@pugi/cli 0.1.0-beta.18 → 0.1.0-beta.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -28,7 +28,9 @@ import { runConfigCommand } from './commands/config.js';
28
28
  import { runPrivacyCommand } from './commands/privacy.js';
29
29
  import { runReport } from './commands/report.js';
30
30
  import { runDoctorCommand, defaultHome as defaultDoctorHome } from './commands/doctor.js';
31
+ import { runStatusCommand, defaultStatusHome, } from './commands/status.js';
31
32
  import { runUndoCommand } from './commands/undo.js';
33
+ import { runCompactCommand } from './commands/compact.js';
32
34
  import { runBudgetCommand } from './commands/budget.js';
33
35
  import { runSkillsCommand } from './commands/skills.js';
34
36
  import { installDefaultSkills } from '../core/skills/defaults.js';
@@ -39,6 +41,8 @@ import { runWorktreeCommand } from './commands/worktree.js';
39
41
  import { resolveWorkspaceLabel } from '../core/repl/workspace-context.js';
40
42
  import { runReviewConsensus } from './commands/review-consensus.js';
41
43
  import { runMcpCommand } from './commands/mcp.js';
44
+ import { runPermissionsCommand } from './commands/permissions.js';
45
+ import { parsePermissionMode } from '../core/permissions/index.js';
42
46
  import { DECOMPOSE_PROMPT_SUFFIX, parseDecompositionFromText, writeDecomposition, } from './plan-decompose.js';
43
47
  import { FtsSyntaxError, SqliteSessionStore, resolveProjectStoreDir } from '../core/repl/store/index.js';
44
48
  import { slugForCwd } from '../core/repl/history.js';
@@ -86,6 +90,8 @@ const handlers = {
86
90
  lsp: dispatchLsp,
87
91
  mcp: dispatchMcp,
88
92
  patch: dispatchPatch,
93
+ permissions: dispatchPermissions,
94
+ perms: dispatchPermissions,
89
95
  plan: runEngineTask('plan'),
90
96
  'plan-review': dispatchPlanReview,
91
97
  privacy: dispatchPrivacy,
@@ -98,8 +104,10 @@ const handlers = {
98
104
  roster: dispatchRoster,
99
105
  sessions,
100
106
  skills: dispatchSkills,
107
+ status,
101
108
  sync,
102
109
  undo: dispatchUndo,
110
+ compact: dispatchCompact,
103
111
  version,
104
112
  web: dispatchWeb,
105
113
  whoami,
@@ -353,12 +361,64 @@ async function dispatchUndo(args, flags, session) {
353
361
  writeOutput: (payload, text) => writeOutput(flags, payload, text),
354
362
  });
355
363
  }
364
+ /**
365
+ * Leak L8 (2026-05-27) — `pugi compact` summarises older REPL turns
366
+ * into a single boundary marker, freeing context for the next `pugi
367
+ * resume <id>`. The slash `/compact` inside a live REPL forwards
368
+ * through the same runner via session.ts so the surface stays single-
369
+ * sourced.
370
+ */
371
+ async function dispatchCompact(args, flags, _session) {
372
+ const result = await runCompactCommand(args, {
373
+ workspaceRoot: process.cwd(),
374
+ writeOutput: (payload, text) => writeOutput(flags, payload, text),
375
+ });
376
+ if (result.status === 'failed_no_session'
377
+ || result.status === 'failed_transport'
378
+ || result.status === 'failed_store') {
379
+ process.exitCode = 1;
380
+ return;
381
+ }
382
+ if (result.status === 'noop_empty' || result.status === 'noop_recent_marker') {
383
+ process.exitCode = 2;
384
+ }
385
+ }
356
386
  async function dispatchBudget(args, flags, _session) {
357
387
  await runBudgetCommand(args, {
358
388
  workspaceRoot: process.cwd(),
359
389
  writeOutput: (payload, text) => writeOutput(flags, payload, text),
360
390
  });
361
391
  }
392
+ /**
393
+ * Leak L6 — `pugi permissions [mode] [--persist] [--confirm]`.
394
+ *
395
+ * Surface the same intent as the in-REPL `/permissions` slash. Mode
396
+ * arg is positional; `--persist` and `--confirm` are zero-arg flags
397
+ * already consumed by `parseArgs` into `flags.persist` / `flags.confirm`.
398
+ *
399
+ * Examples:
400
+ * pugi permissions -> show current mode + table
401
+ * pugi permissions plan -> flip workspace state to plan
402
+ * pugi permissions allow --persist -> flip + write ~/.pugi/config.json
403
+ * pugi permissions bypass --confirm -> flip to bypass (acknowledge banner)
404
+ */
405
+ async function dispatchPermissions(args, flags, _session) {
406
+ const head = args[0];
407
+ if (head && parsePermissionMode(head) === null) {
408
+ writeOutput(flags, { error: 'unknown_mode', mode: head }, `Unknown mode '${head}'. Allowed: plan, ask, allow, bypass.`);
409
+ process.exitCode = 1;
410
+ return;
411
+ }
412
+ const mode = head ? parsePermissionMode(head) : undefined;
413
+ await runPermissionsCommand({
414
+ ...(mode ? { mode } : {}),
415
+ persist: Boolean(flags.persist),
416
+ confirmBypass: Boolean(flags.confirm),
417
+ }, {
418
+ workspaceRoot: process.cwd(),
419
+ writeOutput: (text) => writeOutput(flags, { text }, text),
420
+ });
421
+ }
362
422
  async function dispatchSkills(args, flags, _session) {
363
423
  await runSkillsCommand(args, {
364
424
  workspaceRoot: process.cwd(),
@@ -613,6 +673,11 @@ function parseArgs(argv) {
613
673
  // β-headless: --no-tools default OFF so existing flag-free invocations
614
674
  // keep tool advertisement. Flipped only by explicit operator opt-in.
615
675
  noTools: false,
676
+ // Leak L6 — `pugi permissions <mode> --persist/--confirm`. Default
677
+ // false so existing invocations stay no-op on the new permission
678
+ // surface.
679
+ persist: false,
680
+ confirm: false,
616
681
  };
617
682
  const args = [];
618
683
  // Sprint 2E: `pugi --version` / `-v` are universal install-test conventions
@@ -807,6 +872,32 @@ function parseArgs(argv) {
807
872
  flags.base = next;
808
873
  index += 1;
809
874
  }
875
+ else if (arg.startsWith('--mode=')) {
876
+ // Leak L6: top-level `--mode plan|ask|allow|bypass`. Validation
877
+ // happens at the consumer side (parsePermissionMode) so the
878
+ // parser stays string-typed; an invalid value surfaces a clean
879
+ // error in the dispatcher rather than blowing up here.
880
+ flags.mode = arg.slice('--mode='.length);
881
+ }
882
+ else if (arg === '--mode') {
883
+ const next = argv[index + 1];
884
+ if (!next || next.startsWith('--')) {
885
+ throw new Error('--mode requires plan|ask|allow|bypass');
886
+ }
887
+ flags.mode = next;
888
+ index += 1;
889
+ }
890
+ else if (arg === '--persist') {
891
+ // Leak L6: paired with `pugi permissions <mode>` to also write
892
+ // the mode to ~/.pugi/config.json::defaultPermissionMode.
893
+ flags.persist = true;
894
+ }
895
+ else if (arg === '--confirm') {
896
+ // Leak L6: required for `pugi permissions bypass` (bypass
897
+ // disables policy hooks; the gate refuses the flip without
898
+ // acknowledgement).
899
+ flags.confirm = true;
900
+ }
810
901
  else {
811
902
  args.push(arg);
812
903
  }
@@ -995,6 +1086,20 @@ const COMMAND_HELP_BODIES = {
995
1086
  'event log, settings), permission mode, and the capability matrix per',
996
1087
  'engine adapter. Safe to run anywhere; no network calls.',
997
1088
  ],
1089
+ status: [
1090
+ 'pugi status — concise session snapshot.',
1091
+ '',
1092
+ 'Different from `pugi doctor` (environment health). Status answers',
1093
+ '"what is this Pugi session doing right now?" — session id + age,',
1094
+ 'cwd, permission mode, CLI version, token usage, active + completed',
1095
+ 'dispatches, last command, compact boundary count, auth identity.',
1096
+ '',
1097
+ ' --json Emit a structured envelope to stdout.',
1098
+ '',
1099
+ 'Live REPL state (tokens, last command) is only available via the',
1100
+ 'in-REPL `/status` slash; the shell path degrades those fields к',
1101
+ '"n/a" and exits 0.',
1102
+ ],
998
1103
  report: [
999
1104
  'pugi report — capture a bug report from the most-recent session.',
1000
1105
  '',
@@ -1133,6 +1238,30 @@ async function doctor(_args, flags, _session) {
1133
1238
  writeOutput: (payload, text) => writeOutput(flags, payload, text),
1134
1239
  });
1135
1240
  }
1241
+ /**
1242
+ * `pugi status` — Leak L34 (2026-05-27). Concise session-state probe
1243
+ * mirroring Claude Code's `/status`. Distinct from `pugi doctor`
1244
+ * (environment health) — `status` answers "what is THIS Pugi
1245
+ * session doing right now?" with session id + age, cwd, permission
1246
+ * mode, CLI version, token usage, dispatch count, last command,
1247
+ * compact boundaries, and auth identity.
1248
+ *
1249
+ * The top-level shell invocation has no live REPL state — fields
1250
+ * that need a live session (`tokens`, `lastCommand`) degrade к the
1251
+ * `n/a` sentinel. The same handler powers the in-REPL `/status`
1252
+ * slash, which passes live state through `StatusCommandContext`.
1253
+ *
1254
+ * Always exits 0 — the command is informational, never a gate.
1255
+ */
1256
+ async function status(_args, flags, _session) {
1257
+ await runStatusCommand({
1258
+ cwd: process.cwd(),
1259
+ home: defaultStatusHome(),
1260
+ env: process.env,
1261
+ json: flags.json,
1262
+ writeOutput: (payload, text) => writeOutput(flags, payload, text),
1263
+ });
1264
+ }
1136
1265
  /**
1137
1266
  * Programmatic init scaffolder. Idempotent — every helper call is a
1138
1267
  * `*_IfMissing` write, so re-running over an existing .pugi/ workspace
@@ -0,0 +1,296 @@
1
+ /**
2
+ * `pugi compact` — top-level command + companion to the REPL slash.
3
+ *
4
+ * Summarises older events from the most recent SessionStore session
5
+ * into a single boundary marker, freeing context budget for the next
6
+ * REPL session that resumes the same id.
7
+ *
8
+ * Wire: writeOutput contract matches every other dispatch in cli.ts
9
+ * (one structured payload + one human line). Exit code:
10
+ * 0 — boundary marker appended
11
+ * 1 — summarizer transport failed / store unavailable
12
+ * 2 — no events to compact / nothing to do
13
+ *
14
+ * The companion REPL slash dispatches through this same runner so the
15
+ * surface stays single-sourced.
16
+ */
17
+ import { homedir } from 'node:os';
18
+ import { loadRuntimeConfig } from '@pugi/sdk';
19
+ import { AnvilEngineLoopClient } from '../../core/engine/anvil-client.js';
20
+ import { SqliteSessionStore, resolveProjectStoreDir, } from '../../core/repl/store/session-store.js';
21
+ import { appendCompactBoundary, isCompactBoundary, } from '../../core/compact/buffer-rewriter.js';
22
+ import { summarizeEvents, SummarizerError } from '../../core/compact/summarizer.js';
23
+ /** Number of tail turns preserved verbatim on every compaction. */
24
+ export const KEPT_TAIL_TURNS = 5;
25
+ /** Minimum source events before we accept a compaction. */
26
+ const MIN_EVENTS_TO_COMPACT = 6;
27
+ /**
28
+ * Entry point reused by the slash command + the top-level dispatcher.
29
+ *
30
+ * The function is exhaustive: every early-exit branch produces a
31
+ * structured `CompactCommandResult` for the JSON path AND a one-line
32
+ * human message for the TTY path. Tests assert on the returned shape;
33
+ * the top-level dispatcher forwards it to `writeOutput`.
34
+ */
35
+ export async function runCompactCommand(_args, ctx) {
36
+ const trigger = ctx.trigger ?? 'manual';
37
+ // Resolve the target session id. When the caller supplied a store
38
+ // (REPL slash path, tests) we trust it has the session bound; the
39
+ // standalone CLI path needs to discover the most-recent id via the
40
+ // read-only view + then open the live store on that id.
41
+ let store = ctx.store ?? null;
42
+ let sessionId = ctx.sessionId ?? null;
43
+ if (store === null) {
44
+ sessionId = sessionId ?? (await pickMostRecentSessionIdReadOnly(ctx.workspaceRoot));
45
+ if (!sessionId) {
46
+ return emit(ctx, {
47
+ command: 'compact',
48
+ status: 'failed_no_session',
49
+ trigger,
50
+ reason: 'No active session to compact. Start a REPL with `pugi`.',
51
+ });
52
+ }
53
+ store = await openStoreForCwd(ctx.workspaceRoot, sessionId);
54
+ if (!store) {
55
+ return emit(ctx, {
56
+ command: 'compact',
57
+ status: 'failed_no_session',
58
+ trigger,
59
+ reason: 'Local session store unavailable (lock held by REPL?).',
60
+ });
61
+ }
62
+ }
63
+ else if (sessionId === null) {
64
+ // Caller supplied a store but no session id — try to discover one.
65
+ sessionId = await pickMostRecentSessionId(store, ctx.workspaceRoot);
66
+ if (!sessionId) {
67
+ return emit(ctx, {
68
+ command: 'compact',
69
+ status: 'failed_no_session',
70
+ trigger,
71
+ reason: 'No active session to compact.',
72
+ });
73
+ }
74
+ }
75
+ // Snapshot the events. We pass `coversUntilOffset` as the count of
76
+ // events at the moment of the snapshot so the marker's anchor is
77
+ // accurate even if other writers race afterwards.
78
+ let events;
79
+ try {
80
+ events = await store.loadEvents(sessionId);
81
+ }
82
+ catch (error) {
83
+ return emit(ctx, {
84
+ command: 'compact',
85
+ status: 'failed_store',
86
+ sessionId,
87
+ trigger,
88
+ reason: `Could not load events: ${errMsg(error)}`,
89
+ });
90
+ }
91
+ if (events.length < MIN_EVENTS_TO_COMPACT) {
92
+ return emit(ctx, {
93
+ command: 'compact',
94
+ status: 'noop_empty',
95
+ sessionId,
96
+ trigger,
97
+ reason: `Only ${events.length} events on disk; need at least ${MIN_EVENTS_TO_COMPACT}.`,
98
+ });
99
+ }
100
+ // Locate the source slice: everything strictly after the latest
101
+ // compact-boundary, EXCLUDING the kept-tail window. If no prior
102
+ // boundary exists, walk from offset 0.
103
+ const lastBoundaryIdx = findLastCompactBoundaryIndex(events);
104
+ const sliceStart = lastBoundaryIdx === -1 ? 0 : lastBoundaryIdx + 1;
105
+ const sliceEnd = Math.max(sliceStart, events.length - KEPT_TAIL_TURNS);
106
+ const sourceSlice = events.slice(sliceStart, sliceEnd);
107
+ if (sourceSlice.length === 0) {
108
+ return emit(ctx, {
109
+ command: 'compact',
110
+ status: 'noop_recent_marker',
111
+ sessionId,
112
+ trigger,
113
+ reason: 'Conversation already compact — nothing new to fold.',
114
+ });
115
+ }
116
+ // Build the engine client. Production uses Anvil; tests inject a
117
+ // fixture client to avoid the network round-trip.
118
+ const engineClient = ctx.engineClient ?? buildAnvilClient();
119
+ if (!engineClient) {
120
+ return emit(ctx, {
121
+ command: 'compact',
122
+ status: 'failed_transport',
123
+ sessionId,
124
+ trigger,
125
+ reason: 'Could not build engine client (run `pugi login`).',
126
+ });
127
+ }
128
+ // Run the summariser.
129
+ let summary;
130
+ try {
131
+ summary = await summarizeEvents({
132
+ events: sourceSlice,
133
+ client: engineClient,
134
+ personaSlug: 'mira',
135
+ });
136
+ }
137
+ catch (error) {
138
+ const code = error instanceof SummarizerError ? error.code : 'unknown';
139
+ const message = error instanceof Error ? error.message : String(error);
140
+ return emit(ctx, {
141
+ command: 'compact',
142
+ status: 'failed_transport',
143
+ sessionId,
144
+ trigger,
145
+ reason: `Summarizer failed (${code}): ${message}`,
146
+ });
147
+ }
148
+ // Append the boundary marker. Recompute `coversUntilOffset` AFTER
149
+ // the summariser round-trip so any events that landed mid-flight
150
+ // fall into the kept-tail window — the operator does not lose work
151
+ // that arrived during compaction. The next event we append (the
152
+ // marker itself) lands at index `coversUntilOffset` in the on-disk
153
+ // log.
154
+ let postRoundTripEvents;
155
+ try {
156
+ postRoundTripEvents = await store.loadEvents(sessionId);
157
+ }
158
+ catch (error) {
159
+ return emit(ctx, {
160
+ command: 'compact',
161
+ status: 'failed_store',
162
+ sessionId,
163
+ trigger,
164
+ reason: `Could not refresh events: ${errMsg(error)}`,
165
+ });
166
+ }
167
+ const coversUntilOffset = postRoundTripEvents.length;
168
+ try {
169
+ await appendCompactBoundary({
170
+ store,
171
+ trigger,
172
+ summary: summary.summary,
173
+ summaryTokenCount: summary.tokensSummarised,
174
+ summaryTurnsBefore: summary.eventsSummarised,
175
+ keptTailTurns: KEPT_TAIL_TURNS,
176
+ coversUntilOffset,
177
+ ...(ctx.now !== undefined ? { now: ctx.now } : {}),
178
+ });
179
+ }
180
+ catch (error) {
181
+ return emit(ctx, {
182
+ command: 'compact',
183
+ status: 'failed_store',
184
+ sessionId,
185
+ trigger,
186
+ reason: `Could not append marker: ${errMsg(error)}`,
187
+ });
188
+ }
189
+ return emit(ctx, {
190
+ command: 'compact',
191
+ status: 'compacted',
192
+ sessionId,
193
+ trigger,
194
+ turnsBefore: summary.eventsSummarised,
195
+ tailKept: KEPT_TAIL_TURNS,
196
+ tokensSummarised: summary.tokensSummarised,
197
+ }, `Compacted ${summary.eventsSummarised} events (~${summary.tokensSummarised} tokens) into 1 summary. ` +
198
+ `Last ${KEPT_TAIL_TURNS} turns kept verbatim.`);
199
+ }
200
+ /* ------------------------------------------------------------------ */
201
+ /* Helpers */
202
+ /* ------------------------------------------------------------------ */
203
+ /**
204
+ * Emit a payload through the context and return it for the caller. We
205
+ * keep the function exhaustive so every branch lands on the same
206
+ * writeOutput contract (JSON-mode + text-mode).
207
+ */
208
+ function emit(ctx, payload, text) {
209
+ const human = text ?? payload.reason ?? `compact: ${payload.status}`;
210
+ ctx.writeOutput(payload, human);
211
+ return payload;
212
+ }
213
+ function findLastCompactBoundaryIndex(events) {
214
+ for (let i = events.length - 1; i >= 0; i -= 1) {
215
+ if (isCompactBoundary(events[i]))
216
+ return i;
217
+ }
218
+ return -1;
219
+ }
220
+ function errMsg(error) {
221
+ return error instanceof Error ? error.message : String(error);
222
+ }
223
+ /**
224
+ * Open the SqliteSessionStore for the workspace's project slug and
225
+ * bind the active log to `sessionId`. Returns null when the open
226
+ * fails (lock contention, IO error, missing project dir).
227
+ *
228
+ * The PID lockfile contention is the expected failure mode here — a
229
+ * running REPL holds the lock, and `pugi compact` from a second
230
+ * terminal cannot grab it. The caller surfaces a clear message rather
231
+ * than crashing the dispatch.
232
+ */
233
+ async function openStoreForCwd(workspaceRoot, sessionId) {
234
+ try {
235
+ const slug = projectSlugForCwd(workspaceRoot);
236
+ const store = new SqliteSessionStore({ projectSlug: slug, home: homedir() });
237
+ await store.open({
238
+ id: sessionId,
239
+ workspaceRoot,
240
+ projectSlug: slug,
241
+ });
242
+ return store;
243
+ }
244
+ catch {
245
+ return null;
246
+ }
247
+ }
248
+ /**
249
+ * Read-only-view variant of `pickMostRecentSessionId` for the
250
+ * pre-open phase. Walks `~/.pugi/projects/<slug>/session.db` without
251
+ * taking the lockfile so a live REPL in another terminal does not
252
+ * make discovery fail.
253
+ */
254
+ async function pickMostRecentSessionIdReadOnly(workspaceRoot) {
255
+ try {
256
+ const slug = projectSlugForCwd(workspaceRoot);
257
+ const dir = resolveProjectStoreDir(slug, homedir());
258
+ const view = await SqliteSessionStore.openReadOnly(dir);
259
+ try {
260
+ const rows = await view.list({ project: slug, limit: 1, status: 'active' });
261
+ return rows.length > 0 ? rows[0].id : null;
262
+ }
263
+ finally {
264
+ await view.close();
265
+ }
266
+ }
267
+ catch {
268
+ return null;
269
+ }
270
+ }
271
+ /**
272
+ * Locate the most recent active session for the workspace. Returns
273
+ * null when no session row exists.
274
+ */
275
+ async function pickMostRecentSessionId(store, workspaceRoot) {
276
+ const slug = projectSlugForCwd(workspaceRoot);
277
+ const rows = await store.listSessions({ project: slug, limit: 1, status: 'active' });
278
+ if (rows.length === 0)
279
+ return null;
280
+ return rows[0].id;
281
+ }
282
+ function projectSlugForCwd(workspaceRoot) {
283
+ const base = workspaceRoot.split('/').filter((s) => s.length > 0).pop() ?? 'workspace';
284
+ return base.toLowerCase().replace(/[^a-z0-9-]/g, '-').slice(0, 64);
285
+ }
286
+ /**
287
+ * Construct an Anvil-backed engine client from env-resolved runtime
288
+ * config. Returns null when the operator is not authenticated.
289
+ */
290
+ function buildAnvilClient() {
291
+ const config = loadRuntimeConfig();
292
+ if (!config)
293
+ return null;
294
+ return new AnvilEngineLoopClient(config);
295
+ }
296
+ //# sourceMappingURL=compact.js.map
@@ -48,6 +48,7 @@ import { probeGit } from '../../core/diagnostics/probes/git.js';
48
48
  import { probeMcp } from '../../core/diagnostics/probes/mcp.js';
49
49
  import { probeConfig } from '../../core/diagnostics/probes/config.js';
50
50
  import { probeSession } from '../../core/diagnostics/probes/session.js';
51
+ import { probeDenialTracking } from '../../core/diagnostics/probes/denial-tracking.js';
51
52
  /**
52
53
  * Default API URL when no PUGI_API_URL env override is set. Mirrors
53
54
  * the constant in `core/credentials.ts` (kept local to avoid an
@@ -195,6 +196,16 @@ export function buildDefaultProbes(ctx, options = {}) {
195
196
  ...(options.liveSessionId ? { liveSessionId: options.liveSessionId } : {}),
196
197
  }),
197
198
  },
199
+ // α7 L11 (2026-05-27): DENIAL TRACKING probe. Reports the live
200
+ // session's denial pressure when the REPL adapter wired the
201
+ // tracker through `runDoctorCommand`; degrades к `skipped` for
202
+ // top-level `pugi doctor` calls outside the REPL.
203
+ {
204
+ name: 'DENIAL TRACKING',
205
+ run: async () => probeDenialTracking({
206
+ ...(options.denialTracking ? { tracker: options.denialTracking } : {}),
207
+ }),
208
+ },
198
209
  ];
199
210
  return probes;
200
211
  }
@@ -211,6 +222,7 @@ export async function runDoctorCommand(ctx) {
211
222
  };
212
223
  const probes = buildDefaultProbes(probeCtx, {
213
224
  ...(ctx.liveSessionId ? { liveSessionId: ctx.liveSessionId } : {}),
225
+ ...(ctx.denialTracking ? { denialTracking: ctx.denialTracking } : {}),
214
226
  });
215
227
  const report = await runProbes(probes);
216
228
  // Defensive recompute: even though runProbes already computed the
@@ -0,0 +1,87 @@
1
+ /**
2
+ * `pugi permissions` / `/permissions` — Leak L6 4-mode gate control.
3
+ *
4
+ * Two entry points share one runtime helper:
5
+ * 1. `/permissions` in the REPL — forwarded by `core/repl/session.ts`.
6
+ * 2. `pugi permissions ...` top-level CLI command (handler in
7
+ * `runtime/cli.ts`).
8
+ *
9
+ * Both pass a `PermissionsCommand` payload describing the operator
10
+ * intent (show / flip / persist) and a `writeOutput` callback that
11
+ * lets the caller route the rendered lines into the right surface
12
+ * (REPL transcript vs. stdout). The helper is intentionally I/O-free
13
+ * itself — it produces lines and lets the caller stream them.
14
+ */
15
+ import { DEFAULT_PERMISSION_MODE, PERMISSION_MODES, PERMISSION_MODE_GLOSS, getCurrentMode, getGlobalDefaultMode, setCurrentMode, setGlobalDefaultMode, } from '../../core/permissions/index.js';
16
+ /**
17
+ * Run the `/permissions` or `pugi permissions` flow. Side effects:
18
+ * - When `command.mode` is undefined: prints the current mode + the
19
+ * 4-mode table (no writes).
20
+ * - When `command.mode === 'bypass'` without `confirmBypass`: prints
21
+ * a refusal + the safety copy, no writes.
22
+ * - When `command.mode` is set + valid: writes workspace session
23
+ * state; optionally writes global default when `persist` is true.
24
+ * - Always prints the new effective mode + a one-line confirmation.
25
+ */
26
+ export async function runPermissionsCommand(command, ctx) {
27
+ if (!command.mode) {
28
+ renderCurrentMode(ctx);
29
+ renderModeTable(ctx);
30
+ return;
31
+ }
32
+ if (command.mode === 'bypass' && !command.confirmBypass) {
33
+ ctx.writeOutput('Bypass mode disables policy hooks (skill steering, denial tracking).');
34
+ ctx.writeOutput('Run `/permissions bypass --confirm` to acknowledge before flipping.');
35
+ return;
36
+ }
37
+ setCurrentMode(ctx.workspaceRoot, command.mode);
38
+ if (command.persist) {
39
+ setGlobalDefaultMode(command.mode, ctx.homeDir);
40
+ }
41
+ const persistedHint = command.persist
42
+ ? ' Persisted to ~/.pugi/config.json for future sessions.'
43
+ : '';
44
+ ctx.writeOutput(`Permission mode set to '${command.mode}'.${persistedHint} ${PERMISSION_MODE_GLOSS[command.mode]}`);
45
+ if (command.mode === 'bypass') {
46
+ ctx.writeOutput('BYPASS MODE — all tools execute without prompts AND policy hooks disabled. Switch back with /permissions allow.');
47
+ }
48
+ }
49
+ /**
50
+ * Print the resolved current mode + the layered source. The merge
51
+ * order mirrors `resolveMode()`: workspace > global > default.
52
+ */
53
+ function renderCurrentMode(ctx) {
54
+ const workspace = getCurrentMode(ctx.workspaceRoot);
55
+ const global = getGlobalDefaultMode(ctx.homeDir);
56
+ const effective = workspace ?? global ?? DEFAULT_PERMISSION_MODE;
57
+ const source = workspace
58
+ ? 'workspace session.json'
59
+ : global
60
+ ? 'global ~/.pugi/config.json'
61
+ : 'default (no override)';
62
+ ctx.writeOutput(`Current permission mode: ${effective} (source: ${source})`);
63
+ }
64
+ /**
65
+ * Print the 4-mode reference table. Keeps the gloss + the side-effect
66
+ * matrix in one place so the operator can see the contract while they
67
+ * decide which mode to switch to.
68
+ */
69
+ function renderModeTable(ctx) {
70
+ ctx.writeOutput('');
71
+ ctx.writeOutput('Permission modes:');
72
+ for (const mode of PERMISSION_MODES) {
73
+ ctx.writeOutput(` ${mode.padEnd(7)} ${PERMISSION_MODE_GLOSS[mode]}`);
74
+ }
75
+ ctx.writeOutput('');
76
+ ctx.writeOutput('Switch with `/permissions <mode> [--persist]`. Bypass requires `--confirm`.');
77
+ }
78
+ /**
79
+ * Render the one-shot banner shown on session boot when the effective
80
+ * mode is `bypass`. The caller (engine adapter / REPL bootstrap) calls
81
+ * this once per session — repeated invocations are idempotent in copy
82
+ * but the caller is responsible for the once-only semantics.
83
+ */
84
+ export function renderBypassBanner(writeOutput) {
85
+ writeOutput('BYPASS MODE — all tools execute without prompts AND policy hooks disabled. Switch back with /permissions allow.');
86
+ }
87
+ //# sourceMappingURL=permissions.js.map