@ouro.bot/cli 0.1.0-alpha.4 → 0.1.0-alpha.400

package/dist/repertoire/tools-teams.js

@@ -3,24 +3,13 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.teamsToolHandlers = exports.teamsTools = exports.teamsToolDefinitions = void 0;
-exports.summarizeTeamsArgs = summarizeTeamsArgs;
+exports.teamsToolDefinitions = void 0;
 const graph_client_1 = require("./graph-client");
 const ado_client_1 = require("./ado-client");
 const graph_endpoints_json_1 = __importDefault(require("./data/graph-endpoints.json"));
 const ado_endpoints_json_1 = __importDefault(require("./data/ado-endpoints.json"));
 const runtime_1 = require("../nerves/runtime");
 const MUTATE_METHODS = ["POST", "PATCH", "DELETE"];
-// Map HTTP method to authority action name for canWrite() checks
-const METHOD_TO_ACTION = {
-    POST: "createWorkItem",
-    PATCH: "updateWorkItem",
-    DELETE: "deleteWorkItem",
-};
-// Check if a tool response indicates a 403 PERMISSION_DENIED (authority checker removed; this is now a no-op kept for call-site stability)
-function checkAndRecord403(_result, _integration, _scope, _action, _ctx) {
-    // No-op: AuthorityChecker eliminated. 403 recording removed.
-}
 const DEFAULT_ADO_QUERY = "SELECT [System.Id], [System.Title], [System.State], [System.AssignedTo] FROM WorkItems WHERE [System.AssignedTo] = @Me AND [System.State] <> 'Closed' ORDER BY [System.ChangedDate] DESC";
 exports.teamsToolDefinitions = [
     // -- Generic Graph tools --
@@ -46,6 +35,7 @@ exports.teamsToolDefinitions = [
             return (0, graph_client_1.graphRequest)(ctx.graphToken, "GET", args.path);
         },
         integration: "graph",
+        summaryKeys: ["path"],
     },
     {
         tool: {
@@ -74,7 +64,7 @@ exports.teamsToolDefinitions = [
             return (0, graph_client_1.graphRequest)(ctx.graphToken, args.method, args.path, args.body);
         },
         integration: "graph",
-        confirmationRequired: true,
+        summaryKeys: ["method", "path"],
     },
     // -- Generic ADO tools --
     {
@@ -82,7 +72,7 @@ exports.teamsToolDefinitions = [
             type: "function",
             function: {
                 name: "ado_query",
-                description: "GET or POST (for WIQL read queries) any Azure DevOps API endpoint. Use ado_docs first to look up the correct path.",
+                description: "GET or POST (for WIQL read queries) any Azure DevOps API endpoint. Use ado_docs first to look up the correct path and host.",
                 parameters: {
                     type: "object",
                     properties: {
@@ -90,6 +80,7 @@ exports.teamsToolDefinitions = [
                         path: { type: "string", description: "ADO API path after /{org}, e.g. /_apis/wit/wiql" },
                         method: { type: "string", enum: ["GET", "POST"], description: "HTTP method (defaults to GET)" },
                         body: { type: "string", description: "JSON request body (optional, used with POST for WIQL)" },
+                        host: { type: "string", description: "API host override for non-standard APIs (e.g. 'vsapm.dev.azure.com' for entitlements, 'vssps.dev.azure.com' for users). Omit for standard dev.azure.com." },
                     },
                     required: ["organization", "path"],
                 },
@@ -100,18 +91,17 @@ exports.teamsToolDefinitions = [
                 return "AUTH_REQUIRED:ado -- I need access to Azure DevOps. Please sign in when prompted.";
             }
             const method = args.method || "GET";
-            const result = await (0, ado_client_1.adoRequest)(ctx.adoToken, method, args.organization, args.path, args.body);
-            checkAndRecord403(result, "ado", args.organization, method, ctx);
-            return result;
+            return (0, ado_client_1.adoRequest)(ctx.adoToken, method, args.organization, args.path, args.body, args.host);
         },
         integration: "ado",
+        summaryKeys: ["method", "organization", "path"],
     },
     {
         tool: {
             type: "function",
             function: {
                 name: "ado_mutate",
-                description: "POST/PATCH/DELETE any Azure DevOps API endpoint for actual mutations. Use ado_docs first to look up the correct path.",
+                description: "POST/PATCH/DELETE any Azure DevOps API endpoint for actual mutations. Use ado_docs first to look up the correct path and host.",
                 parameters: {
                     type: "object",
                     properties: {
@@ -119,6 +109,7 @@ exports.teamsToolDefinitions = [
                         organization: { type: "string", description: "Azure DevOps organization name" },
                         path: { type: "string", description: "ADO API path after /{org}" },
                         body: { type: "string", description: "JSON request body (optional)" },
+                        host: { type: "string", description: "API host override for non-standard APIs (e.g. 'vsapm.dev.azure.com' for entitlements, 'vssps.dev.azure.com' for users). Omit for standard dev.azure.com." },
                     },
                     required: ["method", "organization", "path"],
                 },
@@ -131,14 +122,10 @@ exports.teamsToolDefinitions = [
             if (!MUTATE_METHODS.includes(args.method)) {
                 return `Invalid method "${args.method}". Must be one of: ${MUTATE_METHODS.join(", ")}`;
             }
-            /* v8 ignore next -- fallback unreachable: method is validated against MUTATE_METHODS above @preserve */
-            const action = METHOD_TO_ACTION[args.method] || args.method;
-            const result = await (0, ado_client_1.adoRequest)(ctx.adoToken, args.method, args.organization, args.path, args.body);
-            checkAndRecord403(result, "ado", args.organization, action, ctx);
-            return result;
+            return (0, ado_client_1.adoRequest)(ctx.adoToken, args.method, args.organization, args.path, args.body, args.host);
         },
         integration: "ado",
-        confirmationRequired: true,
+        summaryKeys: ["method", "organization", "path"],
     },
     // -- Convenience aliases (backward compat) --
     {
@@ -157,6 +144,7 @@ exports.teamsToolDefinitions = [
             return (0, graph_client_1.getProfile)(ctx.graphToken);
         },
         integration: "graph",
+        summaryKeys: [],
     },
     {
         tool: {
@@ -200,6 +188,54 @@ exports.teamsToolDefinitions = [
             return (0, ado_client_1.queryWorkItems)(ctx.adoToken, org, query);
         },
         integration: "ado",
+        summaryKeys: ["organization", "query"],
+    },
+    // -- Proactive messaging --
+    {
+        tool: {
+            type: "function",
+            function: {
+                name: "teams_send_message",
+                description: "send a proactive 1:1 Teams message to a user. requires their AAD object ID (use graph_query /users to find it). the message appears as coming from the bot.",
+                parameters: {
+                    type: "object",
+                    properties: {
+                        user_id: { type: "string", description: "AAD object ID of the user to message" },
+                        user_name: { type: "string", description: "display name of the user (for logging)" },
+                        message: { type: "string", description: "message text to send" },
+                        tenant_id: { type: "string", description: "tenant ID (optional, defaults to current conversation tenant)" },
+                    },
+                    required: ["user_id", "message"],
+                },
+            },
+        },
+        /* v8 ignore start -- proactive messaging requires live Teams SDK conversation client @preserve */
+        handler: async (args, ctx) => {
+            if (!ctx?.botApi) {
+                return "proactive messaging is not available -- no bot API context (this tool only works in the Teams channel)";
+            }
+            try {
+                const tenantId = args.tenant_id || ctx.tenantId;
+                // Cast to the SDK's ConversationClient shape (kept as `unknown` in ToolContext to avoid type coupling)
+                const conversations = ctx.botApi.conversations;
+                const conversation = await conversations.create({
+                    bot: { id: ctx.botApi.id },
+                    members: [{ id: args.user_id, role: "user", name: args.user_name || args.user_id }],
+                    tenantId,
+                    isGroup: false,
+                });
+                await conversations.activities(conversation.id).create({
+                    type: "message",
+                    text: args.message,
+                });
+                return `message sent to ${args.user_name || args.user_id}`;
+            }
+            catch (e) {
+                return `failed to send proactive message: ${e instanceof Error ? e.message : String(e)}`;
+            }
+        },
+        /* v8 ignore stop */
+        summaryKeys: ["user_name", "user_id"],
     },
     // -- Documentation tools --
     {
@@ -221,6 +257,7 @@ exports.teamsToolDefinitions = [
             return searchEndpoints(graph_endpoints_json_1.default, args.query || "");
         },
         integration: "graph",
+        summaryKeys: ["query"],
     },
     {
         tool: {
@@ -241,12 +278,9 @@ exports.teamsToolDefinitions = [
             return searchEndpoints(ado_endpoints_json_1.default, args.query || "");
         },
         integration: "ado",
+        summaryKeys: ["query"],
     },
 ];
-// Backward-compat: extract just the OpenAI tool schemas
-exports.teamsTools = exports.teamsToolDefinitions.map((d) => d.tool);
-// Backward-compat: extract just the handlers by name
-exports.teamsToolHandlers = Object.fromEntries(exports.teamsToolDefinitions.map((d) => [d.tool.function.name, d.handler]));
 function searchEndpoints(entries, query) {
     (0, runtime_1.emitNervesEvent)({
         component: "repertoire",
@@ -268,41 +302,10 @@ function searchEndpoints(entries, query) {
             `  ${e.description}`,
             `  Params: ${e.params || "none"}`,
         ];
+        if (e.host)
+            lines.push(`  Host: ${e.host}`);
         if (e.scopes)
             lines.push(`  Scopes: ${e.scopes}`);
         return lines.join("\n");
     }).join("\n\n");
 }
-function summarizeTeamsArgs(name, args) {
-    function summarizeKeyValues(keys) {
-        const parts = [];
-        for (const key of keys) {
-            const raw = args[key];
-            if (raw === undefined || raw === null)
-                continue;
-            const compact = String(raw).replace(/\s+/g, " ").trim();
-            if (!compact)
-                continue;
-            const clipped = compact.length > 60 ? compact.slice(0, 60) + "..." : compact;
-            parts.push(`${key}=${clipped}`);
-        }
-        return parts.join(" ");
-    }
-    if (name === "graph_profile")
-        return "";
-    if (name === "ado_work_items")
-        return summarizeKeyValues(["organization", "query"]);
-    if (name === "graph_query")
-        return summarizeKeyValues(["path"]);
-    if (name === "graph_mutate")
-        return summarizeKeyValues(["method", "path"]);
-    if (name === "ado_query")
-        return summarizeKeyValues(["method", "organization", "path"]);
-    if (name === "ado_mutate")
-        return summarizeKeyValues(["method", "organization", "path"]);
-    if (name === "graph_docs")
-        return summarizeKeyValues(["query"]);
-    if (name === "ado_docs")
-        return summarizeKeyValues(["query"]);
-    return undefined;
-}

package/dist/repertoire/tools-travel.js

@@ -0,0 +1,125 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.travelToolDefinitions = void 0;
+const travel_api_client_1 = require("./travel-api-client");
+const runtime_1 = require("../nerves/runtime");
+exports.travelToolDefinitions = [
+    {
+        tool: {
+            type: "function",
+            function: {
+                name: "weather_lookup",
+                description: "Get current weather for a location. Provide either a city name or lat/lon coordinates.",
+                parameters: {
+                    type: "object",
+                    properties: {
+                        city: { type: "string", description: "City name (e.g. 'London', 'New York')" },
+                        lat: { type: "string", description: "Latitude (decimal)" },
+                        lon: { type: "string", description: "Longitude (decimal)" },
+                    },
+                },
+            },
+        },
+        handler: async (args) => {
+            (0, runtime_1.emitNervesEvent)({
+                component: "repertoire",
+                event: "repertoire.travel_tool_call",
+                message: "weather_lookup invoked",
+                meta: { tool: "weather_lookup" },
+            });
+            try {
+                if (args.city) {
+                    const data = await (0, travel_api_client_1.getWeatherByCity)(args.city);
+                    return JSON.stringify(data, null, 2);
+                }
+                if (args.lat && args.lon) {
+                    const data = await (0, travel_api_client_1.getWeather)(parseFloat(args.lat), parseFloat(args.lon));
+                    return JSON.stringify(data, null, 2);
+                }
+                return "Please provide either a city name or lat/lon coordinates.";
+            }
+            catch (err) {
+                /* v8 ignore next -- defensive: callers throw Error instances @preserve */
+                return `Weather lookup error: ${err instanceof Error ? err.message : String(err)}`;
+            }
+        },
+        summaryKeys: ["city", "lat", "lon"],
+    },
+    {
+        tool: {
+            type: "function",
+            function: {
+                name: "travel_advisory",
+                description: "Get US State Department travel advisory for a country. Returns advisory level (1-4) and description.",
+                parameters: {
+                    type: "object",
+                    properties: {
+                        country_code: {
+                            type: "string",
+                            description: "ISO 3166 alpha-2 country code (e.g. 'US', 'GB', 'AF')",
+                        },
+                    },
+                    required: ["country_code"],
+                },
+            },
+        },
+        handler: async (args) => {
+            (0, runtime_1.emitNervesEvent)({
+                component: "repertoire",
+                event: "repertoire.travel_tool_call",
+                message: "travel_advisory invoked",
+                meta: { tool: "travel_advisory" },
+            });
+            try {
+                const data = await (0, travel_api_client_1.getTravelAdvisory)(args.country_code.toUpperCase());
+                return JSON.stringify(data, null, 2);
+            }
+            catch (err) {
+                /* v8 ignore next -- defensive: callers throw Error instances @preserve */
+                return `Travel advisory error: ${err instanceof Error ? err.message : String(err)}`;
+            }
+        },
+        summaryKeys: ["country_code"],
+    },
+    {
+        tool: {
+            type: "function",
+            function: {
+                name: "geocode_search",
+                description: "Search for locations, addresses, or points of interest. Returns coordinates and display names.",
+                parameters: {
+                    type: "object",
+                    properties: {
+                        query: { type: "string", description: "Search query (e.g. 'Eiffel Tower', '123 Main St')" },
+                        near_lat: { type: "string", description: "Latitude to search near (for POI search)" },
+                        near_lon: { type: "string", description: "Longitude to search near (for POI search)" },
+                        radius_km: { type: "string", description: "Search radius in km (default 10)" },
+                    },
+                    required: ["query"],
+                },
+            },
+        },
+        handler: async (args) => {
+            (0, runtime_1.emitNervesEvent)({
+                component: "repertoire",
+                event: "repertoire.travel_tool_call",
+                message: "geocode_search invoked",
+                meta: { tool: "geocode_search" },
+            });
+            try {
+                if (args.near_lat && args.near_lon) {
+                    const radiusKm = args.radius_km ? parseFloat(args.radius_km) : undefined;
+                    const data = await (0, travel_api_client_1.searchPOI)(args.query, parseFloat(args.near_lat), parseFloat(args.near_lon), radiusKm);
+                    return JSON.stringify(data, null, 2);
+                }
+                const data = await (0, travel_api_client_1.geocode)(args.query);
+                return JSON.stringify(data, null, 2);
+            }
+            catch (err) {
+                /* v8 ignore next -- defensive: callers throw Error instances @preserve */
+                return `Geocode error: ${err instanceof Error ? err.message : String(err)}`;
+            }
+        },
+        summaryKeys: ["query"],
+    },
+];

package/dist/repertoire/tools-user-profile.js

@@ -0,0 +1,144 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.userProfileToolDefinitions = void 0;
+const user_profile_1 = require("./user-profile");
+const credential_access_1 = require("./credential-access");
+const runtime_1 = require("../nerves/runtime");
+function requireFamilyContext(ctx) {
+    if (!ctx?.context?.friend?.id) {
+        return "no friend context — cannot access user profile.";
+    }
+    if (ctx.context.friend.trustLevel !== "family") {
+        return "user profile access requires family trust level.";
+    }
+    return { friendId: ctx.context.friend.id };
+}
+exports.userProfileToolDefinitions = [
+    {
+        tool: {
+            type: "function",
+            function: {
+                name: "user_profile_store",
+                description: "Store or update user profile fields (legal name, DOB, passport, etc.) in the agent's vault. Fields are merged with any existing profile. Requires family trust level.",
+                parameters: {
+                    type: "object",
+                    properties: {
+                        fields: {
+                            type: "string",
+                            description: 'JSON object with profile fields to store/update. Keys: legalName, dateOfBirth, gender, nationality, passport, driverLicense, email, phone, addresses, loyaltyPrograms, preferences, emergencyContact.',
+                        },
+                    },
+                    required: ["fields"],
+                },
+            },
+        },
+        handler: async (args, ctx) => {
+            (0, runtime_1.emitNervesEvent)({
+                component: "repertoire",
+                event: "repertoire.tool_user_profile_store",
+                message: "user_profile_store invoked",
+                meta: { tool: "user_profile_store" },
+            });
+            const guard = requireFamilyContext(ctx);
+            if (typeof guard === "string")
+                return guard;
+            let fields;
+            try {
+                fields = JSON.parse(args.fields);
+            }
+            catch {
+                return "invalid JSON in fields parameter.";
+            }
+            try {
+                const store = (0, credential_access_1.getCredentialStore)();
+                await (0, user_profile_1.updateUserProfileFields)(guard.friendId, fields, store);
+                return `profile fields stored for ${guard.friendId}.`;
+            }
+            catch (err) {
+                /* v8 ignore next -- defensive: updateUserProfileFields errors are always Error instances @preserve */
+                return `failed to store profile: ${err instanceof Error ? err.message : String(err)}`;
+            }
+        },
+        summaryKeys: ["fields"],
+    },
+    {
+        tool: {
+            type: "function",
+            function: {
+                name: "user_profile_get",
+                description: "Retrieve a specific field from a user's profile. Only returns the requested field, never the full profile. Requires family trust level.",
+                parameters: {
+                    type: "object",
+                    properties: {
+                        field: {
+                            type: "string",
+                            description: "The profile field to retrieve: legalName, dateOfBirth, gender, nationality, passport, driverLicense, email, phone, addresses, loyaltyPrograms, preferences, emergencyContact.",
+                        },
+                    },
+                    required: ["field"],
+                },
+            },
+        },
+        handler: async (args, ctx) => {
+            (0, runtime_1.emitNervesEvent)({
+                component: "repertoire",
+                event: "repertoire.tool_user_profile_get",
+                message: "user_profile_get invoked",
+                meta: { tool: "user_profile_get", field: args.field },
+            });
+            const guard = requireFamilyContext(ctx);
+            if (typeof guard === "string")
+                return guard;
+            try {
+                const store = (0, credential_access_1.getCredentialStore)();
+                const value = await (0, user_profile_1.getUserProfileField)(guard.friendId, args.field, store);
+                if (value === undefined) {
+                    return `field "${args.field}" is not set on the profile.`;
+                }
+                /* v8 ignore next -- platform-dependent v8 branch counting on ternary @preserve */
+                return typeof value === "string" ? value : JSON.stringify(value, null, 2);
+            }
+            catch (err) {
+                /* v8 ignore next -- defensive: getUserProfileField errors are always Error instances @preserve */
+                return `failed to get profile field: ${err instanceof Error ? err.message : String(err)}`;
+            }
+        },
+        summaryKeys: ["field"],
+    },
+    {
+        tool: {
+            type: "function",
+            function: {
+                name: "user_profile_delete",
+                description: "Delete a user's entire profile from the vault. This is irreversible. Requires family trust level.",
+                parameters: {
+                    type: "object",
+                    properties: {},
+                },
+            },
+        },
+        handler: async (_args, ctx) => {
+            (0, runtime_1.emitNervesEvent)({
+                component: "repertoire",
+                event: "repertoire.tool_user_profile_delete",
+                message: "user_profile_delete invoked",
+                meta: { tool: "user_profile_delete" },
+            });
+            const guard = requireFamilyContext(ctx);
+            if (typeof guard === "string")
+                return guard;
+            try {
+                const store = (0, credential_access_1.getCredentialStore)();
+                const deleted = await (0, user_profile_1.deleteUserProfile)(guard.friendId, store);
+                return deleted
+                    ? `profile deleted for ${guard.friendId}.`
+                    : `no profile found for ${guard.friendId}.`;
+            }
+            catch (err) {
+                /* v8 ignore next -- defensive: deleteUserProfile errors are always Error instances @preserve */
+                return `failed to delete profile: ${err instanceof Error ? err.message : String(err)}`;
+            }
+        },
+        summaryKeys: [],
+    },
+];

package/dist/repertoire/tools-vault.js

@@ -0,0 +1,40 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.vaultToolDefinitions = void 0;
+const identity_1 = require("../heart/identity");
+const runtime_1 = require("../nerves/runtime");
+exports.vaultToolDefinitions = [
+    {
+        tool: {
+            type: "function",
+            function: {
+                name: "vault_setup",
+                description: "Set up the agent's credential vault. Creates a Bitwarden account on the configured Vaultwarden server. One-time operation — idempotent if vault already exists.",
+                parameters: {
+                    type: "object",
+                    properties: {},
+                },
+            },
+        },
+        handler: async () => {
+            const agentName = (0, identity_1.getAgentName)();
+            (0, runtime_1.emitNervesEvent)({
+                component: "repertoire",
+                event: "repertoire.vault_tool_call",
+                message: "vault_setup invoked",
+                meta: { tool: "vault_setup", agentName },
+            });
+            return [
+                "Vault setup is human-required.",
+                "",
+                "Why I cannot do it here:",
+                "  Creating or unlocking a vault requires secret entry that must stay out of agent context.",
+                "",
+                "Do this in a terminal:",
+                `  ouro vault create --agent ${agentName}`,
+                `  ouro vault unlock --agent ${agentName}`,
+            ].join("\n");
+        },
+        summaryKeys: [],
+    },
+];