npm - @ouro.bot/cli - Versions diffs - 0.1.0-alpha.389 → 0.1.0-alpha.390 - Mend

@ouro.bot/cli 0.1.0-alpha.389 → 0.1.0-alpha.390

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/changelog.json +10 -0
package/dist/heart/daemon/cli-defaults.js +1 -0
package/dist/heart/daemon/cli-exec.js +1 -4
package/dist/heart/daemon/cli-help.js +34 -0
package/dist/heart/hatch/specialist-prompt.js +2 -1
package/dist/heart/hatch/specialist-tools.js +15 -14
package/package.json +1 -1

package/changelog.json CHANGED Viewed

@@ -1,6 +1,16 @@
 {
   "_note": "This changelog is maintained as part of the PR/version-bump workflow. Agent-curated, not auto-generated. Agents read this file directly via read_file to understand what changed between versions.",
   "versions": [
+    {
+      "version": "0.1.0-alpha.390",
+      "changes": [
+        "Interactive SerpentGuide adoption now asks the human for the hatchling vault unlock secret through the shared hidden terminal prompt instead of generating and printing one.",
+        "`complete_adoption` refuses to finish without an interactive secret prompt, validates that the human-provided hatchling vault secret is non-empty, and keeps rollback coverage for vault/provider write failures.",
+        "Hatch prompts and auth/provider docs now state that hatchling vault unlock secrets must never be typed into chat, included in tool arguments, generated by Ouro, or printed back to the terminal.",
+        "`ouro help` now covers documented bootstrap and repair commands including `auth verify`, `auth switch`, `provider refresh`, and `use`.",
+        "`@ouro.bot/cli` and the `ouro.bot` wrapper are version-synced for the hatchling vault secret bootstrap release."
+      ]
+    },
     {
       "version": "0.1.0-alpha.389",
       "changes": [

package/dist/heart/daemon/cli-defaults.js CHANGED Viewed

@@ -427,6 +427,7 @@ async function defaultRunSerpentGuide() {
             provider: providerRaw,
             bundlesRoot,
             animationWriter: (text) => process.stdout.write(text),
+            promptSecret: defaultPromptSecret,
         });
         // Run the serpent guide session via runCliSession
         const result = await runCliSession({

package/dist/heart/daemon/cli-exec.js CHANGED Viewed

@@ -3192,10 +3192,7 @@ async function runOuroCli(args, deps = (0, cli_defaults_1.createDefaultOuroCliDe
             await deps.startChat(hatchInput.agentName);
             return "";
         }
-        const vaultLine = result.vaultUnlockSecret
-            ? `\nvault unlock secret for ${hatchInput.agentName}: ${result.vaultUnlockSecret}\nUse this with \`ouro vault unlock --agent ${hatchInput.agentName}\` on another machine.`
-            : "";
-        const message = `hatched ${hatchInput.agentName} at ${result.bundleRoot} using specialist identity ${result.selectedIdentity}; ${daemonResult.message}${vaultLine}`;
+        const message = `hatched ${hatchInput.agentName} at ${result.bundleRoot} using specialist identity ${result.selectedIdentity}; ${daemonResult.message}`;
         deps.writeStdout(message);
         return message;
     }

package/dist/heart/daemon/cli-help.js CHANGED Viewed

@@ -163,6 +163,25 @@ exports.COMMAND_REGISTRY = {
         example: "ouro auth --agent ouroboros",
         subcommands: ["verify", "switch"],
     },
+    use: {
+        category: "Auth",
+        description: "Choose this machine's provider/model lane for an agent",
+        usage: "ouro use --agent <name> --lane outward|inner --provider <provider> --model <model> [--force]",
+        example: "ouro use --agent ouroboros --lane outward --provider minimax --model MiniMax-M2.5",
+    },
+    check: {
+        category: "Auth",
+        description: "Run a live check for this machine's selected provider/model lane",
+        usage: "ouro check --agent <name> --lane outward|inner",
+        example: "ouro check --agent ouroboros --lane outward",
+    },
+    provider: {
+        category: "Auth",
+        description: "Refresh daemon provider credentials from an agent vault",
+        usage: "ouro provider refresh --agent <name>",
+        example: "ouro provider refresh --agent ouroboros",
+        subcommands: ["refresh"],
+    },
     vault: {
         category: "Auth",
         description: "Create, recover, unlock, inspect, and populate the agent credential vault",
@@ -230,6 +249,21 @@ exports.COMMAND_REGISTRY = {
     },
 };
 const SUBCOMMAND_HELP = {
+    "auth verify": {
+        description: "Verify agent provider credentials without changing provider/model lanes",
+        usage: "ouro auth verify --agent <name> [--provider <provider>]",
+        example: "ouro auth verify --agent ouroboros --provider openai-codex",
+    },
+    "auth switch": {
+        description: "Switch local provider/model lanes after credentials are available",
+        usage: "ouro auth switch --agent <name> --provider <provider> [--facing human|agent]",
+        example: "ouro auth switch --agent ouroboros --provider minimax",
+    },
+    "provider refresh": {
+        description: "Reload this agent's provider credentials from its vault into daemon memory",
+        usage: "ouro provider refresh --agent <name>",
+        example: "ouro provider refresh --agent ouroboros",
+    },
     "vault create": {
         description: "Create an agent credential vault and store local unlock material",
         usage: "ouro vault create --agent <name> --email <email> [--server <url>] [--store <store>]",

package/dist/heart/hatch/specialist-prompt.js CHANGED Viewed

@@ -92,7 +92,8 @@ function buildSpecialistSystemPrompt(soulText, identityText, existingBundles, co
         "- `read_file`: Read a file from disk. Useful for reviewing existing agent bundles or migration sources.",
         "- `list_directory`: List directory contents. Useful for exploring existing agent bundles.",
         "- I also have the normal local harness tools when useful here, including `shell`, `ouro task create`, `ouro reminder create`, note tools, coding tools, and repo helpers.",
-        "- `complete_adoption`: Finalize the bundle. Validates, scaffolds structural dirs, moves to ~/AgentBundles/, writes secrets, plays hatch animation. I call this with `name` (PascalCase) and `handoff_message` (warm message for the human).",
+        "- `complete_adoption`: Finalize the bundle. Validates, asks the harness to collect the hatchling vault unlock secret through a hidden terminal prompt, scaffolds structural dirs, moves to ~/AgentBundles/, writes secrets, plays hatch animation. I call this with `name` (PascalCase) and `handoff_message` (warm message for the human).",
+        "- The complete_adoption tool triggers a hidden terminal prompt for the hatchling vault unlock secret. I must never ask the human to type the vault unlock secret into chat, and I must never include it in tool arguments.",
         "- `settle`: End the conversation with a final message. I call this after complete_adoption succeeds.",
         "",
         "I must call `settle` when I am done to end the session cleanly.",

package/dist/heart/hatch/specialist-tools.js CHANGED Viewed

@@ -35,7 +35,6 @@ var __importStar = (this && this.__importStar) || (function () {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getSpecialistTools = getSpecialistTools;
 exports.createSpecialistExecTool = createSpecialistExecTool;
-const crypto = __importStar(require("crypto"));
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const tools_base_1 = require("../../repertoire/tools-base");
@@ -50,7 +49,7 @@ const completeAdoptionTool = {
     type: "function",
     function: {
         name: "complete_adoption",
-        description: "finalize the agent bundle and hatch the new agent. call this only when you have written all 5 psyche files and agent.json to the temp directory, and the human has approved the bundle.",
+        description: "finalize the agent bundle and hatch the new agent. call this only when you have written all 5 psyche files and agent.json to the temp directory, and the human has approved the bundle. tool execution asks the human for the hatchling vault unlock secret through a hidden terminal prompt; do not ask for or include vault unlock secrets in chat or tool args.",
         parameters: {
             type: "object",
             properties: {
@@ -169,21 +168,31 @@ async function execCompleteAdoption(args, deps) {
     if (fs.existsSync(targetBundle)) {
         return `error: bundle '${name}.ouro' already exists at ${deps.bundlesRoot}. choose a different name.`;
     }
+    if (!deps.promptSecret) {
+        return "error: complete_adoption requires an interactive vault unlock secret prompt. Re-run `ouro hatch` in a terminal so the human can enter a hatchling vault unlock secret without echoing it.";
+    }
+    const vault = (0, identity_1.resolveVaultConfig)(name);
+    let vaultUnlockSecret;
+    try {
+        vaultUnlockSecret = (await deps.promptSecret(`Choose Ouro vault unlock secret for ${vault.email}: `)).trim();
+    }
+    catch (error) {
+        return `error: failed to read hatchling vault unlock secret: ${error instanceof Error ? error.message : /* v8 ignore next -- defensive: non-Error catch branch @preserve */ String(error)}`;
+    }
+    if (!vaultUnlockSecret) {
+        return "error: hatchling vault creation requires an unlock secret. Re-run `ouro hatch` in an interactive terminal and enter a human-chosen unlock secret.";
+    }
     // Scaffold structural dirs into tempDir
     scaffoldBundle(deps.tempDir);
     // Move tempDir -> final bundle location
     moveDir(deps.tempDir, targetBundle);
     // Write secrets
-    let generatedVaultUnlockSecret = null;
     try {
-        const vault = (0, identity_1.resolveVaultConfig)(name);
-        const vaultUnlockSecret = crypto.randomBytes(32).toString("base64");
         const vaultResult = await (0, vault_setup_1.createVaultAccount)(name, vault.serverUrl, vault.email, vaultUnlockSecret);
         if (!vaultResult.success) {
             throw new Error(`failed to create vault: ${vaultResult.error}`);
         }
         (0, vault_unlock_1.storeVaultUnlockSecret)({ agentName: name, email: vault.email, serverUrl: vault.serverUrl }, vaultUnlockSecret);
-        generatedVaultUnlockSecret = vaultUnlockSecret;
         await (0, hatch_flow_1.storeHatchlingProviderCredentials)(name, deps.provider, deps.credentials);
     }
     catch (e) {
@@ -229,14 +238,6 @@ async function execCompleteAdoption(args, deps) {
     if (handoffMessage && deps.animationWriter) {
         deps.animationWriter(`\n${handoffMessage}\n`);
     }
-    if (generatedVaultUnlockSecret && deps.animationWriter) {
-        deps.animationWriter([
-            "",
-            `Vault unlock secret for ${name}: ${generatedVaultUnlockSecret}`,
-            `Use this with \`ouro vault unlock --agent ${name}\` on another machine.`,
-            "",
-        ].join("\n"));
-    }
     (0, runtime_1.emitNervesEvent)({
         component: "daemon",
         event: "daemon.adoption_complete",

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@ouro.bot/cli",
-  "version": "0.1.0-alpha.389",
+  "version": "0.1.0-alpha.390",
   "main": "dist/heart/daemon/ouro-entry.js",
   "bin": {
     "cli": "dist/heart/daemon/ouro-bot-entry.js",