@pugi/cli 0.1.0-beta.24 → 0.1.0-beta.25

package/dist/runtime/commands/hooks.js

@@ -0,0 +1,184 @@
+/**
+ * `pugi hooks` — operator surface for user-config hooks (Leak L12 MVP).
+ *
+ * Two subcommands ship in the MVP:
+ *
+ *   pugi hooks list         List configured hooks per event.
+ *   pugi hooks doctor       Validate the config and surface any
+ *                           parse / schema errors.
+ *
+ * Both accept `--json` for scripted callers. Argument grammar is
+ * intentionally narrow — no `add` / `remove` / `test` subcommands in
+ * the MVP. Operators hand-edit `~/.pugi/hooks-mvp.json` for now.
+ *
+ * Exit codes:
+ *   0  -> happy path (no hooks OR config valid).
+ *   1  -> config present but invalid (only `doctor` returns this).
+ *   2  -> unknown subcommand / argument error.
+ *
+ * Brand voice: ASCII only.
+ */
+import { ALL_HOOK_EVENTS_V2, defaultHooksMvpPath, loadHooksConfig, } from '../../core/hooks/index.js';
+function parseFlags(args) {
+    const rest = [];
+    const flags = { json: false };
+    for (const arg of args) {
+        if (arg === '--json') {
+            flags.json = true;
+            continue;
+        }
+        rest.push(arg);
+    }
+    return { rest, flags };
+}
+/**
+ * Top-level dispatcher for `pugi hooks <subcommand>`. Returns the
+ * intended process exit code. `cli.ts` is expected to set
+ * `process.exitCode = <return value>` so error states propagate to
+ * scripted callers without throwing.
+ */
+export async function runHooksCommand(args, ctx) {
+    const { rest, flags } = parseFlags(args);
+    const sub = rest[0];
+    if (!sub || sub === 'help' || sub === '--help') {
+        emitUsage(ctx, flags);
+        return sub ? 0 : 2;
+    }
+    if (sub === 'list') {
+        return runList(ctx, flags);
+    }
+    if (sub === 'doctor') {
+        return runDoctor(ctx, flags);
+    }
+    ctx.writeOutput({ ok: false, error: `unknown subcommand: ${sub}` }, `pugi hooks: unknown subcommand '${sub}'. Try 'pugi hooks --help'.`);
+    return 2;
+}
+function emitUsage(ctx, flags) {
+    const text = [
+        'pugi hooks — user-config lifecycle hooks (MVP).',
+        '',
+        'Subcommands:',
+        '  pugi hooks list        Show hooks configured per event.',
+        '  pugi hooks doctor      Validate ~/.pugi/hooks-mvp.json.',
+        '',
+        'Flags:',
+        '  --json                 Emit a JSON envelope instead of human text.',
+        '',
+        'Config file:',
+        '  ~/.pugi/hooks-mvp.json',
+        '',
+        'Status:',
+        '  MVP — 2 events out of 8. Remaining events (PostToolUse,',
+        "  UserPromptSubmit, Stop, SubagentStop, PreCompact, Notification)",
+        '  deferred to fast-follow PR.',
+    ].join('\n');
+    ctx.writeOutput({
+        ok: true,
+        command: 'hooks',
+        usage: text,
+    }, text);
+    if (flags.json) {
+        // The structured payload is already emitted by writeOutput when
+        // --json is on; nothing extra to do.
+    }
+}
+function runList(ctx, flags) {
+    let config;
+    try {
+        config = loadHooksConfig(ctx.configPath);
+    }
+    catch (error) {
+        const msg = error.message;
+        ctx.writeOutput({ ok: false, error: msg }, `pugi hooks list: ${msg}\nFix the config or remove the file. Run 'pugi hooks doctor' for details.`);
+        return 1;
+    }
+    const perEvent = {
+        SessionStart: [],
+        PreToolUse: [],
+        PostToolUse: [],
+        UserPromptSubmit: [],
+        Stop: [],
+        SubagentStop: [],
+        PreCompact: [],
+        Notification: [],
+    };
+    for (const event of ALL_HOOK_EVENTS_V2) {
+        perEvent[event] = config.list(event).map((entry) => ({
+            matcher: entry.matcher,
+            command: entry.command,
+            timeoutMs: entry.timeoutMs,
+            blocking: entry.blocking,
+        }));
+    }
+    const total = Object.values(perEvent).reduce((acc, list) => acc + list.length, 0);
+    const payload = {
+        ok: true,
+        configPath: config.configPath(),
+        total,
+        perEvent,
+    };
+    if (flags.json) {
+        ctx.writeOutput(payload, JSON.stringify(payload, null, 2));
+        return 0;
+    }
+    const lines = [];
+    lines.push(`pugi hooks (${total} configured)`);
+    lines.push(`  config: ${config.configPath()}`);
+    if (total === 0) {
+        lines.push('  no hooks configured — create the file above to add one.');
+    }
+    else {
+        for (const event of ALL_HOOK_EVENTS_V2) {
+            const list = perEvent[event];
+            if (list.length === 0)
+                continue;
+            lines.push(`  ${event}:`);
+            for (const entry of list) {
+                const tags = [];
+                if (entry.matcher)
+                    tags.push(`matcher=${entry.matcher}`);
+                if (entry.timeoutMs)
+                    tags.push(`timeoutMs=${entry.timeoutMs}`);
+                if (entry.blocking)
+                    tags.push('blocking');
+                const suffix = tags.length ? `  [${tags.join(', ')}]` : '';
+                lines.push(`    - ${entry.command}${suffix}`);
+            }
+        }
+    }
+    const text = lines.join('\n');
+    ctx.writeOutput(payload, text);
+    return 0;
+}
+function runDoctor(ctx, flags) {
+    const path = ctx.configPath ?? defaultHooksMvpPath();
+    try {
+        const config = loadHooksConfig(ctx.configPath);
+        const total = config.flatten().length;
+        const payload = {
+            ok: true,
+            configPath: config.configPath(),
+            total,
+            issues: [],
+        };
+        const text = total
+            ? `pugi hooks doctor: ${path} OK (${total} hooks).`
+            : `pugi hooks doctor: ${path} not present (no hooks configured).`;
+        ctx.writeOutput(payload, text);
+        return 0;
+    }
+    catch (error) {
+        const msg = error.message;
+        const payload = {
+            ok: false,
+            configPath: path,
+            error: msg,
+        };
+        const text = `pugi hooks doctor: ${msg}`;
+        ctx.writeOutput(payload, text);
+        return 1;
+    }
+    // flags.json is consumed by writeOutput in the host shell.
+    void flags;
+}
+//# sourceMappingURL=hooks.js.map

package/dist/runtime/commands/lsp.js

@@ -24,8 +24,8 @@
  *
  * Brand voice: ASCII only, no emoji, no banned words.
  */
-import { extname } from 'node:path';
 import { inspectLspServers, startLspClient } from '../../core/lsp/client.js';
+import { languageForFile as inferLanguage } from '../../core/lsp/language-detect.js';
 import { loadSettings } from '../../core/settings.js';
 export async function runLspCommand(args, opts) {
     const [op, file, ...rest] = args;
@@ -96,6 +96,25 @@ export async function runLspCommand(args, opts) {
         };
     }
     const settings = loadSettings(opts.cwd);
+    // Leak L15 (2026-05-27): `pugi lsp check <file>` — manual probe of
+    // the post-edit diagnostics pipeline. Identical output to what the
+    // model sees appended to its tool envelope after a successful
+    // edit/write. Lets operators dry-run the auto-diagnostic surface
+    // without dispatching an actual edit.
+    if (op === 'check') {
+        const { runPostEditDiagnostics } = await import('../../core/lsp/post-edit-diagnostics.js');
+        const result = await runPostEditDiagnostics(file, {
+            cwd: opts.cwd,
+            ...(settings.lsp ? { lspSettings: settings.lsp } : {}),
+        });
+        if (opts.json) {
+            return { ok: true, text: JSON.stringify(result, null, 2), exitCode: 0 };
+        }
+        if (result.skip) {
+            return { ok: true, text: `${file}: skipped (${result.reason})`, exitCode: 0 };
+        }
+        return { ok: true, text: result.tail, exitCode: 0 };
+    }
     const clientResult = await startLspClient(lang, {
         cwd: opts.cwd,
         ...(settings.lsp ? { lspSettings: settings.lsp } : {}),
@@ -204,6 +223,7 @@ function usage() {
             '  pugi lsp definition <file> <line> <col>\n' +
             '  pugi lsp references <file> <line> <col>\n' +
             '  pugi lsp diagnostics <file>\n' +
+            '  pugi lsp check <file>          (Leak L15: probe post-edit tail)\n' +
             '  pugi lsp find_definition <file> <symbol>\n' +
             '  pugi lsp servers',
         exitCode: 2,
@@ -341,26 +361,8 @@ function pullLangFlag(args) {
 function isLspLanguage(value) {
     return value === 'ts' || value === 'js' || value === 'py' || value === 'go' || value === 'rust';
 }
-export function inferLanguage(file) {
-    const ext = extname(file).toLowerCase();
-    switch (ext) {
-        case '.ts':
-        case '.tsx':
-            return 'ts';
-        case '.js':
-        case '.jsx':
-        case '.mjs':
-        case '.cjs':
-            return 'js';
-        case '.py':
-        case '.pyi':
-            return 'py';
-        case '.go':
-            return 'go';
-        case '.rs':
-            return 'rust';
-        default:
-            return undefined;
-    }
-}
+// Leak L15 (2026-05-27): single source of truth for ext → language
+// lives in `core/lsp/language-detect.ts`. The CLI surface re-exports
+// the lookup so existing call sites keep their import path.
+export { inferLanguage };
 //# sourceMappingURL=lsp.js.map

package/dist/runtime/commands/repo-map.js

@@ -0,0 +1,95 @@
+/**
+ * `pugi repo-map` — Leak L28 (2026-05-27).
+ *
+ * Builds a compact AST-light summary of the workspace's source surface
+ * (top-level function / class / interface / type / enum declarations
+ * plus the leading JSDoc / markdown summary line) and renders it as
+ * a markdown listing. The same builder backs the engine boot-time
+ * system-prompt injection — running `pugi repo-map` shows the operator
+ * EXACTLY what the engine would inject.
+ *
+ * The command surface mirrors the L28 spec:
+ *
+ *   `pugi repo-map`             build + show (cache hit when fresh)
+ *   `pugi repo-map --refresh`   bust cache + rebuild from scratch
+ *   `pugi repo-map --format=json` machine-readable envelope
+ *
+ * Exit code is always 0 — the command is informational, not a gate.
+ * The `--json` envelope carries an `ok: false` branch when the repo is
+ * too large to map (the L28 5000-file ceiling), so scripted callers
+ * can detect the skip without parsing prose.
+ *
+ * The handler is awaited even though the underlying pipeline is sync,
+ * matching the pattern of every other `run*Command` (stickers, status,
+ * doctor) so future async paths (remote cache pull) drop в without
+ * changing the call sites.
+ */
+import { buildAndFormatRepoMap } from '../../core/repo-map/build.js';
+/**
+ * Run the command. Always resolves к the structured envelope so the
+ * caller can chain into a status table. Exit code is set к 0 in every
+ * branch — the command is informational.
+ */
+export async function runRepoMapCommand(ctx) {
+    const result = buildAndFormatRepoMap({
+        root: ctx.cwd,
+        refresh: ctx.refresh === true,
+        writeCache: ctx.writeCache !== false,
+        formatBytesCap: ctx.formatBytesCap,
+        omitHeader: false,
+    });
+    if (!result.build.ok) {
+        const payload = {
+            ok: false,
+            command: 'repo-map',
+            root: result.build.root,
+            reason: result.build.reason,
+            walked: result.build.walked,
+        };
+        const text = result.build.reason === 'too-large'
+            ? `repo-map skipped: workspace exceeds the ${result.build.walked}-file ceiling. Tighten .pugiignore and re-run.`
+            : `repo-map skipped: no workspace at ${result.build.root}.`;
+        ctx.writeOutput(payload, text);
+        // Informational — never a gate.
+        process.exitCode = 0;
+        return payload;
+    }
+    const build = result.build;
+    if (!build.ok) {
+        // TS narrowing — handled above.
+        throw new Error('unreachable');
+    }
+    const format = result.format;
+    const payload = {
+        ok: true,
+        command: 'repo-map',
+        root: build.root,
+        stats: {
+            filesScanned: build.scanStats.walked,
+            filesIncluded: format.filesIncluded,
+            filesRebuilt: build.diffStats.rebuilt,
+            filesReused: build.diffStats.reused,
+            filesDropped: build.diffStats.dropped,
+            skippedLarge: build.scanStats.skippedLarge,
+            skippedIgnored: build.scanStats.skippedIgnored,
+            bytes: format.bytes,
+            truncated: format.truncated,
+        },
+        cachePath: build.cachePath,
+        cacheWritten: build.cacheWritten,
+        text: format.text,
+    };
+    // The text surface IS the formatted markdown. We append a one-line
+    // stats footer so the operator sees the cache-hit ratio at a glance
+    // (engine context cache is opaque otherwise) — kept off the JSON
+    // payload so machine consumers do not have to skip a trailer.
+    const footer = formatFooter(payload.stats);
+    ctx.writeOutput(payload, `${format.text}\n${footer}`);
+    process.exitCode = 0;
+    return payload;
+}
+function formatFooter(stats) {
+    const truncatedHint = stats.truncated ? ' (truncated к budget)' : '';
+    return `${stats.filesIncluded} files · ${stats.filesRebuilt} rebuilt · ${stats.filesReused} cache hit · ${stats.bytes} bytes${truncatedHint}`;
+}
+//# sourceMappingURL=repo-map.js.map

package/dist/runtime/version.js

@@ -44,7 +44,7 @@ export function sanitizeSemver(raw) {
  * during import). When bumping the CLI version BOTH literals must be
  * updated; the release smoke-test (`pack:smoke`) verifies they agree.
  */
-export const PUGI_CLI_VERSION = sanitizeSemver('0.1.0-beta.24');
+export const PUGI_CLI_VERSION = sanitizeSemver('0.1.0-beta.25');
 /**
  * Outbound: the CLI's installed semver. Read at request time by
  * `version-interceptor.ts` and injected on every `fetch` call.

package/dist/tui/repl-splash-mascot.js

@@ -89,21 +89,33 @@ export function loadPugMascotAnsi() {
         //    icon, clipboard, hyperlinks, color-palette change). Drop them
         //    so a corrupted asset cannot rename the operator's terminal tab
         //    or smuggle a hyperlink into the splash region.
-        // 2. Drop CSI ? <mode> [hl] for mouse-tracking and screen-buffer
-        //    switch modes (1000, 1001, 1002, 1003, 1004, 1005, 1006, 1015,
-        //    1049, 47, 1047, 1048). These would either start swallowing
-        //    mouse input or flip the terminal into the alternate screen.
+        // 2. Drop ALL CSI ? <numbers and semicolons> [lh] (DEC private-mode
+        //    set / reset). The legitimate chafa output for a splash is
+        //    truecolor SGR (`CSI 38;2;R;G;B m`) plus cursor-positioning —
+        //    no private-mode toggle ever appears там legitimately. A
+        //    permissive deny-all pattern covers every disruptive private
+        //    mode in one regex:
+        //      - cursor visibility (25)
+        //      - alt-screen buffer  (47, 1047, 1048, 1049)
+        //      - mouse tracking     (1000, 1001, 1002, 1003, 1004, 1005, 1006, 1015)
+        //      - bracketed paste    (2004)
+        //      - focus reporting    (1004)
+        //      - multi-mode forms   (e.g. `CSI ? 47 ; 1049 h` — legal per
+        //        xterm ctlseqs but missed by the previous single-mode regex)
+        //      - any future private mode a corrupt asset might emit
+        //    Allowlisting the modes the splash needs is impossible because
+        //    the splash needs ZERO of them — chafa renders glyph-by-glyph,
+        //    not via private-mode toggles. A pure deny-all is strictly
+        //    safer than enumerating known-bad modes one-by-one.
         // 3. Drop CSI 6 n (cursor-position report). Would inject a fake
         //    CPR into the operator's stdin stream.
         // 4. Drop CSI [23]J / CSI [23]K (full screen / line clear). A
         //    chafa render uses cursor-positioning per row, not bulk
         //    erases; bulk clears would wipe whatever the operator already
         //    had on screen above the splash.
-        // The cursor-hide/show wrappers (CSI ? 25 [lh]) are handled by
-        // the same CSI-?-mode pattern as the mouse / alt-screen modes.
         const stripped = raw
             .replace(/\x1b\][^\x07\x1b]*(?:\x07|\x1b\\)/g, '')
-            .replace(/\x1b\[\?(?:25|47|1000|1001|1002|1003|1004|1005|1006|1015|1047|1048|1049)[lh]/g, '')
+            .replace(/\x1b\[\?[0-9;]+[lh]/g, '')
             .replace(/\x1b\[6n/g, '')
             .replace(/\x1b\[[23]?[JK]/g, '');
         if (stripped.trim().length === 0)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pugi/cli",
-  "version": "0.1.0-beta.24",
+  "version": "0.1.0-beta.25",
   "description": "Pugi CLI - terminal-native software execution system",
   "homepage": "https://pugi.io",
   "repository": {
@@ -53,8 +53,8 @@
     "turndown": "^7.2.4",
     "undici": "^8.3.0",
     "zod": "^3.23.0",
-    "@pugi/personas": "0.1.2",
-    "@pugi/sdk": "0.1.0-beta.24"
+    "@pugi/sdk": "0.1.0-beta.25",
+    "@pugi/personas": "0.1.2"
   },
   "devDependencies": {
     "@types/node": "^22.0.0",