@pugi/cli 0.1.0-beta.2 → 0.1.0-beta.20

package/dist/tools/web-search.js

@@ -0,0 +1,458 @@
+/**
+ * web_search tool — β1b T4 (2026-05-26).
+ *
+ * One-shot web search via the Anvil-proxied Brave Search API. Mirrors
+ * the gate + SSRF + sanitize + rate-limit posture of
+ * `tools/web-fetch.ts`. Returns the top-N {title, url, snippet}
+ * results wrapped in an `<untrusted-search-NONCE>` sentinel so the
+ * downstream prompt treats every snippet as data, never as
+ * instructions.
+ *
+ * Why an Anvil proxy and not a direct Brave API call:
+ *   - The Brave Search subscription key is server-side. Shipping it in
+ *     a customer CLI bundle would burn the rotation budget the first
+ *     time the binary lands on a phishing repo.
+ *   - The Anvil proxy already terminates the customer's `PUGI_API_KEY`
+ *     for tenancy + per-tier rate-limiting + audit logging. Routing
+ *     search through the same boundary keeps the security model
+ *     uniform with `pugi engine` and `pugi sync`.
+ *   - For local dev / offline testing the env var
+ *     `PUGI_SEARCH_PROXY_URL` overrides the default proxy endpoint;
+ *     unit tests inject `_setSearchFetchForTests()` so no network is
+ *     touched.
+ *
+ * Gate: the tool refuses unless one of:
+ *   1. `settings.web.search.enabled === true` (persistent opt-in)
+ *   2. `allowSearch === true` (CLI flag `--allow-search`, single dispatch)
+ *
+ * SSRF: the proxy URL itself runs through `validateHostnameForFetch`
+ * from `web-fetch.ts` so a configured `PUGI_SEARCH_PROXY_URL=
+ * http://169.254.169.254/...` cannot ride to cloud metadata. We also
+ * apply the β1b #62 DNS-rebinding guard via the shared
+ * `pinnedAddressAgent` helper (web-fetch.ts) — the same SSRF window
+ * that fetch closes, search closes.
+ *
+ * Rate limit: in-memory session bucket — 5 requests per rolling 60 s
+ * keyed by `sessionId`. Burst above the cap returns
+ * `{ ok: false, error: 'rate_limited' }` immediately, no network
+ * dispatch. Per-session because a noisy session should not starve a
+ * quieter one in the same workstation process.
+ *
+ * Response size cap: hard 1 MiB ceiling on the proxy body. Anything
+ * larger drops the entire response with `oversized_response` — the
+ * proxy already normalizes Brave's payload to a small JSON shape, so
+ * 1 MiB is generous for the typical 10-result payload (~5 KiB).
+ *
+ * Sanitization: snippet text is stripped of HTML tags before being
+ * surfaced to the model. Brave returns raw HTML in `description` for
+ * highlight markup; we keep the visible text and drop every `<...>`
+ * span via a conservative regex. Cross-checked by the `script/style`
+ * spec which asserts a hostile `<script>alert(1)</script>` snippet
+ * lands as the inner text only.
+ *
+ * Brand voice: brief / dispatch / ship / sentinel only — brandbook §08.
+ */
+import { request, Agent } from 'undici';
+import { randomBytes } from 'node:crypto';
+import { validateHostnameForFetch, validateIpLiteralForFetch } from './web-fetch.js';
+let activeFetch = null;
+/**
+ * Test seam — pass `null` to restore the production undici dispatcher.
+ * Mirrors the `_setLookupForTests` pattern from `web-fetch.ts`.
+ */
+export function _setSearchFetchForTests(fn) {
+    activeFetch = fn;
+}
+const SEARCH_TIMEOUT_MS = 10_000;
+const MAX_RESPONSE_BYTES = 1 * 1024 * 1024; // 1 MiB hard cap
+const MAX_RESULTS = 10;
+const DEFAULT_RESULTS = 10;
+const MAX_QUERY_LEN = 256;
+const RATE_LIMIT_WINDOW_MS = 60_000;
+const RATE_LIMIT_MAX = 5;
+const USER_AGENT = 'pugi-cli/0.1 (+https://pugi.dev)';
+const DEFAULT_PROXY_URL = 'https://api.pugi.io/api/pugi/web-search';
+export function isWebSearchEnabled(ctx) {
+    if (ctx.allowSearch === true)
+        return true;
+    return ctx.settings.web?.search?.enabled === true;
+}
+const rateBuckets = new Map();
+/**
+ * β1b r1: Map sweep cap so a long-running engine session that recycles
+ * sessionIds (or a misconfigured caller that passes per-call random
+ * ids) cannot grow `rateBuckets` unbounded. 1024 is well above any
+ * realistic concurrent-session count for a single CLI process; when
+ * we cross the cap we sweep expired buckets first, and if the Map is
+ * still over the cap we evict the oldest-touched bucket. Pure LRU
+ * would need another timestamp; oldest-by-insertion (Map iteration
+ * order) is close enough for a defense-in-depth memory bound.
+ */
+const RATE_BUCKETS_CAP = 1024;
+/**
+ * Returns true when the dispatch is allowed and records the call;
+ * returns false when the per-session bucket is at cap. Pure
+ * in-process; CLI dispatch is short-lived so a Map is sufficient.
+ *
+ * Exported for spec reset between test cases.
+ */
+export function _checkRateLimit(sessionId, now = Date.now()) {
+    if (!sessionId)
+        return true;
+    let bucket = rateBuckets.get(sessionId);
+    if (!bucket) {
+        // β1b r1: sweep before allocating a new bucket so we never grow
+        // past the cap. Sweep is O(n) but only runs when we are about to
+        // breach the cap, so per-call cost stays effectively constant.
+        if (rateBuckets.size >= RATE_BUCKETS_CAP) {
+            sweepRateBuckets(now);
+        }
+        bucket = { timestamps: [] };
+        rateBuckets.set(sessionId, bucket);
+    }
+    const cutoff = now - RATE_LIMIT_WINDOW_MS;
+    bucket.timestamps = bucket.timestamps.filter((ts) => ts > cutoff);
+    if (bucket.timestamps.length >= RATE_LIMIT_MAX)
+        return false;
+    bucket.timestamps.push(now);
+    return true;
+}
+/**
+ * Drop expired buckets (all timestamps older than the rate-limit
+ * window) and, if still over the cap, evict the oldest-inserted
+ * buckets until under cap. Memory-bound only — never affects rate
+ * limit correctness for live sessions.
+ */
+function sweepRateBuckets(now) {
+    const cutoff = now - RATE_LIMIT_WINDOW_MS;
+    for (const [id, b] of rateBuckets) {
+        if (b.timestamps.every((ts) => ts <= cutoff)) {
+            rateBuckets.delete(id);
+        }
+    }
+    while (rateBuckets.size >= RATE_BUCKETS_CAP) {
+        const oldest = rateBuckets.keys().next();
+        if (oldest.done)
+            break;
+        rateBuckets.delete(oldest.value);
+    }
+}
+/** Test seam — clear rate buckets between specs. */
+export function _resetRateLimitForTests() {
+    rateBuckets.clear();
+}
+/* ----------------------- sanitization ---------------------- */
+/**
+ * Strip HTML tags + collapse whitespace. Brave's `description` carries
+ * highlight markup (`<strong>`); we keep the inner text only so the
+ * model never sees raw HTML it could mistake for a directive. The
+ * regex is conservative: `<[^>]*>` removes opening + closing tags +
+ * self-closing tags + comments + processing instructions. Script
+ * BODIES are removed via a second pass that drops the entire
+ * `<script>...</script>` and `<style>...</style>` block (case-
+ * insensitive) so even a server-rendered snippet cannot leak a
+ * `console.log` line into the model context.
+ */
+export function sanitizeSnippet(input) {
+    if (!input)
+        return '';
+    // Drop full script + style blocks (with their bodies). The
+    // non-greedy `.*?` handles "..." with embedded newlines via the `s`
+    // flag.
+    const noScripts = input
+        .replace(/<script\b[^>]*>.*?<\/script>/gis, '')
+        .replace(/<style\b[^>]*>.*?<\/style>/gis, '');
+    // Drop any remaining tag.
+    const noTags = noScripts.replace(/<[^>]*>/g, '');
+    // Collapse whitespace runs. Brave already trims but defensive.
+    return noTags.replace(/\s+/g, ' ').trim();
+}
+/**
+ * HTML-escape for sentinel body — mirrors `escapeForSentinelBody` from
+ * web-fetch.ts. Kept local to avoid coupling the modules tighter than
+ * the SSRF helpers already do.
+ */
+function escapeForSentinelBody(input) {
+    return input
+        .replace(/&/g, '&amp;')
+        .replace(/</g, '&lt;')
+        .replace(/>/g, '&gt;')
+        .replace(/"/g, '&quot;')
+        .replace(/'/g, '&#39;');
+}
+/* ----------------------- dispatcher ---------------------- */
+/**
+ * Resolve the search proxy URL. `PUGI_SEARCH_PROXY_URL` env override
+ * lets local dev point at a fixture server; production hits
+ * `api.pugi.io`.
+ */
+function resolveProxyUrl() {
+    const env = process.env.PUGI_SEARCH_PROXY_URL;
+    if (typeof env === 'string' && env.length > 0)
+        return env;
+    return DEFAULT_PROXY_URL;
+}
+/**
+ * Production fetch via undici with the β1b #62 DNS-rebinding guard
+ * applied. We resolve the proxy hostname, validate against the SSRF
+ * blocklist, then dispatch via an Agent pinned to the resolved IP so
+ * a hostile DNS server cannot answer a different address on the
+ * connect(2) than on the lookup.
+ */
+async function productionFetch(url, init) {
+    // β1b #62 — pinned-address Dispatcher to close the lookup→connect
+    // race. The Agent's `connect.lookup` always returns the address we
+    // already validated, so DNS cannot flip between the SSRF guard and
+    // the socket creation. Agent is per-call (small object) so process
+    // teardown does not need to keep a long-lived dispatcher around.
+    const parsed = new URL(url);
+    const hostname = parsed.hostname.replace(/^\[|\]$/g, '');
+    const dnsGuard = await validateHostnameForFetch(hostname);
+    if (dnsGuard) {
+        throw new Error(`SSRF refused: ${dnsGuard}`);
+    }
+    const { lookup: dnsLookup } = await import('node:dns/promises');
+    const answers = await dnsLookup(hostname, { all: true, verbatim: true });
+    if (answers.length === 0) {
+        throw new Error(`DNS returned no answers for ${hostname}`);
+    }
+    // Pin the first answer of THIS lookup, then re-validate against the
+    // SSRF blocklist. β1b r1: closes the DNS rebinding window where a
+    // hostile resolver returns public IPs to `validateHostnameForFetch`
+    // above and private IPs here. The lookup that feeds the pin is the
+    // lookup whose answer the connect(2) will actually use; without a
+    // re-check on this literal the original guard's IP set can diverge
+    // from the IP we lock into `connect.lookup`.
+    const pinned = answers[0];
+    if (!pinned) {
+        throw new Error(`DNS returned no answers for ${hostname}`);
+    }
+    const ipCheck = validateIpLiteralForFetch(pinned.address, pinned.family);
+    if (ipCheck !== null) {
+        throw new Error(`SSRF refused: ssrf_pinned_address_blocked: ${ipCheck}`);
+    }
+    const agent = new Agent({
+        connect: {
+            // Force the connect path to use the pre-resolved address. undici
+            // accepts the standard Node `dns.LookupFunction` shape here.
+            lookup: (_h, _opts, cb) => {
+                cb(null, pinned.address, pinned.family);
+            },
+        },
+    });
+    try {
+        return await request(url, { ...init, dispatcher: agent });
+    }
+    finally {
+        await agent.close().catch(() => {
+            /* best-effort */
+        });
+    }
+}
+async function readBodyWithCap(body, controller) {
+    const chunks = [];
+    let total = 0;
+    try {
+        for await (const chunk of body) {
+            const buf = Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk);
+            total += buf.length;
+            if (total > MAX_RESPONSE_BYTES) {
+                controller.abort();
+                try {
+                    if (typeof body.destroy === 'function')
+                        body.destroy();
+                }
+                catch {
+                    /* ignore — already aborted */
+                }
+                return { ok: false, error: `oversized_response: > ${MAX_RESPONSE_BYTES} bytes` };
+            }
+            chunks.push(buf);
+        }
+    }
+    catch (error) {
+        const msg = error instanceof Error ? error.message : String(error);
+        return { ok: false, error: `body_read_failed: ${msg}` };
+    }
+    return { ok: true, buffer: Buffer.concat(chunks) };
+}
+/**
+ * Validate + clamp the optional `count` arg. Clamp into [1, MAX_RESULTS]
+ * and default to DEFAULT_RESULTS when missing. The bridge already
+ * validates the type — this enforces the bounds.
+ */
+function resolveCount(raw) {
+    if (raw === undefined)
+        return DEFAULT_RESULTS;
+    if (raw < 1)
+        return 1;
+    if (raw > MAX_RESULTS)
+        return MAX_RESULTS;
+    return Math.floor(raw);
+}
+/**
+ * Sanitize the operator query before it crosses the proxy boundary.
+ * Trim, hard-cap at MAX_QUERY_LEN, reject empty after trim. The proxy
+ * also validates, but a CLI-side check keeps the model's mistake
+ * visible to the operator (the failed call shows up in
+ * `.pugi/events.jsonl`) rather than blamed on a 400 from the proxy.
+ */
+function sanitizeQuery(raw) {
+    const trimmed = raw.trim();
+    if (trimmed.length === 0) {
+        throw new Error('empty_query');
+    }
+    if (trimmed.length > MAX_QUERY_LEN) {
+        return trimmed.slice(0, MAX_QUERY_LEN);
+    }
+    return trimmed;
+}
+export async function webSearchTool(input, ctx) {
+    if (!isWebSearchEnabled(ctx)) {
+        return {
+            ok: false,
+            error: 'web_search disabled. Enable with --allow-search or set web.search.enabled=true in .pugi/settings.json.',
+        };
+    }
+    let query;
+    try {
+        query = sanitizeQuery(input.query);
+    }
+    catch (error) {
+        return { ok: false, error: error instanceof Error ? error.message : String(error) };
+    }
+    if (!_checkRateLimit(ctx.sessionId)) {
+        return {
+            ok: false,
+            error: `rate_limited: max ${RATE_LIMIT_MAX} searches per ${RATE_LIMIT_WINDOW_MS / 1000}s per session`,
+        };
+    }
+    const count = resolveCount(input.count);
+    const proxyUrl = resolveProxyUrl();
+    // Validate the proxy URL parses + scheme + SSRF. Even though the
+    // env var is operator-controlled, a careless export of
+    // `http://localhost:8080` would otherwise let an unrelated local
+    // server intercept the call. Default URL is `api.pugi.io` and
+    // resolves clean.
+    let parsedProxy;
+    try {
+        parsedProxy = new URL(proxyUrl);
+    }
+    catch {
+        return { ok: false, error: `invalid_proxy_url: ${proxyUrl}` };
+    }
+    if (parsedProxy.protocol !== 'http:' && parsedProxy.protocol !== 'https:') {
+        return { ok: false, error: `unsupported_proxy_scheme: ${parsedProxy.protocol}` };
+    }
+    const proxyHost = parsedProxy.hostname.replace(/^\[|\]$/g, '');
+    // SSRF guard applies to the proxy hostname even when activeFetch is
+    // a test stub — keeps the spec contract honest. Tests that exercise
+    // the rate limiter use a stub that bypasses productionFetch but the
+    // guard still runs at the entry above test stubs.
+    const ssrfErr = await validateHostnameForFetch(proxyHost);
+    if (ssrfErr) {
+        return { ok: false, error: `SSRF refused: ${ssrfErr}` };
+    }
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), SEARCH_TIMEOUT_MS);
+    // β1b: lifted PUGI_API_KEY from the runtime credential store would
+    // belong here for production — for the proxy call we forward whatever
+    // PUGI_API_KEY the operator has exported. Anonymous proxy access is
+    // permitted; the proxy treats it as the free-tier search quota.
+    const apiKey = process.env.PUGI_API_KEY ?? process.env.PUGI_LOGIN_TOKEN;
+    const headers = {
+        'user-agent': USER_AGENT,
+        'content-type': 'application/json',
+        accept: 'application/json',
+    };
+    if (typeof apiKey === 'string' && apiKey.length > 0) {
+        headers.authorization = `Bearer ${apiKey}`;
+    }
+    let response;
+    try {
+        const fetcher = activeFetch ?? (async (u, i) => (await productionFetch(u, i)));
+        response = (await fetcher(proxyUrl, {
+            method: 'POST',
+            headers,
+            body: JSON.stringify({ query, count }),
+            signal: controller.signal,
+        }));
+    }
+    catch (error) {
+        clearTimeout(timer);
+        const message = error instanceof Error ? error.message : String(error);
+        return { ok: false, error: `search_failed: ${message}` };
+    }
+    finally {
+        clearTimeout(timer);
+    }
+    if (response.statusCode < 200 || response.statusCode >= 300) {
+        // Drain the body so the socket can be reused / released.
+        try {
+            if (typeof response.body.destroy === 'function')
+                response.body.destroy();
+        }
+        catch {
+            /* ignore */
+        }
+        return { ok: false, error: `proxy_http_${response.statusCode}` };
+    }
+    const bodyResult = await readBodyWithCap(response.body, controller);
+    if (!bodyResult.ok)
+        return bodyResult;
+    let parsed;
+    try {
+        parsed = JSON.parse(bodyResult.buffer.toString('utf8'));
+    }
+    catch (error) {
+        const msg = error instanceof Error ? error.message : String(error);
+        return { ok: false, error: `proxy_malformed_json: ${msg}` };
+    }
+    // Expect the proxy to normalize Brave's payload to `{results: [{title, url, snippet}]}`.
+    // When the proxy is missing the `results` array (or it is not an array)
+    // we surface a clean error instead of returning empty.
+    const obj = parsed;
+    if (!obj || typeof obj !== 'object') {
+        return { ok: false, error: 'proxy_malformed_response: not an object' };
+    }
+    const rawResults = obj.results;
+    if (!Array.isArray(rawResults)) {
+        return { ok: false, error: 'proxy_malformed_response: missing results array' };
+    }
+    const results = [];
+    for (const r of rawResults.slice(0, count)) {
+        if (!r || typeof r !== 'object')
+            continue;
+        const row = r;
+        const title = typeof row.title === 'string' ? sanitizeSnippet(row.title) : '';
+        const url = typeof row.url === 'string' ? row.url : '';
+        const snippet = typeof row.snippet === 'string' ? sanitizeSnippet(row.snippet) : '';
+        if (!url)
+            continue;
+        results.push({ title, url, snippet });
+    }
+    // Per-call nonce for the sentinel. Mirrors `web-fetch.ts` so the
+    // downstream prompt's nonce-matching escape logic works uniformly.
+    const nonce = randomBytes(8).toString('hex');
+    const renderedLines = [`<untrusted-search-${nonce}>`, `Query: ${escapeForSentinelBody(query)}`, ''];
+    for (let i = 0; i < results.length; i += 1) {
+        const r = results[i];
+        if (!r)
+            continue;
+        renderedLines.push(`${i + 1}. ${escapeForSentinelBody(r.title || r.url)}`);
+        renderedLines.push(`   ${escapeForSentinelBody(r.url)}`);
+        if (r.snippet)
+            renderedLines.push(`   ${escapeForSentinelBody(r.snippet)}`);
+        renderedLines.push('');
+    }
+    renderedLines.push(`</untrusted-search-${nonce}>`);
+    const content_md = renderedLines.join('\n').trimEnd();
+    return {
+        ok: true,
+        query,
+        results,
+        content_md,
+        fetched_at: new Date().toISOString(),
+    };
+}
+//# sourceMappingURL=web-search.js.map

package/dist/tui/agent-progress-card.js

@@ -0,0 +1,111 @@
+import { jsx as _jsx, jsxs as _jsxs } from "react/jsx-runtime";
+import { Box, Text } from 'ink';
+/** Width of the progress bar in display cells. Tuned to fit comfortably
+ *  inside an 80-col terminal alongside the percent label. */
+export const PROGRESS_BAR_WIDTH = 24;
+/** Max milestone rows the card renders before collapsing to the footer
+ *  summary. Matches the CC `/compact` cutoff. */
+export const MAX_VISIBLE_MILESTONES = 5;
+const STATUS_GLYPH = {
+    done: '◼',
+    active: '▸',
+    pending: '◻',
+};
+const STATUS_COLOR = {
+    done: 'green',
+    active: 'yellow',
+    pending: 'gray',
+};
+const HEADER_DOT_COLOR = {
+    running: 'cyan',
+    completed: 'green',
+    failed: 'red',
+};
+/**
+ * Build the unicode progress bar. Exported для тесты — guarantees the
+ * filled/empty counts match the percent under all rounding edges.
+ */
+export function renderProgressBarCells(percent, width = PROGRESS_BAR_WIDTH) {
+    const safePercent = Math.max(0, Math.min(100, percent));
+    const cells = Math.round((safePercent / 100) * width);
+    const clamped = Math.max(0, Math.min(width, cells));
+    return {
+        filled: '▰'.repeat(clamped),
+        empty: '▱'.repeat(width - clamped),
+        cells: clamped,
+    };
+}
+/**
+ * Format milliseconds as the CC-style `Hh Mm Ss` / `Mm Ss` / `Ss` label.
+ * Mirrors the rule used by status-bar elapsed slot.
+ */
+export function formatElapsed(ms) {
+    const total = Math.max(0, Math.floor(ms / 1000));
+    const h = Math.floor(total / 3600);
+    const m = Math.floor((total % 3600) / 60);
+    const s = total % 60;
+    if (h > 0)
+        return `${h}h ${m}m ${s}s`;
+    if (m > 0)
+        return `${m}m ${s}s`;
+    return `${s}s`;
+}
+/**
+ * Format a raw token count as `21.7k` / `3.4M` / `812`. Mirrors the
+ * formatter in `core/repl/model-pricing.ts` so both surfaces stay
+ * visually consistent without coupling.
+ */
+export function formatTokenCount(n) {
+    if (n === undefined)
+        return undefined;
+    if (n < 1_000)
+        return `${n}`;
+    if (n < 1_000_000) {
+        const k = n / 1_000;
+        return `${k >= 10 ? k.toFixed(1).replace(/\.0$/, '') : k.toFixed(1)}k`;
+    }
+    const m = n / 1_000_000;
+    return `${m >= 10 ? m.toFixed(1).replace(/\.0$/, '') : m.toFixed(1)}M`;
+}
+/**
+ * Compute the "… +N pending, M completed" footer counts. When the
+ * agent supplied rollups they win; otherwise we derive from the
+ * milestone array.
+ */
+export function computeFooterCounts(milestones, visibleCount, rollup) {
+    const pending = rollup.pendingCount
+        ?? milestones.filter((m) => m.status === 'pending').length;
+    const completed = rollup.completedCount
+        ?? milestones.filter((m) => m.status === 'done').length;
+    const hidden = Math.max(0, milestones.length - visibleCount);
+    return { pending, completed, hidden };
+}
+function MilestoneRow({ milestone }) {
+    const glyph = STATUS_GLYPH[milestone.status];
+    const color = STATUS_COLOR[milestone.status];
+    // Truncate to 64 chars so a verbose label can't wrap and break the
+    // grid layout in the watcher.
+    const label = milestone.label.length > 64
+        ? `${milestone.label.slice(0, 63)}…`
+        : milestone.label;
+    return (_jsxs(Box, { children: [_jsx(Text, { children: '   ' }), _jsx(Text, { color: color, children: glyph }), _jsx(Text, { children: " " }), _jsx(Text, { color: color === 'gray' ? 'gray' : undefined, dimColor: milestone.status === 'pending', children: label })] }));
+}
+export function AgentProgressCard({ progress, nowEpochMs, }) {
+    // Re-derive elapsed from the wall clock when the parent supplied it;
+    // this is what makes the card tick once a second without the writer
+    // re-emitting JSON every tick.
+    const elapsed = nowEpochMs !== undefined
+        ? Math.max(progress.elapsedMs, nowEpochMs - Date.parse(progress.startedAt))
+        : progress.elapsedMs;
+    const bar = renderProgressBarCells(progress.percentComplete);
+    const percentLabel = `${Math.round(Math.max(0, Math.min(100, progress.percentComplete)))}%`;
+    const tokensLabel = formatTokenCount(progress.tokensUsed);
+    const dotColor = HEADER_DOT_COLOR[progress.status];
+    const visibleMilestones = progress.milestones.slice(0, MAX_VISIBLE_MILESTONES);
+    const footer = computeFooterCounts(progress.milestones, visibleMilestones.length, { pendingCount: progress.pendingCount, completedCount: progress.completedCount });
+    // CC compact pattern: header has a leading `· ` glyph + the task label.
+    // We append `…` only while running (matches CC's "Compacting…" verb form).
+    const headerVerb = progress.status === 'running' ? '…' : '';
+    return (_jsxs(Box, { flexDirection: "column", paddingX: 1, paddingY: 0, marginBottom: 1, children: [_jsxs(Box, { children: [_jsx(Text, { color: dotColor, children: '· ' }), _jsx(Text, { bold: true, children: progress.agentType }), _jsx(Text, { children: " " }), _jsxs(Text, { children: [progress.task, headerVerb] }), _jsxs(Text, { dimColor: true, children: [' (', formatElapsed(elapsed), tokensLabel ? ` · ↑ ${tokensLabel} tokens` : '', ')'] })] }), _jsxs(Box, { children: [_jsx(Text, { children: '  ' }), _jsx(Text, { color: "cyan", children: bar.filled }), _jsx(Text, { dimColor: true, children: bar.empty }), _jsxs(Text, { children: [' ', percentLabel] })] }), progress.stepDescription ? (_jsxs(Box, { children: [_jsx(Text, { children: '  ' }), _jsxs(Text, { dimColor: true, children: ["step ", progress.currentStep, "/", progress.totalSteps, ": ", progress.stepDescription] })] })) : null, visibleMilestones.length > 0 ? (_jsxs(Box, { flexDirection: "column", children: [_jsxs(Box, { children: [_jsx(Text, { children: '  ' }), _jsx(Text, { dimColor: true, children: "\u23BF" })] }), visibleMilestones.map((m, i) => (_jsx(MilestoneRow, { milestone: m }, `${m.label}-${i}`))), footer.hidden > 0 ? (_jsxs(Box, { children: [_jsx(Text, { children: '     ' }), _jsxs(Text, { dimColor: true, children: ["\u2026 +", footer.pending, " pending, ", footer.completed, " completed"] })] })) : null] })) : null] }));
+}
+//# sourceMappingURL=agent-progress-card.js.map

package/dist/tui/agent-tree.js

@@ -26,6 +26,13 @@ function statusGlyph(status) {
             return '⏳';
         case 'shipped':
             return '✓';
+        // 2026-05-26 — `replied` = orchestrator finished talking but no
+        // tool/delegate side-effect emitted. Distinct arrow glyph so the
+        // operator can tell at a glance that no real work shipped, even
+        // though the LLM completed cleanly. Defeats the fake-shipped
+        // anti-pattern (memory feedback_no_fake_dispatch_promises).
+        case 'replied':
+            return '→';
         case 'blocked':
             return '✗';
         case 'failed':
@@ -40,6 +47,9 @@ function statusColor(status) {
             return 'cyan';
         case 'shipped':
             return 'green';
+        // Dim/grey-ish — succeeded technically but no work was shipped.
+        case 'replied':
+            return 'gray';
         case 'blocked':
             return 'yellow';
         case 'failed':

package/dist/tui/ask-modal.js

@@ -85,7 +85,7 @@ export function AskModal(props) {
             setBuffer((prev) => prev + input);
         }
     }, { isActive: props.inert !== true });
-    return (_jsxs(Box, { flexDirection: "column", borderStyle: "round", borderColor: "yellow", paddingX: 1, children: [_jsxs(Box, { children: [_jsx(Text, { bold: true, color: "yellow", children: '? ' }), _jsx(Text, { bold: true, children: 'Need your call before I continue' })] }), _jsx(Box, { marginTop: 1, children: _jsx(Text, { children: props.tag.question }) }), _jsxs(Box, { flexDirection: "column", marginTop: 1, children: [props.tag.options.map((opt, idx) => (_jsxs(Box, { flexDirection: "column", children: [_jsxs(Box, { children: [_jsx(Text, { color: "cyan", bold: true, children: `  ${idx + 1}. ` }), _jsx(Text, { children: opt.label })] }), opt.desc ? (_jsx(Box, { marginLeft: 5, children: _jsx(Text, { dimColor: true, children: opt.desc }) })) : null] }, opt.value))), _jsxs(Box, { children: [_jsx(Text, { color: "cyan", bold: true, children: `  ${props.tag.options.length + 1}. ` }), _jsx(Text, { dimColor: true, children: 'Other (type a custom answer)' })] })] }), mode === 'pick' ? (_jsx(Box, { marginTop: 1, children: _jsx(Text, { dimColor: true, children: `Press 1-${props.tag.options.length + 1} to choose. Esc cancels.` }) })) : (_jsxs(Box, { flexDirection: "column", marginTop: 1, children: [_jsxs(Box, { children: [_jsx(Text, { color: "cyan", children: '> ' }), _jsx(Text, { children: buffer }), _jsx(Text, { inverse: true, children: ' ' })] }), _jsx(Box, { children: _jsx(Text, { dimColor: true, children: 'Type your custom answer. Enter submits. Esc cancels.' }) })] }))] }));
+    return (_jsxs(Box, { flexDirection: "column", borderStyle: "round", borderColor: "yellow", paddingX: 1, children: [_jsxs(Box, { children: [_jsx(Text, { bold: true, color: "yellow", children: '? ' }), _jsx(Text, { bold: true, children: 'Need your call before I continue' })] }), _jsx(Box, { marginTop: 1, children: _jsx(Text, { children: props.tag.question }) }), _jsxs(Box, { flexDirection: "column", marginTop: 1, children: [props.tag.options.map((opt, idx) => (_jsxs(Box, { flexDirection: "column", children: [_jsxs(Box, { children: [_jsx(Text, { color: "#3da9fc", bold: true, children: `  ${idx + 1}. ` }), _jsx(Text, { children: opt.label })] }), opt.desc ? (_jsx(Box, { marginLeft: 5, children: _jsx(Text, { dimColor: true, children: opt.desc }) })) : null] }, opt.value))), _jsxs(Box, { children: [_jsx(Text, { color: "#3da9fc", bold: true, children: `  ${props.tag.options.length + 1}. ` }), _jsx(Text, { dimColor: true, children: 'Other (type a custom answer)' })] })] }), mode === 'pick' ? (_jsx(Box, { marginTop: 1, children: _jsx(Text, { dimColor: true, children: `Press 1-${props.tag.options.length + 1} to choose. Esc cancels.` }) })) : (_jsxs(Box, { flexDirection: "column", marginTop: 1, children: [_jsxs(Box, { children: [_jsx(Text, { color: "#3da9fc", children: '> ' }), _jsx(Text, { children: buffer }), _jsx(Text, { inverse: true, children: ' ' })] }), _jsx(Box, { children: _jsx(Text, { dimColor: true, children: 'Type your custom answer. Enter submits. Esc cancels.' }) })] }))] }));
 }
 export function PlanReviewModal(props) {
     const [mode, setMode] = useState('pick');
@@ -130,7 +130,7 @@ export function PlanReviewModal(props) {
             setBuffer((prev) => prev + input);
         }
     }, { isActive: props.inert !== true });
-    return (_jsxs(Box, { flexDirection: "column", borderStyle: "round", borderColor: "magenta", paddingX: 1, children: [_jsxs(Box, { children: [_jsx(Text, { bold: true, color: "magenta", children: '? ' }), _jsx(Text, { bold: true, children: 'Plan review - approve before I execute' })] }), _jsxs(Box, { flexDirection: "column", marginTop: 1, children: [_jsx(Text, { dimColor: true, children: 'Steps:' }), props.tag.steps.map((step, idx) => (_jsxs(Box, { children: [_jsx(Text, { color: "cyan", bold: true, children: `  ${idx + 1}. ` }), _jsx(Text, { children: step.text })] }, `step-${idx}`)))] }), props.tag.risk ? (_jsxs(Box, { marginTop: 1, flexDirection: "column", children: [_jsx(Text, { bold: true, color: "red", children: 'Risk:' }), _jsx(Box, { marginLeft: 2, children: _jsx(Text, { children: props.tag.risk }) })] })) : null, mode === 'pick' ? (_jsxs(Box, { marginTop: 1, flexDirection: "column", children: [_jsxs(Box, { children: [_jsx(Text, { color: "green", bold: true, children: '  [a] approve  ' }), _jsx(Text, { color: "yellow", bold: true, children: '[m] modify  ' }), _jsx(Text, { color: "red", bold: true, children: '[c] cancel' })] }), _jsx(Box, { children: _jsx(Text, { dimColor: true, children: 'Press a, m, or c. Esc cancels.' }) })] })) : (_jsxs(Box, { flexDirection: "column", marginTop: 1, children: [_jsxs(Box, { children: [_jsx(Text, { color: "yellow", children: 'modify > ' }), _jsx(Text, { children: buffer }), _jsx(Text, { inverse: true, children: ' ' })] }), _jsx(Box, { children: _jsx(Text, { dimColor: true, children: 'Type the revision. Enter submits. Esc cancels.' }) })] }))] }));
+    return (_jsxs(Box, { flexDirection: "column", borderStyle: "round", borderColor: "magenta", paddingX: 1, children: [_jsxs(Box, { children: [_jsx(Text, { bold: true, color: "magenta", children: '? ' }), _jsx(Text, { bold: true, children: 'Plan review - approve before I execute' })] }), _jsxs(Box, { flexDirection: "column", marginTop: 1, children: [_jsx(Text, { dimColor: true, children: 'Steps:' }), props.tag.steps.map((step, idx) => (_jsxs(Box, { children: [_jsx(Text, { color: "#3da9fc", bold: true, children: `  ${idx + 1}. ` }), _jsx(Text, { children: step.text })] }, `step-${idx}`)))] }), props.tag.risk ? (_jsxs(Box, { marginTop: 1, flexDirection: "column", children: [_jsx(Text, { bold: true, color: "red", children: 'Risk:' }), _jsx(Box, { marginLeft: 2, children: _jsx(Text, { children: props.tag.risk }) })] })) : null, mode === 'pick' ? (_jsxs(Box, { marginTop: 1, flexDirection: "column", children: [_jsxs(Box, { children: [_jsx(Text, { color: "green", bold: true, children: '  [a] approve  ' }), _jsx(Text, { color: "yellow", bold: true, children: '[m] modify  ' }), _jsx(Text, { color: "red", bold: true, children: '[c] cancel' })] }), _jsx(Box, { children: _jsx(Text, { dimColor: true, children: 'Press a, m, or c. Esc cancels.' }) })] })) : (_jsxs(Box, { flexDirection: "column", marginTop: 1, children: [_jsxs(Box, { children: [_jsx(Text, { color: "yellow", children: 'modify > ' }), _jsx(Text, { children: buffer }), _jsx(Text, { inverse: true, children: ' ' })] }), _jsx(Box, { children: _jsx(Text, { dimColor: true, children: 'Type the revision. Enter submits. Esc cancels.' }) })] }))] }));
 }
 /* ------------------------------------------------------------------ */
 /* Verdict serialisation                                              */