@pugi/cli 0.1.0-beta.15 → 0.1.0-beta.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,299 @@
1
+ /**
2
+ * PAVF-7 — `pugi report --from-error` field-bug capture.
3
+ *
4
+ * Operator hit a CLI failure ("pugi explain: failed [auth_missing]...")
5
+ * and wants to file a clean report без manual log-grepping. This command:
6
+ *
7
+ * 1. Locates the most-recently-modified session under .pugi/sessions/
8
+ * (the engine adapter mirrors EVERY dispatch's events to a fresh
9
+ * session dir; the latest one is always the failure that just
10
+ * surprised the operator).
11
+ * 2. Reads events.jsonl + extracts the terminal-state event +
12
+ * the last 50 frames before it (enough context to triage; small
13
+ * enough for a GH issue body or email paste).
14
+ * 3. Captures workspace metadata (CLI version, Node version, OS,
15
+ * tenant id from credentials, current dir, .pugi/PUGI.md presence).
16
+ * 4. Strips secrets — auth tokens, env values, JWT signatures —
17
+ * before the report ever touches disk OR network.
18
+ * 5. Writes the bundle к .pugi/reports/<ISO-timestamp>-<session-id>/
19
+ * with both a machine-readable report.json and a human-readable
20
+ * report.md the operator can paste into a GH issue / email.
21
+ * 6. Prints the path + the canonical share command the operator can
22
+ * run when ready to upload (the upload endpoint is deferred to a
23
+ * follow-up; v1 keeps everything LOCAL so an operator working
24
+ * offline / behind a corporate firewall can still file a clean
25
+ * report).
26
+ *
27
+ * Why not auto-upload in v1:
28
+ * The CEO HARD rule `feedback_no_fake_dispatch_promises` says we do
29
+ * not invent dispatch we cannot deliver. Without a live
30
+ * /api/pugi/report endpoint, an auto-upload would either silently
31
+ * no-op or claim shipped и lie. v1 emits the artifacts + a clear
32
+ * "upload pending" status; v2 (separate PR) wires the endpoint и
33
+ * flips the default к upload-on-success.
34
+ *
35
+ * Exit codes (match the existing PAVF-1 stage_code table):
36
+ * 0 = report written successfully
37
+ * 8 = no sessions found (operator ran in a workspace без .pugi/)
38
+ * 9 = session events.jsonl unreadable / corrupted
39
+ * 20 = output path not writable (disk full / perms)
40
+ *
41
+ * Secret-redaction posture: PII / tokens / env values are stripped at
42
+ * the report-generation layer, NOT at upload time. Even if the operator
43
+ * never uploads, the report dir on disk MUST NOT carry plaintext
44
+ * secrets — a colleague who later runs `cat .pugi/reports/.../report.md`
45
+ * over the shoulder sees the bug context but not the bearer token.
46
+ */
47
+ import { existsSync, readdirSync, readFileSync, mkdirSync, statSync, writeFileSync } from 'node:fs';
48
+ import { join, resolve as resolvePath } from 'node:path';
49
+ import { homedir, platform, release } from 'node:os';
50
+ import { PUGI_CLI_VERSION } from '../version.js';
51
+ const MAX_TAIL_FRAMES = 50;
52
+ const MAX_DETAIL_CHARS = 400;
53
+ const TERMINAL_TYPES = new Set([
54
+ 'agent.completed',
55
+ 'agent.failed',
56
+ 'agent.blocked',
57
+ 'subagent.outcome',
58
+ 'result',
59
+ ]);
60
+ /**
61
+ * Bearer / JWT / env-secret patterns. We do NOT try to be exhaustive
62
+ * (cat-and-mouse with custom secret formats is unwinnable); we cover
63
+ * the shapes that actually appear in Pugi sessions:
64
+ *
65
+ * - `Authorization: Bearer eyJ...` (JWT header.payload.signature)
66
+ * - `apiKey: eyJ...` inside captured JSON envelopes
67
+ * - any long base64-ish token (>= 20 chars, [A-Za-z0-9_-]) following
68
+ * `token`, `password`, `secret`, or `key` field names
69
+ *
70
+ * Replacement is a length-preserving `[REDACTED:<n>]` marker so the
71
+ * operator can still verify the report at-a-glance ("yes, a 32-char
72
+ * token was here") без leaking the value.
73
+ */
74
+ function redact(text) {
75
+ if (!text)
76
+ return text;
77
+ // Bearer + JWT shape.
78
+ text = text.replace(/(Bearer\s+)([A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+)/gi, (_m, prefix, tok) => `${prefix}[REDACTED:${tok.length}]`);
79
+ // Bare JWTs (no Bearer prefix) inside JSON / log lines.
80
+ text = text.replace(/\beyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\b/g, (tok) => `[REDACTED:${tok.length}]`);
81
+ // `"token": "..."` / `"apiKey": "..."` / `"password": "..."` shapes.
82
+ text = text.replace(/("(?:apiKey|api_key|token|access_token|refresh_token|password|secret|bearer)"\s*:\s*")([^"]{10,})(")/gi, (_m, before, val, after) => `${before}[REDACTED:${val.length}]${after}`);
83
+ // Bare env-style KEY=VALUE на длинных значениях.
84
+ text = text.replace(/\b((?:PUGI_API_KEY|GITHUB_TOKEN|NPM_TOKEN|ANVIL_API_KEY|OPENAI_API_KEY|ANTHROPIC_API_KEY|GEMINI_API_KEY)=)([^\s"']{10,})/g, (_m, prefix, val) => `${prefix}[REDACTED:${val.length}]`);
85
+ return text;
86
+ }
87
+ function clampDetail(value) {
88
+ if (typeof value !== 'string')
89
+ return undefined;
90
+ const redacted = redact(value);
91
+ return redacted.length > MAX_DETAIL_CHARS
92
+ ? `${redacted.slice(0, MAX_DETAIL_CHARS)}…`
93
+ : redacted;
94
+ }
95
+ function findLatestSession(cwd) {
96
+ const dir = resolvePath(cwd, '.pugi/sessions');
97
+ if (!existsSync(dir))
98
+ return null;
99
+ const entries = readdirSync(dir, { withFileTypes: true })
100
+ .filter((e) => e.isDirectory())
101
+ .map((e) => {
102
+ const path = join(dir, e.name);
103
+ let mtime = 0;
104
+ try {
105
+ mtime = statSync(join(path, 'events.jsonl')).mtimeMs;
106
+ }
107
+ catch {
108
+ // Session dir without events.jsonl yet — never opened. Skip.
109
+ return null;
110
+ }
111
+ return { name: e.name, path, mtime };
112
+ })
113
+ .filter((x) => x !== null)
114
+ .sort((a, b) => b.mtime - a.mtime);
115
+ return entries[0]?.path ?? null;
116
+ }
117
+ function readTenantIdSafely() {
118
+ const credPath = resolvePath(homedir(), '.pugi/credentials.json');
119
+ if (!existsSync(credPath))
120
+ return undefined;
121
+ try {
122
+ const raw = JSON.parse(readFileSync(credPath, 'utf8'));
123
+ const first = raw.tokens?.[0]?.apiKey;
124
+ if (!first || typeof first !== 'string')
125
+ return undefined;
126
+ // JWT payload is the middle segment; base64-decode + parse for the
127
+ // `customerId` claim. Failure here returns undefined (the report
128
+ // still emits useful context without it).
129
+ const parts = first.split('.');
130
+ if (parts.length !== 3)
131
+ return undefined;
132
+ const payload = JSON.parse(Buffer.from(parts[1] ?? '', 'base64').toString('utf8'));
133
+ return typeof payload.customerId === 'string' ? payload.customerId : undefined;
134
+ }
135
+ catch {
136
+ return undefined;
137
+ }
138
+ }
139
+ function captureFrames(eventsPath) {
140
+ const lines = readFileSync(eventsPath, 'utf8')
141
+ .split('\n')
142
+ .filter((l) => l.trim().length > 0);
143
+ const parsed = lines
144
+ .map((line) => {
145
+ try {
146
+ return JSON.parse(line);
147
+ }
148
+ catch {
149
+ return null;
150
+ }
151
+ })
152
+ .filter((f) => f !== null);
153
+ // Keep the LAST MAX_TAIL_FRAMES frames — failures cluster at the
154
+ // end, and the tail is where the operator's context actually lives.
155
+ const tail = parsed.slice(-MAX_TAIL_FRAMES);
156
+ return tail.map((f) => {
157
+ const out = {
158
+ type: typeof f.type === 'string' ? f.type : 'unknown',
159
+ };
160
+ if (typeof f.taskId === 'string')
161
+ out.taskId = f.taskId;
162
+ if (typeof f.timestamp === 'string')
163
+ out.timestamp = f.timestamp;
164
+ if (typeof f.outcome === 'string')
165
+ out.outcome = f.outcome;
166
+ // Keep detail / error ONLY on terminal frames (full reply text on
167
+ // every agent.message would blow the report past the GH issue cap).
168
+ if (TERMINAL_TYPES.has(out.type)) {
169
+ const detail = clampDetail(f.detail) ?? clampDetail(f.error);
170
+ if (detail)
171
+ out.detail = detail;
172
+ if (typeof f.error === 'string')
173
+ out.error = clampDetail(f.error);
174
+ }
175
+ return out;
176
+ });
177
+ }
178
+ export function runReport(args, ctx) {
179
+ const fromError = args.includes('--from-error');
180
+ if (!fromError) {
181
+ ctx.writeOutput({
182
+ command: 'report',
183
+ status: 'no_sessions',
184
+ message: 'pugi report — capture a bug report from the most-recent session.\n\n' +
185
+ 'Usage:\n' +
186
+ ' pugi report --from-error Bundle the most-recent failed session as a report.\n\n' +
187
+ 'Output: writes .pugi/reports/<timestamp>-<session-id>/{report.json, report.md}.\n' +
188
+ 'Secrets (bearer tokens, JWTs, named env values) are stripped before disk write.',
189
+ }, 'pugi report — see `pugi report --help`');
190
+ return 0;
191
+ }
192
+ const sessionPath = findLatestSession(ctx.cwd);
193
+ if (!sessionPath) {
194
+ ctx.writeOutput({
195
+ command: 'report',
196
+ status: 'no_sessions',
197
+ message: 'No sessions found under .pugi/sessions/. Run a `pugi` command first.',
198
+ }, 'pugi report: no sessions found under .pugi/sessions/ — run a `pugi` command first.');
199
+ return 8;
200
+ }
201
+ const eventsPath = join(sessionPath, 'events.jsonl');
202
+ let frames;
203
+ try {
204
+ frames = captureFrames(eventsPath);
205
+ }
206
+ catch (err) {
207
+ const message = err instanceof Error ? err.message : String(err);
208
+ ctx.writeOutput({
209
+ command: 'report',
210
+ status: 'unreadable',
211
+ message: `Failed to read ${eventsPath}: ${message}`,
212
+ }, `pugi report: cannot read session events (${message})`);
213
+ return 9;
214
+ }
215
+ const sessionId = sessionPath.split('/').pop() ?? 'unknown';
216
+ const timestamp = new Date().toISOString().replace(/[:.]/g, '-');
217
+ const reportDir = resolvePath(ctx.cwd, '.pugi/reports', `${timestamp}-${sessionId}`);
218
+ let reportJson;
219
+ let reportMd;
220
+ try {
221
+ mkdirSync(reportDir, { recursive: true });
222
+ reportJson = join(reportDir, 'report.json');
223
+ reportMd = join(reportDir, 'report.md');
224
+ const meta = {
225
+ schema: 1,
226
+ generatedAt: new Date().toISOString(),
227
+ cliVersion: PUGI_CLI_VERSION,
228
+ nodeVersion: process.version,
229
+ os: `${platform()} ${release()}`,
230
+ cwd: ctx.cwd,
231
+ sessionId,
232
+ tenantId: readTenantIdSafely() ?? '(not resolvable)',
233
+ pugiMd: existsSync(resolvePath(ctx.cwd, '.pugi/PUGI.md')),
234
+ frames,
235
+ };
236
+ writeFileSync(reportJson, JSON.stringify(meta, null, 2), 'utf8');
237
+ const mdLines = [
238
+ `# Pugi bug report — ${sessionId}`,
239
+ '',
240
+ `Generated: \`${meta.generatedAt}\``,
241
+ `CLI version: \`${meta.cliVersion}\``,
242
+ `Node: \`${meta.nodeVersion}\` · OS: \`${meta.os}\``,
243
+ `Workspace: \`${meta.cwd}\` (PUGI.md present: ${meta.pugiMd ? 'yes' : 'no'})`,
244
+ `Tenant: \`${meta.tenantId}\``,
245
+ '',
246
+ `## Last ${frames.length} frames`,
247
+ '',
248
+ '```jsonl',
249
+ ...frames.map((f) => JSON.stringify(f)),
250
+ '```',
251
+ '',
252
+ '## How to share',
253
+ '',
254
+ '1. Review `report.md` for accidental PII or sensitive paths.',
255
+ '2. Paste the contents into a GH issue at https://github.com/pugi-io/pugi/issues',
256
+ ' OR attach the `report.json` as a file.',
257
+ '',
258
+ 'Auto-upload to api.pugi.io is planned (`pugi report --upload`) but',
259
+ 'NOT shipped in this build — v1 keeps everything local so an operator',
260
+ 'behind a firewall can still file a clean report.',
261
+ ];
262
+ writeFileSync(reportMd, mdLines.join('\n'), 'utf8');
263
+ }
264
+ catch (err) {
265
+ const message = err instanceof Error ? err.message : String(err);
266
+ ctx.writeOutput({
267
+ command: 'report',
268
+ status: 'output_not_writable',
269
+ message: `Failed to write report bundle to ${reportDir}: ${message}`,
270
+ }, `pugi report: cannot write report dir (${message})`);
271
+ return 20;
272
+ }
273
+ ctx.writeOutput({
274
+ command: 'report',
275
+ status: 'written',
276
+ reportDir,
277
+ reportJson,
278
+ reportMd,
279
+ sessionId,
280
+ message: `Report written: ${reportDir}`,
281
+ }, [
282
+ `pugi report: bundle written`,
283
+ ` Session: ${sessionId}`,
284
+ ` Frames captured: ${frames.length}`,
285
+ ` Files:`,
286
+ ` ${reportJson}`,
287
+ ` ${reportMd}`,
288
+ ``,
289
+ `Review report.md for accidental PII, then paste into a GH issue OR`,
290
+ `attach report.json. Auto-upload is planned for a follow-up build.`,
291
+ ].join('\n'));
292
+ return 0;
293
+ }
294
+ // Test seam — the redactor is the most-tested piece (false negatives
295
+ // leak secrets; false positives garble bug context). Exported so
296
+ // apps/pugi-cli/test/report.spec.ts can assert the regex behaviour
297
+ // без spinning up a full session.
298
+ export const __INTERNAL_FOR_TESTS = { redact, clampDetail };
299
+ //# sourceMappingURL=report.js.map
@@ -44,7 +44,7 @@ export function sanitizeSemver(raw) {
44
44
  * during import). When bumping the CLI version BOTH literals must be
45
45
  * updated; the release smoke-test (`pack:smoke`) verifies they agree.
46
46
  */
47
- export const PUGI_CLI_VERSION = sanitizeSemver('0.1.0-beta.15');
47
+ export const PUGI_CLI_VERSION = sanitizeSemver('0.1.0-beta.16');
48
48
  /**
49
49
  * Outbound: the CLI's installed semver. Read at request time by
50
50
  * `version-interceptor.ts` and injected on every `fetch` call.
@@ -16,6 +16,8 @@
16
16
  * a tiny `event:`/`data:`/`id:` parser. This keeps the dependency
17
17
  * graph at zero new packages.
18
18
  */
19
+ import { existsSync } from 'node:fs';
20
+ import { resolve } from 'node:path';
19
21
  import React from 'react';
20
22
  import { render } from 'ink';
21
23
  import { Repl } from './repl.js';
@@ -314,11 +316,9 @@ export function drainBufferedStdin(stdin = process.stdin) {
314
316
  * future unit spec can lock the contract.
315
317
  */
316
318
  export function isProjectRoot(cwd) {
317
- // Local import keeps the bootstrap free of top-of-file `fs` calls
318
- // that would run at module-load time Ink + the SSE transport are
319
- // happier when this file's side-effect surface stays small.
320
- const { existsSync } = require('node:fs');
321
- const { resolve } = require('node:path');
319
+ // ESM static imports `require()` is not defined in a `"type": "module"`
320
+ // bundle and would throw `ReferenceError: require is not defined` the
321
+ // moment the REPL bootstrap calls this gate. Beta.16 P0 fix 2026-05-27.
322
322
  return (existsSync(resolve(cwd, 'package.json')) ||
323
323
  existsSync(resolve(cwd, '.git')) ||
324
324
  existsSync(resolve(cwd, '.pugi')) ||
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@pugi/cli",
3
- "version": "0.1.0-beta.15",
3
+ "version": "0.1.0-beta.16",
4
4
  "description": "Pugi CLI - terminal-native software execution system",
5
5
  "homepage": "https://pugi.io",
6
6
  "repository": {
@@ -54,7 +54,7 @@
54
54
  "undici": "^8.3.0",
55
55
  "zod": "^3.23.0",
56
56
  "@pugi/personas": "0.1.2",
57
- "@pugi/sdk": "0.1.0-beta.15"
57
+ "@pugi/sdk": "0.1.0-beta.16"
58
58
  },
59
59
  "devDependencies": {
60
60
  "@types/node": "^22.0.0",