@pugi/cli 0.1.0-beta.10 → 0.1.0-beta.101
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +132 -0
- package/LICENSE +1 -1
- package/README.md +55 -11
- package/assets/pugi-prozr2-mascot.ansi +9 -0
- package/bin/run.js +33 -1
- package/dist/commands/deploy.js +40 -40
- package/dist/commands/flatten.js +191 -0
- package/dist/commands/jobs-watch.js +201 -0
- package/dist/commands/jobs.js +42 -27
- package/dist/commands/retro.js +210 -0
- package/dist/commands/smoke.js +133 -0
- package/dist/core/agent-progress/cleanup.js +134 -0
- package/dist/core/agent-progress/schema.js +144 -0
- package/dist/core/agent-progress/writer.js +101 -0
- package/dist/core/agents/adaptive-router.js +330 -0
- package/dist/core/agents/query-decomposer.js +297 -0
- package/dist/core/agents/registry.js +3 -3
- package/dist/core/approvals/shortcut-resolver.js +98 -0
- package/dist/core/artifact-chain/dispatcher.js +148 -0
- package/dist/core/artifact-chain/exporter.js +164 -0
- package/dist/core/artifact-chain/state.js +243 -0
- package/dist/core/artifact-chain/steps.js +169 -0
- package/dist/core/ask-user/question.js +92 -0
- package/dist/core/audit/audit-trail.js +275 -0
- package/dist/core/auth/ensure-authenticated.js +129 -0
- package/dist/core/auth/env-provider.js +238 -0
- package/dist/core/auto-open-browser.js +4 -4
- package/dist/core/auto-update/channels.js +122 -0
- package/dist/core/auto-update/checker.js +241 -0
- package/dist/core/auto-update/state.js +235 -0
- package/dist/core/bare-mode/index.js +107 -0
- package/dist/core/bash/redirect.js +281 -0
- package/dist/core/bash-classifier.js +436 -40
- package/dist/core/checkpoint/resumer.js +149 -0
- package/dist/core/checkpoint/rewinder.js +291 -0
- package/dist/core/checkpoints/shadow-git.js +670 -0
- package/dist/core/citations/parser.js +109 -0
- package/dist/core/classifier/yolo-classifier.js +88 -0
- package/dist/core/codegraph/db.js +506 -0
- package/dist/core/codegraph/decision-store.js +248 -0
- package/dist/core/codegraph/detect-repo.js +459 -0
- package/dist/core/codegraph/install.js +134 -0
- package/dist/core/codegraph/offer-hook.js +220 -0
- package/dist/core/codegraph/parser.js +598 -0
- package/dist/core/codegraph/queries/go.scm +57 -0
- package/dist/core/codegraph/queries/javascript.scm +56 -0
- package/dist/core/codegraph/queries/python.scm +55 -0
- package/dist/core/codegraph/queries/rust.scm +63 -0
- package/dist/core/codegraph/queries/typescript.scm +91 -0
- package/dist/core/codegraph/reindex.js +218 -0
- package/dist/core/codegraph/resolve-edges.js +107 -0
- package/dist/core/codegraph/types.js +34 -0
- package/dist/core/codegraph/watcher.js +440 -0
- package/dist/core/compact/auto-trigger.js +96 -0
- package/dist/core/compact/buffer-rewriter.js +115 -0
- package/dist/core/compact/summarizer.js +208 -0
- package/dist/core/compact/token-counter.js +108 -0
- package/dist/core/consensus/anvil-fanout.js +25 -25
- package/dist/core/consensus/diff-capture.js +121 -12
- package/dist/core/consensus/rubric.js +21 -21
- package/dist/core/context/builder.js +6 -6
- package/dist/core/context/compaction-events.js +8 -8
- package/dist/core/context/compaction.js +31 -31
- package/dist/core/context/index.js +15 -8
- package/dist/core/context/invariants.js +51 -51
- package/dist/core/context/markdown-loader.js +28 -10
- package/dist/core/context/markdown-traverse.js +255 -0
- package/dist/core/context/pugiignore.js +41 -41
- package/dist/core/context/repo-skeleton.js +37 -37
- package/dist/core/context/tool-eviction.js +55 -0
- package/dist/core/context/watcher.js +32 -32
- package/dist/core/context/working-set.js +23 -23
- package/dist/core/coordinator/agent-tools.js +77 -0
- package/dist/core/coordinator/agent-toolset.js +65 -0
- package/dist/core/coordinator/fsm.js +73 -0
- package/dist/core/coordinator/mode-fsm.js +70 -0
- package/dist/core/cost/rate-card.js +129 -0
- package/dist/core/cost/tracker.js +221 -0
- package/dist/core/credentials.js +13 -13
- package/dist/core/cron/scheduler.js +138 -0
- package/dist/core/denial-tracking/index.js +8 -0
- package/dist/core/denial-tracking/state.js +264 -0
- package/dist/core/diagnostics/probe-runner.js +93 -0
- package/dist/core/diagnostics/probes/api.js +46 -0
- package/dist/core/diagnostics/probes/auth.js +93 -0
- package/dist/core/diagnostics/probes/bare-mode.js +42 -0
- package/dist/core/diagnostics/probes/cli-version.js +127 -0
- package/dist/core/diagnostics/probes/config.js +72 -0
- package/dist/core/diagnostics/probes/denial-tracking.js +57 -0
- package/dist/core/diagnostics/probes/disk.js +81 -0
- package/dist/core/diagnostics/probes/engine-live.js +46 -0
- package/dist/core/diagnostics/probes/git.js +65 -0
- package/dist/core/diagnostics/probes/hooks.js +118 -0
- package/dist/core/diagnostics/probes/mcp.js +75 -0
- package/dist/core/diagnostics/probes/node.js +59 -0
- package/dist/core/diagnostics/probes/pnpm.js +36 -0
- package/dist/core/diagnostics/probes/pugi-md.js +89 -0
- package/dist/core/diagnostics/probes/sandbox.js +67 -0
- package/dist/core/diagnostics/probes/session.js +74 -0
- package/dist/core/diagnostics/probes/status-snapshot.js +488 -0
- package/dist/core/diagnostics/probes/workspace.js +63 -0
- package/dist/core/diagnostics/types.js +70 -0
- package/dist/core/dispatch/cache-cleanup.js +197 -0
- package/dist/core/dispatch/cache-handoff.js +295 -0
- package/dist/core/edits/apply-patch-layer-e.js +189 -0
- package/dist/core/edits/dispatch.js +333 -7
- package/dist/core/edits/format-detector.js +260 -0
- package/dist/core/edits/format-matrix.js +26 -0
- package/dist/core/edits/fuzzy-ladder.js +650 -0
- package/dist/core/edits/index.js +5 -1
- package/dist/core/edits/journal.js +199 -0
- package/dist/core/edits/layer-a-apply.js +15 -15
- package/dist/core/edits/layer-a-fuzzy-apply.js +198 -0
- package/dist/core/edits/layer-b-apply.js +9 -9
- package/dist/core/edits/layer-c-apply.js +6 -6
- package/dist/core/edits/layer-d-ast.js +557 -14
- package/dist/core/edits/marker-parser.js +12 -12
- package/dist/core/edits/security-gate.js +27 -27
- package/dist/core/edits/verify-hook.js +273 -0
- package/dist/core/edits/worktree.js +29 -29
- package/dist/core/engine/anvil-client.js +214 -26
- package/dist/core/engine/auto-compact.js +247 -0
- package/dist/core/engine/budgets.js +220 -0
- package/dist/core/engine/compact-llm-summarizer.js +124 -0
- package/dist/core/engine/context-prefix.js +155 -0
- package/dist/core/engine/index.js +1 -1
- package/dist/core/engine/intensity.js +163 -0
- package/dist/core/engine/intent.js +260 -0
- package/dist/core/engine/native-pugi.js +1559 -227
- package/dist/core/engine/prompts.js +219 -19
- package/dist/core/engine/strip-internal-fields.js +124 -0
- package/dist/core/engine/tool-bridge.js +1887 -59
- package/dist/core/engine/verification-patterns.js +195 -0
- package/dist/core/eval/v1/ledger.js +83 -0
- package/dist/core/eval/v1/runner.js +280 -0
- package/dist/core/eval/v1/scoring.js +68 -0
- package/dist/core/eval/v1/task-loader.js +191 -0
- package/dist/core/eval/v1/types.js +14 -0
- package/dist/core/eval/v1/verifier.js +176 -0
- package/dist/core/eval/v1/yaml-parser.js +250 -0
- package/dist/core/evaluation/golden-dataset.js +293 -0
- package/dist/core/feedback/queue.js +177 -0
- package/dist/core/feedback/submitter.js +145 -0
- package/dist/core/file-cache.js +113 -1
- package/dist/core/flatten/flatten-repo.js +439 -0
- package/dist/core/format/osc8-link.js +28 -0
- package/dist/core/hook-chains.js +392 -0
- package/dist/core/hooks/citation-verify-hook.js +138 -0
- package/dist/core/hooks/citation-verify.js +112 -0
- package/dist/core/hooks/events.js +46 -0
- package/dist/core/hooks/index.js +15 -0
- package/dist/core/hooks/registry.js +216 -0
- package/dist/core/hooks/runner.js +236 -0
- package/dist/core/hooks/v2/event-emitter.js +115 -0
- package/dist/core/hooks/v2/executor.js +282 -0
- package/dist/core/hooks/v2/index.js +25 -0
- package/dist/core/hooks/v2/lifecycle.js +104 -0
- package/dist/core/hooks/v2/loader.js +216 -0
- package/dist/core/hooks/v2/matcher.js +125 -0
- package/dist/core/hooks/v2/trust.js +143 -0
- package/dist/core/hooks/v2/types.js +86 -0
- package/dist/core/hooks/worktree-events.js +158 -0
- package/dist/core/image/renderer.js +71 -0
- package/dist/core/init/detector.js +582 -0
- package/dist/core/init/template-renderer.js +242 -0
- package/dist/core/jobs/registry.js +18 -18
- package/dist/core/ledger/results-tsv.js +142 -0
- package/dist/core/log-discipline/stdout-redirect.js +51 -0
- package/dist/core/lsp/cache.js +105 -0
- package/dist/core/lsp/client.js +551 -41
- package/dist/core/lsp/language-detect.js +66 -0
- package/dist/core/lsp/post-edit-diagnostics.js +171 -0
- package/dist/core/lsp/server-detect.js +173 -0
- package/dist/core/lsp/symbol-cache.js +162 -0
- package/dist/core/lsp/symbol-tools.js +664 -0
- package/dist/core/mcp/client.js +97 -28
- package/dist/core/mcp/http-server.js +553 -0
- package/dist/core/mcp/orchestrator-config.js +192 -0
- package/dist/core/mcp/orchestrator-tools.js +806 -0
- package/dist/core/mcp/permission.js +190 -0
- package/dist/core/mcp/registry.js +39 -17
- package/dist/core/mcp/server-tools.js +219 -0
- package/dist/core/mcp/server.js +397 -0
- package/dist/core/mcp/trust.js +10 -10
- package/dist/core/memory/dual-write.js +416 -0
- package/dist/core/memory/passive-extract.js +130 -0
- package/dist/core/memory/phase1-kinds.js +20 -0
- package/dist/core/memory/secret-scanner.js +304 -0
- package/dist/core/memory-sync/queue.js +170 -0
- package/dist/core/metrics/extract.js +113 -0
- package/dist/core/modes/roo-modes.js +68 -0
- package/dist/core/notes/notes-paths.js +113 -0
- package/dist/core/notes/notes-recorder.js +140 -0
- package/dist/core/notes/notes-writer.js +53 -0
- package/dist/core/notes/renderers.js +0 -0
- package/dist/core/notes/slug.js +105 -0
- package/dist/core/onboarding/ensure-initialized.js +133 -0
- package/dist/core/onboarding/marker.js +111 -0
- package/dist/core/onboarding/telemetry-state.js +108 -0
- package/dist/core/output-style/presets.js +176 -0
- package/dist/core/output-style/state.js +185 -0
- package/dist/core/path-security.js +287 -5
- package/dist/core/permission.js +82 -22
- package/dist/core/permissions/auto-classifier.js +124 -0
- package/dist/core/permissions/bash-parser.js +371 -0
- package/dist/core/permissions/circuit-breaker.js +83 -0
- package/dist/core/permissions/constrained-edit.js +91 -0
- package/dist/core/permissions/gate.js +278 -0
- package/dist/core/permissions/index.js +20 -0
- package/dist/core/permissions/mode.js +174 -0
- package/dist/core/permissions/network-egress.js +137 -0
- package/dist/core/permissions/state.js +241 -0
- package/dist/core/permissions/tool-class.js +107 -0
- package/dist/core/plan-mode/ui-state.js +51 -0
- package/dist/core/plans/plan-artifact.js +721 -0
- package/dist/core/policy-limits/etag-store.js +122 -0
- package/dist/core/prd-check/parser.js +215 -0
- package/dist/core/prd-check/reporter.js +127 -0
- package/dist/core/prd-check/session-review.js +557 -0
- package/dist/core/prd-check/verifiers.js +223 -0
- package/dist/core/prompt-cache/client-cache.js +99 -0
- package/dist/core/prompts/assembly.js +29 -0
- package/dist/core/prompts/registry.js +364 -0
- package/dist/core/pugi-gitignore.js +52 -0
- package/dist/core/pugi-md/cc-compat-rules.js +735 -0
- package/dist/core/pugi-md/context-injector.js +76 -0
- package/dist/core/pugi-md/walk-up.js +207 -0
- package/dist/core/python/uv-installer.js +270 -0
- package/dist/core/python/uv-resolver.js +83 -0
- package/dist/core/rate-limit/narrator.js +146 -0
- package/dist/core/recipes/cli-types.js +20 -0
- package/dist/core/recipes/loader.js +103 -0
- package/dist/core/recipes/runner.js +345 -0
- package/dist/core/recipes/schema.js +587 -0
- package/dist/core/release-notes/parser.js +241 -0
- package/dist/core/release-notes/state.js +116 -0
- package/dist/core/repl/ask.js +37 -37
- package/dist/core/repl/cancellation.js +26 -26
- package/dist/core/repl/cap-warning.js +4 -4
- package/dist/core/repl/clipboard-read.js +11 -11
- package/dist/core/repl/dispatch-fsm.js +12 -12
- package/dist/core/repl/engine-bridge.js +303 -0
- package/dist/core/repl/history-search.js +15 -15
- package/dist/core/repl/history.js +28 -18
- package/dist/core/repl/kill-ring.js +5 -5
- package/dist/core/repl/model-pricing.js +135 -0
- package/dist/core/repl/privacy-banner.js +22 -22
- package/dist/core/repl/session.js +2690 -229
- package/dist/core/repl/slash-commands.js +540 -41
- package/dist/core/repl/store/index.js +1 -1
- package/dist/core/repl/store/jsonl-log.js +22 -22
- package/dist/core/repl/store/lockfile.js +10 -10
- package/dist/core/repl/store/session-store.js +136 -107
- package/dist/core/repl/store/types.js +15 -15
- package/dist/core/repl/store/uuid-v7.js +12 -12
- package/dist/core/repl/tool-route.js +382 -0
- package/dist/core/repl/workspace-context.js +43 -21
- package/dist/core/repo-map/build.js +125 -0
- package/dist/core/repo-map/cache.js +185 -0
- package/dist/core/repo-map/extractor.js +254 -0
- package/dist/core/repo-map/formatter.js +145 -0
- package/dist/core/repo-map/page-rank.js +105 -0
- package/dist/core/repo-map/scanner.js +211 -0
- package/dist/core/retro/git-collector.js +251 -0
- package/dist/core/retro/health-card.js +25 -0
- package/dist/core/retro/metrics.js +342 -0
- package/dist/core/retro/narrative.js +249 -0
- package/dist/core/retro/plane-collector.js +274 -0
- package/dist/core/retro/pr-issue-link.js +65 -0
- package/dist/core/retro/types.js +16 -0
- package/dist/core/retry-budget/budget.js +284 -0
- package/dist/core/retry-budget/index.js +5 -0
- package/dist/core/retry-budget/retry-cap.js +74 -0
- package/dist/core/routing/lead-worker.js +43 -0
- package/dist/core/routing/pre-flight-estimator.js +108 -0
- package/dist/core/runs/run-tree.js +103 -0
- package/dist/core/sandboxing/adapter.js +43 -0
- package/dist/core/sandboxing/bubblewrap.js +209 -0
- package/dist/core/sandboxing/index.js +78 -0
- package/dist/core/sandboxing/none.js +19 -0
- package/dist/core/sandboxing/policy.js +97 -0
- package/dist/core/sandboxing/seatbelt.js +231 -0
- package/dist/core/security/injection-scanner.js +367 -0
- package/dist/core/security/output-filter.js +418 -0
- package/dist/core/session/env-file.js +105 -0
- package/dist/core/session/section-budgets.js +140 -0
- package/dist/core/session.js +119 -0
- package/dist/core/settings.js +402 -5
- package/dist/core/share/formatter.js +271 -0
- package/dist/core/share/redactor.js +221 -0
- package/dist/core/share/uploader.js +267 -0
- package/dist/core/skills/defaults.js +30 -30
- package/dist/core/skills/loader.js +22 -22
- package/dist/core/skills/sources.js +27 -27
- package/dist/core/smoke/headless-driver.js +174 -0
- package/dist/core/smoke/orchestrator.js +194 -0
- package/dist/core/smoke/runner.js +238 -0
- package/dist/core/smoke/scenario-parser.js +316 -0
- package/dist/core/statusline.js +99 -0
- package/dist/core/subagents/dispatcher-real.js +600 -0
- package/dist/core/subagents/dispatcher.js +146 -52
- package/dist/core/subagents/index.js +19 -6
- package/dist/core/subagents/isolation-matrix.js +213 -0
- package/dist/core/subagents/spawn.js +19 -4
- package/dist/core/telemetry/emitter.js +229 -0
- package/dist/core/telemetry/queue.js +251 -0
- package/dist/core/theme/context.js +91 -0
- package/dist/core/theme/presets.js +228 -0
- package/dist/core/theme/state.js +181 -0
- package/dist/core/todos/invariant.js +10 -0
- package/dist/core/todos/state.js +177 -0
- package/dist/core/tool-schema/compressor.js +89 -0
- package/dist/core/transport/version-interceptor.js +166 -0
- package/dist/core/trust.js +2 -2
- package/dist/core/tui/thinking-block.js +64 -0
- package/dist/core/vim/keymap.js +288 -0
- package/dist/core/vim/state.js +92 -0
- package/dist/core/watch-markers/marker-watcher.js +133 -0
- package/dist/core/worktree/include-parser.js +249 -0
- package/dist/core/worktree-manager/cleanup.js +123 -0
- package/dist/core/worktree-manager/manager.js +303 -0
- package/dist/index.js +36 -0
- package/dist/runtime/bootstrap.js +190 -0
- package/dist/runtime/cli.js +4403 -561
- package/dist/runtime/commands/agents.js +31 -31
- package/dist/runtime/commands/budget.js +5 -5
- package/dist/runtime/commands/cancel.js +231 -0
- package/dist/runtime/commands/chain.js +489 -0
- package/dist/runtime/commands/codegraph-status.js +227 -0
- package/dist/runtime/commands/compact.js +297 -0
- package/dist/runtime/commands/config.js +74 -40
- package/dist/runtime/commands/cost.js +199 -0
- package/dist/runtime/commands/delegate.js +27 -4
- package/dist/runtime/commands/dispatch.js +126 -0
- package/dist/runtime/commands/doctor.js +579 -0
- package/dist/runtime/commands/eval-v1.js +266 -0
- package/dist/runtime/commands/feedback.js +184 -0
- package/dist/runtime/commands/hooks.js +187 -0
- package/dist/runtime/commands/index-cmd.js +459 -0
- package/dist/runtime/commands/init.js +254 -0
- package/dist/runtime/commands/lsp.js +200 -38
- package/dist/runtime/commands/mcp.js +935 -0
- package/dist/runtime/commands/memory.js +582 -0
- package/dist/runtime/commands/model.js +237 -0
- package/dist/runtime/commands/onboarding.js +275 -0
- package/dist/runtime/commands/patch.js +12 -12
- package/dist/runtime/commands/permissions.js +112 -0
- package/dist/runtime/commands/plan.js +143 -0
- package/dist/runtime/commands/prd-check.js +285 -0
- package/dist/runtime/commands/privacy.js +17 -17
- package/dist/runtime/commands/recipe.js +325 -0
- package/dist/runtime/commands/redo-blob-store.js +92 -0
- package/dist/runtime/commands/redo.js +361 -0
- package/dist/runtime/commands/release-notes.js +229 -0
- package/dist/runtime/commands/repo-map.js +95 -0
- package/dist/runtime/commands/report.js +299 -0
- package/dist/runtime/commands/resume.js +118 -0
- package/dist/runtime/commands/review-consensus.js +68 -53
- package/dist/runtime/commands/rewind.js +333 -0
- package/dist/runtime/commands/roster.js +14 -14
- package/dist/runtime/commands/servers-cli.js +182 -0
- package/dist/runtime/commands/servers.js +236 -0
- package/dist/runtime/commands/sessions.js +163 -0
- package/dist/runtime/commands/share.js +316 -0
- package/dist/runtime/commands/skills.js +31 -31
- package/dist/runtime/commands/status.js +186 -0
- package/dist/runtime/commands/stickers.js +82 -0
- package/dist/runtime/commands/style.js +194 -0
- package/dist/runtime/commands/theme.js +196 -0
- package/dist/runtime/commands/undo.js +54 -22
- package/dist/runtime/commands/update.js +289 -0
- package/dist/runtime/commands/vim.js +140 -0
- package/dist/runtime/commands/worktree.js +8 -8
- package/dist/runtime/commands/worktrees.js +155 -0
- package/dist/runtime/deprecation-warning.js +69 -0
- package/dist/runtime/engine-exit-code.js +50 -0
- package/dist/runtime/headless-repl.js +195 -0
- package/dist/runtime/headless.js +548 -0
- package/dist/runtime/load-hooks-or-exit.js +71 -0
- package/dist/runtime/plan-decompose.js +22 -22
- package/dist/runtime/sigint-guard.js +272 -0
- package/dist/runtime/stream-renderer.js +195 -0
- package/dist/runtime/update-check.js +28 -28
- package/dist/runtime/version.js +65 -0
- package/dist/runtime/worktree-bootstrap.js +579 -0
- package/dist/skills/bundled/batch.js +617 -0
- package/dist/skills/bundled/index.js +45 -0
- package/dist/skills/bundled/loop.js +358 -0
- package/dist/skills/bundled/remember.js +383 -0
- package/dist/skills/bundled/simplify.js +289 -0
- package/dist/skills/bundled/skillify.js +373 -0
- package/dist/skills/bundled/stuck.js +558 -0
- package/dist/skills/bundled/verify.js +439 -0
- package/dist/testing/vcr.js +486 -0
- package/dist/tools/agent-tool.js +229 -0
- package/dist/tools/apply-patch.js +89 -28
- package/dist/tools/ask-user-question.js +337 -0
- package/dist/tools/ask-user.js +115 -0
- package/dist/tools/bash.js +811 -49
- package/dist/tools/brief.js +224 -0
- package/dist/tools/cron.js +433 -0
- package/dist/tools/enter-worktree.js +250 -0
- package/dist/tools/exit-worktree.js +147 -0
- package/dist/tools/file-tools.js +161 -44
- package/dist/tools/http-request.js +336 -0
- package/dist/tools/lsp-tools.js +377 -1
- package/dist/tools/mcp-tool.js +260 -0
- package/dist/tools/multi-edit.js +361 -0
- package/dist/tools/powershell.js +268 -0
- package/dist/tools/registry.js +120 -5
- package/dist/tools/server-tools.js +892 -0
- package/dist/tools/skill-tool.js +96 -0
- package/dist/tools/sleep.js +99 -0
- package/dist/tools/synthetic-output.js +133 -0
- package/dist/tools/tasks.js +208 -0
- package/dist/tools/todo-write.js +184 -0
- package/dist/tools/verify-plan-execution.js +295 -0
- package/dist/tools/web-fetch-injection-scanner.js +207 -0
- package/dist/tools/web-fetch.js +195 -10
- package/dist/tools/web-search.js +458 -0
- package/dist/tui/agent-progress-card.js +111 -0
- package/dist/tui/agent-tree.js +22 -1
- package/dist/tui/ask-modal.js +14 -14
- package/dist/tui/ask-user-question-chips.js +315 -0
- package/dist/tui/ask-user-question-prompt.js +203 -0
- package/dist/tui/compact-banner.js +81 -0
- package/dist/tui/conversation-pane.js +85 -11
- package/dist/tui/cost-table.js +111 -0
- package/dist/tui/device-flow.js +2 -2
- package/dist/tui/doctor-table.js +46 -0
- package/dist/tui/feedback-prompt.js +156 -0
- package/dist/tui/input-box.js +247 -32
- package/dist/tui/login-picker.js +3 -3
- package/dist/tui/markdown-render.js +6 -6
- package/dist/tui/multi-file-diff-approval.js +375 -0
- package/dist/tui/onboarding-wizard.js +240 -0
- package/dist/tui/permissions-picker.js +86 -0
- package/dist/tui/render.js +36 -1
- package/dist/tui/repl-render.js +239 -25
- package/dist/tui/repl-splash-art.js +16 -16
- package/dist/tui/repl-splash-mascot.js +48 -24
- package/dist/tui/repl-splash.js +22 -22
- package/dist/tui/repl.js +125 -45
- package/dist/tui/slash-palette.js +6 -6
- package/dist/tui/splash.js +2 -2
- package/dist/tui/status-bar.js +109 -31
- package/dist/tui/status-table.js +7 -0
- package/dist/tui/stickers-art.js +136 -0
- package/dist/tui/style-table.js +28 -0
- package/dist/tui/theme-table.js +29 -0
- package/dist/tui/thinking-spinner.js +123 -0
- package/dist/tui/tool-stream-pane.js +53 -4
- package/dist/tui/update-banner.js +27 -2
- package/dist/tui/vim-input.js +267 -0
- package/dist/tui/welcome-banner.js +107 -0
- package/dist/tui/welcome-data.js +293 -0
- package/dist/tui/workspace-context.js +2 -2
- package/package.json +29 -6
- package/test/scenarios/codegen-create-file.scenario.txt +13 -0
- package/test/scenarios/compact-force.scenario.txt +12 -0
- package/test/scenarios/identity.scenario.txt +11 -0
- package/test/scenarios/persona-handoff.scenario.txt +12 -0
- package/test/scenarios/walkback.scenario.txt +12 -0
- package/dist/core/engine/compaction-hook.js +0 -154
|
@@ -0,0 +1,74 @@
|
|
|
1
|
+
const DEFAULT_CAP = 3;
|
|
2
|
+
const DEFAULT_RESET_AFTER_MS = 300_000;
|
|
3
|
+
export function createRetryBudget(options = {}) {
|
|
4
|
+
const cap = normalizePositiveInteger(options.cap, DEFAULT_CAP);
|
|
5
|
+
const resetAfterMs = normalizeNonNegativeInteger(options.resetAfterMs, DEFAULT_RESET_AFTER_MS);
|
|
6
|
+
const states = new Map();
|
|
7
|
+
function clone(state) {
|
|
8
|
+
return { ...state };
|
|
9
|
+
}
|
|
10
|
+
function getFreshState(operationKey, now = Date.now()) {
|
|
11
|
+
const state = states.get(operationKey);
|
|
12
|
+
if (!state)
|
|
13
|
+
return null;
|
|
14
|
+
if (now - state.lastAttemptAt >= resetAfterMs) {
|
|
15
|
+
states.delete(operationKey);
|
|
16
|
+
return null;
|
|
17
|
+
}
|
|
18
|
+
return state;
|
|
19
|
+
}
|
|
20
|
+
return {
|
|
21
|
+
record(operationKey) {
|
|
22
|
+
const now = Date.now();
|
|
23
|
+
const existing = getFreshState(operationKey, now);
|
|
24
|
+
const attempts = (existing?.attempts ?? 0) + 1;
|
|
25
|
+
const next = {
|
|
26
|
+
operationKey,
|
|
27
|
+
attempts,
|
|
28
|
+
firstAttemptAt: existing?.firstAttemptAt ?? now,
|
|
29
|
+
lastAttemptAt: now,
|
|
30
|
+
exhausted: attempts >= cap,
|
|
31
|
+
};
|
|
32
|
+
states.set(operationKey, next);
|
|
33
|
+
return clone(next);
|
|
34
|
+
},
|
|
35
|
+
reset(operationKey) {
|
|
36
|
+
states.delete(operationKey);
|
|
37
|
+
},
|
|
38
|
+
isExhausted(operationKey) {
|
|
39
|
+
return getFreshState(operationKey)?.exhausted ?? false;
|
|
40
|
+
},
|
|
41
|
+
getState(operationKey) {
|
|
42
|
+
const state = getFreshState(operationKey);
|
|
43
|
+
return state ? clone(state) : null;
|
|
44
|
+
},
|
|
45
|
+
};
|
|
46
|
+
}
|
|
47
|
+
export function validatePromptWordCount(text, opts) {
|
|
48
|
+
const words = countWords(text);
|
|
49
|
+
const chars = text.length;
|
|
50
|
+
if (opts.min !== undefined && words < opts.min) {
|
|
51
|
+
return { valid: false, words, chars, reason: 'too-short' };
|
|
52
|
+
}
|
|
53
|
+
if (opts.max !== undefined && words > opts.max) {
|
|
54
|
+
return { valid: false, words, chars, reason: 'too-long' };
|
|
55
|
+
}
|
|
56
|
+
return { valid: true, words, chars };
|
|
57
|
+
}
|
|
58
|
+
function countWords(text) {
|
|
59
|
+
const trimmed = text.trim();
|
|
60
|
+
if (trimmed.length === 0)
|
|
61
|
+
return 0;
|
|
62
|
+
return trimmed.split(/\s+/).length;
|
|
63
|
+
}
|
|
64
|
+
function normalizePositiveInteger(value, fallback) {
|
|
65
|
+
if (value === undefined || !Number.isFinite(value))
|
|
66
|
+
return fallback;
|
|
67
|
+
return Math.max(1, Math.floor(value));
|
|
68
|
+
}
|
|
69
|
+
function normalizeNonNegativeInteger(value, fallback) {
|
|
70
|
+
if (value === undefined || !Number.isFinite(value))
|
|
71
|
+
return fallback;
|
|
72
|
+
return Math.max(0, Math.floor(value));
|
|
73
|
+
}
|
|
74
|
+
//# sourceMappingURL=retry-cap.js.map
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
export function assignRoles(opts) {
|
|
2
|
+
let hasAssignedWriteLead = false;
|
|
3
|
+
return opts.steps.map((step) => {
|
|
4
|
+
const role = assignRole(step, hasAssignedWriteLead);
|
|
5
|
+
if (step.intent === 'write' && role.role === 'lead') {
|
|
6
|
+
hasAssignedWriteLead = true;
|
|
7
|
+
}
|
|
8
|
+
return {
|
|
9
|
+
step: step.id,
|
|
10
|
+
role: role.role,
|
|
11
|
+
model: role.role === 'lead' ? opts.leadModel : opts.workerModel,
|
|
12
|
+
reason: role.reason,
|
|
13
|
+
};
|
|
14
|
+
});
|
|
15
|
+
}
|
|
16
|
+
function assignRole(step, hasAssignedWriteLead) {
|
|
17
|
+
if (step.intent === 'plan') {
|
|
18
|
+
return { role: 'lead', reason: 'planning step requires lead orchestration' };
|
|
19
|
+
}
|
|
20
|
+
if (hasLeadHeuristic(step.id)) {
|
|
21
|
+
return { role: 'lead', reason: 'step id indicates planning or orchestration' };
|
|
22
|
+
}
|
|
23
|
+
if (step.intent === 'write' && !hasAssignedWriteLead) {
|
|
24
|
+
return { role: 'lead', reason: 'first write step needs lead architecture' };
|
|
25
|
+
}
|
|
26
|
+
if (step.intent === 'write') {
|
|
27
|
+
return { role: 'worker', reason: 'subsequent write step is bulk execution' };
|
|
28
|
+
}
|
|
29
|
+
if (step.intent === 'read' || step.intent === 'verify') {
|
|
30
|
+
return { role: 'worker', reason: 'read and verify steps are worker execution' };
|
|
31
|
+
}
|
|
32
|
+
if (step.intent === 'explain') {
|
|
33
|
+
return { role: 'worker', reason: 'explanation step can run on worker model' };
|
|
34
|
+
}
|
|
35
|
+
return { role: 'lead', reason: 'unknown intent defaults to lead defensively' };
|
|
36
|
+
}
|
|
37
|
+
function hasLeadHeuristic(stepId) {
|
|
38
|
+
const normalized = stepId.toLowerCase();
|
|
39
|
+
return (normalized.includes('plan') ||
|
|
40
|
+
normalized.includes('design') ||
|
|
41
|
+
normalized.includes('orchestrate'));
|
|
42
|
+
}
|
|
43
|
+
//# sourceMappingURL=lead-worker.js.map
|
|
@@ -0,0 +1,108 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Pre-flight token estimator — external tokenEstimation port,
|
|
3
|
+
* adapted for Anvil's 3-tier routing.
|
|
4
|
+
*
|
|
5
|
+
* The auto-compact gate counts tokens AFTER a turn lands. This module
|
|
6
|
+
* runs BEFORE the request leaves the CLI so the router can pick the
|
|
7
|
+
* cheapest pool that still fits. Three pools exist:
|
|
8
|
+
*
|
|
9
|
+
* cheap → DeepSeek V4-Pro / Cerebras Qwen3-Coder (128k-256k window)
|
|
10
|
+
* mid → Anthropic Sonnet 4.6 / GPT-5 (200k window, 2-3× cheap-pool cost)
|
|
11
|
+
* long → Kimi K2.6 / Gemini 2.5 Pro (1M window, 5-10× cheap-pool cost)
|
|
12
|
+
*
|
|
13
|
+
* The estimator is intentionally synchronous, pure, and free of I/O so
|
|
14
|
+
* the call site can run it inside a render loop without yielding to
|
|
15
|
+
* the event loop. The token approximation reuses the existing
|
|
16
|
+
* char-per-token heuristic from `core/compact/token-counter.ts` (4 chars
|
|
17
|
+
* ≈ 1 token, biased high). No tiktoken dependency added.
|
|
18
|
+
*/
|
|
19
|
+
import { estimateTokens } from '../compact/token-counter.js';
|
|
20
|
+
/**
|
|
21
|
+
* Default tier ceilings tuned для Anvil 2026-06 routing matrix.
|
|
22
|
+
* cheap-pool models (DeepSeek/Cerebras) hard-cap at 100k effective input.
|
|
23
|
+
* mid-pool (Sonnet/GPT-5) safe through 180k.
|
|
24
|
+
* long-pool (Kimi/Gemini-Pro) accepts к 900k.
|
|
25
|
+
*
|
|
26
|
+
* The numbers stay below the nominal context window к leave room for
|
|
27
|
+
* output tokens, тек streaming overhead, and tokenizer skew.
|
|
28
|
+
*/
|
|
29
|
+
const DEFAULT_CHEAP_MAX = 100_000;
|
|
30
|
+
const DEFAULT_MID_MAX = 180_000;
|
|
31
|
+
const DEFAULT_LONG_MAX = 900_000;
|
|
32
|
+
const DEFAULT_OUTPUT_BUFFER = 4_096;
|
|
33
|
+
export function estimatePreFlight(input, options = {}) {
|
|
34
|
+
const cheapMax = options.cheapTierMaxInput ?? DEFAULT_CHEAP_MAX;
|
|
35
|
+
const midMax = options.midTierMaxInput ?? DEFAULT_MID_MAX;
|
|
36
|
+
const longMax = options.longTierMaxInput ?? DEFAULT_LONG_MAX;
|
|
37
|
+
const outputBuffer = input.expectedOutputTokens
|
|
38
|
+
?? options.outputBuffer
|
|
39
|
+
?? DEFAULT_OUTPUT_BUFFER;
|
|
40
|
+
if (cheapMax <= 0 || midMax <= 0 || longMax <= 0) {
|
|
41
|
+
throw new RangeError('tier max values must be positive');
|
|
42
|
+
}
|
|
43
|
+
if (cheapMax > midMax || midMax > longMax) {
|
|
44
|
+
throw new RangeError('tier ceilings must be monotonic: cheap <= mid <= long');
|
|
45
|
+
}
|
|
46
|
+
if (outputBuffer < 0) {
|
|
47
|
+
throw new RangeError('outputBuffer must be >= 0');
|
|
48
|
+
}
|
|
49
|
+
const systemTokens = sumStrings(input.systemPrompt ? [input.systemPrompt] : []);
|
|
50
|
+
const dialogTokens = sumStrings(input.dialogHistory ?? []);
|
|
51
|
+
const ragTokens = sumStrings(input.ragContext ?? []);
|
|
52
|
+
const toolTokens = sumStrings(input.toolResults ?? []);
|
|
53
|
+
const userTokens = sumStrings(input.userMessage ? [input.userMessage] : []);
|
|
54
|
+
const inputTokens = systemTokens + dialogTokens + ragTokens + toolTokens + userTokens;
|
|
55
|
+
const totalTokens = inputTokens + outputBuffer;
|
|
56
|
+
const tier = pickTier(inputTokens, cheapMax, midMax);
|
|
57
|
+
const overLongTier = inputTokens > longMax;
|
|
58
|
+
return {
|
|
59
|
+
inputTokens,
|
|
60
|
+
outputBuffer,
|
|
61
|
+
totalTokens,
|
|
62
|
+
tier,
|
|
63
|
+
breakdown: {
|
|
64
|
+
systemPrompt: systemTokens,
|
|
65
|
+
dialogHistory: dialogTokens,
|
|
66
|
+
ragContext: ragTokens,
|
|
67
|
+
toolResults: toolTokens,
|
|
68
|
+
userMessage: userTokens,
|
|
69
|
+
},
|
|
70
|
+
overLongTier,
|
|
71
|
+
};
|
|
72
|
+
}
|
|
73
|
+
function sumStrings(parts) {
|
|
74
|
+
let total = 0;
|
|
75
|
+
for (const part of parts) {
|
|
76
|
+
total += estimateTokens(part);
|
|
77
|
+
}
|
|
78
|
+
return total;
|
|
79
|
+
}
|
|
80
|
+
function pickTier(inputTokens, cheapMax, midMax) {
|
|
81
|
+
if (inputTokens <= cheapMax)
|
|
82
|
+
return 'cheap';
|
|
83
|
+
if (inputTokens <= midMax)
|
|
84
|
+
return 'mid';
|
|
85
|
+
return 'long';
|
|
86
|
+
}
|
|
87
|
+
/**
|
|
88
|
+
* Human-readable explanation для CLI / TUI surfacing.
|
|
89
|
+
* The format is stable and may be parsed by the doctor command.
|
|
90
|
+
*/
|
|
91
|
+
export function explainEstimate(estimate) {
|
|
92
|
+
const lines = [];
|
|
93
|
+
lines.push(`Input tokens: ${estimate.inputTokens.toLocaleString('en-US')}`);
|
|
94
|
+
lines.push(`Output buffer: ${estimate.outputBuffer.toLocaleString('en-US')}`);
|
|
95
|
+
lines.push(`Total: ${estimate.totalTokens.toLocaleString('en-US')}`);
|
|
96
|
+
lines.push(`Routing tier: ${estimate.tier}`);
|
|
97
|
+
if (estimate.overLongTier) {
|
|
98
|
+
lines.push('WARNING: input exceeds long-tier ceiling — request will likely fail');
|
|
99
|
+
}
|
|
100
|
+
lines.push('Breakdown:');
|
|
101
|
+
lines.push(` system prompt: ${estimate.breakdown.systemPrompt.toLocaleString('en-US')}`);
|
|
102
|
+
lines.push(` dialog: ${estimate.breakdown.dialogHistory.toLocaleString('en-US')}`);
|
|
103
|
+
lines.push(` rag: ${estimate.breakdown.ragContext.toLocaleString('en-US')}`);
|
|
104
|
+
lines.push(` tool results: ${estimate.breakdown.toolResults.toLocaleString('en-US')}`);
|
|
105
|
+
lines.push(` user message: ${estimate.breakdown.userMessage.toLocaleString('en-US')}`);
|
|
106
|
+
return lines.join('\n');
|
|
107
|
+
}
|
|
108
|
+
//# sourceMappingURL=pre-flight-estimator.js.map
|
|
@@ -0,0 +1,103 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Canonical `.pugi/runs/<id>/` artifact tree .
|
|
3
|
+
*
|
|
4
|
+
* Karpathy hn-time-capsule pattern: every Pugi execution produces a
|
|
5
|
+
* deterministic directory structure where downstream tooling (eval
|
|
6
|
+
* harness, leaderboard, replay, debugging) can find
|
|
7
|
+
* artifacts at predictable paths.
|
|
8
|
+
*
|
|
9
|
+
* Layout per run:
|
|
10
|
+
* .pugi/runs/<id>/
|
|
11
|
+
* meta.json — metadata: id, startedAt, finishedAt?, command, tier
|
|
12
|
+
* stdout.log — captured stdout (the engine writes it directly)
|
|
13
|
+
* stderr.log — captured stderr
|
|
14
|
+
* events.jsonl — structured event stream (NDJSON)
|
|
15
|
+
* metrics.json — final metrics summary (written at run end)
|
|
16
|
+
* artifacts/ — арbitrary file outputs (plans, diffs, exports)
|
|
17
|
+
*
|
|
18
|
+
* The `<id>` is `<ISO-timestamp>-<short-rand>` so runs sort
|
|
19
|
+
* chronologically when listed by directory order.
|
|
20
|
+
*
|
|
21
|
+
* This module only handles the directory + metadata primitive. Actual
|
|
22
|
+
* stream writing (stdout.log, events.jsonl) is the engine's job —
|
|
23
|
+
* we return paths so the engine knows where к write.
|
|
24
|
+
*/
|
|
25
|
+
import { mkdir, writeFile, readFile, stat } from 'node:fs/promises';
|
|
26
|
+
import { randomBytes } from 'node:crypto';
|
|
27
|
+
import path from 'node:path';
|
|
28
|
+
export function generateRunId(now = new Date()) {
|
|
29
|
+
const iso = now.toISOString().replace(/[:.]/g, '-');
|
|
30
|
+
const rand = randomBytes(3).toString('hex');
|
|
31
|
+
return `${iso}-${rand}`;
|
|
32
|
+
}
|
|
33
|
+
export function resolveRunPaths(workspaceRoot, id) {
|
|
34
|
+
const root = path.join(workspaceRoot, '.pugi', 'runs', id);
|
|
35
|
+
return {
|
|
36
|
+
root,
|
|
37
|
+
meta: path.join(root, 'meta.json'),
|
|
38
|
+
stdout: path.join(root, 'stdout.log'),
|
|
39
|
+
stderr: path.join(root, 'stderr.log'),
|
|
40
|
+
events: path.join(root, 'events.jsonl'),
|
|
41
|
+
metrics: path.join(root, 'metrics.json'),
|
|
42
|
+
artifacts: path.join(root, 'artifacts'),
|
|
43
|
+
};
|
|
44
|
+
}
|
|
45
|
+
export async function createRun(options) {
|
|
46
|
+
if (!options.workspaceRoot) {
|
|
47
|
+
throw new TypeError('workspaceRoot is required');
|
|
48
|
+
}
|
|
49
|
+
const id = options.id ?? generateRunId();
|
|
50
|
+
if (!/^[A-Za-z0-9_.\-T:Z]+$/.test(id)) {
|
|
51
|
+
throw new RangeError(`invalid run id: ${id} (forbidden characters)`);
|
|
52
|
+
}
|
|
53
|
+
const paths = resolveRunPaths(options.workspaceRoot, id);
|
|
54
|
+
await mkdir(paths.artifacts, { recursive: true });
|
|
55
|
+
const meta = {
|
|
56
|
+
id,
|
|
57
|
+
startedAt: new Date().toISOString(),
|
|
58
|
+
};
|
|
59
|
+
if (options.command !== undefined)
|
|
60
|
+
meta.command = options.command;
|
|
61
|
+
if (options.tier !== undefined)
|
|
62
|
+
meta.tier = options.tier;
|
|
63
|
+
if (options.extra !== undefined)
|
|
64
|
+
meta.extra = options.extra;
|
|
65
|
+
await writeFile(paths.meta, JSON.stringify(meta, null, 2) + '\n');
|
|
66
|
+
return paths;
|
|
67
|
+
}
|
|
68
|
+
export async function readRunMetadata(paths) {
|
|
69
|
+
try {
|
|
70
|
+
const buf = await readFile(paths.meta, 'utf8');
|
|
71
|
+
return JSON.parse(buf);
|
|
72
|
+
}
|
|
73
|
+
catch {
|
|
74
|
+
return null;
|
|
75
|
+
}
|
|
76
|
+
}
|
|
77
|
+
export async function finalizeRun(paths, options = {}) {
|
|
78
|
+
const existing = await readRunMetadata(paths);
|
|
79
|
+
if (!existing) {
|
|
80
|
+
throw new Error(`run metadata missing at ${paths.meta}`);
|
|
81
|
+
}
|
|
82
|
+
const finished = {
|
|
83
|
+
...existing,
|
|
84
|
+
finishedAt: new Date().toISOString(),
|
|
85
|
+
};
|
|
86
|
+
if (options.exitCode !== undefined) {
|
|
87
|
+
finished.exitCode = options.exitCode;
|
|
88
|
+
}
|
|
89
|
+
await writeFile(paths.meta, JSON.stringify(finished, null, 2) + '\n');
|
|
90
|
+
if (options.metrics !== undefined) {
|
|
91
|
+
await writeFile(paths.metrics, JSON.stringify(options.metrics, null, 2) + '\n');
|
|
92
|
+
}
|
|
93
|
+
}
|
|
94
|
+
export async function runExists(paths) {
|
|
95
|
+
try {
|
|
96
|
+
const stats = await stat(paths.root);
|
|
97
|
+
return stats.isDirectory();
|
|
98
|
+
}
|
|
99
|
+
catch {
|
|
100
|
+
return false;
|
|
101
|
+
}
|
|
102
|
+
}
|
|
103
|
+
//# sourceMappingURL=run-tree.js.map
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Bash sandbox adapter interface (Trust Sprint item 6 + Phase 1 #302).
|
|
3
|
+
*
|
|
4
|
+
* Adapter pattern: a runner wraps the spawn invocation with an
|
|
5
|
+
* OS-level sandbox primitive. Today's variants:
|
|
6
|
+
*
|
|
7
|
+
* - none - passthrough (legacy behaviour, default).
|
|
8
|
+
* - macOS-seatbelt - /usr/bin/sandbox-exec with a workspace-scoped
|
|
9
|
+
* write allowlist + secret-dir deny list +
|
|
10
|
+
* posture-conditional network rule.
|
|
11
|
+
* - bubblewrap - Linux `bwrap` user-namespace jail with a
|
|
12
|
+
* read-only bind of /usr, /lib, /etc, a tmpfs at
|
|
13
|
+
* /tmp, and a writable bind for workspaceRoot.
|
|
14
|
+
* Posture toggles `--share-net`.
|
|
15
|
+
* - docker - Windows fallback (not shipped in this PR;
|
|
16
|
+
* schema accepts the keyword so a forward-rolled
|
|
17
|
+
* settings.json does not error).
|
|
18
|
+
*
|
|
19
|
+
* Mechanism x posture matrix:
|
|
20
|
+
*
|
|
21
|
+
* | mechanism | strict | lenient | off |
|
|
22
|
+
* | --------------- | ----------------------------------- | --------------------------------- | ------------ |
|
|
23
|
+
* | none | passthrough (mode wins) | passthrough (mode wins) | passthrough |
|
|
24
|
+
* | macOS-seatbelt | workspace writes + deny network | workspace writes + allow network | passthrough |
|
|
25
|
+
* | bubblewrap | workspace bind + deny network | workspace bind + allow network | passthrough |
|
|
26
|
+
* | docker | (not shipped) | (not shipped) | passthrough |
|
|
27
|
+
*
|
|
28
|
+
* Wired into `tools/bash.ts` at the `spawn`/`spawnSync` call sites
|
|
29
|
+
* (foreground async, foreground sync, background). The wrap fires
|
|
30
|
+
* AFTER the permission gate so a refused command never reaches the
|
|
31
|
+
* sandbox layer; if the adapter probe returns `armed=false` and the
|
|
32
|
+
* configured mechanism is non-`none`, the bash tool refuses
|
|
33
|
+
* fail-closed instead of silently degrading.
|
|
34
|
+
*
|
|
35
|
+
* Future: replace bubblewrap with native landlock bindings on Linux
|
|
36
|
+
* + job-object on Windows. The interface is stable, the adapters
|
|
37
|
+
* change.
|
|
38
|
+
*/
|
|
39
|
+
export {};
|
|
40
|
+
// The `makeAdapter` resolver lives in `./index.ts` so it can import
|
|
41
|
+
// the concrete adapters via ESM without circular references. This
|
|
42
|
+
// file stays pure interfaces.
|
|
43
|
+
//# sourceMappingURL=adapter.js.map
|
|
@@ -0,0 +1,209 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Linux bubblewrap sandbox adapter (Phase 1 #302).
|
|
3
|
+
*
|
|
4
|
+
* Wraps bash command execution with `bwrap` (user-namespace jail).
|
|
5
|
+
* Policy posture:
|
|
6
|
+
*
|
|
7
|
+
* - Workspace root bound read+write at the same path inside the
|
|
8
|
+
* jail so cwd resolves identically for the child.
|
|
9
|
+
* - System dirs (/usr, /lib, /lib64, /bin, /sbin, /etc, /opt) bound
|
|
10
|
+
* read-only - dev toolchains and shared libraries reachable.
|
|
11
|
+
* - /tmp = tmpfs (fresh per-invocation), /proc + /dev mounted so
|
|
12
|
+
* standard syscalls work.
|
|
13
|
+
* - Secret dirs from the host (~/.ssh, ~/.aws, ~/.config/gh,
|
|
14
|
+
* ~/.gitconfig) are NOT bound at all - they vanish from the
|
|
15
|
+
* child's view. The deny is structural (no mount), not advisory.
|
|
16
|
+
* - Network: `--share-net` only when posture=`lenient` or
|
|
17
|
+
* `allowNetwork=true`. Strict drops it via `--unshare-all`
|
|
18
|
+
* (default + no override).
|
|
19
|
+
*
|
|
20
|
+
* Detection: `bwrap` must be on PATH. We probe via `bwrap --version`
|
|
21
|
+
* and treat any clean exit as proof the binary is callable. Operators
|
|
22
|
+
* on a host without bwrap see the install hint
|
|
23
|
+
* (`apt install bubblewrap` / `brew install bubblewrap`).
|
|
24
|
+
*
|
|
25
|
+
* Security note: bwrap requires either CAP_SYS_ADMIN or unprivileged
|
|
26
|
+
* user namespaces (kernel.unprivileged_userns_clone=1). Modern
|
|
27
|
+
* distros (Debian 11+, Ubuntu 22.04+, Fedora 35+, Arch) enable this
|
|
28
|
+
* by default. When the kernel rejects the bwrap invocation, the wrap
|
|
29
|
+
* succeeds but the spawn fails - the bash tool surfaces the child's
|
|
30
|
+
* stderr verbatim so the operator sees the kernel-side reason.
|
|
31
|
+
*/
|
|
32
|
+
import { execFileSync } from 'node:child_process';
|
|
33
|
+
import { homedir } from 'node:os';
|
|
34
|
+
import { isAbsolute } from 'node:path';
|
|
35
|
+
import { defaultSecretDirs, resolveNetworkAllowance } from './policy.js';
|
|
36
|
+
const BWRAP_BINARY = 'bwrap';
|
|
37
|
+
/**
|
|
38
|
+
* Install hint surfaced when bwrap is missing from PATH. We tailor
|
|
39
|
+
* the hint to the most common Linux package managers; macOS users
|
|
40
|
+
* normally select `macOS-seatbelt`, not `bubblewrap`, so we still
|
|
41
|
+
* mention Homebrew for completeness.
|
|
42
|
+
*/
|
|
43
|
+
const BWRAP_INSTALL_HINT = 'Install bwrap: `sudo apt install bubblewrap` (Debian/Ubuntu) or ' +
|
|
44
|
+
'`sudo dnf install bubblewrap` (Fedora/RHEL) or `brew install bubblewrap` (macOS Homebrew).';
|
|
45
|
+
export class BubblewrapSandboxAdapter {
|
|
46
|
+
mode = 'bubblewrap';
|
|
47
|
+
probe(opts) {
|
|
48
|
+
if (process.platform !== 'linux' && process.platform !== 'darwin') {
|
|
49
|
+
return {
|
|
50
|
+
mode: 'bubblewrap',
|
|
51
|
+
armed: false,
|
|
52
|
+
reason: `bubblewrap unavailable on ${process.platform} - choose 'none', 'macOS-seatbelt', or 'docker'.`,
|
|
53
|
+
details: [`platform: ${process.platform}`, `expected: linux (primary) or darwin (homebrew)`],
|
|
54
|
+
installHint: BWRAP_INSTALL_HINT,
|
|
55
|
+
};
|
|
56
|
+
}
|
|
57
|
+
const bwrapPath = locateBwrap();
|
|
58
|
+
if (bwrapPath === null) {
|
|
59
|
+
return {
|
|
60
|
+
mode: 'bubblewrap',
|
|
61
|
+
armed: false,
|
|
62
|
+
reason: 'bwrap binary not found on PATH.',
|
|
63
|
+
details: [
|
|
64
|
+
`platform: ${process.platform}`,
|
|
65
|
+
`lookup: PATH`,
|
|
66
|
+
`remediation: install the bubblewrap package`,
|
|
67
|
+
],
|
|
68
|
+
installHint: BWRAP_INSTALL_HINT,
|
|
69
|
+
};
|
|
70
|
+
}
|
|
71
|
+
return {
|
|
72
|
+
mode: 'bubblewrap',
|
|
73
|
+
armed: true,
|
|
74
|
+
details: [
|
|
75
|
+
`platform: ${process.platform}`,
|
|
76
|
+
`binary: ${bwrapPath}`,
|
|
77
|
+
`workspaceRoot: ${opts.workspaceRoot}`,
|
|
78
|
+
`extraWritePaths: ${(opts.extraWritePaths ?? []).join(', ') || '<none>'}`,
|
|
79
|
+
`posture: ${opts.posture ?? 'strict'}`,
|
|
80
|
+
`network: ${resolveNetworkAllowance(opts.posture, opts.allowNetwork) ? 'allow' : 'deny'}`,
|
|
81
|
+
],
|
|
82
|
+
};
|
|
83
|
+
}
|
|
84
|
+
wrap(cmd, opts) {
|
|
85
|
+
const armed = this.probe(opts);
|
|
86
|
+
if (!armed.armed) {
|
|
87
|
+
throw new Error(`BubblewrapSandboxAdapter.wrap: ${armed.reason}`);
|
|
88
|
+
}
|
|
89
|
+
if (!isAbsolute(opts.workspaceRoot)) {
|
|
90
|
+
throw new Error(`BubblewrapSandboxAdapter.wrap: workspaceRoot must be absolute, got "${opts.workspaceRoot}"`);
|
|
91
|
+
}
|
|
92
|
+
for (const p of opts.extraWritePaths ?? []) {
|
|
93
|
+
if (!isAbsolute(p)) {
|
|
94
|
+
throw new Error(`BubblewrapSandboxAdapter.wrap: extraWritePaths entry must be absolute, got "${p}"`);
|
|
95
|
+
}
|
|
96
|
+
}
|
|
97
|
+
for (const p of opts.extraReadPaths ?? []) {
|
|
98
|
+
if (!isAbsolute(p)) {
|
|
99
|
+
throw new Error(`BubblewrapSandboxAdapter.wrap: extraReadPaths entry must be absolute, got "${p}"`);
|
|
100
|
+
}
|
|
101
|
+
}
|
|
102
|
+
const args = renderBwrapArgs(opts);
|
|
103
|
+
return {
|
|
104
|
+
command: BWRAP_BINARY,
|
|
105
|
+
args: [...args, '--', cmd.command, ...cmd.args],
|
|
106
|
+
description: `sandbox: bubblewrap (posture=${opts.posture ?? 'strict'})`,
|
|
107
|
+
};
|
|
108
|
+
}
|
|
109
|
+
/**
|
|
110
|
+
* Exposed for unit tests so the spec can pin the exact argv shape
|
|
111
|
+
* without driving the whole wrap path.
|
|
112
|
+
*/
|
|
113
|
+
renderArgs(opts) {
|
|
114
|
+
return renderBwrapArgs(opts);
|
|
115
|
+
}
|
|
116
|
+
}
|
|
117
|
+
/**
|
|
118
|
+
* Compose the bwrap argv from the spawn options. Order matters:
|
|
119
|
+
*
|
|
120
|
+
* 1. Namespace flags (`--unshare-all`, optional `--share-net`).
|
|
121
|
+
* 2. Read-only system binds - provides /usr, /bin, /lib, etc.
|
|
122
|
+
* 3. /proc + /dev so syscalls work.
|
|
123
|
+
* 4. tmpfs at /tmp so build scratch never persists.
|
|
124
|
+
* 5. Read-write bind of workspaceRoot + every extraWritePath.
|
|
125
|
+
* 6. Read-only bind of every extraReadPath.
|
|
126
|
+
*
|
|
127
|
+
* Secret dirs are NOT bound. Because bwrap starts from a fresh mount
|
|
128
|
+
* namespace, anything not explicitly bound is invisible to the child.
|
|
129
|
+
* The `defaultSecretDirs` helper exists only for symmetry with the
|
|
130
|
+
* seatbelt adapter's deny rules - the documentation surface stays
|
|
131
|
+
* consistent across mechanisms.
|
|
132
|
+
*/
|
|
133
|
+
function renderBwrapArgs(opts) {
|
|
134
|
+
const home = opts.homedir ?? homedir();
|
|
135
|
+
const networkAllowed = resolveNetworkAllowance(opts.posture, opts.allowNetwork);
|
|
136
|
+
const args = [];
|
|
137
|
+
// Namespace isolation. `--unshare-all` removes every namespace -
|
|
138
|
+
// pid, mount, ipc, uts, cgroup, net. We selectively re-share net
|
|
139
|
+
// when the policy says so. `--die-with-parent` makes sure the
|
|
140
|
+
// child does not outlive the bash tool's spawn() handle.
|
|
141
|
+
args.push('--die-with-parent');
|
|
142
|
+
args.push('--unshare-all');
|
|
143
|
+
if (networkAllowed) {
|
|
144
|
+
args.push('--share-net');
|
|
145
|
+
}
|
|
146
|
+
// Read-only system binds. We bind each path with `--ro-bind-try`
|
|
147
|
+
// so missing dirs (e.g. /lib64 on a non-multilib host) do not
|
|
148
|
+
// abort the wrap. The order mirrors a minimal POSIX userland.
|
|
149
|
+
for (const sys of ['/usr', '/bin', '/sbin', '/lib', '/lib64', '/etc', '/opt']) {
|
|
150
|
+
args.push('--ro-bind-try', sys, sys);
|
|
151
|
+
}
|
|
152
|
+
// /proc + /dev - required for most binaries. /dev is the bwrap
|
|
153
|
+
// virtual /dev (just null, zero, tty, random, urandom). /proc is
|
|
154
|
+
// the new namespace's proc, not the host's.
|
|
155
|
+
args.push('--proc', '/proc');
|
|
156
|
+
args.push('--dev', '/dev');
|
|
157
|
+
// Fresh tmpfs at /tmp every invocation. Build scratch never
|
|
158
|
+
// persists across runs and never leaks into the host's /tmp.
|
|
159
|
+
args.push('--tmpfs', '/tmp');
|
|
160
|
+
// Workspace bind: read + write. The bind is at the same path
|
|
161
|
+
// inside the jail so a relative cwd from the parent resolves
|
|
162
|
+
// identically inside.
|
|
163
|
+
args.push('--bind', opts.workspaceRoot, opts.workspaceRoot);
|
|
164
|
+
// Extra writable paths (typical: ~/.pugi for CLI state).
|
|
165
|
+
for (const writable of opts.extraWritePaths ?? []) {
|
|
166
|
+
args.push('--bind', writable, writable);
|
|
167
|
+
}
|
|
168
|
+
// Extra read-only paths the operator opted into.
|
|
169
|
+
for (const readonly of opts.extraReadPaths ?? []) {
|
|
170
|
+
args.push('--ro-bind-try', readonly, readonly);
|
|
171
|
+
}
|
|
172
|
+
// `defaultSecretDirs` is computed-and-ignored here. The intent is
|
|
173
|
+
// documentation: future operators reading this code see the same
|
|
174
|
+
// list the seatbelt deny block uses. The structural omission of
|
|
175
|
+
// these binds IS the deny - referencing the list makes that
|
|
176
|
+
// explicit.
|
|
177
|
+
void defaultSecretDirs(home);
|
|
178
|
+
return args;
|
|
179
|
+
}
|
|
180
|
+
/**
|
|
181
|
+
* Locate `bwrap` on the operator's PATH. We avoid `which` (not POSIX
|
|
182
|
+
* everywhere) and `command -v` (shell builtin, not spawn-friendly).
|
|
183
|
+
* Instead we run `bwrap --version` and treat any clean exit as proof
|
|
184
|
+
* the binary is callable.
|
|
185
|
+
*/
|
|
186
|
+
function locateBwrap() {
|
|
187
|
+
try {
|
|
188
|
+
execFileSync(BWRAP_BINARY, ['--version'], {
|
|
189
|
+
stdio: ['ignore', 'ignore', 'ignore'],
|
|
190
|
+
timeout: 3000,
|
|
191
|
+
});
|
|
192
|
+
return BWRAP_BINARY;
|
|
193
|
+
}
|
|
194
|
+
catch (err) {
|
|
195
|
+
const e = err;
|
|
196
|
+
if (e?.code === 'ENOENT')
|
|
197
|
+
return null;
|
|
198
|
+
// Non-zero exit (e.g. bwrap with a strange host) still means the
|
|
199
|
+
// binary exists. We treat it as available; the wrap call will
|
|
200
|
+
// surface the real failure via the child's stderr.
|
|
201
|
+
return BWRAP_BINARY;
|
|
202
|
+
}
|
|
203
|
+
}
|
|
204
|
+
/**
|
|
205
|
+
* Convenience re-export for callers / specs that want the same hint
|
|
206
|
+
* string without duplicating the literal.
|
|
207
|
+
*/
|
|
208
|
+
export const BUBBLEWRAP_INSTALL_HINT = BWRAP_INSTALL_HINT;
|
|
209
|
+
//# sourceMappingURL=bubblewrap.js.map
|
|
@@ -0,0 +1,78 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Sandbox adapter resolver (Trust Sprint item 6 + Phase 1 #302).
|
|
3
|
+
*
|
|
4
|
+
* Single re-export surface so consumers (`pugi doctor`, the bash
|
|
5
|
+
* runner indirection, MCP serve diagnostics) can do:
|
|
6
|
+
*
|
|
7
|
+
* import { makeAdapter, type SandboxMode } from '.../sandboxing';
|
|
8
|
+
*
|
|
9
|
+
* The concrete adapters live in sibling files; this index wires the
|
|
10
|
+
* lookup table without forcing a circular import between the
|
|
11
|
+
* interface (`adapter.ts`) and the implementations.
|
|
12
|
+
*/
|
|
13
|
+
import { BubblewrapSandboxAdapter } from './bubblewrap.js';
|
|
14
|
+
import { NoneSandboxAdapter } from './none.js';
|
|
15
|
+
import { SeatbeltSandboxAdapter } from './seatbelt.js';
|
|
16
|
+
export { BubblewrapSandboxAdapter } from './bubblewrap.js';
|
|
17
|
+
export { NoneSandboxAdapter } from './none.js';
|
|
18
|
+
export { SeatbeltSandboxAdapter } from './seatbelt.js';
|
|
19
|
+
export { SANDBOX_DISABLE_ENV, defaultSecretDirs, isSandboxDisabled, resolveNetworkAllowance, } from './policy.js';
|
|
20
|
+
/**
|
|
21
|
+
* Resolve a sandbox adapter from a configured mode. Throws for
|
|
22
|
+
* `docker` (documented but not shipped in this PR) and for unknown
|
|
23
|
+
* modes (defends against forward-rolled settings.json files).
|
|
24
|
+
*/
|
|
25
|
+
export function makeAdapter(mode) {
|
|
26
|
+
switch (mode) {
|
|
27
|
+
case 'none':
|
|
28
|
+
return new NoneSandboxAdapter();
|
|
29
|
+
case 'macOS-seatbelt':
|
|
30
|
+
return new SeatbeltSandboxAdapter();
|
|
31
|
+
case 'bubblewrap':
|
|
32
|
+
return new BubblewrapSandboxAdapter();
|
|
33
|
+
case 'docker':
|
|
34
|
+
throw new Error('bash sandbox: docker mode is documented but not yet implemented. ' +
|
|
35
|
+
'Use bash.sandbox = "none", "macOS-seatbelt", or "bubblewrap" until the docker adapter ships.');
|
|
36
|
+
default: {
|
|
37
|
+
const exhaustive = mode;
|
|
38
|
+
throw new Error(`bash sandbox: unknown mode "${String(exhaustive)}"`);
|
|
39
|
+
}
|
|
40
|
+
}
|
|
41
|
+
}
|
|
42
|
+
/**
|
|
43
|
+
* Auto-detect the platform-appropriate sandbox mechanism. Returns:
|
|
44
|
+
*
|
|
45
|
+
* - `'macOS-seatbelt'` on darwin
|
|
46
|
+
* - `'bubblewrap'` on linux (regardless of whether bwrap is
|
|
47
|
+
* installed; the probe surfaces the install hint if missing)
|
|
48
|
+
* - `'none'` on every other platform (windows, freebsd, etc.)
|
|
49
|
+
*
|
|
50
|
+
* Callers that prefer explicit selection should read
|
|
51
|
+
* `.pugi/settings.json::bash.sandbox` directly. This helper exists
|
|
52
|
+
* for the bash tool's "no settings configured" path so the strongest
|
|
53
|
+
* available mechanism applies by default.
|
|
54
|
+
*/
|
|
55
|
+
export function detectDefaultMode() {
|
|
56
|
+
if (process.platform === 'darwin')
|
|
57
|
+
return 'macOS-seatbelt';
|
|
58
|
+
if (process.platform === 'linux')
|
|
59
|
+
return 'bubblewrap';
|
|
60
|
+
return 'none';
|
|
61
|
+
}
|
|
62
|
+
/**
|
|
63
|
+
* Convenience: probe the configured mode without spawning anything.
|
|
64
|
+
* Used by `pugi doctor` so the sandbox probe can report the same
|
|
65
|
+
* armed state the bash runner would see.
|
|
66
|
+
*/
|
|
67
|
+
export function probeSandbox(opts) {
|
|
68
|
+
const adapter = makeAdapter(opts.mode);
|
|
69
|
+
return adapter.probe({
|
|
70
|
+
workspaceRoot: opts.workspaceRoot,
|
|
71
|
+
...(opts.extraWritePaths ? { extraWritePaths: opts.extraWritePaths } : {}),
|
|
72
|
+
...(opts.extraReadPaths ? { extraReadPaths: opts.extraReadPaths } : {}),
|
|
73
|
+
...(opts.posture ? { posture: opts.posture } : {}),
|
|
74
|
+
...(opts.allowNetwork !== undefined ? { allowNetwork: opts.allowNetwork } : {}),
|
|
75
|
+
...(opts.homedir ? { homedir: opts.homedir } : {}),
|
|
76
|
+
});
|
|
77
|
+
}
|
|
78
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
export class NoneSandboxAdapter {
|
|
2
|
+
mode = 'none';
|
|
3
|
+
probe(_opts) {
|
|
4
|
+
return {
|
|
5
|
+
mode: 'none',
|
|
6
|
+
armed: false,
|
|
7
|
+
reason: "policy 'none' selected — bash dispatches run unsandboxed (classifier + permission FSM still apply).",
|
|
8
|
+
details: ['mode: none (passthrough)', 'enforcement: bash classifier + permission FSM only'],
|
|
9
|
+
};
|
|
10
|
+
}
|
|
11
|
+
wrap(cmd, _opts) {
|
|
12
|
+
return {
|
|
13
|
+
command: cmd.command,
|
|
14
|
+
args: cmd.args,
|
|
15
|
+
description: 'sandbox: none (passthrough)',
|
|
16
|
+
};
|
|
17
|
+
}
|
|
18
|
+
}
|
|
19
|
+
//# sourceMappingURL=none.js.map
|