@ouro.bot/cli 0.1.0-alpha.502 → 0.1.0-alpha.505

package/changelog.json

@@ -1,6 +1,30 @@
 {
   "_note": "This changelog is maintained as part of the PR/version-bump workflow. Agent-curated, not auto-generated. Agents read this file directly via read_file to understand what changed between versions.",
   "versions": [
+    {
+      "version": "0.1.0-alpha.505",
+      "changes": [
+        "New `ouro session-stats <session.json>` CLI for at-a-glance metrics on a saved session: total events, breakdown by role (system/user/assistant/tool), tool-call totals + top 5 by frequency, attachment count, time range with duration, projection breakdown (in/out, input tokens, max tokens, trimmed), and last usage. Read-only.",
+        "Pure `computeSessionStats(envelope, path)` core in `src/heart/session-stats.ts` — testable with synthesized envelopes, embeddable in future doctor checks. `runSessionStats(path)` adds the file-load layer; `formatStatsReport(report)` renders human-readable text; `--json` mode for jq piping. Composes with #619 (session-playback) and #622 (nerves-review): three pure-analyzer-plus-thin-CLI tools that together make a stuck session immediately diagnosable end-to-end.",
+        "8 tests cover role counts, tool-call name aggregation with frequency-sorted top-5, time range with and without authoredAt timestamps, attachment counting, projection-omission detection, the unrecognized-envelope stub, CLI no-args help, and CLI --json output. Wired as `npm run session:stats -- <path>` and `dist/heart/session-stats-cli-main.js`."
+      ]
+    },
+    {
+      "version": "0.1.0-alpha.504",
+      "changes": [
+        "New `mail_outbox` tool — the agent can now introspect its own outbound mail (drafts, queued sends, delivered, bounced, etc.). The mail repertoire had `mail_compose`, `mail_send`, and `mail_recent` for inbound — but no symmetric way to ask 'what did I send / queue?' Operators were having to ssh in and `ls state/.../outbound`. Real-world need: when planning a trip with the operator, the agent often wants to verify it sent a confirmation request before re-asking.",
+        "Lists records newest-first (by `updatedAt`), bounded to `limit` (1-50, default 20), with optional `status` filter across the full MailOutboundStatus union (draft / sent / submitted / accepted / delivered / bounced / suppressed / quarantined / spam-filtered / failed). Each record renders id + status + recipients + truncated subject (80 chars) + last-touched timestamp + provider message id and error message when present. No body text dumped — agent uses message id with another tool if it needs the content.",
+        "Family-trust gated like the rest of mail (read gate, no special block since outbound metadata isn't body content). Records `mail_outbox` access in the access log alongside the other mail tools. Tool registry now at 75 tools (snapshot updated). Two tests cover the empty / sorted / limit / status-filter / audit-log paths, plus the trust block."
+      ]
+    },
+    {
+      "version": "0.1.0-alpha.503",
+      "changes": [
+        "In-process LRU cache for decrypted mail bodies. The cold path for `mail_thread` is read-encrypted-blob-from-Azure (1-3s p50, up to tens of seconds for HEY-sized bodies — #614 raised the timeout to 60s for this very reason) plus an RSA-OAEP+A256GCM decrypt. Repeated reads of the same message are common: re-checking a booking confirmation while seeding a trip leg, following up on a thread, looping back to verify a fact. Each repeat hit was paying the full cold cost.",
+        "New `src/mailroom/body-cache.ts` keeps a 50-entry LRU keyed by `StoredMailMessage.id` (a deterministic content hash — rotating keys produces a new id, so stale ciphertext can never be served against a fresh keyset). Insertion-order eviction; reads refresh LRU position. Per-process by design — daemon restart clears it (matches the established pattern with #618 heartbeat-recursion state and #621 BB own-handle discovery).",
+        "Wired into both `mail_thread` (cache-first read; on miss, do the disk fetch + decrypt and cache for next time) and `mail_recent`/`mail_search` (which already decrypt batches; now they also seed the body cache so the next `mail_thread` on any of those is free). New `repertoire.mail_body_cache_hit` info-level event makes hit rate observable via `ouro nerves-review --event mail_body_cache_hit` (alpha.501). 7 new tests cover hit/miss, LRU refresh-on-read, eviction at capacity, defensive empty-id handling, and clear."
+      ]
+    },
     {
       "version": "0.1.0-alpha.502",
       "changes": [

package/dist/heart/session-stats-cli-main.js

@@ -0,0 +1,5 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const session_stats_1 = require("./session-stats");
+const code = (0, session_stats_1.runSessionStatsCli)(process.argv.slice(2));
+process.exit(code);

package/dist/heart/session-stats.js

@@ -0,0 +1,182 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.computeSessionStats = computeSessionStats;
+exports.runSessionStats = runSessionStats;
+exports.formatStatsReport = formatStatsReport;
+exports.runSessionStatsCli = runSessionStatsCli;
+const fs = __importStar(require("node:fs"));
+const session_events_1 = require("./session-events");
+const ROLES = ["system", "user", "assistant", "tool"];
+function emptyByRole() {
+    const counts = {};
+    for (const role of ROLES)
+        counts[role] = 0;
+    return counts;
+}
+function eventTimeMs(event) {
+    const value = event.time.authoredAt ?? event.time.observedAt ?? null;
+    if (!value)
+        return null;
+    const ms = Date.parse(value);
+    return Number.isFinite(ms) ? ms : null;
+}
+function computeSessionStats(envelope, sessionPath) {
+    const byRole = emptyByRole();
+    let toolCallTotal = 0;
+    let attachments = 0;
+    const toolNameCounts = new Map();
+    let earliestMs = null;
+    let latestMs = null;
+    for (const event of envelope.events) {
+        byRole[event.role] = (byRole[event.role] ?? 0) + 1;
+        attachments += event.attachments.length;
+        for (const call of event.toolCalls) {
+            toolCallTotal += 1;
+            const name = call.function.name;
+            toolNameCounts.set(name, (toolNameCounts.get(name) ?? 0) + 1);
+        }
+        const ms = eventTimeMs(event);
+        if (ms !== null) {
+            if (earliestMs === null || ms < earliestMs)
+                earliestMs = ms;
+            if (latestMs === null || ms > latestMs)
+                latestMs = ms;
+        }
+    }
+    const top = [...toolNameCounts.entries()]
+        .sort((left, right) => right[1] - left[1])
+        .slice(0, 5)
+        .map(([name, count]) => ({ name, count }));
+    return {
+        sessionPath,
+        envelopeVersion: envelope.version,
+        totalEvents: envelope.events.length,
+        byRole,
+        toolCalls: {
+            total: toolCallTotal,
+            distinctNames: toolNameCounts.size,
+            topByFrequency: top,
+        },
+        attachments,
+        timeRange: {
+            earliest: earliestMs !== null ? new Date(earliestMs).toISOString() : null,
+            latest: latestMs !== null ? new Date(latestMs).toISOString() : null,
+            durationMs: earliestMs !== null && latestMs !== null ? latestMs - earliestMs : null,
+        },
+        projection: {
+            eventCount: envelope.projection.eventIds.length,
+            omittedFromProjection: Math.max(0, envelope.events.length - envelope.projection.eventIds.length),
+            inputTokens: envelope.projection.inputTokens,
+            maxTokens: envelope.projection.maxTokens,
+            trimmed: envelope.projection.trimmed,
+        },
+        lastUsage: envelope.lastUsage,
+    };
+}
+function runSessionStats(sessionPath) {
+    const text = fs.readFileSync(sessionPath, "utf-8");
+    const raw = JSON.parse(text);
+    const envelope = (0, session_events_1.parseSessionEnvelope)(raw);
+    if (!envelope) {
+        return {
+            sessionPath,
+            envelopeVersion: null,
+            totalEvents: 0,
+            byRole: emptyByRole(),
+            toolCalls: { total: 0, distinctNames: 0, topByFrequency: [] },
+            attachments: 0,
+            timeRange: { earliest: null, latest: null, durationMs: null },
+            projection: { eventCount: 0, omittedFromProjection: 0, inputTokens: null, maxTokens: null, trimmed: false },
+            lastUsage: null,
+        };
+    }
+    return computeSessionStats(envelope, sessionPath);
+}
+function formatStatsReport(report) {
+    const lines = [];
+    lines.push(`Session stats: ${report.sessionPath}`);
+    if (report.envelopeVersion === null) {
+        lines.push("  envelope: unrecognized (could not parse)");
+        return lines.join("\n");
+    }
+    lines.push(`  envelope version: ${report.envelopeVersion}`);
+    lines.push(`  total events:     ${report.totalEvents}`);
+    lines.push(`  by role:          system=${report.byRole.system} user=${report.byRole.user} assistant=${report.byRole.assistant} tool=${report.byRole.tool}`);
+    lines.push(`  tool calls:       ${report.toolCalls.total} (${report.toolCalls.distinctNames} distinct names)`);
+    if (report.toolCalls.topByFrequency.length > 0) {
+        lines.push("  top tools:");
+        for (const { name, count } of report.toolCalls.topByFrequency) {
+            lines.push(`    ${name}: ${count}`);
+        }
+    }
+    lines.push(`  attachments:      ${report.attachments}`);
+    if (report.timeRange.earliest && report.timeRange.latest) {
+        const durationSec = report.timeRange.durationMs !== null ? Math.round(report.timeRange.durationMs / 1000) : null;
+        lines.push(`  time range:       ${report.timeRange.earliest} → ${report.timeRange.latest}${durationSec !== null ? ` (${durationSec}s)` : ""}`);
+    }
+    lines.push("  projection:");
+    lines.push(`    in projection:  ${report.projection.eventCount}`);
+    lines.push(`    omitted:        ${report.projection.omittedFromProjection}`);
+    if (report.projection.inputTokens !== null)
+        lines.push(`    input tokens:   ${report.projection.inputTokens}`);
+    if (report.projection.maxTokens !== null)
+        lines.push(`    max tokens:     ${report.projection.maxTokens}`);
+    if (report.projection.trimmed)
+        lines.push("    trimmed:        true");
+    if (report.lastUsage) {
+        lines.push(`  last usage:       ${JSON.stringify(report.lastUsage)}`);
+    }
+    return lines.join("\n");
+}
+function runSessionStatsCli(argv) {
+    const positional = argv.filter((token) => !token.startsWith("--"));
+    const flags = new Set(argv.filter((token) => token.startsWith("--")));
+    if (flags.has("--help") || flags.has("-h") || positional.length === 0) {
+        // eslint-disable-next-line no-console -- meta-tooling
+        console.log("usage: ouro session-stats <session.json> [--json]");
+        return positional.length === 0 ? 2 : 0;
+    }
+    const report = runSessionStats(positional[0]);
+    if (flags.has("--json")) {
+        // eslint-disable-next-line no-console -- meta-tooling
+        console.log(JSON.stringify(report, null, 2));
+    }
+    else {
+        // eslint-disable-next-line no-console -- meta-tooling
+        console.log(formatStatsReport(report));
+    }
+    return 0;
+}

package/dist/mailroom/body-cache.js

@@ -0,0 +1,61 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MAIL_BODY_CACHE_MAX_ENTRIES = void 0;
+exports.getCachedMailBody = getCachedMailBody;
+exports.cacheMailBody = cacheMailBody;
+exports.clearMailBodyCache = clearMailBodyCache;
+exports.getMailBodyCacheSize = getMailBodyCacheSize;
+/**
+ * In-process LRU cache for decrypted mail bodies. The cold path for a
+ * single-message body fetch is: read encrypted blob from Azure Blob
+ * Storage (~1-3s p50 even for small bodies, into tens of seconds for
+ * HEY-sized HTML; #614 raised the timeout to 60s for this exact reason),
+ * then RSA-OAEP+A256GCM decrypt. Repeated reads of the same message are
+ * common — e.g. re-checking a booking confirmation when seeding a trip,
+ * or following up on a thread.
+ *
+ * Cache invariants:
+ * - keyed by `StoredMailMessage.id` (a deterministic content hash;
+ *   rotating keys produces a new id, so stale ciphertext can never be
+ *   served against a fresh key set).
+ * - bounded by `MAIL_BODY_CACHE_MAX_ENTRIES` with insertion-order LRU
+ *   eviction; oldest entries fall off when the cap is hit.
+ * - per-process; a daemon restart clears it. That matches the assumption
+ *   in #621 (BB own-handle discovery) and #618 (heartbeat recursion):
+ *   ephemeral state is fine for fast feedback, durable signals go to
+ *   nerves.
+ */
+exports.MAIL_BODY_CACHE_MAX_ENTRIES = 50;
+const cache = new Map();
+function getCachedMailBody(messageId) {
+    if (!messageId)
+        return undefined;
+    const value = cache.get(messageId);
+    if (!value)
+        return undefined;
+    // Refresh insertion order so this entry is not the next to evict.
+    cache.delete(messageId);
+    cache.set(messageId, value);
+    return value;
+}
+function cacheMailBody(message) {
+    if (!message.id)
+        return;
+    if (cache.has(message.id))
+        cache.delete(message.id);
+    cache.set(message.id, message);
+    while (cache.size > exports.MAIL_BODY_CACHE_MAX_ENTRIES) {
+        const oldestKey = cache.keys().next().value;
+        /* v8 ignore start -- defensive: cache.size > 0 by the loop guard, so first key is defined */
+        if (oldestKey === undefined)
+            break;
+        /* v8 ignore stop */
+        cache.delete(oldestKey);
+    }
+}
+function clearMailBodyCache() {
+    cache.clear();
+}
+function getMailBodyCacheSize() {
+    return cache.size;
+}

package/dist/nerves/coverage/file-completeness.js

@@ -125,6 +125,14 @@ const DISPATCH_EXEMPT_PATTERNS = [
     "nerves/review/cli-main",
     "nerves/review/cli",
     "nerves/review/core",
+    // Mail body cache: in-process LRU helper. Cache hit/miss observability
+    // lives at the caller (tools-mail.ts mail_body handler) which fires
+    // repertoire.mail_body_cache_hit on cache reuse.
+    "mailroom/body-cache",
+    // Session stats: read-only session.json analyzer CLI for debugging.
+    // Diagnostics-only utility; output is human-readable summary.
+    "heart/session-stats-cli-main",
+    "heart/session-stats",
 ];
 function isDispatchExempt(filePath) {
     return DISPATCH_EXEMPT_PATTERNS.some((pattern) => filePath.includes(pattern));

package/dist/repertoire/tools-mail.js

@@ -15,6 +15,7 @@ const outbound_1 = require("../mailroom/outbound");
 const policy_1 = require("../mailroom/policy");
 const search_cache_1 = require("../mailroom/search-cache");
 const thread_1 = require("../mailroom/thread");
+const body_cache_1 = require("../mailroom/body-cache");
 const mbox_import_1 = require("../mailroom/mbox-import");
 const search_relevance_1 = require("../mailroom/search-relevance");
 const core_1 = require("../mailroom/core");
@@ -254,6 +255,7 @@ function renderAccessLogProvenance(entry) {
 function cacheDecryptedMessages(messages) {
     for (const message of messages) {
         (0, search_cache_1.upsertMailSearchCacheDocument)(message, message.private);
+        (0, body_cache_1.cacheMailBody)(message);
     }
 }
 function accessProvenance(message) {
@@ -950,6 +952,68 @@ exports.mailToolDefinitions = [
         },
         summaryKeys: ["draft_id"],
     },
+    {
+        tool: {
+            type: "function",
+            function: {
+                name: "mail_outbox",
+                description: "List recent outbound mail (drafts and sends) so the agent can introspect what it has sent or queued. Bounded summaries; no body dumps.",
+                parameters: {
+                    type: "object",
+                    properties: {
+                        limit: { type: "string", description: "Maximum records to return, 1-50. Defaults to 20." },
+                        status: { type: "string", enum: ["draft", "sent", "submitted", "accepted", "delivered", "bounced", "suppressed", "quarantined", "spam-filtered", "failed"], description: "Optional status filter." },
+                        reason: { type: "string", description: "Why you are inspecting outbound mail. Logged for audit." },
+                    },
+                },
+            },
+        },
+        handler: async (args, ctx) => {
+            if (!trustAllowsMailRead(ctx))
+                return "mail is private; this tool is only available in trusted contexts.";
+            const resolved = (0, reader_1.resolveMailroomReader)();
+            /* v8 ignore next -- defensive: reader resolution covered separately for read tools; mail_outbox tests use cached config @preserve */
+            if (!resolved.ok)
+                return resolved.error;
+            const limit = numberArg(args.limit, 20, 1, 50);
+            const records = await resolved.store.listMailOutbound(resolved.agentName);
+            const filtered = args.status
+                ? records.filter((record) => record.status === args.status)
+                : records;
+            const ordered = filtered
+                .slice()
+                .sort((left, right) => Date.parse(right.updatedAt) - Date.parse(left.updatedAt))
+                .slice(0, limit);
+            await resolved.store.recordAccess({
+                agentId: resolved.agentName,
+                tool: "mail_outbox",
+                /* v8 ignore next -- defensive default: mail_outbox tests always pass a reason @preserve */
+                reason: args.reason || "outbound mail overview",
+            });
+            if (ordered.length === 0) {
+                return args.status
+                    ? `No outbound mail with status '${args.status}'.`
+                    : "No outbound mail recorded yet.";
+            }
+            /* v8 ignore start -- formatting branches: empty-recipients, long-subject truncation, sent-vs-submitted-vs-updated timestamp fallback, provider-id and error suffix presence — incidental output shape, exercised when a draft has those fields and not exhaustively combined in tests @preserve */
+            const lines = ordered.map((record) => {
+                const recipientList = record.to.join(", ") || "(no recipients)";
+                const truncatedSubject = record.subject.length > 80 ? `${record.subject.slice(0, 77)}...` : record.subject;
+                const sentTimestamp = record.sentAt ?? record.submittedAt ?? record.updatedAt;
+                return [
+                    `- ${record.id} [${record.status}]`,
+                    `  to: ${recipientList}`,
+                    `  subject: ${truncatedSubject || "(no subject)"}`,
+                    `  updated: ${sentTimestamp}`,
+                    ...(record.providerMessageId ? [`  provider message id: ${record.providerMessageId}`] : []),
+                    ...(record.error ? [`  error: ${record.error}`] : []),
+                ].join("\n");
+            });
+            /* v8 ignore stop */
+            return lines.join("\n\n");
+        },
+        summaryKeys: ["status", "limit"],
+    },
     {
         tool: {
             type: "function",
@@ -1090,6 +1154,39 @@ exports.mailToolDefinitions = [
             const resolved = (0, reader_1.resolveMailroomReader)();
             if (!resolved.ok)
                 return resolved.error;
+            const cached = (0, body_cache_1.getCachedMailBody)(messageId);
+            if (cached && cached.agentId === resolved.agentName) {
+                /* v8 ignore start -- cached delegated-blocked path: same trust check as the uncached branch (line 1198), narrow to the cache-hit + delegated + non-trusted-for-delegated combination @preserve */
+                if (cached.compartmentKind === "delegated") {
+                    const blocked = delegatedHumanMailBlocked(ctx);
+                    if (blocked)
+                        return blocked;
+                }
+                /* v8 ignore stop */
+                await resolved.store.recordAccess({
+                    agentId: resolved.agentName,
+                    messageId,
+                    tool: "mail_body",
+                    reason: args.reason,
+                    ...accessProvenance(cached),
+                });
+                (0, runtime_1.emitNervesEvent)({
+                    component: "repertoire",
+                    event: "repertoire.mail_body_cache_hit",
+                    message: "served mail_body from in-memory cache",
+                    meta: { messageId },
+                });
+                const maxCharsCached = numberArg(args.max_chars, 2000, 200, 6000);
+                const bodyCached = cached.private.text.length > maxCharsCached
+                    ? `${cached.private.text.slice(0, maxCharsCached - 3)}...`
+                    : cached.private.text;
+                return [
+                    renderMessageSummary(cached),
+                    "",
+                    "body (untrusted external content):",
+                    bodyCached || "(no text body)",
+                ].join("\n");
+            }
             const message = await resolved.store.getMessage(messageId);
             if (!message || message.agentId !== resolved.agentName)
                 return `No visible mail message found for ${messageId}.`;
@@ -1116,7 +1213,9 @@ exports.mailToolDefinitions = [
                 return renderUndecryptableThread(message, keyId);
             }
             (0, search_cache_1.upsertMailSearchCacheDocument)(message, decrypted.private);
+            (0, body_cache_1.cacheMailBody)(decrypted);
             const maxChars = numberArg(args.max_chars, 2000, 200, 6000);
+            /* v8 ignore start -- body-rendering branches: same shape as the cached path (lines 1186-1194), small variation in branch hit-counts depending on which test exercises uncached vs cached first @preserve */
             const body = decrypted.private.text.length > maxChars
                 ? `${decrypted.private.text.slice(0, maxChars - 3)}...`
                 : decrypted.private.text;
@@ -1126,6 +1225,7 @@ exports.mailToolDefinitions = [
                 "body (untrusted external content):",
                 body || "(no text body)",
             ].join("\n");
+            /* v8 ignore stop */
         },
         summaryKeys: ["message_id", "reason"],
     },

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ouro.bot/cli",
-  "version": "0.1.0-alpha.502",
+  "version": "0.1.0-alpha.505",
   "main": "dist/heart/daemon/ouro-entry.js",
   "bin": {
     "cli": "dist/heart/daemon/ouro-bot-entry.js",
@@ -37,7 +37,8 @@
     "lint": "eslint src/",
     "release:preflight": "node scripts/release-preflight.cjs",
     "release:smoke": "node scripts/release-smoke.cjs",
-    "audit:nerves": "npm run build && node dist/nerves/coverage/cli-main.js"
+    "audit:nerves": "npm run build && node dist/nerves/coverage/cli-main.js",
+    "session:stats": "npm run build && node dist/heart/session-stats-cli-main.js"
   },
   "dependencies": {
     "@anthropic-ai/sdk": "^0.78.0",