@vextlabs/theron-cli 0.1.0

package/dist/repl.js

@@ -0,0 +1,821 @@
+// REPL — the chat loop. Reads a user prompt, streams a council
+// response, executes any tool_calls locally, sends results back, loops
+// until the model emits end_turn (no more tool calls) or the user
+// stops the stream.
+import readline from "node:readline";
+import path from "node:path";
+import process from "node:process";
+import chalk from "chalk";
+import { spawnSync } from "node:child_process";
+import { streamChat, fetchInteractionPlan } from "./api.js";
+import { loadCapConfig, resolveCapPolicy } from "./cap_config.js";
+import { rankProfilesForPrompt } from "./profile_match.js";
+import { TOOL_REGISTRY, TOOL_SCHEMAS } from "./tools/index.js";
+import { renderMarkdown, ui } from "./render.js";
+import { getProfileOrDefault, listProfiles, DEFAULT_PROFILE_SLUG } from "./profiles/index.js";
+import { runVerifiers, summarizeIssues, formatForNextTurn } from "./verifiers/index.js";
+import { connectionsCommand } from "./connections.js";
+import { bannerTheron, welcomePill, renderNotes, renderStatus, renderSlashHelp, } from "./banner.js";
+import { Spinner, announceTool, announcePin, announceError, announceWarn, } from "./streaming.js";
+export async function runRepl(opts) {
+    const ctx = {
+        cwd: opts.cwd,
+        maxBytes: 64 * 1024,
+        yolo: opts.yolo,
+    };
+    const messages = [];
+    let pendingActions = [];
+    const rl = opts.oneShot
+        ? null
+        : readline.createInterface({ input: process.stdin, output: process.stdout, terminal: process.stdin.isTTY === true });
+    // Track whether stdin has ended (happens when piping input — stdin
+    // EOFs after the last line is consumed). Without this guard we hit
+    // ERR_USE_AFTER_CLOSE on the next question() call. Listening for
+    // 'close' lets the loop bail gracefully instead of throwing.
+    let rlClosed = false;
+    rl?.on("close", () => { rlClosed = true; });
+    // Mutable session state — slash commands rewrite these, REPL reads.
+    const session = {
+        cwd: opts.cwd,
+        yolo: opts.yolo,
+        pinnedSpecs: [],
+        profile: getProfileOrDefault(opts.profile ?? DEFAULT_PROFILE_SLUG),
+        /** Verifier issues to prepend to the NEXT user message — surfaces
+         *  after the model self-corrects. Cleared once consumed. */
+        pendingVerifierBlock: "",
+    };
+    const updateCtx = () => {
+        ctx.cwd = session.cwd;
+        ctx.yolo = session.yolo;
+    };
+    if (!opts.oneShot) {
+        // Branded welcome — block-letter THERON banner + pill + numbered
+        // security notes + quickstart status line. Same flow Claude Code
+        // uses on first launch, in our amber-on-paper palette.
+        const notes = [
+            {
+                title: "Theron is currently in research preview",
+                body: [
+                    "Built on Theron-Base + 30 LoRA specialists hosted by Vext Labs.",
+                    "Run /bug at any time to flag issues — feedback ships nightly.",
+                ],
+            },
+            {
+                title: "Theron can make mistakes",
+                body: [
+                    "Always review responses, especially when running code.",
+                    "Write / Edit / Bash ask for confirmation unless you start with --yes.",
+                ],
+            },
+            {
+                title: "Only use it with code you trust",
+                body: [
+                    "Tool outputs are passed back to the model as context — prompt",
+                    "injection is possible if you're reviewing untrusted source.",
+                ],
+            },
+        ];
+        process.stdout.write("\n");
+        process.stdout.write(welcomePill("Welcome to " + chalkBoldThronWord() + " research preview!") + "\n\n");
+        process.stdout.write(bannerTheron() + "\n\n");
+        process.stdout.write(renderNotes(notes) + "\n\n");
+        process.stdout.write(renderStatus({
+            cwd: session.cwd,
+            apiUrl: opts.apiUrl,
+            loggedIn: !!opts.apiKey,
+            yolo: session.yolo,
+            profileLabel: session.profile.label,
+        }) + "\n\n");
+        // Profile welcome — one-line mode-specific framing so the user
+        // feels the mode immediately. Different from sampleSuggestion()
+        // (which is the same on every launch).
+        process.stdout.write(ui.info(`◉ ${session.profile.welcome}\n`));
+        if (session.profile.promptStarters && session.profile.promptStarters.length > 0) {
+            process.stdout.write(ui.info(`  try: "${session.profile.promptStarters[0]}"\n`));
+        }
+        process.stdout.write("\n");
+        process.stdout.write(ui.info("type a message · /help for commands · /mode list to see all 33 · Ctrl-C to quit\n\n"));
+    }
+    const promptOnce = () => new Promise((resolve) => {
+        if (opts.oneShot && messages.length === 0) {
+            resolve(opts.oneShot);
+            return;
+        }
+        if (!rl || rlClosed) {
+            resolve(null);
+            return;
+        }
+        try {
+            rl.question(ui.prompt(), (answer) => resolve(answer));
+        }
+        catch (err) {
+            // ERR_USE_AFTER_CLOSE — stdin EOFed (typical when piping
+            // input). Bail the loop cleanly instead of throwing.
+            if (err?.code === "ERR_USE_AFTER_CLOSE") {
+                resolve(null);
+                return;
+            }
+            throw err;
+        }
+    });
+    while (true) {
+        const input = await promptOnce();
+        if (input == null)
+            break;
+        let trimmed = input.trim();
+        if (!trimmed)
+            continue;
+        if (trimmed === "/quit" || trimmed === "/exit")
+            break;
+        if (trimmed === "/help") {
+            process.stdout.write("\n" + renderSlashHelp() + "\n\n");
+            continue;
+        }
+        if (trimmed === "/status") {
+            process.stdout.write("\n" + renderStatus({
+                cwd: session.cwd,
+                apiUrl: opts.apiUrl,
+                loggedIn: !!opts.apiKey,
+                yolo: session.yolo,
+                model: undefined,
+                profileLabel: session.profile.label,
+            }) + "\n");
+            if (session.pinnedSpecs.length > 0) {
+                process.stdout.write(ui.info(`pinned: ${session.pinnedSpecs.map((s) => "@" + s).join(", ")}\n`));
+            }
+            process.stdout.write("\n");
+            continue;
+        }
+        if (trimmed === "/mode" || trimmed === "/mode list") {
+            // Render the full profile registry. Grouped two columns for
+            // readability — 33 entries is enough to want layout.
+            const profiles = listProfiles();
+            process.stdout.write("\n" + ui.info(`Theron profiles (${profiles.length} total) — use /mode <slug> to switch:`) + "\n");
+            for (const p of profiles) {
+                const active = p.slug === session.profile.slug ? "◉ " : "  ";
+                const label = (p.slug.padEnd(11));
+                process.stdout.write(`  ${active}${ui.toolLabel(label, "")}  ${ui.info(p.description)}\n`);
+            }
+            process.stdout.write("\n");
+            continue;
+        }
+        if (trimmed.startsWith("/mode ")) {
+            const slug = trimmed.slice(6).trim().toLowerCase();
+            const next = getProfileOrDefault(slug);
+            // getProfileOrDefault returns default when the slug doesn't
+            // exist — detect that case so we can show a friendlier error.
+            const exists = listProfiles().some((p) => p.slug === slug);
+            if (!exists) {
+                process.stdout.write(ui.error(`unknown profile: ${slug}. /mode list to see all.\n\n`));
+                continue;
+            }
+            session.profile = next;
+            process.stdout.write("\n" + ui.info(`◉ ${next.welcome}`) + "\n");
+            if (next.promptStarters?.[0]) {
+                process.stdout.write(ui.info(`  try: "${next.promptStarters[0]}"\n`));
+            }
+            // Surface the active verifier set so the user knows what
+            // safety net is now in play.
+            if (next.verifiers && next.verifiers.length > 0) {
+                process.stdout.write(ui.info(`  verifiers: ${next.verifiers.join(", ")}\n`));
+            }
+            process.stdout.write("\n");
+            continue;
+        }
+        if (trimmed === "/clear") {
+            messages.length = 0;
+            pendingActions = [];
+            process.stdout.write(ui.info("conversation cleared\n\n"));
+            continue;
+        }
+        if (trimmed === "/yolo") {
+            session.yolo = !session.yolo;
+            updateCtx();
+            process.stdout.write(session.yolo
+                ? ui.warn("yolo on — tool calls auto-approve. Be careful.\n\n")
+                : ui.info("yolo off — Write / Edit / Bash will ask for confirmation.\n\n"));
+            continue;
+        }
+        if (trimmed === "/cwd") {
+            process.stdout.write(ui.info(session.cwd + "\n\n"));
+            continue;
+        }
+        if (trimmed.startsWith("/cd ")) {
+            const target = trimmed.slice(4).trim().replace(/^~/, process.env.HOME ?? "~");
+            const next = path.resolve(session.cwd, target);
+            try {
+                const fs = await import("node:fs");
+                const st = fs.statSync(next);
+                if (!st.isDirectory())
+                    throw new Error("not a directory");
+                session.cwd = next;
+                updateCtx();
+                process.stdout.write(ui.info(`cwd → ${session.cwd}\n\n`));
+            }
+            catch (err) {
+                process.stdout.write(ui.error(`cd failed: ${err instanceof Error ? err.message : String(err)}\n\n`));
+            }
+            continue;
+        }
+        if (trimmed === "/cap" || trimmed === "/cap list") {
+            // Live-fetch the Stoa cap registry. The CLI doesn't ship a
+            // hardcoded list — caps come and go and we don't want a stale
+            // baked-in registry. Falls back to a friendly hint if the
+            // fetch fails (e.g. offline).
+            const { config: capConfig, sources: capSources } = loadCapConfig(session.cwd);
+            try {
+                const r = await fetch(`${opts.apiUrl.replace(/\/$/, "")}/v1/cap`, {
+                    method: "GET",
+                    headers: { accept: "application/json" },
+                });
+                if (r.ok) {
+                    const data = (await r.json());
+                    const caps = data.caps ?? [];
+                    process.stdout.write("\n" + ui.info(`Stoa capabilities (${caps.length} registered) — invoke via the Stoa tool:`) + "\n");
+                    for (const c of caps.slice(0, 40)) {
+                        const short = c.urn.replace(/^urn:stoa:cap:/, "");
+                        const policy = resolveCapPolicy(c.urn, capConfig);
+                        const policyLabel = policy === "auto" ? "auto" : policy === "deny" ? "deny" : "ask";
+                        process.stdout.write(`  ${ui.toolLabel(short, c.domain ?? "")}  ${ui.info(`(${policyLabel})`)}  ${ui.info(c.description ?? "")}\n`);
+                    }
+                    if (caps.length === 0) {
+                        process.stdout.write(ui.info("  (registry is empty — drop a spec at /stoa/spec to register one)\n"));
+                    }
+                    // Config sources — two-tier (global + project) per jcode pattern.
+                    process.stdout.write("\n" + ui.info(`policy default: ${capConfig.default_policy}`));
+                    if (capSources.length > 0) {
+                        process.stdout.write(ui.info(`  ·  config: ${capSources.join(" → ")}`));
+                    }
+                    else {
+                        process.stdout.write(ui.info(`  ·  no config (~/.theron/caps.json or ./.theron/caps.json)`));
+                    }
+                    process.stdout.write("\n\n");
+                }
+                else {
+                    process.stdout.write(ui.info(`(Stoa registry unavailable — HTTP ${r.status})\n\n`));
+                }
+            }
+            catch {
+                process.stdout.write(ui.info("(Stoa registry unavailable — offline?)\n\n"));
+            }
+            continue;
+        }
+        if (trimmed === "/tools") {
+            process.stdout.write("\n" + ui.info("Available tools (Theron can call these on your repo):") + "\n");
+            for (const name of Object.keys(TOOL_REGISTRY)) {
+                const tool = TOOL_REGISTRY[name];
+                const policy = tool.confirmPolicy === "never" ? "auto" : "ask";
+                process.stdout.write(`  ${ui.toolLabel(name, "")}  ${ui.info(`(${policy})`)}\n`);
+            }
+            process.stdout.write("\n");
+            continue;
+        }
+        // /suggest <prompt> — rank profiles by similarity to a prompt and
+        // show the top 3 candidates so the user can switch with /mode <slug>
+        // without scrolling /mode list. Embedding-keyed injector pattern
+        // borrowed from jcode (MIT).
+        if (trimmed.startsWith("/suggest")) {
+            const promptText = trimmed.slice("/suggest".length).trim();
+            if (promptText.length < 12) {
+                process.stdout.write(ui.error("usage: /suggest <a sentence describing what you want to do>\n\n"));
+                continue;
+            }
+            const matches = rankProfilesForPrompt(promptText, 3);
+            if (matches.length === 0) {
+                process.stdout.write(ui.info("no clear match — your current mode is probably right.\n\n"));
+                continue;
+            }
+            process.stdout.write("\n" + ui.info(`Top profile matches for: "${promptText.slice(0, 80)}"`) + "\n");
+            for (const m of matches) {
+                const slugPad = m.profile.slug.padEnd(11);
+                const scorePad = m.score.toFixed(3);
+                const active = m.profile.slug === session.profile.slug ? "◉ " : "  ";
+                process.stdout.write(`  ${active}${ui.toolLabel(slugPad, "")}  ${ui.info(`(${scorePad})  ${m.profile.description}`)}\n`);
+            }
+            process.stdout.write("\n" + ui.info(`switch with: /mode <slug>`) + "\n\n");
+            continue;
+        }
+        if (trimmed.startsWith("/pin ")) {
+            const slug = trimmed.slice(5).trim().replace(/^@/, "").toLowerCase();
+            if (!slug) {
+                process.stdout.write(ui.error("usage: /pin <specialist-slug>  (e.g. /pin legal)\n\n"));
+                continue;
+            }
+            if (!session.pinnedSpecs.includes(slug))
+                session.pinnedSpecs.push(slug);
+            process.stdout.write(ui.info(`pinned ${session.pinnedSpecs.map((s) => "@" + s).join(", ")} for the next turn\n\n`));
+            continue;
+        }
+        if (trimmed === "/unpin") {
+            session.pinnedSpecs = [];
+            process.stdout.write(ui.info("cleared pinned specialists\n\n"));
+            continue;
+        }
+        if (trimmed === "/login") {
+            // Two readline.Interface instances sharing stdin is undefined —
+            // we don't try to do auth mid-REPL. Quitting cleanly + telling
+            // the user the one-liner is the safer path. The conversation is
+            // lost, but new credentials only matter for fresh sessions.
+            process.stdout.write(ui.info("exit and run `theron login` to save credentials. `/quit` to leave now.\n\n"));
+            continue;
+        }
+        if (trimmed === "/logout") {
+            try {
+                const fs = await import("node:fs");
+                const credsPath = (process.env.HOME ?? "") + "/.theron/credentials";
+                if (fs.existsSync(credsPath))
+                    fs.unlinkSync(credsPath);
+                process.stdout.write(ui.info("credentials cleared. You're now anonymous.\n\n"));
+            }
+            catch (err) {
+                process.stdout.write(ui.error(`logout failed: ${err instanceof Error ? err.message : String(err)}\n\n`));
+            }
+            continue;
+        }
+        if (trimmed === "/connections" || trimmed === "/integrations") {
+            // Mirror of `theron connections` subcommand from inside the REPL.
+            // We invoke the same function the subcommand uses so the rendering
+            // stays in lockstep; connectionsCommand writes directly to stdout.
+            await connectionsCommand({ apiUrl: opts.apiUrl });
+            continue;
+        }
+        if (trimmed === "/model") {
+            process.stdout.write(ui.info("Server-side default model picks per-prompt via the council router. Override with THERON_API_URL + a custom backend if you want a fixed model.\n\n"));
+            continue;
+        }
+        // /readiness — print prod substrate health
+        if (trimmed === "/readiness" || trimmed === "/status --prod") {
+            try {
+                const r = await fetch(`${opts.apiUrl.replace(/\/$/, "")}/api/diag/readiness`, {
+                    headers: { accept: "application/json" },
+                });
+                const data = (await r.json());
+                process.stdout.write("\n" + ui.info(`Theron prod readiness: ${data.status.toUpperCase()}`) + "\n");
+                for (const c of data.checks) {
+                    const marker = c.status === "ready" ? "◉" : c.status === "degraded" ? "◑" : "○";
+                    process.stdout.write(`  ${marker} ${ui.toolLabel(c.system.padEnd(14), "")} ${ui.info(c.detail)}\n`);
+                }
+                process.stdout.write("\n" + ui.info(`self-innovation loop ready: ${data.self_innovation_loop_ready ? "YES (paradigm 3)" : "NO — fix the down systems above first"}`) + "\n\n");
+            }
+            catch (err) {
+                process.stdout.write(ui.error(`/readiness failed: ${err instanceof Error ? err.message : String(err)}\n\n`));
+            }
+            continue;
+        }
+        // /innovate — fire one tick of the Theron-Meta driver loop on
+        // demand. The loop normally heartbeats from a Vercel Cron, but
+        // this lets the user force a tick from the CLI and see the loop's
+        // current observation. Force=true biases it toward action.
+        if (trimmed === "/innovate" || trimmed.startsWith("/innovate ")) {
+            // SECURITY: gate on THERON_ADMIN_TOKEN only — do NOT fall back to
+            // THERON_INTERNAL_TOKEN. The internal token has broader scope and
+            // commit 435845f5 ("fix(v10): gate driver loop with dedicated
+            // THERON_ADMIN_TOKEN, not INTERNAL_TOKEN") was the server-side fix
+            // for that cross-scope elevation; the CLI must not re-open it.
+            const adminToken = process.env.THERON_ADMIN_TOKEN || "";
+            if (!adminToken) {
+                process.stdout.write(ui.error("/innovate requires THERON_ADMIN_TOKEN env var (the driver loop is admin-gated separately from THERON_API_KEY and THERON_INTERNAL_TOKEN — see commit 435845f5).\n\n"));
+                continue;
+            }
+            try {
+                const r = await fetch(`${opts.apiUrl.replace(/\/$/, "")}/api/driver/tick`, {
+                    method: "POST",
+                    headers: {
+                        "content-type": "application/json",
+                        "x-internal-token": adminToken,
+                    },
+                    body: JSON.stringify({ force: true }),
+                });
+                if (!r.ok) {
+                    process.stdout.write(ui.error(`/innovate failed: HTTP ${r.status}\n\n`));
+                    continue;
+                }
+                const data = (await r.json());
+                const o = data.observation;
+                process.stdout.write("\n" + ui.info(`Theron-Meta tick → ${o.action.toUpperCase()}`) + "\n");
+                process.stdout.write(`  ${ui.info(o.action_detail)}\n`);
+                process.stdout.write(`  ${ui.info(`signals: ${JSON.stringify(o.signals)}`)}\n`);
+                if (o.fired_job_id) {
+                    process.stdout.write(`  ${ui.info(`fired self-deliverable → job ${o.fired_job_id}`)}\n`);
+                }
+                if (o.fired_directive) {
+                    process.stdout.write(`  ${ui.info(`recorded directive → ${o.fired_directive}`)}\n`);
+                }
+                process.stdout.write("\n");
+            }
+            catch (err) {
+                process.stdout.write(ui.error(`/innovate failed: ${err instanceof Error ? err.message : String(err)}\n\n`));
+            }
+            continue;
+        }
+        // /design <prompt>, /deck <prompt>, /draft <prompt>, /research <prompt>
+        // Hand off a deliverable brief to AE OS — opens the browser with a
+        // deep-link URL that pre-fills the composer and auto-routes to the
+        // Council's design / deck / draft / research pipeline.
+        {
+            const handoffMatch = /^\/(design|deck|draft|research|proposal)(?:\s+([\s\S]+))?$/.exec(trimmed);
+            if (handoffMatch) {
+                const intent = handoffMatch[1];
+                const promptText = (handoffMatch[2] || "").trim();
+                if (!promptText) {
+                    process.stdout.write(ui.error(`usage: /${intent} <prompt>  (e.g. /${intent} a board deck for our $3M seed round)\n\n`));
+                    continue;
+                }
+                const base = process.env.THERON_AE_OS_URL || "https://os.tryvext.com";
+                const url = new URL(base);
+                url.searchParams.set("intent", intent);
+                url.searchParams.set("prompt", promptText);
+                const finalUrl = url.toString();
+                const opener = process.platform === "darwin" ? "open" :
+                    process.platform === "win32" ? "start" :
+                        "xdg-open";
+                let opened = false;
+                try {
+                    const r = spawnSync(opener, [finalUrl], { stdio: "ignore" });
+                    opened = r.status === 0;
+                }
+                catch { /* opener missing — handled below */ }
+                process.stdout.write(opened
+                    ? ui.info(`opened in browser → ${finalUrl}\n\n`)
+                    : ui.info(`open in browser: ${finalUrl}\n\n`));
+                continue;
+            }
+        }
+        if (trimmed === "/bug") {
+            // Try to open the issue tracker in the user's browser. We fall
+            // back to printing the URL when the platform opener is missing
+            // (e.g. headless CI) — either way the user sees the link.
+            const issueUrl = "https://github.com/Vext-Labs-Inc/sucrityflash/issues/new?labels=cli&title=Theron+CLI+bug";
+            const opener = process.platform === "darwin" ? "open" :
+                process.platform === "win32" ? "start" :
+                    "xdg-open";
+            let opened = false;
+            try {
+                const r = spawnSync(opener, [issueUrl], { stdio: "ignore" });
+                opened = r.status === 0;
+            }
+            catch { /* opener missing — handled below */ }
+            if (opened) {
+                process.stdout.write(ui.info(`opened ${issueUrl}\n`));
+            }
+            else {
+                process.stdout.write(ui.info(`open: ${issueUrl}\n`));
+            }
+            process.stdout.write(ui.info("include `theron --version` output + the prompt that broke.\n\n"));
+            continue;
+        }
+        // Unknown slash → friendly nudge.
+        if (trimmed.startsWith("/")) {
+            process.stdout.write(ui.error(`unknown command: ${trimmed.split(/\s/)[0]}. type /help for the list.\n\n`));
+            continue;
+        }
+        // If the user typed a bare 1-4 and we just rendered action chips,
+        // expand it into the action's prompt — terminal analogue of
+        // clicking an amber chip on web.
+        const pickMatch = /^[1-4]$/.exec(trimmed);
+        if (pickMatch && pendingActions.length > 0) {
+            const idx = Number(pickMatch[0]) - 1;
+            const action = pendingActions[idx];
+            if (action) {
+                const expanded = expandActionToPrompt(action);
+                if (expanded) {
+                    process.stdout.write(ui.info(`▸ ${action.label}\n`));
+                    trimmed = expanded;
+                }
+            }
+        }
+        pendingActions = [];
+        // Inline-pin pinned specialists into the prompt so the backend's
+        // forced-spec extractor (interaction.ts) picks them up. Cleared
+        // after one turn — same shape the web composer uses.
+        let toSend = trimmed;
+        let activePins = [];
+        if (session.pinnedSpecs.length > 0) {
+            activePins = [...session.pinnedSpecs];
+            // Avoid duplicate pinning if user already typed @spec inline.
+            const already = new Set(Array.from(toSend.matchAll(/@([a-z]+)\b/g)).map((m) => m[1].toLowerCase()));
+            const need = session.pinnedSpecs.filter((s) => !already.has(s));
+            if (need.length > 0) {
+                toSend = need.map((s) => "@" + s).join(" ") + " " + toSend;
+            }
+            // Pins are per-turn — clear after attaching.
+            session.pinnedSpecs = [];
+        }
+        // If the previous turn's verifiers found blocking issues, prepend
+        // their summary to this user message so the model can self-correct
+        // without the user typing "fix it." Empty string when there's
+        // nothing pending.
+        if (session.pendingVerifierBlock) {
+            toSend = session.pendingVerifierBlock + "\n\n" + toSend;
+            session.pendingVerifierBlock = "";
+        }
+        // If the active profile has a hiveSpecs list and the user hasn't
+        // explicitly pinned anything, attach the profile's default council
+        // members to the prompt so the @-mention router picks them up.
+        if (activePins.length === 0 && session.profile.hiveSpecs && session.profile.hiveSpecs.length > 0) {
+            activePins = [...session.profile.hiveSpecs];
+            const already = new Set(Array.from(toSend.matchAll(/@([a-z]+)\b/g)).map((m) => m[1].toLowerCase()));
+            const need = activePins.filter((s) => !already.has(s));
+            if (need.length > 0) {
+                toSend = need.map((s) => "@" + s).join(" ") + " " + toSend;
+            }
+        }
+        messages.push({ role: "user", content: toSend });
+        // Fire the interaction-plan classifier in parallel with the first
+        // model turn. The plan is shared across web/CLI/IDE — if it wins
+        // the race we print the amber headline above the streaming text
+        // (same affordance as the web bubble). Failures return null so
+        // the chat never blocks on it.
+        const planPromise = fetchInteractionPlan({
+            apiUrl: opts.apiUrl,
+            prompt: trimmed,
+            history: messages.slice(0, -1).slice(-6).map((m) => ({
+                role: m.role === "tool" ? "system" : m.role,
+                content: m.content,
+            })),
+        });
+        let planPrinted = false;
+        void planPromise.then((p) => {
+            if (p && !planPrinted) {
+                planPrinted = true;
+                process.stdout.write("\n" + ui.planHeadline(p.headline) + "\n");
+            }
+        });
+        // Inner loop: run turn, execute tool calls, repeat until end_turn.
+        // We also accumulate the files the model touched (Write/Edit args)
+        // so the verifier pass can scope itself to just this turn's edits.
+        let turnGuard = 0;
+        const touchedFiles = new Set();
+        let lastAssistantText = "";
+        while (turnGuard < 20) {
+            turnGuard += 1;
+            const res = await runOneTurn({
+                apiUrl: opts.apiUrl,
+                apiKey: opts.apiKey,
+                messages,
+                ctx,
+                rl,
+                // Show pin header only on the FIRST inner-loop iteration of a
+                // turn (turnGuard === 1) — subsequent tool-loop turns share the
+                // same pin context, no need to re-announce.
+                pinnedSpecs: turnGuard === 1 ? activePins : undefined,
+                profile: session.profile.slug,
+                touchedFilesSink: touchedFiles,
+            });
+            if (res.kind === "error") {
+                process.stdout.write(ui.error(res.message) + "\n\n");
+                break;
+            }
+            if (res.kind === "end_turn") {
+                lastAssistantText = res.assistantText ?? "";
+                break;
+            }
+            // tool_use — keep looping
+        }
+        // ── Verifier pass ─────────────────────────────────────────────
+        // After the turn settles, run the active profile's verifier kernels
+        // against the assistant output + the files it touched. Blocking
+        // issues get fed back into the NEXT user message so the model can
+        // self-correct. Warnings + info surface inline as a chip.
+        if (session.profile.verifiers && session.profile.verifiers.length > 0) {
+            const issues = await runVerifiers(session.profile.verifiers, {
+                cwd: session.cwd,
+                assistantText: lastAssistantText,
+                touchedFiles: Array.from(touchedFiles),
+                profile: session.profile.slug,
+            });
+            const sum = summarizeIssues(issues);
+            if (issues.length === 0) {
+                process.stdout.write(ui.info(`✓ verifiers (${session.profile.verifiers.join(", ")}) green\n\n`));
+            }
+            else {
+                const head = sum.ok
+                    ? ui.info(`verifiers · ${sum.summary}\n`)
+                    : ui.error(`verifiers · ${sum.summary}\n`);
+                process.stdout.write("\n" + head);
+                for (const line of sum.details)
+                    process.stdout.write(ui.info(line) + "\n");
+                process.stdout.write("\n");
+                // Stage blocking issues for the next turn — model self-corrects
+                // on the user's next prompt.
+                session.pendingVerifierBlock = formatForNextTurn(issues);
+            }
+        }
+        // After the turn settles, surface suggested actions if the plan
+        // came back. They render as numbered chips; on the next prompt
+        // the user can type "1" / "2" / "3" to fire one.
+        const plan = await planPromise.catch(() => null);
+        if (plan && plan.suggested_actions.length > 0) {
+            renderSuggestedActions(plan);
+            pendingActions = plan.suggested_actions.slice(0, 4);
+        }
+        if (opts.oneShot)
+            break;
+    }
+    rl?.close();
+    // Final newline so the user's shell prompt lands on a clean line
+    // instead of the readline `> ` getting % -terminated by zsh.
+    process.stdout.write("\n");
+    return 0;
+}
+async function runOneTurn(args) {
+    let assistantText = "";
+    const toolCalls = [];
+    let stopReason = null;
+    let firstDelta = true;
+    // Show the pin header BEFORE thinking spinner so the user knows
+    // immediately that their /pin took effect.
+    if (args.pinnedSpecs && args.pinnedSpecs.length > 0) {
+        process.stdout.write(announcePin(args.pinnedSpecs) + "\n");
+    }
+    // "thinking…" spinner — fires immediately, clears the moment the
+    // first text delta lands. Removes the awkward silent gap between
+    // prompt submission and first token.
+    const spinner = new Spinner("thinking…");
+    spinner.start();
+    await streamChat({
+        apiUrl: args.apiUrl,
+        apiKey: args.apiKey,
+        messages: args.messages,
+        tools: TOOL_SCHEMAS,
+        profile: args.profile,
+    }, {
+        onTextDelta: (d) => {
+            if (firstDelta) {
+                spinner.stop();
+                process.stdout.write("\n");
+                firstDelta = false;
+            }
+            assistantText += d;
+            process.stdout.write(d);
+        },
+        onToolCall: (call) => {
+            toolCalls.push(call);
+            // Update the spinner label so the user sees what's queued.
+            if (firstDelta)
+                spinner.setLabel(`${call.name}…`);
+        },
+        onTurnEnd: (reason) => { stopReason = reason; },
+        onError: (msg) => {
+            stopReason = "error";
+            spinner.stop();
+            process.stdout.write("\n" + announceError(msg) + "\n");
+        },
+    });
+    // Always stop the spinner in case neither delta nor error fired
+    // (e.g. immediate turn_end with no content — empty model response).
+    spinner.stop();
+    if (assistantText)
+        process.stdout.write("\n\n");
+    args.messages.push({ role: "assistant", content: assistantText, tool_calls: toolCalls });
+    if (stopReason === "error")
+        return { kind: "error", message: "stream error" };
+    if (toolCalls.length === 0)
+        return { kind: "end_turn", assistantText };
+    // Execute each tool in order, push results.
+    for (const call of toolCalls) {
+        const tool = TOOL_REGISTRY[call.name];
+        if (!tool) {
+            args.messages.push({
+                role: "tool",
+                tool_call_id: call.id,
+                content: `[error] Unknown tool: ${call.name}`,
+            });
+            continue;
+        }
+        // Record Write/Edit paths so the post-turn verifier pass can
+        // scope itself to just the files this turn touched.
+        if (args.touchedFilesSink && (call.name === "Write" || call.name === "Edit")) {
+            const path = call.args?.file_path
+                ?? call.args?.path;
+            if (typeof path === "string" && path.length > 0) {
+                args.touchedFilesSink.add(path);
+            }
+        }
+        // Tool announcement — bullet style matches a list of actions
+        // rather than CLI chrome. Single line, brand-amber name + dim
+        // detail.
+        process.stdout.write(announceTool(call.name, tool.describe(call.args)) + "\n");
+        if (!args.ctx.yolo && tool.confirmPolicy !== "never") {
+            const ok = await confirm(`  Allow ${call.name}?`, args.rl);
+            if (!ok) {
+                args.messages.push({
+                    role: "tool",
+                    tool_call_id: call.id,
+                    content: `[user denied] User declined to run ${call.name}.`,
+                });
+                process.stdout.write(announceWarn("denied") + "\n\n");
+                continue;
+            }
+        }
+        // Spinner during tool execution — Bash/Read on a large file can
+        // take seconds. Without this the user stares at silence.
+        const toolSpin = new Spinner(`running ${call.name}…`);
+        toolSpin.start();
+        let result;
+        try {
+            result = await tool.execute(call.args, args.ctx);
+            toolSpin.stop();
+        }
+        catch (err) {
+            toolSpin.stop();
+            // Hardened: malformed args / tool throws / fs errors all turn
+            // into a structured tool-result string the model can RECOVER
+            // from instead of crashing the REPL. The error gets fed back in
+            // the conversation so the model can fix its call and try again.
+            const errMsg = err instanceof Error ? err.message : String(err);
+            result = `[error] ${call.name} failed: ${errMsg}\n\nThe tool call was rejected. Common causes: missing required args, invalid path, file too large, command refused. You can retry with corrected args.`;
+            process.stdout.write(announceError(`${call.name} failed: ${errMsg}`) + "\n");
+        }
+        // Show more of each tool's output in the local CLI preview. The
+        // model always sees the full output server-side; the truncation
+        // only affects what the user sees in their terminal.
+        process.stdout.write(ui.info(truncatePreview(result, 4000)) + "\n\n");
+        args.messages.push({ role: "tool", tool_call_id: call.id, content: result });
+    }
+    return { kind: "tool_use" };
+}
+async function confirm(question, rl) {
+    // CRITICAL: reuse the OUTER REPL's readline.Interface. Creating a
+    // new Interface + closing it would close stdin under the outer rl
+    // on some terminals (zsh observed) — the REPL would die after the
+    // first tool call. Pass through the existing rl, share the same
+    // input stream.
+    if (rl) {
+        return await new Promise((resolve) => {
+            try {
+                rl.question(`${question} ${ui.info("(y/N) ")}`, (a) => {
+                    const yes = a.trim().toLowerCase();
+                    resolve(yes === "y" || yes === "yes");
+                });
+            }
+            catch (err) {
+                // rl was closed (stdin EOF) — deny by default rather than
+                // throw, so the caller can record [user denied] and exit.
+                if (err?.code === "ERR_USE_AFTER_CLOSE") {
+                    resolve(false);
+                    return;
+                }
+                throw err;
+            }
+        });
+    }
+    // Fallback for one-shot mode where rl is null — read stdin once.
+    return await new Promise((resolve) => {
+        process.stdout.write(`${question} ${ui.info("(y/N) ")}`);
+        let buf = "";
+        const onData = (chunk) => {
+            buf += chunk.toString("utf8");
+            const nl = buf.indexOf("\n");
+            if (nl >= 0) {
+                process.stdin.off("data", onData);
+                const yes = buf.slice(0, nl).trim().toLowerCase();
+                resolve(yes === "y" || yes === "yes");
+            }
+        };
+        process.stdin.on("data", onData);
+    });
+}
+function truncatePreview(s, max) {
+    if (s.length <= max)
+        return s;
+    return s.slice(0, max) + `\n[+${s.length - max} bytes truncated in CLI preview; the model received the full output]`;
+}
+function renderSuggestedActions(plan) {
+    const chips = plan.suggested_actions.slice(0, 4);
+    if (chips.length === 0)
+        return;
+    process.stdout.write("\n");
+    chips.forEach((a, i) => {
+        process.stdout.write(ui.actionChip(i + 1, a.label) + "\n");
+    });
+    process.stdout.write(ui.info(`type 1-${chips.length} on the next prompt to run, or just keep chatting\n\n`));
+}
+/** Resolve an action chip into the prompt text we'll send as the next
+ *  user message. Most actions just have an explicit `prompt` field;
+ *  the `mention_specialist` shape gets expanded into "@<spec> ..." so
+ *  the council's @-mention router fires the right specialist swarm. */
+function expandActionToPrompt(a) {
+    if (a.prompt && typeof a.prompt === "string")
+        return a.prompt;
+    if (a.action === "mention_specialist" && a.specialist) {
+        return `@${a.specialist} ${a.label.replace(/^run by\s+/i, "").trim() || "weigh in on the previous message"}`;
+    }
+    if (a.action === "make_deliverable") {
+        const kindHint = a.kind ? ` as a ${a.kind}` : "";
+        return `Make this${kindHint}: ${a.label}`;
+    }
+    if (a.action === "open_workspace")
+        return null;
+    return a.label;
+}
+/** Small helper used in the welcome pill to bold the word "Theron"
+ *  inline. */
+function chalkBoldThronWord() {
+    return chalk.bold.hex("#FFAE00")("Theron");
+}
+// Expose renderMarkdown so `theron --markdown` mode can pretty-print
+// after the stream finishes if someone wants that flow. Currently the
+// REPL streams raw deltas to keep latency snappy.
+export { renderMarkdown };
+//# sourceMappingURL=repl.js.map