@pugi/cli 0.1.0-beta.1 → 0.1.0-beta.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (41) hide show
  1. package/THIRD_PARTY_NOTICES.md +40 -0
  2. package/assets/pugi-mascot.ansi +15 -40
  3. package/dist/core/edits/worktree.js +322 -0
  4. package/dist/core/engine/anvil-client.js +16 -0
  5. package/dist/core/engine/budgets.js +89 -0
  6. package/dist/core/engine/native-pugi.js +112 -12
  7. package/dist/core/engine/prompts.js +8 -0
  8. package/dist/core/engine/tool-bridge.js +267 -8
  9. package/dist/core/init/scaffold.js +195 -0
  10. package/dist/core/lsp/client.js +719 -0
  11. package/dist/core/repl/codebase-survey.js +308 -0
  12. package/dist/core/repl/init-interview.js +457 -0
  13. package/dist/core/repl/onboarding-state.js +297 -0
  14. package/dist/core/repl/session.js +72 -1
  15. package/dist/core/repl/slash-commands.js +41 -0
  16. package/dist/core/settings.js +28 -0
  17. package/dist/core/skills/defaults.js +457 -0
  18. package/dist/runtime/cli.js +366 -14
  19. package/dist/runtime/commands/delegate.js +289 -0
  20. package/dist/runtime/commands/lsp.js +206 -0
  21. package/dist/runtime/commands/patch.js +128 -0
  22. package/dist/runtime/commands/roster.js +117 -0
  23. package/dist/runtime/commands/worktree.js +177 -0
  24. package/dist/runtime/plan-decompose.js +531 -0
  25. package/dist/tools/apply-patch.js +495 -0
  26. package/dist/tools/ask-user.js +115 -0
  27. package/dist/tools/lsp-tools.js +189 -0
  28. package/dist/tools/registry.js +26 -0
  29. package/dist/tools/skill-tool.js +96 -0
  30. package/dist/tools/tasks.js +208 -0
  31. package/dist/tui/ask-modal.js +2 -2
  32. package/dist/tui/conversation-pane.js +1 -1
  33. package/dist/tui/input-box.js +1 -1
  34. package/dist/tui/markdown-render.js +4 -4
  35. package/dist/tui/repl-render.js +169 -10
  36. package/dist/tui/repl-splash.js +2 -2
  37. package/dist/tui/repl.js +18 -5
  38. package/dist/tui/splash.js +1 -1
  39. package/dist/tui/update-banner.js +1 -1
  40. package/docs/examples/codegraph.mcp.json +10 -0
  41. package/package.json +6 -4
@@ -0,0 +1,495 @@
1
+ /**
2
+ * apply_patch tool — α7.7 Phase 1.
3
+ *
4
+ * Accepts a unified diff (the format produced by `git diff` and
5
+ * consumed by `git apply`) and lands it atomically into the workspace.
6
+ * This is the third edit primitive alongside the α6.6 4-layer diff
7
+ * escalation: where the layers escalate from minimal `oldString`/
8
+ * `newString` blocks up to full-file rewrites, apply_patch covers the
9
+ * unified-diff dialect that OpenAI Codex and most external tools emit.
10
+ *
11
+ * Why we have both:
12
+ *
13
+ * - The 4-layer escalation maximises model-side success rate on
14
+ * conversational edits (Claude / Gemini / OpenAI all have a
15
+ * preferred dialect that maps onto one of the layers).
16
+ * - apply_patch is the "external tools speak this" path. A model
17
+ * emits a single unified diff (the format `git diff` produces),
18
+ * and we run it through `git apply` with the same security gate
19
+ * the layers use.
20
+ *
21
+ * Security: every file mentioned in the patch goes through the same
22
+ * `applySecurityGate` chokepoint as the layers (see
23
+ * `src/core/edits/security-gate.ts`). A patch that touches
24
+ * `../../etc/passwd`, `.env`, or a workspace-local symlink to a protected
25
+ * file is rejected BEFORE `git apply` runs. Symlink escape, protected
26
+ * file, and path traversal are all covered by the same gate the layers
27
+ * inherit — we never roll our own resolver here.
28
+ *
29
+ * Atomicity: a multi-file patch either lands entirely or not at all.
30
+ * `git apply --check` validates the patch end-to-end against the
31
+ * working tree first; only on a clean check do we run the real apply.
32
+ * If the apply still fails partway (extremely rare — usually a race
33
+ * with another writer), we run `git checkout -- <each file>` to roll
34
+ * the tree back. This keeps the dispatcher's invariant: a tool result
35
+ * of `ok: false` means the workspace is unchanged.
36
+ *
37
+ * Idempotency: applying the same patch twice rejects the second with
38
+ * `already_applied`. `git apply` itself returns success only when the
39
+ * patch's pre-image matches the working tree, so a second invocation
40
+ * naturally fails. We translate the specific failure mode into a
41
+ * dedicated reason so callers can short-circuit retry loops.
42
+ *
43
+ * Brand voice: ASCII only, no emoji, no banned words.
44
+ */
45
+ import { spawnSync } from 'node:child_process';
46
+ import { existsSync, rmSync } from 'node:fs';
47
+ import { resolve, sep } from 'node:path';
48
+ import { applySecurityGate } from '../core/edits/security-gate.js';
49
+ import { gateOnCancellation, OperatorAbortedError } from './file-tools.js';
50
+ import { recordToolCall, recordToolResult, recordFileMutation } from '../core/session.js';
51
+ /**
52
+ * Parse the file paths referenced in a unified diff. We look for both
53
+ * `diff --git a/X b/Y` headers (preferred) and the fallback
54
+ * `+++ b/<path>` lines that plain `diff -u` emits. The full set of
55
+ * touched paths feeds the security gate — EVERY file goes through
56
+ * `applySecurityGate` before we trust `git apply` to do anything.
57
+ *
58
+ * Security (R1 fix 2026-05-26, PR #413 r1): git emits C-style quoted
59
+ * path headers when a path contains "unusual" bytes (high bits, control
60
+ * chars, double-quote, backslash) and `core.quotePath` is true (the
61
+ * default). The literal header looks like
62
+ * `diff --git "a/.env" "b/.env"`. Before this fix the regex captured
63
+ * the literal `"b/.env"` string and the security gate's basename match
64
+ * never saw `.env` — `basename('"b/.env"')` is `'.env"'` (note the
65
+ * trailing quote) which does NOT match the `.env` protected pattern.
66
+ * `git apply` then de-quoted the header and happily landed on the real
67
+ * `.env`. We strip the surrounding quotes + decode the C-style escapes
68
+ * via `unquoteGitPath` BEFORE passing to the security gate so the
69
+ * basename matcher sees the real target.
70
+ */
71
+ export function extractPatchPaths(patch) {
72
+ const paths = new Set();
73
+ for (const line of patch.split('\n')) {
74
+ if (line.startsWith('diff --git ')) {
75
+ // `diff --git a/foo b/bar` — paths can contain spaces only when
76
+ // quoted by git's own diff machinery (rare). The robust extractor
77
+ // matches the `b/...` half because rename diffs carry the new
78
+ // name there.
79
+ // Two variants: unquoted (`a/foo b/bar`) and C-style quoted
80
+ // (`"a/foo" "b/bar"`). We try the quoted form first because the
81
+ // unquoted regex below would accept the literal quote as part of
82
+ // the path otherwise.
83
+ const quoted = line.match(/^diff --git "a\/(.+)" "b\/(.+)"$/);
84
+ if (quoted) {
85
+ if (quoted[1])
86
+ paths.add(unquoteGitPath(quoted[1]));
87
+ if (quoted[2])
88
+ paths.add(unquoteGitPath(quoted[2]));
89
+ continue;
90
+ }
91
+ const match = line.match(/^diff --git a\/(.+?) b\/(.+)$/);
92
+ if (match) {
93
+ if (match[1])
94
+ paths.add(unquoteGitPath(match[1]));
95
+ if (match[2])
96
+ paths.add(unquoteGitPath(match[2]));
97
+ }
98
+ continue;
99
+ }
100
+ if (line.startsWith('+++ ')) {
101
+ const after = line.slice(4).trim();
102
+ if (after === '/dev/null')
103
+ continue;
104
+ const stripped = stripQuotedHalf(after, 'b/');
105
+ if (stripped)
106
+ paths.add(stripTimestampSuffix(stripped));
107
+ continue;
108
+ }
109
+ if (line.startsWith('--- ')) {
110
+ const after = line.slice(4).trim();
111
+ if (after === '/dev/null')
112
+ continue;
113
+ const stripped = stripQuotedHalf(after, 'a/');
114
+ if (stripped)
115
+ paths.add(stripTimestampSuffix(stripped));
116
+ }
117
+ }
118
+ return Array.from(paths);
119
+ }
120
+ /**
121
+ * Strip the leading `a/` or `b/` prefix from a `---` / `+++` line,
122
+ * handling both unquoted (`b/.env`) and C-style quoted (`"b/.env"`)
123
+ * variants. The returned path is fully de-quoted so the security gate
124
+ * sees the real basename. Returns null when the line does not parse.
125
+ */
126
+ function stripQuotedHalf(after, prefix) {
127
+ // Quoted form: `"b/path with \"escapes\""`. Detect surrounding quotes
128
+ // first, strip them, then peel the prefix, then unquote the inner
129
+ // C-style escapes.
130
+ if (after.startsWith('"') && after.endsWith('"') && after.length >= 2) {
131
+ const inner = after.slice(1, -1);
132
+ const peeled = inner.startsWith(prefix) ? inner.slice(prefix.length) : inner;
133
+ return unquoteGitPath(peeled);
134
+ }
135
+ const trimmed = after.startsWith(prefix) ? after.slice(prefix.length) : after;
136
+ return trimmed;
137
+ }
138
+ /**
139
+ * Decode git's C-style path quoting. When `core.quotePath` is true
140
+ * (default) git writes paths with high-bit / control / quote bytes as
141
+ * C-string escapes inside double quotes:
142
+ *
143
+ * `"\.env"` -> `.env` (backslash before . is just a literal)
144
+ * `"a\"b"` -> `a"b` (escaped double-quote)
145
+ * `"a\\b"` -> `a\b` (escaped backslash)
146
+ * `"a\tb"` -> `a` + TAB + `b`
147
+ * `"a\341\210\264"` -> `a` + UTF-8 bytes 0xe1 0x88 0xb4
148
+ *
149
+ * Accepts a path that is EITHER already unquoted (passed through) OR an
150
+ * inner string previously stripped of its surrounding quotes. The
151
+ * function is idempotent on already-clean ASCII paths.
152
+ *
153
+ * Reference: git source `quote.c::unquote_c_style`.
154
+ */
155
+ export function unquoteGitPath(s) {
156
+ // If the caller passed us a wrapped string (`"foo"`), peel it now.
157
+ if (s.startsWith('"') && s.endsWith('"') && s.length >= 2) {
158
+ s = s.slice(1, -1);
159
+ }
160
+ // Fast path: no backslash means no C-style escapes, return as-is.
161
+ if (!s.includes('\\'))
162
+ return s;
163
+ const out = [];
164
+ for (let i = 0; i < s.length; i += 1) {
165
+ const ch = s[i];
166
+ if (ch !== '\\') {
167
+ // Single-byte ASCII or multi-byte JS string char; the byte we
168
+ // emit must match its UTF-8 encoding so the security gate sees
169
+ // the same bytes the filesystem will. JS strings are UTF-16; we
170
+ // bounce through Buffer to get the canonical UTF-8 bytes.
171
+ const bytes = Buffer.from(ch ?? '', 'utf8');
172
+ for (const b of bytes)
173
+ out.push(b);
174
+ continue;
175
+ }
176
+ const next = s[i + 1];
177
+ if (next === undefined) {
178
+ // Trailing backslash with no follower — emit literal.
179
+ out.push(0x5c);
180
+ continue;
181
+ }
182
+ // Three-digit octal escape: `\NNN` (each digit 0-7).
183
+ if (next >= '0' && next <= '7' && i + 3 < s.length + 1) {
184
+ const oct = s.slice(i + 1, i + 4);
185
+ if (/^[0-7]{3}$/.test(oct)) {
186
+ out.push(Number.parseInt(oct, 8));
187
+ i += 3;
188
+ continue;
189
+ }
190
+ }
191
+ switch (next) {
192
+ case 'a':
193
+ out.push(0x07);
194
+ break;
195
+ case 'b':
196
+ out.push(0x08);
197
+ break;
198
+ case 't':
199
+ out.push(0x09);
200
+ break;
201
+ case 'n':
202
+ out.push(0x0a);
203
+ break;
204
+ case 'v':
205
+ out.push(0x0b);
206
+ break;
207
+ case 'f':
208
+ out.push(0x0c);
209
+ break;
210
+ case 'r':
211
+ out.push(0x0d);
212
+ break;
213
+ case '"':
214
+ out.push(0x22);
215
+ break;
216
+ case '\\':
217
+ out.push(0x5c);
218
+ break;
219
+ default:
220
+ // Unknown escape — emit the escape char as a literal so we
221
+ // don't silently drop bytes. Mirrors git's own permissive
222
+ // behaviour.
223
+ out.push(next.charCodeAt(0));
224
+ }
225
+ i += 1;
226
+ }
227
+ return Buffer.from(out).toString('utf8');
228
+ }
229
+ /**
230
+ * `diff -u` (non-git) emits trailing tab-prefixed timestamps after the
231
+ * path: `--- foo.ts\t2026-05-25 10:00:00`. Strip those so the security
232
+ * gate sees the clean path.
233
+ */
234
+ function stripTimestampSuffix(path) {
235
+ const tab = path.indexOf('\t');
236
+ return tab >= 0 ? path.slice(0, tab) : path;
237
+ }
238
+ /**
239
+ * Apply a unified-diff patch to the workspace. Routes every mentioned
240
+ * file through the shared security gate before invoking `git apply`.
241
+ */
242
+ export function applyPatch(ctx, patch, opts = {}) {
243
+ const toolCallId = recordToolCall(ctx.session, 'apply_patch', `${patch.length} bytes`);
244
+ try {
245
+ gateOnCancellation(ctx, 'apply_patch');
246
+ }
247
+ catch (error) {
248
+ if (error instanceof OperatorAbortedError) {
249
+ recordToolResult(ctx.session, toolCallId, 'cancelled', error.message);
250
+ throw error;
251
+ }
252
+ throw error;
253
+ }
254
+ if (patch.trim().length === 0) {
255
+ const result = {
256
+ ok: false,
257
+ filesChanged: [],
258
+ reason: 'empty_patch',
259
+ detail: 'patch body is empty',
260
+ };
261
+ recordToolResult(ctx.session, toolCallId, 'error', 'empty_patch');
262
+ return result;
263
+ }
264
+ const paths = extractPatchPaths(patch);
265
+ if (paths.length === 0) {
266
+ const result = {
267
+ ok: false,
268
+ filesChanged: [],
269
+ reason: 'invalid_patch',
270
+ detail: 'no `diff --git` or `+++` headers found in patch',
271
+ };
272
+ recordToolResult(ctx.session, toolCallId, 'error', 'invalid_patch');
273
+ return result;
274
+ }
275
+ // SECURITY GATE — reuse the α6.6 chokepoint. Every path in the patch
276
+ // is validated against:
277
+ // 1. workspace containment (no ../../ escapes)
278
+ // 2. protected-file basenames (.env, *.pem, id_rsa, etc.)
279
+ // 3. symlink escape (an in-workspace symlink pointing to /etc/hosts
280
+ // or a protected basename gets rejected here)
281
+ for (const file of paths) {
282
+ const gate = applySecurityGate(file, { cwd: ctx.root, toolName: 'layer-c' });
283
+ if (!gate.ok) {
284
+ const result = {
285
+ ok: false,
286
+ filesChanged: [],
287
+ reason: gate.reason,
288
+ detail: `${file}: ${gate.detail}`,
289
+ };
290
+ recordToolResult(ctx.session, toolCallId, 'error', `${gate.reason}: ${file}`);
291
+ return result;
292
+ }
293
+ }
294
+ // `git apply --check` validates the patch end-to-end against the
295
+ // working tree. A passing check is the gate for the actual apply.
296
+ const checkArgs = ['apply', '--check'];
297
+ if (opts.baseSha)
298
+ checkArgs.push('--3way');
299
+ checkArgs.push('-');
300
+ const check = runGit(checkArgs, ctx.root, patch);
301
+ if (check.status === 127) {
302
+ // No git binary on PATH. Rare on a developer machine but possible
303
+ // in slim containers / CI images. Surface a dedicated reason so
304
+ // the operator's message says "install git" not "patch is bad".
305
+ const result = {
306
+ ok: false,
307
+ filesChanged: [],
308
+ reason: 'git_unavailable',
309
+ detail: 'git not found on PATH',
310
+ };
311
+ recordToolResult(ctx.session, toolCallId, 'error', 'git_unavailable');
312
+ return result;
313
+ }
314
+ if (check.status !== 0) {
315
+ // Decide whether this is the "already applied" case or a real
316
+ // failure. `git apply --check` rejects an already-applied patch
317
+ // with stderr containing patterns like "patch does not apply" or
318
+ // "already exists in working directory". The simpler signal is
319
+ // the stderr string containing `already exists in working directory`
320
+ // (git's own message for a creating patch landing twice) — that's
321
+ // the only path we treat as `already_applied` here. Other stderr
322
+ // surfaces fall through to `check_failed` so the operator sees the
323
+ // raw reason.
324
+ const stderr = check.stderr.toLowerCase();
325
+ if (stderr.includes('already exists in working directory')) {
326
+ const result = {
327
+ ok: false,
328
+ filesChanged: [],
329
+ reason: 'already_applied',
330
+ detail: 'patch creates a path that already exists — likely already applied',
331
+ };
332
+ recordToolResult(ctx.session, toolCallId, 'error', 'already_applied');
333
+ return result;
334
+ }
335
+ const result = {
336
+ ok: false,
337
+ filesChanged: [],
338
+ reason: 'check_failed',
339
+ detail: check.stderr.trim() || 'git apply --check rejected the patch',
340
+ };
341
+ recordToolResult(ctx.session, toolCallId, 'error', `check_failed: ${result.detail}`);
342
+ return result;
343
+ }
344
+ if (opts.dryRun) {
345
+ const result = {
346
+ ok: true,
347
+ filesChanged: paths,
348
+ };
349
+ recordToolResult(ctx.session, toolCallId, 'success', `dry-run ok, ${paths.length} files`);
350
+ return result;
351
+ }
352
+ // R1 fix (2026-05-26, PR #413 r1, Fix 6): snapshot which paths exist
353
+ // BEFORE the apply so rollbackFiles can decide between
354
+ // `git checkout -- <file>` (for files that existed) and `fs.rmSync`
355
+ // (for files the patch was creating that may have been half-written
356
+ // before the failure). Without this snapshot, `git checkout`
357
+ // gracefully no-ops on a never-tracked file and the partial creation
358
+ // is left behind.
359
+ const preExisting = new Map();
360
+ for (const p of paths) {
361
+ preExisting.set(p, existsSync(resolve(ctx.root, p)));
362
+ }
363
+ const applyArgs = ['apply'];
364
+ if (opts.baseSha)
365
+ applyArgs.push('--3way');
366
+ applyArgs.push('-');
367
+ const apply = runGit(applyArgs, ctx.root, patch);
368
+ if (apply.status !== 0) {
369
+ // Apply failed AFTER --check passed. This is almost always a TOCTOU
370
+ // (another writer touched a file between the two git calls).
371
+ // Rollback ANY partial mutation so the workspace stays consistent.
372
+ const rollback = rollbackFiles(ctx.root, paths, preExisting);
373
+ const detail = apply.stderr.trim() || 'git apply failed after passing --check';
374
+ if (!rollback.ok) {
375
+ const result = {
376
+ ok: false,
377
+ filesChanged: [],
378
+ reason: 'rollback_failed',
379
+ detail: `${detail}; rollback also failed: ${rollback.detail}`,
380
+ };
381
+ recordToolResult(ctx.session, toolCallId, 'error', 'rollback_failed');
382
+ return result;
383
+ }
384
+ const result = {
385
+ ok: false,
386
+ filesChanged: [],
387
+ reason: 'apply_failed',
388
+ detail,
389
+ };
390
+ recordToolResult(ctx.session, toolCallId, 'error', `apply_failed: ${detail}`);
391
+ return result;
392
+ }
393
+ // Audit-log every file the patch mutated. The before/after hashes
394
+ // are NOT recorded (git owns the staging area for that); the
395
+ // mutation entry is enough for `pugi undo` to surface "apply_patch
396
+ // touched these files" in the timeline.
397
+ for (const file of paths) {
398
+ recordFileMutation(ctx.session, {
399
+ toolCallId,
400
+ path: file,
401
+ operation: 'update',
402
+ });
403
+ }
404
+ recordToolResult(ctx.session, toolCallId, 'success', `applied ${paths.length} files`);
405
+ return { ok: true, filesChanged: paths };
406
+ }
407
+ /**
408
+ * Roll back any partial mutation by checking files out from HEAD. Used
409
+ * only on the rare path where `git apply` fails AFTER `git apply --check`
410
+ * passed.
411
+ *
412
+ * R1 fix (2026-05-26, PR #413 r1, Fix 6): a multi-file patch that
413
+ * creates new files leaves them on disk when `git apply` fails partway —
414
+ * `git checkout -- <file>` does NOT delete a path that was never tracked
415
+ * (the file was created by the failed apply). We split paths into two
416
+ * groups using the pre-apply snapshot:
417
+ *
418
+ * - existed-before -> `git checkout -- <file>` restores tracked content.
419
+ * - created-by-apply -> `fs.rmSync(file, { force: true })` removes the
420
+ * half-written file so the workspace ends up identical to its
421
+ * pre-apply state.
422
+ *
423
+ * This keeps the dispatcher's invariant: a tool result of `ok: false`
424
+ * means the workspace is unchanged.
425
+ */
426
+ function rollbackFiles(cwd, paths, preExisting) {
427
+ if (paths.length === 0)
428
+ return { ok: true };
429
+ // We only attempt to roll back files that are inside the workspace
430
+ // and were resolved by the security gate. A path that escaped the
431
+ // gate would have already aborted us above.
432
+ const safePaths = paths.filter((p) => {
433
+ const abs = resolve(cwd, p);
434
+ return abs === cwd || abs.startsWith(cwd + sep);
435
+ });
436
+ if (safePaths.length === 0)
437
+ return { ok: true };
438
+ const toCheckout = [];
439
+ const toRemove = [];
440
+ for (const p of safePaths) {
441
+ if (preExisting.get(p))
442
+ toCheckout.push(p);
443
+ else
444
+ toRemove.push(p);
445
+ }
446
+ // Unlink files that the patch was creating. `force: true` swallows
447
+ // ENOENT so a creation that never got far enough to write the file
448
+ // is a no-op. We record every unlink failure but keep going so a
449
+ // single permission error on one file doesn't strand the others.
450
+ const removeFailures = [];
451
+ for (const p of toRemove) {
452
+ const abs = resolve(cwd, p);
453
+ try {
454
+ rmSync(abs, { force: true });
455
+ }
456
+ catch (error) {
457
+ removeFailures.push(`${p}: ${error instanceof Error ? error.message : String(error)}`);
458
+ }
459
+ }
460
+ if (toCheckout.length > 0) {
461
+ const result = runGit(['checkout', '--', ...toCheckout], cwd);
462
+ if (result.status !== 0) {
463
+ const detail = [result.stderr.trim(), ...removeFailures].filter(Boolean).join('; ');
464
+ return { ok: false, detail };
465
+ }
466
+ }
467
+ if (removeFailures.length > 0) {
468
+ return { ok: false, detail: `rollback unlink failed: ${removeFailures.join('; ')}` };
469
+ }
470
+ return { ok: true };
471
+ }
472
+ function runGit(args, cwd, stdin) {
473
+ // R1 fix (2026-05-26, PR #413 r1, P2 #13): force the English C locale
474
+ // for the git child process. The `already_applied` reason-coding
475
+ // below greps stderr for the literal English string
476
+ // "already exists in working directory"; on a host where git was
477
+ // installed with a translated message catalog (de_DE / ru_RU / etc.)
478
+ // the substring match would silently miss and the operator would see
479
+ // `check_failed` instead of `already_applied`. C locale (also
480
+ // LC_ALL) guarantees the canonical message regardless of host env.
481
+ return spawnSync('git', args, {
482
+ cwd,
483
+ input: stdin,
484
+ encoding: 'utf8',
485
+ maxBuffer: 64 * 1024 * 1024,
486
+ env: { ...process.env, LANG: 'C', LC_ALL: 'C' },
487
+ });
488
+ }
489
+ /**
490
+ * Test-only surface for the apply-patch heuristics. Specs poke
491
+ * `extractPatchPaths` directly to assert on the path-parsing layer
492
+ * without paying for a real git invocation.
493
+ */
494
+ export const __test__ = { extractPatchPaths, runGit, unquoteGitPath };
495
+ //# sourceMappingURL=apply-patch.js.map
@@ -0,0 +1,115 @@
1
+ export const ASK_USER_DEFAULT_TIMEOUT_MS = 5 * 60 * 1_000;
2
+ /**
3
+ * Schema cap: keep the option count tight so the modal stays scannable.
4
+ * Mirrors `ASK_MAX_OPTIONS` in `core/repl/ask.ts` (4).
5
+ */
6
+ export const ASK_USER_MAX_OPTIONS = 4;
7
+ export const ASK_USER_MAX_QUESTION_LEN = 1_000;
8
+ export const ASK_USER_MAX_OPTION_LEN = 200;
9
+ export async function askUser(ctx, input) {
10
+ validate(input);
11
+ if (ctx.interactive && ctx.bridge) {
12
+ // β1a r1 (2026-05-26): wrap the bridge in an abort-aware race so a
13
+ // pending modal cannot block the engine loop forever. Two signals
14
+ // can interrupt:
15
+ // 1. `ctx.signal` — the operator cancelled the parent task via
16
+ // Ctrl-C; the engine forwards the loop's AbortSignal here.
17
+ // 2. `ctx.timeoutMs` (default 5 minutes) — operator walked away;
18
+ // the modal stays renderable but the tool surface returns the
19
+ // `cancelled` envelope so the model can make progress.
20
+ // The bridge receives the same `signal` so an Ink-based modal can
21
+ // tear down its render loop and free its keyboard handlers on
22
+ // abort. Bridges that ignore the signal still get pre-empted by
23
+ // the race — they just leak a render until the next operator
24
+ // keystroke.
25
+ const timeoutMs = ctx.timeoutMs ?? ASK_USER_DEFAULT_TIMEOUT_MS;
26
+ // Pre-flight: short-circuit when the caller's signal is already
27
+ // aborted. Avoids constructing a bridge promise that races against
28
+ // an already-resolved abort sentinel — the race ordering is
29
+ // unspecified for promises that have all settled by the time
30
+ // Promise.race is called, which would non-deterministically let
31
+ // the bridge's answer leak through after an explicit cancel.
32
+ if (ctx.signal?.aborted) {
33
+ return { envelope: formatEnvelope(input, 'cancelled') };
34
+ }
35
+ const controller = new AbortController();
36
+ if (ctx.signal) {
37
+ ctx.signal.addEventListener('abort', () => controller.abort(), { once: true });
38
+ }
39
+ let timeoutHandle;
40
+ const timeoutPromise = new Promise((resolve) => {
41
+ timeoutHandle = setTimeout(() => resolve('timeout'), timeoutMs);
42
+ });
43
+ const abortPromise = new Promise((resolve) => {
44
+ controller.signal.addEventListener('abort', () => resolve('aborted'), { once: true });
45
+ });
46
+ let picked;
47
+ try {
48
+ picked = await Promise.race([
49
+ ctx.bridge(input, { signal: controller.signal }),
50
+ timeoutPromise,
51
+ abortPromise,
52
+ ]);
53
+ }
54
+ finally {
55
+ if (timeoutHandle)
56
+ clearTimeout(timeoutHandle);
57
+ }
58
+ if (picked === 'timeout') {
59
+ controller.abort();
60
+ return { envelope: formatEnvelope(input, 'timeout') };
61
+ }
62
+ if (picked === 'aborted') {
63
+ return { envelope: formatEnvelope(input, 'cancelled') };
64
+ }
65
+ if (!Array.isArray(picked) || picked.length === 0) {
66
+ // Operator declined / closed the modal — surface a structured
67
+ // "no answer" envelope so the model can decide whether to retry.
68
+ const envelope = formatEnvelope(input, 'cancelled');
69
+ return { envelope };
70
+ }
71
+ return {
72
+ answers: picked,
73
+ envelope: formatAnswer(picked),
74
+ };
75
+ }
76
+ // Non-TTY or no bridge — surface the envelope. Caller parses it and
77
+ // either pipes an answer back on a follow-up turn or aborts.
78
+ const envelope = formatEnvelope(input, 'no_tty');
79
+ return { envelope };
80
+ }
81
+ function validate(input) {
82
+ const question = input.question?.trim();
83
+ if (!question)
84
+ throw new Error('ask_user: question is required');
85
+ if (question.length > ASK_USER_MAX_QUESTION_LEN) {
86
+ throw new Error(`ask_user: question exceeds ${ASK_USER_MAX_QUESTION_LEN} char cap`);
87
+ }
88
+ if (!Array.isArray(input.options) || input.options.length < 2) {
89
+ throw new Error('ask_user: at least 2 options required');
90
+ }
91
+ if (input.options.length > ASK_USER_MAX_OPTIONS) {
92
+ throw new Error(`ask_user: at most ${ASK_USER_MAX_OPTIONS} options allowed`);
93
+ }
94
+ for (const opt of input.options) {
95
+ if (typeof opt !== 'string' || !opt.trim()) {
96
+ throw new Error('ask_user: every option must be a non-empty string');
97
+ }
98
+ if (opt.length > ASK_USER_MAX_OPTION_LEN) {
99
+ throw new Error(`ask_user: option exceeds ${ASK_USER_MAX_OPTION_LEN} char cap`);
100
+ }
101
+ }
102
+ }
103
+ function formatEnvelope(input, reason) {
104
+ const payload = {
105
+ question: input.question,
106
+ options: input.options,
107
+ multiSelect: input.multiSelect === true,
108
+ reason,
109
+ };
110
+ return `[user_input_required]${JSON.stringify(payload)}[/user_input_required]`;
111
+ }
112
+ function formatAnswer(answers) {
113
+ return answers.join(', ');
114
+ }
115
+ //# sourceMappingURL=ask-user.js.map