@pugi/cli 0.1.0-beta.21 → 0.1.0-beta.23

package/dist/core/engine/tool-bridge.js

@@ -4,6 +4,7 @@ import { askUser } from '../../tools/ask-user.js';
 import { askUserQuestionJsonSchema, dispatchAskUserQuestion, } from '../../tools/ask-user-question.js';
 import { skillInvoke, skillList } from '../../tools/skill-tool.js';
 import { taskCreate, taskGet, taskList, taskUpdate, } from '../../tools/tasks.js';
+import { dispatchTodoWrite, todoWriteJsonSchema, } from '../../tools/todo-write.js';
 import { webFetchTool } from '../../tools/web-fetch.js';
 import { webSearchTool } from '../../tools/web-search.js';
 import { agentTool } from '../../tools/agent-tool.js';
@@ -53,6 +54,12 @@ const READ_ONLY_TOOLS = new Set([
     'task_get',
     'task_list',
     'task_update',
+    // Leak L16 (2026-05-27): `todo_write` writes to `.pugi/todos.json`
+    // — metadata, not source. From the workspace's perspective it is
+    // read-only (no source mutation), so plan-mode keeps the tool
+    // available: planning a refactor frequently means writing the
+    // todo board BEFORE picking which file to touch.
+    'todo_write',
     'web_fetch',
     // β1b T4 (2026-05-26): web_search is read-only from the workspace's
     // perspective (no file writes, no shell). Egress goes through the
@@ -82,6 +89,8 @@ const WIRED_TOOLS = new Set([
     'task_get',
     'task_list',
     'task_update',
+    // Leak L16: see READ_ONLY_TOOLS above for the rationale.
+    'todo_write',
     'web_fetch',
     // β1b T4: see READ_ONLY_TOOLS above.
     'web_search',
@@ -190,6 +199,21 @@ export function buildToolsSchema(kind, options = { allowFetch: false, allowSearc
             },
         },
     });
+    // Leak L16 (2026-05-27): `todo_write` — batch TodoWrite mirror of
+    // Claude Code's upstream tool. Whereas `task_*` above is granular
+    // (one mutation per call, JSONL append, session-scoped),
+    // `todo_write` snapshots the FULL board in one call, JSON snapshot
+    // at `.pugi/todos.json`, workspace-scoped. Enforces the single-
+    // in-progress invariant at dispatch time: a batch with >1
+    // `in_progress` rejects with `TODO_INVARIANT_VIOLATED` and the
+    // on-disk board is left unchanged.
+    toolDefs.push({
+        name: 'todo_write',
+        description: 'Replace the workspace todo board (batch snapshot, not incremental). Emit the FULL todo list every call. ' +
+            'At most ONE item may carry status="in_progress" — violations reject with TODO_INVARIANT_VIOLATED. ' +
+            'Persisted atomically to .pugi/todos.json. Mirrors Claude Code TodoWrite verbatim.',
+        parameters: todoWriteJsonSchema,
+    });
     // β1 T2 → leak L5 (2026-05-27): structured AskUserQuestion bridge.
     // Schema upgraded to openclaude's multi-choice form: header chip +
     // {label, description} per option. Dispatcher accepts the structured
@@ -684,6 +708,14 @@ export function buildExecutor(input) {
             if (name === 'task_create' || name === 'task_get' || name === 'task_list' || name === 'task_update') {
                 return dispatchTaskTool(name, args, { workspaceRoot, sessionId });
             }
+            if (name === 'todo_write') {
+                // Leak L16: batch TodoWrite. The dispatcher delegates the
+                // Zod validation + atomic persist to the tool module — any
+                // ZodError or `TODO_INVARIANT_VIOLATED` sentinel surfaces here
+                // as a thrown Error and lands on the catch arm below, which
+                // re-emits it through the PostToolUseFailure hook.
+                return dispatchTodoWrite({ workspaceRoot }, args);
+            }
             if (name === 'ask_user_question') {
                 return dispatchAskUser(args, { interactive: Boolean(interactive), bridge: askUserBridge });
             }

package/dist/core/feedback/queue.js

@@ -0,0 +1,177 @@
+/**
+ * Local feedback queue — Leak L21 (2026-05-27).
+ *
+ * `pugi feedback` POSTs collected operator feedback to the admin-api
+ * `/api/pugi/feedback` route. When that round-trip fails (endpoint
+ * missing, network down, server 5xx), the submitter falls back to
+ * appending the envelope to `<cwd>/.pugi/feedback-queue.jsonl`. On the
+ * next online session the flusher drains the queue silently in the
+ * background.
+ *
+ * # Module contract
+ *
+ *   - Per-workspace storage. The queue file lives at
+ *     `<cwd>/.pugi/feedback-queue.jsonl` so the operator-visible state
+ *     stays alongside the project's other Pugi metadata. Multi-repo
+ *     operators get one queue per repo — matches the rest of `.pugi/`.
+ *
+ *   - JSONL append-only format. One envelope per line. Newlines inside
+ *     the comment field are escaped as `\n` by `JSON.stringify`. The
+ *     enqueue path uses an atomic `O_APPEND` write so concurrent
+ *     `pugi feedback` invocations from a split-screen REPL + shell do
+ *     not interleave half-records.
+ *
+ *   - The flusher is best-effort. It returns counts but never throws —
+ *     a failed flush leaves the queue untouched and a successful flush
+ *     atomically rewrites the file with the remaining (unsubmitted)
+ *     envelopes. Partial-success is the normal path when the server
+ *     accepts the first N but 5xx's the (N+1)th.
+ *
+ *   - The queue file is intentionally NOT readable by anything beyond
+ *     the flusher. The operator's free-text comments are confidential
+ *     — we do not surface them in `/status` / `/doctor` / telemetry.
+ *
+ *   - All filesystem writes go through `mkdirSync({recursive: true})`
+ *     so the first-ever enqueue on a fresh workspace lazily creates
+ *     `.pugi/` without depending on an earlier `pugi init`.
+ */
+import { appendFileSync, existsSync, mkdirSync, readFileSync, renameSync, writeFileSync, } from 'node:fs';
+import { dirname, resolve } from 'node:path';
+/**
+ * Resolve the queue file path for a workspace. Centralised so the
+ * submitter + flusher + tests agree on a single canonical location.
+ */
+export function feedbackQueuePath(cwd) {
+    return resolve(cwd, '.pugi', 'feedback-queue.jsonl');
+}
+/**
+ * Append one envelope atomically. Uses `O_APPEND` semantics via
+ * `appendFileSync` so concurrent invocations from a split-screen
+ * REPL + shell cannot interleave bytes mid-line.
+ *
+ * Returns the absolute path written so callers can surface it in the
+ * "Feedback queued locally" toast.
+ */
+export function enqueueFeedback(env, cwd) {
+    const path = feedbackQueuePath(cwd);
+    mkdirSync(dirname(path), { recursive: true });
+    // JSON.stringify of an object never emits raw newlines; the trailing
+    // '\n' is the line separator. JSONL parsers split on '\n' so the
+    // separator survives round-trips.
+    const line = `${JSON.stringify(env)}\n`;
+    appendFileSync(path, line, { encoding: 'utf8' });
+    return path;
+}
+export function readFeedbackQueue(cwd) {
+    const path = feedbackQueuePath(cwd);
+    if (!existsSync(path)) {
+        return { envelopes: [], parseErrors: [] };
+    }
+    const contents = readFileSync(path, 'utf8');
+    const lines = contents.split('\n');
+    const envelopes = [];
+    const parseErrors = [];
+    for (let i = 0; i < lines.length; i += 1) {
+        const raw = lines[i]?.trim();
+        if (!raw)
+            continue;
+        try {
+            const parsed = JSON.parse(raw);
+            // Minimal shape check — we don't full-validate here because the
+            // server is the trust boundary. Just guard against obvious
+            // corruption that would make the line un-submittable.
+            if (typeof parsed.category === 'string'
+                && typeof parsed.rating === 'number'
+                && typeof parsed.comment === 'string'
+                && typeof parsed.ts === 'string'
+                && typeof parsed.cliVersion === 'string') {
+                envelopes.push(parsed);
+            }
+            else {
+                parseErrors.push(i + 1);
+            }
+        }
+        catch {
+            parseErrors.push(i + 1);
+        }
+    }
+    return { envelopes, parseErrors };
+}
+/**
+ * Rewrite the queue file atomically with the remaining (unsubmitted)
+ * envelopes. Called by the flusher after a partial-success drain.
+ *
+ * Atomicity: write to a sibling `.tmp` then rename. On a crash mid-
+ * rewrite the original file is preserved (rename is atomic on POSIX
+ * + on NTFS via `MoveFileEx`).
+ */
+export function rewriteFeedbackQueue(remaining, cwd) {
+    const path = feedbackQueuePath(cwd);
+    if (remaining.length === 0) {
+        // Clear the file by truncating to empty. Done in-place — we still
+        // want the file to exist (presence signals an active workspace)
+        // but with zero bytes so the next read returns no envelopes.
+        if (existsSync(path)) {
+            writeFileSync(path, '', { encoding: 'utf8' });
+        }
+        return;
+    }
+    mkdirSync(dirname(path), { recursive: true });
+    const tmp = `${path}.tmp`;
+    const body = remaining.map((env) => JSON.stringify(env)).join('\n') + '\n';
+    writeFileSync(tmp, body, { encoding: 'utf8' });
+    // Use writeFileSync's atomic-replace semantics by going through
+    // tmp + rename. Node's `fs.renameSync` is the atomic primitive
+    // on POSIX. We avoid `fs.writeFileSync` directly on `path`
+    // because writeFileSync truncates first which leaves a brief
+    // window of zero-byte state if the process is killed mid-write.
+    renameSync(tmp, path);
+}
+/**
+ * Drain the queue. Best-effort: each envelope is submitted in order;
+ * a `false` return keeps it in the queue for the next attempt; a
+ * `true` return removes it. After all envelopes are processed the
+ * queue file is rewritten with the unsubmitted ones.
+ *
+ * The function NEVER throws — it returns a structured result and
+ * the caller decides whether to log / surface failures. This keeps
+ * the silent-background-drain path on session-start safe.
+ */
+export async function flushFeedbackQueue(cwd, submit) {
+    const { envelopes, parseErrors } = readFeedbackQueue(cwd);
+    if (envelopes.length === 0) {
+        return {
+            attempted: 0,
+            succeeded: 0,
+            failed: 0,
+            failedEnvelopes: [],
+            parseErrors,
+        };
+    }
+    let succeeded = 0;
+    const failedEnvelopes = [];
+    for (const env of envelopes) {
+        let ok = false;
+        try {
+            ok = await submit(env);
+        }
+        catch {
+            ok = false;
+        }
+        if (ok) {
+            succeeded += 1;
+        }
+        else {
+            failedEnvelopes.push(env);
+        }
+    }
+    rewriteFeedbackQueue(failedEnvelopes, cwd);
+    return {
+        attempted: envelopes.length,
+        succeeded,
+        failed: failedEnvelopes.length,
+        failedEnvelopes,
+        parseErrors,
+    };
+}
+//# sourceMappingURL=queue.js.map

package/dist/core/feedback/submitter.js

@@ -0,0 +1,145 @@
+/**
+ * Feedback POST submitter — Leak L21 (2026-05-27).
+ *
+ * Submits one `FeedbackEnvelope` to the admin-api `/api/pugi/feedback`
+ * route. Designed for graceful degradation:
+ *
+ *   - 200/201/204                → success
+ *   - 404 / route not found      → "endpoint missing, fall back to queue"
+ *   - 4xx (other)                → permanent — discard (do NOT requeue)
+ *   - 5xx / network error / abort → transient — caller should enqueue
+ *
+ * The submitter does NOT touch the local queue. The caller wires the
+ * submitter to `enqueueFeedback` on a `transient` result, and to a
+ * silent log on a `permanent` failure. This split keeps the submitter
+ * a pure HTTP wrapper that the flusher (`flushFeedbackQueue`) can
+ * reuse without filesystem side effects.
+ */
+const DEFAULT_TIMEOUT_MS = 8000;
+/**
+ * Build the absolute submit URL from the base API URL. Centralised so
+ * the spec can reference one canonical place when asserting the
+ * outgoing path. The leading slash is normalised so a base URL with
+ * or without trailing slash both produce a well-formed URL.
+ */
+export function feedbackSubmitUrl(apiUrl) {
+    const base = apiUrl.replace(/\/+$/u, '');
+    return `${base}/api/pugi/feedback`;
+}
+/**
+ * Submit one envelope. See `FeedbackSubmitResult` for the contract.
+ *
+ * Never throws — every failure path is mapped to a result variant so
+ * callers do not need a try/catch boundary.
+ */
+export async function submitFeedback(env, config) {
+    const url = feedbackSubmitUrl(config.apiUrl);
+    const fetchImpl = config.fetchImpl ?? fetch;
+    const timeoutMs = config.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), timeoutMs);
+    try {
+        const headers = {
+            'content-type': 'application/json',
+            'user-agent': `pugi-cli/${env.cliVersion}`,
+        };
+        if (config.apiKey) {
+            headers['authorization'] = `Bearer ${config.apiKey}`;
+        }
+        const res = await fetchImpl(url, {
+            method: 'POST',
+            headers,
+            body: JSON.stringify(env),
+            signal: controller.signal,
+        });
+        const status = res.status;
+        if (status >= 200 && status < 300) {
+            return { kind: 'ok', httpStatus: status };
+        }
+        if (status === 404) {
+            // The most common transient cause: admin-api hasn't shipped the
+            // route yet. Treat as retry-worthy so once the controller lands
+            // a future flush picks it up.
+            return {
+                kind: 'transient',
+                reason: 'admin-api /api/pugi/feedback not deployed yet',
+                httpStatus: status,
+            };
+        }
+        if (status >= 500) {
+            return {
+                kind: 'transient',
+                reason: `server error ${status}`,
+                httpStatus: status,
+            };
+        }
+        // Any other 4xx — auth failure, payload rejected, rate-limit
+        // exceeded. None of those will fix themselves on a silent retry,
+        // so we mark them permanent. The operator sees a one-line error
+        // and the envelope is dropped (not queued).
+        return {
+            kind: 'permanent',
+            reason: `client error ${status}`,
+            httpStatus: status,
+        };
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        // AbortController.abort fires when the timeout elapses. We treat
+        // it as transient so the queue picks it up on the next online
+        // session. Same for plain network errors (`fetch failed`, ECONNREFUSED).
+        return { kind: 'transient', reason: `network: ${message}` };
+    }
+    finally {
+        clearTimeout(timer);
+    }
+}
+/**
+ * Bundle the last N turns of the conversation into a redacted
+ * `FeedbackSessionContext`. The redactor:
+ *
+ *   - Caps at 5 turns (most recent). Older context is dropped — the
+ *     submitter never sees it.
+ *   - Truncates each turn to 240 chars + ellipsis. Operator comments
+ *     are the primary signal; raw transcript is just disambiguation.
+ *   - Strips bearer tokens, JWT-like blobs, and `PUGI_API_KEY=`-style
+ *     env-var prefixes. Conservative — we'd rather drop a few
+ *     non-secret characters than leak a key.
+ *
+ * The function is pure + sync so tests can pin its output without a
+ * worktree harness.
+ */
+export function redactSessionContext(turns, options = {}) {
+    const lastFive = turns.slice(-5);
+    const previewed = lastFive.map((turn) => ({
+        role: turn.role,
+        preview: redactPreview(truncate(turn.text, 240)),
+    }));
+    return {
+        turnCount: previewed.length,
+        turns: previewed,
+        ...(options.gitBranch ? { gitBranch: options.gitBranch } : {}),
+    };
+}
+function truncate(s, max) {
+    if (s.length <= max)
+        return s;
+    return `${s.slice(0, max - 1)}…`;
+}
+/**
+ * Conservative secret-blanking. The rules:
+ *   - Bearer tokens: `Bearer <token>` → `Bearer ***REDACTED***`
+ *   - Long base64/JWT-ish blobs (≥ 40 chars of [A-Za-z0-9_-/=+]):
+ *     replace the inner middle with `***`. Keeps a head + tail so the
+ *     operator can still spot which kind of secret it was.
+ *   - `PUGI_API_KEY=...` and similar `*_KEY=`/`*_TOKEN=` lookalikes:
+ *     replace the value with `***REDACTED***`.
+ */
+function redactPreview(s) {
+    let out = s;
+    out = out.replace(/bearer\s+[A-Za-z0-9._-]{20,}/giu, 'Bearer ***REDACTED***');
+    out = out.replace(/([A-Z][A-Z0-9_]*?(?:KEY|TOKEN|SECRET|PASSWORD))\s*=\s*\S+/gu, '$1=***REDACTED***');
+    out = out.replace(/\b([A-Za-z0-9_-]{6})[A-Za-z0-9_/+=-]{30,}([A-Za-z0-9_-]{4})\b/gu, '$1***$2');
+    return out;
+}
+//# sourceMappingURL=submitter.js.map

package/dist/core/onboarding/marker.js

@@ -0,0 +1,111 @@
+/**
+ * Leak L25 (2026-05-27) — Onboarding marker file.
+ *
+ * `~/.pugi/.onboarded` is a single, contentless marker. Its existence
+ * tells the bare-invocation hint check that the operator has already
+ * walked the `/onboarding` wizard at least once, so we no longer print
+ * the "Tip: run `pugi onboarding` to configure defaults" line on
+ * cold-start. The wizard re-runs cleanly — idempotency lives in the
+ * wizard itself, not in the marker.
+ *
+ * Why a marker file (and not just `~/.pugi/config.json`'s existence)?
+ *
+ *   - The config file is touched the moment ANY surface writes a
+ *     default — `pugi style terse --persist`, `pugi permissions ask`,
+ *     `pugi config set …`. Using "config exists" as the proxy for
+ *     "operator has onboarded" would silence the first-run hint for
+ *     operators who never saw the wizard.
+ *
+ *   - The marker is explicit: it is written ONLY by the wizard's exit
+ *     step (or `pugi onboarding --mark-only` for the upgrade-path
+ *     where we want to suppress the hint without forcing a re-walk).
+ *
+ *   - Removing the marker (`rm ~/.pugi/.onboarded`) re-arms the hint
+ *     without nuking the operator's accumulated config — useful for
+ *     QA, support flows, and demo-machine resets.
+ *
+ * Path resolution mirrors the L6/L18 convention: `PUGI_HOME` env wins,
+ * else `~/.pugi`. The marker is touched as an empty file (no JSON, no
+ * timestamp payload) — readers MUST treat existence as the only signal
+ * so a future change to mtime semantics does not break us.
+ *
+ * IO contract:
+ *   - `isOnboarded(env)` — pure read; never throws, returns false on
+ *     any fs error so a corrupted home dir cannot hide the hint.
+ *   - `markOnboarded(env)` — best-effort write; creates `<home>/.pugi/`
+ *     if missing, mode 0o600 on the marker so it never lands in a
+ *     world-readable backup.
+ *   - `clearOnboarded(env)` — best-effort delete; absent file is a
+ *     no-op (not an error). Used by `pugi onboarding --reset` and the
+ *     spec teardown.
+ */
+import { existsSync, mkdirSync, rmSync, writeFileSync, } from 'node:fs';
+import { homedir } from 'node:os';
+import { resolve } from 'node:path';
+/**
+ * Env override for `~/.pugi`. Same convention as L6 / L18 — spec
+ * fixtures point this at a temp dir so a real developer machine never
+ * lands a stray marker.
+ */
+export const PUGI_HOME_ENV = 'PUGI_HOME';
+/**
+ * Marker basename. Hidden (leading dot) so it does not clutter `ls`
+ * inside `~/.pugi/` next to `config.json` / `session.json`.
+ */
+const MARKER_BASENAME = '.onboarded';
+/**
+ * Resolve the absolute path to the onboarding marker. Exported for the
+ * spec; production callers go through `isOnboarded` / `markOnboarded`.
+ */
+export function onboardingMarkerPath(env = process.env) {
+    const home = env[PUGI_HOME_ENV] ?? resolve(homedir(), '.pugi');
+    return resolve(home, MARKER_BASENAME);
+}
+/**
+ * True when the marker exists. Pure read. Defensive: any fs error
+ * (race with deletion, permission flip) degrades to `false` — printing
+ * the hint twice is harmless, silently swallowing the wizard would
+ * surprise the operator.
+ */
+export function isOnboarded(env = process.env) {
+    try {
+        return existsSync(onboardingMarkerPath(env));
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Touch the marker. Creates `<home>/.pugi/` if missing. Idempotent —
+ * re-touching an existing marker is a no-op for the consumer (the file
+ * was already there; the hint was already suppressed).
+ *
+ * Best-effort: a write failure is swallowed because the wizard already
+ * completed its real work (mode + style + telemetry were persisted).
+ * The worst case is a redundant hint on the next `pugi` invocation —
+ * preferable to crashing the freshly-completed wizard with a stat EIO.
+ */
+export function markOnboarded(env = process.env) {
+    const path = onboardingMarkerPath(env);
+    try {
+        mkdirSync(resolve(path, '..'), { recursive: true });
+        writeFileSync(path, '', { encoding: 'utf8', mode: 0o600 });
+    }
+    catch {
+        // intentionally swallowed — see header
+    }
+}
+/**
+ * Remove the marker. Used by `pugi onboarding --reset` (and the spec
+ * teardown). Absent file is a no-op; any other fs error is swallowed
+ * so a permission glitch never leaks out of the reset surface.
+ */
+export function clearOnboarded(env = process.env) {
+    try {
+        rmSync(onboardingMarkerPath(env), { force: true });
+    }
+    catch {
+        // intentionally swallowed — see header
+    }
+}
+//# sourceMappingURL=marker.js.map

package/dist/core/onboarding/telemetry-state.js

@@ -0,0 +1,108 @@
+/**
+ * Leak L25 (2026-05-27) — Telemetry consent state.
+ *
+ * The onboarding wizard's Step 5 asks the operator for telemetry
+ * consent. We persist the verdict in the user-tier
+ * `~/.pugi/config.json::telemetry` field so a future REPL boot can
+ * read it without re-asking. Choices mirror `core/settings.ts`'s
+ * `privacy.telemetry` enum:
+ *
+ *   - `off`        — no telemetry of any kind (default).
+ *   - `anonymous`  — counts + error categories only, no payloads.
+ *   - `community`  — anonymous + opt-in skill/usage panels.
+ *
+ * This module is intentionally narrow: it only owns the `telemetry`
+ * key inside `~/.pugi/config.json`. The full settings parsing lives in
+ * `core/settings.ts` (workspace-tier `.pugi/settings.json`); we do NOT
+ * route through it here because:
+ *
+ *   1. The settings schema is workspace-scoped — its file path is
+ *      `<root>/.pugi/settings.json`, not `~/.pugi/config.json`.
+ *   2. The wizard records a user-level default that workspace settings
+ *      can later override. Mixing the two would conflate scope.
+ *   3. Read-modify-write on a partial JSON file is the same pattern
+ *      L6 / L18 use for adjacent keys — keeping it self-contained
+ *      preserves the "one module, one key" invariant.
+ */
+import { existsSync, mkdirSync, readFileSync, writeFileSync, } from 'node:fs';
+import { homedir } from 'node:os';
+import { dirname, resolve } from 'node:path';
+import { PUGI_HOME_ENV } from './marker.js';
+export const TELEMETRY_CHOICES = Object.freeze([
+    'off',
+    'anonymous',
+    'community',
+]);
+export const DEFAULT_TELEMETRY = 'off';
+/**
+ * Path to the user-tier config. Mirrors `userConfigPath()` from L18
+ * `output-style/state.ts` — duplicated here (not imported) to keep the
+ * marker + telemetry module self-contained. Any future drift between
+ * the two would surface a spec failure: both modules read the same
+ * file in the spec sandbox.
+ */
+export function telemetryConfigPath(env = process.env) {
+    const home = env[PUGI_HOME_ENV] ?? resolve(homedir(), '.pugi');
+    return resolve(home, 'config.json');
+}
+/**
+ * Type guard for arbitrary string input (CLI argv, config.json
+ * deserialisation). Returns false for any non-string or out-of-set
+ * value so a malformed config degrades to the default verdict.
+ */
+export function isTelemetryChoice(value) {
+    return (typeof value === 'string'
+        && TELEMETRY_CHOICES.includes(value));
+}
+/**
+ * Read the persisted telemetry verdict. Returns the default (`'off'`)
+ * when the file is absent, empty, malformed, or holds an unknown
+ * value. Never throws — the wizard re-asks every time it runs, so a
+ * defensive read is the right posture.
+ */
+export function readTelemetryChoice(io = {}) {
+    const config = readConfigFile(telemetryConfigPath(io.env ?? process.env));
+    return isTelemetryChoice(config.telemetry) ? config.telemetry : DEFAULT_TELEMETRY;
+}
+/**
+ * Persist the telemetry verdict. Read-modify-write preserves any
+ * neighbouring keys (`outputStyle`, `defaultPermissionMode`, …) the
+ * other tier-state modules own.
+ */
+export function writeTelemetryChoice(choice, io = {}) {
+    const path = telemetryConfigPath(io.env ?? process.env);
+    const config = readConfigFile(path);
+    config.telemetry = choice;
+    writeConfigFile(path, config);
+}
+function readConfigFile(path) {
+    if (!existsSync(path))
+        return {};
+    let raw;
+    try {
+        raw = readFileSync(path, 'utf8');
+    }
+    catch {
+        return {};
+    }
+    if (raw.trim().length === 0)
+        return {};
+    let parsed;
+    try {
+        parsed = JSON.parse(raw);
+    }
+    catch {
+        return {};
+    }
+    if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed))
+        return {};
+    return parsed;
+}
+function writeConfigFile(path, config) {
+    mkdirSync(dirname(path), { recursive: true });
+    writeFileSync(path, `${JSON.stringify(config, null, 2)}\n`, {
+        encoding: 'utf8',
+        mode: 0o600,
+    });
+}
+//# sourceMappingURL=telemetry-state.js.map