@pugi/cli 0.1.0-beta.2 → 0.1.0-beta.20

package/dist/core/repl/slash-commands.js

@@ -38,20 +38,26 @@ import { listRoles } from '../agents/registry.js';
  * silently appear here with empty placeholders.
  */
 export const SLASH_STUB_MESSAGES = Object.freeze({
-    compact: 'Manual context compaction lands in α6.5b.',
+    // Leak L8 (2026-05-27): /compact graduated from stub. The session
+    // module now owns the summariser round-trip + boundary marker append
+    // via `dispatchCompact`. Keep the type record exhaustive so a future
+    // stub addition cannot silently overlap the wired set.
     memory: 'Session memory editor lands in α6.5b.',
     config: 'Run `pugi config list` from a fresh shell for the full surface; in-REPL editor lands in α6.5.',
     // alpha 6.13: /privacy graduated from stub; nothing reads this at
     // runtime but the type record stays exhaustive.
     privacy: '',
     budget: 'Run `pugi budget` from a fresh shell; in-REPL summary lands in α6.5.',
-    mcp: 'Run `pugi config mcp list` from a fresh shell; in-REPL palette lands in α6.5.',
+    // β4 Sl7 (2026-05-26): /mcp graduated from stub to a real handler
+    // that forwards to `runMcpCommand`. Stub message removed from the
+    // exhaustive record so the type narrows correctly.
     undo: 'Run `pugi undo` from a fresh shell; in-REPL undo lands in α6.5.',
 });
 export const SLASH_COMMAND_HELP = Object.freeze([
     // Workforce dispatch
     { name: 'brief', args: '<text>', gloss: 'Dispatch a brief to the workforce', group: 'Workforce dispatch' },
     { name: 'agents', args: '', gloss: 'List the on-watch agent roster', group: 'Workforce dispatch' },
+    { name: 'delegate', args: '<slug> <brief>', gloss: 'Dispatch a brief to one Tier 1 specialist (α7.5)', group: 'Workforce dispatch' },
     { name: 'stop', args: '<persona>', gloss: 'Stop one agent by persona slug', group: 'Workforce dispatch' },
     { name: 'jobs', args: '', gloss: 'List background jobs', group: 'Workforce dispatch' },
     { name: 'ask', args: '<question>', gloss: 'Surface a yes/no modal locally (α6.3 forcing question)', group: 'Workforce dispatch' },
@@ -59,23 +65,27 @@ export const SLASH_COMMAND_HELP = Object.freeze([
     { name: 'clear', args: '', gloss: 'Clear conversation pane', group: 'Session' },
     { name: 'resume', args: '', gloss: 'Pick a stored session to restore', group: 'Session' },
     { name: 'context', args: '', gloss: 'Show three-tier context summary (Tier 0 skeleton + Tier 1 working set)', group: 'Session' },
-    { name: 'compact', args: '', gloss: 'Manual context compaction  (α6.5b)', group: 'Session', stub: true },
+    { name: 'compact', args: '', gloss: 'Summarise older turns into a boundary marker (leak L8)', group: 'Session' },
     { name: 'memory', args: '', gloss: 'Session memory editor  (α6.5b)', group: 'Session', stub: true },
+    { name: 'init', args: '', gloss: 'Scaffold .pugi/ in the current workspace (β1 Sl11)', group: 'Session' },
     // Pugi tools
     { name: 'web', args: '<url>', gloss: 'Fetch a URL into context', group: 'Pugi tools' },
     { name: 'diff', args: '', gloss: 'Show pending diff', group: 'Pugi tools' },
-    { name: 'cost', args: '', gloss: 'Token usage + budget', group: 'Pugi tools' },
-    { name: 'status', args: '', gloss: 'Backend + tenant status', group: 'Pugi tools' },
+    { name: 'cost', args: '', gloss: 'Session token + USD totals + last 5 turn breakdown', group: 'Pugi tools' },
+    { name: 'quota', args: '', gloss: 'Plan tier + monthly usage caps (sync / review / engine)', group: 'Pugi tools' },
+    { name: 'status', args: '', gloss: 'Session snapshot — id · cwd · mode · tokens · dispatches · auth', group: 'Pugi tools' },
     { name: 'consensus', args: '[ref]', gloss: '3-model consensus review (codex · claude · deepseek)', group: 'Pugi tools' },
     // Settings
     { name: 'config', args: '', gloss: 'Show config', group: 'Settings', stub: true },
     { name: 'privacy', args: '', gloss: 'Show privacy mode + contract', group: 'Settings' },
+    { name: 'permissions', args: '[mode] [--persist]', gloss: 'Show or flip permission mode (plan / ask / allow / bypass)', group: 'Settings' },
     { name: 'budget', args: '', gloss: 'Show usage budget', group: 'Settings', stub: true },
-    { name: 'mcp', args: '', gloss: 'List MCP servers', group: 'Settings', stub: true },
+    { name: 'mcp', args: '[sub]', gloss: 'MCP servers — list / trust / deny / install / serve / perms', group: 'Settings' },
     { name: 'undo', args: '', gloss: 'Undo last write', group: 'Settings', stub: true },
     // Meta
     { name: 'help', args: '', gloss: 'Show this help overlay', group: 'Meta' },
     { name: 'version', args: '', gloss: 'Show CLI version', group: 'Meta' },
+    { name: 'doctor', args: '', gloss: 'Environment health report (auth · API · Node · disk · MCP · …)', group: 'Meta' },
     { name: 'quit', args: '', gloss: 'Exit the REPL', group: 'Meta' },
 ]);
 /**
@@ -135,6 +145,38 @@ export function parseSlashCommand(input) {
         case 'roster': {
             return { kind: 'roster' };
         }
+        case 'delegate': {
+            // tail must start with the persona slug followed by the brief.
+            // Slug accepts only the closed-set lowercase ASCII pattern the
+            // server-side persona registry enforces; anything else surfaces
+            // as a usage error so the operator sees the typo before the
+            // round-trip.
+            const innerSpace = tail.indexOf(' ');
+            if (innerSpace === -1 || innerSpace === 0) {
+                return {
+                    kind: 'error',
+                    message: 'Usage: /delegate <slug> <one-sentence brief>',
+                };
+            }
+            const persona = tail.slice(0, innerSpace).toLowerCase();
+            const brief = tail.slice(innerSpace + 1).trim();
+            // Pattern intentionally mirrors server-side PUGI_DELEGATE_REGEX in
+            // sessions.controller.ts (^[a-z]+$). Keeping them lockstep means
+            // the REPL surfaces typos locally instead of round-tripping a 4xx.
+            if (!/^[a-z]+$/.test(persona)) {
+                return {
+                    kind: 'error',
+                    message: `/delegate slug must be lowercase ASCII (a-z only); got '${persona}'`,
+                };
+            }
+            if (brief.length === 0) {
+                return {
+                    kind: 'error',
+                    message: 'Usage: /delegate <slug> <one-sentence brief>',
+                };
+            }
+            return { kind: 'delegate', persona, brief };
+        }
         case 'stop':
         case 'kill': {
             if (tail.length === 0) {
@@ -181,9 +223,19 @@ export function parseSlashCommand(input) {
         case 'diff': {
             return { kind: 'diff' };
         }
-        case 'cost': {
+        case 'cost':
+        case 'usage': {
+            // L19 (2026-05-27): `/usage` is an alias of `/cost` per the cost-
+            // command spec. The previous mapping routed `/usage` to the
+            // network-backed `/quota` surface, but operators trained on Claude
+            // Code expect `/usage` to surface the per-model token breakdown
+            // (same shape as `/cost`). `/quota` remains the canonical name
+            // for the tier + monthly-cap fetch.
             return { kind: 'cost' };
         }
+        case 'quota': {
+            return { kind: 'quota' };
+        }
         case 'status': {
             return { kind: 'status' };
         }
@@ -215,11 +267,83 @@ export function parseSlashCommand(input) {
             // device flow + audit identity are wired correctly).
             return { kind: 'privacy' };
         }
-        case 'compact':
+        case 'permissions':
+        case 'perms': {
+            // Leak L6: `/permissions [mode] [--persist] [--confirm]`.
+            //
+            // Argument grammar (single line, no quoting):
+            //   /permissions                   -> show current mode + table
+            //   /permissions plan|ask|allow    -> flip mode
+            //   /permissions bypass --confirm  -> flip to bypass (refused
+            //                                     without --confirm — safety)
+            //   /permissions <mode> --persist  -> also write to ~/.pugi/config.json
+            //
+            // Anything else returns an `error` result so the runtime can
+            // render the usage hint inline.
+            const tokens = tail.length === 0 ? [] : tail.split(/\s+/).filter((s) => s.length > 0);
+            if (tokens.length === 0) {
+                return { kind: 'permissions', persist: false, confirmBypass: false };
+            }
+            const head0 = tokens[0]?.toLowerCase();
+            if (head0 !== 'plan' && head0 !== 'ask' && head0 !== 'allow' && head0 !== 'bypass') {
+                return {
+                    kind: 'error',
+                    message: `Usage: /permissions [plan|ask|allow|bypass] [--persist] [--confirm]; unknown mode '${tokens[0] ?? ''}'`,
+                };
+            }
+            const flags = tokens.slice(1);
+            let persist = false;
+            let confirmBypass = false;
+            for (const flag of flags) {
+                if (flag === '--persist') {
+                    persist = true;
+                }
+                else if (flag === '--confirm') {
+                    confirmBypass = true;
+                }
+                else {
+                    return {
+                        kind: 'error',
+                        message: `/permissions: unknown flag '${flag}' (allowed: --persist, --confirm)`,
+                    };
+                }
+            }
+            return { kind: 'permissions', mode: head0, persist, confirmBypass };
+        }
+        case 'init': {
+            // β1 Sl11: surface the init flow inside the REPL. Tail args
+            // are ignored — the init handler is parameterless today; `pugi
+            // init --no-defaults` is the CLI surface for skipping bundled
+            // skills.
+            return { kind: 'init' };
+        }
+        case 'mcp': {
+            // β4 Sl7: tokenize the tail. Empty tail -> `list` (matches CLI).
+            // Quoting / shell-escapes are NOT supported — the slash surface is
+            // intentionally simple; complex installs (env vars, multi-word
+            // args) go through `pugi mcp install` from a fresh shell.
+            const tokens = tail.length === 0 ? [] : tail.split(/\s+/).filter((s) => s.length > 0);
+            return { kind: 'mcp', args: tokens };
+        }
+        case 'doctor':
+        case 'health': {
+            // L17 (2026-05-27): run the probe sweep inline. Tail is ignored —
+            // the doctor command has no operator-facing arguments (every
+            // probe runs unconditionally; per-probe disable lives on the CLI
+            // shell surface, not the slash one).
+            return { kind: 'doctor' };
+        }
+        case 'compact': {
+            // Leak L8 (2026-05-27): graduated from stub. The session module
+            // owns the summariser round-trip; tail args are ignored today
+            // because the surface is parameterless. Operators wanting a
+            // per-session compact run `pugi compact --session <id>` from a
+            // fresh shell.
+            return { kind: 'compact' };
+        }
         case 'memory':
         case 'config':
         case 'budget':
-        case 'mcp':
         case 'undo': {
             const stubName = name;
             return {

package/dist/core/retry-budget/budget.js

@@ -0,0 +1,284 @@
+/**
+ * Leak L31 — Per-command tool retry budget (Claude Code parity).
+ *
+ * Claude Code limits the number of times the model may retry the SAME
+ * tool with the SAME arguments inside a single operator-input cycle.
+ * Once the cap is hit, the dispatcher hard-refuses and surfaces a
+ * sentinel string telling the model that this exact call has exhausted
+ * its retry budget. The model is expected (via system-prompt rule) to
+ * either change approach or ask the operator for guidance instead of
+ * looping forever on a transient failure.
+ *
+ * Why per-cycle, not per-session: a retry budget that persists across
+ * operator turns would surprise the operator. After the operator says
+ * "try again" the model rightly retries; the budget must reset when a
+ * fresh brief arrives. The simplest reset boundary is the executor
+ * lifetime — `buildExecutor` is called once per `runEngineLoop` and
+ * the loop drives exactly one operator-input cycle. Constructing the
+ * budget inside `buildExecutor` therefore gives us per-cycle scoping
+ * "for free" via closure lifetime; no external clear() call is needed
+ * from production callsites. The exported `clear()` exists so tests
+ * and a future hook surface (PreToolUse) can introspect the state.
+ *
+ * Hash design: same tool + same canonical args = same bucket. We
+ * canonicalise the args record by sorting object keys (stable across
+ * model output ordering) and then sha256 the JSON. The model emits
+ * `arguments` as a raw JSON string; we parse, canonicalise, hash. If
+ * parse fails we hash the raw string verbatim — that way an
+ * unparseable repeat still counts toward the cap (otherwise the model
+ * could loop on syntactic noise variants forever).
+ *
+ * Env overrides:
+ *   PUGI_RETRY_BUDGET_<TOOLNAME>=<N>   — override a single tool's cap.
+ *                                        Toolname matches DEFAULT_CAPS
+ *                                        keys verbatim, uppercased
+ *                                        (PUGI_RETRY_BUDGET_BASH=8).
+ *   PUGI_RETRY_BUDGET_DEFAULT=<N>      — override the fallback cap for
+ *                                        any tool not in DEFAULT_CAPS.
+ *   PUGI_RETRY_BUDGET_DISABLED=1       — warn-only mode. `shouldAllow`
+ *                                        still records but always
+ *                                        returns `allowed: true`. The
+ *                                        count is preserved so
+ *                                        diagnostics can still surface
+ *                                        the pattern.
+ */
+import { createHash } from 'node:crypto';
+/**
+ * Default per-tool retry caps. Tuned per leak research:
+ *
+ *   bash       — 5  (most volatile; transient flakes common)
+ *   edit       — 3  (deterministic; repeat = real bug)
+ *   write      — 3  (same)
+ *   read       — 10 (cheap; legitimate re-reads after edits)
+ *   search/grep/glob — 10 (cheap; exploration loop)
+ *   web_fetch  — 5  (transient network; not infinite)
+ *   default    — 5  (any tool not in the table)
+ *
+ * Operators override per-tool via `PUGI_RETRY_BUDGET_<NAME>` env vars.
+ * Caps are bounded `[1, 1000]` after override to defend against typo
+ * runaway (e.g. `PUGI_RETRY_BUDGET_BASH=5000000`).
+ */
+export const DEFAULT_CAPS = Object.freeze({
+    bash: 5,
+    edit: 3,
+    write: 3,
+    read: 10,
+    search: 10,
+    grep: 10,
+    glob: 10,
+    web_fetch: 5,
+    default: 5,
+});
+/**
+ * Lower / upper bound for any resolved cap. Defends against:
+ *   - PUGI_RETRY_BUDGET_BASH=0     -> first call instantly denied
+ *   - PUGI_RETRY_BUDGET_BASH=99999 -> effectively unbounded loop
+ */
+export const MIN_CAP = 1;
+export const MAX_CAP = 1000;
+/**
+ * Per-cycle retry budget. One instance per `buildExecutor` call.
+ *
+ * Not thread-safe: the executor is single-threaded by construction
+ * (Node event loop + sequential await in dispatcher). If a future
+ * executor parallelises tool dispatch it must serialise the budget
+ * mutation explicitly.
+ */
+export class RetryBudget {
+    counts = new Map();
+    capCache = new Map();
+    env;
+    programmaticCaps;
+    constructor(options = {}) {
+        this.env = options.env ?? process.env;
+        this.programmaticCaps = options.caps ?? {};
+    }
+    /**
+     * Returns true when PUGI_RETRY_BUDGET_DISABLED=1. In disabled mode
+     * `shouldAllow` still records attempts but always allows the
+     * dispatch — useful for operators triaging a false-positive without
+     * a code change.
+     */
+    isDisabled() {
+        return this.env.PUGI_RETRY_BUDGET_DISABLED === '1';
+    }
+    /**
+     * Record one dispatch attempt. Idempotent on the bucket key (tool
+     * + argHash). Call this BEFORE the dispatch (or after `shouldAllow`
+     * but before `dispatch()` resolves) so a thrown dispatch counts.
+     */
+    recordAttempt(toolName, argHash) {
+        const key = `${toolName}::${argHash}`;
+        const next = (this.counts.get(key) ?? 0) + 1;
+        this.counts.set(key, next);
+        return next;
+    }
+    /**
+     * Returns the current count for (tool, argHash) WITHOUT mutating.
+     */
+    peek(toolName, argHash) {
+        return this.counts.get(`${toolName}::${argHash}`) ?? 0;
+    }
+    /**
+     * Resolve the effective cap for a tool.
+     *
+     * Precedence:
+     *   1. PUGI_RETRY_BUDGET_<TOOL_UPPER>=<N>  (env)
+     *   2. programmaticCaps[toolName]          (constructor)
+     *   3. DEFAULT_CAPS[toolName]              (this module)
+     *   4. PUGI_RETRY_BUDGET_DEFAULT=<N>       (env fallback)
+     *   5. DEFAULT_CAPS.default                (final fallback)
+     *
+     * Bounded by [MIN_CAP, MAX_CAP] post-resolution. Invalid (NaN, ≤0,
+     * non-integer) env values are ignored and the next layer wins.
+     */
+    capFor(toolName) {
+        const cached = this.capCache.get(toolName);
+        if (cached !== undefined)
+            return cached;
+        const envKey = `PUGI_RETRY_BUDGET_${toolName.toUpperCase()}`;
+        const envCap = parseCapEnv(this.env[envKey]);
+        const programmaticCap = this.programmaticCaps[toolName];
+        const defaultCap = DEFAULT_CAPS[toolName];
+        const fallbackEnvCap = parseCapEnv(this.env.PUGI_RETRY_BUDGET_DEFAULT);
+        // DEFAULT_CAPS.default is hard-coded above; cast keeps the type-
+        // narrower happy without leaking `| undefined` through the index
+        // access (tsc cannot prove the literal key exists).
+        const finalFallback = DEFAULT_CAPS.default;
+        let resolved;
+        if (envCap !== undefined) {
+            resolved = envCap;
+        }
+        else if (programmaticCap !== undefined) {
+            resolved = programmaticCap;
+        }
+        else if (defaultCap !== undefined) {
+            resolved = defaultCap;
+        }
+        else {
+            resolved = fallbackEnvCap ?? finalFallback;
+        }
+        const bounded = Math.min(MAX_CAP, Math.max(MIN_CAP, resolved));
+        this.capCache.set(toolName, bounded);
+        return bounded;
+    }
+    /**
+     * Should this dispatch be allowed? Caller passes the current count
+     * BEFORE recording — i.e. shouldAllow returns true when count < cap,
+     * then recordAttempt fires, bringing count up to cap. The next
+     * identical call sees count === cap and is refused.
+     *
+     * In disabled mode `allowed` is forced to true; `count` and `cap`
+     * still reflect reality so logs / diagnostics can spot the pattern.
+     */
+    shouldAllow(toolName, argHash) {
+        const cap = this.capFor(toolName);
+        const count = this.peek(toolName, argHash);
+        const disabled = this.isDisabled();
+        const allowed = disabled ? true : count < cap;
+        return { allowed, count, cap, argHash, disabled };
+    }
+    /** Reset all state. Used between operator-input cycles when the
+     *  budget instance is reused (most callers throw the instance away
+     *  per cycle, so clear() is mostly for tests and hook surfaces). */
+    clear() {
+        this.counts.clear();
+        this.capCache.clear();
+    }
+    /**
+     * Snapshot the current state for diagnostics. Returns a plain
+     * object so it round-trips through JSON.stringify cleanly.
+     */
+    snapshot() {
+        const out = [];
+        for (const [key, count] of this.counts) {
+            const sep = key.indexOf('::');
+            if (sep < 0)
+                continue;
+            out.push({ tool: key.slice(0, sep), argHash: key.slice(sep + 2), count });
+        }
+        return out;
+    }
+}
+/**
+ * Hash the model's tool-call arguments into a stable key. Same
+ * canonical args = same hash regardless of JSON whitespace / key
+ * order. Unparseable JSON is hashed verbatim so the budget still
+ * catches syntactically degenerate retry loops.
+ */
+export function hashArgs(argsRaw) {
+    const canonical = canonicalise(argsRaw);
+    return createHash('sha256').update(canonical).digest('hex');
+}
+/**
+ * Canonicalise a raw JSON arg string. Object keys are sorted
+ * recursively. Arrays preserve order (semantic). Primitives untouched.
+ * On parse failure, returns the original string prefixed with `raw:`
+ * so a malformed-args repeat still hashes to the same bucket.
+ */
+function canonicalise(argsRaw) {
+    try {
+        const parsed = JSON.parse(argsRaw);
+        return JSON.stringify(sortKeys(parsed));
+    }
+    catch {
+        return `raw:${argsRaw}`;
+    }
+}
+function sortKeys(value) {
+    if (value === null || typeof value !== 'object')
+        return value;
+    if (Array.isArray(value))
+        return value.map(sortKeys);
+    const obj = value;
+    const sorted = {};
+    for (const k of Object.keys(obj).sort()) {
+        sorted[k] = sortKeys(obj[k]);
+    }
+    return sorted;
+}
+/**
+ * Parse and bound a `PUGI_RETRY_BUDGET_*` env var. Returns `undefined`
+ * for any non-positive-integer string so the resolver can fall
+ * through to the next precedence layer. Bounded by [MIN_CAP, MAX_CAP]
+ * is NOT applied here — `capFor` clamps after the final layer wins,
+ * matching the "operator typo defends against runaway" requirement
+ * without silently swallowing a meaningful low value (e.g.
+ * `PUGI_RETRY_BUDGET_BASH=1` should clamp to MIN_CAP=1, which it
+ * does naturally since 1 >= MIN_CAP).
+ */
+function parseCapEnv(raw) {
+    if (raw === undefined || raw === '')
+        return undefined;
+    const n = Number(raw);
+    if (!Number.isInteger(n) || n <= 0)
+        return undefined;
+    return n;
+}
+/**
+ * Sentinel emitted to the model when the budget is exhausted. The
+ * format is stable so the engine adapter, spec layer, and operator
+ * dashboards can pattern-match on it.
+ */
+export function retryBudgetExhaustedSentinel(toolName, cap) {
+    return `RETRY_BUDGET_EXHAUSTED: ${toolName} exceeded ${cap} attempts with these args. Operator must intervene.`;
+}
+/**
+ * Typed error thrown by the tool-bridge when the cap is hit. Carries
+ * the sentinel string so the engine loop can pattern-match without
+ * re-parsing. `instanceof RetryBudgetExhausted` is the canonical
+ * downstream test.
+ */
+export class RetryBudgetExhausted extends Error {
+    toolName;
+    cap;
+    argHash;
+    constructor(toolName, cap, argHash) {
+        super(retryBudgetExhaustedSentinel(toolName, cap));
+        this.name = 'RetryBudgetExhausted';
+        this.toolName = toolName;
+        this.cap = cap;
+        this.argHash = argHash;
+    }
+}
+//# sourceMappingURL=budget.js.map

package/dist/core/retry-budget/index.js

@@ -0,0 +1,5 @@
+/**
+ * Leak L31 — Tool retry budget. Public surface.
+ */
+export { DEFAULT_CAPS, MIN_CAP, MAX_CAP, RetryBudget, RetryBudgetExhausted, hashArgs, retryBudgetExhaustedSentinel, } from './budget.js';
+//# sourceMappingURL=index.js.map

package/dist/core/settings.js

@@ -28,6 +28,17 @@ const pugiSettingsSchema = z.object({
         telemetry: z.enum(['off', 'anonymous', 'community']).default('off'),
     })
         .default({}),
+    // beta.13 P1 fix 2026-05-26: ui.cyberZoo gates the cyber-zoo splash +
+    // ambient art in the REPL. Schema must declare the key explicitly
+    // because Zod's strip pass swallows unknown keys, which is how the
+    // initial `pugi init` write (which serialises `ui.cyberZoo`) was
+    // bypassed by the runtime reader — the value never made it past the
+    // schema gate so admin-api always saw the historical 'on' default.
+    ui: z
+        .object({
+        cyberZoo: z.enum(['on', 'off']).default('on'),
+    })
+        .default({}),
     artifacts: z
         .object({
         defaultPath: z.string().default('.pugi/artifacts'),
@@ -38,6 +49,12 @@ const pugiSettingsSchema = z.object({
     // fetcher. Default-off matches the spec posture; the schema must
     // declare it explicitly because Zod's strict-pass strips unknown
     // keys and would silently swallow the operator's intent.
+    //
+    // β1b T4 (2026-05-26): added `web.search.enabled` to gate the
+    // Brave-Search-backed `web_search` tool. Distinct from `web.fetch`
+    // because search queries themselves are an egress event that can
+    // leak operator intent — an operator may want fetch without
+    // implicitly enabling search-as-egress.
     web: z
         .object({
         fetch: z
@@ -45,6 +62,60 @@ const pugiSettingsSchema = z.object({
             enabled: z.boolean().optional(),
         })
             .optional(),
+        search: z
+            .object({
+            enabled: z.boolean().optional(),
+        })
+            .optional(),
+    })
+        .optional(),
+    // β7 L9 — per-language LSP toggle. When omitted, every supported
+    // server is available subject to binary detection on PATH. When
+    // present, only languages set to `true` are launched (false silently
+    // skips that language even if the binary is installed). Use this in
+    // workspaces where a heavyweight server (rust-analyzer indexing a
+    // monorepo, pyright on a fresh venv) wastes resources for the
+    // current task. The `pugi lsp servers` subcommand surfaces the
+    // current toggle state per server.
+    //
+    // Schema is intentionally permissive (`optional()` on the section AND
+    // on every per-language flag) so a partial config keeps the
+    // backwards-compatible "every language enabled" default.
+    lsp: z
+        .object({
+        typescript: z.boolean().optional(),
+        javascript: z.boolean().optional(),
+        python: z.boolean().optional(),
+        go: z.boolean().optional(),
+        rust: z.boolean().optional(),
+    })
+        .optional(),
+    // β1 Pl9 (#74) — per-command budget overrides. Optional. Partial
+    // overrides merge against the β1 defaults in
+    // `core/engine/budgets.ts::beta1DefaultBudgets`. The schema is
+    // intentionally loose at the leaf (positive integers) so a typo lands
+    // a deterministic `BudgetConfigError` at `resolveBudget()` instead of
+    // a Zod parse error two layers up.
+    budgets: z
+        .object({
+        code: z
+            .object({ maxTokens: z.number().int().positive().optional(), maxToolCalls: z.number().int().positive().optional() })
+            .optional(),
+        fix: z
+            .object({ maxTokens: z.number().int().positive().optional(), maxToolCalls: z.number().int().positive().optional() })
+            .optional(),
+        build: z
+            .object({ maxTokens: z.number().int().positive().optional(), maxToolCalls: z.number().int().positive().optional() })
+            .optional(),
+        plan: z
+            .object({ maxTokens: z.number().int().positive().optional(), maxToolCalls: z.number().int().positive().optional() })
+            .optional(),
+        explain: z
+            .object({ maxTokens: z.number().int().positive().optional(), maxToolCalls: z.number().int().positive().optional() })
+            .optional(),
+        review_triple: z
+            .object({ maxTokens: z.number().int().positive().optional(), maxToolCalls: z.number().int().positive().optional() })
+            .optional(),
     })
         .optional(),
 });