muonroi-cli 1.4.1 → 1.5.0

package/dist/src/storage/transcript.js

@@ -42,11 +42,11 @@ function isInternalCouncilMarker(content) {
 }
 function loadMessageRows(sessionId) {
     const rows = getDatabase()
-        .prepare(`
-    SELECT session_id, seq, role, message_json, created_at
-    FROM messages
-    WHERE session_id = ?
-    ORDER BY seq ASC
+        .prepare(`
+    SELECT session_id, seq, role, message_json, created_at
+    FROM messages
+    WHERE session_id = ?
+    ORDER BY seq ASC
   `)
         .all(sessionId);
     for (const row of rows) {
@@ -66,12 +66,12 @@ function toPersistedCompaction(row) {
 }
 export function loadLatestCompaction(sessionId) {
     const row = getDatabase()
-        .prepare(`
-    SELECT session_id, first_kept_seq, summary, tokens_before, created_at
-    FROM compactions
-    WHERE session_id = ?
-    ORDER BY id DESC
-    LIMIT 1
+        .prepare(`
+    SELECT session_id, first_kept_seq, summary, tokens_before, created_at
+    FROM compactions
+    WHERE session_id = ?
+    ORDER BY id DESC
+    LIMIT 1
   `)
         .get(sessionId);
     return toPersistedCompaction(row);
@@ -112,37 +112,37 @@ export function appendMessages(sessionId, messages) {
         // with `status='completed'` and the full message_json. Pre-A5 callers
         // hit this path identically: there is no pending row so the IGNORE
         // branch is unused and the INSERT wins.
-        const insertMessage = db.prepare(`
-      INSERT INTO messages (session_id, seq, role, message_json, created_at, status)
-      VALUES (?, ?, ?, ?, ?, 'completed')
-      ON CONFLICT(session_id, seq) DO UPDATE SET
-        role = excluded.role,
-        message_json = excluded.message_json,
-        status = 'completed'
+        const insertMessage = db.prepare(`
+      INSERT INTO messages (session_id, seq, role, message_json, created_at, status)
+      VALUES (?, ?, ?, ?, ?, 'completed')
+      ON CONFLICT(session_id, seq) DO UPDATE SET
+        role = excluded.role,
+        message_json = excluded.message_json,
+        status = 'completed'
     `);
-        const insertToolCall = db.prepare(`
-      INSERT OR IGNORE INTO tool_calls (
-        session_id, message_seq, tool_call_id, tool_name, args_json, status, started_at, completed_at
-      ) VALUES (?, ?, ?, ?, ?, ?, ?, ?)
+        const insertToolCall = db.prepare(`
+      INSERT OR IGNORE INTO tool_calls (
+        session_id, message_seq, tool_call_id, tool_name, args_json, status, started_at, completed_at
+      ) VALUES (?, ?, ?, ?, ?, ?, ?, ?)
     `);
-        const updateToolCall = db.prepare(`
-      UPDATE tool_calls
-      SET tool_name = ?, args_json = ?, status = ?, completed_at = ?
-      WHERE session_id = ? AND tool_call_id = ?
+        const updateToolCall = db.prepare(`
+      UPDATE tool_calls
+      SET tool_name = ?, args_json = ?, status = ?, completed_at = ?
+      WHERE session_id = ? AND tool_call_id = ?
     `);
-        const selectToolCall = db.prepare(`
-      SELECT id, tool_call_id, tool_name, args_json
-      FROM tool_calls
-      WHERE session_id = ? AND tool_call_id = ?
+        const selectToolCall = db.prepare(`
+      SELECT id, tool_call_id, tool_name, args_json
+      FROM tool_calls
+      WHERE session_id = ? AND tool_call_id = ?
     `);
-        const insertToolResult = db.prepare(`
-      INSERT INTO tool_results (tool_call_row_id, output_kind, output_json, success, created_at)
-      VALUES (?, ?, ?, ?, ?)
+        const insertToolResult = db.prepare(`
+      INSERT INTO tool_results (tool_call_row_id, output_kind, output_json, success, created_at)
+      VALUES (?, ?, ?, ?, ?)
     `);
-        const updateSession = db.prepare(`
-      UPDATE sessions
-      SET updated_at = ?
-      WHERE id = ?
+        const updateSession = db.prepare(`
+      UPDATE sessions
+      SET updated_at = ?
+      WHERE id = ?
     `);
         messages.forEach((message, index) => {
             const seq = nextSeq + index;
@@ -204,10 +204,10 @@ export function persistToolCallWriteAhead(sessionId, messageSeq, toolCallId, too
     const now = new Date().toISOString();
     try {
         getDatabase()
-            .prepare(`
-        INSERT OR IGNORE INTO tool_calls (
-          session_id, message_seq, tool_call_id, tool_name, args_json, status, started_at, completed_at
-        ) VALUES (?, ?, ?, ?, ?, 'pending', ?, NULL)
+            .prepare(`
+        INSERT OR IGNORE INTO tool_calls (
+          session_id, message_seq, tool_call_id, tool_name, args_json, status, started_at, completed_at
+        ) VALUES (?, ?, ?, ?, ?, 'pending', ?, NULL)
       `)
             .run(sessionId, messageSeq, toolCallId, toolName, argsJson, now);
     }
@@ -253,10 +253,10 @@ export function persistMessageWriteAhead(sessionId, seq, role, messageJson) {
     const now = new Date().toISOString();
     try {
         getDatabase()
-            .prepare(`
-        INSERT OR IGNORE INTO messages (
-          session_id, seq, role, message_json, created_at, status
-        ) VALUES (?, ?, ?, ?, ?, 'pending')
+            .prepare(`
+        INSERT OR IGNORE INTO messages (
+          session_id, seq, role, message_json, created_at, status
+        ) VALUES (?, ?, ?, ?, ?, 'pending')
       `)
             .run(sessionId, seq, role, messageJson, now);
     }
@@ -274,10 +274,10 @@ export function persistMessageWriteAhead(sessionId, seq, role, messageJson) {
 export function markMessageCompleted(sessionId, seq) {
     try {
         getDatabase()
-            .prepare(`
-        UPDATE messages
-        SET status = 'completed'
-        WHERE session_id = ? AND seq = ? AND status = 'pending'
+            .prepare(`
+        UPDATE messages
+        SET status = 'completed'
+        WHERE session_id = ? AND seq = ? AND status = 'pending'
       `)
             .run(sessionId, seq);
     }
@@ -296,10 +296,10 @@ export function markMessageCompleted(sessionId, seq) {
 export function markMessageErrored(sessionId, seq) {
     try {
         getDatabase()
-            .prepare(`
-        UPDATE messages
-        SET status = 'errored'
-        WHERE session_id = ? AND seq = ? AND status = 'pending'
+            .prepare(`
+        UPDATE messages
+        SET status = 'errored'
+        WHERE session_id = ? AND seq = ? AND status = 'pending'
       `)
             .run(sessionId, seq);
     }
@@ -331,17 +331,17 @@ export function sweepStalePendingRows(staleAfterMs = 5 * 60 * 1000) {
     try {
         const db = getDatabase();
         const toolCalls = db
-            .prepare(`
-        UPDATE tool_calls
-        SET status = 'aborted', completed_at = ?
-        WHERE status = 'pending' AND started_at < ?
+            .prepare(`
+        UPDATE tool_calls
+        SET status = 'aborted', completed_at = ?
+        WHERE status = 'pending' AND started_at < ?
       `)
             .run(now, cutoff);
         const messages = db
-            .prepare(`
-        UPDATE messages
-        SET status = 'aborted'
-        WHERE status = 'pending' AND created_at < ?
+            .prepare(`
+        UPDATE messages
+        SET status = 'aborted'
+        WHERE status = 'pending' AND created_at < ?
       `)
             .run(cutoff);
         return { toolCalls: toolCalls.changes, messages: messages.changes };
@@ -355,10 +355,10 @@ export function markToolCallErrored(sessionId, toolCallId, errorMessage) {
     const now = new Date().toISOString();
     try {
         getDatabase()
-            .prepare(`
-        UPDATE tool_calls
-        SET status = 'errored', completed_at = ?, args_json = COALESCE(args_json, ?)
-        WHERE session_id = ? AND tool_call_id = ?
+            .prepare(`
+        UPDATE tool_calls
+        SET status = 'errored', completed_at = ?, args_json = COALESCE(args_json, ?)
+        WHERE session_id = ? AND tool_call_id = ?
       `)
             .run(now, JSON.stringify({ error: errorMessage.slice(0, 500) }), sessionId, toolCallId);
     }
@@ -368,14 +368,14 @@ export function markToolCallErrored(sessionId, toolCallId, errorMessage) {
 }
 export function appendCompaction(sessionId, firstKeptSeq, summary, tokensBefore) {
     withTransaction((db) => {
-        db.prepare(`
-      INSERT INTO compactions (session_id, first_kept_seq, summary, tokens_before, created_at)
-      VALUES (?, ?, ?, ?, ?)
+        db.prepare(`
+      INSERT INTO compactions (session_id, first_kept_seq, summary, tokens_before, created_at)
+      VALUES (?, ?, ?, ?, ?)
     `).run(sessionId, firstKeptSeq, summary, tokensBefore, new Date().toISOString());
-        db.prepare(`
-      UPDATE sessions
-      SET updated_at = ?
-      WHERE id = ?
+        db.prepare(`
+      UPDATE sessions
+      SET updated_at = ?
+      WHERE id = ?
     `).run(new Date().toISOString(), sessionId);
     });
 }
@@ -393,9 +393,16 @@ export function buildChatEntries(sessionId) {
             continue;
         }
         if (message.role === "system") {
-            const content = getCompactionSummaryText(message) ?? (typeof message.content === "string" ? message.content.trim() : "");
+            const summaryText = getCompactionSummaryText(message);
+            const content = summaryText ?? (typeof message.content === "string" ? message.content.trim() : "");
             if (content && !isInternalCouncilMarker(content)) {
-                entries.push({ type: "assistant", content, timestamp });
+                // A compaction checkpoint is internal context-management, NOT the
+                // assistant's answer. Tag it with a source label so the UI renders it
+                // as a clearly-marked, collapsible checkpoint instead of dumping the
+                // raw "## Goal / ## Context For Suffix" scaffolding as a chat reply.
+                entries.push(summaryText !== null
+                    ? { type: "assistant", content, timestamp, sourceLabel: "⋯ context checkpoint (auto-compacted)" }
+                    : { type: "assistant", content, timestamp });
             }
             continue;
         }
@@ -460,10 +467,10 @@ export function buildChatEntries(sessionId) {
 }
 function getNextSequence(db, sessionId) {
     const row = db
-        .prepare(`
-    SELECT COALESCE(MAX(seq), 0) AS max_seq
-    FROM messages
-    WHERE session_id = ?
+        .prepare(`
+    SELECT COALESCE(MAX(seq), 0) AS max_seq
+    FROM messages
+    WHERE session_id = ?
   `)
         .get(sessionId);
     return (row?.max_seq ?? 0) + 1;
@@ -513,12 +520,12 @@ function renderAssistantContent(content, callMap) {
 }
 function loadStoredToolResults(sessionId) {
     const rows = getDatabase()
-        .prepare(`
-    SELECT tc.tool_call_id, tr.output_json
-    FROM tool_results tr
-    JOIN tool_calls tc ON tc.id = tr.tool_call_row_id
-    WHERE tc.session_id = ?
-    ORDER BY tr.id ASC
+        .prepare(`
+    SELECT tc.tool_call_id, tr.output_json
+    FROM tool_results tr
+    JOIN tool_calls tc ON tc.id = tr.tool_call_row_id
+    WHERE tc.session_id = ?
+    ORDER BY tr.id ASC
   `)
         .all(sessionId);
     return new Map(rows.map((row) => [row.tool_call_id, JSON.parse(row.output_json)]));

package/dist/src/storage/usage.js

@@ -12,31 +12,31 @@ export function recordUsageEvent(sessionId, source, model, usage, messageSeq, pi
     const cacheCreationTokens = usage.cacheCreationTokens ?? 0;
     const costMicros = estimateCostMicros(model, inputTokens, outputTokens, cacheReadTokens);
     getDatabase()
-        .prepare(`
-    INSERT INTO usage_events (
-      session_id, message_seq, source, model, input_tokens, output_tokens, total_tokens, cost_micros, created_at,
-      pil_active, enrichment_delta, cache_read_tokens, cache_creation_tokens, provider_options_shape
-    ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+        .prepare(`
+    INSERT INTO usage_events (
+      session_id, message_seq, source, model, input_tokens, output_tokens, total_tokens, cost_micros, created_at,
+      pil_active, enrichment_delta, cache_read_tokens, cache_creation_tokens, provider_options_shape
+    ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
   `)
         .run(sessionId, messageSeq ?? null, source, model, inputTokens, outputTokens, totalTokens, costMicros, new Date().toISOString(), pilActive ? 1 : 0, enrichmentDelta, cacheReadTokens, cacheCreationTokens, providerOptionsShape);
 }
 export function getSessionTotalTokens(sessionId) {
     const row = getDatabase()
-        .prepare(`
-    SELECT COALESCE(SUM(total_tokens), 0) AS total_tokens
-    FROM usage_events
-    WHERE session_id = ?
+        .prepare(`
+    SELECT COALESCE(SUM(total_tokens), 0) AS total_tokens
+    FROM usage_events
+    WHERE session_id = ?
   `)
         .get(sessionId);
     return row?.total_tokens ?? 0;
 }
 export function listSessionUsage(sessionId) {
     const rows = getDatabase()
-        .prepare(`
-    SELECT id, session_id, message_seq, source, model, input_tokens, output_tokens, total_tokens, cost_micros, created_at, cache_read_tokens, cache_creation_tokens
-    FROM usage_events
-    WHERE session_id = ?
-    ORDER BY id ASC
+        .prepare(`
+    SELECT id, session_id, message_seq, source, model, input_tokens, output_tokens, total_tokens, cost_micros, created_at, cache_read_tokens, cache_creation_tokens
+    FROM usage_events
+    WHERE session_id = ?
+    ORDER BY id ASC
   `)
         .all(sessionId);
     return rows.map((row) => ({

package/dist/src/storage/workspaces.js

@@ -8,14 +8,14 @@ export function ensureWorkspace(cwd) {
     const now = new Date().toISOString();
     const id = createHash("sha1").update(resolved.scopeKey).digest("hex").slice(0, 16);
     const db = getDatabase();
-    db.prepare(`
-    INSERT INTO workspaces (id, scope_key, canonical_path, git_root, display_name, last_seen_at)
-    VALUES (@id, @scope_key, @canonical_path, @git_root, @display_name, @last_seen_at)
-    ON CONFLICT(scope_key) DO UPDATE SET
-      canonical_path = excluded.canonical_path,
-      git_root = excluded.git_root,
-      display_name = excluded.display_name,
-      last_seen_at = excluded.last_seen_at
+    db.prepare(`
+    INSERT INTO workspaces (id, scope_key, canonical_path, git_root, display_name, last_seen_at)
+    VALUES (@id, @scope_key, @canonical_path, @git_root, @display_name, @last_seen_at)
+    ON CONFLICT(scope_key) DO UPDATE SET
+      canonical_path = excluded.canonical_path,
+      git_root = excluded.git_root,
+      display_name = excluded.display_name,
+      last_seen_at = excluded.last_seen_at
   `).run({
         id,
         scope_key: resolved.scopeKey,
@@ -25,10 +25,10 @@ export function ensureWorkspace(cwd) {
         last_seen_at: now,
     });
     const row = db
-        .prepare(`
-    SELECT id, scope_key, canonical_path, git_root, display_name, last_seen_at
-    FROM workspaces
-    WHERE scope_key = ?
+        .prepare(`
+    SELECT id, scope_key, canonical_path, git_root, display_name, last_seen_at
+    FROM workspaces
+    WHERE scope_key = ?
   `)
         .get(resolved.scopeKey);
     if (!row) {

package/dist/src/tools/__tests__/native-tools.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/src/tools/__tests__/native-tools.test.js

@@ -0,0 +1,53 @@
+import { describe, expect, it } from "vitest";
+import { NATIVE_MUONROI_TOOL_NAMES, registerNativeMuonroiTools } from "../native-tools.js";
+async function exec(tools, name, args) {
+    const tool = tools[name];
+    return (await tool.execute(args, {}));
+}
+describe("registerNativeMuonroiTools", () => {
+    it("registers every muonroi-tools capability as a native builtin", () => {
+        const tools = {};
+        registerNativeMuonroiTools(tools);
+        for (const name of NATIVE_MUONROI_TOOL_NAMES) {
+            expect(tools[name], `missing native tool ${name}`).toBeDefined();
+            expect(typeof tools[name].execute).toBe("function");
+        }
+        // ee_query stays the registry's own native tool — not duplicated here.
+        expect(tools.ee_query).toBeUndefined();
+    });
+    it("setup_guide returns the shared guide text (no MCP round-trip)", async () => {
+        const tools = {};
+        registerNativeMuonroiTools(tools);
+        const out = await exec(tools, "setup_guide", {});
+        expect(out).toContain("muonroi-cli Setup Guide");
+        expect(out).toContain("muonroi-cli doctor");
+    });
+    it("ee_feedback rejects a noise verdict with no reason (no network call)", async () => {
+        const tools = {};
+        registerNativeMuonroiTools(tools);
+        const out = await exec(tools, "ee_feedback", { id: "abc", collection: "experience-behavioral", verdict: "noise" });
+        expect(out).toMatch(/reason_required/);
+    });
+    it("ee_feedback validates required args", async () => {
+        const tools = {};
+        registerNativeMuonroiTools(tools);
+        expect(await exec(tools, "ee_feedback", { verdict: "followed" })).toMatch(/invalid_args/);
+    });
+    it("selfverify_status returns not_found for an unknown runId (shared JobManager)", async () => {
+        const tools = {};
+        registerNativeMuonroiTools(tools);
+        const out = await exec(tools, "selfverify_status", { runId: "does-not-exist" });
+        expect(out).toMatch(/not_found/);
+    });
+    it("selfverify_start rejects agentic mode without goal+llm", async () => {
+        const tools = {};
+        registerNativeMuonroiTools(tools);
+        expect(await exec(tools, "selfverify_start", { mode: "agentic" })).toMatch(/invalid_args/);
+    });
+    it("usage_forensics rejects an empty prefix without touching the DB", async () => {
+        const tools = {};
+        registerNativeMuonroiTools(tools);
+        expect(await exec(tools, "usage_forensics", { prefix: "  " })).toMatch(/invalid_args/);
+    });
+});
+//# sourceMappingURL=native-tools.test.js.map

package/dist/src/tools/git-safety.d.ts

@@ -0,0 +1,61 @@
+/**
+ * src/tools/git-safety.ts
+ *
+ * Pre-execution git safety for the bash tool. Distilled from a real session
+ * audit (18285908637a) where a cheap model:
+ *   1. pushed while 24 tests were failing (it batched `git add -A && commit &&
+ *      push` in the SAME tool batch as the test run, so push was never gated
+ *      on the result), and
+ *   2. swept the CLI's own `.muonroi-cli/settings.json` (which can hold
+ *      provider API keys) into a public repo via `git add -A`.
+ *
+ * Two guards, both cheap and side-effect-free:
+ *   - PUSH GATE: a session-scoped record of failed verification commands
+ *     (test/build/lint/typecheck). A `git push` is BLOCKED (not executed)
+ *     while any verification command has failed this session and not been
+ *     re-run green. Mirrors the repo's mandatory Pre-Push Test Gate.
+ *   - STAGING WARNING: a non-blocking warning when a broad `git add -A` /
+ *     `git add .` / `git commit -a` is run while sensitive paths (`.env`,
+ *     `.muonroi-cli/`, private keys, credentials) exist in the repo root.
+ *
+ * The push gate is deterministic for the sequential case (a failed check then
+ * a later push). The concurrent case (push batched in the same parallel tool
+ * call as the check) is covered by the system-prompt git-safety clause.
+ *
+ * Override the push gate with `MUONROI_ALLOW_PUSH_ON_RED=1`.
+ */
+interface GitSafetyEntry {
+    /** canonical verification command -> epoch ms it last failed. */
+    failedVerifies: Map<string, number>;
+}
+declare global {
+    var __muonroiGitSafetyState: Map<string, GitSafetyEntry> | undefined;
+}
+/** Test helper — clear all session git-safety state. */
+export declare function __resetGitSafetyState(): void;
+export interface GitCommandShape {
+    isPush: boolean;
+    /** `git add -A` / `git add .` / `git add --all` / `git commit -a[m]`. */
+    isBroadStage: boolean;
+}
+export declare function analyzeGitCommand(command: string): GitCommandShape;
+/**
+ * Record the outcome of a bash command for the push gate. Only verification
+ * commands (test/build/lint/typecheck) are tracked. A pass clears that exact
+ * command's failed flag; a failure sets it. Non-verification commands are
+ * ignored.
+ */
+export declare function recordCommandOutcome(sessionKey: string, canonical: string, success: boolean): void;
+export interface PushGateResult {
+    blocked: boolean;
+    /** Canonical commands that failed and gate the push. */
+    failed: string[];
+}
+export declare function checkPushGate(sessionKey: string): PushGateResult;
+/** Message returned in place of running a blocked `git push`. */
+export declare function pushBlockedMessage(failed: string[]): string;
+/** Sensitive paths present in `cwd` that a broad `git add` would likely sweep in. */
+export declare function detectSensitiveStaging(cwd: string): string[];
+/** Non-blocking warning appended to a broad-stage command's output, or "". */
+export declare function stagingWarning(cwd: string): string;
+export {};

package/dist/src/tools/git-safety.js

@@ -0,0 +1,141 @@
+/**
+ * src/tools/git-safety.ts
+ *
+ * Pre-execution git safety for the bash tool. Distilled from a real session
+ * audit (18285908637a) where a cheap model:
+ *   1. pushed while 24 tests were failing (it batched `git add -A && commit &&
+ *      push` in the SAME tool batch as the test run, so push was never gated
+ *      on the result), and
+ *   2. swept the CLI's own `.muonroi-cli/settings.json` (which can hold
+ *      provider API keys) into a public repo via `git add -A`.
+ *
+ * Two guards, both cheap and side-effect-free:
+ *   - PUSH GATE: a session-scoped record of failed verification commands
+ *     (test/build/lint/typecheck). A `git push` is BLOCKED (not executed)
+ *     while any verification command has failed this session and not been
+ *     re-run green. Mirrors the repo's mandatory Pre-Push Test Gate.
+ *   - STAGING WARNING: a non-blocking warning when a broad `git add -A` /
+ *     `git add .` / `git commit -a` is run while sensitive paths (`.env`,
+ *     `.muonroi-cli/`, private keys, credentials) exist in the repo root.
+ *
+ * The push gate is deterministic for the sequential case (a failed check then
+ * a later push). The concurrent case (push batched in the same parallel tool
+ * call as the check) is covered by the system-prompt git-safety clause.
+ *
+ * Override the push gate with `MUONROI_ALLOW_PUSH_ON_RED=1`.
+ */
+import * as fs from "node:fs";
+import * as path from "node:path";
+import { isVerificationCommand } from "../orchestrator/tool-args-hash.js";
+function getState() {
+    if (!globalThis.__muonroiGitSafetyState) {
+        globalThis.__muonroiGitSafetyState = new Map();
+    }
+    return globalThis.__muonroiGitSafetyState;
+}
+/** Test helper — clear all session git-safety state. */
+export function __resetGitSafetyState() {
+    globalThis.__muonroiGitSafetyState = new Map();
+}
+/**
+ * Blank out single/double-quoted substrings so a commit MESSAGE that merely
+ * mentions "git push" or "-a" never trips the classifiers. Cheap and good
+ * enough — we only need to avoid matching inside obvious quoted args.
+ */
+function stripQuoted(command) {
+    return command.replace(/"[^"]*"/g, '""').replace(/'[^']*'/g, "''");
+}
+// Each classifier scopes to ONE shell clause: `[^|&;\n]*` stops at pipes,
+// `&`/`;`, AND newlines (all bash clause separators), so a separate command on
+// another line (`git status\necho push`) cannot bleed into a false match. The
+// `[ \t]` before the subcommand (not `\s`) keeps the match on one line and
+// avoids `--grep=push` / `=push`. Quote-stripping upstream avoids commit-message
+// hits. Allowing `[^|&;\n]*` between `git` and the subcommand covers global
+// options like `git -c key=val push`.
+const PUSH_RE = /\bgit\b[^|&;\n]*[ \t]push\b/;
+const BROAD_ADD_RE = /\bgit\b[^|&;\n]*[ \t]add[ \t]+(?:-A\b|--all\b|\.(?=[ \t]|$))/;
+// `-a` / `-am` / `-ma` etc. — a short-flag cluster CONTAINING `a`, terminated by
+// whitespace or end (so `-a--otherflag` and `--amend` do NOT match).
+const COMMIT_ALL_RE = /\bgit\b[^|&;\n]*[ \t]commit\b[^|&;\n]*[ \t]-[a-z]*a[a-z]*(?=[ \t]|$)/;
+export function analyzeGitCommand(command) {
+    const c = stripQuoted(command);
+    return {
+        isPush: PUSH_RE.test(c),
+        isBroadStage: BROAD_ADD_RE.test(c) || COMMIT_ALL_RE.test(c),
+    };
+}
+/**
+ * Record the outcome of a bash command for the push gate. Only verification
+ * commands (test/build/lint/typecheck) are tracked. A pass clears that exact
+ * command's failed flag; a failure sets it. Non-verification commands are
+ * ignored.
+ */
+export function recordCommandOutcome(sessionKey, canonical, success) {
+    if (!canonical || !isVerificationCommand(canonical))
+        return;
+    const state = getState();
+    let entry = state.get(sessionKey);
+    if (!entry) {
+        entry = { failedVerifies: new Map() };
+        state.set(sessionKey, entry);
+    }
+    if (success) {
+        entry.failedVerifies.delete(canonical);
+    }
+    else {
+        entry.failedVerifies.set(canonical, Date.now());
+    }
+}
+export function checkPushGate(sessionKey) {
+    if (process.env.MUONROI_ALLOW_PUSH_ON_RED === "1")
+        return { blocked: false, failed: [] };
+    const entry = getState().get(sessionKey);
+    if (!entry || entry.failedVerifies.size === 0)
+        return { blocked: false, failed: [] };
+    return { blocked: true, failed: [...entry.failedVerifies.keys()] };
+}
+/** Message returned in place of running a blocked `git push`. */
+export function pushBlockedMessage(failed) {
+    const list = failed.map((c) => `  • ${c}`).join("\n");
+    return ("BLOCKED: refusing to run `git push` — a verification command failed earlier this session and has not passed since:\n" +
+        `${list}\n\n` +
+        "Re-run the failing check until it passes (0 failures), then push. This mirrors the mandatory Pre-Push Test Gate " +
+        "(never push on red). If you must override for a genuine reason, set MUONROI_ALLOW_PUSH_ON_RED=1.");
+}
+// Repo-root paths that should essentially never be committed. Presence-based
+// (fs.existsSync) so the check is O(1) and never spawns git.
+const SENSITIVE_NAMES = [
+    ".env",
+    ".env.local",
+    ".env.production",
+    ".env.development",
+    ".muonroi-cli",
+    "id_rsa",
+    "id_ed25519",
+    "credentials.json",
+    ".npmrc",
+];
+/** Sensitive paths present in `cwd` that a broad `git add` would likely sweep in. */
+export function detectSensitiveStaging(cwd) {
+    const found = [];
+    for (const name of SENSITIVE_NAMES) {
+        try {
+            if (fs.existsSync(path.join(cwd, name)))
+                found.push(name);
+        }
+        catch {
+            // ignore unreadable entries — best-effort detection only
+        }
+    }
+    return found;
+}
+/** Non-blocking warning appended to a broad-stage command's output, or "". */
+export function stagingWarning(cwd) {
+    const sensitive = detectSensitiveStaging(cwd);
+    if (sensitive.length === 0)
+        return "";
+    return ("\n\n[WARNING: a broad `git add`/`git commit -a` was run while these sensitive paths exist in the repo root: " +
+        `${sensitive.join(", ")}. Verify none were staged (git status), stage files EXPLICITLY (git add <path>), and ensure ` +
+        "secrets are gitignored before committing/pushing.]");
+}
+//# sourceMappingURL=git-safety.js.map

package/dist/src/tools/git-safety.test.d.ts

@@ -0,0 +1 @@
+export {};