@pugi/cli 0.1.0-beta.18 → 0.1.0-beta.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/core/compact/auto-trigger.js +96 -0
- package/dist/core/compact/buffer-rewriter.js +115 -0
- package/dist/core/compact/summarizer.js +196 -0
- package/dist/core/compact/token-counter.js +108 -0
- package/dist/core/denial-tracking/index.js +8 -0
- package/dist/core/denial-tracking/state.js +264 -0
- package/dist/core/diagnostics/probes/denial-tracking.js +57 -0
- package/dist/core/diagnostics/probes/status-snapshot.js +442 -0
- package/dist/core/engine/native-pugi.js +20 -0
- package/dist/core/engine/tool-bridge.js +153 -14
- package/dist/core/permissions/gate.js +187 -0
- package/dist/core/permissions/index.js +18 -0
- package/dist/core/permissions/mode.js +102 -0
- package/dist/core/permissions/state.js +160 -0
- package/dist/core/permissions/tool-class.js +93 -0
- package/dist/core/repl/session.js +227 -9
- package/dist/core/repl/slash-commands.js +58 -4
- package/dist/runtime/cli.js +129 -0
- package/dist/runtime/commands/compact.js +296 -0
- package/dist/runtime/commands/doctor.js +12 -0
- package/dist/runtime/commands/permissions.js +87 -0
- package/dist/runtime/commands/status.js +178 -0
- package/dist/runtime/version.js +1 -1
- package/dist/tui/compact-banner.js +54 -0
- package/dist/tui/status-table.js +7 -0
- package/package.json +2 -2
package/dist/runtime/cli.js
CHANGED
|
@@ -28,7 +28,9 @@ import { runConfigCommand } from './commands/config.js';
|
|
|
28
28
|
import { runPrivacyCommand } from './commands/privacy.js';
|
|
29
29
|
import { runReport } from './commands/report.js';
|
|
30
30
|
import { runDoctorCommand, defaultHome as defaultDoctorHome } from './commands/doctor.js';
|
|
31
|
+
import { runStatusCommand, defaultStatusHome, } from './commands/status.js';
|
|
31
32
|
import { runUndoCommand } from './commands/undo.js';
|
|
33
|
+
import { runCompactCommand } from './commands/compact.js';
|
|
32
34
|
import { runBudgetCommand } from './commands/budget.js';
|
|
33
35
|
import { runSkillsCommand } from './commands/skills.js';
|
|
34
36
|
import { installDefaultSkills } from '../core/skills/defaults.js';
|
|
@@ -39,6 +41,8 @@ import { runWorktreeCommand } from './commands/worktree.js';
|
|
|
39
41
|
import { resolveWorkspaceLabel } from '../core/repl/workspace-context.js';
|
|
40
42
|
import { runReviewConsensus } from './commands/review-consensus.js';
|
|
41
43
|
import { runMcpCommand } from './commands/mcp.js';
|
|
44
|
+
import { runPermissionsCommand } from './commands/permissions.js';
|
|
45
|
+
import { parsePermissionMode } from '../core/permissions/index.js';
|
|
42
46
|
import { DECOMPOSE_PROMPT_SUFFIX, parseDecompositionFromText, writeDecomposition, } from './plan-decompose.js';
|
|
43
47
|
import { FtsSyntaxError, SqliteSessionStore, resolveProjectStoreDir } from '../core/repl/store/index.js';
|
|
44
48
|
import { slugForCwd } from '../core/repl/history.js';
|
|
@@ -86,6 +90,8 @@ const handlers = {
|
|
|
86
90
|
lsp: dispatchLsp,
|
|
87
91
|
mcp: dispatchMcp,
|
|
88
92
|
patch: dispatchPatch,
|
|
93
|
+
permissions: dispatchPermissions,
|
|
94
|
+
perms: dispatchPermissions,
|
|
89
95
|
plan: runEngineTask('plan'),
|
|
90
96
|
'plan-review': dispatchPlanReview,
|
|
91
97
|
privacy: dispatchPrivacy,
|
|
@@ -98,8 +104,10 @@ const handlers = {
|
|
|
98
104
|
roster: dispatchRoster,
|
|
99
105
|
sessions,
|
|
100
106
|
skills: dispatchSkills,
|
|
107
|
+
status,
|
|
101
108
|
sync,
|
|
102
109
|
undo: dispatchUndo,
|
|
110
|
+
compact: dispatchCompact,
|
|
103
111
|
version,
|
|
104
112
|
web: dispatchWeb,
|
|
105
113
|
whoami,
|
|
@@ -353,12 +361,64 @@ async function dispatchUndo(args, flags, session) {
|
|
|
353
361
|
writeOutput: (payload, text) => writeOutput(flags, payload, text),
|
|
354
362
|
});
|
|
355
363
|
}
|
|
364
|
+
/**
|
|
365
|
+
* Leak L8 (2026-05-27) — `pugi compact` summarises older REPL turns
|
|
366
|
+
* into a single boundary marker, freeing context for the next `pugi
|
|
367
|
+
* resume <id>`. The slash `/compact` inside a live REPL forwards
|
|
368
|
+
* through the same runner via session.ts so the surface stays single-
|
|
369
|
+
* sourced.
|
|
370
|
+
*/
|
|
371
|
+
async function dispatchCompact(args, flags, _session) {
|
|
372
|
+
const result = await runCompactCommand(args, {
|
|
373
|
+
workspaceRoot: process.cwd(),
|
|
374
|
+
writeOutput: (payload, text) => writeOutput(flags, payload, text),
|
|
375
|
+
});
|
|
376
|
+
if (result.status === 'failed_no_session'
|
|
377
|
+
|| result.status === 'failed_transport'
|
|
378
|
+
|| result.status === 'failed_store') {
|
|
379
|
+
process.exitCode = 1;
|
|
380
|
+
return;
|
|
381
|
+
}
|
|
382
|
+
if (result.status === 'noop_empty' || result.status === 'noop_recent_marker') {
|
|
383
|
+
process.exitCode = 2;
|
|
384
|
+
}
|
|
385
|
+
}
|
|
356
386
|
async function dispatchBudget(args, flags, _session) {
|
|
357
387
|
await runBudgetCommand(args, {
|
|
358
388
|
workspaceRoot: process.cwd(),
|
|
359
389
|
writeOutput: (payload, text) => writeOutput(flags, payload, text),
|
|
360
390
|
});
|
|
361
391
|
}
|
|
392
|
+
/**
|
|
393
|
+
* Leak L6 — `pugi permissions [mode] [--persist] [--confirm]`.
|
|
394
|
+
*
|
|
395
|
+
* Surface the same intent as the in-REPL `/permissions` slash. Mode
|
|
396
|
+
* arg is positional; `--persist` and `--confirm` are zero-arg flags
|
|
397
|
+
* already consumed by `parseArgs` into `flags.persist` / `flags.confirm`.
|
|
398
|
+
*
|
|
399
|
+
* Examples:
|
|
400
|
+
* pugi permissions -> show current mode + table
|
|
401
|
+
* pugi permissions plan -> flip workspace state to plan
|
|
402
|
+
* pugi permissions allow --persist -> flip + write ~/.pugi/config.json
|
|
403
|
+
* pugi permissions bypass --confirm -> flip to bypass (acknowledge banner)
|
|
404
|
+
*/
|
|
405
|
+
async function dispatchPermissions(args, flags, _session) {
|
|
406
|
+
const head = args[0];
|
|
407
|
+
if (head && parsePermissionMode(head) === null) {
|
|
408
|
+
writeOutput(flags, { error: 'unknown_mode', mode: head }, `Unknown mode '${head}'. Allowed: plan, ask, allow, bypass.`);
|
|
409
|
+
process.exitCode = 1;
|
|
410
|
+
return;
|
|
411
|
+
}
|
|
412
|
+
const mode = head ? parsePermissionMode(head) : undefined;
|
|
413
|
+
await runPermissionsCommand({
|
|
414
|
+
...(mode ? { mode } : {}),
|
|
415
|
+
persist: Boolean(flags.persist),
|
|
416
|
+
confirmBypass: Boolean(flags.confirm),
|
|
417
|
+
}, {
|
|
418
|
+
workspaceRoot: process.cwd(),
|
|
419
|
+
writeOutput: (text) => writeOutput(flags, { text }, text),
|
|
420
|
+
});
|
|
421
|
+
}
|
|
362
422
|
async function dispatchSkills(args, flags, _session) {
|
|
363
423
|
await runSkillsCommand(args, {
|
|
364
424
|
workspaceRoot: process.cwd(),
|
|
@@ -613,6 +673,11 @@ function parseArgs(argv) {
|
|
|
613
673
|
// β-headless: --no-tools default OFF so existing flag-free invocations
|
|
614
674
|
// keep tool advertisement. Flipped only by explicit operator opt-in.
|
|
615
675
|
noTools: false,
|
|
676
|
+
// Leak L6 — `pugi permissions <mode> --persist/--confirm`. Default
|
|
677
|
+
// false so existing invocations stay no-op on the new permission
|
|
678
|
+
// surface.
|
|
679
|
+
persist: false,
|
|
680
|
+
confirm: false,
|
|
616
681
|
};
|
|
617
682
|
const args = [];
|
|
618
683
|
// Sprint 2E: `pugi --version` / `-v` are universal install-test conventions
|
|
@@ -807,6 +872,32 @@ function parseArgs(argv) {
|
|
|
807
872
|
flags.base = next;
|
|
808
873
|
index += 1;
|
|
809
874
|
}
|
|
875
|
+
else if (arg.startsWith('--mode=')) {
|
|
876
|
+
// Leak L6: top-level `--mode plan|ask|allow|bypass`. Validation
|
|
877
|
+
// happens at the consumer side (parsePermissionMode) so the
|
|
878
|
+
// parser stays string-typed; an invalid value surfaces a clean
|
|
879
|
+
// error in the dispatcher rather than blowing up here.
|
|
880
|
+
flags.mode = arg.slice('--mode='.length);
|
|
881
|
+
}
|
|
882
|
+
else if (arg === '--mode') {
|
|
883
|
+
const next = argv[index + 1];
|
|
884
|
+
if (!next || next.startsWith('--')) {
|
|
885
|
+
throw new Error('--mode requires plan|ask|allow|bypass');
|
|
886
|
+
}
|
|
887
|
+
flags.mode = next;
|
|
888
|
+
index += 1;
|
|
889
|
+
}
|
|
890
|
+
else if (arg === '--persist') {
|
|
891
|
+
// Leak L6: paired with `pugi permissions <mode>` to also write
|
|
892
|
+
// the mode to ~/.pugi/config.json::defaultPermissionMode.
|
|
893
|
+
flags.persist = true;
|
|
894
|
+
}
|
|
895
|
+
else if (arg === '--confirm') {
|
|
896
|
+
// Leak L6: required for `pugi permissions bypass` (bypass
|
|
897
|
+
// disables policy hooks; the gate refuses the flip without
|
|
898
|
+
// acknowledgement).
|
|
899
|
+
flags.confirm = true;
|
|
900
|
+
}
|
|
810
901
|
else {
|
|
811
902
|
args.push(arg);
|
|
812
903
|
}
|
|
@@ -995,6 +1086,20 @@ const COMMAND_HELP_BODIES = {
|
|
|
995
1086
|
'event log, settings), permission mode, and the capability matrix per',
|
|
996
1087
|
'engine adapter. Safe to run anywhere; no network calls.',
|
|
997
1088
|
],
|
|
1089
|
+
status: [
|
|
1090
|
+
'pugi status — concise session snapshot.',
|
|
1091
|
+
'',
|
|
1092
|
+
'Different from `pugi doctor` (environment health). Status answers',
|
|
1093
|
+
'"what is this Pugi session doing right now?" — session id + age,',
|
|
1094
|
+
'cwd, permission mode, CLI version, token usage, active + completed',
|
|
1095
|
+
'dispatches, last command, compact boundary count, auth identity.',
|
|
1096
|
+
'',
|
|
1097
|
+
' --json Emit a structured envelope to stdout.',
|
|
1098
|
+
'',
|
|
1099
|
+
'Live REPL state (tokens, last command) is only available via the',
|
|
1100
|
+
'in-REPL `/status` slash; the shell path degrades those fields к',
|
|
1101
|
+
'"n/a" and exits 0.',
|
|
1102
|
+
],
|
|
998
1103
|
report: [
|
|
999
1104
|
'pugi report — capture a bug report from the most-recent session.',
|
|
1000
1105
|
'',
|
|
@@ -1133,6 +1238,30 @@ async function doctor(_args, flags, _session) {
|
|
|
1133
1238
|
writeOutput: (payload, text) => writeOutput(flags, payload, text),
|
|
1134
1239
|
});
|
|
1135
1240
|
}
|
|
1241
|
+
/**
|
|
1242
|
+
* `pugi status` — Leak L34 (2026-05-27). Concise session-state probe
|
|
1243
|
+
* mirroring Claude Code's `/status`. Distinct from `pugi doctor`
|
|
1244
|
+
* (environment health) — `status` answers "what is THIS Pugi
|
|
1245
|
+
* session doing right now?" with session id + age, cwd, permission
|
|
1246
|
+
* mode, CLI version, token usage, dispatch count, last command,
|
|
1247
|
+
* compact boundaries, and auth identity.
|
|
1248
|
+
*
|
|
1249
|
+
* The top-level shell invocation has no live REPL state — fields
|
|
1250
|
+
* that need a live session (`tokens`, `lastCommand`) degrade к the
|
|
1251
|
+
* `n/a` sentinel. The same handler powers the in-REPL `/status`
|
|
1252
|
+
* slash, which passes live state through `StatusCommandContext`.
|
|
1253
|
+
*
|
|
1254
|
+
* Always exits 0 — the command is informational, never a gate.
|
|
1255
|
+
*/
|
|
1256
|
+
async function status(_args, flags, _session) {
|
|
1257
|
+
await runStatusCommand({
|
|
1258
|
+
cwd: process.cwd(),
|
|
1259
|
+
home: defaultStatusHome(),
|
|
1260
|
+
env: process.env,
|
|
1261
|
+
json: flags.json,
|
|
1262
|
+
writeOutput: (payload, text) => writeOutput(flags, payload, text),
|
|
1263
|
+
});
|
|
1264
|
+
}
|
|
1136
1265
|
/**
|
|
1137
1266
|
* Programmatic init scaffolder. Idempotent — every helper call is a
|
|
1138
1267
|
* `*_IfMissing` write, so re-running over an existing .pugi/ workspace
|
|
@@ -0,0 +1,296 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* `pugi compact` — top-level command + companion to the REPL slash.
|
|
3
|
+
*
|
|
4
|
+
* Summarises older events from the most recent SessionStore session
|
|
5
|
+
* into a single boundary marker, freeing context budget for the next
|
|
6
|
+
* REPL session that resumes the same id.
|
|
7
|
+
*
|
|
8
|
+
* Wire: writeOutput contract matches every other dispatch in cli.ts
|
|
9
|
+
* (one structured payload + one human line). Exit code:
|
|
10
|
+
* 0 — boundary marker appended
|
|
11
|
+
* 1 — summarizer transport failed / store unavailable
|
|
12
|
+
* 2 — no events to compact / nothing to do
|
|
13
|
+
*
|
|
14
|
+
* The companion REPL slash dispatches through this same runner so the
|
|
15
|
+
* surface stays single-sourced.
|
|
16
|
+
*/
|
|
17
|
+
import { homedir } from 'node:os';
|
|
18
|
+
import { loadRuntimeConfig } from '@pugi/sdk';
|
|
19
|
+
import { AnvilEngineLoopClient } from '../../core/engine/anvil-client.js';
|
|
20
|
+
import { SqliteSessionStore, resolveProjectStoreDir, } from '../../core/repl/store/session-store.js';
|
|
21
|
+
import { appendCompactBoundary, isCompactBoundary, } from '../../core/compact/buffer-rewriter.js';
|
|
22
|
+
import { summarizeEvents, SummarizerError } from '../../core/compact/summarizer.js';
|
|
23
|
+
/** Number of tail turns preserved verbatim on every compaction. */
|
|
24
|
+
export const KEPT_TAIL_TURNS = 5;
|
|
25
|
+
/** Minimum source events before we accept a compaction. */
|
|
26
|
+
const MIN_EVENTS_TO_COMPACT = 6;
|
|
27
|
+
/**
|
|
28
|
+
* Entry point reused by the slash command + the top-level dispatcher.
|
|
29
|
+
*
|
|
30
|
+
* The function is exhaustive: every early-exit branch produces a
|
|
31
|
+
* structured `CompactCommandResult` for the JSON path AND a one-line
|
|
32
|
+
* human message for the TTY path. Tests assert on the returned shape;
|
|
33
|
+
* the top-level dispatcher forwards it to `writeOutput`.
|
|
34
|
+
*/
|
|
35
|
+
export async function runCompactCommand(_args, ctx) {
|
|
36
|
+
const trigger = ctx.trigger ?? 'manual';
|
|
37
|
+
// Resolve the target session id. When the caller supplied a store
|
|
38
|
+
// (REPL slash path, tests) we trust it has the session bound; the
|
|
39
|
+
// standalone CLI path needs to discover the most-recent id via the
|
|
40
|
+
// read-only view + then open the live store on that id.
|
|
41
|
+
let store = ctx.store ?? null;
|
|
42
|
+
let sessionId = ctx.sessionId ?? null;
|
|
43
|
+
if (store === null) {
|
|
44
|
+
sessionId = sessionId ?? (await pickMostRecentSessionIdReadOnly(ctx.workspaceRoot));
|
|
45
|
+
if (!sessionId) {
|
|
46
|
+
return emit(ctx, {
|
|
47
|
+
command: 'compact',
|
|
48
|
+
status: 'failed_no_session',
|
|
49
|
+
trigger,
|
|
50
|
+
reason: 'No active session to compact. Start a REPL with `pugi`.',
|
|
51
|
+
});
|
|
52
|
+
}
|
|
53
|
+
store = await openStoreForCwd(ctx.workspaceRoot, sessionId);
|
|
54
|
+
if (!store) {
|
|
55
|
+
return emit(ctx, {
|
|
56
|
+
command: 'compact',
|
|
57
|
+
status: 'failed_no_session',
|
|
58
|
+
trigger,
|
|
59
|
+
reason: 'Local session store unavailable (lock held by REPL?).',
|
|
60
|
+
});
|
|
61
|
+
}
|
|
62
|
+
}
|
|
63
|
+
else if (sessionId === null) {
|
|
64
|
+
// Caller supplied a store but no session id — try to discover one.
|
|
65
|
+
sessionId = await pickMostRecentSessionId(store, ctx.workspaceRoot);
|
|
66
|
+
if (!sessionId) {
|
|
67
|
+
return emit(ctx, {
|
|
68
|
+
command: 'compact',
|
|
69
|
+
status: 'failed_no_session',
|
|
70
|
+
trigger,
|
|
71
|
+
reason: 'No active session to compact.',
|
|
72
|
+
});
|
|
73
|
+
}
|
|
74
|
+
}
|
|
75
|
+
// Snapshot the events. We pass `coversUntilOffset` as the count of
|
|
76
|
+
// events at the moment of the snapshot so the marker's anchor is
|
|
77
|
+
// accurate even if other writers race afterwards.
|
|
78
|
+
let events;
|
|
79
|
+
try {
|
|
80
|
+
events = await store.loadEvents(sessionId);
|
|
81
|
+
}
|
|
82
|
+
catch (error) {
|
|
83
|
+
return emit(ctx, {
|
|
84
|
+
command: 'compact',
|
|
85
|
+
status: 'failed_store',
|
|
86
|
+
sessionId,
|
|
87
|
+
trigger,
|
|
88
|
+
reason: `Could not load events: ${errMsg(error)}`,
|
|
89
|
+
});
|
|
90
|
+
}
|
|
91
|
+
if (events.length < MIN_EVENTS_TO_COMPACT) {
|
|
92
|
+
return emit(ctx, {
|
|
93
|
+
command: 'compact',
|
|
94
|
+
status: 'noop_empty',
|
|
95
|
+
sessionId,
|
|
96
|
+
trigger,
|
|
97
|
+
reason: `Only ${events.length} events on disk; need at least ${MIN_EVENTS_TO_COMPACT}.`,
|
|
98
|
+
});
|
|
99
|
+
}
|
|
100
|
+
// Locate the source slice: everything strictly after the latest
|
|
101
|
+
// compact-boundary, EXCLUDING the kept-tail window. If no prior
|
|
102
|
+
// boundary exists, walk from offset 0.
|
|
103
|
+
const lastBoundaryIdx = findLastCompactBoundaryIndex(events);
|
|
104
|
+
const sliceStart = lastBoundaryIdx === -1 ? 0 : lastBoundaryIdx + 1;
|
|
105
|
+
const sliceEnd = Math.max(sliceStart, events.length - KEPT_TAIL_TURNS);
|
|
106
|
+
const sourceSlice = events.slice(sliceStart, sliceEnd);
|
|
107
|
+
if (sourceSlice.length === 0) {
|
|
108
|
+
return emit(ctx, {
|
|
109
|
+
command: 'compact',
|
|
110
|
+
status: 'noop_recent_marker',
|
|
111
|
+
sessionId,
|
|
112
|
+
trigger,
|
|
113
|
+
reason: 'Conversation already compact — nothing new to fold.',
|
|
114
|
+
});
|
|
115
|
+
}
|
|
116
|
+
// Build the engine client. Production uses Anvil; tests inject a
|
|
117
|
+
// fixture client to avoid the network round-trip.
|
|
118
|
+
const engineClient = ctx.engineClient ?? buildAnvilClient();
|
|
119
|
+
if (!engineClient) {
|
|
120
|
+
return emit(ctx, {
|
|
121
|
+
command: 'compact',
|
|
122
|
+
status: 'failed_transport',
|
|
123
|
+
sessionId,
|
|
124
|
+
trigger,
|
|
125
|
+
reason: 'Could not build engine client (run `pugi login`).',
|
|
126
|
+
});
|
|
127
|
+
}
|
|
128
|
+
// Run the summariser.
|
|
129
|
+
let summary;
|
|
130
|
+
try {
|
|
131
|
+
summary = await summarizeEvents({
|
|
132
|
+
events: sourceSlice,
|
|
133
|
+
client: engineClient,
|
|
134
|
+
personaSlug: 'mira',
|
|
135
|
+
});
|
|
136
|
+
}
|
|
137
|
+
catch (error) {
|
|
138
|
+
const code = error instanceof SummarizerError ? error.code : 'unknown';
|
|
139
|
+
const message = error instanceof Error ? error.message : String(error);
|
|
140
|
+
return emit(ctx, {
|
|
141
|
+
command: 'compact',
|
|
142
|
+
status: 'failed_transport',
|
|
143
|
+
sessionId,
|
|
144
|
+
trigger,
|
|
145
|
+
reason: `Summarizer failed (${code}): ${message}`,
|
|
146
|
+
});
|
|
147
|
+
}
|
|
148
|
+
// Append the boundary marker. Recompute `coversUntilOffset` AFTER
|
|
149
|
+
// the summariser round-trip so any events that landed mid-flight
|
|
150
|
+
// fall into the kept-tail window — the operator does not lose work
|
|
151
|
+
// that arrived during compaction. The next event we append (the
|
|
152
|
+
// marker itself) lands at index `coversUntilOffset` in the on-disk
|
|
153
|
+
// log.
|
|
154
|
+
let postRoundTripEvents;
|
|
155
|
+
try {
|
|
156
|
+
postRoundTripEvents = await store.loadEvents(sessionId);
|
|
157
|
+
}
|
|
158
|
+
catch (error) {
|
|
159
|
+
return emit(ctx, {
|
|
160
|
+
command: 'compact',
|
|
161
|
+
status: 'failed_store',
|
|
162
|
+
sessionId,
|
|
163
|
+
trigger,
|
|
164
|
+
reason: `Could not refresh events: ${errMsg(error)}`,
|
|
165
|
+
});
|
|
166
|
+
}
|
|
167
|
+
const coversUntilOffset = postRoundTripEvents.length;
|
|
168
|
+
try {
|
|
169
|
+
await appendCompactBoundary({
|
|
170
|
+
store,
|
|
171
|
+
trigger,
|
|
172
|
+
summary: summary.summary,
|
|
173
|
+
summaryTokenCount: summary.tokensSummarised,
|
|
174
|
+
summaryTurnsBefore: summary.eventsSummarised,
|
|
175
|
+
keptTailTurns: KEPT_TAIL_TURNS,
|
|
176
|
+
coversUntilOffset,
|
|
177
|
+
...(ctx.now !== undefined ? { now: ctx.now } : {}),
|
|
178
|
+
});
|
|
179
|
+
}
|
|
180
|
+
catch (error) {
|
|
181
|
+
return emit(ctx, {
|
|
182
|
+
command: 'compact',
|
|
183
|
+
status: 'failed_store',
|
|
184
|
+
sessionId,
|
|
185
|
+
trigger,
|
|
186
|
+
reason: `Could not append marker: ${errMsg(error)}`,
|
|
187
|
+
});
|
|
188
|
+
}
|
|
189
|
+
return emit(ctx, {
|
|
190
|
+
command: 'compact',
|
|
191
|
+
status: 'compacted',
|
|
192
|
+
sessionId,
|
|
193
|
+
trigger,
|
|
194
|
+
turnsBefore: summary.eventsSummarised,
|
|
195
|
+
tailKept: KEPT_TAIL_TURNS,
|
|
196
|
+
tokensSummarised: summary.tokensSummarised,
|
|
197
|
+
}, `Compacted ${summary.eventsSummarised} events (~${summary.tokensSummarised} tokens) into 1 summary. ` +
|
|
198
|
+
`Last ${KEPT_TAIL_TURNS} turns kept verbatim.`);
|
|
199
|
+
}
|
|
200
|
+
/* ------------------------------------------------------------------ */
|
|
201
|
+
/* Helpers */
|
|
202
|
+
/* ------------------------------------------------------------------ */
|
|
203
|
+
/**
|
|
204
|
+
* Emit a payload through the context and return it for the caller. We
|
|
205
|
+
* keep the function exhaustive so every branch lands on the same
|
|
206
|
+
* writeOutput contract (JSON-mode + text-mode).
|
|
207
|
+
*/
|
|
208
|
+
function emit(ctx, payload, text) {
|
|
209
|
+
const human = text ?? payload.reason ?? `compact: ${payload.status}`;
|
|
210
|
+
ctx.writeOutput(payload, human);
|
|
211
|
+
return payload;
|
|
212
|
+
}
|
|
213
|
+
function findLastCompactBoundaryIndex(events) {
|
|
214
|
+
for (let i = events.length - 1; i >= 0; i -= 1) {
|
|
215
|
+
if (isCompactBoundary(events[i]))
|
|
216
|
+
return i;
|
|
217
|
+
}
|
|
218
|
+
return -1;
|
|
219
|
+
}
|
|
220
|
+
function errMsg(error) {
|
|
221
|
+
return error instanceof Error ? error.message : String(error);
|
|
222
|
+
}
|
|
223
|
+
/**
|
|
224
|
+
* Open the SqliteSessionStore for the workspace's project slug and
|
|
225
|
+
* bind the active log to `sessionId`. Returns null when the open
|
|
226
|
+
* fails (lock contention, IO error, missing project dir).
|
|
227
|
+
*
|
|
228
|
+
* The PID lockfile contention is the expected failure mode here — a
|
|
229
|
+
* running REPL holds the lock, and `pugi compact` from a second
|
|
230
|
+
* terminal cannot grab it. The caller surfaces a clear message rather
|
|
231
|
+
* than crashing the dispatch.
|
|
232
|
+
*/
|
|
233
|
+
async function openStoreForCwd(workspaceRoot, sessionId) {
|
|
234
|
+
try {
|
|
235
|
+
const slug = projectSlugForCwd(workspaceRoot);
|
|
236
|
+
const store = new SqliteSessionStore({ projectSlug: slug, home: homedir() });
|
|
237
|
+
await store.open({
|
|
238
|
+
id: sessionId,
|
|
239
|
+
workspaceRoot,
|
|
240
|
+
projectSlug: slug,
|
|
241
|
+
});
|
|
242
|
+
return store;
|
|
243
|
+
}
|
|
244
|
+
catch {
|
|
245
|
+
return null;
|
|
246
|
+
}
|
|
247
|
+
}
|
|
248
|
+
/**
|
|
249
|
+
* Read-only-view variant of `pickMostRecentSessionId` for the
|
|
250
|
+
* pre-open phase. Walks `~/.pugi/projects/<slug>/session.db` without
|
|
251
|
+
* taking the lockfile so a live REPL in another terminal does not
|
|
252
|
+
* make discovery fail.
|
|
253
|
+
*/
|
|
254
|
+
async function pickMostRecentSessionIdReadOnly(workspaceRoot) {
|
|
255
|
+
try {
|
|
256
|
+
const slug = projectSlugForCwd(workspaceRoot);
|
|
257
|
+
const dir = resolveProjectStoreDir(slug, homedir());
|
|
258
|
+
const view = await SqliteSessionStore.openReadOnly(dir);
|
|
259
|
+
try {
|
|
260
|
+
const rows = await view.list({ project: slug, limit: 1, status: 'active' });
|
|
261
|
+
return rows.length > 0 ? rows[0].id : null;
|
|
262
|
+
}
|
|
263
|
+
finally {
|
|
264
|
+
await view.close();
|
|
265
|
+
}
|
|
266
|
+
}
|
|
267
|
+
catch {
|
|
268
|
+
return null;
|
|
269
|
+
}
|
|
270
|
+
}
|
|
271
|
+
/**
|
|
272
|
+
* Locate the most recent active session for the workspace. Returns
|
|
273
|
+
* null when no session row exists.
|
|
274
|
+
*/
|
|
275
|
+
async function pickMostRecentSessionId(store, workspaceRoot) {
|
|
276
|
+
const slug = projectSlugForCwd(workspaceRoot);
|
|
277
|
+
const rows = await store.listSessions({ project: slug, limit: 1, status: 'active' });
|
|
278
|
+
if (rows.length === 0)
|
|
279
|
+
return null;
|
|
280
|
+
return rows[0].id;
|
|
281
|
+
}
|
|
282
|
+
function projectSlugForCwd(workspaceRoot) {
|
|
283
|
+
const base = workspaceRoot.split('/').filter((s) => s.length > 0).pop() ?? 'workspace';
|
|
284
|
+
return base.toLowerCase().replace(/[^a-z0-9-]/g, '-').slice(0, 64);
|
|
285
|
+
}
|
|
286
|
+
/**
|
|
287
|
+
* Construct an Anvil-backed engine client from env-resolved runtime
|
|
288
|
+
* config. Returns null when the operator is not authenticated.
|
|
289
|
+
*/
|
|
290
|
+
function buildAnvilClient() {
|
|
291
|
+
const config = loadRuntimeConfig();
|
|
292
|
+
if (!config)
|
|
293
|
+
return null;
|
|
294
|
+
return new AnvilEngineLoopClient(config);
|
|
295
|
+
}
|
|
296
|
+
//# sourceMappingURL=compact.js.map
|
|
@@ -48,6 +48,7 @@ import { probeGit } from '../../core/diagnostics/probes/git.js';
|
|
|
48
48
|
import { probeMcp } from '../../core/diagnostics/probes/mcp.js';
|
|
49
49
|
import { probeConfig } from '../../core/diagnostics/probes/config.js';
|
|
50
50
|
import { probeSession } from '../../core/diagnostics/probes/session.js';
|
|
51
|
+
import { probeDenialTracking } from '../../core/diagnostics/probes/denial-tracking.js';
|
|
51
52
|
/**
|
|
52
53
|
* Default API URL when no PUGI_API_URL env override is set. Mirrors
|
|
53
54
|
* the constant in `core/credentials.ts` (kept local to avoid an
|
|
@@ -195,6 +196,16 @@ export function buildDefaultProbes(ctx, options = {}) {
|
|
|
195
196
|
...(options.liveSessionId ? { liveSessionId: options.liveSessionId } : {}),
|
|
196
197
|
}),
|
|
197
198
|
},
|
|
199
|
+
// α7 L11 (2026-05-27): DENIAL TRACKING probe. Reports the live
|
|
200
|
+
// session's denial pressure when the REPL adapter wired the
|
|
201
|
+
// tracker through `runDoctorCommand`; degrades к `skipped` for
|
|
202
|
+
// top-level `pugi doctor` calls outside the REPL.
|
|
203
|
+
{
|
|
204
|
+
name: 'DENIAL TRACKING',
|
|
205
|
+
run: async () => probeDenialTracking({
|
|
206
|
+
...(options.denialTracking ? { tracker: options.denialTracking } : {}),
|
|
207
|
+
}),
|
|
208
|
+
},
|
|
198
209
|
];
|
|
199
210
|
return probes;
|
|
200
211
|
}
|
|
@@ -211,6 +222,7 @@ export async function runDoctorCommand(ctx) {
|
|
|
211
222
|
};
|
|
212
223
|
const probes = buildDefaultProbes(probeCtx, {
|
|
213
224
|
...(ctx.liveSessionId ? { liveSessionId: ctx.liveSessionId } : {}),
|
|
225
|
+
...(ctx.denialTracking ? { denialTracking: ctx.denialTracking } : {}),
|
|
214
226
|
});
|
|
215
227
|
const report = await runProbes(probes);
|
|
216
228
|
// Defensive recompute: even though runProbes already computed the
|
|
@@ -0,0 +1,87 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* `pugi permissions` / `/permissions` — Leak L6 4-mode gate control.
|
|
3
|
+
*
|
|
4
|
+
* Two entry points share one runtime helper:
|
|
5
|
+
* 1. `/permissions` in the REPL — forwarded by `core/repl/session.ts`.
|
|
6
|
+
* 2. `pugi permissions ...` top-level CLI command (handler in
|
|
7
|
+
* `runtime/cli.ts`).
|
|
8
|
+
*
|
|
9
|
+
* Both pass a `PermissionsCommand` payload describing the operator
|
|
10
|
+
* intent (show / flip / persist) and a `writeOutput` callback that
|
|
11
|
+
* lets the caller route the rendered lines into the right surface
|
|
12
|
+
* (REPL transcript vs. stdout). The helper is intentionally I/O-free
|
|
13
|
+
* itself — it produces lines and lets the caller stream them.
|
|
14
|
+
*/
|
|
15
|
+
import { DEFAULT_PERMISSION_MODE, PERMISSION_MODES, PERMISSION_MODE_GLOSS, getCurrentMode, getGlobalDefaultMode, setCurrentMode, setGlobalDefaultMode, } from '../../core/permissions/index.js';
|
|
16
|
+
/**
|
|
17
|
+
* Run the `/permissions` or `pugi permissions` flow. Side effects:
|
|
18
|
+
* - When `command.mode` is undefined: prints the current mode + the
|
|
19
|
+
* 4-mode table (no writes).
|
|
20
|
+
* - When `command.mode === 'bypass'` without `confirmBypass`: prints
|
|
21
|
+
* a refusal + the safety copy, no writes.
|
|
22
|
+
* - When `command.mode` is set + valid: writes workspace session
|
|
23
|
+
* state; optionally writes global default when `persist` is true.
|
|
24
|
+
* - Always prints the new effective mode + a one-line confirmation.
|
|
25
|
+
*/
|
|
26
|
+
export async function runPermissionsCommand(command, ctx) {
|
|
27
|
+
if (!command.mode) {
|
|
28
|
+
renderCurrentMode(ctx);
|
|
29
|
+
renderModeTable(ctx);
|
|
30
|
+
return;
|
|
31
|
+
}
|
|
32
|
+
if (command.mode === 'bypass' && !command.confirmBypass) {
|
|
33
|
+
ctx.writeOutput('Bypass mode disables policy hooks (skill steering, denial tracking).');
|
|
34
|
+
ctx.writeOutput('Run `/permissions bypass --confirm` to acknowledge before flipping.');
|
|
35
|
+
return;
|
|
36
|
+
}
|
|
37
|
+
setCurrentMode(ctx.workspaceRoot, command.mode);
|
|
38
|
+
if (command.persist) {
|
|
39
|
+
setGlobalDefaultMode(command.mode, ctx.homeDir);
|
|
40
|
+
}
|
|
41
|
+
const persistedHint = command.persist
|
|
42
|
+
? ' Persisted to ~/.pugi/config.json for future sessions.'
|
|
43
|
+
: '';
|
|
44
|
+
ctx.writeOutput(`Permission mode set to '${command.mode}'.${persistedHint} ${PERMISSION_MODE_GLOSS[command.mode]}`);
|
|
45
|
+
if (command.mode === 'bypass') {
|
|
46
|
+
ctx.writeOutput('BYPASS MODE — all tools execute without prompts AND policy hooks disabled. Switch back with /permissions allow.');
|
|
47
|
+
}
|
|
48
|
+
}
|
|
49
|
+
/**
|
|
50
|
+
* Print the resolved current mode + the layered source. The merge
|
|
51
|
+
* order mirrors `resolveMode()`: workspace > global > default.
|
|
52
|
+
*/
|
|
53
|
+
function renderCurrentMode(ctx) {
|
|
54
|
+
const workspace = getCurrentMode(ctx.workspaceRoot);
|
|
55
|
+
const global = getGlobalDefaultMode(ctx.homeDir);
|
|
56
|
+
const effective = workspace ?? global ?? DEFAULT_PERMISSION_MODE;
|
|
57
|
+
const source = workspace
|
|
58
|
+
? 'workspace session.json'
|
|
59
|
+
: global
|
|
60
|
+
? 'global ~/.pugi/config.json'
|
|
61
|
+
: 'default (no override)';
|
|
62
|
+
ctx.writeOutput(`Current permission mode: ${effective} (source: ${source})`);
|
|
63
|
+
}
|
|
64
|
+
/**
|
|
65
|
+
* Print the 4-mode reference table. Keeps the gloss + the side-effect
|
|
66
|
+
* matrix in one place so the operator can see the contract while they
|
|
67
|
+
* decide which mode to switch to.
|
|
68
|
+
*/
|
|
69
|
+
function renderModeTable(ctx) {
|
|
70
|
+
ctx.writeOutput('');
|
|
71
|
+
ctx.writeOutput('Permission modes:');
|
|
72
|
+
for (const mode of PERMISSION_MODES) {
|
|
73
|
+
ctx.writeOutput(` ${mode.padEnd(7)} ${PERMISSION_MODE_GLOSS[mode]}`);
|
|
74
|
+
}
|
|
75
|
+
ctx.writeOutput('');
|
|
76
|
+
ctx.writeOutput('Switch with `/permissions <mode> [--persist]`. Bypass requires `--confirm`.');
|
|
77
|
+
}
|
|
78
|
+
/**
|
|
79
|
+
* Render the one-shot banner shown on session boot when the effective
|
|
80
|
+
* mode is `bypass`. The caller (engine adapter / REPL bootstrap) calls
|
|
81
|
+
* this once per session — repeated invocations are idempotent in copy
|
|
82
|
+
* but the caller is responsible for the once-only semantics.
|
|
83
|
+
*/
|
|
84
|
+
export function renderBypassBanner(writeOutput) {
|
|
85
|
+
writeOutput('BYPASS MODE — all tools execute without prompts AND policy hooks disabled. Switch back with /permissions allow.');
|
|
86
|
+
}
|
|
87
|
+
//# sourceMappingURL=permissions.js.map
|