@gaberrb/polypus 0.4.4 → 0.4.6

package/dist/index.js

@@ -137,6 +137,10 @@ var en = {
   "run.autocorrect": "\u21BB tool failed \u2014 auto-correcting with extra context",
   "run.cancelled": "\u25A0 cancelled",
   "run.jsonNeedsTask": "--json requires a task argument (headless mode has no interactive REPL).",
+  "review.approveAll": "approve all",
+  "review.reject": "reject",
+  "review.pickHunks": "pick hunks\u2026",
+  "review.selectHunks": "Select the hunks to apply (space to toggle, enter to confirm)",
   // repl
   "repl.welcome": "Polypus interactive session.",
   "repl.welcomeHint": " Type /help for commands, /exit to quit.",
@@ -291,7 +295,10 @@ var en = {
   // @-mentions
   "mentions.injectedHeader": "Referenced files (@-mentions)",
   "mentions.dirHeader": "@{path} (directory listing)",
-  "mentions.notFound": "(could not resolve @{path}: not found or outside the allow-list)"
+  "mentions.notFound": "(could not resolve @{path}: not found or outside the allow-list)",
+  // safety policy
+  "policy.blockedCommand": "blocked by safety policy ({reason}) \u2014 refusing in all modes",
+  "policy.secretFound": "write blocked: a possible secret ({kind}) was found on line {line}. Remove it or load it from an environment variable instead of hard-coding it."
 };
 var ptBR = {
   "common.default": "padr\xE3o",
@@ -362,6 +369,10 @@ var ptBR = {
   "run.autocorrect": "\u21BB tool falhou \u2014 autocorrigindo com contexto extra",
   "run.cancelled": "\u25A0 cancelado",
   "run.jsonNeedsTask": "--json exige um argumento de tarefa (o modo headless n\xE3o tem REPL interativo).",
+  "review.approveAll": "aprovar tudo",
+  "review.reject": "rejeitar",
+  "review.pickHunks": "escolher hunks\u2026",
+  "review.selectHunks": "Selecione os hunks a aplicar (espa\xE7o alterna, enter confirma)",
   "repl.welcome": "Sess\xE3o interativa do Polypus.",
   "repl.welcomeHint": " Digite /help para comandos, /exit para sair.",
   "repl.modeChanged": "modo \u2192 {mode}",
@@ -490,6 +501,9 @@ var ptBR = {
   "mentions.injectedHeader": "Arquivos referenciados (@-mentions)",
   "mentions.dirHeader": "@{path} (conte\xFAdo do diret\xF3rio)",
   "mentions.notFound": "(n\xE3o foi poss\xEDvel resolver @{path}: n\xE3o encontrado ou fora da allow-list)",
+  // safety policy
+  "policy.blockedCommand": "bloqueado pela pol\xEDtica de seguran\xE7a ({reason}) \u2014 recusado em todos os modos",
+  "policy.secretFound": "escrita bloqueada: poss\xEDvel segredo ({kind}) encontrado na linha {line}. Remova-o ou carregue de uma vari\xE1vel de ambiente em vez de fix\xE1-lo no c\xF3digo.",
   "models.fetching": "Buscando modelos do OpenRouter\u2026",
   "models.fetchError": "N\xE3o foi poss\xEDvel buscar modelos: {msg}",
   "models.none": "Nenhum modelo corresponde aos filtros.",
@@ -957,6 +971,10 @@ function createProvider(agent) {
   return { config: agent, provider, toolMode: resolveToolMode(agent) };
 }
 
+// src/core/permissions/modes.ts
+import { readFile as readFile2 } from "fs/promises";
+import { resolve as resolve2 } from "path";
+
 // src/core/permissions/allowlist.ts
 import { isAbsolute, relative, resolve, sep } from "path";
 function globToRegExp(glob) {
@@ -1005,6 +1023,158 @@ function isCommandPreApproved(allowedCommands, command) {
   return allowedCommands.some((prefix) => c === prefix || c.startsWith(prefix.trim() + " "));
 }
 
+// src/core/permissions/policy.ts
+var DANGEROUS_COMMANDS = [
+  { re: /--no-preserve-root/i, reason: "rm --no-preserve-root" },
+  { re: /:\(\)\s*\{\s*:\s*\|\s*:\s*&\s*\}\s*;\s*:/, reason: "fork bomb" },
+  { re: /\bmkfs(\.\w+)?\b/i, reason: "filesystem format (mkfs)" },
+  { re: /\bdd\b[^\n]*\bof=\/dev\/(sd|nvme|hd|disk)/i, reason: "dd writing to a raw disk device" },
+  { re: />\s*\/dev\/(sd|nvme|hd|disk)/i, reason: "redirect to a raw disk device" },
+  { re: /\bchmod\s+(-[a-z]*\s+)*-?R?\s*777\s+\//i, reason: "chmod 777 on /" },
+  { re: /\b(curl|wget)\b[^\n|]*\|\s*(sudo\s+)?(sh|bash|zsh)\b/i, reason: "piping a downloaded script straight into a shell" }
+];
+function isDangerousRm(command) {
+  if (!/\brm\b/i.test(command)) return false;
+  const recursive = /(?:^|\s)-[a-z]*r[a-z]*f/i.test(command) || /(?:^|\s)-[a-z]*f[a-z]*r/i.test(command) || /(?:^|\s)-[a-z]*r\b/i.test(command) && /(?:^|\s)-[a-z]*f\b/i.test(command);
+  if (!recursive) return false;
+  return /(?:\s|^)(?:\/\*|\/|~|\$HOME|\*)(?:\s|$)/.test(command);
+}
+function screenCommand(command) {
+  if (isDangerousRm(command)) {
+    return { blocked: true, reason: "recursive force-delete of / ~ or *" };
+  }
+  for (const { re, reason } of DANGEROUS_COMMANDS) {
+    if (re.test(command)) return { blocked: true, reason };
+  }
+  return { blocked: false };
+}
+var SECRET_PATTERNS = [
+  { re: /-----BEGIN (?:RSA |EC |DSA |OPENSSH |PGP )?PRIVATE KEY-----/, kind: "private key block" },
+  { re: /\bAKIA[0-9A-Z]{16}\b/, kind: "AWS access key id" },
+  { re: /\bgh[pousr]_[A-Za-z0-9]{36,}\b/, kind: "GitHub token" },
+  { re: /\bxox[baprs]-[A-Za-z0-9-]{10,}\b/, kind: "Slack token" },
+  { re: /\bsk-[A-Za-z0-9]{32,}\b/, kind: "OpenAI-style secret key" },
+  { re: /\bAIza[0-9A-Za-z_-]{35}\b/, kind: "Google API key" }
+];
+function scanSecrets(text2) {
+  const findings = [];
+  const lines = text2.split("\n");
+  for (let i = 0; i < lines.length; i++) {
+    for (const { re, kind } of SECRET_PATTERNS) {
+      if (re.test(lines[i])) {
+        findings.push({ line: i + 1, kind });
+        break;
+      }
+    }
+  }
+  return findings;
+}
+
+// src/core/permissions/diff.ts
+var CONTEXT = 3;
+function splitLines(text2) {
+  return text2 === "" ? [] : text2.split("\n");
+}
+function lcsOps(a, b) {
+  const n = a.length;
+  const m = b.length;
+  const dp = Array.from({ length: n + 1 }, () => new Array(m + 1).fill(0));
+  for (let i2 = n - 1; i2 >= 0; i2--) {
+    for (let j2 = m - 1; j2 >= 0; j2--) {
+      dp[i2][j2] = a[i2] === b[j2] ? dp[i2 + 1][j2 + 1] + 1 : Math.max(dp[i2 + 1][j2], dp[i2][j2 + 1]);
+    }
+  }
+  const out = [];
+  let i = 0;
+  let j = 0;
+  while (i < n && j < m) {
+    if (a[i] === b[j]) {
+      out.push({ type: " ", text: a[i] });
+      i++;
+      j++;
+    } else if (dp[i + 1][j] >= dp[i][j + 1]) {
+      out.push({ type: "-", text: a[i] });
+      i++;
+    } else {
+      out.push({ type: "+", text: b[j] });
+      j++;
+    }
+  }
+  while (i < n) out.push({ type: "-", text: a[i++] });
+  while (j < m) out.push({ type: "+", text: b[j++] });
+  return out;
+}
+function computeHunks(oldText, newText) {
+  const a = splitLines(oldText);
+  const b = splitLines(newText);
+  const ops = lcsOps(a, b);
+  const isChange = ops.map((o) => o.type !== " ");
+  const keep = new Array(ops.length).fill(false);
+  for (let k2 = 0; k2 < ops.length; k2++) {
+    if (isChange[k2]) {
+      for (let c = Math.max(0, k2 - CONTEXT); c <= Math.min(ops.length - 1, k2 + CONTEXT); c++) {
+        keep[c] = true;
+      }
+    }
+  }
+  const hunks = [];
+  let oldLine = 0;
+  let newLine = 0;
+  let k = 0;
+  while (k < ops.length) {
+    const op = ops[k];
+    if (!keep[k]) {
+      if (op.type !== "+") oldLine++;
+      if (op.type !== "-") newLine++;
+      k++;
+      continue;
+    }
+    const oldStart = oldLine;
+    const newStart = newLine;
+    const lines = [];
+    let oldCount = 0;
+    let newCount = 0;
+    while (k < ops.length && keep[k]) {
+      const cur = ops[k];
+      lines.push(cur);
+      if (cur.type !== "+") {
+        oldLine++;
+        oldCount++;
+      }
+      if (cur.type !== "-") {
+        newLine++;
+        newCount++;
+      }
+      k++;
+    }
+    hunks.push({ oldStart, oldCount, newStart, newCount, lines });
+  }
+  return hunks;
+}
+function applyHunks(oldText, hunks, approved) {
+  const a = splitLines(oldText);
+  const out = [];
+  let oldIdx = 0;
+  hunks.forEach((hunk, idx) => {
+    while (oldIdx < hunk.oldStart) out.push(a[oldIdx++]);
+    if (approved.has(idx)) {
+      for (const l of hunk.lines) if (l.type !== "-") out.push(l.text);
+    } else {
+      for (const l of hunk.lines) if (l.type !== "+") out.push(l.text);
+    }
+    oldIdx = hunk.oldStart + hunk.oldCount;
+  });
+  while (oldIdx < a.length) out.push(a[oldIdx++]);
+  return out.join("\n");
+}
+function hunkLabel(hunk) {
+  const added = hunk.lines.filter((l) => l.type === "+").length;
+  const removed = hunk.lines.filter((l) => l.type === "-").length;
+  const firstChange = hunk.lines.find((l) => l.type !== " ");
+  const preview = firstChange ? firstChange.text.trim().slice(0, 50) : "";
+  return `@@ -${hunk.oldStart + 1},${hunk.oldCount} +${hunk.newStart + 1},${hunk.newCount} @@ (+${added}/-${removed}) ${preview}`;
+}
+
 // src/core/permissions/modes.ts
 var PermissionEngine = class {
   constructor(opts) {
@@ -1019,24 +1189,48 @@ var PermissionEngine = class {
     const d = checkPath(this.opts.policy, target);
     return d.allowed ? { allowed: true } : { allowed: false, reason: d.reason };
   }
-  async authorizeWrite(target, preview) {
+  async authorizeWrite(target, preview, content) {
     const d = checkPath(this.opts.policy, target);
     if (!d.allowed) return { allowed: false, reason: d.reason };
+    let oldContent = "";
+    try {
+      oldContent = await readFile2(resolve2(this.opts.policy.workspace, target), "utf8");
+    } catch {
+    }
+    const hunks = content !== void 0 ? computeHunks(oldContent, content) : [];
+    const added = hunks.flatMap((h) => h.lines.filter((l) => l.type === "+").map((l) => l.text)).join("\n");
+    const findings = scanSecrets(hunks.length > 0 ? added : content ?? preview ?? "");
+    if (findings.length > 0) {
+      const first = findings[0];
+      return {
+        allowed: false,
+        reason: t("policy.secretFound", { kind: first.kind, line: first.line })
+      };
+    }
     if (this.opts.mode === "plan") {
       return { allowed: false, reason: "plan mode: file modifications are disabled" };
     }
     if (this.opts.mode === "bypass") return { allowed: true };
-    const ok = await this.ask({ kind: "write", summary: `write ${d.rel}`, preview });
-    return ok ? { allowed: true } : { allowed: false, reason: "rejected by user" };
+    const res = await this.ask({ kind: "write", summary: `write ${d.rel}`, preview, hunks });
+    if (res === true) return { allowed: true };
+    if (res === false) return { allowed: false, reason: "rejected by user" };
+    const approved = new Set(res);
+    if (approved.size === 0) return { allowed: false, reason: "rejected by user" };
+    if (approved.size === hunks.length) return { allowed: true };
+    return { allowed: true, content: applyHunks(oldContent, hunks, approved) };
   }
   async authorizeCommand(command) {
+    const screen = screenCommand(command);
+    if (screen.blocked) {
+      return { allowed: false, reason: t("policy.blockedCommand", { reason: screen.reason ?? "" }) };
+    }
     if (this.opts.mode === "plan") {
       return { allowed: false, reason: "plan mode: running commands is disabled" };
     }
     if (this.opts.mode === "bypass") return { allowed: true };
     if (isCommandPreApproved(this.opts.allowedCommands, command)) return { allowed: true };
-    const ok = await this.ask({ kind: "command", summary: `run: ${command}` });
-    return ok ? { allowed: true } : { allowed: false, reason: "rejected by user" };
+    const res = await this.ask({ kind: "command", summary: `run: ${command}` });
+    return res === true ? { allowed: true } : { allowed: false, reason: "rejected by user" };
   }
   async ask(req) {
     if (!this.opts.confirm) return false;
@@ -1265,8 +1459,8 @@ function makeDriver(kind, tools) {
 }
 
 // src/core/tools/edit-file.ts
-import { readFile as readFile2, writeFile as writeFile2 } from "fs/promises";
-import { resolve as resolve2 } from "path";
+import { readFile as readFile3, writeFile as writeFile2 } from "fs/promises";
+import { resolve as resolve3 } from "path";
 import { z as z2 } from "zod";
 var Args = z2.object({
   path: z2.string().min(1),
@@ -1296,10 +1490,10 @@ var editFileTool = {
         output: "edit_file needs three arguments: 'path', 'search' (exact text to find), and 'replace'. Resend the tool call with all three filled in."
       };
     }
-    const abs = resolve2(ctx.workspace, args.data.path);
+    const abs = resolve3(ctx.workspace, args.data.path);
     let content;
     try {
-      content = await readFile2(abs, "utf8");
+      content = await readFile3(abs, "utf8");
     } catch (err) {
       return { ok: false, output: `Could not read file to edit: ${err.message}` };
     }
@@ -1317,11 +1511,12 @@ var editFileTool = {
     const decision = await ctx.permissions.authorizeWrite(
       args.data.path,
       `- ${firstLine(args.data.search)}
-+ ${firstLine(args.data.replace)}`
++ ${firstLine(args.data.replace)}`,
+      updated
     );
     if (!decision.allowed) return { ok: false, output: `Edit denied: ${decision.reason}` };
     try {
-      await writeFile2(abs, updated, "utf8");
+      await writeFile2(abs, decision.content ?? updated, "utf8");
       return { ok: true, output: `Edited ${args.data.path}.` };
     } catch (err) {
       return { ok: false, output: `Could not write edit: ${err.message}` };
@@ -1334,7 +1529,7 @@ function firstLine(s) {
 
 // src/core/tools/list-dir.ts
 import { readdir } from "fs/promises";
-import { resolve as resolve3 } from "path";
+import { resolve as resolve4 } from "path";
 import { z as z3 } from "zod";
 var Args2 = z3.object({ path: z3.string().default(".") });
 var listDirTool = {
@@ -1355,7 +1550,7 @@ var listDirTool = {
       return { ok: false, output: `List denied: ${decision.reason}` };
     }
     try {
-      const entries = await readdir(resolve3(ctx.workspace, path), { withFileTypes: true });
+      const entries = await readdir(resolve4(ctx.workspace, path), { withFileTypes: true });
       const lines = entries.map((e) => e.isDirectory() ? `${e.name}/` : e.name).sort();
       return { ok: true, output: lines.length ? lines.join("\n") : "(empty)" };
     } catch (err) {
@@ -1365,8 +1560,8 @@ var listDirTool = {
 };
 
 // src/core/tools/read-file.ts
-import { readFile as readFile3 } from "fs/promises";
-import { resolve as resolve4 } from "path";
+import { readFile as readFile4 } from "fs/promises";
+import { resolve as resolve5 } from "path";
 import { z as z4 } from "zod";
 var Args3 = z4.object({ path: z4.string().min(1) });
 var MAX_CHARS = 6e4;
@@ -1387,7 +1582,7 @@ var readFileTool = {
     const decision = ctx.permissions.authorizeRead(args.data.path);
     if (!decision.allowed) return { ok: false, output: `Read denied: ${decision.reason}` };
     try {
-      const content = await readFile3(resolve4(ctx.workspace, args.data.path), "utf8");
+      const content = await readFile4(resolve5(ctx.workspace, args.data.path), "utf8");
       const truncated = content.length > MAX_CHARS;
       return {
         ok: true,
@@ -1448,8 +1643,8 @@ function clamp(s) {
 }
 
 // src/core/tools/search-file.ts
-import { readdir as readdir2, readFile as readFile4, stat } from "fs/promises";
-import { join as join2, resolve as resolve5 } from "path";
+import { readdir as readdir2, readFile as readFile5, stat } from "fs/promises";
+import { join as join2, resolve as resolve6 } from "path";
 import { z as z6 } from "zod";
 var Args5 = z6.object({
   query: z6.string().min(1),
@@ -1501,7 +1696,7 @@ var searchTool = {
     }
     const globRe = glob ? globToRegExp(glob) : void 0;
     const limit = max_results ?? DEFAULT_MAX_RESULTS;
-    const root = resolve5(ctx.workspace, path);
+    const root = resolve6(ctx.workspace, path);
     const matches = [];
     let truncated = false;
     const walk = async (dir) => {
@@ -1527,7 +1722,7 @@ var searchTool = {
         try {
           const info = await stat(abs);
           if (info.size > MAX_FILE_BYTES) continue;
-          const content = await readFile4(abs, "utf8");
+          const content = await readFile5(abs, "utf8");
           if (content.includes(NUL)) continue;
           const lines = content.split("\n");
           for (let i = 0; i < lines.length; i++) {
@@ -1572,7 +1767,7 @@ var FINISH_TOOL = {
 
 // src/core/tools/write-file.ts
 import { mkdir as mkdir2, writeFile as writeFile3 } from "fs/promises";
-import { dirname, resolve as resolve6 } from "path";
+import { dirname, resolve as resolve7 } from "path";
 import { z as z7 } from "zod";
 var Args6 = z7.object({ path: z7.string().min(1), content: z7.string() });
 var writeFileTool = {
@@ -1599,13 +1794,14 @@ var writeFileTool = {
       };
     }
     const preview = previewContent(args.data.content);
-    const decision = await ctx.permissions.authorizeWrite(args.data.path, preview);
+    const decision = await ctx.permissions.authorizeWrite(args.data.path, preview, args.data.content);
     if (!decision.allowed) return { ok: false, output: `Write denied: ${decision.reason}` };
+    const finalContent = decision.content ?? args.data.content;
     try {
-      const abs = resolve6(ctx.workspace, args.data.path);
+      const abs = resolve7(ctx.workspace, args.data.path);
       await mkdir2(dirname(abs), { recursive: true });
-      await writeFile3(abs, args.data.content, "utf8");
-      const lines = args.data.content.split("\n").length;
+      await writeFile3(abs, finalContent, "utf8");
+      const lines = finalContent.split("\n").length;
       return { ok: true, output: `Wrote ${args.data.path} (${lines} lines).` };
     } catch (err) {
       return { ok: false, output: `Could not write file: ${err.message}` };
@@ -1634,8 +1830,8 @@ function getTool(name) {
 }
 
 // src/core/agent/correction.ts
-import { readFile as readFile5, readdir as readdir3 } from "fs/promises";
-import { dirname as dirname2, resolve as resolve7 } from "path";
+import { readFile as readFile6, readdir as readdir3 } from "fs/promises";
+import { dirname as dirname2, resolve as resolve8 } from "path";
 function truncationGuidance(toolName) {
   const fileHint = toolName === "write_file" || toolName === "edit_file" ? " Write large files in parts: create the file with the first chunk via write_file, then append the rest with edit_file in the next steps." : "";
   return [
@@ -1735,7 +1931,7 @@ ${text2}` : null;
 }
 async function readWorkspaceFile(workspace, path) {
   try {
-    return await readFile5(resolve7(workspace, path), "utf8");
+    return await readFile6(resolve8(workspace, path), "utf8");
   } catch {
     return null;
   }
@@ -1793,11 +1989,11 @@ async function occurrenceLines(workspace, path, search) {
   return out;
 }
 async function listNearest(workspace, path) {
-  let dir = dirname2(resolve7(workspace, path));
+  let dir = dirname2(resolve8(workspace, path));
   for (let i = 0; i < 8; i++) {
     try {
       const entries = await readdir3(dir, { withFileTypes: true });
-      const rel = dir === resolve7(workspace) ? "." : dir;
+      const rel = dir === resolve8(workspace) ? "." : dir;
       const names = entries.slice(0, 40).map((e) => e.isDirectory() ? `${e.name}/` : e.name);
       return `${rel}:
   ${names.join("  ") || "(empty)"}`;
@@ -1819,14 +2015,14 @@ function formatSchema(spec) {
 }
 
 // src/core/agent/project-context.ts
-import { readFile as readFile6 } from "fs/promises";
+import { readFile as readFile7 } from "fs/promises";
 import { join as join3 } from "path";
 var INSTRUCTION_FILES = [join3(".poly", "agents.md"), "AGENTS.md"];
 var MAX_CHARS2 = 8e3;
 async function loadProjectInstructions(workspace) {
   for (const rel of INSTRUCTION_FILES) {
     try {
-      const raw = (await readFile6(join3(workspace, rel), "utf8")).trim();
+      const raw = (await readFile7(join3(workspace, rel), "utf8")).trim();
       if (!raw) continue;
       return raw.length > MAX_CHARS2 ? raw.slice(0, MAX_CHARS2) + "\n\u2026(truncated)" : raw;
     } catch {
@@ -1987,8 +2183,8 @@ ${guidance}`;
 }
 
 // src/core/context/mentions.ts
-import { readdir as readdir4, readFile as readFile7, stat as stat2 } from "fs/promises";
-import { resolve as resolve8 } from "path";
+import { readdir as readdir4, readFile as readFile8, stat as stat2 } from "fs/promises";
+import { resolve as resolve9 } from "path";
 var MAX_FILE_CHARS = 1e4;
 var MENTION_RE = /(?:^|\s)@([\w./-]+)/g;
 async function resolveMentions(task, policy) {
@@ -2004,7 +2200,7 @@ async function resolveMentions(task, policy) {
 ${t("mentions.notFound", { path: token })}`);
       continue;
     }
-    const abs = resolve8(policy.workspace, token);
+    const abs = resolve9(policy.workspace, token);
     try {
       const info = await stat2(abs);
       if (info.isDirectory()) {
@@ -2014,7 +2210,7 @@ ${t("mentions.notFound", { path: token })}`);
 ${listing || "(empty)"}`);
         injected.push(decision.rel);
       } else {
-        const raw = await readFile7(abs, "utf8");
+        const raw = await readFile8(abs, "utf8");
         const content = raw.length > MAX_FILE_CHARS ? raw.slice(0, MAX_FILE_CHARS) + "\n\u2026[truncated]" : raw;
         blocks.push(`## @${decision.rel}
 \`\`\`
@@ -2728,10 +2924,10 @@ async function readLineTTY(prompt) {
   stdin.resume();
   stdin.on("data", onData);
   try {
-    const line = await new Promise((resolve10) => {
-      rl.question(prompt).then(resolve10, () => resolve10(null));
-      rl.on("SIGINT", () => resolve10(null));
-      rl.on("close", () => resolve10(null));
+    const line = await new Promise((resolve11) => {
+      rl.question(prompt).then(resolve11, () => resolve11(null));
+      rl.on("SIGINT", () => resolve11(null));
+      rl.on("close", () => resolve11(null));
     });
     return line === null ? null : store.expand(line);
   } finally {
@@ -3483,11 +3679,39 @@ function listenForCancel(controller) {
   return { pause: detach, resume: attach, dispose: detach };
 }
 async function confirmAction(req) {
+  if (req.kind === "write" && req.hunks && req.hunks.length > 0) {
+    renderDiff(req.hunks);
+    const options = [
+      { value: "approve", label: t("review.approveAll") },
+      { value: "reject", label: t("review.reject") },
+      ...req.hunks.length > 1 ? [{ value: "hunks", label: t("review.pickHunks") }] : []
+    ];
+    const choice = await p2.select({ message: t("run.confirm", { summary: req.summary }), options });
+    if (p2.isCancel(choice) || choice === "reject") return false;
+    if (choice === "approve") return true;
+    const selected = await p2.multiselect({
+      message: t("review.selectHunks"),
+      options: req.hunks.map((h, i) => ({ value: i, label: hunkLabel(h) })),
+      required: false
+    });
+    if (p2.isCancel(selected)) return false;
+    return selected;
+  }
   if (req.preview) console.log(pc8.dim(req.preview));
   const answer = await p2.confirm({ message: t("run.confirm", { summary: req.summary }) });
   if (p2.isCancel(answer)) return false;
   return answer === true;
 }
+function renderDiff(hunks) {
+  for (const h of hunks) {
+    console.log(pc8.cyan(`@@ -${h.oldStart + 1},${h.oldCount} +${h.newStart + 1},${h.newCount} @@`));
+    for (const l of h.lines) {
+      if (l.type === "+") console.log(pc8.green(`+${l.text}`));
+      else if (l.type === "-") console.log(pc8.red(`-${l.text}`));
+      else console.log(pc8.dim(` ${l.text}`));
+    }
+  }
+}
 function renderEvents(spinner3) {
   return {
     onStep() {
@@ -3876,7 +4100,7 @@ async function resolveOpenRouterKey() {
 }
 
 // src/cli/commands/prd.ts
-import { writeFile as writeFile5, readFile as readFile8 } from "fs/promises";
+import { writeFile as writeFile5, readFile as readFile9 } from "fs/promises";
 import { execFile } from "child_process";
 import { promisify as promisify2 } from "util";
 import pc11 from "picocolors";
@@ -3968,13 +4192,13 @@ async function withRetry(fn, opts = {}) {
 
 // src/cli/commands/cli-io.ts
 import { readFileSync, existsSync as existsSync2 } from "fs";
-import { resolve as resolve9 } from "path";
+import { resolve as resolve10 } from "path";
 var GUIDE_MAX = 12e3;
 function readProjectGuide(files) {
   const parts = [];
   for (const file of files) {
     try {
-      const path = resolve9(process.cwd(), file);
+      const path = resolve10(process.cwd(), file);
       if (existsSync2(path)) parts.push(`# ${file}
 ${readFileSync(path, "utf8").trim()}`);
     } catch {
@@ -4015,7 +4239,7 @@ async function prd(issueRef, opts) {
 }
 async function loadIssue(issueRef, input) {
   if (input) {
-    const raw = input === "-" ? await readStdin() : await readFile8(input, "utf8");
+    const raw = input === "-" ? await readStdin() : await readFile9(input, "utf8");
     return normalize2(JSON.parse(stripBom(raw)));
   }
   const num = numericRef(issueRef);
@@ -4034,7 +4258,7 @@ function normalize2(raw) {
 }
 
 // src/cli/commands/review.ts
-import { writeFile as writeFile6, readFile as readFile9 } from "fs/promises";
+import { writeFile as writeFile6, readFile as readFile10 } from "fs/promises";
 import { execFile as execFile2 } from "child_process";
 import { promisify as promisify3 } from "util";
 import pc12 from "picocolors";
@@ -4110,7 +4334,7 @@ async function review(prRef, opts) {
   }
 }
 async function loadDiff(num, input) {
-  if (input) return input === "-" ? readStdin() : readFile9(input, "utf8");
+  if (input) return input === "-" ? readStdin() : readFile10(input, "utf8");
   const { stdout: stdout2 } = await exec3("gh", ["pr", "diff", num]);
   return stdout2;
 }