@pugi/cli 0.1.0-beta.13 → 0.1.0-beta.15

package/bin/run.js

@@ -1,2 +1,34 @@
 #!/usr/bin/env node
-import '../dist/index.js';
+// 2026-05-27 — silence the noisy `node:sqlite` ExperimentalWarning.
+// Node 22.x prints a multi-line warning the first time any consumer
+// imports `node:sqlite` (see core/repl/store/session-store.ts). CEO has
+// pinged this surface twice now ("(node:XXXXX) ExperimentalWarning:
+// SQLite is an experimental feature and might change at any time" +
+// trace-warnings hint). Hiding it cleanly requires a tap on
+// process.emitWarning BEFORE any module loads the sqlite binding —
+// hence wiring it here in the binary entry, not deep inside the CLI.
+//
+// We allowlist only the exact sqlite warning + leave every other
+// runtime warning (deprecation, security, custom code paths) intact.
+// Operator can still re-enable the noise by exporting
+// PUGI_SHOW_EXPERIMENTAL_WARNINGS=1 — useful when debugging a node
+// version bump that might surface a new experimental flag we should
+// notice.
+if (!process.env.PUGI_SHOW_EXPERIMENTAL_WARNINGS) {
+  const originalEmit = process.emit;
+  process.emit = function patchedEmit(name, ...args) {
+    if (name === 'warning') {
+      const w = args[0];
+      const isSqliteExperimental =
+        w &&
+        typeof w === 'object' &&
+        w.name === 'ExperimentalWarning' &&
+        typeof w.message === 'string' &&
+        /SQLite is an experimental feature/i.test(w.message);
+      if (isSqliteExperimental) return false;
+    }
+    return originalEmit.call(this, name, ...args);
+  };
+}
+
+import('../dist/index.js');

package/dist/core/engine/anvil-client.js

@@ -196,6 +196,25 @@ export class AnvilEngineLoopClient {
                 // for the broader "misleading error" pattern.)
                 try {
                     const parsed = text ? JSON.parse(text) : null;
+                    // 2026-05-27 dogfood cycle 2: distinct error code for the
+                    // infra-side "PII scrubber down" case. Previously the engine
+                    // server returned `privacy_strict_upstream_blocked` here even
+                    // when the tenant was on BALANCED (the scrubber crash forced
+                    // a fail-closed). Operators chased the wrong fix ("switch
+                    // privacy") for hours. Server now emits
+                    // `pii_scrubber_unavailable` — surface a distinct remediation
+                    // that points at the infra side, not the operator's privacy
+                    // posture.
+                    if (parsed?.code === 'pii_scrubber_unavailable') {
+                        return {
+                            stop: 'error',
+                            code: 'privacy_blocked',
+                            message: parsed.message ?? 'PII scrubber unavailable; privacy filter refused dispatch.',
+                            remediation: 'Infra-side issue (not your tenant privacy mode). Wait for ops to restore ' +
+                                'the PiiScrubberService, OR temporarily switch your tenant to permissive via ' +
+                                '`pugi config set privacy=permissive`.',
+                        };
+                    }
                     if (parsed?.code === 'privacy_strict_upstream_blocked' || parsed?.code === 'privacy_blocked') {
                         return {
                             stop: 'error',

package/dist/runtime/cli.js

@@ -763,6 +763,28 @@ function parseArgs(argv) {
             }
             flags.maxTurns = parsed;
         }
+        else if (arg.startsWith('--commit=')) {
+            // `pugi review --triple --commit <SHA>` activates the multi-
+            // provider routing path against a specific revision.
+            flags.commit = arg.slice('--commit='.length);
+        }
+        else if (arg === '--commit') {
+            const next = argv[index + 1];
+            if (!next)
+                throw new Error('--commit requires a SHA or ref');
+            flags.commit = next;
+            index += 1;
+        }
+        else if (arg.startsWith('--base=')) {
+            flags.base = arg.slice('--base='.length);
+        }
+        else if (arg === '--base') {
+            const next = argv[index + 1];
+            if (!next)
+                throw new Error('--base requires a ref');
+            flags.base = next;
+            index += 1;
+        }
         else {
             args.push(arg);
         }
@@ -810,7 +832,176 @@ async function version(_args, flags, _session) {
     };
     writeOutput(flags, payload, `pugi ${payload.version}`);
 }
-async function help(_args, flags, _session) {
+/**
+ * Per-command help bodies (task #100). When the operator types
+ * `pugi <cmd> --help` the dispatcher routes here with `args = [cmd]`.
+ * If we have a focused body for that command, print it instead of the
+ * global summary. Falls back to the global summary so unknown / new
+ * commands still get a useful response.
+ *
+ * Source of truth for each entry: the comment block at the top of the
+ * command's implementation module + any flags the command declares.
+ * Keep entries short — operators want the one-liner of intent + the
+ * 2-5 most useful flags, not a tutorial. The global help still has the
+ * full per-section reference; the per-command body is the "tell me
+ * how to use this NOW" surface.
+ */
+const COMMAND_HELP_BODIES = {
+    init: [
+        'pugi init — bootstrap a new Pugi workspace in the current directory.',
+        '',
+        'Creates .pugi/{PUGI.md, mcp.json, index.json, artifacts/, sessions/} and',
+        'seeds the 6 default skills. Idempotent — running again only fills gaps.',
+        '',
+        'Flags:',
+        '  --no-defaults     Skip the bundled default-skills install.',
+        '',
+        'Env:',
+        '  PUGI_INIT_NO_DEFAULTS=1   Same as --no-defaults.',
+    ],
+    explain: [
+        'pugi explain "<question>" — read-only Q&A about the workspace.',
+        '',
+        'Calls the engine loop in explain mode (budget: 5 calls / 20k tokens).',
+        'No file writes; safe to run against unfamiliar code.',
+        '',
+        'Examples:',
+        '  pugi explain "what does this package.json define?"',
+        '  pugi explain "trace the auth flow in src/auth/"',
+    ],
+    code: [
+        'pugi code "<brief>" — engineering-mode write loop (30k token budget).',
+        '',
+        'Writes files in the current workspace. Use --no-tty in CI / pipes.',
+    ],
+    fix: [
+        'pugi fix "<brief>" — minimal-diff bugfix loop (30k token budget).',
+        '',
+        'Same as `pugi code` but the prompt biases toward the smallest patch',
+        'that closes the brief — refuses scope creep / refactor invitations.',
+    ],
+    build: [
+        'pugi build "<brief>" — feature-build loop (200k token budget).',
+        '',
+        'Multi-turn engineering with plan-review checkpoints. Pairs with',
+        'pugi plan --decompose <idea> when the brief is bigger than one PR.',
+    ],
+    plan: [
+        'pugi plan --decompose <idea> — split an idea into 3-7 components.',
+        '',
+        'Writes .pugi/plan/<session-id>/splits/NN-<name>/spec.md plus',
+        'manifest.md with the dependency DAG. Pass each split to `pugi build`.',
+    ],
+    review: [
+        'pugi review — code review surfaces.',
+        '',
+        '  --triple                3-model consensus via Anvil paid fleet.',
+        '  --triple --commit <SHA> Review a specific commit (vs origin/main).',
+        '  --consensus             Customer-facing consensus review (codex + claude + deepseek).',
+        '                          Optional: --commit <sha> | --pr <num> | --branch <name>.',
+        '',
+        'Exit codes: 0 PASS · 1 WARN · 2 BLOCK · 5 auth_missing · 7 rate_limited.',
+    ],
+    privacy: [
+        'pugi privacy — privacy-mode operations.',
+        '',
+        '  show                    Display effective mode + source.',
+        '  set <mode>              Local-only legacy values (local-only|metadata|full).',
+        '',
+        'For tenant-scoped server-side modes (strict|balanced|permissive), use:',
+        '  pugi config get privacy',
+        '  pugi config set privacy=<mode>',
+    ],
+    config: [
+        'pugi config — read / write CLI + tenant configuration.',
+        '',
+        '  get <key>                                       Local config value.',
+        '  get privacy                                     Tenant privacy snapshot (admin-api).',
+        '  get routing                                     Effective routing table.',
+        '  set <key>=<value>                               Local config write.',
+        '  set privacy=<mode>                              Flip tenant privacy (strict|balanced|permissive).',
+        '  set routing.<tag>.<budget>=<model>              Override one routing lane.',
+        '  unset routing.<tag>.<budget>                    Revert a routing override.',
+        '  mcp trust|deny|list <name>                      MCP server trust + visibility.',
+    ],
+    sync: [
+        'pugi sync — explicit-continuation handoff bundle upload.',
+        '',
+        '  --dry-run               Print the bundle plan without uploading.',
+        '  --privacy <mode>        Override per-bundle privacy posture.',
+    ],
+    whoami: [
+        'pugi whoami — show the active credential + JWT principal + plan tier.',
+        '',
+        'Reads from ~/.pugi/credentials.json. No network call unless --remote.',
+    ],
+    login: [
+        'pugi login — authenticate against an api.pugi.io endpoint.',
+        '',
+        'Interactive picker by default (browser OAuth / PAT / env). Non-interactive:',
+        '  --provider device                                Device-flow OAuth.',
+        '  --provider token --token <jwt>                   Pass a JWT directly.',
+        '  --provider env --env PUGI_API_KEY                Read from an env var.',
+    ],
+    accounts: [
+        'pugi accounts — manage stored credentials across endpoints.',
+        '',
+        '  list                    Every account + its endpoint + active flag.',
+        '  switch <label>          Re-point the active account.',
+        '  remove <label>          Delete a stored credential.',
+    ],
+    jobs: [
+        'pugi jobs — list, tail, or kill background dispatch jobs.',
+        '',
+        '  list                    All jobs in the registry.',
+        '  tail <id>               Stream output from one job.',
+        '  kill <id>               Cancel a running job.',
+    ],
+    delegate: [
+        'pugi delegate <slug> "<brief>" — dispatch a brief to one specialist persona.',
+        '',
+        'Slugs (Tier 1 alpha 7.5): dev qa pm devops researcher analyst designer',
+        'frontend architect. `pugi roster` lists the live set.',
+    ],
+    roster: [
+        'pugi roster — list the live Tier 1 personas + roles.',
+    ],
+    doctor: [
+        'pugi doctor — diagnose CLI + workspace + adapter capabilities.',
+        '',
+        'Prints CLI version, Node version, workspace state (.pugi presence,',
+        'event log, settings), permission mode, and the capability matrix per',
+        'engine adapter. Safe to run anywhere; no network calls.',
+    ],
+    ask: [
+        'pugi ask "<question>" — surface a yes/no question modal locally.',
+        '',
+        'Useful in shell scripts that need a human-confirm before a destructive',
+        'step. Exits 0 on yes, 1 on no, 2 on cancel.',
+    ],
+    deploy: [
+        'pugi deploy — trigger a vendor deployment from the bound Git source.',
+        '',
+        '  --target vercel <vercelProject> --project <id>   Vercel deploy.',
+        '  --target render <renderService> --project <id>   Render deploy (Sprint 2 stub).',
+        '  --status <id>                                    Vendor-agnostic status snapshot.',
+        '  --logs <id> [--tail]                             Build-log tail.',
+        '',
+        'Optional: --target-env production|preview, --ref <ref>, --integration <id>.',
+    ],
+};
+async function help(args, flags, _session) {
+    // 2026-05-27 task #100: per-command help bodies. When dispatcher
+    // routed `pugi <cmd> --help` here it passes `args = [cmd]`; if we
+    // have a focused body, print that. Falls through to the global
+    // summary on unknown / new commands so the dispatcher's redirect
+    // never produces a worse-than-baseline response.
+    const requested = args[0];
+    if (requested && COMMAND_HELP_BODIES[requested]) {
+        const body = COMMAND_HELP_BODIES[requested];
+        writeOutput(flags, { command: requested, lines: body }, body.join('\n'));
+        return;
+    }
     const commands = Object.keys(handlers).sort();
     writeOutput(flags, { commands }, [
         'Pugi CLI',
@@ -830,6 +1021,9 @@ async function help(_args, flags, _session) {
         '',
         'Review gate:',
         '  pugi review --triple    Prepare the Anvil-backed triple-review gate.',
+        '  pugi review --triple --commit <SHA>',
+        '                          3-model consensus via Anvil (Anthropic · OpenAI · Google).',
+        '                          Optional: --base <ref> | "<prompt>". Quota: 1 slot per call.',
         '  pugi review --consensus 3-model consensus review (codex · claude · deepseek).',
         '                          Optional: --commit <sha> | --pr <num> | --branch <name>.',
         '                          Exits 0 PASS · 1 WARN · 2 BLOCK.',
@@ -992,7 +1186,19 @@ export async function scaffoldPugiWorkspace(input) {
     }, created, skipped);
     writeJsonIfMissing(resolve(pugiDir, 'mcp.json'), {
         schema: 1,
-        servers: [],
+        // 2026-05-27 dogfood: `servers` MUST be an object keyed by server
+        // name (z.record(mcpServerConfigSchema) in
+        // apps/pugi-cli/src/core/mcp/registry.ts:51). A bare `[]` array
+        // here passed schema validation на pugi init exit но crashed
+        // the next dispatch with
+        //   "MCP config at .pugi/mcp.json failed validation:
+        //    servers: Expected object, received array"
+        // and the operator's first command after `pugi init` printed an
+        // error banner before the actual reply. Empty object matches the
+        // schema default and keeps the file forwards-compatible with
+        // `pugi mcp install <name> ...` which merges into the same
+        // record shape.
+        servers: {},
     }, created, skipped);
     writeJsonIfMissing(resolve(pugiDir, 'index.json'), emptyIndex(), created, skipped);
     writeTextIfMissing(resolve(pugiDir, 'PUGI.md'), [
@@ -1414,10 +1620,20 @@ async function review(args, flags, session) {
     // streaming UX and rubric-driven exit codes don't disturb the existing
     // pugi-cli surfaces that depend on the old shape.
     if (flags.consensus) {
+        // 2026-05-27 (Codex r0 P1 on PR #489): pass the globally-parsed
+        // --commit / --base flags to consensus so `pugi review --consensus
+        // --commit X` reviews the requested SHA instead of silently falling
+        // back to the working-tree diff. parseConsensusArgs gives the inline
+        // args (`--commit Y` after the command name) precedence; the
+        // fallback only fires when `args` does not carry the token.
         const exitCode = await runReviewConsensus(args, {
             cwd: root,
             config: resolveRuntimeConfig(),
             json: flags.json,
+            flagsFallback: {
+                ...(flags.commit ? { commit: flags.commit } : {}),
+                ...(flags.base ? { base: flags.base } : {}),
+            },
             emit: (line) => {
                 if (!flags.json)
                     process.stdout.write(line);
@@ -1429,6 +1645,15 @@ async function review(args, flags, session) {
         process.exitCode = exitCode;
         return;
     }
+    if (flags.triple && flags.commit) {
+        // CEO directive 2026-05-27: `pugi review --triple --commit <SHA>`
+        // dispatches to the customer-facing 3-model consensus path through
+        // Anvil's already-paid Anthropic / OpenAI / Google routes. Replaces
+        // the dev-only Codex/Claude/Gemini OAuth CLIs the `/triple-review`
+        // skill uses.
+        await performTripleProviderReview(root, session, flags, prompt);
+        return;
+    }
     if (flags.triple && flags.remote) {
         await performRemoteTripleReview(root, session, flags, prompt);
         return;
@@ -1866,6 +2091,274 @@ async function performRemoteTripleReview(root, session, flags, prompt) {
         .join('\n'));
     process.exitCode = outcome.exitCode;
 }
+/**
+ * `pugi review --triple --commit <SHA>` — customer-facing 3-model
+ * consensus review via Anvil multi-provider routing.
+ *
+ * Dispatches the same diff to Anthropic / OpenAI / Google models
+ * (routed through Anvil's already-paid fleet, NOT OAuth-bound dev
+ * CLIs) and renders the per-reviewer verdict + cross-model
+ * disagreement summary at the end. Quota: one `reviewPerMonth` slot
+ * per call regardless of provider count — the controller-level
+ * `@QuotaGated('reviewPerMonth')` decorator enforces single-slot
+ * debit (see apps/admin-api/src/pugi/pugi.controller.ts).
+ *
+ * CEO directive 2026-05-27: replaces the dev-only `/triple-review`
+ * skill's Codex/Claude/Gemini OAuth dependency with a customer-
+ * runnable Pugi product surface. Dogfood loop: Pugi reviews Pugi PRs.
+ */
+async function performTripleProviderReview(root, session, flags, prompt) {
+    const config = resolveRuntimeConfig();
+    const artifactDir = createArtifactDir(root, prompt || 'triple-providers');
+    const requestPath = resolve(artifactDir, 'triple-review-request.json');
+    const resultPath = resolve(artifactDir, 'triple-review-result.json');
+    const summaryPath = resolve(artifactDir, 'triple-review.md');
+    const toolCallId = recordToolCall(session, 'review:triple-providers', prompt || `review ${flags.commit ?? 'HEAD'} via providers`);
+    // Resolve base ref. CLI flag wins over settings → so an operator
+    // can target a specific integration branch without editing settings.
+    const settings = loadSettings(root);
+    const baseRef = flags.base ?? resolveBaseRef(root, settings) ?? 'origin/main';
+    // Normalise both the commit and the base to short SHAs so the audit
+    // log stores a stable reference even if branches move.
+    const commitRef = flags.commit ?? 'HEAD';
+    // 2026-05-27 (Codex r0 P2 on PR #489): safeGit returns '' on a bad ref
+    // (it swallows the git exit code so callers don't have to wrap every
+    // probe). Without an explicit refusal, a misspelled --commit or --base
+    // produced an EMPTY diff that the gate then PASSED — operators saw a
+    // green review for changes that were never reviewed. Resolve both refs
+    // through `rev-parse --verify` first; an empty result is a hard error.
+    const verifiedCommit = safeGit(root, ['rev-parse', '--verify', commitRef]).trim();
+    if (!verifiedCommit) {
+        throw new Error(`pugi review --triple: cannot resolve --commit '${commitRef}' — ` +
+            `check the SHA or branch name. ` +
+            `Refusing to submit an empty diff for review.`);
+    }
+    const verifiedBase = safeGit(root, ['rev-parse', '--verify', baseRef]).trim();
+    if (!verifiedBase) {
+        throw new Error(`pugi review --triple: cannot resolve --base '${baseRef}' — ` +
+            `check the ref or set base via 'pugi config set review.base=<ref>'. ` +
+            `Refusing to submit an empty diff for review.`);
+    }
+    const resolvedCommit = safeGit(root, ['rev-parse', '--short', commitRef]).trim() || commitRef;
+    const mergeBase = safeGit(root, ['merge-base', baseRef, commitRef]).trim() || '';
+    const diffRange = mergeBase || `${baseRef}..${commitRef}`;
+    const diffArgs = ['diff', diffRange, commitRef, '--', '.', ...PROTECTED_DIFF_EXCLUDES];
+    const diffStatArgs = ['diff', '--shortstat', diffRange, commitRef, '--', '.', ...PROTECTED_DIFF_EXCLUDES];
+    const diffPatch = safeGit(root, diffArgs);
+    const diffStats = parseDiffStats(safeGit(root, diffStatArgs));
+    const requestBody = pugiTripleReviewRequestSchema.parse({
+        schema: 1,
+        workspace: {
+            rootName: root.split('/').at(-1) ?? 'workspace',
+            gitBranch: safeGit(root, ['branch', '--show-current']).trim() || null,
+            gitHead: resolvedCommit || null,
+            baseRef,
+            dirty: Boolean(safeGit(root, ['status', '--short']).trim()),
+        },
+        diffPatch,
+        diffStats,
+        prompt: prompt || undefined,
+        locale: 'en-US',
+        reviewerPersona: 'oes-dev',
+        commit: resolvedCommit,
+        modelProviders: ['claude', 'gpt', 'gemini'],
+    });
+    writeFileSync(requestPath, `${JSON.stringify(requestBody, null, 2)}\n`, {
+        encoding: 'utf8',
+        mode: 0o600,
+    });
+    registerArtifact(root, {
+        id: artifactIdFromDir(artifactDir),
+        kind: 'triple-review',
+        path: relative(root, artifactDir),
+        sessionId: session.id,
+        createdAt: new Date().toISOString(),
+        files: ['triple-review-request.json'],
+    });
+    if (!config) {
+        const reason = 'No active Pugi credentials. Run `pugi login --token <PAT>` or set PUGI_API_KEY for CI use.';
+        recordToolResult(session, toolCallId, 'error', reason);
+        writeFileSync(summaryPath, buildTripleReviewMarkdown({
+            prompt,
+            requestPath: relative(root, requestPath),
+            verdict: null,
+            reason,
+            response: null,
+        }), { encoding: 'utf8', mode: 0o600 });
+        writeOutput(flags, {
+            status: 'auth_missing',
+            request: relative(root, requestPath),
+            summary: relative(root, summaryPath),
+        }, [
+            'Pugi triple-provider review request prepared but not sent — no active credentials.',
+            `Request: ${relative(root, requestPath)}`,
+            `Run \`pugi login --token <PAT>\` (or export PUGI_API_KEY for CI) then retry \`pugi review --triple --commit ${resolvedCommit}\`.`,
+        ].join('\n'));
+        process.exitCode = 5;
+        return;
+    }
+    const submitResult = await submitTripleReview(config, requestBody);
+    if (submitResult.status !== 'ok') {
+        const outcome = describeSubmitFailure(submitResult);
+        writeFileSync(summaryPath, buildTripleReviewMarkdown({
+            prompt,
+            requestPath: relative(root, requestPath),
+            verdict: null,
+            reason: outcome.message,
+            response: null,
+        }), { encoding: 'utf8', mode: 0o600 });
+        recordToolResult(session, toolCallId, 'error', outcome.message);
+        writeOutput(flags, {
+            status: submitResult.status,
+            code: submitResult.code,
+            message: outcome.message,
+            request: relative(root, requestPath),
+            summary: relative(root, summaryPath),
+        }, [
+            outcome.headline,
+            `Request: ${relative(root, requestPath)}`,
+            `Summary: ${relative(root, summaryPath)}`,
+            outcome.next ? `Next: ${outcome.next}` : '',
+        ]
+            .filter(Boolean)
+            .join('\n'));
+        process.exitCode = outcome.exitCode;
+        return;
+    }
+    const response = submitResult.response;
+    persistTripleReviewResult(resultPath, response);
+    writeFileSync(summaryPath, buildTripleReviewMarkdown({
+        prompt,
+        requestPath: relative(root, requestPath),
+        verdict: response.verdict,
+        reason: response.reason,
+        response,
+    }), { encoding: 'utf8', mode: 0o600 });
+    recordToolResult(session, toolCallId, response.verdict === 'BLOCK' ? 'error' : 'success', `Verdict: ${response.verdict} (${response.reason})`);
+    const verdictReport = renderTripleProviderVerdict({
+        response,
+        commit: resolvedCommit,
+        baseRef,
+    });
+    writeOutput(flags, {
+        status: 'completed',
+        verdict: response.verdict,
+        reason: response.reason,
+        counts: response.counts,
+        reviewerCount: response.reviewerCount,
+        effectiveTier: response.effectiveTier,
+        commit: resolvedCommit,
+        baseRef,
+        reviewers: response.reviewers.map((r) => ({
+            provider: r.provider ?? null,
+            model: r.model,
+            declaredVerdict: r.declaredVerdict,
+            findings: r.findings,
+            latencyMs: r.latencyMs,
+            tokensUsed: r.tokensUsed,
+            error: r.error,
+        })),
+        result: relative(root, resultPath),
+        summary: relative(root, summaryPath),
+    }, verdictReport);
+    if (response.verdict === 'BLOCK') {
+        process.exitCode = 9;
+    }
+    else if (response.verdict === 'WARN') {
+        process.exitCode = 1;
+    }
+}
+/**
+ * Pretty-printer for the `pugi review --triple --commit <SHA>` verdict.
+ * Mirrors the `/triple-review` skill's verdict block (per-reviewer
+ * counts table → final GATE line → per-reviewer verbatim → cross-
+ * model disagreement summary → tokens/cost note) so the output is
+ * familiar to operators who already use the dev-only skill.
+ */
+export function renderTripleProviderVerdict(input) {
+    const { response, commit, baseRef } = input;
+    const divider = '═'.repeat(68);
+    const subDivider = '─'.repeat(68);
+    // Per-reviewer counts table.
+    const reviewerRows = response.reviewers.map((reviewer) => {
+        const c = { P0: 0, P1: 0, P2: 0, P3: 0 };
+        for (const f of reviewer.findings)
+            c[f.severity] += 1;
+        const status = reviewer.error
+            ? 'ERROR'
+            : reviewer.declaredVerdict ?? 'UNKNOWN';
+        const label = reviewer.provider
+            ? reviewer.provider.toUpperCase().padEnd(8)
+            : reviewer.model.slice(0, 8).padEnd(8);
+        return `   ${label} ${pad(c.P0)} ${pad(c.P1)} ${pad(c.P2)} ${pad(c.P3)}   ${status}`;
+    });
+    // Cross-model disagreement: list severities flagged by 1 of N but not
+    // the others. Surfaces the "highest-signal moment" per the skill.
+    const disagreements = [];
+    const allFindings = response.reviewers.flatMap((r) => r.findings.map((f) => ({
+        provider: r.provider ?? r.model,
+        severity: f.severity,
+        line: f.line,
+        issue: f.issue,
+    })));
+    const p1Flaggers = new Set(response.reviewers
+        .filter((r) => r.findings.some((f) => f.severity === 'P1'))
+        .map((r) => r.provider ?? r.model));
+    if (p1Flaggers.size === 1) {
+        const sole = [...p1Flaggers][0];
+        disagreements.push(`Only ${sole} flagged a P1 — examine the disagreement, often the highest-signal moment.`);
+    }
+    const p0Flaggers = new Set(response.reviewers
+        .filter((r) => r.findings.some((f) => f.severity === 'P0'))
+        .map((r) => r.provider ?? r.model));
+    if (p0Flaggers.size > 0 && p0Flaggers.size < response.reviewers.length) {
+        disagreements.push(`P0 flagged by ${[...p0Flaggers].join(', ')} but not ${response.reviewers
+            .filter((r) => !p0Flaggers.has(r.provider ?? r.model))
+            .map((r) => r.provider ?? r.model)
+            .join(', ')} — verify the finding before merging.`);
+    }
+    // Tokens / cost summary. Tokens are best-effort (some providers
+    // return null). Cost is a placeholder pending billing wire-up; we
+    // surface the quota note inline so the operator knows it counts as
+    // one slot, not three.
+    const totalTokens = response.reviewers.reduce((sum, r) => sum + (r.tokensUsed ?? 0), 0);
+    // Verbatim reviewer outputs. Each section gets a header so operators
+    // can scroll quickly and copy any individual reviewer's text into
+    // their own notes / triage doc.
+    const reviewerSections = response.reviewers.map((reviewer) => {
+        const label = reviewer.provider
+            ? reviewer.provider.toUpperCase()
+            : reviewer.model;
+        const body = reviewer.error
+            ? `(reviewer errored: ${reviewer.error})`
+            : reviewer.rawContent.trim() || '(empty response)';
+        return [subDivider, `${label} SAYS (${reviewer.model}):`, '', body].join('\n');
+    });
+    return [
+        `PUGI TRIPLE-PROVIDER REVIEW — commit ${commit} vs ${baseRef}`,
+        divider,
+        '',
+        `         P0  P1  P2  P3   Status`,
+        ...reviewerRows,
+        '',
+        `GATE: ${response.verdict}`,
+        `Reason: ${response.reason}`,
+        '',
+        ...reviewerSections,
+        '',
+        subDivider,
+        'CROSS-MODEL DISAGREEMENT:',
+        disagreements.length === 0
+            ? '   (none — all reviewers agreed within rubric tolerance)'
+            : disagreements.map((d) => `   - ${d}`).join('\n'),
+        '',
+        `Tokens: ~${totalTokens} total across ${response.reviewers.length} reviewers`,
+        'Quota: charged as 1 review slot (multi-provider counts as a single call).',
+    ].join('\n');
+}
+function pad(n) {
+    return String(n).padStart(2, ' ');
+}
 function describeSubmitFailure(result) {
     switch (result.status) {
         case 'endpoint_missing':

package/dist/runtime/commands/review-consensus.js

@@ -40,8 +40,23 @@ import { aggregate, exitCodeFor, reviewerVerdictFromRaw, } from '../../core/cons
  *   `--branch <name>` / `--branch=<name>`
  *   `--base <ref>` / `--base=<ref>`   (override default origin/main)
  */
-export function parseConsensusArgs(args) {
+export function parseConsensusArgs(args, 
+/**
+ * 2026-05-27 (Codex r0 P1 on PR #489): cli.ts now parses --commit /
+ * --base in the GLOBAL flag pass for the new triple-provider path.
+ * Those tokens are consumed BEFORE this function sees `args`, so
+ * `pugi review --consensus --commit X` would silently fall back to
+ * the default diff and review the wrong changes. Pass the global
+ * flags through here so consensus picks them up when present.
+ * Inline `--commit`/`--base` tokens in args still win — explicit
+ * caller intent is preserved.
+ */
+fallback) {
     const spec = {};
+    if (fallback?.commit)
+        spec.commit = fallback.commit;
+    if (fallback?.base)
+        spec.baseRef = fallback.base;
     for (let i = 0; i < args.length; i += 1) {
         const arg = args[i] ?? '';
         const equalsIdx = arg.indexOf('=');
@@ -119,7 +134,7 @@ export async function runReviewConsensus(args, ctx) {
     // exit 2 — same as BLOCK because the gate could not even run.
     let captured;
     try {
-        const spec = parseConsensusArgs(args);
+        const spec = parseConsensusArgs(args, ctx.flagsFallback);
         captured = captureDiff({ ...spec, cwd: ctx.cwd });
     }
     catch (error) {

package/dist/runtime/version.js

@@ -44,7 +44,7 @@ export function sanitizeSemver(raw) {
  * during import). When bumping the CLI version BOTH literals must be
  * updated; the release smoke-test (`pack:smoke`) verifies they agree.
  */
-export const PUGI_CLI_VERSION = sanitizeSemver('0.1.0-beta.13');
+export const PUGI_CLI_VERSION = sanitizeSemver('0.1.0-beta.15');
 /**
  * Outbound: the CLI's installed semver. Read at request time by
  * `version-interceptor.ts` and injected on every `fetch` call.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pugi/cli",
-  "version": "0.1.0-beta.13",
+  "version": "0.1.0-beta.15",
   "description": "Pugi CLI - terminal-native software execution system",
   "homepage": "https://pugi.io",
   "repository": {
@@ -48,13 +48,13 @@
     "ink": "^5.0.1",
     "linkedom": "^0.18.12",
     "react": "^18.3.1",
-    "tar": "^6.2.1",
+    "tar": "^7.5.11",
     "tinyglobby": "^0.2.16",
     "turndown": "^7.2.4",
     "undici": "^8.3.0",
     "zod": "^3.23.0",
     "@pugi/personas": "0.1.2",
-    "@pugi/sdk": "0.1.0-beta.13"
+    "@pugi/sdk": "0.1.0-beta.15"
   },
   "devDependencies": {
     "@types/node": "^22.0.0",