@pugi/cli 0.1.0-beta.98 → 1.0.0-alpha.1

package/dist/core/edits/verify-hook.js

@@ -1,273 +0,0 @@
-/**
- * Verify hook — β1b Pl10 .
- *
- * After the edit-dispatcher writes a multi-file change to the
- * workspace, this hook fires three lightweight checks against the
- * post-state and reports each result back to the engine loop as a
- * status event:
- *
- *  1. tsc — if `tsconfig.json` is present in the workspace root, run
- *     `tsc --noEmit` to catch compile-time breakage. Pass/fail tracked
- *     per file is overkill at this stage; we surface the exit code +
- *     first ~40 lines of stderr.
- *  2. tests — if package.json has a `test` script AND a test runner
- *     is available (jest / vitest / node --test), run `pnpm test
- *     --bail` (or `npm test --bail`). Same exit-code + tail of output
- *     contract.
- *  3. URL probes — extract every `https?://...` literal from the diff
- *     (README + code) and HEAD-probe each. A response < 400 counts as
- *     live; >=400 surfaces as a warning. Capped at 8 unique URLs per
- *     hook to avoid spending the budget on doc rot.
- *
- * Retry contract (β1b r1 rescope): the hook itself is stateless and
- * runs ONCE per invocation, returning a structured report. The
- * "feedback → model → re-edit" retry orchestrator does NOT exist yet
- * in the engine loop — it was promised as part of β1b Pl10 but never
- * shipped because the engine refactor that hosts it is bigger than
- * the verify-hook itself can absorb. Retry orchestration is deferred
- * to β6 plan-mode integration where the loop already needs a
- * model→hook feedback channel for plan replay. Today the operator
- * re-runs `pugi code` to re-drive verification after a fail. The
- * stateless hook ships unchanged so the β6 driver can wrap it.
- *
- * Why HEAD and not GET for URL probes:
- *  - HEAD avoids the body fetch; cheaper + faster.
- *  - SSRF guard from `web-fetch.ts::validateHostnameForFetch` runs
- *    before every probe so private IPs / localhost cannot ride.
- *  - Some servers reject HEAD (rare but real); on 4xx-from-HEAD we
- *    do NOT escalate to GET — that would burn the budget. We surface
- *    a `head_rejected` warning so the operator decides.
- *
- * Skip cases (return early with `skipped: true` on the relevant
- * check):
- *  - tsc: no `tsconfig.json` at workspace root.
- *  - tests: no `package.json` OR no `test` script.
- *  - urls: no `https?://...` literals in the diff.
- *
- * Best-effort: every failure mode degrades to a structured report; the
- * hook itself NEVER throws. The engine loop decides whether to
- * surface as a hard fail vs a model-correctable warning.
- *
- * Brand voice: ASCII only, no banned words.
- */
-import { spawnSync } from 'node:child_process';
-import { existsSync, readFileSync } from 'node:fs';
-import { resolve } from 'node:path';
-import { validateHostnameForFetch } from '../../tools/web-fetch.js';
-const DEFAULT_TIMEOUT_MS = 30_000;
-const DEFAULT_MAX_URL_PROBES = 8;
-const URL_LITERAL_RE = /(https?:\/\/[^\s"'<>()`\\\]]+)/g;
-/**
- * Drive one verify pass. Synchronous tsc + test child processes,
- * concurrent URL probes (up to `maxUrlProbes`). Returns once every
- * check has completed (no streaming events — the caller wraps the
- * report into its own status event format).
- */
-export async function runVerifyHook(input) {
-    const timeoutMs = input.timeoutMs ?? DEFAULT_TIMEOUT_MS;
-    const runProc = input.runProc ?? defaultRunProc;
-    return {
-        tsc: runTscCheck(input.workspaceRoot, runProc, timeoutMs),
-        tests: runTestsCheck(input.workspaceRoot, runProc, timeoutMs),
-        urls: await runUrlChecks(input),
-    };
-}
-/* ----------------------- tsc check ---------------------- */
-function runTscCheck(workspaceRoot, runProc, timeoutMs) {
-    const tsconfig = resolve(workspaceRoot, 'tsconfig.json');
-    if (!existsSync(tsconfig)) {
-        return { ok: true, skipped: true, reason: 'no_tsconfig' };
-    }
-    // Prefer `pnpm exec tsc` because pnpm-aware monorepos hoist tsc into
-    // `node_modules/.bin`; fallback to bare `tsc` for global installs.
-    // We try `pnpm exec tsc` first only if a `pnpm-lock.yaml` is at the
-    // workspace root; otherwise we go straight to `tsc`.
-    const pnpmLock = existsSync(resolve(workspaceRoot, 'pnpm-lock.yaml'));
-    const cmd = pnpmLock ? 'pnpm' : 'tsc';
-    const args = pnpmLock ? ['exec', 'tsc', '--noEmit'] : ['--noEmit'];
-    const result = runProc(cmd, args, workspaceRoot, timeoutMs);
-    if (result.exitCode === 0)
-        return { ok: true };
-    return {
-        ok: false,
-        reason: `tsc_exit_${result.exitCode}`,
-        detail: tailOutput(result.stdout, result.stderr, 40),
-    };
-}
-/* ----------------------- tests check ---------------------- */
-function runTestsCheck(workspaceRoot, runProc, timeoutMs) {
-    const pkgPath = resolve(workspaceRoot, 'package.json');
-    if (!existsSync(pkgPath)) {
-        return { ok: true, skipped: true, reason: 'no_package_json' };
-    }
-    let pkg;
-    try {
-        pkg = JSON.parse(readFileSync(pkgPath, 'utf8'));
-    }
-    catch {
-        return { ok: true, skipped: true, reason: 'malformed_package_json' };
-    }
-    if (!pkg.scripts || typeof pkg.scripts.test !== 'string') {
-        return { ok: true, skipped: true, reason: 'no_test_script' };
-    }
-    const pnpmLock = existsSync(resolve(workspaceRoot, 'pnpm-lock.yaml'));
-    // Prefer pnpm test --bail; some test runners reject the flag (node
-    // --test ignores it), so we surface non-zero exits clearly but do
-    // not retry without --bail.
-    // Both pnpm + npm accept `<cmd> test -- --bail`; the runner-side
-    // flag-forwarding contract is identical, so the ternary collapses to
-    // a single args literal.
-    const cmd = pnpmLock ? 'pnpm' : 'npm';
-    const args = ['test', '--', '--bail'];
-    const result = runProc(cmd, args, workspaceRoot, timeoutMs);
-    if (result.exitCode === 0)
-        return { ok: true };
-    return {
-        ok: false,
-        reason: `tests_exit_${result.exitCode}`,
-        detail: tailOutput(result.stdout, result.stderr, 60),
-    };
-}
-/* ----------------------- url probes ---------------------- */
-async function runUrlChecks(input) {
-    const diffText = input.diffText ?? '';
-    if (diffText.length === 0) {
-        return { ok: true, skipped: true, reason: 'no_diff_text' };
-    }
-    const urls = extractUrls(diffText);
-    if (urls.length === 0) {
-        return { ok: true, skipped: true, reason: 'no_urls' };
-    }
-    const cap = input.maxUrlProbes ?? DEFAULT_MAX_URL_PROBES;
-    const probed = urls.slice(0, cap);
-    const probeFn = input.probeFn ?? defaultProbeFn;
-    const failures = [];
-    for (const url of probed) {
-        // Hostname SSRF guard — never probe a localhost / private IP even
-        // when a literal in the diff points there.
-        let parsed;
-        try {
-            parsed = new URL(url);
-        }
-        catch {
-            failures.push({ url, error: 'invalid_url' });
-            continue;
-        }
-        if (parsed.protocol !== 'http:' && parsed.protocol !== 'https:') {
-            failures.push({ url, error: `unsupported_scheme_${parsed.protocol}` });
-            continue;
-        }
-        const hostname = parsed.hostname.replace(/^\[|\]$/g, '');
-        const guard = await validateHostnameForFetch(hostname);
-        if (guard) {
-            failures.push({ url, error: `ssrf_refused: ${guard}` });
-            continue;
-        }
-        try {
-            const r = await probeFn(url);
-            if ('error' in r) {
-                failures.push({ url, error: r.error });
-                continue;
-            }
-            if (r.status >= 400) {
-                failures.push({ url, error: `http_${r.status}` });
-            }
-        }
-        catch (error) {
-            failures.push({
-                url,
-                error: error instanceof Error ? error.message : String(error),
-            });
-        }
-    }
-    if (failures.length === 0) {
-        return { ok: true, probedCount: probed.length };
-    }
-    return {
-        ok: false,
-        reason: `url_probe_failed`,
-        probedCount: probed.length,
-        failures,
-        detail: failures.map((f) => `${f.url} → ${f.error}`).join('; '),
-    };
-}
-/**
- * Extract unique http(s) URLs from a diff/text blob. Order preserved
- * (first-seen) so the cap picks the earliest-mentioned ones, which
- * intuitively matches the operator's expectation.
- */
-export function extractUrls(text) {
-    const seen = new Set();
-    const out = [];
-    let match;
-    // Reset the regex's lastIndex; URL_LITERAL_RE is module-scoped and
-    // /g means stateful exec calls.
-    URL_LITERAL_RE.lastIndex = 0;
-    while ((match = URL_LITERAL_RE.exec(text)) !== null) {
-        const raw = match[1];
-        if (!raw)
-            continue;
-        // Strip a trailing punctuation that the regex tolerates inside
-        // the match (sentences in Markdown often end `... https://x).`).
-        // We also strip `!` and `?` so prose like "see https://x!" lands
-        // as `https://x`.
-        const cleaned = raw.replace(/[.,;:!?)\]>]+$/, '');
-        if (cleaned.length === 0)
-            continue;
-        if (seen.has(cleaned))
-            continue;
-        seen.add(cleaned);
-        out.push(cleaned);
-    }
-    return out;
-}
-/* ----------------------- defaults ---------------------- */
-function defaultRunProc(cmd, args, cwd, timeoutMs) {
-    const result = spawnSync(cmd, [...args], {
-        cwd,
-        encoding: 'utf8',
-        timeout: timeoutMs,
-        // Inherit a minimal env — every check is read-only against the
-        // workspace and we do not want to leak PUGI_API_KEY into a
-        // sub-process accidentally.
-        env: { ...process.env, PUGI_API_KEY: undefined, PUGI_LOGIN_TOKEN: undefined },
-    });
-    return {
-        exitCode: typeof result.status === 'number' ? result.status : -1,
-        stdout: result.stdout ?? '',
-        stderr: result.stderr ?? '',
-    };
-}
-async function defaultProbeFn(url) {
-    // Lazy-import undici so the verify-hook module stays cheap when
-    // url probes are skipped.
-    const { request } = await import('undici');
-    try {
-        const response = await request(url, {
-            method: 'HEAD',
-            bodyTimeout: 5_000,
-            headersTimeout: 5_000,
-        });
-        // Drain so the connection releases promptly.
-        try {
-            await response.body.dump();
-        }
-        catch {
-            /* swallow */
-        }
-        return { status: response.statusCode };
-    }
-    catch (error) {
-        return { error: error instanceof Error ? error.message : String(error) };
-    }
-}
-function tailOutput(stdout, stderr, maxLines) {
-    const merged = `${stdout}\n${stderr}`.trim();
-    if (merged.length === 0)
-        return '';
-    const lines = merged.split('\n');
-    if (lines.length <= maxLines)
-        return merged;
-    return `... (${lines.length - maxLines} earlier lines elided)\n${lines.slice(-maxLines).join('\n')}`;
-}
-//# sourceMappingURL=verify-hook.js.map

package/dist/core/edits/worktree.js

@@ -1,322 +0,0 @@
-/**
- * Worktree isolation — Phase 1.
- *
- * Wraps `git worktree add` so a long agent loop (build / consensus
- * review / multi-file refactor) can land its edits into a scratch
- * workspace, run the validators against THAT path, and only then promote
- * the resulting diff back to the operator's main working tree. The
- * primary win is safety: a half-applied refactor never corrupts the
- * operator's branch.
- *
- * Three operations:
- *
- *  - `createWorktree(branch)` — spawns `git worktree add --detach`
- *    under `.pugi/worktrees/<uuid>` based on the supplied branch (or
- *    HEAD when omitted). Returns the absolute path + a `cleanup()`
- *    callback. The dir lives under `.pugi/` so the existing `.gitignore`
- *    for that subtree applies (no accidental commits of the scratch
- *    state to the main repo).
- *
- *  - `promoteWorktree(worktreePath, cwd)` — diffs the worktree against
- *    its base commit and applies the diff to the main `cwd` via
- *    `git apply`. Refuses if the main cwd has staged changes that
- *    would conflict; the operator must commit or stash first.
- *
- *  - `dropWorktree(worktreePath)` — removes the worktree both from
- *    git's bookkeeping (`git worktree remove --force`) and from disk.
- *    Idempotent; a partially-removed worktree (`git` already cleaned
- *    up but dir survived) is handled.
- *
- * Brand voice: ASCII only, no emoji, no banned words.
- */
-import { spawnSync } from 'node:child_process';
-import { existsSync, mkdirSync, realpathSync, rmSync } from 'node:fs';
-import { randomUUID } from 'node:crypto';
-import { resolve, sep } from 'node:path';
-import { OperatorAbortedError } from '../../tools/file-tools.js';
-import { applySecurityGate } from './security-gate.js';
-import { extractPatchPaths } from '../../tools/apply-patch.js';
-/**
- * Create a scratch worktree under `.pugi/worktrees/<uuid>`. The path is
- * guaranteed unique (uuid) so multiple agent loops can run in parallel
- * without collision.
- */
-export function createWorktree(opts) {
-    if (opts.cancellation && opts.cancellation.isAborted) {
-        return { ok: false, reason: 'operator_aborted', detail: 'createWorktree aborted' };
-    }
-    // Confirm we're inside a git repo. `git rev-parse --git-dir` is the
-    // canonical check and avoids a misleading error message later when
-    // `git worktree add` runs in a non-repo.
-    const gitDir = runGit(['rev-parse', '--git-dir'], opts.cwd);
-    if (gitDir.status !== 0) {
-        return {
-            ok: false,
-            reason: 'not_a_git_repo',
-            detail: `not a git repo: ${opts.cwd}`,
-        };
-    }
-    // Resolve base SHA. When the operator named a branch we honor it; the
-    // default is HEAD. We capture the SHA up-front so `promoteWorktree`
-    // can `git diff <baseSha>..HEAD` deterministically even if the main
-    // working tree has moved forward since.
-    const baseRef = opts.branch ?? 'HEAD';
-    const baseShaResult = runGit(['rev-parse', baseRef], opts.cwd);
-    if (baseShaResult.status !== 0) {
-        return {
-            ok: false,
-            reason: 'git_command_failed',
-            detail: `cannot resolve base ref ${baseRef}: ${baseShaResult.stderr}`,
-        };
-    }
-    const baseSha = baseShaResult.stdout.trim();
-    const worktreeRoot = resolve(opts.cwd, '.pugi', 'worktrees');
-    mkdirSync(worktreeRoot, { recursive: true });
-    const worktreePath = resolve(worktreeRoot, randomUUID());
-    // `--detach` keeps the worktree on a detached HEAD so we don't
-    // collide with branch checkouts on the main tree. The worktree is
-    // throwaway — there is no branch name to track.
-    const create = runGit(['worktree', 'add', '--detach', worktreePath, baseSha], opts.cwd);
-    if (create.status !== 0) {
-        return {
-            ok: false,
-            reason: 'git_command_failed',
-            detail: `git worktree add failed: ${create.stderr}`,
-        };
-    }
-    const handle = {
-        path: worktreePath,
-        baseSha,
-        cleanup: () => {
-            const r = dropWorktree(worktreePath, opts.cwd);
-            if (!r.ok && r.reason !== 'worktree_missing') {
-                // Swallow non-fatal cleanup failures so the agent loop doesn't
-                // hard-crash on the happy path. The diagnostic still surfaces
-                // via the JSON output on the `pugi worktree drop` command.
-            }
-        },
-    };
-    return { ok: true, value: handle };
-}
-/**
- * Diff the worktree against its base and apply the diff to the main cwd.
- *
- * Implementation notes:
- *
- *  - We run `git diff --binary <baseSha>` inside the worktree (NOT
- *    `git diff <worktree>..HEAD` from the main tree — the worktree's
- *    HEAD is detached at `baseSha`, so the meaningful diff is the
- *    UNCOMMITTED changes the agent wrote into it).
- *  - `--binary` ensures non-text files (assets, images) survive the
- *    round-trip; without it `git apply` fails on any binary delta.
- *  - We always run `git apply --check` first so a refusal does not
- *    leave the main tree half-modified.
- */
-export function promoteWorktree(opts) {
-    if (opts.cancellation && opts.cancellation.isAborted) {
-        return { ok: false, reason: 'operator_aborted', detail: 'promoteWorktree aborted' };
-    }
-    if (!existsSync(opts.worktreePath)) {
-        return {
-            ok: false,
-            reason: 'worktree_missing',
-            detail: `worktree path does not exist: ${opts.worktreePath}`,
-        };
-    }
-    // Capture the diff against the base SHA. `git diff <baseSha>`
-    // (no `--cached`) compares the WORKING TREE against the base, which
-    // covers both unstaged AND staged changes in a single invocation —
-    // anything the working tree shows is included. `--binary` ensures
-    // non-text files survive the round-trip.
-    //
-    // Note: untracked files that were NEVER staged stay invisible — git
-    // diff has no native flag to include them. The agent loop must
-    // `git add` any new file it wants promoted; the CLI surface
-    // documents this explicitly so the contract is not surprising.
-    // (Staging is enough to expose the file; the file does not need to
-    // be committed.)
-    const diffResult = runGit(['diff', '--binary', opts.baseSha], opts.worktreePath);
-    if (diffResult.status !== 0) {
-        return {
-            ok: false,
-            reason: 'git_command_failed',
-            detail: `git diff failed: ${diffResult.stderr}`,
-        };
-    }
-    const diffText = diffResult.stdout;
-    if (diffText.trim().length === 0) {
-        return { ok: true, value: { filesChanged: 0 } };
-    }
-    // SECURITY GATE (R1 fix, PR r1) — every path mentioned
-    // in the worktree's diff goes through the same `applySecurityGate`
-    // chokepoint as the apply_patch + Layer A/B/C applicators. A staged
-    // `.env` (or `../../etc/passwd`, or a symlink into a protected target)
-    // inside the worktree must NOT slip into the operator's main tree just
-    // because the worktree itself was a sandboxed scratch dir. Without
-    // this gate, `promoteWorktree` was a clean bypass of every other edit
-    // primitive's safety net.
-    const diffPaths = extractPatchPaths(diffText);
-    const failedPaths = [];
-    for (const file of diffPaths) {
-        const gate = applySecurityGate(file, { cwd: opts.cwd, toolName: 'layer-c' });
-        if (!gate.ok) {
-            failedPaths.push(`${file}: ${gate.reason}`);
-        }
-    }
-    if (failedPaths.length > 0) {
-        return {
-            ok: false,
-            reason: 'protected_file_in_worktree',
-            detail: `worktree diff touches protected/escaping paths: ${failedPaths.join('; ')}`,
-            files: failedPaths,
-        };
-    }
-    // `git apply --check` validates the diff against the main tree first.
-    // Refuse early on conflict so the operator can resolve before we
-    // touch any file.
-    const check = runGit(['apply', '--check', '-'], opts.cwd, diffText);
-    if (check.status !== 0) {
-        return {
-            ok: false,
-            reason: 'apply_conflict',
-            detail: `git apply --check rejected: ${check.stderr}`,
-        };
-    }
-    if (opts.dryRun) {
-        return { ok: true, value: { filesChanged: countDiffFiles(diffText) } };
-    }
-    const apply = runGit(['apply', '-'], opts.cwd, diffText);
-    if (apply.status !== 0) {
-        return {
-            ok: false,
-            reason: 'apply_failed',
-            detail: `git apply failed: ${apply.stderr}`,
-        };
-    }
-    return { ok: true, value: { filesChanged: countDiffFiles(diffText) } };
-}
-/**
- * Drop a worktree both from git's bookkeeping and from disk. Idempotent —
- * a missing path returns `worktree_missing` which the caller can ignore
- * on the cleanup-after-error path.
- *
- * Security (R1 fix, PR r1): we MUST validate the path is
- * a real subdirectory of `<cwd>/.pugi/worktrees/` BEFORE running either
- * `git worktree remove --force` or `rmSync`. Without this gate, a
- * typo like `pugi worktree drop ../some-dir` recursively deleted an
- * arbitrary directory: `git worktree remove` correctly failed (path not
- * registered), but the `rmSync(worktreePath, recursive: true)` below
- * still fired regardless.
- *
- * We resolve both `cwd` and `worktreePath` through `realpathSync` so a
- * caller passing a symlink that points outside `.pugi/worktrees/` is
- * still rejected. When the worktree path does not exist on disk at all
- * (idempotent re-drop of an already-removed worktree), we fall back to
- * the lexical containment check — the rejection only matters when there
- * is a real directory to delete.
- */
-export function dropWorktree(worktreePath, cwd) {
-    // SECURITY GATE — validate containment under `<cwd>/.pugi/worktrees/`
-    // BEFORE any destructive call. Two-tier check:
-    //  1. lexical containment using resolved (but not realpath'd) paths,
-    //     catches the operator-typo + missing-worktree cases.
-    //  2. realpath containment when the path exists, catches symlink
-    //     shenanigans.
-    const scratchRootLexical = resolve(cwd, '.pugi', 'worktrees');
-    const worktreeLexical = resolve(cwd, worktreePath);
-    const insideLexical = worktreeLexical.startsWith(scratchRootLexical + sep) &&
-        worktreeLexical !== scratchRootLexical;
-    if (!insideLexical) {
-        return {
-            ok: false,
-            reason: 'invalid_worktree_path',
-            detail: `worktree path ${worktreePath} is not under ${scratchRootLexical}`,
-        };
-    }
-    if (existsSync(worktreeLexical)) {
-        try {
-            const realScratchRoot = realpathSync(scratchRootLexical);
-            const realWorktree = realpathSync(worktreeLexical);
-            const insideReal = realWorktree.startsWith(realScratchRoot + sep) &&
-                realWorktree !== realScratchRoot;
-            if (!insideReal) {
-                return {
-                    ok: false,
-                    reason: 'invalid_worktree_path',
-                    detail: `worktree realpath ${realWorktree} escapes ${realScratchRoot}`,
-                };
-            }
-        }
-        catch (error) {
-            // realpath failed for a path that exists — surface as
-            // invalid_worktree_path so we never recurse into rmSync on an
-            // unreadable path.
-            return {
-                ok: false,
-                reason: 'invalid_worktree_path',
-                detail: `cannot realpath worktree path: ${error instanceof Error ? error.message : String(error)}`,
-            };
-        }
-    }
-    // `git worktree remove --force` cleans the metadata in `.git/worktrees`.
-    // If the worktree was created by another process and already pruned,
-    // git returns non-zero — we still try to `rmSync` the dir to leave the
-    // filesystem consistent. Path containment has already been validated
-    // above so the rmSync below is bounded to `.pugi/worktrees/`.
-    const remove = runGit(['worktree', 'remove', '--force', worktreeLexical], cwd);
-    const gitCleanFailed = remove.status !== 0;
-    if (existsSync(worktreeLexical)) {
-        try {
-            rmSync(worktreeLexical, { recursive: true, force: true });
-        }
-        catch (error) {
-            if (gitCleanFailed) {
-                return {
-                    ok: false,
-                    reason: 'git_command_failed',
-                    detail: `git worktree remove failed AND rmSync failed: ${error instanceof Error ? error.message : String(error)}`,
-                };
-            }
-        }
-    }
-    if (gitCleanFailed && !worktreeLexical.includes(`${sep}.pugi${sep}worktrees${sep}`)) {
-        // A worktree that wasn't created by us (path is outside our naming
-        // convention) is suspicious — surface the failure so the operator
-        // can diagnose.
-        return {
-            ok: false,
-            reason: 'git_command_failed',
-            detail: `git worktree remove failed: ${remove.stderr}`,
-        };
-    }
-    return { ok: true, value: undefined };
-}
-function countDiffFiles(diff) {
-    // Count `diff --git a/... b/...` headers. Cheap and unambiguous.
-    let count = 0;
-    for (const line of diff.split('\n')) {
-        if (line.startsWith('diff --git '))
-            count += 1;
-    }
-    return count;
-}
-function runGit(args, cwd, stdin) {
-    return spawnSync('git', args, {
-        cwd,
-        input: stdin,
-        encoding: 'utf8',
-        maxBuffer: 64 * 1024 * 1024,
-    });
-}
-/**
- * Test-only helper exporting the internal git runner so specs can stub
- * the spawn surface when running on a CI host without a global git.
- */
-export const __test__ = { runGit, countDiffFiles };
-/**
- * Re-export the abort marker so the worktree CLI surface can fold the
- * exception into a clean exit code without needing to import from the
- * tools layer.
- */
-export { OperatorAbortedError };
-//# sourceMappingURL=worktree.js.map

package/dist/core/engine/adapter-runner.js

@@ -1,8 +0,0 @@
-export async function collectEngineEvents(adapter, task, ctx) {
-    const events = [];
-    for await (const event of adapter.run(task, ctx)) {
-        events.push(event);
-    }
-    return events;
-}
-//# sourceMappingURL=adapter-runner.js.map