@pugi/cli 0.1.0-beta.92 → 0.1.0-beta.93

package/dist/core/engine/native-pugi.js

@@ -1195,7 +1195,7 @@ function toCommandKind(kind) {
  *
  * The admin-api controller (`pugi-engine.controller.ts`) routes per-tag
  * to a model/persona pair via
- * `apps/admin-api/src/mira/routing/dispatch-tag.ts::DISPATCH_TAGS`. The
+ * `apps/admin-api/src/pugi/routing/dispatch-tag.ts::DISPATCH_TAGS`. The
  * closed `EngineChatTag` vocabulary is
  * `classify | reason | codegen | summarize | vision` — note that
  * `code`, `fix`, `plan`, `build`, `explain` (CLI command names) are NOT

package/dist/core/engine/prompts.js

@@ -49,7 +49,7 @@ const COMMON_LOCAL_FIRST_PREAMBLE = [
  *
  * Voice constraint: same banned-jargon list as the cabinet Pugi
  * persona (брифую / диспатчу / шипаю and the English jargon list
- * from BANNED_WORDS in mira.system-prompt.ts). Repeated here verbatim
+ * from BANNED_WORDS in pugi.system-prompt.ts). Repeated here verbatim
  * so the CLI surface has its own enforcement copy; the cabinet copy
  * is the source of truth and ships through the runtime persona
  * prompt for the cabinet UI. CLI runs DO NOT load the cabinet

package/dist/core/engine/verification-patterns.js

@@ -0,0 +1,195 @@
+/**
+ * PUGI-VERIFY-GATE — verification command detection.
+ *
+ * Background: Codex dogfood 2026-06-04 surfaced a P0 trust failure
+ * where the Pugi engine returned `status: done` + `exitCode: 0` even
+ * after `npm test` exited non-zero on a regression the agent itself
+ * had introduced. Root cause: no layer of the dispatch pipeline knew
+ * which bash invocations were verification commands, so the engine
+ * outcome had no way to gate the final status on test/lint/build
+ * pass.
+ *
+ * This module is the deterministic, configurable allowlist of regex
+ * patterns the engine uses to recognise verification commands at
+ * dispatch time. The detection is intentionally simple (anchored on
+ * the head of the command after sudo / env-prefix stripping) so the
+ * allowlist stays auditable. False negatives are recoverable (the
+ * agent can re-run with a recognised wrapper); false positives would
+ * silently down-grade unrelated commands and are forbidden.
+ *
+ * The pattern table is exported as `VERIFICATION_PATTERNS`; callers
+ * use `detectVerificationCommand(cmd)` for the boolean + tool-tag
+ * decision. Both surfaces are pure — no I/O, no session state, no
+ * environment reads.
+ */
+/**
+ * Canonical verification allowlist. Patterns target the head of each
+ * shell-separated component AFTER:
+ *   - leading whitespace is trimmed
+ *   - leading `sudo` / `time` / `env KEY=value` prefixes are stripped
+ *
+ * Pre-trim the cmd through `extractCommandHead` before matching.
+ *
+ * When extending: keep the regex anchored (`^`) so a path containing
+ * the tool name (`./scripts/npm.sh`) does not false-positive.
+ */
+export const VERIFICATION_PATTERNS = [
+    // ----- JavaScript / TypeScript ecosystem -----
+    // npm test / npm run test / npm run lint / npm run typecheck / npm run build
+    { tool: 'npm-test', pattern: /^npm\s+(?:run\s+)?test\b/, category: 'test' },
+    { tool: 'npm-lint', pattern: /^npm\s+run\s+lint\b/, category: 'lint' },
+    { tool: 'npm-typecheck', pattern: /^npm\s+run\s+typecheck\b/, category: 'typecheck' },
+    { tool: 'npm-build', pattern: /^npm\s+run\s+build\b/, category: 'build' },
+    // pnpm (with and without -C / --filter prefixes — match the full head)
+    { tool: 'pnpm-test', pattern: /^pnpm(?:\s+(?:-C\s+\S+|--filter(?:\s+|=)\S+|-r))*\s+(?:run\s+)?test\b/, category: 'test' },
+    { tool: 'pnpm-lint', pattern: /^pnpm(?:\s+(?:-C\s+\S+|--filter(?:\s+|=)\S+|-r))*\s+(?:run\s+)?lint\b/, category: 'lint' },
+    { tool: 'pnpm-typecheck', pattern: /^pnpm(?:\s+(?:-C\s+\S+|--filter(?:\s+|=)\S+|-r))*\s+(?:run\s+)?typecheck\b/, category: 'typecheck' },
+    { tool: 'pnpm-build', pattern: /^pnpm(?:\s+(?:-C\s+\S+|--filter(?:\s+|=)\S+|-r))*\s+(?:run\s+)?build\b/, category: 'build' },
+    // yarn
+    { tool: 'yarn-test', pattern: /^yarn\s+(?:run\s+)?test\b/, category: 'test' },
+    { tool: 'yarn-lint', pattern: /^yarn\s+(?:run\s+)?lint\b/, category: 'lint' },
+    { tool: 'yarn-typecheck', pattern: /^yarn\s+(?:run\s+)?typecheck\b/, category: 'typecheck' },
+    { tool: 'yarn-build', pattern: /^yarn\s+(?:run\s+)?build\b/, category: 'build' },
+    // Direct test-runner invocations (npx and bare).
+    { tool: 'jest', pattern: /^(?:npx\s+)?jest\b/, category: 'test' },
+    { tool: 'vitest', pattern: /^(?:npx\s+)?vitest\b/, category: 'test' },
+    { tool: 'mocha', pattern: /^(?:npx\s+)?mocha\b/, category: 'test' },
+    { tool: 'tsc-typecheck', pattern: /^(?:npx\s+)?tsc\b(?=.*--noEmit|\s*$)/, category: 'typecheck' },
+    { tool: 'eslint', pattern: /^(?:npx\s+)?eslint\b/, category: 'lint' },
+    { tool: 'node-test', pattern: /^node\s+--test\b/, category: 'test' },
+    // ----- Python -----
+    { tool: 'pytest', pattern: /^(?:python\s+-m\s+)?pytest\b/, category: 'test' },
+    { tool: 'python-unittest', pattern: /^python\s+-m\s+unittest\b/, category: 'test' },
+    { tool: 'ruff', pattern: /^ruff\s+check\b/, category: 'lint' },
+    { tool: 'mypy', pattern: /^mypy\b/, category: 'typecheck' },
+    // ----- Rust -----
+    { tool: 'cargo-test', pattern: /^cargo\s+test\b/, category: 'test' },
+    { tool: 'cargo-check', pattern: /^cargo\s+check\b/, category: 'typecheck' },
+    { tool: 'cargo-clippy', pattern: /^cargo\s+clippy\b/, category: 'lint' },
+    { tool: 'cargo-build', pattern: /^cargo\s+build\b/, category: 'build' },
+    // ----- Go -----
+    { tool: 'go-test', pattern: /^go\s+test\b/, category: 'test' },
+    { tool: 'go-vet', pattern: /^go\s+vet\b/, category: 'lint' },
+    { tool: 'go-build', pattern: /^go\s+build\b/, category: 'build' },
+    // ----- Elixir -----
+    { tool: 'mix-test', pattern: /^mix\s+test\b/, category: 'test' },
+    // ----- Ruby -----
+    { tool: 'rspec', pattern: /^(?:bundle\s+exec\s+)?rspec\b/, category: 'test' },
+    { tool: 'rubocop', pattern: /^(?:bundle\s+exec\s+)?rubocop\b/, category: 'lint' },
+    // ----- Java / Kotlin / Gradle / Maven -----
+    { tool: 'gradle-test', pattern: /^(?:\.\/)?gradlew?\s+test\b/, category: 'test' },
+    { tool: 'gradle-build', pattern: /^(?:\.\/)?gradlew?\s+build\b/, category: 'build' },
+    { tool: 'maven-test', pattern: /^mvn\s+test\b/, category: 'test' },
+    { tool: 'maven-verify', pattern: /^mvn\s+verify\b/, category: 'test' },
+    // ----- C/C++ / Make -----
+    { tool: 'make-test', pattern: /^make\s+(?:test|check)\b/, category: 'test' },
+    { tool: 'ctest', pattern: /^ctest\b/, category: 'test' },
+];
+const SHELL_SEPARATORS = /\s*(?:&&|\|\||;|\|)\s*/;
+const ENV_ASSIGN = /^[A-Z_][A-Z0-9_]*=\S+$/;
+/**
+ * Strip leading `sudo` / `time` / `env A=1 B=2` noise so the verb is
+ * the first non-prefix token. Returns the stripped head as a single
+ * normalised string. Pure — no side effects.
+ *
+ * We do NOT strip generic env-variable assignments like `CI=1` that
+ * the operator typed inline (e.g. `CI=1 pnpm test`) because the
+ * regex allowlist anchors `pnpm` — matching the head after stripping
+ * `CI=1` is precisely the intent.
+ */
+export function extractCommandHead(component) {
+    let head = component.trim();
+    // sudo / time wrappers
+    while (true) {
+        if (head.startsWith('sudo ')) {
+            head = head.slice(5).trimStart();
+            continue;
+        }
+        if (head.startsWith('time ')) {
+            head = head.slice(5).trimStart();
+            continue;
+        }
+        // env A=1 B=2 prefix (inline env assignments before the verb).
+        // We peel one token at a time so `FOO=bar BAZ=qux pnpm test` resolves to `pnpm test`.
+        const firstToken = head.split(/\s+/, 1)[0] ?? '';
+        if (firstToken !== '' && ENV_ASSIGN.test(firstToken)) {
+            head = head.slice(firstToken.length).trimStart();
+            continue;
+        }
+        break;
+    }
+    return head;
+}
+/**
+ * Detect whether a shell command runs a verification step. The
+ * predicate scans every `&&` / `;` / `||` / `|`-separated component
+ * and returns the first match — a compound command like
+ * `cd packages/foo && pnpm test` is correctly flagged on the
+ * trailing component.
+ *
+ * The check is intentionally optimistic: it does not parse `if`,
+ * `for`, or function bodies. Operators wrapping verification inside
+ * a script (e.g. `./scripts/test.sh`) opt out of the gate; that is
+ * recorded in the unverifiedReason as `no_verification_command_run`
+ * downstream.
+ */
+export function detectVerificationCommand(cmd) {
+    if (typeof cmd !== 'string' || cmd.trim() === '') {
+        return { isVerification: false, tool: null, matchedComponent: '' };
+    }
+    const components = cmd.split(SHELL_SEPARATORS);
+    for (const raw of components) {
+        const head = extractCommandHead(raw);
+        if (head === '')
+            continue;
+        for (const entry of VERIFICATION_PATTERNS) {
+            if (entry.pattern.test(head)) {
+                return {
+                    isVerification: true,
+                    tool: entry.tool,
+                    matchedComponent: raw.trim(),
+                };
+            }
+        }
+    }
+    return { isVerification: false, tool: null, matchedComponent: '' };
+}
+/**
+ * Phrases the agent uses to dispute ownership of a verification
+ * failure. When ANY of these phrases appears in the final assistant
+ * text AND the agent mutated files in the same module as a failing
+ * test, the outcome's `regressionOwnershipDispute` flag is set so a
+ * downstream reviewer can decide whether to escalate.
+ *
+ * The list is case-insensitive at match time. Punctuation around the
+ * phrase is allowed because `.test()` looks for the substring, not
+ * word boundaries (an agent that writes "this is a pre-existing
+ * test bug" still trips the flag).
+ */
+export const REGRESSION_DISPUTE_PHRASES = [
+    'pre-existing',
+    'preexisting',
+    'pre existing',
+    'not from my changes',
+    'not related to my changes',
+    'unrelated test failure',
+    'unrelated to my changes',
+    'unrelated failure',
+    'not my change',
+];
+/**
+ * Tail trimmer for stderr captured in verification ledger entries.
+ * Returns the last `maxBytes` of UTF-8 text, clamped at a hard 2 KB
+ * default to match the PUGI-VERIFY-GATE contract.
+ */
+export function tailStderr(stderr, maxBytes = 2048) {
+    if (typeof stderr !== 'string' || stderr.length === 0)
+        return '';
+    if (Buffer.byteLength(stderr, 'utf8') <= maxBytes)
+        return stderr;
+    // Approximate cap by character index — accurate enough for stderr
+    // tails that are overwhelmingly ASCII test output.
+    const slice = stderr.slice(-maxBytes);
+    return slice;
+}
+//# sourceMappingURL=verification-patterns.js.map

package/dist/runtime/commands/compact.js

@@ -132,7 +132,7 @@ export async function runCompactCommand(_args, ctx) {
         summary = await summarizeEvents({
             events: sourceSlice,
             client: engineClient,
-            personaSlug: 'mira',
+            personaSlug: 'pugi',
         });
     }
     catch (error) {

package/dist/runtime/commands/config.js

@@ -335,7 +335,7 @@ async function runConfigMcpFlip(args, ctx, state) {
 /* ------------------------------------------------------------------ */
 /**
  * Closed sets — match
- * `apps/admin-api/src/mira/routing/dispatch-tag.ts` verbatim. Pinning
+ * `apps/admin-api/src/pugi/routing/dispatch-tag.ts` verbatim. Pinning
  * them in the CLI lets us reject typos client-side before round-tripping
  * to the admin-api (better UX, smaller blast radius for a wrong typo on
  * a flaky network).

package/dist/runtime/commands/memory.js

@@ -43,7 +43,7 @@ const SUB_USAGE = [
     'pugi memory forget <id>',
     'pugi memory sync',
 ].join('\n ');
-const DEFAULT_PERSONA = 'mira';
+const DEFAULT_PERSONA = 'pugi';
 /** Single CLI entry — top-level `pugi memory` AND the in-REPL `/memory` slash both call this. */
 export async function runMemoryCommand(args, ctx) {
     const sub = (args[0] ?? '').toLowerCase();

package/dist/runtime/version.js

@@ -44,7 +44,7 @@ export function sanitizeSemver(raw) {
  * during import). When bumping the CLI version BOTH literals must be
  * updated; the release smoke-test (`pack:smoke`) verifies they agree.
  */
-export const PUGI_CLI_VERSION = sanitizeSemver('0.1.0-beta.92');
+export const PUGI_CLI_VERSION = sanitizeSemver('0.1.0-beta.93');
 /**
  * Outbound: the CLI's installed semver. Read at request time by
  * `version-interceptor.ts` and injected on every `fetch` call.

package/dist/skills/bundled/remember.js

@@ -49,7 +49,7 @@
  */
 import { readFileSync } from 'node:fs';
 import { PERSONA_MEMORY_KINDS, enqueueMemoryOp, } from '../../core/memory-sync/queue.js';
-const DEFAULT_PERSONA = 'mira';
+const DEFAULT_PERSONA = 'pugi';
 function parseFlags(args) {
     const flags = {
         json: false,
@@ -372,7 +372,7 @@ const REMEMBER_USAGE = [
     '',
     'Flags:',
     ' --json                Emit a JSON envelope instead of human text.',
-    ' --persona <slug>      Persona slug to attribute the memory to (default: mira).',
+    ' --persona <slug>      Persona slug to attribute the memory to (default: pugi).',
     ' --input <path>        Read newline-separated candidates from a file.',
     '',
     'Every proposal is shown to the operator BEFORE persisting; nothing is',

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pugi/cli",
-  "version": "0.1.0-beta.92",
+  "version": "0.1.0-beta.93",
   "description": "Pugi CLI - terminal-native software execution system",
   "homepage": "https://pugi.io",
   "repository": {
@@ -63,7 +63,7 @@
     "which": "^6.0.0",
     "zod": "^3.23.0",
     "@pugi/personas": "0.1.2",
-    "@pugi/sdk": "0.1.0-beta.92"
+    "@pugi/sdk": "0.1.0-beta.93"
   },
   "devDependencies": {
     "@types/node": "^22.0.0",

package/test/scenarios/identity.scenario.txt

@@ -9,4 +9,3 @@
 
 > "ты кто?"
 EXPECT: persona-turn contains "Pugi" OR "Пуджи"
-EXPECT_NOT: persona-turn contains "Мира"