@ouro.bot/cli 0.0.1-alpha.0 → 0.1.0-alpha.2

package/dist/repertoire/tools-github.js

@@ -0,0 +1,53 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.githubToolDefinitions = void 0;
+exports.summarizeGithubArgs = summarizeGithubArgs;
+const github_client_1 = require("./github-client");
+const runtime_1 = require("../nerves/runtime");
+exports.githubToolDefinitions = [
+    {
+        tool: {
+            type: "function",
+            function: {
+                name: "file_ouroboros_bug",
+                description: "File a bug or feature request on the ouroboros harness repo. Requires GitHub OAuth authorization.",
+                parameters: {
+                    type: "object",
+                    properties: {
+                        title: { type: "string", description: "Issue title" },
+                        body: { type: "string", description: "Issue body/description (optional)" },
+                        labels: { type: "string", description: "Comma-separated label names (optional)" },
+                    },
+                    required: ["title"],
+                },
+            },
+        },
+        handler: async (args, ctx) => {
+            (0, runtime_1.emitNervesEvent)({
+                component: "repertoire",
+                event: "repertoire.github_tool_call",
+                message: "github tool invoked",
+                meta: {},
+            });
+            if (!ctx?.githubToken) {
+                return "AUTH_REQUIRED:github -- I need access to GitHub. Please sign in when prompted.";
+            }
+            const owner = "ouroborosbot";
+            const repo = "ouroboros";
+            const payload = { title: args.title };
+            if (args.body)
+                payload.body = args.body;
+            if (args.labels) {
+                payload.labels = args.labels.split(",").map((l) => l.trim());
+            }
+            return (0, github_client_1.githubRequest)(ctx.githubToken, "POST", `/repos/${owner}/${repo}/issues`, JSON.stringify(payload));
+        },
+        integration: "github",
+        confirmationRequired: true,
+    },
+];
+function summarizeGithubArgs(name, args) {
+    if (name === "file_ouroboros_bug")
+        return args.title || "";
+    return undefined;
+}

package/dist/repertoire/tools-teams.js

@@ -0,0 +1,308 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.teamsToolHandlers = exports.teamsTools = exports.teamsToolDefinitions = void 0;
+exports.summarizeTeamsArgs = summarizeTeamsArgs;
+const graph_client_1 = require("./graph-client");
+const ado_client_1 = require("./ado-client");
+const graph_endpoints_json_1 = __importDefault(require("./data/graph-endpoints.json"));
+const ado_endpoints_json_1 = __importDefault(require("./data/ado-endpoints.json"));
+const runtime_1 = require("../nerves/runtime");
+const MUTATE_METHODS = ["POST", "PATCH", "DELETE"];
+// Map HTTP method to authority action name for canWrite() checks
+const METHOD_TO_ACTION = {
+    POST: "createWorkItem",
+    PATCH: "updateWorkItem",
+    DELETE: "deleteWorkItem",
+};
+// Check if a tool response indicates a 403 PERMISSION_DENIED (authority checker removed; this is now a no-op kept for call-site stability)
+function checkAndRecord403(_result, _integration, _scope, _action, _ctx) {
+    // No-op: AuthorityChecker eliminated. 403 recording removed.
+}
+const DEFAULT_ADO_QUERY = "SELECT [System.Id], [System.Title], [System.State], [System.AssignedTo] FROM WorkItems WHERE [System.AssignedTo] = @Me AND [System.State] <> 'Closed' ORDER BY [System.ChangedDate] DESC";
+exports.teamsToolDefinitions = [
+    // -- Generic Graph tools --
+    {
+        tool: {
+            type: "function",
+            function: {
+                name: "graph_query",
+                description: "GET any Microsoft Graph API endpoint. Use graph_docs first to look up the correct path.",
+                parameters: {
+                    type: "object",
+                    properties: {
+                        path: { type: "string", description: "Graph API path after /v1.0, e.g. /me/messages?$top=5" },
+                    },
+                    required: ["path"],
+                },
+            },
+        },
+        handler: async (args, ctx) => {
+            if (!ctx?.graphToken) {
+                return "AUTH_REQUIRED:graph -- I need access to Microsoft Graph. Please sign in when prompted.";
+            }
+            return (0, graph_client_1.graphRequest)(ctx.graphToken, "GET", args.path);
+        },
+        integration: "graph",
+    },
+    {
+        tool: {
+            type: "function",
+            function: {
+                name: "graph_mutate",
+                description: "POST/PATCH/DELETE any Microsoft Graph API endpoint. Use graph_docs first to look up the correct path.",
+                parameters: {
+                    type: "object",
+                    properties: {
+                        method: { type: "string", enum: ["POST", "PATCH", "DELETE"], description: "HTTP method" },
+                        path: { type: "string", description: "Graph API path after /v1.0" },
+                        body: { type: "string", description: "JSON request body (optional)" },
+                    },
+                    required: ["method", "path"],
+                },
+            },
+        },
+        handler: async (args, ctx) => {
+            if (!ctx?.graphToken) {
+                return "AUTH_REQUIRED:graph -- I need access to Microsoft Graph. Please sign in when prompted.";
+            }
+            if (!MUTATE_METHODS.includes(args.method)) {
+                return `Invalid method "${args.method}". Must be one of: ${MUTATE_METHODS.join(", ")}`;
+            }
+            return (0, graph_client_1.graphRequest)(ctx.graphToken, args.method, args.path, args.body);
+        },
+        integration: "graph",
+        confirmationRequired: true,
+    },
+    // -- Generic ADO tools --
+    {
+        tool: {
+            type: "function",
+            function: {
+                name: "ado_query",
+                description: "GET or POST (for WIQL read queries) any Azure DevOps API endpoint. Use ado_docs first to look up the correct path.",
+                parameters: {
+                    type: "object",
+                    properties: {
+                        organization: { type: "string", description: "Azure DevOps organization name" },
+                        path: { type: "string", description: "ADO API path after /{org}, e.g. /_apis/wit/wiql" },
+                        method: { type: "string", enum: ["GET", "POST"], description: "HTTP method (defaults to GET)" },
+                        body: { type: "string", description: "JSON request body (optional, used with POST for WIQL)" },
+                    },
+                    required: ["organization", "path"],
+                },
+            },
+        },
+        handler: async (args, ctx) => {
+            if (!ctx?.adoToken) {
+                return "AUTH_REQUIRED:ado -- I need access to Azure DevOps. Please sign in when prompted.";
+            }
+            const method = args.method || "GET";
+            const result = await (0, ado_client_1.adoRequest)(ctx.adoToken, method, args.organization, args.path, args.body);
+            checkAndRecord403(result, "ado", args.organization, method, ctx);
+            return result;
+        },
+        integration: "ado",
+    },
+    {
+        tool: {
+            type: "function",
+            function: {
+                name: "ado_mutate",
+                description: "POST/PATCH/DELETE any Azure DevOps API endpoint for actual mutations. Use ado_docs first to look up the correct path.",
+                parameters: {
+                    type: "object",
+                    properties: {
+                        method: { type: "string", enum: ["POST", "PATCH", "DELETE"], description: "HTTP method" },
+                        organization: { type: "string", description: "Azure DevOps organization name" },
+                        path: { type: "string", description: "ADO API path after /{org}" },
+                        body: { type: "string", description: "JSON request body (optional)" },
+                    },
+                    required: ["method", "organization", "path"],
+                },
+            },
+        },
+        handler: async (args, ctx) => {
+            if (!ctx?.adoToken) {
+                return "AUTH_REQUIRED:ado -- I need access to Azure DevOps. Please sign in when prompted.";
+            }
+            if (!MUTATE_METHODS.includes(args.method)) {
+                return `Invalid method "${args.method}". Must be one of: ${MUTATE_METHODS.join(", ")}`;
+            }
+            /* v8 ignore next -- fallback unreachable: method is validated against MUTATE_METHODS above @preserve */
+            const action = METHOD_TO_ACTION[args.method] || args.method;
+            const result = await (0, ado_client_1.adoRequest)(ctx.adoToken, args.method, args.organization, args.path, args.body);
+            checkAndRecord403(result, "ado", args.organization, action, ctx);
+            return result;
+        },
+        integration: "ado",
+        confirmationRequired: true,
+    },
+    // -- Convenience aliases (backward compat) --
+    {
+        tool: {
+            type: "function",
+            function: {
+                name: "graph_profile",
+                description: "get the current user's Microsoft 365 profile (name, email, job title, department, office location)",
+                parameters: { type: "object", properties: {} },
+            },
+        },
+        handler: async (_args, ctx) => {
+            if (!ctx?.graphToken) {
+                return "AUTH_REQUIRED:graph -- I need access to your Microsoft 365 profile. Please sign in when prompted.";
+            }
+            return (0, graph_client_1.getProfile)(ctx.graphToken);
+        },
+        integration: "graph",
+    },
+    {
+        tool: {
+            type: "function",
+            function: {
+                name: "ado_work_items",
+                description: "query or list Azure DevOps work items. provide an organization and optionally a WIQL query. if organization is omitted, discovers available organizations automatically.",
+                parameters: {
+                    type: "object",
+                    properties: {
+                        organization: { type: "string", description: "Azure DevOps organization name (optional -- omit to discover)" },
+                        query: { type: "string", description: "WIQL query (optional, defaults to recent assigned work items)" },
+                    },
+                },
+            },
+        },
+        handler: async (args, ctx) => {
+            if (!ctx?.adoToken) {
+                return "AUTH_REQUIRED:ado -- I need access to your Azure DevOps account. Please sign in when prompted.";
+            }
+            let org = args.organization;
+            if (!org) {
+                // Discovery cascade: discover orgs, auto-select if single, disambiguate otherwise
+                try {
+                    const orgs = await (0, ado_client_1.discoverOrganizations)(ctx.adoToken);
+                    if (orgs.length === 0) {
+                        return "No ADO organizations found for your account. Ensure your Azure DevOps account has access to at least one organization.";
+                    }
+                    if (orgs.length === 1) {
+                        org = orgs[0];
+                    }
+                    else {
+                        return `Multiple ADO organizations found. Please specify which organization to use:\n${orgs.map((o) => `- ${o}`).join("\n")}`;
+                    }
+                }
+                catch (e) {
+                    return `error discovering ADO organizations: ${e instanceof Error ? e.message : String(e)}`;
+                }
+            }
+            const query = args.query || DEFAULT_ADO_QUERY;
+            return (0, ado_client_1.queryWorkItems)(ctx.adoToken, org, query);
+        },
+        integration: "ado",
+    },
+    // -- Documentation tools --
+    {
+        tool: {
+            type: "function",
+            function: {
+                name: "graph_docs",
+                description: "Search the Microsoft Graph API endpoint index. Use before calling graph_query or graph_mutate to find the correct path, method, and required scopes.",
+                parameters: {
+                    type: "object",
+                    properties: {
+                        query: { type: "string", description: "Search query, e.g. 'send email' or 'calendar events'" },
+                    },
+                    required: ["query"],
+                },
+            },
+        },
+        handler: (args) => {
+            return searchEndpoints(graph_endpoints_json_1.default, args.query || "");
+        },
+        integration: "graph",
+    },
+    {
+        tool: {
+            type: "function",
+            function: {
+                name: "ado_docs",
+                description: "Search the Azure DevOps API endpoint index. Use before calling ado_query or ado_mutate to find the correct path, method, and parameters.",
+                parameters: {
+                    type: "object",
+                    properties: {
+                        query: { type: "string", description: "Search query, e.g. 'work items' or 'pull requests'" },
+                    },
+                    required: ["query"],
+                },
+            },
+        },
+        handler: (args) => {
+            return searchEndpoints(ado_endpoints_json_1.default, args.query || "");
+        },
+        integration: "ado",
+    },
+];
+// Backward-compat: extract just the OpenAI tool schemas
+exports.teamsTools = exports.teamsToolDefinitions.map((d) => d.tool);
+// Backward-compat: extract just the handlers by name
+exports.teamsToolHandlers = Object.fromEntries(exports.teamsToolDefinitions.map((d) => [d.tool.function.name, d.handler]));
+function searchEndpoints(entries, query) {
+    (0, runtime_1.emitNervesEvent)({
+        component: "repertoire",
+        event: "repertoire.endpoint_search",
+        message: "searching endpoint index",
+        meta: {},
+    });
+    const q = query.toLowerCase();
+    const matches = entries.filter((e) => {
+        const haystack = `${e.description} ${e.path}`.toLowerCase();
+        return haystack.includes(q);
+    });
+    if (matches.length === 0) {
+        return `No matching endpoints found for "${query}". Try a broader search term.`;
+    }
+    return matches.slice(0, 5).map((e) => {
+        const lines = [
+            `${e.method} ${e.path}`,
+            `  ${e.description}`,
+            `  Params: ${e.params || "none"}`,
+        ];
+        if (e.scopes)
+            lines.push(`  Scopes: ${e.scopes}`);
+        return lines.join("\n");
+    }).join("\n\n");
+}
+function summarizeTeamsArgs(name, args) {
+    function summarizeKeyValues(keys) {
+        const parts = [];
+        for (const key of keys) {
+            const raw = args[key];
+            if (raw === undefined || raw === null)
+                continue;
+            const compact = String(raw).replace(/\s+/g, " ").trim();
+            if (!compact)
+                continue;
+            const clipped = compact.length > 60 ? compact.slice(0, 60) + "..." : compact;
+            parts.push(`${key}=${clipped}`);
+        }
+        return parts.join(" ");
+    }
+    if (name === "graph_profile")
+        return "";
+    if (name === "ado_work_items")
+        return summarizeKeyValues(["organization", "query"]);
+    if (name === "graph_query")
+        return summarizeKeyValues(["path"]);
+    if (name === "graph_mutate")
+        return summarizeKeyValues(["method", "path"]);
+    if (name === "ado_query")
+        return summarizeKeyValues(["method", "organization", "path"]);
+    if (name === "ado_mutate")
+        return summarizeKeyValues(["method", "organization", "path"]);
+    if (name === "graph_docs")
+        return summarizeKeyValues(["query"]);
+    if (name === "ado_docs")
+        return summarizeKeyValues(["query"]);
+    return undefined;
+}

package/dist/repertoire/tools.js

@@ -0,0 +1,199 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.teamsTools = exports.finalAnswerTool = exports.tools = void 0;
+exports.getToolsForChannel = getToolsForChannel;
+exports.isConfirmationRequired = isConfirmationRequired;
+exports.execTool = execTool;
+exports.summarizeArgs = summarizeArgs;
+const tools_base_1 = require("./tools-base");
+const tools_teams_1 = require("./tools-teams");
+const ado_semantic_1 = require("./ado-semantic");
+const tools_github_1 = require("./tools-github");
+const runtime_1 = require("../nerves/runtime");
+// Re-export types and constants used by the rest of the codebase
+var tools_base_2 = require("./tools-base");
+Object.defineProperty(exports, "tools", { enumerable: true, get: function () { return tools_base_2.tools; } });
+Object.defineProperty(exports, "finalAnswerTool", { enumerable: true, get: function () { return tools_base_2.finalAnswerTool; } });
+var tools_teams_2 = require("./tools-teams");
+Object.defineProperty(exports, "teamsTools", { enumerable: true, get: function () { return tools_teams_2.teamsTools; } });
+// All tool definitions in a single registry
+const allDefinitions = [...tools_base_1.baseToolDefinitions, ...tools_teams_1.teamsToolDefinitions, ...ado_semantic_1.adoSemanticToolDefinitions, ...tools_github_1.githubToolDefinitions];
+const REMOTE_BLOCKED_LOCAL_TOOLS = new Set(["shell", "read_file", "write_file", "git_commit", "gh_cli"]);
+function baseToolsForCapabilities(capabilities) {
+    const isRemoteChannel = capabilities?.channel === "teams";
+    if (!isRemoteChannel)
+        return tools_base_1.tools;
+    return tools_base_1.tools.filter((tool) => !REMOTE_BLOCKED_LOCAL_TOOLS.has(tool.function.name));
+}
+// Apply a single tool preference to a tool schema, returning a new object.
+function applyPreference(tool, pref) {
+    return {
+        ...tool,
+        function: {
+            ...tool.function,
+            description: `${tool.function.description}\n\nfriend preference: ${pref}`,
+        },
+    };
+}
+// Return the appropriate tools list based on channel capabilities.
+// Base tools (no integration) are always included.
+// Teams/integration tools are included only if their integration is in availableIntegrations.
+// When toolPreferences is provided, matching preferences are appended to tool descriptions.
+function getToolsForChannel(capabilities, toolPreferences) {
+    const baseTools = baseToolsForCapabilities(capabilities);
+    if (!capabilities || capabilities.availableIntegrations.length === 0) {
+        return baseTools;
+    }
+    const available = new Set(capabilities.availableIntegrations);
+    const integrationDefs = [...tools_teams_1.teamsToolDefinitions, ...ado_semantic_1.adoSemanticToolDefinitions, ...tools_github_1.githubToolDefinitions].filter((d) => d.integration && available.has(d.integration));
+    if (!toolPreferences || Object.keys(toolPreferences).length === 0) {
+        return [...baseTools, ...integrationDefs.map((d) => d.tool)];
+    }
+    // Build a map of integration -> preference text for fast lookup
+    const prefMap = new Map();
+    for (const [key, value] of Object.entries(toolPreferences)) {
+        prefMap.set(key, value);
+    }
+    // Apply preferences to matching integration tools (new objects, no mutation)
+    // d.integration is guaranteed truthy -- integrationDefs are pre-filtered above
+    const enrichedIntegrationTools = integrationDefs.map((d) => {
+        const pref = prefMap.get(d.integration);
+        return pref ? applyPreference(d.tool, pref) : d.tool;
+    });
+    return [...baseTools, ...enrichedIntegrationTools];
+}
+// Check whether a tool requires user confirmation before execution.
+// Reads from ToolDefinition.confirmationRequired instead of a separate Set.
+function isConfirmationRequired(toolName) {
+    const def = allDefinitions.find((d) => d.tool.function.name === toolName);
+    return def?.confirmationRequired === true;
+}
+async function execTool(name, args, ctx) {
+    (0, runtime_1.emitNervesEvent)({
+        event: "tool.start",
+        component: "tools",
+        message: "tool execution started",
+        meta: { name },
+    });
+    // Look up from combined registry
+    const def = allDefinitions.find((d) => d.tool.function.name === name);
+    if (!def) {
+        (0, runtime_1.emitNervesEvent)({
+            level: "error",
+            event: "tool.error",
+            component: "tools",
+            message: "unknown tool requested",
+            meta: { name },
+        });
+        return `unknown: ${name}`;
+    }
+    const isRemoteChannel = ctx?.context?.channel?.channel === "teams";
+    if (isRemoteChannel && REMOTE_BLOCKED_LOCAL_TOOLS.has(name)) {
+        const message = "I can't do that from here because I'm talking to multiple people in a shared remote channel, and local shell/file/git/gh operations could let conversations interfere with each other. Ask me for a remote-safe alternative (Graph/ADO/web), or run that operation from CLI.";
+        (0, runtime_1.emitNervesEvent)({
+            level: "warn",
+            event: "tool.error",
+            component: "tools",
+            message: "blocked local tool in remote channel",
+            meta: { name, channel: "teams" },
+        });
+        return message;
+    }
+    try {
+        const result = await def.handler(args, ctx);
+        (0, runtime_1.emitNervesEvent)({
+            event: "tool.end",
+            component: "tools",
+            message: "tool execution finished",
+            meta: { name, success: true },
+        });
+        return result;
+    }
+    catch (error) {
+        (0, runtime_1.emitNervesEvent)({
+            level: "error",
+            event: "tool.error",
+            component: "tools",
+            message: error instanceof Error ? error.message : String(error),
+            meta: { name },
+        });
+        throw error;
+    }
+}
+function summarizeKeyValues(args, keys, maxValueLength = 60) {
+    const parts = [];
+    for (const key of keys) {
+        const raw = args[key];
+        if (raw === undefined || raw === null)
+            continue;
+        const compact = String(raw).replace(/\s+/g, " ").trim();
+        if (!compact)
+            continue;
+        const clipped = compact.length > maxValueLength ? compact.slice(0, maxValueLength) + "..." : compact;
+        parts.push(`${key}=${clipped}`);
+    }
+    return parts.join(" ");
+}
+function summarizeUnknownArgs(args) {
+    const keys = Object.keys(args);
+    if (keys.length === 0)
+        return "";
+    return summarizeKeyValues(args, keys);
+}
+function summarizeArgs(name, args) {
+    // Check teams tools first
+    const teamsSummary = (0, tools_teams_1.summarizeTeamsArgs)(name, args);
+    if (teamsSummary !== undefined)
+        return teamsSummary;
+    // Check github tools
+    const githubSummary = (0, tools_github_1.summarizeGithubArgs)(name, args);
+    if (githubSummary !== undefined)
+        return githubSummary;
+    // Base tools
+    if (name === "read_file" || name === "write_file")
+        return summarizeKeyValues(args, ["path"]);
+    if (name === "shell")
+        return summarizeKeyValues(args, ["command"]);
+    if (name === "list_directory")
+        return summarizeKeyValues(args, ["path"]);
+    if (name === "git_commit")
+        return summarizeKeyValues(args, ["message"]);
+    if (name === "gh_cli")
+        return summarizeKeyValues(args, ["command"]);
+    if (name === "load_skill")
+        return summarizeKeyValues(args, ["name"]);
+    if (name === "task_create")
+        return summarizeKeyValues(args, ["title", "type", "category"]);
+    if (name === "task_update_status")
+        return summarizeKeyValues(args, ["name", "status"]);
+    if (name === "task_board_status")
+        return summarizeKeyValues(args, ["status"]);
+    if (name === "task_board_action")
+        return summarizeKeyValues(args, ["scope"]);
+    if (name === "task_board" || name === "task_board_deps" || name === "task_board_sessions")
+        return "";
+    if (name === "coding_spawn")
+        return summarizeKeyValues(args, ["runner", "workdir", "taskRef"]);
+    if (name === "coding_status")
+        return summarizeKeyValues(args, ["sessionId"]);
+    if (name === "coding_send_input")
+        return summarizeKeyValues(args, ["sessionId", "input"]);
+    if (name === "coding_kill")
+        return summarizeKeyValues(args, ["sessionId"]);
+    if (name === "claude")
+        return summarizeKeyValues(args, ["prompt"]);
+    if (name === "web_search")
+        return summarizeKeyValues(args, ["query"]);
+    if (name === "memory_search")
+        return summarizeKeyValues(args, ["query"]);
+    if (name === "memory_save")
+        return summarizeKeyValues(args, ["text", "about"]);
+    if (name === "get_friend_note")
+        return summarizeKeyValues(args, ["friendId"]);
+    if (name === "save_friend_note") {
+        return summarizeKeyValues(args, ["type", "key", "content"]);
+    }
+    if (name === "ado_backlog_list")
+        return summarizeKeyValues(args, ["organization", "project"]);
+    return summarizeUnknownArgs(args);
+}

package/dist/senses/cli-entry.js

@@ -0,0 +1,15 @@
+"use strict";
+// Thin entrypoint for `npm run dev` / `node dist/senses/cli-entry.js --agent <name>`.
+// Separated from cli.ts so the CLI adapter is pure library code with clean
+// 100% test coverage -- entrypoints can't be covered by vitest since
+// require.main !== module in the test runner.
+// All config comes from the conventional ~/.agentsecrets/<agent>/secrets.json path.
+Object.defineProperty(exports, "__esModule", { value: true });
+// Fail fast if --agent is missing (before any src/ code tries getAgentName())
+if (!process.argv.includes("--agent")) {
+    // eslint-disable-next-line no-console -- pre-boot guard: --agent check before imports
+    console.error("Missing required --agent <name> argument.\nUsage: node dist/senses/cli-entry.js --agent ouroboros");
+    process.exit(1);
+}
+const cli_1 = require("./cli");
+(0, cli_1.main)();