@pugi/cli 0.1.0-beta.1 → 0.1.0-beta.100

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (448) hide show
  1. package/CHANGELOG.md +132 -0
  2. package/LICENSE +1 -1
  3. package/README.md +53 -11
  4. package/THIRD_PARTY_NOTICES.md +40 -0
  5. package/assets/pugi-mascot.ansi +15 -40
  6. package/assets/pugi-prozr2-mascot.ansi +9 -0
  7. package/bin/run.js +33 -1
  8. package/dist/commands/deploy.js +40 -40
  9. package/dist/commands/flatten.js +191 -0
  10. package/dist/commands/jobs-watch.js +201 -0
  11. package/dist/commands/jobs.js +42 -27
  12. package/dist/commands/retro.js +210 -0
  13. package/dist/commands/smoke.js +133 -0
  14. package/dist/core/agent-progress/cleanup.js +134 -0
  15. package/dist/core/agent-progress/schema.js +144 -0
  16. package/dist/core/agent-progress/writer.js +101 -0
  17. package/dist/core/agents/adaptive-router.js +330 -0
  18. package/dist/core/agents/query-decomposer.js +297 -0
  19. package/dist/core/agents/registry.js +3 -3
  20. package/dist/core/approvals/shortcut-resolver.js +98 -0
  21. package/dist/core/artifact-chain/dispatcher.js +148 -0
  22. package/dist/core/artifact-chain/exporter.js +164 -0
  23. package/dist/core/artifact-chain/state.js +243 -0
  24. package/dist/core/artifact-chain/steps.js +169 -0
  25. package/dist/core/ask-user/question.js +92 -0
  26. package/dist/core/audit/audit-trail.js +275 -0
  27. package/dist/core/auth/ensure-authenticated.js +129 -0
  28. package/dist/core/auth/env-provider.js +238 -0
  29. package/dist/core/auto-open-browser.js +4 -4
  30. package/dist/core/auto-update/channels.js +122 -0
  31. package/dist/core/auto-update/checker.js +241 -0
  32. package/dist/core/auto-update/state.js +235 -0
  33. package/dist/core/bare-mode/index.js +107 -0
  34. package/dist/core/bash/redirect.js +281 -0
  35. package/dist/core/bash-classifier.js +436 -40
  36. package/dist/core/checkpoint/resumer.js +149 -0
  37. package/dist/core/checkpoint/rewinder.js +291 -0
  38. package/dist/core/checkpoints/shadow-git.js +670 -0
  39. package/dist/core/citations/parser.js +109 -0
  40. package/dist/core/classifier/yolo-classifier.js +88 -0
  41. package/dist/core/codegraph/db.js +506 -0
  42. package/dist/core/codegraph/decision-store.js +248 -0
  43. package/dist/core/codegraph/detect-repo.js +459 -0
  44. package/dist/core/codegraph/install.js +134 -0
  45. package/dist/core/codegraph/offer-hook.js +220 -0
  46. package/dist/core/codegraph/parser.js +71 -0
  47. package/dist/core/codegraph/types.js +34 -0
  48. package/dist/core/compact/auto-trigger.js +96 -0
  49. package/dist/core/compact/buffer-rewriter.js +115 -0
  50. package/dist/core/compact/summarizer.js +208 -0
  51. package/dist/core/compact/token-counter.js +108 -0
  52. package/dist/core/consensus/anvil-fanout.js +25 -25
  53. package/dist/core/consensus/diff-capture.js +121 -12
  54. package/dist/core/consensus/rubric.js +21 -21
  55. package/dist/core/context/builder.js +6 -6
  56. package/dist/core/context/compaction-events.js +8 -8
  57. package/dist/core/context/compaction.js +31 -31
  58. package/dist/core/context/index.js +15 -8
  59. package/dist/core/context/invariants.js +51 -51
  60. package/dist/core/context/markdown-loader.js +28 -10
  61. package/dist/core/context/markdown-traverse.js +255 -0
  62. package/dist/core/context/pugiignore.js +41 -41
  63. package/dist/core/context/repo-skeleton.js +37 -37
  64. package/dist/core/context/tool-eviction.js +55 -0
  65. package/dist/core/context/watcher.js +32 -32
  66. package/dist/core/context/working-set.js +23 -23
  67. package/dist/core/coordinator/agent-tools.js +77 -0
  68. package/dist/core/coordinator/agent-toolset.js +65 -0
  69. package/dist/core/coordinator/fsm.js +73 -0
  70. package/dist/core/coordinator/mode-fsm.js +70 -0
  71. package/dist/core/cost/rate-card.js +129 -0
  72. package/dist/core/cost/tracker.js +221 -0
  73. package/dist/core/credentials.js +13 -13
  74. package/dist/core/cron/scheduler.js +138 -0
  75. package/dist/core/denial-tracking/index.js +8 -0
  76. package/dist/core/denial-tracking/state.js +264 -0
  77. package/dist/core/diagnostics/probe-runner.js +93 -0
  78. package/dist/core/diagnostics/probes/api.js +46 -0
  79. package/dist/core/diagnostics/probes/auth.js +93 -0
  80. package/dist/core/diagnostics/probes/bare-mode.js +42 -0
  81. package/dist/core/diagnostics/probes/cli-version.js +127 -0
  82. package/dist/core/diagnostics/probes/config.js +72 -0
  83. package/dist/core/diagnostics/probes/denial-tracking.js +57 -0
  84. package/dist/core/diagnostics/probes/disk.js +81 -0
  85. package/dist/core/diagnostics/probes/engine-live.js +46 -0
  86. package/dist/core/diagnostics/probes/git.js +65 -0
  87. package/dist/core/diagnostics/probes/hooks.js +118 -0
  88. package/dist/core/diagnostics/probes/mcp.js +75 -0
  89. package/dist/core/diagnostics/probes/node.js +59 -0
  90. package/dist/core/diagnostics/probes/pnpm.js +36 -0
  91. package/dist/core/diagnostics/probes/pugi-md.js +89 -0
  92. package/dist/core/diagnostics/probes/sandbox.js +72 -0
  93. package/dist/core/diagnostics/probes/session.js +74 -0
  94. package/dist/core/diagnostics/probes/status-snapshot.js +488 -0
  95. package/dist/core/diagnostics/probes/workspace.js +63 -0
  96. package/dist/core/diagnostics/types.js +70 -0
  97. package/dist/core/dispatch/cache-cleanup.js +197 -0
  98. package/dist/core/dispatch/cache-handoff.js +295 -0
  99. package/dist/core/edits/apply-patch-layer-e.js +189 -0
  100. package/dist/core/edits/dispatch.js +333 -7
  101. package/dist/core/edits/format-detector.js +260 -0
  102. package/dist/core/edits/format-matrix.js +26 -0
  103. package/dist/core/edits/fuzzy-ladder.js +650 -0
  104. package/dist/core/edits/index.js +5 -1
  105. package/dist/core/edits/journal.js +199 -0
  106. package/dist/core/edits/layer-a-apply.js +15 -15
  107. package/dist/core/edits/layer-a-fuzzy-apply.js +198 -0
  108. package/dist/core/edits/layer-b-apply.js +9 -9
  109. package/dist/core/edits/layer-c-apply.js +6 -6
  110. package/dist/core/edits/layer-d-ast.js +557 -14
  111. package/dist/core/edits/marker-parser.js +12 -12
  112. package/dist/core/edits/security-gate.js +27 -27
  113. package/dist/core/edits/verify-hook.js +273 -0
  114. package/dist/core/edits/worktree.js +322 -0
  115. package/dist/core/engine/anvil-client.js +214 -26
  116. package/dist/core/engine/auto-compact.js +247 -0
  117. package/dist/core/engine/budgets.js +220 -0
  118. package/dist/core/engine/compact-llm-summarizer.js +124 -0
  119. package/dist/core/engine/context-prefix.js +155 -0
  120. package/dist/core/engine/index.js +1 -1
  121. package/dist/core/engine/intensity.js +163 -0
  122. package/dist/core/engine/intent.js +260 -0
  123. package/dist/core/engine/native-pugi.js +1559 -227
  124. package/dist/core/engine/prompts.js +192 -16
  125. package/dist/core/engine/strip-internal-fields.js +124 -0
  126. package/dist/core/engine/tool-bridge.js +1887 -59
  127. package/dist/core/engine/verification-patterns.js +195 -0
  128. package/dist/core/evaluation/golden-dataset.js +293 -0
  129. package/dist/core/feedback/queue.js +177 -0
  130. package/dist/core/feedback/submitter.js +145 -0
  131. package/dist/core/file-cache.js +113 -1
  132. package/dist/core/flatten/flatten-repo.js +439 -0
  133. package/dist/core/format/osc8-link.js +28 -0
  134. package/dist/core/hook-chains.js +392 -0
  135. package/dist/core/hooks/citation-verify-hook.js +138 -0
  136. package/dist/core/hooks/citation-verify.js +112 -0
  137. package/dist/core/hooks/events.js +46 -0
  138. package/dist/core/hooks/index.js +15 -0
  139. package/dist/core/hooks/registry.js +216 -0
  140. package/dist/core/hooks/runner.js +236 -0
  141. package/dist/core/hooks/v2/event-emitter.js +115 -0
  142. package/dist/core/hooks/v2/executor.js +282 -0
  143. package/dist/core/hooks/v2/index.js +25 -0
  144. package/dist/core/hooks/v2/lifecycle.js +104 -0
  145. package/dist/core/hooks/v2/loader.js +216 -0
  146. package/dist/core/hooks/v2/matcher.js +125 -0
  147. package/dist/core/hooks/v2/trust.js +143 -0
  148. package/dist/core/hooks/v2/types.js +86 -0
  149. package/dist/core/hooks/worktree-events.js +158 -0
  150. package/dist/core/image/renderer.js +71 -0
  151. package/dist/core/init/detector.js +582 -0
  152. package/dist/core/init/template-renderer.js +242 -0
  153. package/dist/core/jobs/registry.js +18 -18
  154. package/dist/core/ledger/results-tsv.js +142 -0
  155. package/dist/core/log-discipline/stdout-redirect.js +51 -0
  156. package/dist/core/lsp/cache.js +105 -0
  157. package/dist/core/lsp/client.js +1229 -0
  158. package/dist/core/lsp/language-detect.js +66 -0
  159. package/dist/core/lsp/post-edit-diagnostics.js +171 -0
  160. package/dist/core/lsp/server-detect.js +173 -0
  161. package/dist/core/lsp/symbol-cache.js +162 -0
  162. package/dist/core/lsp/symbol-tools.js +664 -0
  163. package/dist/core/mcp/client.js +97 -28
  164. package/dist/core/mcp/http-server.js +553 -0
  165. package/dist/core/mcp/orchestrator-config.js +192 -0
  166. package/dist/core/mcp/orchestrator-tools.js +806 -0
  167. package/dist/core/mcp/permission.js +190 -0
  168. package/dist/core/mcp/registry.js +39 -17
  169. package/dist/core/mcp/server-tools.js +219 -0
  170. package/dist/core/mcp/server.js +397 -0
  171. package/dist/core/mcp/trust.js +10 -10
  172. package/dist/core/memory/dual-write.js +416 -0
  173. package/dist/core/memory/passive-extract.js +130 -0
  174. package/dist/core/memory/phase1-kinds.js +20 -0
  175. package/dist/core/memory/secret-scanner.js +304 -0
  176. package/dist/core/memory-sync/queue.js +170 -0
  177. package/dist/core/metrics/extract.js +113 -0
  178. package/dist/core/modes/roo-modes.js +68 -0
  179. package/dist/core/notes/notes-paths.js +113 -0
  180. package/dist/core/notes/notes-recorder.js +140 -0
  181. package/dist/core/notes/notes-writer.js +53 -0
  182. package/dist/core/notes/renderers.js +0 -0
  183. package/dist/core/notes/slug.js +105 -0
  184. package/dist/core/onboarding/ensure-initialized.js +133 -0
  185. package/dist/core/onboarding/marker.js +111 -0
  186. package/dist/core/onboarding/telemetry-state.js +108 -0
  187. package/dist/core/output-style/presets.js +176 -0
  188. package/dist/core/output-style/state.js +185 -0
  189. package/dist/core/path-security.js +287 -5
  190. package/dist/core/permission.js +82 -22
  191. package/dist/core/permissions/auto-classifier.js +124 -0
  192. package/dist/core/permissions/bash-parser.js +371 -0
  193. package/dist/core/permissions/circuit-breaker.js +83 -0
  194. package/dist/core/permissions/constrained-edit.js +91 -0
  195. package/dist/core/permissions/gate.js +278 -0
  196. package/dist/core/permissions/index.js +20 -0
  197. package/dist/core/permissions/mode.js +174 -0
  198. package/dist/core/permissions/network-egress.js +137 -0
  199. package/dist/core/permissions/state.js +241 -0
  200. package/dist/core/permissions/tool-class.js +107 -0
  201. package/dist/core/plan-mode/ui-state.js +51 -0
  202. package/dist/core/plans/plan-artifact.js +721 -0
  203. package/dist/core/policy-limits/etag-store.js +122 -0
  204. package/dist/core/prd-check/parser.js +215 -0
  205. package/dist/core/prd-check/reporter.js +127 -0
  206. package/dist/core/prd-check/session-review.js +557 -0
  207. package/dist/core/prd-check/verifiers.js +223 -0
  208. package/dist/core/prompt-cache/client-cache.js +99 -0
  209. package/dist/core/prompts/assembly.js +29 -0
  210. package/dist/core/prompts/registry.js +364 -0
  211. package/dist/core/pugi-gitignore.js +52 -0
  212. package/dist/core/pugi-md/cc-compat-rules.js +735 -0
  213. package/dist/core/pugi-md/context-injector.js +76 -0
  214. package/dist/core/pugi-md/walk-up.js +207 -0
  215. package/dist/core/python/uv-installer.js +270 -0
  216. package/dist/core/python/uv-resolver.js +83 -0
  217. package/dist/core/rate-limit/narrator.js +146 -0
  218. package/dist/core/recipes/cli-types.js +20 -0
  219. package/dist/core/recipes/loader.js +103 -0
  220. package/dist/core/recipes/runner.js +345 -0
  221. package/dist/core/recipes/schema.js +587 -0
  222. package/dist/core/release-notes/parser.js +241 -0
  223. package/dist/core/release-notes/state.js +116 -0
  224. package/dist/core/repl/ask.js +37 -37
  225. package/dist/core/repl/cancellation.js +26 -26
  226. package/dist/core/repl/cap-warning.js +4 -4
  227. package/dist/core/repl/clipboard-read.js +11 -11
  228. package/dist/core/repl/dispatch-fsm.js +12 -12
  229. package/dist/core/repl/engine-bridge.js +303 -0
  230. package/dist/core/repl/history-search.js +15 -15
  231. package/dist/core/repl/history.js +28 -18
  232. package/dist/core/repl/kill-ring.js +5 -5
  233. package/dist/core/repl/model-pricing.js +135 -0
  234. package/dist/core/repl/privacy-banner.js +22 -22
  235. package/dist/core/repl/session.js +2714 -228
  236. package/dist/core/repl/slash-commands.js +572 -40
  237. package/dist/core/repl/store/index.js +1 -1
  238. package/dist/core/repl/store/jsonl-log.js +22 -22
  239. package/dist/core/repl/store/lockfile.js +10 -10
  240. package/dist/core/repl/store/session-store.js +136 -107
  241. package/dist/core/repl/store/types.js +15 -15
  242. package/dist/core/repl/store/uuid-v7.js +12 -12
  243. package/dist/core/repl/tool-route.js +382 -0
  244. package/dist/core/repl/workspace-context.js +43 -21
  245. package/dist/core/repo-map/build.js +125 -0
  246. package/dist/core/repo-map/cache.js +185 -0
  247. package/dist/core/repo-map/extractor.js +254 -0
  248. package/dist/core/repo-map/formatter.js +145 -0
  249. package/dist/core/repo-map/page-rank.js +105 -0
  250. package/dist/core/repo-map/scanner.js +211 -0
  251. package/dist/core/retro/git-collector.js +251 -0
  252. package/dist/core/retro/health-card.js +25 -0
  253. package/dist/core/retro/metrics.js +342 -0
  254. package/dist/core/retro/narrative.js +249 -0
  255. package/dist/core/retro/plane-collector.js +274 -0
  256. package/dist/core/retro/pr-issue-link.js +65 -0
  257. package/dist/core/retro/types.js +16 -0
  258. package/dist/core/retry-budget/budget.js +284 -0
  259. package/dist/core/retry-budget/index.js +5 -0
  260. package/dist/core/retry-budget/retry-cap.js +74 -0
  261. package/dist/core/routing/lead-worker.js +43 -0
  262. package/dist/core/routing/pre-flight-estimator.js +108 -0
  263. package/dist/core/runs/run-tree.js +103 -0
  264. package/dist/core/sandboxing/adapter.js +29 -0
  265. package/dist/core/sandboxing/index.js +49 -0
  266. package/dist/core/sandboxing/none.js +19 -0
  267. package/dist/core/sandboxing/seatbelt.js +183 -0
  268. package/dist/core/security/injection-scanner.js +367 -0
  269. package/dist/core/security/output-filter.js +418 -0
  270. package/dist/core/session/env-file.js +105 -0
  271. package/dist/core/session/section-budgets.js +140 -0
  272. package/dist/core/session.js +119 -0
  273. package/dist/core/settings.js +378 -5
  274. package/dist/core/share/formatter.js +271 -0
  275. package/dist/core/share/redactor.js +221 -0
  276. package/dist/core/share/uploader.js +267 -0
  277. package/dist/core/skills/defaults.js +457 -0
  278. package/dist/core/skills/loader.js +22 -22
  279. package/dist/core/skills/sources.js +27 -27
  280. package/dist/core/smoke/headless-driver.js +174 -0
  281. package/dist/core/smoke/orchestrator.js +194 -0
  282. package/dist/core/smoke/runner.js +238 -0
  283. package/dist/core/smoke/scenario-parser.js +316 -0
  284. package/dist/core/statusline.js +99 -0
  285. package/dist/core/subagents/dispatcher-real.js +600 -0
  286. package/dist/core/subagents/dispatcher.js +146 -52
  287. package/dist/core/subagents/index.js +19 -6
  288. package/dist/core/subagents/isolation-matrix.js +213 -0
  289. package/dist/core/subagents/spawn.js +19 -4
  290. package/dist/core/telemetry/emitter.js +229 -0
  291. package/dist/core/telemetry/queue.js +251 -0
  292. package/dist/core/theme/context.js +91 -0
  293. package/dist/core/theme/presets.js +228 -0
  294. package/dist/core/theme/state.js +181 -0
  295. package/dist/core/todos/invariant.js +10 -0
  296. package/dist/core/todos/state.js +177 -0
  297. package/dist/core/tool-schema/compressor.js +89 -0
  298. package/dist/core/transport/version-interceptor.js +166 -0
  299. package/dist/core/trust.js +2 -2
  300. package/dist/core/tui/thinking-block.js +64 -0
  301. package/dist/core/vim/keymap.js +288 -0
  302. package/dist/core/vim/state.js +92 -0
  303. package/dist/core/watch-markers/marker-watcher.js +133 -0
  304. package/dist/core/worktree/include-parser.js +249 -0
  305. package/dist/core/worktree-manager/cleanup.js +123 -0
  306. package/dist/core/worktree-manager/manager.js +303 -0
  307. package/dist/index.js +36 -0
  308. package/dist/runtime/bootstrap.js +190 -0
  309. package/dist/runtime/cli.js +4536 -477
  310. package/dist/runtime/commands/agents.js +31 -31
  311. package/dist/runtime/commands/budget.js +5 -5
  312. package/dist/runtime/commands/cancel.js +231 -0
  313. package/dist/runtime/commands/chain.js +489 -0
  314. package/dist/runtime/commands/codegraph-status.js +227 -0
  315. package/dist/runtime/commands/compact.js +297 -0
  316. package/dist/runtime/commands/config.js +74 -40
  317. package/dist/runtime/commands/cost.js +199 -0
  318. package/dist/runtime/commands/delegate.js +312 -0
  319. package/dist/runtime/commands/dispatch.js +126 -0
  320. package/dist/runtime/commands/doctor.js +579 -0
  321. package/dist/runtime/commands/feedback.js +184 -0
  322. package/dist/runtime/commands/hooks.js +187 -0
  323. package/dist/runtime/commands/index-cmd.js +353 -0
  324. package/dist/runtime/commands/init.js +254 -0
  325. package/dist/runtime/commands/lsp.js +368 -0
  326. package/dist/runtime/commands/mcp.js +935 -0
  327. package/dist/runtime/commands/memory.js +582 -0
  328. package/dist/runtime/commands/model.js +237 -0
  329. package/dist/runtime/commands/onboarding.js +275 -0
  330. package/dist/runtime/commands/patch.js +128 -0
  331. package/dist/runtime/commands/permissions.js +112 -0
  332. package/dist/runtime/commands/plan.js +143 -0
  333. package/dist/runtime/commands/prd-check.js +285 -0
  334. package/dist/runtime/commands/privacy.js +17 -17
  335. package/dist/runtime/commands/recipe.js +325 -0
  336. package/dist/runtime/commands/redo-blob-store.js +92 -0
  337. package/dist/runtime/commands/redo.js +361 -0
  338. package/dist/runtime/commands/release-notes.js +229 -0
  339. package/dist/runtime/commands/repo-map.js +95 -0
  340. package/dist/runtime/commands/report.js +299 -0
  341. package/dist/runtime/commands/resume.js +118 -0
  342. package/dist/runtime/commands/review-consensus.js +68 -53
  343. package/dist/runtime/commands/rewind.js +333 -0
  344. package/dist/runtime/commands/roster.js +117 -0
  345. package/dist/runtime/commands/servers.js +236 -0
  346. package/dist/runtime/commands/sessions.js +163 -0
  347. package/dist/runtime/commands/share.js +316 -0
  348. package/dist/runtime/commands/skills.js +31 -31
  349. package/dist/runtime/commands/status.js +186 -0
  350. package/dist/runtime/commands/stickers.js +82 -0
  351. package/dist/runtime/commands/style.js +194 -0
  352. package/dist/runtime/commands/theme.js +196 -0
  353. package/dist/runtime/commands/undo.js +54 -22
  354. package/dist/runtime/commands/update.js +289 -0
  355. package/dist/runtime/commands/vim.js +140 -0
  356. package/dist/runtime/commands/worktree.js +177 -0
  357. package/dist/runtime/commands/worktrees.js +155 -0
  358. package/dist/runtime/deprecation-warning.js +69 -0
  359. package/dist/runtime/engine-exit-code.js +50 -0
  360. package/dist/runtime/headless-repl.js +195 -0
  361. package/dist/runtime/headless.js +548 -0
  362. package/dist/runtime/load-hooks-or-exit.js +71 -0
  363. package/dist/runtime/plan-decompose.js +531 -0
  364. package/dist/runtime/sigint-guard.js +272 -0
  365. package/dist/runtime/stream-renderer.js +195 -0
  366. package/dist/runtime/update-check.js +28 -28
  367. package/dist/runtime/version.js +65 -0
  368. package/dist/runtime/worktree-bootstrap.js +579 -0
  369. package/dist/skills/bundled/batch.js +617 -0
  370. package/dist/skills/bundled/index.js +45 -0
  371. package/dist/skills/bundled/loop.js +358 -0
  372. package/dist/skills/bundled/remember.js +383 -0
  373. package/dist/skills/bundled/simplify.js +289 -0
  374. package/dist/skills/bundled/skillify.js +373 -0
  375. package/dist/skills/bundled/stuck.js +558 -0
  376. package/dist/skills/bundled/verify.js +439 -0
  377. package/dist/testing/vcr.js +486 -0
  378. package/dist/tools/agent-tool.js +229 -0
  379. package/dist/tools/apply-patch.js +556 -0
  380. package/dist/tools/ask-user-question.js +337 -0
  381. package/dist/tools/ask-user.js +115 -0
  382. package/dist/tools/bash.js +624 -46
  383. package/dist/tools/brief.js +224 -0
  384. package/dist/tools/cron.js +433 -0
  385. package/dist/tools/enter-worktree.js +250 -0
  386. package/dist/tools/exit-worktree.js +147 -0
  387. package/dist/tools/file-tools.js +161 -44
  388. package/dist/tools/http-request.js +336 -0
  389. package/dist/tools/lsp-tools.js +565 -0
  390. package/dist/tools/mcp-tool.js +260 -0
  391. package/dist/tools/multi-edit.js +361 -0
  392. package/dist/tools/powershell.js +268 -0
  393. package/dist/tools/registry.js +142 -1
  394. package/dist/tools/server-tools.js +892 -0
  395. package/dist/tools/skill-tool.js +96 -0
  396. package/dist/tools/sleep.js +99 -0
  397. package/dist/tools/synthetic-output.js +133 -0
  398. package/dist/tools/tasks.js +208 -0
  399. package/dist/tools/todo-write.js +184 -0
  400. package/dist/tools/verify-plan-execution.js +295 -0
  401. package/dist/tools/web-fetch-injection-scanner.js +207 -0
  402. package/dist/tools/web-fetch.js +195 -10
  403. package/dist/tools/web-search.js +458 -0
  404. package/dist/tui/agent-progress-card.js +111 -0
  405. package/dist/tui/agent-tree.js +22 -1
  406. package/dist/tui/ask-modal.js +14 -14
  407. package/dist/tui/ask-user-question-chips.js +315 -0
  408. package/dist/tui/ask-user-question-prompt.js +203 -0
  409. package/dist/tui/compact-banner.js +81 -0
  410. package/dist/tui/conversation-pane.js +85 -11
  411. package/dist/tui/cost-table.js +111 -0
  412. package/dist/tui/device-flow.js +2 -2
  413. package/dist/tui/doctor-table.js +46 -0
  414. package/dist/tui/feedback-prompt.js +156 -0
  415. package/dist/tui/input-box.js +247 -32
  416. package/dist/tui/login-picker.js +3 -3
  417. package/dist/tui/markdown-render.js +6 -6
  418. package/dist/tui/multi-file-diff-approval.js +375 -0
  419. package/dist/tui/onboarding-wizard.js +240 -0
  420. package/dist/tui/permissions-picker.js +86 -0
  421. package/dist/tui/render.js +36 -1
  422. package/dist/tui/repl-render.js +405 -32
  423. package/dist/tui/repl-splash-art.js +16 -16
  424. package/dist/tui/repl-splash-mascot.js +48 -24
  425. package/dist/tui/repl-splash.js +22 -22
  426. package/dist/tui/repl.js +136 -43
  427. package/dist/tui/slash-palette.js +6 -6
  428. package/dist/tui/splash.js +2 -2
  429. package/dist/tui/status-bar.js +109 -31
  430. package/dist/tui/status-table.js +7 -0
  431. package/dist/tui/stickers-art.js +136 -0
  432. package/dist/tui/style-table.js +28 -0
  433. package/dist/tui/theme-table.js +29 -0
  434. package/dist/tui/thinking-spinner.js +123 -0
  435. package/dist/tui/tool-stream-pane.js +53 -4
  436. package/dist/tui/update-banner.js +27 -2
  437. package/dist/tui/vim-input.js +267 -0
  438. package/dist/tui/welcome-banner.js +107 -0
  439. package/dist/tui/welcome-data.js +293 -0
  440. package/dist/tui/workspace-context.js +2 -2
  441. package/docs/examples/codegraph.mcp.json +10 -0
  442. package/package.json +25 -7
  443. package/test/scenarios/codegen-create-file.scenario.txt +13 -0
  444. package/test/scenarios/compact-force.scenario.txt +12 -0
  445. package/test/scenarios/identity.scenario.txt +11 -0
  446. package/test/scenarios/persona-handoff.scenario.txt +12 -0
  447. package/test/scenarios/walkback.scenario.txt +12 -0
  448. package/dist/core/engine/compaction-hook.js +0 -154
@@ -0,0 +1,74 @@
1
+ const DEFAULT_CAP = 3;
2
+ const DEFAULT_RESET_AFTER_MS = 300_000;
3
+ export function createRetryBudget(options = {}) {
4
+ const cap = normalizePositiveInteger(options.cap, DEFAULT_CAP);
5
+ const resetAfterMs = normalizeNonNegativeInteger(options.resetAfterMs, DEFAULT_RESET_AFTER_MS);
6
+ const states = new Map();
7
+ function clone(state) {
8
+ return { ...state };
9
+ }
10
+ function getFreshState(operationKey, now = Date.now()) {
11
+ const state = states.get(operationKey);
12
+ if (!state)
13
+ return null;
14
+ if (now - state.lastAttemptAt >= resetAfterMs) {
15
+ states.delete(operationKey);
16
+ return null;
17
+ }
18
+ return state;
19
+ }
20
+ return {
21
+ record(operationKey) {
22
+ const now = Date.now();
23
+ const existing = getFreshState(operationKey, now);
24
+ const attempts = (existing?.attempts ?? 0) + 1;
25
+ const next = {
26
+ operationKey,
27
+ attempts,
28
+ firstAttemptAt: existing?.firstAttemptAt ?? now,
29
+ lastAttemptAt: now,
30
+ exhausted: attempts >= cap,
31
+ };
32
+ states.set(operationKey, next);
33
+ return clone(next);
34
+ },
35
+ reset(operationKey) {
36
+ states.delete(operationKey);
37
+ },
38
+ isExhausted(operationKey) {
39
+ return getFreshState(operationKey)?.exhausted ?? false;
40
+ },
41
+ getState(operationKey) {
42
+ const state = getFreshState(operationKey);
43
+ return state ? clone(state) : null;
44
+ },
45
+ };
46
+ }
47
+ export function validatePromptWordCount(text, opts) {
48
+ const words = countWords(text);
49
+ const chars = text.length;
50
+ if (opts.min !== undefined && words < opts.min) {
51
+ return { valid: false, words, chars, reason: 'too-short' };
52
+ }
53
+ if (opts.max !== undefined && words > opts.max) {
54
+ return { valid: false, words, chars, reason: 'too-long' };
55
+ }
56
+ return { valid: true, words, chars };
57
+ }
58
+ function countWords(text) {
59
+ const trimmed = text.trim();
60
+ if (trimmed.length === 0)
61
+ return 0;
62
+ return trimmed.split(/\s+/).length;
63
+ }
64
+ function normalizePositiveInteger(value, fallback) {
65
+ if (value === undefined || !Number.isFinite(value))
66
+ return fallback;
67
+ return Math.max(1, Math.floor(value));
68
+ }
69
+ function normalizeNonNegativeInteger(value, fallback) {
70
+ if (value === undefined || !Number.isFinite(value))
71
+ return fallback;
72
+ return Math.max(0, Math.floor(value));
73
+ }
74
+ //# sourceMappingURL=retry-cap.js.map
@@ -0,0 +1,43 @@
1
+ export function assignRoles(opts) {
2
+ let hasAssignedWriteLead = false;
3
+ return opts.steps.map((step) => {
4
+ const role = assignRole(step, hasAssignedWriteLead);
5
+ if (step.intent === 'write' && role.role === 'lead') {
6
+ hasAssignedWriteLead = true;
7
+ }
8
+ return {
9
+ step: step.id,
10
+ role: role.role,
11
+ model: role.role === 'lead' ? opts.leadModel : opts.workerModel,
12
+ reason: role.reason,
13
+ };
14
+ });
15
+ }
16
+ function assignRole(step, hasAssignedWriteLead) {
17
+ if (step.intent === 'plan') {
18
+ return { role: 'lead', reason: 'planning step requires lead orchestration' };
19
+ }
20
+ if (hasLeadHeuristic(step.id)) {
21
+ return { role: 'lead', reason: 'step id indicates planning or orchestration' };
22
+ }
23
+ if (step.intent === 'write' && !hasAssignedWriteLead) {
24
+ return { role: 'lead', reason: 'first write step needs lead architecture' };
25
+ }
26
+ if (step.intent === 'write') {
27
+ return { role: 'worker', reason: 'subsequent write step is bulk execution' };
28
+ }
29
+ if (step.intent === 'read' || step.intent === 'verify') {
30
+ return { role: 'worker', reason: 'read and verify steps are worker execution' };
31
+ }
32
+ if (step.intent === 'explain') {
33
+ return { role: 'worker', reason: 'explanation step can run on worker model' };
34
+ }
35
+ return { role: 'lead', reason: 'unknown intent defaults to lead defensively' };
36
+ }
37
+ function hasLeadHeuristic(stepId) {
38
+ const normalized = stepId.toLowerCase();
39
+ return (normalized.includes('plan') ||
40
+ normalized.includes('design') ||
41
+ normalized.includes('orchestrate'));
42
+ }
43
+ //# sourceMappingURL=lead-worker.js.map
@@ -0,0 +1,108 @@
1
+ /**
2
+ * Pre-flight token estimator — external tokenEstimation port,
3
+ * adapted for Anvil's 3-tier routing.
4
+ *
5
+ * The auto-compact gate counts tokens AFTER a turn lands. This module
6
+ * runs BEFORE the request leaves the CLI so the router can pick the
7
+ * cheapest pool that still fits. Three pools exist:
8
+ *
9
+ * cheap → DeepSeek V4-Pro / Cerebras Qwen3-Coder (128k-256k window)
10
+ * mid → Anthropic Sonnet 4.6 / GPT-5 (200k window, 2-3× cheap-pool cost)
11
+ * long → Kimi K2.6 / Gemini 2.5 Pro (1M window, 5-10× cheap-pool cost)
12
+ *
13
+ * The estimator is intentionally synchronous, pure, and free of I/O so
14
+ * the call site can run it inside a render loop without yielding to
15
+ * the event loop. The token approximation reuses the existing
16
+ * char-per-token heuristic from `core/compact/token-counter.ts` (4 chars
17
+ * ≈ 1 token, biased high). No tiktoken dependency added.
18
+ */
19
+ import { estimateTokens } from '../compact/token-counter.js';
20
+ /**
21
+ * Default tier ceilings tuned для Anvil 2026-06 routing matrix.
22
+ * cheap-pool models (DeepSeek/Cerebras) hard-cap at 100k effective input.
23
+ * mid-pool (Sonnet/GPT-5) safe through 180k.
24
+ * long-pool (Kimi/Gemini-Pro) accepts к 900k.
25
+ *
26
+ * The numbers stay below the nominal context window к leave room for
27
+ * output tokens, тек streaming overhead, and tokenizer skew.
28
+ */
29
+ const DEFAULT_CHEAP_MAX = 100_000;
30
+ const DEFAULT_MID_MAX = 180_000;
31
+ const DEFAULT_LONG_MAX = 900_000;
32
+ const DEFAULT_OUTPUT_BUFFER = 4_096;
33
+ export function estimatePreFlight(input, options = {}) {
34
+ const cheapMax = options.cheapTierMaxInput ?? DEFAULT_CHEAP_MAX;
35
+ const midMax = options.midTierMaxInput ?? DEFAULT_MID_MAX;
36
+ const longMax = options.longTierMaxInput ?? DEFAULT_LONG_MAX;
37
+ const outputBuffer = input.expectedOutputTokens
38
+ ?? options.outputBuffer
39
+ ?? DEFAULT_OUTPUT_BUFFER;
40
+ if (cheapMax <= 0 || midMax <= 0 || longMax <= 0) {
41
+ throw new RangeError('tier max values must be positive');
42
+ }
43
+ if (cheapMax > midMax || midMax > longMax) {
44
+ throw new RangeError('tier ceilings must be monotonic: cheap <= mid <= long');
45
+ }
46
+ if (outputBuffer < 0) {
47
+ throw new RangeError('outputBuffer must be >= 0');
48
+ }
49
+ const systemTokens = sumStrings(input.systemPrompt ? [input.systemPrompt] : []);
50
+ const dialogTokens = sumStrings(input.dialogHistory ?? []);
51
+ const ragTokens = sumStrings(input.ragContext ?? []);
52
+ const toolTokens = sumStrings(input.toolResults ?? []);
53
+ const userTokens = sumStrings(input.userMessage ? [input.userMessage] : []);
54
+ const inputTokens = systemTokens + dialogTokens + ragTokens + toolTokens + userTokens;
55
+ const totalTokens = inputTokens + outputBuffer;
56
+ const tier = pickTier(inputTokens, cheapMax, midMax);
57
+ const overLongTier = inputTokens > longMax;
58
+ return {
59
+ inputTokens,
60
+ outputBuffer,
61
+ totalTokens,
62
+ tier,
63
+ breakdown: {
64
+ systemPrompt: systemTokens,
65
+ dialogHistory: dialogTokens,
66
+ ragContext: ragTokens,
67
+ toolResults: toolTokens,
68
+ userMessage: userTokens,
69
+ },
70
+ overLongTier,
71
+ };
72
+ }
73
+ function sumStrings(parts) {
74
+ let total = 0;
75
+ for (const part of parts) {
76
+ total += estimateTokens(part);
77
+ }
78
+ return total;
79
+ }
80
+ function pickTier(inputTokens, cheapMax, midMax) {
81
+ if (inputTokens <= cheapMax)
82
+ return 'cheap';
83
+ if (inputTokens <= midMax)
84
+ return 'mid';
85
+ return 'long';
86
+ }
87
+ /**
88
+ * Human-readable explanation для CLI / TUI surfacing.
89
+ * The format is stable and may be parsed by the doctor command.
90
+ */
91
+ export function explainEstimate(estimate) {
92
+ const lines = [];
93
+ lines.push(`Input tokens: ${estimate.inputTokens.toLocaleString('en-US')}`);
94
+ lines.push(`Output buffer: ${estimate.outputBuffer.toLocaleString('en-US')}`);
95
+ lines.push(`Total: ${estimate.totalTokens.toLocaleString('en-US')}`);
96
+ lines.push(`Routing tier: ${estimate.tier}`);
97
+ if (estimate.overLongTier) {
98
+ lines.push('WARNING: input exceeds long-tier ceiling — request will likely fail');
99
+ }
100
+ lines.push('Breakdown:');
101
+ lines.push(` system prompt: ${estimate.breakdown.systemPrompt.toLocaleString('en-US')}`);
102
+ lines.push(` dialog: ${estimate.breakdown.dialogHistory.toLocaleString('en-US')}`);
103
+ lines.push(` rag: ${estimate.breakdown.ragContext.toLocaleString('en-US')}`);
104
+ lines.push(` tool results: ${estimate.breakdown.toolResults.toLocaleString('en-US')}`);
105
+ lines.push(` user message: ${estimate.breakdown.userMessage.toLocaleString('en-US')}`);
106
+ return lines.join('\n');
107
+ }
108
+ //# sourceMappingURL=pre-flight-estimator.js.map
@@ -0,0 +1,103 @@
1
+ /**
2
+ * Canonical `.pugi/runs/<id>/` artifact tree .
3
+ *
4
+ * Karpathy hn-time-capsule pattern: every Pugi execution produces a
5
+ * deterministic directory structure where downstream tooling (eval
6
+ * harness, leaderboard, replay, debugging) can find
7
+ * artifacts at predictable paths.
8
+ *
9
+ * Layout per run:
10
+ * .pugi/runs/<id>/
11
+ * meta.json — metadata: id, startedAt, finishedAt?, command, tier
12
+ * stdout.log — captured stdout (the engine writes it directly)
13
+ * stderr.log — captured stderr
14
+ * events.jsonl — structured event stream (NDJSON)
15
+ * metrics.json — final metrics summary (written at run end)
16
+ * artifacts/ — арbitrary file outputs (plans, diffs, exports)
17
+ *
18
+ * The `<id>` is `<ISO-timestamp>-<short-rand>` so runs sort
19
+ * chronologically when listed by directory order.
20
+ *
21
+ * This module only handles the directory + metadata primitive. Actual
22
+ * stream writing (stdout.log, events.jsonl) is the engine's job —
23
+ * we return paths so the engine knows where к write.
24
+ */
25
+ import { mkdir, writeFile, readFile, stat } from 'node:fs/promises';
26
+ import { randomBytes } from 'node:crypto';
27
+ import path from 'node:path';
28
+ export function generateRunId(now = new Date()) {
29
+ const iso = now.toISOString().replace(/[:.]/g, '-');
30
+ const rand = randomBytes(3).toString('hex');
31
+ return `${iso}-${rand}`;
32
+ }
33
+ export function resolveRunPaths(workspaceRoot, id) {
34
+ const root = path.join(workspaceRoot, '.pugi', 'runs', id);
35
+ return {
36
+ root,
37
+ meta: path.join(root, 'meta.json'),
38
+ stdout: path.join(root, 'stdout.log'),
39
+ stderr: path.join(root, 'stderr.log'),
40
+ events: path.join(root, 'events.jsonl'),
41
+ metrics: path.join(root, 'metrics.json'),
42
+ artifacts: path.join(root, 'artifacts'),
43
+ };
44
+ }
45
+ export async function createRun(options) {
46
+ if (!options.workspaceRoot) {
47
+ throw new TypeError('workspaceRoot is required');
48
+ }
49
+ const id = options.id ?? generateRunId();
50
+ if (!/^[A-Za-z0-9_.\-T:Z]+$/.test(id)) {
51
+ throw new RangeError(`invalid run id: ${id} (forbidden characters)`);
52
+ }
53
+ const paths = resolveRunPaths(options.workspaceRoot, id);
54
+ await mkdir(paths.artifacts, { recursive: true });
55
+ const meta = {
56
+ id,
57
+ startedAt: new Date().toISOString(),
58
+ };
59
+ if (options.command !== undefined)
60
+ meta.command = options.command;
61
+ if (options.tier !== undefined)
62
+ meta.tier = options.tier;
63
+ if (options.extra !== undefined)
64
+ meta.extra = options.extra;
65
+ await writeFile(paths.meta, JSON.stringify(meta, null, 2) + '\n');
66
+ return paths;
67
+ }
68
+ export async function readRunMetadata(paths) {
69
+ try {
70
+ const buf = await readFile(paths.meta, 'utf8');
71
+ return JSON.parse(buf);
72
+ }
73
+ catch {
74
+ return null;
75
+ }
76
+ }
77
+ export async function finalizeRun(paths, options = {}) {
78
+ const existing = await readRunMetadata(paths);
79
+ if (!existing) {
80
+ throw new Error(`run metadata missing at ${paths.meta}`);
81
+ }
82
+ const finished = {
83
+ ...existing,
84
+ finishedAt: new Date().toISOString(),
85
+ };
86
+ if (options.exitCode !== undefined) {
87
+ finished.exitCode = options.exitCode;
88
+ }
89
+ await writeFile(paths.meta, JSON.stringify(finished, null, 2) + '\n');
90
+ if (options.metrics !== undefined) {
91
+ await writeFile(paths.metrics, JSON.stringify(options.metrics, null, 2) + '\n');
92
+ }
93
+ }
94
+ export async function runExists(paths) {
95
+ try {
96
+ const stats = await stat(paths.root);
97
+ return stats.isDirectory();
98
+ }
99
+ catch {
100
+ return false;
101
+ }
102
+ }
103
+ //# sourceMappingURL=run-tree.js.map
@@ -0,0 +1,29 @@
1
+ /**
2
+ * Bash sandbox adapter interface (Trust Sprint item 6).
3
+ *
4
+ * Adapter pattern so the bash tool stays unchanged: a runner wraps the
5
+ * spawn invocation with an OS-level sandbox primitive. Today's variants:
6
+ *
7
+ * - none — passthrough (existing behaviour).
8
+ * - macOS-seatbelt — /usr/bin/sandbox-exec with a workspace-scoped
9
+ * write allowlist, read-anywhere, network-allow
10
+ * profile.
11
+ * - docker — Linux fallback. Throws at boot (deferred to a
12
+ * follow-up PR; schema accepts the keyword so
13
+ * operators can see it documented).
14
+ *
15
+ * The CLI bash tool itself is owned by a parallel agent (PUGI-VERIFY-
16
+ * GATE). We intentionally do NOT modify `tools/bash.ts` here. Instead
17
+ * the sandbox sits as an indirection layer between higher-level
18
+ * callers (`runtime/cli.ts`, `core/bash-runner.ts` if introduced
19
+ * later) and the existing bash entry-point.
20
+ *
21
+ * Future: replace this with native landlock bindings on Linux and
22
+ * job-object on Windows. The interface is stable, the adapters
23
+ * change.
24
+ */
25
+ export {};
26
+ // The `makeAdapter` resolver lives in `./index.ts` so it can import
27
+ // the concrete adapters via ESM without circular references. This
28
+ // file stays pure interfaces.
29
+ //# sourceMappingURL=adapter.js.map
@@ -0,0 +1,49 @@
1
+ /**
2
+ * Sandbox adapter resolver (Trust Sprint item 6).
3
+ *
4
+ * Single re-export surface so consumers (`pugi doctor`, future bash
5
+ * runner indirection, MCP serve diagnostics) can do:
6
+ *
7
+ * import { makeAdapter, type SandboxMode } from '.../sandboxing';
8
+ *
9
+ * The concrete adapters live in sibling files; this index wires the
10
+ * lookup table without forcing a circular import between the
11
+ * interface (`adapter.ts`) and the implementations.
12
+ */
13
+ import { NoneSandboxAdapter } from './none.js';
14
+ import { SeatbeltSandboxAdapter } from './seatbelt.js';
15
+ export { NoneSandboxAdapter } from './none.js';
16
+ export { SeatbeltSandboxAdapter } from './seatbelt.js';
17
+ /**
18
+ * Resolve a sandbox adapter from a configured mode. Throws for
19
+ * `docker` (documented but not shipped in this PR) and for unknown
20
+ * modes (defends against forward-rolled settings.json files).
21
+ */
22
+ export function makeAdapter(mode) {
23
+ switch (mode) {
24
+ case 'none':
25
+ return new NoneSandboxAdapter();
26
+ case 'macOS-seatbelt':
27
+ return new SeatbeltSandboxAdapter();
28
+ case 'docker':
29
+ throw new Error('bash sandbox: docker mode is documented but not yet implemented. ' +
30
+ 'Use bash.sandbox = "none" or "macOS-seatbelt" until the docker adapter ships.');
31
+ default: {
32
+ const exhaustive = mode;
33
+ throw new Error(`bash sandbox: unknown mode "${String(exhaustive)}"`);
34
+ }
35
+ }
36
+ }
37
+ /**
38
+ * Convenience: probe the configured mode without spawning anything.
39
+ * Used by `pugi doctor` so the sandbox probe can report the same
40
+ * armed state the bash runner would see.
41
+ */
42
+ export function probeSandbox(opts) {
43
+ const adapter = makeAdapter(opts.mode);
44
+ return adapter.probe({
45
+ workspaceRoot: opts.workspaceRoot,
46
+ ...(opts.extraWritePaths ? { extraWritePaths: opts.extraWritePaths } : {}),
47
+ });
48
+ }
49
+ //# sourceMappingURL=index.js.map
@@ -0,0 +1,19 @@
1
+ export class NoneSandboxAdapter {
2
+ mode = 'none';
3
+ probe(_opts) {
4
+ return {
5
+ mode: 'none',
6
+ armed: false,
7
+ reason: "policy 'none' selected — bash dispatches run unsandboxed (classifier + permission FSM still apply).",
8
+ details: ['mode: none (passthrough)', 'enforcement: bash classifier + permission FSM only'],
9
+ };
10
+ }
11
+ wrap(cmd, _opts) {
12
+ return {
13
+ command: cmd.command,
14
+ args: cmd.args,
15
+ description: 'sandbox: none (passthrough)',
16
+ };
17
+ }
18
+ }
19
+ //# sourceMappingURL=none.js.map
@@ -0,0 +1,183 @@
1
+ /**
2
+ * macOS Seatbelt sandbox adapter (Trust Sprint item 6).
3
+ *
4
+ * Wraps bash command execution with `/usr/bin/sandbox-exec` and a
5
+ * dynamically-generated profile. Policy posture:
6
+ *
7
+ * - Reads ANYWHERE (so `node_modules` lookups, system headers,
8
+ * package indices etc all keep working).
9
+ * - Writes ALLOWED under: workspaceRoot, ~/.pugi/, and any
10
+ * additional paths the caller explicitly passes (typical: /tmp,
11
+ * plus the resolved pnpm cache dir if it lives outside ~/.pugi).
12
+ * - Process execution ALLOWED (we need to spawn child binaries to
13
+ * run pnpm / git / etc).
14
+ * - Network egress ALLOWED (npm install, git fetch, web fetch).
15
+ *
16
+ * Profile is rendered to a tmp file per `wrap()` call. The temp file
17
+ * lives in OS tmpdir with mode 0o600. We do NOT cache the profile
18
+ * because workspaceRoot or extraWritePaths can vary per call (e.g.
19
+ * REPL working-directory changes); the file write is cheap.
20
+ *
21
+ * Cancel-cleanup: profile temp files are written with the process
22
+ * pid + random suffix so concurrent calls don't collide. We leave
23
+ * cleanup to the kernel's tmp reaper rather than tracking handles
24
+ * inside the adapter — adding ref-counting would couple the sandbox
25
+ * lifecycle to the bash runner and `pugi mcp serve`, both of which
26
+ * are owned by other agents.
27
+ *
28
+ * Security note: sandbox-exec's profile language is best-effort. It
29
+ * is not a kernel-enforced jail. The intent here is to catch
30
+ * accidental writes outside the workspace (e.g. a renamed test that
31
+ * accidentally writes to $HOME), not to harden against a determined
32
+ * attacker who controls the spawned binary.
33
+ */
34
+ import { execFileSync } from 'node:child_process';
35
+ import { mkdtempSync, writeFileSync } from 'node:fs';
36
+ import { tmpdir } from 'node:os';
37
+ import { isAbsolute, join } from 'node:path';
38
+ const SANDBOX_EXEC_PATH = '/usr/bin/sandbox-exec';
39
+ export class SeatbeltSandboxAdapter {
40
+ mode = 'macOS-seatbelt';
41
+ probe(opts) {
42
+ if (process.platform !== 'darwin') {
43
+ return {
44
+ mode: 'macOS-seatbelt',
45
+ armed: false,
46
+ reason: `macOS-seatbelt unavailable on ${process.platform} — choose 'none' or 'docker'.`,
47
+ details: [`platform: ${process.platform}`, `expected: darwin`],
48
+ };
49
+ }
50
+ if (!sandboxExecBinaryAvailable()) {
51
+ return {
52
+ mode: 'macOS-seatbelt',
53
+ armed: false,
54
+ reason: `sandbox-exec not callable at ${SANDBOX_EXEC_PATH}.`,
55
+ details: [
56
+ `binary: ${SANDBOX_EXEC_PATH}`,
57
+ 'remediation: verify Apple has not deprecated the binary on this macOS major.',
58
+ ],
59
+ };
60
+ }
61
+ return {
62
+ mode: 'macOS-seatbelt',
63
+ armed: true,
64
+ details: [
65
+ 'platform: darwin',
66
+ `binary: ${SANDBOX_EXEC_PATH}`,
67
+ `workspaceRoot: ${opts.workspaceRoot}`,
68
+ `extraWritePaths: ${(opts.extraWritePaths ?? []).join(', ') || '<none>'}`,
69
+ ],
70
+ };
71
+ }
72
+ wrap(cmd, opts) {
73
+ const armed = this.probe(opts);
74
+ if (!armed.armed) {
75
+ throw new Error(`SeatbeltSandboxAdapter.wrap: ${armed.reason}`);
76
+ }
77
+ if (!isAbsolute(opts.workspaceRoot)) {
78
+ throw new Error(`SeatbeltSandboxAdapter.wrap: workspaceRoot must be absolute, got "${opts.workspaceRoot}"`);
79
+ }
80
+ for (const p of opts.extraWritePaths ?? []) {
81
+ if (!isAbsolute(p)) {
82
+ throw new Error(`SeatbeltSandboxAdapter.wrap: extraWritePaths entry must be absolute, got "${p}"`);
83
+ }
84
+ }
85
+ const profilePath = writeProfileFile(opts);
86
+ return {
87
+ command: SANDBOX_EXEC_PATH,
88
+ args: ['-f', profilePath, cmd.command, ...cmd.args],
89
+ description: `sandbox: macOS-seatbelt (profile=${profilePath})`,
90
+ };
91
+ }
92
+ /**
93
+ * Render the Seatbelt profile (TCL/Lisp-ish) for the given write
94
+ * allowlist. Exposed for unit tests; the live wrap path uses
95
+ * `writeProfileFile` internally.
96
+ */
97
+ renderProfile(opts) {
98
+ return renderProfile(opts);
99
+ }
100
+ }
101
+ function sandboxExecBinaryAvailable() {
102
+ try {
103
+ // `sandbox-exec` exits non-zero with a usage banner on `-h`. We
104
+ // capture the banner via stderr and accept any rapid exit as
105
+ // evidence the binary is callable.
106
+ execFileSync(SANDBOX_EXEC_PATH, ['-h'], {
107
+ stdio: ['ignore', 'ignore', 'pipe'],
108
+ timeout: 3000,
109
+ });
110
+ return true;
111
+ }
112
+ catch (err) {
113
+ const e = err;
114
+ // ENOENT means the binary itself is missing. A non-zero exit code
115
+ // (sandbox-exec usage banner) is success for our purposes.
116
+ if (e?.code === 'ENOENT')
117
+ return false;
118
+ return true;
119
+ }
120
+ }
121
+ function writeProfileFile(opts) {
122
+ const profile = renderProfile(opts);
123
+ const dir = mkdtempSync(join(tmpdir(), 'pugi-seatbelt-'));
124
+ const path = join(dir, 'profile.sb');
125
+ writeFileSync(path, profile, { mode: 0o600 });
126
+ return path;
127
+ }
128
+ /**
129
+ * Generate the Seatbelt profile. Keep the language tight:
130
+ *
131
+ * - (version 1) — required header.
132
+ * - (deny default) — start from no permissions.
133
+ * - (allow process*) — allow spawning child processes.
134
+ * - (allow file-read*) — reads unrestricted.
135
+ * - (allow file-write* (subpath "...")) — writes scoped.
136
+ * - (allow network*) — egress unrestricted.
137
+ * - (allow signal) + sysctl-read for normal node operation.
138
+ */
139
+ function renderProfile(opts) {
140
+ const writePaths = [opts.workspaceRoot, ...(opts.extraWritePaths ?? [])];
141
+ const writeRules = writePaths
142
+ .map((p) => ` (subpath ${quoteForSeatbelt(p)})`)
143
+ .join('\n');
144
+ // Devices required for normal stdout/stderr piping. /dev/null is
145
+ // table stakes; pts/* keeps interactive PTY-based tools (pagers,
146
+ // editors) working when an operator runs them under the sandbox.
147
+ const devicePaths = ['/dev/null', '/dev/dtracehelper', '/dev/tty', '/dev/stdout', '/dev/stderr'];
148
+ const deviceRules = devicePaths
149
+ .map((p) => ` (literal ${quoteForSeatbelt(p)})`)
150
+ .join('\n');
151
+ return [
152
+ '(version 1)',
153
+ '(deny default)',
154
+ '(allow process-exec)',
155
+ '(allow process-fork)',
156
+ '(allow signal (target self))',
157
+ '(allow sysctl-read)',
158
+ '(allow file-read*)',
159
+ '(allow file-write*',
160
+ writeRules,
161
+ ')',
162
+ '(allow file-write*',
163
+ deviceRules,
164
+ ')',
165
+ '(allow network*)',
166
+ '(allow mach-lookup)',
167
+ '(allow ipc-posix-shm)',
168
+ '',
169
+ ].join('\n');
170
+ }
171
+ /**
172
+ * Seatbelt profile string literals use TCL-style double-quoted
173
+ * strings. We need to escape `"` and `\` but the profile language
174
+ * does not accept arbitrary control chars; reject any input that
175
+ * contains them so we never silently emit a malformed profile.
176
+ */
177
+ function quoteForSeatbelt(value) {
178
+ if (/[\x00-\x1f"\\]/.test(value)) {
179
+ throw new Error(`SeatbeltSandboxAdapter: refusing to render profile with non-printable or quote chars in "${value}"`);
180
+ }
181
+ return `"${value}"`;
182
+ }
183
+ //# sourceMappingURL=seatbelt.js.map