pi-lens 3.8.21 → 3.8.23

package/clients/lsp/server.ts

@@ -86,6 +86,38 @@ function nodeBinCandidates(root: string, baseName: string): string[] {
 	return [localBase, baseName];
 }
 
+function rubyBinCandidates(baseName: string): string[] {
+	const candidates: string[] = [];
+	const userProfile = process.env.USERPROFILE;
+	if (userProfile) {
+		candidates.push(
+			path.join(
+				userProfile,
+				".local",
+				"share",
+				"mise",
+				"installs",
+				"ruby",
+				"bin",
+				`${baseName}.bat`,
+			),
+		);
+		candidates.push(
+			path.join(
+				userProfile,
+				".asdf",
+				"installs",
+				"ruby",
+				"bin",
+				`${baseName}.bat`,
+			),
+		);
+	}
+	candidates.push(path.join("C:\\Ruby34-x64", "bin", `${baseName}.bat`));
+	candidates.push(path.join("C:\\Ruby33-x64", "bin", `${baseName}.bat`));
+	return candidates;
+}
+
 async function launchWithDirectOrPackageManager(
 	directCommands: string[],
 	packageName: string,
@@ -424,6 +456,55 @@ export const TypeScriptServer: LSPServerInfo = {
 	},
 };
 
+export const DenoServer: LSPServerInfo = {
+	id: "deno",
+	name: "Deno Language Server",
+	installPolicy: "none",
+	extensions: [".ts", ".tsx", ".js", ".jsx", ".mjs", ".cjs", ".mts", ".cts"],
+	root: createRootDetector(["deno.json", "deno.jsonc"]),
+	async spawn(root) {
+		try {
+			const proc = await launchLSP("deno", ["lsp"], { cwd: root });
+			return { process: proc, source: "direct" };
+		} catch {
+			return undefined;
+		}
+	},
+};
+
+export const BiomeLspServer: LSPServerInfo = {
+	id: "biome-lsp",
+	name: "Biome LSP Proxy",
+	installPolicy: "package-manager",
+	extensions: [
+		".ts",
+		".tsx",
+		".js",
+		".jsx",
+		".mjs",
+		".cjs",
+		".mts",
+		".cts",
+		".json",
+		".jsonc",
+		".css",
+		".scss",
+		".sass",
+		".less",
+	],
+	root: PriorityRoot([["biome.json", "biome.jsonc", "package.json"], [".git"]]),
+	async spawn(root, options) {
+		const launched = await launchWithDirectOrPackageManager(
+			nodeBinCandidates(root, "biome"),
+			"@biomejs/biome",
+			["lsp-proxy"],
+			{ cwd: root, allowInstall: options?.allowInstall },
+		);
+		if (!launched) return undefined;
+		return { process: launched.process, source: launched.source };
+	},
+};
+
 export const PythonServer: LSPServerInfo = {
 	id: "python",
 	name: "Pyright Language Server",
@@ -507,7 +588,7 @@ export const PythonServer: LSPServerInfo = {
 		}
 
 		// Spawn the LSP server
-		let proc;
+		let proc: LSPProcess;
 		if (langserverPath) {
 			// Use resolved langserver path
 			proc = await launchLSP(langserverPath, ["--stdio"], {
@@ -567,6 +648,30 @@ export const PythonServer: LSPServerInfo = {
 	},
 };
 
+export const PythonPylspServer: LSPServerInfo = {
+	id: "python-pylsp",
+	name: "Python LSP Server (pylsp)",
+	installPolicy: "none",
+	extensions: [".py", ".pyi"],
+	root: createRootDetector([
+		".git",
+		"pyproject.toml",
+		"setup.py",
+		"setup.cfg",
+		"requirements.txt",
+		"Pipfile",
+		"poetry.lock",
+	]),
+	async spawn(root) {
+		try {
+			const proc = await launchLSP("pylsp", [], { cwd: root });
+			return { process: proc, source: "direct" };
+		} catch {
+			return undefined;
+		}
+	},
+};
+
 export const GoServer: LSPServerInfo = {
 	id: "go",
 	name: "gopls",
@@ -642,24 +747,48 @@ export const RubyServer: LSPServerInfo = {
 			[],
 			{ cwd: root, allowInstall: options?.allowInstall },
 			async () => {
-				try {
-					return await launchLSP("ruby-lsp", [], { cwd: root });
-				} catch {
-					const fallback = await launchWithDirectOrPackageManager(
-						nodeBinCandidates(root, "solargraph"),
-						"solargraph",
-						["stdio"],
-						{ cwd: root, allowInstall: options?.allowInstall },
-					);
-					if (!fallback) throw new Error("ENOENT: command not found");
-					return fallback.process;
+				for (const command of ["ruby-lsp", ...rubyBinCandidates("ruby-lsp")]) {
+					try {
+						return await launchLSP(command, [], { cwd: root });
+					} catch {
+						// try next ruby-lsp candidate
+					}
 				}
+
+				for (const command of ["solargraph", ...rubyBinCandidates("solargraph")]) {
+					try {
+						return await launchLSP(command, ["stdio"], { cwd: root });
+					} catch {
+						// try next solargraph candidate
+					}
+				}
+
+				throw new Error("ENOENT: command not found");
 			},
 		);
 		return proc ? { process: proc, source: "interactive" } : undefined;
 	},
 };
 
+export const RubySolargraphServer: LSPServerInfo = {
+	id: "ruby-solargraph",
+	name: "Solargraph",
+	installPolicy: "none",
+	extensions: [".rb", ".rake", ".gemspec", ".ru"],
+	root: PriorityRoot([["Gemfile", ".ruby-version"], [".git"]]),
+	async spawn(root) {
+		for (const command of ["solargraph", ...rubyBinCandidates("solargraph")]) {
+			try {
+				const proc = await launchLSP(command, ["stdio"], { cwd: root });
+				return { process: proc, source: "direct" };
+			} catch {
+				// try next candidate
+			}
+		}
+		return undefined;
+	},
+};
+
 export const PHPServer: LSPServerInfo = {
 	id: "php",
 	name: "Intelephense",
@@ -691,6 +820,16 @@ export const CSharpServer = createInteractiveServer({
 	command: "csharp-ls",
 });
 
+export const OmniSharpServer = createInteractiveServer({
+	id: "omnisharp",
+	name: "OmniSharp",
+	extensions: [".cs"],
+	root: createRootDetector([".sln", ".csproj", ".slnx"]),
+	language: "csharp",
+	command: "OmniSharp",
+	args: ["--languageserver"],
+});
+
 export const FSharpServer = createInteractiveServer({
 	id: "fsharp",
 	name: "FSAutocomplete",
@@ -912,6 +1051,34 @@ export const JsonServer: LSPServerInfo = {
 	},
 };
 
+export const HtmlServer: LSPServerInfo = {
+	id: "html",
+	name: "VSCode HTML Language Server",
+	installPolicy: "package-manager",
+	extensions: [".html", ".htm"],
+	root: PriorityRoot([["package.json", "index.html", "vite.config.ts"], [".git"]]),
+	async spawn(_root, options) {
+		const launched = await launchWithDirectOrPackageManager(
+			nodeBinCandidates(process.cwd(), "vscode-html-language-server"),
+			"vscode-html-languageserver-bin",
+			["--stdio"],
+			{ cwd: process.cwd(), allowInstall: options?.allowInstall },
+		);
+		if (!launched) return undefined;
+		return { process: launched.process, source: launched.source };
+	},
+};
+
+export const TomlServer = createInteractiveServer({
+	id: "toml",
+	name: "Taplo",
+	extensions: [".toml"],
+	root: PriorityRoot([["pyproject.toml", "Cargo.toml", "taplo.toml"], [".git"]]),
+	language: "toml",
+	command: "taplo",
+	args: ["lsp", "stdio"],
+});
+
 export const PrismaServer: LSPServerInfo = {
 	id: "prisma",
 	name: "Prisma Language Server",
@@ -1036,12 +1203,17 @@ export const CssServer: LSPServerInfo = {
 
 export const LSP_SERVERS: LSPServerInfo[] = [
 	TypeScriptServer,
+	DenoServer,
+	BiomeLspServer,
 	PythonServer,
+	PythonPylspServer,
 	GoServer,
 	RustServer,
 	RubyServer,
+	RubySolargraphServer,
 	PHPServer,
 	CSharpServer,
+	OmniSharpServer,
 	FSharpServer,
 	JavaServer,
 	KotlinServer,
@@ -1061,6 +1233,8 @@ export const LSP_SERVERS: LSPServerInfo[] = [
 	DockerServer,
 	YamlServer,
 	JsonServer,
+	HtmlServer,
+	TomlServer,
 	PrismaServer,
 	// Web frameworks & styling
 	VueServer,

package/clients/pipeline.ts

@@ -672,8 +672,8 @@ export async function runPipeline(
 					for (const e of limited) {
 						const line = (e.range?.start?.line ?? 0) + 1;
 						const col = (e.range?.start?.character ?? 0) + 1;
-						const code = e.code ? ` [${e.code}]` : "";
-						c += `\n  ${code} (${line}:${col}) ${e.message.split("\n")[0].slice(0, 100)}`;
+						const code = e.code ? ` code=${String(e.code)}` : "";
+						c += `\n  line ${line}, col ${col}${code}: ${e.message.split("\n")[0].slice(0, 100)}`;
 					}
 					c += `${suffix}\n</diagnostics>`;
 				}

package/clients/runtime-context.ts

@@ -29,7 +29,7 @@ export function consumeTurnEndFindings(
 export function consumeSessionStartGuidance(
 	cacheManager: CacheManager,
 	cwd: string,
-): { messages: Array<{ role: "system"; content: string }> } | undefined {
+): { messages: Array<{ role: "user"; content: string }> } | undefined {
 	const guidance = cacheManager.readCache<{ content: string }>(
 		"session-start-guidance",
 		cwd,
@@ -45,7 +45,7 @@ export function consumeSessionStartGuidance(
 	return {
 		messages: [
 			{
-				role: "system",
+				role: "user",
 				content: `[pi-lens] Session guidance:\n\n${guidance.data.content}`,
 			},
 		],

package/clients/runtime-session.ts

@@ -62,11 +62,27 @@ interface SessionStartDeps {
 	resetLSPService: () => void;
 }
 
+type StartupMode = "full" | "minimal" | "quick";
+
 function isCommandAvailable(command: string, args: string[] = ["--version"]): boolean {
 	const result = safeSpawn(command, args, { timeout: 5000 });
 	return !result.error && result.status === 0;
 }
 
+function resolveStartupMode(): StartupMode {
+	const envMode = (process.env.PI_LENS_STARTUP_MODE ?? "").trim().toLowerCase();
+	if (envMode === "full" || envMode === "minimal" || envMode === "quick") {
+		return envMode;
+	}
+
+	const argv = process.argv;
+	if (argv.includes("--print") || argv.includes("-p")) {
+		return "quick";
+	}
+
+	return "full";
+}
+
 function getLanguageInstallHints(
 	languageProfile: ReturnType<typeof detectProjectLanguageProfile>,
 ): string[] {
@@ -99,6 +115,9 @@ export async function handleSessionStart(
 	deps: SessionStartDeps,
 ): Promise<void> {
 	const sessionStartMs = Date.now();
+	const startupMode = resolveStartupMode();
+	const allowBootstrapTasks = startupMode === "full";
+	const quickMode = startupMode === "quick";
 	const {
 		ctxCwd,
 		getFlag,
@@ -131,10 +150,14 @@ export async function handleSessionStart(
 	runtime.complexityBaselines.clear();
 	resetDispatchBaselines();
 	runtime.resetForSession();
+	dbg(`session_start startup mode: ${startupMode}`);
 
 	if (getFlag("lens-lsp") && !getFlag("no-lsp")) {
 		resetLSPService();
 		dbg("session_start: LSP service reset");
+		dbg(
+			"session_start: phase0 workspace diagnostics observation enabled (capability probe only)",
+		);
 	}
 
 	if (getFlag("auto-install")) {
@@ -166,7 +189,7 @@ export async function handleSessionStart(
 	log(`Active tools: ${tools.join(", ")}`);
 	dbg(`session_start tools: ${tools.join(", ")}`);
 
-	if (getFlag("lens-lsp") && !getFlag("no-lsp")) {
+	if (allowBootstrapTasks && getFlag("lens-lsp") && !getFlag("no-lsp")) {
 		const cleaned = cleanStaleTsBuildInfo(ctxCwd ?? process.cwd());
 		if (cleaned.length > 0) {
 			notify(
@@ -179,6 +202,15 @@ export async function handleSessionStart(
 
 	const hasWorkspaceCwd = typeof ctxCwd === "string" && ctxCwd.length > 0;
 	const cwd = ctxCwd ?? process.cwd();
+	if (quickMode) {
+		runtime.projectRoot = cwd;
+		dbg(
+			"session_start: quick mode active - skipping language profiling, preinstall, scans, and error debt baseline",
+		);
+		dbg(`session_start total: ${Date.now() - sessionStartMs}ms`);
+		return;
+	}
+
 	const startupScan = resolveStartupScanContext(cwd);
 	const scanRoot = startupScan.projectRoot ?? cwd;
 	const useScanRootForSignals =
@@ -217,7 +249,9 @@ export async function handleSessionStart(
 		return true;
 	});
 
-	if (startupDefaults.length > 0) {
+	if (!allowBootstrapTasks) {
+		dbg("session_start: skipping tool preinstall (startup mode)");
+	} else if (startupDefaults.length > 0) {
 		dbg(`session_start: pre-install defaults -> ${startupDefaults.join(", ")}`);
 		for (const tool of startupDefaults) {
 			const startedAt = Date.now();
@@ -247,7 +281,7 @@ export async function handleSessionStart(
 		dbg("session_start: no language defaults selected for pre-install");
 	}
 
-	{
+	if (allowBootstrapTasks) {
 		const pkgPath = path.join(analysisRoot, "package.json");
 		try {
 			const raw = await nodeFs.promises.readFile(pkgPath, "utf-8");
@@ -272,6 +306,8 @@ export async function handleSessionStart(
 		} catch {
 			// no package.json at cwd root
 		}
+	} else {
+		dbg("session_start: skipping prettier preinstall probe (startup mode)");
 	}
 
 	const hasArchitectRules = architectClient.loadConfig(analysisRoot);
@@ -349,7 +385,9 @@ export async function handleSessionStart(
 	// Each consumer already handles the "not ready yet" case gracefully
 	// (cachedExports.size > 0, cachedProjectIndex != null, cache miss paths).
 
-	if (!startupScan.canWarmCaches) {
+	if (!allowBootstrapTasks) {
+		dbg("session_start: skipping startup background scans (startup mode)");
+	} else if (!startupScan.canWarmCaches) {
 		dbg(
 			`session_start: skipping heavy scans (${startupScan.reason ?? "unknown"})`,
 		);
@@ -500,7 +538,7 @@ export async function handleSessionStart(
 		`session_start: background scans launched (${startupNotes.length} startup note(s))`,
 	);
 
-	const errorDebtEnabled = getFlag("error-debt");
+	const errorDebtEnabled = allowBootstrapTasks && getFlag("error-debt");
 	const pendingDebt = cacheManager.readCache<{
 		pendingCheck: boolean;
 		baselineTestsPassed: boolean;

package/clients/session-summary.ts

@@ -4,6 +4,13 @@
 
 import type { SessionStats } from "./diagnostic-tracker.js";
 
+export interface SlopScoreSummary {
+	totalRuleDiagnostics: number;
+	totalKlocWritten: number;
+	scorePerKloc: number;
+	ruleCounts: Array<{ ruleId: string; count: number }>;
+}
+
 export function formatSessionSummary(stats: SessionStats): string {
 	if (stats.totalShown === 0) return "";
 
@@ -30,3 +37,17 @@ function pct(part: number, total: number): string {
 	if (total === 0) return "0";
 	return Math.round((part / total) * 100).toString();
 }
+
+export function formatSlopScoreSummary(summary: SlopScoreSummary): string {
+	if (summary.totalRuleDiagnostics === 0 || summary.totalKlocWritten <= 0) {
+		return "";
+	}
+
+	const topRules = summary.ruleCounts.slice(0, 3);
+	const detail =
+		topRules.length > 0
+			? `  (${topRules.map((entry) => `${entry.ruleId} ×${entry.count}`).join(", ")})`
+			: "";
+
+	return `Slop score: ${summary.scorePerKloc.toFixed(1)}/KLOC${detail}`;
+}

package/clients/tree-sitter-client.ts

@@ -892,6 +892,26 @@ export class TreeSitterClient {
 					if (!secretPatterns.some((p) => p.test(varName))) continue;
 				}
 
+				// Go: only keep bare-return-call matches when enclosing function returns error.
+				if (postFilter === "returns_error") {
+					const first = Object.values(captures)[0];
+					if (!first) continue;
+					const funcNode = this.navigator.findParent(first, [
+						"function_declaration",
+						"method_declaration",
+					]);
+					if (!funcNode) continue;
+
+					const fnText = String(funcNode.text ?? "");
+					const signature = fnText.split("{", 1)[0]?.trim() ?? "";
+					const returnPartMatch = signature.match(
+						/func\s*(?:\([^)]*\)\s*)?[A-Za-z_]\w*\s*\([^)]*\)\s*(.*)$/s,
+					);
+					const returnPart = returnPartMatch?.[1]?.trim() ?? "";
+					const returnsError = returnPart.length > 0 && /\berror\b/.test(returnPart);
+					if (!returnsError) continue;
+				}
+
 				// Python: except body that only contains pass (effectively empty)
 				if (postFilter === "python_empty_except") {
 					const bodyNode = captures.BODY;
@@ -921,6 +941,148 @@ export class TreeSitterClient {
 					}
 				}
 
+				// TS security/concurrency: strict sink filtering (query predicates are not reliable in this runtime)
+				if (postFilter === "ts_command_injection_sink") {
+					const mod = captures.MOD?.text ?? "";
+					const fn = captures.FN?.text ?? "";
+					if (mod !== "child_process") continue;
+					if (!/^(exec|execSync)$/.test(fn)) continue;
+				}
+
+				if (postFilter === "ts_ssrf_sink") {
+					const fn = captures.FN?.text ?? "";
+					const obj = captures.OBJ?.text ?? "";
+					const allowedFns = new Set([
+						"fetch",
+						"request",
+						"get",
+						"post",
+						"put",
+						"patch",
+						"delete",
+					]);
+					if (!allowedFns.has(fn)) continue;
+
+					if (!obj) {
+						if (fn !== "fetch") continue;
+					} else {
+						const allowedObjs = new Set([
+							"axios",
+							"http",
+							"https",
+							"got",
+							"request",
+							"superagent",
+							"undici",
+						]);
+						if (!allowedObjs.has(obj)) continue;
+					}
+				}
+
+				if (postFilter === "ts_weak_hash_algorithm") {
+					const fn = captures.FN?.text ?? "";
+					const alg = captures.ALG?.text ?? "";
+					if (fn !== "createHash") continue;
+					if (!/^(md5|sha1)$/i.test(alg)) continue;
+				}
+
+				if (postFilter === "ts_insecure_random_source") {
+					const obj = captures.OBJ?.text ?? "";
+					const fn = captures.FN?.text ?? "";
+					if (obj !== "Math" || fn !== "random") continue;
+				}
+
+				if (postFilter === "ts_detached_async_call") {
+					const fn = captures.FN?.text ?? "";
+					if (!/(Async$|fetch$|request$)/.test(fn)) {
+						continue;
+					}
+				}
+
+				if (postFilter === "py_command_injection_sink") {
+					const mod = captures.MOD?.text ?? "";
+					const fn = captures.FN?.text ?? "";
+					const kw = captures.KW?.text ?? "";
+					const isOs = mod === "os" && /^(system|popen)$/.test(fn);
+					const isSubprocess =
+						mod === "subprocess" &&
+						/^(run|Popen|call|check_output|check_call)$/.test(fn) &&
+						kw === "shell";
+					if (!isOs && !isSubprocess) continue;
+				}
+
+				if (postFilter === "go_command_injection_sink") {
+					const pkg = captures.PKG?.text ?? "";
+					const fn = captures.FN?.text ?? "";
+					const shell = captures.SHELL?.text ?? "";
+					const flag = captures.FLAG?.text ?? "";
+					if (pkg !== "exec") continue;
+					if (!/^(Command|CommandContext)$/.test(fn)) continue;
+					if (!/^"(sh|bash|zsh|cmd|powershell|pwsh)"$/.test(shell)) continue;
+					if (!/^"(-c|\/c)"$/.test(flag)) continue;
+				}
+
+				if (postFilter === "ruby_command_injection_sink") {
+					const fn = captures.FN?.text ?? "";
+					if (!/^(system|exec|spawn|popen|capture3|capture2|capture2e)$/.test(fn)) {
+						continue;
+					}
+				}
+
+				if (postFilter === "py_ssrf_sink") {
+					const mod = captures.MOD?.text ?? "";
+					const fn = captures.FN?.text ?? "";
+					if (mod !== "requests") continue;
+					if (!/^(get|post|put|patch|delete|request|head|options)$/.test(fn))
+						continue;
+				}
+
+				if (postFilter === "py_path_traversal_sink") {
+					const fn = captures.FN?.text ?? "";
+					if (
+						!/^(open|read_text|read_bytes|write_text|write_bytes|remove|unlink|rmdir)$/.test(
+							fn,
+						)
+					)
+						continue;
+				}
+
+				if (postFilter === "go_path_traversal_sink") {
+					const pkg = captures.PKG?.text ?? "";
+					const fn = captures.FN?.text ?? "";
+					if (!/^(os|ioutil)$/.test(pkg)) continue;
+					if (!/^(Open|OpenFile|ReadFile|WriteFile|Create|Remove|RemoveAll)$/.test(fn))
+						continue;
+				}
+
+				if (postFilter === "py_sql_injection_sink") {
+					const fn = captures.FN?.text ?? "";
+					if (!/^(execute|executemany|query|raw)$/.test(fn)) continue;
+				}
+
+				if (postFilter === "go_sql_injection_sink") {
+					const dbFn = captures.DBFN?.text ?? "";
+					const fmtPkg = captures.FMTPKG?.text ?? "";
+					const fmtFn = captures.FMTFN?.text ?? "";
+					if (!/^(Query|QueryContext|QueryRow|QueryRowContext|Exec|ExecContext)$/.test(dbFn))
+						continue;
+					if (fmtPkg !== "fmt" || fmtFn !== "Sprintf") continue;
+				}
+
+				if (postFilter === "py_insecure_deserialization_sink") {
+					const mod = captures.MOD?.text ?? "";
+					const fn = captures.FN?.text ?? "";
+					if (!/^(pickle|yaml)$/.test(mod)) continue;
+					if (!/^(load|loads|unsafe_load)$/.test(fn)) continue;
+				}
+
+				if (postFilter === "ruby_insecure_deserialization_sink") {
+					const mod = captures.MOD?.text ?? "";
+					const fn = captures.FN?.text ?? "";
+					if (!/^(Marshal|YAML|Psych)$/.test(mod)) continue;
+					if (!/^(load|unsafe_load)$/.test(fn)) continue;
+				}
+
 				// Use first capture for position info
 				if (match.captures.length > 0) {
 					const firstNode = match.captures[0].node;

package/clients/tree-sitter-logger.ts

@@ -0,0 +1,47 @@
+import * as fs from "node:fs";
+import * as os from "node:os";
+import * as path from "node:path";
+
+const TREE_SITTER_LOG_DIR = path.join(os.homedir(), ".pi-lens");
+const TREE_SITTER_LOG_FILE = path.join(TREE_SITTER_LOG_DIR, "tree-sitter.log");
+
+try {
+	if (!fs.existsSync(TREE_SITTER_LOG_DIR)) {
+		fs.mkdirSync(TREE_SITTER_LOG_DIR, { recursive: true });
+	}
+} catch {}
+
+export interface TreeSitterLogEntry {
+	ts?: string;
+	phase:
+		| "runner_start"
+		| "runner_skip"
+		| "queries_loaded"
+		| "query_error"
+		| "runner_complete"
+		| "entity_diff"
+		| "blast_radius";
+	filePath: string;
+	languageId?: string;
+	queryId?: string;
+	status?: string;
+	diagnostics?: number;
+	blocking?: number;
+	queryCount?: number;
+	effectiveQueryCount?: number;
+	cacheHit?: boolean;
+	reason?: string;
+	error?: string;
+	metadata?: Record<string, unknown>;
+}
+
+export function logTreeSitter(entry: TreeSitterLogEntry): void {
+	const line = `${JSON.stringify({ ts: new Date().toISOString(), ...entry })}\n`;
+	try {
+		fs.appendFileSync(TREE_SITTER_LOG_FILE, line);
+	} catch {}
+}
+
+export function getTreeSitterLogPath(): string {
+	return TREE_SITTER_LOG_FILE;
+}