@pugi/cli 0.1.0-beta.21 → 0.1.0-beta.23

package/dist/core/repl/slash-commands.js

@@ -78,14 +78,23 @@ export const SLASH_COMMAND_HELP = Object.freeze([
     // Settings
     { name: 'config', args: '', gloss: 'Show config', group: 'Settings', stub: true },
     { name: 'privacy', args: '', gloss: 'Show privacy mode + contract', group: 'Settings' },
-    { name: 'permissions', args: '[mode] [--persist]', gloss: 'Show or flip permission mode (plan / ask / allow / bypass)', group: 'Settings' },
+    { name: 'permissions', args: '[mode] [--persist]', gloss: 'Show or flip permission mode (plan / ask / allow / bypass)  (also: /plan)', group: 'Settings' },
+    { name: 'plan', args: '[--back | --persist] [<prompt>]', gloss: 'Switch to plan mode (read-only). Same as /permissions plan, slicker UX.', group: 'Settings' },
     { name: 'budget', args: '', gloss: 'Show usage budget', group: 'Settings', stub: true },
     { name: 'mcp', args: '[sub]', gloss: 'MCP servers — list / trust / deny / install / serve / perms', group: 'Settings' },
+    { name: 'style', args: '[name] [--persist|--reset|--list]', gloss: 'Output-style preset (default / terse / explanatory / russian-formal / casual)', group: 'Settings' },
+    { name: 'theme', args: '[name] [--persist|--reset|--list]', gloss: 'TUI color palette (default / dark / light / colorblind)', group: 'Settings' },
+    { name: 'onboarding', args: '[--reset|--non-interactive]', gloss: 'First-run wizard — auth / mode / style / MCP / telemetry (leak L25)', group: 'Settings' },
+    { name: 'vim', args: '[on|off|status]', gloss: 'Toggle vim-style modal editing in the input buffer (leak L26)', group: 'Settings' },
     { name: 'undo', args: '', gloss: 'Undo last write', group: 'Settings', stub: true },
     // Meta
     { name: 'help', args: '', gloss: 'Show this help overlay', group: 'Meta' },
     { name: 'version', args: '', gloss: 'Show CLI version', group: 'Meta' },
     { name: 'doctor', args: '', gloss: 'Environment health report (auth · API · Node · disk · MCP · …)', group: 'Meta' },
+    { name: 'stickers', args: '', gloss: 'show Pugi brand stickers (gimmick)', group: 'Meta' },
+    { name: 'feedback', args: '', gloss: 'file a bug / feature / general comment without leaving the REPL', group: 'Meta' },
+    { name: 'share', args: '[--gist|--pugi] [--redact] [--preview]', gloss: 'Export session transcript to gist / pugi.io (leak L20)', group: 'Meta' },
+    { name: 'release-notes', args: '[--reset]', gloss: 'Show changelog diff since last upgrade (leak L24)', group: 'Meta' },
     { name: 'quit', args: '', gloss: 'Exit the REPL', group: 'Meta' },
 ]);
 /**
@@ -317,6 +326,54 @@ export function parseSlashCommand(input) {
             // skills.
             return { kind: 'init' };
         }
+        case 'plan': {
+            // Leak L7: `/plan [--back | --persist] [<prompt>]`.
+            //
+            // Argument grammar (single line, no quoting):
+            //   /plan                           -> enter plan mode + banner
+            //   /plan --back                    -> restore previous mode
+            //   /plan --persist                 -> enter + write global config
+            //   /plan <prompt...>               -> enter + run one-shot engine
+            //   /plan --auto-back <prompt...>   -> enter + run + restore mode
+            //
+            // The parser pulls the flags off the head of the tail; whatever
+            // remains is the prompt. `--back` + a non-empty prompt and
+            // `--back` + `--auto-back` are both refused as `error` because
+            // they conflict at the verb level.
+            const tokens = tail.length === 0 ? [] : tail.split(/\s+/).filter((s) => s.length > 0);
+            let back = false;
+            let persist = false;
+            let autoBack = false;
+            const promptTokens = [];
+            for (const token of tokens) {
+                if (token === '--back') {
+                    back = true;
+                }
+                else if (token === '--persist') {
+                    persist = true;
+                }
+                else if (token === '--auto-back') {
+                    autoBack = true;
+                }
+                else {
+                    promptTokens.push(token);
+                }
+            }
+            const prompt = promptTokens.join(' ');
+            if (back && prompt.length > 0) {
+                return {
+                    kind: 'error',
+                    message: '/plan --back does not accept a prompt; revert first, then dispatch.',
+                };
+            }
+            if (back && autoBack) {
+                return {
+                    kind: 'error',
+                    message: '/plan --back and --auto-back cannot be combined.',
+                };
+            }
+            return { kind: 'plan', back, persist, autoBack, prompt };
+        }
         case 'mcp': {
             // β4 Sl7: tokenize the tail. Empty tail -> `list` (matches CLI).
             // Quoting / shell-escapes are NOT supported — the slash surface is
@@ -325,6 +382,45 @@ export function parseSlashCommand(input) {
             const tokens = tail.length === 0 ? [] : tail.split(/\s+/).filter((s) => s.length > 0);
             return { kind: 'mcp', args: tokens };
         }
+        case 'style':
+        case 'output-style': {
+            // Leak L18 (2026-05-27): forward the tokenized tail unchanged so
+            // the slash + top-level CLI surfaces share one parser inside
+            // `runStyleCommand`. Quoting / multi-word args are not used (the
+            // preset slugs are single tokens by contract).
+            const tokens = tail.length === 0 ? [] : tail.split(/\s+/).filter((s) => s.length > 0);
+            return { kind: 'style', args: tokens };
+        }
+        case 'theme':
+        case 'palette':
+        case 'colors': {
+            // Leak L30 (2026-05-27): forward the tokenized tail unchanged so
+            // the slash + top-level `pugi theme` surfaces share one parser
+            // inside `runThemeCommand`. Aliases `/palette` and `/colors`
+            // exist because the leak-landscape audit found operators reach
+            // for either word interchangeably — same surface, same handler.
+            const tokens = tail.length === 0 ? [] : tail.split(/\s+/).filter((s) => s.length > 0);
+            return { kind: 'theme', args: tokens };
+        }
+        case 'onboarding':
+        case 'onboard':
+        case 'setup': {
+            // Leak L25 (2026-05-27): forward the tokenized tail unchanged.
+            // The slash always routes through the non-interactive snapshot
+            // path (the REPL already owns the Ink tree); the runner picks
+            // it up from `ctx.interactive = false` in the session
+            // dispatcher.
+            const tokens = tail.length === 0 ? [] : tail.split(/\s+/).filter((s) => s.length > 0);
+            return { kind: 'onboarding', args: tokens };
+        }
+        case 'vim': {
+            // Leak L26 (2026-05-27): forward the tokenized tail unchanged so
+            // the slash + top-level CLI surfaces share one parser inside
+            // `runVimCommand`. Subcommands are single tokens (on / off /
+            // status); a bare `/vim` toggles.
+            const tokens = tail.length === 0 ? [] : tail.split(/\s+/).filter((s) => s.length > 0);
+            return { kind: 'vim', args: tokens };
+        }
         case 'doctor':
         case 'health': {
             // L17 (2026-05-27): run the probe sweep inline. Tail is ignored —
@@ -341,6 +437,43 @@ export function parseSlashCommand(input) {
             // fresh shell.
             return { kind: 'compact' };
         }
+        case 'stickers': {
+            // Leak L33 (2026-05-27): brand-personality gimmick. Tail args
+            // are ignored — the surface is intentionally parameterless. The
+            // session module delegates to the shared `runStickersCommand`
+            // so the slash + top-level paths stay single-sourced.
+            return { kind: 'stickers' };
+        }
+        case 'feedback': {
+            // Leak L21 (2026-05-27): in-CLI feedback collector. The wizard
+            // collects category/rating/comment/context/confirm interactively
+            // so the slash surface is parameterless. Tail args are reserved
+            // for a future `--message=...` quick-path; today they are
+            // accepted but ignored so the operator-level UX matches
+            // Claude Code's `/feedback`.
+            return { kind: 'feedback' };
+        }
+        case 'share': {
+            // Leak L20 (2026-05-27): forward the tokenized arg list verbatim
+            // so the session module (which owns the network + readline
+            // affordances) can hand them to runShareCommand. Defaults: no
+            // tokens means "auto-pick target + prompt for confirmation".
+            const tokens = tail.length === 0 ? [] : tail.split(/\s+/).filter((s) => s.length > 0);
+            return { kind: 'share', args: tokens };
+        }
+        case 'release-notes':
+        case 'releasenotes':
+        case 'changelog': {
+            // Leak L24 (2026-05-27): changelog diff between last-seen +
+            // installed CLI version. Tail args are tokenized so `--reset`
+            // can flip the marker-clear bit; no other flags are honoured —
+            // the surface mirrors the CLI top-level's intentional minimalism.
+            // `changelog` alias matches operator muscle memory from npm /
+            // cargo / brew, all of which ship `changelog` subcommands.
+            const tokens = tail.length === 0 ? [] : tail.split(/\s+/).filter((s) => s.length > 0);
+            const reset = tokens.includes('--reset') || tokens.includes('-r');
+            return { kind: 'release-notes', reset };
+        }
         case 'memory':
         case 'config':
         case 'budget':

package/dist/core/repl/workspace-context.js

@@ -27,6 +27,16 @@
 import { existsSync, readFileSync, statSync } from 'node:fs';
 import { basename, resolve as resolvePath } from 'node:path';
 import { slugForCwd } from './history.js';
+import { isBareMode } from '../bare-mode/index.js';
+/**
+ * Workspace summary shown when the operator launched with `--bare` (or
+ * `PUGI_BARE=1`). Leak L22: bare mode disables project auto-discovery
+ * across the CLI, so we never read `.pugi/PUGI.md` and never advertise
+ * a real workspace label to admin-api. Explicit string so the splash +
+ * status bar agree, and so operators triaging "why is Mira ignoring
+ * my repo" see a clear cause.
+ */
+export const BARE_MODE_WORKSPACE_LABEL = '(bare mode - auto-discovery disabled)';
 /** Cap on the PUGI.md head we forward. Mirrors the admin-api clamp. */
 const PUGI_MD_HEAD_LIMIT = 200;
 /**
@@ -48,6 +58,18 @@ export const UNBOUND_WORKSPACE_LABEL = '(not bound - run /init OR cd into projec
 export function resolveWorkspaceContext(cwd) {
     const normalised = resolvePath(cwd);
     const slug = slugForCwd(normalised);
+    // Leak L22 (2026-05-27): `--bare` short-circuits BEFORE any PUGI.md
+    // / project-marker reads so the resolver never advertises a real
+    // workspace summary to admin-api. The cwd + slug still travel for
+    // telemetry, but the model + Mira treat the session as if launched
+    // from a fresh, unbound directory.
+    if (isBareMode()) {
+        return {
+            workspaceCwd: normalised,
+            workspaceSlug: slug,
+            workspaceSummary: BARE_MODE_WORKSPACE_LABEL,
+        };
+    }
     // α6.14.2 wave 5: when the cwd has no project markers, prefer the
     // explicit "not bound" summary so admin-api's prompt builder knows
     // not to fabricate a workspace context for Mira/Pugi. The cwd +

package/dist/core/share/formatter.js

@@ -0,0 +1,271 @@
+/**
+ * Markdown transcript formatter used by `pugi share` (Leak L20, 2026-05-27).
+ *
+ * Walks the session's `.pugi/events.jsonl` audit log and reconstructs a
+ * Markdown document the operator (and downstream Gist / pugi.io readers)
+ * can read top-to-bottom. The format is intentionally human-first — turn
+ * headers, code-block-wrapped tool I/O, and a small front-matter block
+ * with session metadata. Machine-readability is a non-goal here; the
+ * JSONL log remains the source of truth for tooling.
+ *
+ * Why we reconstruct from JSONL instead of from the live REPL state:
+ *
+ *   - The CLI top-level `pugi share` command runs from a fresh shell and
+ *     has no in-memory REPL state to read; only the event log is
+ *     persisted.
+ *   - The in-REPL `/share` slash uses the same handler so behaviour is
+ *     identical regardless of entry point. Operators sharing a session
+ *     from inside the REPL get the exact same output they would get from
+ *     a follow-up shell command.
+ *   - The JSONL log is append-only and survives REPL crashes, so a
+ *     `--share` after a crash is the most useful debug surface.
+ *
+ * Event vocabulary the formatter knows about (see
+ * `packages/pugi-sdk/src/audit-trace.ts` for the schema):
+ *
+ *   session.created                  Session boundary; emits front matter.
+ *   session.command_started          One-line "running pugi <cmd>" header.
+ *   session.command_completed        Status line ("success" / "error").
+ *   tool_call                        Markdown turn header + inputSummary
+ *                                    rendered as a fenced block.
+ *   tool_result                      "Result (status):" + outputSummary
+ *                                    rendered as a fenced block.
+ *   file_mutation                    Inline `path` + operation summary.
+ *   subagent.*                       Indented "[subagent <role>] ..." line.
+ *   hook.*                           Quiet "[hook <event>] ..." line.
+ *   compaction.*                     "[compaction <tier>] ..." line.
+ *
+ * Unknown event types are surfaced as a single italic line ("[event
+ * type=...]") so a future event added to the SDK does not silently
+ * vanish from the transcript.
+ *
+ * Performance: the formatter is O(n) over the events file, runs entirely
+ * in memory, and is bounded by the session log size (currently capped at
+ * a few MB per session). No streaming I/O is needed for typical sessions
+ * — the operator does not run /share against multi-GB logs.
+ */
+/**
+ * Format a session's event log as Markdown. Pure — no I/O. The caller
+ * reads `.pugi/events.jsonl` and hands the contents in.
+ */
+export function formatTranscript(input) {
+    const now = input.now ? input.now() : new Date();
+    const events = parseEvents(input.eventsJsonl);
+    const filteredSessionId = pickSessionId(input.sessionId, events);
+    const sessionEvents = events.filter((e) => typeof e.raw.sessionId !== 'string' || e.raw.sessionId === filteredSessionId);
+    const lines = [];
+    // Front matter — a fenced block at the top so downstream readers can
+    // grok the context before any turn content. Not YAML front matter
+    // (`---`) because Gist + pugi.io render Markdown directly; the fenced
+    // approach renders predictably without a parser.
+    lines.push('# Pugi session transcript');
+    lines.push('');
+    lines.push('```');
+    lines.push(`session_id:  ${filteredSessionId}`);
+    lines.push(`workspace:   ${input.workspaceRoot}`);
+    lines.push(`cli_version: ${input.cliVersion}`);
+    lines.push(`exported_at: ${now.toISOString()}`);
+    lines.push(`event_count: ${sessionEvents.length}`);
+    lines.push('```');
+    lines.push('');
+    if (sessionEvents.length === 0) {
+        lines.push('_No events recorded for this session._');
+        return {
+            markdown: `${lines.join('\n')}\n`,
+            turnCount: 0,
+            eventCount: 0,
+        };
+    }
+    let turnCount = 0;
+    for (const event of sessionEvents) {
+        const rendered = renderEvent(event);
+        if (rendered === null)
+            continue;
+        lines.push(...rendered.lines);
+        lines.push('');
+        if (rendered.isTurn)
+            turnCount += 1;
+    }
+    return {
+        markdown: `${lines.join('\n').replace(/\n{3,}/g, '\n\n')}\n`,
+        turnCount,
+        eventCount: sessionEvents.length,
+    };
+}
+/**
+ * Parse the JSONL log. Malformed lines are skipped silently — the file
+ * is append-only and may have partial-write tail rows. Returning the
+ * stable typed shape lets the formatter walk without re-checking every
+ * field.
+ */
+function parseEvents(raw) {
+    const out = [];
+    for (const line of raw.split('\n')) {
+        const trimmed = line.trim();
+        if (trimmed.length === 0)
+            continue;
+        try {
+            const parsed = JSON.parse(trimmed);
+            const type = typeof parsed.type === 'string' ? parsed.type : '';
+            const timestamp = typeof parsed.timestamp === 'string' ? parsed.timestamp : '';
+            if (type.length === 0)
+                continue;
+            out.push({ raw: parsed, type, timestamp });
+        }
+        catch {
+            // partial-write or corrupt row; skip without affecting the rest
+        }
+    }
+    return out;
+}
+/**
+ * Resolve the effective session id. When the operator passes a non-empty
+ * value we honour it. When they pass an empty string / placeholder
+ * (`'no-session'`), we fall back to the newest `session.created` event
+ * id in the file. Last-resort fallback is the literal placeholder so the
+ * transcript still renders something meaningful in the front matter.
+ */
+function pickSessionId(provided, events) {
+    if (provided && provided !== 'no-session')
+        return provided;
+    for (let i = events.length - 1; i >= 0; i -= 1) {
+        const e = events[i];
+        if (!e)
+            continue;
+        if (e.type === 'session' && e.raw.name === 'created' && typeof e.raw.sessionId === 'string') {
+            return e.raw.sessionId;
+        }
+    }
+    return provided || 'unknown-session';
+}
+/**
+ * Format one event as a Markdown block. Returns `null` to suppress the
+ * event entirely (e.g. session.created is captured in front matter so we
+ * skip it here).
+ */
+function renderEvent(event) {
+    const ts = event.timestamp || '';
+    switch (event.type) {
+        case 'session': {
+            const name = String(event.raw.name ?? '');
+            if (name === 'created')
+                return null; // captured by front matter
+            if (name === 'command_started') {
+                const command = String(event.raw.command ?? '');
+                return {
+                    lines: [`## ${ts} — command \`${escapeInline(command)}\``],
+                    isTurn: false,
+                };
+            }
+            if (name === 'command_completed') {
+                const command = String(event.raw.command ?? '');
+                const status = String(event.raw.status ?? 'unknown');
+                return {
+                    lines: [`_command \`${escapeInline(command)}\` finished: ${status}_`],
+                    isTurn: false,
+                };
+            }
+            return {
+                lines: [`_session ${name}_`],
+                isTurn: false,
+            };
+        }
+        case 'tool_call': {
+            const tool = String(event.raw.tool ?? 'unknown');
+            const summary = String(event.raw.inputSummary ?? '');
+            const out = [`### ${ts} — tool \`${escapeInline(tool)}\``];
+            if (summary.length > 0) {
+                out.push('');
+                out.push('Input:');
+                out.push(fenced(summary));
+            }
+            return { lines: out, isTurn: true };
+        }
+        case 'tool_result': {
+            const status = String(event.raw.status ?? 'unknown');
+            const summary = String(event.raw.outputSummary ?? '');
+            const out = [`Result (${status}):`];
+            if (summary.length > 0) {
+                out.push(fenced(summary));
+            }
+            return { lines: out, isTurn: false };
+        }
+        case 'file_mutation': {
+            const path = String(event.raw.path ?? '');
+            const op = String(event.raw.operation ?? '');
+            return {
+                lines: [`- file ${op}: \`${escapeInline(path)}\``],
+                isTurn: false,
+            };
+        }
+        case 'subagent.spawned':
+        case 'subagent.tool_call':
+        case 'subagent.completed':
+        case 'subagent.blocked':
+        case 'subagent.failed': {
+            const role = String(event.raw.role ?? '');
+            const persona = String(event.raw.personaSlug ?? '');
+            const detail = String(event.raw.detail ?? event.raw.error ?? event.raw.toolName ?? '');
+            const tail = detail.length > 0 ? ` ${detail}` : '';
+            return {
+                lines: [`_[subagent ${role} / ${persona}] ${event.type}${tail}_`],
+                isTurn: false,
+            };
+        }
+        case 'hook.invoked':
+        case 'hook.result':
+        case 'hook.skipped': {
+            const ev = String(event.raw.event ?? '');
+            const reason = String(event.raw.reason ?? event.raw.runSummary ?? event.raw.matchSummary ?? '');
+            const tail = reason.length > 0 ? ` ${reason}` : '';
+            return {
+                lines: [`_[hook ${ev}] ${event.type.replace('hook.', '')}${tail}_`],
+                isTurn: false,
+            };
+        }
+        case 'compaction.started':
+        case 'compaction.completed':
+        case 'compaction.skipped':
+        case 'compaction.invariant_violated': {
+            const tier = String(event.raw.tier ?? '');
+            return {
+                lines: [`_[compaction ${tier}] ${event.type.replace('compaction.', '')}_`],
+                isTurn: false,
+            };
+        }
+        default: {
+            return {
+                lines: [`_[event type=${event.type}]_`],
+                isTurn: false,
+            };
+        }
+    }
+}
+/**
+ * Wrap a string in a fenced code block. Pick a fence length that does
+ * not collide with backtick runs inside the content. Markdown 0.30 allows
+ * variable-length fences; we pick the shortest that is longer than the
+ * longest run inside the content (min 3, max 7).
+ */
+function fenced(content) {
+    const longestRun = (content.match(/`+/g) ?? [])
+        .map((s) => s.length)
+        .reduce((max, n) => (n > max ? n : max), 0);
+    const fenceLen = Math.min(7, Math.max(3, longestRun + 1));
+    const fence = '`'.repeat(fenceLen);
+    // Trim trailing whitespace inside content so the closing fence sits
+    // tight against the body; preserve leading whitespace (matters for code).
+    return `${fence}\n${content.replace(/\s+$/u, '')}\n${fence}`;
+}
+/**
+ * Escape inline-Markdown specials (backtick, pipe) inside a span that we
+ * are wrapping in inline code. The closing backtick rule says a `<code>`
+ * span can contain backticks as long as the fence length differs — for
+ * simplicity we replace bare backticks with a Unicode look-alike when
+ * they appear in identifier-like positions (e.g. paths or tool names).
+ * Backticks in real content go through `fenced()` instead.
+ */
+function escapeInline(text) {
+    return text.replace(/`/g, 'ˋ');
+}
+//# sourceMappingURL=formatter.js.map