@pugi/cli 0.1.0-beta.8 → 0.1.0-beta.9

package/dist/tools/registry.js

@@ -1,8 +1,19 @@
 const registry = [
+    // α7.7: unified-diff patch apply. Routes through the same security
+    // gate as Layer A/B/C, so the risk class matches `edit`/`write`
+    // (medium — writes inside the workspace, never to protected files).
+    { name: 'apply_patch', permission: 'edit', risk: 'medium', concurrencySafe: false, m1: true },
     { name: 'bash', permission: 'bash', risk: 'high', concurrencySafe: false, m1: true },
     { name: 'edit', permission: 'edit', risk: 'medium', concurrencySafe: false, m1: true },
     { name: 'glob', permission: 'read', risk: 'low', concurrencySafe: true, m1: true },
     { name: 'grep', permission: 'read', risk: 'low', concurrencySafe: true, m1: true },
+    // α7.7: LSP read-only surface. Server runs locally, no Anvil
+    // round-trip. Concurrency-safe because every operation reads
+    // server state without mutating workspace files.
+    { name: 'lsp_definition', permission: 'read', risk: 'low', concurrencySafe: true, m1: true },
+    { name: 'lsp_diagnostics', permission: 'read', risk: 'low', concurrencySafe: true, m1: true },
+    { name: 'lsp_hover', permission: 'read', risk: 'low', concurrencySafe: true, m1: true },
+    { name: 'lsp_references', permission: 'read', risk: 'low', concurrencySafe: true, m1: true },
     { name: 'question', permission: 'none', risk: 'low', concurrencySafe: false, m1: true },
     { name: 'read', permission: 'read', risk: 'low', concurrencySafe: true, m1: true },
     { name: 'skill', permission: 'read', risk: 'low', concurrencySafe: true, m1: true },
@@ -11,6 +22,21 @@ const registry = [
     { name: 'task_list', permission: 'none', risk: 'low', concurrencySafe: true, m1: true },
     { name: 'task_update', permission: 'none', risk: 'low', concurrencySafe: false, m1: true },
     { name: 'web_fetch', permission: 'network', risk: 'medium', concurrencySafe: true, m1: true },
+    // α7.7: scratch worktree management. `worktree_create` writes nothing
+    // dangerous (a clone under `.pugi/worktrees/`); `worktree_promote`
+    // applies a diff back to the main tree, so it shares the `edit`
+    // risk class. `worktree_drop` is the cleanup primitive.
+    //
+    // R1 fix (2026-05-26, PR #413 r1, Fix 9): raised `worktree_create`
+    // and `worktree_drop` from `low` to `medium`. `worktree_drop` runs
+    // `rmSync` on its target — even with the new path-containment gate
+    // in `core/edits/worktree.ts::dropWorktree`, a destructive primitive
+    // belongs in `medium` so the permission FSM prompts on every call.
+    // `worktree_create` is raised for disk-pressure parity (a runaway
+    // agent loop could fill the disk with abandoned scratch worktrees).
+    { name: 'worktree_create', permission: 'edit', risk: 'medium', concurrencySafe: false, m1: true },
+    { name: 'worktree_drop', permission: 'edit', risk: 'medium', concurrencySafe: false, m1: true },
+    { name: 'worktree_promote', permission: 'edit', risk: 'medium', concurrencySafe: false, m1: true },
     { name: 'write', permission: 'edit', risk: 'medium', concurrencySafe: false, m1: true },
 ];
 export const toolRegistry = registry.sort((a, b) => a.name.localeCompare(b.name));

package/dist/tui/repl-render.js

@@ -31,6 +31,25 @@ import { WorkingSet, buildRepoSkeleton, loadPugiIgnore, PugiWatcher, } from '../
  * `pugi resume <sessionId>` once that command exists).
  */
 export async function renderRepl(options) {
+    // beta.9 CEO dogfood 2026-05-26: claim stdin raw mode + alt-screen
+    // BEFORE any async bootstrap step so keystrokes typed during the
+    // [launch -> Ink mount] window cannot echo into the terminal in
+    // cooked mode. Previously openLocalStore (SQLite open) +
+    // bootstrapContext (chokidar start) could take hundreds of ms to
+    // multiple seconds on a fresh install / large repo; during that
+    // window stdin stayed in cooked mode and the terminal echoed
+    // every typed character literally onto the screen below the
+    // pre-printed mascot/header. The visible result was the operator's
+    // "ssssss" landing on the rendered status-bar bottom row (CEO
+    // screenshot 2026-05-26: beta.8 REPL bug 2).
+    //
+    // The claim is idempotent with Ink's own raw-mode enable: Ink
+    // ref-counts setRawMode calls, and Node's stdin.setRawMode is
+    // safe to call twice with the same value. The pre-Ink claim acts
+    // as a "raw-mode floor" - whatever Ink does after mount layers on
+    // top, and our finally{} restore drops the floor only after Ink
+    // has cleanly torn down (or never mounted on a bootstrap crash).
+    const bootstrap = claimTerminalForRepl();
     const transport = createProductionTransport();
     // Auto-bind the workspace context from process.cwd() so Mira knows
     // which repo the operator launched the CLI in. The resolver is
@@ -86,21 +105,14 @@ export async function renderRepl(options) {
     // Kick off the connect; the Repl renders the connecting state until
     // the session pushes `connection: 'on_watch'` from the SSE onOpen.
     void session.start();
-    // α6.14.4 CEO dogfood 2026-05-25 (parity with Claude Code): enter
-    // the terminal's alternate screen buffer so the REPL renders on a
-    // fresh "screen" the operator cannot scroll above. On exit, leave
-    // restores the previous terminal contents - the conversation does
-    // not pollute the operator's shell history. Skipped under --no-tty
-    // and when stdout is not a TTY (pipe/CI), where the escapes would
-    // appear as literal characters.
-    // ORDER MATTERS (beta.2 follow-up): alt-screen enter MUST happen
-    // BEFORE the chafa mascot pre-print. Reversed, the alt-screen clear
-    // wiped the freshly-painted pug and the operator saw nothing.
-    const supportsAltScreen = process.stdout.isTTY === true;
-    if (supportsAltScreen) {
-        process.stdout.write('\x1b[?1049h');
-        process.stdout.write('\x1b[H');
-    }
+    // beta.9: drain any keystrokes that landed in stdin between the
+    // pre-Ink raw-mode claim and now. Without this, the queued bytes
+    // would feed Ink's first useInput tick as a flood of "stale"
+    // characters once the InputBox mounts - the operator would see
+    // their pre-typed input materialise in the prompt as if they had
+    // typed it after the REPL became interactive. Idempotent: no-op
+    // when stdin is not a TTY or no bytes were buffered.
+    drainBufferedStdin(process.stdin);
     // α6.14.2 wave 5: paint the chafa-baked brand-pug ANSI render to
     // stdout BEFORE Ink mounts (but AFTER alt-screen enter). Ink's
     // layout engine would mis-measure the truecolor escape sequences,
@@ -118,26 +130,16 @@ export async function renderRepl(options) {
         hideToolStream: options.hideToolStream === true,
         mascotPrePrinted,
     }));
-    const restoreAltScreen = () => {
-        if (supportsAltScreen) {
-            try {
-                process.stdout.write('\x1b[?1049l');
-            }
-            catch {
-                /* shutdown race — terminal already detached */
-            }
-        }
-    };
     // Make sure we leave the alt screen on abrupt exits too. Without
     // this the operator's shell stays "frozen" on the Pugi splash.
-    process.once('exit', restoreAltScreen);
-    process.once('SIGINT', restoreAltScreen);
-    process.once('SIGTERM', restoreAltScreen);
+    process.once('exit', bootstrap.restore);
+    process.once('SIGINT', bootstrap.restore);
+    process.once('SIGTERM', bootstrap.restore);
     try {
         await instance.waitUntilExit();
     }
     finally {
-        restoreAltScreen();
+        bootstrap.restore();
         session.close();
         if (store) {
             try {
@@ -157,6 +159,89 @@ export async function renderRepl(options) {
         }
     }
 }
+export function claimTerminalForRepl(stdin = process.stdin, stdout = process.stdout) {
+    const isStdoutTty = stdout.isTTY === true;
+    const isStdinTty = stdin.isTTY === true && typeof stdin.setRawMode === 'function';
+    let altScreenEntered = false;
+    if (isStdoutTty) {
+        try {
+            stdout.write('\x1b[?1049h');
+            stdout.write('\x1b[H');
+            altScreenEntered = true;
+        }
+        catch {
+            /* terminal already detached */
+        }
+    }
+    let rawModeClaimed = false;
+    if (isStdinTty) {
+        try {
+            stdin.setEncoding('utf8');
+            stdin.setRawMode(true);
+            // Resume so the kernel actually delivers bytes to Node's event
+            // loop. Without resume, raw mode is set but data does not flow
+            // until something else (e.g. Ink) attaches a 'data' listener.
+            stdin.resume();
+            rawModeClaimed = true;
+        }
+        catch {
+            /* raw mode unsupported - the operator's shell still works */
+        }
+    }
+    let restored = false;
+    const restore = () => {
+        if (restored)
+            return;
+        restored = true;
+        if (rawModeClaimed && isStdinTty) {
+            try {
+                stdin.setRawMode(false);
+            }
+            catch {
+                /* terminal already detached */
+            }
+        }
+        if (altScreenEntered) {
+            try {
+                stdout.write('\x1b[?1049l');
+            }
+            catch {
+                /* shutdown race - terminal already detached */
+            }
+        }
+    };
+    return { altScreenEntered, rawModeClaimed, restore };
+}
+/**
+ * Read and discard any bytes buffered in stdin between
+ * `claimTerminalForRepl()` and the Ink mount. Returns the number of
+ * bytes drained so tests can assert the behaviour without intercepting
+ * the side effect.
+ *
+ * `stdin.read()` is a no-op when no data is buffered, so this is safe
+ * to call whether or not the operator actually typed during bootstrap.
+ * Wrapped in try/catch because a closed / piped stdin will throw on
+ * read in some Node versions.
+ */
+export function drainBufferedStdin(stdin = process.stdin) {
+    if (stdin.isTTY !== true)
+        return 0;
+    try {
+        let bytesDrained = 0;
+        // Loop until read() returns null - readable streams may chunk
+        // buffered bytes across multiple read() calls when the operator
+        // typed faster than the kernel could deliver to Node's loop.
+        for (;;) {
+            const chunk = stdin.read();
+            if (chunk === null)
+                return bytesDrained;
+            bytesDrained += typeof chunk === 'string' ? chunk.length : chunk.byteLength;
+        }
+    }
+    catch {
+        return 0;
+    }
+}
 /**
  * Open the local SessionStore for the REPL bootstrap. Returns
  * `{ store: null, openedSessionId: undefined }` on any error so the
@@ -248,7 +333,7 @@ async function bootstrapContext(input) {
 /* ------------------------------------------------------------------ */
 /* Production transport                                               */
 /* ------------------------------------------------------------------ */
-function createProductionTransport() {
+export function createProductionTransport() {
     return {
         async createSession({ apiUrl, apiKey, workspace }) {
             // Forward the workspace bundle in the POST body so admin-api can
@@ -307,6 +392,31 @@ function createProductionTransport() {
             if (lastEventId) {
                 headers['Last-Event-ID'] = lastEventId;
             }
+            // beta.9 CEO dogfood 2026-05-26: hard timeout on the SSE
+            // handshake so a CDN/proxy that buffers the response (or an
+            // admin-api that accepted the route but never flushed headers)
+            // cannot freeze the REPL in `connecting` forever. The 5s budget
+            // is generous - admin-api routinely responds in <500ms when
+            // healthy - but tight enough that an operator who launched
+            // `pugi` and is staring at the screen will see the status flip
+            // to `reconnecting` instead of an indefinite hang. The
+            // AbortController bound to the fetch aborts the in-flight
+            // request when the timer fires, which surfaces as an
+            // `AbortError` and routes through the existing onError handler
+            // (which calls scheduleReconnect via the session). The timer
+            // is cleared the moment onOpen fires so a slow-but-eventually-
+            // successful handshake still works.
+            const handshakeDeadlineMs = 5_000;
+            const handshakeTimer = setTimeout(() => {
+                controller.abort();
+                // onError is called from the catch block below (the abort
+                // synthesises an AbortError that consumeSseStream / fetch
+                // will throw). No explicit onError call here - we let the
+                // catch path normalise the error message so the operator
+                // sees the consistent "SSE handshake timed out (5s)" prose
+                // through the same plumbing that surfaces every other
+                // transport failure.
+            }, handshakeDeadlineMs);
             void (async () => {
                 try {
                     const response = await fetch(url, {
@@ -320,6 +430,9 @@ function createProductionTransport() {
                     if (!response.body) {
                         throw new Error('SSE response has no body');
                     }
+                    // Handshake survived; cancel the deadline so a slow
+                    // first-event stream does not get aborted later.
+                    clearTimeout(handshakeTimer);
                     onOpen();
                     await consumeSseStream(response.body, onEvent);
                     // Server closed the stream cleanly. Treat as an error so
@@ -329,13 +442,27 @@ function createProductionTransport() {
                     onError(new Error('SSE stream ended'));
                 }
                 catch (error) {
-                    if (controller.signal.aborted)
+                    clearTimeout(handshakeTimer);
+                    if (controller.signal.aborted) {
+                        // Distinguish operator-driven close (session.close())
+                        // from the handshake-deadline abort. The session sets a
+                        // `closed` flag before calling controller.abort(); the
+                        // handshake-deadline abort fires while the session is
+                        // still expecting onOpen. We cannot read session state
+                        // from here, so we surface a single error class with a
+                        // clear message - the session-side onError handler
+                        // already short-circuits when `closed=true`.
+                        onError(new Error(`SSE handshake timed out after ${handshakeDeadlineMs}ms`));
                         return;
+                    }
                     onError(error instanceof Error ? error : new Error(String(error)));
                 }
             })();
             return {
-                close: () => controller.abort(),
+                close: () => {
+                    clearTimeout(handshakeTimer);
+                    controller.abort();
+                },
             };
         },
     };

package/docs/examples/codegraph.mcp.json

@@ -0,0 +1,10 @@
+{
+  "servers": {
+    "codegraph": {
+      "command": "codegraph",
+      "args": ["serve", "--mcp"],
+      "env": {},
+      "trust": "pending"
+    }
+  }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pugi/cli",
-  "version": "0.1.0-beta.8",
+  "version": "0.1.0-beta.9",
   "description": "Pugi CLI - terminal-native software execution system",
   "homepage": "https://pugi.io",
   "repository": {
@@ -29,8 +29,10 @@
     "bin/run.js",
     "dist/**/*.js",
     "assets/**/*.ansi",
+    "docs/examples/**/*.json",
     "README.md",
-    "LICENSE"
+    "LICENSE",
+    "THIRD_PARTY_NOTICES.md"
   ],
   "engines": {
     "node": ">=22.5.0"
@@ -39,8 +41,20 @@
   "publishConfig": {
     "access": "public"
   },
+  "scripts": {
+    "build": "pnpm --filter @pugi/personas --filter @pugi/sdk build && tsc -p tsconfig.json && node scripts/make-bin-executable.mjs",
+    "dev": "tsx src/index.ts",
+    "typecheck": "pnpm --filter @pugi/personas --filter @pugi/sdk build && tsc -p tsconfig.json --noEmit",
+    "test": "pnpm run build && node --test --import tsx 'test/**/*.spec.ts' 'test/**/*.spec.tsx'",
+    "version:cli": "tsx src/index.ts version",
+    "doctor": "tsx src/index.ts doctor --json",
+    "prepublishOnly": "pnpm --filter @pugi/personas --filter @pugi/sdk build && pnpm run build && node scripts/pack-smoke.mjs",
+    "pack:smoke": "node scripts/pack-smoke.mjs"
+  },
   "dependencies": {
     "@mozilla/readability": "^0.6.0",
+    "@pugi/personas": "workspace:*",
+    "@pugi/sdk": "workspace:*",
     "chokidar": "^3.6.0",
     "ignore": "^5.3.2",
     "ink": "^5.0.1",
@@ -50,9 +64,7 @@
     "tinyglobby": "^0.2.16",
     "turndown": "^7.2.4",
     "undici": "^8.3.0",
-    "zod": "^3.23.0",
-    "@pugi/personas": "0.1.2",
-    "@pugi/sdk": "0.1.0-beta.8"
+    "zod": "^3.23.0"
   },
   "devDependencies": {
     "@types/node": "^22.0.0",
@@ -62,14 +74,5 @@
     "ink-testing-library": "^4.0.0",
     "tsx": "^4.19.0",
     "typescript": "~5.6.0"
-  },
-  "scripts": {
-    "build": "pnpm --filter @pugi/personas --filter @pugi/sdk build && tsc -p tsconfig.json && node scripts/make-bin-executable.mjs",
-    "dev": "tsx src/index.ts",
-    "typecheck": "pnpm --filter @pugi/personas --filter @pugi/sdk build && tsc -p tsconfig.json --noEmit",
-    "test": "pnpm run build && node --test --import tsx 'test/**/*.spec.ts' 'test/**/*.spec.tsx'",
-    "version:cli": "tsx src/index.ts version",
-    "doctor": "tsx src/index.ts doctor --json",
-    "pack:smoke": "node scripts/pack-smoke.mjs"
   }
-}
+}