@pugi/cli 0.1.0-beta.99 → 1.0.0-alpha.10

package/dist/core/compact/token-counter.js

@@ -1,108 +0,0 @@
-/**
- * Approximate token counter for the `/compact` auto-trigger gate.
- *
- * Pugi does not bundle tiktoken — adding a 3 MB native module for a
- * single heuristic check after every turn is the wrong trade. We instead
- * use the OpenAI rule-of-thumb that 1 token ≈ 4 characters of English
- * (≈ ¾ of a word). For mixed-language conversations the approximation
- * skews high by 10-20% which is the safe direction — the auto-compact
- * threshold trips slightly EARLY, never LATE. A late trigger would
- * exceed the model's actual context window and crash the next turn.
- *
- * Per-model context windows are exported from `MODEL_CONTEXT_WINDOW` so
- * the caller can resolve the budget from the active model slug without
- * round-tripping to the server. New models added in Anvil should grow
- * this table in lockstep; the fall-back is the conservative 32k window.
- *
- * Override hook: when `PUGI_TOKEN_COUNTER_OVERRIDE` is set the function
- * parses it as a JSON object `{"text": <n>}` (number of tokens to claim
- * per char). Used only by the integration spec — never by production.
- */
-/** Default chars-per-token ratio for the OpenAI rule-of-thumb. */
-const DEFAULT_CHARS_PER_TOKEN = 4;
-/**
- * Conservative fallback window when the model slug is unknown. 32k is
- * the smallest window any current Anvil-served model exposes; using it
- * as a fall-back guarantees we never overestimate budget and skip a
- * compaction that should have fired.
- */
-const FALLBACK_WINDOW = 32_000;
-/**
- * Known context windows for models Anvil exposes today. Keep in sync
- * with `apps/admin-api/src/pugi/model-registry.ts` — when a new model
- * lands there, add it here. The table is intentionally narrow: only
- * models we have actually validated.
- */
-export const MODEL_CONTEXT_WINDOW = Object.freeze({
-    'sonnet-4.6': 200_000,
-    'sonnet-4.5': 200_000,
-    'opus-4.7': 1_000_000,
-    'opus-4.6': 200_000,
-    'haiku-4.5': 200_000,
-    'deepseek-chat-v3.1': 128_000,
-    'gpt-5': 200_000,
-    'gemini-2.5-pro': 1_000_000,
-});
-/**
- * Estimate the token count of a single string. Returns a positive
- * integer for non-empty input and zero for empty input. The function is
- * pure — same input always yields the same output.
- *
- * The approximation is `ceil(byteLength / chars-per-token)`. We use
- * `Buffer.byteLength` so multi-byte UTF-8 sequences count proportionally
- * to their on-the-wire size, not their char count — this matches the
- * tokenizer's behaviour on CJK / cyrillic / emoji where one char often
- * eats 3-4 tokens.
- */
-export function estimateTokens(text) {
-    if (text.length === 0)
-        return 0;
-    const ratio = readCharsPerTokenOverride() ?? DEFAULT_CHARS_PER_TOKEN;
-    const bytes = Buffer.byteLength(text, 'utf8');
-    return Math.max(1, Math.ceil(bytes / ratio));
-}
-/**
- * Resolve the context window in tokens for the given model slug. Falls
- * back to the conservative 32k window when the slug is unknown.
- */
-export function contextWindowForModel(model) {
-    if (!model)
-        return FALLBACK_WINDOW;
-    const known = MODEL_CONTEXT_WINDOW[model];
-    return known ?? FALLBACK_WINDOW;
-}
-/**
- * Sum the token estimates of an arbitrary list of strings. Convenience
- * for the auto-trigger which has to count across N transcript turns.
- */
-export function estimateTokensInMany(parts) {
-    let total = 0;
-    for (const part of parts) {
-        total += estimateTokens(part);
-    }
-    return total;
-}
-/**
- * Read the test override env. Returns the parsed chars-per-token ratio
- * when set, or undefined when absent / malformed. Never throws.
- */
-function readCharsPerTokenOverride() {
-    const raw = process.env['PUGI_TOKEN_COUNTER_OVERRIDE'];
-    if (!raw)
-        return undefined;
-    try {
-        const parsed = JSON.parse(raw);
-        if (typeof parsed === 'object'
-            && parsed !== null
-            && typeof parsed.charsPerToken === 'number') {
-            const ratio = parsed.charsPerToken;
-            if (Number.isFinite(ratio) && ratio > 0)
-                return ratio;
-        }
-    }
-    catch {
-        /* malformed env, fall through */
-    }
-    return undefined;
-}
-//# sourceMappingURL=token-counter.js.map

package/dist/core/consensus/anvil-fanout.js

@@ -1,276 +0,0 @@
-/**
- * Anvil fan-out — `pugi review --consensus` .
- *
- * Posts the captured diff to Anvil's consensus endpoint and consumes the
- * SSE stream that interleaves per-reviewer events (`type:"verdict"`) and
- * the final consensus event (`type:"consensus"`).
- *
- * Endpoint contract (admin-api side, ships as follow-up):
- *
- *  POST {apiUrl}/api/pugi/review-consensus
- *  Authorization: Bearer {apiKey}
- *  Content-Type: application/json
- *  Body: { diff, context: { branch, commit, title } }
- *  Response: text/event-stream
- *    data: { reviewer: "codex"|"claude"|"deepseek", type:"started" }
- *    data: { reviewer, type:"verdict", severity:"P0|P1|P2|P3|CLEAN",
- *            rawContent:"<reviewer text>", latencyMs, error? }
- *    data: { type:"consensus", rubric_verdict, reasoning }
- *
- * The CLI side does NOT trust the server's `rubric_verdict` — we recompute
- * it locally from the per-reviewer verdicts so a malformed / forged server
- * cannot weaken the gate. The server-side verdict comes through as a
- * cross-check (logged when it disagrees with the client rubric).
- *
- * Graceful degradation:
- *
- *  - 404 from runtime → "endpoint_missing" (admin-api endpoint pending,
- *                         ships CLI-only). Caller falls back to the
- *                        legacy `pugi review --triple --remote` flow OR
- *                        prints a "backend not deployed" notice depending
- *                        on the operator's invocation.
- *  - 401/403 / 429    → matching status with an actionable message.
- *  - 5xx / timeout    → "failed" with the truncated body.
- *
- * Local-first contract : this module never touches the disk,
- * never logs the diff payload, and never retries on transient errors.
- */
-/**
- * Dispatch the consensus request and stream events back through `sink`
- * until the SSE stream closes OR a transport error occurs.
- *
- * Returns the collected reviewer events plus the server's final consensus
- * event (if it sent one). The caller computes the authoritative rubric
- * locally from the reviewer events.
- */
-export async function dispatchConsensus(config, request, sink) {
-    const url = `${config.apiUrl.replace(/\/+$/, '')}/api/pugi/review-consensus`;
-    const controller = new AbortController();
-    // Idle timeout: aborts the request when no SSE chunk has been
-    // received for `timeoutMs`. A one-shot setTimeout from request-start
-    // would kill long-running reviewers (codex ~30s, claude ~60s) even
-    // though the server is actively streaming events every few seconds.
-    // `resetIdleTimeout` is called from `parseSseStream` on each chunk.
-    let idleTimer = null;
-    const resetIdleTimeout = () => {
-        if (idleTimer)
-            clearTimeout(idleTimer);
-        idleTimer = setTimeout(() => controller.abort(), config.timeoutMs);
-    };
-    resetIdleTimeout();
-    try {
-        const res = await fetch(url, {
-            method: 'POST',
-            headers: {
-                'content-type': 'application/json',
-                accept: 'text/event-stream',
-                authorization: `Bearer ${config.apiKey}`,
-                'user-agent': 'pugi-cli-consensus/0.1.0',
-            },
-            body: JSON.stringify(request),
-            signal: controller.signal,
-        });
-        const code = res.status;
-        if (code === 404) {
-            return {
-                status: 'endpoint_missing',
-                code,
-                message: 'POST /api/pugi/review-consensus not deployed on this runtime .',
-            };
-        }
-        if (code === 401 || code === 403) {
-            return {
-                status: 'unauthenticated',
-                code,
-                message: `runtime rejected credentials (HTTP ${code})`,
-            };
-        }
-        if (code === 429) {
-            const header = res.headers.get('retry-after');
-            const retryAfterMs = header ? Number.parseInt(header, 10) * 1000 : 60_000;
-            return {
-                status: 'rate_limited',
-                code,
-                retryAfterMs: Number.isFinite(retryAfterMs) ? retryAfterMs : 60_000,
-                message: 'runtime rate limit reached for this tenant',
-            };
-        }
-        if (code !== 200) {
-            const text = await safeText(res);
-            return {
-                status: 'failed',
-                code,
-                message: `runtime returned HTTP ${code}${text ? `: ${text.slice(0, 200)}` : ''}`,
-            };
-        }
-        // 200 — consume the SSE stream. Surface a graceful failure if the
-        // body is missing (some intermediaries strip it on long-poll).
-        if (!res.body) {
-            return {
-                status: 'failed',
-                code,
-                message: 'runtime returned 200 but no SSE body',
-            };
-        }
-        const reviewerEvents = [];
-        let serverVerdict = null;
-        for await (const event of parseSseStream(res.body, resetIdleTimeout)) {
-            if (event.type === 'consensus') {
-                serverVerdict = event;
-                sink(event);
-            }
-            else {
-                reviewerEvents.push(event);
-                sink(event);
-            }
-        }
-        return { status: 'ok', serverVerdict, reviewerEvents };
-    }
-    catch (error) {
-        const message = error instanceof Error
-            ? error.name === 'AbortError'
-                ? `runtime call idle for more than ${config.timeoutMs}ms`
-                : error.message
-            : 'unknown error';
-        return { status: 'failed', code: 0, message };
-    }
-    finally {
-        if (idleTimer)
-            clearTimeout(idleTimer);
-    }
-}
-/**
- * Async-iterable SSE parser. Spec'd against the
- * [HTML SSE spec](https://html.spec.whatwg.org/multipage/server-sent-events.html):
- *
- *  - Events are delimited by a blank line.
- *  - Each line is `field:value` (whitespace after `:` stripped).
- *  - Multiple `data:` lines in one event concatenate with `\n`.
- *  - We only care about `data:` payloads carrying JSON; everything
- *    else (event:, id:, retry:) is ignored.
- *
- * The parser tolerates JSON-parse failures by dropping the malformed
- * event and continuing; a single bad event must not block the consensus
- * gate. Errors are surfaced to the sink as an `error` reviewer event
- * with `reviewer:"stream"`.
- */
-export async function* parseSseStream(body, onChunk) {
-    const decoder = new TextDecoder('utf-8');
-    let buffer = '';
-    // Bridge Node ReadableStream and web ReadableStream. The web type has
-    // `getReader()`; the Node type is an `AsyncIterable<Buffer>`. Detect
-    // by feature so the parser works regardless of which fetch impl wrote
-    // the body.
-    const chunks = toAsyncIterable(body);
-    for await (const chunk of chunks) {
-        // Signal liveness so the dispatcher can reset its idle timeout. Any
-        // bytes received counts: even a heartbeat comment line keeps the
-        // connection alive from our perspective.
-        if (onChunk)
-            onChunk();
-        buffer += decoder.decode(chunk, { stream: true });
-        // SSE event boundary is a blank line. The spec allows either LF
-        // (`\n\n`) OR CRLF (`\r\n\r\n`). nginx, CDNs, and some load
-        // balancers rewrite to CRLF, so we accept both and find whichever
-        // delimiter appears first in the buffer.
-        let boundary = findNextEventBoundary(buffer);
-        while (boundary !== null) {
-            const rawEvent = buffer.slice(0, boundary.start);
-            buffer = buffer.slice(boundary.end);
-            const parsed = parseSseEvent(rawEvent);
-            if (parsed)
-                yield parsed;
-            boundary = findNextEventBoundary(buffer);
-        }
-    }
-    // Flush trailing event if the server omitted the final blank line.
-    const tail = buffer.trim();
-    if (tail.length > 0) {
-        const parsed = parseSseEvent(tail);
-        if (parsed)
-            yield parsed;
-    }
-}
-/**
- * Find the next SSE event boundary in `buffer`. Returns the start
- * index of the delimiter and the index where the next event begins,
- * or `null` if no complete boundary has been buffered yet.
- *
- * Accepts both `\n\n` (Unix-style streams) and `\r\n\r\n` (CRLF, as
- * emitted by nginx, Cloudflare, and some Node intermediaries). Picks
- * whichever appears FIRST so a stream that mixes both styles parses
- * deterministically.
- */
-function findNextEventBoundary(buffer) {
-    const lfIdx = buffer.indexOf('\n\n');
-    const crlfIdx = buffer.indexOf('\r\n\r\n');
-    if (lfIdx === -1 && crlfIdx === -1)
-        return null;
-    if (crlfIdx === -1)
-        return { start: lfIdx, end: lfIdx + 2 };
-    if (lfIdx === -1)
-        return { start: crlfIdx, end: crlfIdx + 4 };
-    if (lfIdx < crlfIdx)
-        return { start: lfIdx, end: lfIdx + 2 };
-    return { start: crlfIdx, end: crlfIdx + 4 };
-}
-function parseSseEvent(raw) {
-    const dataLines = [];
-    for (const line of raw.split(/\r?\n/)) {
-        // The SSE spec strips one leading space after the colon if present.
-        // We do the same so payloads written `data: {...}` parse correctly.
-        if (!line.startsWith('data:'))
-            continue;
-        const value = line.slice('data:'.length);
-        dataLines.push(value.startsWith(' ') ? value.slice(1) : value);
-    }
-    if (dataLines.length === 0)
-        return null;
-    const payload = dataLines.join('\n').trim();
-    if (payload.length === 0)
-        return null;
-    try {
-        const parsed = JSON.parse(payload);
-        if (parsed && typeof parsed === 'object' && typeof parsed['type'] === 'string') {
-            // Trust shape coming from the server enough to forward it; the
-            // command handler treats unknown fields defensively.
-            return parsed;
-        }
-        return null;
-    }
-    catch {
-        return null;
-    }
-}
-function toAsyncIterable(body) {
-    // Web ReadableStream → iterate via reader.read() loop bridged to async-iter.
-    if (typeof body.getReader === 'function') {
-        return webStreamToAsyncIterable(body);
-    }
-    // Node Readable: already async-iterable.
-    return body;
-}
-async function* webStreamToAsyncIterable(stream) {
-    const reader = stream.getReader();
-    try {
-        while (true) {
-            const { done, value } = await reader.read();
-            if (done)
-                return;
-            if (value)
-                yield value;
-        }
-    }
-    finally {
-        reader.releaseLock();
-    }
-}
-async function safeText(res) {
-    try {
-        return await res.text();
-    }
-    catch {
-        return '';
-    }
-}
-//# sourceMappingURL=anvil-fanout.js.map