@pugi/cli 0.1.0-beta.1 → 0.1.0-beta.100

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (448) hide show
  1. package/CHANGELOG.md +132 -0
  2. package/LICENSE +1 -1
  3. package/README.md +53 -11
  4. package/THIRD_PARTY_NOTICES.md +40 -0
  5. package/assets/pugi-mascot.ansi +15 -40
  6. package/assets/pugi-prozr2-mascot.ansi +9 -0
  7. package/bin/run.js +33 -1
  8. package/dist/commands/deploy.js +40 -40
  9. package/dist/commands/flatten.js +191 -0
  10. package/dist/commands/jobs-watch.js +201 -0
  11. package/dist/commands/jobs.js +42 -27
  12. package/dist/commands/retro.js +210 -0
  13. package/dist/commands/smoke.js +133 -0
  14. package/dist/core/agent-progress/cleanup.js +134 -0
  15. package/dist/core/agent-progress/schema.js +144 -0
  16. package/dist/core/agent-progress/writer.js +101 -0
  17. package/dist/core/agents/adaptive-router.js +330 -0
  18. package/dist/core/agents/query-decomposer.js +297 -0
  19. package/dist/core/agents/registry.js +3 -3
  20. package/dist/core/approvals/shortcut-resolver.js +98 -0
  21. package/dist/core/artifact-chain/dispatcher.js +148 -0
  22. package/dist/core/artifact-chain/exporter.js +164 -0
  23. package/dist/core/artifact-chain/state.js +243 -0
  24. package/dist/core/artifact-chain/steps.js +169 -0
  25. package/dist/core/ask-user/question.js +92 -0
  26. package/dist/core/audit/audit-trail.js +275 -0
  27. package/dist/core/auth/ensure-authenticated.js +129 -0
  28. package/dist/core/auth/env-provider.js +238 -0
  29. package/dist/core/auto-open-browser.js +4 -4
  30. package/dist/core/auto-update/channels.js +122 -0
  31. package/dist/core/auto-update/checker.js +241 -0
  32. package/dist/core/auto-update/state.js +235 -0
  33. package/dist/core/bare-mode/index.js +107 -0
  34. package/dist/core/bash/redirect.js +281 -0
  35. package/dist/core/bash-classifier.js +436 -40
  36. package/dist/core/checkpoint/resumer.js +149 -0
  37. package/dist/core/checkpoint/rewinder.js +291 -0
  38. package/dist/core/checkpoints/shadow-git.js +670 -0
  39. package/dist/core/citations/parser.js +109 -0
  40. package/dist/core/classifier/yolo-classifier.js +88 -0
  41. package/dist/core/codegraph/db.js +506 -0
  42. package/dist/core/codegraph/decision-store.js +248 -0
  43. package/dist/core/codegraph/detect-repo.js +459 -0
  44. package/dist/core/codegraph/install.js +134 -0
  45. package/dist/core/codegraph/offer-hook.js +220 -0
  46. package/dist/core/codegraph/parser.js +71 -0
  47. package/dist/core/codegraph/types.js +34 -0
  48. package/dist/core/compact/auto-trigger.js +96 -0
  49. package/dist/core/compact/buffer-rewriter.js +115 -0
  50. package/dist/core/compact/summarizer.js +208 -0
  51. package/dist/core/compact/token-counter.js +108 -0
  52. package/dist/core/consensus/anvil-fanout.js +25 -25
  53. package/dist/core/consensus/diff-capture.js +121 -12
  54. package/dist/core/consensus/rubric.js +21 -21
  55. package/dist/core/context/builder.js +6 -6
  56. package/dist/core/context/compaction-events.js +8 -8
  57. package/dist/core/context/compaction.js +31 -31
  58. package/dist/core/context/index.js +15 -8
  59. package/dist/core/context/invariants.js +51 -51
  60. package/dist/core/context/markdown-loader.js +28 -10
  61. package/dist/core/context/markdown-traverse.js +255 -0
  62. package/dist/core/context/pugiignore.js +41 -41
  63. package/dist/core/context/repo-skeleton.js +37 -37
  64. package/dist/core/context/tool-eviction.js +55 -0
  65. package/dist/core/context/watcher.js +32 -32
  66. package/dist/core/context/working-set.js +23 -23
  67. package/dist/core/coordinator/agent-tools.js +77 -0
  68. package/dist/core/coordinator/agent-toolset.js +65 -0
  69. package/dist/core/coordinator/fsm.js +73 -0
  70. package/dist/core/coordinator/mode-fsm.js +70 -0
  71. package/dist/core/cost/rate-card.js +129 -0
  72. package/dist/core/cost/tracker.js +221 -0
  73. package/dist/core/credentials.js +13 -13
  74. package/dist/core/cron/scheduler.js +138 -0
  75. package/dist/core/denial-tracking/index.js +8 -0
  76. package/dist/core/denial-tracking/state.js +264 -0
  77. package/dist/core/diagnostics/probe-runner.js +93 -0
  78. package/dist/core/diagnostics/probes/api.js +46 -0
  79. package/dist/core/diagnostics/probes/auth.js +93 -0
  80. package/dist/core/diagnostics/probes/bare-mode.js +42 -0
  81. package/dist/core/diagnostics/probes/cli-version.js +127 -0
  82. package/dist/core/diagnostics/probes/config.js +72 -0
  83. package/dist/core/diagnostics/probes/denial-tracking.js +57 -0
  84. package/dist/core/diagnostics/probes/disk.js +81 -0
  85. package/dist/core/diagnostics/probes/engine-live.js +46 -0
  86. package/dist/core/diagnostics/probes/git.js +65 -0
  87. package/dist/core/diagnostics/probes/hooks.js +118 -0
  88. package/dist/core/diagnostics/probes/mcp.js +75 -0
  89. package/dist/core/diagnostics/probes/node.js +59 -0
  90. package/dist/core/diagnostics/probes/pnpm.js +36 -0
  91. package/dist/core/diagnostics/probes/pugi-md.js +89 -0
  92. package/dist/core/diagnostics/probes/sandbox.js +72 -0
  93. package/dist/core/diagnostics/probes/session.js +74 -0
  94. package/dist/core/diagnostics/probes/status-snapshot.js +488 -0
  95. package/dist/core/diagnostics/probes/workspace.js +63 -0
  96. package/dist/core/diagnostics/types.js +70 -0
  97. package/dist/core/dispatch/cache-cleanup.js +197 -0
  98. package/dist/core/dispatch/cache-handoff.js +295 -0
  99. package/dist/core/edits/apply-patch-layer-e.js +189 -0
  100. package/dist/core/edits/dispatch.js +333 -7
  101. package/dist/core/edits/format-detector.js +260 -0
  102. package/dist/core/edits/format-matrix.js +26 -0
  103. package/dist/core/edits/fuzzy-ladder.js +650 -0
  104. package/dist/core/edits/index.js +5 -1
  105. package/dist/core/edits/journal.js +199 -0
  106. package/dist/core/edits/layer-a-apply.js +15 -15
  107. package/dist/core/edits/layer-a-fuzzy-apply.js +198 -0
  108. package/dist/core/edits/layer-b-apply.js +9 -9
  109. package/dist/core/edits/layer-c-apply.js +6 -6
  110. package/dist/core/edits/layer-d-ast.js +557 -14
  111. package/dist/core/edits/marker-parser.js +12 -12
  112. package/dist/core/edits/security-gate.js +27 -27
  113. package/dist/core/edits/verify-hook.js +273 -0
  114. package/dist/core/edits/worktree.js +322 -0
  115. package/dist/core/engine/anvil-client.js +214 -26
  116. package/dist/core/engine/auto-compact.js +247 -0
  117. package/dist/core/engine/budgets.js +220 -0
  118. package/dist/core/engine/compact-llm-summarizer.js +124 -0
  119. package/dist/core/engine/context-prefix.js +155 -0
  120. package/dist/core/engine/index.js +1 -1
  121. package/dist/core/engine/intensity.js +163 -0
  122. package/dist/core/engine/intent.js +260 -0
  123. package/dist/core/engine/native-pugi.js +1559 -227
  124. package/dist/core/engine/prompts.js +192 -16
  125. package/dist/core/engine/strip-internal-fields.js +124 -0
  126. package/dist/core/engine/tool-bridge.js +1887 -59
  127. package/dist/core/engine/verification-patterns.js +195 -0
  128. package/dist/core/evaluation/golden-dataset.js +293 -0
  129. package/dist/core/feedback/queue.js +177 -0
  130. package/dist/core/feedback/submitter.js +145 -0
  131. package/dist/core/file-cache.js +113 -1
  132. package/dist/core/flatten/flatten-repo.js +439 -0
  133. package/dist/core/format/osc8-link.js +28 -0
  134. package/dist/core/hook-chains.js +392 -0
  135. package/dist/core/hooks/citation-verify-hook.js +138 -0
  136. package/dist/core/hooks/citation-verify.js +112 -0
  137. package/dist/core/hooks/events.js +46 -0
  138. package/dist/core/hooks/index.js +15 -0
  139. package/dist/core/hooks/registry.js +216 -0
  140. package/dist/core/hooks/runner.js +236 -0
  141. package/dist/core/hooks/v2/event-emitter.js +115 -0
  142. package/dist/core/hooks/v2/executor.js +282 -0
  143. package/dist/core/hooks/v2/index.js +25 -0
  144. package/dist/core/hooks/v2/lifecycle.js +104 -0
  145. package/dist/core/hooks/v2/loader.js +216 -0
  146. package/dist/core/hooks/v2/matcher.js +125 -0
  147. package/dist/core/hooks/v2/trust.js +143 -0
  148. package/dist/core/hooks/v2/types.js +86 -0
  149. package/dist/core/hooks/worktree-events.js +158 -0
  150. package/dist/core/image/renderer.js +71 -0
  151. package/dist/core/init/detector.js +582 -0
  152. package/dist/core/init/template-renderer.js +242 -0
  153. package/dist/core/jobs/registry.js +18 -18
  154. package/dist/core/ledger/results-tsv.js +142 -0
  155. package/dist/core/log-discipline/stdout-redirect.js +51 -0
  156. package/dist/core/lsp/cache.js +105 -0
  157. package/dist/core/lsp/client.js +1229 -0
  158. package/dist/core/lsp/language-detect.js +66 -0
  159. package/dist/core/lsp/post-edit-diagnostics.js +171 -0
  160. package/dist/core/lsp/server-detect.js +173 -0
  161. package/dist/core/lsp/symbol-cache.js +162 -0
  162. package/dist/core/lsp/symbol-tools.js +664 -0
  163. package/dist/core/mcp/client.js +97 -28
  164. package/dist/core/mcp/http-server.js +553 -0
  165. package/dist/core/mcp/orchestrator-config.js +192 -0
  166. package/dist/core/mcp/orchestrator-tools.js +806 -0
  167. package/dist/core/mcp/permission.js +190 -0
  168. package/dist/core/mcp/registry.js +39 -17
  169. package/dist/core/mcp/server-tools.js +219 -0
  170. package/dist/core/mcp/server.js +397 -0
  171. package/dist/core/mcp/trust.js +10 -10
  172. package/dist/core/memory/dual-write.js +416 -0
  173. package/dist/core/memory/passive-extract.js +130 -0
  174. package/dist/core/memory/phase1-kinds.js +20 -0
  175. package/dist/core/memory/secret-scanner.js +304 -0
  176. package/dist/core/memory-sync/queue.js +170 -0
  177. package/dist/core/metrics/extract.js +113 -0
  178. package/dist/core/modes/roo-modes.js +68 -0
  179. package/dist/core/notes/notes-paths.js +113 -0
  180. package/dist/core/notes/notes-recorder.js +140 -0
  181. package/dist/core/notes/notes-writer.js +53 -0
  182. package/dist/core/notes/renderers.js +0 -0
  183. package/dist/core/notes/slug.js +105 -0
  184. package/dist/core/onboarding/ensure-initialized.js +133 -0
  185. package/dist/core/onboarding/marker.js +111 -0
  186. package/dist/core/onboarding/telemetry-state.js +108 -0
  187. package/dist/core/output-style/presets.js +176 -0
  188. package/dist/core/output-style/state.js +185 -0
  189. package/dist/core/path-security.js +287 -5
  190. package/dist/core/permission.js +82 -22
  191. package/dist/core/permissions/auto-classifier.js +124 -0
  192. package/dist/core/permissions/bash-parser.js +371 -0
  193. package/dist/core/permissions/circuit-breaker.js +83 -0
  194. package/dist/core/permissions/constrained-edit.js +91 -0
  195. package/dist/core/permissions/gate.js +278 -0
  196. package/dist/core/permissions/index.js +20 -0
  197. package/dist/core/permissions/mode.js +174 -0
  198. package/dist/core/permissions/network-egress.js +137 -0
  199. package/dist/core/permissions/state.js +241 -0
  200. package/dist/core/permissions/tool-class.js +107 -0
  201. package/dist/core/plan-mode/ui-state.js +51 -0
  202. package/dist/core/plans/plan-artifact.js +721 -0
  203. package/dist/core/policy-limits/etag-store.js +122 -0
  204. package/dist/core/prd-check/parser.js +215 -0
  205. package/dist/core/prd-check/reporter.js +127 -0
  206. package/dist/core/prd-check/session-review.js +557 -0
  207. package/dist/core/prd-check/verifiers.js +223 -0
  208. package/dist/core/prompt-cache/client-cache.js +99 -0
  209. package/dist/core/prompts/assembly.js +29 -0
  210. package/dist/core/prompts/registry.js +364 -0
  211. package/dist/core/pugi-gitignore.js +52 -0
  212. package/dist/core/pugi-md/cc-compat-rules.js +735 -0
  213. package/dist/core/pugi-md/context-injector.js +76 -0
  214. package/dist/core/pugi-md/walk-up.js +207 -0
  215. package/dist/core/python/uv-installer.js +270 -0
  216. package/dist/core/python/uv-resolver.js +83 -0
  217. package/dist/core/rate-limit/narrator.js +146 -0
  218. package/dist/core/recipes/cli-types.js +20 -0
  219. package/dist/core/recipes/loader.js +103 -0
  220. package/dist/core/recipes/runner.js +345 -0
  221. package/dist/core/recipes/schema.js +587 -0
  222. package/dist/core/release-notes/parser.js +241 -0
  223. package/dist/core/release-notes/state.js +116 -0
  224. package/dist/core/repl/ask.js +37 -37
  225. package/dist/core/repl/cancellation.js +26 -26
  226. package/dist/core/repl/cap-warning.js +4 -4
  227. package/dist/core/repl/clipboard-read.js +11 -11
  228. package/dist/core/repl/dispatch-fsm.js +12 -12
  229. package/dist/core/repl/engine-bridge.js +303 -0
  230. package/dist/core/repl/history-search.js +15 -15
  231. package/dist/core/repl/history.js +28 -18
  232. package/dist/core/repl/kill-ring.js +5 -5
  233. package/dist/core/repl/model-pricing.js +135 -0
  234. package/dist/core/repl/privacy-banner.js +22 -22
  235. package/dist/core/repl/session.js +2714 -228
  236. package/dist/core/repl/slash-commands.js +572 -40
  237. package/dist/core/repl/store/index.js +1 -1
  238. package/dist/core/repl/store/jsonl-log.js +22 -22
  239. package/dist/core/repl/store/lockfile.js +10 -10
  240. package/dist/core/repl/store/session-store.js +136 -107
  241. package/dist/core/repl/store/types.js +15 -15
  242. package/dist/core/repl/store/uuid-v7.js +12 -12
  243. package/dist/core/repl/tool-route.js +382 -0
  244. package/dist/core/repl/workspace-context.js +43 -21
  245. package/dist/core/repo-map/build.js +125 -0
  246. package/dist/core/repo-map/cache.js +185 -0
  247. package/dist/core/repo-map/extractor.js +254 -0
  248. package/dist/core/repo-map/formatter.js +145 -0
  249. package/dist/core/repo-map/page-rank.js +105 -0
  250. package/dist/core/repo-map/scanner.js +211 -0
  251. package/dist/core/retro/git-collector.js +251 -0
  252. package/dist/core/retro/health-card.js +25 -0
  253. package/dist/core/retro/metrics.js +342 -0
  254. package/dist/core/retro/narrative.js +249 -0
  255. package/dist/core/retro/plane-collector.js +274 -0
  256. package/dist/core/retro/pr-issue-link.js +65 -0
  257. package/dist/core/retro/types.js +16 -0
  258. package/dist/core/retry-budget/budget.js +284 -0
  259. package/dist/core/retry-budget/index.js +5 -0
  260. package/dist/core/retry-budget/retry-cap.js +74 -0
  261. package/dist/core/routing/lead-worker.js +43 -0
  262. package/dist/core/routing/pre-flight-estimator.js +108 -0
  263. package/dist/core/runs/run-tree.js +103 -0
  264. package/dist/core/sandboxing/adapter.js +29 -0
  265. package/dist/core/sandboxing/index.js +49 -0
  266. package/dist/core/sandboxing/none.js +19 -0
  267. package/dist/core/sandboxing/seatbelt.js +183 -0
  268. package/dist/core/security/injection-scanner.js +367 -0
  269. package/dist/core/security/output-filter.js +418 -0
  270. package/dist/core/session/env-file.js +105 -0
  271. package/dist/core/session/section-budgets.js +140 -0
  272. package/dist/core/session.js +119 -0
  273. package/dist/core/settings.js +378 -5
  274. package/dist/core/share/formatter.js +271 -0
  275. package/dist/core/share/redactor.js +221 -0
  276. package/dist/core/share/uploader.js +267 -0
  277. package/dist/core/skills/defaults.js +457 -0
  278. package/dist/core/skills/loader.js +22 -22
  279. package/dist/core/skills/sources.js +27 -27
  280. package/dist/core/smoke/headless-driver.js +174 -0
  281. package/dist/core/smoke/orchestrator.js +194 -0
  282. package/dist/core/smoke/runner.js +238 -0
  283. package/dist/core/smoke/scenario-parser.js +316 -0
  284. package/dist/core/statusline.js +99 -0
  285. package/dist/core/subagents/dispatcher-real.js +600 -0
  286. package/dist/core/subagents/dispatcher.js +146 -52
  287. package/dist/core/subagents/index.js +19 -6
  288. package/dist/core/subagents/isolation-matrix.js +213 -0
  289. package/dist/core/subagents/spawn.js +19 -4
  290. package/dist/core/telemetry/emitter.js +229 -0
  291. package/dist/core/telemetry/queue.js +251 -0
  292. package/dist/core/theme/context.js +91 -0
  293. package/dist/core/theme/presets.js +228 -0
  294. package/dist/core/theme/state.js +181 -0
  295. package/dist/core/todos/invariant.js +10 -0
  296. package/dist/core/todos/state.js +177 -0
  297. package/dist/core/tool-schema/compressor.js +89 -0
  298. package/dist/core/transport/version-interceptor.js +166 -0
  299. package/dist/core/trust.js +2 -2
  300. package/dist/core/tui/thinking-block.js +64 -0
  301. package/dist/core/vim/keymap.js +288 -0
  302. package/dist/core/vim/state.js +92 -0
  303. package/dist/core/watch-markers/marker-watcher.js +133 -0
  304. package/dist/core/worktree/include-parser.js +249 -0
  305. package/dist/core/worktree-manager/cleanup.js +123 -0
  306. package/dist/core/worktree-manager/manager.js +303 -0
  307. package/dist/index.js +36 -0
  308. package/dist/runtime/bootstrap.js +190 -0
  309. package/dist/runtime/cli.js +4536 -477
  310. package/dist/runtime/commands/agents.js +31 -31
  311. package/dist/runtime/commands/budget.js +5 -5
  312. package/dist/runtime/commands/cancel.js +231 -0
  313. package/dist/runtime/commands/chain.js +489 -0
  314. package/dist/runtime/commands/codegraph-status.js +227 -0
  315. package/dist/runtime/commands/compact.js +297 -0
  316. package/dist/runtime/commands/config.js +74 -40
  317. package/dist/runtime/commands/cost.js +199 -0
  318. package/dist/runtime/commands/delegate.js +312 -0
  319. package/dist/runtime/commands/dispatch.js +126 -0
  320. package/dist/runtime/commands/doctor.js +579 -0
  321. package/dist/runtime/commands/feedback.js +184 -0
  322. package/dist/runtime/commands/hooks.js +187 -0
  323. package/dist/runtime/commands/index-cmd.js +353 -0
  324. package/dist/runtime/commands/init.js +254 -0
  325. package/dist/runtime/commands/lsp.js +368 -0
  326. package/dist/runtime/commands/mcp.js +935 -0
  327. package/dist/runtime/commands/memory.js +582 -0
  328. package/dist/runtime/commands/model.js +237 -0
  329. package/dist/runtime/commands/onboarding.js +275 -0
  330. package/dist/runtime/commands/patch.js +128 -0
  331. package/dist/runtime/commands/permissions.js +112 -0
  332. package/dist/runtime/commands/plan.js +143 -0
  333. package/dist/runtime/commands/prd-check.js +285 -0
  334. package/dist/runtime/commands/privacy.js +17 -17
  335. package/dist/runtime/commands/recipe.js +325 -0
  336. package/dist/runtime/commands/redo-blob-store.js +92 -0
  337. package/dist/runtime/commands/redo.js +361 -0
  338. package/dist/runtime/commands/release-notes.js +229 -0
  339. package/dist/runtime/commands/repo-map.js +95 -0
  340. package/dist/runtime/commands/report.js +299 -0
  341. package/dist/runtime/commands/resume.js +118 -0
  342. package/dist/runtime/commands/review-consensus.js +68 -53
  343. package/dist/runtime/commands/rewind.js +333 -0
  344. package/dist/runtime/commands/roster.js +117 -0
  345. package/dist/runtime/commands/servers.js +236 -0
  346. package/dist/runtime/commands/sessions.js +163 -0
  347. package/dist/runtime/commands/share.js +316 -0
  348. package/dist/runtime/commands/skills.js +31 -31
  349. package/dist/runtime/commands/status.js +186 -0
  350. package/dist/runtime/commands/stickers.js +82 -0
  351. package/dist/runtime/commands/style.js +194 -0
  352. package/dist/runtime/commands/theme.js +196 -0
  353. package/dist/runtime/commands/undo.js +54 -22
  354. package/dist/runtime/commands/update.js +289 -0
  355. package/dist/runtime/commands/vim.js +140 -0
  356. package/dist/runtime/commands/worktree.js +177 -0
  357. package/dist/runtime/commands/worktrees.js +155 -0
  358. package/dist/runtime/deprecation-warning.js +69 -0
  359. package/dist/runtime/engine-exit-code.js +50 -0
  360. package/dist/runtime/headless-repl.js +195 -0
  361. package/dist/runtime/headless.js +548 -0
  362. package/dist/runtime/load-hooks-or-exit.js +71 -0
  363. package/dist/runtime/plan-decompose.js +531 -0
  364. package/dist/runtime/sigint-guard.js +272 -0
  365. package/dist/runtime/stream-renderer.js +195 -0
  366. package/dist/runtime/update-check.js +28 -28
  367. package/dist/runtime/version.js +65 -0
  368. package/dist/runtime/worktree-bootstrap.js +579 -0
  369. package/dist/skills/bundled/batch.js +617 -0
  370. package/dist/skills/bundled/index.js +45 -0
  371. package/dist/skills/bundled/loop.js +358 -0
  372. package/dist/skills/bundled/remember.js +383 -0
  373. package/dist/skills/bundled/simplify.js +289 -0
  374. package/dist/skills/bundled/skillify.js +373 -0
  375. package/dist/skills/bundled/stuck.js +558 -0
  376. package/dist/skills/bundled/verify.js +439 -0
  377. package/dist/testing/vcr.js +486 -0
  378. package/dist/tools/agent-tool.js +229 -0
  379. package/dist/tools/apply-patch.js +556 -0
  380. package/dist/tools/ask-user-question.js +337 -0
  381. package/dist/tools/ask-user.js +115 -0
  382. package/dist/tools/bash.js +624 -46
  383. package/dist/tools/brief.js +224 -0
  384. package/dist/tools/cron.js +433 -0
  385. package/dist/tools/enter-worktree.js +250 -0
  386. package/dist/tools/exit-worktree.js +147 -0
  387. package/dist/tools/file-tools.js +161 -44
  388. package/dist/tools/http-request.js +336 -0
  389. package/dist/tools/lsp-tools.js +565 -0
  390. package/dist/tools/mcp-tool.js +260 -0
  391. package/dist/tools/multi-edit.js +361 -0
  392. package/dist/tools/powershell.js +268 -0
  393. package/dist/tools/registry.js +142 -1
  394. package/dist/tools/server-tools.js +892 -0
  395. package/dist/tools/skill-tool.js +96 -0
  396. package/dist/tools/sleep.js +99 -0
  397. package/dist/tools/synthetic-output.js +133 -0
  398. package/dist/tools/tasks.js +208 -0
  399. package/dist/tools/todo-write.js +184 -0
  400. package/dist/tools/verify-plan-execution.js +295 -0
  401. package/dist/tools/web-fetch-injection-scanner.js +207 -0
  402. package/dist/tools/web-fetch.js +195 -10
  403. package/dist/tools/web-search.js +458 -0
  404. package/dist/tui/agent-progress-card.js +111 -0
  405. package/dist/tui/agent-tree.js +22 -1
  406. package/dist/tui/ask-modal.js +14 -14
  407. package/dist/tui/ask-user-question-chips.js +315 -0
  408. package/dist/tui/ask-user-question-prompt.js +203 -0
  409. package/dist/tui/compact-banner.js +81 -0
  410. package/dist/tui/conversation-pane.js +85 -11
  411. package/dist/tui/cost-table.js +111 -0
  412. package/dist/tui/device-flow.js +2 -2
  413. package/dist/tui/doctor-table.js +46 -0
  414. package/dist/tui/feedback-prompt.js +156 -0
  415. package/dist/tui/input-box.js +247 -32
  416. package/dist/tui/login-picker.js +3 -3
  417. package/dist/tui/markdown-render.js +6 -6
  418. package/dist/tui/multi-file-diff-approval.js +375 -0
  419. package/dist/tui/onboarding-wizard.js +240 -0
  420. package/dist/tui/permissions-picker.js +86 -0
  421. package/dist/tui/render.js +36 -1
  422. package/dist/tui/repl-render.js +405 -32
  423. package/dist/tui/repl-splash-art.js +16 -16
  424. package/dist/tui/repl-splash-mascot.js +48 -24
  425. package/dist/tui/repl-splash.js +22 -22
  426. package/dist/tui/repl.js +136 -43
  427. package/dist/tui/slash-palette.js +6 -6
  428. package/dist/tui/splash.js +2 -2
  429. package/dist/tui/status-bar.js +109 -31
  430. package/dist/tui/status-table.js +7 -0
  431. package/dist/tui/stickers-art.js +136 -0
  432. package/dist/tui/style-table.js +28 -0
  433. package/dist/tui/theme-table.js +29 -0
  434. package/dist/tui/thinking-spinner.js +123 -0
  435. package/dist/tui/tool-stream-pane.js +53 -4
  436. package/dist/tui/update-banner.js +27 -2
  437. package/dist/tui/vim-input.js +267 -0
  438. package/dist/tui/welcome-banner.js +107 -0
  439. package/dist/tui/welcome-data.js +293 -0
  440. package/dist/tui/workspace-context.js +2 -2
  441. package/docs/examples/codegraph.mcp.json +10 -0
  442. package/package.json +25 -7
  443. package/test/scenarios/codegen-create-file.scenario.txt +13 -0
  444. package/test/scenarios/compact-force.scenario.txt +12 -0
  445. package/test/scenarios/identity.scenario.txt +11 -0
  446. package/test/scenarios/persona-handoff.scenario.txt +12 -0
  447. package/test/scenarios/walkback.scenario.txt +12 -0
  448. package/dist/core/engine/compaction-hook.js +0 -154
@@ -0,0 +1,208 @@
1
+ import { estimateTokens } from './token-counter.js';
2
+ /**
3
+ * System prompt for the summarizer. Six closed sections + brand
4
+ * voice clamp + "no tool calls" sentinel. The headings are stable
5
+ * markdown so a downstream renderer can split + reformat without
6
+ * re-parsing the model output.
7
+ *
8
+ * Why the explicit `If a section has no content` rule: empty sections
9
+ * cost zero tokens but their absence is meaningful — the second model
10
+ * reading the memo learns "no decisions were made yet" from the empty
11
+ * `## Decisions` header. Without the rule we observed models silently
12
+ * dropping empty sections and the reader could not distinguish "no
13
+ * decisions" from "summarizer forgot the section".
14
+ */
15
+ const SUMMARIZE_SYSTEM_PROMPT = [
16
+ 'You are the Pugi conversation summarizer. Compress the supplied',
17
+ 'transcript into a six-section memo. Operator picks the work back up',
18
+ 'from this memo — accuracy and completeness matter more than brevity.',
19
+ '',
20
+ 'OUTPUT FORMAT (verbatim section headings, in this order):',
21
+ '',
22
+ "## Intent",
23
+ '(What the operator is trying to accomplish, in one paragraph.)',
24
+ '',
25
+ "## Decisions",
26
+ '(Bullet list of decisions made + the reasoning. Empty section means',
27
+ 'no decisions yet — render the heading anyway.)',
28
+ '',
29
+ "## Files",
30
+ '(Bullet list of file paths touched, with one-line "why".)',
31
+ '',
32
+ "## Errors",
33
+ '(Bullet list of errors encountered + how each was resolved. Empty',
34
+ 'means no errors — still render the heading.)',
35
+ '',
36
+ "## Tools",
37
+ '(Bullet list of notable tool calls and their outcomes. Group similar',
38
+ 'calls; the goal is to surface meaningful state changes, not log',
39
+ 'every Read.)',
40
+ '',
41
+ "## Next",
42
+ '(One paragraph: the immediate next planned action.)',
43
+ '',
44
+ 'RULES:',
45
+ '- Do not invent state. Only summarise what is in the transcript.',
46
+ '- Preserve file paths verbatim.',
47
+ '- Do not call any tools (you have none).',
48
+ '- Do not address the operator. Write in third person.',
49
+ '- No emoji. No em dashes.',
50
+ ].join('\n');
51
+ /**
52
+ * Convert a slice of session events into the user message body the
53
+ * summarizer ingests. We keep the format simple: one event per line,
54
+ * prefixed with the kind, so the model can see role boundaries. Tool
55
+ * outputs are length-capped at 4 KB each so a single 200 KB grep result
56
+ * does not blow the summarizer's own context budget.
57
+ */
58
+ const TOOL_PAYLOAD_CAP_BYTES = 4096;
59
+ export function renderEventsForSummary(events) {
60
+ const lines = [];
61
+ for (const event of events) {
62
+ const rendered = renderOneEvent(event);
63
+ if (rendered !== null)
64
+ lines.push(rendered);
65
+ }
66
+ return lines.join('\n');
67
+ }
68
+ function renderOneEvent(event) {
69
+ const payload = (event.payload ?? null);
70
+ switch (event.kind) {
71
+ case 'user': {
72
+ const text = stringField(payload, 'brief') ?? stringField(payload, 'text') ?? '';
73
+ if (text.length === 0)
74
+ return null;
75
+ return `[operator] ${text}`;
76
+ }
77
+ case 'persona': {
78
+ const text = stringField(payload, 'text') ?? '';
79
+ if (text.length === 0)
80
+ return null;
81
+ const slug = stringField(payload, 'personaSlug') ?? 'persona';
82
+ return `[${slug}] ${text}`;
83
+ }
84
+ case 'system': {
85
+ const text = stringField(payload, 'text') ?? '';
86
+ if (text.length === 0)
87
+ return null;
88
+ return `[system] ${text}`;
89
+ }
90
+ case 'tool.start': {
91
+ const toolName = stringField(payload, 'toolName') ?? 'unknown';
92
+ const args = stringField(payload, 'args') ?? '';
93
+ return `[tool.start ${toolName}] ${truncate(args, TOOL_PAYLOAD_CAP_BYTES)}`;
94
+ }
95
+ case 'tool.result': {
96
+ const toolName = stringField(payload, 'toolName') ?? 'unknown';
97
+ const result = stringField(payload, 'result') ?? '';
98
+ return `[tool.result ${toolName}] ${truncate(result, TOOL_PAYLOAD_CAP_BYTES)}`;
99
+ }
100
+ case 'agent.spawned': {
101
+ const slug = stringField(payload, 'personaSlug') ?? 'unknown';
102
+ return `[agent.spawned ${slug}]`;
103
+ }
104
+ case 'agent.completed': {
105
+ const slug = stringField(payload, 'personaSlug') ?? 'unknown';
106
+ return `[agent.completed ${slug}]`;
107
+ }
108
+ case 'compaction': {
109
+ // Pre-existing compact marker — its `summary` payload IS the
110
+ // condensed form of older history. We pass it through verbatim so
111
+ // the summarizer treats it as already-summarised state and folds
112
+ // it into the new memo (rather than re-summarising garbage).
113
+ const summary = stringField(payload, 'summary') ?? '';
114
+ if (summary.length === 0)
115
+ return null;
116
+ return `[prior compaction]\n${summary}`;
117
+ }
118
+ case 'rewind-marker': {
119
+ // L9 : rewind tombstones are infrastructure rows that
120
+ // describe a transcript edit, not conversation content. They
121
+ // never carry user-visible prose; the summariser drops them so
122
+ // the produced memo focuses on actual operator/persona turns.
123
+ // The masked range (events the marker covers) is already elided
124
+ // by `applyRewindMask` before this function is reached, so the
125
+ // summariser only sees a marker when it sits OUTSIDE every active
126
+ // rewind range — in which case the marker has already been
127
+ // cancelled by an undo-rewind and contributes nothing.
128
+ return null;
129
+ }
130
+ default: {
131
+ // Forward-compat: unknown kinds get a structural fingerprint so
132
+ // the summarizer can still represent them.
133
+ const exhaustive = event.kind;
134
+ void exhaustive;
135
+ return null;
136
+ }
137
+ }
138
+ }
139
+ function stringField(payload, key) {
140
+ if (!payload)
141
+ return undefined;
142
+ const value = payload[key];
143
+ return typeof value === 'string' ? value : undefined;
144
+ }
145
+ function truncate(s, capBytes) {
146
+ if (Buffer.byteLength(s, 'utf8') <= capBytes)
147
+ return s;
148
+ // Naive cut on UTF-16 chars — good enough for the summarizer; we
149
+ // append a marker so the model knows content was elided.
150
+ return `${s.slice(0, Math.floor(capBytes / 2))}\n... [truncated]`;
151
+ }
152
+ /**
153
+ * Run one summarisation round. Throws on transport error (the caller
154
+ * surfaces a one-line message to the operator and aborts the compact).
155
+ * Returns the structured result on success.
156
+ */
157
+ export async function summarizeEvents(input) {
158
+ if (input.events.length === 0) {
159
+ throw new SummarizerError('refusing-to-summarize-empty-slice', 'No events to summarize.');
160
+ }
161
+ const userBody = renderEventsForSummary(input.events);
162
+ if (userBody.length === 0) {
163
+ throw new SummarizerError('refusing-to-summarize-empty-slice', 'All events rendered as empty.');
164
+ }
165
+ const messages = [
166
+ { role: 'system', content: SUMMARIZE_SYSTEM_PROMPT },
167
+ { role: 'user', content: userBody },
168
+ ];
169
+ const response = await input.client.send(messages, [], {
170
+ personaSlug: input.personaSlug,
171
+ tag: { tag: 'summarize' },
172
+ maxTokens: 2048,
173
+ temperature: 0.1,
174
+ ...(input.model !== undefined ? { model: input.model } : {}),
175
+ ...(input.signal !== undefined ? { signal: input.signal } : {}),
176
+ });
177
+ if (response.stop === 'error') {
178
+ throw new SummarizerError(response.code, `Summarizer transport failed: ${response.message}`);
179
+ }
180
+ if (response.stop === 'tool_use') {
181
+ // Sanity guard. We pass tools: [] so the model should not be able
182
+ // to invoke any; if Anvil's prompt template ever leaks tool defs
183
+ // we want a hard failure rather than a silent dropped summary.
184
+ throw new SummarizerError('unexpected-tool-call', 'Summarizer returned tool_use despite tools: []. Treating as failure.');
185
+ }
186
+ const summary = response.content.trim();
187
+ if (summary.length === 0) {
188
+ throw new SummarizerError('empty-summary', 'Summarizer returned an empty body.');
189
+ }
190
+ return {
191
+ summary,
192
+ tokensSummarised: estimateTokens(userBody),
193
+ eventsSummarised: input.events.length,
194
+ };
195
+ }
196
+ /**
197
+ * Error class so the caller can branch on `error instanceof
198
+ * SummarizerError` and surface `error.code` to the operator.
199
+ */
200
+ export class SummarizerError extends Error {
201
+ code;
202
+ constructor(code, message) {
203
+ super(message);
204
+ this.name = 'SummarizerError';
205
+ this.code = code;
206
+ }
207
+ }
208
+ //# sourceMappingURL=summarizer.js.map
@@ -0,0 +1,108 @@
1
+ /**
2
+ * Approximate token counter for the `/compact` auto-trigger gate.
3
+ *
4
+ * Pugi does not bundle tiktoken — adding a 3 MB native module for a
5
+ * single heuristic check after every turn is the wrong trade. We instead
6
+ * use the OpenAI rule-of-thumb that 1 token ≈ 4 characters of English
7
+ * (≈ ¾ of a word). For mixed-language conversations the approximation
8
+ * skews high by 10-20% which is the safe direction — the auto-compact
9
+ * threshold trips slightly EARLY, never LATE. A late trigger would
10
+ * exceed the model's actual context window and crash the next turn.
11
+ *
12
+ * Per-model context windows are exported from `MODEL_CONTEXT_WINDOW` so
13
+ * the caller can resolve the budget from the active model slug without
14
+ * round-tripping to the server. New models added in Anvil should grow
15
+ * this table in lockstep; the fall-back is the conservative 32k window.
16
+ *
17
+ * Override hook: when `PUGI_TOKEN_COUNTER_OVERRIDE` is set the function
18
+ * parses it as a JSON object `{"text": <n>}` (number of tokens to claim
19
+ * per char). Used only by the integration spec — never by production.
20
+ */
21
+ /** Default chars-per-token ratio for the OpenAI rule-of-thumb. */
22
+ const DEFAULT_CHARS_PER_TOKEN = 4;
23
+ /**
24
+ * Conservative fallback window when the model slug is unknown. 32k is
25
+ * the smallest window any current Anvil-served model exposes; using it
26
+ * as a fall-back guarantees we never overestimate budget and skip a
27
+ * compaction that should have fired.
28
+ */
29
+ const FALLBACK_WINDOW = 32_000;
30
+ /**
31
+ * Known context windows for models Anvil exposes today. Keep in sync
32
+ * with `apps/admin-api/src/pugi/model-registry.ts` — when a new model
33
+ * lands there, add it here. The table is intentionally narrow: only
34
+ * models we have actually validated.
35
+ */
36
+ export const MODEL_CONTEXT_WINDOW = Object.freeze({
37
+ 'sonnet-4.6': 200_000,
38
+ 'sonnet-4.5': 200_000,
39
+ 'opus-4.7': 1_000_000,
40
+ 'opus-4.6': 200_000,
41
+ 'haiku-4.5': 200_000,
42
+ 'deepseek-chat-v3.1': 128_000,
43
+ 'gpt-5': 200_000,
44
+ 'gemini-2.5-pro': 1_000_000,
45
+ });
46
+ /**
47
+ * Estimate the token count of a single string. Returns a positive
48
+ * integer for non-empty input and zero for empty input. The function is
49
+ * pure — same input always yields the same output.
50
+ *
51
+ * The approximation is `ceil(byteLength / chars-per-token)`. We use
52
+ * `Buffer.byteLength` so multi-byte UTF-8 sequences count proportionally
53
+ * to their on-the-wire size, not their char count — this matches the
54
+ * tokenizer's behaviour on CJK / cyrillic / emoji where one char often
55
+ * eats 3-4 tokens.
56
+ */
57
+ export function estimateTokens(text) {
58
+ if (text.length === 0)
59
+ return 0;
60
+ const ratio = readCharsPerTokenOverride() ?? DEFAULT_CHARS_PER_TOKEN;
61
+ const bytes = Buffer.byteLength(text, 'utf8');
62
+ return Math.max(1, Math.ceil(bytes / ratio));
63
+ }
64
+ /**
65
+ * Resolve the context window in tokens for the given model slug. Falls
66
+ * back to the conservative 32k window when the slug is unknown.
67
+ */
68
+ export function contextWindowForModel(model) {
69
+ if (!model)
70
+ return FALLBACK_WINDOW;
71
+ const known = MODEL_CONTEXT_WINDOW[model];
72
+ return known ?? FALLBACK_WINDOW;
73
+ }
74
+ /**
75
+ * Sum the token estimates of an arbitrary list of strings. Convenience
76
+ * for the auto-trigger which has to count across N transcript turns.
77
+ */
78
+ export function estimateTokensInMany(parts) {
79
+ let total = 0;
80
+ for (const part of parts) {
81
+ total += estimateTokens(part);
82
+ }
83
+ return total;
84
+ }
85
+ /**
86
+ * Read the test override env. Returns the parsed chars-per-token ratio
87
+ * when set, or undefined when absent / malformed. Never throws.
88
+ */
89
+ function readCharsPerTokenOverride() {
90
+ const raw = process.env['PUGI_TOKEN_COUNTER_OVERRIDE'];
91
+ if (!raw)
92
+ return undefined;
93
+ try {
94
+ const parsed = JSON.parse(raw);
95
+ if (typeof parsed === 'object'
96
+ && parsed !== null
97
+ && typeof parsed.charsPerToken === 'number') {
98
+ const ratio = parsed.charsPerToken;
99
+ if (Number.isFinite(ratio) && ratio > 0)
100
+ return ratio;
101
+ }
102
+ }
103
+ catch {
104
+ /* malformed env, fall through */
105
+ }
106
+ return undefined;
107
+ }
108
+ //# sourceMappingURL=token-counter.js.map
@@ -1,21 +1,21 @@
1
1
  /**
2
- * Anvil fan-out — `pugi review --consensus` (α6.7).
2
+ * Anvil fan-out — `pugi review --consensus` .
3
3
  *
4
4
  * Posts the captured diff to Anvil's consensus endpoint and consumes the
5
5
  * SSE stream that interleaves per-reviewer events (`type:"verdict"`) and
6
6
  * the final consensus event (`type:"consensus"`).
7
7
  *
8
- * Endpoint contract (admin-api side, ships as α6.7.1 follow-up):
8
+ * Endpoint contract (admin-api side, ships as follow-up):
9
9
  *
10
- * POST {apiUrl}/api/pugi/review-consensus
11
- * Authorization: Bearer {apiKey}
12
- * Content-Type: application/json
13
- * Body: { diff, context: { branch, commit, title } }
14
- * Response: text/event-stream
15
- * data: { reviewer: "codex"|"claude"|"deepseek", type:"started" }
16
- * data: { reviewer, type:"verdict", severity:"P0|P1|P2|P3|CLEAN",
17
- * rawContent:"<reviewer text>", latencyMs, error? }
18
- * data: { type:"consensus", rubric_verdict, reasoning }
10
+ * POST {apiUrl}/api/pugi/review-consensus
11
+ * Authorization: Bearer {apiKey}
12
+ * Content-Type: application/json
13
+ * Body: { diff, context: { branch, commit, title } }
14
+ * Response: text/event-stream
15
+ * data: { reviewer: "codex"|"claude"|"deepseek", type:"started" }
16
+ * data: { reviewer, type:"verdict", severity:"P0|P1|P2|P3|CLEAN",
17
+ * rawContent:"<reviewer text>", latencyMs, error? }
18
+ * data: { type:"consensus", rubric_verdict, reasoning }
19
19
  *
20
20
  * The CLI side does NOT trust the server's `rubric_verdict` — we recompute
21
21
  * it locally from the per-reviewer verdicts so a malformed / forged server
@@ -24,15 +24,15 @@
24
24
  *
25
25
  * Graceful degradation:
26
26
  *
27
- * - 404 from runtime → "endpoint_missing" (admin-api endpoint pending,
28
- * α6.7 ships CLI-only). Caller falls back to the
29
- * legacy `pugi review --triple --remote` flow OR
30
- * prints a "backend not deployed" notice depending
31
- * on the operator's invocation.
32
- * - 401/403 / 429 → matching status with an actionable message.
33
- * - 5xx / timeout → "failed" with the truncated body.
27
+ * - 404 from runtime → "endpoint_missing" (admin-api endpoint pending,
28
+ * ships CLI-only). Caller falls back to the
29
+ * legacy `pugi review --triple --remote` flow OR
30
+ * prints a "backend not deployed" notice depending
31
+ * on the operator's invocation.
32
+ * - 401/403 / 429 → matching status with an actionable message.
33
+ * - 5xx / timeout → "failed" with the truncated body.
34
34
  *
35
- * Local-first contract (ADR-0037): this module never touches the disk,
35
+ * Local-first contract : this module never touches the disk,
36
36
  * never logs the diff payload, and never retries on transient errors.
37
37
  */
38
38
  /**
@@ -75,7 +75,7 @@ export async function dispatchConsensus(config, request, sink) {
75
75
  return {
76
76
  status: 'endpoint_missing',
77
77
  code,
78
- message: 'POST /api/pugi/review-consensus not deployed on this runtime (α6.7.1 follow-up).',
78
+ message: 'POST /api/pugi/review-consensus not deployed on this runtime .',
79
79
  };
80
80
  }
81
81
  if (code === 401 || code === 403) {
@@ -143,11 +143,11 @@ export async function dispatchConsensus(config, request, sink) {
143
143
  * Async-iterable SSE parser. Spec'd against the
144
144
  * [HTML SSE spec](https://html.spec.whatwg.org/multipage/server-sent-events.html):
145
145
  *
146
- * - Events are delimited by a blank line.
147
- * - Each line is `field:value` (whitespace after `:` stripped).
148
- * - Multiple `data:` lines in one event concatenate with `\n`.
149
- * - We only care about `data:` payloads carrying JSON; everything
150
- * else (event:, id:, retry:) is ignored.
146
+ * - Events are delimited by a blank line.
147
+ * - Each line is `field:value` (whitespace after `:` stripped).
148
+ * - Multiple `data:` lines in one event concatenate with `\n`.
149
+ * - We only care about `data:` payloads carrying JSON; everything
150
+ * else (event:, id:, retry:) is ignored.
151
151
  *
152
152
  * The parser tolerates JSON-parse failures by dropping the malformed
153
153
  * event and continuing; a single bad event must not block the consensus
@@ -1,15 +1,19 @@
1
1
  /**
2
- * Diff capture — `pugi review --consensus` (α6.7).
2
+ * Diff capture — `pugi review --consensus` .
3
3
  *
4
4
  * Captures the diff that the consensus fan-out will send to Anvil. Four
5
5
  * supported source kinds (in order of precedence):
6
6
  *
7
- * 1. `--pr <number>` — uses `gh pr diff <num>` (gh CLI required).
8
- * 2. `--commit <sha>` — diff of that commit vs its first parent.
9
- * 3. `--branch <name>` diff of HEAD vs `origin/<name>` merge-base.
10
- * 4. (default) — diff of HEAD vs `origin/main` merge-base
11
- * covering BOTH committed-since-base AND
12
- * uncommitted (staged + working tree) edits.
7
+ * 1. `--pr <number>` — uses `gh pr diff <num>` (gh CLI required).
8
+ * 2. `--commit <sha>` — diff of that commit vs its first parent.
9
+ * When `--base <ref>` is ALSO provided, the
10
+ * diff is the range `<base>..<commit>` instead
11
+ * (mirrors `git diff base..commit` — covers the
12
+ * full PR-style payload, not just the tip).
13
+ * 3. `--branch <name>` — diff of HEAD vs `origin/<name>` merge-base.
14
+ * 4. (default) — diff of HEAD vs `origin/main` merge-base
15
+ * covering BOTH committed-since-base AND
16
+ * uncommitted (staged + working tree) edits.
13
17
  *
14
18
  * The shape mirrors the existing `performRemoteTripleReview` flow:
15
19
  * uncommitted edits are deliberately included by computing the diff
@@ -95,6 +99,16 @@ export function captureDiff(spec) {
95
99
  return captureFromPr(cwd, spec.pr);
96
100
  }
97
101
  if (typeof spec.commit === 'string' && spec.commit.length > 0) {
102
+ // When `--base` is supplied alongside `--commit`, callers want the
103
+ // full PR-style range diff (`base..commit`), not just the tip
104
+ // commit's parent diff. This matches the convention used by
105
+ // `git diff <base>..<commit>` everywhere else in the toolchain and
106
+ // is the verified-correct mode for reviewing a PR head ref. Without
107
+ // this branch, `--base` was silently ignored when `--commit` was
108
+ // present — see feedback_pugi_review_use_range_diff_not_worktree.
109
+ if (typeof spec.baseRef === 'string' && spec.baseRef.length > 0) {
110
+ return captureFromRange(cwd, spec.baseRef, spec.commit);
111
+ }
98
112
  return captureFromCommit(cwd, spec.commit);
99
113
  }
100
114
  if (typeof spec.branch === 'string' && spec.branch.length > 0) {
@@ -114,7 +128,18 @@ function captureFromPr(cwd, pr) {
114
128
  // Fetch the PR head into a private ref so we have local objects to
115
129
  // diff against. `pull/<num>/head` is GitHub's special refspec exposed
116
130
  // to anyone with read access on the repo.
117
- safeExec(cwd, 'git', ['fetch', 'origin', `pull/${pr}/head:${tempRef}`]);
131
+ //
132
+ // The leading `+` (force-update) is REQUIRED: if a prior invocation
133
+ // died before reaching the `finally` cleanup (SIGKILL, host crash,
134
+ // operator Ctrl-C inside a `try` block in a wrapping caller, hung
135
+ // gh CLI), the tempRef survives on disk. Without `+`, the next
136
+ // `fetch <pr>/head:<tempRef>` aborts with
137
+ // `! [rejected] pull/N/head -> refs/pugi/consensus-pr-N (non-fast-forward)`
138
+ // and the entire consensus run fails for an operator who did nothing
139
+ // wrong. `+` semantics: replace the ref unconditionally — exactly
140
+ // the recovery behavior we want for a sandboxed `refs/pugi/...` slot
141
+ // that no human ever reads.
142
+ safeExec(cwd, 'git', ['fetch', 'origin', `+pull/${pr}/head:${tempRef}`]);
118
143
  try {
119
144
  // Resolve the base ref to diff against. Prefer the PR's declared
120
145
  // base; fall back to `origin/main`. We compute the merge-base so a
@@ -149,8 +174,10 @@ function captureFromPr(cwd, pr) {
149
174
  safeExec(cwd, 'git', ['update-ref', '-d', tempRef]);
150
175
  }
151
176
  catch {
152
- // Swallow: a leftover ref under refs/pugi/ is harmless. The next
153
- // run will overwrite it via `fetch ... :ref` anyway.
177
+ // Swallow: a leftover ref under refs/pugi/ is harmless. The
178
+ // next run force-overwrites it via `fetch +pull/<n>/head:<ref>`
179
+ // (note the leading `+` in the refspec above), so a stale tempRef
180
+ // never blocks a future invocation even if cleanup never runs.
154
181
  }
155
182
  }
156
183
  }
@@ -192,6 +219,88 @@ function captureFromCommit(cwd, commit) {
192
219
  },
193
220
  };
194
221
  }
222
+ /**
223
+ * Range capture for `--commit <X> --base <Y>` — diff equivalent to
224
+ * `git diff <base>..<commit>`. Used when the operator names BOTH endpoints
225
+ * (typical PR review against a remote head SHA).
226
+ *
227
+ * Critical: this MUST be a pure read-only range diff against named refs.
228
+ * The previous behavior fell through to `captureFromCommit` which only
229
+ * showed the tip commit (`commit~1..commit`) — fine for single-commit
230
+ * review, wrong for multi-commit PRs. Worse, a stale fallback path was
231
+ * sending the working tree diff (`git diff` with no args), which caused
232
+ * every review on to surface identical noise from uncommitted
233
+ * `.gitignore` edits instead of the actual PR contents.
234
+ *
235
+ * Working tree integrity: only `git diff <ref>..<ref>` and metadata
236
+ * `log` / `rev-parse` / `name-rev` are used — none of these touch the
237
+ * index, working tree, or HEAD.
238
+ */
239
+ function captureFromRange(cwd, baseRef, commit) {
240
+ // Resolve both endpoints up front so an unknown ref errors with a
241
+ // clear message before the diff invocation. `rev-parse` is read-only.
242
+ const fullCommit = safeExec(cwd, 'git', ['rev-parse', commit]).trim();
243
+ if (!fullCommit)
244
+ throw new Error(`Unknown commit ref: ${commit}`);
245
+ // Task #63 — refresh the base ref via `git fetch` BEFORE
246
+ // resolving. Previously a stale local `main` (last fetched days ago)
247
+ // would silently produce a diff containing every commit that landed
248
+ // upstream after the fetch, swamping the model's review с unrelated
249
+ // changes. The fetch is opportunistic: failures (offline, auth) are
250
+ // swallowed so the existing rev-parse path stays the safety net и
251
+ // returns the clear "Unknown base ref" error if the stale local copy
252
+ // is also missing.
253
+ //
254
+ // We fetch ONLY the base ref (not all refs) so the overhead is
255
+ // bounded — typical PR-style review payload, base = main, one ref.
256
+ // `--no-tags --quiet` keeps the network footprint minimal.
257
+ const remoteCandidate = baseRef.includes('/') ? baseRef : `origin/${baseRef}`;
258
+ if (remoteCandidate.startsWith('origin/')) {
259
+ const bareRef = remoteCandidate.slice('origin/'.length);
260
+ safeExecOptional(cwd, 'git', [
261
+ 'fetch',
262
+ '--no-tags',
263
+ '--quiet',
264
+ 'origin',
265
+ bareRef,
266
+ ]);
267
+ }
268
+ // Resolve the base: accept already-qualified refs (`origin/main`,
269
+ // `refs/heads/foo`) and bare branch names. If the bare name isn't
270
+ // locally resolvable, retry against `origin/<name>` — the common
271
+ // CI shape where local main is absent but the remote tracking ref is.
272
+ let resolvedBase = safeExecOptional(cwd, 'git', ['rev-parse', baseRef]).trim();
273
+ let effectiveBase = baseRef;
274
+ if (!resolvedBase && !baseRef.includes('/')) {
275
+ const remoteBase = `origin/${baseRef}`;
276
+ resolvedBase = safeExecOptional(cwd, 'git', ['rev-parse', remoteBase]).trim();
277
+ if (resolvedBase)
278
+ effectiveBase = remoteBase;
279
+ }
280
+ if (!resolvedBase)
281
+ throw new Error(`Unknown base ref: ${baseRef}`);
282
+ const diff = safeExec(cwd, 'git', [
283
+ 'diff',
284
+ `${resolvedBase}..${fullCommit}`,
285
+ '--',
286
+ '.',
287
+ ...PROTECTED_PATHSPEC_EXCLUDES,
288
+ ]);
289
+ const cappedDiff = capDiff(diff);
290
+ const subject = safeExec(cwd, 'git', ['log', '-1', '--pretty=%s', fullCommit]).trim();
291
+ const branch = safeExec(cwd, 'git', ['name-rev', '--name-only', fullCommit]).trim() || 'detached';
292
+ const stats = computeStats(cappedDiff);
293
+ return {
294
+ diff: cappedDiff,
295
+ context: {
296
+ branch,
297
+ commit: shortSha(fullCommit),
298
+ title: subject || `commit ${shortSha(fullCommit)}`,
299
+ ref: `range:${effectiveBase}..${shortSha(fullCommit)}`,
300
+ stats,
301
+ },
302
+ };
303
+ }
195
304
  function captureFromBranch(cwd, branch, baseRef) {
196
305
  const remoteRef = branch.includes('/') ? branch : `origin/${branch}`;
197
306
  const mergeBase = safeExec(cwd, 'git', ['merge-base', baseRef, remoteRef]).trim();
@@ -227,8 +336,8 @@ function captureFromBase(cwd, baseRef) {
227
336
  const mergeBase = safeExecOptional(cwd, 'git', ['merge-base', baseRef, 'HEAD']).trim();
228
337
  if (mergeBase) {
229
338
  // Two parts (non-overlapping):
230
- // 1. Committed since base: `<base>..HEAD`
231
- // 2. Uncommitted (staged + working tree as a single union): `git diff HEAD`
339
+ // 1. Committed since base: `<base>..HEAD`
340
+ // 2. Uncommitted (staged + working tree as a single union): `git diff HEAD`
232
341
  // `git diff HEAD` already reports BOTH staged AND working-tree
233
342
  // changes relative to HEAD, so we MUST NOT add a separate
234
343
  // `--cached` invocation: doing so emits the same staged hunks
@@ -1,5 +1,5 @@
1
1
  /**
2
- * Consensus rubric — `pugi review --consensus` (α6.7).
2
+ * Consensus rubric — `pugi review --consensus` .
3
3
  *
4
4
  * Three independent reviewers (Codex / Claude / DeepSeek) produce findings
5
5
  * tagged `[P0]` / `[P1]` / `[P2]` / `[P3]`. The rubric translates the per-
@@ -7,16 +7,16 @@
7
7
  *
8
8
  * Rubric (verbatim from /triple-review skill + admin-api OES MCP triple_review):
9
9
  *
10
- * any reviewer reports [P0] -> BLOCK
11
- * two or more reviewers report [P1] -> BLOCK (consensus)
12
- * exactly one reviewer reports [P1] -> WARN (asymmetric)
13
- * no reviewer reports [P0] or [P1] -> PASS (P2/P3 only)
14
- * every reviewer errored -> BLOCK (no signal)
10
+ * any reviewer reports [P0] -> BLOCK
11
+ * two or more reviewers report [P1] -> BLOCK (consensus)
12
+ * exactly one reviewer reports [P1] -> WARN (asymmetric)
13
+ * no reviewer reports [P0] or [P1] -> PASS (P2/P3 only)
14
+ * every reviewer errored -> BLOCK (no signal)
15
15
  *
16
16
  * The rubric never reads model text beyond the severity markers; the
17
17
  * reviewer-side narrative is shown to the operator unchanged. Keeping the
18
18
  * verdict deterministic + LLM-free is the entire point of the gate (CEO
19
- * directive 2026-05-19): a model that disagrees with the rubric can be
19
+ * directive): a model that disagrees with the rubric can be
20
20
  * audited, a model that produces the verdict cannot.
21
21
  */
22
22
  /**
@@ -35,13 +35,13 @@ const SEVERITY_TOKEN = /\[\s*[Pp]([0-3])\s*\]/g;
35
35
  * Heuristics (intentionally permissive — different models format very
36
36
  * differently and a strict parser would drop signal):
37
37
  *
38
- * 1. Split the text on `[Px]` tokens, preserving the marker.
39
- * 2. Each marker starts a new finding. The summary is the rest of the
40
- * same line (and the next line if the first is `:` or empty after
41
- * stripping whitespace).
42
- * 3. Empty / whitespace-only summaries are dropped — a bare `[P1]`
43
- * with no context cannot be acted on, and treating it as a finding
44
- * would falsely trigger consensus.
38
+ * 1. Split the text on `[Px]` tokens, preserving the marker.
39
+ * 2. Each marker starts a new finding. The summary is the rest of the
40
+ * same line (and the next line if the first is `:` or empty after
41
+ * stripping whitespace).
42
+ * 3. Empty / whitespace-only summaries are dropped — a bare `[P1]`
43
+ * with no context cannot be acted on, and treating it as a finding
44
+ * would falsely trigger consensus.
45
45
  */
46
46
  export function parseFindings(raw) {
47
47
  if (typeof raw !== 'string' || raw.length === 0)
@@ -88,8 +88,8 @@ function extractSummary(slice) {
88
88
  /**
89
89
  * Compute the highest BLOCKING severity from a finding list. Returns
90
90
  * `null` when the reviewer is clean for gating purposes, i.e. either:
91
- * - no findings at all, OR
92
- * - only P2 / P3 findings (informational, non-blocking by rubric).
91
+ * - no findings at all, OR
92
+ * - only P2 / P3 findings (informational, non-blocking by rubric).
93
93
  *
94
94
  * `null` is the right contract for downstream tooling that gates on
95
95
  * "did this reviewer flag anything that should block ship?" - the
@@ -143,7 +143,7 @@ export function aggregate(verdicts) {
143
143
  const erroredReviewers = verdicts.filter((v) => v.errored).length;
144
144
  // Zero reviewers = zero signal. Falling through to the no-P0/no-P1
145
145
  // branch would emit a false PASS — exactly the regression flagged by
146
- // Codex during PR #370 review. Treat empty input as BLOCK so the gate
146
+ // Codex during PR review. Treat empty input as BLOCK so the gate
147
147
  // fails closed when the backend returns no events at all (5xx that
148
148
  // somehow drained the SSE, server-side bug, dispatcher misconfig).
149
149
  if (totalReviewers === 0) {
@@ -214,11 +214,11 @@ export function aggregate(verdicts) {
214
214
  }
215
215
  /**
216
216
  * Map a rubric verdict to the conventional exit code Pugi CLI uses for
217
- * gates (spec α6.7):
217
+ * gates (spec ):
218
218
  *
219
- * PASS -> 0
220
- * WARN -> 1
221
- * BLOCK -> 2
219
+ * PASS -> 0
220
+ * WARN -> 1
221
+ * BLOCK -> 2
222
222
  *
223
223
  * The non-zero codes are distinct so a shell script can branch on the
224
224
  * exact outcome without re-parsing stdout.