@ouro.bot/cli 0.1.0-alpha.473 → 0.1.0-alpha.475

package/changelog.json

@@ -1,6 +1,22 @@
 {
   "_note": "This changelog is maintained as part of the PR/version-bump workflow. Agent-curated, not auto-generated. Agents read this file directly via read_file to understand what changed between versions.",
   "versions": [
+    {
+      "version": "0.1.0-alpha.475",
+      "changes": [
+        "Native mail autonomy now counts recently submitted provider-backed sends against the rate window immediately, so Azure Communication Services deliveries cannot slip past the autonomous send limit while delivery events are still pending.",
+        "Mail autonomy coverage now locks the submitted-provider case explicitly, preventing back-to-back autonomous sends from bypassing policy before provider reconciliation arrives.",
+        "The `ouro.bot` wrapper stays version-synced for the mail autonomy rate-limit repair release."
+      ]
+    },
+    {
+      "version": "0.1.0-alpha.474",
+      "changes": [
+        "DNS workflow planning now handles duplicate-capable records safely by matching exact type/name/content identity before singleton replacement, so adding an ACS apex TXT verification record cannot rewrite unrelated Google, Microsoft, or SPF TXT records.",
+        "DNS rollback planning can now delete only the extra allowlisted duplicate record that was not present in the backup while preserving sibling TXT records with the same name.",
+        "`@ouro.bot/cli` and the `ouro.bot` wrapper are version-synced for the DNS duplicate-record safety release."
+      ]
+    },
     {
       "version": "0.1.0-alpha.473",
       "changes": [

package/dist/heart/daemon/dns-workflow.js

@@ -266,28 +266,57 @@ function recordsEqual(left, right) {
         left.ttl === right.ttl &&
         priorityEqual;
 }
+function recordIdentityKey(record) {
+    const priority = record.type === "MX" ? String(record.priority ?? 0) : "";
+    return `${recordKey(record)}:${record.content}:${priority}`;
+}
+function sameRecordIdentity(left, right) {
+    return recordIdentityKey(left) === recordIdentityKey(right);
+}
+function recordsWithKey(records, key) {
+    return records.filter((record) => recordKey(record) === key);
+}
+function findCurrentRecordForDesired(input) {
+    const key = recordKey(input.desired);
+    const currentSameKey = recordsWithKey(input.currentRecords, key);
+    const exact = currentSameKey.find((record) => sameRecordIdentity(record, input.desired));
+    if (exact)
+        return exact;
+    const desiredSameKey = recordsWithKey(input.desiredRecords, key);
+    if (currentSameKey.length === 1 && desiredSameKey.length === 1)
+        return currentSameKey[0];
+    return undefined;
+}
 function planDnsWorkflow(input) {
     assertDesiredRecordsAllowed(input.binding);
     const allowedKeys = new Set(input.binding.resources.records.map(recordKey));
-    const desiredKeys = new Set(input.binding.desired.records.map(recordKey));
     const changes = [];
+    const matchedCurrentRecords = new Set();
     for (const desired of input.binding.desired.records) {
-        const current = input.currentRecords.find((record) => recordKey(record) === recordKey(desired));
+        const current = findCurrentRecordForDesired({
+            desired,
+            desiredRecords: input.binding.desired.records,
+            currentRecords: input.currentRecords,
+        });
         if (!current) {
             changes.push({ action: "create", record: desired, reason: "desired record is missing" });
         }
         else if (!recordsEqual(current, desired)) {
+            matchedCurrentRecords.add(current);
             changes.push({ action: "update", record: desired, currentRecord: current, reason: "desired record differs from current provider record" });
         }
+        else {
+            matchedCurrentRecords.add(current);
+        }
     }
     if (input.deleteExtraAllowedRecords) {
         for (const current of input.currentRecords) {
-            if (allowedKeys.has(recordKey(current)) && !desiredKeys.has(recordKey(current))) {
+            if (allowedKeys.has(recordKey(current)) && !matchedCurrentRecords.has(current)) {
                 changes.push({ action: "delete", record: current, currentRecord: current, reason: "allowlisted record is absent from rollback backup" });
             }
         }
     }
-    const preservedRecords = input.currentRecords.filter((record) => !desiredKeys.has(recordKey(record)));
+    const preservedRecords = input.currentRecords.filter((record) => !matchedCurrentRecords.has(record));
     return {
         backup: { domain: input.binding.domain, records: input.currentRecords },
         changes,

package/dist/mailroom/autonomy.js

@@ -73,9 +73,9 @@ function isRecipientAllowed(policy, recipient) {
     return policy.allowedRecipients.includes(recipient) || policy.allowedDomains.includes(recipientDomain(recipient));
 }
 function autonomousSentAt(record) {
-    if (record.status !== "sent" || record.sendMode !== "autonomous")
+    if (record.sendMode !== "autonomous")
         return null;
-    return record.sentAt ?? record.updatedAt;
+    return record.sentAt ?? record.submittedAt ?? record.acceptedAt ?? record.deliveredAt ?? record.failedAt ?? record.updatedAt;
 }
 function countRecentAutonomousSends(input) {
     const startsAt = input.nowMs - input.windowMs;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ouro.bot/cli",
-  "version": "0.1.0-alpha.473",
+  "version": "0.1.0-alpha.475",
   "main": "dist/heart/daemon/ouro-entry.js",
   "bin": {
     "cli": "dist/heart/daemon/ouro-bot-entry.js",