@pugi/cli 0.1.0-beta.94 → 0.1.0-beta.96

package/dist/core/repl/engine-bridge.js

@@ -1,6 +1,8 @@
 import { AnvilEngineLoopClient } from '../engine/anvil-client.js';
 import { NativePugiEngineAdapter } from '../engine/native-pugi.js';
+import { loadMcpRegistry as defaultLoadMcpRegistry } from '../mcp/registry.js';
 import { openSession } from '../session.js';
+import { loadHookRegistryOrExit as defaultLoadHookRegistry } from '../../runtime/load-hooks-or-exit.js';
 /**
  * Translate `pugi-tool-route command="..."` into the SDK's
  * `EngineTaskKind`. `code` and `fix` pass through verbatim; `build`
@@ -83,13 +85,115 @@ function translateStreamEvent(event, names) {
  */
 export function createEngineBridge(deps) {
     const buildClient = deps.clientFactory ?? ((config) => new AnvilEngineLoopClient(config));
+    const loadMcp = deps.loadMcpRegistry ?? defaultLoadMcpRegistry;
+    const loadHooks = deps.loadHookRegistry ??
+        ((opts) => defaultLoadHookRegistry(opts));
+    // PR A — per-bridge-instance caches. Spawning MCP child processes
+    // (multi-second startup for some servers) and parsing hook configuration
+    // are too expensive to repeat per turn AND have no per-turn state. We
+    // load once on the first call, reuse across turns. The MCP registry
+    // shutdown happens at process exit; a future PR will wire it to the
+    // REPL's exit hook so trusted child processes are reaped before the
+    // parent terminates.
+    //
+    // /triple-review P1 round 2: cache stored as in-flight Promise<T>
+    // instead of value + boolean flag. Two concurrent first-turn calls
+    // would otherwise both observe `mcpLoaded === false`, both spawn the
+    // expensive loader, and the second result would overwrite the first —
+    // leaking the first registry's child processes. Storing the promise
+    // means the second caller awaits the same in-flight load, gets the
+    // same instance, and there is no double-spawn. On loader failure the
+    // promise resolves to `undefined` (mirrors the value-cache fallback);
+    // a future retry on transient ENOENT would mint a NEW promise after
+    // explicit invalidation (out of scope for this PR — tracked as P2 fu).
+    let mcpRegistryPromise = null;
+    let hooksPromise = null;
+    const securityHooksParseFailed = { value: false };
+    async function resolveMcpRegistry(root) {
+        if (mcpRegistryPromise === null) {
+            mcpRegistryPromise = (async () => {
+                try {
+                    return await loadMcp(root);
+                }
+                catch (error) {
+                    // PR A — mirror cli.ts:6394 failure mode. A bad `.pugi/mcp.json`
+                    // must not crash the REPL; the operator sees a stderr warning
+                    // and continues without MCP tools. They can fix the file and
+                    // the next REPL launch picks up the new registry.
+                    const msg = error.message;
+                    process.stderr.write(`pugi REPL engine bridge: MCP registry load failed — ${msg}. ` +
+                        `Continuing without MCP tools. Fix .pugi/mcp.json to enable.\n`);
+                    return undefined;
+                }
+            })();
+        }
+        return mcpRegistryPromise;
+    }
+    async function resolveHooks(root, session) {
+        if (hooksPromise === null) {
+            hooksPromise = (async () => {
+                try {
+                    const outcome = await loadHooks({
+                        workspaceRoot: root,
+                        session,
+                        label: 'repl',
+                    });
+                    if (outcome.kind === 'parse-failure-refused') {
+                        // /triple-review P1 round 2: hooks fail-open is a security
+                        // regression vs cli.ts:6440 (hard-exit on parse failure).
+                        // SECURITY: a workspace operator who configured a `PreToolUse
+                        // onFailure: 'block'` rule that refuses bash containing `rm`
+                        // loses that protection the moment the JSON file gets a
+                        // typo. Stderr-only warning scrolls off the TUI.
+                        //
+                        // Mitigation: do NOT load hooks for this REPL session (so
+                        // the operator's mental model — "I have hooks configured" —
+                        // does not silently break), AND mark the bridge as "hooks
+                        // parse failed" so every turn surfaces the warning until
+                        // the file is fixed. The PUGI_HOOKS_BYPASS=1 env var
+                        // (loadHookRegistryOrExit:97-107) is still the explicit
+                        // escape hatch when the operator is mid-edit and acknowledges
+                        // the risk.
+                        securityHooksParseFailed.value = true;
+                        process.stderr.write('pugi REPL engine bridge: SECURITY — hooks parse failed. ' +
+                            'PreToolUse/PostToolUse rules are NOT active for this REPL ' +
+                            'session. Fix .pugi/hooks.json and restart REPL, OR set ' +
+                            'PUGI_HOOKS_BYPASS=1 to acknowledge and continue.\n');
+                        return undefined;
+                    }
+                    return outcome.hooks;
+                }
+                catch (error) {
+                    const msg = error.message;
+                    process.stderr.write(`pugi REPL engine bridge: hooks loader threw — ${msg}. ` +
+                        `Continuing without hooks.\n`);
+                    return undefined;
+                }
+            })();
+        }
+        return hooksPromise;
+    }
     return async (input) => {
         const root = deps.cwd();
         const session = openSession(root);
         const client = buildClient(deps.config);
+        const [cachedMcpRegistry, cachedHooks] = await Promise.all([
+            resolveMcpRegistry(root),
+            resolveHooks(root, session),
+        ]);
+        if (securityHooksParseFailed.value) {
+            // /triple-review P1 round 2: re-emit the security warning on every
+            // bridged turn so the operator does not miss it after scrollback.
+            // Cheap one-liner, hard to miss in TUI status pane.
+            process.stderr.write('pugi REPL engine bridge: SECURITY reminder — hooks still NOT ' +
+                'loaded for this session (.pugi/hooks.json parse failure).\n');
+        }
         const adapter = new NativePugiEngineAdapter({
             client,
             session,
+            ...(cachedMcpRegistry ? { mcpRegistry: cachedMcpRegistry } : {}),
+            ...(cachedHooks ? { hooks: cachedHooks } : {}),
+            ...(deps.intensityProfile ? { intensityProfile: deps.intensityProfile } : {}),
         });
         // Per-call name map for matching `tool.end` -> `tool.start`. New
         // every invocation so concurrent bridges never cross-pollute.

package/dist/core/repl/session.js

@@ -40,7 +40,8 @@ import { applyRewindMask } from '../checkpoint/rewinder.js';
 import { evaluateAutoCompact } from '../compact/auto-trigger.js';
 import { estimateTokensInMany } from '../compact/token-counter.js';
 import { extractAskTags, extractPlanReviewTags, signatureForAsk, } from './ask.js';
-import { extractToolRouteTags, } from './tool-route.js';
+import { extractToolRouteTags, signatureForToolRoute, } from './tool-route.js';
+import { personaSlugFor } from '../engine/prompts.js';
 import { existsSync, readdirSync, statSync } from 'node:fs';
 import { resolve as resolvePath } from 'node:path';
 import { CancellationToken } from './cancellation.js';
@@ -2788,13 +2789,70 @@ export class ReplSession {
         if (!this.streamHandle && !this.closed) {
             this.openStream();
         }
+        // PR A (PUGI-538-FU) — REPL becomes a first-class engine
+        // path. When the CLI REPL has an engine bridge wired the brief is
+        // dispatched DIRECTLY to the inproc engine adapter via
+        // `runEngineBridge` instead of POSTing к admin-api `/sessions/:id/brief`.
+        //
+        // Why this matters:
+        //  - The server-side bypass () had to fabricate a synthetic
+        //    `<pugi-tool-route>` envelope SSE event so the CLI parser would
+        //    fire `runEngineBridge`. That worked but cost one full HTTP
+        //    round-trip + SSE latency per turn — and required `cliVersion`
+        //    to thread correctly через the session-create + header pipe
+        //    (which broke in production: CEO smoke 2026-06-05 showed
+        //    `envelope=delegate` instead of `tool-route` because the version
+        //    header was missing on his customer-installed beta.95 client,
+        //    so the bypass branch never matched и the coordinator chat
+        //    ceremony ran anyway).
+        //  - Going direct removes that whole class of bug: the CLI knows
+        //    it is the CLI, it has the engine bridge in hand, it skips the
+        //    server entirely и calls the adapter inproc. Matches Claude
+        //    Code / Codex / Aider tools-first loop architecture.
+        //
+        // Personas survive: `personaSlugFor('code')` returns 'dev' (Hiroshi),
+        // the engine adapter renders the persona system prompt + memory
+        // recall just like `pugi code` direct CLI. The synthetic agent-tree
+        // node inside `runEngineBridge` carries `personaName` so the TUI
+        // shows "Hiroshi" the same way it did before.
+        //
+        // Server-side bypass от  remains в place для non-CLI surfaces
+        // (cabinet BFF, telegram bot) — they have no engine adapter wired,
+        // so the server still needs to fabricate the dispatch on their behalf.
+        //
+        // Env opt-out: `PUGI_REPL_DIRECT_ENGINE=0` falls back к the HTTP
+        // path for regression debugging. cliVersion presence is the CLI
+        // signal — REPL embedded inside cabinet BFF mounts without that
+        // field и continues к hit the server route.
+        const useDirectEngine = this.options.engineBridge !== undefined &&
+            typeof this.options.cliVersion === 'string' &&
+            this.options.cliVersion.length > 0 &&
+            (this.options.env ?? process.env).PUGI_REPL_DIRECT_ENGINE !== '0';
         try {
-            await this.options.transport.postBrief({
-                apiUrl: this.options.apiUrl,
-                apiKey: this.options.apiKey,
-                sessionId,
-                brief,
-            });
+            if (useDirectEngine) {
+                const persona = personaSlugFor('code');
+                const tag = {
+                    command: 'code',
+                    brief,
+                    persona,
+                    // Direct-dispatch tags do not flow through the parser, so the
+                    // start/end byte offsets are inapplicable. Keep `signatureForToolRoute`
+                    // so the seen-tag rolling set still de-dupes a brief that the
+                    // operator submits twice in a row by accident.
+                    signature: signatureForToolRoute('code', persona, brief),
+                    start: 0,
+                    end: 0,
+                };
+                await this.runEngineBridge(tag);
+            }
+            else {
+                await this.options.transport.postBrief({
+                    apiUrl: this.options.apiUrl,
+                    apiKey: this.options.apiKey,
+                    sessionId,
+                    brief,
+                });
+            }
         }
         catch (error) {
             this.appendSystemLine(`Brief dispatch refused: ${this.errorMessage(error)}`);

package/dist/runtime/version.js

@@ -44,7 +44,7 @@ export function sanitizeSemver(raw) {
  * during import). When bumping the CLI version BOTH literals must be
  * updated; the release smoke-test (`pack:smoke`) verifies they agree.
  */
-export const PUGI_CLI_VERSION = sanitizeSemver('0.1.0-beta.94');
+export const PUGI_CLI_VERSION = sanitizeSemver('0.1.0-beta.96');
 /**
  * Outbound: the CLI's installed semver. Read at request time by
  * `version-interceptor.ts` and injected on every `fetch` call.

package/dist/tui/repl-render.js

@@ -28,6 +28,7 @@ import { resolveTheme } from '../core/theme/state.js';
 import { ReplSession, } from '../core/repl/session.js';
 import { resolveWorkspaceContext } from '../core/repl/workspace-context.js';
 import { createEngineBridge } from '../core/repl/engine-bridge.js';
+import { profileFor, resolveIntensity } from '../core/engine/intensity.js';
 import { SqliteSessionStore } from '../core/repl/store/index.js';
 import { slugForCwd } from '../core/repl/history.js';
 import { loadSettings } from '../core/settings.js';
@@ -162,12 +163,21 @@ export async function renderRepl(options) {
     // the same UX as a pre-PUGI-538c CLI build.
     let engineBridge;
     try {
+        // PR A (2026-06-05): resolve intensity profile once at bridge
+        // construction time. The bridge stays pure and re-uses the resolved
+        // profile across every routed brief. `resolveIntensity` reads env
+        // (`PUGI_INTENSITY`) и settings.json; the REPL launch lifecycle is
+        // the natural binding point. A future `/intensity` REPL command
+        // will rebuild the bridge to swap the profile mid-session.
+        const intensityLevel = resolveIntensity({});
+        const intensityProfile = profileFor(intensityLevel);
         engineBridge = createEngineBridge({
             config: buildRuntimeConfig({
                 apiUrl: options.apiUrl,
                 apiKey: options.apiKey,
             }),
             cwd: () => process.cwd(),
+            intensityProfile,
         });
     }
     catch (err) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pugi/cli",
-  "version": "0.1.0-beta.94",
+  "version": "0.1.0-beta.96",
   "description": "Pugi CLI - terminal-native software execution system",
   "homepage": "https://pugi.io",
   "repository": {
@@ -63,7 +63,7 @@
     "which": "^6.0.0",
     "zod": "^3.23.0",
     "@pugi/personas": "0.1.2",
-    "@pugi/sdk": "0.1.0-beta.94"
+    "@pugi/sdk": "0.1.0-beta.96"
   },
   "devDependencies": {
     "@types/node": "^22.0.0",