@pugi/cli 0.1.0-beta.10 → 0.1.0-beta.101

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (464) hide show
  1. package/CHANGELOG.md +132 -0
  2. package/LICENSE +1 -1
  3. package/README.md +55 -11
  4. package/assets/pugi-prozr2-mascot.ansi +9 -0
  5. package/bin/run.js +33 -1
  6. package/dist/commands/deploy.js +40 -40
  7. package/dist/commands/flatten.js +191 -0
  8. package/dist/commands/jobs-watch.js +201 -0
  9. package/dist/commands/jobs.js +42 -27
  10. package/dist/commands/retro.js +210 -0
  11. package/dist/commands/smoke.js +133 -0
  12. package/dist/core/agent-progress/cleanup.js +134 -0
  13. package/dist/core/agent-progress/schema.js +144 -0
  14. package/dist/core/agent-progress/writer.js +101 -0
  15. package/dist/core/agents/adaptive-router.js +330 -0
  16. package/dist/core/agents/query-decomposer.js +297 -0
  17. package/dist/core/agents/registry.js +3 -3
  18. package/dist/core/approvals/shortcut-resolver.js +98 -0
  19. package/dist/core/artifact-chain/dispatcher.js +148 -0
  20. package/dist/core/artifact-chain/exporter.js +164 -0
  21. package/dist/core/artifact-chain/state.js +243 -0
  22. package/dist/core/artifact-chain/steps.js +169 -0
  23. package/dist/core/ask-user/question.js +92 -0
  24. package/dist/core/audit/audit-trail.js +275 -0
  25. package/dist/core/auth/ensure-authenticated.js +129 -0
  26. package/dist/core/auth/env-provider.js +238 -0
  27. package/dist/core/auto-open-browser.js +4 -4
  28. package/dist/core/auto-update/channels.js +122 -0
  29. package/dist/core/auto-update/checker.js +241 -0
  30. package/dist/core/auto-update/state.js +235 -0
  31. package/dist/core/bare-mode/index.js +107 -0
  32. package/dist/core/bash/redirect.js +281 -0
  33. package/dist/core/bash-classifier.js +436 -40
  34. package/dist/core/checkpoint/resumer.js +149 -0
  35. package/dist/core/checkpoint/rewinder.js +291 -0
  36. package/dist/core/checkpoints/shadow-git.js +670 -0
  37. package/dist/core/citations/parser.js +109 -0
  38. package/dist/core/classifier/yolo-classifier.js +88 -0
  39. package/dist/core/codegraph/db.js +506 -0
  40. package/dist/core/codegraph/decision-store.js +248 -0
  41. package/dist/core/codegraph/detect-repo.js +459 -0
  42. package/dist/core/codegraph/install.js +134 -0
  43. package/dist/core/codegraph/offer-hook.js +220 -0
  44. package/dist/core/codegraph/parser.js +598 -0
  45. package/dist/core/codegraph/queries/go.scm +57 -0
  46. package/dist/core/codegraph/queries/javascript.scm +56 -0
  47. package/dist/core/codegraph/queries/python.scm +55 -0
  48. package/dist/core/codegraph/queries/rust.scm +63 -0
  49. package/dist/core/codegraph/queries/typescript.scm +91 -0
  50. package/dist/core/codegraph/reindex.js +218 -0
  51. package/dist/core/codegraph/resolve-edges.js +107 -0
  52. package/dist/core/codegraph/types.js +34 -0
  53. package/dist/core/codegraph/watcher.js +440 -0
  54. package/dist/core/compact/auto-trigger.js +96 -0
  55. package/dist/core/compact/buffer-rewriter.js +115 -0
  56. package/dist/core/compact/summarizer.js +208 -0
  57. package/dist/core/compact/token-counter.js +108 -0
  58. package/dist/core/consensus/anvil-fanout.js +25 -25
  59. package/dist/core/consensus/diff-capture.js +121 -12
  60. package/dist/core/consensus/rubric.js +21 -21
  61. package/dist/core/context/builder.js +6 -6
  62. package/dist/core/context/compaction-events.js +8 -8
  63. package/dist/core/context/compaction.js +31 -31
  64. package/dist/core/context/index.js +15 -8
  65. package/dist/core/context/invariants.js +51 -51
  66. package/dist/core/context/markdown-loader.js +28 -10
  67. package/dist/core/context/markdown-traverse.js +255 -0
  68. package/dist/core/context/pugiignore.js +41 -41
  69. package/dist/core/context/repo-skeleton.js +37 -37
  70. package/dist/core/context/tool-eviction.js +55 -0
  71. package/dist/core/context/watcher.js +32 -32
  72. package/dist/core/context/working-set.js +23 -23
  73. package/dist/core/coordinator/agent-tools.js +77 -0
  74. package/dist/core/coordinator/agent-toolset.js +65 -0
  75. package/dist/core/coordinator/fsm.js +73 -0
  76. package/dist/core/coordinator/mode-fsm.js +70 -0
  77. package/dist/core/cost/rate-card.js +129 -0
  78. package/dist/core/cost/tracker.js +221 -0
  79. package/dist/core/credentials.js +13 -13
  80. package/dist/core/cron/scheduler.js +138 -0
  81. package/dist/core/denial-tracking/index.js +8 -0
  82. package/dist/core/denial-tracking/state.js +264 -0
  83. package/dist/core/diagnostics/probe-runner.js +93 -0
  84. package/dist/core/diagnostics/probes/api.js +46 -0
  85. package/dist/core/diagnostics/probes/auth.js +93 -0
  86. package/dist/core/diagnostics/probes/bare-mode.js +42 -0
  87. package/dist/core/diagnostics/probes/cli-version.js +127 -0
  88. package/dist/core/diagnostics/probes/config.js +72 -0
  89. package/dist/core/diagnostics/probes/denial-tracking.js +57 -0
  90. package/dist/core/diagnostics/probes/disk.js +81 -0
  91. package/dist/core/diagnostics/probes/engine-live.js +46 -0
  92. package/dist/core/diagnostics/probes/git.js +65 -0
  93. package/dist/core/diagnostics/probes/hooks.js +118 -0
  94. package/dist/core/diagnostics/probes/mcp.js +75 -0
  95. package/dist/core/diagnostics/probes/node.js +59 -0
  96. package/dist/core/diagnostics/probes/pnpm.js +36 -0
  97. package/dist/core/diagnostics/probes/pugi-md.js +89 -0
  98. package/dist/core/diagnostics/probes/sandbox.js +67 -0
  99. package/dist/core/diagnostics/probes/session.js +74 -0
  100. package/dist/core/diagnostics/probes/status-snapshot.js +488 -0
  101. package/dist/core/diagnostics/probes/workspace.js +63 -0
  102. package/dist/core/diagnostics/types.js +70 -0
  103. package/dist/core/dispatch/cache-cleanup.js +197 -0
  104. package/dist/core/dispatch/cache-handoff.js +295 -0
  105. package/dist/core/edits/apply-patch-layer-e.js +189 -0
  106. package/dist/core/edits/dispatch.js +333 -7
  107. package/dist/core/edits/format-detector.js +260 -0
  108. package/dist/core/edits/format-matrix.js +26 -0
  109. package/dist/core/edits/fuzzy-ladder.js +650 -0
  110. package/dist/core/edits/index.js +5 -1
  111. package/dist/core/edits/journal.js +199 -0
  112. package/dist/core/edits/layer-a-apply.js +15 -15
  113. package/dist/core/edits/layer-a-fuzzy-apply.js +198 -0
  114. package/dist/core/edits/layer-b-apply.js +9 -9
  115. package/dist/core/edits/layer-c-apply.js +6 -6
  116. package/dist/core/edits/layer-d-ast.js +557 -14
  117. package/dist/core/edits/marker-parser.js +12 -12
  118. package/dist/core/edits/security-gate.js +27 -27
  119. package/dist/core/edits/verify-hook.js +273 -0
  120. package/dist/core/edits/worktree.js +29 -29
  121. package/dist/core/engine/anvil-client.js +214 -26
  122. package/dist/core/engine/auto-compact.js +247 -0
  123. package/dist/core/engine/budgets.js +220 -0
  124. package/dist/core/engine/compact-llm-summarizer.js +124 -0
  125. package/dist/core/engine/context-prefix.js +155 -0
  126. package/dist/core/engine/index.js +1 -1
  127. package/dist/core/engine/intensity.js +163 -0
  128. package/dist/core/engine/intent.js +260 -0
  129. package/dist/core/engine/native-pugi.js +1559 -227
  130. package/dist/core/engine/prompts.js +219 -19
  131. package/dist/core/engine/strip-internal-fields.js +124 -0
  132. package/dist/core/engine/tool-bridge.js +1887 -59
  133. package/dist/core/engine/verification-patterns.js +195 -0
  134. package/dist/core/eval/v1/ledger.js +83 -0
  135. package/dist/core/eval/v1/runner.js +280 -0
  136. package/dist/core/eval/v1/scoring.js +68 -0
  137. package/dist/core/eval/v1/task-loader.js +191 -0
  138. package/dist/core/eval/v1/types.js +14 -0
  139. package/dist/core/eval/v1/verifier.js +176 -0
  140. package/dist/core/eval/v1/yaml-parser.js +250 -0
  141. package/dist/core/evaluation/golden-dataset.js +293 -0
  142. package/dist/core/feedback/queue.js +177 -0
  143. package/dist/core/feedback/submitter.js +145 -0
  144. package/dist/core/file-cache.js +113 -1
  145. package/dist/core/flatten/flatten-repo.js +439 -0
  146. package/dist/core/format/osc8-link.js +28 -0
  147. package/dist/core/hook-chains.js +392 -0
  148. package/dist/core/hooks/citation-verify-hook.js +138 -0
  149. package/dist/core/hooks/citation-verify.js +112 -0
  150. package/dist/core/hooks/events.js +46 -0
  151. package/dist/core/hooks/index.js +15 -0
  152. package/dist/core/hooks/registry.js +216 -0
  153. package/dist/core/hooks/runner.js +236 -0
  154. package/dist/core/hooks/v2/event-emitter.js +115 -0
  155. package/dist/core/hooks/v2/executor.js +282 -0
  156. package/dist/core/hooks/v2/index.js +25 -0
  157. package/dist/core/hooks/v2/lifecycle.js +104 -0
  158. package/dist/core/hooks/v2/loader.js +216 -0
  159. package/dist/core/hooks/v2/matcher.js +125 -0
  160. package/dist/core/hooks/v2/trust.js +143 -0
  161. package/dist/core/hooks/v2/types.js +86 -0
  162. package/dist/core/hooks/worktree-events.js +158 -0
  163. package/dist/core/image/renderer.js +71 -0
  164. package/dist/core/init/detector.js +582 -0
  165. package/dist/core/init/template-renderer.js +242 -0
  166. package/dist/core/jobs/registry.js +18 -18
  167. package/dist/core/ledger/results-tsv.js +142 -0
  168. package/dist/core/log-discipline/stdout-redirect.js +51 -0
  169. package/dist/core/lsp/cache.js +105 -0
  170. package/dist/core/lsp/client.js +551 -41
  171. package/dist/core/lsp/language-detect.js +66 -0
  172. package/dist/core/lsp/post-edit-diagnostics.js +171 -0
  173. package/dist/core/lsp/server-detect.js +173 -0
  174. package/dist/core/lsp/symbol-cache.js +162 -0
  175. package/dist/core/lsp/symbol-tools.js +664 -0
  176. package/dist/core/mcp/client.js +97 -28
  177. package/dist/core/mcp/http-server.js +553 -0
  178. package/dist/core/mcp/orchestrator-config.js +192 -0
  179. package/dist/core/mcp/orchestrator-tools.js +806 -0
  180. package/dist/core/mcp/permission.js +190 -0
  181. package/dist/core/mcp/registry.js +39 -17
  182. package/dist/core/mcp/server-tools.js +219 -0
  183. package/dist/core/mcp/server.js +397 -0
  184. package/dist/core/mcp/trust.js +10 -10
  185. package/dist/core/memory/dual-write.js +416 -0
  186. package/dist/core/memory/passive-extract.js +130 -0
  187. package/dist/core/memory/phase1-kinds.js +20 -0
  188. package/dist/core/memory/secret-scanner.js +304 -0
  189. package/dist/core/memory-sync/queue.js +170 -0
  190. package/dist/core/metrics/extract.js +113 -0
  191. package/dist/core/modes/roo-modes.js +68 -0
  192. package/dist/core/notes/notes-paths.js +113 -0
  193. package/dist/core/notes/notes-recorder.js +140 -0
  194. package/dist/core/notes/notes-writer.js +53 -0
  195. package/dist/core/notes/renderers.js +0 -0
  196. package/dist/core/notes/slug.js +105 -0
  197. package/dist/core/onboarding/ensure-initialized.js +133 -0
  198. package/dist/core/onboarding/marker.js +111 -0
  199. package/dist/core/onboarding/telemetry-state.js +108 -0
  200. package/dist/core/output-style/presets.js +176 -0
  201. package/dist/core/output-style/state.js +185 -0
  202. package/dist/core/path-security.js +287 -5
  203. package/dist/core/permission.js +82 -22
  204. package/dist/core/permissions/auto-classifier.js +124 -0
  205. package/dist/core/permissions/bash-parser.js +371 -0
  206. package/dist/core/permissions/circuit-breaker.js +83 -0
  207. package/dist/core/permissions/constrained-edit.js +91 -0
  208. package/dist/core/permissions/gate.js +278 -0
  209. package/dist/core/permissions/index.js +20 -0
  210. package/dist/core/permissions/mode.js +174 -0
  211. package/dist/core/permissions/network-egress.js +137 -0
  212. package/dist/core/permissions/state.js +241 -0
  213. package/dist/core/permissions/tool-class.js +107 -0
  214. package/dist/core/plan-mode/ui-state.js +51 -0
  215. package/dist/core/plans/plan-artifact.js +721 -0
  216. package/dist/core/policy-limits/etag-store.js +122 -0
  217. package/dist/core/prd-check/parser.js +215 -0
  218. package/dist/core/prd-check/reporter.js +127 -0
  219. package/dist/core/prd-check/session-review.js +557 -0
  220. package/dist/core/prd-check/verifiers.js +223 -0
  221. package/dist/core/prompt-cache/client-cache.js +99 -0
  222. package/dist/core/prompts/assembly.js +29 -0
  223. package/dist/core/prompts/registry.js +364 -0
  224. package/dist/core/pugi-gitignore.js +52 -0
  225. package/dist/core/pugi-md/cc-compat-rules.js +735 -0
  226. package/dist/core/pugi-md/context-injector.js +76 -0
  227. package/dist/core/pugi-md/walk-up.js +207 -0
  228. package/dist/core/python/uv-installer.js +270 -0
  229. package/dist/core/python/uv-resolver.js +83 -0
  230. package/dist/core/rate-limit/narrator.js +146 -0
  231. package/dist/core/recipes/cli-types.js +20 -0
  232. package/dist/core/recipes/loader.js +103 -0
  233. package/dist/core/recipes/runner.js +345 -0
  234. package/dist/core/recipes/schema.js +587 -0
  235. package/dist/core/release-notes/parser.js +241 -0
  236. package/dist/core/release-notes/state.js +116 -0
  237. package/dist/core/repl/ask.js +37 -37
  238. package/dist/core/repl/cancellation.js +26 -26
  239. package/dist/core/repl/cap-warning.js +4 -4
  240. package/dist/core/repl/clipboard-read.js +11 -11
  241. package/dist/core/repl/dispatch-fsm.js +12 -12
  242. package/dist/core/repl/engine-bridge.js +303 -0
  243. package/dist/core/repl/history-search.js +15 -15
  244. package/dist/core/repl/history.js +28 -18
  245. package/dist/core/repl/kill-ring.js +5 -5
  246. package/dist/core/repl/model-pricing.js +135 -0
  247. package/dist/core/repl/privacy-banner.js +22 -22
  248. package/dist/core/repl/session.js +2690 -229
  249. package/dist/core/repl/slash-commands.js +540 -41
  250. package/dist/core/repl/store/index.js +1 -1
  251. package/dist/core/repl/store/jsonl-log.js +22 -22
  252. package/dist/core/repl/store/lockfile.js +10 -10
  253. package/dist/core/repl/store/session-store.js +136 -107
  254. package/dist/core/repl/store/types.js +15 -15
  255. package/dist/core/repl/store/uuid-v7.js +12 -12
  256. package/dist/core/repl/tool-route.js +382 -0
  257. package/dist/core/repl/workspace-context.js +43 -21
  258. package/dist/core/repo-map/build.js +125 -0
  259. package/dist/core/repo-map/cache.js +185 -0
  260. package/dist/core/repo-map/extractor.js +254 -0
  261. package/dist/core/repo-map/formatter.js +145 -0
  262. package/dist/core/repo-map/page-rank.js +105 -0
  263. package/dist/core/repo-map/scanner.js +211 -0
  264. package/dist/core/retro/git-collector.js +251 -0
  265. package/dist/core/retro/health-card.js +25 -0
  266. package/dist/core/retro/metrics.js +342 -0
  267. package/dist/core/retro/narrative.js +249 -0
  268. package/dist/core/retro/plane-collector.js +274 -0
  269. package/dist/core/retro/pr-issue-link.js +65 -0
  270. package/dist/core/retro/types.js +16 -0
  271. package/dist/core/retry-budget/budget.js +284 -0
  272. package/dist/core/retry-budget/index.js +5 -0
  273. package/dist/core/retry-budget/retry-cap.js +74 -0
  274. package/dist/core/routing/lead-worker.js +43 -0
  275. package/dist/core/routing/pre-flight-estimator.js +108 -0
  276. package/dist/core/runs/run-tree.js +103 -0
  277. package/dist/core/sandboxing/adapter.js +43 -0
  278. package/dist/core/sandboxing/bubblewrap.js +209 -0
  279. package/dist/core/sandboxing/index.js +78 -0
  280. package/dist/core/sandboxing/none.js +19 -0
  281. package/dist/core/sandboxing/policy.js +97 -0
  282. package/dist/core/sandboxing/seatbelt.js +231 -0
  283. package/dist/core/security/injection-scanner.js +367 -0
  284. package/dist/core/security/output-filter.js +418 -0
  285. package/dist/core/session/env-file.js +105 -0
  286. package/dist/core/session/section-budgets.js +140 -0
  287. package/dist/core/session.js +119 -0
  288. package/dist/core/settings.js +402 -5
  289. package/dist/core/share/formatter.js +271 -0
  290. package/dist/core/share/redactor.js +221 -0
  291. package/dist/core/share/uploader.js +267 -0
  292. package/dist/core/skills/defaults.js +30 -30
  293. package/dist/core/skills/loader.js +22 -22
  294. package/dist/core/skills/sources.js +27 -27
  295. package/dist/core/smoke/headless-driver.js +174 -0
  296. package/dist/core/smoke/orchestrator.js +194 -0
  297. package/dist/core/smoke/runner.js +238 -0
  298. package/dist/core/smoke/scenario-parser.js +316 -0
  299. package/dist/core/statusline.js +99 -0
  300. package/dist/core/subagents/dispatcher-real.js +600 -0
  301. package/dist/core/subagents/dispatcher.js +146 -52
  302. package/dist/core/subagents/index.js +19 -6
  303. package/dist/core/subagents/isolation-matrix.js +213 -0
  304. package/dist/core/subagents/spawn.js +19 -4
  305. package/dist/core/telemetry/emitter.js +229 -0
  306. package/dist/core/telemetry/queue.js +251 -0
  307. package/dist/core/theme/context.js +91 -0
  308. package/dist/core/theme/presets.js +228 -0
  309. package/dist/core/theme/state.js +181 -0
  310. package/dist/core/todos/invariant.js +10 -0
  311. package/dist/core/todos/state.js +177 -0
  312. package/dist/core/tool-schema/compressor.js +89 -0
  313. package/dist/core/transport/version-interceptor.js +166 -0
  314. package/dist/core/trust.js +2 -2
  315. package/dist/core/tui/thinking-block.js +64 -0
  316. package/dist/core/vim/keymap.js +288 -0
  317. package/dist/core/vim/state.js +92 -0
  318. package/dist/core/watch-markers/marker-watcher.js +133 -0
  319. package/dist/core/worktree/include-parser.js +249 -0
  320. package/dist/core/worktree-manager/cleanup.js +123 -0
  321. package/dist/core/worktree-manager/manager.js +303 -0
  322. package/dist/index.js +36 -0
  323. package/dist/runtime/bootstrap.js +190 -0
  324. package/dist/runtime/cli.js +4403 -561
  325. package/dist/runtime/commands/agents.js +31 -31
  326. package/dist/runtime/commands/budget.js +5 -5
  327. package/dist/runtime/commands/cancel.js +231 -0
  328. package/dist/runtime/commands/chain.js +489 -0
  329. package/dist/runtime/commands/codegraph-status.js +227 -0
  330. package/dist/runtime/commands/compact.js +297 -0
  331. package/dist/runtime/commands/config.js +74 -40
  332. package/dist/runtime/commands/cost.js +199 -0
  333. package/dist/runtime/commands/delegate.js +27 -4
  334. package/dist/runtime/commands/dispatch.js +126 -0
  335. package/dist/runtime/commands/doctor.js +579 -0
  336. package/dist/runtime/commands/eval-v1.js +266 -0
  337. package/dist/runtime/commands/feedback.js +184 -0
  338. package/dist/runtime/commands/hooks.js +187 -0
  339. package/dist/runtime/commands/index-cmd.js +459 -0
  340. package/dist/runtime/commands/init.js +254 -0
  341. package/dist/runtime/commands/lsp.js +200 -38
  342. package/dist/runtime/commands/mcp.js +935 -0
  343. package/dist/runtime/commands/memory.js +582 -0
  344. package/dist/runtime/commands/model.js +237 -0
  345. package/dist/runtime/commands/onboarding.js +275 -0
  346. package/dist/runtime/commands/patch.js +12 -12
  347. package/dist/runtime/commands/permissions.js +112 -0
  348. package/dist/runtime/commands/plan.js +143 -0
  349. package/dist/runtime/commands/prd-check.js +285 -0
  350. package/dist/runtime/commands/privacy.js +17 -17
  351. package/dist/runtime/commands/recipe.js +325 -0
  352. package/dist/runtime/commands/redo-blob-store.js +92 -0
  353. package/dist/runtime/commands/redo.js +361 -0
  354. package/dist/runtime/commands/release-notes.js +229 -0
  355. package/dist/runtime/commands/repo-map.js +95 -0
  356. package/dist/runtime/commands/report.js +299 -0
  357. package/dist/runtime/commands/resume.js +118 -0
  358. package/dist/runtime/commands/review-consensus.js +68 -53
  359. package/dist/runtime/commands/rewind.js +333 -0
  360. package/dist/runtime/commands/roster.js +14 -14
  361. package/dist/runtime/commands/servers-cli.js +182 -0
  362. package/dist/runtime/commands/servers.js +236 -0
  363. package/dist/runtime/commands/sessions.js +163 -0
  364. package/dist/runtime/commands/share.js +316 -0
  365. package/dist/runtime/commands/skills.js +31 -31
  366. package/dist/runtime/commands/status.js +186 -0
  367. package/dist/runtime/commands/stickers.js +82 -0
  368. package/dist/runtime/commands/style.js +194 -0
  369. package/dist/runtime/commands/theme.js +196 -0
  370. package/dist/runtime/commands/undo.js +54 -22
  371. package/dist/runtime/commands/update.js +289 -0
  372. package/dist/runtime/commands/vim.js +140 -0
  373. package/dist/runtime/commands/worktree.js +8 -8
  374. package/dist/runtime/commands/worktrees.js +155 -0
  375. package/dist/runtime/deprecation-warning.js +69 -0
  376. package/dist/runtime/engine-exit-code.js +50 -0
  377. package/dist/runtime/headless-repl.js +195 -0
  378. package/dist/runtime/headless.js +548 -0
  379. package/dist/runtime/load-hooks-or-exit.js +71 -0
  380. package/dist/runtime/plan-decompose.js +22 -22
  381. package/dist/runtime/sigint-guard.js +272 -0
  382. package/dist/runtime/stream-renderer.js +195 -0
  383. package/dist/runtime/update-check.js +28 -28
  384. package/dist/runtime/version.js +65 -0
  385. package/dist/runtime/worktree-bootstrap.js +579 -0
  386. package/dist/skills/bundled/batch.js +617 -0
  387. package/dist/skills/bundled/index.js +45 -0
  388. package/dist/skills/bundled/loop.js +358 -0
  389. package/dist/skills/bundled/remember.js +383 -0
  390. package/dist/skills/bundled/simplify.js +289 -0
  391. package/dist/skills/bundled/skillify.js +373 -0
  392. package/dist/skills/bundled/stuck.js +558 -0
  393. package/dist/skills/bundled/verify.js +439 -0
  394. package/dist/testing/vcr.js +486 -0
  395. package/dist/tools/agent-tool.js +229 -0
  396. package/dist/tools/apply-patch.js +89 -28
  397. package/dist/tools/ask-user-question.js +337 -0
  398. package/dist/tools/ask-user.js +115 -0
  399. package/dist/tools/bash.js +811 -49
  400. package/dist/tools/brief.js +224 -0
  401. package/dist/tools/cron.js +433 -0
  402. package/dist/tools/enter-worktree.js +250 -0
  403. package/dist/tools/exit-worktree.js +147 -0
  404. package/dist/tools/file-tools.js +161 -44
  405. package/dist/tools/http-request.js +336 -0
  406. package/dist/tools/lsp-tools.js +377 -1
  407. package/dist/tools/mcp-tool.js +260 -0
  408. package/dist/tools/multi-edit.js +361 -0
  409. package/dist/tools/powershell.js +268 -0
  410. package/dist/tools/registry.js +120 -5
  411. package/dist/tools/server-tools.js +892 -0
  412. package/dist/tools/skill-tool.js +96 -0
  413. package/dist/tools/sleep.js +99 -0
  414. package/dist/tools/synthetic-output.js +133 -0
  415. package/dist/tools/tasks.js +208 -0
  416. package/dist/tools/todo-write.js +184 -0
  417. package/dist/tools/verify-plan-execution.js +295 -0
  418. package/dist/tools/web-fetch-injection-scanner.js +207 -0
  419. package/dist/tools/web-fetch.js +195 -10
  420. package/dist/tools/web-search.js +458 -0
  421. package/dist/tui/agent-progress-card.js +111 -0
  422. package/dist/tui/agent-tree.js +22 -1
  423. package/dist/tui/ask-modal.js +14 -14
  424. package/dist/tui/ask-user-question-chips.js +315 -0
  425. package/dist/tui/ask-user-question-prompt.js +203 -0
  426. package/dist/tui/compact-banner.js +81 -0
  427. package/dist/tui/conversation-pane.js +85 -11
  428. package/dist/tui/cost-table.js +111 -0
  429. package/dist/tui/device-flow.js +2 -2
  430. package/dist/tui/doctor-table.js +46 -0
  431. package/dist/tui/feedback-prompt.js +156 -0
  432. package/dist/tui/input-box.js +247 -32
  433. package/dist/tui/login-picker.js +3 -3
  434. package/dist/tui/markdown-render.js +6 -6
  435. package/dist/tui/multi-file-diff-approval.js +375 -0
  436. package/dist/tui/onboarding-wizard.js +240 -0
  437. package/dist/tui/permissions-picker.js +86 -0
  438. package/dist/tui/render.js +36 -1
  439. package/dist/tui/repl-render.js +239 -25
  440. package/dist/tui/repl-splash-art.js +16 -16
  441. package/dist/tui/repl-splash-mascot.js +48 -24
  442. package/dist/tui/repl-splash.js +22 -22
  443. package/dist/tui/repl.js +125 -45
  444. package/dist/tui/slash-palette.js +6 -6
  445. package/dist/tui/splash.js +2 -2
  446. package/dist/tui/status-bar.js +109 -31
  447. package/dist/tui/status-table.js +7 -0
  448. package/dist/tui/stickers-art.js +136 -0
  449. package/dist/tui/style-table.js +28 -0
  450. package/dist/tui/theme-table.js +29 -0
  451. package/dist/tui/thinking-spinner.js +123 -0
  452. package/dist/tui/tool-stream-pane.js +53 -4
  453. package/dist/tui/update-banner.js +27 -2
  454. package/dist/tui/vim-input.js +267 -0
  455. package/dist/tui/welcome-banner.js +107 -0
  456. package/dist/tui/welcome-data.js +293 -0
  457. package/dist/tui/workspace-context.js +2 -2
  458. package/package.json +29 -6
  459. package/test/scenarios/codegen-create-file.scenario.txt +13 -0
  460. package/test/scenarios/compact-force.scenario.txt +12 -0
  461. package/test/scenarios/identity.scenario.txt +11 -0
  462. package/test/scenarios/persona-handoff.scenario.txt +12 -0
  463. package/test/scenarios/walkback.scenario.txt +12 -0
  464. package/dist/core/engine/compaction-hook.js +0 -154
@@ -0,0 +1,74 @@
1
+ const DEFAULT_CAP = 3;
2
+ const DEFAULT_RESET_AFTER_MS = 300_000;
3
+ export function createRetryBudget(options = {}) {
4
+ const cap = normalizePositiveInteger(options.cap, DEFAULT_CAP);
5
+ const resetAfterMs = normalizeNonNegativeInteger(options.resetAfterMs, DEFAULT_RESET_AFTER_MS);
6
+ const states = new Map();
7
+ function clone(state) {
8
+ return { ...state };
9
+ }
10
+ function getFreshState(operationKey, now = Date.now()) {
11
+ const state = states.get(operationKey);
12
+ if (!state)
13
+ return null;
14
+ if (now - state.lastAttemptAt >= resetAfterMs) {
15
+ states.delete(operationKey);
16
+ return null;
17
+ }
18
+ return state;
19
+ }
20
+ return {
21
+ record(operationKey) {
22
+ const now = Date.now();
23
+ const existing = getFreshState(operationKey, now);
24
+ const attempts = (existing?.attempts ?? 0) + 1;
25
+ const next = {
26
+ operationKey,
27
+ attempts,
28
+ firstAttemptAt: existing?.firstAttemptAt ?? now,
29
+ lastAttemptAt: now,
30
+ exhausted: attempts >= cap,
31
+ };
32
+ states.set(operationKey, next);
33
+ return clone(next);
34
+ },
35
+ reset(operationKey) {
36
+ states.delete(operationKey);
37
+ },
38
+ isExhausted(operationKey) {
39
+ return getFreshState(operationKey)?.exhausted ?? false;
40
+ },
41
+ getState(operationKey) {
42
+ const state = getFreshState(operationKey);
43
+ return state ? clone(state) : null;
44
+ },
45
+ };
46
+ }
47
+ export function validatePromptWordCount(text, opts) {
48
+ const words = countWords(text);
49
+ const chars = text.length;
50
+ if (opts.min !== undefined && words < opts.min) {
51
+ return { valid: false, words, chars, reason: 'too-short' };
52
+ }
53
+ if (opts.max !== undefined && words > opts.max) {
54
+ return { valid: false, words, chars, reason: 'too-long' };
55
+ }
56
+ return { valid: true, words, chars };
57
+ }
58
+ function countWords(text) {
59
+ const trimmed = text.trim();
60
+ if (trimmed.length === 0)
61
+ return 0;
62
+ return trimmed.split(/\s+/).length;
63
+ }
64
+ function normalizePositiveInteger(value, fallback) {
65
+ if (value === undefined || !Number.isFinite(value))
66
+ return fallback;
67
+ return Math.max(1, Math.floor(value));
68
+ }
69
+ function normalizeNonNegativeInteger(value, fallback) {
70
+ if (value === undefined || !Number.isFinite(value))
71
+ return fallback;
72
+ return Math.max(0, Math.floor(value));
73
+ }
74
+ //# sourceMappingURL=retry-cap.js.map
@@ -0,0 +1,43 @@
1
+ export function assignRoles(opts) {
2
+ let hasAssignedWriteLead = false;
3
+ return opts.steps.map((step) => {
4
+ const role = assignRole(step, hasAssignedWriteLead);
5
+ if (step.intent === 'write' && role.role === 'lead') {
6
+ hasAssignedWriteLead = true;
7
+ }
8
+ return {
9
+ step: step.id,
10
+ role: role.role,
11
+ model: role.role === 'lead' ? opts.leadModel : opts.workerModel,
12
+ reason: role.reason,
13
+ };
14
+ });
15
+ }
16
+ function assignRole(step, hasAssignedWriteLead) {
17
+ if (step.intent === 'plan') {
18
+ return { role: 'lead', reason: 'planning step requires lead orchestration' };
19
+ }
20
+ if (hasLeadHeuristic(step.id)) {
21
+ return { role: 'lead', reason: 'step id indicates planning or orchestration' };
22
+ }
23
+ if (step.intent === 'write' && !hasAssignedWriteLead) {
24
+ return { role: 'lead', reason: 'first write step needs lead architecture' };
25
+ }
26
+ if (step.intent === 'write') {
27
+ return { role: 'worker', reason: 'subsequent write step is bulk execution' };
28
+ }
29
+ if (step.intent === 'read' || step.intent === 'verify') {
30
+ return { role: 'worker', reason: 'read and verify steps are worker execution' };
31
+ }
32
+ if (step.intent === 'explain') {
33
+ return { role: 'worker', reason: 'explanation step can run on worker model' };
34
+ }
35
+ return { role: 'lead', reason: 'unknown intent defaults to lead defensively' };
36
+ }
37
+ function hasLeadHeuristic(stepId) {
38
+ const normalized = stepId.toLowerCase();
39
+ return (normalized.includes('plan') ||
40
+ normalized.includes('design') ||
41
+ normalized.includes('orchestrate'));
42
+ }
43
+ //# sourceMappingURL=lead-worker.js.map
@@ -0,0 +1,108 @@
1
+ /**
2
+ * Pre-flight token estimator — external tokenEstimation port,
3
+ * adapted for Anvil's 3-tier routing.
4
+ *
5
+ * The auto-compact gate counts tokens AFTER a turn lands. This module
6
+ * runs BEFORE the request leaves the CLI so the router can pick the
7
+ * cheapest pool that still fits. Three pools exist:
8
+ *
9
+ * cheap → DeepSeek V4-Pro / Cerebras Qwen3-Coder (128k-256k window)
10
+ * mid → Anthropic Sonnet 4.6 / GPT-5 (200k window, 2-3× cheap-pool cost)
11
+ * long → Kimi K2.6 / Gemini 2.5 Pro (1M window, 5-10× cheap-pool cost)
12
+ *
13
+ * The estimator is intentionally synchronous, pure, and free of I/O so
14
+ * the call site can run it inside a render loop without yielding to
15
+ * the event loop. The token approximation reuses the existing
16
+ * char-per-token heuristic from `core/compact/token-counter.ts` (4 chars
17
+ * ≈ 1 token, biased high). No tiktoken dependency added.
18
+ */
19
+ import { estimateTokens } from '../compact/token-counter.js';
20
+ /**
21
+ * Default tier ceilings tuned для Anvil 2026-06 routing matrix.
22
+ * cheap-pool models (DeepSeek/Cerebras) hard-cap at 100k effective input.
23
+ * mid-pool (Sonnet/GPT-5) safe through 180k.
24
+ * long-pool (Kimi/Gemini-Pro) accepts к 900k.
25
+ *
26
+ * The numbers stay below the nominal context window к leave room for
27
+ * output tokens, тек streaming overhead, and tokenizer skew.
28
+ */
29
+ const DEFAULT_CHEAP_MAX = 100_000;
30
+ const DEFAULT_MID_MAX = 180_000;
31
+ const DEFAULT_LONG_MAX = 900_000;
32
+ const DEFAULT_OUTPUT_BUFFER = 4_096;
33
+ export function estimatePreFlight(input, options = {}) {
34
+ const cheapMax = options.cheapTierMaxInput ?? DEFAULT_CHEAP_MAX;
35
+ const midMax = options.midTierMaxInput ?? DEFAULT_MID_MAX;
36
+ const longMax = options.longTierMaxInput ?? DEFAULT_LONG_MAX;
37
+ const outputBuffer = input.expectedOutputTokens
38
+ ?? options.outputBuffer
39
+ ?? DEFAULT_OUTPUT_BUFFER;
40
+ if (cheapMax <= 0 || midMax <= 0 || longMax <= 0) {
41
+ throw new RangeError('tier max values must be positive');
42
+ }
43
+ if (cheapMax > midMax || midMax > longMax) {
44
+ throw new RangeError('tier ceilings must be monotonic: cheap <= mid <= long');
45
+ }
46
+ if (outputBuffer < 0) {
47
+ throw new RangeError('outputBuffer must be >= 0');
48
+ }
49
+ const systemTokens = sumStrings(input.systemPrompt ? [input.systemPrompt] : []);
50
+ const dialogTokens = sumStrings(input.dialogHistory ?? []);
51
+ const ragTokens = sumStrings(input.ragContext ?? []);
52
+ const toolTokens = sumStrings(input.toolResults ?? []);
53
+ const userTokens = sumStrings(input.userMessage ? [input.userMessage] : []);
54
+ const inputTokens = systemTokens + dialogTokens + ragTokens + toolTokens + userTokens;
55
+ const totalTokens = inputTokens + outputBuffer;
56
+ const tier = pickTier(inputTokens, cheapMax, midMax);
57
+ const overLongTier = inputTokens > longMax;
58
+ return {
59
+ inputTokens,
60
+ outputBuffer,
61
+ totalTokens,
62
+ tier,
63
+ breakdown: {
64
+ systemPrompt: systemTokens,
65
+ dialogHistory: dialogTokens,
66
+ ragContext: ragTokens,
67
+ toolResults: toolTokens,
68
+ userMessage: userTokens,
69
+ },
70
+ overLongTier,
71
+ };
72
+ }
73
+ function sumStrings(parts) {
74
+ let total = 0;
75
+ for (const part of parts) {
76
+ total += estimateTokens(part);
77
+ }
78
+ return total;
79
+ }
80
+ function pickTier(inputTokens, cheapMax, midMax) {
81
+ if (inputTokens <= cheapMax)
82
+ return 'cheap';
83
+ if (inputTokens <= midMax)
84
+ return 'mid';
85
+ return 'long';
86
+ }
87
+ /**
88
+ * Human-readable explanation для CLI / TUI surfacing.
89
+ * The format is stable and may be parsed by the doctor command.
90
+ */
91
+ export function explainEstimate(estimate) {
92
+ const lines = [];
93
+ lines.push(`Input tokens: ${estimate.inputTokens.toLocaleString('en-US')}`);
94
+ lines.push(`Output buffer: ${estimate.outputBuffer.toLocaleString('en-US')}`);
95
+ lines.push(`Total: ${estimate.totalTokens.toLocaleString('en-US')}`);
96
+ lines.push(`Routing tier: ${estimate.tier}`);
97
+ if (estimate.overLongTier) {
98
+ lines.push('WARNING: input exceeds long-tier ceiling — request will likely fail');
99
+ }
100
+ lines.push('Breakdown:');
101
+ lines.push(` system prompt: ${estimate.breakdown.systemPrompt.toLocaleString('en-US')}`);
102
+ lines.push(` dialog: ${estimate.breakdown.dialogHistory.toLocaleString('en-US')}`);
103
+ lines.push(` rag: ${estimate.breakdown.ragContext.toLocaleString('en-US')}`);
104
+ lines.push(` tool results: ${estimate.breakdown.toolResults.toLocaleString('en-US')}`);
105
+ lines.push(` user message: ${estimate.breakdown.userMessage.toLocaleString('en-US')}`);
106
+ return lines.join('\n');
107
+ }
108
+ //# sourceMappingURL=pre-flight-estimator.js.map
@@ -0,0 +1,103 @@
1
+ /**
2
+ * Canonical `.pugi/runs/<id>/` artifact tree .
3
+ *
4
+ * Karpathy hn-time-capsule pattern: every Pugi execution produces a
5
+ * deterministic directory structure where downstream tooling (eval
6
+ * harness, leaderboard, replay, debugging) can find
7
+ * artifacts at predictable paths.
8
+ *
9
+ * Layout per run:
10
+ * .pugi/runs/<id>/
11
+ * meta.json — metadata: id, startedAt, finishedAt?, command, tier
12
+ * stdout.log — captured stdout (the engine writes it directly)
13
+ * stderr.log — captured stderr
14
+ * events.jsonl — structured event stream (NDJSON)
15
+ * metrics.json — final metrics summary (written at run end)
16
+ * artifacts/ — арbitrary file outputs (plans, diffs, exports)
17
+ *
18
+ * The `<id>` is `<ISO-timestamp>-<short-rand>` so runs sort
19
+ * chronologically when listed by directory order.
20
+ *
21
+ * This module only handles the directory + metadata primitive. Actual
22
+ * stream writing (stdout.log, events.jsonl) is the engine's job —
23
+ * we return paths so the engine knows where к write.
24
+ */
25
+ import { mkdir, writeFile, readFile, stat } from 'node:fs/promises';
26
+ import { randomBytes } from 'node:crypto';
27
+ import path from 'node:path';
28
+ export function generateRunId(now = new Date()) {
29
+ const iso = now.toISOString().replace(/[:.]/g, '-');
30
+ const rand = randomBytes(3).toString('hex');
31
+ return `${iso}-${rand}`;
32
+ }
33
+ export function resolveRunPaths(workspaceRoot, id) {
34
+ const root = path.join(workspaceRoot, '.pugi', 'runs', id);
35
+ return {
36
+ root,
37
+ meta: path.join(root, 'meta.json'),
38
+ stdout: path.join(root, 'stdout.log'),
39
+ stderr: path.join(root, 'stderr.log'),
40
+ events: path.join(root, 'events.jsonl'),
41
+ metrics: path.join(root, 'metrics.json'),
42
+ artifacts: path.join(root, 'artifacts'),
43
+ };
44
+ }
45
+ export async function createRun(options) {
46
+ if (!options.workspaceRoot) {
47
+ throw new TypeError('workspaceRoot is required');
48
+ }
49
+ const id = options.id ?? generateRunId();
50
+ if (!/^[A-Za-z0-9_.\-T:Z]+$/.test(id)) {
51
+ throw new RangeError(`invalid run id: ${id} (forbidden characters)`);
52
+ }
53
+ const paths = resolveRunPaths(options.workspaceRoot, id);
54
+ await mkdir(paths.artifacts, { recursive: true });
55
+ const meta = {
56
+ id,
57
+ startedAt: new Date().toISOString(),
58
+ };
59
+ if (options.command !== undefined)
60
+ meta.command = options.command;
61
+ if (options.tier !== undefined)
62
+ meta.tier = options.tier;
63
+ if (options.extra !== undefined)
64
+ meta.extra = options.extra;
65
+ await writeFile(paths.meta, JSON.stringify(meta, null, 2) + '\n');
66
+ return paths;
67
+ }
68
+ export async function readRunMetadata(paths) {
69
+ try {
70
+ const buf = await readFile(paths.meta, 'utf8');
71
+ return JSON.parse(buf);
72
+ }
73
+ catch {
74
+ return null;
75
+ }
76
+ }
77
+ export async function finalizeRun(paths, options = {}) {
78
+ const existing = await readRunMetadata(paths);
79
+ if (!existing) {
80
+ throw new Error(`run metadata missing at ${paths.meta}`);
81
+ }
82
+ const finished = {
83
+ ...existing,
84
+ finishedAt: new Date().toISOString(),
85
+ };
86
+ if (options.exitCode !== undefined) {
87
+ finished.exitCode = options.exitCode;
88
+ }
89
+ await writeFile(paths.meta, JSON.stringify(finished, null, 2) + '\n');
90
+ if (options.metrics !== undefined) {
91
+ await writeFile(paths.metrics, JSON.stringify(options.metrics, null, 2) + '\n');
92
+ }
93
+ }
94
+ export async function runExists(paths) {
95
+ try {
96
+ const stats = await stat(paths.root);
97
+ return stats.isDirectory();
98
+ }
99
+ catch {
100
+ return false;
101
+ }
102
+ }
103
+ //# sourceMappingURL=run-tree.js.map
@@ -0,0 +1,43 @@
1
+ /**
2
+ * Bash sandbox adapter interface (Trust Sprint item 6 + Phase 1 #302).
3
+ *
4
+ * Adapter pattern: a runner wraps the spawn invocation with an
5
+ * OS-level sandbox primitive. Today's variants:
6
+ *
7
+ * - none - passthrough (legacy behaviour, default).
8
+ * - macOS-seatbelt - /usr/bin/sandbox-exec with a workspace-scoped
9
+ * write allowlist + secret-dir deny list +
10
+ * posture-conditional network rule.
11
+ * - bubblewrap - Linux `bwrap` user-namespace jail with a
12
+ * read-only bind of /usr, /lib, /etc, a tmpfs at
13
+ * /tmp, and a writable bind for workspaceRoot.
14
+ * Posture toggles `--share-net`.
15
+ * - docker - Windows fallback (not shipped in this PR;
16
+ * schema accepts the keyword so a forward-rolled
17
+ * settings.json does not error).
18
+ *
19
+ * Mechanism x posture matrix:
20
+ *
21
+ * | mechanism | strict | lenient | off |
22
+ * | --------------- | ----------------------------------- | --------------------------------- | ------------ |
23
+ * | none | passthrough (mode wins) | passthrough (mode wins) | passthrough |
24
+ * | macOS-seatbelt | workspace writes + deny network | workspace writes + allow network | passthrough |
25
+ * | bubblewrap | workspace bind + deny network | workspace bind + allow network | passthrough |
26
+ * | docker | (not shipped) | (not shipped) | passthrough |
27
+ *
28
+ * Wired into `tools/bash.ts` at the `spawn`/`spawnSync` call sites
29
+ * (foreground async, foreground sync, background). The wrap fires
30
+ * AFTER the permission gate so a refused command never reaches the
31
+ * sandbox layer; if the adapter probe returns `armed=false` and the
32
+ * configured mechanism is non-`none`, the bash tool refuses
33
+ * fail-closed instead of silently degrading.
34
+ *
35
+ * Future: replace bubblewrap with native landlock bindings on Linux
36
+ * + job-object on Windows. The interface is stable, the adapters
37
+ * change.
38
+ */
39
+ export {};
40
+ // The `makeAdapter` resolver lives in `./index.ts` so it can import
41
+ // the concrete adapters via ESM without circular references. This
42
+ // file stays pure interfaces.
43
+ //# sourceMappingURL=adapter.js.map
@@ -0,0 +1,209 @@
1
+ /**
2
+ * Linux bubblewrap sandbox adapter (Phase 1 #302).
3
+ *
4
+ * Wraps bash command execution with `bwrap` (user-namespace jail).
5
+ * Policy posture:
6
+ *
7
+ * - Workspace root bound read+write at the same path inside the
8
+ * jail so cwd resolves identically for the child.
9
+ * - System dirs (/usr, /lib, /lib64, /bin, /sbin, /etc, /opt) bound
10
+ * read-only - dev toolchains and shared libraries reachable.
11
+ * - /tmp = tmpfs (fresh per-invocation), /proc + /dev mounted so
12
+ * standard syscalls work.
13
+ * - Secret dirs from the host (~/.ssh, ~/.aws, ~/.config/gh,
14
+ * ~/.gitconfig) are NOT bound at all - they vanish from the
15
+ * child's view. The deny is structural (no mount), not advisory.
16
+ * - Network: `--share-net` only when posture=`lenient` or
17
+ * `allowNetwork=true`. Strict drops it via `--unshare-all`
18
+ * (default + no override).
19
+ *
20
+ * Detection: `bwrap` must be on PATH. We probe via `bwrap --version`
21
+ * and treat any clean exit as proof the binary is callable. Operators
22
+ * on a host without bwrap see the install hint
23
+ * (`apt install bubblewrap` / `brew install bubblewrap`).
24
+ *
25
+ * Security note: bwrap requires either CAP_SYS_ADMIN or unprivileged
26
+ * user namespaces (kernel.unprivileged_userns_clone=1). Modern
27
+ * distros (Debian 11+, Ubuntu 22.04+, Fedora 35+, Arch) enable this
28
+ * by default. When the kernel rejects the bwrap invocation, the wrap
29
+ * succeeds but the spawn fails - the bash tool surfaces the child's
30
+ * stderr verbatim so the operator sees the kernel-side reason.
31
+ */
32
+ import { execFileSync } from 'node:child_process';
33
+ import { homedir } from 'node:os';
34
+ import { isAbsolute } from 'node:path';
35
+ import { defaultSecretDirs, resolveNetworkAllowance } from './policy.js';
36
+ const BWRAP_BINARY = 'bwrap';
37
+ /**
38
+ * Install hint surfaced when bwrap is missing from PATH. We tailor
39
+ * the hint to the most common Linux package managers; macOS users
40
+ * normally select `macOS-seatbelt`, not `bubblewrap`, so we still
41
+ * mention Homebrew for completeness.
42
+ */
43
+ const BWRAP_INSTALL_HINT = 'Install bwrap: `sudo apt install bubblewrap` (Debian/Ubuntu) or ' +
44
+ '`sudo dnf install bubblewrap` (Fedora/RHEL) or `brew install bubblewrap` (macOS Homebrew).';
45
+ export class BubblewrapSandboxAdapter {
46
+ mode = 'bubblewrap';
47
+ probe(opts) {
48
+ if (process.platform !== 'linux' && process.platform !== 'darwin') {
49
+ return {
50
+ mode: 'bubblewrap',
51
+ armed: false,
52
+ reason: `bubblewrap unavailable on ${process.platform} - choose 'none', 'macOS-seatbelt', or 'docker'.`,
53
+ details: [`platform: ${process.platform}`, `expected: linux (primary) or darwin (homebrew)`],
54
+ installHint: BWRAP_INSTALL_HINT,
55
+ };
56
+ }
57
+ const bwrapPath = locateBwrap();
58
+ if (bwrapPath === null) {
59
+ return {
60
+ mode: 'bubblewrap',
61
+ armed: false,
62
+ reason: 'bwrap binary not found on PATH.',
63
+ details: [
64
+ `platform: ${process.platform}`,
65
+ `lookup: PATH`,
66
+ `remediation: install the bubblewrap package`,
67
+ ],
68
+ installHint: BWRAP_INSTALL_HINT,
69
+ };
70
+ }
71
+ return {
72
+ mode: 'bubblewrap',
73
+ armed: true,
74
+ details: [
75
+ `platform: ${process.platform}`,
76
+ `binary: ${bwrapPath}`,
77
+ `workspaceRoot: ${opts.workspaceRoot}`,
78
+ `extraWritePaths: ${(opts.extraWritePaths ?? []).join(', ') || '<none>'}`,
79
+ `posture: ${opts.posture ?? 'strict'}`,
80
+ `network: ${resolveNetworkAllowance(opts.posture, opts.allowNetwork) ? 'allow' : 'deny'}`,
81
+ ],
82
+ };
83
+ }
84
+ wrap(cmd, opts) {
85
+ const armed = this.probe(opts);
86
+ if (!armed.armed) {
87
+ throw new Error(`BubblewrapSandboxAdapter.wrap: ${armed.reason}`);
88
+ }
89
+ if (!isAbsolute(opts.workspaceRoot)) {
90
+ throw new Error(`BubblewrapSandboxAdapter.wrap: workspaceRoot must be absolute, got "${opts.workspaceRoot}"`);
91
+ }
92
+ for (const p of opts.extraWritePaths ?? []) {
93
+ if (!isAbsolute(p)) {
94
+ throw new Error(`BubblewrapSandboxAdapter.wrap: extraWritePaths entry must be absolute, got "${p}"`);
95
+ }
96
+ }
97
+ for (const p of opts.extraReadPaths ?? []) {
98
+ if (!isAbsolute(p)) {
99
+ throw new Error(`BubblewrapSandboxAdapter.wrap: extraReadPaths entry must be absolute, got "${p}"`);
100
+ }
101
+ }
102
+ const args = renderBwrapArgs(opts);
103
+ return {
104
+ command: BWRAP_BINARY,
105
+ args: [...args, '--', cmd.command, ...cmd.args],
106
+ description: `sandbox: bubblewrap (posture=${opts.posture ?? 'strict'})`,
107
+ };
108
+ }
109
+ /**
110
+ * Exposed for unit tests so the spec can pin the exact argv shape
111
+ * without driving the whole wrap path.
112
+ */
113
+ renderArgs(opts) {
114
+ return renderBwrapArgs(opts);
115
+ }
116
+ }
117
+ /**
118
+ * Compose the bwrap argv from the spawn options. Order matters:
119
+ *
120
+ * 1. Namespace flags (`--unshare-all`, optional `--share-net`).
121
+ * 2. Read-only system binds - provides /usr, /bin, /lib, etc.
122
+ * 3. /proc + /dev so syscalls work.
123
+ * 4. tmpfs at /tmp so build scratch never persists.
124
+ * 5. Read-write bind of workspaceRoot + every extraWritePath.
125
+ * 6. Read-only bind of every extraReadPath.
126
+ *
127
+ * Secret dirs are NOT bound. Because bwrap starts from a fresh mount
128
+ * namespace, anything not explicitly bound is invisible to the child.
129
+ * The `defaultSecretDirs` helper exists only for symmetry with the
130
+ * seatbelt adapter's deny rules - the documentation surface stays
131
+ * consistent across mechanisms.
132
+ */
133
+ function renderBwrapArgs(opts) {
134
+ const home = opts.homedir ?? homedir();
135
+ const networkAllowed = resolveNetworkAllowance(opts.posture, opts.allowNetwork);
136
+ const args = [];
137
+ // Namespace isolation. `--unshare-all` removes every namespace -
138
+ // pid, mount, ipc, uts, cgroup, net. We selectively re-share net
139
+ // when the policy says so. `--die-with-parent` makes sure the
140
+ // child does not outlive the bash tool's spawn() handle.
141
+ args.push('--die-with-parent');
142
+ args.push('--unshare-all');
143
+ if (networkAllowed) {
144
+ args.push('--share-net');
145
+ }
146
+ // Read-only system binds. We bind each path with `--ro-bind-try`
147
+ // so missing dirs (e.g. /lib64 on a non-multilib host) do not
148
+ // abort the wrap. The order mirrors a minimal POSIX userland.
149
+ for (const sys of ['/usr', '/bin', '/sbin', '/lib', '/lib64', '/etc', '/opt']) {
150
+ args.push('--ro-bind-try', sys, sys);
151
+ }
152
+ // /proc + /dev - required for most binaries. /dev is the bwrap
153
+ // virtual /dev (just null, zero, tty, random, urandom). /proc is
154
+ // the new namespace's proc, not the host's.
155
+ args.push('--proc', '/proc');
156
+ args.push('--dev', '/dev');
157
+ // Fresh tmpfs at /tmp every invocation. Build scratch never
158
+ // persists across runs and never leaks into the host's /tmp.
159
+ args.push('--tmpfs', '/tmp');
160
+ // Workspace bind: read + write. The bind is at the same path
161
+ // inside the jail so a relative cwd from the parent resolves
162
+ // identically inside.
163
+ args.push('--bind', opts.workspaceRoot, opts.workspaceRoot);
164
+ // Extra writable paths (typical: ~/.pugi for CLI state).
165
+ for (const writable of opts.extraWritePaths ?? []) {
166
+ args.push('--bind', writable, writable);
167
+ }
168
+ // Extra read-only paths the operator opted into.
169
+ for (const readonly of opts.extraReadPaths ?? []) {
170
+ args.push('--ro-bind-try', readonly, readonly);
171
+ }
172
+ // `defaultSecretDirs` is computed-and-ignored here. The intent is
173
+ // documentation: future operators reading this code see the same
174
+ // list the seatbelt deny block uses. The structural omission of
175
+ // these binds IS the deny - referencing the list makes that
176
+ // explicit.
177
+ void defaultSecretDirs(home);
178
+ return args;
179
+ }
180
+ /**
181
+ * Locate `bwrap` on the operator's PATH. We avoid `which` (not POSIX
182
+ * everywhere) and `command -v` (shell builtin, not spawn-friendly).
183
+ * Instead we run `bwrap --version` and treat any clean exit as proof
184
+ * the binary is callable.
185
+ */
186
+ function locateBwrap() {
187
+ try {
188
+ execFileSync(BWRAP_BINARY, ['--version'], {
189
+ stdio: ['ignore', 'ignore', 'ignore'],
190
+ timeout: 3000,
191
+ });
192
+ return BWRAP_BINARY;
193
+ }
194
+ catch (err) {
195
+ const e = err;
196
+ if (e?.code === 'ENOENT')
197
+ return null;
198
+ // Non-zero exit (e.g. bwrap with a strange host) still means the
199
+ // binary exists. We treat it as available; the wrap call will
200
+ // surface the real failure via the child's stderr.
201
+ return BWRAP_BINARY;
202
+ }
203
+ }
204
+ /**
205
+ * Convenience re-export for callers / specs that want the same hint
206
+ * string without duplicating the literal.
207
+ */
208
+ export const BUBBLEWRAP_INSTALL_HINT = BWRAP_INSTALL_HINT;
209
+ //# sourceMappingURL=bubblewrap.js.map
@@ -0,0 +1,78 @@
1
+ /**
2
+ * Sandbox adapter resolver (Trust Sprint item 6 + Phase 1 #302).
3
+ *
4
+ * Single re-export surface so consumers (`pugi doctor`, the bash
5
+ * runner indirection, MCP serve diagnostics) can do:
6
+ *
7
+ * import { makeAdapter, type SandboxMode } from '.../sandboxing';
8
+ *
9
+ * The concrete adapters live in sibling files; this index wires the
10
+ * lookup table without forcing a circular import between the
11
+ * interface (`adapter.ts`) and the implementations.
12
+ */
13
+ import { BubblewrapSandboxAdapter } from './bubblewrap.js';
14
+ import { NoneSandboxAdapter } from './none.js';
15
+ import { SeatbeltSandboxAdapter } from './seatbelt.js';
16
+ export { BubblewrapSandboxAdapter } from './bubblewrap.js';
17
+ export { NoneSandboxAdapter } from './none.js';
18
+ export { SeatbeltSandboxAdapter } from './seatbelt.js';
19
+ export { SANDBOX_DISABLE_ENV, defaultSecretDirs, isSandboxDisabled, resolveNetworkAllowance, } from './policy.js';
20
+ /**
21
+ * Resolve a sandbox adapter from a configured mode. Throws for
22
+ * `docker` (documented but not shipped in this PR) and for unknown
23
+ * modes (defends against forward-rolled settings.json files).
24
+ */
25
+ export function makeAdapter(mode) {
26
+ switch (mode) {
27
+ case 'none':
28
+ return new NoneSandboxAdapter();
29
+ case 'macOS-seatbelt':
30
+ return new SeatbeltSandboxAdapter();
31
+ case 'bubblewrap':
32
+ return new BubblewrapSandboxAdapter();
33
+ case 'docker':
34
+ throw new Error('bash sandbox: docker mode is documented but not yet implemented. ' +
35
+ 'Use bash.sandbox = "none", "macOS-seatbelt", or "bubblewrap" until the docker adapter ships.');
36
+ default: {
37
+ const exhaustive = mode;
38
+ throw new Error(`bash sandbox: unknown mode "${String(exhaustive)}"`);
39
+ }
40
+ }
41
+ }
42
+ /**
43
+ * Auto-detect the platform-appropriate sandbox mechanism. Returns:
44
+ *
45
+ * - `'macOS-seatbelt'` on darwin
46
+ * - `'bubblewrap'` on linux (regardless of whether bwrap is
47
+ * installed; the probe surfaces the install hint if missing)
48
+ * - `'none'` on every other platform (windows, freebsd, etc.)
49
+ *
50
+ * Callers that prefer explicit selection should read
51
+ * `.pugi/settings.json::bash.sandbox` directly. This helper exists
52
+ * for the bash tool's "no settings configured" path so the strongest
53
+ * available mechanism applies by default.
54
+ */
55
+ export function detectDefaultMode() {
56
+ if (process.platform === 'darwin')
57
+ return 'macOS-seatbelt';
58
+ if (process.platform === 'linux')
59
+ return 'bubblewrap';
60
+ return 'none';
61
+ }
62
+ /**
63
+ * Convenience: probe the configured mode without spawning anything.
64
+ * Used by `pugi doctor` so the sandbox probe can report the same
65
+ * armed state the bash runner would see.
66
+ */
67
+ export function probeSandbox(opts) {
68
+ const adapter = makeAdapter(opts.mode);
69
+ return adapter.probe({
70
+ workspaceRoot: opts.workspaceRoot,
71
+ ...(opts.extraWritePaths ? { extraWritePaths: opts.extraWritePaths } : {}),
72
+ ...(opts.extraReadPaths ? { extraReadPaths: opts.extraReadPaths } : {}),
73
+ ...(opts.posture ? { posture: opts.posture } : {}),
74
+ ...(opts.allowNetwork !== undefined ? { allowNetwork: opts.allowNetwork } : {}),
75
+ ...(opts.homedir ? { homedir: opts.homedir } : {}),
76
+ });
77
+ }
78
+ //# sourceMappingURL=index.js.map
@@ -0,0 +1,19 @@
1
+ export class NoneSandboxAdapter {
2
+ mode = 'none';
3
+ probe(_opts) {
4
+ return {
5
+ mode: 'none',
6
+ armed: false,
7
+ reason: "policy 'none' selected — bash dispatches run unsandboxed (classifier + permission FSM still apply).",
8
+ details: ['mode: none (passthrough)', 'enforcement: bash classifier + permission FSM only'],
9
+ };
10
+ }
11
+ wrap(cmd, _opts) {
12
+ return {
13
+ command: cmd.command,
14
+ args: cmd.args,
15
+ description: 'sandbox: none (passthrough)',
16
+ };
17
+ }
18
+ }
19
+ //# sourceMappingURL=none.js.map