@pugi/cli 0.1.0-beta.3 → 0.1.0-beta.30

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (218) hide show
  1. package/THIRD_PARTY_NOTICES.md +40 -0
  2. package/assets/pugi-mascot.ansi +15 -40
  3. package/bin/run.js +33 -1
  4. package/dist/commands/jobs-watch.js +201 -0
  5. package/dist/commands/jobs.js +15 -0
  6. package/dist/core/agent-progress/cleanup.js +134 -0
  7. package/dist/core/agent-progress/schema.js +144 -0
  8. package/dist/core/agent-progress/writer.js +101 -0
  9. package/dist/core/artifact-chain/dispatcher.js +148 -0
  10. package/dist/core/artifact-chain/exporter.js +164 -0
  11. package/dist/core/artifact-chain/state.js +243 -0
  12. package/dist/core/artifact-chain/steps.js +169 -0
  13. package/dist/core/auth/env-provider.js +238 -0
  14. package/dist/core/auto-update/channels.js +122 -0
  15. package/dist/core/auto-update/checker.js +241 -0
  16. package/dist/core/auto-update/state.js +235 -0
  17. package/dist/core/bare-mode/index.js +107 -0
  18. package/dist/core/checkpoint/resumer.js +149 -0
  19. package/dist/core/checkpoint/rewinder.js +291 -0
  20. package/dist/core/compact/auto-trigger.js +96 -0
  21. package/dist/core/compact/buffer-rewriter.js +115 -0
  22. package/dist/core/compact/summarizer.js +208 -0
  23. package/dist/core/compact/token-counter.js +108 -0
  24. package/dist/core/consensus/diff-capture.js +73 -0
  25. package/dist/core/context/index.js +7 -0
  26. package/dist/core/context/markdown-traverse.js +255 -0
  27. package/dist/core/cost/rate-card.js +129 -0
  28. package/dist/core/cost/tracker.js +221 -0
  29. package/dist/core/denial-tracking/index.js +8 -0
  30. package/dist/core/denial-tracking/state.js +264 -0
  31. package/dist/core/diagnostics/probe-runner.js +93 -0
  32. package/dist/core/diagnostics/probes/api.js +46 -0
  33. package/dist/core/diagnostics/probes/auth.js +86 -0
  34. package/dist/core/diagnostics/probes/bare-mode.js +42 -0
  35. package/dist/core/diagnostics/probes/cli-version.js +127 -0
  36. package/dist/core/diagnostics/probes/config.js +72 -0
  37. package/dist/core/diagnostics/probes/denial-tracking.js +57 -0
  38. package/dist/core/diagnostics/probes/disk.js +81 -0
  39. package/dist/core/diagnostics/probes/git.js +65 -0
  40. package/dist/core/diagnostics/probes/mcp.js +75 -0
  41. package/dist/core/diagnostics/probes/node.js +59 -0
  42. package/dist/core/diagnostics/probes/pnpm.js +36 -0
  43. package/dist/core/diagnostics/probes/pugi-md.js +89 -0
  44. package/dist/core/diagnostics/probes/session.js +74 -0
  45. package/dist/core/diagnostics/probes/status-snapshot.js +442 -0
  46. package/dist/core/diagnostics/probes/workspace.js +63 -0
  47. package/dist/core/diagnostics/types.js +70 -0
  48. package/dist/core/dispatch/cache-cleanup.js +197 -0
  49. package/dist/core/dispatch/cache-handoff.js +295 -0
  50. package/dist/core/edits/dispatch.js +218 -2
  51. package/dist/core/edits/journal.js +199 -0
  52. package/dist/core/edits/layer-d-ast.js +557 -14
  53. package/dist/core/edits/verify-hook.js +273 -0
  54. package/dist/core/edits/worktree.js +111 -18
  55. package/dist/core/engine/anvil-client.js +115 -5
  56. package/dist/core/engine/budgets.js +89 -0
  57. package/dist/core/engine/context-prefix.js +155 -0
  58. package/dist/core/engine/intent.js +260 -0
  59. package/dist/core/engine/native-pugi.js +852 -210
  60. package/dist/core/engine/prompts.js +89 -6
  61. package/dist/core/engine/strip-internal-fields.js +124 -0
  62. package/dist/core/engine/tool-bridge.js +972 -33
  63. package/dist/core/feedback/queue.js +177 -0
  64. package/dist/core/feedback/submitter.js +145 -0
  65. package/dist/core/file-cache.js +113 -1
  66. package/dist/core/hooks/events.js +44 -0
  67. package/dist/core/hooks/index.js +15 -0
  68. package/dist/core/hooks/registry.js +213 -0
  69. package/dist/core/hooks/runner.js +236 -0
  70. package/dist/core/init/scaffold.js +195 -0
  71. package/dist/core/lsp/cache.js +105 -0
  72. package/dist/core/lsp/client.js +174 -29
  73. package/dist/core/lsp/language-detect.js +66 -0
  74. package/dist/core/lsp/post-edit-diagnostics.js +171 -0
  75. package/dist/core/mcp/client.js +75 -6
  76. package/dist/core/mcp/http-server.js +553 -0
  77. package/dist/core/mcp/permission.js +190 -0
  78. package/dist/core/mcp/registry.js +24 -2
  79. package/dist/core/mcp/server-tools.js +219 -0
  80. package/dist/core/mcp/server.js +397 -0
  81. package/dist/core/memory/dual-write.js +416 -0
  82. package/dist/core/memory/dual-write.spec.js +297 -0
  83. package/dist/core/memory/phase1-kinds.js +20 -0
  84. package/dist/core/memory-sync/queue.js +158 -0
  85. package/dist/core/memory-sync/queue.spec.js +105 -0
  86. package/dist/core/onboarding/marker.js +111 -0
  87. package/dist/core/onboarding/telemetry-state.js +108 -0
  88. package/dist/core/output-style/presets.js +176 -0
  89. package/dist/core/output-style/state.js +185 -0
  90. package/dist/core/permissions/gate.js +187 -0
  91. package/dist/core/permissions/index.js +18 -0
  92. package/dist/core/permissions/mode.js +102 -0
  93. package/dist/core/permissions/state.js +215 -0
  94. package/dist/core/permissions/tool-class.js +93 -0
  95. package/dist/core/prd-check/parser.js +215 -0
  96. package/dist/core/prd-check/reporter.js +127 -0
  97. package/dist/core/prd-check/verifiers.js +223 -0
  98. package/dist/core/pugi-md/context-injector.js +76 -0
  99. package/dist/core/pugi-md/walk-up.js +207 -0
  100. package/dist/core/release-notes/parser.js +241 -0
  101. package/dist/core/release-notes/state.js +116 -0
  102. package/dist/core/repl/codebase-survey.js +308 -0
  103. package/dist/core/repl/history.js +11 -1
  104. package/dist/core/repl/init-interview.js +457 -0
  105. package/dist/core/repl/model-pricing.js +135 -0
  106. package/dist/core/repl/onboarding-state.js +297 -0
  107. package/dist/core/repl/session.js +1486 -30
  108. package/dist/core/repl/slash-commands.js +345 -9
  109. package/dist/core/repl/store/session-store.js +31 -2
  110. package/dist/core/repl/workspace-context.js +22 -0
  111. package/dist/core/repo-map/build.js +125 -0
  112. package/dist/core/repo-map/cache.js +185 -0
  113. package/dist/core/repo-map/extractor.js +254 -0
  114. package/dist/core/repo-map/formatter.js +145 -0
  115. package/dist/core/repo-map/scanner.js +211 -0
  116. package/dist/core/retry-budget/budget.js +284 -0
  117. package/dist/core/retry-budget/index.js +5 -0
  118. package/dist/core/session.js +44 -0
  119. package/dist/core/settings.js +80 -0
  120. package/dist/core/share/formatter.js +271 -0
  121. package/dist/core/share/redactor.js +221 -0
  122. package/dist/core/share/uploader.js +267 -0
  123. package/dist/core/skills/defaults.js +457 -0
  124. package/dist/core/subagents/dispatcher-real.js +600 -0
  125. package/dist/core/subagents/dispatcher.js +113 -24
  126. package/dist/core/subagents/index.js +18 -5
  127. package/dist/core/subagents/isolation-matrix.js +213 -0
  128. package/dist/core/subagents/spawn.js +19 -4
  129. package/dist/core/telemetry/emitter.js +229 -0
  130. package/dist/core/telemetry/queue.js +251 -0
  131. package/dist/core/theme/context.js +91 -0
  132. package/dist/core/theme/presets.js +228 -0
  133. package/dist/core/theme/state.js +181 -0
  134. package/dist/core/todos/invariant.js +10 -0
  135. package/dist/core/todos/state.js +177 -0
  136. package/dist/core/transport/version-interceptor.js +166 -0
  137. package/dist/core/vim/keymap.js +288 -0
  138. package/dist/core/vim/state.js +92 -0
  139. package/dist/index.js +28 -0
  140. package/dist/runtime/bootstrap.js +190 -0
  141. package/dist/runtime/cli.js +2595 -278
  142. package/dist/runtime/commands/chain.js +489 -0
  143. package/dist/runtime/commands/compact.js +297 -0
  144. package/dist/runtime/commands/cost.js +199 -0
  145. package/dist/runtime/commands/delegate.js +312 -0
  146. package/dist/runtime/commands/dispatch.js +126 -0
  147. package/dist/runtime/commands/doctor.js +390 -0
  148. package/dist/runtime/commands/feedback.js +184 -0
  149. package/dist/runtime/commands/hooks.js +184 -0
  150. package/dist/runtime/commands/lsp.js +212 -28
  151. package/dist/runtime/commands/mcp.js +824 -0
  152. package/dist/runtime/commands/memory.js +508 -0
  153. package/dist/runtime/commands/memory.spec.js +174 -0
  154. package/dist/runtime/commands/model.js +237 -0
  155. package/dist/runtime/commands/onboarding.js +275 -0
  156. package/dist/runtime/commands/patch.js +17 -0
  157. package/dist/runtime/commands/permissions.js +87 -0
  158. package/dist/runtime/commands/plan.js +143 -0
  159. package/dist/runtime/commands/prd-check.js +235 -0
  160. package/dist/runtime/commands/release-notes.js +229 -0
  161. package/dist/runtime/commands/repo-map.js +95 -0
  162. package/dist/runtime/commands/report.js +299 -0
  163. package/dist/runtime/commands/resume.js +118 -0
  164. package/dist/runtime/commands/review-consensus.js +17 -2
  165. package/dist/runtime/commands/rewind.js +333 -0
  166. package/dist/runtime/commands/roster.js +117 -0
  167. package/dist/runtime/commands/sessions.js +163 -0
  168. package/dist/runtime/commands/share.js +316 -0
  169. package/dist/runtime/commands/status.js +178 -0
  170. package/dist/runtime/commands/stickers.js +82 -0
  171. package/dist/runtime/commands/style.js +194 -0
  172. package/dist/runtime/commands/theme.js +196 -0
  173. package/dist/runtime/commands/update.js +289 -0
  174. package/dist/runtime/commands/vim.js +140 -0
  175. package/dist/runtime/commands/worktree.js +50 -6
  176. package/dist/runtime/headless.js +543 -0
  177. package/dist/runtime/load-hooks-or-exit.js +71 -0
  178. package/dist/runtime/plan-decompose.js +531 -0
  179. package/dist/runtime/version.js +65 -0
  180. package/dist/tools/agent-tool.js +229 -0
  181. package/dist/tools/apply-patch.js +281 -39
  182. package/dist/tools/ask-user-question.js +213 -0
  183. package/dist/tools/ask-user.js +115 -0
  184. package/dist/tools/file-tools.js +85 -14
  185. package/dist/tools/mcp-tool.js +260 -0
  186. package/dist/tools/multi-edit.js +361 -0
  187. package/dist/tools/registry.js +30 -2
  188. package/dist/tools/skill-tool.js +96 -0
  189. package/dist/tools/tasks.js +208 -0
  190. package/dist/tools/todo-write.js +184 -0
  191. package/dist/tools/web-fetch.js +147 -2
  192. package/dist/tools/web-search.js +458 -0
  193. package/dist/tui/agent-progress-card.js +111 -0
  194. package/dist/tui/agent-tree.js +10 -0
  195. package/dist/tui/ask-modal.js +2 -2
  196. package/dist/tui/ask-user-question-prompt.js +192 -0
  197. package/dist/tui/compact-banner.js +81 -0
  198. package/dist/tui/conversation-pane.js +82 -8
  199. package/dist/tui/cost-table.js +111 -0
  200. package/dist/tui/doctor-table.js +46 -0
  201. package/dist/tui/feedback-prompt.js +156 -0
  202. package/dist/tui/input-box.js +46 -2
  203. package/dist/tui/markdown-render.js +4 -4
  204. package/dist/tui/onboarding-wizard.js +240 -0
  205. package/dist/tui/repl-render.js +293 -35
  206. package/dist/tui/repl-splash.js +2 -2
  207. package/dist/tui/repl.js +45 -13
  208. package/dist/tui/splash.js +1 -1
  209. package/dist/tui/status-bar.js +94 -16
  210. package/dist/tui/status-table.js +7 -0
  211. package/dist/tui/stickers-art.js +136 -0
  212. package/dist/tui/style-table.js +28 -0
  213. package/dist/tui/theme-table.js +29 -0
  214. package/dist/tui/tool-stream-pane.js +7 -0
  215. package/dist/tui/update-banner.js +20 -2
  216. package/dist/tui/vim-input.js +267 -0
  217. package/docs/examples/codegraph.mcp.json +10 -0
  218. package/package.json +9 -6
@@ -1,38 +1,73 @@
1
- import { createHash, randomUUID } from 'node:crypto';
1
+ import { randomUUID } from 'node:crypto';
2
2
  import { execFileSync } from 'node:child_process';
3
3
  import { existsSync, mkdirSync, readdirSync, readFileSync, writeFileSync } from 'node:fs';
4
4
  import { statSync } from 'node:fs';
5
+ import { homedir } from 'node:os';
5
6
  import { dirname, relative, resolve } from 'node:path';
6
7
  import { fileURLToPath } from 'node:url';
7
8
  import { AnvilEngineLoopClient } from '../core/engine/anvil-client.js';
8
- import { NoopEngineAdapter } from '../core/engine/noop.js';
9
9
  import { NativePugiEngineAdapter } from '../core/engine/native-pugi.js';
10
- import { decidePermission } from '../core/permission.js';
10
+ import { loadMcpRegistry } from '../core/mcp/registry.js';
11
+ import { loadHookRegistryOrExit } from './load-hooks-or-exit.js';
12
+ import { defaultNonInteractiveMcpPrompt } from '../tools/mcp-tool.js';
11
13
  import { openSession, recordCommandCompleted, recordCommandStarted, recordToolCall, recordToolResult, } from '../core/session.js';
12
14
  import { loadSettings } from '../core/settings.js';
13
15
  import { FileReadCache } from '../core/file-cache.js';
14
16
  import { resolveWorkspacePath } from '../core/path-security.js';
15
17
  import { globTool, grepTool, readTool } from '../tools/file-tools.js';
16
- import { toolRegistry, toolSchemaBundleHashInput } from '../tools/registry.js';
17
18
  import { webFetchTool } from '../tools/web-fetch.js';
18
19
  import { emptyIndex, rebuildIndex, readIndex, upsertArtifact, writeIndex, } from '../core/index-store.js';
19
20
  import { signatureForPlanReview } from '../core/repl/ask.js';
20
- import { buildRuntimeConfig, loadRuntimeConfig, pollDeviceFlow, pugiHandoffBundleSchema, pugiSyncDryRunPlanSchema, pugiSyncPrivacyModeSchema, pugiSyncRequestSchema, pugiSyncUploadPlanSchema, pugiTripleReviewRequestSchema, startDeviceFlow, submitSync, submitTripleReview, } from '@pugi/sdk';
21
+ import { buildRuntimeConfig, fetchPersonaRoster, loadRuntimeConfig, openPugiSession, pollDeviceFlow, pugiHandoffBundleSchema, pugiSyncDryRunPlanSchema, pugiSyncPrivacyModeSchema, pugiSyncRequestSchema, pugiSyncUploadPlanSchema, pugiTripleReviewRequestSchema, startDeviceFlow, submitDelegate, submitSync, submitTripleReview, } from '@pugi/sdk';
21
22
  import { PUGI_TAGLINE } from '@pugi/personas';
23
+ import { resolveRoster, renderRosterTable } from './commands/roster.js';
24
+ import { runDelegateCommand } from './commands/delegate.js';
25
+ import { runDispatchCommand } from './commands/dispatch.js';
22
26
  import { clearApiKey, DEFAULT_API_URL, listStoredCredentials, maskApiKey, normalizeApiUrl, purgeAllCredentials, readCredentialsFile, resolveActiveCredential, storeApiKey, switchActiveAccount, } from '../core/credentials.js';
27
+ import { resolveAndValidateEnvLogin, } from '../core/auth/env-provider.js';
23
28
  import { runDeployCommand } from '../commands/deploy.js';
24
29
  import { runJobsCommand } from '../commands/jobs.js';
25
30
  import { runConfigCommand } from './commands/config.js';
31
+ import { runStyleCommand } from './commands/style.js';
32
+ import { runThemeCommand } from './commands/theme.js';
33
+ import { runOnboardingCommand } from './commands/onboarding.js';
34
+ import { runVimCommand } from './commands/vim.js';
35
+ import { isOnboarded } from '../core/onboarding/marker.js';
26
36
  import { runPrivacyCommand } from './commands/privacy.js';
37
+ import { runReport } from './commands/report.js';
38
+ import { runDoctorCommand, defaultHome as defaultDoctorHome } from './commands/doctor.js';
39
+ import { parsePrdCheckArgs, runPrdCheckCommand, } from './commands/prd-check.js';
40
+ import { runChainCommand, } from './commands/chain.js';
41
+ import { runStatusCommand, defaultStatusHome, } from './commands/status.js';
42
+ import { runStickersCommand } from './commands/stickers.js';
43
+ import { runRepoMapCommand } from './commands/repo-map.js';
44
+ import { runReleaseNotesCommand, defaultReleaseNotesHome, } from './commands/release-notes.js';
27
45
  import { runUndoCommand } from './commands/undo.js';
46
+ import { runCompactCommand } from './commands/compact.js';
47
+ import { runRewindCommand } from './commands/rewind.js';
48
+ import { runSessionsCommand } from './commands/sessions.js';
49
+ // Day 4 ADR-0063: persona-memory operator surface (list / recall / write /
50
+ // forget / sync). The runner is shared by `pugi memory` top-level and the
51
+ // in-REPL `/memory` slash so the two surfaces stay single-sourced.
52
+ import { runMemoryCommand } from './commands/memory.js';
28
53
  import { runBudgetCommand } from './commands/budget.js';
54
+ import { BARE_MODE_BANNER, isBareMode, setBareMode, } from '../core/bare-mode/index.js';
55
+ import { runCostCommand } from './commands/cost.js';
56
+ import { runShareCommand } from './commands/share.js';
29
57
  import { runSkillsCommand } from './commands/skills.js';
58
+ import { runHooksCommand } from './commands/hooks.js';
59
+ import { installDefaultSkills } from '../core/skills/defaults.js';
30
60
  import { runAgentsCommand } from './commands/agents.js';
31
61
  import { runLspCommand } from './commands/lsp.js';
32
62
  import { runPatchCommand } from './commands/patch.js';
33
63
  import { runWorktreeCommand } from './commands/worktree.js';
34
64
  import { resolveWorkspaceLabel } from '../core/repl/workspace-context.js';
35
65
  import { runReviewConsensus } from './commands/review-consensus.js';
66
+ import { runMcpCommand } from './commands/mcp.js';
67
+ import { runPermissionsCommand } from './commands/permissions.js';
68
+ import { runPlanCommand } from './commands/plan.js';
69
+ import { parsePermissionMode } from '../core/permissions/index.js';
70
+ import { DECOMPOSE_PROMPT_SUFFIX, parseDecompositionFromText, writeDecomposition, } from './plan-decompose.js';
36
71
  import { FtsSyntaxError, SqliteSessionStore, resolveProjectStoreDir } from '../core/repl/store/index.js';
37
72
  import { slugForCwd } from '../core/repl/history.js';
38
73
  import { dispatchEdit, } from '../core/edits/index.js';
@@ -47,18 +82,39 @@ import { dispatchEdit, } from '../core/edits/index.js';
47
82
  * packages/pugi-sdk/package.json); the publish workflow validates the
48
83
  * three are in lockstep.
49
84
  */
50
- const PUGI_CLI_VERSION = "0.1.0-beta.3";
85
+ // PR-CLI-SERVER-VERSION-HANDSHAKE (#225). PUGI_CLI_VERSION lives in
86
+ // `runtime/version.ts` now so the engine transport interceptor can
87
+ // import it without dragging in the cli.ts module graph. Re-exported
88
+ // here under the original name so every existing reader (`pugi version`,
89
+ // `pugi doctor --json`, splash render, telemetry) keeps working with
90
+ // zero churn. Bumping the CLI version is still a single-file edit —
91
+ // just on `runtime/version.ts` instead of here. The β1 sanitizer that
92
+ // guarded against `workspace:*` leaks moved with the constant.
93
+ import { PUGI_CLI_VERSION, sanitizeSemver } from './version.js';
51
94
  const handlers = {
52
95
  accounts,
53
96
  agents: dispatchAgents,
54
97
  ask: dispatchAsk,
55
98
  build: runEngineTask('build_task'),
56
99
  budget: dispatchBudget,
100
+ // Wave 6 (2026-05-27): `pugi chain` walks the deterministic 7-step
101
+ // artifact pipeline (PRD → ADR → mindmap → ER → sequence → tests →
102
+ // code). Subcommands: new / status / next / show / export / list.
103
+ // Same handler powers the in-REPL `/chain` slash via session.ts.
104
+ chain: dispatchChain,
57
105
  code: runEngineTask('code'),
58
106
  config: dispatchConfig,
107
+ cost: dispatchCost,
108
+ delegate: dispatchDelegate,
109
+ // Leak L10 (2026-05-27): `pugi dispatch list-cache-refs` /
110
+ // `clear-cache-refs` operate on `.pugi/cache-refs/` — the persisted
111
+ // prompt-cache inheritance handles for fork-subagent dispatches. The
112
+ // handler module lives in commands/dispatch.ts so the table stays narrow.
113
+ dispatch: dispatchSubagentCacheRefs,
59
114
  deploy: dispatchDeploy,
60
115
  doctor,
61
116
  explain: runEngineTask('explain'),
117
+ hooks: dispatchHooks,
62
118
  fix: runEngineTask('fix'),
63
119
  handoff,
64
120
  help,
@@ -68,16 +124,84 @@ const handlers = {
68
124
  login,
69
125
  logout,
70
126
  lsp: dispatchLsp,
127
+ mcp: dispatchMcp,
128
+ // ADR-0063 Day 4: `pugi memory list|recall|write|forget|sync`. Routes
129
+ // to `runMemoryCommand` (admin-api `/api/persona-memory` + offline
130
+ // queue at `~/.pugi/memory-queue.jsonl`).
131
+ memory: dispatchMemory,
71
132
  patch: dispatchPatch,
72
- plan: runEngineTask('plan'),
133
+ permissions: dispatchPermissions,
134
+ perms: dispatchPermissions,
135
+ plan: dispatchPlan,
73
136
  'plan-review': dispatchPlanReview,
137
+ // Wave 6 (2026-05-27): `pugi prd-check` verifies PRD acceptance
138
+ // criteria against committed code/tests/docs/commands BEFORE an
139
+ // operator (or autonomous agent) claims a feature done. Same
140
+ // handler powers the in-REPL `/prd-check` slash via session.ts.
141
+ 'prd-check': dispatchPrdCheck,
74
142
  privacy: dispatchPrivacy,
143
+ // L24 (2026-05-27): `pugi release-notes` shows the bundled CHANGELOG
144
+ // diff between the operator's last-seen version + installed version.
145
+ // The slash counterpart `/release-notes` shares this handler via the
146
+ // shared `runReleaseNotesCommand` runner.
147
+ 'release-notes': releaseNotes,
148
+ releaseNotes,
149
+ // PAVF-7 (2026-05-27): `pugi report --from-error` captures the
150
+ // most-recent failed session as a redacted bundle so operators can
151
+ // file clean bug reports without manual log-grepping.
152
+ report: dispatchReport,
75
153
  review,
76
154
  resume,
155
+ roster: dispatchRoster,
77
156
  sessions,
157
+ share: dispatchShare,
78
158
  skills: dispatchSkills,
159
+ status,
160
+ stickers,
161
+ // Leak L28 (2026-05-27): `pugi repo-map` walks the source tree,
162
+ // extracts top-level function / class / interface / type / enum
163
+ // declarations + JSDoc summaries, caches the result in
164
+ // `.pugi/repo-map.json`, and renders the compact markdown listing.
165
+ // Same builder powers the engine boot-time system-prompt injection
166
+ // — running the CLI command shows the operator EXACTLY what the
167
+ // engine would see.
168
+ 'repo-map': dispatchRepoMap,
169
+ // Leak L21 (2026-05-27): in-CLI feedback collector. Shares the
170
+ // same handler as the in-REPL `/feedback` slash; the wrapper just
171
+ // routes TTY vs non-TTY before mounting Ink.
172
+ feedback: dispatchFeedback,
79
173
  sync,
174
+ style: dispatchStyle,
175
+ // Leak L30 (2026-05-27): `pugi theme` flips the local TUI color
176
+ // palette (orthogonal to `pugi style` — that one steers engine
177
+ // prose register). 4 presets: default / dark / light / colorblind.
178
+ theme: dispatchTheme,
179
+ // Leak L25 (2026-05-27): `pugi onboarding` walks the new operator
180
+ // through auth / mode / style / MCP / telemetry. Idempotent;
181
+ // `--reset` clears the marker file so the bare-invocation hint
182
+ // re-arms without nuking persisted defaults.
183
+ onboarding: dispatchOnboarding,
184
+ // Leak L26 (2026-05-27): `pugi vim` toggles vim-style modal editing
185
+ // in the REPL input buffer. Bare invocation toggles, `on`/`off`
186
+ // sets explicitly; preference persists in ~/.pugi/config.json.
187
+ vim: dispatchVim,
80
188
  undo: dispatchUndo,
189
+ compact: dispatchCompact,
190
+ // Leak L9 (2026-05-27): `pugi rewind [N | --to <id>]` rolls the
191
+ // conversation back to a checkpoint by appending a tombstone marker
192
+ // to the NDJSON event log. The slash counterpart `/rewind` forwards
193
+ // to the same runner via session.ts.
194
+ rewind: dispatchRewind,
195
+ // L19 (2026-05-27): `pugi usage` is an alias of `pugi cost` — same
196
+ // handler, same flags. Operators trained on Claude Code expect either
197
+ // verb to surface the per-model token + USD table.
198
+ usage: dispatchCost,
199
+ // Leak L27 (2026-05-27): `pugi update` — channel-aware npm registry
200
+ // probe + optional npm install shell-out. Same handler powers the
201
+ // in-REPL `/update` slash via the session module. R2 atomic swap
202
+ // deferred to Phase 2 per the sprint plan; npm is the single
203
+ // distribution channel today.
204
+ update: dispatchUpdate,
81
205
  version,
82
206
  web: dispatchWeb,
83
207
  whoami,
@@ -252,6 +376,259 @@ async function dispatchPrivacy(args, flags, _session) {
252
376
  writeOutput: (payload, text) => writeOutput(flags, payload, text),
253
377
  });
254
378
  }
379
+ /**
380
+ * ADR-0063 Day 4 — `pugi memory <sub>` top-level dispatcher.
381
+ *
382
+ * Forwards to the shared `runMemoryCommand` runner. Exit codes:
383
+ *
384
+ * - 0 — happy paths (listed / recalled / written / forgot / synced /
385
+ * queued_offline / sync_noop / sync_partial)
386
+ * - 1 — unauthenticated / feature_disabled / unknown_sub
387
+ * - 2 — invalid_args
388
+ *
389
+ * `forget_not_found` exits 0 because the operator-visible behaviour
390
+ * (the memory is gone) matches their intent; the JSON envelope still
391
+ * carries the `forget_not_found` status flag for scripted callers.
392
+ */
393
+ async function dispatchMemory(args, flags, _session) {
394
+ const result = await runMemoryCommand(args, {
395
+ workspaceRoot: process.cwd(),
396
+ json: flags.json,
397
+ writeOutput: (payload, text) => writeOutput(flags, payload, text),
398
+ });
399
+ switch (result.status) {
400
+ case 'unauthenticated':
401
+ case 'feature_disabled':
402
+ case 'unknown_sub':
403
+ process.exitCode = 1;
404
+ return;
405
+ case 'invalid_args':
406
+ process.exitCode = 2;
407
+ return;
408
+ default:
409
+ // 'listed' | 'recalled' | 'written' | 'queued_offline' | 'forgot' |
410
+ // 'forget_not_found' | 'synced' | 'sync_partial' | 'sync_noop' — exit 0.
411
+ return;
412
+ }
413
+ }
414
+ /**
415
+ * Leak L18 (2026-05-27) — `pugi style` top-level dispatcher.
416
+ *
417
+ * Forwards to the shared `runStyleCommand` runner. The REPL `/style`
418
+ * slash uses the same runner via a dynamic import inside
419
+ * `core/repl/session.ts` so the two surfaces stay single-sourced.
420
+ *
421
+ * Exit-code policy:
422
+ * - 0 — show / switch / reset / list happy paths
423
+ * - 1 — unknown preset slug
424
+ * - 2 — conflicting flags (`--reset` + positional / `--reset --persist`)
425
+ *
426
+ * The runner returns the code; we attach it to `process.exitCode` so
427
+ * subsequent dispatch wrappers do not clobber it on success.
428
+ */
429
+ async function dispatchStyle(args, flags, _session) {
430
+ const rc = await runStyleCommand(args, {
431
+ workspaceRoot: process.cwd(),
432
+ writeOutput: (payload, text) => writeOutput(flags, payload, text),
433
+ });
434
+ if (rc !== 0)
435
+ process.exitCode = rc;
436
+ }
437
+ /**
438
+ * Leak L30 (2026-05-27) — `pugi theme` top-level dispatcher.
439
+ *
440
+ * Forwards to the shared `runThemeCommand` runner. The REPL `/theme`
441
+ * slash uses the same runner via a dynamic import inside
442
+ * `core/repl/session.ts` so the two surfaces stay single-sourced.
443
+ *
444
+ * Exit-code policy mirrors `dispatchStyle`:
445
+ * - 0 — show / switch / reset / list happy paths
446
+ * - 1 — unknown preset slug
447
+ * - 2 — conflicting flags (`--reset` + positional / `--reset --persist`)
448
+ *
449
+ * The runner returns the code; we attach it to `process.exitCode` so
450
+ * subsequent dispatch wrappers do not clobber it on success.
451
+ */
452
+ /**
453
+ * Leak L12 (2026-05-27) — `pugi hooks` top-level dispatcher (MVP).
454
+ *
455
+ * Two subcommands:
456
+ * - `pugi hooks list` — show configured hooks per event.
457
+ * - `pugi hooks doctor` — validate `~/.pugi/hooks-mvp.json`.
458
+ *
459
+ * MVP scope: 2 events of 8 (SessionStart + PreToolUse). Remaining 6
460
+ * events (PostToolUse, UserPromptSubmit, Stop, SubagentStop,
461
+ * PreCompact, Notification) deferred to fast-follow PR. The runner
462
+ * pattern established here is reusable for those events without
463
+ * touching this dispatcher.
464
+ *
465
+ * Exit codes:
466
+ * 0 -> happy path.
467
+ * 1 -> config present but invalid (doctor only).
468
+ * 2 -> argument error / unknown subcommand.
469
+ */
470
+ async function dispatchHooks(args, flags, _session) {
471
+ const rc = await runHooksCommand(args, {
472
+ writeOutput: (payload, text) => writeOutput(flags, payload, text),
473
+ });
474
+ if (rc !== 0)
475
+ process.exitCode = rc;
476
+ }
477
+ async function dispatchTheme(args, flags, _session) {
478
+ const rc = await runThemeCommand(args, {
479
+ workspaceRoot: process.cwd(),
480
+ writeOutput: (payload, text) => writeOutput(flags, payload, text),
481
+ });
482
+ if (rc !== 0)
483
+ process.exitCode = rc;
484
+ }
485
+ /**
486
+ * Leak L25 (2026-05-27) — `pugi onboarding` top-level dispatcher.
487
+ *
488
+ * Walks the new operator through auth / permission mode / output
489
+ * style / MCP / telemetry consent. The Ink wizard mounts only when
490
+ * stdin is a TTY and `--json` is not set; otherwise we dump the
491
+ * current snapshot + hints in the non-interactive envelope so
492
+ * scripted callers see the same structured payload.
493
+ *
494
+ * Auth status: we resolve credentials once up front and pass the
495
+ * boolean to the runner; the wizard surfaces a `pugi login` hint
496
+ * when auth is missing but DOES NOT block — local defaults are still
497
+ * configurable without an active credential.
498
+ *
499
+ * Exit-code policy:
500
+ * 0 — completed / cancelled / non-interactive / reset
501
+ * 2 — conflicting / unknown flags
502
+ */
503
+ async function dispatchOnboarding(args, flags, _session) {
504
+ const credential = resolveActiveCredential();
505
+ const rc = await runOnboardingCommand(args, {
506
+ workspaceRoot: process.cwd(),
507
+ env: process.env,
508
+ authPresent: credential !== null,
509
+ interactive: isInteractive(flags) && !flags.json,
510
+ writeOutput: (payload, text) => writeOutput(flags, payload, text),
511
+ });
512
+ if (rc !== 0)
513
+ process.exitCode = rc;
514
+ }
515
+ /**
516
+ * Leak L26 (2026-05-27) — `pugi vim` top-level dispatcher.
517
+ *
518
+ * Forwards to the shared `runVimCommand` runner. The REPL `/vim` slash
519
+ * uses the same runner via a dynamic import inside
520
+ * `core/repl/session.ts` so the two surfaces stay single-sourced.
521
+ *
522
+ * Exit-code policy:
523
+ * - 0 — show / enable / disable / toggle happy paths
524
+ * - 2 — unknown subcommand (e.g. `pugi vim chaos`) or too many args
525
+ */
526
+ async function dispatchVim(args, flags, _session) {
527
+ const rc = await runVimCommand(args, {
528
+ env: process.env,
529
+ writeOutput: (payload, text) => writeOutput(flags, payload, text),
530
+ });
531
+ if (rc !== 0)
532
+ process.exitCode = rc;
533
+ }
534
+ /**
535
+ * PAVF-7 (2026-05-27): `pugi report --from-error` — bundle the most-
536
+ * recent failed session into a redacted local report so operators can
537
+ * file clean bug tickets without manual log-grepping. v1 is local-only
538
+ * (no auto-upload — see commands/report.ts header for the rationale).
539
+ */
540
+ async function dispatchReport(args, flags, _session) {
541
+ const rc = runReport(args, {
542
+ cwd: process.cwd(),
543
+ json: flags.json,
544
+ emit: (line) => {
545
+ if (!flags.json)
546
+ process.stdout.write(line);
547
+ },
548
+ writeOutput: (payload, text) => writeOutput(flags, payload, text),
549
+ });
550
+ if (rc !== 0)
551
+ process.exitCode = rc;
552
+ }
553
+ /**
554
+ * `pugi roster` - α7.5 Phase 1.
555
+ *
556
+ * List the live Tier 1 personas with display name, role, and routing
557
+ * tag. Walks the remote /api/pugi/sessions/roster endpoint when a
558
+ * credential is available; falls back to the local @pugi/personas
559
+ * roster when offline so the operator can still see who is on the team.
560
+ */
561
+ async function dispatchRoster(_args, flags, _session) {
562
+ const credential = resolveActiveCredential();
563
+ const config = credential
564
+ ? buildRuntimeConfig({ apiUrl: credential.apiUrl, apiKey: credential.apiKey })
565
+ : null;
566
+ const { rows, warning } = await resolveRoster(config);
567
+ const payload = {
568
+ ok: true,
569
+ personas: rows,
570
+ warning,
571
+ };
572
+ const text = (warning ? `# warning: ${warning}\n\n` : '') +
573
+ renderRosterTable(rows);
574
+ writeOutput(flags, payload, text);
575
+ }
576
+ /**
577
+ * `pugi delegate <slug> "<brief>"` - α7.5 Phase 1.
578
+ *
579
+ * Open a fresh REPL session and POST the brief to one Tier 1 persona,
580
+ * bypassing Mira's coordinator pass. Non-interactive: the CLI prints
581
+ * the dispatch id on success and exits; the operator (or a script) can
582
+ * subscribe to the session stream separately if they want the live
583
+ * lifecycle. Interactive operators use `/delegate` from inside the REPL
584
+ * instead so the dispatch lifecycle surfaces inline.
585
+ */
586
+ async function dispatchDelegate(args, flags, _session) {
587
+ await runDelegateCommand(args, {
588
+ workspaceCwd: process.cwd(),
589
+ writeOutput: (payload, text) => writeOutput(flags, payload, text),
590
+ resolveConfig: () => {
591
+ const credential = resolveActiveCredential();
592
+ if (!credential)
593
+ return null;
594
+ return buildRuntimeConfig({ apiUrl: credential.apiUrl, apiKey: credential.apiKey });
595
+ },
596
+ fetchRoster: fetchPersonaRoster,
597
+ submitDelegate,
598
+ openSession: async (config, workspaceCwd) => {
599
+ const result = await openPugiSession(config, { workspaceCwd });
600
+ if (result.status === 'ok')
601
+ return { sessionId: result.response.sessionId };
602
+ return { error: `${result.status}: ${result.message}` };
603
+ },
604
+ });
605
+ }
606
+ /**
607
+ * `pugi chain` — Wave 6 artifact chain dispatcher (2026-05-27).
608
+ * Forwards to `runChainCommand` with the live credential + session
609
+ * opener wired so the dispatcher can hit Anvil. The slash counterpart
610
+ * `/chain` shares the same handler via session.ts so the surface
611
+ * stays single-sourced.
612
+ */
613
+ async function dispatchChain(args, flags, _session) {
614
+ await runChainCommand(args, {
615
+ cwd: process.cwd(),
616
+ json: flags.json,
617
+ writeOutput: (payload, text) => writeOutput(flags, payload, text),
618
+ resolveConfig: () => {
619
+ const credential = resolveActiveCredential();
620
+ if (!credential)
621
+ return null;
622
+ return buildRuntimeConfig({ apiUrl: credential.apiUrl, apiKey: credential.apiKey });
623
+ },
624
+ openSession: async (config, workspaceCwd) => {
625
+ const result = await openPugiSession(config, { workspaceCwd });
626
+ if (result.status === 'ok')
627
+ return { sessionId: result.response.sessionId };
628
+ return { error: `${result.status}: ${result.message}` };
629
+ },
630
+ });
631
+ }
255
632
  async function dispatchUndo(args, flags, session) {
256
633
  await runUndoCommand(args, {
257
634
  workspaceRoot: process.cwd(),
@@ -259,12 +636,225 @@ async function dispatchUndo(args, flags, session) {
259
636
  writeOutput: (payload, text) => writeOutput(flags, payload, text),
260
637
  });
261
638
  }
639
+ /**
640
+ * Leak L8 (2026-05-27) — `pugi compact` summarises older REPL turns
641
+ * into a single boundary marker, freeing context for the next `pugi
642
+ * resume <id>`. The slash `/compact` inside a live REPL forwards
643
+ * through the same runner via session.ts so the surface stays single-
644
+ * sourced.
645
+ */
646
+ async function dispatchCompact(args, flags, _session) {
647
+ // Wave 6 BT 8 (Claude Code parity): parse `--force` / `-f` so the
648
+ // operator can produce a marker against a short session. Auto-trigger
649
+ // paths never pass this flag — only the explicit CLI / slash invocation.
650
+ const force = args.some((t) => t === '--force' || t === '-f');
651
+ const result = await runCompactCommand(args, {
652
+ workspaceRoot: process.cwd(),
653
+ writeOutput: (payload, text) => writeOutput(flags, payload, text),
654
+ force,
655
+ });
656
+ if (result.status === 'failed_no_session'
657
+ || result.status === 'failed_transport'
658
+ || result.status === 'failed_store') {
659
+ process.exitCode = 1;
660
+ return;
661
+ }
662
+ if (result.status === 'noop_empty' || result.status === 'noop_recent_marker') {
663
+ process.exitCode = 2;
664
+ }
665
+ }
262
666
  async function dispatchBudget(args, flags, _session) {
263
667
  await runBudgetCommand(args, {
264
668
  workspaceRoot: process.cwd(),
265
669
  writeOutput: (payload, text) => writeOutput(flags, payload, text),
266
670
  });
267
671
  }
672
+ /**
673
+ * Leak L9 (2026-05-27) — `pugi rewind [N | --to <id>]` rolls the
674
+ * conversation back to a checkpoint by appending a tombstone marker to
675
+ * the NDJSON event log. Append-only: events stay durable; `pugi
676
+ * sessions undo-rewind` reverses the operation. The slash `/rewind`
677
+ * forwards through this same runner via session.ts.
678
+ */
679
+ async function dispatchRewind(args, flags, _session) {
680
+ const result = await runRewindCommand(args, {
681
+ workspaceRoot: process.cwd(),
682
+ writeOutput: (payload, text) => writeOutput(flags, payload, text),
683
+ });
684
+ if (result.status === 'failed_no_session'
685
+ || result.status === 'failed_store') {
686
+ process.exitCode = 1;
687
+ return;
688
+ }
689
+ if (result.status === 'failed_parse') {
690
+ process.exitCode = 2;
691
+ return;
692
+ }
693
+ if (result.status === 'noop_zero' || result.status === 'noop_empty') {
694
+ process.exitCode = 2;
695
+ }
696
+ }
697
+ /**
698
+ * Leak L6 — `pugi permissions [mode] [--persist] [--confirm]`.
699
+ *
700
+ * Surface the same intent as the in-REPL `/permissions` slash. Mode
701
+ * arg is positional; `--persist` and `--confirm` are zero-arg flags
702
+ * already consumed by `parseArgs` into `flags.persist` / `flags.confirm`.
703
+ *
704
+ * Examples:
705
+ * pugi permissions -> show current mode + table
706
+ * pugi permissions plan -> flip workspace state to plan
707
+ * pugi permissions allow --persist -> flip + write ~/.pugi/config.json
708
+ * pugi permissions bypass --confirm -> flip to bypass (acknowledge banner)
709
+ */
710
+ async function dispatchPermissions(args, flags, _session) {
711
+ const head = args[0];
712
+ if (head && parsePermissionMode(head) === null) {
713
+ writeOutput(flags, { error: 'unknown_mode', mode: head }, `Unknown mode '${head}'. Allowed: plan, ask, allow, bypass.`);
714
+ process.exitCode = 1;
715
+ return;
716
+ }
717
+ const mode = head ? parsePermissionMode(head) : undefined;
718
+ await runPermissionsCommand({
719
+ ...(mode ? { mode } : {}),
720
+ persist: Boolean(flags.persist),
721
+ confirmBypass: Boolean(flags.confirm),
722
+ }, {
723
+ workspaceRoot: process.cwd(),
724
+ writeOutput: (text) => writeOutput(flags, { text }, text),
725
+ });
726
+ }
727
+ /**
728
+ * L19 sprint (2026-05-27): `pugi cost` / `pugi usage` top-level surface.
729
+ *
730
+ * Aliased through the handlers table so `pugi usage` reuses the same
731
+ * implementation. The persisted store lives at `<cwd>/.pugi/cost.json`
732
+ * and is shared with the REPL `/cost` / `/usage` slash handlers.
733
+ */
734
+ async function dispatchCost(args, flags, _session) {
735
+ await runCostCommand(args, {
736
+ workspaceRoot: process.cwd(),
737
+ writeOutput: (payload, text) => writeOutput(flags, payload, text),
738
+ });
739
+ }
740
+ /**
741
+ * Leak L20 (2026-05-27): `pugi share` top-level surface. Exports the
742
+ * current session transcript as Markdown to gist (default when `gh` is
743
+ * available) or pugi.io (--pugi). The handler delegates to
744
+ * `runShareCommand` so the slash surface (`/share`) and the shell
745
+ * surface share one code path. JSON output mode is honoured via the
746
+ * shared `writeOutput` wrapper.
747
+ */
748
+ async function dispatchShare(args, flags, _session) {
749
+ await runShareCommand(args, {
750
+ workspaceRoot: process.cwd(),
751
+ cliVersion: PUGI_CLI_VERSION,
752
+ writeOutput: (payload, text) => writeOutput(flags, payload, text),
753
+ });
754
+ }
755
+ /**
756
+ * Leak L7 — `pugi plan [--back | --persist | <prompt...>]`.
757
+ *
758
+ * Quick mode-switch shortcut + optional one-shot engine dispatch. Slash
759
+ * surface `/plan` shares the same `runPlanCommand` helper so the
760
+ * workspace-state writes go through one code path. Argument grammar:
761
+ *
762
+ * pugi plan -> set workspace mode = plan + banner
763
+ * pugi plan --back -> restore the mode that was active
764
+ * before the most recent /plan entry
765
+ * pugi plan --persist -> set + also write ~/.pugi/config.json
766
+ * pugi plan <prompt...> -> set + run `runEngineTask('plan')`
767
+ * with the prompt (existing offline /
768
+ * engine path; the permission gate now
769
+ * sees plan as workspace state)
770
+ * pugi plan <prompt> --auto-back -> ALSO restore previous mode once
771
+ * the engine returns (defaults to
772
+ * leaving the operator in plan
773
+ * mode so they can iterate)
774
+ *
775
+ * The handler intentionally intercepts the mode-switch flags BEFORE
776
+ * delegating to `runEngineTask('plan')` for the prompt path. Without
777
+ * this wrapper, `pugi plan` (no args) would error out of the engine
778
+ * task ("requires a prompt") which is the legacy behaviour; the L7
779
+ * spec wants bare `pugi plan` to be the mode switch.
780
+ */
781
+ async function dispatchPlan(args, flags, session) {
782
+ // Strip `--back` / `--auto-back` from the positional args — the global
783
+ // parseArgs does not consume them (they are command-local). Anything
784
+ // else stays in `prompt` so the engine sees the operator's text
785
+ // verbatim. The flag parser keeps both `--back` and the spelling
786
+ // variants the operator might type from muscle memory after using
787
+ // `git checkout --` style flows.
788
+ let back = false;
789
+ let autoBack = false;
790
+ const remaining = [];
791
+ for (const arg of args) {
792
+ if (arg === '--back') {
793
+ back = true;
794
+ }
795
+ else if (arg === '--auto-back') {
796
+ autoBack = true;
797
+ }
798
+ else {
799
+ remaining.push(arg);
800
+ }
801
+ }
802
+ const hasPrompt = remaining.length > 0;
803
+ const persist = Boolean(flags.persist);
804
+ // --back and a prompt are mutually exclusive — back is a revert action,
805
+ // not a dispatch one. Refuse the combination with a clear hint instead
806
+ // of silently dropping one or the other.
807
+ if (back && hasPrompt) {
808
+ writeOutput(flags, { ok: false, error: 'pugi plan --back does not accept a prompt; revert first, then dispatch.' }, 'pugi plan --back does not accept a prompt; revert first, then dispatch.');
809
+ process.exitCode = 2;
810
+ return;
811
+ }
812
+ // --back + --auto-back is incoherent (auto-back applies to the
813
+ // dispatch path) — refuse rather than degrade silently.
814
+ if (back && autoBack) {
815
+ writeOutput(flags, { ok: false, error: 'pugi plan --back and --auto-back cannot be combined.' }, 'pugi plan --back and --auto-back cannot be combined.');
816
+ process.exitCode = 2;
817
+ return;
818
+ }
819
+ // When a prompt is going to be dispatched in --json mode, suppress
820
+ // the human-readable banner writes so the engine task remains the
821
+ // single JSON emitter on stdout. The mode write still happens. In
822
+ // human (non --json) mode the banner prints normally so the operator
823
+ // sees the gate-state change before the engine starts thinking.
824
+ const sinkSilent = hasPrompt && flags.json;
825
+ const writeLine = (line) => {
826
+ if (sinkSilent)
827
+ return;
828
+ writeOutput(flags, { text: line }, line);
829
+ };
830
+ const result = await runPlanCommand({ back, persist }, {
831
+ workspaceRoot: process.cwd(),
832
+ writeOutput: writeLine,
833
+ });
834
+ // No prompt → mode-switch only. Done.
835
+ if (!hasPrompt)
836
+ return;
837
+ // Prompt present → fall through to the existing engine task with the
838
+ // remaining args. The workspace mode is now `plan` (or stayed `plan`
839
+ // if already there); the engine sees the same plan-task semantics it
840
+ // always has — read-only schema + executor refusal sentinel — but the
841
+ // permission GATE now also enforces plan independently.
842
+ try {
843
+ await runEngineTask('plan')(remaining, flags, session);
844
+ }
845
+ finally {
846
+ // --auto-back restores the previous mode AFTER the engine returns
847
+ // (success OR failure) so the operator's gate state mirrors a normal
848
+ // `--back` invocation. Without --auto-back the operator stays in
849
+ // plan and can iterate / inspect before acting.
850
+ if (autoBack && (result.verdict === 'entered' || result.verdict === 'persisted')) {
851
+ await runPlanCommand({ back: true, persist: false }, {
852
+ workspaceRoot: process.cwd(),
853
+ writeOutput: writeLine,
854
+ });
855
+ }
856
+ }
857
+ }
268
858
  async function dispatchSkills(args, flags, _session) {
269
859
  await runSkillsCommand(args, {
270
860
  workspaceRoot: process.cwd(),
@@ -279,6 +869,19 @@ async function dispatchAgents(args, flags, _session) {
279
869
  writeOutput: (payload, text) => writeOutput(flags, payload, text),
280
870
  });
281
871
  }
872
+ /**
873
+ * Leak L10 (2026-05-27): `pugi dispatch <sub>` — operator-facing
874
+ * inspection + GC for fork-subagent prompt-cache inherit refs
875
+ * (.pugi/cache-refs/). Delegates to the standalone runner in
876
+ * commands/dispatch.ts so the cli.ts table stays under control.
877
+ */
878
+ async function dispatchSubagentCacheRefs(args, flags, _session) {
879
+ await runDispatchCommand(args, {
880
+ workspaceRoot: process.cwd(),
881
+ json: flags.json,
882
+ writeOutput: (payload, text) => writeOutput(flags, payload, text),
883
+ });
884
+ }
282
885
  /**
283
886
  * `pugi web <url>` — Sprint α6.15 Phase 1 quick-win subcommand.
284
887
  *
@@ -328,22 +931,46 @@ async function dispatchWeb(args, flags, _session) {
328
931
  */
329
932
  async function dispatchLsp(args, flags, _session) {
330
933
  const result = await runLspCommand(args, { cwd: process.cwd(), json: flags.json });
331
- if (flags.json)
332
- console.log(result.text);
333
- else
334
- console.log(result.text);
934
+ console.log(result.text);
335
935
  if (result.exitCode !== 0)
336
936
  process.exitCode = result.exitCode;
337
937
  }
938
+ /**
939
+ * β4 M6 + M7 + Sl7 (2026-05-26): `pugi mcp <sub>` — MCP execution +
940
+ * server. `list / trust / deny / install` manage the client-side
941
+ * registry (the same surface `pugi config mcp ...` exposes); `serve`
942
+ * boots Pugi-as-MCP-server over stdio (default) or HTTP+SSE; `perms`
943
+ * inspects + resets the per-(server, tool) permission cache that
944
+ * gates engine-loop dispatch.
945
+ *
946
+ * The serve sub-command never returns under normal conditions — the
947
+ * stdio path runs until stdin closes (parent agent disconnect) and the
948
+ * HTTP path runs until SIGINT/SIGTERM. Both honour the optional
949
+ * AbortSignal we pass through from the REPL slash bridge in β4b.
950
+ */
951
+ async function dispatchMcp(args, flags, _session) {
952
+ await runMcpCommand(args, {
953
+ workspaceRoot: process.cwd(),
954
+ writeOutput: (payload, text) => writeOutput(flags, payload, text),
955
+ });
956
+ }
338
957
  /**
339
958
  * α7.7: `pugi patch` — apply a unified-diff patch from stdin or a file.
340
959
  * Routes through the same security gate as the Layer A/B/C applicators
341
960
  * (see `src/core/edits/security-gate.ts`). Exit codes mirror the
342
961
  * security taxonomy so CI loops can alert on hostile patches without
343
962
  * confusing them with operator typos.
963
+ *
964
+ * R1 fix (2026-05-26, PR #413 r1): pass `flags.dryRun` through so the
965
+ * top-level parser's consumption of `--dry-run` does not silently
966
+ * disable dry-run mode on `pugi patch --dry-run < diff.patch`.
344
967
  */
345
968
  async function dispatchPatch(args, flags, _session) {
346
- const result = await runPatchCommand(args, { cwd: process.cwd(), json: flags.json });
969
+ const result = await runPatchCommand(args, {
970
+ cwd: process.cwd(),
971
+ json: flags.json,
972
+ dryRun: flags.dryRun,
973
+ });
347
974
  console.log(result.text);
348
975
  if (result.exitCode !== 0)
349
976
  process.exitCode = result.exitCode;
@@ -353,15 +980,82 @@ async function dispatchPatch(args, flags, _session) {
353
980
  * The `pugi build` and `pugi review --consensus` paths use the same
354
981
  * primitives internally (`createWorktree` / `promoteWorktree`); this
355
982
  * surface is the operator escape hatch for debug + experiment flows.
983
+ *
984
+ * R1 fix (2026-05-26, PR #413 r1): forward `flags.dryRun` so the
985
+ * top-level parser's consumption of `--dry-run` does not silently
986
+ * disable dry-run mode on `pugi worktree promote --dry-run <path>`.
356
987
  */
357
988
  async function dispatchWorktree(args, flags, _session) {
358
- const result = await runWorktreeCommand(args, { cwd: process.cwd(), json: flags.json });
989
+ const result = await runWorktreeCommand(args, {
990
+ cwd: process.cwd(),
991
+ json: flags.json,
992
+ dryRun: flags.dryRun,
993
+ });
359
994
  console.log(result.text);
360
995
  if (result.exitCode !== 0)
361
996
  process.exitCode = result.exitCode;
362
997
  }
363
998
  export async function runCli(argv) {
364
999
  const { command, args, flags, isBareInvocation } = parseArgs(argv);
1000
+ // Leak L22 — print the one-line bare banner once per invocation when
1001
+ // the flag is active and stdout is NOT bound for JSON consumption. The
1002
+ // banner goes to stderr so it never lands in a `--json` envelope or a
1003
+ // pipe-captured stdout stream; operators see it on the terminal,
1004
+ // scripted callers stay clean. Suppressed for `pugi version` / `pugi
1005
+ // help` (short, scripted-friendly surfaces) and when the operator
1006
+ // sets PUGI_BARE without the flag (avoids double-printing across
1007
+ // scripted nested invocations).
1008
+ if (flags.bare &&
1009
+ !flags.json &&
1010
+ command !== 'version' &&
1011
+ command !== 'help' &&
1012
+ argv.includes('--bare')) {
1013
+ process.stderr.write(`${BARE_MODE_BANNER}\n`);
1014
+ }
1015
+ // β-headless dispatch (CEO directive 2026-05-27 "нужно тестирование по
1016
+ // кругу"): when `--print <brief>` is set we route to the headless
1017
+ // runner BEFORE the REPL / splash / command branches. The runner
1018
+ // never mounts Ink, never opens raw stdin, never prints the splash
1019
+ // — only the structured event stream lands on stdout. Same engine
1020
+ // adapter path the REPL uses (no fork), only the output sink
1021
+ // differs.
1022
+ if (typeof flags.print === 'string') {
1023
+ const { runHeadlessPrint } = await import('./headless.js');
1024
+ // Default to NDJSON when stdout is not a TTY OR when --json is set
1025
+ // explicitly. A human running `pugi --print "..."` in their
1026
+ // terminal without flags gets the readable text sink; a pipe gets
1027
+ // the machine-readable stream.
1028
+ const wantJson = flags.json || !process.stdout.isTTY;
1029
+ const headlessFactory = getEngineClientFactory();
1030
+ const exitCode = await runHeadlessPrint({
1031
+ prompt: flags.print,
1032
+ json: wantJson,
1033
+ cwd: flags.cwd ?? process.cwd(),
1034
+ ...(flags.workspace ? { workspace: flags.workspace } : {}),
1035
+ ...(flags.sessionId ? { sessionIdOverride: flags.sessionId } : {}),
1036
+ ...(flags.timeoutSeconds ? { timeoutSeconds: flags.timeoutSeconds } : {}),
1037
+ noTools: flags.noTools,
1038
+ ...(flags.maxTurns ? { maxTurns: flags.maxTurns } : {}),
1039
+ ...(headlessFactory ? { engineClientFactory: headlessFactory } : {}),
1040
+ ...(headlessStdoutWriter ? { stdoutWrite: headlessStdoutWriter } : {}),
1041
+ ...(headlessStderrWriter ? { stderrWrite: headlessStderrWriter } : {}),
1042
+ });
1043
+ process.exitCode = exitCode;
1044
+ return;
1045
+ }
1046
+ // Leak L25 (2026-05-27): first-run hint. When the operator types a
1047
+ // bare `pugi` on a real TTY AND the onboarding marker is absent, drop
1048
+ // a one-line hint on stderr BEFORE the REPL splash mounts. Stderr so
1049
+ // the line never lands in a `--json` envelope or a scripted stdout
1050
+ // pipe; suppressed when --json is set or the operator already walked
1051
+ // the wizard. The marker check is best-effort — a fs glitch returns
1052
+ // false and we print the hint, which is harmless.
1053
+ if (isBareInvocation
1054
+ && isInteractive(flags)
1055
+ && !flags.json
1056
+ && !isOnboarded(process.env)) {
1057
+ process.stderr.write('Tip: run `pugi onboarding` to configure defaults.\n');
1058
+ }
365
1059
  // Bare `pugi` on a TTY enters the REPL-by-default agentic session
366
1060
  // (Sprint α5.7, ADR-0056). The REPL is the customer-facing surface
367
1061
  // that brings Pugi to parity with Claude Code / Codex CLI. When the
@@ -436,6 +1130,7 @@ function parseArgs(argv) {
436
1130
  offline: false,
437
1131
  noTty: false,
438
1132
  allowFetch: false,
1133
+ allowSearch: false,
439
1134
  noUpdateCheck: false,
440
1135
  noSplash: process.env.PUGI_SKIP_SPLASH === '1',
441
1136
  // Claude triple-review P1 PR #369: default tool-stream pane HIDDEN
@@ -445,13 +1140,50 @@ function parseArgs(argv) {
445
1140
  // "Mira: ..." prose, never "Read(path)" prefix) OR fires falsely on
446
1141
  // accidental `Verb(noun)` shapes producing stuck `running` rows.
447
1142
  // Hide by default; opt-in via `--tool-stream` OR PUGI_TOOL_STREAM=1
448
- // for development/testing. Will flip к default ON when backend
1143
+ // for development/testing. Will flip to default ON when backend
449
1144
  // emits real tool events (filed as α6.13.X follow-up).
450
1145
  noToolStream: process.env.PUGI_TOOL_STREAM === '1' || process.env.PUGI_HIDE_TOOL_STREAM === '1'
451
1146
  ? process.env.PUGI_HIDE_TOOL_STREAM === '1'
452
1147
  : true,
1148
+ noDefaults: process.env.PUGI_INIT_NO_DEFAULTS === '1',
1149
+ decompose: false,
1150
+ // β-headless: --no-tools default OFF so existing flag-free invocations
1151
+ // keep tool advertisement. Flipped only by explicit operator opt-in.
1152
+ noTools: false,
1153
+ // Leak L6 — `pugi permissions <mode> --persist/--confirm`. Default
1154
+ // false so existing invocations stay no-op on the new permission
1155
+ // surface.
1156
+ persist: false,
1157
+ confirm: false,
1158
+ // Leak L22 — `--bare` flag (skip project auto-discovery). Default
1159
+ // honors the env var so a wrapper script that exports PUGI_BARE=1
1160
+ // keeps the bit even when the operator forgets the flag, and the
1161
+ // explicit flag overrides on the way through the loop below.
1162
+ bare: isBareMode(),
1163
+ // Leak L33 — `--ascii-only` for `pugi stickers`. Default off so the
1164
+ // interactive surface keeps its boxed renderer; opt-in via flag
1165
+ // for pipe / script use.
1166
+ asciiOnly: false,
1167
+ // Leak L24 — `--reset` for `pugi release-notes`. Default off so a
1168
+ // bare invocation only surfaces new sections. Opt-in to force the
1169
+ // full bundled changelog к re-render (clears the on-disk marker).
1170
+ reset: false,
1171
+ // Leak L28 — `--refresh` for `pugi repo-map`. Default off so a
1172
+ // bare invocation hits the cache when mtime + size match; opt-in
1173
+ // for a cold rebuild from the source tree.
1174
+ refresh: false,
453
1175
  };
454
1176
  const args = [];
1177
+ // Leak L22: scan for `--bare` BEFORE the early-return short-circuits
1178
+ // below. Operators may pass `pugi --bare --version` or `pugi --bare
1179
+ // --help` and the short-circuit return must still flip the bare bit
1180
+ // so subprocesses + env-consulting modules see the activated state.
1181
+ // The bit is idempotent — re-applied inside the main loop below for
1182
+ // non-short-circuit paths.
1183
+ if (argv.includes('--bare')) {
1184
+ flags.bare = true;
1185
+ setBareMode();
1186
+ }
455
1187
  // Sprint 2E: `pugi --version` / `-v` are universal install-test conventions
456
1188
  // (npm uses --version on every published bin, Homebrew formula uses it in
457
1189
  // the test block). Normalize them to the `version` command so users can
@@ -482,7 +1214,7 @@ function parseArgs(argv) {
482
1214
  else if (arg === '--consensus') {
483
1215
  // α6.7: customer-facing 3-model consensus review. Routes through
484
1216
  // the SSE-based runtime gate rather than the legacy artifact
485
- // writer. The triple flag stays unset так the existing
1217
+ // writer. The triple flag stays unset so the existing
486
1218
  // performRemoteTripleReview path is never accidentally entered.
487
1219
  flags.consensus = true;
488
1220
  }
@@ -495,6 +1227,12 @@ function parseArgs(argv) {
495
1227
  else if (arg === '--allow-fetch') {
496
1228
  flags.allowFetch = true;
497
1229
  }
1230
+ else if (arg === '--allow-search') {
1231
+ // β1b T4 (2026-05-26): unlock the `web_search` tool for one
1232
+ // invocation, mirroring the `--allow-fetch` gate. Distinct flag
1233
+ // because an operator may want to query without fetching pages.
1234
+ flags.allowSearch = true;
1235
+ }
498
1236
  else if (arg === '--no-update-check') {
499
1237
  flags.noUpdateCheck = true;
500
1238
  }
@@ -505,10 +1243,51 @@ function parseArgs(argv) {
505
1243
  flags.noToolStream = true;
506
1244
  }
507
1245
  else if (arg === '--tool-stream') {
508
- // Opt-in для α6.12 dev/testing — backend tool events not live yet,
509
- // pane shows синтесайз heuristic OR empty placeholder
1246
+ // Opt-in for α6.12 dev/testing — backend tool events not live yet,
1247
+ // pane shows synthesized heuristic OR empty placeholder
510
1248
  flags.noToolStream = false;
511
1249
  }
1250
+ else if (arg === '--no-defaults') {
1251
+ // Init-only flag: skip the bundled default-skills install. Parsed
1252
+ // at the global level for consistency with --no-splash / --no-tool-stream.
1253
+ flags.noDefaults = true;
1254
+ }
1255
+ else if (arg === '--ascii-only') {
1256
+ // Leak L33 — `pugi stickers --ascii-only` skips the Ink boxed
1257
+ // renderer. Parsed globally so the dispatcher can pass the flag
1258
+ // through to runStickersCommand without per-command argv slicing.
1259
+ flags.asciiOnly = true;
1260
+ }
1261
+ else if (arg === '--reset') {
1262
+ // Leak L24 — `pugi release-notes --reset` clears the on-disk
1263
+ // `~/.pugi/.last-seen-version` marker so the full bundled
1264
+ // changelog re-renders. Parsed globally for symmetry with the
1265
+ // rest of the flag grammar; `runReleaseNotesCommand` is the
1266
+ // single consumer today.
1267
+ flags.reset = true;
1268
+ }
1269
+ else if (arg === '--refresh') {
1270
+ // Leak L28 — `pugi repo-map --refresh` busts the cache and
1271
+ // rebuilds the AST-light summary from a cold scan. Parsed
1272
+ // globally for symmetry with the rest of the flag grammar;
1273
+ // `runRepoMapCommand` is the single consumer today.
1274
+ flags.refresh = true;
1275
+ }
1276
+ else if (arg === '--format=json' || arg === '--format' && argv[index + 1] === 'json') {
1277
+ // Leak L28 — `pugi repo-map --format=json` is a per-command
1278
+ // synonym for the global `--json` flag. The L28 spec calls
1279
+ // out the `--format=json` shape explicitly so we accept it
1280
+ // verbatim and route through the existing JSON envelope.
1281
+ flags.json = true;
1282
+ if (arg === '--format')
1283
+ index += 1;
1284
+ }
1285
+ else if (arg === '--decompose') {
1286
+ // α6.8 EXTEND PR1: plan-only flag. Other engine commands ignore
1287
+ // it. Parsed globally for symmetry with the rest of the flag
1288
+ // grammar; `runEngineTask('plan')` is the single consumer.
1289
+ flags.decompose = true;
1290
+ }
512
1291
  else if (arg.startsWith('--privacy=')) {
513
1292
  flags.privacy = parsePrivacyMode(arg.slice('--privacy='.length));
514
1293
  }
@@ -519,18 +1298,190 @@ function parseArgs(argv) {
519
1298
  flags.privacy = parsePrivacyMode(next);
520
1299
  index += 1;
521
1300
  }
1301
+ else if (arg === '--print') {
1302
+ // β-headless: top-level `--print <brief>` runs a single
1303
+ // non-interactive engine turn. Consumes the next argv token as
1304
+ // the brief — refusing if it looks like another flag so a
1305
+ // dangling `--print --json` does not silently swallow `--json`.
1306
+ const next = argv[index + 1];
1307
+ if (!next || next.startsWith('--')) {
1308
+ throw new Error('--print requires a brief (e.g. --print "create word_counter.py")');
1309
+ }
1310
+ flags.print = next;
1311
+ index += 1;
1312
+ }
1313
+ else if (arg.startsWith('--print=')) {
1314
+ flags.print = arg.slice('--print='.length);
1315
+ }
1316
+ else if (arg === '--cwd') {
1317
+ const next = argv[index + 1];
1318
+ if (!next || next.startsWith('--'))
1319
+ throw new Error('--cwd requires a path');
1320
+ flags.cwd = next;
1321
+ index += 1;
1322
+ }
1323
+ else if (arg.startsWith('--cwd=')) {
1324
+ flags.cwd = arg.slice('--cwd='.length);
1325
+ }
1326
+ else if (arg === '--workspace') {
1327
+ const next = argv[index + 1];
1328
+ if (!next || next.startsWith('--'))
1329
+ throw new Error('--workspace requires a slug');
1330
+ flags.workspace = next;
1331
+ index += 1;
1332
+ }
1333
+ else if (arg.startsWith('--workspace=')) {
1334
+ flags.workspace = arg.slice('--workspace='.length);
1335
+ }
1336
+ else if (arg === '--session') {
1337
+ const next = argv[index + 1];
1338
+ if (!next || next.startsWith('--'))
1339
+ throw new Error('--session requires an id');
1340
+ flags.sessionId = next;
1341
+ index += 1;
1342
+ }
1343
+ else if (arg.startsWith('--session=')) {
1344
+ flags.sessionId = arg.slice('--session='.length);
1345
+ }
1346
+ else if (arg === '--timeout') {
1347
+ const next = argv[index + 1];
1348
+ if (!next || next.startsWith('--'))
1349
+ throw new Error('--timeout requires seconds');
1350
+ const parsed = Number(next);
1351
+ if (!Number.isFinite(parsed) || parsed <= 0) {
1352
+ throw new Error(`--timeout requires positive seconds, got "${next}"`);
1353
+ }
1354
+ flags.timeoutSeconds = parsed;
1355
+ index += 1;
1356
+ }
1357
+ else if (arg.startsWith('--timeout=')) {
1358
+ const raw = arg.slice('--timeout='.length);
1359
+ const parsed = Number(raw);
1360
+ if (!Number.isFinite(parsed) || parsed <= 0) {
1361
+ throw new Error(`--timeout requires positive seconds, got "${raw}"`);
1362
+ }
1363
+ flags.timeoutSeconds = parsed;
1364
+ }
1365
+ else if (arg === '--no-tools') {
1366
+ flags.noTools = true;
1367
+ }
1368
+ else if (arg === '--max-turns') {
1369
+ const next = argv[index + 1];
1370
+ if (!next || next.startsWith('--'))
1371
+ throw new Error('--max-turns requires an integer');
1372
+ const parsed = Number(next);
1373
+ if (!Number.isInteger(parsed) || parsed <= 0) {
1374
+ throw new Error(`--max-turns requires positive integer, got "${next}"`);
1375
+ }
1376
+ flags.maxTurns = parsed;
1377
+ index += 1;
1378
+ }
1379
+ else if (arg.startsWith('--max-turns=')) {
1380
+ const raw = arg.slice('--max-turns='.length);
1381
+ const parsed = Number(raw);
1382
+ if (!Number.isInteger(parsed) || parsed <= 0) {
1383
+ throw new Error(`--max-turns requires positive integer, got "${raw}"`);
1384
+ }
1385
+ flags.maxTurns = parsed;
1386
+ }
1387
+ else if (arg.startsWith('--commit=')) {
1388
+ // `pugi review --triple --commit <SHA>` activates the multi-
1389
+ // provider routing path against a specific revision.
1390
+ flags.commit = arg.slice('--commit='.length);
1391
+ }
1392
+ else if (arg === '--commit') {
1393
+ const next = argv[index + 1];
1394
+ if (!next)
1395
+ throw new Error('--commit requires a SHA or ref');
1396
+ flags.commit = next;
1397
+ index += 1;
1398
+ }
1399
+ else if (arg.startsWith('--base=')) {
1400
+ flags.base = arg.slice('--base='.length);
1401
+ }
1402
+ else if (arg === '--base') {
1403
+ const next = argv[index + 1];
1404
+ if (!next)
1405
+ throw new Error('--base requires a ref');
1406
+ flags.base = next;
1407
+ index += 1;
1408
+ }
1409
+ else if (arg.startsWith('--mode=')) {
1410
+ // Leak L6: top-level `--mode plan|ask|allow|bypass`. Validation
1411
+ // happens at the consumer side (parsePermissionMode) so the
1412
+ // parser stays string-typed; an invalid value surfaces a clean
1413
+ // error in the dispatcher rather than blowing up here.
1414
+ flags.mode = arg.slice('--mode='.length);
1415
+ }
1416
+ else if (arg === '--mode') {
1417
+ const next = argv[index + 1];
1418
+ if (!next || next.startsWith('--')) {
1419
+ throw new Error('--mode requires plan|ask|allow|bypass');
1420
+ }
1421
+ flags.mode = next;
1422
+ index += 1;
1423
+ }
1424
+ else if (arg === '--persist') {
1425
+ // Leak L6: paired with `pugi permissions <mode>` to also write
1426
+ // the mode to ~/.pugi/config.json::defaultPermissionMode.
1427
+ flags.persist = true;
1428
+ }
1429
+ else if (arg === '--confirm') {
1430
+ // Leak L6: required for `pugi permissions bypass` (bypass
1431
+ // disables policy hooks; the gate refuses the flip without
1432
+ // acknowledgement).
1433
+ flags.confirm = true;
1434
+ }
1435
+ else if (arg === '--bare') {
1436
+ // Leak L22: disable project auto-discovery for this invocation.
1437
+ // Set BOTH the parsed flag and the process env so downstream
1438
+ // modules consulting `isBareMode()` (markdown-traverse callsite,
1439
+ // REPL auto-init gate, doctor probe, subprocess spawns) see a
1440
+ // coherent activated state without re-threading the bit through
1441
+ // every call signature.
1442
+ flags.bare = true;
1443
+ setBareMode();
1444
+ }
522
1445
  else {
523
1446
  args.push(arg);
524
1447
  }
525
1448
  }
526
1449
  const isBareInvocation = args.length === 0;
1450
+ const command = args.shift() ?? 'help';
1451
+ // Sprint α6.X CEO dogfood 2026-05-26 (P0 hot-fix): trailing `--help`
1452
+ // / `-h` on ANY sub-command must route to the help printer rather
1453
+ // than dispatching the real engine. Before this guard `pugi build
1454
+ // --help` burned 86k tokens running the actual build loop because
1455
+ // the dispatcher saw `--help` as an opaque arg and forwarded it
1456
+ // through to the engine. Re-routing here means `pugi <cmd> --help`
1457
+ // becomes `pugi help <cmd>` deterministically across the entire
1458
+ // command tree.
1459
+ //
1460
+ // β1 Tt3 carve-out: commands that ship their OWN `--help` block
1461
+ // (login, init, ...) must keep `--help` in their args so the
1462
+ // command-local printer fires. Without this carve-out
1463
+ // `pugi login --help` produces the global help and the per-variant
1464
+ // reference (`--provider device|token|env`) gets lost. The carve-out
1465
+ // list mirrors handlers whose source carries an
1466
+ // `args.includes('--help')` short-circuit.
1467
+ if ((args.includes('--help') || args.includes('-h')) && !COMMAND_LOCAL_HELP.has(command)) {
1468
+ return { command: 'help', args: [command], flags, isBareInvocation: false };
1469
+ }
527
1470
  return {
528
- command: args.shift() ?? 'help',
1471
+ command,
529
1472
  args,
530
1473
  flags,
531
1474
  isBareInvocation,
532
1475
  };
533
1476
  }
1477
+ /**
1478
+ * β1 Tt3: commands that own their `--help` rendering. The bare-help
1479
+ * redirect leaves their `--help` arg in place so the command-local
1480
+ * printer fires instead of the global summary.
1481
+ */
1482
+ const COMMAND_LOCAL_HELP = new Set([
1483
+ 'login',
1484
+ ]);
534
1485
  async function version(_args, flags, _session) {
535
1486
  const payload = {
536
1487
  name: 'pugi',
@@ -538,7 +1489,345 @@ async function version(_args, flags, _session) {
538
1489
  };
539
1490
  writeOutput(flags, payload, `pugi ${payload.version}`);
540
1491
  }
541
- async function help(_args, flags, _session) {
1492
+ /**
1493
+ * Per-command help bodies (task #100). When the operator types
1494
+ * `pugi <cmd> --help` the dispatcher routes here with `args = [cmd]`.
1495
+ * If we have a focused body for that command, print it instead of the
1496
+ * global summary. Falls back to the global summary so unknown / new
1497
+ * commands still get a useful response.
1498
+ *
1499
+ * Source of truth for each entry: the comment block at the top of the
1500
+ * command's implementation module + any flags the command declares.
1501
+ * Keep entries short — operators want the one-liner of intent + the
1502
+ * 2-5 most useful flags, not a tutorial. The global help still has the
1503
+ * full per-section reference; the per-command body is the "tell me
1504
+ * how to use this NOW" surface.
1505
+ */
1506
+ const COMMAND_HELP_BODIES = {
1507
+ init: [
1508
+ 'pugi init — bootstrap a new Pugi workspace in the current directory.',
1509
+ '',
1510
+ 'Creates .pugi/{PUGI.md, mcp.json, index.json, artifacts/, sessions/} and',
1511
+ 'seeds the 6 default skills. Idempotent — running again only fills gaps.',
1512
+ '',
1513
+ 'Flags:',
1514
+ ' --no-defaults Skip the bundled default-skills install.',
1515
+ '',
1516
+ 'Env:',
1517
+ ' PUGI_INIT_NO_DEFAULTS=1 Same as --no-defaults.',
1518
+ ],
1519
+ explain: [
1520
+ 'pugi explain "<question>" — read-only Q&A about the workspace.',
1521
+ '',
1522
+ 'Calls the engine loop in explain mode (budget: 5 calls / 20k tokens).',
1523
+ 'No file writes; safe to run against unfamiliar code.',
1524
+ '',
1525
+ 'Examples:',
1526
+ ' pugi explain "what does this package.json define?"',
1527
+ ' pugi explain "trace the auth flow in src/auth/"',
1528
+ ],
1529
+ code: [
1530
+ 'pugi code "<brief>" — engineering-mode write loop (30k token budget).',
1531
+ '',
1532
+ 'Writes files in the current workspace. Use --no-tty in CI / pipes.',
1533
+ ],
1534
+ fix: [
1535
+ 'pugi fix "<brief>" — minimal-diff bugfix loop (30k token budget).',
1536
+ '',
1537
+ 'Same as `pugi code` but the prompt biases toward the smallest patch',
1538
+ 'that closes the brief — refuses scope creep / refactor invitations.',
1539
+ ],
1540
+ build: [
1541
+ 'pugi build "<brief>" — feature-build loop (200k token budget).',
1542
+ '',
1543
+ 'Multi-turn engineering with plan-review checkpoints. Pairs with',
1544
+ 'pugi plan --decompose <idea> when the brief is bigger than one PR.',
1545
+ ],
1546
+ plan: [
1547
+ 'pugi plan --decompose <idea> — split an idea into 3-7 components.',
1548
+ '',
1549
+ 'Writes .pugi/plan/<session-id>/splits/NN-<name>/spec.md plus',
1550
+ 'manifest.md with the dependency DAG. Pass each split to `pugi build`.',
1551
+ ],
1552
+ review: [
1553
+ 'pugi review — code review surfaces.',
1554
+ '',
1555
+ ' --triple 3-model consensus via Anvil paid fleet.',
1556
+ ' --triple --commit <SHA> Review a specific commit (vs origin/main).',
1557
+ ' --consensus Customer-facing consensus review (codex + claude + deepseek).',
1558
+ ' Optional: --commit <sha> | --pr <num> | --branch <name>.',
1559
+ '',
1560
+ 'Exit codes: 0 PASS · 1 WARN · 2 BLOCK · 5 auth_missing · 7 rate_limited.',
1561
+ ],
1562
+ privacy: [
1563
+ 'pugi privacy — privacy-mode operations.',
1564
+ '',
1565
+ ' show Display effective mode + source.',
1566
+ ' set <mode> Local-only legacy values (local-only|metadata|full).',
1567
+ '',
1568
+ 'For tenant-scoped server-side modes (strict|balanced|permissive), use:',
1569
+ ' pugi config get privacy',
1570
+ ' pugi config set privacy=<mode>',
1571
+ ],
1572
+ share: [
1573
+ 'pugi share — export the current session transcript (leak L20).',
1574
+ '',
1575
+ 'Reads .pugi/events.jsonl, formats it as Markdown, and uploads to',
1576
+ 'either a GitHub Gist (`gh`-backed, default when `gh` is available)',
1577
+ 'or pugi.io (--pugi). Always prompts before upload unless --yes is',
1578
+ 'set. Refuses upload entirely if the transcript carries an active',
1579
+ '`Bearer ` credential — re-run with --redact to scrub it first.',
1580
+ '',
1581
+ 'Flags:',
1582
+ ' --gist Force gist target; refuses if gh CLI is absent.',
1583
+ ' --pugi Force pugi.io target (requires `pugi login`).',
1584
+ ' --redact Run PII scrubber before upload.',
1585
+ ' --preview Print the transcript to stdout WITHOUT upload.',
1586
+ ' --yes, -y Skip the y/n confirmation prompt.',
1587
+ ' --json Emit a structured JSON envelope only.',
1588
+ '',
1589
+ 'Examples:',
1590
+ ' pugi share Auto-pick + confirm.',
1591
+ ' pugi share --preview --redact See what would be shared.',
1592
+ ' pugi share --gist --redact --yes Scripted secret-gist upload.',
1593
+ ],
1594
+ cost: [
1595
+ 'pugi cost — token + USD breakdown for the current Pugi session.',
1596
+ '',
1597
+ 'Reads .pugi/cost.json (persisted via the in-REPL CostTracker) and',
1598
+ 'prints a per-model table plus dollar estimate. Alias: pugi usage.',
1599
+ '',
1600
+ 'Flags:',
1601
+ ' --all-sessions 30-day rolling aggregate across all sessions.',
1602
+ ' --window=<days> Override the aggregate window (max 365).',
1603
+ ' --reset --yes Clear the current-session counter. History',
1604
+ ' is preserved. Requires --yes to confirm.',
1605
+ ' --json Emit a structured JSON envelope only.',
1606
+ '',
1607
+ 'Examples:',
1608
+ ' pugi cost Current session totals.',
1609
+ ' pugi cost --all-sessions Past 30 days aggregated.',
1610
+ ' pugi cost --all-sessions --window=7',
1611
+ ' pugi cost --reset --yes Wipe the session counter.',
1612
+ ' pugi usage Alias for pugi cost.',
1613
+ ],
1614
+ config: [
1615
+ 'pugi config — read / write CLI + tenant configuration.',
1616
+ '',
1617
+ ' get <key> Local config value.',
1618
+ ' get privacy Tenant privacy snapshot (admin-api).',
1619
+ ' get routing Effective routing table.',
1620
+ ' set <key>=<value> Local config write.',
1621
+ ' set privacy=<mode> Flip tenant privacy (strict|balanced|permissive).',
1622
+ ' set routing.<tag>.<budget>=<model> Override one routing lane.',
1623
+ ' unset routing.<tag>.<budget> Revert a routing override.',
1624
+ ' mcp trust|deny|list <name> MCP server trust + visibility.',
1625
+ ],
1626
+ sync: [
1627
+ 'pugi sync — explicit-continuation handoff bundle upload.',
1628
+ '',
1629
+ ' --dry-run Print the bundle plan without uploading.',
1630
+ ' --privacy <mode> Override per-bundle privacy posture.',
1631
+ ],
1632
+ whoami: [
1633
+ 'pugi whoami — show the active credential + JWT principal + plan tier.',
1634
+ '',
1635
+ 'Reads from ~/.pugi/credentials.json. No network call unless --remote.',
1636
+ ],
1637
+ login: [
1638
+ 'pugi login — authenticate against an api.pugi.io endpoint.',
1639
+ '',
1640
+ 'Interactive picker by default (browser OAuth / PAT / env). Non-interactive:',
1641
+ ' --provider device Device-flow OAuth.',
1642
+ ' --provider token --token <jwt> Pass a JWT directly.',
1643
+ ' --provider env Read PUGI_API_KEY (or --key) + verify via /api/pugi/health.',
1644
+ ' --provider env --key <value> --skip-validate Explicit key, no probe (CI bootstrap).',
1645
+ ],
1646
+ accounts: [
1647
+ 'pugi accounts — manage stored credentials across endpoints.',
1648
+ '',
1649
+ ' list Every account + its endpoint + active flag.',
1650
+ ' switch <label> Re-point the active account.',
1651
+ ' remove <label> Delete a stored credential.',
1652
+ ],
1653
+ jobs: [
1654
+ 'pugi jobs — list, tail, or kill background dispatch jobs.',
1655
+ '',
1656
+ ' list All jobs in the registry.',
1657
+ ' tail <id> Stream output from one job.',
1658
+ ' kill <id> Cancel a running job.',
1659
+ ],
1660
+ delegate: [
1661
+ 'pugi delegate <slug> "<brief>" — dispatch a brief to one specialist persona.',
1662
+ '',
1663
+ 'Slugs (Tier 1 alpha 7.5): dev qa pm devops researcher analyst designer',
1664
+ 'frontend architect. `pugi roster` lists the live set.',
1665
+ ],
1666
+ chain: [
1667
+ 'pugi chain — Wave 6 artifact chain (PRD → ADR → mindmap → ER → sequence → tests → code).',
1668
+ '',
1669
+ ' new "<intent>" Start a new chain from a one-sentence intent.',
1670
+ ' status [<chain-id>] Show current cursor + per-step table.',
1671
+ ' next [<chain-id>] Approve the last step and dispatch the next.',
1672
+ ' show <step> [<chain-id>] Render one artifact (prd/adr/mindmap/er/sequence/tests/code).',
1673
+ ' export [<chain-id>] [--json] Bundle every artifact as markdown / JSON.',
1674
+ ' list Every chain in this workspace.',
1675
+ ],
1676
+ dispatch: [
1677
+ 'pugi dispatch <sub> — inspect + GC fork-subagent prompt-cache inherit refs.',
1678
+ '',
1679
+ ' list-cache-refs Table of every active ref under .pugi/cache-refs/.',
1680
+ ' clear-cache-refs [--older-than 1h] Evict refs older than the window (default 24h).',
1681
+ '',
1682
+ 'Leak L10 (2026-05-27): when Mira spawns a child via the `agent` tool,',
1683
+ 'a prompt-cache handle is persisted so the child loop can request',
1684
+ 'parent-context reuse on the wire. These commands surface + clean up',
1685
+ 'the persisted refs.',
1686
+ ],
1687
+ roster: [
1688
+ 'pugi roster — list the live Tier 1 personas + roles.',
1689
+ ],
1690
+ doctor: [
1691
+ 'pugi doctor — diagnose CLI + workspace + adapter capabilities.',
1692
+ '',
1693
+ 'Prints CLI version, Node version, workspace state (.pugi presence,',
1694
+ 'event log, settings), permission mode, and the capability matrix per',
1695
+ 'engine adapter. Safe to run anywhere; no network calls.',
1696
+ ],
1697
+ 'prd-check': [
1698
+ 'pugi prd-check <prd-path> | --all — Wave 6 verified-deliverable gate.',
1699
+ '',
1700
+ 'Reads a markdown PRD, parses the acceptance-criteria section, and',
1701
+ 'runs verifiers against committed artifacts:',
1702
+ ' file:<path> fs.existsSync',
1703
+ ' test:<spec> spec file exists + has ≥1 test()/it() block',
1704
+ ' doc:<path> doc exists + has > 100 chars',
1705
+ ' command:<name> CLI registry contains the command',
1706
+ ' route:METHOD /p best-effort grep of controllers',
1707
+ '',
1708
+ ' --all Scan docs/prd/**.md instead of one file.',
1709
+ ' --json Emit a structured envelope to stdout.',
1710
+ '',
1711
+ 'Exit codes: 0 healthy · 1 failing · 2 unparsed / arg error.',
1712
+ ],
1713
+ status: [
1714
+ 'pugi status — concise session snapshot.',
1715
+ '',
1716
+ 'Different from `pugi doctor` (environment health). Status answers',
1717
+ '"what is this Pugi session doing right now?" — session id + age,',
1718
+ 'cwd, permission mode, CLI version, token usage, active + completed',
1719
+ 'dispatches, last command, compact boundary count, auth identity.',
1720
+ '',
1721
+ ' --json Emit a structured envelope to stdout.',
1722
+ '',
1723
+ 'Live REPL state (tokens, last command) is only available via the',
1724
+ 'in-REPL `/status` slash; the shell path degrades those fields к',
1725
+ '"n/a" and exits 0.',
1726
+ ],
1727
+ report: [
1728
+ 'pugi report — capture a bug report from the most-recent session.',
1729
+ '',
1730
+ ' --from-error Bundle the most-recent failed session as a',
1731
+ ' redacted local report (default + only mode in v1).',
1732
+ '',
1733
+ 'Output: writes .pugi/reports/<timestamp>-<session-id>/{report.json, report.md}.',
1734
+ 'Secrets (bearer tokens, JWTs, named env values) are stripped before disk write.',
1735
+ 'Auto-upload to api.pugi.io planned for a follow-up; v1 keeps everything local.',
1736
+ ],
1737
+ ask: [
1738
+ 'pugi ask "<question>" — surface a yes/no question modal locally.',
1739
+ '',
1740
+ 'Useful in shell scripts that need a human-confirm before a destructive',
1741
+ 'step. Exits 0 on yes, 1 on no, 2 on cancel.',
1742
+ ],
1743
+ update: [
1744
+ 'pugi update — channel-aware @pugi/cli update check + install.',
1745
+ '',
1746
+ 'Polls npm registry dist-tags for a newer @pugi/cli on the configured',
1747
+ 'channel (stable / beta / canary). Without flags, prints the install',
1748
+ 'command and exits. With --apply, shells out to `npm install -g …`.',
1749
+ '',
1750
+ ' --check Non-interactive probe + JSON envelope.',
1751
+ ' --channel <name> Switch channel (stable | beta | canary) and probe.',
1752
+ ' Persisted to ~/.pugi/config.json::updateChannel.',
1753
+ ' --apply Shell out to `npm install -g @pugi/cli@<tag>`',
1754
+ ' after a y/n confirmation.',
1755
+ ' --yes, -y Skip the confirmation prompt on --apply.',
1756
+ ' --json Force JSON envelope (auto-on with --check).',
1757
+ '',
1758
+ 'Channel mapping: stable -> npm `latest`, beta -> npm `beta`,',
1759
+ 'canary -> npm `next`. Default channel is `beta` (Pugi currently',
1760
+ 'ships beta releases only).',
1761
+ '',
1762
+ 'Also available as /update from inside the REPL — slash form NEVER',
1763
+ 'spawns npm (would corrupt the running binary); it only prints the',
1764
+ 'install command for the operator к run after exit.',
1765
+ '',
1766
+ 'R2 atomic swap (sprint plan L27) deferred к Phase 2 — npm is the',
1767
+ 'only distribution channel today.',
1768
+ ],
1769
+ stickers: [
1770
+ 'pugi stickers — show a Pugi brand sticker (gimmick).',
1771
+ '',
1772
+ 'Picks one of the curated pug-face ASCII variants at random and footers',
1773
+ 'it with a rotating brand quote. Brand-personality surface — never a gate.',
1774
+ '',
1775
+ ' --json Emit a structured envelope (id · caption · quote).',
1776
+ ' --ascii-only Plain stdout (no box, no dim accents) for scripting.',
1777
+ '',
1778
+ 'Also available as /stickers from inside the REPL.',
1779
+ ],
1780
+ feedback: [
1781
+ 'pugi feedback — file a bug / feature / general comment from the CLI.',
1782
+ '',
1783
+ 'Interactive five-step wizard:',
1784
+ ' 1. category (bug / feature / general / praise)',
1785
+ ' 2. rating (1-5 stars)',
1786
+ ' 3. comment (multi-line, Ctrl-D submits)',
1787
+ ' 4. include redacted last 5 turns? (y/n, default n)',
1788
+ ' 5. confirm submit (y/n, default y)',
1789
+ '',
1790
+ 'On network failure the envelope is appended to',
1791
+ '.pugi/feedback-queue.jsonl and drained on the next online session.',
1792
+ '',
1793
+ 'Also available as /feedback from inside the REPL.',
1794
+ ],
1795
+ 'release-notes': [
1796
+ 'pugi release-notes — show what changed since you last upgraded.',
1797
+ '',
1798
+ 'Reads the bundled CHANGELOG.md, slices to sections strictly newer than',
1799
+ '~/.pugi/.last-seen-version, renders Markdown to stdout, then bumps the',
1800
+ 'last-seen marker to the installed CLI version. Re-running is a no-op',
1801
+ 'until you upgrade again.',
1802
+ '',
1803
+ ' --json Emit a structured envelope (sections + meta).',
1804
+ ' --reset Clear last-seen marker; re-render every section.',
1805
+ '',
1806
+ 'Also available as /release-notes from inside the REPL.',
1807
+ ],
1808
+ deploy: [
1809
+ 'pugi deploy — trigger a vendor deployment from the bound Git source.',
1810
+ '',
1811
+ ' --target vercel <vercelProject> --project <id> Vercel deploy.',
1812
+ ' --target render <renderService> --project <id> Render deploy (Sprint 2 stub).',
1813
+ ' --status <id> Vendor-agnostic status snapshot.',
1814
+ ' --logs <id> [--tail] Build-log tail.',
1815
+ '',
1816
+ 'Optional: --target-env production|preview, --ref <ref>, --integration <id>.',
1817
+ ],
1818
+ };
1819
+ async function help(args, flags, _session) {
1820
+ // 2026-05-27 task #100: per-command help bodies. When dispatcher
1821
+ // routed `pugi <cmd> --help` here it passes `args = [cmd]`; if we
1822
+ // have a focused body, print that. Falls through to the global
1823
+ // summary on unknown / new commands so the dispatcher's redirect
1824
+ // never produces a worse-than-baseline response.
1825
+ const requested = args[0];
1826
+ if (requested && COMMAND_HELP_BODIES[requested]) {
1827
+ const body = COMMAND_HELP_BODIES[requested];
1828
+ writeOutput(flags, { command: requested, lines: body }, body.join('\n'));
1829
+ return;
1830
+ }
542
1831
  const commands = Object.keys(handlers).sort();
543
1832
  writeOutput(flags, { commands }, [
544
1833
  'Pugi CLI',
@@ -558,6 +1847,9 @@ async function help(_args, flags, _session) {
558
1847
  '',
559
1848
  'Review gate:',
560
1849
  ' pugi review --triple Prepare the Anvil-backed triple-review gate.',
1850
+ ' pugi review --triple --commit <SHA>',
1851
+ ' 3-model consensus via Anvil (Anthropic · OpenAI · Google).',
1852
+ ' Optional: --base <ref> | "<prompt>". Quota: 1 slot per call.',
561
1853
  ' pugi review --consensus 3-model consensus review (codex · claude · deepseek).',
562
1854
  ' Optional: --commit <sha> | --pr <num> | --branch <name>.',
563
1855
  ' Exits 0 PASS · 1 WARN · 2 BLOCK.',
@@ -573,6 +1865,17 @@ async function help(_args, flags, _session) {
573
1865
  ' pugi ask "<question>" Surface a yes/no question modal locally.',
574
1866
  ' pugi plan-review <task> Generate + present a plan-review modal.',
575
1867
  '',
1868
+ 'Persona dispatch (α7.5):',
1869
+ ' pugi roster List the live Tier 1 personas + roles.',
1870
+ ' pugi delegate <slug> "<brief>" Dispatch a brief to one specialist.',
1871
+ ' pugi dispatch list-cache-refs Inspect fork-subagent prompt-cache inherit refs.',
1872
+ ' pugi dispatch clear-cache-refs GC stale cache refs (--older-than 1h).',
1873
+ '',
1874
+ 'Plan decomposition (α6.8):',
1875
+ ' pugi plan --decompose <idea> Split a high-level idea into 3-7 components.',
1876
+ ' Writes .pugi/plan/<session-id>/splits/NN-<name>/spec.md',
1877
+ ' plus manifest.md with the dependency DAG.',
1878
+ '',
576
1879
  'Deploy:',
577
1880
  ' pugi deploy --target vercel <vercelProject> --project <id>',
578
1881
  ' Trigger a Vercel deployment from the bound Git source.',
@@ -595,75 +1898,302 @@ async function help(_args, flags, _session) {
595
1898
  ' PUGI_SKIP_SPLASH=1.',
596
1899
  ' --no-tool-stream Hide the live tool stream pane (α6.12).',
597
1900
  ' Pairs with PUGI_HIDE_TOOL_STREAM=1.',
1901
+ ' --no-defaults Skip bundled default-skills install on',
1902
+ ' `pugi init`. Pairs with PUGI_INIT_NO_DEFAULTS=1.',
1903
+ ' --bare Disable project auto-discovery — no PUGI.md /',
1904
+ ' AGENTS.md / CLAUDE.md / GEMINI.md walk-up, no',
1905
+ ' auto-init of .pugi/, no persona auto-load.',
1906
+ ' Pairs with PUGI_BARE=1.',
598
1907
  '',
599
1908
  PUGI_TAGLINE,
600
1909
  'Execution defaults to local. Use --remote or --web to create a handoff bundle.',
601
1910
  ].join('\n'));
602
1911
  }
1912
+ /**
1913
+ * `pugi doctor` — Leak L17 (2026-05-27). Delegates to the diagnostics
1914
+ * probe runner in `runtime/commands/doctor.ts`. The handler stays
1915
+ * thin so the probe surface stays single-sourced between the CLI
1916
+ * shell command, the `pnpm run doctor --json` package script, and
1917
+ * the in-REPL `/doctor` slash command.
1918
+ *
1919
+ * Exit codes are set by `runDoctorCommand` (0 = healthy/warnings,
1920
+ * 2 = at least one error probe). The pre-L17 minimal doctor surface
1921
+ * (adapter capabilities + schema bundle hash) is preserved under
1922
+ * `payload.meta.legacy` so any operator scripts that grep the JSON
1923
+ * keep working through the transition; the field is marked for
1924
+ * removal in a follow-up sprint once the new shape is the
1925
+ * documented contract.
1926
+ */
603
1927
  async function doctor(_args, flags, _session) {
604
- const cwd = process.cwd();
605
- const settings = loadSettings(cwd);
606
- // `doctor` reports adapter capabilities only; we pass a no-op client
607
- // so we do not require an Anvil endpoint to run `pugi doctor`. The
608
- // adapter never invokes `client.send()` from inside `capabilities()`.
609
- const inertClient = {
610
- async send() {
611
- return {
612
- stop: 'error',
613
- code: 'failed',
614
- message: 'doctor: inert client',
615
- };
1928
+ await runDoctorCommand({
1929
+ cwd: process.cwd(),
1930
+ home: defaultDoctorHome(),
1931
+ env: process.env,
1932
+ json: flags.json,
1933
+ writeOutput: (payload, text) => writeOutput(flags, payload, text),
1934
+ });
1935
+ }
1936
+ /**
1937
+ * `pugi prd-check` — Wave 6 verified-deliverable gate (2026-05-27).
1938
+ *
1939
+ * Reads `docs/prd/<feature>.md` (or any explicit path), parses the
1940
+ * acceptance-criteria section, and runs file / test / doc / command
1941
+ * / route verifiers per criterion. Same handler powers the in-REPL
1942
+ * `/prd-check` slash via session.ts so the verdict is identical
1943
+ * between surfaces.
1944
+ *
1945
+ * The `knownCommands` set is sourced from the same `handlers` map
1946
+ * used by the CLI dispatcher (one source of truth), so a PRD that
1947
+ * mentions `pugi <name>` resolves against the EXACT registry the
1948
+ * shell exposes.
1949
+ *
1950
+ * Exit codes (from reporter.exitCodeFor):
1951
+ * 0 — healthy (every criterion PASS or SKIPPED)
1952
+ * 1 — failing (≥1 FAIL)
1953
+ * 2 — unparsed (PRD has no acceptance section) OR arg error
1954
+ */
1955
+ async function dispatchPrdCheck(args, flags, _session) {
1956
+ const parsed = parsePrdCheckArgs(args, { jsonDefault: flags.json });
1957
+ if (!parsed.ok) {
1958
+ writeOutput(flags, { ok: false, error: parsed.error }, parsed.error);
1959
+ process.exitCode = 2;
1960
+ return;
1961
+ }
1962
+ await runPrdCheckCommand({
1963
+ cwd: process.cwd(),
1964
+ ...(parsed.prdPath !== undefined ? { prdPath: parsed.prdPath } : {}),
1965
+ flags: parsed.flags,
1966
+ knownCommands: knownCommandNames(),
1967
+ writeOutput: (payload, text) => writeOutput(flags, payload, text),
1968
+ });
1969
+ }
1970
+ /**
1971
+ * Snapshot the set of registered CLI command names — used by the
1972
+ * prd-check `command:` verifier so PRD mentions of `pugi <name>`
1973
+ * resolve against the exact same registry the shell exposes.
1974
+ */
1975
+ function knownCommandNames() {
1976
+ return new Set(Object.keys(handlers));
1977
+ }
1978
+ /**
1979
+ * `pugi update` — Leak L27 (2026-05-27). Channel-aware npm registry
1980
+ * probe + optional shell-out to `npm install -g @pugi/cli@<tag>`.
1981
+ *
1982
+ * Argument grammar:
1983
+ * pugi update -> probe + offer install command
1984
+ * pugi update --check -> probe + JSON envelope (scripted)
1985
+ * pugi update --channel <name> -> persist channel + probe
1986
+ * pugi update --apply [--yes] -> probe + shell out to npm
1987
+ * pugi update --json -> JSON envelope (any subcommand)
1988
+ *
1989
+ * The handler delegates to `runUpdateCommand` in
1990
+ * `runtime/commands/update.ts` so the in-REPL `/update` slash + the
1991
+ * top-level shell command share one channel-resolution + persistence
1992
+ * + probe surface. Exit codes:
1993
+ *
1994
+ * 0 — happy path (no update OR update completed OR probe-only)
1995
+ * 1 — install / probe failure with structured error
1996
+ * 2 — argument error (unknown flag, unknown channel)
1997
+ */
1998
+ async function dispatchUpdate(args, flags, _session) {
1999
+ const { parseUpdateArgs, runUpdateCommand, defaultSpawnInstaller } = await import('./commands/update.js');
2000
+ const parsed = parseUpdateArgs(args, { jsonDefault: flags.json });
2001
+ if ('error' in parsed) {
2002
+ writeOutput(flags, { ok: false, error: parsed.error }, parsed.error);
2003
+ process.exitCode = 2;
2004
+ return;
2005
+ }
2006
+ const envelope = await runUpdateCommand({
2007
+ cwd: process.cwd(),
2008
+ home: homedir(),
2009
+ env: process.env,
2010
+ flags: parsed,
2011
+ promptConfirm: async (question) => {
2012
+ const answer = await readSingleChoice(`${question} `);
2013
+ return /^y(es)?$/i.test(answer.trim());
616
2014
  },
617
- };
618
- const adapters = [
619
- new NoopEngineAdapter(),
620
- new NativePugiEngineAdapter({ client: inertClient }),
621
- ];
622
- const capabilities = await Promise.all(adapters.map(async (adapter) => ({
623
- name: adapter.name,
624
- capabilities: await adapter.capabilities(),
625
- })));
626
- const payload = {
2015
+ writeOutput: (payload, text) => writeOutput(flags, payload, text),
2016
+ spawnInstaller: defaultSpawnInstaller,
2017
+ });
2018
+ if (!envelope.ok) {
2019
+ // `apply_cancelled_by_operator` is a benign decline; we still
2020
+ // surface a non-zero exit so scripted callers can detect that the
2021
+ // operator did not green-light the install.
2022
+ process.exitCode = 1;
2023
+ }
2024
+ }
2025
+ /**
2026
+ * `pugi status` — Leak L34 (2026-05-27). Concise session-state probe
2027
+ * mirroring Claude Code's `/status`. Distinct from `pugi doctor`
2028
+ * (environment health) — `status` answers "what is THIS Pugi
2029
+ * session doing right now?" with session id + age, cwd, permission
2030
+ * mode, CLI version, token usage, dispatch count, last command,
2031
+ * compact boundaries, and auth identity.
2032
+ *
2033
+ * The top-level shell invocation has no live REPL state — fields
2034
+ * that need a live session (`tokens`, `lastCommand`) degrade к the
2035
+ * `n/a` sentinel. The same handler powers the in-REPL `/status`
2036
+ * slash, which passes live state through `StatusCommandContext`.
2037
+ *
2038
+ * Always exits 0 — the command is informational, never a gate.
2039
+ */
2040
+ async function status(_args, flags, _session) {
2041
+ await runStatusCommand({
2042
+ cwd: process.cwd(),
2043
+ home: defaultStatusHome(),
2044
+ env: process.env,
2045
+ json: flags.json,
2046
+ writeOutput: (payload, text) => writeOutput(flags, payload, text),
2047
+ });
2048
+ }
2049
+ /**
2050
+ * `pugi stickers` — Leak L33 (2026-05-27). Brand-personality gimmick
2051
+ * mirroring Claude Code's `/stickers` easter egg. Picks one curated
2052
+ * pug-face ASCII variant at random + footers it with a rotating quote
2053
+ * from the Pugi brand corpus. Always exits 0 — never a gate.
2054
+ *
2055
+ * The handler stays thin: corpus + picker + pure renderers live in
2056
+ * `tui/stickers-art.tsx`; this wrapper just hands the resolved result
2057
+ * к the shared `writeOutput` helper so `--json` keeps producing a
2058
+ * structured envelope (id + caption + quote + meta) for scripted
2059
+ * callers. The `--ascii-only` flag drops the box decoration in the
2060
+ * non-JSON path so pipes (`pugi stickers --ascii-only | lolcat`) get
2061
+ * clean plain-text frames.
2062
+ *
2063
+ * The same handler powers the in-REPL `/stickers` slash, which routes
2064
+ * the text through the conversation system pane line-buffer.
2065
+ */
2066
+ async function stickers(_args, flags, _session) {
2067
+ runStickersCommand({
2068
+ json: flags.json,
2069
+ asciiOnly: flags.asciiOnly,
2070
+ writeOutput: (payload, text) => writeOutput(flags, payload, text),
2071
+ });
2072
+ }
2073
+ /**
2074
+ * `pugi repo-map` — Leak L28 (2026-05-27). Builds + caches the AST-
2075
+ * light symbol summary of the workspace. The handler is intentionally
2076
+ * thin: argv tail tokens are honoured for `--refresh` symmetry (the
2077
+ * global parser already sets `flags.refresh`, but accepting the flag
2078
+ * positionally lets `pugi repo-map refresh` work too — both forms
2079
+ * land в the same path). Exit code is always 0 (informational).
2080
+ *
2081
+ * The same builder is invoked lazily on engine boot when `--bare` is
2082
+ * not set; running the CLI command shows the operator EXACTLY what
2083
+ * the engine would inject into the system prompt.
2084
+ */
2085
+ async function dispatchRepoMap(args, flags, _session) {
2086
+ const refresh = flags.refresh || args.includes('--refresh') || args.includes('refresh');
2087
+ await runRepoMapCommand({
2088
+ cwd: process.cwd(),
2089
+ refresh,
2090
+ json: flags.json,
2091
+ writeOutput: (payload, text) => writeOutput(flags, payload, text),
2092
+ });
2093
+ }
2094
+ /**
2095
+ * `pugi feedback` — Leak L21 (2026-05-27). In-CLI feedback collector.
2096
+ *
2097
+ * Five-step wizard:
2098
+ * 1. category (bug / feature / general / praise)
2099
+ * 2. rating (1-5)
2100
+ * 3. comment (multi-line, Ctrl-D submits)
2101
+ * 4. include redacted session context? (y/n, default n)
2102
+ * 5. confirm submit (y/n, default y)
2103
+ *
2104
+ * POSTs to `<apiUrl>/api/pugi/feedback`. On transient failure (404,
2105
+ * 5xx, network error) the envelope is appended to
2106
+ * `<cwd>/.pugi/feedback-queue.jsonl`. On next online session the
2107
+ * background flusher drains the queue silently.
2108
+ *
2109
+ * Non-TTY callers (CI, pipes) get a one-line "non-interactive — re-run
2110
+ * in a real terminal" stub. The feedback wizard is intentionally
2111
+ * TTY-only — scripting a star-rating + multi-line comment from a
2112
+ * shell pipe would just produce low-signal noise.
2113
+ */
2114
+ async function dispatchFeedback(_args, flags, _session) {
2115
+ if (!isInteractive(flags)) {
2116
+ writeOutput(flags, {
2117
+ ok: false,
2118
+ error: 'pugi feedback requires an interactive terminal. Re-run from a real TTY.',
2119
+ }, 'pugi feedback: non-interactive shell — re-run from a real terminal.');
2120
+ process.exitCode = 2;
2121
+ return;
2122
+ }
2123
+ const { renderFeedbackPrompt } = await import('../tui/feedback-prompt.js');
2124
+ const { runFeedbackCommand, renderFeedbackToast } = await import('./commands/feedback.js');
2125
+ const { submitFeedback } = await import('../core/feedback/submitter.js');
2126
+ const verdict = await renderFeedbackPrompt();
2127
+ if (verdict.cancelled || !verdict.draft) {
2128
+ writeOutput(flags, { ok: true, kind: 'cancelled' }, 'Feedback cancelled. Nothing was sent.');
2129
+ return;
2130
+ }
2131
+ // Best-effort credential resolution. Anonymous submission is allowed
2132
+ // (the server may still accept it for ungated `/api/pugi/feedback`
2133
+ // routes); on no-credential we route the POST through an empty
2134
+ // bearer + the operator gets the 4xx → "rejected" toast if the
2135
+ // server requires auth.
2136
+ const credential = resolveActiveCredential(process.env);
2137
+ const apiUrl = credential?.apiUrl ?? (process.env.PUGI_API_URL || 'https://api.pugi.io');
2138
+ const apiKey = credential?.apiKey ?? '';
2139
+ const result = await runFeedbackCommand({
2140
+ cwd: process.cwd(),
627
2141
  cliVersion: PUGI_CLI_VERSION,
628
- nodeVersion: process.version,
629
- workspaceRoot: cwd,
630
- pugiMode: existsSync(resolve(cwd, 'CLAUDE.md')),
631
- pugiDir: existsSync(resolve(cwd, '.pugi')),
632
- eventLog: existsSync(resolve(cwd, '.pugi/events.jsonl')),
633
- permissionMode: settings.permissions.mode,
634
- approvals: settings.workflow.approvals,
635
- notAutomatic: [...settings.workflow.notAutomatic, ...settings.permissions.notAutomatic],
636
- protectedFileCheck: decidePermission({ tool: 'doctor', kind: 'edit', target: '.env' }, settings, cwd),
637
- protectedFileSafety: 'configured-in-m1',
638
- mcpTrust: 'not-configured',
639
- releaseGuard: 'scaffolded',
640
- tools: toolRegistry,
641
- engineAdapters: capabilities,
642
- schemaBundleHash: createHash('sha256')
643
- .update(toolSchemaBundleHashInput())
644
- .digest('hex'),
645
- };
646
- writeOutput(flags, payload, [
647
- 'Pugi doctor',
648
- `CLI: ${payload.cliVersion}`,
649
- `Node: ${payload.nodeVersion}`,
650
- `Workspace: ${payload.workspaceRoot}`,
651
- `Pugi mode: ${payload.pugiMode ? 'detected' : 'not detected'}`,
652
- `Pugi dir: ${payload.pugiDir ? 'present' : 'missing'}`,
653
- `Event log: ${payload.eventLog ? 'present' : 'missing'}`,
654
- `Permission mode: ${payload.permissionMode}`,
655
- `Approvals: ${payload.approvals}`,
656
- `Release guard: ${payload.releaseGuard}`,
657
- ].join('\n'));
2142
+ submit: async (env) => submitFeedback(env, { apiUrl, apiKey }),
2143
+ draft: verdict.draft,
2144
+ // `pugi feedback` from a fresh shell has no live transcript — the
2145
+ // session-context provider is omitted. The REPL slash variant
2146
+ // wires this in via `runFeedbackSlash` (session.ts).
2147
+ });
2148
+ writeOutput(flags, { ok: true, result }, renderFeedbackToast(result));
658
2149
  }
659
- async function init(_args, flags, _session) {
660
- const cwd = process.cwd();
2150
+ /**
2151
+ * `pugi release-notes` — Leak L24 (2026-05-27). Diff between the
2152
+ * last-seen + installed CLI versions, rendered from the bundled
2153
+ * `apps/pugi-cli/CHANGELOG.md`. Bumps `~/.pugi/.last-seen-version`
2154
+ * to the installed version on every successful render so the next
2155
+ * invocation is a no-op until the operator upgrades again.
2156
+ *
2157
+ * The handler stays thin: parser, slicer, and state I/O all live in
2158
+ * `core/release-notes/`. This wrapper just hands ambient state to
2159
+ * `runReleaseNotesCommand` so `--json` keeps producing the same
2160
+ * envelope from both the top-level shell + the in-REPL `/release-notes`
2161
+ * slash dispatcher.
2162
+ *
2163
+ * Always exits 0 — the command is informational, never a gate. Read
2164
+ * failures, missing CHANGELOG, and write failures all degrade to a
2165
+ * structured envelope with a human-readable footer.
2166
+ */
2167
+ async function releaseNotes(_args, flags, _session) {
2168
+ runReleaseNotesCommand({
2169
+ home: defaultReleaseNotesHome(),
2170
+ json: flags.json,
2171
+ reset: flags.reset,
2172
+ writeOutput: (payload, text) => writeOutput(flags, payload, text),
2173
+ });
2174
+ }
2175
+ /**
2176
+ * Programmatic init scaffolder. Idempotent — every helper call is a
2177
+ * `*_IfMissing` write, so re-running over an existing .pugi/ workspace
2178
+ * adds nothing to `created` and the operator sees the "Already
2179
+ * initialized" copy. Default skills install is best-effort: failure
2180
+ * does not throw, the error is appended to the result via stderr so
2181
+ * the slash dispatcher can surface it in the REPL system pane.
2182
+ *
2183
+ * Callers MUST provide `cwd` explicitly; the function does not read
2184
+ * `process.cwd()` so REPL invocations from an arbitrary workspace
2185
+ * cannot accidentally scaffold the binary's install directory.
2186
+ */
2187
+ export async function scaffoldPugiWorkspace(input) {
2188
+ const cwd = input.cwd;
2189
+ const log = input.log ?? ((line) => process.stderr.write(line));
661
2190
  const pugiDir = resolve(cwd, '.pugi');
662
2191
  const created = [];
663
2192
  const skipped = [];
664
2193
  ensureDir(pugiDir, created, skipped);
665
2194
  ensureDir(resolve(pugiDir, 'artifacts'), created, skipped);
666
2195
  ensureDir(resolve(pugiDir, 'sessions'), created, skipped);
2196
+ ensureDir(resolve(pugiDir, 'skills'), created, skipped);
667
2197
  writeJsonIfMissing(resolve(pugiDir, 'settings.json'), {
668
2198
  schema: 1,
669
2199
  workflow: {
@@ -685,6 +2215,9 @@ async function init(_args, flags, _session) {
685
2215
  mode: 'balanced',
686
2216
  telemetry: 'off',
687
2217
  },
2218
+ ui: {
2219
+ cyberZoo: 'on',
2220
+ },
688
2221
  artifacts: {
689
2222
  defaultPath: '.pugi/artifacts',
690
2223
  promoteExplicitly: true,
@@ -692,7 +2225,19 @@ async function init(_args, flags, _session) {
692
2225
  }, created, skipped);
693
2226
  writeJsonIfMissing(resolve(pugiDir, 'mcp.json'), {
694
2227
  schema: 1,
695
- servers: [],
2228
+ // 2026-05-27 dogfood: `servers` MUST be an object keyed by server
2229
+ // name (z.record(mcpServerConfigSchema) in
2230
+ // apps/pugi-cli/src/core/mcp/registry.ts:51). A bare `[]` array
2231
+ // here passed schema validation на pugi init exit но crashed
2232
+ // the next dispatch with
2233
+ // "MCP config at .pugi/mcp.json failed validation:
2234
+ // servers: Expected object, received array"
2235
+ // and the operator's first command after `pugi init` printed an
2236
+ // error banner before the actual reply. Empty object matches the
2237
+ // schema default and keeps the file forwards-compatible with
2238
+ // `pugi mcp install <name> ...` which merges into the same
2239
+ // record shape.
2240
+ servers: {},
696
2241
  }, created, skipped);
697
2242
  writeJsonIfMissing(resolve(pugiDir, 'index.json'), emptyIndex(), created, skipped);
698
2243
  writeTextIfMissing(resolve(pugiDir, 'PUGI.md'), [
@@ -733,17 +2278,67 @@ async function init(_args, flags, _session) {
733
2278
  // Ensure `.pugi/` is git-ignored so users do not accidentally commit
734
2279
  // local audit logs, artifacts, or triple-review request payloads.
735
2280
  ensurePugiGitIgnore(cwd, created, skipped);
736
- const payload = {
2281
+ // Bundled default skills (brand-voice, endpoint-probe, readme-sync).
2282
+ // Skipped when --no-defaults is passed OR when PUGI_INIT_NO_DEFAULTS=1.
2283
+ // Idempotent: a skill whose target directory already exists is left
2284
+ // alone so re-running `pugi init` after the operator customised one of
2285
+ // the defaults does not clobber their edits.
2286
+ let defaultSkills = [];
2287
+ if (!input.noDefaults) {
2288
+ try {
2289
+ defaultSkills = await installDefaultSkills({
2290
+ workspaceRoot: cwd,
2291
+ log,
2292
+ });
2293
+ }
2294
+ catch (error) {
2295
+ // Default-skills install is a convenience layer. A failure here
2296
+ // (bad sha256 hashing, permission error on .pugi/skills/) must not
2297
+ // leave `pugi init` in a half-state where settings.json exists but
2298
+ // the operator sees an unexplained crash. Log the error to stderr
2299
+ // and continue — the operator can still install skills manually.
2300
+ const message = error instanceof Error ? error.message : String(error);
2301
+ log(`[pugi init] default-skills install failed: ${message}\n`);
2302
+ }
2303
+ }
2304
+ return {
737
2305
  status: 'initialized',
738
2306
  root: cwd,
739
2307
  created,
740
2308
  skipped,
2309
+ defaultSkills,
2310
+ alreadyInitialized: created.length === 0,
741
2311
  };
742
- writeOutput(flags, payload, [
2312
+ }
2313
+ /**
2314
+ * Standalone `pugi init` CLI entry. Thin wrapper around
2315
+ * `scaffoldPugiWorkspace` that handles flag plumbing + writeOutput
2316
+ * formatting. β1a r1: extracted from the previous inline init so the
2317
+ * REPL's `/init` slash can call `scaffoldPugiWorkspace` directly.
2318
+ */
2319
+ async function init(_args, flags, _session) {
2320
+ const result = await scaffoldPugiWorkspace({
2321
+ cwd: process.cwd(),
2322
+ noDefaults: flags.noDefaults,
2323
+ });
2324
+ const defaultSkillLines = flags.noDefaults
2325
+ ? ['Default skills: skipped (--no-defaults)']
2326
+ : result.defaultSkills.length === 0
2327
+ ? ['Default skills: none installed']
2328
+ : [
2329
+ 'Default skills:',
2330
+ ...result.defaultSkills.map((entry) => ` ${entry.name.padEnd(18)} ${entry.status}`),
2331
+ ];
2332
+ writeOutput(flags, result, [
743
2333
  'Pugi initialized',
744
- `Root: ${cwd}`,
745
- created.length ? `Created:\n${created.map((path) => ` ${path}`).join('\n')}` : 'Created: none',
746
- skipped.length ? `Already present:\n${skipped.map((path) => ` ${path}`).join('\n')}` : 'Already present: none',
2334
+ `Root: ${result.root}`,
2335
+ result.created.length
2336
+ ? `Created:\n${result.created.map((path) => ` ${path}`).join('\n')}`
2337
+ : 'Created: none',
2338
+ result.skipped.length
2339
+ ? `Already present:\n${result.skipped.map((path) => ` ${path}`).join('\n')}`
2340
+ : 'Already present: none',
2341
+ ...defaultSkillLines,
747
2342
  ].join('\n'));
748
2343
  }
749
2344
  async function idea(args, flags, session) {
@@ -1064,10 +2659,20 @@ async function review(args, flags, session) {
1064
2659
  // streaming UX and rubric-driven exit codes don't disturb the existing
1065
2660
  // pugi-cli surfaces that depend on the old shape.
1066
2661
  if (flags.consensus) {
2662
+ // 2026-05-27 (Codex r0 P1 on PR #489): pass the globally-parsed
2663
+ // --commit / --base flags to consensus so `pugi review --consensus
2664
+ // --commit X` reviews the requested SHA instead of silently falling
2665
+ // back to the working-tree diff. parseConsensusArgs gives the inline
2666
+ // args (`--commit Y` after the command name) precedence; the
2667
+ // fallback only fires when `args` does not carry the token.
1067
2668
  const exitCode = await runReviewConsensus(args, {
1068
2669
  cwd: root,
1069
2670
  config: resolveRuntimeConfig(),
1070
2671
  json: flags.json,
2672
+ flagsFallback: {
2673
+ ...(flags.commit ? { commit: flags.commit } : {}),
2674
+ ...(flags.base ? { base: flags.base } : {}),
2675
+ },
1071
2676
  emit: (line) => {
1072
2677
  if (!flags.json)
1073
2678
  process.stdout.write(line);
@@ -1079,6 +2684,15 @@ async function review(args, flags, session) {
1079
2684
  process.exitCode = exitCode;
1080
2685
  return;
1081
2686
  }
2687
+ if (flags.triple && flags.commit) {
2688
+ // CEO directive 2026-05-27: `pugi review --triple --commit <SHA>`
2689
+ // dispatches to the customer-facing 3-model consensus path through
2690
+ // Anvil's already-paid Anthropic / OpenAI / Google routes. Replaces
2691
+ // the dev-only Codex/Claude/Gemini OAuth CLIs the `/triple-review`
2692
+ // skill uses.
2693
+ await performTripleProviderReview(root, session, flags, prompt);
2694
+ return;
2695
+ }
1082
2696
  if (flags.triple && flags.remote) {
1083
2697
  await performRemoteTripleReview(root, session, flags, prompt);
1084
2698
  return;
@@ -1516,6 +3130,307 @@ async function performRemoteTripleReview(root, session, flags, prompt) {
1516
3130
  .join('\n'));
1517
3131
  process.exitCode = outcome.exitCode;
1518
3132
  }
3133
+ /**
3134
+ * `pugi review --triple --commit <SHA>` — customer-facing 3-model
3135
+ * consensus review via Anvil multi-provider routing.
3136
+ *
3137
+ * Dispatches the same diff to Anthropic / OpenAI / Google models
3138
+ * (routed through Anvil's already-paid fleet, NOT OAuth-bound dev
3139
+ * CLIs) and renders the per-reviewer verdict + cross-model
3140
+ * disagreement summary at the end. Quota: one `reviewPerMonth` slot
3141
+ * per call regardless of provider count — the controller-level
3142
+ * `@QuotaGated('reviewPerMonth')` decorator enforces single-slot
3143
+ * debit (see apps/admin-api/src/pugi/pugi.controller.ts).
3144
+ *
3145
+ * CEO directive 2026-05-27: replaces the dev-only `/triple-review`
3146
+ * skill's Codex/Claude/Gemini OAuth dependency with a customer-
3147
+ * runnable Pugi product surface. Dogfood loop: Pugi reviews Pugi PRs.
3148
+ */
3149
+ async function performTripleProviderReview(root, session, flags, prompt) {
3150
+ const config = resolveRuntimeConfig();
3151
+ const artifactDir = createArtifactDir(root, prompt || 'triple-providers');
3152
+ const requestPath = resolve(artifactDir, 'triple-review-request.json');
3153
+ const resultPath = resolve(artifactDir, 'triple-review-result.json');
3154
+ const summaryPath = resolve(artifactDir, 'triple-review.md');
3155
+ const toolCallId = recordToolCall(session, 'review:triple-providers', prompt || `review ${flags.commit ?? 'HEAD'} via providers`);
3156
+ // Resolve base ref. CLI flag wins over settings → so an operator
3157
+ // can target a specific integration branch without editing settings.
3158
+ const settings = loadSettings(root);
3159
+ const baseRef = flags.base ?? resolveBaseRef(root, settings) ?? 'origin/main';
3160
+ // Normalise both the commit and the base to short SHAs so the audit
3161
+ // log stores a stable reference even if branches move.
3162
+ const commitRef = flags.commit ?? 'HEAD';
3163
+ // 2026-05-27 (Codex r0 P2 on PR #489): safeGit returns '' on a bad ref
3164
+ // (it swallows the git exit code so callers don't have to wrap every
3165
+ // probe). Without an explicit refusal, a misspelled --commit or --base
3166
+ // produced an EMPTY diff that the gate then PASSED — operators saw a
3167
+ // green review for changes that were never reviewed. Resolve both refs
3168
+ // through `rev-parse --verify` first; an empty result is a hard error.
3169
+ const verifiedCommit = safeGit(root, ['rev-parse', '--verify', commitRef]).trim();
3170
+ if (!verifiedCommit) {
3171
+ throw new Error(`pugi review --triple: cannot resolve --commit '${commitRef}' — ` +
3172
+ `check the SHA or branch name. ` +
3173
+ `Refusing to submit an empty diff for review.`);
3174
+ }
3175
+ const verifiedBase = safeGit(root, ['rev-parse', '--verify', baseRef]).trim();
3176
+ if (!verifiedBase) {
3177
+ throw new Error(`pugi review --triple: cannot resolve --base '${baseRef}' — ` +
3178
+ `check the ref or set base via 'pugi config set review.base=<ref>'. ` +
3179
+ `Refusing to submit an empty diff for review.`);
3180
+ }
3181
+ const resolvedCommit = safeGit(root, ['rev-parse', '--short', commitRef]).trim() || commitRef;
3182
+ // merge-base is intentionally a PROBE: an empty result is a valid
3183
+ // signal (orphan branch, shallow clone, moved tag) that the dispatch
3184
+ // path handles by falling back к range-notation. Use the legacy
3185
+ // `safeGit` (probe semantics) explicitly rather than the strict
3186
+ // variant.
3187
+ const mergeBase = safeGitProbe(root, ['merge-base', baseRef, commitRef]).trim() || '';
3188
+ // 2026-05-27 (Claude review followup #489): when merge-base returns empty
3189
+ // (orphan branch, shallow clone, moved tag), we MUST NOT pass the
3190
+ // `<range> <commitRef>` two-arg form to `git diff` — that combo is
3191
+ // invalid syntax, git exits 129, `safeGit` swallows the error, and the
3192
+ // diff payload ships empty. An empty diff is then classified as
3193
+ // `'code'` server-side, dispatched to reviewers who emit a trivial
3194
+ // `VERDICT: PASS` over zero lines — a SILENT GREEN REVIEW on a commit
3195
+ // nobody actually examined. Branch on `mergeBase` так что:
3196
+ // - mergeBase present → `git diff <mergeBase> <commitRef> --`
3197
+ // (both endpoints explicit, only-uncommitted-against-base ignored
3198
+ // because commitRef is a SHA, not HEAD).
3199
+ // - mergeBase empty → `git diff <baseRef>..<commitRef> --`
3200
+ // (range form encodes both endpoints; do NOT append commitRef
3201
+ // again or git rejects the args).
3202
+ const diffRange = mergeBase || `${baseRef}..${commitRef}`;
3203
+ const diffArgs = mergeBase
3204
+ ? ['diff', mergeBase, commitRef, '--', '.', ...PROTECTED_DIFF_EXCLUDES]
3205
+ : ['diff', diffRange, '--', '.', ...PROTECTED_DIFF_EXCLUDES];
3206
+ const diffStatArgs = mergeBase
3207
+ ? ['diff', '--shortstat', mergeBase, commitRef, '--', '.', ...PROTECTED_DIFF_EXCLUDES]
3208
+ : ['diff', '--shortstat', diffRange, '--', '.', ...PROTECTED_DIFF_EXCLUDES];
3209
+ // Use the strict variant — a non-empty diffPatch is load-bearing for
3210
+ // the review gate. If git fails for ANY reason (bad ref, ENOBUFS, FS
3211
+ // permission), we'd rather surface a hard error than ship a green
3212
+ // review on nothing. The `--shortstat` companion uses the same
3213
+ // helper so the throw is symmetric.
3214
+ const diffPatch = safeGitRequired(root, diffArgs, 'triple-providers diff');
3215
+ const diffStats = parseDiffStats(safeGitRequired(root, diffStatArgs, 'triple-providers diff --shortstat'));
3216
+ if (diffPatch.trim() === '') {
3217
+ throw new Error(`pugi review --triple: empty diff between '${baseRef}' and '${commitRef}'. ` +
3218
+ `Refusing to dispatch a review for zero changes — check the refs ` +
3219
+ `or commit your changes before running.`);
3220
+ }
3221
+ const requestBody = pugiTripleReviewRequestSchema.parse({
3222
+ schema: 1,
3223
+ workspace: {
3224
+ rootName: root.split('/').at(-1) ?? 'workspace',
3225
+ gitBranch: safeGit(root, ['branch', '--show-current']).trim() || null,
3226
+ gitHead: resolvedCommit || null,
3227
+ baseRef,
3228
+ dirty: Boolean(safeGit(root, ['status', '--short']).trim()),
3229
+ },
3230
+ diffPatch,
3231
+ diffStats,
3232
+ prompt: prompt || undefined,
3233
+ locale: 'en-US',
3234
+ reviewerPersona: 'oes-dev',
3235
+ commit: resolvedCommit,
3236
+ modelProviders: ['claude', 'gpt', 'gemini'],
3237
+ });
3238
+ writeFileSync(requestPath, `${JSON.stringify(requestBody, null, 2)}\n`, {
3239
+ encoding: 'utf8',
3240
+ mode: 0o600,
3241
+ });
3242
+ registerArtifact(root, {
3243
+ id: artifactIdFromDir(artifactDir),
3244
+ kind: 'triple-review',
3245
+ path: relative(root, artifactDir),
3246
+ sessionId: session.id,
3247
+ createdAt: new Date().toISOString(),
3248
+ files: ['triple-review-request.json'],
3249
+ });
3250
+ if (!config) {
3251
+ const reason = 'No active Pugi credentials. Run `pugi login --token <PAT>` or set PUGI_API_KEY for CI use.';
3252
+ recordToolResult(session, toolCallId, 'error', reason);
3253
+ writeFileSync(summaryPath, buildTripleReviewMarkdown({
3254
+ prompt,
3255
+ requestPath: relative(root, requestPath),
3256
+ verdict: null,
3257
+ reason,
3258
+ response: null,
3259
+ }), { encoding: 'utf8', mode: 0o600 });
3260
+ writeOutput(flags, {
3261
+ status: 'auth_missing',
3262
+ request: relative(root, requestPath),
3263
+ summary: relative(root, summaryPath),
3264
+ }, [
3265
+ 'Pugi triple-provider review request prepared but not sent — no active credentials.',
3266
+ `Request: ${relative(root, requestPath)}`,
3267
+ `Run \`pugi login --token <PAT>\` (or export PUGI_API_KEY for CI) then retry \`pugi review --triple --commit ${resolvedCommit}\`.`,
3268
+ ].join('\n'));
3269
+ process.exitCode = 5;
3270
+ return;
3271
+ }
3272
+ const submitResult = await submitTripleReview(config, requestBody);
3273
+ if (submitResult.status !== 'ok') {
3274
+ const outcome = describeSubmitFailure(submitResult);
3275
+ writeFileSync(summaryPath, buildTripleReviewMarkdown({
3276
+ prompt,
3277
+ requestPath: relative(root, requestPath),
3278
+ verdict: null,
3279
+ reason: outcome.message,
3280
+ response: null,
3281
+ }), { encoding: 'utf8', mode: 0o600 });
3282
+ recordToolResult(session, toolCallId, 'error', outcome.message);
3283
+ writeOutput(flags, {
3284
+ status: submitResult.status,
3285
+ code: submitResult.code,
3286
+ message: outcome.message,
3287
+ request: relative(root, requestPath),
3288
+ summary: relative(root, summaryPath),
3289
+ }, [
3290
+ outcome.headline,
3291
+ `Request: ${relative(root, requestPath)}`,
3292
+ `Summary: ${relative(root, summaryPath)}`,
3293
+ outcome.next ? `Next: ${outcome.next}` : '',
3294
+ ]
3295
+ .filter(Boolean)
3296
+ .join('\n'));
3297
+ process.exitCode = outcome.exitCode;
3298
+ return;
3299
+ }
3300
+ const response = submitResult.response;
3301
+ persistTripleReviewResult(resultPath, response);
3302
+ writeFileSync(summaryPath, buildTripleReviewMarkdown({
3303
+ prompt,
3304
+ requestPath: relative(root, requestPath),
3305
+ verdict: response.verdict,
3306
+ reason: response.reason,
3307
+ response,
3308
+ }), { encoding: 'utf8', mode: 0o600 });
3309
+ recordToolResult(session, toolCallId, response.verdict === 'BLOCK' ? 'error' : 'success', `Verdict: ${response.verdict} (${response.reason})`);
3310
+ const verdictReport = renderTripleProviderVerdict({
3311
+ response,
3312
+ commit: resolvedCommit,
3313
+ baseRef,
3314
+ });
3315
+ writeOutput(flags, {
3316
+ status: 'completed',
3317
+ verdict: response.verdict,
3318
+ reason: response.reason,
3319
+ counts: response.counts,
3320
+ reviewerCount: response.reviewerCount,
3321
+ effectiveTier: response.effectiveTier,
3322
+ commit: resolvedCommit,
3323
+ baseRef,
3324
+ reviewers: response.reviewers.map((r) => ({
3325
+ provider: r.provider ?? null,
3326
+ model: r.model,
3327
+ declaredVerdict: r.declaredVerdict,
3328
+ findings: r.findings,
3329
+ latencyMs: r.latencyMs,
3330
+ tokensUsed: r.tokensUsed,
3331
+ error: r.error,
3332
+ })),
3333
+ result: relative(root, resultPath),
3334
+ summary: relative(root, summaryPath),
3335
+ }, verdictReport);
3336
+ if (response.verdict === 'BLOCK') {
3337
+ process.exitCode = 9;
3338
+ }
3339
+ else if (response.verdict === 'WARN') {
3340
+ process.exitCode = 1;
3341
+ }
3342
+ }
3343
+ /**
3344
+ * Pretty-printer for the `pugi review --triple --commit <SHA>` verdict.
3345
+ * Mirrors the `/triple-review` skill's verdict block (per-reviewer
3346
+ * counts table → final GATE line → per-reviewer verbatim → cross-
3347
+ * model disagreement summary → tokens/cost note) so the output is
3348
+ * familiar to operators who already use the dev-only skill.
3349
+ */
3350
+ export function renderTripleProviderVerdict(input) {
3351
+ const { response, commit, baseRef } = input;
3352
+ const divider = '═'.repeat(68);
3353
+ const subDivider = '─'.repeat(68);
3354
+ // Per-reviewer counts table.
3355
+ const reviewerRows = response.reviewers.map((reviewer) => {
3356
+ const c = { P0: 0, P1: 0, P2: 0, P3: 0 };
3357
+ for (const f of reviewer.findings)
3358
+ c[f.severity] += 1;
3359
+ const status = reviewer.error
3360
+ ? 'ERROR'
3361
+ : reviewer.declaredVerdict ?? 'UNKNOWN';
3362
+ const label = reviewer.provider
3363
+ ? reviewer.provider.toUpperCase().padEnd(8)
3364
+ : reviewer.model.slice(0, 8).padEnd(8);
3365
+ return ` ${label} ${pad(c.P0)} ${pad(c.P1)} ${pad(c.P2)} ${pad(c.P3)} ${status}`;
3366
+ });
3367
+ // Cross-model disagreement: list severities flagged by 1 of N but not
3368
+ // the others. Surfaces the "highest-signal moment" per the skill.
3369
+ const disagreements = [];
3370
+ const allFindings = response.reviewers.flatMap((r) => r.findings.map((f) => ({
3371
+ provider: r.provider ?? r.model,
3372
+ severity: f.severity,
3373
+ line: f.line,
3374
+ issue: f.issue,
3375
+ })));
3376
+ const p1Flaggers = new Set(response.reviewers
3377
+ .filter((r) => r.findings.some((f) => f.severity === 'P1'))
3378
+ .map((r) => r.provider ?? r.model));
3379
+ if (p1Flaggers.size === 1) {
3380
+ const sole = [...p1Flaggers][0];
3381
+ disagreements.push(`Only ${sole} flagged a P1 — examine the disagreement, often the highest-signal moment.`);
3382
+ }
3383
+ const p0Flaggers = new Set(response.reviewers
3384
+ .filter((r) => r.findings.some((f) => f.severity === 'P0'))
3385
+ .map((r) => r.provider ?? r.model));
3386
+ if (p0Flaggers.size > 0 && p0Flaggers.size < response.reviewers.length) {
3387
+ disagreements.push(`P0 flagged by ${[...p0Flaggers].join(', ')} but not ${response.reviewers
3388
+ .filter((r) => !p0Flaggers.has(r.provider ?? r.model))
3389
+ .map((r) => r.provider ?? r.model)
3390
+ .join(', ')} — verify the finding before merging.`);
3391
+ }
3392
+ // Tokens / cost summary. Tokens are best-effort (some providers
3393
+ // return null). Cost is a placeholder pending billing wire-up; we
3394
+ // surface the quota note inline so the operator knows it counts as
3395
+ // one slot, not three.
3396
+ const totalTokens = response.reviewers.reduce((sum, r) => sum + (r.tokensUsed ?? 0), 0);
3397
+ // Verbatim reviewer outputs. Each section gets a header so operators
3398
+ // can scroll quickly and copy any individual reviewer's text into
3399
+ // their own notes / triage doc.
3400
+ const reviewerSections = response.reviewers.map((reviewer) => {
3401
+ const label = reviewer.provider
3402
+ ? reviewer.provider.toUpperCase()
3403
+ : reviewer.model;
3404
+ const body = reviewer.error
3405
+ ? `(reviewer errored: ${reviewer.error})`
3406
+ : reviewer.rawContent.trim() || '(empty response)';
3407
+ return [subDivider, `${label} SAYS (${reviewer.model}):`, '', body].join('\n');
3408
+ });
3409
+ return [
3410
+ `PUGI TRIPLE-PROVIDER REVIEW — commit ${commit} vs ${baseRef}`,
3411
+ divider,
3412
+ '',
3413
+ ` P0 P1 P2 P3 Status`,
3414
+ ...reviewerRows,
3415
+ '',
3416
+ `GATE: ${response.verdict}`,
3417
+ `Reason: ${response.reason}`,
3418
+ '',
3419
+ ...reviewerSections,
3420
+ '',
3421
+ subDivider,
3422
+ 'CROSS-MODEL DISAGREEMENT:',
3423
+ disagreements.length === 0
3424
+ ? ' (none — all reviewers agreed within rubric tolerance)'
3425
+ : disagreements.map((d) => ` - ${d}`).join('\n'),
3426
+ '',
3427
+ `Tokens: ~${totalTokens} total across ${response.reviewers.length} reviewers`,
3428
+ 'Quota: charged as 1 review slot (multi-provider counts as a single call).',
3429
+ ].join('\n');
3430
+ }
3431
+ function pad(n) {
3432
+ return String(n).padStart(2, ' ');
3433
+ }
1519
3434
  function describeSubmitFailure(result) {
1520
3435
  switch (result.status) {
1521
3436
  case 'endpoint_missing':
@@ -1642,6 +3557,25 @@ async function handoff(args, flags, session) {
1642
3557
  writeOutput(flags, bundle, ['Pugi handoff bundle created', `Bundle: ${bundle.path}`].join('\n'));
1643
3558
  }
1644
3559
  async function sessions(args, flags, _session) {
3560
+ // L9 (2026-05-27): `pugi sessions undo-rewind [<session-id>]` rolls
3561
+ // back the latest /rewind by appending an inverse marker. Append-only,
3562
+ // reversible. Falls through to the legacy artifact-based handler when
3563
+ // the sub-command is not recognised.
3564
+ if (args[0] === 'undo-rewind') {
3565
+ const result = await runSessionsCommand(args, {
3566
+ workspaceRoot: process.cwd(),
3567
+ writeOutput: (payload, text) => writeOutput(flags, payload, text),
3568
+ });
3569
+ if (result) {
3570
+ if (result.status === 'failed_no_session' || result.status === 'failed_store') {
3571
+ process.exitCode = 1;
3572
+ }
3573
+ else if (result.status === 'noop_no_rewind') {
3574
+ process.exitCode = 2;
3575
+ }
3576
+ return;
3577
+ }
3578
+ }
1645
3579
  // α6.4: `pugi sessions --local` / `--search "query"` route to the
1646
3580
  // local SessionStore. The default surface stays artifact-based for
1647
3581
  // backward compat — operators who relied on the index.json view get
@@ -2075,6 +4009,33 @@ let engineClientFactory = null;
2075
4009
  export function setEngineClientFactory(factory) {
2076
4010
  engineClientFactory = factory;
2077
4011
  }
4012
+ /**
4013
+ * β-headless test seam: surface the module-scoped engine client factory
4014
+ * to sibling runtime modules (`headless.ts`) so the same fixture
4015
+ * injection that `setEngineClientFactory` provides for the
4016
+ * `runEngineTask` path applies to `pugi --print` runs. Production
4017
+ * callers never read this — the factory is `null` and falls through
4018
+ * to the real `AnvilEngineLoopClient`.
4019
+ */
4020
+ export function getEngineClientFactory() {
4021
+ return engineClientFactory;
4022
+ }
4023
+ /**
4024
+ * β-headless test seam: optional stdout/stderr writers injected for
4025
+ * `pugi --print` runs. When set, the headless runner forwards every
4026
+ * NDJSON line / human-readable chunk to these closures instead of the
4027
+ * real `process.stdout.write` / `process.stderr.write`. Needed because
4028
+ * `node:test`'s worker pool hijacks `process.stdout` for a binary IPC
4029
+ * channel — a captureStdio override would race the runner's frames
4030
+ * and surface as `Unexpected token '\x0F'` JSON parse failures in spec
4031
+ * assertions. Production never sets these.
4032
+ */
4033
+ let headlessStdoutWriter = null;
4034
+ let headlessStderrWriter = null;
4035
+ export function setHeadlessWriters(writers) {
4036
+ headlessStdoutWriter = writers.stdout ?? null;
4037
+ headlessStderrWriter = writers.stderr ?? null;
4038
+ }
2078
4039
  function runEngineTask(kind) {
2079
4040
  return async (args, flags, session) => {
2080
4041
  const label = commandLabel(kind);
@@ -2088,6 +4049,26 @@ function runEngineTask(kind) {
2088
4049
  const config = credential
2089
4050
  ? buildRuntimeConfig({ apiUrl: credential.apiUrl, apiKey: credential.apiKey })
2090
4051
  : envConfig;
4052
+ // α6.8 EXTEND PR1 v2: `--decompose` gating runs BEFORE the offline
4053
+ // fallback. Two reasons:
4054
+ // 1. The flag is plan-only — surfacing the rejection for
4055
+ // `pugi build --decompose` before we drop into `offlineBuild`
4056
+ // means the operator gets a deterministic error instead of a
4057
+ // silent no-op stub.
4058
+ // 2. The decompose post-processor depends on the engine's final
4059
+ // text. The offline plan stub does not invoke the engine, so
4060
+ // `pugi plan --decompose --offline` would silently skip the
4061
+ // decomposition step. Refusing the combination up front is the
4062
+ // cheapest way to keep the contract honest.
4063
+ if (flags.decompose && kind !== 'plan') {
4064
+ throw new Error(`--decompose is only valid for \`pugi plan\` (got \`pugi ${label}\`)`);
4065
+ }
4066
+ if (flags.decompose && flags.offline) {
4067
+ throw new Error('--decompose requires the engine — drop --offline (decomposition needs the model to emit a fenced JSON block)');
4068
+ }
4069
+ if (flags.decompose && !config) {
4070
+ throw new Error('--decompose requires the engine — run `pugi login` or set PUGI_API_KEY (decomposition needs the model to emit a fenced JSON block)');
4071
+ }
2091
4072
  // Offline fallback: preserves the local-first invariant. `plan` /
2092
4073
  // `build` / `explain` drop back to their pre-Sprint-2 stub
2093
4074
  // behaviour so an operator without an API key (or with --offline)
@@ -2140,214 +4121,401 @@ function runEngineTask(kind) {
2140
4121
  throw new Error(`pugi ${label} requires a prompt`);
2141
4122
  }
2142
4123
  }
4124
+ // α6.8 EXTEND PR1: when `--decompose` is set, augment the user
4125
+ // prompt with the decomposition-request suffix BEFORE the adapter
4126
+ // run. The system prompt for `plan` already constrains the model
4127
+ // to read-only tools + a plan deliverable; the suffix layers the
4128
+ // JSON-emission contract on top so the post-run parser can lift
4129
+ // the structured payload out of the final answer. The plan-only /
4130
+ // engine-required gates fired before the offline fallback above,
4131
+ // so by here we know we are on the engine path with a plan task.
4132
+ if (flags.decompose && kind === 'plan') {
4133
+ prompt = `${prompt}\n${DECOMPOSE_PROMPT_SUFFIX}`;
4134
+ }
2143
4135
  // Narrow `config` for the type checker — the offline branches above
2144
4136
  // return whenever `config` is null, so by this point it must be set.
2145
4137
  if (!config) {
2146
4138
  throw new Error('internal: engine config missing after offline gate');
2147
4139
  }
2148
4140
  const client = engineClientFactory ? engineClientFactory(config) : new AnvilEngineLoopClient(config);
2149
- const adapter = new NativePugiEngineAdapter({ client, session });
4141
+ // β1b r1 (--allow-fetch / --allow-search wiring, 2026-05-26):
4142
+ // forward operator flags to the adapter so the schema-advertise +
4143
+ // executor-dispatch gates see the OR of (settings.json flag, CLI
4144
+ // flag). PR #425 r1 Backend Architect: the comment at
4145
+ // `tool-bridge.ts:740` documented `--allow-fetch` but the flag was
4146
+ // never wired into the adapter constructor — fix lands here.
4147
+ //
4148
+ // β4 r2 P1 #3 — load the MCP registry pre-run so the engine's
4149
+ // tool-bridge advertises every trusted server's tools under
4150
+ // `mcp__<server>__<tool>`. Before this fix the registry was never
4151
+ // loaded in the CLI engine path: `pugi mcp install` + `pugi mcp
4152
+ // trust` ran successfully but `pugi code/explain/fix/build` still
4153
+ // saw zero `mcp__*` tools in the schema (so the feature was
4154
+ // non-functional at the customer-facing surface). The adapter does
4155
+ // NOT own the registry lifecycle — we tear it down in the `finally`
4156
+ // below regardless of outcome so live MCP child processes are
4157
+ // reaped before the CLI exits.
4158
+ //
4159
+ // Failure mode: a bad `.pugi/mcp.json` (corrupted JSON, schema
4160
+ // violation) bubbles as an exception from `loadMcpRegistry`. We
4161
+ // surface it as a warning on stderr and continue WITHOUT MCP — the
4162
+ // operator's `pugi code "..."` invocation should not fail just
4163
+ // because a stale MCP entry refuses to parse. They get the engine
4164
+ // run without `mcp__*` tools and a clear hint to fix the file.
4165
+ let mcpRegistry;
4166
+ try {
4167
+ mcpRegistry = await loadMcpRegistry(root);
4168
+ }
4169
+ catch (error) {
4170
+ process.stderr.write(`pugi ${label}: MCP registry load failed — ${error.message}. ` +
4171
+ `Continuing without MCP tools. Fix .pugi/mcp.json to enable.\n`);
4172
+ mcpRegistry = undefined;
4173
+ }
4174
+ // P1 fix (deep audit 2026-05-26): load the workspace HookRegistry so
4175
+ // `.pugi/hooks/` lifecycle hooks fire for model-initiated tool calls
4176
+ // from the engine loop, not just for direct CLI tool invocations.
4177
+ // SECURITY: a `PreToolUse onFailure: 'block'` hook that refuses bash
4178
+ // containing `rm` now applies to model dispatch. Before this fix the
4179
+ // hooks were INVISIBLE to the engine adapter — a workspace operator
4180
+ // who set up a block hook for destructive bash would still see the
4181
+ // model freely dispatch those calls.
4182
+ //
4183
+ // r2 fix (triple-review 2026-05-26 P2): the fail-open path is a
4184
+ // security hole. If `.pugi/hooks.json` exists but is malformed
4185
+ // (truncated write, typo, partial edit) and the operator has block
4186
+ // hooks configured, the previous `continue without hooks` silently
4187
+ // disabled the BLOCK rules — a hostile or careless mutation of the
4188
+ // file would turn off all SECURITY-CRITICAL refusals without any
4189
+ // visible signal. We now distinguish three cases:
4190
+ //
4191
+ // (a) Neither user nor project hooks file exists → no hooks. Safe.
4192
+ // (b) File(s) exist and load() succeeds → hooks live. Normal.
4193
+ // (c) File(s) exist and load() fails → REFUSE THE RUN with a
4194
+ // fatal stderr message and `process.exit(1)`. Operator must
4195
+ // fix the file OR set `PUGI_HOOKS_BYPASS=1` to override (the
4196
+ // escape hatch is logged loudly so it cannot be silent).
4197
+ //
4198
+ // The bypass env var exists for the mid-edit recovery case (the
4199
+ // operator is in the middle of fixing the file and needs to run
4200
+ // pugi to see the world state). It is NEVER a default — the
4201
+ // operator types it explicitly.
4202
+ const hookOutcome = await loadHookRegistryOrExit({
4203
+ workspaceRoot: root,
4204
+ session,
4205
+ label,
4206
+ });
4207
+ if (hookOutcome.kind === 'parse-failure-refused') {
4208
+ // The helper already emitted the fatal message on stderr. Exit
4209
+ // directly so dispatchEngineCommand's caller observes a non-zero
4210
+ // exit code without a stack trace.
4211
+ process.exit(1);
4212
+ }
4213
+ const hooks = hookOutcome.hooks;
4214
+ const adapter = new NativePugiEngineAdapter({
4215
+ client,
4216
+ session,
4217
+ allowFetch: flags.allowFetch,
4218
+ allowSearch: flags.allowSearch,
4219
+ ...(mcpRegistry ? { mcpRegistry } : {}),
4220
+ ...(hooks ? { hooks } : {}),
4221
+ // Non-interactive CLI path: the FSM prompt callback always denies
4222
+ // until the operator explicitly grants permission via
4223
+ // `pugi mcp perms` (out-of-band). A future Ink-backed REPL path
4224
+ // overrides this with a modal prompt; pipes / CI never auto-allow.
4225
+ mcpPrompt: defaultNonInteractiveMcpPrompt,
4226
+ // P1 fix (deep audit 2026-05-26): CLI dispatcher is non-interactive
4227
+ // by default — pipes, CI, and scripted `pugi code "..."` runs do
4228
+ // not have an ink modal to surface ask_user_question into. The
4229
+ // REPL layer (β2b ink modal wiring, future) overrides this with
4230
+ // `interactive: true` + a live askUserBridge.
4231
+ interactive: false,
4232
+ });
2150
4233
  const toolCallId = recordToolCall(session, `engine:${adapter.name}`, `${label}: ${prompt}`);
2151
4234
  const taskId = `${kind}-${Date.now()}`;
2152
- const events = adapter.run({
2153
- id: taskId,
2154
- kind,
2155
- prompt,
2156
- workspaceRoot: root,
2157
- allowedPaths: [root],
2158
- deniedPaths: [],
2159
- artifacts: [],
2160
- // plan mode is enforced inside the tool-bridge (read-only schema +
2161
- // executor refusal sentinel). The permission mode here is the
2162
- // workspace-level toggle and is unchanged from interactive default.
2163
- permissionMode: 'auto',
2164
- }, { sessionId: session.id });
2165
- const statusEvents = [];
2166
- let result = null;
2167
- for await (const event of events) {
2168
- if (event.type === 'status') {
2169
- statusEvents.push(event.message);
2170
- // For `explain` the spec wants status events on stderr so the
2171
- // final summary on stdout is grep-able. Other commands keep the
2172
- // events on stdout-via-final-text so the operator sees the
2173
- // chronological trace.
2174
- if (kind === 'explain' && !flags.json) {
2175
- process.stderr.write(`${event.message}\n`);
4235
+ // β4 r2 P1 #3 — try/finally so loaded MCP child processes are
4236
+ // reaped regardless of run outcome (success, blocked, failed,
4237
+ // thrown). The shutdown is best-effort; we never want a stuck
4238
+ // MCP server to mask a successful Pugi run.
4239
+ try {
4240
+ const events = adapter.run({
4241
+ id: taskId,
4242
+ kind,
4243
+ prompt,
4244
+ workspaceRoot: root,
4245
+ allowedPaths: [root],
4246
+ deniedPaths: [],
4247
+ artifacts: [],
4248
+ // plan mode is enforced inside the tool-bridge (read-only schema +
4249
+ // executor refusal sentinel). The permission mode here is the
4250
+ // workspace-level toggle and is unchanged from interactive default.
4251
+ permissionMode: 'auto',
4252
+ }, { sessionId: session.id });
4253
+ const statusEvents = [];
4254
+ let result = null;
4255
+ for await (const event of events) {
4256
+ if (event.type === 'status') {
4257
+ statusEvents.push(event.message);
4258
+ // For `explain` the spec wants status events on stderr so the
4259
+ // final summary on stdout is grep-able. Other commands keep the
4260
+ // events on stdout-via-final-text so the operator sees the
4261
+ // chronological trace.
4262
+ if (kind === 'explain' && !flags.json) {
4263
+ process.stderr.write(`${event.message}\n`);
4264
+ }
4265
+ }
4266
+ else {
4267
+ result = {
4268
+ status: event.result.status,
4269
+ summary: event.result.summary,
4270
+ filesChanged: event.result.filesChanged,
4271
+ eventRefs: event.result.eventRefs,
4272
+ risks: event.result.risks,
4273
+ };
2176
4274
  }
2177
4275
  }
2178
- else {
4276
+ if (!result) {
4277
+ // Adapter MUST emit a terminal result event. Treat the empty
4278
+ // outcome as a failure so the CLI surfaces a clear error rather
4279
+ // than exiting 0 with no output.
2179
4280
  result = {
2180
- status: event.result.status,
2181
- summary: event.result.summary,
2182
- filesChanged: event.result.filesChanged,
2183
- eventRefs: event.result.eventRefs,
2184
- risks: event.result.risks,
4281
+ status: 'failed',
4282
+ summary: 'engine adapter returned no result',
4283
+ filesChanged: [],
4284
+ eventRefs: [],
4285
+ risks: ['adapter terminated without emitting a result event'],
2185
4286
  };
2186
4287
  }
2187
- }
2188
- if (!result) {
2189
- // Adapter MUST emit a terminal result event. Treat the empty
2190
- // outcome as a failure so the CLI surfaces a clear error rather
2191
- // than exiting 0 with no output.
2192
- result = {
2193
- status: 'failed',
2194
- summary: 'engine adapter returned no result',
2195
- filesChanged: [],
2196
- eventRefs: [],
2197
- risks: ['adapter terminated without emitting a result event'],
2198
- };
2199
- }
2200
- // α6.6 diff escalation Layer A/B/C dispatcher.
2201
- //
2202
- // Some models emit file edits as inline SEARCH/REPLACE markers in
2203
- // the final response rather than through tool calls (especially
2204
- // Gemini and o1 family, which under-use tool schemas in long
2205
- // reasoning chains). We run the dispatcher against the model's
2206
- // final text so those markers still land on disk. Tool-call edits
2207
- // (Layer-A equivalent already handled by `edit`/`write` tools) are
2208
- // unaffected — the dispatcher only fires on prose blocks that
2209
- // happen to contain markers.
2210
- //
2211
- // Scope: code / fix / build / explain only. `plan` is read-only
2212
- // (the engine refuses write tools), so even a stray marker in plan
2213
- // output gets ignored to honour the plan-mode contract.
2214
- //
2215
- // Dry-run + read-only short-circuits: when the flags forbid writes
2216
- // we dispatch with `dryRun: true` so the operator still sees what
2217
- // WOULD have been written, but nothing touches disk.
2218
- let dispatchResults = [];
2219
- if (kind === 'code' || kind === 'fix' || kind === 'build_task') {
2220
- dispatchResults = await runMarkerDispatch({
2221
- root,
2222
- result: {
2223
- status: result.status,
2224
- summary: result.summary,
2225
- eventRefs: result.eventRefs,
2226
- },
2227
- dryRun: flags.dryRun,
2228
- });
2229
- // Merge dispatcher-touched files into `result.filesChanged` so the
2230
- // operator-facing summary lists them alongside tool-driven edits.
2231
- for (const dr of dispatchResults) {
2232
- if (dr.ok && dr.absPath) {
2233
- const rel = relative(root, dr.absPath);
2234
- if (!result.filesChanged.includes(rel))
2235
- result.filesChanged.push(rel);
4288
+ // α6.6 diff escalation — Layer A/B/C dispatcher.
4289
+ //
4290
+ // Some models emit file edits as inline SEARCH/REPLACE markers in
4291
+ // the final response rather than through tool calls (especially
4292
+ // Gemini and o1 family, which under-use tool schemas in long
4293
+ // reasoning chains). We run the dispatcher against the model's
4294
+ // final text so those markers still land on disk. Tool-call edits
4295
+ // (Layer-A equivalent already handled by `edit`/`write` tools) are
4296
+ // unaffected — the dispatcher only fires on prose blocks that
4297
+ // happen to contain markers.
4298
+ //
4299
+ // Scope: code / fix / build / explain only. `plan` is read-only
4300
+ // (the engine refuses write tools), so even a stray marker in plan
4301
+ // output gets ignored to honour the plan-mode contract.
4302
+ //
4303
+ // Dry-run + read-only short-circuits: when the flags forbid writes
4304
+ // we dispatch with `dryRun: true` so the operator still sees what
4305
+ // WOULD have been written, but nothing touches disk.
4306
+ let dispatchResults = [];
4307
+ if (kind === 'code' || kind === 'fix' || kind === 'build_task') {
4308
+ dispatchResults = await runMarkerDispatch({
4309
+ root,
4310
+ result: {
4311
+ status: result.status,
4312
+ summary: result.summary,
4313
+ eventRefs: result.eventRefs,
4314
+ },
4315
+ dryRun: flags.dryRun,
4316
+ });
4317
+ // Merge dispatcher-touched files into `result.filesChanged` so the
4318
+ // operator-facing summary lists them alongside tool-driven edits.
4319
+ for (const dr of dispatchResults) {
4320
+ if (dr.ok && dr.absPath) {
4321
+ const rel = relative(root, dr.absPath);
4322
+ if (!result.filesChanged.includes(rel))
4323
+ result.filesChanged.push(rel);
4324
+ }
2236
4325
  }
2237
4326
  }
2238
- }
2239
- // For `plan` we always write a plan.md artifact, regardless of
2240
- // outcome. A blocked plan (budget exhausted, tool refusal) still
2241
- // produces a reviewable artifact — the reason is recorded inline.
2242
- let planArtifact = null;
2243
- if (kind === 'plan') {
2244
- planArtifact = writePlanArtifact({
2245
- root,
2246
- session,
2247
- prompt,
2248
- result,
2249
- statusEvents,
2250
- });
2251
- }
2252
- // Pull the headline metrics out of `eventRefs` so the summary and
2253
- // JSON envelope match without re-parsing strings in two places.
2254
- const metrics = parseEventRefs(result.eventRefs);
2255
- const finalStatus = result.status === 'failed' ? 'error' : 'success';
2256
- recordToolResult(session, toolCallId, finalStatus, result.summary);
2257
- // Exit code policy (spec §1-§5):
2258
- // code/fix/build → 0 done, 8 failed, 9 blocked
2259
- // explain → same triple; read-only blocked = budget exhaustion
2260
- // plan → 0 on done OR plan-mode refusal (refusal is a
2261
- // SUCCESS for plan: the gate worked); 8 on failed
2262
- // transport; 9 on budget exhaustion.
2263
- //
2264
- // Code Reviewer P2 retro 2026-05-23: previously `plan` masked
2265
- // `budget_exhausted` as exit 0, so a CI loop with a token budget
2266
- // hit looked identical to a successful plan. We now distinguish
2267
- // via the adapter's `outcome=<status>` echo on `eventRefs` so
2268
- // shell wrappers can branch on the real cause.
2269
- if (kind === 'plan') {
2270
- if (result.status === 'failed') {
2271
- process.exitCode = ENGINE_EXIT_CODES.failed;
2272
- }
2273
- else if (result.status === 'blocked' &&
2274
- metrics.outcome === 'budget_exhausted') {
2275
- process.exitCode = ENGINE_EXIT_CODES.blocked;
4327
+ // For `plan` we always write a plan.md artifact, regardless of
4328
+ // outcome. A blocked plan (budget exhausted, tool refusal) still
4329
+ // produces a reviewable artifact the reason is recorded inline.
4330
+ let planArtifact = null;
4331
+ if (kind === 'plan') {
4332
+ planArtifact = writePlanArtifact({
4333
+ root,
4334
+ session,
4335
+ prompt,
4336
+ result,
4337
+ statusEvents,
4338
+ });
2276
4339
  }
2277
- else {
2278
- // `done`, or `blocked` with outcome=tool_refused (= the plan-mode
2279
- // gate fired, which is the contract working as designed), or
2280
- // `blocked` with no outcome echo (legacy adapter preserve the
2281
- // pre-retro 0 behaviour to avoid breaking external scripts).
2282
- process.exitCode = 0;
4340
+ // α6.8 EXTEND PR1: `--decompose` post-processing. We only attempt
4341
+ // the parse on a `done` plan (a blocked/failed plan is already
4342
+ // captured in plan.md with its reason; no JSON to extract). The
4343
+ // model's final answer arrives via `result.summary`on success
4344
+ // the adapter prefix is empty so it is the raw final text. We
4345
+ // strip any leading/trailing whitespace then run the parser
4346
+ // against the contents. On parse failure we surface a non-fatal
4347
+ // structured error in the payload — the operator still gets the
4348
+ // plan.md artifact and can re-run.
4349
+ //
4350
+ // TODO(α7.x): `result.summary` is currently a string contract that
4351
+ // doubles as both "human-readable headline" and "raw final model
4352
+ // text". Split into `{ summary, finalText }` on the adapter so the
4353
+ // parser does not have to assume the prefix is empty. Tracked in
4354
+ // PR #423 v2 retro (P2.6, Claude review).
4355
+ let decomposeArtifact = null;
4356
+ let decomposeError = null;
4357
+ if (flags.decompose && kind === 'plan' && result.status === 'done') {
4358
+ const parsed = parseDecompositionFromText(result.summary);
4359
+ if (parsed.ok) {
4360
+ decomposeArtifact = writeDecomposition({
4361
+ root,
4362
+ sessionId: session.id,
4363
+ // Persist the OPERATOR's original prompt, not the prompt+suffix
4364
+ // we sent to the engine. The suffix is plumbing; the manifest
4365
+ // header reads naturally only with the operator text.
4366
+ prompt: args.join(' ').trim() || prompt,
4367
+ decomposition: parsed.decomposition,
4368
+ rationale: parsed.rationale,
4369
+ });
4370
+ }
4371
+ else {
4372
+ decomposeError = { reason: parsed.reason, detail: parsed.detail };
4373
+ }
2283
4374
  }
2284
- }
2285
- else {
2286
- process.exitCode = ENGINE_EXIT_CODES[result.status];
2287
- }
2288
- const payload = {
2289
- command: label,
2290
- taskId,
2291
- status: result.status,
2292
- summary: result.summary,
2293
- filesChanged: result.filesChanged,
2294
- toolCalls: metrics.toolCalls,
2295
- turns: metrics.turns,
2296
- tokens: metrics.tokens,
2297
- sessionId: session.id,
2298
- sessionEventsMirror: metrics.mirror,
2299
- risks: result.risks,
2300
- plan: planArtifact ? { path: planArtifact.relPath } : undefined,
2301
- // α6.6 per-edit dispatcher trace. Empty array when no inline
2302
- // markers were detected in the model's final response.
2303
- diffEdits: dispatchResults.map((dr) => ({
2304
- layer: dr.layer,
2305
- file: dr.file,
2306
- ok: dr.ok,
2307
- bytesWritten: dr.bytesWritten,
2308
- reason: dr.reason,
2309
- detail: dr.detail,
2310
- })),
2311
- // The full event stream is useful for cabinet UI replay. We surface
2312
- // it in JSON mode only — text mode operators want the summary, not
2313
- // 30 turn-level lines.
2314
- events: flags.json ? statusEvents : undefined,
2315
- };
2316
- const textLines = [];
2317
- if (kind === 'plan' && planArtifact) {
2318
- textLines.push(`Pugi plan written to ${planArtifact.relPath}`);
2319
- }
2320
- textLines.push(`Pugi ${label}: ${result.status}`);
2321
- textLines.push(`Summary: ${result.summary}`);
2322
- if (result.filesChanged.length > 0) {
2323
- textLines.push(`Files modified (${result.filesChanged.length}):`);
2324
- for (const file of result.filesChanged)
2325
- textLines.push(` - ${file}`);
2326
- }
2327
- else if (kind !== 'explain' && kind !== 'plan') {
2328
- textLines.push('Files modified: none');
2329
- }
2330
- textLines.push(`Tool calls: ${metrics.toolCalls} · Turns: ${metrics.turns} · Tokens: ${metrics.tokens}`);
2331
- if (dispatchResults.length > 0) {
2332
- const okCount = dispatchResults.filter((d) => d.ok).length;
2333
- const failCount = dispatchResults.length - okCount;
2334
- textLines.push(`Diff dispatch: ${okCount} applied, ${failCount} rejected (${dispatchResults.length} marker block${dispatchResults.length === 1 ? '' : 's'})`);
2335
- for (const dr of dispatchResults) {
2336
- if (dr.ok) {
2337
- textLines.push(` + ${dr.layer} ${dr.file} (${dr.bytesWritten} bytes)`);
4375
+ // Pull the headline metrics out of `eventRefs` so the summary and
4376
+ // JSON envelope match without re-parsing strings in two places.
4377
+ const metrics = parseEventRefs(result.eventRefs);
4378
+ const finalStatus = result.status === 'failed' ? 'error' : 'success';
4379
+ recordToolResult(session, toolCallId, finalStatus, result.summary);
4380
+ // Exit code policy (spec §1-§5):
4381
+ // code/fix/build → 0 done, 8 failed, 9 blocked
4382
+ // explain → same triple; read-only blocked = budget exhaustion
4383
+ // plan → 0 on done OR plan-mode refusal (refusal is a
4384
+ // SUCCESS for plan: the gate worked); 8 on failed
4385
+ // transport; 9 on budget exhaustion.
4386
+ //
4387
+ // Code Reviewer P2 retro 2026-05-23: previously `plan` masked
4388
+ // `budget_exhausted` as exit 0, so a CI loop with a token budget
4389
+ // hit looked identical to a successful plan. We now distinguish
4390
+ // via the adapter's `outcome=<status>` echo on `eventRefs` so
4391
+ // shell wrappers can branch on the real cause.
4392
+ if (kind === 'plan') {
4393
+ if (result.status === 'failed') {
4394
+ process.exitCode = ENGINE_EXIT_CODES.failed;
4395
+ }
4396
+ else if (result.status === 'blocked' &&
4397
+ metrics.outcome === 'budget_exhausted') {
4398
+ process.exitCode = ENGINE_EXIT_CODES.blocked;
2338
4399
  }
2339
4400
  else {
2340
- textLines.push(` ! ${dr.layer} ${dr.file}: ${dr.reason ?? 'failure'} ${dr.detail ?? ''}`);
4401
+ // `done`, or `blocked` with outcome=tool_refused (= the plan-mode
4402
+ // gate fired, which is the contract working as designed), or
4403
+ // `blocked` with no outcome echo (legacy adapter — preserve the
4404
+ // pre-retro 0 behaviour to avoid breaking external scripts).
4405
+ process.exitCode = 0;
4406
+ }
4407
+ }
4408
+ else {
4409
+ process.exitCode = ENGINE_EXIT_CODES[result.status];
4410
+ }
4411
+ const payload = {
4412
+ command: label,
4413
+ taskId,
4414
+ status: result.status,
4415
+ summary: result.summary,
4416
+ filesChanged: result.filesChanged,
4417
+ toolCalls: metrics.toolCalls,
4418
+ turns: metrics.turns,
4419
+ tokens: metrics.tokens,
4420
+ sessionId: session.id,
4421
+ sessionEventsMirror: metrics.mirror,
4422
+ risks: result.risks,
4423
+ plan: planArtifact ? { path: planArtifact.relPath } : undefined,
4424
+ // α6.6 — per-edit dispatcher trace. Empty array when no inline
4425
+ // markers were detected in the model's final response.
4426
+ diffEdits: dispatchResults.map((dr) => ({
4427
+ layer: dr.layer,
4428
+ file: dr.file,
4429
+ ok: dr.ok,
4430
+ bytesWritten: dr.bytesWritten,
4431
+ reason: dr.reason,
4432
+ detail: dr.detail,
4433
+ })),
4434
+ // α6.8 EXTEND PR1: decompose artifacts (only present when
4435
+ // `--decompose` was passed AND the model emitted a parseable
4436
+ // JSON block). The `error` shape lands when the model returned
4437
+ // unparseable output; the operator can re-run with a tighter
4438
+ // prompt without losing the plain plan.md artifact.
4439
+ decompose: decomposeArtifact !== null
4440
+ ? {
4441
+ manifest: relative(root, decomposeArtifact.manifestPath),
4442
+ planDir: relative(root, decomposeArtifact.planDir),
4443
+ splits: decomposeArtifact.splitPaths,
4444
+ }
4445
+ : decomposeError !== null
4446
+ ? { error: decomposeError }
4447
+ : undefined,
4448
+ // The full event stream is useful for cabinet UI replay. We surface
4449
+ // it in JSON mode only — text mode operators want the summary, not
4450
+ // 30 turn-level lines.
4451
+ events: flags.json ? statusEvents : undefined,
4452
+ };
4453
+ const textLines = [];
4454
+ if (kind === 'plan' && planArtifact) {
4455
+ textLines.push(`Pugi plan written to ${planArtifact.relPath}`);
4456
+ }
4457
+ if (decomposeArtifact !== null) {
4458
+ textLines.push(`Decomposition: ${decomposeArtifact.splitPaths.length} component spec${decomposeArtifact.splitPaths.length === 1 ? '' : 's'} under ${relative(root, decomposeArtifact.planDir)}`);
4459
+ textLines.push(`Manifest: ${relative(root, decomposeArtifact.manifestPath)}`);
4460
+ }
4461
+ else if (decomposeError !== null) {
4462
+ textLines.push(`Decomposition: skipped (${decomposeError.reason}) — plan.md still written`);
4463
+ }
4464
+ textLines.push(`Pugi ${label}: ${result.status}`);
4465
+ textLines.push(`Summary: ${result.summary}`);
4466
+ if (result.filesChanged.length > 0) {
4467
+ textLines.push(`Files modified (${result.filesChanged.length}):`);
4468
+ for (const file of result.filesChanged)
4469
+ textLines.push(` - ${file}`);
4470
+ }
4471
+ else if (kind !== 'explain' && kind !== 'plan') {
4472
+ textLines.push('Files modified: none');
4473
+ }
4474
+ textLines.push(`Tool calls: ${metrics.toolCalls} · Turns: ${metrics.turns} · Tokens: ${metrics.tokens}`);
4475
+ if (dispatchResults.length > 0) {
4476
+ const okCount = dispatchResults.filter((d) => d.ok).length;
4477
+ const failCount = dispatchResults.length - okCount;
4478
+ textLines.push(`Diff dispatch: ${okCount} applied, ${failCount} rejected (${dispatchResults.length} marker block${dispatchResults.length === 1 ? '' : 's'})`);
4479
+ for (const dr of dispatchResults) {
4480
+ if (dr.ok) {
4481
+ textLines.push(` + ${dr.layer} ${dr.file} (${dr.bytesWritten} bytes)`);
4482
+ }
4483
+ else {
4484
+ textLines.push(` ! ${dr.layer} ${dr.file}: ${dr.reason ?? 'failure'} — ${dr.detail ?? ''}`);
4485
+ }
2341
4486
  }
2342
4487
  }
4488
+ if (result.risks.length > 0) {
4489
+ textLines.push(`Risks: ${result.risks.join('; ')}`);
4490
+ }
4491
+ textLines.push(`Session: ${session.id}`);
4492
+ if (metrics.mirror)
4493
+ textLines.push(`Events mirror: ${metrics.mirror}`);
4494
+ writeOutput(flags, payload, textLines.join('\n'));
2343
4495
  }
2344
- if (result.risks.length > 0) {
2345
- textLines.push(`Risks: ${result.risks.join('; ')}`);
4496
+ finally {
4497
+ // β4 r2 P1 #3 — tear down live MCP child processes BEFORE the
4498
+ // CLI exits. shutdown() is idempotent and swallows per-server
4499
+ // disconnect errors, so it is safe even if no servers connected.
4500
+ if (mcpRegistry) {
4501
+ await mcpRegistry.shutdown().catch((error) => {
4502
+ process.stderr.write(`pugi ${label}: MCP registry shutdown reported error — ${error.message}\n`);
4503
+ });
4504
+ }
4505
+ // Leak L15 (2026-05-27) — tear down any LSP servers warmed up
4506
+ // by the post-edit diagnostics cache. The cache is per-process
4507
+ // and survives across multiple tool calls; without this hook a
4508
+ // `pugi code ...` invocation would leak a tsserver process when
4509
+ // the Node host exits. The dynamic import keeps the cache module
4510
+ // out of the cold path for runs that never touch LSP.
4511
+ try {
4512
+ const { stopAllLspClients } = await import('../core/lsp/cache.js');
4513
+ await stopAllLspClients();
4514
+ }
4515
+ catch (error) {
4516
+ process.stderr.write(`pugi ${label}: LSP cache shutdown reported error — ${error.message}\n`);
4517
+ }
2346
4518
  }
2347
- textLines.push(`Session: ${session.id}`);
2348
- if (metrics.mirror)
2349
- textLines.push(`Events mirror: ${metrics.mirror}`);
2350
- writeOutput(flags, payload, textLines.join('\n'));
2351
4519
  };
2352
4520
  }
2353
4521
  // Exported for the α6.6.1 triple-review remediation spec
@@ -2579,7 +4747,7 @@ async function login(args, flags, _session) {
2579
4747
  if (args.includes('--help') || args.includes('-h')) {
2580
4748
  writeOutput(flags, {
2581
4749
  command: 'login',
2582
- usage: 'pugi login [--provider device|token|env] [--token <PAT>] [--token-stdin] [--label <name>] [--api-url <url>]',
4750
+ usage: 'pugi login [--provider device|token|env] [--token <PAT>] [--token-stdin] [--key <value>] [--skip-validate] [--label <name>] [--api-url <url>]',
2583
4751
  }, [
2584
4752
  'Usage: pugi login [options]',
2585
4753
  '',
@@ -2591,19 +4759,27 @@ async function login(args, flags, _session) {
2591
4759
  'Non-interactive options:',
2592
4760
  ' --provider device Run the device-flow login (recommended).',
2593
4761
  ' --provider token Store an API key passed via --token / --token-stdin / PUGI_LOGIN_TOKEN.',
2594
- ' --provider env Promote PUGI_API_KEY from the environment into the store.',
4762
+ ' --provider env Read PUGI_API_KEY (or --key) and verify it via /api/pugi/health.',
2595
4763
  ' --token <PAT> Inline API key (visible in `ps`).',
2596
4764
  ' --token-stdin Read API key from stdin (gh-CLI style).',
4765
+ ' --key <value> Explicit key for --provider env; beats PUGI_API_KEY.',
4766
+ ' --skip-validate Skip the /api/pugi/health probe for --provider env (CI bootstrap).',
2597
4767
  ' --label <name> Short label surfaced in `pugi accounts list`.',
2598
4768
  ' --api-url <url> Override the Anvil endpoint (self-hosted).',
2599
4769
  ' --no-device-flow Refuse the device flow; fail fast in CI without a token.',
2600
4770
  '',
4771
+ 'Environment variables:',
4772
+ ' PUGI_API_KEY Read by --provider env. Pass --key to override.',
4773
+ ' PUGI_LOGIN_TOKEN Read by --provider token in non-interactive shells.',
4774
+ ' PUGI_API_URL Override the Anvil endpoint (same as --api-url).',
4775
+ '',
2601
4776
  'Examples:',
2602
4777
  ' pugi login # interactive picker on a TTY',
2603
4778
  ' pugi login --provider device # explicit browser OAuth',
2604
4779
  ' pugi login --provider token --token sk-xx # paste in a key',
2605
4780
  ' echo $TOKEN | pugi login --provider token --token-stdin',
2606
- ' PUGI_API_KEY=sk-xx pugi login --provider env',
4781
+ ' PUGI_API_KEY=pugi_xxx pugi login --provider env',
4782
+ ' pugi login --provider env --key pugi_xxx # explicit key beats env',
2607
4783
  ].join('\n'));
2608
4784
  return;
2609
4785
  }
@@ -2626,6 +4802,11 @@ async function login(args, flags, _session) {
2626
4802
  const apiUrlOverride = extractApiUrlFlag(args);
2627
4803
  const labelFlag = extractLabelFlag(args);
2628
4804
  const provider = parseProviderFlag(args);
4805
+ // Leak L35 (2026-05-27): `--key` is the explicit-arg path for
4806
+ // `--provider env`; `--skip-validate` bypasses the /api/pugi/health
4807
+ // probe (CI bootstrap before the network is up).
4808
+ const envExplicitKey = extractKeyFlag(args);
4809
+ const envSkipValidate = args.includes('--skip-validate');
2629
4810
  const apiUrl = normalizeApiUrl(apiUrlOverride ?? process.env.PUGI_API_URL ?? DEFAULT_API_URL);
2630
4811
  // Path 1: explicit --provider trumps everything else.
2631
4812
  if (provider) {
@@ -2636,6 +4817,8 @@ async function login(args, flags, _session) {
2636
4817
  explicitToken: tokenFromArgs,
2637
4818
  tokenStdinFlag,
2638
4819
  noDeviceFlow,
4820
+ envExplicitKey,
4821
+ envSkipValidate,
2639
4822
  });
2640
4823
  return;
2641
4824
  }
@@ -2683,6 +4866,8 @@ async function login(args, flags, _session) {
2683
4866
  flags,
2684
4867
  label: labelFlag,
2685
4868
  noDeviceFlow,
4869
+ envExplicitKey,
4870
+ envSkipValidate,
2686
4871
  });
2687
4872
  return;
2688
4873
  }
@@ -2901,16 +5086,28 @@ async function dispatchLoginProvider(provider, ctx) {
2901
5086
  return;
2902
5087
  }
2903
5088
  case 'env': {
2904
- const envKey = process.env.PUGI_API_KEY;
2905
- if (!envKey) {
2906
- throw new Error('pugi login --provider env requires PUGI_API_KEY to be exported in the current shell.');
5089
+ // Leak L35 (2026-05-27): resolve the env / --key candidate,
5090
+ // run the local format check, then probe `/api/pugi/health`
5091
+ // BEFORE persisting. A bad token never lands on disk so the
5092
+ // next `pugi <anything>` does not silently 401 against the
5093
+ // cabinet. `--skip-validate` opts out for CI bootstrap.
5094
+ const resolved = await resolveAndValidateEnvLogin({
5095
+ apiUrl: ctx.apiUrl,
5096
+ explicitKey: ctx.envExplicitKey,
5097
+ env: process.env,
5098
+ skipValidate: ctx.envSkipValidate ?? false,
5099
+ });
5100
+ if (resolved.kind !== 'ok') {
5101
+ reportEnvLoginFailure(resolved, ctx.flags);
5102
+ return;
2907
5103
  }
2908
5104
  storeAndAnnounceToken({
2909
5105
  apiUrl: ctx.apiUrl,
2910
- apiKey: envKey,
5106
+ apiKey: resolved.token,
2911
5107
  label: ctx.label,
2912
5108
  source: 'env',
2913
5109
  flags: ctx.flags,
5110
+ validatedLatencyMs: resolved.latencyMs > 0 ? resolved.latencyMs : undefined,
2914
5111
  });
2915
5112
  return;
2916
5113
  }
@@ -2929,6 +5126,15 @@ function storeAndAnnounceToken(input) {
2929
5126
  label: input.label,
2930
5127
  source: input.source,
2931
5128
  });
5129
+ const textLines = [
5130
+ `Pugi logged in for ${record.apiUrl}`,
5131
+ `Method: ${input.source}${record.label ? ` (${record.label})` : ''}`,
5132
+ `Token: ${maskApiKey(record.apiKey)}`,
5133
+ ];
5134
+ if (typeof input.validatedLatencyMs === 'number') {
5135
+ textLines.push(`Verified via /api/pugi/health in ${input.validatedLatencyMs}ms`);
5136
+ }
5137
+ textLines.push('Stored at ~/.pugi/credentials.json (mode 0600). Run `pugi whoami` to verify.');
2932
5138
  writeOutput(input.flags, {
2933
5139
  status: 'logged_in',
2934
5140
  apiUrl: record.apiUrl,
@@ -2936,12 +5142,55 @@ function storeAndAnnounceToken(input) {
2936
5142
  label: record.label ?? null,
2937
5143
  createdAt: record.createdAt,
2938
5144
  source: input.source,
2939
- }, [
2940
- `Pugi logged in for ${record.apiUrl}`,
2941
- `Method: ${input.source}${record.label ? ` (${record.label})` : ''}`,
2942
- `Token: ${maskApiKey(record.apiKey)}`,
2943
- 'Stored at ~/.pugi/credentials.json (mode 0600). Run `pugi whoami` to verify.',
2944
- ].join('\n'));
5145
+ ...(typeof input.validatedLatencyMs === 'number'
5146
+ ? { validatedLatencyMs: input.validatedLatencyMs }
5147
+ : {}),
5148
+ }, textLines.join('\n'));
5149
+ }
5150
+ /**
5151
+ * Render a typed `EnvLoginFailure` from `resolveAndValidateEnvLogin`
5152
+ * onto the surrounding CLI surface. Maps the failure kind to:
5153
+ * - an exit code (1 by default; 2 for invalid format so a CI step
5154
+ * can disambiguate "missing key" vs "key shape wrong" without
5155
+ * parsing stderr; 4 for network / server errors so retry logic
5156
+ * can distinguish transient failures from credential failures)
5157
+ * - a structured JSON payload for `--json` consumers
5158
+ * - a human-readable stderr line for the interactive path
5159
+ *
5160
+ * The token itself is never echoed — only the validator's own message
5161
+ * (which the env-provider module composed without the secret in it).
5162
+ */
5163
+ function reportEnvLoginFailure(failure, flags) {
5164
+ const exitCode = (() => {
5165
+ switch (failure.kind) {
5166
+ case 'missing':
5167
+ return 1;
5168
+ case 'invalid-format':
5169
+ return 2;
5170
+ case 'unauthorized':
5171
+ return 3;
5172
+ case 'network-error':
5173
+ case 'server-error':
5174
+ return 4;
5175
+ case 'unexpected-status':
5176
+ return 5;
5177
+ default: {
5178
+ const exhaustive = failure;
5179
+ return Number(exhaustive) || 1;
5180
+ }
5181
+ }
5182
+ })();
5183
+ const payload = {
5184
+ status: 'login_failed',
5185
+ kind: failure.kind,
5186
+ message: failure.message,
5187
+ };
5188
+ if ('status' in failure)
5189
+ payload.httpStatus = failure.status;
5190
+ if ('cause' in failure && failure.cause)
5191
+ payload.cause = failure.cause;
5192
+ writeOutput(flags, payload, failure.message);
5193
+ process.exitCode = exitCode;
2945
5194
  }
2946
5195
  /**
2947
5196
  * OAuth 2.0 Device Authorization Grant client (RFC 8628). Renders
@@ -3697,6 +5946,17 @@ function extractApiUrlFlag(args) {
3697
5946
  function extractLabelFlag(args) {
3698
5947
  return extractNamedFlagValue(args, 'label');
3699
5948
  }
5949
+ /**
5950
+ * `pugi login --provider env --key <value>` — explicit key arg that
5951
+ * beats `PUGI_API_KEY` env. Same precedence rule as `gh auth login
5952
+ * --with-token`, `aws configure set`, and `pugi config`: the most
5953
+ * specific operator intent (a typed flag) overrides the ambient
5954
+ * environment so an operator can override a stale `PUGI_API_KEY`
5955
+ * from their shell rc without unsetting it first.
5956
+ */
5957
+ function extractKeyFlag(args) {
5958
+ return extractNamedFlagValue(args, 'key');
5959
+ }
3700
5960
  /**
3701
5961
  * `pugi jobs` — surface the persistent JobRegistry on the CLI.
3702
5962
  * Sprint α5.9 (ADR-0056 PR-PUGI-CLI-M1-GAP-J). Subcommand parsing
@@ -3975,7 +6235,31 @@ function fileBytes(path) {
3975
6235
  return 0;
3976
6236
  }
3977
6237
  }
3978
- function safeGit(root, args) {
6238
+ /**
6239
+ * Git invocation helpers — probe vs required semantics.
6240
+ *
6241
+ * 2026-05-27 (Claude review followup #489): the historical `safeGit`
6242
+ * collapsed BOTH "tell me the branch name if you can" probes AND
6243
+ * "give me the diff or fail" hard requirements into a single helper
6244
+ * that swallowed every error as an empty string. That's the correct
6245
+ * shape for the probe case (branch / status / dirty flag — empty
6246
+ * result is a valid signal) but catastrophically wrong for the diff
6247
+ * case (empty result === false PASS on a commit nobody reviewed).
6248
+ *
6249
+ * The split:
6250
+ * - `safeGitProbe` — best-effort. Returns '' on any error. Use for
6251
+ * branch name lookups, status probes, opt-in dirty detection.
6252
+ * - `safeGitRequired` — throws on non-zero exit / ENOBUFS / bad ref.
6253
+ * Use for diff, merge-base resolution, anything whose empty
6254
+ * output would silently corrupt downstream behaviour.
6255
+ *
6256
+ * Legacy `safeGit` is kept as a deprecated alias of `safeGitProbe`
6257
+ * so existing call-sites (branch detection, status, etc.) keep their
6258
+ * tolerant semantics until they are individually migrated. Diff /
6259
+ * merge-base / rev-parse-verify call-sites are migrated к
6260
+ * `safeGitRequired` in this same patch.
6261
+ */
6262
+ export function safeGitProbe(root, args) {
3979
6263
  try {
3980
6264
  return execFileSync('git', args, {
3981
6265
  cwd: root,
@@ -3993,6 +6277,38 @@ function safeGit(root, args) {
3993
6277
  return '';
3994
6278
  }
3995
6279
  }
6280
+ /**
6281
+ * Strict variant — throws on non-zero exit, ENOBUFS, or any git-side
6282
+ * failure. The thrown error carries the operation context so the
6283
+ * caller (triple-review dispatch, etc.) can fail loud rather than
6284
+ * ship an empty diff to a remote reviewer.
6285
+ */
6286
+ export function safeGitRequired(root, args, context) {
6287
+ try {
6288
+ return execFileSync('git', args, {
6289
+ cwd: root,
6290
+ encoding: 'utf8',
6291
+ stdio: ['ignore', 'pipe', 'pipe'],
6292
+ maxBuffer: 64 * 1024 * 1024,
6293
+ });
6294
+ }
6295
+ catch (err) {
6296
+ const cause = err instanceof Error ? err.message : String(err);
6297
+ throw new Error(`git ${args.slice(0, 2).join(' ')} failed (${context}): ${cause}. ` +
6298
+ `Refusing to proceed — empty git output here would corrupt downstream behaviour.`);
6299
+ }
6300
+ }
6301
+ /**
6302
+ * Deprecated alias preserved for diff / status / branch probes that
6303
+ * legitimately want a tolerant empty-string-on-error shape. New call
6304
+ * sites should pick `safeGitProbe` or `safeGitRequired` explicitly.
6305
+ *
6306
+ * @deprecated 2026-05-27 — prefer `safeGitProbe` (tolerant) or
6307
+ * `safeGitRequired` (strict, throws).
6308
+ */
6309
+ function safeGit(root, args) {
6310
+ return safeGitProbe(root, args);
6311
+ }
3996
6312
  /**
3997
6313
  * Glob patterns excluded from triple-review `diffPatch` before egress.
3998
6314
  *
@@ -4133,5 +6449,6 @@ export function packageRoot() {
4133
6449
  export const __test__ = {
4134
6450
  sleep,
4135
6451
  pollDeviceFlowUntilTerminal,
6452
+ sanitizeSemver,
4136
6453
  };
4137
6454
  //# sourceMappingURL=cli.js.map