@pugi/cli 0.1.0-beta.4 → 0.1.0-beta.40

package/dist/core/repo-map/formatter.js

@@ -0,0 +1,145 @@
+/**
+ * Default byte cap for the engine system-prompt injection. The L28
+ * spec calls for 2000 tokens; conservatively that is ~8 KB of UTF-8
+ * (rough Claude tokeniser ratio: ~4 chars per token). We cap at 8 KB
+ * so the formatted block stays under the token budget across every
+ * supported model family without per-model accounting.
+ */
+export const DEFAULT_FORMAT_BYTES_CAP = 8 * 1024;
+/**
+ * Maximum symbols per row. The engine row format is:
+ *
+ *   `- path/to/file.ts — summary line — exports: Foo(class), bar(fn)`
+ *
+ * Beyond 6 symbols the row grows past the readable column budget and
+ * the additional names rarely move the needle for the model — the
+ * exports tail is signal-bearing only for the first few entries
+ * anyway (`index.ts` re-exports tend к pile up).
+ */
+export const MAX_SYMBOLS_PER_ROW = 6;
+/**
+ * Render the repo-map text. The implementation is intentionally split
+ * into:
+ *
+ *   - `prioritise(...)` — pure sort + filter, fully testable in
+ *     isolation, no I/O of any kind.
+ *   - `renderRow(...)`  — one file's row, byte-counted.
+ *   - main loop — assembles header + rows + footer, respecting cap.
+ *
+ * The split lets the spec assert each stage in isolation (priority
+ * order, single-row shape, truncation arithmetic).
+ */
+export function formatRepoMap(extracts, options = {}) {
+    const maxBytes = options.maxBytes ?? DEFAULT_FORMAT_BYTES_CAP;
+    const omitHeader = options.omitHeader === true;
+    const prioritised = prioritise(extracts);
+    const header = omitHeader
+        ? ''
+        : `## Repo map\n\n${prioritised.length} source files indexed.\n\n`;
+    const headerBytes = byteLength(header);
+    if (headerBytes >= maxBytes) {
+        // Cap is smaller than even the header — emit nothing rather than
+        // a truncated header that the engine cannot parse.
+        return {
+            text: '',
+            filesIncluded: 0,
+            filesTotal: extracts.length,
+            bytes: 0,
+            truncated: extracts.length > 0,
+        };
+    }
+    const rows = [];
+    let bytesUsed = headerBytes;
+    let filesIncluded = 0;
+    let truncated = false;
+    for (let i = 0; i < prioritised.length; i += 1) {
+        const row = renderRow(prioritised[i]);
+        const rowBytes = byteLength(row);
+        // Reserve space for the footer (`\n... N more files\n`). We
+        // overestimate at 64 bytes — the exact number depends on the
+        // file count digits but 64 covers any realistic case.
+        const footerReserve = i + 1 < prioritised.length ? 64 : 0;
+        if (bytesUsed + rowBytes + footerReserve > maxBytes) {
+            truncated = true;
+            break;
+        }
+        rows.push(row);
+        bytesUsed += rowBytes;
+        filesIncluded += 1;
+    }
+    let text = header + rows.join('');
+    if (truncated) {
+        const omitted = prioritised.length - filesIncluded;
+        text += `\n... ${omitted} more file${omitted === 1 ? '' : 's'}\n`;
+    }
+    return {
+        text,
+        filesIncluded,
+        filesTotal: extracts.length,
+        bytes: byteLength(text),
+        truncated,
+    };
+}
+/* ----------------------------- helpers ----------------------------- */
+/**
+ * Sort the extracts by (exported-symbol count desc, path asc). The
+ * engine cares about the public surface; a file with 12 exported
+ * symbols carries more signal than 50 private helpers.
+ */
+export function prioritise(extracts) {
+    return [...extracts].sort((a, b) => {
+        const expA = countExports(a);
+        const expB = countExports(b);
+        if (expA !== expB)
+            return expB - expA;
+        return a.relPath < b.relPath ? -1 : a.relPath > b.relPath ? 1 : 0;
+    });
+}
+function countExports(extract) {
+    let n = 0;
+    for (const sym of extract.symbols)
+        if (sym.exported)
+            n += 1;
+    return n;
+}
+/**
+ * Render a single file row. Format:
+ *
+ *   `- path/to/file.ts — summary — exports: Foo(class), bar(fn), Baz(type)`
+ *
+ * When there are no exported symbols, the `exports:` tail is dropped.
+ * When there is no summary, the dash separator is dropped.
+ */
+export function renderRow(extract) {
+    const exported = extract.symbols.filter((s) => s.exported);
+    const symbolsTail = exported.length > 0
+        ? ` — exports: ${formatSymbolList(exported.slice(0, MAX_SYMBOLS_PER_ROW))}`
+        : '';
+    const summaryTail = extract.summary ? ` — ${extract.summary}` : '';
+    return `- ${extract.relPath}${summaryTail}${symbolsTail}\n`;
+}
+function formatSymbolList(symbols) {
+    return symbols.map((s) => `${s.name}(${shortKind(s.kind)})`).join(', ');
+}
+function shortKind(kind) {
+    switch (kind) {
+        case 'function':
+            return 'fn';
+        case 'class':
+            return 'class';
+        case 'interface':
+            return 'iface';
+        case 'type':
+            return 'type';
+        case 'enum':
+            return 'enum';
+        case 'const':
+            return 'const';
+        case 'heading':
+            return 'h';
+    }
+}
+function byteLength(s) {
+    return Buffer.byteLength(s, 'utf8');
+}
+//# sourceMappingURL=formatter.js.map

package/dist/core/repo-map/scanner.js

@@ -0,0 +1,211 @@
+/**
+ * Repo-map scanner — Leak L28 (2026-05-27).
+ *
+ * Walks the workspace via `fs.readdirSync` (sync, depth-first), filters
+ * to a recognised set of source-language extensions, and applies the
+ * shared `PugiIgnore` matcher so the same exclusion rules used by the
+ * three-tier context skeleton also gate the repo-map.
+ *
+ * Why a stand-alone scanner (vs. reusing the α6.5 skeleton walker):
+ *
+ *   1. The skeleton walker emits a flat `IndexArtifact[]` of every
+ *      ignore-respecting file (markdown, configs, schemas, etc.) for
+ *      the working-set heuristic. The repo-map ONLY needs source
+ *      files — markdown headings and JSON keys are not "definitions"
+ *      in the L28 sense. Filtering downstream is cheap, but the
+ *      scanner gets to short-circuit on extension before stat'ing
+ *      the file, which matters for monorepos with thousands of
+ *      non-source artefacts (lockfiles, schemas, fixtures).
+ *
+ *   2. We need mtime + size per file so `cache.ts` can invalidate
+ *      stale entries without re-parsing. The skeleton walker
+ *      surfaces only paths.
+ *
+ *   3. The L28 contract caps the walk at `MAX_SRC_FILES` (5000) and
+ *      individual files at `MAX_FILE_BYTES` (200 KiB). When the cap
+ *      trips the scanner returns a `{ skipped: 'too-large' }`
+ *      verdict rather than partial data — the consumer must decide
+ *      whether to fall back to a no-op map or surface a hint к the
+ *      operator. Surfacing partial data would silently bias the
+ *      injected summary toward whichever subtree the walker happened
+ *      to traverse first.
+ *
+ * The output is sorted (POSIX path string compare) so two runs over
+ * the same workspace produce byte-identical `repo-map.json` caches —
+ * `cache.ts` relies on stable ordering for its hash-free freshness
+ * check. POSIX-style separators are used in `relPath` regardless of
+ * platform so the cache file stays portable.
+ *
+ * Pure module surface: no logging, no network. Errors during readdir
+ * on a single subtree (permission denied, symlink loop) are swallowed
+ * and the walker continues — repo-map is a best-effort context
+ * enrichment, never a gate.
+ */
+import { readdirSync, statSync } from 'node:fs';
+import { join, posix, relative, resolve, sep } from 'node:path';
+/**
+ * Hard ceiling on total source files surfaced by a single scan. The
+ * engine context budget is the binding constraint — a 5K-file repo
+ * already overflows the 2K-token injection cap so going higher buys
+ * nothing but walker latency. Repos above the cap fall back к the
+ * `{ skipped: 'too-large' }` verdict.
+ */
+export const MAX_SRC_FILES = 5000;
+/**
+ * Per-file size cap. Files larger than this are skipped — they are
+ * almost always generated (compiled JS, vendored libs, encoded blobs)
+ * and add noise without signal. The 200 KiB threshold mirrors the
+ * α6.5 skeleton walker's own `MAX_FILE_BYTES` so the two scans agree
+ * on "what counts as a source file".
+ */
+export const MAX_FILE_BYTES = 200 * 1024;
+/**
+ * Source-language extensions the extractor knows how to parse. Adding
+ * a language here without a matching extractor branch is a silent
+ * no-op (the file shows up в the scan but extracts zero symbols);
+ * the spec asserts the symmetry so a future PR cannot drift the two
+ * lists out of sync.
+ */
+export const SUPPORTED_EXTENSIONS = Object.freeze([
+    '.ts',
+    '.tsx',
+    '.js',
+    '.jsx',
+    '.mjs',
+    '.cjs',
+    '.md',
+    '.mdx',
+]);
+const defaultReaddir = (path) => readdirSync(path, { withFileTypes: true });
+const defaultStat = (path) => {
+    const s = statSync(path);
+    return { size: s.size, mtimeMs: s.mtimeMs };
+};
+/**
+ * Walk the workspace once and return every source file the extractor
+ * is willing to parse. The function is deliberately synchronous —
+ * the underlying walks are CPU-bound, не I/O-bound, and the sync
+ * call avoids the promise overhead that dominates for thousands of
+ * small files. The L28 engine boot path runs this on a Node `setImmediate`
+ * so the main thread is not blocked.
+ */
+export function scanRepoForMap(options) {
+    const root = resolve(options.root);
+    const readdir = options.readdir ?? defaultReaddir;
+    const stat = options.stat ?? defaultStat;
+    const maxFiles = options.maxFiles ?? MAX_SRC_FILES;
+    const maxFileBytes = options.maxFileBytes ?? MAX_FILE_BYTES;
+    const ignore = options.ignore;
+    const files = [];
+    let walked = 0;
+    let skippedLarge = 0;
+    let skippedIgnored = 0;
+    let tooLarge = false;
+    /**
+     * Depth-first recursion. We push dirs into a manual stack instead of
+     * recursing in JS because deep monorepos (Nx with 100+ packages)
+     * have approached the v8 default stack limit on Windows runners
+     * before; an explicit stack is one less thing to debug.
+     */
+    const stack = [root];
+    while (stack.length > 0) {
+        const dir = stack.pop();
+        let entries;
+        try {
+            entries = readdir(dir);
+        }
+        catch {
+            // Permission denied / symlink loop / mid-flight delete — keep
+            // walking. Repo-map is best-effort context, never a gate.
+            continue;
+        }
+        for (const entry of entries) {
+            const abs = join(dir, entry.name);
+            const isDir = entry.isDirectory();
+            if (ignore.isIgnored(abs, isDir)) {
+                skippedIgnored += 1;
+                continue;
+            }
+            if (isDir) {
+                stack.push(abs);
+                continue;
+            }
+            if (!entry.isFile()) {
+                // Symlinks, sockets, FIFOs etc. Skip silently — they are not
+                // source code and stat'ing them can throw on broken links.
+                continue;
+            }
+            walked += 1;
+            const ext = extOf(entry.name);
+            if (!SUPPORTED_EXTENSIONS.includes(ext)) {
+                continue;
+            }
+            let statResult;
+            try {
+                statResult = stat(abs);
+            }
+            catch {
+                // File vanished between readdir and stat — skip.
+                continue;
+            }
+            if (statResult.size > maxFileBytes) {
+                skippedLarge += 1;
+                continue;
+            }
+            // Workspace-relative POSIX path. `relative` returns the host
+            // separator on Windows; normalise to forward slashes so the
+            // cache file is portable.
+            const rel = relative(root, abs).split(sep).join(posix.sep);
+            files.push({
+                relPath: rel,
+                absPath: abs,
+                ext,
+                sizeBytes: statResult.size,
+                mtimeMs: statResult.mtimeMs,
+            });
+            if (files.length > maxFiles) {
+                tooLarge = true;
+                break;
+            }
+        }
+        if (tooLarge)
+            break;
+    }
+    if (tooLarge) {
+        return {
+            ok: false,
+            root,
+            skipped: {
+                reason: 'too-large',
+                walked,
+            },
+        };
+    }
+    // Sort by POSIX path for stable cache output. Two runs over the
+    // same workspace yield byte-identical JSON so the cache hash check
+    // is a simple `mtime + size` per entry without a content digest.
+    files.sort((a, b) => (a.relPath < b.relPath ? -1 : a.relPath > b.relPath ? 1 : 0));
+    return {
+        ok: true,
+        root,
+        files,
+        stats: {
+            walked,
+            kept: files.length,
+            skippedLarge,
+            skippedIgnored,
+        },
+    };
+}
+/**
+ * Lowercase extension including the leading dot, or '' when the
+ * filename has no extension. Mirrors `node:path.extname` semantics —
+ * inlined so the scanner has zero per-iteration call overhead.
+ */
+function extOf(name) {
+    const dot = name.lastIndexOf('.');
+    if (dot < 0 || dot === 0)
+        return '';
+    return name.slice(dot).toLowerCase();
+}
+//# sourceMappingURL=scanner.js.map

package/dist/core/retry-budget/budget.js

@@ -0,0 +1,284 @@
+/**
+ * Leak L31 — Per-command tool retry budget (Claude Code parity).
+ *
+ * Claude Code limits the number of times the model may retry the SAME
+ * tool with the SAME arguments inside a single operator-input cycle.
+ * Once the cap is hit, the dispatcher hard-refuses and surfaces a
+ * sentinel string telling the model that this exact call has exhausted
+ * its retry budget. The model is expected (via system-prompt rule) to
+ * either change approach or ask the operator for guidance instead of
+ * looping forever on a transient failure.
+ *
+ * Why per-cycle, not per-session: a retry budget that persists across
+ * operator turns would surprise the operator. After the operator says
+ * "try again" the model rightly retries; the budget must reset when a
+ * fresh brief arrives. The simplest reset boundary is the executor
+ * lifetime — `buildExecutor` is called once per `runEngineLoop` and
+ * the loop drives exactly one operator-input cycle. Constructing the
+ * budget inside `buildExecutor` therefore gives us per-cycle scoping
+ * "for free" via closure lifetime; no external clear() call is needed
+ * from production callsites. The exported `clear()` exists so tests
+ * and a future hook surface (PreToolUse) can introspect the state.
+ *
+ * Hash design: same tool + same canonical args = same bucket. We
+ * canonicalise the args record by sorting object keys (stable across
+ * model output ordering) and then sha256 the JSON. The model emits
+ * `arguments` as a raw JSON string; we parse, canonicalise, hash. If
+ * parse fails we hash the raw string verbatim — that way an
+ * unparseable repeat still counts toward the cap (otherwise the model
+ * could loop on syntactic noise variants forever).
+ *
+ * Env overrides:
+ *   PUGI_RETRY_BUDGET_<TOOLNAME>=<N>   — override a single tool's cap.
+ *                                        Toolname matches DEFAULT_CAPS
+ *                                        keys verbatim, uppercased
+ *                                        (PUGI_RETRY_BUDGET_BASH=8).
+ *   PUGI_RETRY_BUDGET_DEFAULT=<N>      — override the fallback cap for
+ *                                        any tool not in DEFAULT_CAPS.
+ *   PUGI_RETRY_BUDGET_DISABLED=1       — warn-only mode. `shouldAllow`
+ *                                        still records but always
+ *                                        returns `allowed: true`. The
+ *                                        count is preserved so
+ *                                        diagnostics can still surface
+ *                                        the pattern.
+ */
+import { createHash } from 'node:crypto';
+/**
+ * Default per-tool retry caps. Tuned per leak research:
+ *
+ *   bash       — 5  (most volatile; transient flakes common)
+ *   edit       — 3  (deterministic; repeat = real bug)
+ *   write      — 3  (same)
+ *   read       — 10 (cheap; legitimate re-reads after edits)
+ *   search/grep/glob — 10 (cheap; exploration loop)
+ *   web_fetch  — 5  (transient network; not infinite)
+ *   default    — 5  (any tool not in the table)
+ *
+ * Operators override per-tool via `PUGI_RETRY_BUDGET_<NAME>` env vars.
+ * Caps are bounded `[1, 1000]` after override to defend against typo
+ * runaway (e.g. `PUGI_RETRY_BUDGET_BASH=5000000`).
+ */
+export const DEFAULT_CAPS = Object.freeze({
+    bash: 5,
+    edit: 3,
+    write: 3,
+    read: 10,
+    search: 10,
+    grep: 10,
+    glob: 10,
+    web_fetch: 5,
+    default: 5,
+});
+/**
+ * Lower / upper bound for any resolved cap. Defends against:
+ *   - PUGI_RETRY_BUDGET_BASH=0     -> first call instantly denied
+ *   - PUGI_RETRY_BUDGET_BASH=99999 -> effectively unbounded loop
+ */
+export const MIN_CAP = 1;
+export const MAX_CAP = 1000;
+/**
+ * Per-cycle retry budget. One instance per `buildExecutor` call.
+ *
+ * Not thread-safe: the executor is single-threaded by construction
+ * (Node event loop + sequential await in dispatcher). If a future
+ * executor parallelises tool dispatch it must serialise the budget
+ * mutation explicitly.
+ */
+export class RetryBudget {
+    counts = new Map();
+    capCache = new Map();
+    env;
+    programmaticCaps;
+    constructor(options = {}) {
+        this.env = options.env ?? process.env;
+        this.programmaticCaps = options.caps ?? {};
+    }
+    /**
+     * Returns true when PUGI_RETRY_BUDGET_DISABLED=1. In disabled mode
+     * `shouldAllow` still records attempts but always allows the
+     * dispatch — useful for operators triaging a false-positive without
+     * a code change.
+     */
+    isDisabled() {
+        return this.env.PUGI_RETRY_BUDGET_DISABLED === '1';
+    }
+    /**
+     * Record one dispatch attempt. Idempotent on the bucket key (tool
+     * + argHash). Call this BEFORE the dispatch (or after `shouldAllow`
+     * but before `dispatch()` resolves) so a thrown dispatch counts.
+     */
+    recordAttempt(toolName, argHash) {
+        const key = `${toolName}::${argHash}`;
+        const next = (this.counts.get(key) ?? 0) + 1;
+        this.counts.set(key, next);
+        return next;
+    }
+    /**
+     * Returns the current count for (tool, argHash) WITHOUT mutating.
+     */
+    peek(toolName, argHash) {
+        return this.counts.get(`${toolName}::${argHash}`) ?? 0;
+    }
+    /**
+     * Resolve the effective cap for a tool.
+     *
+     * Precedence:
+     *   1. PUGI_RETRY_BUDGET_<TOOL_UPPER>=<N>  (env)
+     *   2. programmaticCaps[toolName]          (constructor)
+     *   3. DEFAULT_CAPS[toolName]              (this module)
+     *   4. PUGI_RETRY_BUDGET_DEFAULT=<N>       (env fallback)
+     *   5. DEFAULT_CAPS.default                (final fallback)
+     *
+     * Bounded by [MIN_CAP, MAX_CAP] post-resolution. Invalid (NaN, ≤0,
+     * non-integer) env values are ignored and the next layer wins.
+     */
+    capFor(toolName) {
+        const cached = this.capCache.get(toolName);
+        if (cached !== undefined)
+            return cached;
+        const envKey = `PUGI_RETRY_BUDGET_${toolName.toUpperCase()}`;
+        const envCap = parseCapEnv(this.env[envKey]);
+        const programmaticCap = this.programmaticCaps[toolName];
+        const defaultCap = DEFAULT_CAPS[toolName];
+        const fallbackEnvCap = parseCapEnv(this.env.PUGI_RETRY_BUDGET_DEFAULT);
+        // DEFAULT_CAPS.default is hard-coded above; cast keeps the type-
+        // narrower happy without leaking `| undefined` through the index
+        // access (tsc cannot prove the literal key exists).
+        const finalFallback = DEFAULT_CAPS.default;
+        let resolved;
+        if (envCap !== undefined) {
+            resolved = envCap;
+        }
+        else if (programmaticCap !== undefined) {
+            resolved = programmaticCap;
+        }
+        else if (defaultCap !== undefined) {
+            resolved = defaultCap;
+        }
+        else {
+            resolved = fallbackEnvCap ?? finalFallback;
+        }
+        const bounded = Math.min(MAX_CAP, Math.max(MIN_CAP, resolved));
+        this.capCache.set(toolName, bounded);
+        return bounded;
+    }
+    /**
+     * Should this dispatch be allowed? Caller passes the current count
+     * BEFORE recording — i.e. shouldAllow returns true when count < cap,
+     * then recordAttempt fires, bringing count up to cap. The next
+     * identical call sees count === cap and is refused.
+     *
+     * In disabled mode `allowed` is forced to true; `count` and `cap`
+     * still reflect reality so logs / diagnostics can spot the pattern.
+     */
+    shouldAllow(toolName, argHash) {
+        const cap = this.capFor(toolName);
+        const count = this.peek(toolName, argHash);
+        const disabled = this.isDisabled();
+        const allowed = disabled ? true : count < cap;
+        return { allowed, count, cap, argHash, disabled };
+    }
+    /** Reset all state. Used between operator-input cycles when the
+     *  budget instance is reused (most callers throw the instance away
+     *  per cycle, so clear() is mostly for tests and hook surfaces). */
+    clear() {
+        this.counts.clear();
+        this.capCache.clear();
+    }
+    /**
+     * Snapshot the current state for diagnostics. Returns a plain
+     * object so it round-trips through JSON.stringify cleanly.
+     */
+    snapshot() {
+        const out = [];
+        for (const [key, count] of this.counts) {
+            const sep = key.indexOf('::');
+            if (sep < 0)
+                continue;
+            out.push({ tool: key.slice(0, sep), argHash: key.slice(sep + 2), count });
+        }
+        return out;
+    }
+}
+/**
+ * Hash the model's tool-call arguments into a stable key. Same
+ * canonical args = same hash regardless of JSON whitespace / key
+ * order. Unparseable JSON is hashed verbatim so the budget still
+ * catches syntactically degenerate retry loops.
+ */
+export function hashArgs(argsRaw) {
+    const canonical = canonicalise(argsRaw);
+    return createHash('sha256').update(canonical).digest('hex');
+}
+/**
+ * Canonicalise a raw JSON arg string. Object keys are sorted
+ * recursively. Arrays preserve order (semantic). Primitives untouched.
+ * On parse failure, returns the original string prefixed with `raw:`
+ * so a malformed-args repeat still hashes to the same bucket.
+ */
+function canonicalise(argsRaw) {
+    try {
+        const parsed = JSON.parse(argsRaw);
+        return JSON.stringify(sortKeys(parsed));
+    }
+    catch {
+        return `raw:${argsRaw}`;
+    }
+}
+function sortKeys(value) {
+    if (value === null || typeof value !== 'object')
+        return value;
+    if (Array.isArray(value))
+        return value.map(sortKeys);
+    const obj = value;
+    const sorted = {};
+    for (const k of Object.keys(obj).sort()) {
+        sorted[k] = sortKeys(obj[k]);
+    }
+    return sorted;
+}
+/**
+ * Parse and bound a `PUGI_RETRY_BUDGET_*` env var. Returns `undefined`
+ * for any non-positive-integer string so the resolver can fall
+ * through to the next precedence layer. Bounded by [MIN_CAP, MAX_CAP]
+ * is NOT applied here — `capFor` clamps after the final layer wins,
+ * matching the "operator typo defends against runaway" requirement
+ * without silently swallowing a meaningful low value (e.g.
+ * `PUGI_RETRY_BUDGET_BASH=1` should clamp to MIN_CAP=1, which it
+ * does naturally since 1 >= MIN_CAP).
+ */
+function parseCapEnv(raw) {
+    if (raw === undefined || raw === '')
+        return undefined;
+    const n = Number(raw);
+    if (!Number.isInteger(n) || n <= 0)
+        return undefined;
+    return n;
+}
+/**
+ * Sentinel emitted to the model when the budget is exhausted. The
+ * format is stable so the engine adapter, spec layer, and operator
+ * dashboards can pattern-match on it.
+ */
+export function retryBudgetExhaustedSentinel(toolName, cap) {
+    return `RETRY_BUDGET_EXHAUSTED: ${toolName} exceeded ${cap} attempts with these args. Operator must intervene.`;
+}
+/**
+ * Typed error thrown by the tool-bridge when the cap is hit. Carries
+ * the sentinel string so the engine loop can pattern-match without
+ * re-parsing. `instanceof RetryBudgetExhausted` is the canonical
+ * downstream test.
+ */
+export class RetryBudgetExhausted extends Error {
+    toolName;
+    cap;
+    argHash;
+    constructor(toolName, cap, argHash) {
+        super(retryBudgetExhaustedSentinel(toolName, cap));
+        this.name = 'RetryBudgetExhausted';
+        this.toolName = toolName;
+        this.cap = cap;
+        this.argHash = argHash;
+    }
+}
+//# sourceMappingURL=budget.js.map

package/dist/core/retry-budget/index.js

@@ -0,0 +1,5 @@
+/**
+ * Leak L31 — Tool retry budget. Public surface.
+ */
+export { DEFAULT_CAPS, MIN_CAP, MAX_CAP, RetryBudget, RetryBudgetExhausted, hashArgs, retryBudgetExhaustedSentinel, } from './budget.js';
+//# sourceMappingURL=index.js.map