@pugi/cli 0.1.0-beta.7 → 0.1.0-beta.87

package/dist/core/session.js

@@ -18,6 +18,98 @@ export function openSession(root) {
         enabled,
     };
 }
+/**
+ * MVP — fire the `SessionStart` lifecycle event for all hooks
+ * declared in `~/.pugi/hooks-mvp.json`. Single-call surface; the REPL
+ * boot path invokes this once after `openSession`. Best-effort: any
+ * failure (missing config, hook spawn error) is swallowed so a
+ * misconfigured hook can never crash the REPL.
+ *
+ * Returns the number of hooks that fired (0 when no config / no
+ * matching hooks). Tests assert on the return value as the
+ * single-call invariant.
+ */
+export async function fireSessionStartMvp(session) {
+    try {
+        const { loadHooksConfig, fireHooks } = await import('./hooks/index.js');
+        // Defense-in-depth: `loadHooksConfig` is contractually non-null
+        // (returns `HooksConfig.empty(path)` when the file is absent), but
+        // the dynamic import boundary above can in principle return an
+        // unexpected shape if the module is mis-resolved at runtime. Guard
+        // the optional-chained `isEmpty()` call so a malformed loader can
+        // never raise `TypeError: Cannot read properties of undefined` and
+        // crash the REPL boot path. Belt-and-suspenders with the
+        // surrounding try/catch — the catch still swallows everything else.
+        const config = loadHooksConfig();
+        if (!config || config.isEmpty())
+            return 0;
+        const outcome = await fireHooks({
+            config,
+            event: 'SessionStart',
+            payload: {
+                event: 'SessionStart',
+                sessionId: session.id,
+                workspaceRoot: session.root,
+                startedAt: new Date().toISOString(),
+            },
+            workspaceRoot: session.root,
+        });
+        return outcome.results.length;
+    }
+    catch {
+        // SessionStart is never blocking — log nothing, return 0. A
+        // broken `hooks-mvp.json` is surfaced via `pugi hooks doctor`.
+        return 0;
+    }
+}
+/**
+ * P1 — fire the v2 `SessionStart` event from `~/.pugi/hooks.json`
+ * (global) + `<workspaceRoot>/.pugi/hooks.json` (project). Companion to
+ * `fireSessionStartMvp`; both surfaces run because they read different
+ * config files.
+ *
+ * Headless by default (no trust prompt) — the v2 trust ledger gates
+ * first-run executions. Operators with no prior trust decision will see
+ * the SessionStart hook skipped with a `denied by trust ledger` stderr
+ * note; running `pugi hooks trust allow <command>` enrolls it.
+ *
+ * Returns the number of hooks that ran (excluding trust-denied skips).
+ * Never throws.
+ */
+export async function fireSessionStartV2(session) {
+    try {
+        const { fireSessionStart } = await import('./hooks/v2/index.js');
+        const outcome = await fireSessionStart({
+            sessionId: session.id,
+            workspaceRoot: session.root,
+            transcriptPath: session.eventsPath,
+            permissionMode: 'ask',
+        });
+        return outcome.results.filter((r) => r.exitCode !== -1).length;
+    }
+    catch {
+        return 0;
+    }
+}
+/**
+ * P1 — fire the v2 `SessionEnd` event. Called by the REPL
+ * teardown path. Companion to `fireSessionStartV2`.
+ */
+export async function fireSessionEndV2(session) {
+    try {
+        const { fireSessionEnd } = await import('./hooks/v2/index.js');
+        const outcome = await fireSessionEnd({
+            sessionId: session.id,
+            workspaceRoot: session.root,
+            transcriptPath: session.eventsPath,
+            permissionMode: 'ask',
+        });
+        return outcome.results.filter((r) => r.exitCode !== -1).length;
+    }
+    catch {
+        return 0;
+    }
+}
 export function recordCommandStarted(session, command) {
     if (!session.enabled)
         return;

package/dist/core/settings.js

@@ -20,6 +20,22 @@ const pugiSettingsSchema = z.object({
         allow: z.array(z.string()).default([]),
         deny: z.array(z.string()).default([]),
         notAutomatic: z.array(z.string()).default([]),
+        // task — operator-declared read-only paths. Every
+        // edit / write tool call whose target matches one of these
+        // patterns is denied with source `readonly_paths`, regardless
+        // of the active permission mode. Match grammar mirrors
+        // allow/deny: exact path OR tail-* glob. Targets are
+        // workspace-relative, no leading slash.
+        //
+        // Why a dedicated field вместо leaning on a generic deny rule
+        // like `deny: ["edit:vendor/x"]`?
+        //  - Explicit intent surfaces в `pugi doctor` and the REPL
+        //    ("3 paths read-only") без parsing rule strings.
+        //  - Covers BOTH the `edit` tool AND the `write` tool with
+        //    one entry; a generic deny needs two rules.
+        //  - Survives a future migration of the `permissions` schema
+        //    because the field carries its own contract.
+        readonlyPaths: z.array(z.string()).default([]),
     })
         .default({}),
     privacy: z
@@ -28,6 +44,17 @@ const pugiSettingsSchema = z.object({
         telemetry: z.enum(['off', 'anonymous', 'community']).default('off'),
     })
         .default({}),
+    // beta.13 P1 fix: ui.cyberZoo gates the cyber-zoo splash +
+    // ambient art in the REPL. Schema must declare the key explicitly
+    // because Zod's strip pass swallows unknown keys, which is how the
+    // initial `pugi init` write (which serialises `ui.cyberZoo`) was
+    // bypassed by the runtime reader — the value never made it past the
+    // schema gate so admin-api always saw the historical 'on' default.
+    ui: z
+        .object({
+        cyberZoo: z.enum(['on', 'off']).default('on'),
+    })
+        .default({}),
     artifacts: z
         .object({
         defaultPath: z.string().default('.pugi/artifacts'),
@@ -38,6 +65,12 @@ const pugiSettingsSchema = z.object({
     // fetcher. Default-off matches the spec posture; the schema must
     // declare it explicitly because Zod's strict-pass strips unknown
     // keys and would silently swallow the operator's intent.
+    //
+    // β1b T4 : added `web.search.enabled` to gate the
+    // Brave-Search-backed `web_search` tool. Distinct from `web.fetch`
+    // because search queries themselves are an egress event that can
+    // leak operator intent — an operator may want fetch without
+    // implicitly enabling search-as-egress.
     web: z
         .object({
         fetch: z
@@ -45,15 +78,263 @@ const pugiSettingsSchema = z.object({
             enabled: z.boolean().optional(),
         })
             .optional(),
+        search: z
+            .object({
+            enabled: z.boolean().optional(),
+        })
+            .optional(),
+    })
+        .optional(),
+    // β7 L9 — per-language LSP toggle. When omitted, every supported
+    // server is available subject to binary detection on PATH. When
+    // present, only languages set to `true` are launched (false silently
+    // skips that language even if the binary is installed). Use this in
+    // workspaces where a heavyweight server (rust-analyzer indexing a
+    // monorepo, pyright on a fresh venv) wastes resources for the
+    // current task. The `pugi lsp servers` subcommand surfaces the
+    // current toggle state per server.
+    //
+    // Schema is intentionally permissive (`optional()` on the section AND
+    // on every per-language flag) so a partial config keeps the
+    // backwards-compatible "every language enabled" default.
+    lsp: z
+        .object({
+        typescript: z.boolean().optional(),
+        javascript: z.boolean().optional(),
+        python: z.boolean().optional(),
+        go: z.boolean().optional(),
+        rust: z.boolean().optional(),
+        // post-edit auto-diagnostics. When `true`,
+        // a successful `edit`/`write`/`multi_edit` triggers a diagnostic
+        // pull on the touched file(s) and the result is appended to the
+        // tool envelope so the model can self-correct in the same turn.
+        // Off by default — the cold-start of `typescript-language-server`
+        // is heavy enough that we opt in explicitly until dogfood proves
+        // the throughput trade is worth it. Also enabled via env var
+        // `PUGI_LSP_POST_EDIT=1` for CI / one-off operator probes.
+        postEditDiagnostics: z.boolean().optional(),
     })
         .optional(),
+    // β1 Pl9 — per-command budget overrides. Optional. Partial
+    // overrides merge against the β1 defaults in
+    // `core/engine/budgets.ts::beta1DefaultBudgets`. The schema is
+    // intentionally loose at the leaf (positive integers) so a typo lands
+    // a deterministic `BudgetConfigError` at `resolveBudget()` instead of
+    // a Zod parse error two layers up.
+    // task — operator-customizable status line.
+    // When `command` is set, Pugi spawns it on each turn boundary with
+    // a single JSON document on stdin (see `statusline.ts` for the
+    // schema). The command's stdout (first non-empty line, trimmed) is
+    // displayed in the Ink Footer. Failures are non-fatal — they emit
+    // a structured log line and the footer falls back to the default.
+    // Mirrors CC's `statusLine` config so cross-tool muscle memory
+    // carries over для operators who lived in CC first.
+    statusLine: z
+        .object({
+        command: z.string().min(1),
+        timeoutMs: z.number().int().positive().max(5000).default(500),
+    })
+        .optional(),
+    budgets: z
+        .object({
+        code: z
+            .object({ maxTokens: z.number().int().positive().optional(), maxToolCalls: z.number().int().positive().optional() })
+            .optional(),
+        fix: z
+            .object({ maxTokens: z.number().int().positive().optional(), maxToolCalls: z.number().int().positive().optional() })
+            .optional(),
+        build: z
+            .object({ maxTokens: z.number().int().positive().optional(), maxToolCalls: z.number().int().positive().optional() })
+            .optional(),
+        plan: z
+            .object({ maxTokens: z.number().int().positive().optional(), maxToolCalls: z.number().int().positive().optional() })
+            .optional(),
+        explain: z
+            .object({ maxTokens: z.number().int().positive().optional(), maxToolCalls: z.number().int().positive().optional() })
+            .optional(),
+        review_triple: z
+            .object({ maxTokens: z.number().int().positive().optional(), maxToolCalls: z.number().int().positive().optional() })
+            .optional(),
+    })
+        .optional(),
+    // #24 (CEO P1) — hook chains. First-class config
+    // for `PostToolUseFailure` + `TaskCompleted` event chains. The shape
+    // is intentionally loose (`z.any()` at the leaf) because the
+    // canonical reader lives in `core/hook-chains.ts` where the
+    // matcher/run/timeoutMs grammar is validated. Declaring the key here
+    // keeps Zod's strip-pass from swallowing it before the chain reader
+    // sees it. See `hook-chains.ts` for the full schema.
+    hooks: z.any().optional(),
 });
-export function loadSettings(root) {
+/**
+ * #20 — the upstream tool drop-in compat ingest.
+ *
+ * Operators migrating from the upstream tool typically keep a `.claude/`
+ * directory at workspace root with settings.json, slash commands,
+ * and ambient guidance files. We honour the existence of that
+ * directory and mirror the subset of keys that map cleanly onto
+ * Pugi's own settings surface — Pugi values ALWAYS win on conflict
+ * (the operator opted into Pugi as their primary), CC fills gaps.
+ *
+ * Opt-out: `PUGI_CC_COMPAT_DISABLE=1` short-circuits the merger and
+ * loads only `.pugi/settings.json` (or the empty default).
+ *
+ * Key mirror table:
+ *  - `permissions.defaultMode` → `permissions.mode`
+ *    (CC values map: `acceptEdits|plan|bypassPermissions|default` →
+ *     `acceptEdits|plan|bypassPermissions|ask`).
+ *  - `permissions.allow` → `permissions.allow` (concatenated, deduped).
+ *  - `permissions.deny` → `permissions.deny` (concatenated, deduped).
+ *  - `enabledPlugins`   → ignored (CC-only concept; Pugi has its own
+ *     plugin surface and we do not want to silently activate them).
+ *  - `hooks`            → currently ignored. Pugi's hook system is
+ *     managed via `apps/pugi-cli/src/core/hooks/`; future work can
+ *     wire CC hook entries through that bridge.
+ *
+ * Unknown CC keys are dropped on the floor by Zod's strip semantics
+ * just like the existing PUGI settings path — we never warn on
+ * unrecognised CC keys, because the CC surface is wider and we want
+ * fallthrough to be silent (operator does not need a stream of "we
+ * skipped this CC concept" warnings on every CLI invocation).
+ */
+const ccPermissionsSchema = z
+    .object({
+    defaultMode: z.string().optional(),
+    allow: z.array(z.string()).optional(),
+    deny: z.array(z.string()).optional(),
+})
+    .passthrough()
+    .optional();
+const ccSettingsSchema = z
+    .object({
+    permissions: ccPermissionsSchema,
+    enabledPlugins: z.unknown().optional(),
+    hooks: z.unknown().optional(),
+})
+    .passthrough();
+/**
+ * Env var that disables ingest entirely. Useful for CI
+ * sandboxes where a stray `.claude/` from a parent checkout could
+ * otherwise leak permissions into Pugi.
+ */
+export const CC_COMPAT_DISABLE_ENV = 'PUGI_CC_COMPAT_DISABLE';
+/**
+ * Map a CC `permissions.defaultMode` to the closest Pugi permission
+ * mode. Unknown / missing values map to `undefined` so the caller
+ * keeps Pugi's own default.
+ *
+ * CC's `default` mode = "ask the user for each tool" which is Pugi's
+ * `ask` mode. `acceptEdits` / `plan` / `bypassPermissions` map 1:1.
+ */
+export function mapCcPermissionMode(mode) {
+    if (typeof mode !== 'string')
+        return undefined;
+    switch (mode) {
+        case 'acceptEdits':
+            return 'acceptEdits';
+        case 'plan':
+            return 'plan';
+        case 'bypassPermissions':
+            return 'bypassPermissions';
+        case 'default':
+            return 'ask';
+        default:
+            return undefined;
+    }
+}
+/**
+ * Merge a parsed CC settings object into a Pugi settings object.
+ * Pugi ALWAYS wins on conflict; CC values fill gaps only.
+ */
+export function mergeCcIntoPugi(pugi, cc, opts) {
+    const merged = {
+        ...pugi,
+        permissions: { ...pugi.permissions },
+    };
+    const pugiWroteMode = pugiPermissionKeyPresent(opts.pugiRawJson, 'mode');
+    if (!pugiWroteMode) {
+        const ccMode = mapCcPermissionMode(cc.permissions?.defaultMode);
+        if (ccMode)
+            merged.permissions.mode = ccMode;
+    }
+    if (Array.isArray(cc.permissions?.allow)) {
+        merged.permissions.allow = dedupeKeepFirst([
+            ...pugi.permissions.allow,
+            ...cc.permissions.allow,
+        ]);
+    }
+    if (Array.isArray(cc.permissions?.deny)) {
+        merged.permissions.deny = dedupeKeepFirst([
+            ...pugi.permissions.deny,
+            ...cc.permissions.deny,
+        ]);
+    }
+    // `enabledPlugins` and `hooks` are intentionally NOT mirrored. See
+    // the doc-block above for rationale.
+    void opts.pugiSettingsExisted;
+    return merged;
+}
+function pugiPermissionKeyPresent(raw, key) {
+    if (!raw || typeof raw !== 'object')
+        return false;
+    const permissions = raw.permissions;
+    if (!permissions || typeof permissions !== 'object')
+        return false;
+    return Object.prototype.hasOwnProperty.call(permissions, key);
+}
+function dedupeKeepFirst(items) {
+    const seen = new Set();
+    const out = [];
+    for (const item of items) {
+        if (seen.has(item))
+            continue;
+        seen.add(item);
+        out.push(item);
+    }
+    return out;
+}
+/**
+ * Read + parse `.claude/settings.json` at `root`. Returns `undefined`
+ * when the file is absent, malformed, or the operator has opted out
+ * via `PUGI_CC_COMPAT_DISABLE=1`. Never throws — a broken CC settings
+ * file degrades to "no ingest", not a Pugi boot crash.
+ */
+export function loadCcSettings(root, env = process.env) {
+    if (env[CC_COMPAT_DISABLE_ENV] === '1')
+        return undefined;
+    const ccPath = resolve(root, '.claude/settings.json');
+    if (!existsSync(ccPath))
+        return undefined;
+    let parsed;
+    try {
+        parsed = JSON.parse(readFileSync(ccPath, 'utf8'));
+    }
+    catch {
+        return undefined;
+    }
+    const result = ccSettingsSchema.safeParse(parsed);
+    if (!result.success)
+        return undefined;
+    return result.data;
+}
+export function loadSettings(root, env = process.env) {
     const settingsPath = resolve(root, '.pugi/settings.json');
-    if (!existsSync(settingsPath)) {
-        return pugiSettingsSchema.parse({});
+    const pugiExists = existsSync(settingsPath);
+    let pugiRawJson = undefined;
+    let pugi;
+    if (pugiExists) {
+        pugiRawJson = JSON.parse(readFileSync(settingsPath, 'utf8'));
+        pugi = pugiSettingsSchema.parse(pugiRawJson);
+    }
+    else {
+        pugi = pugiSettingsSchema.parse({});
     }
-    const parsed = JSON.parse(readFileSync(settingsPath, 'utf8'));
-    return pugiSettingsSchema.parse(parsed);
+    const cc = loadCcSettings(root, env);
+    if (!cc)
+        return pugi;
+    return mergeCcIntoPugi(pugi, cc, {
+        pugiSettingsExisted: pugiExists,
+        pugiRawJson,
+    });
 }
 //# sourceMappingURL=settings.js.map

package/dist/core/share/formatter.js

@@ -0,0 +1,271 @@
+/**
+ * Markdown transcript formatter used by `pugi share` ().
+ *
+ * Walks the session's `.pugi/events.jsonl` audit log and reconstructs a
+ * Markdown document the operator (and downstream Gist / pugi.io readers)
+ * can read top-to-bottom. The format is intentionally human-first — turn
+ * headers, code-block-wrapped tool I/O, and a small front-matter block
+ * with session metadata. Machine-readability is a non-goal here; the
+ * JSONL log remains the source of truth for tooling.
+ *
+ * Why we reconstruct from JSONL instead of from the live REPL state:
+ *
+ *  - The CLI top-level `pugi share` command runs from a fresh shell and
+ *    has no in-memory REPL state to read; only the event log is
+ *    persisted.
+ *  - The in-REPL `/share` slash uses the same handler so behaviour is
+ *    identical regardless of entry point. Operators sharing a session
+ *    from inside the REPL get the exact same output they would get from
+ *    a follow-up shell command.
+ *  - The JSONL log is append-only and survives REPL crashes, so a
+ *    `--share` after a crash is the most useful debug surface.
+ *
+ * Event vocabulary the formatter knows about (see
+ * `packages/pugi-sdk/src/audit-trace.ts` for the schema):
+ *
+ *  session.created                 Session boundary; emits front matter.
+ *  session.command_started         One-line "running pugi <cmd>" header.
+ *  session.command_completed       Status line ("success" / "error").
+ *  tool_call                       Markdown turn header + inputSummary
+ *                                   rendered as a fenced block.
+ *  tool_result                     "Result (status):" + outputSummary
+ *                                   rendered as a fenced block.
+ *  file_mutation                   Inline `path` + operation summary.
+ *  subagent.*                      Indented "[subagent <role>] ..." line.
+ *  hook.*                          Quiet "[hook <event>] ..." line.
+ *  compaction.*                    "[compaction <tier>] ..." line.
+ *
+ * Unknown event types are surfaced as a single italic line ("[event
+ * type=...]") so a future event added to the SDK does not silently
+ * vanish from the transcript.
+ *
+ * Performance: the formatter is O(n) over the events file, runs entirely
+ * in memory, and is bounded by the session log size (currently capped at
+ * a few MB per session). No streaming I/O is needed for typical sessions
+ * — the operator does not run /share against multi-GB logs.
+ */
+/**
+ * Format a session's event log as Markdown. Pure — no I/O. The caller
+ * reads `.pugi/events.jsonl` and hands the contents in.
+ */
+export function formatTranscript(input) {
+    const now = input.now ? input.now() : new Date();
+    const events = parseEvents(input.eventsJsonl);
+    const filteredSessionId = pickSessionId(input.sessionId, events);
+    const sessionEvents = events.filter((e) => typeof e.raw.sessionId !== 'string' || e.raw.sessionId === filteredSessionId);
+    const lines = [];
+    // Front matter — a fenced block at the top so downstream readers can
+    // grok the context before any turn content. Not YAML front matter
+    // (`---`) because Gist + pugi.io render Markdown directly; the fenced
+    // approach renders predictably without a parser.
+    lines.push('# Pugi session transcript');
+    lines.push('');
+    lines.push('```');
+    lines.push(`session_id: ${filteredSessionId}`);
+    lines.push(`workspace:  ${input.workspaceRoot}`);
+    lines.push(`cli_version: ${input.cliVersion}`);
+    lines.push(`exported_at: ${now.toISOString()}`);
+    lines.push(`event_count: ${sessionEvents.length}`);
+    lines.push('```');
+    lines.push('');
+    if (sessionEvents.length === 0) {
+        lines.push('_No events recorded for this session._');
+        return {
+            markdown: `${lines.join('\n')}\n`,
+            turnCount: 0,
+            eventCount: 0,
+        };
+    }
+    let turnCount = 0;
+    for (const event of sessionEvents) {
+        const rendered = renderEvent(event);
+        if (rendered === null)
+            continue;
+        lines.push(...rendered.lines);
+        lines.push('');
+        if (rendered.isTurn)
+            turnCount += 1;
+    }
+    return {
+        markdown: `${lines.join('\n').replace(/\n{3,}/g, '\n\n')}\n`,
+        turnCount,
+        eventCount: sessionEvents.length,
+    };
+}
+/**
+ * Parse the JSONL log. Malformed lines are skipped silently — the file
+ * is append-only and may have partial-write tail rows. Returning the
+ * stable typed shape lets the formatter walk without re-checking every
+ * field.
+ */
+function parseEvents(raw) {
+    const out = [];
+    for (const line of raw.split('\n')) {
+        const trimmed = line.trim();
+        if (trimmed.length === 0)
+            continue;
+        try {
+            const parsed = JSON.parse(trimmed);
+            const type = typeof parsed.type === 'string' ? parsed.type : '';
+            const timestamp = typeof parsed.timestamp === 'string' ? parsed.timestamp : '';
+            if (type.length === 0)
+                continue;
+            out.push({ raw: parsed, type, timestamp });
+        }
+        catch {
+            // partial-write or corrupt row; skip without affecting the rest
+        }
+    }
+    return out;
+}
+/**
+ * Resolve the effective session id. When the operator passes a non-empty
+ * value we honour it. When they pass an empty string / placeholder
+ * (`'no-session'`), we fall back to the newest `session.created` event
+ * id in the file. Last-resort fallback is the literal placeholder so the
+ * transcript still renders something meaningful in the front matter.
+ */
+function pickSessionId(provided, events) {
+    if (provided && provided !== 'no-session')
+        return provided;
+    for (let i = events.length - 1; i >= 0; i -= 1) {
+        const e = events[i];
+        if (!e)
+            continue;
+        if (e.type === 'session' && e.raw.name === 'created' && typeof e.raw.sessionId === 'string') {
+            return e.raw.sessionId;
+        }
+    }
+    return provided || 'unknown-session';
+}
+/**
+ * Format one event as a Markdown block. Returns `null` to suppress the
+ * event entirely (e.g. session.created is captured in front matter so we
+ * skip it here).
+ */
+function renderEvent(event) {
+    const ts = event.timestamp || '';
+    switch (event.type) {
+        case 'session': {
+            const name = String(event.raw.name ?? '');
+            if (name === 'created')
+                return null; // captured by front matter
+            if (name === 'command_started') {
+                const command = String(event.raw.command ?? '');
+                return {
+                    lines: [`## ${ts} — command \`${escapeInline(command)}\``],
+                    isTurn: false,
+                };
+            }
+            if (name === 'command_completed') {
+                const command = String(event.raw.command ?? '');
+                const status = String(event.raw.status ?? 'unknown');
+                return {
+                    lines: [`_command \`${escapeInline(command)}\` finished: ${status}_`],
+                    isTurn: false,
+                };
+            }
+            return {
+                lines: [`_session ${name}_`],
+                isTurn: false,
+            };
+        }
+        case 'tool_call': {
+            const tool = String(event.raw.tool ?? 'unknown');
+            const summary = String(event.raw.inputSummary ?? '');
+            const out = [`### ${ts} — tool \`${escapeInline(tool)}\``];
+            if (summary.length > 0) {
+                out.push('');
+                out.push('Input:');
+                out.push(fenced(summary));
+            }
+            return { lines: out, isTurn: true };
+        }
+        case 'tool_result': {
+            const status = String(event.raw.status ?? 'unknown');
+            const summary = String(event.raw.outputSummary ?? '');
+            const out = [`Result (${status}):`];
+            if (summary.length > 0) {
+                out.push(fenced(summary));
+            }
+            return { lines: out, isTurn: false };
+        }
+        case 'file_mutation': {
+            const path = String(event.raw.path ?? '');
+            const op = String(event.raw.operation ?? '');
+            return {
+                lines: [`- file ${op}: \`${escapeInline(path)}\``],
+                isTurn: false,
+            };
+        }
+        case 'subagent.spawned':
+        case 'subagent.tool_call':
+        case 'subagent.completed':
+        case 'subagent.blocked':
+        case 'subagent.failed': {
+            const role = String(event.raw.role ?? '');
+            const persona = String(event.raw.personaSlug ?? '');
+            const detail = String(event.raw.detail ?? event.raw.error ?? event.raw.toolName ?? '');
+            const tail = detail.length > 0 ? ` ${detail}` : '';
+            return {
+                lines: [`_[subagent ${role} / ${persona}] ${event.type}${tail}_`],
+                isTurn: false,
+            };
+        }
+        case 'hook.invoked':
+        case 'hook.result':
+        case 'hook.skipped': {
+            const ev = String(event.raw.event ?? '');
+            const reason = String(event.raw.reason ?? event.raw.runSummary ?? event.raw.matchSummary ?? '');
+            const tail = reason.length > 0 ? ` ${reason}` : '';
+            return {
+                lines: [`_[hook ${ev}] ${event.type.replace('hook.', '')}${tail}_`],
+                isTurn: false,
+            };
+        }
+        case 'compaction.started':
+        case 'compaction.completed':
+        case 'compaction.skipped':
+        case 'compaction.invariant_violated': {
+            const tier = String(event.raw.tier ?? '');
+            return {
+                lines: [`_[compaction ${tier}] ${event.type.replace('compaction.', '')}_`],
+                isTurn: false,
+            };
+        }
+        default: {
+            return {
+                lines: [`_[event type=${event.type}]_`],
+                isTurn: false,
+            };
+        }
+    }
+}
+/**
+ * Wrap a string in a fenced code block. Pick a fence length that does
+ * not collide with backtick runs inside the content. Markdown 0.30 allows
+ * variable-length fences; we pick the shortest that is longer than the
+ * longest run inside the content (min 3, max 7).
+ */
+function fenced(content) {
+    const longestRun = (content.match(/`+/g) ?? [])
+        .map((s) => s.length)
+        .reduce((max, n) => (n > max ? n : max), 0);
+    const fenceLen = Math.min(7, Math.max(3, longestRun + 1));
+    const fence = '`'.repeat(fenceLen);
+    // Trim trailing whitespace inside content so the closing fence sits
+    // tight against the body; preserve leading whitespace (matters for code).
+    return `${fence}\n${content.replace(/\s+$/u, '')}\n${fence}`;
+}
+/**
+ * Escape inline-Markdown specials (backtick, pipe) inside a span that we
+ * are wrapping in inline code. The closing backtick rule says a `<code>`
+ * span can contain backticks as long as the fence length differs — for
+ * simplicity we replace bare backticks with a Unicode look-alike when
+ * they appear in identifier-like positions (e.g. paths or tool names).
+ * Backticks in real content go through `fenced()` instead.
+ */
+function escapeInline(text) {
+    return text.replace(/`/g, 'ˋ');
+}
+//# sourceMappingURL=formatter.js.map