@pugi/cli 0.1.0-beta.25 → 0.1.0-beta.27

package/dist/runtime/commands/sessions.js

@@ -0,0 +1,163 @@
+/**
+ * `pugi sessions` extensions — leak L9 (2026-05-27).
+ *
+ * The legacy `pugi sessions` handler lives inline in `runtime/cli.ts`
+ * (it predates the per-command runner pattern). This module exposes the
+ * new sub-commands the L9 sprint adds:
+ *
+ *   - `pugi sessions undo-rewind [<session-id>]`
+ *       Append an inverse marker that nullifies the latest 'rewind'
+ *       marker on the target session. Operator escape hatch: nothing
+ *       is destroyed, the masked range simply becomes visible again.
+ *
+ * Wire pattern matches `runCompactCommand` / `runRewindCommand`: one
+ * structured payload + one human line per invocation, returned to the
+ * caller for the JSON path.
+ */
+import { homedir } from 'node:os';
+import { slugForCwd } from '../../core/repl/history.js';
+import { appendRewindMarker, findLatestActiveRewind, } from '../../core/checkpoint/rewinder.js';
+import { loadFromStore } from '../../core/checkpoint/resumer.js';
+import { SqliteSessionStore, resolveProjectStoreDir, } from '../../core/repl/store/session-store.js';
+/**
+ * Sub-command router. The caller passes the full positional args; we
+ * peel `args[0]` as the sub-command name and forward the tail. Unknown
+ * sub-commands surface a usage hint at exit code 2.
+ */
+export async function runSessionsCommand(args, ctx) {
+    const sub = args[0];
+    if (sub === 'undo-rewind') {
+        return runUndoRewind(args.slice(1), ctx);
+    }
+    // Other sub-commands (the legacy `pugi sessions` list path) are
+    // owned by runtime/cli.ts — return null so the caller knows to fall
+    // through to that handler.
+    return null;
+}
+async function runUndoRewind(args, ctx) {
+    const explicitId = args[0] && !args[0].startsWith('--') ? args[0] : undefined;
+    const slug = slugForCwd(ctx.workspaceRoot);
+    let store = ctx.store ?? null;
+    let sessionId = ctx.sessionId ?? explicitId ?? null;
+    let storeOpenedHere = false;
+    if (store === null) {
+        sessionId = sessionId ?? (await pickMostRecentSessionIdReadOnly(slug));
+        if (!sessionId) {
+            return emit(ctx, {
+                command: 'sessions',
+                sub: 'undo-rewind',
+                status: 'failed_no_session',
+                reason: 'No session to undo-rewind. Start a REPL with `pugi`.',
+            });
+        }
+        const opened = await openLiveStore(slug, sessionId);
+        if (!opened) {
+            return emit(ctx, {
+                command: 'sessions',
+                sub: 'undo-rewind',
+                status: 'failed_store',
+                sessionId,
+                reason: 'Could not open local session store (lock held by another REPL?).',
+            });
+        }
+        store = opened;
+        storeOpenedHere = true;
+    }
+    else if (sessionId === null) {
+        const rows = await store.listSessions({ project: slug, limit: 1, status: 'active' });
+        if (rows.length === 0) {
+            return emit(ctx, {
+                command: 'sessions',
+                sub: 'undo-rewind',
+                status: 'failed_no_session',
+                reason: 'No active session to undo-rewind.',
+            });
+        }
+        sessionId = rows[0].id;
+    }
+    try {
+        const loaded = await loadFromStore(store, sessionId);
+        if (!loaded) {
+            return emit(ctx, {
+                command: 'sessions',
+                sub: 'undo-rewind',
+                status: 'failed_no_session',
+                sessionId,
+                reason: `Session '${sessionId}' not found.`,
+            });
+        }
+        const latest = findLatestActiveRewind(loaded.rawEvents);
+        if (latest === null) {
+            return emit(ctx, {
+                command: 'sessions',
+                sub: 'undo-rewind',
+                status: 'noop_no_rewind',
+                sessionId,
+                reason: 'No active rewind to undo on this session.',
+            }, 'No active rewind to undo.');
+        }
+        const fromEventIndex = loaded.rawEvents.length;
+        await appendRewindMarker({
+            store,
+            mode: 'undo-rewind',
+            toEventIndex: latest.payload.toEventIndex,
+            fromEventIndex,
+            turnsRewound: latest.payload.turnsRewound,
+            reason: 'undo',
+            ...(ctx.now !== undefined ? { now: ctx.now } : {}),
+        });
+        return emit(ctx, {
+            command: 'sessions',
+            sub: 'undo-rewind',
+            status: 'undone',
+            sessionId,
+            undoneTurns: latest.payload.turnsRewound,
+        }, `Undid the latest rewind (${latest.payload.turnsRewound} turn${latest.payload.turnsRewound === 1 ? '' : 's'} restored).`);
+    }
+    finally {
+        if (storeOpenedHere && store) {
+            try {
+                await store.close();
+            }
+            catch {
+                /* idempotent */
+            }
+        }
+    }
+}
+function emit(ctx, payload, text) {
+    const human = text ?? payload.reason ?? `sessions ${payload.sub}: ${payload.status}`;
+    ctx.writeOutput(payload, human);
+    return payload;
+}
+async function openLiveStore(projectSlug, sessionId) {
+    try {
+        const store = new SqliteSessionStore({ projectSlug, home: homedir() });
+        await store.open({
+            id: sessionId,
+            workspaceRoot: process.cwd(),
+            projectSlug,
+        });
+        return store;
+    }
+    catch {
+        return null;
+    }
+}
+async function pickMostRecentSessionIdReadOnly(projectSlug) {
+    try {
+        const dir = resolveProjectStoreDir(projectSlug, homedir());
+        const view = await SqliteSessionStore.openReadOnly(dir);
+        try {
+            const rows = await view.list({ project: projectSlug, limit: 1, status: 'active' });
+            return rows.length > 0 ? rows[0].id : null;
+        }
+        finally {
+            await view.close();
+        }
+    }
+    catch {
+        return null;
+    }
+}
+//# sourceMappingURL=sessions.js.map

package/dist/runtime/version.js

@@ -44,7 +44,7 @@ export function sanitizeSemver(raw) {
  * during import). When bumping the CLI version BOTH literals must be
  * updated; the release smoke-test (`pack:smoke`) verifies they agree.
  */
-export const PUGI_CLI_VERSION = sanitizeSemver('0.1.0-beta.25');
+export const PUGI_CLI_VERSION = sanitizeSemver('0.1.0-beta.27');
 /**
  * Outbound: the CLI's installed semver. Read at request time by
  * `version-interceptor.ts` and injected on every `fetch` call.

package/dist/tools/agent-tool.js

@@ -50,6 +50,7 @@ import { z } from 'zod';
 import { randomUUID } from 'node:crypto';
 import { relative as relativePath } from 'node:path';
 import { spawnSubagentWithOutcome } from '../core/subagents/spawn.js';
+import { inheritCacheContext } from '../core/dispatch/cache-handoff.js';
 /**
  * Argument schema. `isolation: 'auto'` defers to the role-default
  * isolation tier (set by `isolationForRole` in dispatcher.ts). The
@@ -157,6 +158,28 @@ export async function agentTool(args, ctx) {
         // restriction layer regardless of permissionMode.
         permissionMode: 'auto',
     };
+    // L10 (2026-05-27): synthesize a prompt-cache inheritance handle for
+    // the child before we dispatch. The handle is persisted under
+    // `.pugi/cache-refs/<childAgentId>.json` so:
+    //   - The child engine loop's first turn (dispatcher-real.ts) can
+    //     forward parent_cache_id onto Anvil — provider-dependent honour
+    //     (Anthropic cache_control breakpoints today; OpenAI/Gemini
+    //     silently ignore until Anvil grows per-provider adapters).
+    //   - Operators can introspect via `pugi dispatch list-cache-refs`.
+    //   - `pugi dispatch clear-cache-refs --older-than 1h` can GC after
+    //     a long session.
+    // Failure to persist must NOT block the dispatch — the handle is a
+    // best-effort optimisation; if disk is full or the workspace root is
+    // read-only, we degrade silently to a cache-miss dispatch.
+    try {
+        inheritCacheContext(ctx.session.id, task.id, {
+            workspaceRoot: ctx.session.root,
+            ...(ctx.now ? { now: ctx.now } : {}),
+        });
+    }
+    catch {
+        // Silent degrade: cache inheritance is forward-compat, not load-bearing.
+    }
     const useWorktree = validated.isolation === 'worktree'
         ? true
         : validated.isolation === 'shared_fs'

package/dist/tui/repl-splash-mascot.js

@@ -89,33 +89,21 @@ export function loadPugMascotAnsi() {
         //    icon, clipboard, hyperlinks, color-palette change). Drop them
         //    so a corrupted asset cannot rename the operator's terminal tab
         //    or smuggle a hyperlink into the splash region.
-        // 2. Drop ALL CSI ? <numbers and semicolons> [lh] (DEC private-mode
-        //    set / reset). The legitimate chafa output for a splash is
-        //    truecolor SGR (`CSI 38;2;R;G;B m`) plus cursor-positioning —
-        //    no private-mode toggle ever appears там legitimately. A
-        //    permissive deny-all pattern covers every disruptive private
-        //    mode in one regex:
-        //      - cursor visibility (25)
-        //      - alt-screen buffer  (47, 1047, 1048, 1049)
-        //      - mouse tracking     (1000, 1001, 1002, 1003, 1004, 1005, 1006, 1015)
-        //      - bracketed paste    (2004)
-        //      - focus reporting    (1004)
-        //      - multi-mode forms   (e.g. `CSI ? 47 ; 1049 h` — legal per
-        //        xterm ctlseqs but missed by the previous single-mode regex)
-        //      - any future private mode a corrupt asset might emit
-        //    Allowlisting the modes the splash needs is impossible because
-        //    the splash needs ZERO of them — chafa renders glyph-by-glyph,
-        //    not via private-mode toggles. A pure deny-all is strictly
-        //    safer than enumerating known-bad modes one-by-one.
+        // 2. Drop CSI ? <mode> [hl] for mouse-tracking and screen-buffer
+        //    switch modes (1000, 1001, 1002, 1003, 1004, 1005, 1006, 1015,
+        //    1049, 47, 1047, 1048). These would either start swallowing
+        //    mouse input or flip the terminal into the alternate screen.
         // 3. Drop CSI 6 n (cursor-position report). Would inject a fake
         //    CPR into the operator's stdin stream.
         // 4. Drop CSI [23]J / CSI [23]K (full screen / line clear). A
         //    chafa render uses cursor-positioning per row, not bulk
         //    erases; bulk clears would wipe whatever the operator already
         //    had on screen above the splash.
+        // The cursor-hide/show wrappers (CSI ? 25 [lh]) are handled by
+        // the same CSI-?-mode pattern as the mouse / alt-screen modes.
         const stripped = raw
             .replace(/\x1b\][^\x07\x1b]*(?:\x07|\x1b\\)/g, '')
-            .replace(/\x1b\[\?[0-9;]+[lh]/g, '')
+            .replace(/\x1b\[\?(?:25|47|1000|1001|1002|1003|1004|1005|1006|1015|1047|1048|1049)[lh]/g, '')
             .replace(/\x1b\[6n/g, '')
             .replace(/\x1b\[[23]?[JK]/g, '');
         if (stripped.trim().length === 0)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pugi/cli",
-  "version": "0.1.0-beta.25",
+  "version": "0.1.0-beta.27",
   "description": "Pugi CLI - terminal-native software execution system",
   "homepage": "https://pugi.io",
   "repository": {
@@ -53,8 +53,8 @@
     "turndown": "^7.2.4",
     "undici": "^8.3.0",
     "zod": "^3.23.0",
-    "@pugi/sdk": "0.1.0-beta.25",
-    "@pugi/personas": "0.1.2"
+    "@pugi/personas": "0.1.2",
+    "@pugi/sdk": "0.1.0-beta.27"
   },
   "devDependencies": {
     "@types/node": "^22.0.0",