@ouro.bot/cli 0.1.0-alpha.401 → 0.1.0-alpha.403

package/changelog.json

@@ -1,6 +1,23 @@
 {
   "_note": "This changelog is maintained as part of the PR/version-bump workflow. Agent-curated, not auto-generated. Agents read this file directly via read_file to understand what changed between versions.",
   "versions": [
+    {
+      "version": "0.1.0-alpha.403",
+      "changes": [
+        "Vault recovery help and parser usage now render repeatable `--from <json>` imports explicitly as `--from <json> [--from <json> ...]`, so the rescue command reads like a repeatable flag instead of a duplicated typo.",
+        "`@ouro.bot/cli` and the `ouro.bot` wrapper are version-synced for the vault recovery help clarity release."
+      ]
+    },
+    {
+      "version": "0.1.0-alpha.402",
+      "changes": [
+        "Added `credential_generate_password`, a family-trusted credential tool that mints strong signup passwords and tells the agent to persist the exact accepted password with `credential_store` once the site accepts it.",
+        "`credential_store` now rejects blank required fields up front, trims credential metadata, redacts secret-bearing store errors, and confirms that credentials were stored and verified instead of silently accepting junk inputs or leaking password-shaped text.",
+        "User profile vault merges now fail closed when the existing profile cannot be read or is malformed, instead of treating every read failure as \"missing\" and overwriting saved personal data.",
+        "Browser and travel skills now teach the truthful signup secret flow: generate a password, use it for the interactive signup, and only claim success after `credential_store` succeeds.",
+        "`@ouro.bot/cli` and the `ouro.bot` wrapper are version-synced for the agent-saved secret hardening release."
+      ]
+    },
     {
       "version": "0.1.0-alpha.401",
       "changes": [

package/dist/heart/daemon/cli-help.js

@@ -282,7 +282,7 @@ const SUBCOMMAND_HELP = {
     },
     "vault recover": {
         description: "Create an agent vault at the stable agent email and import local JSON credential exports",
-        usage: "ouro vault recover --agent <name> --from <json> [--from <json>] [--email <email>] [--server <url>] [--store <store>]",
+        usage: "ouro vault recover --agent <name> --from <json> [--from <json> ...] [--email <email>] [--server <url>] [--store <store>]",
         example: "ouro vault recover --agent ouroboros --from ./credentials.json",
     },
     "vault unlock": {

package/dist/heart/daemon/cli-parse.js

@@ -486,7 +486,7 @@ function parseVaultCommand(args) {
             }
             const value = rest[i + 1];
             if (!value)
-                throw new Error("Usage: ouro vault recover --agent <name> --from <json> [--from <json>]");
+                throw new Error("Usage: ouro vault recover --agent <name> --from <json> [--from <json> ...]");
             sources.push(value);
             i += 1;
             continue;
@@ -522,7 +522,7 @@ function parseVaultCommand(args) {
     }
     if (sub === "recover") {
         if (sources.length === 0) {
-            throw new Error("Usage: ouro vault recover --agent <name> --from <json> [--from <json>]");
+            throw new Error("Usage: ouro vault recover --agent <name> --from <json> [--from <json> ...]");
         }
         return {
             kind: "vault.recover",

package/dist/repertoire/guardrails.js

@@ -287,7 +287,7 @@ function checkWriteTrustGuardrails(toolName, args, context) {
 // --- credential tool trust gating ---
 // Credential write tools: family only
 const CREDENTIAL_FAMILY_TOOLS = new Set([
-    "credential_store", "credential_delete", "vault_setup",
+    "credential_generate_password", "credential_store", "credential_delete", "vault_setup",
     // User profile tools: family only
     "user_profile_store", "user_profile_get", "user_profile_delete",
     // Payment tools: family only

package/dist/repertoire/tools-credential.js

@@ -1,8 +1,139 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.credentialToolDefinitions = void 0;
+const crypto = __importStar(require("node:crypto"));
 const credential_access_1 = require("./credential-access");
 const runtime_1 = require("../nerves/runtime");
+const DEFAULT_PASSWORD_LENGTH = 24;
+const MIN_PASSWORD_LENGTH = 12;
+const MAX_PASSWORD_LENGTH = 128;
+const MAX_ERROR_DETAIL_LENGTH = 500;
+const PASSWORD_CHARSETS = {
+    lower: "abcdefghijkmnopqrstuvwxyz",
+    upper: "ABCDEFGHJKLMNPQRSTUVWXYZ",
+    digits: "23456789",
+    symbols: "!@#$%^&*()-_=+[]{}:,.?",
+};
+function sanitizeCredentialToolError(err, secrets = []) {
+    const raw = err instanceof Error ? err.message : String(err);
+    const scrubbed = raw
+        .split(/\r?\n/)
+        .filter((line) => !line.trim().startsWith("Command failed:"))
+        .join("\n")
+        .trim();
+    let sanitized = scrubbed || "command failed";
+    const uniqueSecrets = [...new Set(secrets.filter((value) => typeof value === "string" && value.length >= 4))]
+        .sort((left, right) => right.length - left.length);
+    for (const secret of uniqueSecrets) {
+        sanitized = sanitized.split(secret).join("[redacted]");
+    }
+    return sanitized
+        .replace(/[A-Za-z0-9+/=]{80,}/g, "[redacted]")
+        .slice(0, MAX_ERROR_DETAIL_LENGTH);
+}
+function requireTrimmedText(value, fieldName) {
+    if (typeof value !== "string" || value.trim().length === 0) {
+        throw new Error(`${fieldName} must be a non-empty string.`);
+    }
+    return value.trim();
+}
+function requireNonBlankSecret(value, fieldName) {
+    if (typeof value !== "string" || value.trim().length === 0) {
+        throw new Error(`${fieldName} must be a non-empty string.`);
+    }
+    return value;
+}
+function optionalTrimmedText(value, fieldName) {
+    if (value === undefined)
+        return undefined;
+    if (typeof value !== "string") {
+        throw new Error(`${fieldName} must be a string if provided.`);
+    }
+    const trimmed = value.trim();
+    return trimmed.length > 0 ? trimmed : undefined;
+}
+function parsePasswordLength(value) {
+    if (value === undefined || value === null || value === "")
+        return DEFAULT_PASSWORD_LENGTH;
+    const parsed = typeof value === "number" ? value : Number(value);
+    if (!Number.isInteger(parsed) || parsed < MIN_PASSWORD_LENGTH || parsed > MAX_PASSWORD_LENGTH) {
+        throw new Error(`length must be an integer between ${MIN_PASSWORD_LENGTH} and ${MAX_PASSWORD_LENGTH}.`);
+    }
+    return parsed;
+}
+function parseSymbolsFlag(value) {
+    if (value === undefined || value === null || value === "")
+        return true;
+    if (typeof value === "boolean")
+        return value;
+    /* v8 ignore next -- handler tests cover string "true"/"false"; branch mapping is noisy here @preserve */
+    if (typeof value === "string") {
+        const normalized = value.trim().toLowerCase();
+        if (normalized === "true")
+            return true;
+        if (normalized === "false")
+            return false;
+    }
+    throw new Error("symbols must be true or false.");
+}
+function randomChar(alphabet) {
+    /* v8 ignore next -- crypto.randomInt stays within bounds; fallback is defensive @preserve */
+    return alphabet[crypto.randomInt(0, alphabet.length)] ?? alphabet[0];
+}
+function secureShuffle(chars) {
+    for (let index = chars.length - 1; index > 0; index -= 1) {
+        const swapIndex = crypto.randomInt(0, index + 1);
+        [chars[index], chars[swapIndex]] = [chars[swapIndex], chars[index]];
+    }
+}
+function generatePassword(length, symbols) {
+    const charsets = [
+        PASSWORD_CHARSETS.lower,
+        PASSWORD_CHARSETS.upper,
+        PASSWORD_CHARSETS.digits,
+        ...(symbols ? [PASSWORD_CHARSETS.symbols] : []),
+    ];
+    const chars = charsets.map((alphabet) => randomChar(alphabet));
+    const combinedAlphabet = charsets.join("");
+    while (chars.length < length) {
+        chars.push(randomChar(combinedAlphabet));
+    }
+    secureShuffle(chars);
+    return chars.join("");
+}
 exports.credentialToolDefinitions = [
     {
         tool: {
@@ -44,12 +175,65 @@ exports.credentialToolDefinitions = [
         },
         summaryKeys: ["domain"],
     },
+    {
+        tool: {
+            type: "function",
+            function: {
+                name: "credential_generate_password",
+                description: "Generate a strong password for a new account. Use it to complete signup, then immediately call credential_store with the exact accepted password so the vault becomes the source of truth.",
+                parameters: {
+                    type: "object",
+                    properties: {
+                        domain: {
+                            type: "string",
+                            description: "Domain this password will be used for (e.g. 'airbnb.com')",
+                        },
+                        length: {
+                            type: "integer",
+                            description: "Optional password length. Defaults to 24. Allowed range: 12 to 128.",
+                        },
+                        symbols: {
+                            type: "boolean",
+                            description: "Whether to include punctuation symbols. Defaults to true.",
+                        },
+                    },
+                    required: ["domain"],
+                },
+            },
+        },
+        handler: async (args) => {
+            let domain = "";
+            try {
+                domain = requireTrimmedText(args.domain, "domain");
+                const length = parsePasswordLength(args.length);
+                const symbols = parseSymbolsFlag(args.symbols);
+                (0, runtime_1.emitNervesEvent)({
+                    component: "repertoire",
+                    event: "repertoire.credential_tool_call",
+                    message: "credential_generate_password invoked",
+                    meta: { tool: "credential_generate_password", domain, length, symbols },
+                });
+                const password = generatePassword(length, symbols);
+                return JSON.stringify({
+                    domain,
+                    password,
+                    length,
+                    symbols,
+                    nextStep: "Use this password for signup, then call credential_store with the exact accepted password.",
+                }, null, 2);
+            }
+            catch (err) {
+                return `Credential password generation error: ${sanitizeCredentialToolError(err)}`;
+            }
+        },
+        summaryKeys: ["domain", "length", "symbols"],
+    },
     {
         tool: {
             type: "function",
             function: {
                 name: "credential_store",
-                description: "Store credentials the agent acquired (e.g. during sign-up). The password is accepted in args because the model generated it. Stored passwords are never returned later — only metadata is visible.",
+                description: "Store credentials the agent acquired or just used successfully during signup. Prefer credential_generate_password for new passwords, then call this tool once the site accepts the exact password. Stored passwords are never returned later — only metadata is visible.",
                 parameters: {
                     type: "object",
                     properties: {
@@ -75,6 +259,10 @@ exports.credentialToolDefinitions = [
             },
         },
         handler: async (args) => {
+            let domain = "";
+            let username = "";
+            let password = "";
+            let notes;
             (0, runtime_1.emitNervesEvent)({
                 component: "repertoire",
                 event: "repertoire.credential_tool_call",
@@ -82,17 +270,21 @@ exports.credentialToolDefinitions = [
                 meta: { tool: "credential_store", domain: args.domain },
             });
             try {
+                domain = requireTrimmedText(args.domain, "domain");
+                username = requireTrimmedText(args.username, "username");
+                password = requireNonBlankSecret(args.password, "password");
+                notes = optionalTrimmedText(args.notes, "notes");
                 const store = (0, credential_access_1.getCredentialStore)();
-                await store.store(args.domain, {
-                    username: args.username,
-                    password: args.password,
-                    notes: args.notes,
+                await store.store(domain, {
+                    username,
+                    password,
+                    notes,
                 });
-                return `Credentials stored for "${args.domain}".`;
+                return `Credentials stored and verified for "${domain}".`;
             }
             catch (err) {
                 /* v8 ignore next -- defensive: store.store wraps errors @preserve */
-                return `Credential store error: ${err instanceof Error ? err.message : String(err)}`;
+                return `Credential store error: ${sanitizeCredentialToolError(err, [password, username, notes])}`;
             }
         },
         summaryKeys: ["domain"],

package/dist/repertoire/user-profile.js

@@ -23,6 +23,10 @@ const runtime_1 = require("../nerves/runtime");
 function profileKey(friendId) {
     return `user-profile/${friendId}`;
 }
+function isMissingUserProfileError(err) {
+    const message = err instanceof Error ? err.message : String(err);
+    return /no credential found/i.test(message) || /field "password" not found/i.test(message);
+}
 // ---------------------------------------------------------------------------
 // CRUD operations
 // ---------------------------------------------------------------------------
@@ -47,7 +51,8 @@ async function storeUserProfile(friendId, profile, store) {
 }
 /**
  * Retrieve the full user profile for a friend.
- * Returns null if no profile exists or if the stored data is invalid.
+ * Returns null if no profile exists. Throws if the stored data is malformed
+ * or the vault cannot be read.
  */
 async function getUserProfile(friendId, store) {
     (0, runtime_1.emitNervesEvent)({
@@ -59,11 +64,19 @@ async function getUserProfile(friendId, store) {
     try {
         const raw = await store.getRawSecret(profileKey(friendId), "password");
         const parsed = JSON.parse(raw);
+        if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
+            throw new Error(`stored user profile for ${friendId} is malformed`);
+        }
         return parsed;
-        /* v8 ignore next 2 -- platform-dependent v8 branch counting on catch @preserve */
     }
-    catch {
-        return null;
+    catch (err) {
+        if (err instanceof SyntaxError) {
+            throw new Error(`stored user profile for ${friendId} is malformed`);
+        }
+        if (isMissingUserProfileError(err)) {
+            return null;
+        }
+        throw err;
     }
 }
 /**

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ouro.bot/cli",
-  "version": "0.1.0-alpha.401",
+  "version": "0.1.0-alpha.403",
   "main": "dist/heart/daemon/ouro-entry.js",
   "bin": {
     "cli": "dist/heart/daemon/ouro-bot-entry.js",

package/skills/browser-navigation.md

@@ -46,6 +46,13 @@ Follow this pattern for every page interaction:
 5. Wait for redirect, then verify login succeeded via snapshot
 6. NEVER hardcode credentials -- use `credential_get` to retrieve login info
 
+### Sign-up Flows
+1. Use `credential_generate_password` to mint a strong password for the target domain
+2. Fill the signup form with that password
+3. If the site rejects the password policy, generate a new one that matches the site rules
+4. Once the site accepts the exact password, call `credential_store` immediately
+5. Do not claim a new credential is saved until `credential_store` succeeds
+
 ### Search Forms (Hotels, Flights, Rentals)
 1. Navigate to the search page
 2. Snapshot to identify input fields
@@ -98,7 +105,7 @@ The stealth configuration handles most fingerprinting automatically. Additionall
 - **CAPTCHAs**: Stop and ask the user to solve manually.
 - **Stale elements**: Re-snapshot the page and retry the interaction.
 - **Blocked/403**: The site may have detected automation. Wait 30 seconds and try with a different approach (e.g., direct URL instead of navigation).
-- **Session expired**: Re-login using stored stored credentials.
+- **Session expired**: Re-login using stored credentials.
 
 ## Human Confirmation Gates
 

package/skills/travel-planning.md

@@ -74,10 +74,13 @@ Present top 3-5 options comparing:
 
 Credentials are managed through the credential access layer, which stores
 agent-owned secrets in the agent's Bitwarden/Vaultwarden credential vault.
-Raw passwords never enter model context.
+Stored passwords stay in the vault. A brand-new signup password may enter
+model context briefly when the agent explicitly generates or types it during
+an interactive sign-up flow.
 
 - Use `credential_get` to check what credentials exist for a domain (metadata only, never passwords)
-- Use `credential_store` to save credentials the agent acquired (e.g., during sign-up for a service)
+- Use `credential_generate_password` to mint a strong password for a new sign-up
+- Use `credential_store` to save credentials the agent acquired after the site accepts them
 - The credential gateway automatically injects secrets into API requests via `getRawSecret()`
 - Use browser-navigation skill form patterns for entering credentials during interactive sessions
 
@@ -85,7 +88,7 @@ Raw passwords never enter model context.
 - Agent-owned credentials live in the agent's Bitwarden/Vaultwarden vault
 - Travel credentials such as Duffel and Stripe are ordinary vault credential items
 - The agent can sign up for services and store its own credentials
-- Stored passwords are never returned to the model — only metadata (domain, username, notes)
+- Existing stored passwords are never returned to the model — only metadata (domain, username, notes)
 
 ### Post-Booking
 - Save confirmation details (confirmation number, dates, hotel name, airline, booking reference)
@@ -117,9 +120,10 @@ Track and reference these travel preferences:
 - `travel_advisory` - US State Dept advisory by country code
 - `geocode_search` - Location/POI search with coordinates
 - `credential_get` - Check credential metadata for a domain (never returns passwords)
-- `credential_store` - Store credentials the agent acquired (family trust, confirmation required)
+- `credential_generate_password` - Generate a strong password for a new sign-up (family trust)
+- `credential_store` - Store credentials the agent acquired (family trust)
 - `credential_list` - List stored credential domains
-- `credential_delete` - Delete stored credentials (family trust, confirmation required)
+- `credential_delete` - Delete stored credentials (family trust)
 
 ### MCP Tools (when configured)
 - Browser tools via `@playwright/mcp` - see `browser-navigation` skill