@pugi/cli 0.1.0-beta.96 → 0.1.0-beta.98

package/dist/core/engine/budgets.js

@@ -75,9 +75,15 @@ export const beta1DefaultBudgets = {
     // real per-call token use is ~30-40% lower than legacy. Bump headroom
     // so multi-file refactors no longer trip the cap. Anvil clamps per-call
     // max_tokens to 128k (PR) so the engine envelope still safe.
-    fix: { maxTokens: 80_000, maxToolCalls: 20 },
-    code: { maxTokens: 120_000, maxToolCalls: 25 },
-    build: { maxTokens: 200_000, maxToolCalls: 30 },
+    // CEO escalation 2026-06-05: REPL React tic-tac-toe blew budget at
+    // 120214 > 120000 mid-build. the upstream customer expectation = 200K+
+    // context per session с recharge. Bump к 400K for code/fix + raise
+    // tool-call ceilings so multi-file front-end builds (React + tests +
+    // index.css + index.html + main.jsx) fit without forcing the operator
+    // to escalate к `--intensity=deep`.
+    fix: { maxTokens: 250_000, maxToolCalls: 40 },
+    code: { maxTokens: 400_000, maxToolCalls: 50 },
+    build: { maxTokens: 500_000, maxToolCalls: 60 },
     plan: { maxTokens: 200_000, maxToolCalls: 8 },
     explain: { maxTokens: 60_000, maxToolCalls: 10 },
     review_triple: { maxTokens: 100_000, maxToolCalls: 10 },

package/dist/core/engine/intensity.js

@@ -49,26 +49,31 @@ const PROFILES = {
         allowParallelAgents: false,
         maxParallelAgents: 0,
     },
+    // CEO 2026-06-05: 80K standard exhausted React multi-file build mid-
+    // turn (120K hardcoded budget). Customers compare to the upstream = 200K
+    // context per session. Bump standard к 200K so default REPL doesn't
+    // trip mid-build; deep к 500K for complex multi-file refactors;
+    // marathon к 1.5M for long-running autonomous work.
     standard: {
         level: 'standard',
-        maxTurns: 15,
-        budgetTokens: 80_000,
+        maxTurns: 30,
+        budgetTokens: 200_000,
         modelTag: 'standard',
         allowParallelAgents: false,
         maxParallelAgents: 0,
     },
     deep: {
         level: 'deep',
-        maxTurns: 50,
-        budgetTokens: 200_000,
+        maxTurns: 80,
+        budgetTokens: 500_000,
         modelTag: 'standard',
         allowParallelAgents: true,
         maxParallelAgents: 3,
     },
     marathon: {
         level: 'marathon',
-        maxTurns: 200,
-        budgetTokens: 800_000,
+        maxTurns: 300,
+        budgetTokens: 1_500_000,
         modelTag: 'heavy',
         allowParallelAgents: true,
         maxParallelAgents: 3,

package/dist/core/engine/tool-bridge.js

@@ -19,6 +19,12 @@ import { dispatchEnterWorktree, enterWorktreeJsonSchema, } from '../../tools/ent
 import { dispatchExitWorktree, exitWorktreeJsonSchema, } from '../../tools/exit-worktree.js';
 import { webFetchTool } from '../../tools/web-fetch.js';
 import { webSearchTool } from '../../tools/web-search.js';
+// Phase 1 runtime evidence pack (PUGI-291..295): server_* + http_request
+// dispatchers + JSON schema fragments. Every primitive returns a
+// sentinel string on validation failure (sleep/brief convention) so
+// the engine adapter surfaces it as a recoverable tool result.
+import { dispatchHttpRequest, httpRequestJsonSchema, } from '../../tools/http-request.js';
+import { dispatchServerHealth, dispatchServerLogs, dispatchServerStart, dispatchServerStop, serverHealthJsonSchema, serverLogsJsonSchema, serverStartJsonSchema, serverStopJsonSchema, } from '../../tools/server-tools.js';
 import { agentTool } from '../../tools/agent-tool.js';
 import { multiEdit } from '../../tools/multi-edit.js';
 import { recordVerificationCall } from '../session.js';
@@ -217,6 +223,15 @@ const WIRED_TOOLS = new Set([
     'symbols_signature',
     'symbols_type_definition',
     'symbols_workspace_symbols',
+    // Phase 1 runtime evidence pack (PUGI-291..295): server_* + http_request.
+    // Off by default in plan mode (mutation surface for start/stop; even
+    // health/logs/http_request cross the plan-mode read-only contract
+    // because they are runtime evidence primitives, not source reads).
+    'http_request',
+    'server_health',
+    'server_logs',
+    'server_start',
+    'server_stop',
 ]);
 export function buildToolsSchema(kind, options = { allowFetch: false, allowSearch: false }) {
     const planMode = kind === 'plan';
@@ -831,6 +846,31 @@ export function buildToolsSchema(kind, options = { allowFetch: false, allowSearc
                     },
                 },
             },
+        }, 
+        // Phase 1 runtime evidence pack (PUGI-291..295) - server lifecycle
+        // primitives + generic HTTP request. Off in plan mode because each
+        // tool produces side effects (a spawned process, an outbound HTTP
+        // call) the plan-mode read-only contract refuses.
+        {
+            name: 'server_start',
+            description: 'Spawn a server via /bin/sh -c <command> in the workspace and poll the health URL until it returns the expected status (default 200) or the timeout elapses. Persists pid + meta to `.pugi/runs/<runId>/server.json` and a stdout/stderr tail to `server.log`. Returns {ok, pid, port, healthStatus, logPath, durationMs, error?}. Use to materialise concrete pid + health 200 evidence rather than asserting a server is up in prose.',
+            parameters: serverStartJsonSchema,
+        }, {
+            name: 'server_stop',
+            description: 'Send SIGTERM to the supplied pid, wait graceMs (default 5000ms), then escalate to SIGKILL. Idempotent - a pid that already exited returns ok=true with signal=undefined. Returns {ok, pid, exitCode?, signal?, durationMs, error?}.',
+            parameters: serverStopJsonSchema,
+        }, {
+            name: 'server_health',
+            description: 'One-shot HTTP GET against the supplied URL with a short timeout (default 5000ms, max 60000ms). Returns {ok, status, durationMs, body?, error?} where ok=true only when the response status equals expectStatus (default 200). Body is capped at 1 KB so the envelope stays compact.',
+            parameters: serverHealthJsonSchema,
+        }, {
+            name: 'server_logs',
+            description: 'Read the trailing N lines of `.pugi/runs/<runId>/server.log`. Defaults to the most recent run when runId is omitted; pid-based lookup walks every run dir. Returns {ok, logPath, lines, totalLines, error?}.',
+            parameters: serverLogsJsonSchema,
+        }, {
+            name: 'http_request',
+            description: 'Issue an HTTP request (GET/POST/PUT/PATCH/DELETE/HEAD/OPTIONS) against a URL. Loopback hosts (localhost / 127.0.0.0/8 / ::1) always pass; non-loopback hosts require allowExternal: true so the default posture stays private. Body objects/arrays are JSON-serialised. Returns {ok, status, headers, body, json?, durationMs, error?, truncated?}.',
+            parameters: httpRequestJsonSchema,
         });
     }
     // β4 M1/M3: append MCP tools last. Plan mode skips them because every
@@ -1235,6 +1275,26 @@ export function buildExecutor(input) {
                     sessionId,
                 });
             }
+            // Phase 1 runtime evidence pack (PUGI-291..295). Each tool returns
+            // a JSON-string envelope or a sentinel string on validation
+            // failure - both paths are recoverable from the model's POV, so
+            // the engine adapter routes them as plain tool results and the
+            // model can self-correct.
+            if (name === 'server_start') {
+                return dispatchServerStart({ workspaceRoot }, args);
+            }
+            if (name === 'server_stop') {
+                return dispatchServerStop({ workspaceRoot }, args);
+            }
+            if (name === 'server_health') {
+                return dispatchServerHealth({ workspaceRoot }, args);
+            }
+            if (name === 'server_logs') {
+                return dispatchServerLogs({ workspaceRoot }, args);
+            }
+            if (name === 'http_request') {
+                return dispatchHttpRequest({}, args);
+            }
             if (name === 'multi_edit') {
                 return dispatchMultiEdit(args, ctx);
             }

package/dist/core/permissions/tool-class.js

@@ -47,11 +47,25 @@ const BUILT_IN_TOOL_CLASSES = Object.freeze({
     skill: 'read',
     task_get: 'read',
     task_list: 'read',
+    // Phase 1 runtime evidence pack (PUGI-291..295): server_health and
+    // server_logs are read-only probes (HTTP GET + tail of a log file
+    // already on disk). Classifying them as `read` keeps the ask-mode
+    // prompts honest; the dispatcher still applies the network-perm gate
+    // for server_health and the workspace-read gate for server_logs.
+    server_health: 'read',
+    server_logs: 'read',
     // Mutating actions.
     write: 'write',
     edit: 'write',
     multi_edit: 'write',
     bash: 'write',
+    // Phase 1 runtime evidence pack: server_start spawns a process,
+    // server_stop terminates one, http_request can POST/PUT/DELETE
+    // arbitrary data against a localhost service. All three are write
+    // class so plan mode refuses and ask mode prompts.
+    server_start: 'write',
+    server_stop: 'write',
+    http_request: 'write',
     task_create: 'write',
     task_update: 'write',
     todo_write: 'write',

package/dist/core/repl/session.js

@@ -2831,6 +2831,24 @@ export class ReplSession {
         try {
             if (useDirectEngine) {
                 const persona = personaSlugFor('code');
+                // PR C (PUGI-538-FU): thread the recent conversation
+                // into the engine prompt so multi-turn refinements work. Without
+                // this, the engine sees only the literal current brief — a
+                // follow-up like "react" after "сделай крестики нолики" arrives
+                // as a bare "react" with no prior context, and the engine ships
+                // arbitrary nonsense or asks again ("нет конкретного feature
+                // request"). The CEO reproduction 2026-06-05 (Python tic-tac-toe
+                // shipped когда customer wanted React браузер game, then engine
+                // claimed "нет feature request" on the correction turn) is
+                // exactly this gap.
+                //
+                // Display channels (system line, transcript) keep using the bare
+                // `brief` for UX cleanliness; only the engine's task.prompt gets
+                // the full conversational context via the new `enginePrompt`
+                // field. Engine-bridge falls back to brief when enginePrompt is
+                // undefined (server-emitted parser-built tags), preserving the
+                // legacy behaviour for those surfaces.
+                const enginePrompt = this.buildEnginePromptWithContext(brief);
                 const tag = {
                     command: 'code',
                     brief,
@@ -2842,6 +2860,7 @@ export class ReplSession {
                     signature: signatureForToolRoute('code', persona, brief),
                     start: 0,
                     end: 0,
+                    ...(enginePrompt !== brief ? { enginePrompt } : {}),
                 };
                 await this.runEngineBridge(tag);
             }
@@ -2862,6 +2881,54 @@ export class ReplSession {
             this.markDispatchFailed('post_brief_failed');
         }
     }
+    /**
+     * PR C (PUGI-538-FU): build the engine prompt with recent
+     * conversation context prepended. The current brief is preserved as
+     * the explicit "Current request:" terminal so the engine knows what
+     * the user is asking right now, while the prior turns give it the
+     * stack/framework/format hints from earlier in the dialog.
+     *
+     * Returns `brief` unchanged when there is no prior conversation —
+     * the empty preamble would just waste tokens.
+     *
+     * Window policy: last 4 conversational exchanges (operator + persona
+     * pairs), text truncated к 400 chars per row. Drops the trailing
+     * operator row if it matches `brief` (which has already been appended
+     * to the transcript by `appendOperatorLine` at line 3429 above and
+     * would otherwise duplicate inside the prompt).
+     *
+     * Doc strings stay в English per repo convention; the rendered
+     * preamble uses neutral English labels ("User", "Pugi") so the
+     * engine's model treats it as standard transcript context rather
+     * than a localized field name.
+     */
+    buildEnginePromptWithContext(brief) {
+        const MAX_TURNS = 4;
+        const MAX_ROW_CHARS = 400;
+        const conversational = this.state.transcript.filter((r) => r.source === 'operator' || r.source === 'persona');
+        if (conversational.length === 0)
+            return brief;
+        // Take the last MAX_TURNS * 2 rows (each turn = 1 operator + 1 persona).
+        const recent = conversational.slice(-(MAX_TURNS * 2));
+        // Drop trailing operator row when it equals the brief we're about
+        // to dispatch — the brief is the "current request" and already
+        // landed in the transcript via `appendOperatorLine` earlier in
+        // `dispatchBrief`. Including it twice would confuse the engine.
+        const lastRow = recent[recent.length - 1];
+        const trimmed = lastRow && lastRow.source === 'operator' && lastRow.text === brief
+            ? recent.slice(0, -1)
+            : recent;
+        if (trimmed.length === 0)
+            return brief;
+        const lines = trimmed.map((r) => {
+            const role = r.source === 'operator' ? 'User' : 'Pugi';
+            const truncated = r.text.length > MAX_ROW_CHARS
+                ? r.text.slice(0, MAX_ROW_CHARS) + '...'
+                : r.text;
+            return `- ${role}: ${truncated}`;
+        });
+        return `Recent conversation:\n${lines.join('\n')}\n\nCurrent request: ${brief}`;
+    }
     /**
      * : reset the FSM to `idle` after a terminal transition so the
      * next brief can start. The FSM does not allow direct
@@ -4137,7 +4204,11 @@ export class ReplSession {
             result = await bridge({
                 command: tag.command,
                 persona: tag.persona,
-                brief: tag.brief,
+                // PR C (PUGI-538-FU): prefer the contextualized
+                // engine prompt when the direct-engine path set it. Falls back
+                // к the bare brief for parser-built tags from the server-emitted
+                // envelope path (no conversation context available there).
+                brief: tag.enginePrompt ?? tag.brief,
                 bridgeId,
                 signal: abort.signal,
                 onEvent,

package/dist/core/subagents/dispatcher.js

@@ -142,16 +142,21 @@ const DENY_ALL_WRITES_READONLY = Object.freeze([
 /* ------------------------------------------------------------------ */
 /* Default budgets                                                   */
 /* ------------------------------------------------------------------ */
+// CEO escalation 2026-06-05: 120K coder budget exhausted mid-React-
+// build (120214 > 120000). Match the engine-level `code` task bump
+// (apps/pugi-cli/src/core/engine/budgets.ts:149 — 400K). Subagent
+// dispatches inherit the upstream caller's headroom, so this needs
+// to track the engine envelope.
 const DEFAULT_BUDGETS = Object.freeze({
-    orchestrator: { tokens: 200_000, dollars: 5, wallClockMs: 600_000 },
-    architect: { tokens: 80_000, dollars: 2, wallClockMs: 300_000 },
-    coder: { tokens: 120_000, dollars: 3, wallClockMs: 600_000 },
-    verifier: { tokens: 60_000, dollars: 2, wallClockMs: 300_000 },
-    reviewer: { tokens: 80_000, dollars: 2, wallClockMs: 300_000 },
-    researcher: { tokens: 60_000, dollars: 1.5, wallClockMs: 300_000 },
-    release: { tokens: 40_000, dollars: 1, wallClockMs: 180_000 },
-    devops: { tokens: 60_000, dollars: 2, wallClockMs: 300_000 },
-    design_qa: { tokens: 60_000, dollars: 1.5, wallClockMs: 300_000 },
+    orchestrator: { tokens: 400_000, dollars: 8, wallClockMs: 900_000 },
+    architect: { tokens: 200_000, dollars: 4, wallClockMs: 600_000 },
+    coder: { tokens: 400_000, dollars: 8, wallClockMs: 900_000 },
+    verifier: { tokens: 150_000, dollars: 3, wallClockMs: 600_000 },
+    reviewer: { tokens: 200_000, dollars: 4, wallClockMs: 600_000 },
+    researcher: { tokens: 150_000, dollars: 3, wallClockMs: 600_000 },
+    release: { tokens: 80_000, dollars: 2, wallClockMs: 300_000 },
+    devops: { tokens: 150_000, dollars: 3, wallClockMs: 600_000 },
+    design_qa: { tokens: 150_000, dollars: 3, wallClockMs: 600_000 },
 });
 /**
  * Resolve the effective budget for a dispatch by merging task overrides

package/dist/runtime/cli.js

@@ -5021,48 +5021,26 @@ function renderLocalSessionList(rows, projectSlug) {
  * 1 is reserved for the credential gate (engine_unavailable) so
  * existing shell wrappers that branch on "any non-zero" still work.
  */
-const ENGINE_EXIT_CODES = {
-    done: 0,
-    failed: 8,
-    blocked: 9,
-    engine_unavailable: 1,
-    // PUGI-VERIFY-GATE: needs_verification is the engine telling the
-    // operator "you did not run a verification command — I cannot
-    // confirm correctness". CI scripts treating any non-zero as
-    // failure keep working; exit 2 historically means "misuse" (the
-    // engine completed but the operator missed a required step),
-    // which matches the semantic here.
-    needs_verification: 2,
-};
-/**
- * PUGI-VERIFY-GATE — Codex dogfood 2026-06-04 surfaced a P0 where
- * `pugi code` returned exit 0 while npm test failed. The spec
- * locks the contract to exit 1 on a verification failure AND exit
- * 2 on `needs_verification`. Legacy callers reading exit 8/9 still
- * see "any non-zero = failure" but the new codes (1/2) are the
- * authoritative signal for the verification gate.
- *
- * The override fires when `result.status` carries the new
- * `needs_verification` literal OR when `result.unverifiedReason`
- * is set to `verification_command_failed` — the latter pins exit
- * 1 even if a future producer left `status: 'failed'` while
- * inferring the cause from the reason field.
- */
-function resolveEngineExitCode(result) {
-    if (result.status === 'needs_verification') {
-        return ENGINE_EXIT_CODES.needs_verification;
-    }
-    if (result.unverifiedReason === 'verification_command_failed') {
-        // Spec: verified=false because a verification command failed
-        // maps to CLI exit 1 (clear "this is broken" signal).
-        return 1;
-    }
-    if (result.status === 'done')
-        return ENGINE_EXIT_CODES.done;
-    if (result.status === 'failed')
-        return ENGINE_EXIT_CODES.failed;
-    return ENGINE_EXIT_CODES.blocked;
-}
+// PUGI-VERIFY-GATE - Codex dogfood 2026-06-04 surfaced a P0 where
+// `pugi code` returned exit 0 while npm test failed. The spec locks
+// the contract to exit 1 on a verification failure AND exit 2 on
+// `needs_verification`. Legacy callers reading exit 8/9 still see
+// "any non-zero = failure" but the new codes (1/2) are the
+// authoritative signal for the verification gate.
+//
+// Phase 1 (PUGI-299) - runtime invariant additions:
+//  3. `verificationFailures` non-empty array → exit 1
+//  4. `verified === false && status === 'done'` → exit 2
+//
+// The two new rules are defensive: today `computeVerificationOutcome`
+// always populates `unverifiedReason` (rule 2) or downgrades the
+// status (rule 1) so the new branches never fire, but the invariant
+// locks the contract for future engine adapters.
+//
+// Implementation lives in `engine-exit-code.ts` so the runtime spec
+// (`test/engine-exit-code.spec.ts`) can exercise it without mounting
+// this 9700-LOC entry module.
+import { ENGINE_EXIT_CODES, resolveEngineExitCode, } from './engine-exit-code.js';
 function commandLabel(kind) {
     return kind === 'build_task' ? 'build' : kind;
 }
@@ -8132,5 +8110,12 @@ export const __test__ = {
     // env-driven $PUGI_HOME redirect) without going через the full
     // engine-task dispatch path.
     readPersistedContextTier,
+    // Phase 1 (PUGI-299) - runtime verification gate exit-code resolver.
+    // Re-exported from `engine-exit-code.ts` so the invariant spec can
+    // assert that a `verificationFailures` non-empty array OR a
+    // `verified=false` outcome MUST surface as a non-zero CLI exit
+    // even when a malformed adapter forgets to flip the status.
+    resolveEngineExitCode,
+    ENGINE_EXIT_CODES,
 };
 //# sourceMappingURL=cli.js.map

package/dist/runtime/engine-exit-code.js

@@ -0,0 +1,50 @@
+/**
+ * engine-exit-code - Phase 1 verification gate invariant (PUGI-299).
+ *
+ * The runtime resolves the CLI exit code from the engine outcome via a
+ * deterministic ladder. Extracted from `cli.ts` so the invariant is
+ * exercisable from a focused spec without mounting the 9700-LOC entry
+ * module.
+ *
+ * Contract (in priority order):
+ *  1. `status === 'needs_verification'`    → exit 2
+ *  2. `unverifiedReason === 'verification_command_failed'` → exit 1
+ *  3. `verificationFailures` is a non-empty array          → exit 1
+ *  4. `verified === false && status === 'done'`            → exit 2
+ *  5. `status === 'done'`                                   → exit 0
+ *  6. `status === 'failed'`                                 → exit 8
+ *  7. `status === 'blocked'` (catch-all)                    → exit 9
+ *
+ * The rule fires defensively: rules 3 + 4 cover producer bugs where a
+ * future engine adapter forgets to flip `unverifiedReason` or
+ * downgrade the status to `needs_verification`. Today
+ * `computeVerificationOutcome` always synthesises one of the two,
+ * but the invariant locks the contract.
+ */
+export const ENGINE_EXIT_CODES = {
+    done: 0,
+    failed: 8,
+    blocked: 9,
+    engine_unavailable: 1,
+    needs_verification: 2,
+};
+export function resolveEngineExitCode(result) {
+    if (result.status === 'needs_verification') {
+        return ENGINE_EXIT_CODES.needs_verification;
+    }
+    if (result.unverifiedReason === 'verification_command_failed') {
+        return 1;
+    }
+    if (Array.isArray(result.verificationFailures) && result.verificationFailures.length > 0) {
+        return 1;
+    }
+    if (result.verified === false && result.status === 'done') {
+        return ENGINE_EXIT_CODES.needs_verification;
+    }
+    if (result.status === 'done')
+        return ENGINE_EXIT_CODES.done;
+    if (result.status === 'failed')
+        return ENGINE_EXIT_CODES.failed;
+    return ENGINE_EXIT_CODES.blocked;
+}
+//# sourceMappingURL=engine-exit-code.js.map

package/dist/runtime/version.js

@@ -44,7 +44,7 @@ export function sanitizeSemver(raw) {
  * during import). When bumping the CLI version BOTH literals must be
  * updated; the release smoke-test (`pack:smoke`) verifies they agree.
  */
-export const PUGI_CLI_VERSION = sanitizeSemver('0.1.0-beta.96');
+export const PUGI_CLI_VERSION = sanitizeSemver('0.1.0-beta.98');
 /**
  * Outbound: the CLI's installed semver. Read at request time by
  * `version-interceptor.ts` and injected on every `fetch` call.