@pugi/cli 0.1.0-alpha.9 → 0.1.0-beta.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +33 -0
- package/THIRD_PARTY_NOTICES.md +40 -0
- package/assets/pugi-mascot.ansi +16 -0
- package/dist/commands/deploy.js +439 -0
- package/dist/core/agents/loader.js +104 -0
- package/dist/core/agents/registry.js +1 -1
- package/dist/core/consensus/anvil-fanout.js +276 -0
- package/dist/core/consensus/diff-capture.js +382 -0
- package/dist/core/consensus/rubric.js +233 -0
- package/dist/core/context/index.js +21 -0
- package/dist/core/context/pugiignore.js +316 -0
- package/dist/core/context/repo-skeleton.js +533 -0
- package/dist/core/context/watcher.js +342 -0
- package/dist/core/context/working-set.js +165 -0
- package/dist/core/edits/dispatch.js +185 -0
- package/dist/core/edits/index.js +15 -0
- package/dist/core/edits/layer-a-apply.js +217 -0
- package/dist/core/edits/layer-b-apply.js +211 -0
- package/dist/core/edits/layer-c-apply.js +160 -0
- package/dist/core/edits/layer-d-ast.js +29 -0
- package/dist/core/edits/marker-parser.js +401 -0
- package/dist/core/edits/security-gate.js +223 -0
- package/dist/core/edits/worktree.js +322 -0
- package/dist/core/engine/native-pugi.js +6 -1
- package/dist/core/engine/prompts.js +8 -0
- package/dist/core/engine/tool-bridge.js +33 -1
- package/dist/core/lsp/client.js +719 -0
- package/dist/core/repl/ask.js +512 -0
- package/dist/core/repl/cancellation.js +98 -0
- package/dist/core/repl/dispatch-fsm.js +220 -0
- package/dist/core/repl/privacy-banner.js +71 -0
- package/dist/core/repl/session.js +1908 -13
- package/dist/core/repl/slash-commands.js +92 -32
- package/dist/core/repl/store/index.js +12 -0
- package/dist/core/repl/store/jsonl-log.js +321 -0
- package/dist/core/repl/store/lockfile.js +155 -0
- package/dist/core/repl/store/session-store.js +792 -0
- package/dist/core/repl/store/types.js +44 -0
- package/dist/core/repl/store/uuid-v7.js +68 -0
- package/dist/core/repl/workspace-context.js +72 -1
- package/dist/core/skills/defaults.js +457 -0
- package/dist/core/skills/loader.js +454 -0
- package/dist/core/skills/sources.js +480 -0
- package/dist/core/skills/trust.js +172 -0
- package/dist/runtime/cli.js +998 -12
- package/dist/runtime/commands/agents.js +385 -0
- package/dist/runtime/commands/config.js +338 -8
- package/dist/runtime/commands/delegate.js +289 -0
- package/dist/runtime/commands/lsp.js +206 -0
- package/dist/runtime/commands/patch.js +128 -0
- package/dist/runtime/commands/review-consensus.js +399 -0
- package/dist/runtime/commands/roster.js +117 -0
- package/dist/runtime/commands/skills.js +401 -0
- package/dist/runtime/commands/worktree.js +177 -0
- package/dist/runtime/plan-decompose.js +531 -0
- package/dist/tools/apply-patch.js +495 -0
- package/dist/tools/file-tools.js +90 -0
- package/dist/tools/lsp-tools.js +189 -0
- package/dist/tools/registry.js +26 -0
- package/dist/tools/web-fetch.js +1 -1
- package/dist/tui/agent-tree-pane.js +9 -0
- package/dist/tui/ask-cli.js +52 -0
- package/dist/tui/ask-modal.js +211 -0
- package/dist/tui/conversation-pane.js +48 -3
- package/dist/tui/input-box.js +48 -5
- package/dist/tui/markdown-render.js +266 -0
- package/dist/tui/repl-render.js +319 -3
- package/dist/tui/repl-splash-mascot.js +130 -0
- package/dist/tui/repl-splash.js +7 -1
- package/dist/tui/repl.js +96 -12
- package/dist/tui/status-bar.js +63 -3
- package/dist/tui/tool-stream-pane.js +91 -0
- package/docs/examples/codegraph.mcp.json +10 -0
- package/package.json +14 -6
|
@@ -0,0 +1,233 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Consensus rubric — `pugi review --consensus` (α6.7).
|
|
3
|
+
*
|
|
4
|
+
* Three independent reviewers (Codex / Claude / DeepSeek) produce findings
|
|
5
|
+
* tagged `[P0]` / `[P1]` / `[P2]` / `[P3]`. The rubric translates the per-
|
|
6
|
+
* reviewer severity vector into one of `PASS` / `WARN` / `BLOCK`.
|
|
7
|
+
*
|
|
8
|
+
* Rubric (verbatim from /triple-review skill + admin-api OES MCP triple_review):
|
|
9
|
+
*
|
|
10
|
+
* any reviewer reports [P0] -> BLOCK
|
|
11
|
+
* two or more reviewers report [P1] -> BLOCK (consensus)
|
|
12
|
+
* exactly one reviewer reports [P1] -> WARN (asymmetric)
|
|
13
|
+
* no reviewer reports [P0] or [P1] -> PASS (P2/P3 only)
|
|
14
|
+
* every reviewer errored -> BLOCK (no signal)
|
|
15
|
+
*
|
|
16
|
+
* The rubric never reads model text beyond the severity markers; the
|
|
17
|
+
* reviewer-side narrative is shown to the operator unchanged. Keeping the
|
|
18
|
+
* verdict deterministic + LLM-free is the entire point of the gate (CEO
|
|
19
|
+
* directive 2026-05-19): a model that disagrees with the rubric can be
|
|
20
|
+
* audited, a model that produces the verdict cannot.
|
|
21
|
+
*/
|
|
22
|
+
/**
|
|
23
|
+
* Regex matches the `[P0]` / `[P1]` / `[P2]` / `[P3]` token at the start
|
|
24
|
+
* of a line OR inline. Accepts surrounding whitespace and lowercase form.
|
|
25
|
+
* The line-anchored `m` flag scans every line; `g` allows `matchAll`.
|
|
26
|
+
*
|
|
27
|
+
* The capture group on the digit lets `parseFindings` reconstruct the
|
|
28
|
+
* severity without a second regex. Square brackets are escaped because
|
|
29
|
+
* the JS regex engine treats `[` as a character class otherwise.
|
|
30
|
+
*/
|
|
31
|
+
const SEVERITY_TOKEN = /\[\s*[Pp]([0-3])\s*\]/g;
|
|
32
|
+
/**
|
|
33
|
+
* Parse a raw reviewer text blob into structured findings.
|
|
34
|
+
*
|
|
35
|
+
* Heuristics (intentionally permissive — different models format very
|
|
36
|
+
* differently and a strict parser would drop signal):
|
|
37
|
+
*
|
|
38
|
+
* 1. Split the text on `[Px]` tokens, preserving the marker.
|
|
39
|
+
* 2. Each marker starts a new finding. The summary is the rest of the
|
|
40
|
+
* same line (and the next line if the first is `:` or empty after
|
|
41
|
+
* stripping whitespace).
|
|
42
|
+
* 3. Empty / whitespace-only summaries are dropped — a bare `[P1]`
|
|
43
|
+
* with no context cannot be acted on, and treating it as a finding
|
|
44
|
+
* would falsely trigger consensus.
|
|
45
|
+
*/
|
|
46
|
+
export function parseFindings(raw) {
|
|
47
|
+
if (typeof raw !== 'string' || raw.length === 0)
|
|
48
|
+
return [];
|
|
49
|
+
const findings = [];
|
|
50
|
+
// Track marker positions so we can slice the summary up to the next
|
|
51
|
+
// marker without quadratic re-scans.
|
|
52
|
+
const markers = [];
|
|
53
|
+
// Reset lastIndex defensively — `matchAll` allocates its own iterator,
|
|
54
|
+
// but belt-and-braces against a future caller passing a stateful regex.
|
|
55
|
+
SEVERITY_TOKEN.lastIndex = 0;
|
|
56
|
+
for (const match of raw.matchAll(SEVERITY_TOKEN)) {
|
|
57
|
+
const digit = match[1] ?? '';
|
|
58
|
+
const severity = `P${digit}`;
|
|
59
|
+
markers.push({ severity, index: match.index ?? 0, matchLength: match[0].length });
|
|
60
|
+
}
|
|
61
|
+
for (let i = 0; i < markers.length; i += 1) {
|
|
62
|
+
const marker = markers[i];
|
|
63
|
+
const start = marker.index + marker.matchLength;
|
|
64
|
+
const end = i + 1 < markers.length ? markers[i + 1].index : raw.length;
|
|
65
|
+
const slice = raw.slice(start, end);
|
|
66
|
+
const summary = extractSummary(slice);
|
|
67
|
+
if (summary.length === 0)
|
|
68
|
+
continue;
|
|
69
|
+
findings.push({ severity: marker.severity, summary });
|
|
70
|
+
}
|
|
71
|
+
return findings;
|
|
72
|
+
}
|
|
73
|
+
/**
|
|
74
|
+
* Extract a single-line summary from the text following a severity
|
|
75
|
+
* marker. Trims leading colon / dash / whitespace; truncates at the
|
|
76
|
+
* first newline so multi-paragraph findings render as one line in the
|
|
77
|
+
* REPL transcript (the full reviewer text stays available in `rawContent`).
|
|
78
|
+
*/
|
|
79
|
+
function extractSummary(slice) {
|
|
80
|
+
let cursor = 0;
|
|
81
|
+
while (cursor < slice.length && /[\s:\-—–]/.test(slice[cursor]))
|
|
82
|
+
cursor += 1;
|
|
83
|
+
const tail = slice.slice(cursor);
|
|
84
|
+
const newlineIdx = tail.search(/\r?\n/);
|
|
85
|
+
const oneLine = newlineIdx === -1 ? tail : tail.slice(0, newlineIdx);
|
|
86
|
+
return oneLine.trim();
|
|
87
|
+
}
|
|
88
|
+
/**
|
|
89
|
+
* Compute the highest BLOCKING severity from a finding list. Returns
|
|
90
|
+
* `null` when the reviewer is clean for gating purposes, i.e. either:
|
|
91
|
+
* - no findings at all, OR
|
|
92
|
+
* - only P2 / P3 findings (informational, non-blocking by rubric).
|
|
93
|
+
*
|
|
94
|
+
* `null` is the right contract for downstream tooling that gates on
|
|
95
|
+
* "did this reviewer flag anything that should block ship?" - the
|
|
96
|
+
* rubric in `aggregate` already treats P2/P3 as non-blocking, so an
|
|
97
|
+
* external `topSeverity === null` check matches the gate's semantics
|
|
98
|
+
* exactly without re-parsing the finding list.
|
|
99
|
+
*
|
|
100
|
+
* Per-finding severity is still preserved in `findings[].severity`
|
|
101
|
+
* for callers that want to surface P2/P3 counts in their UX.
|
|
102
|
+
*
|
|
103
|
+
* Returns the priority floor for blocking findings only: P0 > P1.
|
|
104
|
+
*/
|
|
105
|
+
export function topSeverityOf(findings) {
|
|
106
|
+
let best = null;
|
|
107
|
+
for (const finding of findings) {
|
|
108
|
+
if (finding.severity === 'P0')
|
|
109
|
+
return 'P0';
|
|
110
|
+
if (finding.severity === 'P1')
|
|
111
|
+
best = 'P1';
|
|
112
|
+
// P2 / P3 are non-blocking by rubric -> they do NOT contribute to
|
|
113
|
+
// topSeverity. They remain visible via `findings[].severity` for
|
|
114
|
+
// operators who want to see the full breakdown.
|
|
115
|
+
}
|
|
116
|
+
return best;
|
|
117
|
+
}
|
|
118
|
+
/**
|
|
119
|
+
* Convenience: parse a raw reviewer text blob into a `ReviewerVerdict`.
|
|
120
|
+
* `errored` defaults to false; callers that detected a transport-level
|
|
121
|
+
* failure should set it true and pass an empty raw string.
|
|
122
|
+
*/
|
|
123
|
+
export function reviewerVerdictFromRaw(reviewer, raw, errored = false) {
|
|
124
|
+
if (errored) {
|
|
125
|
+
return { reviewer, topSeverity: null, findings: [], errored: true };
|
|
126
|
+
}
|
|
127
|
+
const findings = parseFindings(raw);
|
|
128
|
+
return {
|
|
129
|
+
reviewer,
|
|
130
|
+
topSeverity: topSeverityOf(findings),
|
|
131
|
+
findings,
|
|
132
|
+
errored: false,
|
|
133
|
+
};
|
|
134
|
+
}
|
|
135
|
+
/**
|
|
136
|
+
* Apply the rubric to 1..N reviewer verdicts. The shape is N-aware so the
|
|
137
|
+
* same function handles the dev `/triple-review` 3-reviewer case AND a
|
|
138
|
+
* customer running with 2 reviewers (e.g. a tier that does not yet include
|
|
139
|
+
* DeepSeek).
|
|
140
|
+
*/
|
|
141
|
+
export function aggregate(verdicts) {
|
|
142
|
+
const totalReviewers = verdicts.length;
|
|
143
|
+
const erroredReviewers = verdicts.filter((v) => v.errored).length;
|
|
144
|
+
// Zero reviewers = zero signal. Falling through to the no-P0/no-P1
|
|
145
|
+
// branch would emit a false PASS — exactly the regression flagged by
|
|
146
|
+
// Codex during PR #370 review. Treat empty input as BLOCK so the gate
|
|
147
|
+
// fails closed when the backend returns no events at all (5xx that
|
|
148
|
+
// somehow drained the SSE, server-side bug, dispatcher misconfig).
|
|
149
|
+
if (totalReviewers === 0) {
|
|
150
|
+
return {
|
|
151
|
+
verdict: 'BLOCK',
|
|
152
|
+
p0Count: 0,
|
|
153
|
+
p1Count: 0,
|
|
154
|
+
p1Reviewers: 0,
|
|
155
|
+
reasoning: 'No reviewer signal: backend returned 0 events. Fail-closed BLOCK.',
|
|
156
|
+
};
|
|
157
|
+
}
|
|
158
|
+
if (totalReviewers > 0 && erroredReviewers === totalReviewers) {
|
|
159
|
+
return {
|
|
160
|
+
verdict: 'BLOCK',
|
|
161
|
+
p0Count: 0,
|
|
162
|
+
p1Count: 0,
|
|
163
|
+
p1Reviewers: 0,
|
|
164
|
+
reasoning: 'Every reviewer errored: no signal. Treating as BLOCK until at least one reviewer returns.',
|
|
165
|
+
};
|
|
166
|
+
}
|
|
167
|
+
let p0Count = 0;
|
|
168
|
+
let p1Count = 0;
|
|
169
|
+
let p1Reviewers = 0;
|
|
170
|
+
for (const verdict of verdicts) {
|
|
171
|
+
if (verdict.errored)
|
|
172
|
+
continue;
|
|
173
|
+
const p0 = verdict.findings.filter((f) => f.severity === 'P0').length;
|
|
174
|
+
const p1 = verdict.findings.filter((f) => f.severity === 'P1').length;
|
|
175
|
+
p0Count += p0;
|
|
176
|
+
p1Count += p1;
|
|
177
|
+
if (p1 > 0)
|
|
178
|
+
p1Reviewers += 1;
|
|
179
|
+
}
|
|
180
|
+
if (p0Count > 0) {
|
|
181
|
+
return {
|
|
182
|
+
verdict: 'BLOCK',
|
|
183
|
+
p0Count,
|
|
184
|
+
p1Count,
|
|
185
|
+
p1Reviewers,
|
|
186
|
+
reasoning: `${p0Count}x P0 finding${p0Count === 1 ? '' : 's'}: BLOCK (any P0 fails the gate).`,
|
|
187
|
+
};
|
|
188
|
+
}
|
|
189
|
+
if (p1Reviewers >= 2) {
|
|
190
|
+
return {
|
|
191
|
+
verdict: 'BLOCK',
|
|
192
|
+
p0Count,
|
|
193
|
+
p1Count,
|
|
194
|
+
p1Reviewers,
|
|
195
|
+
reasoning: `${p1Reviewers} reviewers each reported P1: consensus = likely real bug, BLOCK.`,
|
|
196
|
+
};
|
|
197
|
+
}
|
|
198
|
+
if (p1Reviewers === 1) {
|
|
199
|
+
return {
|
|
200
|
+
verdict: 'WARN',
|
|
201
|
+
p0Count,
|
|
202
|
+
p1Count,
|
|
203
|
+
p1Reviewers,
|
|
204
|
+
reasoning: 'One reviewer reported P1: asymmetric signal, examine the disagreement before merging.',
|
|
205
|
+
};
|
|
206
|
+
}
|
|
207
|
+
return {
|
|
208
|
+
verdict: 'PASS',
|
|
209
|
+
p0Count,
|
|
210
|
+
p1Count,
|
|
211
|
+
p1Reviewers,
|
|
212
|
+
reasoning: 'No P0 or P1 findings: PASS. P2/P3 findings are non-blocking.',
|
|
213
|
+
};
|
|
214
|
+
}
|
|
215
|
+
/**
|
|
216
|
+
* Map a rubric verdict to the conventional exit code Pugi CLI uses for
|
|
217
|
+
* gates (spec α6.7):
|
|
218
|
+
*
|
|
219
|
+
* PASS -> 0
|
|
220
|
+
* WARN -> 1
|
|
221
|
+
* BLOCK -> 2
|
|
222
|
+
*
|
|
223
|
+
* The non-zero codes are distinct so a shell script can branch on the
|
|
224
|
+
* exact outcome without re-parsing stdout.
|
|
225
|
+
*/
|
|
226
|
+
export function exitCodeFor(verdict) {
|
|
227
|
+
if (verdict === 'PASS')
|
|
228
|
+
return 0;
|
|
229
|
+
if (verdict === 'WARN')
|
|
230
|
+
return 1;
|
|
231
|
+
return 2;
|
|
232
|
+
}
|
|
233
|
+
//# sourceMappingURL=rubric.js.map
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Three-tier context model - α6.5 Phase 1 barrel.
|
|
3
|
+
*
|
|
4
|
+
* Bundles the four primitives so the REPL bootstrap can import from a
|
|
5
|
+
* single path:
|
|
6
|
+
*
|
|
7
|
+
* import {
|
|
8
|
+
* loadPugiIgnore,
|
|
9
|
+
* buildRepoSkeleton,
|
|
10
|
+
* renderSkeleton,
|
|
11
|
+
* WorkingSet,
|
|
12
|
+
* PugiWatcher,
|
|
13
|
+
* } from '../context/index.js';
|
|
14
|
+
*
|
|
15
|
+
* No new logic lives here - just re-exports.
|
|
16
|
+
*/
|
|
17
|
+
export { BASELINE_IGNORE_PATTERNS, SECRET_IGNORE_PATTERNS, globalPugiIgnorePath, loadPugiIgnore, parsePatternText, readPatternFile, workspaceGitIgnorePath, workspacePugiIgnorePath, } from './pugiignore.js';
|
|
18
|
+
export { COLLAPSE_DIR_ENTRIES, MAX_README_LINES, MAX_SKELETON_BYTES, MAX_TREE_DEPTH, MAX_WALK_NODES, TOP_LANGUAGES, buildRepoSkeleton, detectPackageManager, languageForExtension, readGitBranch, readPackageJson, readReadme, renderSkeleton, topLanguages, } from './repo-skeleton.js';
|
|
19
|
+
export { DEFAULT_WORKING_SET_CAPACITY, WorkingSet, } from './working-set.js';
|
|
20
|
+
export { MAX_WATCHED_PATHS, PugiWatcher, THROTTLE_WINDOW_MS, } from './watcher.js';
|
|
21
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1,316 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* `.pugiignore` parser - α6.5 Phase 1 (three-tier context).
|
|
3
|
+
*
|
|
4
|
+
* The CLI walks the workspace to build a repo skeleton and to feed the
|
|
5
|
+
* chokidar watcher. Both passes need a single source of truth for which
|
|
6
|
+
* paths are off-limits. `.pugiignore` extends (not replaces) `.gitignore`
|
|
7
|
+
* with Pugi-specific defaults: secret files, large binaries, build
|
|
8
|
+
* outputs, lockfiles.
|
|
9
|
+
*
|
|
10
|
+
* Design choices:
|
|
11
|
+
*
|
|
12
|
+
* 1. We layer four sources, last-write-wins per the .gitignore spec:
|
|
13
|
+
* (a) Built-in DEFAULT_IGNORE_PATTERNS - secret / binary / build
|
|
14
|
+
* paths every workspace should drop.
|
|
15
|
+
* (b) `~/.pugi/global.pugiignore` - operator-global overrides.
|
|
16
|
+
* (c) Repo `.gitignore` (when present) - so we don't re-walk
|
|
17
|
+
* node_modules / dist / etc.
|
|
18
|
+
* (d) Repo `.pugiignore` - workspace-local extensions.
|
|
19
|
+
*
|
|
20
|
+
* 2. The `ignore` npm package handles negation (`!path`) and nested
|
|
21
|
+
* directories correctly. Rolling a minimal glob matcher is doable
|
|
22
|
+
* but the test surface for gitignore semantics (esp. negation +
|
|
23
|
+
* ancestor matching) is wide enough that pulling the audited
|
|
24
|
+
* library is the safer call. It is already in the workspace via
|
|
25
|
+
* transitive deps; we add it as an explicit pugi-cli dep.
|
|
26
|
+
*
|
|
27
|
+
* 3. Privacy is defense-in-depth: even if the operator deletes the
|
|
28
|
+
* built-in defaults from their `.pugiignore`, we re-add the
|
|
29
|
+
* secret patterns at the END of the chain so a typo in user
|
|
30
|
+
* config cannot expose `.env` / `*.pem` / `*.key`. The user can
|
|
31
|
+
* explicitly negate (`!.env.example`) but cannot wipe the
|
|
32
|
+
* defense.
|
|
33
|
+
*
|
|
34
|
+
* 4. Paths are normalised to forward slashes (the `ignore` package
|
|
35
|
+
* requires POSIX-style separators even on Windows) and stripped
|
|
36
|
+
* of any leading workspace root so `isIgnored` answers in
|
|
37
|
+
* repo-relative terms.
|
|
38
|
+
*
|
|
39
|
+
* The API surface is minimal: `loadPugiIgnore(cwd)` returns a
|
|
40
|
+
* `PugiIgnore` matcher with `isIgnored(absPath): boolean`. The matcher
|
|
41
|
+
* is built once at session bootstrap and reused by the skeleton walker
|
|
42
|
+
* and the chokidar watcher.
|
|
43
|
+
*/
|
|
44
|
+
import { existsSync, readFileSync } from 'node:fs';
|
|
45
|
+
import { homedir } from 'node:os';
|
|
46
|
+
import { relative, resolve, sep } from 'node:path';
|
|
47
|
+
// The `ignore` package ships as CommonJS with `module.exports = factory`
|
|
48
|
+
// plus a `.d.ts` that re-exports the factory as default. Under
|
|
49
|
+
// `module: nodenext` TypeScript treats CJS default imports as the
|
|
50
|
+
// `module.exports` shape, which for `ignore` IS the callable factory -
|
|
51
|
+
// but only when we use the namespace-default dance below. A bare
|
|
52
|
+
// `import ignore from 'ignore'` fails with "expression is not callable"
|
|
53
|
+
// because TS resolves the import to the `typeof` shape rather than the
|
|
54
|
+
// callable value.
|
|
55
|
+
import * as ignoreModule from 'ignore';
|
|
56
|
+
const ignoreFactory = ignoreModule.default
|
|
57
|
+
?? ignoreModule;
|
|
58
|
+
/**
|
|
59
|
+
* Built-in patterns shipped with every Pugi workspace. The list is a
|
|
60
|
+
* conservative union of three categories:
|
|
61
|
+
*
|
|
62
|
+
* - **Secrets** (defense in depth): `.env*`, `*.pem`, `*.key`,
|
|
63
|
+
* `secrets/**`, `.netrc`, `id_rsa*`, `*.secret`, `credentials*`.
|
|
64
|
+
* These are re-applied at the END of the chain so user config
|
|
65
|
+
* cannot accidentally expose them.
|
|
66
|
+
*
|
|
67
|
+
* - **Build outputs / caches**: `node_modules/`, `dist/`, `build/`,
|
|
68
|
+
* `.next/`, `.nuxt/`, `.svelte-kit/`, `coverage/`, `.nx/`, `.cache/`,
|
|
69
|
+
* `.turbo/`, `.parcel-cache/`, `out/`, `.output/`, `*.tsbuildinfo`.
|
|
70
|
+
*
|
|
71
|
+
* - **Large binaries / data**: lockfiles (`*.lock`, `*-lock.json`,
|
|
72
|
+
* `*-lock.yaml`), images (`*.png`, `*.jpg`, `*.jpeg`, `*.gif`,
|
|
73
|
+
* `*.ico`), PDFs, videos, archives (`*.zip`, `*.tar`, `*.gz`),
|
|
74
|
+
* DB dumps (`*.sql`, `*.dump`), logs.
|
|
75
|
+
*
|
|
76
|
+
* The split between baseline patterns (applied first) and secret
|
|
77
|
+
* patterns (applied last) matters: a user `.pugiignore` can `!`-negate
|
|
78
|
+
* baseline entries (e.g. unignore a particular generated file under
|
|
79
|
+
* `dist/`) but cannot reach the trailing secret block. The trailing
|
|
80
|
+
* block is exported as `SECRET_IGNORE_PATTERNS` for tests.
|
|
81
|
+
*/
|
|
82
|
+
export const BASELINE_IGNORE_PATTERNS = Object.freeze([
|
|
83
|
+
// VCS / Pugi state
|
|
84
|
+
'.git/',
|
|
85
|
+
'.pugi/',
|
|
86
|
+
'.hg/',
|
|
87
|
+
'.svn/',
|
|
88
|
+
// Build outputs / package manager caches
|
|
89
|
+
'node_modules/',
|
|
90
|
+
'.pnpm-store/',
|
|
91
|
+
'dist/',
|
|
92
|
+
'build/',
|
|
93
|
+
'out/',
|
|
94
|
+
'.output/',
|
|
95
|
+
'.next/',
|
|
96
|
+
'.nuxt/',
|
|
97
|
+
'.svelte-kit/',
|
|
98
|
+
'.astro/',
|
|
99
|
+
'coverage/',
|
|
100
|
+
'.nyc_output/',
|
|
101
|
+
'.nx/',
|
|
102
|
+
'.turbo/',
|
|
103
|
+
'.parcel-cache/',
|
|
104
|
+
'.cache/',
|
|
105
|
+
'.vercel/',
|
|
106
|
+
'.netlify/',
|
|
107
|
+
'*.tsbuildinfo',
|
|
108
|
+
// Lockfiles - rebuilds, never agent-relevant
|
|
109
|
+
'*.lock',
|
|
110
|
+
'package-lock.json',
|
|
111
|
+
'yarn.lock',
|
|
112
|
+
'pnpm-lock.yaml',
|
|
113
|
+
'bun.lockb',
|
|
114
|
+
'composer.lock',
|
|
115
|
+
'poetry.lock',
|
|
116
|
+
'Cargo.lock',
|
|
117
|
+
'Gemfile.lock',
|
|
118
|
+
// Logs
|
|
119
|
+
'*.log',
|
|
120
|
+
'logs/',
|
|
121
|
+
'.pm2/',
|
|
122
|
+
// Large binaries
|
|
123
|
+
'*.png',
|
|
124
|
+
'*.jpg',
|
|
125
|
+
'*.jpeg',
|
|
126
|
+
'*.gif',
|
|
127
|
+
'*.ico',
|
|
128
|
+
'*.webp',
|
|
129
|
+
'*.bmp',
|
|
130
|
+
'*.tiff',
|
|
131
|
+
'*.svg',
|
|
132
|
+
'*.pdf',
|
|
133
|
+
'*.mp3',
|
|
134
|
+
'*.mp4',
|
|
135
|
+
'*.mov',
|
|
136
|
+
'*.webm',
|
|
137
|
+
'*.zip',
|
|
138
|
+
'*.tar',
|
|
139
|
+
'*.tar.gz',
|
|
140
|
+
'*.tgz',
|
|
141
|
+
'*.gz',
|
|
142
|
+
'*.bz2',
|
|
143
|
+
'*.7z',
|
|
144
|
+
'*.rar',
|
|
145
|
+
'*.dmg',
|
|
146
|
+
'*.iso',
|
|
147
|
+
// DB dumps / fixtures
|
|
148
|
+
'*.sql',
|
|
149
|
+
'*.dump',
|
|
150
|
+
'*.sqlite',
|
|
151
|
+
'*.sqlite3',
|
|
152
|
+
'*.db',
|
|
153
|
+
// OS noise
|
|
154
|
+
'.DS_Store',
|
|
155
|
+
'Thumbs.db',
|
|
156
|
+
]);
|
|
157
|
+
/**
|
|
158
|
+
* Secret patterns re-applied at the END of every layered chain. Even
|
|
159
|
+
* if the operator deletes these from `.pugiignore` (or accidentally
|
|
160
|
+
* negates them with `!.env`), the trailing block restores the gate.
|
|
161
|
+
* This is defense-in-depth: the skeleton walker MUST NOT read
|
|
162
|
+
* credentials into the agent context, period.
|
|
163
|
+
*/
|
|
164
|
+
export const SECRET_IGNORE_PATTERNS = Object.freeze([
|
|
165
|
+
'.env',
|
|
166
|
+
'.env.*',
|
|
167
|
+
'*.pem',
|
|
168
|
+
'*.key',
|
|
169
|
+
'*.crt',
|
|
170
|
+
'*.cert',
|
|
171
|
+
// X.509 cert formats - `*.cer` is the PEM-style cert extension common
|
|
172
|
+
// on Windows / Java keystores, `*.der` is the binary DER-encoded form
|
|
173
|
+
// used by Java + .NET tooling. Both can carry private keys when
|
|
174
|
+
// bundled (PKCS#7 / PKCS#12) and the file extension alone does not
|
|
175
|
+
// tell us whether the bundle includes a key. Treat as secrets by
|
|
176
|
+
// default. triple-review P1 (PR #380).
|
|
177
|
+
'*.cer',
|
|
178
|
+
'*.der',
|
|
179
|
+
'*.p12',
|
|
180
|
+
'*.pfx',
|
|
181
|
+
'*.jks',
|
|
182
|
+
'*.keystore',
|
|
183
|
+
'secrets/**',
|
|
184
|
+
'.netrc',
|
|
185
|
+
'id_rsa',
|
|
186
|
+
'id_rsa.*',
|
|
187
|
+
'id_ed25519',
|
|
188
|
+
'id_ed25519.*',
|
|
189
|
+
'*.secret',
|
|
190
|
+
'credentials',
|
|
191
|
+
'credentials.json',
|
|
192
|
+
'service-account*.json',
|
|
193
|
+
'*.kdbx',
|
|
194
|
+
'.aws/',
|
|
195
|
+
'.ssh/',
|
|
196
|
+
'.gnupg/',
|
|
197
|
+
]);
|
|
198
|
+
/**
|
|
199
|
+
* Where the operator's global ignore file lives. Mirrors the
|
|
200
|
+
* `~/.gitignore_global` convention. We do NOT auto-create it; if it
|
|
201
|
+
* exists, we load its non-empty / non-comment lines.
|
|
202
|
+
*/
|
|
203
|
+
export function globalPugiIgnorePath(home = homedir()) {
|
|
204
|
+
return resolve(home, '.pugi', 'global.pugiignore');
|
|
205
|
+
}
|
|
206
|
+
/** Path to the workspace `.pugiignore`. */
|
|
207
|
+
export function workspacePugiIgnorePath(cwd) {
|
|
208
|
+
return resolve(cwd, '.pugiignore');
|
|
209
|
+
}
|
|
210
|
+
/** Path to the workspace `.gitignore`. */
|
|
211
|
+
export function workspaceGitIgnorePath(cwd) {
|
|
212
|
+
return resolve(cwd, '.gitignore');
|
|
213
|
+
}
|
|
214
|
+
/**
|
|
215
|
+
* Load and compile the layered ignore matcher for `cwd`. The chain
|
|
216
|
+
* is built in this exact order so later layers override earlier ones,
|
|
217
|
+
* with the trailing secret block as the inviolable backstop:
|
|
218
|
+
*
|
|
219
|
+
* 1. BASELINE_IGNORE_PATTERNS (built-in defaults)
|
|
220
|
+
* 2. ~/.pugi/global.pugiignore (operator global, optional)
|
|
221
|
+
* 3. <cwd>/.gitignore (workspace, optional)
|
|
222
|
+
* 4. <cwd>/.pugiignore (workspace, optional)
|
|
223
|
+
* 5. SECRET_IGNORE_PATTERNS (defense-in-depth backstop)
|
|
224
|
+
*
|
|
225
|
+
* Any FS error reading optional files is swallowed - workspace
|
|
226
|
+
* context is best-effort and must never block the REPL bootstrap.
|
|
227
|
+
*/
|
|
228
|
+
export function loadPugiIgnore(cwd, options = {}) {
|
|
229
|
+
const home = options.home ?? homedir();
|
|
230
|
+
const normalisedCwd = resolve(cwd);
|
|
231
|
+
const patterns = [];
|
|
232
|
+
patterns.push(...BASELINE_IGNORE_PATTERNS);
|
|
233
|
+
const globalPath = globalPugiIgnorePath(home);
|
|
234
|
+
const globalPatterns = readPatternFile(globalPath);
|
|
235
|
+
patterns.push(...globalPatterns);
|
|
236
|
+
const gitignorePath = workspaceGitIgnorePath(normalisedCwd);
|
|
237
|
+
const gitPatterns = readPatternFile(gitignorePath);
|
|
238
|
+
patterns.push(...gitPatterns);
|
|
239
|
+
const pugiIgnorePath = workspacePugiIgnorePath(normalisedCwd);
|
|
240
|
+
const pugiPatterns = readPatternFile(pugiIgnorePath);
|
|
241
|
+
patterns.push(...pugiPatterns);
|
|
242
|
+
// Secrets last so they cannot be silently negated by user config.
|
|
243
|
+
patterns.push(...SECRET_IGNORE_PATTERNS);
|
|
244
|
+
const matcher = ignoreFactory().add(patterns);
|
|
245
|
+
return {
|
|
246
|
+
cwd: normalisedCwd,
|
|
247
|
+
patterns: Object.freeze(patterns.slice()),
|
|
248
|
+
isIgnored(absPath, isDir) {
|
|
249
|
+
return isIgnoredImpl(matcher, normalisedCwd, absPath, isDir === true);
|
|
250
|
+
},
|
|
251
|
+
};
|
|
252
|
+
}
|
|
253
|
+
/**
|
|
254
|
+
* Read a `.gitignore`-shaped file and return the non-comment / non-empty
|
|
255
|
+
* lines. Returns `[]` on any FS error. Lines are returned verbatim - the
|
|
256
|
+
* `ignore` library parses leading `!`, trailing `/`, and `**` correctly
|
|
257
|
+
* on its own.
|
|
258
|
+
*/
|
|
259
|
+
export function readPatternFile(path) {
|
|
260
|
+
try {
|
|
261
|
+
if (!existsSync(path))
|
|
262
|
+
return [];
|
|
263
|
+
const raw = readFileSync(path, 'utf8');
|
|
264
|
+
return parsePatternText(raw);
|
|
265
|
+
}
|
|
266
|
+
catch {
|
|
267
|
+
return [];
|
|
268
|
+
}
|
|
269
|
+
}
|
|
270
|
+
/**
|
|
271
|
+
* Pure parser for a `.gitignore`-shaped string. Splits on newlines,
|
|
272
|
+
* strips comment lines (`#`), trims whitespace, drops empty lines.
|
|
273
|
+
* Exported for the test suite so the chain is exercisable without a
|
|
274
|
+
* real filesystem.
|
|
275
|
+
*/
|
|
276
|
+
export function parsePatternText(raw) {
|
|
277
|
+
const lines = raw.split(/\r?\n/);
|
|
278
|
+
const out = [];
|
|
279
|
+
for (const line of lines) {
|
|
280
|
+
const trimmed = line.trim();
|
|
281
|
+
if (trimmed.length === 0)
|
|
282
|
+
continue;
|
|
283
|
+
if (trimmed.startsWith('#'))
|
|
284
|
+
continue;
|
|
285
|
+
out.push(trimmed);
|
|
286
|
+
}
|
|
287
|
+
return out;
|
|
288
|
+
}
|
|
289
|
+
/**
|
|
290
|
+
* Normalise an absolute path to a repo-relative POSIX path, then run
|
|
291
|
+
* it through the `ignore` matcher. Inputs outside the workspace return
|
|
292
|
+
* `false` - the matcher has no opinion about paths above its root.
|
|
293
|
+
*/
|
|
294
|
+
function isIgnoredImpl(matcher, cwd, absPath, isDir) {
|
|
295
|
+
const normalisedAbs = resolve(absPath);
|
|
296
|
+
if (normalisedAbs === cwd)
|
|
297
|
+
return false;
|
|
298
|
+
const rel = relative(cwd, normalisedAbs);
|
|
299
|
+
// Paths above the workspace root come back as `..` or `../foo`.
|
|
300
|
+
// The matcher has no opinion about those; treat as not-ignored.
|
|
301
|
+
if (rel.length === 0)
|
|
302
|
+
return false;
|
|
303
|
+
if (rel.startsWith('..'))
|
|
304
|
+
return false;
|
|
305
|
+
// `ignore` requires POSIX-style separators on every platform.
|
|
306
|
+
const posixRel = sep === '/' ? rel : rel.split(sep).join('/');
|
|
307
|
+
// Append a trailing slash for directories so gitignore-style
|
|
308
|
+
// dir patterns (`node_modules/`, `dist/`) match the dir itself,
|
|
309
|
+
// not just its children. Without this, `isIgnored('/abs/node_modules', true)`
|
|
310
|
+
// would return false because `ignore` only matches the child path
|
|
311
|
+
// shape for those patterns. See the spec for the failing case
|
|
312
|
+
// (skeleton walker descending into node_modules/).
|
|
313
|
+
const queryPath = isDir ? `${posixRel}/` : posixRel;
|
|
314
|
+
return matcher.ignores(queryPath);
|
|
315
|
+
}
|
|
316
|
+
//# sourceMappingURL=pugiignore.js.map
|