@ouro.bot/cli 0.1.0-alpha.418 → 0.1.0-alpha.419

package/README.md

@@ -99,6 +99,7 @@ Task docs do not live in this repo anymore. Planning and doing docs live in the
 - Vault unlock material is local machine state. Prefer macOS Keychain, Windows DPAPI, or Linux Secret Service; plaintext fallback is allowed only by explicit human choice.
 - New vault unlock secrets are confirmed before use and rejected if they do not meet the minimum strength requirements.
 - Provider and runtime credentials are loaded into process memory at startup/auth/unlock/refresh and reused. The remote vault is not queried for every model or sense request.
+- Human-facing CLI commands that can wait on browser auth, vault IO, daemon startup, daemon restart, provider checks, or connector setup use a shared progress checklist. If a cursor may blink for more than a few seconds, the command should print or animate the current step instead of going quiet.
 - CLI commands that mutate bundle config, such as vault setup or `ouro connect bluebubbles`, run bundle sync after the change when `sync.enabled` is true and report a compact `bundle sync:` line.
 - The daemon discovers bundles dynamically from `~/AgentBundles`.
 - `ouro status` reports version, last-updated time, discovered agents, senses, and workers.
@@ -120,7 +121,7 @@ ouro auth --agent <name>
 ouro auth --agent <name> --provider <provider>
 ```
 
-`ouro auth` stores credentials in the owning agent's vault. It does not switch a lane or write provider/model selection.
+`ouro auth` stores credentials in the owning agent's vault. It does not switch a lane or write provider/model selection. The command shows progress while browser login, vault storage, refresh, and verification are happening.
 
 When you want this machine to use a provider/model for a lane, use:
 

package/changelog.json

@@ -1,6 +1,17 @@
 {
   "_note": "This changelog is maintained as part of the PR/version-bump workflow. Agent-curated, not auto-generated. Agents read this file directly via read_file to understand what changed between versions.",
   "versions": [
+    {
+      "version": "0.1.0-alpha.419",
+      "changes": [
+        "`ouro auth`, `ouro provider refresh`, `ouro connect perplexity`, and `ouro connect bluebubbles` now use the shared human CLI progress checklist so browser login, vault reads/writes, daemon reloads, and verification steps stay visible instead of leaving a blinking cursor.",
+        "`ouro connect perplexity` now introduces the flow before the hidden API-key prompt, shows vault storage and reload progress, keeps the key out of output, and ends with a compact next step for using Perplexity search.",
+        "`ouro connect bluebubbles` now introduces the local-machine attachment before prompts, shows machine runtime config and `agent.json` enablement progress, and keeps the app password out of output.",
+        "`ouro provider refresh` now shows vault-read progress and reload status, and refresh/auth/connect failure paths preserve the last visible progress context while still rethrowing actionable errors.",
+        "The CLI progress renderer is documented as a shared human-facing contract: long-running human flows should show current work, stay concise, and never print secrets.",
+        "`@ouro.bot/cli` and the `ouro.bot` wrapper are version-synced for the provider onboarding progress release."
+      ]
+    },
     {
       "version": "0.1.0-alpha.418",
       "changes": [

package/dist/heart/daemon/cli-exec.js

@@ -179,6 +179,16 @@ function providerRepairCountSummary(count) {
         return "ok";
     return `${count} ${count === 1 ? "needs" : "need"} attention`;
 }
+function createHumanCommandProgress(deps, commandName) {
+    return new up_progress_1.CommandProgress({
+        write: deps.writeRaw ?? deps.writeStdout,
+        isTTY: deps.isTTY ?? false,
+        now: deps.now ?? (() => Date.now()),
+        autoRender: true,
+        eventScope: "command",
+        commandName,
+    });
+}
 function daemonProgressSummary(result) {
     if (result.verifyStartupStatus === false)
         return "not answering yet";
@@ -1142,18 +1152,35 @@ function runtimeScopeLabel(scope) {
 }
 async function storeRuntimeConfigKey(input) {
     const machineId = input.scope === "machine" ? currentMachineId(input.deps) : undefined;
+    input.onProgress?.("checking existing runtime config");
     const current = input.scope === "machine"
         ? await (0, runtime_credentials_1.refreshMachineRuntimeCredentialConfig)(input.agent, machineId, { preserveCachedOnFailure: true })
         : await (0, runtime_credentials_1.refreshRuntimeCredentialConfig)(input.agent, { preserveCachedOnFailure: true });
     if (!current.ok && current.reason !== "missing") {
         throw new Error(`cannot read existing runtime credentials from ${current.itemPath}: ${current.error}`);
     }
+    input.onProgress?.(`storing ${input.key} in ${current.itemPath}`);
     const nextConfig = setRuntimeConfigValue(current.ok ? current.config : {}, input.key, input.value);
     const stored = input.scope === "machine"
         ? await (0, runtime_credentials_1.upsertMachineRuntimeCredentialConfig)(input.agent, machineId, nextConfig, providerCliNow(input.deps))
         : await (0, runtime_credentials_1.upsertRuntimeCredentialConfig)(input.agent, nextConfig, providerCliNow(input.deps));
+    input.onProgress?.(`stored ${input.key}; credential value was not printed`);
     return { revision: stored.revision, itemPath: stored.itemPath, ...(machineId ? { machineId } : {}) };
 }
+async function reloadRunningAgentAfterCredentialChange(agent, deps) {
+    try {
+        const alive = await deps.checkSocketAlive(deps.socketPath);
+        if (!alive)
+            return "daemon is not running; next `ouro up` will load it";
+        const response = await deps.sendCommand(deps.socketPath, { kind: "agent.restart", agent });
+        if (response.ok)
+            return `restarted ${agent} so the running agent reloads credentials`;
+        return `daemon restart skipped: ${response.error ?? response.message ?? "unknown daemon error"}`;
+    }
+    catch (error) {
+        return `daemon restart skipped: ${error instanceof Error ? error.message : String(error)}`;
+    }
+}
 async function executeVaultConfigSet(command, deps) {
     if (command.agent === "SerpentGuide") {
         throw new Error("SerpentGuide does not have persistent runtime credentials. Store credentials in the hatchling agent vault.");
@@ -1268,18 +1295,16 @@ function enableAgentSense(agent, sense, deps) {
 function connectMenu(agent) {
     return [
         `Connect ${agent}`,
+        "Pick what this agent should be able to use.",
         "",
-        "Portable agent capabilities",
         "  1. Perplexity search",
-        "     stores: agent vault runtime/config -> integrations.perplexityApiKey",
+        "     Portable. Stores an API key in the agent vault.",
         "",
-        "This machine only",
         "  2. BlueBubbles iMessage",
-        "     stores: agent vault runtime/machines/<this-machine>/config",
+        "     This machine only. Connects a local Mac Messages bridge.",
         "",
-        "Model providers",
         "  3. Provider auth",
-        `     runs separately: ouro auth --agent ${agent} --provider <provider>`,
+        `     Model credentials: ouro auth --agent ${agent} --provider <provider>`,
         "",
         "  4. Cancel",
         "",
@@ -1291,23 +1316,45 @@ async function executeConnectPerplexity(agent, deps) {
         throw new Error("SerpentGuide has no persistent runtime credentials. Connect Perplexity on the hatchling agent instead.");
     }
     const promptSecret = requirePromptSecret(deps, "Perplexity API key entry");
+    deps.writeStdout([
+        `Connect Perplexity for ${agent}`,
+        "The API key stays hidden while you type.",
+        `Ouro stores it in ${agent}'s vault runtime/config item.`,
+    ].join("\n"));
     const key = (await promptSecret("Perplexity API key: ")).trim();
     if (!key)
         throw new Error("Perplexity API key cannot be blank");
-    const stored = await storeRuntimeConfigKey({
-        agent,
-        key: "integrations.perplexityApiKey",
-        value: key,
-        scope: "agent",
-        deps,
-    });
+    const progress = createHumanCommandProgress(deps, "connect perplexity");
+    let stored;
+    let reload;
+    try {
+        progress.startPhase("saving Perplexity search");
+        stored = await storeRuntimeConfigKey({
+            agent,
+            key: "integrations.perplexityApiKey",
+            value: key,
+            scope: "agent",
+            deps,
+            onProgress: (message) => progress.updateDetail(message),
+        });
+        progress.completePhase("saving Perplexity search", "secret stored");
+        progress.startPhase(`reloading ${agent}`);
+        reload = await reloadRunningAgentAfterCredentialChange(agent, deps);
+        progress.completePhase(`reloading ${agent}`, reload);
+        progress.end();
+    }
+    catch (error) {
+        progress.end();
+        throw error;
+    }
     const message = [
         `Perplexity connected for ${agent}`,
         "capability: Perplexity search",
         `stored: ${stored.itemPath}`,
+        `reload: ${reload}`,
         "secret was not printed",
         "",
-        "Next: ask the agent to search, or run `ouro up` again if the daemon was already running.",
+        "Next: ask the agent to search.",
     ].join("\n");
     deps.writeStdout(message);
     return message;
@@ -1318,6 +1365,11 @@ async function executeConnectBlueBubbles(agent, deps) {
     }
     const promptInput = requirePromptInput(deps, "BlueBubbles setup");
     const promptSecret = requirePromptSecret(deps, "BlueBubbles password entry");
+    deps.writeStdout([
+        `Connect BlueBubbles for ${agent}`,
+        "This is a local attachment for this machine.",
+        "The app password stays hidden while you type.",
+    ].join("\n"));
     const serverUrl = (await promptInput("BlueBubbles server URL for this machine: ")).trim();
     if (!serverUrl)
         throw new Error("BlueBubbles server URL cannot be blank");
@@ -1328,25 +1380,40 @@ async function executeConnectBlueBubbles(agent, deps) {
     const webhookPath = normalizeWebhookPath(await promptInput("Local webhook path [/bluebubbles-webhook]: "), "/bluebubbles-webhook");
     const requestTimeoutMs = parseOptionalPositiveInteger(await promptInput("Request timeout ms [30000]: "), 30000, "BlueBubbles request timeout");
     const machineId = currentMachineId(deps);
-    const current = await (0, runtime_credentials_1.refreshMachineRuntimeCredentialConfig)(agent, machineId, { preserveCachedOnFailure: true });
-    if (!current.ok && current.reason !== "missing") {
-        throw new Error(`cannot read existing machine runtime credentials from ${current.itemPath}: ${current.error}`);
+    const progress = createHumanCommandProgress(deps, "connect bluebubbles");
+    let stored;
+    try {
+        progress.startPhase("saving BlueBubbles attachment");
+        progress.updateDetail("checking existing machine runtime config");
+        const current = await (0, runtime_credentials_1.refreshMachineRuntimeCredentialConfig)(agent, machineId, { preserveCachedOnFailure: true });
+        if (!current.ok && current.reason !== "missing") {
+            progress.end();
+            throw new Error(`cannot read existing machine runtime credentials from ${current.itemPath}: ${current.error}`);
+        }
+        const nextConfig = {
+            ...(current.ok ? current.config : {}),
+            bluebubbles: {
+                serverUrl,
+                password,
+                accountId: "default",
+            },
+            bluebubblesChannel: {
+                port,
+                webhookPath,
+                requestTimeoutMs,
+            },
+        };
+        progress.updateDetail("storing local machine config");
+        stored = await (0, runtime_credentials_1.upsertMachineRuntimeCredentialConfig)(agent, machineId, nextConfig, providerCliNow(deps));
+        progress.updateDetail("enabling BlueBubbles in agent.json");
+        enableAgentSense(agent, "bluebubbles", deps);
+        progress.completePhase("saving BlueBubbles attachment", "secret stored");
+        progress.end();
+    }
+    catch (error) {
+        progress.end();
+        throw error;
     }
-    const nextConfig = {
-        ...(current.ok ? current.config : {}),
-        bluebubbles: {
-            serverUrl,
-            password,
-            accountId: "default",
-        },
-        bluebubblesChannel: {
-            port,
-            webhookPath,
-            requestTimeoutMs,
-        },
-    };
-    const stored = await (0, runtime_credentials_1.upsertMachineRuntimeCredentialConfig)(agent, machineId, nextConfig, providerCliNow(deps));
-    enableAgentSense(agent, "bluebubbles", deps);
     const message = appendBundleSyncSummary([
         `BlueBubbles attached for ${agent} on this machine`,
         `machine: ${machineId}`,
@@ -1648,38 +1715,40 @@ async function executeProviderRefresh(command, deps) {
         deps.writeStdout(message);
         return message;
     }
-    const pool = await (0, provider_credentials_1.refreshProviderCredentialPool)(command.agent);
+    const progress = createHumanCommandProgress(deps, "provider refresh");
+    progress.startPhase("refreshing provider credentials");
+    let pool;
+    try {
+        pool = await (0, provider_credentials_1.refreshProviderCredentialPool)(command.agent, {
+            onProgress: (message) => progress.updateDetail(message),
+        });
+    }
+    catch (error) {
+        progress.end();
+        throw error;
+    }
     const lines = [];
     if (pool.ok) {
         const summary = (0, provider_credentials_1.summarizeProviderCredentialPool)(pool.pool);
         lines.push(`refreshed provider credential snapshot for ${command.agent}`);
         lines.push(`providers: ${summary.providers.map((provider) => provider.provider).join(", ") || "none"}`);
+        progress.completePhase("refreshing provider credentials", summary.providers.map((provider) => provider.provider).join(", ") || "none");
     }
     else {
+        progress.end();
         lines.push(`provider credential refresh failed for ${command.agent}: ${pool.error}`);
         lines.push((0, vault_unlock_1.vaultUnlockReplaceRecoverFix)(command.agent, "Then retry 'ouro provider refresh'."));
         const message = lines.join("\n");
         deps.writeStdout(message);
         return message;
     }
-    try {
-        const alive = await deps.checkSocketAlive(deps.socketPath);
-        if (alive) {
-            const response = await deps.sendCommand(deps.socketPath, { kind: "agent.restart", agent: command.agent });
-            if (response.ok) {
-                lines.push(`restarted ${command.agent} so the running agent reloads credentials`);
-            }
-            else {
-                lines.push(`daemon restart skipped: ${response.error ?? response.message ?? "unknown daemon error"}`);
-            }
-        }
-        else {
-            lines.push("daemon is not running; the next start will load the refreshed snapshot");
-        }
-    }
-    catch (error) {
-        lines.push(`daemon restart skipped: ${error instanceof Error ? error.message : String(error)}`);
-    }
+    progress.startPhase(`reloading ${command.agent}`);
+    const reload = await reloadRunningAgentAfterCredentialChange(command.agent, deps);
+    progress.completePhase(`reloading ${command.agent}`, reload);
+    progress.end();
+    lines.push(reload === "daemon is not running; next `ouro up` will load it"
+        ? "daemon is not running; the next start will load the refreshed snapshot"
+        : reload);
     const message = lines.join("\n");
     deps.writeStdout(message);
     return message;
@@ -3348,31 +3417,43 @@ async function runOuroCli(args, deps = (0, cli_defaults_1.createDefaultOuroCliDe
         const provider = command.provider ?? (0, auth_flow_1.readAgentConfigForAgent)(command.agent, deps.bundlesRoot).config.humanFacing.provider;
         /* v8 ignore next -- tests always inject runAuthFlow; default is for production @preserve */
         const authRunner = deps.runAuthFlow ?? (await Promise.resolve().then(() => __importStar(require("../auth/auth-flow")))).runRuntimeAuthFlow;
-        const result = await authRunner({
-            agentName: command.agent,
-            provider,
-            promptInput: deps.promptInput,
-            onProgress: deps.writeStdout,
-        });
+        const progress = createHumanCommandProgress(deps, "auth");
+        progress.startPhase(`authenticating ${provider}`);
+        let result;
+        try {
+            result = await authRunner({
+                agentName: command.agent,
+                provider,
+                promptInput: deps.promptInput,
+                onProgress: (message) => progress.updateDetail(message),
+            });
+        }
+        catch (error) {
+            progress.end();
+            throw error;
+        }
+        progress.completePhase(`authenticating ${provider}`, "credentials stored");
         // Behavior: ouro auth stores credentials only — does NOT switch provider.
         // Use `ouro auth switch` to change the active provider.
-        deps.writeStdout(result.message);
         // Verify the credentials actually work by pinging the provider
         /* v8 ignore start -- integration: real API ping after auth @preserve */
         try {
-            deps.writeStdout(`verifying ${provider} credentials...`);
+            progress.startPhase(`verifying ${provider}`);
             const credential = await readProviderCredentialRecord(command.agent, provider, deps);
             const status = credential.ok
                 ? await verifyProviderCredentials(provider, {
                     [provider]: { ...credential.record.config, ...credential.record.credentials },
                 })
                 : `stored but could not be re-read from vault (${credential.error})`;
-            deps.writeStdout(`${provider}: ${status}`);
+            progress.completePhase(`verifying ${provider}`, status);
         }
-        catch {
-            // Verification failure is non-blocking — credentials were saved regardless
+        catch (error) {
+            // Verification failure is non-blocking — credentials were saved regardless.
+            progress.completePhase(`verifying ${provider}`, `skipped (${error instanceof Error ? error.message : String(error)})`);
         }
         /* v8 ignore stop */
+        progress.end();
+        deps.writeStdout(result.message);
         return result.message;
     }
     // ── auth verify (local, no daemon socket needed) ──

package/dist/heart/daemon/up-progress.js

@@ -1,6 +1,6 @@
 "use strict";
 /**
- * UpProgress — accumulated-checklist progress renderer for `ouro up`.
+ * UpProgress — accumulated-checklist progress renderer.
  *
  * Displays completed phases with checkmarks, the current phase with a
  * spinner and elapsed time, and pending phases as plain text. Uses ANSI
@@ -12,7 +12,7 @@
  * long operations never leave a dead-looking cursor.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.UpProgress = void 0;
+exports.CommandProgress = exports.UpProgress = void 0;
 const runtime_1 = require("../../nerves/runtime");
 // ── ANSI constants (shared with startup-tui.ts pattern) ──
 const SPINNER_FRAMES = "\u280B\u2819\u2839\u2838\u283C\u2834\u2826\u2827\u2807\u280F";
@@ -29,6 +29,8 @@ class UpProgress {
     renderIntervalMs;
     setTimer;
     clearTimer;
+    eventScope;
+    commandName;
     completed = [];
     currentPhase = null;
     currentDetail = null;
@@ -48,6 +50,8 @@ class UpProgress {
         this.setTimer = options?.setInterval ?? ((callback, ms) => setInterval(callback, ms));
         this.clearTimer = options?.clearInterval ?? ((handle) => clearInterval(handle));
         /* v8 ignore stop */
+        this.eventScope = options?.eventScope ?? "up";
+        this.commandName = options?.commandName ?? null;
     }
     /**
      * Begin a new phase with spinner. If a phase is already active, it is
@@ -109,12 +113,22 @@ class UpProgress {
         this.currentPhase = null;
         this.currentDetail = null;
         this.stopAutoRender();
-        (0, runtime_1.emitNervesEvent)({
-            component: "daemon",
-            event: "daemon.up_phase_complete",
-            message: `phase complete: ${label}`,
-            meta: { phase: label, detail: detail ?? null, elapsedMs },
-        });
+        if (this.eventScope === "command") {
+            (0, runtime_1.emitNervesEvent)({
+                component: "daemon",
+                event: "daemon.cli_progress_phase_complete",
+                message: `phase complete: ${label}`,
+                meta: { command: this.commandName, phase: label, detail: detail ?? null, elapsedMs },
+            });
+        }
+        else {
+            (0, runtime_1.emitNervesEvent)({
+                component: "daemon",
+                event: "daemon.up_phase_complete",
+                message: `phase complete: ${label}`,
+                meta: { phase: label, detail: detail ?? null, elapsedMs },
+            });
+        }
         if (this.isTTY) {
             this.flushRender();
         }
@@ -201,3 +215,4 @@ class UpProgress {
     }
 }
 exports.UpProgress = UpProgress;
+exports.CommandProgress = UpProgress;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ouro.bot/cli",
-  "version": "0.1.0-alpha.418",
+  "version": "0.1.0-alpha.419",
   "main": "dist/heart/daemon/ouro-entry.js",
   "bin": {
     "cli": "dist/heart/daemon/ouro-bot-entry.js",