@f-o-h/cli 0.1.45 → 0.1.47

package/README.md

@@ -4,7 +4,7 @@ AI-operator provisioning CLI for Front Of House.
 
 Public mirror: https://github.com/iiko38/front-of-house-cli
 
-Current published baseline: `@f-o-h/cli@0.1.40`
+Current published baseline: `@f-o-h/cli@0.1.47`
 
 This mirror is a generated release artifact. The private product monorepo is not
 published here, and no open-source license is granted unless stated separately.
@@ -61,7 +61,7 @@ foh auth login --web --json
 foh auth login --email "$FOH_EMAIL" --password "$FOH_PASSWORD" --json
 foh org list --json
 foh org use --org <org-id> --json
-FOH_CLI_SPEND_POLICY=no_spend foh setup --org <org-id> --agent-template <template-id> --agent-name "Demo Agent" --phone-mode observe --json
+FOH_CLI_SPEND_POLICY=no_spend foh setup --org <org-id> --agent-template <template-id> --agent-name "Demo Agent" --phone-mode observe --json
 foh prove --agent <agent-id> --json --out foh-proof.json
 foh test run --suite ./suite.yml --agent <agent-id> --json --out foh-test-report.json
 foh agent replay --file ./transcript-export.json --json
@@ -80,35 +80,35 @@ prints the fallback URL. `auth login --web` starts browser device
 authorization, opens `/cli-auth`, waits for console approval, and stores the
 returned short-lived token. Credential auth remains available as fallback.
 
-`foh prove` produces a compact signed proof report across auth, org context,
-agent validation, contact phone readiness, voice provider health, widget
-channel/embed readiness, widget smoke, and simulation certification. It is
-read-only by default; pass `--mutation-mode ensure` or `--repair` only when you
-explicitly want proof to ensure missing widget state. Use `--strict` in
-automation when holds should fail the command, and `--mission voice` or
-`--require-phone` when a voice/contact number is mandatory for the demo.
-Use `--contact-path byon` when the proof is meant to validate a
-customer-owned/BYON phone route; missing BYON config then reports
-`byon_voice_number_not_configured` instead of suggesting FOH number purchase.
-For repeated or parallel proof missions in AI-agent evals, pass
-`--proof-cache-dir .foh/proof-cache` so simulation certification runs once and
-sibling proofs reuse the same signed certification detail.
-
-For mass AI-agent evals and repeated demo rehearsals, keep setup on the free
-scaffold lane:
-
-```bash
-FOH_CLI_SPEND_POLICY=no_spend foh setup --org <org-id> --agent-template <template-id> --agent-name "Demo Agent" --phone-mode observe --json
-```
-
-`--phone-mode observe` checks whether a contact phone already exists without
-buying one. `--phone-mode skip` bypasses the phone step. `--phone-mode purchase`
-is the explicit paid contact path and is fail-closed when
-`FOH_CLI_SPEND_POLICY=no_spend` is set.
-
-If managed-number provisioning is blocked by account/provider capacity or empty
-reserve inventory, proof reports `provider_capacity_blocked`; fix capacity or
-switch to BYON rather than retrying blindly.
+`foh prove` produces a compact signed proof report across auth, org context,
+agent validation, contact phone readiness, voice provider health, widget
+channel/embed readiness, widget smoke, and simulation certification. It is
+read-only by default; pass `--mutation-mode ensure` or `--repair` only when you
+explicitly want proof to ensure missing widget state. Use `--strict` in
+automation when holds should fail the command, and `--mission voice` or
+`--require-phone` when a voice/contact number is mandatory for the demo.
+Use `--contact-path byon` when the proof is meant to validate a
+customer-owned/BYON phone route; missing BYON config then reports
+`byon_voice_number_not_configured` instead of suggesting FOH number purchase.
+For repeated or parallel proof missions in AI-agent evals, pass
+`--proof-cache-dir .foh/proof-cache` so simulation certification runs once and
+sibling proofs reuse the same signed certification detail.
+
+For mass AI-agent evals and repeated demo rehearsals, keep setup on the free
+scaffold lane:
+
+```bash
+FOH_CLI_SPEND_POLICY=no_spend foh setup --org <org-id> --agent-template <template-id> --agent-name "Demo Agent" --phone-mode observe --json
+```
+
+`--phone-mode observe` checks whether a contact phone already exists without
+buying one. `--phone-mode skip` bypasses the phone step. `--phone-mode purchase`
+is the explicit paid contact path and is fail-closed when
+`FOH_CLI_SPEND_POLICY=no_spend` is set.
+
+If managed-number provisioning is blocked by account/provider capacity or empty
+reserve inventory, proof reports `provider_capacity_blocked`; fix capacity or
+switch to BYON rather than retrying blindly.
 
 The CLI defaults to the production API at `https://api.frontofhouse.okii.uk`.
 
@@ -133,13 +133,13 @@ foh eval external-agent run \
   --prompt-version blank-setup.v1
 ```
 
-The command writes a versioned prompt, launches an instrumented shell, captures
-FOH CLI commands into `commands.ndjson`, and finalizes `run.json` as an
-`external_agent_run.v1` artifact when the shell exits.
-
-Run artifacts include `eval_state` so repeated benchmark runs make reuse
-explicit: org, agent, and widget reuse are expected; fresh paid phone-number
-creation is not expected.
+The command writes a versioned prompt, launches an instrumented shell, captures
+FOH CLI commands into `commands.ndjson`, and finalizes `run.json` as an
+`external_agent_run.v1` artifact when the shell exits.
+
+Run artifacts include `eval_state` so repeated benchmark runs make reuse
+explicit: org, agent, and widget reuse are expected; fresh paid phone-number
+creation is not expected.
 
 For guarded programmable-runner planning:
 

package/dist/foh.js

@@ -32801,7 +32801,7 @@ var StdioServerTransport = class {
 };
 
 // src/lib/cli-version.ts
-var CLI_VERSION = "0.1.45";
+var CLI_VERSION = "0.1.47";
 
 // src/commands/mcp-serve.ts
 var DEFAULT_TIMEOUT_MS = 12e4;
@@ -39181,6 +39181,7 @@ var EXTERNAL_AGENT_EVAL_AUTH_ENV_MAP = {
   FOH_EXTERNAL_AGENT_EVAL_API_URL: "FOH_API_URL",
   FOH_EXTERNAL_AGENT_EVAL_TOKEN_EXPIRES_AT: "FOH_TOKEN_EXPIRES_AT"
 };
+var DEFAULT_FOH_API_URL2 = "https://api.frontofhouse.okii.uk";
 var ExternalAgentExecutorError = class extends Error {
   reasonCode;
   constructor(reasonCode, message) {
@@ -39219,6 +39220,61 @@ function buildCodexExecutorEnv(input) {
   env.FOH_CLI_SUPPRESS_BANNER = "1";
   return env;
 }
+function readExternalAgentEvalAuthEnv(env = process.env) {
+  return {
+    token: String(env.FOH_EXTERNAL_AGENT_EVAL_TOKEN || "").trim(),
+    orgId: String(env.FOH_EXTERNAL_AGENT_EVAL_ORG_ID || "").trim(),
+    apiUrl: String(env.FOH_EXTERNAL_AGENT_EVAL_API_URL || env.FOH_API_URL || DEFAULT_FOH_API_URL2).trim() || DEFAULT_FOH_API_URL2,
+    expiresAt: String(env.FOH_EXTERNAL_AGENT_EVAL_TOKEN_EXPIRES_AT || "").trim()
+  };
+}
+function shouldRunExternalAgentEvalAuthPreflight(env = process.env) {
+  return Boolean(
+    env.FOH_EXTERNAL_AGENT_EVAL_TOKEN || env.FOH_EXTERNAL_AGENT_EVAL_ORG_ID || env.FOH_EXTERNAL_AGENT_EVAL_API_URL || env.FOH_EXTERNAL_AGENT_EVAL_TOKEN_EXPIRES_AT || env.FOH_SERVICE_TOKEN || env.FOH_ORG_ID || env.FOH_API_URL || env.FOH_TOKEN_EXPIRES_AT
+  );
+}
+async function runExternalAgentEvalAuthPreflight(env = process.env) {
+  if (!shouldRunExternalAgentEvalAuthPreflight(env)) return null;
+  const checkedAt = (/* @__PURE__ */ new Date()).toISOString();
+  const auth = readExternalAgentEvalAuthEnv(env);
+  const base = {
+    api_url: auth.apiUrl,
+    org_id: auth.orgId || null,
+    checked_at: checkedAt,
+    token_present: Boolean(auth.token),
+    expires_at: auth.expiresAt || null,
+    matched_org: null
+  };
+  if (!auth.token || !auth.orgId) {
+    return { ...base, ok: false, reason_code: "eval_auth_missing" };
+  }
+  if (auth.expiresAt) {
+    const expiresMs = Date.parse(auth.expiresAt);
+    if (Number.isFinite(expiresMs) && expiresMs <= Date.now()) {
+      return { ...base, ok: false, reason_code: "eval_auth_expired" };
+    }
+  }
+  const res = await fetch(`${auth.apiUrl.replace(/\/$/, "")}/v1/console/auth/my-orgs`, {
+    headers: {
+      Authorization: `Bearer ${auth.token}`
+    }
+  }).catch(() => null);
+  if (!res || res.status === 401) {
+    return { ...base, ok: false, reason_code: "eval_auth_expired" };
+  }
+  if (!res.ok) {
+    return { ...base, ok: false, reason_code: "eval_auth_wrong_org" };
+  }
+  const body = await res.json().catch(() => ({}));
+  const orgs = Array.isArray(body.orgs) ? body.orgs : [];
+  const matchedOrg = orgs.some((org) => String(org?.org_id || "").trim() === auth.orgId);
+  return {
+    ...base,
+    ok: matchedOrg,
+    reason_code: matchedOrg ? "eval_auth_ok" : "eval_auth_wrong_org",
+    matched_org: matchedOrg
+  };
+}
 function normalizeForCompare(path2) {
   const resolved = (0, import_path13.resolve)(path2);
   return process.platform === "win32" ? resolved.toLowerCase() : resolved;
@@ -39823,6 +39879,30 @@ async function executeExternalAgentExecutorPlan(plan, options = {}) {
   const startedAt = (/* @__PURE__ */ new Date()).toISOString();
   const results = [];
   const runnerCommand = options.runnerCommand || resolveCodexExecutionCommand();
+  const authPreflight = await runExternalAgentEvalAuthPreflight(options.env);
+  if (authPreflight && !authPreflight.ok) {
+    const endedAt2 = (/* @__PURE__ */ new Date()).toISOString();
+    return {
+      schema_version: "external_agent_execution_batch_result.v1",
+      ok: false,
+      status: "hold",
+      reason_code: authPreflight.reason_code,
+      auth_preflight: authPreflight,
+      started_at: startedAt,
+      ended_at: endedAt2,
+      runner: plan.runner,
+      run_count: plan.runs.length,
+      results: plan.runs.map((run) => ({
+        run_id: run.run_id,
+        status: "hold",
+        failure_reason_code: authPreflight.reason_code,
+        exit_code: null,
+        timed_out: false,
+        duration_ms: 0,
+        artifacts: run.outputs
+      }))
+    };
+  }
   for (const run of plan.runs) {
     const runStartedAt = (/* @__PURE__ */ new Date()).toISOString();
     const commandCaptureDir = (0, import_path13.join)(run.workspace_dir, ".foh-capture");
@@ -39890,6 +39970,7 @@ async function executeExternalAgentExecutorPlan(plan, options = {}) {
     ok: status === "pass",
     status,
     reason_code: status === "pass" ? "external_agent_execution_passed" : "external_agent_execution_needs_review",
+    ...authPreflight ? { auth_preflight: authPreflight } : {},
     started_at: startedAt,
     ended_at: endedAt,
     runner: plan.runner,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@f-o-h/cli",
-  "version": "0.1.45",
+  "version": "0.1.47",
   "description": "FOH CLI - AI-operator provisioning tool for Front Of House",
   "license": "UNLICENSED",
   "bin": {