@pugi/cli 0.1.0-alpha.9 → 0.1.0-beta.2

package/dist/core/consensus/diff-capture.js

@@ -0,0 +1,382 @@
+/**
+ * Diff capture — `pugi review --consensus` (α6.7).
+ *
+ * Captures the diff that the consensus fan-out will send to Anvil. Four
+ * supported source kinds (in order of precedence):
+ *
+ *   1. `--pr <number>`    — uses `gh pr diff <num>` (gh CLI required).
+ *   2. `--commit <sha>`   — diff of that commit vs its first parent.
+ *   3. `--branch <name>`  — diff of HEAD vs `origin/<name>` merge-base.
+ *   4. (default)          — diff of HEAD vs `origin/main` merge-base
+ *                           covering BOTH committed-since-base AND
+ *                           uncommitted (staged + working tree) edits.
+ *
+ * The shape mirrors the existing `performRemoteTripleReview` flow:
+ * uncommitted edits are deliberately included by computing the diff
+ * against the merge-base SHA rather than `base...HEAD`, otherwise the
+ * common case ("review what I'm about to commit") would lose signal.
+ *
+ * Protected paths (`.env*`, `*.key`, `*.pem`, `*.sql` etc) are excluded
+ * at the git layer so a secret cannot leak into the egress payload even
+ * if the operator has it staged.
+ */
+import { execFileSync } from 'node:child_process';
+/**
+ * Hard cap on the diff payload sent egress. Anvil enforces its own cap
+ * server-side; this is a defense-in-depth so a runaway monorepo merge
+ * doesn't OOM the SSE encoder. 1 MiB ≈ 30k LOC, which is well above the
+ * largest review the rubric can reason about.
+ */
+export const DIFF_MAX_BYTES = 1 * 1024 * 1024;
+/**
+ * Git pathspec exclusions for sensitive blobs. This is the source of truth
+ * for both the consensus surface AND the legacy `PROTECTED_DIFF_EXCLUDES`
+ * in cli.ts; keep both lists in sync when adding new patterns.
+ *
+ * Coverage policy: a credential committed under ANY plausible filename
+ * pattern must be excluded. Adversarial PRs can stage secrets under
+ * unconventional names (deploy.crt, credentials, .netrc) to bypass a
+ * narrow exclude list and exfiltrate to the reviewer payload.
+ *
+ * Pathspec form `:(exclude,glob)<starstar>/<pattern>` (where `<starstar>`
+ * is the `*` `*` doubled glob) matches at the repo root AND in any
+ * subdirectory; without the doubled-star prefix git's literal pathspec
+ * syntax silently misses subdir matches in pnpm/turbo monorepos.
+ */
+export const PROTECTED_PATHSPEC_EXCLUDES = Object.freeze([
+    // Dotfiles + RC files that frequently hold tokens.
+    ':(exclude,glob)**/.env',
+    ':(exclude,glob)**/.env.*',
+    ':(exclude,glob)**/.npmrc',
+    ':(exclude,glob)**/.yarnrc',
+    ':(exclude,glob)**/.pypirc',
+    ':(exclude,glob)**/.gitconfig',
+    ':(exclude,glob)**/.netrc',
+    // SSH private keys (every algorithm we have seen committed in the wild).
+    ':(exclude,glob)**/id_rsa',
+    ':(exclude,glob)**/id_ed25519',
+    ':(exclude,glob)**/id_ecdsa',
+    ':(exclude,glob)**/id_dsa',
+    // PEM-encoded + DER-encoded private keys / certs / containers.
+    ':(exclude,glob)**/*.pem',
+    ':(exclude,glob)**/*.key',
+    ':(exclude,glob)**/*.crt',
+    ':(exclude,glob)**/*.cer',
+    ':(exclude,glob)**/*.der',
+    ':(exclude,glob)**/*.pfx',
+    ':(exclude,glob)**/*.p12',
+    // SQL dumps / DB exports often contain real PII + credentials.
+    ':(exclude,glob)**/*.dump',
+    ':(exclude,glob)**/*.sql',
+    // Generic credential blobs under any directory.
+    ':(exclude,glob)**/*.secret',
+    ':(exclude,glob)**/credentials',
+    ':(exclude,glob)**/credentials.json',
+    // `secrets/**` (not `secrets/*`) so nested credential paths recurse:
+    // `secrets/prod/token.txt`, `apps/foo/secrets/nested/key`, and any
+    // arbitrarily deep `**/secrets/<...>/<file>` get excluded. With glob
+    // pathspec magic enabled, a single `*` does NOT cross path separators,
+    // so the non-recursive form would leak nested-directory secrets.
+    ':(exclude,glob)**/secrets/**',
+]);
+/**
+ * Captures the diff per the source spec and returns the augmented payload
+ * plus narrative context (branch, commit, title) that gets attached to
+ * the egress request.
+ *
+ * Errors are returned as thrown `Error` instances; the caller (the
+ * command handler) translates them to JSON error payloads + exit codes
+ * so the CLI never crashes on a malformed ref.
+ */
+export function captureDiff(spec) {
+    const cwd = spec.cwd ?? process.cwd();
+    // Source precedence: pr > commit > branch > default.
+    if (typeof spec.pr === 'number' && Number.isFinite(spec.pr) && spec.pr > 0) {
+        return captureFromPr(cwd, spec.pr);
+    }
+    if (typeof spec.commit === 'string' && spec.commit.length > 0) {
+        return captureFromCommit(cwd, spec.commit);
+    }
+    if (typeof spec.branch === 'string' && spec.branch.length > 0) {
+        return captureFromBranch(cwd, spec.branch, spec.baseRef ?? 'origin/main');
+    }
+    return captureFromBase(cwd, spec.baseRef ?? 'origin/main');
+}
+function captureFromPr(cwd, pr) {
+    // CRITICAL: `gh pr diff <num>` bypasses PROTECTED_PATHSPEC_EXCLUDES,
+    // exfiltrating `.env`, `*.key`, `*.pem`, `*.sql`, secrets/* to the
+    // reviewer payload. We instead fetch the PR head ref locally and run
+    // `git diff` with the same pathspec excludes as every other capture
+    // path. PR metadata still comes from `gh pr view` (read-only).
+    const metaRaw = safeExec(cwd, 'gh', ['pr', 'view', String(pr), '--json', 'title,headRefName,headRefOid,baseRefName']);
+    const meta = safeParseJson(metaRaw);
+    const tempRef = `refs/pugi/consensus-pr-${pr}`;
+    // Fetch the PR head into a private ref so we have local objects to
+    // diff against. `pull/<num>/head` is GitHub's special refspec exposed
+    // to anyone with read access on the repo.
+    safeExec(cwd, 'git', ['fetch', 'origin', `pull/${pr}/head:${tempRef}`]);
+    try {
+        // Resolve the base ref to diff against. Prefer the PR's declared
+        // base; fall back to `origin/main`. We compute the merge-base so a
+        // PR that's behind main still shows only the author's hunks.
+        const baseRef = meta?.baseRefName ? `origin/${meta.baseRefName}` : 'origin/main';
+        const mergeBase = safeExecOptional(cwd, 'git', ['merge-base', baseRef, tempRef]).trim();
+        const range = mergeBase ? `${mergeBase}..${tempRef}` : `${baseRef}..${tempRef}`;
+        const diff = safeExec(cwd, 'git', [
+            'diff',
+            range,
+            '--',
+            '.',
+            ...PROTECTED_PATHSPEC_EXCLUDES,
+        ]);
+        const cappedDiff = capDiff(diff);
+        const stats = computeStats(cappedDiff);
+        return {
+            diff: cappedDiff,
+            context: {
+                branch: meta?.headRefName ?? `pr-${pr}`,
+                commit: shortSha(meta?.headRefOid ?? ''),
+                title: meta?.title ?? `PR #${pr}`,
+                ref: `pr:${pr}`,
+                stats,
+            },
+        };
+    }
+    finally {
+        // Best-effort cleanup of the private ref. Never throw from the
+        // cleanup path so the operator's primary error (if any) reaches them.
+        try {
+            safeExec(cwd, 'git', ['update-ref', '-d', tempRef]);
+        }
+        catch {
+            // Swallow: a leftover ref under refs/pugi/ is harmless. The next
+            // run will overwrite it via `fetch ... :ref` anyway.
+        }
+    }
+}
+function captureFromCommit(cwd, commit) {
+    // `<sha>~1..<sha>` covers exactly that commit's changes. For a ROOT
+    // commit (no parent) the `~1` lookup explodes and produces an empty
+    // diff masquerading as success. Detect this up front and fall back
+    // to the git empty-tree sha so the first commit's introduction shows
+    // up in the diff.
+    const fullSha = safeExec(cwd, 'git', ['rev-parse', commit]).trim();
+    if (!fullSha)
+        throw new Error(`Unknown commit ref: ${commit}`);
+    // Probe for a parent. `rev-parse --verify <sha>~1` exits non-zero on
+    // a root commit; we treat that as "diff against the empty tree".
+    const hasParent = safeExecOptional(cwd, 'git', ['rev-parse', '--verify', `${fullSha}~1`]).trim().length > 0;
+    // The well-known git "empty tree" SHA. Stable across all git versions
+    // since 2005; documented in `git hash-object -t tree /dev/null`.
+    const EMPTY_TREE_SHA = '4b825dc642cb6eb9a060e54bf8d69288fbee4904';
+    const range = hasParent ? `${fullSha}~1..${fullSha}` : `${EMPTY_TREE_SHA}..${fullSha}`;
+    const diff = safeExec(cwd, 'git', [
+        'diff',
+        range,
+        '--',
+        '.',
+        ...PROTECTED_PATHSPEC_EXCLUDES,
+    ]);
+    const cappedDiff = capDiff(diff);
+    const subject = safeExec(cwd, 'git', ['log', '-1', '--pretty=%s', fullSha]).trim();
+    const branch = safeExec(cwd, 'git', ['name-rev', '--name-only', fullSha]).trim() || 'detached';
+    const stats = computeStats(cappedDiff);
+    return {
+        diff: cappedDiff,
+        context: {
+            branch,
+            commit: shortSha(fullSha),
+            title: subject || `commit ${shortSha(fullSha)}`,
+            ref: `commit:${shortSha(fullSha)}`,
+            stats,
+        },
+    };
+}
+function captureFromBranch(cwd, branch, baseRef) {
+    const remoteRef = branch.includes('/') ? branch : `origin/${branch}`;
+    const mergeBase = safeExec(cwd, 'git', ['merge-base', baseRef, remoteRef]).trim();
+    if (!mergeBase)
+        throw new Error(`Cannot compute merge-base of ${baseRef} and ${remoteRef}`);
+    const diff = safeExec(cwd, 'git', [
+        'diff',
+        `${mergeBase}..${remoteRef}`,
+        '--',
+        '.',
+        ...PROTECTED_PATHSPEC_EXCLUDES,
+    ]);
+    const cappedDiff = capDiff(diff);
+    const head = safeExec(cwd, 'git', ['rev-parse', remoteRef]).trim();
+    const subject = safeExec(cwd, 'git', ['log', '-1', '--pretty=%s', remoteRef]).trim();
+    const stats = computeStats(cappedDiff);
+    return {
+        diff: cappedDiff,
+        context: {
+            branch,
+            commit: shortSha(head),
+            title: subject || `branch ${branch}`,
+            ref: `branch:${branch}`,
+            stats,
+        },
+    };
+}
+function captureFromBase(cwd, baseRef) {
+    // The default surface — diff HEAD against the merge-base of the
+    // protected base. When the merge-base lookup fails (shallow clone,
+    // no upstream, baseRef not configured), fall back to the working-tree
+    // diff so the consensus gate still has signal rather than crashing.
+    const mergeBase = safeExecOptional(cwd, 'git', ['merge-base', baseRef, 'HEAD']).trim();
+    if (mergeBase) {
+        // Two parts (non-overlapping):
+        //   1. Committed since base:  `<base>..HEAD`
+        //   2. Uncommitted (staged + working tree as a single union): `git diff HEAD`
+        // `git diff HEAD` already reports BOTH staged AND working-tree
+        // changes relative to HEAD, so we MUST NOT add a separate
+        // `--cached` invocation: doing so emits the same staged hunks
+        // twice, inflating reviewer cost and confusing the rubric on
+        // duplicate-finding correlation.
+        const committedDiff = safeExec(cwd, 'git', [
+            'diff',
+            `${mergeBase}..HEAD`,
+            '--',
+            '.',
+            ...PROTECTED_PATHSPEC_EXCLUDES,
+        ]);
+        const uncommittedDiff = safeExec(cwd, 'git', [
+            'diff',
+            'HEAD',
+            '--',
+            '.',
+            ...PROTECTED_PATHSPEC_EXCLUDES,
+        ]);
+        const combined = [committedDiff, uncommittedDiff]
+            .map((s) => s.trim())
+            .filter((s) => s.length > 0)
+            .join('\n');
+        const cappedDiff = capDiff(combined);
+        const branch = safeExec(cwd, 'git', ['branch', '--show-current']).trim() || 'detached';
+        const head = safeExec(cwd, 'git', ['rev-parse', 'HEAD']).trim();
+        const subject = safeExec(cwd, 'git', ['log', '-1', '--pretty=%s', 'HEAD']).trim();
+        const stats = computeStats(cappedDiff);
+        return {
+            diff: cappedDiff,
+            context: {
+                branch,
+                commit: shortSha(head),
+                title: subject || branch,
+                ref: `merge-base:${baseRef}`,
+                stats,
+            },
+        };
+    }
+    // Fallback path: no merge-base available. `git diff HEAD` reports
+    // BOTH staged AND working-tree changes relative to HEAD in a single
+    // unified diff, so it's the right one-shot capture for "what would I
+    // commit if I ran `git add -A && git commit` right now". A separate
+    // `--cached` call would double-report the staged hunks.
+    const cappedDiff = capDiff(safeExec(cwd, 'git', ['diff', 'HEAD', '--', '.', ...PROTECTED_PATHSPEC_EXCLUDES]));
+    const branch = safeExec(cwd, 'git', ['branch', '--show-current']).trim() || 'detached';
+    const head = safeExec(cwd, 'git', ['rev-parse', 'HEAD']).trim();
+    const subject = safeExec(cwd, 'git', ['log', '-1', '--pretty=%s', 'HEAD']).trim();
+    const stats = computeStats(cappedDiff);
+    return {
+        diff: cappedDiff,
+        context: {
+            branch,
+            commit: shortSha(head),
+            title: subject || branch,
+            ref: 'head-only',
+            stats,
+        },
+    };
+}
+/**
+ * Non-throwing variant of `safeExec`. Returns an empty string on
+ * non-zero exit instead of throwing. Used for the optional `merge-base`
+ * lookup which fails legitimately in shallow clones / no-upstream setups.
+ */
+function safeExecOptional(cwd, file, args) {
+    try {
+        return safeExec(cwd, file, args);
+    }
+    catch {
+        return '';
+    }
+}
+/** Compute file / insertion / deletion counts from a unified diff. */
+function computeStats(diff) {
+    let filesChanged = 0;
+    let insertions = 0;
+    let deletions = 0;
+    for (const line of diff.split(/\r?\n/)) {
+        if (line.startsWith('diff --git '))
+            filesChanged += 1;
+        else if (line.startsWith('+') && !line.startsWith('+++'))
+            insertions += 1;
+        else if (line.startsWith('-') && !line.startsWith('---'))
+            deletions += 1;
+    }
+    return { filesChanged, insertions, deletions };
+}
+/**
+ * Truncate the diff if it grows past `DIFF_MAX_BYTES`. Truncation is
+ * marked with a sentinel comment so reviewers see the cap explicitly
+ * instead of silently reasoning over a partial patch.
+ */
+function capDiff(diff) {
+    // `Buffer.byteLength` is required — `.length` counts UTF-16 code units
+    // and underestimates multi-byte sequences common in diffs that touch
+    // i18n / cyrillic content.
+    if (Buffer.byteLength(diff, 'utf8') <= DIFF_MAX_BYTES)
+        return diff;
+    // Slice by code units, then re-check byte length. UTF-8 is variable-
+    // width, so 1 MiB of code units can exceed the cap; iterate until it
+    // fits. Two passes is the worst case for any reasonable input.
+    let slice = diff.slice(0, DIFF_MAX_BYTES);
+    while (Buffer.byteLength(slice, 'utf8') > DIFF_MAX_BYTES && slice.length > 0) {
+        slice = slice.slice(0, slice.length - 1024);
+    }
+    return `${slice}\n\n# [pugi-cli] diff truncated at ${DIFF_MAX_BYTES} bytes; reviewers see a partial patch.\n`;
+}
+function shortSha(sha) {
+    if (!sha)
+        return '';
+    return sha.length > 7 ? sha.slice(0, 7) : sha;
+}
+/**
+ * Wrapper around `execFileSync` that returns stdout as a UTF-8 string,
+ * swallows stderr, and throws with a stable shape on non-zero exit.
+ *
+ * The `execFileSync` form avoids shell injection (no shell process is
+ * spawned), which matters because we pass user-supplied refs / branch
+ * names into the command line.
+ */
+function safeExec(cwd, file, args) {
+    try {
+        const out = execFileSync(file, args, {
+            cwd,
+            stdio: ['ignore', 'pipe', 'pipe'],
+            // 32 MiB buffer — covers the worst-case PR diff before our 1 MiB
+            // cap kicks in. The cap is applied after capture so we can report
+            // truncation honestly.
+            maxBuffer: 32 * 1024 * 1024,
+            encoding: 'utf8',
+        });
+        // Specifying `encoding: 'utf8'` narrows the return type to string,
+        // but TS still types `out` as `string` always here — defensively
+        // coerce via `String()` to satisfy lint without an `as` cast.
+        return String(out);
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        throw new Error(`${file} ${args.slice(0, 2).join(' ')} failed: ${message.split('\n')[0]}`);
+    }
+}
+function safeParseJson(raw) {
+    try {
+        return JSON.parse(raw);
+    }
+    catch {
+        return null;
+    }
+}
+//# sourceMappingURL=diff-capture.js.map

package/dist/core/consensus/rubric.js

@@ -0,0 +1,233 @@
+/**
+ * Consensus rubric — `pugi review --consensus` (α6.7).
+ *
+ * Three independent reviewers (Codex / Claude / DeepSeek) produce findings
+ * tagged `[P0]` / `[P1]` / `[P2]` / `[P3]`. The rubric translates the per-
+ * reviewer severity vector into one of `PASS` / `WARN` / `BLOCK`.
+ *
+ * Rubric (verbatim from /triple-review skill + admin-api OES MCP triple_review):
+ *
+ *   any reviewer reports [P0]              -> BLOCK
+ *   two or more reviewers report [P1]      -> BLOCK   (consensus)
+ *   exactly one reviewer reports [P1]      -> WARN    (asymmetric)
+ *   no reviewer reports [P0] or [P1]       -> PASS    (P2/P3 only)
+ *   every reviewer errored                 -> BLOCK   (no signal)
+ *
+ * The rubric never reads model text beyond the severity markers; the
+ * reviewer-side narrative is shown to the operator unchanged. Keeping the
+ * verdict deterministic + LLM-free is the entire point of the gate (CEO
+ * directive 2026-05-19): a model that disagrees with the rubric can be
+ * audited, a model that produces the verdict cannot.
+ */
+/**
+ * Regex matches the `[P0]` / `[P1]` / `[P2]` / `[P3]` token at the start
+ * of a line OR inline. Accepts surrounding whitespace and lowercase form.
+ * The line-anchored `m` flag scans every line; `g` allows `matchAll`.
+ *
+ * The capture group on the digit lets `parseFindings` reconstruct the
+ * severity without a second regex. Square brackets are escaped because
+ * the JS regex engine treats `[` as a character class otherwise.
+ */
+const SEVERITY_TOKEN = /\[\s*[Pp]([0-3])\s*\]/g;
+/**
+ * Parse a raw reviewer text blob into structured findings.
+ *
+ * Heuristics (intentionally permissive — different models format very
+ * differently and a strict parser would drop signal):
+ *
+ *   1. Split the text on `[Px]` tokens, preserving the marker.
+ *   2. Each marker starts a new finding. The summary is the rest of the
+ *      same line (and the next line if the first is `:` or empty after
+ *      stripping whitespace).
+ *   3. Empty / whitespace-only summaries are dropped — a bare `[P1]`
+ *      with no context cannot be acted on, and treating it as a finding
+ *      would falsely trigger consensus.
+ */
+export function parseFindings(raw) {
+    if (typeof raw !== 'string' || raw.length === 0)
+        return [];
+    const findings = [];
+    // Track marker positions so we can slice the summary up to the next
+    // marker without quadratic re-scans.
+    const markers = [];
+    // Reset lastIndex defensively — `matchAll` allocates its own iterator,
+    // but belt-and-braces against a future caller passing a stateful regex.
+    SEVERITY_TOKEN.lastIndex = 0;
+    for (const match of raw.matchAll(SEVERITY_TOKEN)) {
+        const digit = match[1] ?? '';
+        const severity = `P${digit}`;
+        markers.push({ severity, index: match.index ?? 0, matchLength: match[0].length });
+    }
+    for (let i = 0; i < markers.length; i += 1) {
+        const marker = markers[i];
+        const start = marker.index + marker.matchLength;
+        const end = i + 1 < markers.length ? markers[i + 1].index : raw.length;
+        const slice = raw.slice(start, end);
+        const summary = extractSummary(slice);
+        if (summary.length === 0)
+            continue;
+        findings.push({ severity: marker.severity, summary });
+    }
+    return findings;
+}
+/**
+ * Extract a single-line summary from the text following a severity
+ * marker. Trims leading colon / dash / whitespace; truncates at the
+ * first newline so multi-paragraph findings render as one line in the
+ * REPL transcript (the full reviewer text stays available in `rawContent`).
+ */
+function extractSummary(slice) {
+    let cursor = 0;
+    while (cursor < slice.length && /[\s:\-—–]/.test(slice[cursor]))
+        cursor += 1;
+    const tail = slice.slice(cursor);
+    const newlineIdx = tail.search(/\r?\n/);
+    const oneLine = newlineIdx === -1 ? tail : tail.slice(0, newlineIdx);
+    return oneLine.trim();
+}
+/**
+ * Compute the highest BLOCKING severity from a finding list. Returns
+ * `null` when the reviewer is clean for gating purposes, i.e. either:
+ *   - no findings at all, OR
+ *   - only P2 / P3 findings (informational, non-blocking by rubric).
+ *
+ * `null` is the right contract for downstream tooling that gates on
+ * "did this reviewer flag anything that should block ship?" - the
+ * rubric in `aggregate` already treats P2/P3 as non-blocking, so an
+ * external `topSeverity === null` check matches the gate's semantics
+ * exactly without re-parsing the finding list.
+ *
+ * Per-finding severity is still preserved in `findings[].severity`
+ * for callers that want to surface P2/P3 counts in their UX.
+ *
+ * Returns the priority floor for blocking findings only: P0 > P1.
+ */
+export function topSeverityOf(findings) {
+    let best = null;
+    for (const finding of findings) {
+        if (finding.severity === 'P0')
+            return 'P0';
+        if (finding.severity === 'P1')
+            best = 'P1';
+        // P2 / P3 are non-blocking by rubric -> they do NOT contribute to
+        // topSeverity. They remain visible via `findings[].severity` for
+        // operators who want to see the full breakdown.
+    }
+    return best;
+}
+/**
+ * Convenience: parse a raw reviewer text blob into a `ReviewerVerdict`.
+ * `errored` defaults to false; callers that detected a transport-level
+ * failure should set it true and pass an empty raw string.
+ */
+export function reviewerVerdictFromRaw(reviewer, raw, errored = false) {
+    if (errored) {
+        return { reviewer, topSeverity: null, findings: [], errored: true };
+    }
+    const findings = parseFindings(raw);
+    return {
+        reviewer,
+        topSeverity: topSeverityOf(findings),
+        findings,
+        errored: false,
+    };
+}
+/**
+ * Apply the rubric to 1..N reviewer verdicts. The shape is N-aware so the
+ * same function handles the dev `/triple-review` 3-reviewer case AND a
+ * customer running with 2 reviewers (e.g. a tier that does not yet include
+ * DeepSeek).
+ */
+export function aggregate(verdicts) {
+    const totalReviewers = verdicts.length;
+    const erroredReviewers = verdicts.filter((v) => v.errored).length;
+    // Zero reviewers = zero signal. Falling through to the no-P0/no-P1
+    // branch would emit a false PASS — exactly the regression flagged by
+    // Codex during PR #370 review. Treat empty input as BLOCK so the gate
+    // fails closed when the backend returns no events at all (5xx that
+    // somehow drained the SSE, server-side bug, dispatcher misconfig).
+    if (totalReviewers === 0) {
+        return {
+            verdict: 'BLOCK',
+            p0Count: 0,
+            p1Count: 0,
+            p1Reviewers: 0,
+            reasoning: 'No reviewer signal: backend returned 0 events. Fail-closed BLOCK.',
+        };
+    }
+    if (totalReviewers > 0 && erroredReviewers === totalReviewers) {
+        return {
+            verdict: 'BLOCK',
+            p0Count: 0,
+            p1Count: 0,
+            p1Reviewers: 0,
+            reasoning: 'Every reviewer errored: no signal. Treating as BLOCK until at least one reviewer returns.',
+        };
+    }
+    let p0Count = 0;
+    let p1Count = 0;
+    let p1Reviewers = 0;
+    for (const verdict of verdicts) {
+        if (verdict.errored)
+            continue;
+        const p0 = verdict.findings.filter((f) => f.severity === 'P0').length;
+        const p1 = verdict.findings.filter((f) => f.severity === 'P1').length;
+        p0Count += p0;
+        p1Count += p1;
+        if (p1 > 0)
+            p1Reviewers += 1;
+    }
+    if (p0Count > 0) {
+        return {
+            verdict: 'BLOCK',
+            p0Count,
+            p1Count,
+            p1Reviewers,
+            reasoning: `${p0Count}x P0 finding${p0Count === 1 ? '' : 's'}: BLOCK (any P0 fails the gate).`,
+        };
+    }
+    if (p1Reviewers >= 2) {
+        return {
+            verdict: 'BLOCK',
+            p0Count,
+            p1Count,
+            p1Reviewers,
+            reasoning: `${p1Reviewers} reviewers each reported P1: consensus = likely real bug, BLOCK.`,
+        };
+    }
+    if (p1Reviewers === 1) {
+        return {
+            verdict: 'WARN',
+            p0Count,
+            p1Count,
+            p1Reviewers,
+            reasoning: 'One reviewer reported P1: asymmetric signal, examine the disagreement before merging.',
+        };
+    }
+    return {
+        verdict: 'PASS',
+        p0Count,
+        p1Count,
+        p1Reviewers,
+        reasoning: 'No P0 or P1 findings: PASS. P2/P3 findings are non-blocking.',
+    };
+}
+/**
+ * Map a rubric verdict to the conventional exit code Pugi CLI uses for
+ * gates (spec α6.7):
+ *
+ *   PASS  -> 0
+ *   WARN  -> 1
+ *   BLOCK -> 2
+ *
+ * The non-zero codes are distinct so a shell script can branch on the
+ * exact outcome without re-parsing stdout.
+ */
+export function exitCodeFor(verdict) {
+    if (verdict === 'PASS')
+        return 0;
+    if (verdict === 'WARN')
+        return 1;
+    return 2;
+}
+//# sourceMappingURL=rubric.js.map

package/dist/core/context/index.js

@@ -0,0 +1,21 @@
+/**
+ * Three-tier context model - α6.5 Phase 1 barrel.
+ *
+ * Bundles the four primitives so the REPL bootstrap can import from a
+ * single path:
+ *
+ *   import {
+ *     loadPugiIgnore,
+ *     buildRepoSkeleton,
+ *     renderSkeleton,
+ *     WorkingSet,
+ *     PugiWatcher,
+ *   } from '../context/index.js';
+ *
+ * No new logic lives here - just re-exports.
+ */
+export { BASELINE_IGNORE_PATTERNS, SECRET_IGNORE_PATTERNS, globalPugiIgnorePath, loadPugiIgnore, parsePatternText, readPatternFile, workspaceGitIgnorePath, workspacePugiIgnorePath, } from './pugiignore.js';
+export { COLLAPSE_DIR_ENTRIES, MAX_README_LINES, MAX_SKELETON_BYTES, MAX_TREE_DEPTH, MAX_WALK_NODES, TOP_LANGUAGES, buildRepoSkeleton, detectPackageManager, languageForExtension, readGitBranch, readPackageJson, readReadme, renderSkeleton, topLanguages, } from './repo-skeleton.js';
+export { DEFAULT_WORKING_SET_CAPACITY, WorkingSet, } from './working-set.js';
+export { MAX_WATCHED_PATHS, PugiWatcher, THROTTLE_WINDOW_MS, } from './watcher.js';
+//# sourceMappingURL=index.js.map