessionDescription = description ?? DEFAULT_SESSION_DESCRIPTIONS[cli];
         const now = new Date().toISOString();
+        const ownerPrincipal = resolveOwnerPrincipal(getRequestContext());
         const client = await this.pool.connect();
         try {
             await client.query("BEGIN");
-            await client.query(`INSERT INTO sessions (id, cli, description, created_at, last_used_at)
-         VALUES ($1, $2, $3, $4, $5)`, [id, cli, sessionDescription, now, now]);
+            await client.query(`INSERT INTO sessions (id, cli, description, created_at, last_used_at, owner_principal)
+         VALUES ($1, $2, $3, $4, $5, $6)`, [id, cli, sessionDescription, now, now, ownerPrincipal]);
             await client.query(`INSERT INTO active_sessions (cli, session_id, updated_at)
          VALUES ($1, $2, $3)
          ON CONFLICT (cli) DO NOTHING`, [cli, id, now]);
@@ -31,6 +33,7 @@ export class PostgreSQLSessionManager {
                 createdAt: now,
                 lastUsedAt: now,
                 description: sessionDescription,
+                ownerPrincipal,
             };
         }
         catch (error) {
@@ -42,18 +45,18 @@ export class PostgreSQLSessionManager {
         }
     }
     async getSession(sessionId) {
-        const result = await this.pool.query(`SELECT id, cli, description, metadata, created_at AS "createdAt", last_used_at AS "lastUsedAt"
+        const result = await this.pool.query(`SELECT id, cli, description, metadata, created_at AS "createdAt", last_used_at AS "lastUsedAt", owner_principal AS "ownerPrincipal"
        FROM sessions
        WHERE id = $1`, [sessionId]);
         return result.rows[0] ?? null;
     }
     async listSessions(cli) {
         const query = cli
-            ? `SELECT id, cli, description, metadata, created_at AS "createdAt", last_used_at AS "lastUsedAt"
+            ? `SELECT id, cli, description, metadata, created_at AS "createdAt", last_used_at AS "lastUsedAt", owner_principal AS "ownerPrincipal"
          FROM sessions
          WHERE cli = $1
          ORDER BY last_used_at DESC`
-            : `SELECT id, cli, description, metadata, created_at AS "createdAt", last_used_at AS "lastUsedAt"
+            : `SELECT id, cli, description, metadata, created_at AS "createdAt", last_used_at AS "lastUsedAt", owner_principal AS "ownerPrincipal"
          FROM sessions
          ORDER BY last_used_at DESC`;
         const result = cli

package/dist/session-manager.d.ts

@@ -14,6 +14,7 @@ export interface Session {
     lastUsedAt: string;
     description?: string;
     metadata?: Record<string, any>;
+    ownerPrincipal?: string | null;
 }
 export interface SessionStorage {
     sessions: Record<string, Session>;

package/dist/session-manager.js

@@ -4,6 +4,7 @@ import { join, dirname } from "path";
 import { existsSync, mkdirSync, readFileSync, writeFileSync, renameSync, openSync, fsyncSync, closeSync, chmodSync, } from "fs";
 import { DEFAULT_SESSION_TTL_SECONDS } from "./config.js";
 import { noopLogger } from "./logger.js";
+import { getRequestContext, resolveOwnerPrincipal } from "./request-context.js";
 export const CLI_TYPES = ["claude", "codex", "gemini", "grok", "mistral"];
 export const API_PROVIDER_TYPES = ["grok-api"];
 export const PROVIDER_TYPES = [...CLI_TYPES, ...API_PROVIDER_TYPES];
@@ -113,6 +114,7 @@ export class FileSessionManager {
             createdAt: new Date().toISOString(),
             lastUsedAt: new Date().toISOString(),
             description: sessionDescription,
+            ownerPrincipal: resolveOwnerPrincipal(getRequestContext()),
         };
         this.storage.sessions[id] = session;
         if (!this.storage.activeSession[cli]) {

package/migrations/004_session_owner_principal.sql

@@ -0,0 +1,10 @@
+-- F3: per-principal isolation. Add an ownership principal to PostgreSQL-backed
+-- sessions, mirroring the file backend's `ownerPrincipal` and the job store's
+-- `owner_principal`. Additive and nullable: rows created before this migration
+-- keep NULL and are treated as legacy-unowned by F3b enforcement.
+
+ALTER TABLE sessions ADD COLUMN IF NOT EXISTS owner_principal TEXT;
+
+INSERT INTO schema_migrations (version, name)
+VALUES (4, '004_session_owner_principal')
+ON CONFLICT (version) DO NOTHING;

package/npm-shrinkwrap.json

@@ -1,12 +1,12 @@
 {
   "name": "llm-cli-gateway",
-  "version": "2.8.0",
+  "version": "2.10.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "llm-cli-gateway",
-      "version": "2.8.0",
+      "version": "2.10.0",
       "license": "MIT",
       "dependencies": {
         "@modelcontextprotocol/sdk": "^1.29.0",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "llm-cli-gateway",
-  "version": "2.8.0",
+  "version": "2.10.0",
   "mcpName": "io.github.verivus-oss/llm-cli-gateway",
   "description": "MCP server providing unified access to Claude Code, Codex, Gemini, Grok, and Mistral Vibe CLIs with session management, retry logic, async job orchestration, durable job results, and cross-LLM validation.",
   "license": "MIT",