npm - @pugi/cli - Versions diffs - 0.1.0-beta.8 → 0.1.0-beta.88 - Mend

@pugi/cli 0.1.0-beta.8 → 0.1.0-beta.88

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (405) hide show

package/CHANGELOG.md +132 -0
package/LICENSE +1 -1
package/THIRD_PARTY_NOTICES.md +40 -0
package/assets/pugi-prozr2-mascot.ansi +9 -0
package/bin/run.js +33 -1
package/dist/commands/deploy.js +40 -40
package/dist/commands/flatten.js +191 -0
package/dist/commands/jobs-watch.js +201 -0
package/dist/commands/jobs.js +42 -27
package/dist/commands/smoke.js +133 -0
package/dist/core/agent-progress/cleanup.js +134 -0
package/dist/core/agent-progress/schema.js +144 -0
package/dist/core/agent-progress/writer.js +101 -0
package/dist/core/agents/adaptive-router.js +330 -0
package/dist/core/agents/query-decomposer.js +297 -0
package/dist/core/agents/registry.js +3 -3
package/dist/core/approvals/shortcut-resolver.js +98 -0
package/dist/core/artifact-chain/dispatcher.js +148 -0
package/dist/core/artifact-chain/exporter.js +164 -0
package/dist/core/artifact-chain/state.js +243 -0
package/dist/core/artifact-chain/steps.js +169 -0
package/dist/core/ask-user/question.js +92 -0
package/dist/core/audit/audit-trail.js +275 -0
package/dist/core/auth/ensure-authenticated.js +129 -0
package/dist/core/auth/env-provider.js +238 -0
package/dist/core/auto-open-browser.js +4 -4
package/dist/core/auto-update/channels.js +122 -0
package/dist/core/auto-update/checker.js +241 -0
package/dist/core/auto-update/state.js +235 -0
package/dist/core/bare-mode/index.js +107 -0
package/dist/core/bash/redirect.js +281 -0
package/dist/core/bash-classifier.js +436 -40
package/dist/core/checkpoint/resumer.js +149 -0
package/dist/core/checkpoint/rewinder.js +291 -0
package/dist/core/checkpoints/shadow-git.js +670 -0
package/dist/core/citations/parser.js +109 -0
package/dist/core/classifier/yolo-classifier.js +88 -0
package/dist/core/codegraph/decision-store.js +248 -0
package/dist/core/codegraph/detect-repo.js +459 -0
package/dist/core/codegraph/install.js +134 -0
package/dist/core/codegraph/offer-hook.js +220 -0
package/dist/core/compact/auto-trigger.js +96 -0
package/dist/core/compact/buffer-rewriter.js +115 -0
package/dist/core/compact/summarizer.js +208 -0
package/dist/core/compact/token-counter.js +108 -0
package/dist/core/consensus/anvil-fanout.js +25 -25
package/dist/core/consensus/diff-capture.js +121 -12
package/dist/core/consensus/rubric.js +21 -21
package/dist/core/context/builder.js +6 -6
package/dist/core/context/compaction-events.js +8 -8
package/dist/core/context/compaction.js +31 -31
package/dist/core/context/index.js +15 -8
package/dist/core/context/invariants.js +51 -51
package/dist/core/context/markdown-loader.js +28 -10
package/dist/core/context/markdown-traverse.js +255 -0
package/dist/core/context/pugiignore.js +41 -41
package/dist/core/context/repo-skeleton.js +37 -37
package/dist/core/context/tool-eviction.js +55 -0
package/dist/core/context/watcher.js +32 -32
package/dist/core/context/working-set.js +23 -23
package/dist/core/coordinator/agent-tools.js +77 -0
package/dist/core/coordinator/agent-toolset.js +65 -0
package/dist/core/coordinator/fsm.js +73 -0
package/dist/core/coordinator/mode-fsm.js +70 -0
package/dist/core/cost/rate-card.js +129 -0
package/dist/core/cost/tracker.js +221 -0
package/dist/core/credentials.js +12 -12
package/dist/core/cron/scheduler.js +138 -0
package/dist/core/denial-tracking/index.js +8 -0
package/dist/core/denial-tracking/state.js +264 -0
package/dist/core/diagnostics/probe-runner.js +93 -0
package/dist/core/diagnostics/probes/api.js +46 -0
package/dist/core/diagnostics/probes/auth.js +93 -0
package/dist/core/diagnostics/probes/bare-mode.js +42 -0
package/dist/core/diagnostics/probes/cli-version.js +127 -0
package/dist/core/diagnostics/probes/config.js +72 -0
package/dist/core/diagnostics/probes/denial-tracking.js +57 -0
package/dist/core/diagnostics/probes/disk.js +81 -0
package/dist/core/diagnostics/probes/engine-live.js +46 -0
package/dist/core/diagnostics/probes/git.js +65 -0
package/dist/core/diagnostics/probes/hooks.js +118 -0
package/dist/core/diagnostics/probes/mcp.js +75 -0
package/dist/core/diagnostics/probes/node.js +59 -0
package/dist/core/diagnostics/probes/pnpm.js +36 -0
package/dist/core/diagnostics/probes/pugi-md.js +89 -0
package/dist/core/diagnostics/probes/sandbox.js +40 -0
package/dist/core/diagnostics/probes/session.js +74 -0
package/dist/core/diagnostics/probes/status-snapshot.js +488 -0
package/dist/core/diagnostics/probes/workspace.js +63 -0
package/dist/core/diagnostics/types.js +70 -0
package/dist/core/dispatch/cache-cleanup.js +197 -0
package/dist/core/dispatch/cache-handoff.js +295 -0
package/dist/core/edits/apply-patch-layer-e.js +189 -0
package/dist/core/edits/dispatch.js +293 -7
package/dist/core/edits/format-matrix.js +26 -0
package/dist/core/edits/fuzzy-ladder.js +650 -0
package/dist/core/edits/index.js +3 -1
package/dist/core/edits/journal.js +199 -0
package/dist/core/edits/layer-a-apply.js +15 -15
package/dist/core/edits/layer-a-fuzzy-apply.js +198 -0
package/dist/core/edits/layer-b-apply.js +9 -9
package/dist/core/edits/layer-c-apply.js +6 -6
package/dist/core/edits/layer-d-ast.js +557 -14
package/dist/core/edits/marker-parser.js +12 -12
package/dist/core/edits/security-gate.js +27 -27
package/dist/core/edits/verify-hook.js +273 -0
package/dist/core/edits/worktree.js +322 -0
package/dist/core/engine/anvil-client.js +151 -26
package/dist/core/engine/auto-compact.js +179 -0
package/dist/core/engine/budgets.js +186 -0
package/dist/core/engine/context-prefix.js +155 -0
package/dist/core/engine/index.js +1 -1
package/dist/core/engine/intensity.js +158 -0
package/dist/core/engine/intent.js +260 -0
package/dist/core/engine/native-pugi.js +1295 -227
package/dist/core/engine/prompts.js +134 -16
package/dist/core/engine/strip-internal-fields.js +124 -0
package/dist/core/engine/tool-bridge.js +1295 -59
package/dist/core/evaluation/golden-dataset.js +293 -0
package/dist/core/feedback/queue.js +177 -0
package/dist/core/feedback/submitter.js +145 -0
package/dist/core/file-cache.js +113 -1
package/dist/core/flatten/flatten-repo.js +439 -0
package/dist/core/format/osc8-link.js +28 -0
package/dist/core/hook-chains.js +392 -0
package/dist/core/hooks/citation-verify-hook.js +138 -0
package/dist/core/hooks/citation-verify.js +112 -0
package/dist/core/hooks/events.js +44 -0
package/dist/core/hooks/index.js +15 -0
package/dist/core/hooks/registry.js +213 -0
package/dist/core/hooks/runner.js +236 -0
package/dist/core/hooks/v2/event-emitter.js +115 -0
package/dist/core/hooks/v2/executor.js +282 -0
package/dist/core/hooks/v2/index.js +25 -0
package/dist/core/hooks/v2/lifecycle.js +104 -0
package/dist/core/hooks/v2/loader.js +216 -0
package/dist/core/hooks/v2/matcher.js +125 -0
package/dist/core/hooks/v2/trust.js +143 -0
package/dist/core/hooks/v2/types.js +86 -0
package/dist/core/image/renderer.js +71 -0
package/dist/core/init/detector.js +582 -0
package/dist/core/init/template-renderer.js +242 -0
package/dist/core/jobs/registry.js +18 -18
package/dist/core/ledger/results-tsv.js +142 -0
package/dist/core/log-discipline/stdout-redirect.js +51 -0
package/dist/core/lsp/cache.js +105 -0
package/dist/core/lsp/client.js +776 -0
package/dist/core/lsp/language-detect.js +66 -0
package/dist/core/lsp/post-edit-diagnostics.js +171 -0
package/dist/core/lsp/symbol-tools.js +372 -0
package/dist/core/mcp/client.js +97 -28
package/dist/core/mcp/http-server.js +553 -0
package/dist/core/mcp/orchestrator-tools.js +662 -0
package/dist/core/mcp/permission.js +190 -0
package/dist/core/mcp/registry.js +39 -17
package/dist/core/mcp/server-tools.js +219 -0
package/dist/core/mcp/server.js +397 -0
package/dist/core/mcp/trust.js +10 -10
package/dist/core/memory/dual-write.js +416 -0
package/dist/core/memory/passive-extract.js +130 -0
package/dist/core/memory/phase1-kinds.js +20 -0
package/dist/core/memory/secret-scanner.js +304 -0
package/dist/core/memory-sync/queue.js +170 -0
package/dist/core/metrics/extract.js +113 -0
package/dist/core/modes/roo-modes.js +68 -0
package/dist/core/onboarding/ensure-initialized.js +133 -0
package/dist/core/onboarding/marker.js +111 -0
package/dist/core/onboarding/telemetry-state.js +108 -0
package/dist/core/output-style/presets.js +176 -0
package/dist/core/output-style/state.js +185 -0
package/dist/core/path-security.js +287 -5
package/dist/core/permission.js +82 -22
package/dist/core/permissions/auto-classifier.js +124 -0
package/dist/core/permissions/bash-parser.js +371 -0
package/dist/core/permissions/circuit-breaker.js +83 -0
package/dist/core/permissions/constrained-edit.js +91 -0
package/dist/core/permissions/gate.js +278 -0
package/dist/core/permissions/index.js +20 -0
package/dist/core/permissions/mode.js +174 -0
package/dist/core/permissions/network-egress.js +137 -0
package/dist/core/permissions/state.js +241 -0
package/dist/core/permissions/tool-class.js +93 -0
package/dist/core/plan-mode/ui-state.js +51 -0
package/dist/core/plans/plan-artifact.js +721 -0
package/dist/core/policy-limits/etag-store.js +122 -0
package/dist/core/prd-check/parser.js +215 -0
package/dist/core/prd-check/reporter.js +127 -0
package/dist/core/prd-check/session-review.js +557 -0
package/dist/core/prd-check/verifiers.js +223 -0
package/dist/core/prompt-cache/client-cache.js +99 -0
package/dist/core/prompts/assembly.js +29 -0
package/dist/core/prompts/registry.js +364 -0
package/dist/core/pugi-md/cc-compat-rules.js +735 -0
package/dist/core/pugi-md/context-injector.js +76 -0
package/dist/core/pugi-md/walk-up.js +207 -0
package/dist/core/python/uv-installer.js +270 -0
package/dist/core/python/uv-resolver.js +83 -0
package/dist/core/rate-limit/narrator.js +146 -0
package/dist/core/recipes/cli-types.js +20 -0
package/dist/core/recipes/loader.js +103 -0
package/dist/core/recipes/runner.js +345 -0
package/dist/core/recipes/schema.js +587 -0
package/dist/core/release-notes/parser.js +241 -0
package/dist/core/release-notes/state.js +116 -0
package/dist/core/repl/ask.js +37 -37
package/dist/core/repl/cancellation.js +26 -26
package/dist/core/repl/cap-warning.js +4 -4
package/dist/core/repl/clipboard-read.js +11 -11
package/dist/core/repl/dispatch-fsm.js +12 -12
package/dist/core/repl/history-search.js +15 -15
package/dist/core/repl/history.js +28 -18
package/dist/core/repl/kill-ring.js +5 -5
package/dist/core/repl/model-pricing.js +135 -0
package/dist/core/repl/privacy-banner.js +22 -22
package/dist/core/repl/session.js +2157 -214
package/dist/core/repl/slash-commands.js +533 -40
package/dist/core/repl/store/index.js +1 -1
package/dist/core/repl/store/jsonl-log.js +22 -22
package/dist/core/repl/store/lockfile.js +10 -10
package/dist/core/repl/store/session-store.js +136 -107
package/dist/core/repl/store/types.js +15 -15
package/dist/core/repl/store/uuid-v7.js +12 -12
package/dist/core/repl/workspace-context.js +43 -21
package/dist/core/repo-map/build.js +125 -0
package/dist/core/repo-map/cache.js +185 -0
package/dist/core/repo-map/extractor.js +254 -0
package/dist/core/repo-map/formatter.js +145 -0
package/dist/core/repo-map/page-rank.js +105 -0
package/dist/core/repo-map/scanner.js +211 -0
package/dist/core/retry-budget/budget.js +284 -0
package/dist/core/retry-budget/index.js +5 -0
package/dist/core/retry-budget/retry-cap.js +74 -0
package/dist/core/routing/lead-worker.js +43 -0
package/dist/core/routing/pre-flight-estimator.js +108 -0
package/dist/core/runs/run-tree.js +103 -0
package/dist/core/security/injection-scanner.js +367 -0
package/dist/core/security/output-filter.js +418 -0
package/dist/core/session/env-file.js +105 -0
package/dist/core/session/section-budgets.js +140 -0
package/dist/core/session.js +92 -0
package/dist/core/settings.js +298 -5
package/dist/core/share/formatter.js +271 -0
package/dist/core/share/redactor.js +221 -0
package/dist/core/share/uploader.js +267 -0
package/dist/core/skills/defaults.js +457 -0
package/dist/core/skills/loader.js +22 -22
package/dist/core/skills/sources.js +27 -27
package/dist/core/smoke/headless-driver.js +174 -0
package/dist/core/smoke/orchestrator.js +194 -0
package/dist/core/smoke/runner.js +238 -0
package/dist/core/smoke/scenario-parser.js +316 -0
package/dist/core/statusline.js +99 -0
package/dist/core/subagents/dispatcher-real.js +600 -0
package/dist/core/subagents/dispatcher.js +132 -43
package/dist/core/subagents/index.js +19 -6
package/dist/core/subagents/isolation-matrix.js +213 -0
package/dist/core/subagents/spawn.js +19 -4
package/dist/core/telemetry/emitter.js +229 -0
package/dist/core/telemetry/queue.js +251 -0
package/dist/core/theme/context.js +91 -0
package/dist/core/theme/presets.js +228 -0
package/dist/core/theme/state.js +181 -0
package/dist/core/todos/invariant.js +10 -0
package/dist/core/todos/state.js +177 -0
package/dist/core/tool-schema/compressor.js +89 -0
package/dist/core/transport/version-interceptor.js +166 -0
package/dist/core/trust.js +2 -2
package/dist/core/tui/thinking-block.js +64 -0
package/dist/core/vim/keymap.js +288 -0
package/dist/core/vim/state.js +92 -0
package/dist/core/watch-markers/marker-watcher.js +133 -0
package/dist/core/worktree-manager/cleanup.js +123 -0
package/dist/core/worktree-manager/manager.js +303 -0
package/dist/index.js +36 -0
package/dist/runtime/bootstrap.js +190 -0
package/dist/runtime/cli.js +4203 -493
package/dist/runtime/commands/agents.js +30 -30
package/dist/runtime/commands/budget.js +5 -5
package/dist/runtime/commands/cancel.js +231 -0
package/dist/runtime/commands/chain.js +489 -0
package/dist/runtime/commands/codegraph-status.js +227 -0
package/dist/runtime/commands/compact.js +297 -0
package/dist/runtime/commands/config.js +73 -39
package/dist/runtime/commands/cost.js +199 -0
package/dist/runtime/commands/delegate.js +244 -13
package/dist/runtime/commands/dispatch.js +126 -0
package/dist/runtime/commands/doctor.js +579 -0
package/dist/runtime/commands/feedback.js +184 -0
package/dist/runtime/commands/hooks.js +184 -0
package/dist/runtime/commands/init.js +254 -0
package/dist/runtime/commands/lsp.js +368 -0
package/dist/runtime/commands/mcp.js +879 -0
package/dist/runtime/commands/memory.js +582 -0
package/dist/runtime/commands/model.js +237 -0
package/dist/runtime/commands/onboarding.js +275 -0
package/dist/runtime/commands/patch.js +128 -0
package/dist/runtime/commands/permissions.js +112 -0
package/dist/runtime/commands/plan.js +143 -0
package/dist/runtime/commands/prd-check.js +285 -0
package/dist/runtime/commands/privacy.js +17 -17
package/dist/runtime/commands/recipe.js +325 -0
package/dist/runtime/commands/redo-blob-store.js +92 -0
package/dist/runtime/commands/redo.js +361 -0
package/dist/runtime/commands/release-notes.js +229 -0
package/dist/runtime/commands/repo-map.js +95 -0
package/dist/runtime/commands/report.js +299 -0
package/dist/runtime/commands/resume.js +118 -0
package/dist/runtime/commands/review-consensus.js +68 -53
package/dist/runtime/commands/rewind.js +333 -0
package/dist/runtime/commands/roster.js +14 -14
package/dist/runtime/commands/sessions.js +163 -0
package/dist/runtime/commands/share.js +316 -0
package/dist/runtime/commands/skills.js +31 -31
package/dist/runtime/commands/status.js +186 -0
package/dist/runtime/commands/stickers.js +82 -0
package/dist/runtime/commands/style.js +194 -0
package/dist/runtime/commands/theme.js +196 -0
package/dist/runtime/commands/undo.js +54 -22
package/dist/runtime/commands/update.js +289 -0
package/dist/runtime/commands/vim.js +140 -0
package/dist/runtime/commands/worktree.js +177 -0
package/dist/runtime/commands/worktrees.js +155 -0
package/dist/runtime/headless-repl.js +195 -0
package/dist/runtime/headless.js +543 -0
package/dist/runtime/load-hooks-or-exit.js +71 -0
package/dist/runtime/plan-decompose.js +531 -0
package/dist/runtime/sigint-guard.js +272 -0
package/dist/runtime/update-check.js +28 -28
package/dist/runtime/version.js +65 -0
package/dist/skills/bundled/batch.js +617 -0
package/dist/skills/bundled/index.js +45 -0
package/dist/skills/bundled/loop.js +358 -0
package/dist/skills/bundled/remember.js +383 -0
package/dist/skills/bundled/simplify.js +289 -0
package/dist/skills/bundled/skillify.js +373 -0
package/dist/skills/bundled/stuck.js +558 -0
package/dist/skills/bundled/verify.js +439 -0
package/dist/testing/vcr.js +486 -0
package/dist/tools/agent-tool.js +229 -0
package/dist/tools/apply-patch.js +556 -0
package/dist/tools/ask-user-question.js +288 -0
package/dist/tools/ask-user.js +115 -0
package/dist/tools/bash.js +624 -46
package/dist/tools/brief.js +224 -0
package/dist/tools/enter-worktree.js +250 -0
package/dist/tools/exit-worktree.js +147 -0
package/dist/tools/file-tools.js +161 -44
package/dist/tools/lsp-tools.js +189 -0
package/dist/tools/mcp-tool.js +260 -0
package/dist/tools/multi-edit.js +361 -0
package/dist/tools/powershell.js +268 -0
package/dist/tools/registry.js +85 -0
package/dist/tools/skill-tool.js +96 -0
package/dist/tools/sleep.js +99 -0
package/dist/tools/synthetic-output.js +133 -0
package/dist/tools/tasks.js +208 -0
package/dist/tools/todo-write.js +184 -0
package/dist/tools/verify-plan-execution.js +295 -0
package/dist/tools/web-fetch-injection-scanner.js +207 -0
package/dist/tools/web-fetch.js +195 -10
package/dist/tools/web-search.js +458 -0
package/dist/tui/agent-progress-card.js +111 -0
package/dist/tui/agent-tree.js +11 -1
package/dist/tui/ask-modal.js +14 -14
package/dist/tui/ask-user-question-chips.js +257 -0
package/dist/tui/ask-user-question-prompt.js +203 -0
package/dist/tui/compact-banner.js +81 -0
package/dist/tui/conversation-pane.js +85 -11
package/dist/tui/cost-table.js +111 -0
package/dist/tui/device-flow.js +2 -2
package/dist/tui/doctor-table.js +46 -0
package/dist/tui/feedback-prompt.js +156 -0
package/dist/tui/input-box.js +247 -32
package/dist/tui/login-picker.js +3 -3
package/dist/tui/markdown-render.js +6 -6
package/dist/tui/onboarding-wizard.js +240 -0
package/dist/tui/permissions-picker.js +86 -0
package/dist/tui/render.js +35 -0
package/dist/tui/repl-render.js +332 -54
package/dist/tui/repl-splash-art.js +16 -16
package/dist/tui/repl-splash-mascot.js +48 -24
package/dist/tui/repl-splash.js +22 -22
package/dist/tui/repl.js +124 -44
package/dist/tui/slash-palette.js +6 -6
package/dist/tui/splash.js +2 -2
package/dist/tui/status-bar.js +109 -31
package/dist/tui/status-table.js +7 -0
package/dist/tui/stickers-art.js +136 -0
package/dist/tui/style-table.js +28 -0
package/dist/tui/theme-table.js +29 -0
package/dist/tui/thinking-spinner.js +123 -0
package/dist/tui/tool-stream-pane.js +53 -4
package/dist/tui/update-banner.js +27 -2
package/dist/tui/vim-input.js +267 -0
package/dist/tui/welcome-banner.js +107 -0
package/dist/tui/welcome-data.js +293 -0
package/dist/tui/workspace-context.js +2 -2
package/docs/examples/codegraph.mcp.json +10 -0
package/package.json +25 -7
package/test/scenarios/codegen-create-file.scenario.txt +13 -0
package/test/scenarios/compact-force.scenario.txt +11 -0
package/test/scenarios/identity.scenario.txt +11 -0
package/test/scenarios/persona-handoff.scenario.txt +11 -0
package/test/scenarios/walkback.scenario.txt +12 -0
package/dist/core/engine/compaction-hook.js +0 -154

package/dist/core/session.js CHANGED Viewed

@@ -18,6 +18,98 @@ export function openSession(root) {
         enabled,
     };
 }
+/**
+ * MVP — fire the `SessionStart` lifecycle event for all hooks
+ * declared in `~/.pugi/hooks-mvp.json`. Single-call surface; the REPL
+ * boot path invokes this once after `openSession`. Best-effort: any
+ * failure (missing config, hook spawn error) is swallowed so a
+ * misconfigured hook can never crash the REPL.
+ *
+ * Returns the number of hooks that fired (0 when no config / no
+ * matching hooks). Tests assert on the return value as the
+ * single-call invariant.
+ */
+export async function fireSessionStartMvp(session) {
+    try {
+        const { loadHooksConfig, fireHooks } = await import('./hooks/index.js');
+        // Defense-in-depth: `loadHooksConfig` is contractually non-null
+        // (returns `HooksConfig.empty(path)` when the file is absent), but
+        // the dynamic import boundary above can in principle return an
+        // unexpected shape if the module is mis-resolved at runtime. Guard
+        // the optional-chained `isEmpty()` call so a malformed loader can
+        // never raise `TypeError: Cannot read properties of undefined` and
+        // crash the REPL boot path. Belt-and-suspenders with the
+        // surrounding try/catch — the catch still swallows everything else.
+        const config = loadHooksConfig();
+        if (!config || config.isEmpty())
+            return 0;
+        const outcome = await fireHooks({
+            config,
+            event: 'SessionStart',
+            payload: {
+                event: 'SessionStart',
+                sessionId: session.id,
+                workspaceRoot: session.root,
+                startedAt: new Date().toISOString(),
+            },
+            workspaceRoot: session.root,
+        });
+        return outcome.results.length;
+    }
+    catch {
+        // SessionStart is never blocking — log nothing, return 0. A
+        // broken `hooks-mvp.json` is surfaced via `pugi hooks doctor`.
+        return 0;
+    }
+}
+/**
+ * P1 — fire the v2 `SessionStart` event from `~/.pugi/hooks.json`
+ * (global) + `<workspaceRoot>/.pugi/hooks.json` (project). Companion to
+ * `fireSessionStartMvp`; both surfaces run because they read different
+ * config files.
+ *
+ * Headless by default (no trust prompt) — the v2 trust ledger gates
+ * first-run executions. Operators with no prior trust decision will see
+ * the SessionStart hook skipped with a `denied by trust ledger` stderr
+ * note; running `pugi hooks trust allow <command>` enrolls it.
+ *
+ * Returns the number of hooks that ran (excluding trust-denied skips).
+ * Never throws.
+ */
+export async function fireSessionStartV2(session) {
+    try {
+        const { fireSessionStart } = await import('./hooks/v2/index.js');
+        const outcome = await fireSessionStart({
+            sessionId: session.id,
+            workspaceRoot: session.root,
+            transcriptPath: session.eventsPath,
+            permissionMode: 'ask',
+        });
+        return outcome.results.filter((r) => r.exitCode !== -1).length;
+    }
+    catch {
+        return 0;
+    }
+}
+/**
+ * P1 — fire the v2 `SessionEnd` event. Called by the REPL
+ * teardown path. Companion to `fireSessionStartV2`.
+ */
+export async function fireSessionEndV2(session) {
+    try {
+        const { fireSessionEnd } = await import('./hooks/v2/index.js');
+        const outcome = await fireSessionEnd({
+            sessionId: session.id,
+            workspaceRoot: session.root,
+            transcriptPath: session.eventsPath,
+            permissionMode: 'ask',
+        });
+        return outcome.results.filter((r) => r.exitCode !== -1).length;
+    }
+    catch {
+        return 0;
+    }
+}
 export function recordCommandStarted(session, command) {
     if (!session.enabled)
         return;

package/dist/core/settings.js CHANGED Viewed

@@ -20,6 +20,22 @@ const pugiSettingsSchema = z.object({
         allow: z.array(z.string()).default([]),
         deny: z.array(z.string()).default([]),
         notAutomatic: z.array(z.string()).default([]),
+        // task — operator-declared read-only paths. Every
+        // edit / write tool call whose target matches one of these
+        // patterns is denied with source `readonly_paths`, regardless
+        // of the active permission mode. Match grammar mirrors
+        // allow/deny: exact path OR tail-* glob. Targets are
+        // workspace-relative, no leading slash.
+        //
+        // Why a dedicated field вместо leaning on a generic deny rule
+        // like `deny: ["edit:vendor/x"]`?
+        //  - Explicit intent surfaces в `pugi doctor` and the REPL
+        //    ("3 paths read-only") без parsing rule strings.
+        //  - Covers BOTH the `edit` tool AND the `write` tool with
+        //    one entry; a generic deny needs two rules.
+        //  - Survives a future migration of the `permissions` schema
+        //    because the field carries its own contract.
+        readonlyPaths: z.array(z.string()).default([]),
     })
         .default({}),
     privacy: z
@@ -28,6 +44,17 @@ const pugiSettingsSchema = z.object({
         telemetry: z.enum(['off', 'anonymous', 'community']).default('off'),
     })
         .default({}),
+    // beta.13 P1 fix: ui.cyberZoo gates the cyber-zoo splash +
+    // ambient art in the REPL. Schema must declare the key explicitly
+    // because Zod's strip pass swallows unknown keys, which is how the
+    // initial `pugi init` write (which serialises `ui.cyberZoo`) was
+    // bypassed by the runtime reader — the value never made it past the
+    // schema gate so admin-api always saw the historical 'on' default.
+    ui: z
+        .object({
+        cyberZoo: z.enum(['on', 'off']).default('on'),
+    })
+        .default({}),
     artifacts: z
         .object({
         defaultPath: z.string().default('.pugi/artifacts'),
@@ -38,6 +65,12 @@ const pugiSettingsSchema = z.object({
     // fetcher. Default-off matches the spec posture; the schema must
     // declare it explicitly because Zod's strict-pass strips unknown
     // keys and would silently swallow the operator's intent.
+    //
+    // β1b T4 : added `web.search.enabled` to gate the
+    // Brave-Search-backed `web_search` tool. Distinct from `web.fetch`
+    // because search queries themselves are an egress event that can
+    // leak operator intent — an operator may want fetch without
+    // implicitly enabling search-as-egress.
     web: z
         .object({
         fetch: z
@@ -45,15 +78,275 @@ const pugiSettingsSchema = z.object({
             enabled: z.boolean().optional(),
         })
             .optional(),
+        search: z
+            .object({
+            enabled: z.boolean().optional(),
+        })
+            .optional(),
+    })
+        .optional(),
+    // β7 L9 — per-language LSP toggle. When omitted, every supported
+    // server is available subject to binary detection on PATH. When
+    // present, only languages set to `true` are launched (false silently
+    // skips that language even if the binary is installed). Use this in
+    // workspaces where a heavyweight server (rust-analyzer indexing a
+    // monorepo, pyright on a fresh venv) wastes resources for the
+    // current task. The `pugi lsp servers` subcommand surfaces the
+    // current toggle state per server.
+    //
+    // Schema is intentionally permissive (`optional()` on the section AND
+    // on every per-language flag) so a partial config keeps the
+    // backwards-compatible "every language enabled" default.
+    lsp: z
+        .object({
+        typescript: z.boolean().optional(),
+        javascript: z.boolean().optional(),
+        python: z.boolean().optional(),
+        go: z.boolean().optional(),
+        rust: z.boolean().optional(),
+        // post-edit auto-diagnostics. When `true`,
+        // a successful `edit`/`write`/`multi_edit` triggers a diagnostic
+        // pull on the touched file(s) and the result is appended to the
+        // tool envelope so the model can self-correct in the same turn.
+        // Off by default — the cold-start of `typescript-language-server`
+        // is heavy enough that we opt in explicitly until dogfood proves
+        // the throughput trade is worth it. Also enabled via env var
+        // `PUGI_LSP_POST_EDIT=1` for CI / one-off operator probes.
+        postEditDiagnostics: z.boolean().optional(),
+    })
+        .optional(),
+    // β1 Pl9 — per-command budget overrides. Optional. Partial
+    // overrides merge against the β1 defaults in
+    // `core/engine/budgets.ts::beta1DefaultBudgets`. The schema is
+    // intentionally loose at the leaf (positive integers) so a typo lands
+    // a deterministic `BudgetConfigError` at `resolveBudget()` instead of
+    // a Zod parse error two layers up.
+    // task — operator-customizable status line.
+    // When `command` is set, Pugi spawns it on each turn boundary with
+    // a single JSON document on stdin (see `statusline.ts` for the
+    // schema). The command's stdout (first non-empty line, trimmed) is
+    // displayed in the Ink Footer. Failures are non-fatal — they emit
+    // a structured log line and the footer falls back to the default.
+    // Mirrors CC's `statusLine` config so cross-tool muscle memory
+    // carries over для operators who lived in CC first.
+    statusLine: z
+        .object({
+        command: z.string().min(1),
+        timeoutMs: z.number().int().positive().max(5000).default(500),
+    })
+        .optional(),
+    budgets: z
+        .object({
+        code: z
+            .object({ maxTokens: z.number().int().positive().optional(), maxToolCalls: z.number().int().positive().optional() })
+            .optional(),
+        fix: z
+            .object({ maxTokens: z.number().int().positive().optional(), maxToolCalls: z.number().int().positive().optional() })
+            .optional(),
+        build: z
+            .object({ maxTokens: z.number().int().positive().optional(), maxToolCalls: z.number().int().positive().optional() })
+            .optional(),
+        plan: z
+            .object({ maxTokens: z.number().int().positive().optional(), maxToolCalls: z.number().int().positive().optional() })
+            .optional(),
+        explain: z
+            .object({ maxTokens: z.number().int().positive().optional(), maxToolCalls: z.number().int().positive().optional() })
+            .optional(),
+        review_triple: z
+            .object({ maxTokens: z.number().int().positive().optional(), maxToolCalls: z.number().int().positive().optional() })
+            .optional(),
+    })
+        .optional(),
+    // #24 (CEO P1) — hook chains. First-class config
+    // for `PostToolUseFailure` + `TaskCompleted` event chains. The shape
+    // is intentionally loose (`z.any()` at the leaf) because the
+    // canonical reader lives in `core/hook-chains.ts` where the
+    // matcher/run/timeoutMs grammar is validated. Declaring the key here
+    // keeps Zod's strip-pass from swallowing it before the chain reader
+    // sees it. See `hook-chains.ts` for the full schema.
+    hooks: z.any().optional(),
+    // PUGI-260 — persistent default for the 1M context tier opt-in.
+    // `pugi config set context.tier 1m` writes this; per-invocation
+    // `--context-tier=...` flags override it. When omitted, the CLI
+    // sends no `contextTier` field на the wire (server treats as
+    // `standard` routing). The closed enum mirrors the CLI flag и the
+    // admin-api DTO; an unrecognised value triggers a Zod parse error
+    // at load time rather than a silent fallback.
+    context: z
+        .object({
+        tier: z.enum(['1m', 'standard']).optional(),
     })
         .optional(),
 });
-export function loadSettings(root) {
+/**
+ * #20 — the upstream tool drop-in compat ingest.
+ *
+ * Operators migrating from the upstream tool typically keep a `.claude/`
+ * directory at workspace root with settings.json, slash commands,
+ * and ambient guidance files. We honour the existence of that
+ * directory and mirror the subset of keys that map cleanly onto
+ * Pugi's own settings surface — Pugi values ALWAYS win on conflict
+ * (the operator opted into Pugi as their primary), CC fills gaps.
+ *
+ * Opt-out: `PUGI_CC_COMPAT_DISABLE=1` short-circuits the merger and
+ * loads only `.pugi/settings.json` (or the empty default).
+ *
+ * Key mirror table:
+ *  - `permissions.defaultMode` → `permissions.mode`
+ *    (CC values map: `acceptEdits|plan|bypassPermissions|default` →
+ *     `acceptEdits|plan|bypassPermissions|ask`).
+ *  - `permissions.allow` → `permissions.allow` (concatenated, deduped).
+ *  - `permissions.deny` → `permissions.deny` (concatenated, deduped).
+ *  - `enabledPlugins`   → ignored (CC-only concept; Pugi has its own
+ *     plugin surface and we do not want to silently activate them).
+ *  - `hooks`            → currently ignored. Pugi's hook system is
+ *     managed via `apps/pugi-cli/src/core/hooks/`; future work can
+ *     wire CC hook entries through that bridge.
+ *
+ * Unknown CC keys are dropped on the floor by Zod's strip semantics
+ * just like the existing PUGI settings path — we never warn on
+ * unrecognised CC keys, because the CC surface is wider and we want
+ * fallthrough to be silent (operator does not need a stream of "we
+ * skipped this CC concept" warnings on every CLI invocation).
+ */
+const ccPermissionsSchema = z
+    .object({
+    defaultMode: z.string().optional(),
+    allow: z.array(z.string()).optional(),
+    deny: z.array(z.string()).optional(),
+})
+    .passthrough()
+    .optional();
+const ccSettingsSchema = z
+    .object({
+    permissions: ccPermissionsSchema,
+    enabledPlugins: z.unknown().optional(),
+    hooks: z.unknown().optional(),
+})
+    .passthrough();
+/**
+ * Env var that disables ingest entirely. Useful for CI
+ * sandboxes where a stray `.claude/` from a parent checkout could
+ * otherwise leak permissions into Pugi.
+ */
+export const CC_COMPAT_DISABLE_ENV = 'PUGI_CC_COMPAT_DISABLE';
+/**
+ * Map a CC `permissions.defaultMode` to the closest Pugi permission
+ * mode. Unknown / missing values map to `undefined` so the caller
+ * keeps Pugi's own default.
+ *
+ * CC's `default` mode = "ask the user for each tool" which is Pugi's
+ * `ask` mode. `acceptEdits` / `plan` / `bypassPermissions` map 1:1.
+ */
+export function mapCcPermissionMode(mode) {
+    if (typeof mode !== 'string')
+        return undefined;
+    switch (mode) {
+        case 'acceptEdits':
+            return 'acceptEdits';
+        case 'plan':
+            return 'plan';
+        case 'bypassPermissions':
+            return 'bypassPermissions';
+        case 'default':
+            return 'ask';
+        default:
+            return undefined;
+    }
+}
+/**
+ * Merge a parsed CC settings object into a Pugi settings object.
+ * Pugi ALWAYS wins on conflict; CC values fill gaps only.
+ */
+export function mergeCcIntoPugi(pugi, cc, opts) {
+    const merged = {
+        ...pugi,
+        permissions: { ...pugi.permissions },
+    };
+    const pugiWroteMode = pugiPermissionKeyPresent(opts.pugiRawJson, 'mode');
+    if (!pugiWroteMode) {
+        const ccMode = mapCcPermissionMode(cc.permissions?.defaultMode);
+        if (ccMode)
+            merged.permissions.mode = ccMode;
+    }
+    if (Array.isArray(cc.permissions?.allow)) {
+        merged.permissions.allow = dedupeKeepFirst([
+            ...pugi.permissions.allow,
+            ...cc.permissions.allow,
+        ]);
+    }
+    if (Array.isArray(cc.permissions?.deny)) {
+        merged.permissions.deny = dedupeKeepFirst([
+            ...pugi.permissions.deny,
+            ...cc.permissions.deny,
+        ]);
+    }
+    // `enabledPlugins` and `hooks` are intentionally NOT mirrored. See
+    // the doc-block above for rationale.
+    void opts.pugiSettingsExisted;
+    return merged;
+}
+function pugiPermissionKeyPresent(raw, key) {
+    if (!raw || typeof raw !== 'object')
+        return false;
+    const permissions = raw.permissions;
+    if (!permissions || typeof permissions !== 'object')
+        return false;
+    return Object.prototype.hasOwnProperty.call(permissions, key);
+}
+function dedupeKeepFirst(items) {
+    const seen = new Set();
+    const out = [];
+    for (const item of items) {
+        if (seen.has(item))
+            continue;
+        seen.add(item);
+        out.push(item);
+    }
+    return out;
+}
+/**
+ * Read + parse `.claude/settings.json` at `root`. Returns `undefined`
+ * when the file is absent, malformed, or the operator has opted out
+ * via `PUGI_CC_COMPAT_DISABLE=1`. Never throws — a broken CC settings
+ * file degrades to "no ingest", not a Pugi boot crash.
+ */
+export function loadCcSettings(root, env = process.env) {
+    if (env[CC_COMPAT_DISABLE_ENV] === '1')
+        return undefined;
+    const ccPath = resolve(root, '.claude/settings.json');
+    if (!existsSync(ccPath))
+        return undefined;
+    let parsed;
+    try {
+        parsed = JSON.parse(readFileSync(ccPath, 'utf8'));
+    }
+    catch {
+        return undefined;
+    }
+    const result = ccSettingsSchema.safeParse(parsed);
+    if (!result.success)
+        return undefined;
+    return result.data;
+}
+export function loadSettings(root, env = process.env) {
     const settingsPath = resolve(root, '.pugi/settings.json');
-    if (!existsSync(settingsPath)) {
-        return pugiSettingsSchema.parse({});
+    const pugiExists = existsSync(settingsPath);
+    let pugiRawJson = undefined;
+    let pugi;
+    if (pugiExists) {
+        pugiRawJson = JSON.parse(readFileSync(settingsPath, 'utf8'));
+        pugi = pugiSettingsSchema.parse(pugiRawJson);
+    }
+    else {
+        pugi = pugiSettingsSchema.parse({});
     }
-    const parsed = JSON.parse(readFileSync(settingsPath, 'utf8'));
-    return pugiSettingsSchema.parse(parsed);
+    const cc = loadCcSettings(root, env);
+    if (!cc)
+        return pugi;
+    return mergeCcIntoPugi(pugi, cc, {
+        pugiSettingsExisted: pugiExists,
+        pugiRawJson,
+    });
 }
 //# sourceMappingURL=settings.js.map