@ouro.bot/cli 0.1.0-alpha.55 → 0.1.0-alpha.551

package/dist/senses/trust-gate.js

@@ -93,6 +93,91 @@ function writeInnerPendingNotice(bundleRoot, noticeContent, nowIso) {
     fs.mkdirSync(innerPendingDir, { recursive: true });
     fs.writeFileSync(filePath, JSON.stringify(payload), "utf-8");
 }
+const ACKNOWLEDGED_GROUPS_FILENAME = "acknowledged-auto-groups.json";
+function acknowledgedGroupsPath(bundleRoot) {
+    return path.join(bundleRoot, "state", ACKNOWLEDGED_GROUPS_FILENAME);
+}
+function loadAcknowledgedGroupsState(bundleRoot) {
+    try {
+        const raw = fs.readFileSync(acknowledgedGroupsPath(bundleRoot), "utf-8");
+        if (!raw.trim())
+            return {};
+        const parsed = JSON.parse(raw);
+        if (!parsed || typeof parsed !== "object" || Array.isArray(parsed))
+            return {};
+        return parsed;
+    }
+    catch {
+        return {};
+    }
+}
+function persistAcknowledgedGroupsState(bundleRoot, state) {
+    const target = acknowledgedGroupsPath(bundleRoot);
+    fs.mkdirSync(path.dirname(target), { recursive: true });
+    fs.writeFileSync(target, `${JSON.stringify(state, null, 2)}\n`, "utf-8");
+}
+/**
+ * For BlueBubbles group chats that were auto-created at stranger trust (no
+ * explicit operator/agent action ever bound the harness to this group), the
+ * gate's family-member bypass would otherwise let messages flow through
+ * silently and the agent would accumulate a session it has no mental model
+ * for. Surface the relationship as an inner-pending notice exactly once so
+ * the agent can categorize / rename / dismiss the group on its next turn.
+ *
+ * Returns true if a notice was written so callers can emit a telemetry event.
+ */
+function maybeSurfaceAutoCreatedGroup(input, bundleRoot, nowIso) {
+    // Caller guarantees isGroupChat = true (only invoked from the family-member
+    // bypass branch); skip a redundant guard here.
+    if (input.friend.trustLevel !== "stranger")
+        return false;
+    if (!input.friend.notes?.["autoCreatedGroup"])
+        return false;
+    // loadAcknowledgedGroupsState is defensive (its own try/catch returns {})
+    // so we don't wrap it in another try here.
+    const state = loadAcknowledgedGroupsState(bundleRoot);
+    if (state[input.friend.id])
+        return false;
+    const noticeContent = `New BlueBubbles group "${input.friend.name}" became active without explicit acknowledgment. ` +
+        `It was auto-created at stranger trust the first time a message routed through it. ` +
+        `If you recognize the group, label or rename it (and consider promoting trust); if not, you can leave it as a stranger group or rename it for clarity. ` +
+        `external id: ${input.externalId}; friend id: ${input.friend.id}.`;
+    try {
+        writeInnerPendingNotice(bundleRoot, noticeContent, nowIso);
+        persistAcknowledgedGroupsState(bundleRoot, {
+            ...state,
+            [input.friend.id]: { surfacedAt: nowIso },
+        });
+        (0, runtime_1.emitNervesEvent)({
+            level: "info",
+            component: "senses",
+            event: "senses.trust_gate_group_acknowledgment_surfaced",
+            message: "auto-created group surfaced for agent acknowledgment",
+            meta: {
+                friendId: input.friend.id,
+                friendName: input.friend.name,
+                externalId: input.externalId,
+                provider: input.provider,
+            },
+        });
+        return true;
+        /* v8 ignore start -- defensive: surfacing failure must not block the gate decision @preserve */
+    }
+    catch (error) {
+        (0, runtime_1.emitNervesEvent)({
+            level: "error",
+            component: "senses",
+            event: "senses.trust_gate_error",
+            message: "failed to surface auto-created group for acknowledgment",
+            meta: {
+                friendId: input.friend.id,
+                reason: error instanceof Error ? error.message : String(error),
+            },
+        });
+        return false;
+    }
+    /* v8 ignore stop */
+}
 function enforceTrustGate(input) {
     const { senseType } = input;
     // Local (CLI) and internal (inner dialog) — always allow
@@ -104,6 +189,20 @@ function enforceTrustGate(input) {
         return { allowed: true };
     }
     // Open senses (BlueBubbles/iMessage) — enforce trust rules
+    // Group chat with a family member present — allow regardless of trust level.
+    // BUT if this is an auto-created stranger group (the harness picked it up
+    // silently via the family-member shortcut and the agent never explicitly
+    // acknowledged it), surface a one-time inner-pending notice so the agent
+    // gets a chance to categorize / rename / dismiss the relationship instead
+    // of accumulating activity invisibly.
+    if (input.isGroupChat && input.groupHasFamilyMember) {
+        /* v8 ignore start -- defaults shared with the rest of the gate; tested via the stranger-trust path */
+        const bundleRoot = input.bundleRoot ?? (0, identity_1.getAgentRoot)();
+        const nowIso = (input.now ?? (() => new Date()))().toISOString();
+        /* v8 ignore stop */
+        maybeSurfaceAutoCreatedGroup(input, bundleRoot, nowIso);
+        return { allowed: true };
+    }
     const trustLevel = input.friend.trustLevel ?? "friend";
     // Family and friend — always allow on open
     if ((0, types_1.isTrustedLevel)(trustLevel)) {
@@ -119,11 +218,7 @@ function enforceTrustGate(input) {
     return handleStranger(input, bundleRoot, nowIso);
 }
 function handleAcquaintance(input, bundleRoot, nowIso) {
-    const { isGroupChat, groupHasFamilyMember, hasExistingGroupWithFamily } = input;
-    // Group chat with family member present — allow
-    if (isGroupChat && groupHasFamilyMember) {
-        return { allowed: true };
-    }
+    const { isGroupChat, hasExistingGroupWithFamily } = input;
     let result;
     let noticeDetail;
     if (isGroupChat) {

package/dist/trips/core.js

@@ -0,0 +1,138 @@
+"use strict";
+// Harness-side trip ledger primitive.
+//
+// Mirrors the substrate's @ouro/work-protocol/src/trip.ts contract (vendored
+// the same way mailroom/core.ts vendors mail). Slugger's framing: today,
+// doc-edits-from-mail keep falling back on freeform parsing because there is
+// no structured object between "mail body" and "travel doc". TripRecord +
+// TripLeg are that object — every leg fact carries non-optional provenance
+// (TripEvidence with discoveryMethod) so the ledger can be audited cleanly
+// and reasoned about under conflict.
+//
+// Per-agent ledger keypair design: in v1 each agent has ONE ledger keypair.
+// All TripRecord blobs are encrypted with that key. Cross-trip sharing
+// (handing one trip's facts to another party without their owning the whole
+// ledger) is a follow-on; it would shard to per-trip keys, which the
+// substrate's TripLedgerRegistry can already represent.
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateTripKeyPair = generateTripKeyPair;
+exports.encryptTripRecord = encryptTripRecord;
+exports.decryptTripRecord = decryptTripRecord;
+exports.newTripId = newTripId;
+exports.newLegId = newLegId;
+exports.newTripLedgerRecord = newTripLedgerRecord;
+const crypto = __importStar(require("node:crypto"));
+// ── Helpers: keys + crypto ─────────────────────────────────────────
+function safeLabel(label) {
+    return label.toLowerCase().replace(/[^a-z0-9_-]+/g, "-").replace(/^-+|-+$/g, "");
+}
+function generateTripKeyPair(label) {
+    const { publicKey, privateKey } = crypto.generateKeyPairSync("rsa", {
+        modulusLength: 2048,
+        publicKeyEncoding: { type: "spki", format: "pem" },
+        privateKeyEncoding: { type: "pkcs8", format: "pem" },
+    });
+    const slug = safeLabel(label) || "ledger";
+    const fingerprint = crypto.createHash("sha256").update(publicKey).digest("hex").slice(0, 16);
+    return {
+        keyId: `trip_${slug}_${fingerprint}`,
+        publicKeyPem: publicKey,
+        privateKeyPem: privateKey,
+    };
+}
+function encryptTripRecord(trip, publicKeyPem, keyId) {
+    const contentKey = crypto.randomBytes(32);
+    const iv = crypto.randomBytes(12);
+    const cipher = crypto.createCipheriv("aes-256-gcm", contentKey, iv);
+    const ciphertext = Buffer.concat([cipher.update(Buffer.from(JSON.stringify(trip), "utf-8")), cipher.final()]);
+    const authTag = cipher.getAuthTag();
+    const wrappedKey = crypto.publicEncrypt({ key: publicKeyPem, oaepHash: "sha256" }, contentKey);
+    return {
+        algorithm: "RSA-OAEP-SHA256+A256GCM",
+        keyId,
+        wrappedKey: wrappedKey.toString("base64"),
+        iv: iv.toString("base64"),
+        authTag: authTag.toString("base64"),
+        ciphertext: ciphertext.toString("base64"),
+    };
+}
+function decryptTripRecord(payload, privateKeyPem) {
+    const contentKey = crypto.privateDecrypt({
+        key: privateKeyPem,
+        oaepHash: "sha256",
+    }, Buffer.from(payload.wrappedKey, "base64"));
+    const decipher = crypto.createDecipheriv("aes-256-gcm", contentKey, Buffer.from(payload.iv, "base64"));
+    decipher.setAuthTag(Buffer.from(payload.authTag, "base64"));
+    const plaintext = Buffer.concat([
+        decipher.update(Buffer.from(payload.ciphertext, "base64")),
+        decipher.final(),
+    ]);
+    return JSON.parse(plaintext.toString("utf-8"));
+}
+// ── Helpers: deterministic ids ─────────────────────────────────────
+function newTripId(agentId, name, createdAt) {
+    const fingerprint = crypto.createHash("sha256")
+        .update(`${agentId}\n${name}\n${createdAt}`)
+        .digest("hex")
+        .slice(0, 16);
+    const slug = safeLabel(name) || "trip";
+    return `trip_${slug}_${fingerprint}`;
+}
+function newLegId(input) {
+    const distinguish = input.vendor || input.confirmationCode || crypto.randomUUID();
+    const fingerprint = crypto.createHash("sha256")
+        .update(`${input.tripId}\n${input.kind}\n${distinguish}\n${input.createdAt}`)
+        .digest("hex")
+        .slice(0, 16);
+    return `leg_${input.kind}_${fingerprint}`;
+}
+// ── Ledger record helpers ──────────────────────────────────────────
+function newTripLedgerRecord(input) {
+    const now = (input.now ?? (() => new Date().toISOString()))();
+    const keypair = generateTripKeyPair(input.label ?? input.agentId);
+    const ledgerId = `ledger_${safeLabel(input.agentId) || "agent"}_${crypto.createHash("sha256").update(`${input.agentId}\n${now}\n${keypair.keyId}`).digest("hex").slice(0, 16)}`;
+    return {
+        ledger: {
+            schemaVersion: 1,
+            agentId: input.agentId,
+            ledgerId,
+            keyId: keypair.keyId,
+            publicKeyPem: keypair.publicKeyPem,
+            createdAt: now,
+        },
+        keypair,
+    };
+}

package/dist/trips/store.js

@@ -0,0 +1,146 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TripNotFoundError = void 0;
+exports.ensureAgentTripLedger = ensureAgentTripLedger;
+exports.readAgentTripKeypair = readAgentTripKeypair;
+exports.upsertTripRecord = upsertTripRecord;
+exports.readTripRecord = readTripRecord;
+exports.listTripIds = listTripIds;
+const fs = __importStar(require("node:fs"));
+const path = __importStar(require("node:path"));
+const identity_1 = require("../heart/identity");
+const runtime_1 = require("../nerves/runtime");
+const core_1 = require("./core");
+function tripsRoot(agentName) {
+    return path.join((0, identity_1.getAgentRoot)(agentName), "state", "trips");
+}
+function ledgerPath(agentName) {
+    return path.join(tripsRoot(agentName), "ledger.json");
+}
+function recordsDir(agentName) {
+    return path.join(tripsRoot(agentName), "records");
+}
+function recordPath(agentName, tripId) {
+    return path.join(recordsDir(agentName), `${tripId}.json`);
+}
+function readJsonFile(filePath) {
+    if (!fs.existsSync(filePath))
+        return null;
+    return JSON.parse(fs.readFileSync(filePath, "utf-8"));
+}
+function writeJsonAtomic(filePath, value) {
+    fs.mkdirSync(path.dirname(filePath), { recursive: true });
+    const tmp = `${filePath}.tmp`;
+    fs.writeFileSync(tmp, JSON.stringify(value, null, 2), "utf-8");
+    fs.renameSync(tmp, filePath);
+}
+class TripNotFoundError extends Error {
+    statusCode = 404;
+    constructor(input) {
+        super(`trip not found: agent=${input.agentName} trip=${input.tripId}`);
+    }
+}
+exports.TripNotFoundError = TripNotFoundError;
+/**
+ * Idempotent — if the agent already has a ledger on disk, return it; otherwise
+ * generate a fresh keypair and persist both halves.
+ */
+function ensureAgentTripLedger(input) {
+    const existing = readJsonFile(ledgerPath(input.agentName));
+    if (existing) {
+        return { ledger: existing.ledger, added: false };
+    }
+    const created = (0, core_1.newTripLedgerRecord)({
+        agentId: input.agentName,
+        ...(input.label ? { label: input.label } : {}),
+        ...(input.now ? { now: input.now } : {}),
+    });
+    const stored = {
+        schemaVersion: 1,
+        ledger: created.ledger,
+        privateKeyPem: created.keypair.privateKeyPem,
+    };
+    writeJsonAtomic(ledgerPath(input.agentName), stored);
+    (0, runtime_1.emitNervesEvent)({
+        component: "trips",
+        event: "trips.ledger_created",
+        message: "agent trip ledger keypair created",
+        meta: { agentId: input.agentName, ledgerId: created.ledger.ledgerId, keyId: created.ledger.keyId },
+    });
+    return { ledger: created.ledger, added: true };
+}
+function readLedgerOrThrow(agentName) {
+    const stored = readJsonFile(ledgerPath(agentName));
+    if (!stored) {
+        throw new Error(`no trip ledger for agent ${agentName} — call ensureAgentTripLedger first`);
+    }
+    return stored;
+}
+function readAgentTripKeypair(agentName) {
+    const stored = readLedgerOrThrow(agentName);
+    return {
+        keyId: stored.ledger.keyId,
+        publicKeyPem: stored.ledger.publicKeyPem,
+        privateKeyPem: stored.privateKeyPem,
+    };
+}
+function upsertTripRecord(agentName, trip) {
+    const stored = readLedgerOrThrow(agentName);
+    const payload = (0, core_1.encryptTripRecord)(trip, stored.ledger.publicKeyPem, stored.ledger.keyId);
+    writeJsonAtomic(recordPath(agentName, trip.tripId), payload);
+    (0, runtime_1.emitNervesEvent)({
+        component: "trips",
+        event: "trips.record_upserted",
+        message: "trip record upserted",
+        meta: { agentId: agentName, tripId: trip.tripId, legCount: trip.legs.length, status: trip.status },
+    });
+}
+function readTripRecord(agentName, tripId) {
+    const payload = readJsonFile(recordPath(agentName, tripId));
+    if (!payload)
+        throw new TripNotFoundError({ agentName, tripId });
+    const stored = readLedgerOrThrow(agentName);
+    return (0, core_1.decryptTripRecord)(payload, stored.privateKeyPem);
+}
+function listTripIds(agentName) {
+    const dir = recordsDir(agentName);
+    if (!fs.existsSync(dir))
+        return [];
+    return fs.readdirSync(dir)
+        .filter((entry) => entry.endsWith(".json"))
+        .map((entry) => entry.slice(0, -".json".length))
+        .sort();
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ouro.bot/cli",
-  "version": "0.1.0-alpha.55",
+  "version": "0.1.0-alpha.551",
   "main": "dist/heart/daemon/ouro-entry.js",
   "bin": {
     "cli": "dist/heart/daemon/ouro-bot-entry.js",
@@ -9,8 +9,9 @@
   },
   "files": [
     "dist/",
-    "AdoptionSpecialist.ouro/",
-    "subagents/",
+    "SerpentGuide.ouro/",
+    "RepairGuide.ouro/",
+    "skills/",
     "assets/",
     "changelog.json"
   ],
@@ -19,36 +20,66 @@
     "./runOuroCli": "./dist/heart/daemon/daemon-cli.js"
   },
   "scripts": {
-    "dev": "tsc && node dist/senses/cli-entry.js --agent ouroboros",
+    "dev": "tsc && node dist/heart/daemon/ouro-bot-entry.js dev",
+    "cli": "tsc && node dist/senses/cli-entry.js",
     "daemon": "tsc && node dist/heart/daemon/daemon-entry.js",
     "ouro": "tsc && node dist/heart/daemon/ouro-entry.js",
     "teams": "tsc && node dist/senses/teams-entry.js --agent ouroboros",
-    "bluebubbles": "tsc && node dist/senses/bluebubbles-entry.js --agent ouroboros",
+    "bluebubbles": "tsc && node dist/senses/bluebubbles/entry.js --agent ouroboros",
     "test": "vitest run",
+    "test:integration": "npm run build && vitest run --config vitest.integration.config.ts",
+    "test:e2e:package": "npm run build && node scripts/package-e2e.cjs",
+    "test:e2e:real-smoke": "npm run build && node scripts/nightly-real-smoke.cjs",
+    "typecheck:mailbox-ui": "tsc --noEmit -p packages/mailbox-ui/tsconfig.json",
+    "test:mailbox-ui": "npm test --prefix packages/mailbox-ui",
     "test:coverage:vitest": "vitest run --coverage",
     "test:coverage": "node scripts/run-coverage-gate.cjs",
-    "build": "tsc",
+    "build": "tsc && (cd packages/mailbox-ui && npm install --ignore-scripts 2>/dev/null && npm run build && cd ../.. && node scripts/copy-mailbox-ui.cjs) || echo 'mailbox-ui build skipped'",
     "lint": "eslint src/",
+    "release:preflight": "node scripts/release-preflight.cjs",
+    "release:smoke": "node scripts/release-smoke.cjs",
     "audit:nerves": "npm run build && node dist/nerves/coverage/cli-main.js"
   },
   "dependencies": {
     "@anthropic-ai/sdk": "^0.78.0",
+    "@azure/identity": "^4.13.0",
+    "@azure/storage-blob": "^12.31.0",
+    "@microsoft/teams.api": "2.0.5",
     "@microsoft/teams.apps": "^2.0.5",
+    "@microsoft/teams.cards": "2.0.5",
+    "@microsoft/teams.common": "2.0.5",
     "@microsoft/teams.dev": "^2.0.5",
+    "@microsoft/teams.graph": "2.0.5",
+    "@types/react": "^17.0.91",
     "fast-glob": "^3.3.3",
+    "ink": "^3.2.0",
+    "mailparser": "^3.9.8",
     "openai": "^6.27.0",
-    "semver": "^7.7.4"
+    "react": "^17.0.2",
+    "semver": "^7.7.4",
+    "smtp-server": "^3.18.4",
+    "stripe": "^22.0.0"
   },
   "repository": {
     "type": "git",
     "url": "https://github.com/ouroborosbot/ouroboros"
   },
   "devDependencies": {
+    "@testing-library/react": "^16.3.2",
+    "@types/mailparser": "^3.4.6",
     "@types/semver": "^7.7.1",
+    "@types/smtp-server": "^3.5.13",
     "@vitest/coverage-v8": "^4.0.18",
     "eslint": "^10.0.2",
+    "jsdom": "^29.0.2",
     "typescript": "^5.7.0",
     "typescript-eslint": "^8.56.1",
     "vitest": "^4.0.18"
+  },
+  "overrides": {
+    "@testing-library/react": {
+      "react": "$react",
+      "@types/react": "$@types/react"
+    }
   }
 }

package/skills/agent-commerce.md

@@ -0,0 +1,106 @@
+# Agent Commerce Skill
+
+How to book, purchase, and pay for things on behalf of humans.
+
+## Three Patterns
+
+### Pattern A: API (Structured, Preferred)
+
+For services with direct API access: Duffel flights, LiteAPI hotels.
+
+1. Search using the API tool (`flight_search`, LiteAPI MCP)
+2. Present options to the human with prices and details
+3. Human approves a specific option and price
+4. Book using the API tool with passenger data from `user_profile_get`
+5. Create a single-use virtual card via `stripe_create_card`
+6. Complete payment through the API
+7. Deactivate the card via `stripe_deactivate_card`
+8. Confirm booking to the human
+
+**Key tools**: `flight_search`, `flight_book`, `flight_cancel`, `user_profile_get`, `user_profile_store`, `stripe_create_card`, `stripe_deactivate_card`, `stripe_list_cards`
+
+### Pattern B: Browser (Best-Effort)
+
+For sites without API access, use browser automation via Playwright MCP.
+
+1. Navigate to the booking site
+2. Search for the requested service
+3. Fill forms using data from `user_profile_get`
+4. Use a virtual card from `stripe_create_card` for payment
+5. If blocked by anti-bot measures, fall back to Pattern C
+6. Complete and confirm the booking
+
+**Limitations**: Browser automation is fragile. Sites may block, layouts change, CAPTCHAs appear. Always have Pattern C as fallback.
+
+### Pattern C: Link-Only (Primary for Hostile Sites)
+
+For sites that block automation or require complex human interaction.
+
+1. Research the best options using browser tools or API tools
+2. Prepare a curated link with pre-filled parameters where possible
+3. Send the link to the human with a summary of what to book
+4. Human completes the booking in their own browser
+
+**When to use**: Always use Pattern C as the primary approach for sites known to block automation (most airline direct sites, hotel chains, rental car sites). Pattern B is best-effort, not reliable.
+
+## Payment autonomy Levels
+
+- **Level 0**: No autonomous payments. Agent researches, human pays manually.
+- **Level 1**: Agent creates virtual cards, human approves each transaction explicitly.
+- **Level 2**: Agent can book pre-approved items (within budget, approved categories) without per-transaction approval.
+- **Level 3**: Full delegation with spending limits. Agent manages a budget and books as needed.
+
+Default is Level 1. Level changes require explicit human approval.
+
+## Error Handling
+
+### Price Change Guard
+Before completing a booking, verify the final price matches the approved price within 5%. If the price changed more than 5%, stop and report to the human. Never pay a price the human didn't approve.
+
+### Partial Failure Reporting
+When booking involves multiple services (e.g., flight + hotel), each service may succeed or fail independently — this is a partial failure scenario. Report the status of each service separately. **Never auto-cancel a successful booking because a related booking failed.** Let the human decide.
+
+Example: "Flight SFO-JFK booked (confirmation: ABC123). Hotel booking failed: no availability for those dates. Would you like me to search for alternative hotels?"
+
+### Refund Flow
+If a booking fails after card creation:
+1. Deactivate the virtual card immediately
+2. Report the failure to the human
+3. If a charge was made, note it for the human to follow up with the provider
+
+## CAPTCHA Handling
+
+When a CAPTCHA appears during browser automation (Pattern B):
+1. Take a screenshot and send it to the human
+2. Explain what page you're on and what you were trying to do
+3. Ask the human to solve the CAPTCHA in their own browser
+4. Switch to Pattern C (link-only) for this transaction
+
+Never attempt to solve CAPTCHAs programmatically.
+
+## Card Number Isolation
+
+Card numbers must NEVER appear in:
+- Tool return values shown to the model
+- Nerves events or logs
+- Chat messages to the human
+- Any stored state or written notes
+
+The only place card numbers exist is inside the Stripe client's internal payment flow functions, scoped to a single function call. The model only ever sees card IDs and last-4 digits.
+
+## Profile Data Usage
+
+Access profile data only when needed for the current transaction:
+- `user_profile_get` to retrieve specific fields (never dump full profile)
+- Passport data only for international bookings
+- Loyalty program numbers only when booking with that program
+- Emergency contact only when the booking service requires it
+
+## Self-Test
+
+Before first use, run the commerce self-test to verify all services are configured:
+- Stripe: creates and deactivates a test virtual card
+- Duffel: runs a test flight search
+- LiteAPI: verifies API key in vault
+
+Report results to the human with actionable next steps for any failures.