@pugi/cli 0.1.0-beta.9 → 0.1.0-beta.90

package/dist/core/session.js

@@ -18,6 +18,98 @@ export function openSession(root) {
         enabled,
     };
 }
+/**
+ * MVP — fire the `SessionStart` lifecycle event for all hooks
+ * declared in `~/.pugi/hooks-mvp.json`. Single-call surface; the REPL
+ * boot path invokes this once after `openSession`. Best-effort: any
+ * failure (missing config, hook spawn error) is swallowed so a
+ * misconfigured hook can never crash the REPL.
+ *
+ * Returns the number of hooks that fired (0 when no config / no
+ * matching hooks). Tests assert on the return value as the
+ * single-call invariant.
+ */
+export async function fireSessionStartMvp(session) {
+    try {
+        const { loadHooksConfig, fireHooks } = await import('./hooks/index.js');
+        // Defense-in-depth: `loadHooksConfig` is contractually non-null
+        // (returns `HooksConfig.empty(path)` when the file is absent), but
+        // the dynamic import boundary above can in principle return an
+        // unexpected shape if the module is mis-resolved at runtime. Guard
+        // the optional-chained `isEmpty()` call so a malformed loader can
+        // never raise `TypeError: Cannot read properties of undefined` and
+        // crash the REPL boot path. Belt-and-suspenders with the
+        // surrounding try/catch — the catch still swallows everything else.
+        const config = loadHooksConfig();
+        if (!config || config.isEmpty())
+            return 0;
+        const outcome = await fireHooks({
+            config,
+            event: 'SessionStart',
+            payload: {
+                event: 'SessionStart',
+                sessionId: session.id,
+                workspaceRoot: session.root,
+                startedAt: new Date().toISOString(),
+            },
+            workspaceRoot: session.root,
+        });
+        return outcome.results.length;
+    }
+    catch {
+        // SessionStart is never blocking — log nothing, return 0. A
+        // broken `hooks-mvp.json` is surfaced via `pugi hooks doctor`.
+        return 0;
+    }
+}
+/**
+ * P1 — fire the v2 `SessionStart` event from `~/.pugi/hooks.json`
+ * (global) + `<workspaceRoot>/.pugi/hooks.json` (project). Companion to
+ * `fireSessionStartMvp`; both surfaces run because they read different
+ * config files.
+ *
+ * Headless by default (no trust prompt) — the v2 trust ledger gates
+ * first-run executions. Operators with no prior trust decision will see
+ * the SessionStart hook skipped with a `denied by trust ledger` stderr
+ * note; running `pugi hooks trust allow <command>` enrolls it.
+ *
+ * Returns the number of hooks that ran (excluding trust-denied skips).
+ * Never throws.
+ */
+export async function fireSessionStartV2(session) {
+    try {
+        const { fireSessionStart } = await import('./hooks/v2/index.js');
+        const outcome = await fireSessionStart({
+            sessionId: session.id,
+            workspaceRoot: session.root,
+            transcriptPath: session.eventsPath,
+            permissionMode: 'ask',
+        });
+        return outcome.results.filter((r) => r.exitCode !== -1).length;
+    }
+    catch {
+        return 0;
+    }
+}
+/**
+ * P1 — fire the v2 `SessionEnd` event. Called by the REPL
+ * teardown path. Companion to `fireSessionStartV2`.
+ */
+export async function fireSessionEndV2(session) {
+    try {
+        const { fireSessionEnd } = await import('./hooks/v2/index.js');
+        const outcome = await fireSessionEnd({
+            sessionId: session.id,
+            workspaceRoot: session.root,
+            transcriptPath: session.eventsPath,
+            permissionMode: 'ask',
+        });
+        return outcome.results.filter((r) => r.exitCode !== -1).length;
+    }
+    catch {
+        return 0;
+    }
+}
 export function recordCommandStarted(session, command) {
     if (!session.enabled)
         return;

package/dist/core/settings.js

@@ -20,6 +20,22 @@ const pugiSettingsSchema = z.object({
         allow: z.array(z.string()).default([]),
         deny: z.array(z.string()).default([]),
         notAutomatic: z.array(z.string()).default([]),
+        // task — operator-declared read-only paths. Every
+        // edit / write tool call whose target matches one of these
+        // patterns is denied with source `readonly_paths`, regardless
+        // of the active permission mode. Match grammar mirrors
+        // allow/deny: exact path OR tail-* glob. Targets are
+        // workspace-relative, no leading slash.
+        //
+        // Why a dedicated field вместо leaning on a generic deny rule
+        // like `deny: ["edit:vendor/x"]`?
+        //  - Explicit intent surfaces в `pugi doctor` and the REPL
+        //    ("3 paths read-only") без parsing rule strings.
+        //  - Covers BOTH the `edit` tool AND the `write` tool with
+        //    one entry; a generic deny needs two rules.
+        //  - Survives a future migration of the `permissions` schema
+        //    because the field carries its own contract.
+        readonlyPaths: z.array(z.string()).default([]),
     })
         .default({}),
     privacy: z
@@ -28,6 +44,17 @@ const pugiSettingsSchema = z.object({
         telemetry: z.enum(['off', 'anonymous', 'community']).default('off'),
     })
         .default({}),
+    // beta.13 P1 fix: ui.cyberZoo gates the cyber-zoo splash +
+    // ambient art in the REPL. Schema must declare the key explicitly
+    // because Zod's strip pass swallows unknown keys, which is how the
+    // initial `pugi init` write (which serialises `ui.cyberZoo`) was
+    // bypassed by the runtime reader — the value never made it past the
+    // schema gate so admin-api always saw the historical 'on' default.
+    ui: z
+        .object({
+        cyberZoo: z.enum(['on', 'off']).default('on'),
+    })
+        .default({}),
     artifacts: z
         .object({
         defaultPath: z.string().default('.pugi/artifacts'),
@@ -38,6 +65,12 @@ const pugiSettingsSchema = z.object({
     // fetcher. Default-off matches the spec posture; the schema must
     // declare it explicitly because Zod's strict-pass strips unknown
     // keys and would silently swallow the operator's intent.
+    //
+    // β1b T4 : added `web.search.enabled` to gate the
+    // Brave-Search-backed `web_search` tool. Distinct from `web.fetch`
+    // because search queries themselves are an egress event that can
+    // leak operator intent — an operator may want fetch without
+    // implicitly enabling search-as-egress.
     web: z
         .object({
         fetch: z
@@ -45,15 +78,301 @@ const pugiSettingsSchema = z.object({
             enabled: z.boolean().optional(),
         })
             .optional(),
+        search: z
+            .object({
+            enabled: z.boolean().optional(),
+        })
+            .optional(),
+    })
+        .optional(),
+    // β7 L9 — per-language LSP toggle. When omitted, every supported
+    // server is available subject to binary detection on PATH. When
+    // present, only languages set to `true` are launched (false silently
+    // skips that language even if the binary is installed). Use this in
+    // workspaces where a heavyweight server (rust-analyzer indexing a
+    // monorepo, pyright on a fresh venv) wastes resources for the
+    // current task. The `pugi lsp servers` subcommand surfaces the
+    // current toggle state per server.
+    //
+    // Schema is intentionally permissive (`optional()` on the section AND
+    // on every per-language flag) so a partial config keeps the
+    // backwards-compatible "every language enabled" default.
+    lsp: z
+        .object({
+        typescript: z.boolean().optional(),
+        javascript: z.boolean().optional(),
+        python: z.boolean().optional(),
+        go: z.boolean().optional(),
+        rust: z.boolean().optional(),
+        // post-edit auto-diagnostics. When `true`,
+        // a successful `edit`/`write`/`multi_edit` triggers a diagnostic
+        // pull on the touched file(s) and the result is appended to the
+        // tool envelope so the model can self-correct in the same turn.
+        // Off by default — the cold-start of `typescript-language-server`
+        // is heavy enough that we opt in explicitly until dogfood proves
+        // the throughput trade is worth it. Also enabled via env var
+        // `PUGI_LSP_POST_EDIT=1` for CI / one-off operator probes.
+        postEditDiagnostics: z.boolean().optional(),
+    })
+        .optional(),
+    // β1 Pl9 — per-command budget overrides. Optional. Partial
+    // overrides merge against the β1 defaults in
+    // `core/engine/budgets.ts::beta1DefaultBudgets`. The schema is
+    // intentionally loose at the leaf (positive integers) so a typo lands
+    // a deterministic `BudgetConfigError` at `resolveBudget()` instead of
+    // a Zod parse error two layers up.
+    // task — operator-customizable status line.
+    // When `command` is set, Pugi spawns it on each turn boundary with
+    // a single JSON document on stdin (see `statusline.ts` for the
+    // schema). The command's stdout (first non-empty line, trimmed) is
+    // displayed in the Ink Footer. Failures are non-fatal — they emit
+    // a structured log line and the footer falls back to the default.
+    // Mirrors CC's `statusLine` config so cross-tool muscle memory
+    // carries over для operators who lived in CC first.
+    statusLine: z
+        .object({
+        command: z.string().min(1),
+        timeoutMs: z.number().int().positive().max(5000).default(500),
+    })
+        .optional(),
+    budgets: z
+        .object({
+        code: z
+            .object({ maxTokens: z.number().int().positive().optional(), maxToolCalls: z.number().int().positive().optional() })
+            .optional(),
+        fix: z
+            .object({ maxTokens: z.number().int().positive().optional(), maxToolCalls: z.number().int().positive().optional() })
+            .optional(),
+        build: z
+            .object({ maxTokens: z.number().int().positive().optional(), maxToolCalls: z.number().int().positive().optional() })
+            .optional(),
+        plan: z
+            .object({ maxTokens: z.number().int().positive().optional(), maxToolCalls: z.number().int().positive().optional() })
+            .optional(),
+        explain: z
+            .object({ maxTokens: z.number().int().positive().optional(), maxToolCalls: z.number().int().positive().optional() })
+            .optional(),
+        review_triple: z
+            .object({ maxTokens: z.number().int().positive().optional(), maxToolCalls: z.number().int().positive().optional() })
+            .optional(),
+    })
+        .optional(),
+    // #24 (CEO P1) — hook chains. First-class config
+    // for `PostToolUseFailure` + `TaskCompleted` event chains. The shape
+    // is intentionally loose (`z.any()` at the leaf) because the
+    // canonical reader lives in `core/hook-chains.ts` where the
+    // matcher/run/timeoutMs grammar is validated. Declaring the key here
+    // keeps Zod's strip-pass from swallowing it before the chain reader
+    // sees it. See `hook-chains.ts` for the full schema.
+    hooks: z.any().optional(),
+    // PUGI-260 — persistent default for the 1M context tier opt-in.
+    // `pugi config set context.tier 1m` writes this; per-invocation
+    // `--context-tier=...` flags override it. When omitted, the CLI
+    // sends no `contextTier` field на the wire (server treats as
+    // `standard` routing). The closed enum mirrors the CLI flag и the
+    // admin-api DTO; an unrecognised value triggers a Zod parse error
+    // at load time rather than a silent fallback.
+    context: z
+        .object({
+        tier: z.enum(['1m', 'standard']).optional(),
+    })
+        .optional(),
+    // PUGI-487 - `pugi --worktree` flag governance.
+    //
+    // Two knobs control the user-facing --worktree flag introduced for
+    // parity with parallel-agent isolation patterns in other coding
+    // CLIs:
+    //
+    //  - `baseRef`: which ref the new worktree branches FROM.
+    //    `'fresh'` (default) resolves origin/<default-branch> so each
+    //    parallel session starts from a clean trunk.
+    //    `'head'` carries the operator's current local HEAD (including
+    //    unpushed work) into the new tree.
+    //
+    //  - `cleanupPeriodDays`: integer days. The daily sweep removes
+    //    user-facing worktrees older than N days that have no
+    //    uncommitted, untracked, or unpushed state. Default 7 mirrors
+    //    a one-work-week window. Set to 0 to disable auto-cleanup.
+    //
+    // Both knobs are optional - the consumers (`bootstrapWorktree`,
+    // `runUserWorktreeCleanup`) carry their own defaults so a missing
+    // section produces standard behaviour.
+    worktree: z
+        .object({
+        baseRef: z.enum(['fresh', 'head']).optional(),
+        cleanupPeriodDays: z.number().int().min(0).max(365).optional(),
     })
         .optional(),
 });
-export function loadSettings(root) {
+/**
+ * #20 — the upstream tool drop-in compat ingest.
+ *
+ * Operators migrating from the upstream tool typically keep a `.claude/`
+ * directory at workspace root with settings.json, slash commands,
+ * and ambient guidance files. We honour the existence of that
+ * directory and mirror the subset of keys that map cleanly onto
+ * Pugi's own settings surface — Pugi values ALWAYS win on conflict
+ * (the operator opted into Pugi as their primary), CC fills gaps.
+ *
+ * Opt-out: `PUGI_CC_COMPAT_DISABLE=1` short-circuits the merger and
+ * loads only `.pugi/settings.json` (or the empty default).
+ *
+ * Key mirror table:
+ *  - `permissions.defaultMode` → `permissions.mode`
+ *    (CC values map: `acceptEdits|plan|bypassPermissions|default` →
+ *     `acceptEdits|plan|bypassPermissions|ask`).
+ *  - `permissions.allow` → `permissions.allow` (concatenated, deduped).
+ *  - `permissions.deny` → `permissions.deny` (concatenated, deduped).
+ *  - `enabledPlugins`   → ignored (CC-only concept; Pugi has its own
+ *     plugin surface and we do not want to silently activate them).
+ *  - `hooks`            → currently ignored. Pugi's hook system is
+ *     managed via `apps/pugi-cli/src/core/hooks/`; future work can
+ *     wire CC hook entries through that bridge.
+ *
+ * Unknown CC keys are dropped on the floor by Zod's strip semantics
+ * just like the existing PUGI settings path — we never warn on
+ * unrecognised CC keys, because the CC surface is wider and we want
+ * fallthrough to be silent (operator does not need a stream of "we
+ * skipped this CC concept" warnings on every CLI invocation).
+ */
+const ccPermissionsSchema = z
+    .object({
+    defaultMode: z.string().optional(),
+    allow: z.array(z.string()).optional(),
+    deny: z.array(z.string()).optional(),
+})
+    .passthrough()
+    .optional();
+const ccSettingsSchema = z
+    .object({
+    permissions: ccPermissionsSchema,
+    enabledPlugins: z.unknown().optional(),
+    hooks: z.unknown().optional(),
+})
+    .passthrough();
+/**
+ * Env var that disables ingest entirely. Useful for CI
+ * sandboxes where a stray `.claude/` from a parent checkout could
+ * otherwise leak permissions into Pugi.
+ */
+export const CC_COMPAT_DISABLE_ENV = 'PUGI_CC_COMPAT_DISABLE';
+/**
+ * Map a CC `permissions.defaultMode` to the closest Pugi permission
+ * mode. Unknown / missing values map to `undefined` so the caller
+ * keeps Pugi's own default.
+ *
+ * CC's `default` mode = "ask the user for each tool" which is Pugi's
+ * `ask` mode. `acceptEdits` / `plan` / `bypassPermissions` map 1:1.
+ */
+export function mapCcPermissionMode(mode) {
+    if (typeof mode !== 'string')
+        return undefined;
+    switch (mode) {
+        case 'acceptEdits':
+            return 'acceptEdits';
+        case 'plan':
+            return 'plan';
+        case 'bypassPermissions':
+            return 'bypassPermissions';
+        case 'default':
+            return 'ask';
+        default:
+            return undefined;
+    }
+}
+/**
+ * Merge a parsed CC settings object into a Pugi settings object.
+ * Pugi ALWAYS wins on conflict; CC values fill gaps only.
+ */
+export function mergeCcIntoPugi(pugi, cc, opts) {
+    const merged = {
+        ...pugi,
+        permissions: { ...pugi.permissions },
+    };
+    const pugiWroteMode = pugiPermissionKeyPresent(opts.pugiRawJson, 'mode');
+    if (!pugiWroteMode) {
+        const ccMode = mapCcPermissionMode(cc.permissions?.defaultMode);
+        if (ccMode)
+            merged.permissions.mode = ccMode;
+    }
+    if (Array.isArray(cc.permissions?.allow)) {
+        merged.permissions.allow = dedupeKeepFirst([
+            ...pugi.permissions.allow,
+            ...cc.permissions.allow,
+        ]);
+    }
+    if (Array.isArray(cc.permissions?.deny)) {
+        merged.permissions.deny = dedupeKeepFirst([
+            ...pugi.permissions.deny,
+            ...cc.permissions.deny,
+        ]);
+    }
+    // `enabledPlugins` and `hooks` are intentionally NOT mirrored. See
+    // the doc-block above for rationale.
+    void opts.pugiSettingsExisted;
+    return merged;
+}
+function pugiPermissionKeyPresent(raw, key) {
+    if (!raw || typeof raw !== 'object')
+        return false;
+    const permissions = raw.permissions;
+    if (!permissions || typeof permissions !== 'object')
+        return false;
+    return Object.prototype.hasOwnProperty.call(permissions, key);
+}
+function dedupeKeepFirst(items) {
+    const seen = new Set();
+    const out = [];
+    for (const item of items) {
+        if (seen.has(item))
+            continue;
+        seen.add(item);
+        out.push(item);
+    }
+    return out;
+}
+/**
+ * Read + parse `.claude/settings.json` at `root`. Returns `undefined`
+ * when the file is absent, malformed, or the operator has opted out
+ * via `PUGI_CC_COMPAT_DISABLE=1`. Never throws — a broken CC settings
+ * file degrades to "no ingest", not a Pugi boot crash.
+ */
+export function loadCcSettings(root, env = process.env) {
+    if (env[CC_COMPAT_DISABLE_ENV] === '1')
+        return undefined;
+    const ccPath = resolve(root, '.claude/settings.json');
+    if (!existsSync(ccPath))
+        return undefined;
+    let parsed;
+    try {
+        parsed = JSON.parse(readFileSync(ccPath, 'utf8'));
+    }
+    catch {
+        return undefined;
+    }
+    const result = ccSettingsSchema.safeParse(parsed);
+    if (!result.success)
+        return undefined;
+    return result.data;
+}
+export function loadSettings(root, env = process.env) {
     const settingsPath = resolve(root, '.pugi/settings.json');
-    if (!existsSync(settingsPath)) {
-        return pugiSettingsSchema.parse({});
+    const pugiExists = existsSync(settingsPath);
+    let pugiRawJson = undefined;
+    let pugi;
+    if (pugiExists) {
+        pugiRawJson = JSON.parse(readFileSync(settingsPath, 'utf8'));
+        pugi = pugiSettingsSchema.parse(pugiRawJson);
+    }
+    else {
+        pugi = pugiSettingsSchema.parse({});
     }
-    const parsed = JSON.parse(readFileSync(settingsPath, 'utf8'));
-    return pugiSettingsSchema.parse(parsed);
+    const cc = loadCcSettings(root, env);
+    if (!cc)
+        return pugi;
+    return mergeCcIntoPugi(pugi, cc, {
+        pugiSettingsExisted: pugiExists,
+        pugiRawJson,
+    });
 }
 //# sourceMappingURL=settings.js.map