@pugi/cli 0.1.0-beta.2 → 0.1.0-beta.20

package/dist/core/file-cache.js

@@ -1,6 +1,45 @@
+/**
+ * Per-session file-read cache + stale-read gate.
+ *
+ * Leak intel L1 (openclaude `FileEditTool.ts`, 2026-05-27 gap analysis
+ * §5.1): every FileEdit must validate the operator's last-known view of
+ * the file before mutating disk. The gate compares BOTH `mtimeMs` and
+ * `sha256(content)` of the file on disk against the record captured at
+ * read time:
+ *
+ *   - mtimeMs is a cheap fast-path. If the inode mtime hasn't moved
+ *     since the read, the content hash cannot have changed (barring a
+ *     filesystem with hash-on-mtime-skew bugs) and we can short-circuit.
+ *   - sha256 is the authoritative gate. A user editor that writes back
+ *     identical content can leave mtime untouched on some filesystems
+ *     (atomic-rename with preserved metadata), and conversely `touch`
+ *     bumps mtime without changing content. Hash is the truth.
+ *
+ * Both signals must agree for the gate to PASS. Any divergence => STALE
+ * => refuse the edit, force the model to re-read.
+ *
+ * Cache lifetime: per-session. `FileReadCache.clear()` is called at
+ * session.end (see `core/session.ts`). The cache is intentionally NOT
+ * durable across sessions — a re-read after restart is cheap and stale
+ * cross-session entries would themselves be a soundness hazard.
+ *
+ * Exception: writeTool for create-new (path doesn't exist on disk) does
+ * not consult the cache. Creating a brand new file has no "last-known
+ * view" to invalidate.
+ */
 import { createHash } from 'node:crypto';
-import { statSync } from 'node:fs';
+import { existsSync, statSync } from 'node:fs';
 import { resolve } from 'node:path';
+export class StaleReadError extends Error {
+    reason;
+    path;
+    constructor(path, reason, detail) {
+        super(`stale_read: ${path} — ${detail}. Re-read the file before editing.`);
+        this.name = 'StaleReadError';
+        this.reason = reason;
+        this.path = path;
+    }
+}
 export class FileReadCache {
     records = new Map();
     set(record) {
@@ -9,6 +48,70 @@ export class FileReadCache {
     get(root, path) {
         return this.records.get(resolve(root, path));
     }
+    /**
+     * Validate a candidate edit against the cached read record. Returns
+     * a tagged-union: `{ stale: false }` when the edit may proceed, or
+     * `{ stale: true, reason, detail }` when the gate must refuse.
+     *
+     * Pure function over the cache + supplied `currentMtimeMs` /
+     * `currentContent` — does NOT touch disk. Callers (editTool /
+     * writeTool) do their own `statSync` + `readFileSync` because they
+     * also need the content for the diff/edit itself.
+     *
+     * @param root           workspace root (used to resolve relative path)
+     * @param path           workspace-relative file path
+     * @param currentMtimeMs `fs.statSync().mtimeMs` of the on-disk file
+     * @param currentContent UTF-8 contents of the on-disk file
+     */
+    validate(root, path, currentMtimeMs, currentContent) {
+        const record = this.get(root, path);
+        if (!record) {
+            return {
+                stale: true,
+                reason: 'no_prior_read',
+                detail: 'file must be read first',
+            };
+        }
+        // Fast-path: mtime hasn't moved. Hash check is redundant in the
+        // common case but cheap, so we still verify below. Skipping hash
+        // when mtime matches would allow a subtle bug class (in-place
+        // writers that preserve mtime) to slip through.
+        if (currentMtimeMs > record.mtimeMs) {
+            // mtime advanced — confirm with hash before flagging. A bump
+            // without a content change (e.g. `touch`) shouldn't fire stale.
+            const currentHash = hashContent(currentContent);
+            if (currentHash !== record.sha256) {
+                return {
+                    stale: true,
+                    reason: 'mtime_drift',
+                    detail: `mtime advanced (${record.mtimeMs} → ${currentMtimeMs}) and content hash diverged`,
+                };
+            }
+            // mtime bumped but content identical — treat as fresh. The cache
+            // entry's mtime is intentionally NOT refreshed here; the next
+            // edit will hit the same path and the gate will keep agreeing.
+            return { stale: false };
+        }
+        // mtime hasn't moved — hash MUST still match the record. A
+        // mismatch is a filesystem-level inconsistency or an in-place
+        // editor that preserves mtime; either way, refuse.
+        const currentHash = hashContent(currentContent);
+        if (currentHash !== record.sha256) {
+            return {
+                stale: true,
+                reason: 'hash_drift',
+                detail: 'content hash diverged from last read (mtime unchanged)',
+            };
+        }
+        return { stale: false };
+    }
+    /**
+     * Drop every cached record. Called by session.end so a fresh REPL
+     * session never inherits stale cross-session entries.
+     */
+    clear() {
+        this.records.clear();
+    }
 }
 export function hashContent(content) {
     return createHash('sha256').update(content).digest('hex');
@@ -26,4 +129,13 @@ export function createReadRecord(root, path, content, source) {
         source,
     };
 }
+/**
+ * Convenience helper: does this absolute path exist on disk? Wraps the
+ * existsSync import so file-tools.ts can decide between create-new
+ * (skip stale gate) and update-existing (apply stale gate) without
+ * pulling in another fs import.
+ */
+export function pathExists(absolutePath) {
+    return existsSync(absolutePath);
+}
 //# sourceMappingURL=file-cache.js.map

package/dist/core/init/scaffold.js

@@ -0,0 +1,195 @@
+/**
+ * Workspace scaffold — extracted from `pugi init` so the bare REPL boot
+ * can call it automatically when the operator launches `pugi` in a
+ * fresh directory (CEO directive 2026-05-26).
+ *
+ * Before this module, `pugi init` was the only path that materialised
+ * `.pugi/` + the canonical config files. Launching the REPL in an empty
+ * directory printed `workspace: (not bound - run /init OR cd into
+ * project)` and instructed the operator to Ctrl+C, run `pugi init`,
+ * relaunch. That round trip is hostile on a first-touch install — CEO
+ * escalated "auto = решение" on 2026-05-26.
+ *
+ * The module is intentionally side-effect free at import time: the
+ * scaffold runs only when `ensureWorkspaceInitialized` is called. The
+ * scaffold is also idempotent — every file write is gated by an
+ * `existsSync` check, so re-running against a workspace that already has
+ * `.pugi/settings.json` (e.g. a manual `pugi init` followed by auto-init
+ * on next REPL launch) is a no-op. The function is safe to call before
+ * any other init logic.
+ *
+ * Two CRITICAL invariants:
+ *
+ *   1. **Atomic per-file.** Every write uses `existsSync` + `writeFileSync`
+ *      against the final path. There is no read-modify-write pattern that
+ *      could lose data on a concurrent `pugi init` race. The one path
+ *      that DOES mutate an existing file — `.gitignore` (append `.pugi/`
+ *      marker) — also gates on the marker being absent before appending,
+ *      so the worst-case race is a duplicate marker line that the next
+ *      run skips.
+ *
+ *   2. **Silent by default.** When `opts.silent` is true (the REPL
+ *      auto-init path) the scaffold writes NOTHING to stderr/stdout.
+ *      The REPL bootstrap runs before Ink mounts, and a stray
+ *      stdout/stderr write at that point would land on the operator's
+ *      shell ABOVE the alt-screen entry — visible until they scroll up,
+ *      and noisy in a CI tail. The explicit `pugi init` path stays
+ *      verbose via the standalone command in `runtime/cli.ts`.
+ */
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs';
+import { resolve } from 'node:path';
+import { emptyIndex } from '../index-store.js';
+/**
+ * Materialise the canonical `.pugi/` workspace scaffold under `cwd`.
+ * Returns a `{created, dir, createdPaths, skippedPaths}` summary so the
+ * caller can log a one-shot "initialized" line on the first call without
+ * re-checking the filesystem.
+ *
+ * The scaffold mirrors `pugi init` minus the bundled default-skills
+ * install (that is a heavier operation gated on the `--no-defaults`
+ * flag, and the standalone `pugi init` command keeps owning it).
+ *
+ * Idempotent: every file write gates on `existsSync`, so re-running
+ * against an existing workspace is a no-op and returns
+ * `{created: false}` with every path in `skippedPaths`.
+ */
+export function ensureWorkspaceInitialized(cwd, opts = {}) {
+    const silent = opts.silent !== false;
+    const pugiDir = resolve(cwd, '.pugi');
+    // Local trackers so the existing helpers (mkdirIfMissing /
+    // writeJsonIfMissing / writeTextIfMissing) keep their (created, skipped)
+    // signature. The explicit `pugi init` command forwards these straight
+    // into its JSON payload.
+    const created = [];
+    const skipped = [];
+    mkdirIfMissing(pugiDir, created, skipped);
+    mkdirIfMissing(resolve(pugiDir, 'artifacts'), created, skipped);
+    mkdirIfMissing(resolve(pugiDir, 'sessions'), created, skipped);
+    mkdirIfMissing(resolve(pugiDir, 'skills'), created, skipped);
+    writeJsonIfMissing(resolve(pugiDir, 'settings.json'), {
+        schema: 1,
+        workflow: {
+            brand: 'pugi',
+            legacyName: 'codeforge',
+            approvals: 'auto',
+            notAutomatic: [],
+            defaultBaseBranch: 'dev',
+            branchPrefixes: ['feature', 'fix', 'refactor', 'chore'],
+            aiCoAuthorTrailers: false,
+        },
+        permissions: {
+            mode: 'auto',
+            allow: [],
+            deny: [],
+            notAutomatic: [],
+        },
+        privacy: {
+            mode: 'balanced',
+            telemetry: 'off',
+        },
+        artifacts: {
+            defaultPath: '.pugi/artifacts',
+            promoteExplicitly: true,
+        },
+    }, created, skipped);
+    writeJsonIfMissing(resolve(pugiDir, 'mcp.json'), { schema: 1, servers: [] }, created, skipped);
+    writeJsonIfMissing(resolve(pugiDir, 'index.json'), emptyIndex(), created, skipped);
+    writeTextIfMissing(resolve(pugiDir, 'PUGI.md'), [
+        '# Pugi Project Context',
+        '',
+        '## Product Workflow',
+        '',
+        '- Public product name: Pugi',
+        '- Default flow: idea -> build -> review',
+        '- Approvals are automatic by default until a repo, environment, workflow, or action is marked notAutomatic.',
+        '- Do not add AI Co-Authored-By trailers.',
+        '- Generated code, comments, commits, PR text, and technical docs default to English.',
+        '',
+        '## Project Notes',
+        '',
+        '- Add repo-specific architecture, commands, and business rules here.',
+        '- Do not store secrets, real IPs, private key paths, tokens, or credentials here.',
+        '',
+    ].join('\n'), created, skipped);
+    writeTextIfMissing(resolve(cwd, '.pugiignore'), [
+        '# Pugi ignore rules',
+        '.env',
+        '.env.*',
+        '!.env.example',
+        'node_modules/',
+        'dist/',
+        '.next/',
+        'coverage/',
+        '*.log',
+        '*.pem',
+        '*.key',
+        '*.crt',
+        '*.p12',
+        '*.sql',
+        '*.dump',
+        '',
+    ].join('\n'), created, skipped);
+    ensurePugiGitIgnore(cwd, created, skipped);
+    // `silent` is honoured implicitly — this module never writes to
+    // stdout/stderr. The flag exists so the standalone `pugi init` command
+    // can layer its own logger on top (it does, in runtime/cli.ts), while
+    // the auto-init REPL path leaves the boot stream untouched. We
+    // reference the flag here to defeat the lint "unused" warning and to
+    // document the contract in the source.
+    void silent;
+    return {
+        created: created.length > 0,
+        dir: pugiDir,
+        createdPaths: created,
+        skippedPaths: skipped,
+    };
+}
+/* ------------------------------------------------------------------ */
+/* Helpers (mirror the previous in-file implementations in cli.ts)     */
+/* ------------------------------------------------------------------ */
+function mkdirIfMissing(path, created, skipped) {
+    if (existsSync(path)) {
+        skipped.push(path);
+        return;
+    }
+    mkdirSync(path, { recursive: true });
+    created.push(path);
+}
+function writeJsonIfMissing(path, value, created, skipped) {
+    writeTextIfMissing(path, `${JSON.stringify(value, null, 2)}\n`, created, skipped);
+}
+function writeTextIfMissing(path, value, created, skipped) {
+    if (existsSync(path)) {
+        skipped.push(path);
+        return;
+    }
+    writeFileSync(path, value, { encoding: 'utf8', mode: 0o600 });
+    created.push(path);
+}
+/**
+ * Ensure the workspace `.gitignore` ignores `.pugi/`. The function is
+ * additive: it leaves an existing `.gitignore` body intact and appends
+ * the marker only when none of `.pugi/`, `/.pugi/`, or `.pugi` is
+ * already present. On a fresh repo with no `.gitignore` it creates the
+ * file with the single marker line. Mode 0o600 matches the rest of the
+ * scaffold so a paranoid CI does not surface "world-readable" warnings.
+ */
+function ensurePugiGitIgnore(cwd, created, skipped) {
+    const gitignorePath = resolve(cwd, '.gitignore');
+    const marker = '.pugi/';
+    if (!existsSync(gitignorePath)) {
+        writeFileSync(gitignorePath, `${marker}\n`, { encoding: 'utf8', mode: 0o600 });
+        created.push(gitignorePath);
+        return;
+    }
+    const current = readFileSync(gitignorePath, 'utf8');
+    const lines = current.split('\n').map((line) => line.trim());
+    if (lines.includes(marker) || lines.includes('/.pugi/') || lines.includes('.pugi')) {
+        skipped.push(gitignorePath);
+        return;
+    }
+    const next = current.endsWith('\n') ? `${current}${marker}\n` : `${current}\n${marker}\n`;
+    writeFileSync(gitignorePath, next, { encoding: 'utf8' });
+    created.push(`${gitignorePath} (+${marker})`);
+}
+//# sourceMappingURL=scaffold.js.map

package/dist/core/lsp/client.js

@@ -62,7 +62,7 @@
  */
 import { spawn, spawnSync } from 'node:child_process';
 import { pathToFileURL } from 'node:url';
-import { readFileSync } from 'node:fs';
+import { existsSync, readFileSync, realpathSync } from 'node:fs';
 import { resolve, sep } from 'node:path';
 import { OperatorAbortedError } from '../../tools/file-tools.js';
 const LANGUAGE_SERVERS = {
@@ -130,6 +130,13 @@ export class LspClient {
             child.stderr.on('data', () => { });
         }
         child.on('exit', () => this.onExit());
+        // R1 fix (2026-05-26, PR #413 r1, P2 #11): mirror onExit for the
+        // 'error' event. A late-fired spawn error (EIO, ENOMEM, etc.) or
+        // any unhandled child-process error would otherwise leave
+        // in-flight pending requests dangling until their per-request
+        // timer fired, which can be up to `requestTimeoutMs` later.
+        // Failing fast here matches the exit-time semantics.
+        child.on('error', () => this.onExit());
     }
     /**
      * Send `shutdown` + `exit`, then SIGKILL after a 1s grace window so
@@ -253,6 +260,35 @@ export class LspClient {
                 detail: error instanceof Error ? error.message : String(error),
             };
         }
+        // R1 fix (2026-05-26, PR #413 r1, Fix 8): realpath containment.
+        // Without this gate, a workspace-local symlink (e.g. `alias` ->
+        // `/etc/passwd`) passed the lexical `absPath.startsWith(cwd)`
+        // check, then `readFileSync(absPath, 'utf8')` happily followed the
+        // symlink and shipped `/etc/passwd` into the LSP `textDocument/didOpen`
+        // payload. Parity with `applySecurityGate`'s symlink-escape rule:
+        // when the file exists, the realpath MUST stay inside the workspace
+        // realpath. Missing files (newly-typed paths the operator is
+        // querying) skip the check — there's no symlink target to escape.
+        if (existsSync(absPath)) {
+            try {
+                const realRoot = realpathSync.native(this.cwd);
+                const realTarget = realpathSync.native(absPath);
+                if (realTarget !== realRoot && !realTarget.startsWith(realRoot + sep)) {
+                    return {
+                        ok: false,
+                        reason: 'lsp_error',
+                        detail: `symlink escapes workspace: ${file} -> ${realTarget}`,
+                    };
+                }
+            }
+            catch (error) {
+                return {
+                    ok: false,
+                    reason: 'lsp_error',
+                    detail: `cannot realpath ${file}: ${error instanceof Error ? error.message : String(error)}`,
+                };
+            }
+        }
         const uri = pathToFileURL(absPath).toString();
         if (!this.openedFiles.has(uri)) {
             try {
@@ -349,8 +385,22 @@ export class LspClient {
             const headerText = this.buffer.subarray(0, headerEnd).toString('ascii');
             const lengthMatch = headerText.match(/Content-Length:\s*(\d+)/i);
             if (!lengthMatch || lengthMatch[1] === undefined) {
-                // Malformed header — drop the buffer and resync at the next message.
-                this.buffer = Buffer.alloc(0);
+                // R1 fix (2026-05-26, PR #413 r1, Fix 7): malformed header —
+                // instead of nuking the entire buffer (which would discard ANY
+                // subsequent valid messages already queued in `this.buffer`),
+                // scan forward for the next `Content-Length:` marker and resync
+                // from there. A misbehaving server that emits one bad header
+                // followed by a normal stream of responses must not freeze the
+                // client. When no recoverable next marker is in the buffer, we
+                // keep the buffer as-is and wait for more data — the broken
+                // bytes will be re-evaluated on the next chunk.
+                const nextHeaderIdx = this.buffer.indexOf(Buffer.from('Content-Length:'), 1);
+                if (nextHeaderIdx > 0) {
+                    this.buffer = this.buffer.subarray(nextHeaderIdx);
+                    continue;
+                }
+                // No next marker visible — wait for more data, do not nuke the
+                // buffer. A subsequent chunk may complete a valid header.
                 return;
             }
             const length = Number.parseInt(lengthMatch[1], 10);
@@ -415,14 +465,59 @@ export class LspClient {
         }
     }
 }
+/**
+ * Map a short LSP language slug to the settings.json key. β7 L9 — the
+ * settings schema spells out the full language name (`typescript`,
+ * `python`, ...) for human readability; the short slug (`ts`, `py`) is
+ * what every internal call site uses. Keep this map narrow and explicit.
+ */
+const SETTINGS_KEY_BY_LANG = {
+    ts: 'typescript',
+    js: 'javascript',
+    py: 'python',
+    go: 'go',
+    rust: 'rust',
+};
+/**
+ * Report whether the operator has explicitly disabled this language via
+ * `.pugi/settings.json::lsp.<language> = false`. Absent section or
+ * absent key means "enabled by default" — backwards-compatible with the
+ * α7.7 surface that ignored settings entirely. Returns true ONLY when
+ * the operator explicitly set the value to false.
+ */
+export function isLspLanguageDisabled(lang, lspSettings) {
+    if (!lspSettings)
+        return false;
+    const key = SETTINGS_KEY_BY_LANG[lang];
+    return lspSettings[key] === false;
+}
+/**
+ * Probe every registered language server. Operator-facing helper for
+ * `pugi lsp servers` — returns one row per language with the binary
+ * name, whether it was found on PATH, and whether the settings toggle
+ * has explicitly disabled it.
+ */
+export function inspectLspServers(lspSettings) {
+    const out = [];
+    for (const lang of Object.keys(LANGUAGE_SERVERS)) {
+        const server = LANGUAGE_SERVERS[lang];
+        out.push({
+            language: lang,
+            command: server.command + (server.args.length > 0 ? ` ${server.args.join(' ')}` : ''),
+            available: detectBinary(server.probe),
+            enabled: !isLspLanguageDisabled(lang, lspSettings),
+        });
+    }
+    return out;
+}
 /**
  * Start an LSP client for the given language. Returns either an `LspClient`
  * ready to use, or a structured failure (`lsp_unavailable`,
  * `language_unsupported`).
  *
- * The returned client requires `await client.initialize()` BEFORE any
- * operation. We do not inline the initialize into the spawn so test
- * harnesses can intercept the handshake and assert on its contents.
+ * β7 L9: respects `.pugi/settings.json::lsp.<language> = false` —
+ * a disabled language reports `lsp_disabled` so the caller surface can
+ * tell the operator the binary IS available but settings says no.
  */
 export async function startLspClient(lang, opts) {
     const server = opts.serverOverride ?? LANGUAGE_SERVERS[lang];
@@ -433,6 +528,14 @@ export async function startLspClient(lang, opts) {
             detail: `no LSP server registered for language: ${lang}`,
         };
     }
+    if (!opts.serverOverride && isLspLanguageDisabled(lang, opts.lspSettings)) {
+        return {
+            ok: false,
+            reason: 'lsp_disabled',
+            detail: `${lang} is disabled in .pugi/settings.json::lsp.${SETTINGS_KEY_BY_LANG[lang]}. ` +
+                `Remove the override (or set it to true) to enable.`,
+        };
+    }
     if (!opts.serverOverride) {
         const available = detectBinary(server.probe);
         if (!available) {
@@ -459,12 +562,51 @@ export async function startLspClient(lang, opts) {
             detail: `failed to spawn ${server.command}: ${error instanceof Error ? error.message : String(error)}`,
         };
     }
+    // `child_process.spawn` reports a missing binary asynchronously via
+    // the 'error' event, NOT via a synchronous throw — the synchronous
+    // spawn returns a ChildProcess object even when the binary does not
+    // exist. Attach an error listener immediately so the missing-binary
+    // case never becomes an uncaught exception. Wait one microtask tick
+    // for the event-loop to fire the 'error' event before we attempt
+    // the handshake; if the spawn failed, return early with
+    // `lsp_unavailable`.
+    let spawnError = null;
+    child.on('error', (err) => {
+        spawnError = err;
+    });
+    // Yield one tick so Node's spawn-error path lands before we
+    // proceed. The error event lives on the same nextTick queue as the
+    // initial spawn handshake, so a single setImmediate-equivalent
+    // delay is enough to observe it.
+    await new Promise((resolveFn) => {
+        setImmediate(resolveFn);
+    });
+    if (spawnError) {
+        try {
+            child.kill('SIGKILL');
+        }
+        catch {
+            // ignore — process never started
+        }
+        return {
+            ok: false,
+            reason: 'lsp_unavailable',
+            detail: `failed to spawn ${server.command}: ${spawnError.message}`,
+        };
+    }
     const client = new LspClient(child, server, opts);
     try {
         await initializeHandshake(client, opts.cwd);
     }
     catch (error) {
         await client.stop();
+        if (spawnError) {
+            return {
+                ok: false,
+                reason: 'lsp_unavailable',
+                detail: `failed to spawn ${server.command}: ${spawnError.message}`,
+            };
+        }
         return {
             ok: false,
             reason: 'lsp_error',
@@ -475,10 +617,11 @@ export async function startLspClient(lang, opts) {
 }
 async function initializeHandshake(client, cwd) {
     const rootUri = pathToFileURL(cwd).toString();
-    // Use the public sendRequest path via a method call. We piggyback on
-    // `LspClient`'s internal `sendRequest` by exposing a single test-grade
-    // surface (`__lspRaw__`); production callers never need this.
-    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    // Reach the private send-request / send-notification surface through
+    // a typed accessor cast. The two methods are intentionally not part
+    // of the public class surface (callers should use `hover`/`definition`
+    // etc.), but the handshake is a single-shot bootstrap and exposing
+    // the raw methods would weaken the type story.
     const internal = client;
     await internal.sendRequest('initialize', {
         processId: process.pid,
@@ -520,27 +663,29 @@ function normalizeHover(raw) {
     const obj = raw;
     const range = parseRange(obj.range);
     const body = obj.contents;
-    if (typeof body === 'string') {
-        return { content: body, range, raw };
-    }
-    if (Array.isArray(body)) {
-        const parts = [];
-        for (const item of body) {
-            if (typeof item === 'string')
-                parts.push(item);
-            else if (item && typeof item === 'object' && 'value' in item) {
-                const value = item.value;
-                if (typeof value === 'string')
-                    parts.push(value);
+    const result = (() => {
+        if (typeof body === 'string')
+            return { content: body, raw, ...(range ? { range } : {}) };
+        if (Array.isArray(body)) {
+            const parts = [];
+            for (const item of body) {
+                if (typeof item === 'string')
+                    parts.push(item);
+                else if (item && typeof item === 'object' && 'value' in item) {
+                    const value = item.value;
+                    if (typeof value === 'string')
+                        parts.push(value);
+                }
             }
+            return { content: parts.join('\n'), raw, ...(range ? { range } : {}) };
         }
-        return { content: parts.join('\n'), range, raw };
-    }
-    if (body && typeof body === 'object' && 'value' in body) {
-        const value = body.value;
-        return { content: typeof value === 'string' ? value : '', range, raw };
-    }
-    return { content: '', range, raw };
+        if (body && typeof body === 'object' && 'value' in body) {
+            const value = body.value;
+            return { content: typeof value === 'string' ? value : '', raw, ...(range ? { range } : {}) };
+        }
+        return { content: '', raw, ...(range ? { range } : {}) };
+    })();
+    return result;
 }
 function normalizeLocations(raw, cwd) {
     if (!raw)