@ouro.bot/cli 0.1.0-alpha.377 → 0.1.0-alpha.379
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -1
- package/changelog.json +18 -0
- package/dist/heart/daemon/cli-exec.js +4 -4
- package/dist/heart/daemon/doctor.js +0 -12
- package/dist/outlook-ui/assets/{index-LwChZTgL.css → index-BAcU08c-.css} +1 -1
- package/dist/outlook-ui/assets/index-D7l3l4vY.js +61 -0
- package/dist/outlook-ui/index.html +2 -2
- package/dist/repertoire/guardrails.js +5 -9
- package/dist/repertoire/vault-unlock.js +1 -1
- package/package.json +1 -1
- package/dist/outlook-ui/assets/index-xTdv64BV.js +0 -61
|
@@ -6,8 +6,8 @@
|
|
|
6
6
|
<meta name="color-scheme" content="dark" />
|
|
7
7
|
<title>Ouro Outlook</title>
|
|
8
8
|
<meta name="description" content="The daemon-hosted shared orientation surface for agents alive on this machine." />
|
|
9
|
-
<script type="module" crossorigin src="/assets/index-
|
|
10
|
-
<link rel="stylesheet" crossorigin href="/assets/index-
|
|
9
|
+
<script type="module" crossorigin src="/assets/index-D7l3l4vY.js"></script>
|
|
10
|
+
<link rel="stylesheet" crossorigin href="/assets/index-BAcU08c-.css">
|
|
11
11
|
</head>
|
|
12
12
|
<body>
|
|
13
13
|
<div id="app"></div>
|
|
@@ -36,7 +36,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
36
36
|
exports.OURO_CLI_TRUST_MANIFEST = void 0;
|
|
37
37
|
exports.guardInvocation = guardInvocation;
|
|
38
38
|
const fs = __importStar(require("node:fs"));
|
|
39
|
-
const os = __importStar(require("node:os"));
|
|
40
39
|
const path = __importStar(require("node:path"));
|
|
41
40
|
const types_1 = require("../mind/friends/types");
|
|
42
41
|
const runtime_1 = require("../nerves/runtime");
|
|
@@ -56,20 +55,17 @@ const REASONS = {
|
|
|
56
55
|
// --- read-only tools that never need guardrails ---
|
|
57
56
|
const READ_ONLY_TOOLS = new Set(["read_file", "glob", "grep"]);
|
|
58
57
|
// --- protected path detection ---
|
|
59
|
-
const PROTECTED_PATH_SEGMENTS = [
|
|
58
|
+
const PROTECTED_PATH_SEGMENTS = [
|
|
59
|
+
".git/",
|
|
60
|
+
".ouro-cli/vault-unlock/",
|
|
61
|
+
".ouro-cli/vault-unlock-dpapi/",
|
|
62
|
+
];
|
|
60
63
|
const PROTECTED_FILENAMES = ["agent.json"];
|
|
61
|
-
function getProtectedAbsolutePrefixes() {
|
|
62
|
-
return [`${os.homedir()}/.agentsecrets/`];
|
|
63
|
-
}
|
|
64
64
|
function isProtectedPath(filePath) {
|
|
65
65
|
for (const segment of PROTECTED_PATH_SEGMENTS) {
|
|
66
66
|
if (filePath.includes(`/${segment}`) || filePath.startsWith(segment))
|
|
67
67
|
return true;
|
|
68
68
|
}
|
|
69
|
-
for (const prefix of getProtectedAbsolutePrefixes()) {
|
|
70
|
-
if (filePath.startsWith(prefix))
|
|
71
|
-
return true;
|
|
72
|
-
}
|
|
73
69
|
for (const name of PROTECTED_FILENAMES) {
|
|
74
70
|
if (path.basename(filePath) === name)
|
|
75
71
|
return true;
|
|
@@ -110,7 +110,7 @@ function lockedMessage(config, store) {
|
|
|
110
110
|
"This computer does not currently have usable local unlock material for that vault.",
|
|
111
111
|
"This can happen on a new computer, after a local profile or hostname migration, or if the local unlock entry was removed.",
|
|
112
112
|
"",
|
|
113
|
-
`Run \`${command}\` and enter the vault unlock secret from the operator
|
|
113
|
+
`Run \`${command}\` and enter the saved agent vault unlock secret from the human/operator who controls that vault.`,
|
|
114
114
|
"If nobody saved that unlock secret, Ouro cannot recover it; create or rotate the agent vault and re-enter credentials.",
|
|
115
115
|
].join("\n");
|
|
116
116
|
}
|