@pugi/cli 0.1.0-beta.1 → 0.1.0-beta.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/THIRD_PARTY_NOTICES.md +40 -0
- package/assets/pugi-mascot.ansi +15 -40
- package/dist/core/edits/worktree.js +322 -0
- package/dist/core/engine/anvil-client.js +16 -0
- package/dist/core/engine/budgets.js +89 -0
- package/dist/core/engine/native-pugi.js +112 -12
- package/dist/core/engine/prompts.js +8 -0
- package/dist/core/engine/tool-bridge.js +267 -8
- package/dist/core/init/scaffold.js +195 -0
- package/dist/core/lsp/client.js +719 -0
- package/dist/core/repl/codebase-survey.js +308 -0
- package/dist/core/repl/init-interview.js +457 -0
- package/dist/core/repl/onboarding-state.js +297 -0
- package/dist/core/repl/session.js +72 -1
- package/dist/core/repl/slash-commands.js +41 -0
- package/dist/core/settings.js +28 -0
- package/dist/core/skills/defaults.js +457 -0
- package/dist/runtime/cli.js +366 -14
- package/dist/runtime/commands/delegate.js +289 -0
- package/dist/runtime/commands/lsp.js +206 -0
- package/dist/runtime/commands/patch.js +128 -0
- package/dist/runtime/commands/roster.js +117 -0
- package/dist/runtime/commands/worktree.js +177 -0
- package/dist/runtime/plan-decompose.js +531 -0
- package/dist/tools/apply-patch.js +495 -0
- package/dist/tools/ask-user.js +115 -0
- package/dist/tools/lsp-tools.js +189 -0
- package/dist/tools/registry.js +26 -0
- package/dist/tools/skill-tool.js +96 -0
- package/dist/tools/tasks.js +208 -0
- package/dist/tui/ask-modal.js +2 -2
- package/dist/tui/conversation-pane.js +1 -1
- package/dist/tui/input-box.js +1 -1
- package/dist/tui/markdown-render.js +4 -4
- package/dist/tui/repl-render.js +169 -10
- package/dist/tui/repl-splash.js +2 -2
- package/dist/tui/repl.js +18 -5
- package/dist/tui/splash.js +1 -1
- package/dist/tui/update-banner.js +1 -1
- package/docs/examples/codegraph.mcp.json +10 -0
- package/package.json +6 -4
|
@@ -0,0 +1,189 @@
|
|
|
1
|
+
import { gateOnCancellation, OperatorAbortedError } from './file-tools.js';
|
|
2
|
+
import { recordToolCall, recordToolResult } from '../core/session.js';
|
|
3
|
+
/** Cap for any single LSP tool's payload size. Keeps model context lean. */
|
|
4
|
+
const LSP_PAYLOAD_CAP_BYTES = 8 * 1024;
|
|
5
|
+
export async function lspHover(ctx, lang, file, line, col) {
|
|
6
|
+
const toolCallId = recordToolCall(ctx.session, 'lsp_hover', `${lang}:${file}:${line}:${col}`);
|
|
7
|
+
return guard(ctx, 'lsp_hover', toolCallId, async () => {
|
|
8
|
+
const client = ctx.lspClients?.get(lang);
|
|
9
|
+
if (!client)
|
|
10
|
+
return unavailable(lang);
|
|
11
|
+
const result = await client.hover(file, { line, character: col }, ctx.cancellation);
|
|
12
|
+
if (!result.ok)
|
|
13
|
+
return failure(result);
|
|
14
|
+
if (!result.value) {
|
|
15
|
+
return { ok: true, value: { content: '' } };
|
|
16
|
+
}
|
|
17
|
+
const content = truncate(result.value.content);
|
|
18
|
+
return {
|
|
19
|
+
ok: true,
|
|
20
|
+
value: {
|
|
21
|
+
content: content.text,
|
|
22
|
+
...(result.value.range ? { range: result.value.range } : {}),
|
|
23
|
+
},
|
|
24
|
+
...(content.truncated ? { truncated: true } : {}),
|
|
25
|
+
};
|
|
26
|
+
});
|
|
27
|
+
}
|
|
28
|
+
export async function lspDefinition(ctx, lang, file, line, col) {
|
|
29
|
+
const toolCallId = recordToolCall(ctx.session, 'lsp_definition', `${lang}:${file}:${line}:${col}`);
|
|
30
|
+
return guard(ctx, 'lsp_definition', toolCallId, async () => {
|
|
31
|
+
const client = ctx.lspClients?.get(lang);
|
|
32
|
+
if (!client)
|
|
33
|
+
return unavailable(lang);
|
|
34
|
+
const result = await client.definition(file, { line, character: col }, ctx.cancellation);
|
|
35
|
+
if (!result.ok)
|
|
36
|
+
return failure(result);
|
|
37
|
+
const capped = capLocations(result.value);
|
|
38
|
+
return {
|
|
39
|
+
ok: true,
|
|
40
|
+
value: capped.value,
|
|
41
|
+
...(capped.truncated ? { truncated: true } : {}),
|
|
42
|
+
};
|
|
43
|
+
});
|
|
44
|
+
}
|
|
45
|
+
export async function lspReferences(ctx, lang, file, line, col) {
|
|
46
|
+
const toolCallId = recordToolCall(ctx.session, 'lsp_references', `${lang}:${file}:${line}:${col}`);
|
|
47
|
+
return guard(ctx, 'lsp_references', toolCallId, async () => {
|
|
48
|
+
const client = ctx.lspClients?.get(lang);
|
|
49
|
+
if (!client)
|
|
50
|
+
return unavailable(lang);
|
|
51
|
+
const result = await client.references(file, { line, character: col }, ctx.cancellation);
|
|
52
|
+
if (!result.ok)
|
|
53
|
+
return failure(result);
|
|
54
|
+
const capped = capLocations(result.value);
|
|
55
|
+
return {
|
|
56
|
+
ok: true,
|
|
57
|
+
value: capped.value,
|
|
58
|
+
...(capped.truncated ? { truncated: true } : {}),
|
|
59
|
+
};
|
|
60
|
+
});
|
|
61
|
+
}
|
|
62
|
+
export async function lspDiagnostics(ctx, lang, file) {
|
|
63
|
+
const toolCallId = recordToolCall(ctx.session, 'lsp_diagnostics', `${lang}:${file}`);
|
|
64
|
+
return guard(ctx, 'lsp_diagnostics', toolCallId, async () => {
|
|
65
|
+
const client = ctx.lspClients?.get(lang);
|
|
66
|
+
if (!client)
|
|
67
|
+
return unavailable(lang);
|
|
68
|
+
const result = await client.diagnostics(file, ctx.cancellation);
|
|
69
|
+
if (!result.ok)
|
|
70
|
+
return failure(result);
|
|
71
|
+
const capped = capDiagnostics(result.value);
|
|
72
|
+
return {
|
|
73
|
+
ok: true,
|
|
74
|
+
value: capped.value,
|
|
75
|
+
...(capped.truncated ? { truncated: true } : {}),
|
|
76
|
+
};
|
|
77
|
+
});
|
|
78
|
+
}
|
|
79
|
+
async function guard(ctx, toolName, toolCallId, op) {
|
|
80
|
+
try {
|
|
81
|
+
gateOnCancellation(ctx, toolName);
|
|
82
|
+
}
|
|
83
|
+
catch (error) {
|
|
84
|
+
if (error instanceof OperatorAbortedError) {
|
|
85
|
+
recordToolResult(ctx.session, toolCallId, 'cancelled', error.message);
|
|
86
|
+
return { ok: false, reason: 'operator_aborted', detail: error.message };
|
|
87
|
+
}
|
|
88
|
+
throw error;
|
|
89
|
+
}
|
|
90
|
+
try {
|
|
91
|
+
const result = await op();
|
|
92
|
+
if (result.ok) {
|
|
93
|
+
recordToolResult(ctx.session, toolCallId, 'success', summarize(result.value));
|
|
94
|
+
}
|
|
95
|
+
else {
|
|
96
|
+
recordToolResult(ctx.session, toolCallId, 'error', `${result.reason ?? 'error'}: ${result.detail ?? ''}`);
|
|
97
|
+
}
|
|
98
|
+
return result;
|
|
99
|
+
}
|
|
100
|
+
catch (error) {
|
|
101
|
+
const message = error instanceof Error ? error.message : String(error);
|
|
102
|
+
recordToolResult(ctx.session, toolCallId, 'error', message);
|
|
103
|
+
return { ok: false, reason: 'lsp_error', detail: message };
|
|
104
|
+
}
|
|
105
|
+
}
|
|
106
|
+
function unavailable(lang) {
|
|
107
|
+
return {
|
|
108
|
+
ok: false,
|
|
109
|
+
reason: 'lsp_unavailable',
|
|
110
|
+
detail: `no LSP server started for ${lang}. Install the server and re-run ` +
|
|
111
|
+
`with --lsp ${lang}, or fall back to grep.`,
|
|
112
|
+
};
|
|
113
|
+
}
|
|
114
|
+
function failure(result) {
|
|
115
|
+
if (result.ok) {
|
|
116
|
+
// Shouldn't be hit — caller checks first.
|
|
117
|
+
return { ok: true, value: result.value };
|
|
118
|
+
}
|
|
119
|
+
return { ok: false, reason: result.reason, detail: result.detail };
|
|
120
|
+
}
|
|
121
|
+
function summarize(value) {
|
|
122
|
+
if (value === null || value === undefined)
|
|
123
|
+
return 'no result';
|
|
124
|
+
if (Array.isArray(value))
|
|
125
|
+
return `${value.length} items`;
|
|
126
|
+
if (typeof value === 'object')
|
|
127
|
+
return Object.keys(value).join(',');
|
|
128
|
+
return String(value);
|
|
129
|
+
}
|
|
130
|
+
function truncate(text) {
|
|
131
|
+
const bytes = Buffer.byteLength(text, 'utf8');
|
|
132
|
+
if (bytes <= LSP_PAYLOAD_CAP_BYTES)
|
|
133
|
+
return { text, truncated: false };
|
|
134
|
+
// Truncate to the cap byte boundary. We don't try to honor codepoint
|
|
135
|
+
// alignment — UTF-8 surrogate splits show up as a single ? at the
|
|
136
|
+
// boundary, which is acceptable for a debug surface; the dispatcher
|
|
137
|
+
// is the trust boundary for "this is what the model will see".
|
|
138
|
+
const buf = Buffer.from(text, 'utf8').subarray(0, LSP_PAYLOAD_CAP_BYTES);
|
|
139
|
+
return { text: `${buf.toString('utf8')}\n... [truncated]`, truncated: true };
|
|
140
|
+
}
|
|
141
|
+
function capLocations(locations) {
|
|
142
|
+
// Cap at 200 locations OR the byte cap, whichever hits first. The
|
|
143
|
+
// 200 number is the operator-facing "this is a hot symbol" threshold —
|
|
144
|
+
// a richer surface (paginated `pugi lsp references --offset N`) is
|
|
145
|
+
// open backlog.
|
|
146
|
+
const COUNT_CAP = 200;
|
|
147
|
+
if (locations.length === 0)
|
|
148
|
+
return { value: locations, truncated: false };
|
|
149
|
+
const trimmed = locations.slice(0, COUNT_CAP);
|
|
150
|
+
const serialized = JSON.stringify(trimmed);
|
|
151
|
+
if (Buffer.byteLength(serialized, 'utf8') <= LSP_PAYLOAD_CAP_BYTES && trimmed.length === locations.length) {
|
|
152
|
+
return { value: trimmed, truncated: false };
|
|
153
|
+
}
|
|
154
|
+
// Trim by halves until we fit the byte cap. Worst case ~10 iterations
|
|
155
|
+
// for the 200 max, fine for an interactive tool.
|
|
156
|
+
let upper = trimmed.length;
|
|
157
|
+
while (upper > 1) {
|
|
158
|
+
const half = Math.floor(upper / 2);
|
|
159
|
+
const sub = trimmed.slice(0, half);
|
|
160
|
+
if (Buffer.byteLength(JSON.stringify(sub), 'utf8') <= LSP_PAYLOAD_CAP_BYTES) {
|
|
161
|
+
return { value: sub, truncated: true };
|
|
162
|
+
}
|
|
163
|
+
upper = half;
|
|
164
|
+
}
|
|
165
|
+
return { value: trimmed.slice(0, 1), truncated: true };
|
|
166
|
+
}
|
|
167
|
+
function capDiagnostics(items) {
|
|
168
|
+
if (items.length === 0)
|
|
169
|
+
return { value: items, truncated: false };
|
|
170
|
+
const serialized = JSON.stringify(items);
|
|
171
|
+
if (Buffer.byteLength(serialized, 'utf8') <= LSP_PAYLOAD_CAP_BYTES) {
|
|
172
|
+
return { value: items, truncated: false };
|
|
173
|
+
}
|
|
174
|
+
// Diagnostics are sorted error-first in LSP convention; trim from the
|
|
175
|
+
// tail so we keep the highest-severity items.
|
|
176
|
+
let upper = items.length;
|
|
177
|
+
while (upper > 1) {
|
|
178
|
+
const half = Math.floor(upper / 2);
|
|
179
|
+
const sub = items.slice(0, half);
|
|
180
|
+
if (Buffer.byteLength(JSON.stringify(sub), 'utf8') <= LSP_PAYLOAD_CAP_BYTES) {
|
|
181
|
+
return { value: sub, truncated: true };
|
|
182
|
+
}
|
|
183
|
+
upper = half;
|
|
184
|
+
}
|
|
185
|
+
return { value: items.slice(0, 1), truncated: true };
|
|
186
|
+
}
|
|
187
|
+
/** Test-only surface so specs can poke truncation directly. */
|
|
188
|
+
export const __test__ = { truncate, capLocations, capDiagnostics, LSP_PAYLOAD_CAP_BYTES };
|
|
189
|
+
//# sourceMappingURL=lsp-tools.js.map
|
package/dist/tools/registry.js
CHANGED
|
@@ -1,8 +1,19 @@
|
|
|
1
1
|
const registry = [
|
|
2
|
+
// α7.7: unified-diff patch apply. Routes through the same security
|
|
3
|
+
// gate as Layer A/B/C, so the risk class matches `edit`/`write`
|
|
4
|
+
// (medium — writes inside the workspace, never to protected files).
|
|
5
|
+
{ name: 'apply_patch', permission: 'edit', risk: 'medium', concurrencySafe: false, m1: true },
|
|
2
6
|
{ name: 'bash', permission: 'bash', risk: 'high', concurrencySafe: false, m1: true },
|
|
3
7
|
{ name: 'edit', permission: 'edit', risk: 'medium', concurrencySafe: false, m1: true },
|
|
4
8
|
{ name: 'glob', permission: 'read', risk: 'low', concurrencySafe: true, m1: true },
|
|
5
9
|
{ name: 'grep', permission: 'read', risk: 'low', concurrencySafe: true, m1: true },
|
|
10
|
+
// α7.7: LSP read-only surface. Server runs locally, no Anvil
|
|
11
|
+
// round-trip. Concurrency-safe because every operation reads
|
|
12
|
+
// server state without mutating workspace files.
|
|
13
|
+
{ name: 'lsp_definition', permission: 'read', risk: 'low', concurrencySafe: true, m1: true },
|
|
14
|
+
{ name: 'lsp_diagnostics', permission: 'read', risk: 'low', concurrencySafe: true, m1: true },
|
|
15
|
+
{ name: 'lsp_hover', permission: 'read', risk: 'low', concurrencySafe: true, m1: true },
|
|
16
|
+
{ name: 'lsp_references', permission: 'read', risk: 'low', concurrencySafe: true, m1: true },
|
|
6
17
|
{ name: 'question', permission: 'none', risk: 'low', concurrencySafe: false, m1: true },
|
|
7
18
|
{ name: 'read', permission: 'read', risk: 'low', concurrencySafe: true, m1: true },
|
|
8
19
|
{ name: 'skill', permission: 'read', risk: 'low', concurrencySafe: true, m1: true },
|
|
@@ -11,6 +22,21 @@ const registry = [
|
|
|
11
22
|
{ name: 'task_list', permission: 'none', risk: 'low', concurrencySafe: true, m1: true },
|
|
12
23
|
{ name: 'task_update', permission: 'none', risk: 'low', concurrencySafe: false, m1: true },
|
|
13
24
|
{ name: 'web_fetch', permission: 'network', risk: 'medium', concurrencySafe: true, m1: true },
|
|
25
|
+
// α7.7: scratch worktree management. `worktree_create` writes nothing
|
|
26
|
+
// dangerous (a clone under `.pugi/worktrees/`); `worktree_promote`
|
|
27
|
+
// applies a diff back to the main tree, so it shares the `edit`
|
|
28
|
+
// risk class. `worktree_drop` is the cleanup primitive.
|
|
29
|
+
//
|
|
30
|
+
// R1 fix (2026-05-26, PR #413 r1, Fix 9): raised `worktree_create`
|
|
31
|
+
// and `worktree_drop` from `low` to `medium`. `worktree_drop` runs
|
|
32
|
+
// `rmSync` on its target — even with the new path-containment gate
|
|
33
|
+
// in `core/edits/worktree.ts::dropWorktree`, a destructive primitive
|
|
34
|
+
// belongs in `medium` so the permission FSM prompts on every call.
|
|
35
|
+
// `worktree_create` is raised for disk-pressure parity (a runaway
|
|
36
|
+
// agent loop could fill the disk with abandoned scratch worktrees).
|
|
37
|
+
{ name: 'worktree_create', permission: 'edit', risk: 'medium', concurrencySafe: false, m1: true },
|
|
38
|
+
{ name: 'worktree_drop', permission: 'edit', risk: 'medium', concurrencySafe: false, m1: true },
|
|
39
|
+
{ name: 'worktree_promote', permission: 'edit', risk: 'medium', concurrencySafe: false, m1: true },
|
|
14
40
|
{ name: 'write', permission: 'edit', risk: 'medium', concurrencySafe: false, m1: true },
|
|
15
41
|
];
|
|
16
42
|
export const toolRegistry = registry.sort((a, b) => a.name.localeCompare(b.name));
|
|
@@ -0,0 +1,96 @@
|
|
|
1
|
+
import { listSkills } from '../core/skills/loader.js';
|
|
2
|
+
import { hashSkillDir, verifyTrust } from '../core/skills/trust.js';
|
|
3
|
+
export const SKILL_BODY_CAP_BYTES = 32 * 1024;
|
|
4
|
+
export const SKILL_LIST_CAP = 100;
|
|
5
|
+
export function skillList(ctx, input) {
|
|
6
|
+
const scope = input.scope ?? 'all';
|
|
7
|
+
const all = [];
|
|
8
|
+
if (scope === 'all' || scope === 'global') {
|
|
9
|
+
all.push(...listSkills('global', ctx.workspaceRoot));
|
|
10
|
+
}
|
|
11
|
+
if (scope === 'all' || scope === 'workspace') {
|
|
12
|
+
all.push(...listSkills('workspace', ctx.workspaceRoot));
|
|
13
|
+
}
|
|
14
|
+
// Dedup by name, prefer workspace scope when both exist (workspace
|
|
15
|
+
// overrides global per skills loader convention).
|
|
16
|
+
const byName = new Map();
|
|
17
|
+
for (const skill of all) {
|
|
18
|
+
const prev = byName.get(skill.name);
|
|
19
|
+
if (!prev || skill.scope === 'workspace') {
|
|
20
|
+
byName.set(skill.name, skill);
|
|
21
|
+
}
|
|
22
|
+
}
|
|
23
|
+
return Array.from(byName.values())
|
|
24
|
+
.slice(0, SKILL_LIST_CAP)
|
|
25
|
+
.map((skill) => ({
|
|
26
|
+
name: skill.name,
|
|
27
|
+
description: skill.frontmatter.description,
|
|
28
|
+
scope: skill.scope,
|
|
29
|
+
}));
|
|
30
|
+
}
|
|
31
|
+
export async function skillInvoke(ctx, input) {
|
|
32
|
+
if (!input.name || typeof input.name !== 'string') {
|
|
33
|
+
throw new Error('skill: name is required');
|
|
34
|
+
}
|
|
35
|
+
// Defense-in-depth: skill loader already validates slugs but the
|
|
36
|
+
// tool surface is operator-controlled.
|
|
37
|
+
if (!/^[a-zA-Z0-9_-]{1,128}$/.test(input.name)) {
|
|
38
|
+
throw new Error(`skill: invalid skill name shape: "${input.name}"`);
|
|
39
|
+
}
|
|
40
|
+
// Workspace scope wins over global (operator override). Mirrors
|
|
41
|
+
// SkillLoader convention.
|
|
42
|
+
const workspace = listSkills('workspace', ctx.workspaceRoot).find((s) => s.name === input.name);
|
|
43
|
+
const global = workspace
|
|
44
|
+
? null
|
|
45
|
+
: listSkills('global', ctx.workspaceRoot).find((s) => s.name === input.name);
|
|
46
|
+
const skill = workspace ?? global;
|
|
47
|
+
if (!skill) {
|
|
48
|
+
throw new Error(`skill: not found: "${input.name}"`);
|
|
49
|
+
}
|
|
50
|
+
// β1a r1 (2026-05-26): re-verify the on-disk skill payload against
|
|
51
|
+
// the trust manifest sha256 on EVERY invoke, not just at install
|
|
52
|
+
// time. Before this fix a post-install swap (malicious npm dep that
|
|
53
|
+
// touches `~/.pugi/skills/<name>/SKILL.md` after the operator
|
|
54
|
+
// approved the install) would bypass the trust gate — `listSkills`
|
|
55
|
+
// reads the body fresh from disk and the loader does no integrity
|
|
56
|
+
// check. The skill body lands directly in the model's tool result,
|
|
57
|
+
// so a mutated body is a prompt-injection vector against the agent
|
|
58
|
+
// loop's tool surface.
|
|
59
|
+
//
|
|
60
|
+
// Posture:
|
|
61
|
+
// - `trusted` → proceed (body is hash-pinned).
|
|
62
|
+
// - `unsigned` → refuse: the operator never approved this skill.
|
|
63
|
+
// This catches the case where a skill directory was dropped in
|
|
64
|
+
// manually (no `pugi skills install`) and the loader picked it
|
|
65
|
+
// up. Refusing is fail-closed.
|
|
66
|
+
// - `mismatch` → refuse + surface the recorded vs actual hashes
|
|
67
|
+
// so the operator can decide between re-trust and revoke.
|
|
68
|
+
//
|
|
69
|
+
// Performance: `hashSkillDir` walks the skill directory on every
|
|
70
|
+
// invoke. Skills are small (median 4-8 files, <50KB total) so the
|
|
71
|
+
// cost is sub-millisecond on warm cache. The β1a r1 spec exercises
|
|
72
|
+
// a mutated-body case; the existing skill-tool.spec.ts cases for
|
|
73
|
+
// happy-path use the `recordTrust` helper to seed the registry.
|
|
74
|
+
const actualHash = hashSkillDir(skill.dir);
|
|
75
|
+
const verdict = await verifyTrust('skill', skill.scope, skill.name, actualHash);
|
|
76
|
+
if (verdict.status === 'unsigned') {
|
|
77
|
+
throw new Error(`skill: refused to invoke "${skill.name}" — no trust entry (run \`pugi skills trust ${skill.name}\` to approve)`);
|
|
78
|
+
}
|
|
79
|
+
if (verdict.status === 'mismatch') {
|
|
80
|
+
throw new Error(`skill: refused to invoke "${skill.name}" — sha256 mismatch (recorded ${verdict.recorded.slice(0, 12)}…, actual ${verdict.actual.slice(0, 12)}…). Re-trust via \`pugi skills trust ${skill.name}\`.`);
|
|
81
|
+
}
|
|
82
|
+
const body = skill.body;
|
|
83
|
+
const truncated = Buffer.byteLength(body, 'utf8') > SKILL_BODY_CAP_BYTES;
|
|
84
|
+
const cappedBody = truncated
|
|
85
|
+
? body.slice(0, SKILL_BODY_CAP_BYTES) +
|
|
86
|
+
`\n\n(... truncated at ${SKILL_BODY_CAP_BYTES} bytes — see \`pugi skills info ${skill.name}\` for full text)`
|
|
87
|
+
: body;
|
|
88
|
+
return {
|
|
89
|
+
name: skill.name,
|
|
90
|
+
scope: skill.scope,
|
|
91
|
+
description: skill.frontmatter.description,
|
|
92
|
+
body: cappedBody,
|
|
93
|
+
truncated,
|
|
94
|
+
};
|
|
95
|
+
}
|
|
96
|
+
//# sourceMappingURL=skill-tool.js.map
|
|
@@ -0,0 +1,208 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* task_* tool family — β1 T1/T6 (TodoWrite + agent task ledger).
|
|
3
|
+
*
|
|
4
|
+
* Mirrors Claude Code's TodoWrite tool surface so a model trained on
|
|
5
|
+
* the upstream tool grammar speaks Pugi's variant verbatim. Four ops:
|
|
6
|
+
*
|
|
7
|
+
* - `task_create` — append a new task to the session's todo ledger.
|
|
8
|
+
* Returns the assigned id.
|
|
9
|
+
* - `task_get` — fetch a single task by id.
|
|
10
|
+
* - `task_list` — list every task in the current session, ordered
|
|
11
|
+
* by createdAt ascending.
|
|
12
|
+
* - `task_update` — mutate status/title/notes of an existing task.
|
|
13
|
+
* Append-only journal — every mutation lands as a
|
|
14
|
+
* fresh JSONL line and the latest line per id wins
|
|
15
|
+
* on `task_list` / `task_get` reads.
|
|
16
|
+
*
|
|
17
|
+
* Persistence: append-only JSONL at
|
|
18
|
+
* `.pugi/sessions/<sessionId>/tasks.jsonl`. Append-only keeps crash
|
|
19
|
+
* recovery trivial — a partial write at the end of the file is the
|
|
20
|
+
* worst case and the parser drops the malformed tail line.
|
|
21
|
+
*
|
|
22
|
+
* Scope: this is the local-side ledger surface. Anvil-side mirror
|
|
23
|
+
* (cabinet `/projects/[id]/tasks` page) ships in β5 once the session-
|
|
24
|
+
* memory hook lands; until then the ledger is purely local.
|
|
25
|
+
*/
|
|
26
|
+
import { appendFileSync, chmodSync, existsSync, mkdirSync, readFileSync, } from 'node:fs';
|
|
27
|
+
import { dirname, join } from 'node:path';
|
|
28
|
+
import { randomUUID } from 'node:crypto';
|
|
29
|
+
function ledgerPath(ctx) {
|
|
30
|
+
// Defense-in-depth: the sessionId is supposed to be a UUID minted by
|
|
31
|
+
// openSession() but the tool surface is operator-facing. Validate the
|
|
32
|
+
// shape before composing a path — refuse anything that contains
|
|
33
|
+
// separators or shell wildcards.
|
|
34
|
+
if (!/^[a-zA-Z0-9_-]{1,128}$/.test(ctx.sessionId)) {
|
|
35
|
+
throw new Error(`task_*: invalid sessionId shape: "${ctx.sessionId}"`);
|
|
36
|
+
}
|
|
37
|
+
return join(ctx.workspaceRoot, '.pugi', 'sessions', ctx.sessionId, 'tasks.jsonl');
|
|
38
|
+
}
|
|
39
|
+
function nowIso(ctx) {
|
|
40
|
+
return (ctx.now ? ctx.now() : new Date()).toISOString();
|
|
41
|
+
}
|
|
42
|
+
function ensureDir(path) {
|
|
43
|
+
// β1a r1 (2026-05-26): switched from POSIX-only
|
|
44
|
+
// `path.slice(0, path.lastIndexOf('/'))` to `path.dirname()` so
|
|
45
|
+
// Windows path separators (`\`) work. Also chmod the per-session
|
|
46
|
+
// directory to 0o700 — the tasks ledger carries operator-confidential
|
|
47
|
+
// brief text, status notes, and timing metadata that should not be
|
|
48
|
+
// world-readable through an inherited umask.
|
|
49
|
+
const dir = dirname(path);
|
|
50
|
+
if (!existsSync(dir)) {
|
|
51
|
+
mkdirSync(dir, { recursive: true });
|
|
52
|
+
try {
|
|
53
|
+
chmodSync(dir, 0o700);
|
|
54
|
+
}
|
|
55
|
+
catch {
|
|
56
|
+
// Best-effort. POSIX permission setting is a no-op on Windows
|
|
57
|
+
// NTFS, and the dir-creation race with another concurrent task
|
|
58
|
+
// tool call is the only realistic failure case. The 0o600 mode
|
|
59
|
+
// on the JSONL file itself remains the primary guard; the dir
|
|
60
|
+
// chmod is defense in depth for tools that walk `.pugi/`.
|
|
61
|
+
}
|
|
62
|
+
}
|
|
63
|
+
}
|
|
64
|
+
function readJournal(ctx) {
|
|
65
|
+
const path = ledgerPath(ctx);
|
|
66
|
+
if (!existsSync(path))
|
|
67
|
+
return [];
|
|
68
|
+
const raw = readFileSync(path, 'utf8');
|
|
69
|
+
const out = [];
|
|
70
|
+
for (const line of raw.split('\n')) {
|
|
71
|
+
if (!line.trim())
|
|
72
|
+
continue;
|
|
73
|
+
try {
|
|
74
|
+
const parsed = JSON.parse(line);
|
|
75
|
+
if ((parsed.op === 'create' || parsed.op === 'update') &&
|
|
76
|
+
typeof parsed.id === 'string' &&
|
|
77
|
+
typeof parsed.at === 'string') {
|
|
78
|
+
out.push(parsed);
|
|
79
|
+
}
|
|
80
|
+
}
|
|
81
|
+
catch {
|
|
82
|
+
// Drop malformed line (partial-write tail or external corruption).
|
|
83
|
+
// The append-only design guarantees only the LAST line can be bad
|
|
84
|
+
// — everything before it is whole.
|
|
85
|
+
}
|
|
86
|
+
}
|
|
87
|
+
return out;
|
|
88
|
+
}
|
|
89
|
+
function fold(journal) {
|
|
90
|
+
const out = new Map();
|
|
91
|
+
for (const entry of journal) {
|
|
92
|
+
if (entry.op === 'create') {
|
|
93
|
+
if (!entry.title)
|
|
94
|
+
continue;
|
|
95
|
+
out.set(entry.id, {
|
|
96
|
+
id: entry.id,
|
|
97
|
+
title: entry.title,
|
|
98
|
+
status: entry.status ?? 'pending',
|
|
99
|
+
...(entry.notes !== undefined ? { notes: entry.notes } : {}),
|
|
100
|
+
createdAt: entry.at,
|
|
101
|
+
updatedAt: entry.at,
|
|
102
|
+
});
|
|
103
|
+
}
|
|
104
|
+
else {
|
|
105
|
+
const prev = out.get(entry.id);
|
|
106
|
+
if (!prev)
|
|
107
|
+
continue; // update before create — drop silently
|
|
108
|
+
out.set(entry.id, {
|
|
109
|
+
...prev,
|
|
110
|
+
...(entry.title !== undefined ? { title: entry.title } : {}),
|
|
111
|
+
...(entry.status !== undefined ? { status: entry.status } : {}),
|
|
112
|
+
...(entry.notes !== undefined ? { notes: entry.notes } : {}),
|
|
113
|
+
updatedAt: entry.at,
|
|
114
|
+
});
|
|
115
|
+
}
|
|
116
|
+
}
|
|
117
|
+
return out;
|
|
118
|
+
}
|
|
119
|
+
function appendEntry(ctx, entry) {
|
|
120
|
+
const path = ledgerPath(ctx);
|
|
121
|
+
ensureDir(path);
|
|
122
|
+
appendFileSync(path, `${JSON.stringify(entry)}\n`, {
|
|
123
|
+
encoding: 'utf8',
|
|
124
|
+
mode: 0o600,
|
|
125
|
+
});
|
|
126
|
+
}
|
|
127
|
+
export function taskCreate(ctx, input) {
|
|
128
|
+
const title = input.title?.trim();
|
|
129
|
+
if (!title) {
|
|
130
|
+
throw new Error('task_create: title is required');
|
|
131
|
+
}
|
|
132
|
+
if (title.length > 2_000) {
|
|
133
|
+
throw new Error('task_create: title exceeds 2000 char cap');
|
|
134
|
+
}
|
|
135
|
+
const status = input.status ?? 'pending';
|
|
136
|
+
if (!isValidStatus(status)) {
|
|
137
|
+
throw new Error(`task_create: invalid status "${status}"`);
|
|
138
|
+
}
|
|
139
|
+
const id = `task-${randomUUID()}`;
|
|
140
|
+
const at = nowIso(ctx);
|
|
141
|
+
const entry = {
|
|
142
|
+
op: 'create',
|
|
143
|
+
id,
|
|
144
|
+
title,
|
|
145
|
+
status,
|
|
146
|
+
at,
|
|
147
|
+
...(input.notes !== undefined ? { notes: input.notes } : {}),
|
|
148
|
+
};
|
|
149
|
+
appendEntry(ctx, entry);
|
|
150
|
+
return {
|
|
151
|
+
id,
|
|
152
|
+
title,
|
|
153
|
+
status,
|
|
154
|
+
...(input.notes !== undefined ? { notes: input.notes } : {}),
|
|
155
|
+
createdAt: at,
|
|
156
|
+
updatedAt: at,
|
|
157
|
+
};
|
|
158
|
+
}
|
|
159
|
+
export function taskGet(ctx, id) {
|
|
160
|
+
if (typeof id !== 'string' || id.length === 0) {
|
|
161
|
+
throw new Error('task_get: id is required');
|
|
162
|
+
}
|
|
163
|
+
const folded = fold(readJournal(ctx));
|
|
164
|
+
return folded.get(id) ?? null;
|
|
165
|
+
}
|
|
166
|
+
export function taskList(ctx) {
|
|
167
|
+
const folded = fold(readJournal(ctx));
|
|
168
|
+
return Array.from(folded.values()).sort((a, b) => a.createdAt.localeCompare(b.createdAt));
|
|
169
|
+
}
|
|
170
|
+
export function taskUpdate(ctx, input) {
|
|
171
|
+
if (!input.id)
|
|
172
|
+
throw new Error('task_update: id is required');
|
|
173
|
+
const folded = fold(readJournal(ctx));
|
|
174
|
+
const existing = folded.get(input.id);
|
|
175
|
+
if (!existing) {
|
|
176
|
+
throw new Error(`task_update: unknown id "${input.id}"`);
|
|
177
|
+
}
|
|
178
|
+
if (input.status !== undefined && !isValidStatus(input.status)) {
|
|
179
|
+
throw new Error(`task_update: invalid status "${input.status}"`);
|
|
180
|
+
}
|
|
181
|
+
if (input.title !== undefined && input.title.trim().length === 0) {
|
|
182
|
+
throw new Error('task_update: title cannot be empty');
|
|
183
|
+
}
|
|
184
|
+
const at = nowIso(ctx);
|
|
185
|
+
const entry = {
|
|
186
|
+
op: 'update',
|
|
187
|
+
id: input.id,
|
|
188
|
+
at,
|
|
189
|
+
...(input.title !== undefined ? { title: input.title } : {}),
|
|
190
|
+
...(input.status !== undefined ? { status: input.status } : {}),
|
|
191
|
+
...(input.notes !== undefined ? { notes: input.notes } : {}),
|
|
192
|
+
};
|
|
193
|
+
appendEntry(ctx, entry);
|
|
194
|
+
return {
|
|
195
|
+
...existing,
|
|
196
|
+
...(input.title !== undefined ? { title: input.title } : {}),
|
|
197
|
+
...(input.status !== undefined ? { status: input.status } : {}),
|
|
198
|
+
...(input.notes !== undefined ? { notes: input.notes } : {}),
|
|
199
|
+
updatedAt: at,
|
|
200
|
+
};
|
|
201
|
+
}
|
|
202
|
+
function isValidStatus(status) {
|
|
203
|
+
return (status === 'pending' ||
|
|
204
|
+
status === 'in_progress' ||
|
|
205
|
+
status === 'completed' ||
|
|
206
|
+
status === 'cancelled');
|
|
207
|
+
}
|
|
208
|
+
//# sourceMappingURL=tasks.js.map
|
package/dist/tui/ask-modal.js
CHANGED
|
@@ -85,7 +85,7 @@ export function AskModal(props) {
|
|
|
85
85
|
setBuffer((prev) => prev + input);
|
|
86
86
|
}
|
|
87
87
|
}, { isActive: props.inert !== true });
|
|
88
|
-
return (_jsxs(Box, { flexDirection: "column", borderStyle: "round", borderColor: "yellow", paddingX: 1, children: [_jsxs(Box, { children: [_jsx(Text, { bold: true, color: "yellow", children: '? ' }), _jsx(Text, { bold: true, children: 'Need your call before I continue' })] }), _jsx(Box, { marginTop: 1, children: _jsx(Text, { children: props.tag.question }) }), _jsxs(Box, { flexDirection: "column", marginTop: 1, children: [props.tag.options.map((opt, idx) => (_jsxs(Box, { flexDirection: "column", children: [_jsxs(Box, { children: [_jsx(Text, { color: "
|
|
88
|
+
return (_jsxs(Box, { flexDirection: "column", borderStyle: "round", borderColor: "yellow", paddingX: 1, children: [_jsxs(Box, { children: [_jsx(Text, { bold: true, color: "yellow", children: '? ' }), _jsx(Text, { bold: true, children: 'Need your call before I continue' })] }), _jsx(Box, { marginTop: 1, children: _jsx(Text, { children: props.tag.question }) }), _jsxs(Box, { flexDirection: "column", marginTop: 1, children: [props.tag.options.map((opt, idx) => (_jsxs(Box, { flexDirection: "column", children: [_jsxs(Box, { children: [_jsx(Text, { color: "#3da9fc", bold: true, children: ` ${idx + 1}. ` }), _jsx(Text, { children: opt.label })] }), opt.desc ? (_jsx(Box, { marginLeft: 5, children: _jsx(Text, { dimColor: true, children: opt.desc }) })) : null] }, opt.value))), _jsxs(Box, { children: [_jsx(Text, { color: "#3da9fc", bold: true, children: ` ${props.tag.options.length + 1}. ` }), _jsx(Text, { dimColor: true, children: 'Other (type a custom answer)' })] })] }), mode === 'pick' ? (_jsx(Box, { marginTop: 1, children: _jsx(Text, { dimColor: true, children: `Press 1-${props.tag.options.length + 1} to choose. Esc cancels.` }) })) : (_jsxs(Box, { flexDirection: "column", marginTop: 1, children: [_jsxs(Box, { children: [_jsx(Text, { color: "#3da9fc", children: '> ' }), _jsx(Text, { children: buffer }), _jsx(Text, { inverse: true, children: ' ' })] }), _jsx(Box, { children: _jsx(Text, { dimColor: true, children: 'Type your custom answer. Enter submits. Esc cancels.' }) })] }))] }));
|
|
89
89
|
}
|
|
90
90
|
export function PlanReviewModal(props) {
|
|
91
91
|
const [mode, setMode] = useState('pick');
|
|
@@ -130,7 +130,7 @@ export function PlanReviewModal(props) {
|
|
|
130
130
|
setBuffer((prev) => prev + input);
|
|
131
131
|
}
|
|
132
132
|
}, { isActive: props.inert !== true });
|
|
133
|
-
return (_jsxs(Box, { flexDirection: "column", borderStyle: "round", borderColor: "magenta", paddingX: 1, children: [_jsxs(Box, { children: [_jsx(Text, { bold: true, color: "magenta", children: '? ' }), _jsx(Text, { bold: true, children: 'Plan review - approve before I execute' })] }), _jsxs(Box, { flexDirection: "column", marginTop: 1, children: [_jsx(Text, { dimColor: true, children: 'Steps:' }), props.tag.steps.map((step, idx) => (_jsxs(Box, { children: [_jsx(Text, { color: "
|
|
133
|
+
return (_jsxs(Box, { flexDirection: "column", borderStyle: "round", borderColor: "magenta", paddingX: 1, children: [_jsxs(Box, { children: [_jsx(Text, { bold: true, color: "magenta", children: '? ' }), _jsx(Text, { bold: true, children: 'Plan review - approve before I execute' })] }), _jsxs(Box, { flexDirection: "column", marginTop: 1, children: [_jsx(Text, { dimColor: true, children: 'Steps:' }), props.tag.steps.map((step, idx) => (_jsxs(Box, { children: [_jsx(Text, { color: "#3da9fc", bold: true, children: ` ${idx + 1}. ` }), _jsx(Text, { children: step.text })] }, `step-${idx}`)))] }), props.tag.risk ? (_jsxs(Box, { marginTop: 1, flexDirection: "column", children: [_jsx(Text, { bold: true, color: "red", children: 'Risk:' }), _jsx(Box, { marginLeft: 2, children: _jsx(Text, { children: props.tag.risk }) })] })) : null, mode === 'pick' ? (_jsxs(Box, { marginTop: 1, flexDirection: "column", children: [_jsxs(Box, { children: [_jsx(Text, { color: "green", bold: true, children: ' [a] approve ' }), _jsx(Text, { color: "yellow", bold: true, children: '[m] modify ' }), _jsx(Text, { color: "red", bold: true, children: '[c] cancel' })] }), _jsx(Box, { children: _jsx(Text, { dimColor: true, children: 'Press a, m, or c. Esc cancels.' }) })] })) : (_jsxs(Box, { flexDirection: "column", marginTop: 1, children: [_jsxs(Box, { children: [_jsx(Text, { color: "yellow", children: 'modify > ' }), _jsx(Text, { children: buffer }), _jsx(Text, { inverse: true, children: ' ' })] }), _jsx(Box, { children: _jsx(Text, { dimColor: true, children: 'Type the revision. Enter submits. Esc cancels.' }) })] }))] }));
|
|
134
134
|
}
|
|
135
135
|
/* ------------------------------------------------------------------ */
|
|
136
136
|
/* Verdict serialisation */
|
|
@@ -36,7 +36,7 @@ function PaneHeader({ count }) {
|
|
|
36
36
|
function ConversationRow({ row, personaNames, }) {
|
|
37
37
|
switch (row.source) {
|
|
38
38
|
case 'operator':
|
|
39
|
-
return (_jsxs(Box, { children: [_jsx(Text, { bold: true, color: "
|
|
39
|
+
return (_jsxs(Box, { children: [_jsx(Text, { bold: true, color: "#3da9fc", children: '› ' }), _jsx(Text, { children: row.text })] }));
|
|
40
40
|
case 'system':
|
|
41
41
|
return (_jsxs(Box, { children: [_jsx(Text, { dimColor: true, children: '· ' }), _jsx(Text, { dimColor: true, children: row.text })] }));
|
|
42
42
|
case 'persona': {
|
package/dist/tui/input-box.js
CHANGED
|
@@ -499,7 +499,7 @@ export function InputBox(props) {
|
|
|
499
499
|
: Math.min(paletteIndex, paletteView.rows.length - 1);
|
|
500
500
|
const divider = '─'.repeat(innerWidth);
|
|
501
501
|
const focusedMatch = search ? search.matches[search.focusedIndex] : undefined;
|
|
502
|
-
return (_jsxs(Box, { flexDirection: "column", children: [_jsx(Text, { color: "
|
|
502
|
+
return (_jsxs(Box, { flexDirection: "column", children: [_jsx(Text, { color: "#3da9fc", dimColor: true, children: divider }), _jsx(Box, { paddingX: 1, flexDirection: "column", children: search ? (_jsxs(Box, { flexDirection: "column", children: [_jsxs(Box, { children: [_jsx(Text, { color: "#3da9fc", children: '(reverse-i-search) ' }), _jsx(Text, { children: `\`${search.query}\`: ` }), _jsx(Text, { color: "yellow", children: focusedMatch ? focusedMatch.brief : '(no match)' })] }), _jsx(Box, { children: _jsx(Text, { dimColor: true, children: `Ctrl+R next · Ctrl+S prev · Enter accept · Esc cancel · ${search.matches.length} match${search.matches.length === 1 ? '' : 'es'}` }) })] })) : (_jsxs(Box, { children: [_jsx(Text, { color: "#3da9fc", children: '› ' }), _jsx(Text, { children: renderLineWithCursor(line, cursor, cursorVisible) })] })) }), _jsx(Text, { color: "#3da9fc", dimColor: true, children: divider }), line.length > innerWidth - 4 ? (_jsxs(Box, { children: [_jsx(Text, { color: "gray", children: '┊ ' }), _jsx(Text, { dimColor: true, children: 'line wraps - Enter still submits' })] })) : null, _jsx(SlashPalette, { rows: paletteView.rows, focusedIndex: clampedPaletteIndex, totalBeforeLimit: paletteView.totalBeforeLimit }), _jsx(Box, { children: _jsx(Text, { dimColor: true, children: '↑/↓ history · Ctrl+R search · / commands · Enter brief · Esc cancel · Ctrl+C abort / ×2 exit' }) })] }));
|
|
503
503
|
}
|
|
504
504
|
/**
|
|
505
505
|
* Render the line with the cursor glyph inserted at `cursor`. The cursor
|
|
@@ -107,9 +107,9 @@ function renderBlock(block, key) {
|
|
|
107
107
|
case 'paragraph':
|
|
108
108
|
return (_jsx(Text, { children: renderInline(block.text) }, key));
|
|
109
109
|
case 'bullet':
|
|
110
|
-
return (_jsxs(Box, { children: [_jsx(Text, { color: "
|
|
110
|
+
return (_jsxs(Box, { children: [_jsx(Text, { color: "#3da9fc", children: '• ' }), _jsx(Text, { children: renderInline(block.text) })] }, key));
|
|
111
111
|
case 'ordered':
|
|
112
|
-
return (_jsxs(Box, { children: [_jsx(Text, { color: "
|
|
112
|
+
return (_jsxs(Box, { children: [_jsx(Text, { color: "#3da9fc", children: `${block.index}. ` }), _jsx(Text, { children: renderInline(block.text) })] }, key));
|
|
113
113
|
case 'code':
|
|
114
114
|
return renderCodeBlock(block.lang, block.body, key);
|
|
115
115
|
case 'blank':
|
|
@@ -148,7 +148,7 @@ function renderCodeLine(line, keywords) {
|
|
|
148
148
|
spans.push(_jsx(Text, { color: "green", children: tok }, key));
|
|
149
149
|
}
|
|
150
150
|
else if (keywords.includes(tok)) {
|
|
151
|
-
spans.push(_jsx(Text, { color: "
|
|
151
|
+
spans.push(_jsx(Text, { color: "#3da9fc", bold: true, children: tok }, key));
|
|
152
152
|
}
|
|
153
153
|
else {
|
|
154
154
|
spans.push(_jsx(Text, { children: tok }, key));
|
|
@@ -260,7 +260,7 @@ function renderSpan(span, key) {
|
|
|
260
260
|
case 'code':
|
|
261
261
|
return _jsx(Text, { color: "green", children: span.text }, key);
|
|
262
262
|
case 'link':
|
|
263
|
-
return (_jsxs(Text, { children: [_jsx(Text, { color: "
|
|
263
|
+
return (_jsxs(Text, { children: [_jsx(Text, { color: "#3da9fc", underline: true, children: span.text }), _jsx(Text, { dimColor: true, children: ` (${span.url})` })] }, key));
|
|
264
264
|
}
|
|
265
265
|
}
|
|
266
266
|
//# sourceMappingURL=markdown-render.js.map
|