@pugi/cli 0.1.0-alpha.9 → 0.1.0-beta.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (74) hide show
  1. package/README.md +33 -0
  2. package/THIRD_PARTY_NOTICES.md +40 -0
  3. package/assets/pugi-mascot.ansi +16 -0
  4. package/dist/commands/deploy.js +439 -0
  5. package/dist/core/agents/loader.js +104 -0
  6. package/dist/core/agents/registry.js +1 -1
  7. package/dist/core/consensus/anvil-fanout.js +276 -0
  8. package/dist/core/consensus/diff-capture.js +382 -0
  9. package/dist/core/consensus/rubric.js +233 -0
  10. package/dist/core/context/index.js +21 -0
  11. package/dist/core/context/pugiignore.js +316 -0
  12. package/dist/core/context/repo-skeleton.js +533 -0
  13. package/dist/core/context/watcher.js +342 -0
  14. package/dist/core/context/working-set.js +165 -0
  15. package/dist/core/edits/dispatch.js +185 -0
  16. package/dist/core/edits/index.js +15 -0
  17. package/dist/core/edits/layer-a-apply.js +217 -0
  18. package/dist/core/edits/layer-b-apply.js +211 -0
  19. package/dist/core/edits/layer-c-apply.js +160 -0
  20. package/dist/core/edits/layer-d-ast.js +29 -0
  21. package/dist/core/edits/marker-parser.js +401 -0
  22. package/dist/core/edits/security-gate.js +223 -0
  23. package/dist/core/edits/worktree.js +322 -0
  24. package/dist/core/engine/native-pugi.js +6 -1
  25. package/dist/core/engine/prompts.js +8 -0
  26. package/dist/core/engine/tool-bridge.js +33 -1
  27. package/dist/core/lsp/client.js +719 -0
  28. package/dist/core/repl/ask.js +512 -0
  29. package/dist/core/repl/cancellation.js +98 -0
  30. package/dist/core/repl/dispatch-fsm.js +220 -0
  31. package/dist/core/repl/privacy-banner.js +71 -0
  32. package/dist/core/repl/session.js +1908 -13
  33. package/dist/core/repl/slash-commands.js +92 -32
  34. package/dist/core/repl/store/index.js +12 -0
  35. package/dist/core/repl/store/jsonl-log.js +321 -0
  36. package/dist/core/repl/store/lockfile.js +155 -0
  37. package/dist/core/repl/store/session-store.js +792 -0
  38. package/dist/core/repl/store/types.js +44 -0
  39. package/dist/core/repl/store/uuid-v7.js +68 -0
  40. package/dist/core/repl/workspace-context.js +72 -1
  41. package/dist/core/skills/defaults.js +457 -0
  42. package/dist/core/skills/loader.js +454 -0
  43. package/dist/core/skills/sources.js +480 -0
  44. package/dist/core/skills/trust.js +172 -0
  45. package/dist/runtime/cli.js +998 -12
  46. package/dist/runtime/commands/agents.js +385 -0
  47. package/dist/runtime/commands/config.js +338 -8
  48. package/dist/runtime/commands/delegate.js +289 -0
  49. package/dist/runtime/commands/lsp.js +206 -0
  50. package/dist/runtime/commands/patch.js +128 -0
  51. package/dist/runtime/commands/review-consensus.js +399 -0
  52. package/dist/runtime/commands/roster.js +117 -0
  53. package/dist/runtime/commands/skills.js +401 -0
  54. package/dist/runtime/commands/worktree.js +177 -0
  55. package/dist/runtime/plan-decompose.js +531 -0
  56. package/dist/tools/apply-patch.js +495 -0
  57. package/dist/tools/file-tools.js +90 -0
  58. package/dist/tools/lsp-tools.js +189 -0
  59. package/dist/tools/registry.js +26 -0
  60. package/dist/tools/web-fetch.js +1 -1
  61. package/dist/tui/agent-tree-pane.js +9 -0
  62. package/dist/tui/ask-cli.js +52 -0
  63. package/dist/tui/ask-modal.js +211 -0
  64. package/dist/tui/conversation-pane.js +48 -3
  65. package/dist/tui/input-box.js +48 -5
  66. package/dist/tui/markdown-render.js +266 -0
  67. package/dist/tui/repl-render.js +319 -3
  68. package/dist/tui/repl-splash-mascot.js +130 -0
  69. package/dist/tui/repl-splash.js +7 -1
  70. package/dist/tui/repl.js +96 -12
  71. package/dist/tui/status-bar.js +63 -3
  72. package/dist/tui/tool-stream-pane.js +91 -0
  73. package/docs/examples/codegraph.mcp.json +10 -0
  74. package/package.json +14 -6
@@ -0,0 +1,233 @@
1
+ /**
2
+ * Consensus rubric — `pugi review --consensus` (α6.7).
3
+ *
4
+ * Three independent reviewers (Codex / Claude / DeepSeek) produce findings
5
+ * tagged `[P0]` / `[P1]` / `[P2]` / `[P3]`. The rubric translates the per-
6
+ * reviewer severity vector into one of `PASS` / `WARN` / `BLOCK`.
7
+ *
8
+ * Rubric (verbatim from /triple-review skill + admin-api OES MCP triple_review):
9
+ *
10
+ * any reviewer reports [P0] -> BLOCK
11
+ * two or more reviewers report [P1] -> BLOCK (consensus)
12
+ * exactly one reviewer reports [P1] -> WARN (asymmetric)
13
+ * no reviewer reports [P0] or [P1] -> PASS (P2/P3 only)
14
+ * every reviewer errored -> BLOCK (no signal)
15
+ *
16
+ * The rubric never reads model text beyond the severity markers; the
17
+ * reviewer-side narrative is shown to the operator unchanged. Keeping the
18
+ * verdict deterministic + LLM-free is the entire point of the gate (CEO
19
+ * directive 2026-05-19): a model that disagrees with the rubric can be
20
+ * audited, a model that produces the verdict cannot.
21
+ */
22
+ /**
23
+ * Regex matches the `[P0]` / `[P1]` / `[P2]` / `[P3]` token at the start
24
+ * of a line OR inline. Accepts surrounding whitespace and lowercase form.
25
+ * The line-anchored `m` flag scans every line; `g` allows `matchAll`.
26
+ *
27
+ * The capture group on the digit lets `parseFindings` reconstruct the
28
+ * severity without a second regex. Square brackets are escaped because
29
+ * the JS regex engine treats `[` as a character class otherwise.
30
+ */
31
+ const SEVERITY_TOKEN = /\[\s*[Pp]([0-3])\s*\]/g;
32
+ /**
33
+ * Parse a raw reviewer text blob into structured findings.
34
+ *
35
+ * Heuristics (intentionally permissive — different models format very
36
+ * differently and a strict parser would drop signal):
37
+ *
38
+ * 1. Split the text on `[Px]` tokens, preserving the marker.
39
+ * 2. Each marker starts a new finding. The summary is the rest of the
40
+ * same line (and the next line if the first is `:` or empty after
41
+ * stripping whitespace).
42
+ * 3. Empty / whitespace-only summaries are dropped — a bare `[P1]`
43
+ * with no context cannot be acted on, and treating it as a finding
44
+ * would falsely trigger consensus.
45
+ */
46
+ export function parseFindings(raw) {
47
+ if (typeof raw !== 'string' || raw.length === 0)
48
+ return [];
49
+ const findings = [];
50
+ // Track marker positions so we can slice the summary up to the next
51
+ // marker without quadratic re-scans.
52
+ const markers = [];
53
+ // Reset lastIndex defensively — `matchAll` allocates its own iterator,
54
+ // but belt-and-braces against a future caller passing a stateful regex.
55
+ SEVERITY_TOKEN.lastIndex = 0;
56
+ for (const match of raw.matchAll(SEVERITY_TOKEN)) {
57
+ const digit = match[1] ?? '';
58
+ const severity = `P${digit}`;
59
+ markers.push({ severity, index: match.index ?? 0, matchLength: match[0].length });
60
+ }
61
+ for (let i = 0; i < markers.length; i += 1) {
62
+ const marker = markers[i];
63
+ const start = marker.index + marker.matchLength;
64
+ const end = i + 1 < markers.length ? markers[i + 1].index : raw.length;
65
+ const slice = raw.slice(start, end);
66
+ const summary = extractSummary(slice);
67
+ if (summary.length === 0)
68
+ continue;
69
+ findings.push({ severity: marker.severity, summary });
70
+ }
71
+ return findings;
72
+ }
73
+ /**
74
+ * Extract a single-line summary from the text following a severity
75
+ * marker. Trims leading colon / dash / whitespace; truncates at the
76
+ * first newline so multi-paragraph findings render as one line in the
77
+ * REPL transcript (the full reviewer text stays available in `rawContent`).
78
+ */
79
+ function extractSummary(slice) {
80
+ let cursor = 0;
81
+ while (cursor < slice.length && /[\s:\-—–]/.test(slice[cursor]))
82
+ cursor += 1;
83
+ const tail = slice.slice(cursor);
84
+ const newlineIdx = tail.search(/\r?\n/);
85
+ const oneLine = newlineIdx === -1 ? tail : tail.slice(0, newlineIdx);
86
+ return oneLine.trim();
87
+ }
88
+ /**
89
+ * Compute the highest BLOCKING severity from a finding list. Returns
90
+ * `null` when the reviewer is clean for gating purposes, i.e. either:
91
+ * - no findings at all, OR
92
+ * - only P2 / P3 findings (informational, non-blocking by rubric).
93
+ *
94
+ * `null` is the right contract for downstream tooling that gates on
95
+ * "did this reviewer flag anything that should block ship?" - the
96
+ * rubric in `aggregate` already treats P2/P3 as non-blocking, so an
97
+ * external `topSeverity === null` check matches the gate's semantics
98
+ * exactly without re-parsing the finding list.
99
+ *
100
+ * Per-finding severity is still preserved in `findings[].severity`
101
+ * for callers that want to surface P2/P3 counts in their UX.
102
+ *
103
+ * Returns the priority floor for blocking findings only: P0 > P1.
104
+ */
105
+ export function topSeverityOf(findings) {
106
+ let best = null;
107
+ for (const finding of findings) {
108
+ if (finding.severity === 'P0')
109
+ return 'P0';
110
+ if (finding.severity === 'P1')
111
+ best = 'P1';
112
+ // P2 / P3 are non-blocking by rubric -> they do NOT contribute to
113
+ // topSeverity. They remain visible via `findings[].severity` for
114
+ // operators who want to see the full breakdown.
115
+ }
116
+ return best;
117
+ }
118
+ /**
119
+ * Convenience: parse a raw reviewer text blob into a `ReviewerVerdict`.
120
+ * `errored` defaults to false; callers that detected a transport-level
121
+ * failure should set it true and pass an empty raw string.
122
+ */
123
+ export function reviewerVerdictFromRaw(reviewer, raw, errored = false) {
124
+ if (errored) {
125
+ return { reviewer, topSeverity: null, findings: [], errored: true };
126
+ }
127
+ const findings = parseFindings(raw);
128
+ return {
129
+ reviewer,
130
+ topSeverity: topSeverityOf(findings),
131
+ findings,
132
+ errored: false,
133
+ };
134
+ }
135
+ /**
136
+ * Apply the rubric to 1..N reviewer verdicts. The shape is N-aware so the
137
+ * same function handles the dev `/triple-review` 3-reviewer case AND a
138
+ * customer running with 2 reviewers (e.g. a tier that does not yet include
139
+ * DeepSeek).
140
+ */
141
+ export function aggregate(verdicts) {
142
+ const totalReviewers = verdicts.length;
143
+ const erroredReviewers = verdicts.filter((v) => v.errored).length;
144
+ // Zero reviewers = zero signal. Falling through to the no-P0/no-P1
145
+ // branch would emit a false PASS — exactly the regression flagged by
146
+ // Codex during PR #370 review. Treat empty input as BLOCK so the gate
147
+ // fails closed when the backend returns no events at all (5xx that
148
+ // somehow drained the SSE, server-side bug, dispatcher misconfig).
149
+ if (totalReviewers === 0) {
150
+ return {
151
+ verdict: 'BLOCK',
152
+ p0Count: 0,
153
+ p1Count: 0,
154
+ p1Reviewers: 0,
155
+ reasoning: 'No reviewer signal: backend returned 0 events. Fail-closed BLOCK.',
156
+ };
157
+ }
158
+ if (totalReviewers > 0 && erroredReviewers === totalReviewers) {
159
+ return {
160
+ verdict: 'BLOCK',
161
+ p0Count: 0,
162
+ p1Count: 0,
163
+ p1Reviewers: 0,
164
+ reasoning: 'Every reviewer errored: no signal. Treating as BLOCK until at least one reviewer returns.',
165
+ };
166
+ }
167
+ let p0Count = 0;
168
+ let p1Count = 0;
169
+ let p1Reviewers = 0;
170
+ for (const verdict of verdicts) {
171
+ if (verdict.errored)
172
+ continue;
173
+ const p0 = verdict.findings.filter((f) => f.severity === 'P0').length;
174
+ const p1 = verdict.findings.filter((f) => f.severity === 'P1').length;
175
+ p0Count += p0;
176
+ p1Count += p1;
177
+ if (p1 > 0)
178
+ p1Reviewers += 1;
179
+ }
180
+ if (p0Count > 0) {
181
+ return {
182
+ verdict: 'BLOCK',
183
+ p0Count,
184
+ p1Count,
185
+ p1Reviewers,
186
+ reasoning: `${p0Count}x P0 finding${p0Count === 1 ? '' : 's'}: BLOCK (any P0 fails the gate).`,
187
+ };
188
+ }
189
+ if (p1Reviewers >= 2) {
190
+ return {
191
+ verdict: 'BLOCK',
192
+ p0Count,
193
+ p1Count,
194
+ p1Reviewers,
195
+ reasoning: `${p1Reviewers} reviewers each reported P1: consensus = likely real bug, BLOCK.`,
196
+ };
197
+ }
198
+ if (p1Reviewers === 1) {
199
+ return {
200
+ verdict: 'WARN',
201
+ p0Count,
202
+ p1Count,
203
+ p1Reviewers,
204
+ reasoning: 'One reviewer reported P1: asymmetric signal, examine the disagreement before merging.',
205
+ };
206
+ }
207
+ return {
208
+ verdict: 'PASS',
209
+ p0Count,
210
+ p1Count,
211
+ p1Reviewers,
212
+ reasoning: 'No P0 or P1 findings: PASS. P2/P3 findings are non-blocking.',
213
+ };
214
+ }
215
+ /**
216
+ * Map a rubric verdict to the conventional exit code Pugi CLI uses for
217
+ * gates (spec α6.7):
218
+ *
219
+ * PASS -> 0
220
+ * WARN -> 1
221
+ * BLOCK -> 2
222
+ *
223
+ * The non-zero codes are distinct so a shell script can branch on the
224
+ * exact outcome without re-parsing stdout.
225
+ */
226
+ export function exitCodeFor(verdict) {
227
+ if (verdict === 'PASS')
228
+ return 0;
229
+ if (verdict === 'WARN')
230
+ return 1;
231
+ return 2;
232
+ }
233
+ //# sourceMappingURL=rubric.js.map
@@ -0,0 +1,21 @@
1
+ /**
2
+ * Three-tier context model - α6.5 Phase 1 barrel.
3
+ *
4
+ * Bundles the four primitives so the REPL bootstrap can import from a
5
+ * single path:
6
+ *
7
+ * import {
8
+ * loadPugiIgnore,
9
+ * buildRepoSkeleton,
10
+ * renderSkeleton,
11
+ * WorkingSet,
12
+ * PugiWatcher,
13
+ * } from '../context/index.js';
14
+ *
15
+ * No new logic lives here - just re-exports.
16
+ */
17
+ export { BASELINE_IGNORE_PATTERNS, SECRET_IGNORE_PATTERNS, globalPugiIgnorePath, loadPugiIgnore, parsePatternText, readPatternFile, workspaceGitIgnorePath, workspacePugiIgnorePath, } from './pugiignore.js';
18
+ export { COLLAPSE_DIR_ENTRIES, MAX_README_LINES, MAX_SKELETON_BYTES, MAX_TREE_DEPTH, MAX_WALK_NODES, TOP_LANGUAGES, buildRepoSkeleton, detectPackageManager, languageForExtension, readGitBranch, readPackageJson, readReadme, renderSkeleton, topLanguages, } from './repo-skeleton.js';
19
+ export { DEFAULT_WORKING_SET_CAPACITY, WorkingSet, } from './working-set.js';
20
+ export { MAX_WATCHED_PATHS, PugiWatcher, THROTTLE_WINDOW_MS, } from './watcher.js';
21
+ //# sourceMappingURL=index.js.map
@@ -0,0 +1,316 @@
1
+ /**
2
+ * `.pugiignore` parser - α6.5 Phase 1 (three-tier context).
3
+ *
4
+ * The CLI walks the workspace to build a repo skeleton and to feed the
5
+ * chokidar watcher. Both passes need a single source of truth for which
6
+ * paths are off-limits. `.pugiignore` extends (not replaces) `.gitignore`
7
+ * with Pugi-specific defaults: secret files, large binaries, build
8
+ * outputs, lockfiles.
9
+ *
10
+ * Design choices:
11
+ *
12
+ * 1. We layer four sources, last-write-wins per the .gitignore spec:
13
+ * (a) Built-in DEFAULT_IGNORE_PATTERNS - secret / binary / build
14
+ * paths every workspace should drop.
15
+ * (b) `~/.pugi/global.pugiignore` - operator-global overrides.
16
+ * (c) Repo `.gitignore` (when present) - so we don't re-walk
17
+ * node_modules / dist / etc.
18
+ * (d) Repo `.pugiignore` - workspace-local extensions.
19
+ *
20
+ * 2. The `ignore` npm package handles negation (`!path`) and nested
21
+ * directories correctly. Rolling a minimal glob matcher is doable
22
+ * but the test surface for gitignore semantics (esp. negation +
23
+ * ancestor matching) is wide enough that pulling the audited
24
+ * library is the safer call. It is already in the workspace via
25
+ * transitive deps; we add it as an explicit pugi-cli dep.
26
+ *
27
+ * 3. Privacy is defense-in-depth: even if the operator deletes the
28
+ * built-in defaults from their `.pugiignore`, we re-add the
29
+ * secret patterns at the END of the chain so a typo in user
30
+ * config cannot expose `.env` / `*.pem` / `*.key`. The user can
31
+ * explicitly negate (`!.env.example`) but cannot wipe the
32
+ * defense.
33
+ *
34
+ * 4. Paths are normalised to forward slashes (the `ignore` package
35
+ * requires POSIX-style separators even on Windows) and stripped
36
+ * of any leading workspace root so `isIgnored` answers in
37
+ * repo-relative terms.
38
+ *
39
+ * The API surface is minimal: `loadPugiIgnore(cwd)` returns a
40
+ * `PugiIgnore` matcher with `isIgnored(absPath): boolean`. The matcher
41
+ * is built once at session bootstrap and reused by the skeleton walker
42
+ * and the chokidar watcher.
43
+ */
44
+ import { existsSync, readFileSync } from 'node:fs';
45
+ import { homedir } from 'node:os';
46
+ import { relative, resolve, sep } from 'node:path';
47
+ // The `ignore` package ships as CommonJS with `module.exports = factory`
48
+ // plus a `.d.ts` that re-exports the factory as default. Under
49
+ // `module: nodenext` TypeScript treats CJS default imports as the
50
+ // `module.exports` shape, which for `ignore` IS the callable factory -
51
+ // but only when we use the namespace-default dance below. A bare
52
+ // `import ignore from 'ignore'` fails with "expression is not callable"
53
+ // because TS resolves the import to the `typeof` shape rather than the
54
+ // callable value.
55
+ import * as ignoreModule from 'ignore';
56
+ const ignoreFactory = ignoreModule.default
57
+ ?? ignoreModule;
58
+ /**
59
+ * Built-in patterns shipped with every Pugi workspace. The list is a
60
+ * conservative union of three categories:
61
+ *
62
+ * - **Secrets** (defense in depth): `.env*`, `*.pem`, `*.key`,
63
+ * `secrets/**`, `.netrc`, `id_rsa*`, `*.secret`, `credentials*`.
64
+ * These are re-applied at the END of the chain so user config
65
+ * cannot accidentally expose them.
66
+ *
67
+ * - **Build outputs / caches**: `node_modules/`, `dist/`, `build/`,
68
+ * `.next/`, `.nuxt/`, `.svelte-kit/`, `coverage/`, `.nx/`, `.cache/`,
69
+ * `.turbo/`, `.parcel-cache/`, `out/`, `.output/`, `*.tsbuildinfo`.
70
+ *
71
+ * - **Large binaries / data**: lockfiles (`*.lock`, `*-lock.json`,
72
+ * `*-lock.yaml`), images (`*.png`, `*.jpg`, `*.jpeg`, `*.gif`,
73
+ * `*.ico`), PDFs, videos, archives (`*.zip`, `*.tar`, `*.gz`),
74
+ * DB dumps (`*.sql`, `*.dump`), logs.
75
+ *
76
+ * The split between baseline patterns (applied first) and secret
77
+ * patterns (applied last) matters: a user `.pugiignore` can `!`-negate
78
+ * baseline entries (e.g. unignore a particular generated file under
79
+ * `dist/`) but cannot reach the trailing secret block. The trailing
80
+ * block is exported as `SECRET_IGNORE_PATTERNS` for tests.
81
+ */
82
+ export const BASELINE_IGNORE_PATTERNS = Object.freeze([
83
+ // VCS / Pugi state
84
+ '.git/',
85
+ '.pugi/',
86
+ '.hg/',
87
+ '.svn/',
88
+ // Build outputs / package manager caches
89
+ 'node_modules/',
90
+ '.pnpm-store/',
91
+ 'dist/',
92
+ 'build/',
93
+ 'out/',
94
+ '.output/',
95
+ '.next/',
96
+ '.nuxt/',
97
+ '.svelte-kit/',
98
+ '.astro/',
99
+ 'coverage/',
100
+ '.nyc_output/',
101
+ '.nx/',
102
+ '.turbo/',
103
+ '.parcel-cache/',
104
+ '.cache/',
105
+ '.vercel/',
106
+ '.netlify/',
107
+ '*.tsbuildinfo',
108
+ // Lockfiles - rebuilds, never agent-relevant
109
+ '*.lock',
110
+ 'package-lock.json',
111
+ 'yarn.lock',
112
+ 'pnpm-lock.yaml',
113
+ 'bun.lockb',
114
+ 'composer.lock',
115
+ 'poetry.lock',
116
+ 'Cargo.lock',
117
+ 'Gemfile.lock',
118
+ // Logs
119
+ '*.log',
120
+ 'logs/',
121
+ '.pm2/',
122
+ // Large binaries
123
+ '*.png',
124
+ '*.jpg',
125
+ '*.jpeg',
126
+ '*.gif',
127
+ '*.ico',
128
+ '*.webp',
129
+ '*.bmp',
130
+ '*.tiff',
131
+ '*.svg',
132
+ '*.pdf',
133
+ '*.mp3',
134
+ '*.mp4',
135
+ '*.mov',
136
+ '*.webm',
137
+ '*.zip',
138
+ '*.tar',
139
+ '*.tar.gz',
140
+ '*.tgz',
141
+ '*.gz',
142
+ '*.bz2',
143
+ '*.7z',
144
+ '*.rar',
145
+ '*.dmg',
146
+ '*.iso',
147
+ // DB dumps / fixtures
148
+ '*.sql',
149
+ '*.dump',
150
+ '*.sqlite',
151
+ '*.sqlite3',
152
+ '*.db',
153
+ // OS noise
154
+ '.DS_Store',
155
+ 'Thumbs.db',
156
+ ]);
157
+ /**
158
+ * Secret patterns re-applied at the END of every layered chain. Even
159
+ * if the operator deletes these from `.pugiignore` (or accidentally
160
+ * negates them with `!.env`), the trailing block restores the gate.
161
+ * This is defense-in-depth: the skeleton walker MUST NOT read
162
+ * credentials into the agent context, period.
163
+ */
164
+ export const SECRET_IGNORE_PATTERNS = Object.freeze([
165
+ '.env',
166
+ '.env.*',
167
+ '*.pem',
168
+ '*.key',
169
+ '*.crt',
170
+ '*.cert',
171
+ // X.509 cert formats - `*.cer` is the PEM-style cert extension common
172
+ // on Windows / Java keystores, `*.der` is the binary DER-encoded form
173
+ // used by Java + .NET tooling. Both can carry private keys when
174
+ // bundled (PKCS#7 / PKCS#12) and the file extension alone does not
175
+ // tell us whether the bundle includes a key. Treat as secrets by
176
+ // default. triple-review P1 (PR #380).
177
+ '*.cer',
178
+ '*.der',
179
+ '*.p12',
180
+ '*.pfx',
181
+ '*.jks',
182
+ '*.keystore',
183
+ 'secrets/**',
184
+ '.netrc',
185
+ 'id_rsa',
186
+ 'id_rsa.*',
187
+ 'id_ed25519',
188
+ 'id_ed25519.*',
189
+ '*.secret',
190
+ 'credentials',
191
+ 'credentials.json',
192
+ 'service-account*.json',
193
+ '*.kdbx',
194
+ '.aws/',
195
+ '.ssh/',
196
+ '.gnupg/',
197
+ ]);
198
+ /**
199
+ * Where the operator's global ignore file lives. Mirrors the
200
+ * `~/.gitignore_global` convention. We do NOT auto-create it; if it
201
+ * exists, we load its non-empty / non-comment lines.
202
+ */
203
+ export function globalPugiIgnorePath(home = homedir()) {
204
+ return resolve(home, '.pugi', 'global.pugiignore');
205
+ }
206
+ /** Path to the workspace `.pugiignore`. */
207
+ export function workspacePugiIgnorePath(cwd) {
208
+ return resolve(cwd, '.pugiignore');
209
+ }
210
+ /** Path to the workspace `.gitignore`. */
211
+ export function workspaceGitIgnorePath(cwd) {
212
+ return resolve(cwd, '.gitignore');
213
+ }
214
+ /**
215
+ * Load and compile the layered ignore matcher for `cwd`. The chain
216
+ * is built in this exact order so later layers override earlier ones,
217
+ * with the trailing secret block as the inviolable backstop:
218
+ *
219
+ * 1. BASELINE_IGNORE_PATTERNS (built-in defaults)
220
+ * 2. ~/.pugi/global.pugiignore (operator global, optional)
221
+ * 3. <cwd>/.gitignore (workspace, optional)
222
+ * 4. <cwd>/.pugiignore (workspace, optional)
223
+ * 5. SECRET_IGNORE_PATTERNS (defense-in-depth backstop)
224
+ *
225
+ * Any FS error reading optional files is swallowed - workspace
226
+ * context is best-effort and must never block the REPL bootstrap.
227
+ */
228
+ export function loadPugiIgnore(cwd, options = {}) {
229
+ const home = options.home ?? homedir();
230
+ const normalisedCwd = resolve(cwd);
231
+ const patterns = [];
232
+ patterns.push(...BASELINE_IGNORE_PATTERNS);
233
+ const globalPath = globalPugiIgnorePath(home);
234
+ const globalPatterns = readPatternFile(globalPath);
235
+ patterns.push(...globalPatterns);
236
+ const gitignorePath = workspaceGitIgnorePath(normalisedCwd);
237
+ const gitPatterns = readPatternFile(gitignorePath);
238
+ patterns.push(...gitPatterns);
239
+ const pugiIgnorePath = workspacePugiIgnorePath(normalisedCwd);
240
+ const pugiPatterns = readPatternFile(pugiIgnorePath);
241
+ patterns.push(...pugiPatterns);
242
+ // Secrets last so they cannot be silently negated by user config.
243
+ patterns.push(...SECRET_IGNORE_PATTERNS);
244
+ const matcher = ignoreFactory().add(patterns);
245
+ return {
246
+ cwd: normalisedCwd,
247
+ patterns: Object.freeze(patterns.slice()),
248
+ isIgnored(absPath, isDir) {
249
+ return isIgnoredImpl(matcher, normalisedCwd, absPath, isDir === true);
250
+ },
251
+ };
252
+ }
253
+ /**
254
+ * Read a `.gitignore`-shaped file and return the non-comment / non-empty
255
+ * lines. Returns `[]` on any FS error. Lines are returned verbatim - the
256
+ * `ignore` library parses leading `!`, trailing `/`, and `**` correctly
257
+ * on its own.
258
+ */
259
+ export function readPatternFile(path) {
260
+ try {
261
+ if (!existsSync(path))
262
+ return [];
263
+ const raw = readFileSync(path, 'utf8');
264
+ return parsePatternText(raw);
265
+ }
266
+ catch {
267
+ return [];
268
+ }
269
+ }
270
+ /**
271
+ * Pure parser for a `.gitignore`-shaped string. Splits on newlines,
272
+ * strips comment lines (`#`), trims whitespace, drops empty lines.
273
+ * Exported for the test suite so the chain is exercisable without a
274
+ * real filesystem.
275
+ */
276
+ export function parsePatternText(raw) {
277
+ const lines = raw.split(/\r?\n/);
278
+ const out = [];
279
+ for (const line of lines) {
280
+ const trimmed = line.trim();
281
+ if (trimmed.length === 0)
282
+ continue;
283
+ if (trimmed.startsWith('#'))
284
+ continue;
285
+ out.push(trimmed);
286
+ }
287
+ return out;
288
+ }
289
+ /**
290
+ * Normalise an absolute path to a repo-relative POSIX path, then run
291
+ * it through the `ignore` matcher. Inputs outside the workspace return
292
+ * `false` - the matcher has no opinion about paths above its root.
293
+ */
294
+ function isIgnoredImpl(matcher, cwd, absPath, isDir) {
295
+ const normalisedAbs = resolve(absPath);
296
+ if (normalisedAbs === cwd)
297
+ return false;
298
+ const rel = relative(cwd, normalisedAbs);
299
+ // Paths above the workspace root come back as `..` or `../foo`.
300
+ // The matcher has no opinion about those; treat as not-ignored.
301
+ if (rel.length === 0)
302
+ return false;
303
+ if (rel.startsWith('..'))
304
+ return false;
305
+ // `ignore` requires POSIX-style separators on every platform.
306
+ const posixRel = sep === '/' ? rel : rel.split(sep).join('/');
307
+ // Append a trailing slash for directories so gitignore-style
308
+ // dir patterns (`node_modules/`, `dist/`) match the dir itself,
309
+ // not just its children. Without this, `isIgnored('/abs/node_modules', true)`
310
+ // would return false because `ignore` only matches the child path
311
+ // shape for those patterns. See the spec for the failing case
312
+ // (skeleton walker descending into node_modules/).
313
+ const queryPath = isDir ? `${posixRel}/` : posixRel;
314
+ return matcher.ignores(queryPath);
315
+ }
316
+ //# sourceMappingURL=pugiignore.js.map