@pugi/cli 0.1.0-alpha.9 → 0.1.0-beta.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +33 -0
- package/THIRD_PARTY_NOTICES.md +40 -0
- package/assets/pugi-mascot.ansi +16 -0
- package/dist/commands/deploy.js +439 -0
- package/dist/core/agents/loader.js +104 -0
- package/dist/core/agents/registry.js +1 -1
- package/dist/core/consensus/anvil-fanout.js +276 -0
- package/dist/core/consensus/diff-capture.js +382 -0
- package/dist/core/consensus/rubric.js +233 -0
- package/dist/core/context/index.js +21 -0
- package/dist/core/context/pugiignore.js +316 -0
- package/dist/core/context/repo-skeleton.js +533 -0
- package/dist/core/context/watcher.js +342 -0
- package/dist/core/context/working-set.js +165 -0
- package/dist/core/edits/dispatch.js +185 -0
- package/dist/core/edits/index.js +15 -0
- package/dist/core/edits/layer-a-apply.js +217 -0
- package/dist/core/edits/layer-b-apply.js +211 -0
- package/dist/core/edits/layer-c-apply.js +160 -0
- package/dist/core/edits/layer-d-ast.js +29 -0
- package/dist/core/edits/marker-parser.js +401 -0
- package/dist/core/edits/security-gate.js +223 -0
- package/dist/core/edits/worktree.js +322 -0
- package/dist/core/engine/native-pugi.js +6 -1
- package/dist/core/engine/prompts.js +8 -0
- package/dist/core/engine/tool-bridge.js +33 -1
- package/dist/core/lsp/client.js +719 -0
- package/dist/core/repl/ask.js +512 -0
- package/dist/core/repl/cancellation.js +98 -0
- package/dist/core/repl/dispatch-fsm.js +220 -0
- package/dist/core/repl/privacy-banner.js +71 -0
- package/dist/core/repl/session.js +1908 -13
- package/dist/core/repl/slash-commands.js +92 -32
- package/dist/core/repl/store/index.js +12 -0
- package/dist/core/repl/store/jsonl-log.js +321 -0
- package/dist/core/repl/store/lockfile.js +155 -0
- package/dist/core/repl/store/session-store.js +792 -0
- package/dist/core/repl/store/types.js +44 -0
- package/dist/core/repl/store/uuid-v7.js +68 -0
- package/dist/core/repl/workspace-context.js +72 -1
- package/dist/core/skills/defaults.js +457 -0
- package/dist/core/skills/loader.js +454 -0
- package/dist/core/skills/sources.js +480 -0
- package/dist/core/skills/trust.js +172 -0
- package/dist/runtime/cli.js +998 -12
- package/dist/runtime/commands/agents.js +385 -0
- package/dist/runtime/commands/config.js +338 -8
- package/dist/runtime/commands/delegate.js +289 -0
- package/dist/runtime/commands/lsp.js +206 -0
- package/dist/runtime/commands/patch.js +128 -0
- package/dist/runtime/commands/review-consensus.js +399 -0
- package/dist/runtime/commands/roster.js +117 -0
- package/dist/runtime/commands/skills.js +401 -0
- package/dist/runtime/commands/worktree.js +177 -0
- package/dist/runtime/plan-decompose.js +531 -0
- package/dist/tools/apply-patch.js +495 -0
- package/dist/tools/file-tools.js +90 -0
- package/dist/tools/lsp-tools.js +189 -0
- package/dist/tools/registry.js +26 -0
- package/dist/tools/web-fetch.js +1 -1
- package/dist/tui/agent-tree-pane.js +9 -0
- package/dist/tui/ask-cli.js +52 -0
- package/dist/tui/ask-modal.js +211 -0
- package/dist/tui/conversation-pane.js +48 -3
- package/dist/tui/input-box.js +48 -5
- package/dist/tui/markdown-render.js +266 -0
- package/dist/tui/repl-render.js +319 -3
- package/dist/tui/repl-splash-mascot.js +130 -0
- package/dist/tui/repl-splash.js +7 -1
- package/dist/tui/repl.js +96 -12
- package/dist/tui/status-bar.js +63 -3
- package/dist/tui/tool-stream-pane.js +91 -0
- package/docs/examples/codegraph.mcp.json +10 -0
- package/package.json +14 -6
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* REPL slash command registry
|
|
2
|
+
* REPL slash command registry - Sprint α5.7, expanded α6.14 wave 2.
|
|
3
3
|
*
|
|
4
4
|
* The REPL input box surfaces a palette of slash commands the operator
|
|
5
5
|
* can run from inside a persistent session. The wave-2 expansion (CEO
|
|
@@ -15,44 +15,35 @@
|
|
|
15
15
|
*
|
|
16
16
|
* Tiering (per CEO wave-2 spec):
|
|
17
17
|
*
|
|
18
|
-
* Tier 1
|
|
18
|
+
* Tier 1 - wired against real state (3 + existing 6 = 9 wired):
|
|
19
19
|
* brief, agents, stop, help, quit, web, clear, version, jobs.
|
|
20
20
|
*
|
|
21
|
-
* Tier 2
|
|
21
|
+
* Tier 2 - best-effort wiring against existing surfaces (3):
|
|
22
22
|
* diff, cost, status.
|
|
23
23
|
*
|
|
24
|
-
* Tier 3
|
|
24
|
+
* Tier 3 - deterministic stubs ("coming in αX.Y") (8):
|
|
25
25
|
* compact, resume, memory, config, privacy, budget, mcp, undo.
|
|
26
26
|
*
|
|
27
27
|
* Brand voice (brandbook §08): power words `brief / dispatch / stop /
|
|
28
28
|
* agents / quit / shipped`. Tagline `Brief it. It ships.` reserved for
|
|
29
|
-
* `/quit` confirmation and `/help` footer
|
|
29
|
+
* `/quit` confirmation and `/help` footer - never inline.
|
|
30
30
|
*/
|
|
31
31
|
import { listRoles } from '../agents/registry.js';
|
|
32
32
|
/**
|
|
33
33
|
* Deterministic stub copy returned by the Tier 3 commands. Spec'd
|
|
34
34
|
* inline so the unit test can pin the exact text without poking at
|
|
35
35
|
* the help overlay. The version tag at the end maps to the sprint we
|
|
36
|
-
* intend to land the real wiring in.
|
|
36
|
+
* intend to land the real wiring in. Keyed by StubSlashCommandName
|
|
37
|
+
* (not the full SlashCommandName union) so wired commands cannot
|
|
38
|
+
* silently appear here with empty placeholders.
|
|
37
39
|
*/
|
|
38
40
|
export const SLASH_STUB_MESSAGES = Object.freeze({
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
stop: '',
|
|
42
|
-
help: '',
|
|
43
|
-
quit: '',
|
|
44
|
-
web: '',
|
|
45
|
-
clear: '',
|
|
46
|
-
version: '',
|
|
47
|
-
jobs: '',
|
|
48
|
-
diff: '',
|
|
49
|
-
cost: '',
|
|
50
|
-
status: '',
|
|
51
|
-
compact: 'Manual context compaction lands in α6.5.',
|
|
52
|
-
resume: 'Resume last session lands in α6.4 once SQLite session.db lands.',
|
|
53
|
-
memory: 'Session memory editor lands in α6.5.',
|
|
41
|
+
compact: 'Manual context compaction lands in α6.5b.',
|
|
42
|
+
memory: 'Session memory editor lands in α6.5b.',
|
|
54
43
|
config: 'Run `pugi config list` from a fresh shell for the full surface; in-REPL editor lands in α6.5.',
|
|
55
|
-
|
|
44
|
+
// alpha 6.13: /privacy graduated from stub; nothing reads this at
|
|
45
|
+
// runtime but the type record stays exhaustive.
|
|
46
|
+
privacy: '',
|
|
56
47
|
budget: 'Run `pugi budget` from a fresh shell; in-REPL summary lands in α6.5.',
|
|
57
48
|
mcp: 'Run `pugi config mcp list` from a fresh shell; in-REPL palette lands in α6.5.',
|
|
58
49
|
undo: 'Run `pugi undo` from a fresh shell; in-REPL undo lands in α6.5.',
|
|
@@ -61,21 +52,25 @@ export const SLASH_COMMAND_HELP = Object.freeze([
|
|
|
61
52
|
// Workforce dispatch
|
|
62
53
|
{ name: 'brief', args: '<text>', gloss: 'Dispatch a brief to the workforce', group: 'Workforce dispatch' },
|
|
63
54
|
{ name: 'agents', args: '', gloss: 'List the on-watch agent roster', group: 'Workforce dispatch' },
|
|
55
|
+
{ name: 'delegate', args: '<slug> <brief>', gloss: 'Dispatch a brief to one Tier 1 specialist (α7.5)', group: 'Workforce dispatch' },
|
|
64
56
|
{ name: 'stop', args: '<persona>', gloss: 'Stop one agent by persona slug', group: 'Workforce dispatch' },
|
|
65
57
|
{ name: 'jobs', args: '', gloss: 'List background jobs', group: 'Workforce dispatch' },
|
|
58
|
+
{ name: 'ask', args: '<question>', gloss: 'Surface a yes/no modal locally (α6.3 forcing question)', group: 'Workforce dispatch' },
|
|
66
59
|
// Session
|
|
67
60
|
{ name: 'clear', args: '', gloss: 'Clear conversation pane', group: 'Session' },
|
|
68
|
-
{ name: 'resume', args: '', gloss: '
|
|
69
|
-
{ name: '
|
|
70
|
-
{ name: '
|
|
61
|
+
{ name: 'resume', args: '', gloss: 'Pick a stored session to restore', group: 'Session' },
|
|
62
|
+
{ name: 'context', args: '', gloss: 'Show three-tier context summary (Tier 0 skeleton + Tier 1 working set)', group: 'Session' },
|
|
63
|
+
{ name: 'compact', args: '', gloss: 'Manual context compaction (α6.5b)', group: 'Session', stub: true },
|
|
64
|
+
{ name: 'memory', args: '', gloss: 'Session memory editor (α6.5b)', group: 'Session', stub: true },
|
|
71
65
|
// Pugi tools
|
|
72
66
|
{ name: 'web', args: '<url>', gloss: 'Fetch a URL into context', group: 'Pugi tools' },
|
|
73
67
|
{ name: 'diff', args: '', gloss: 'Show pending diff', group: 'Pugi tools' },
|
|
74
68
|
{ name: 'cost', args: '', gloss: 'Token usage + budget', group: 'Pugi tools' },
|
|
75
69
|
{ name: 'status', args: '', gloss: 'Backend + tenant status', group: 'Pugi tools' },
|
|
70
|
+
{ name: 'consensus', args: '[ref]', gloss: '3-model consensus review (codex · claude · deepseek)', group: 'Pugi tools' },
|
|
76
71
|
// Settings
|
|
77
72
|
{ name: 'config', args: '', gloss: 'Show config', group: 'Settings', stub: true },
|
|
78
|
-
{ name: 'privacy', args: '', gloss: 'Show privacy mode', group: 'Settings'
|
|
73
|
+
{ name: 'privacy', args: '', gloss: 'Show privacy mode + contract', group: 'Settings' },
|
|
79
74
|
{ name: 'budget', args: '', gloss: 'Show usage budget', group: 'Settings', stub: true },
|
|
80
75
|
{ name: 'mcp', args: '', gloss: 'List MCP servers', group: 'Settings', stub: true },
|
|
81
76
|
{ name: 'undo', args: '', gloss: 'Undo last write', group: 'Settings', stub: true },
|
|
@@ -101,7 +96,7 @@ export const SLASH_COMMAND_GROUPS = Object.freeze([
|
|
|
101
96
|
* - Empty / whitespace-only input returns `noop` with the original
|
|
102
97
|
* text so the REPL can ignore it without printing anything.
|
|
103
98
|
* - Input that does not start with `/` is treated as an implicit
|
|
104
|
-
* `/brief <text>`
|
|
99
|
+
* `/brief <text>` - the most-common operator action.
|
|
105
100
|
* - `/<name> [args]` resolves the name against the registry; unknown
|
|
106
101
|
* names return `error` so the REPL can render a one-line tip
|
|
107
102
|
* instead of silently dropping the input.
|
|
@@ -109,7 +104,7 @@ export const SLASH_COMMAND_GROUPS = Object.freeze([
|
|
|
109
104
|
* can render the deterministic "coming in αX.Y" copy uniformly.
|
|
110
105
|
*
|
|
111
106
|
* The function never throws. Bad input maps to a structured result the
|
|
112
|
-
* REPL can render
|
|
107
|
+
* REPL can render - the alternative (throwing from a keystroke handler)
|
|
113
108
|
* would unmount Ink mid-frame.
|
|
114
109
|
*/
|
|
115
110
|
export function parseSlashCommand(input) {
|
|
@@ -141,6 +136,38 @@ export function parseSlashCommand(input) {
|
|
|
141
136
|
case 'roster': {
|
|
142
137
|
return { kind: 'roster' };
|
|
143
138
|
}
|
|
139
|
+
case 'delegate': {
|
|
140
|
+
// tail must start with the persona slug followed by the brief.
|
|
141
|
+
// Slug accepts only the closed-set lowercase ASCII pattern the
|
|
142
|
+
// server-side persona registry enforces; anything else surfaces
|
|
143
|
+
// as a usage error so the operator sees the typo before the
|
|
144
|
+
// round-trip.
|
|
145
|
+
const innerSpace = tail.indexOf(' ');
|
|
146
|
+
if (innerSpace === -1 || innerSpace === 0) {
|
|
147
|
+
return {
|
|
148
|
+
kind: 'error',
|
|
149
|
+
message: 'Usage: /delegate <slug> <one-sentence brief>',
|
|
150
|
+
};
|
|
151
|
+
}
|
|
152
|
+
const persona = tail.slice(0, innerSpace).toLowerCase();
|
|
153
|
+
const brief = tail.slice(innerSpace + 1).trim();
|
|
154
|
+
// Pattern intentionally mirrors server-side PUGI_DELEGATE_REGEX in
|
|
155
|
+
// sessions.controller.ts (^[a-z]+$). Keeping them lockstep means
|
|
156
|
+
// the REPL surfaces typos locally instead of round-tripping a 4xx.
|
|
157
|
+
if (!/^[a-z]+$/.test(persona)) {
|
|
158
|
+
return {
|
|
159
|
+
kind: 'error',
|
|
160
|
+
message: `/delegate slug must be lowercase ASCII (a-z only); got '${persona}'`,
|
|
161
|
+
};
|
|
162
|
+
}
|
|
163
|
+
if (brief.length === 0) {
|
|
164
|
+
return {
|
|
165
|
+
kind: 'error',
|
|
166
|
+
message: 'Usage: /delegate <slug> <one-sentence brief>',
|
|
167
|
+
};
|
|
168
|
+
}
|
|
169
|
+
return { kind: 'delegate', persona, brief };
|
|
170
|
+
}
|
|
144
171
|
case 'stop':
|
|
145
172
|
case 'kill': {
|
|
146
173
|
if (tail.length === 0) {
|
|
@@ -178,6 +205,12 @@ export function parseSlashCommand(input) {
|
|
|
178
205
|
case 'jobs': {
|
|
179
206
|
return { kind: 'jobs' };
|
|
180
207
|
}
|
|
208
|
+
case 'ask': {
|
|
209
|
+
if (tail.length === 0) {
|
|
210
|
+
return { kind: 'error', message: 'Usage: /ask <question>' };
|
|
211
|
+
}
|
|
212
|
+
return { kind: 'ask', question: tail };
|
|
213
|
+
}
|
|
181
214
|
case 'diff': {
|
|
182
215
|
return { kind: 'diff' };
|
|
183
216
|
}
|
|
@@ -187,18 +220,45 @@ export function parseSlashCommand(input) {
|
|
|
187
220
|
case 'status': {
|
|
188
221
|
return { kind: 'status' };
|
|
189
222
|
}
|
|
223
|
+
case 'consensus':
|
|
224
|
+
case 'review-consensus': {
|
|
225
|
+
// Optional argument: a ref string forwarded verbatim to the
|
|
226
|
+
// consensus diff-capture (`HEAD~1`, `--pr 123`, etc). Empty tail
|
|
227
|
+
// means "default base ref".
|
|
228
|
+
return { kind: 'consensus', ref: tail };
|
|
229
|
+
}
|
|
230
|
+
case 'resume': {
|
|
231
|
+
// α6.4: wired against the local SessionStore. The REPL session
|
|
232
|
+
// owns the picker UI (Ink select over the 10 most recent rows)
|
|
233
|
+
// so the slash-command layer stays UI-agnostic.
|
|
234
|
+
return { kind: 'resume' };
|
|
235
|
+
}
|
|
236
|
+
case 'context':
|
|
237
|
+
case 'ctx': {
|
|
238
|
+
// α6.5: surface Tier 0 + Tier 1 status. The session module
|
|
239
|
+
// renders the summary as system lines so the operator can see
|
|
240
|
+
// skeleton size + working-set utilisation at a glance.
|
|
241
|
+
return { kind: 'context' };
|
|
242
|
+
}
|
|
243
|
+
case 'privacy': {
|
|
244
|
+
// alpha 6.13: real handler - the session module prints the
|
|
245
|
+
// contract doc + the current mode banner. Tail is ignored (no
|
|
246
|
+
// sub-commands today; mode flips go through
|
|
247
|
+
// `pugi config set privacy=<mode>` from a fresh shell so the
|
|
248
|
+
// device flow + audit identity are wired correctly).
|
|
249
|
+
return { kind: 'privacy' };
|
|
250
|
+
}
|
|
190
251
|
case 'compact':
|
|
191
|
-
case 'resume':
|
|
192
252
|
case 'memory':
|
|
193
253
|
case 'config':
|
|
194
|
-
case 'privacy':
|
|
195
254
|
case 'budget':
|
|
196
255
|
case 'mcp':
|
|
197
256
|
case 'undo': {
|
|
257
|
+
const stubName = name;
|
|
198
258
|
return {
|
|
199
259
|
kind: 'stub',
|
|
200
|
-
name:
|
|
201
|
-
message: SLASH_STUB_MESSAGES[
|
|
260
|
+
name: stubName,
|
|
261
|
+
message: SLASH_STUB_MESSAGES[stubName],
|
|
202
262
|
};
|
|
203
263
|
}
|
|
204
264
|
default: {
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Public re-exports for the SessionStore module — Sprint α6.4.
|
|
3
|
+
*
|
|
4
|
+
* Consumers (`repl/session.ts`, `runtime/cli.ts`, the `/resume`
|
|
5
|
+
* dispatcher) import from `./store/index.js` so the internal split
|
|
6
|
+
* (types / lockfile / jsonl-log / session-store / uuid-v7) can change
|
|
7
|
+
* without touching the call sites.
|
|
8
|
+
*/
|
|
9
|
+
export { SessionLockBusyError, } from './types.js';
|
|
10
|
+
export { SqliteSessionStore, SqliteSessionStoreReadOnlyView, FtsSyntaxError, resolveProjectStoreDir, } from './session-store.js';
|
|
11
|
+
export { uuidV7, uuidV7Timestamp } from './uuid-v7.js';
|
|
12
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1,321 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Append-only JSONL event log — Sprint α6.4 (PR-PUGI-CLI-SESSION-STORE).
|
|
3
|
+
*
|
|
4
|
+
* Durable truth for the session. The SQLite index is rebuildable from
|
|
5
|
+
* the JSONL; if the index is lost or corrupt, `pugi sessions --rebuild`
|
|
6
|
+
* walks every line and reconstructs the table. The JSONL is therefore
|
|
7
|
+
* the source of truth and the SQLite is the cache.
|
|
8
|
+
*
|
|
9
|
+
* File layout per session directory:
|
|
10
|
+
*
|
|
11
|
+
* <sessionDir>/events.0.jsonl active rotation file
|
|
12
|
+
* <sessionDir>/events.1.jsonl previous rotation, oldest event first
|
|
13
|
+
* <sessionDir>/events.2.jsonl older still
|
|
14
|
+
* ...
|
|
15
|
+
*
|
|
16
|
+
* Rotation threshold is 50 MB per spec §4.2 must-ship #2. When the
|
|
17
|
+
* active file exceeds the threshold AFTER a write, we close it, rename
|
|
18
|
+
* it to the next numbered slot, and resume appending to a fresh
|
|
19
|
+
* `events.0.jsonl`. The reader stitches across files in REVERSE numeric
|
|
20
|
+
* order so the on-disk order is preserved.
|
|
21
|
+
*
|
|
22
|
+
* Crash safety:
|
|
23
|
+
*
|
|
24
|
+
* - Each write is a single `appendFileSync` of `JSON.stringify(event)\n`.
|
|
25
|
+
* On Linux/macOS, append-mode writes of bytes < PIPE_BUF (4096) are
|
|
26
|
+
* atomic with respect to other appends. Our events are well under
|
|
27
|
+
* 4 KB so the OS guarantees per-line atomicity even if two
|
|
28
|
+
* processes hold append fds (the lockfile already prevents that,
|
|
29
|
+
* but defence-in-depth).
|
|
30
|
+
* - After each write we call `fsync(fd)` so the bytes are durable
|
|
31
|
+
* against power loss / kernel panic. Slow but correct — the
|
|
32
|
+
* conversation-flow path is throughput-bound by the LLM, not by
|
|
33
|
+
* the disk, so a few hundred extra microseconds per event is
|
|
34
|
+
* invisible to the operator.
|
|
35
|
+
* - On reopen we walk every line and drop any that fail JSON parse.
|
|
36
|
+
* A crash mid-write leaves a truncated tail; we treat it as
|
|
37
|
+
* "event was never written" and continue from there. The next
|
|
38
|
+
* write may overlap with the truncated bytes; that is acceptable
|
|
39
|
+
* because the truncated line is invalid JSON either way and the
|
|
40
|
+
* reader is already designed to skip it.
|
|
41
|
+
*/
|
|
42
|
+
import { closeSync, existsSync, fsyncSync, mkdirSync, openSync, readdirSync, readFileSync, renameSync, statSync, writeSync, } from 'node:fs';
|
|
43
|
+
import { resolve } from 'node:path';
|
|
44
|
+
/**
|
|
45
|
+
* Rotate the active JSONL file when its size exceeds this threshold.
|
|
46
|
+
* Picked per spec §4.2. Operators can override via the
|
|
47
|
+
* `PUGI_SESSION_LOG_ROTATE_BYTES` env so heavy-traffic dogfooding can
|
|
48
|
+
* keep more events in the active file before rotation.
|
|
49
|
+
*/
|
|
50
|
+
const DEFAULT_ROTATE_BYTES = 50 * 1024 * 1024;
|
|
51
|
+
/**
|
|
52
|
+
* Active JSONL filename. The store opens fd against this path; the
|
|
53
|
+
* reader stitches across `events.<n>.jsonl` for n > 0.
|
|
54
|
+
*/
|
|
55
|
+
const ACTIVE_FILE = 'events.0.jsonl';
|
|
56
|
+
/**
|
|
57
|
+
* Append-only writer + reader for one session's JSONL log. The writer
|
|
58
|
+
* keeps a fd open for the lifetime of the session so each append
|
|
59
|
+
* avoids a fresh syscall pair; the fd is reopened transparently on
|
|
60
|
+
* rotation. `close()` releases the fd and is idempotent.
|
|
61
|
+
*/
|
|
62
|
+
export class JsonlEventLog {
|
|
63
|
+
sessionDir;
|
|
64
|
+
rotateBytes;
|
|
65
|
+
activeFd = null;
|
|
66
|
+
activeBytes = 0;
|
|
67
|
+
constructor(opts) {
|
|
68
|
+
this.sessionDir = opts.sessionDir;
|
|
69
|
+
this.rotateBytes =
|
|
70
|
+
opts.rotateBytes
|
|
71
|
+
?? readEnvInt('PUGI_SESSION_LOG_ROTATE_BYTES')
|
|
72
|
+
?? DEFAULT_ROTATE_BYTES;
|
|
73
|
+
mkdirSync(this.sessionDir, { recursive: true, mode: 0o700 });
|
|
74
|
+
}
|
|
75
|
+
/**
|
|
76
|
+
* Append one event. Returns the on-disk byte length written so the
|
|
77
|
+
* caller can budget without re-stat()-ing the file. The write is
|
|
78
|
+
* fsynced before this call returns.
|
|
79
|
+
*
|
|
80
|
+
* Rotation runs AFTER the event is durable. A rotation failure does
|
|
81
|
+
* NOT roll back the write — the event is already on disk. The error
|
|
82
|
+
* is surfaced to the caller so the operator knows the rotation
|
|
83
|
+
* threshold was tripped but the underlying filesystem refused the
|
|
84
|
+
* rename (EPERM / EXDEV / ENOSPC during rename). The next append
|
|
85
|
+
* will attempt rotation again from a fresh ensureFd().
|
|
86
|
+
*/
|
|
87
|
+
append(event) {
|
|
88
|
+
const line = `${JSON.stringify(event)}\n`;
|
|
89
|
+
const fd = this.ensureFd();
|
|
90
|
+
const bytes = Buffer.byteLength(line, 'utf8');
|
|
91
|
+
writeSync(fd, line, null, 'utf8');
|
|
92
|
+
fsyncSync(fd);
|
|
93
|
+
this.activeBytes += bytes;
|
|
94
|
+
if (this.activeBytes >= this.rotateBytes) {
|
|
95
|
+
this.rotate();
|
|
96
|
+
}
|
|
97
|
+
return bytes;
|
|
98
|
+
}
|
|
99
|
+
/**
|
|
100
|
+
* Load events in insertion order. Stitches across rotation files in
|
|
101
|
+
* REVERSE numeric order (events.N.jsonl ... events.0.jsonl) so the
|
|
102
|
+
* returned stream is oldest-first.
|
|
103
|
+
*
|
|
104
|
+
* `fromOffset` skips the first N events from the stitched stream;
|
|
105
|
+
* `limit` caps the returned count. Defaults: return all events.
|
|
106
|
+
*/
|
|
107
|
+
read(opts) {
|
|
108
|
+
const files = this.discoverRotationFiles();
|
|
109
|
+
// Reverse numeric order so events.N.jsonl (oldest) is read first.
|
|
110
|
+
const ordered = files.slice().sort((a, b) => b.index - a.index);
|
|
111
|
+
const fromOffset = Math.max(0, opts?.fromOffset ?? 0);
|
|
112
|
+
const limit = clampLimit(opts?.limit ?? Number.MAX_SAFE_INTEGER);
|
|
113
|
+
const out = [];
|
|
114
|
+
let skipped = 0;
|
|
115
|
+
for (const file of ordered) {
|
|
116
|
+
const raw = safeReadText(file.path);
|
|
117
|
+
if (raw.length === 0)
|
|
118
|
+
continue;
|
|
119
|
+
for (const line of raw.split('\n')) {
|
|
120
|
+
const trimmed = line.trim();
|
|
121
|
+
if (trimmed.length === 0)
|
|
122
|
+
continue;
|
|
123
|
+
const parsed = safeParseEvent(trimmed);
|
|
124
|
+
if (!parsed)
|
|
125
|
+
continue;
|
|
126
|
+
if (skipped < fromOffset) {
|
|
127
|
+
skipped += 1;
|
|
128
|
+
continue;
|
|
129
|
+
}
|
|
130
|
+
out.push(parsed);
|
|
131
|
+
if (out.length >= limit)
|
|
132
|
+
return out;
|
|
133
|
+
}
|
|
134
|
+
}
|
|
135
|
+
return out;
|
|
136
|
+
}
|
|
137
|
+
/**
|
|
138
|
+
* Count the total events on disk (across all rotation files). Used
|
|
139
|
+
* by the SessionStore to reconcile `event_count` on the SQLite row
|
|
140
|
+
* after a crash recovery walk.
|
|
141
|
+
*/
|
|
142
|
+
countEvents() {
|
|
143
|
+
const files = this.discoverRotationFiles();
|
|
144
|
+
let total = 0;
|
|
145
|
+
for (const file of files) {
|
|
146
|
+
const raw = safeReadText(file.path);
|
|
147
|
+
if (raw.length === 0)
|
|
148
|
+
continue;
|
|
149
|
+
for (const line of raw.split('\n')) {
|
|
150
|
+
const trimmed = line.trim();
|
|
151
|
+
if (trimmed.length === 0)
|
|
152
|
+
continue;
|
|
153
|
+
if (safeParseEvent(trimmed))
|
|
154
|
+
total += 1;
|
|
155
|
+
}
|
|
156
|
+
}
|
|
157
|
+
return total;
|
|
158
|
+
}
|
|
159
|
+
/** Release the file descriptor. Idempotent. */
|
|
160
|
+
close() {
|
|
161
|
+
if (this.activeFd !== null) {
|
|
162
|
+
try {
|
|
163
|
+
fsyncSync(this.activeFd);
|
|
164
|
+
}
|
|
165
|
+
catch {
|
|
166
|
+
/* ignore — fd may have been closed elsewhere */
|
|
167
|
+
}
|
|
168
|
+
try {
|
|
169
|
+
closeSync(this.activeFd);
|
|
170
|
+
}
|
|
171
|
+
catch {
|
|
172
|
+
/* ignore */
|
|
173
|
+
}
|
|
174
|
+
this.activeFd = null;
|
|
175
|
+
}
|
|
176
|
+
}
|
|
177
|
+
ensureFd() {
|
|
178
|
+
if (this.activeFd !== null)
|
|
179
|
+
return this.activeFd;
|
|
180
|
+
const path = resolve(this.sessionDir, ACTIVE_FILE);
|
|
181
|
+
// Read the existing size BEFORE opening with 'a' — `openSync(path,
|
|
182
|
+
// 'a', ...)` creates the file when missing, which makes a post-open
|
|
183
|
+
// `existsSync` always true. If a previous rotate() failed midway
|
|
184
|
+
// and left stale bytes at this path, we want `activeBytes` to
|
|
185
|
+
// inherit the real pre-open size so the next append accounting is
|
|
186
|
+
// consistent. Without this ordering the rotate-threshold check
|
|
187
|
+
// tripped on a fresh 0-byte file holding pre-rotation bytes,
|
|
188
|
+
// causing an immediate re-rotation loop.
|
|
189
|
+
let preOpenBytes = 0;
|
|
190
|
+
try {
|
|
191
|
+
preOpenBytes = existsSync(path) ? statSync(path).size : 0;
|
|
192
|
+
}
|
|
193
|
+
catch {
|
|
194
|
+
preOpenBytes = 0;
|
|
195
|
+
}
|
|
196
|
+
// O_APPEND so concurrent appends from a future feature (e.g. an
|
|
197
|
+
// out-of-band tool process) cannot overwrite each other. The
|
|
198
|
+
// lockfile already serializes us; this is defence-in-depth.
|
|
199
|
+
this.activeFd = openSync(path, 'a', 0o600);
|
|
200
|
+
this.activeBytes = preOpenBytes;
|
|
201
|
+
return this.activeFd;
|
|
202
|
+
}
|
|
203
|
+
/**
|
|
204
|
+
* Close the active file, shift every existing rotation file's number
|
|
205
|
+
* up by one (events.N -> events.N+1), and reopen a fresh
|
|
206
|
+
* events.0.jsonl. Synchronous and rare (50 MB / few-KB events =
|
|
207
|
+
* thousands of events between rotations).
|
|
208
|
+
*
|
|
209
|
+
* A rename failure is NOT swallowed — we rethrow so the caller knows
|
|
210
|
+
* the active file is over the threshold but the data inside it is
|
|
211
|
+
* still durable (we already fsynced before invoking rotate). Without
|
|
212
|
+
* the rethrow, ensureFd() inherited the pre-rotation size on the
|
|
213
|
+
* next append and tripped an infinite re-rotation loop.
|
|
214
|
+
*/
|
|
215
|
+
rotate() {
|
|
216
|
+
this.close();
|
|
217
|
+
const files = this.discoverRotationFiles();
|
|
218
|
+
// Rename in REVERSE order so we never clobber an existing slot.
|
|
219
|
+
const ordered = files.slice().sort((a, b) => b.index - a.index);
|
|
220
|
+
const renameErrors = [];
|
|
221
|
+
for (const file of ordered) {
|
|
222
|
+
const next = resolve(this.sessionDir, `events.${file.index + 1}.jsonl`);
|
|
223
|
+
try {
|
|
224
|
+
renameSync(file.path, next);
|
|
225
|
+
}
|
|
226
|
+
catch (err) {
|
|
227
|
+
// Collect every failed rename so the caller sees the full
|
|
228
|
+
// picture instead of just the first failure. We still
|
|
229
|
+
// continue the loop: any rename that succeeds shifts at
|
|
230
|
+
// least some history out of the way.
|
|
231
|
+
renameErrors.push(err instanceof Error ? err : new Error(String(err)));
|
|
232
|
+
}
|
|
233
|
+
}
|
|
234
|
+
this.activeBytes = 0;
|
|
235
|
+
if (renameErrors.length > 0) {
|
|
236
|
+
const msg = renameErrors.map((e) => e.message).join('; ');
|
|
237
|
+
const wrapped = new Error(`JSONL rotation failed in ${this.sessionDir}: ${msg}. ` +
|
|
238
|
+
'The data already on disk is safe; the active log may exceed ' +
|
|
239
|
+
'the configured threshold until the underlying issue is fixed.');
|
|
240
|
+
// Preserve the original errors on .cause for upstream
|
|
241
|
+
// observability. Node 16.9+ supports the standard cause field.
|
|
242
|
+
wrapped.cause = renameErrors;
|
|
243
|
+
throw wrapped;
|
|
244
|
+
}
|
|
245
|
+
// Lazily reopen on next append.
|
|
246
|
+
}
|
|
247
|
+
/**
|
|
248
|
+
* Walk the session directory and return every `events.<n>.jsonl`
|
|
249
|
+
* file with its numeric index. Sort order is left to the caller.
|
|
250
|
+
*/
|
|
251
|
+
discoverRotationFiles() {
|
|
252
|
+
if (!existsSync(this.sessionDir))
|
|
253
|
+
return [];
|
|
254
|
+
let entries;
|
|
255
|
+
try {
|
|
256
|
+
entries = readdirSync(this.sessionDir);
|
|
257
|
+
}
|
|
258
|
+
catch {
|
|
259
|
+
return [];
|
|
260
|
+
}
|
|
261
|
+
const out = [];
|
|
262
|
+
for (const name of entries) {
|
|
263
|
+
const match = /^events\.(\d+)\.jsonl$/.exec(name);
|
|
264
|
+
if (!match)
|
|
265
|
+
continue;
|
|
266
|
+
const index = Number.parseInt(match[1] ?? '', 10);
|
|
267
|
+
if (!Number.isFinite(index))
|
|
268
|
+
continue;
|
|
269
|
+
out.push({ index, path: resolve(this.sessionDir, name) });
|
|
270
|
+
}
|
|
271
|
+
return out;
|
|
272
|
+
}
|
|
273
|
+
}
|
|
274
|
+
function safeReadText(path) {
|
|
275
|
+
try {
|
|
276
|
+
return readFileSync(path, 'utf8');
|
|
277
|
+
}
|
|
278
|
+
catch {
|
|
279
|
+
return '';
|
|
280
|
+
}
|
|
281
|
+
}
|
|
282
|
+
function safeParseEvent(line) {
|
|
283
|
+
try {
|
|
284
|
+
const parsed = JSON.parse(line);
|
|
285
|
+
if (typeof parsed === 'object'
|
|
286
|
+
&& parsed !== null
|
|
287
|
+
&& typeof parsed.t === 'number'
|
|
288
|
+
&& typeof parsed.kind === 'string') {
|
|
289
|
+
// `payload` may be undefined on the wire (older clients); coerce
|
|
290
|
+
// to null so the consumer never has to type-narrow `unknown |
|
|
291
|
+
// undefined`.
|
|
292
|
+
const payload = parsed.payload ?? null;
|
|
293
|
+
return {
|
|
294
|
+
t: parsed.t,
|
|
295
|
+
kind: parsed.kind,
|
|
296
|
+
payload,
|
|
297
|
+
};
|
|
298
|
+
}
|
|
299
|
+
}
|
|
300
|
+
catch {
|
|
301
|
+
/* fall through — truncated tail, JSON parse error */
|
|
302
|
+
}
|
|
303
|
+
return null;
|
|
304
|
+
}
|
|
305
|
+
function clampLimit(raw) {
|
|
306
|
+
if (!Number.isFinite(raw) || raw <= 0)
|
|
307
|
+
return 1;
|
|
308
|
+
if (raw > 100000)
|
|
309
|
+
return 100000;
|
|
310
|
+
return Math.floor(raw);
|
|
311
|
+
}
|
|
312
|
+
function readEnvInt(key) {
|
|
313
|
+
const raw = process.env[key];
|
|
314
|
+
if (!raw)
|
|
315
|
+
return undefined;
|
|
316
|
+
const n = Number.parseInt(raw, 10);
|
|
317
|
+
if (!Number.isFinite(n) || n <= 0)
|
|
318
|
+
return undefined;
|
|
319
|
+
return n;
|
|
320
|
+
}
|
|
321
|
+
//# sourceMappingURL=jsonl-log.js.map
|