@pugi/cli 0.1.0-alpha.9 → 0.1.0-beta.2

package/dist/runtime/cli.js

@@ -16,14 +16,26 @@ import { globTool, grepTool, readTool } from '../tools/file-tools.js';
 import { toolRegistry, toolSchemaBundleHashInput } from '../tools/registry.js';
 import { webFetchTool } from '../tools/web-fetch.js';
 import { emptyIndex, rebuildIndex, readIndex, upsertArtifact, writeIndex, } from '../core/index-store.js';
+import { signatureForPlanReview } from '../core/repl/ask.js';
 import { buildRuntimeConfig, loadRuntimeConfig, pollDeviceFlow, pugiHandoffBundleSchema, pugiSyncDryRunPlanSchema, pugiSyncPrivacyModeSchema, pugiSyncRequestSchema, pugiSyncUploadPlanSchema, pugiTripleReviewRequestSchema, startDeviceFlow, submitSync, submitTripleReview, } from '@pugi/sdk';
 import { PUGI_TAGLINE } from '@pugi/personas';
 import { clearApiKey, DEFAULT_API_URL, listStoredCredentials, maskApiKey, normalizeApiUrl, purgeAllCredentials, readCredentialsFile, resolveActiveCredential, storeApiKey, switchActiveAccount, } from '../core/credentials.js';
+import { runDeployCommand } from '../commands/deploy.js';
 import { runJobsCommand } from '../commands/jobs.js';
 import { runConfigCommand } from './commands/config.js';
 import { runPrivacyCommand } from './commands/privacy.js';
 import { runUndoCommand } from './commands/undo.js';
 import { runBudgetCommand } from './commands/budget.js';
+import { runSkillsCommand } from './commands/skills.js';
+import { runAgentsCommand } from './commands/agents.js';
+import { runLspCommand } from './commands/lsp.js';
+import { runPatchCommand } from './commands/patch.js';
+import { runWorktreeCommand } from './commands/worktree.js';
+import { resolveWorkspaceLabel } from '../core/repl/workspace-context.js';
+import { runReviewConsensus } from './commands/review-consensus.js';
+import { FtsSyntaxError, SqliteSessionStore, resolveProjectStoreDir } from '../core/repl/store/index.js';
+import { slugForCwd } from '../core/repl/history.js';
+import { dispatchEdit, } from '../core/edits/index.js';
 /**
  * CLI version shown by `pugi version` and embedded in `pugi doctor --json`.
  *
@@ -35,13 +47,16 @@ import { runBudgetCommand } from './commands/budget.js';
  * packages/pugi-sdk/package.json); the publish workflow validates the
  * three are in lockstep.
  */
-const PUGI_CLI_VERSION = '0.1.0-alpha.9';
+const PUGI_CLI_VERSION = "0.1.0-beta.2";
 const handlers = {
     accounts,
+    agents: dispatchAgents,
+    ask: dispatchAsk,
     build: runEngineTask('build_task'),
     budget: dispatchBudget,
     code: runEngineTask('code'),
     config: dispatchConfig,
+    deploy: dispatchDeploy,
     doctor,
     explain: runEngineTask('explain'),
     fix: runEngineTask('fix'),
@@ -52,17 +67,178 @@ const handlers = {
     jobs,
     login,
     logout,
+    lsp: dispatchLsp,
+    patch: dispatchPatch,
     plan: runEngineTask('plan'),
+    'plan-review': dispatchPlanReview,
     privacy: dispatchPrivacy,
     review,
     resume,
     sessions,
+    skills: dispatchSkills,
     sync,
     undo: dispatchUndo,
     version,
     web: dispatchWeb,
     whoami,
+    worktree: dispatchWorktree,
 };
+/**
+ * α6.3 `pugi ask "<question>"` — surface the office-hours forcing-question
+ * modal manually. In an interactive TTY we mount a tiny Ink app, render
+ * the `<AskModal />`, and await the operator's verdict. In non-TTY
+ * (CI / pipes), we emit the structured ask JSON to stdout so scripted
+ * callers can pipe the response back without rendering a modal.
+ *
+ * The verdict is printed to stdout as either:
+ *   - the chosen option `value` (one of the yes/no defaults)
+ *   - `other:<text>` when the operator typed a custom answer
+ *   - `cancelled` when the operator pressed Esc
+ *
+ * This is a CLI-side helper. The REPL slash `/ask` is wired separately
+ * through `slash-commands.ts`.
+ */
+async function dispatchAsk(args, flags, _session) {
+    const question = args.join(' ').trim();
+    if (!question) {
+        writeOutput(flags, { ok: false, error: 'Usage: pugi ask "<question>"' }, 'Usage: pugi ask "<question>"');
+        process.exitCode = 2;
+        return;
+    }
+    const { synthesiseLocalAskTag } = await import('../core/repl/session.js');
+    const tag = synthesiseLocalAskTag(question);
+    if (!tag) {
+        writeOutput(flags, { ok: false, error: 'Question must be 1-80 chars.' }, 'pugi ask: question must be 1-80 chars.');
+        process.exitCode = 2;
+        return;
+    }
+    if (!isInteractive(flags)) {
+        // Non-TTY: emit the structured ask payload so scripted callers can
+        // forward it. The interactive modal is only meaningful with a real
+        // terminal, so the line-buffered fallback prints the question +
+        // options and exits 0 — callers parse the JSON.
+        const payload = {
+            ok: true,
+            ask: {
+                question: tag.question,
+                options: tag.options,
+                signature: tag.signature,
+            },
+        };
+        writeOutput(flags, payload, [
+            `Question: ${tag.question}`,
+            ...tag.options.map((o, i) => `  ${i + 1}. ${o.label}${o.desc ? ` - ${o.desc}` : ''}`),
+            `  ${tag.options.length + 1}. Other (custom)`,
+            '',
+            '(non-TTY: re-run in a real terminal to answer interactively, or pipe an answer to stdin)',
+        ].join('\n'));
+        return;
+    }
+    // Interactive: render the Ink modal and await resolution.
+    const { renderAskCli } = await import('../tui/ask-cli.js');
+    const verdict = await renderAskCli({ tag });
+    const encoded = verdict.cancelled
+        ? 'cancelled'
+        : verdict.value.length > 0
+            ? verdict.value
+            : `other:${verdict.customInput ?? ''}`;
+    writeOutput(flags, { ok: true, verdict: encoded }, encoded);
+}
+/**
+ * α6.3 `pugi plan-review <task>` — generate + present a plan WITHOUT
+ * executing. The legacy `pugi plan` surface (offline plan generator,
+ * see runEngineTask) stays intact; `plan-review` adds the office-hours
+ * Ink modal layer on top so the operator can approve/modify/cancel
+ * before the orchestrator dispatches Marcus.
+ *
+ * Phase 1 implementation: build a deterministic plan stub from the
+ * task description (the persona-driven planner ships in a follow-up
+ * sprint). The plan is presented through the standard
+ * `<pugi-plan-review>` modal in interactive mode; non-TTY emits the
+ * structured payload to stdout for scripted consumers.
+ *
+ * The exit code reflects the operator's verdict:
+ *   - 0 PASS    approved
+ *   - 1 MODIFY  modify (text printed)
+ *   - 2 CANCEL  cancel
+ */
+async function dispatchPlanReview(args, flags, _session) {
+    const task = args.join(' ').trim();
+    if (!task) {
+        writeOutput(flags, { ok: false, error: 'Usage: pugi plan <task description>' }, 'Usage: pugi plan <task description>');
+        process.exitCode = 2;
+        return;
+    }
+    const planTag = synthesiseLocalPlanReview(task);
+    if (!isInteractive(flags)) {
+        const payload = {
+            ok: true,
+            plan: {
+                steps: planTag.steps,
+                risk: planTag.risk,
+                signature: planTag.signature,
+            },
+        };
+        writeOutput(flags, payload, [
+            'Plan review (non-execution):',
+            ...planTag.steps.map((s, i) => `  ${i + 1}. ${s.text}`),
+            planTag.risk ? `Risk: ${planTag.risk}` : '',
+            '',
+            '(non-TTY: re-run in a real terminal to approve/modify/cancel interactively)',
+        ]
+            .filter(Boolean)
+            .join('\n'));
+        return;
+    }
+    const { renderPlanReviewCli } = await import('../tui/ask-cli.js');
+    const result = await renderPlanReviewCli({ tag: planTag });
+    switch (result.verdict) {
+        case 'approve':
+            writeOutput(flags, { ok: true, verdict: 'approve' }, 'approve');
+            return;
+        case 'modify':
+            writeOutput(flags, { ok: true, verdict: 'modify', modifyText: result.modifyText ?? '' }, `modify: ${result.modifyText ?? ''}`);
+            process.exitCode = 1;
+            return;
+        case 'cancel':
+            writeOutput(flags, { ok: true, verdict: 'cancel' }, 'cancel');
+            process.exitCode = 2;
+            return;
+    }
+}
+/**
+ * Local plan stub generator. Until the persona-side planner lands, we
+ * produce a deterministic 3-step skeleton anchored to the task text so
+ * the operator can dry-run the modal interaction. Real plan synthesis
+ * arrives in a follow-up sprint.
+ */
+function synthesiseLocalPlanReview(task) {
+    const truncated = task.length > 80 ? task.slice(0, 77) + '...' : task;
+    const steps = [
+        { text: `1. Understand the task: ${truncated}` },
+        { text: '2. Identify scope, files touched, side effects.' },
+        { text: '3. Execute with verification gates per Pugi defaults.' },
+    ];
+    const risk = task.length > 200
+        ? 'Long task description - consider splitting into smaller briefs.'
+        : undefined;
+    // Route through the single-source signature helper from ask.ts so a
+    // parser-extracted plan-review with identical content collides
+    // deterministically with this synthesised one. Inlining the formula
+    // here (as the original implementation did) silently drifted from
+    // signatureForPlanReview when the helper added `.trim()` to each
+    // step. Codex triple-review P2 (PR #375).
+    const signature = signatureForPlanReview(steps, risk ?? null);
+    const tag = {
+        steps,
+        signature,
+        start: 0,
+        end: 0,
+    };
+    if (risk)
+        tag.risk = risk;
+    return tag;
+}
 async function dispatchConfig(args, flags, _session) {
     await runConfigCommand(args, {
         workspaceRoot: process.cwd(),
@@ -89,6 +265,20 @@ async function dispatchBudget(args, flags, _session) {
         writeOutput: (payload, text) => writeOutput(flags, payload, text),
     });
 }
+async function dispatchSkills(args, flags, _session) {
+    await runSkillsCommand(args, {
+        workspaceRoot: process.cwd(),
+        json: flags.json,
+        writeOutput: (payload, text) => writeOutput(flags, payload, text),
+    });
+}
+async function dispatchAgents(args, flags, _session) {
+    await runAgentsCommand(args, {
+        workspaceRoot: process.cwd(),
+        json: flags.json,
+        writeOutput: (payload, text) => writeOutput(flags, payload, text),
+    });
+}
 /**
  * `pugi web <url>` — Sprint α6.15 Phase 1 quick-win subcommand.
  *
@@ -130,6 +320,46 @@ async function dispatchWeb(args, flags, _session) {
     }
     writeOutput(flags, result, `# ${result.title}\n# ${result.url}\n# fetched ${result.fetched_at}\n\n${result.content_md}`);
 }
+/**
+ * α7.7: `pugi lsp <op> <file> [args]` — direct LSP queries. Delegated
+ * to the standalone runner in `./commands/lsp.ts` so the giant cli.ts
+ * dispatch table stays narrow. The runner spawns + tears down the LSP
+ * server per invocation (no daemon yet — that ships in α7.7b).
+ */
+async function dispatchLsp(args, flags, _session) {
+    const result = await runLspCommand(args, { cwd: process.cwd(), json: flags.json });
+    if (flags.json)
+        console.log(result.text);
+    else
+        console.log(result.text);
+    if (result.exitCode !== 0)
+        process.exitCode = result.exitCode;
+}
+/**
+ * α7.7: `pugi patch` — apply a unified-diff patch from stdin or a file.
+ * Routes through the same security gate as the Layer A/B/C applicators
+ * (see `src/core/edits/security-gate.ts`). Exit codes mirror the
+ * security taxonomy so CI loops can alert on hostile patches without
+ * confusing them with operator typos.
+ */
+async function dispatchPatch(args, flags, _session) {
+    const result = await runPatchCommand(args, { cwd: process.cwd(), json: flags.json });
+    console.log(result.text);
+    if (result.exitCode !== 0)
+        process.exitCode = result.exitCode;
+}
+/**
+ * α7.7: `pugi worktree <op>` — manual scratch worktree management.
+ * The `pugi build` and `pugi review --consensus` paths use the same
+ * primitives internally (`createWorktree` / `promoteWorktree`); this
+ * surface is the operator escape hatch for debug + experiment flows.
+ */
+async function dispatchWorktree(args, flags, _session) {
+    const result = await runWorktreeCommand(args, { cwd: process.cwd(), json: flags.json });
+    console.log(result.text);
+    if (result.exitCode !== 0)
+        process.exitCode = result.exitCode;
+}
 export async function runCli(argv) {
     const { command, args, flags, isBareInvocation } = parseArgs(argv);
     // Bare `pugi` on a TTY enters the REPL-by-default agentic session
@@ -170,6 +400,7 @@ export async function runCli(argv) {
                 cliVersion: PUGI_CLI_VERSION,
                 updateBanner,
                 skipSplash: flags.noSplash,
+                hideToolStream: flags.noToolStream,
             });
             return;
         }
@@ -201,11 +432,24 @@ function parseArgs(argv) {
         web: false,
         dryRun: false,
         triple: false,
+        consensus: false,
         offline: false,
         noTty: false,
         allowFetch: false,
         noUpdateCheck: false,
         noSplash: process.env.PUGI_SKIP_SPLASH === '1',
+        // Claude triple-review P1 PR #369: default tool-stream pane HIDDEN
+        // until backend ships `tool.start`/`tool.result` SSE events. Current
+        // client-side synthesiser parses persona prose for `Read(...)` /
+        // `Bash(...)` patterns — never fires in production (admin-api emits
+        // "Mira: ..." prose, never "Read(path)" prefix) OR fires falsely on
+        // accidental `Verb(noun)` shapes producing stuck `running` rows.
+        // Hide by default; opt-in via `--tool-stream` OR PUGI_TOOL_STREAM=1
+        // for development/testing. Will flip к default ON when backend
+        // emits real tool events (filed as α6.13.X follow-up).
+        noToolStream: process.env.PUGI_TOOL_STREAM === '1' || process.env.PUGI_HIDE_TOOL_STREAM === '1'
+            ? process.env.PUGI_HIDE_TOOL_STREAM === '1'
+            : true,
     };
     const args = [];
     // Sprint 2E: `pugi --version` / `-v` are universal install-test conventions
@@ -232,9 +476,16 @@ function parseArgs(argv) {
         else if (arg === '--dry-run') {
             flags.dryRun = true;
         }
-        else if (arg === '--triple' || arg === '--consensus') {
+        else if (arg === '--triple') {
             flags.triple = true;
         }
+        else if (arg === '--consensus') {
+            // α6.7: customer-facing 3-model consensus review. Routes through
+            // the SSE-based runtime gate rather than the legacy artifact
+            // writer. The triple flag stays unset так the existing
+            // performRemoteTripleReview path is never accidentally entered.
+            flags.consensus = true;
+        }
         else if (arg === '--offline') {
             flags.offline = true;
         }
@@ -250,6 +501,14 @@ function parseArgs(argv) {
         else if (arg === '--no-splash') {
             flags.noSplash = true;
         }
+        else if (arg === '--no-tool-stream') {
+            flags.noToolStream = true;
+        }
+        else if (arg === '--tool-stream') {
+            // Opt-in для α6.12 dev/testing — backend tool events not live yet,
+            // pane shows синтесайз heuristic OR empty placeholder
+            flags.noToolStream = false;
+        }
         else if (arg.startsWith('--privacy=')) {
             flags.privacy = parsePrivacyMode(arg.slice('--privacy='.length));
         }
@@ -299,6 +558,30 @@ async function help(_args, flags, _session) {
         '',
         'Review gate:',
         '  pugi review --triple    Prepare the Anvil-backed triple-review gate.',
+        '  pugi review --consensus 3-model consensus review (codex · claude · deepseek).',
+        '                          Optional: --commit <sha> | --pr <num> | --branch <name>.',
+        '                          Exits 0 PASS · 1 WARN · 2 BLOCK.',
+        '',
+        'Skills + agents marketplace:',
+        '  pugi skills list                            All installed skills.',
+        '  pugi skills install <source> [--yes]        Fetch + trust + install a skill.',
+        '  pugi skills info <name>                     Metadata + body preview.',
+        '  pugi agents list                            All installed sub-agents.',
+        '  pugi agents install <source> [--yes]        Fetch + trust + install an agent.',
+        '',
+        'Office-hours forcing questions (α6.3):',
+        '  pugi ask "<question>"          Surface a yes/no question modal locally.',
+        '  pugi plan-review <task>        Generate + present a plan-review modal.',
+        '',
+        'Deploy:',
+        '  pugi deploy --target vercel <vercelProject> --project <id>',
+        '                          Trigger a Vercel deployment from the bound Git source.',
+        '                          Optional: --target-env production|preview, --ref <ref>,',
+        '                          --integration <id>.',
+        '  pugi deploy --target render <renderService> --project <id>',
+        '                          Trigger a Render deployment (Sprint 2 — stub today).',
+        '  pugi deploy --status <id>            Vendor-agnostic status snapshot.',
+        '  pugi deploy --logs <id> [--tail]     Build-log tail. --tail polls until terminal.',
         '',
         'Sync safety:',
         '  pugi sync --dry-run --privacy metadata',
@@ -310,6 +593,8 @@ async function help(_args, flags, _session) {
         '                          with PUGI_SKIP_UPDATE_BANNER=1.',
         '  --no-splash             Skip the REPL boot splash. Pairs with',
         '                          PUGI_SKIP_SPLASH=1.',
+        '  --no-tool-stream        Hide the live tool stream pane (α6.12).',
+        '                          Pairs with PUGI_HIDE_TOOL_STREAM=1.',
         '',
         PUGI_TAGLINE,
         'Execution defaults to local. Use --remote or --web to create a handoff bundle.',
@@ -774,6 +1059,26 @@ async function review(args, flags, session) {
     const root = process.cwd();
     ensureInitialized(root);
     const prompt = args.join(' ').trim();
+    // α6.7: customer-facing consensus review routes here. Distinct from
+    // `--triple --remote` (legacy artifact-writer flow) so the new SSE
+    // streaming UX and rubric-driven exit codes don't disturb the existing
+    // pugi-cli surfaces that depend on the old shape.
+    if (flags.consensus) {
+        const exitCode = await runReviewConsensus(args, {
+            cwd: root,
+            config: resolveRuntimeConfig(),
+            json: flags.json,
+            emit: (line) => {
+                if (!flags.json)
+                    process.stdout.write(line);
+            },
+            writeOutput: (payload, text) => writeOutput(flags, payload, text),
+        });
+        // Caller owns `process.exitCode` so a REPL slash invocation
+        // ('/consensus') cannot inherit a stale exit code from a previous run.
+        process.exitCode = exitCode;
+        return;
+    }
     if (flags.triple && flags.remote) {
         await performRemoteTripleReview(root, session, flags, prompt);
         return;
@@ -1337,6 +1642,14 @@ async function handoff(args, flags, session) {
     writeOutput(flags, bundle, ['Pugi handoff bundle created', `Bundle: ${bundle.path}`].join('\n'));
 }
 async function sessions(args, flags, _session) {
+    // α6.4: `pugi sessions --local` / `--search "query"` route to the
+    // local SessionStore. The default surface stays artifact-based for
+    // backward compat — operators who relied on the index.json view get
+    // the same shape.
+    if (args.includes('--local') || args.includes('--search')) {
+        await sessionsLocal(args, flags);
+        return;
+    }
     const root = process.cwd();
     ensureInitialized(root);
     const rebuild = args.includes('--rebuild');
@@ -1411,6 +1724,72 @@ async function sessions(args, flags, _session) {
 function hasStubSession(index) {
     return index.sessions.some((session) => session.commandCount === 0 && session.commands.length === 0);
 }
+/**
+ * α6.4: `pugi sessions --local` / `--search "query"` against the
+ * SessionStore. The default `--local` mode lists the 10 most recent
+ * sessions for the current project; `--search "query"` runs FTS5
+ * against the title+body index.
+ */
+async function sessionsLocal(args, flags) {
+    const cwd = process.cwd();
+    const projectSlug = slugForCwd(cwd);
+    const projectDir = resolveProjectStoreDir(projectSlug);
+    if (!existsSync(resolve(projectDir, 'session.db'))) {
+        writeOutput(flags, { status: 'no-sessions', projectSlug, projectDir }, `No stored sessions for project '${projectSlug}' yet.`);
+        return;
+    }
+    // Parse `--search "query"` or `--search query`.
+    const searchIdx = args.indexOf('--search');
+    const query = searchIdx >= 0 ? (args[searchIdx + 1] ?? '').trim() : '';
+    if (query.length > 0) {
+        let rows;
+        try {
+            rows = await searchLocalSessions(projectSlug, query);
+        }
+        catch (error) {
+            // Surface FTS5 syntax errors as a clean one-line message + exit 2
+            // so a stray `"` in the operator's input does not dump a stack
+            // trace. Both the live-store path (FtsSyntaxError) and the
+            // read-only fallback (SQLite error with code starting `SQLITE_`)
+            // funnel here.
+            const code = error?.code;
+            if (error instanceof FtsSyntaxError
+                || (typeof code === 'string' && (code === 'EFTS5_SYNTAX' || code.startsWith('SQLITE_')))) {
+                writeOutput(flags, { status: 'error', error: 'invalid search query', query }, `Invalid search query: '${query}'. Try simpler text (no unbalanced quotes).`);
+                process.exitCode = 2;
+                return;
+            }
+            throw error;
+        }
+        writeOutput(flags, { projectSlug, query, sessions: rows }, rows.length === 0
+            ? `No local sessions matched '${query}' for project '${projectSlug}'.`
+            : `Search hits for '${query}' (${rows.length}):\n\n${rows
+                .map((row) => `  ${row.id.slice(0, 13)}  ${(row.title ?? '(untitled)').slice(0, 64)}`)
+                .join('\n')}`);
+        return;
+    }
+    const rows = await listLocalSessions(projectSlug);
+    writeOutput(flags, { projectSlug, sessions: rows }, renderLocalSessionList(rows, projectSlug));
+}
+/**
+ * Run an FTS5 search against the local SessionStore. Opens the SQLite
+ * file READ-ONLY via `SqliteSessionStore.openReadOnly` so the search
+ * never takes the lockfile and never inserts a stub session row. Works
+ * whether or not a live REPL holds the writer lock — SQLite supports
+ * concurrent readers + a single writer.
+ *
+ * FTS syntax errors surface as `FtsSyntaxError` (code `EFTS5_SYNTAX`);
+ * the dispatcher catches that + exits 2 with a clean message.
+ */
+async function searchLocalSessions(projectSlug, query) {
+    const view = await SqliteSessionStore.openReadOnly(resolveProjectStoreDir(projectSlug));
+    try {
+        return await view.search(query, { limit: 20 });
+    }
+    finally {
+        await view.close();
+    }
+}
 function registerArtifact(root, artifact) {
     // Hot path on every artifact-producing command. Avoid `rebuildIndex` here —
     // that walks the entire `.pugi/artifacts/` tree and re-parses `events.jsonl`
@@ -1443,6 +1822,19 @@ function registerArtifact(root, artifact) {
 }
 async function resume(args, flags, session) {
     const root = process.cwd();
+    // α6.4: `pugi resume [<local-session-id>]` and `pugi resume --list`
+    // operate on the LOCAL SessionStore under `~/.pugi/projects/<slug>/`
+    // before falling back to the legacy artifact-based resume. The
+    // local-session path requires no `.pugi/` directory in the cwd
+    // (the store lives under $HOME) so we run it BEFORE ensureInitialized.
+    const wantsList = args.includes('--list');
+    const arg0 = args[0] && !args[0].startsWith('--') ? args[0] : undefined;
+    const looksLikeSessionId = arg0 ? /^[0-9a-f]{8}-[0-9a-f]{4}-7[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i.test(arg0) : false;
+    const looksLikeSessionShortId = arg0 ? /^[0-9a-f]{8}-[0-9a-f]{4}$/i.test(arg0) : false;
+    if (wantsList || looksLikeSessionId || looksLikeSessionShortId) {
+        await resumeLocalSession({ flags, arg0, wantsList });
+        return;
+    }
     ensureInitialized(root);
     const target = args[0];
     const artifacts = listArtifactSets(root);
@@ -1485,6 +1877,152 @@ async function resume(args, flags, session) {
     recordToolResult(session, toolCallId, 'success', `Created resume ${relative(root, resumePath)}`);
     writeOutput(flags, { status: 'resumed', source: selected.path, resume: relative(root, resumePath) }, ['Pugi resume created', `Source: ${selected.path}`, `Resume: ${relative(root, resumePath)}`].join('\n'));
 }
+/**
+ * α6.4: resume a local SessionStore session. Two modes:
+ *
+ *   - `pugi resume --list`   → print the 10 most recent local sessions
+ *                              for the current project slug and exit.
+ *   - `pugi resume <id>`     → resolve the id (full or short prefix),
+ *                              check it exists, then mount the REPL
+ *                              with the localSessionId pre-bound so
+ *                              the bootstrap restores the transcript.
+ *
+ * The list path is non-interactive — operators pick by id and re-run
+ * with the chosen one. A future sprint can replace the print with an
+ * Ink select prompt; today's CLI surface is scripting-friendly.
+ */
+async function resumeLocalSession(input) {
+    const cwd = process.cwd();
+    const projectSlug = slugForCwd(cwd);
+    // Resolve the project directory WITHOUT opening the store — when we
+    // are only listing, taking the lock would block a live REPL.
+    const projectDir = resolveProjectStoreDir(projectSlug);
+    if (!existsSync(resolve(projectDir, 'session.db'))) {
+        writeOutput(input.flags, { status: 'no-sessions', projectSlug, projectDir }, `No stored sessions for project '${projectSlug}' yet.`);
+        return;
+    }
+    if (input.wantsList && !input.arg0) {
+        // Read-only list. Open + close without writing to keep it cheap.
+        const rows = await listLocalSessions(projectSlug);
+        writeOutput(input.flags, { projectSlug, sessions: rows }, renderLocalSessionList(rows, projectSlug));
+        return;
+    }
+    if (!input.arg0) {
+        writeOutput(input.flags, { status: 'error', error: 'usage: pugi resume <session-id> | pugi resume --list' }, 'Usage: pugi resume <session-id>  (run `pugi resume --list` to see ids).');
+        process.exitCode = 2;
+        return;
+    }
+    // Resolve the id. Accepts full uuid OR the 13-char prefix `pugi
+    // resume` prints (`xxxxxxxx-xxxx`). Match on prefix because the
+    // operator types from the human-friendly listing.
+    const candidate = input.arg0;
+    const target = await resolveLocalSessionId(projectSlug, candidate);
+    if (!target) {
+        writeOutput(input.flags, { status: 'not-found', id: candidate }, `No local session matches '${candidate}'. Run \`pugi resume --list\`.`);
+        process.exitCode = 1;
+        return;
+    }
+    // Hand off to the REPL bootstrap with the resolved id pre-bound so
+    // the SessionStore opens the existing log + the bootstrap calls
+    // restoreTranscript before the first user input.
+    const runtimeConfig = resolveRuntimeConfig();
+    if (!runtimeConfig) {
+        writeOutput(input.flags, { status: 'auth-missing', id: target.id }, 'No credentials configured. Run `pugi login` first, then `pugi resume <id>`.');
+        process.exitCode = ENGINE_EXIT_CODES.engine_unavailable;
+        return;
+    }
+    const { renderRepl } = await import('../tui/repl-render.js');
+    await renderRepl({
+        apiUrl: runtimeConfig.apiUrl,
+        apiKey: runtimeConfig.apiKey,
+        workspaceLabel: workspaceLabel(cwd),
+        cliVersion: PUGI_CLI_VERSION,
+        skipSplash: input.flags.noSplash,
+        hideToolStream: input.flags.noToolStream,
+        resumeLocalSessionId: target.id,
+    });
+}
+/**
+ * List the most recent local sessions for a project. Uses the
+ * READ-ONLY view (`SqliteSessionStore.openReadOnly`) so the call never
+ * takes the lockfile and never inserts a stub session row. Safe to
+ * call while a live REPL writes in the same project — SQLite supports
+ * concurrent readers + a single writer.
+ *
+ * Previously this opened the full SqliteSessionStore (lockfile +
+ * insert path), which polluted history with one empty session row per
+ * `pugi resume --list` or `pugi sessions --local` invocation. Fixed in
+ * the α6.4 review pass.
+ */
+async function listLocalSessions(projectSlug) {
+    const view = await SqliteSessionStore.openReadOnly(resolveProjectStoreDir(projectSlug));
+    try {
+        return await view.list({ limit: 10 });
+    }
+    finally {
+        await view.close();
+    }
+}
+/** Canonical UUID v7 surface form: 8-4-4-4-12 hex with '7' at the version nibble. */
+const FULL_UUID_V7_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-7[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
+/**
+ * Resolve a session id from a partial input. Accepts:
+ *   - full uuid v7 (canonical form xxxxxxxx-xxxx-7xxx-yxxx-xxxxxxxxxxxx)
+ *   - 13-char prefix `xxxxxxxx-xxxx` (the human-friendly form the
+ *     `/resume` list prints)
+ *   - short 8-char hex prefix `xxxxxxxx`
+ *
+ * For a FULL uuid we go direct-to-`get` so the lookup is not bounded
+ * by the most-recent-N listing (operators paste an id from days ago).
+ * For a prefix we fall back to scanning the first page; that matches
+ * the renderer's listing window.
+ *
+ * Returns the matching SessionRow or null when no row matches.
+ */
+async function resolveLocalSessionId(projectSlug, candidate) {
+    const normalised = candidate.trim().toLowerCase();
+    const view = await SqliteSessionStore.openReadOnly(resolveProjectStoreDir(projectSlug));
+    try {
+        if (FULL_UUID_V7_RE.test(normalised)) {
+            // Direct lookup — never bounded by the listing window.
+            const direct = await view.get(normalised);
+            if (direct)
+                return direct;
+            return null;
+        }
+        // Prefix path: scan the most-recent 10 rows so a typed short prefix
+        // resolves against what the renderer just printed.
+        const rows = await view.list({ limit: 10 });
+        const exact = rows.find((r) => r.id.toLowerCase() === normalised);
+        if (exact)
+            return exact;
+        const byPrefix = rows.find((r) => r.id.toLowerCase().startsWith(normalised));
+        return byPrefix ?? null;
+    }
+    finally {
+        await view.close();
+    }
+}
+function renderLocalSessionList(rows, projectSlug) {
+    if (rows.length === 0) {
+        return `No stored sessions for project '${projectSlug}' yet.`;
+    }
+    const lines = [
+        `Recent local sessions for '${projectSlug}' (${rows.length}):`,
+        '',
+    ];
+    for (let i = 0; i < rows.length; i += 1) {
+        const row = rows[i];
+        const title = (row.title ?? '(untitled)').slice(0, 64);
+        const idShort = row.id.slice(0, 13);
+        const branch = (row.branch ?? 'no-branch').padEnd(16);
+        const turns = `${row.turnCount}t`.padStart(4);
+        const events = `${row.eventCount}e`.padStart(5);
+        lines.push(`  ${idShort}  ${branch}  ${turns} ${events}  ${title}`);
+    }
+    lines.push('', 'Resume with: pugi resume <id>');
+    return lines.join('\n');
+}
 /**
  * Per-command exit code map. Surfaced to the operator so shell scripts
  * can branch on the engine outcome:
@@ -1659,6 +2197,45 @@ function runEngineTask(kind) {
                 risks: ['adapter terminated without emitting a result event'],
             };
         }
+        // α6.6 diff escalation — Layer A/B/C dispatcher.
+        //
+        // Some models emit file edits as inline SEARCH/REPLACE markers in
+        // the final response rather than through tool calls (especially
+        // Gemini and o1 family, which under-use tool schemas in long
+        // reasoning chains). We run the dispatcher against the model's
+        // final text so those markers still land on disk. Tool-call edits
+        // (Layer-A equivalent already handled by `edit`/`write` tools) are
+        // unaffected — the dispatcher only fires on prose blocks that
+        // happen to contain markers.
+        //
+        // Scope: code / fix / build / explain only. `plan` is read-only
+        // (the engine refuses write tools), so even a stray marker in plan
+        // output gets ignored to honour the plan-mode contract.
+        //
+        // Dry-run + read-only short-circuits: when the flags forbid writes
+        // we dispatch with `dryRun: true` so the operator still sees what
+        // WOULD have been written, but nothing touches disk.
+        let dispatchResults = [];
+        if (kind === 'code' || kind === 'fix' || kind === 'build_task') {
+            dispatchResults = await runMarkerDispatch({
+                root,
+                result: {
+                    status: result.status,
+                    summary: result.summary,
+                    eventRefs: result.eventRefs,
+                },
+                dryRun: flags.dryRun,
+            });
+            // Merge dispatcher-touched files into `result.filesChanged` so the
+            // operator-facing summary lists them alongside tool-driven edits.
+            for (const dr of dispatchResults) {
+                if (dr.ok && dr.absPath) {
+                    const rel = relative(root, dr.absPath);
+                    if (!result.filesChanged.includes(rel))
+                        result.filesChanged.push(rel);
+                }
+            }
+        }
         // For `plan` we always write a plan.md artifact, regardless of
         // outcome. A blocked plan (budget exhausted, tool refusal) still
         // produces a reviewable artifact — the reason is recorded inline.
@@ -1721,6 +2298,16 @@ function runEngineTask(kind) {
             sessionEventsMirror: metrics.mirror,
             risks: result.risks,
             plan: planArtifact ? { path: planArtifact.relPath } : undefined,
+            // α6.6 — per-edit dispatcher trace. Empty array when no inline
+            // markers were detected in the model's final response.
+            diffEdits: dispatchResults.map((dr) => ({
+                layer: dr.layer,
+                file: dr.file,
+                ok: dr.ok,
+                bytesWritten: dr.bytesWritten,
+                reason: dr.reason,
+                detail: dr.detail,
+            })),
             // The full event stream is useful for cabinet UI replay. We surface
             // it in JSON mode only — text mode operators want the summary, not
             // 30 turn-level lines.
@@ -1741,6 +2328,19 @@ function runEngineTask(kind) {
             textLines.push('Files modified: none');
         }
         textLines.push(`Tool calls: ${metrics.toolCalls} · Turns: ${metrics.turns} · Tokens: ${metrics.tokens}`);
+        if (dispatchResults.length > 0) {
+            const okCount = dispatchResults.filter((d) => d.ok).length;
+            const failCount = dispatchResults.length - okCount;
+            textLines.push(`Diff dispatch: ${okCount} applied, ${failCount} rejected (${dispatchResults.length} marker block${dispatchResults.length === 1 ? '' : 's'})`);
+            for (const dr of dispatchResults) {
+                if (dr.ok) {
+                    textLines.push(`  + ${dr.layer} ${dr.file} (${dr.bytesWritten} bytes)`);
+                }
+                else {
+                    textLines.push(`  ! ${dr.layer} ${dr.file}: ${dr.reason ?? 'failure'} — ${dr.detail ?? ''}`);
+                }
+            }
+        }
         if (result.risks.length > 0) {
             textLines.push(`Risks: ${result.risks.join('; ')}`);
         }
@@ -1750,6 +2350,96 @@ function runEngineTask(kind) {
         writeOutput(flags, payload, textLines.join('\n'));
     };
 }
+// Exported for the α6.6.1 triple-review remediation spec
+// (`apps/pugi-cli/test/edits-dispatcher-gate.spec.ts`). The runtime
+// surface is not part of the public CLI API; this is a test seam.
+export async function runMarkerDispatch(input) {
+    const { root, result, dryRun } = input;
+    const dispatch = input.dispatchFn ?? dispatchEdit;
+    // Triple-review 2026-05-25 P2 (Codex): gate the dispatcher on the
+    // engine's terminal status. A `blocked` (budget_exhausted, plan-mode
+    // refusal) or `failed` result may still carry markers in the
+    // partial `summary` text — applying them would mutate files the
+    // CLI then exits non-zero on, leaving the workspace in an
+    // unexpected state with no operator signal that "blocked but with
+    // side effects" happened. Only `done` is allowed to write.
+    if (result.status !== 'done')
+        return [];
+    // Strip the engine's status prefixes (`[budget_exhausted] `, etc.)
+    // from the body before scanning. The prefixes start with `[`; the
+    // dispatcher tolerates leading prose but the cleaner the input the
+    // less chance of accidental marker matches.
+    const body = result.summary;
+    if (!hasAnyMarkerSignal(body))
+        return [];
+    const modelTag = extractModelTag(result.eventRefs);
+    try {
+        return await dispatch(body, {
+            modelTag,
+            cwd: root,
+            dryRun,
+        });
+    }
+    catch (error) {
+        // Triple-review 2026-05-25 P2 (Claude): the previous `catch {}`
+        // swallowed parser/applicator crashes silently — the operator
+        // saw a clean "0 applied" rather than the actual stack trace,
+        // and the bug only surfaced when someone manually `pugi resume`-d
+        // a session and noticed the missing edits. Surface the failure
+        // both to stderr (so live operators see it) and as a synthetic
+        // DispatchResult (so JSON consumers and the audit log record it).
+        //
+        // R2 triple-review 2026-05-25 P2 (Claude): the earlier remediation
+        // returned `detail: message` — i.e. the raw `Error.message`. That
+        // string is constructed by whatever code path threw (parser,
+        // applicator, fs layer, etc.) and may contain absolute paths,
+        // secret fragments echoed in `oldString` context, or other
+        // stack-bearing internals. The audit log and any JSON consumer
+        // that surfaces `detail` to the operator (or worse, to a remote
+        // monitoring pipe) would leak them. Stack already goes to stderr
+        // for live diagnosis; the returned result must carry a safe,
+        // static string so consumers can still detect "dispatcher
+        // crashed" without re-rendering the underlying exception.
+        const message = error instanceof Error ? error.message : String(error);
+        const stack = error instanceof Error && error.stack ? error.stack : message;
+        process.stderr.write(`pugi diff-dispatch: internal crash in dispatchEdit (${message}); see stack:\n${stack}\n`);
+        return [
+            {
+                layer: 'layer-a',
+                file: '',
+                ok: false,
+                bytesWritten: 0,
+                reason: 'dispatcher_crash',
+                detail: 'dispatcher crashed - see stderr for stack trace',
+            },
+        ];
+    }
+}
+/**
+ * Quick pre-filter: does the body contain ANY of the marker
+ * signatures the dispatcher knows about? Saves a full parse on every
+ * model response (most responses are pure prose and would otherwise
+ * round-trip through the parser pointlessly).
+ */
+function hasAnyMarkerSignal(body) {
+    return (body.includes('+++ NEW') ||
+        body.includes('<<<<<<< SEARCH') ||
+        body.includes('@@@ REWRITE') ||
+        body.includes('@@@ AST') ||
+        /^--- a\//m.test(body));
+}
+/**
+ * Extract `model=<tag>` from eventRefs if the adapter emitted it.
+ * Returns undefined when missing; dispatchEdit then auto-detects from
+ * the payload itself.
+ */
+function extractModelTag(refs) {
+    for (const ref of refs) {
+        if (ref.startsWith('model='))
+            return ref.slice('model='.length);
+    }
+    return undefined;
+}
 /**
  * Extract `key=value` metrics from `EngineResult.eventRefs`. The adapter
  * already emits the canonical strings (`tool_calls=N`, `turns=N`,
@@ -3023,6 +3713,33 @@ async function jobs(args, flags, session) {
         process.exitCode = exitCode;
     }
 }
+/**
+ * `pugi deploy` — Wave 3 P2 (Task #34, 2026-05-25). Thin shim into
+ * `src/commands/deploy.ts`. The shim adapts the global `CliFlags` shape
+ * to the deploy-specific flag set + exposes the credential store via
+ * `resolveRuntimeConfig` so the deploy module stays decoupled from the
+ * CLI's auth bootstrap.
+ */
+async function dispatchDeploy(args, flags, _session) {
+    // Triple-review #391 P2: the global `parseArgs` in this file consumes
+    // `--json` before the per-command args reach us, so `runDeployCommand`'s
+    // internal parser never sees it and the JSON envelope path is silently
+    // skipped. Re-inject the flag so downstream parsing surfaces the JSON
+    // output contract the operator asked for. Idempotent: if the user wrote
+    // `pugi deploy --json ...` the global parser stripped it; if they wrote
+    // `pugi --json deploy ...` ditto. Either way the global flag is the
+    // single source of truth and we forward it verbatim.
+    const forwardedArgs = flags.json && !args.includes('--json') ? [...args, '--json'] : args;
+    const exitCode = await runDeployCommand(forwardedArgs, {
+        write: (text) => process.stdout.write(text),
+        writeError: (text) => process.stderr.write(text.endsWith('\n') ? text : `${text}\n`),
+    }, {
+        resolveConfig: () => resolveRuntimeConfig(),
+    });
+    if (exitCode !== 0) {
+        process.exitCode = exitCode;
+    }
+}
 function notImplemented(command) {
     return async (_args, flags) => {
         const payload = {
@@ -3058,13 +3775,18 @@ function ensurePugiGitIgnore(cwd, created, skipped) {
  * REPL header in sync with `pwd` lets the operator orient at a glance.
  * Empty / pathological cwd values (a worktree resolved to `/`) fall
  * back to `workspace` so the header never collapses.
+ *
+ * α6.14.2 wave 5: when the cwd has no project markers (no .git, no
+ * package.json, no PUGI.md), the resolver returns the explicit "not
+ * bound" warning instead of a stray parent-dir basename. CEO 2026-05-25
+ * dogfood surfaced the bug — launching `pugi` from `codeforge-io/`
+ * (the parent of all checkouts) leaked `codeforge-io` into the splash
+ * as if it were a real workspace. Mira/Pugi can NOT bind on that. The
+ * decision lives in `core/repl/workspace-context.ts` so the splash +
+ * status bar agree on a single label.
  */
 function workspaceLabel(cwd) {
-    const segments = cwd.split('/').filter((s) => s.length > 0);
-    const last = segments[segments.length - 1];
-    if (!last || last.length === 0)
-        return 'workspace';
-    return last;
+    return resolveWorkspaceLabel(cwd);
 }
 function ensureDir(path, created, skipped) {
     if (existsSync(path)) {
@@ -3286,22 +4008,41 @@ const PROTECTED_DIFF_EXCLUDES = [
     // Basename excludes apply at the repo root AND in any subdirectory
     // (e.g. `apps/foo/.env`) via the `**/<name>` glob form. Without the
     // `**/` prefix, git's literal pathspec syntax would only match the
-    // repo root and silently let a subdir `.env` ship in the diff —
+    // repo root and silently let a subdir `.env` ship in the diff -
     // common pitfall in pnpm/turbo monorepos.
+    //
+    // Keep this list in sync with `PROTECTED_PATHSPEC_EXCLUDES` in
+    // `apps/pugi-cli/src/core/consensus/diff-capture.ts`. Both surfaces
+    // (legacy triple-review + consensus fan-out) enforce the same egress
+    // contract; divergence creates an adversarial-PR leak window.
     ':(exclude,glob)**/.env',
     ':(exclude,glob)**/.env.*',
     ':(exclude,glob)**/.npmrc',
     ':(exclude,glob)**/.yarnrc',
     ':(exclude,glob)**/.pypirc',
     ':(exclude,glob)**/.gitconfig',
+    ':(exclude,glob)**/.netrc',
     ':(exclude,glob)**/id_rsa',
     ':(exclude,glob)**/id_ed25519',
+    ':(exclude,glob)**/id_ecdsa',
+    ':(exclude,glob)**/id_dsa',
     ':(exclude,glob)**/*.pem',
     ':(exclude,glob)**/*.key',
     ':(exclude,glob)**/*.crt',
+    ':(exclude,glob)**/*.cer',
+    ':(exclude,glob)**/*.der',
+    ':(exclude,glob)**/*.pfx',
     ':(exclude,glob)**/*.p12',
     ':(exclude,glob)**/*.dump',
     ':(exclude,glob)**/*.sql',
+    ':(exclude,glob)**/*.secret',
+    ':(exclude,glob)**/credentials',
+    ':(exclude,glob)**/credentials.json',
+    // Use `secrets/**` (not `secrets/*`) so nested credential paths
+    // recurse - with glob pathspec magic a single `*` does not cross path
+    // separators, so the non-recursive form would let `secrets/prod/x.key`
+    // ship in the diff payload.
+    ':(exclude,glob)**/secrets/**',
 ];
 function collectUntrackedSummary(root) {
     const raw = safeGit(root, ['ls-files', '--others', '--exclude-standard']);
@@ -3318,12 +4059,28 @@ function collectUntrackedSummary(root) {
     return { paths: visible.slice(0, 50), excludedProtected: excluded };
 }
 function isProtectedPath(path) {
+    // Keep in sync with PROTECTED_DIFF_EXCLUDES above. This filter
+    // applies to the untracked-files summary surfaced to operators; the
+    // pathspec excludes apply at the egress / diff capture layer.
     const base = path.split('/').pop() ?? path;
     if (base === '.env' || base.startsWith('.env.'))
         return true;
-    if (['.npmrc', '.yarnrc', '.pypirc', '.gitconfig', 'id_rsa', 'id_ed25519'].includes(base))
+    const exactNames = [
+        '.npmrc',
+        '.yarnrc',
+        '.pypirc',
+        '.gitconfig',
+        '.netrc',
+        'id_rsa',
+        'id_ed25519',
+        'id_ecdsa',
+        'id_dsa',
+        'credentials',
+        'credentials.json',
+    ];
+    if (exactNames.includes(base))
         return true;
-    return /\.(pem|key|crt|p12|dump|sql)$/i.test(base);
+    return /\.(pem|key|crt|cer|der|pfx|p12|dump|sql|secret)$/i.test(base);
 }
 function safeReadJson(path) {
     try {