@ouro.bot/cli 0.1.0-alpha.55 → 0.1.0-alpha.551

package/dist/heart/daemon/readiness-repair.js

@@ -0,0 +1,365 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.vaultLockedIssue = vaultLockedIssue;
+exports.vaultUnconfiguredIssue = vaultUnconfiguredIssue;
+exports.providerCredentialMissingIssue = providerCredentialMissingIssue;
+exports.providerLiveCheckFix = providerLiveCheckFix;
+exports.preferredConnectRepairAction = preferredConnectRepairAction;
+exports.providerLiveCheckFailedIssue = providerLiveCheckFailedIssue;
+exports.genericReadinessIssue = genericReadinessIssue;
+exports.isKnownReadinessIssue = isKnownReadinessIssue;
+exports.renderReadinessIssue = renderReadinessIssue;
+exports.renderReadinessIssueNextSteps = renderReadinessIssueNextSteps;
+exports.runGuidedReadinessRepair = runGuidedReadinessRepair;
+const runtime_1 = require("../../nerves/runtime");
+const human_readiness_1 = require("./human-readiness");
+const human_command_screens_1 = require("./human-command-screens");
+function vaultLockedIssue(agentName) {
+    return {
+        kind: "vault-locked",
+        severity: "blocked",
+        actor: "human-required",
+        summary: `${agentName}: vault locked`,
+        detail: "Pick the path that matches what the human actually has. Ouro will not print or store the unlock secret as a portable file.",
+        actions: [
+            {
+                kind: "vault-unlock",
+                label: "Unlock with saved secret",
+                command: `ouro vault unlock --agent ${agentName}`,
+                actor: "human-required",
+            },
+            {
+                kind: "vault-replace",
+                label: "Create empty replacement vault",
+                command: `ouro vault replace --agent ${agentName}`,
+                actor: "human-required",
+            },
+            {
+                kind: "vault-recover",
+                label: "Recover from JSON export",
+                command: `ouro vault recover --agent ${agentName} --from <json>`,
+                actor: "human-required",
+                executable: false,
+            },
+        ],
+    };
+}
+function vaultUnconfiguredIssue(agentName) {
+    return {
+        kind: "vault-unconfigured",
+        severity: "blocked",
+        actor: "human-required",
+        summary: `${agentName}: vault not configured`,
+        detail: "This bundle does not have a vault locator in agent.json yet. Create the agent vault before authenticating providers.",
+        actions: [
+            {
+                kind: "vault-create",
+                label: "Create this agent's vault",
+                command: `ouro vault create --agent ${agentName}`,
+                actor: "human-required",
+            },
+            {
+                kind: "vault-recover",
+                label: "Recover from JSON export",
+                command: `ouro vault recover --agent ${agentName} --from <json>`,
+                actor: "human-required",
+                executable: false,
+            },
+        ],
+    };
+}
+function providerCredentialMissingIssue(input) {
+    return {
+        kind: "provider-credentials-missing",
+        severity: "blocked",
+        actor: "human-required",
+        summary: `${input.agentName}: missing ${input.provider} credentials (${input.lane}, ${input.model})`,
+        detail: `source: ${input.credentialPath}`,
+        actions: [
+            {
+                kind: "provider-auth",
+                label: `Authenticate ${input.provider}`,
+                command: `ouro auth --agent ${input.agentName} --provider ${input.provider}`,
+                actor: "human-required",
+                provider: input.provider,
+            },
+            {
+                kind: "provider-use",
+                label: "Choose another provider/model",
+                command: `ouro use --agent ${input.agentName} --lane ${input.lane} --provider <provider> --model <model>`,
+                actor: "human-choice",
+                executable: false,
+                lane: input.lane,
+            },
+        ],
+    };
+}
+function normalizeProviderLiveCheckClassification(classification) {
+    switch (classification) {
+        case "auth-failure":
+        case "usage-limit":
+        case "rate-limit":
+        case "server-error":
+        case "network-error":
+        case "unknown":
+            return classification;
+        default:
+            return "unknown";
+    }
+}
+function providerUseAction(input) {
+    return {
+        kind: "provider-use",
+        label: "Choose a different working provider/model",
+        command: `ouro use --agent ${input.agentName} --lane ${input.lane} --provider <provider> --model <model>`,
+        actor: "human-choice",
+        executable: false,
+        lane: input.lane,
+    };
+}
+function providerAuthAction(input) {
+    return {
+        kind: "provider-auth",
+        label: `Refresh ${input.provider} credentials`,
+        command: `ouro auth --agent ${input.agentName} --provider ${input.provider}`,
+        actor: "human-required",
+        provider: input.provider,
+    };
+}
+function providerRetryAction(input) {
+    return {
+        kind: "provider-retry",
+        label: input.label,
+        command: `ouro repair --agent ${input.agentName}`,
+        actor: "human-choice",
+        executable: false,
+    };
+}
+function providerLiveCheckFix(input) {
+    const classification = normalizeProviderLiveCheckClassification(input.classification);
+    const authCommand = `ouro auth --agent ${input.agentName} --provider ${input.provider}`;
+    const useCommand = `ouro use --agent ${input.agentName} --lane ${input.lane} --provider <provider> --model <model>`;
+    switch (classification) {
+        case "auth-failure":
+            return `Run '${authCommand}' to refresh credentials, or run '${useCommand}' to choose another provider/model for this lane.`;
+        case "usage-limit":
+            return `This usually means ${input.provider} hit a usage limit. Restore quota, then run 'ouro up' again. Or run '${useCommand}' to choose another provider/model for this lane.`;
+        case "rate-limit":
+            return `Run 'ouro up' again after a short wait. Or run '${useCommand}' to choose another provider/model for this lane.`;
+        case "server-error":
+            return `Run 'ouro up' again in a moment. If ${input.provider} keeps failing, run '${useCommand}' to choose another provider/model for this lane.`;
+        case "network-error":
+            return `Check the network or provider availability, then run 'ouro up' again. Or run '${useCommand}' to choose another provider/model for this lane.`;
+        case "unknown":
+            return `Run 'ouro up' again. If it keeps failing, run '${authCommand}' to refresh credentials or '${useCommand}' to choose another provider/model for this lane.`;
+    }
+}
+function providerLiveCheckActions(input) {
+    const classification = normalizeProviderLiveCheckClassification(input.classification);
+    const useAction = providerUseAction(input);
+    const authAction = providerAuthAction(input);
+    switch (classification) {
+        case "auth-failure":
+            return [authAction, useAction];
+        case "usage-limit":
+            return [
+                providerRetryAction({ agentName: input.agentName, label: "After restoring quota, check again" }),
+                useAction,
+            ];
+        case "rate-limit":
+            return [
+                providerRetryAction({ agentName: input.agentName, label: "Give it a minute, then check again" }),
+                useAction,
+            ];
+        case "server-error":
+            return [
+                providerRetryAction({ agentName: input.agentName, label: "Check again in a moment" }),
+                useAction,
+            ];
+        case "network-error":
+            return [
+                providerRetryAction({ agentName: input.agentName, label: "Check again after the network settles" }),
+                useAction,
+                authAction,
+            ];
+        case "unknown":
+            return [
+                providerRetryAction({ agentName: input.agentName, label: "Check again" }),
+                authAction,
+                useAction,
+            ];
+    }
+}
+function preferredConnectRepairAction(issue) {
+    if (!issue)
+        return undefined;
+    if (issue.kind === "provider-live-check-failed" && issue.actions[0]?.kind === "provider-retry") {
+        return issue.actions.find((action) => action.kind !== "provider-retry") ?? issue.actions[0];
+    }
+    return issue.actions[0];
+}
+function providerLiveCheckFailedIssue(input) {
+    return {
+        kind: "provider-live-check-failed",
+        severity: "blocked",
+        actor: "human-choice",
+        summary: `${input.agentName}: ${input.lane} provider ${input.provider} / ${input.model} failed live check`,
+        detail: input.message,
+        actions: providerLiveCheckActions(input),
+    };
+}
+function genericReadinessIssue(input) {
+    return {
+        kind: "generic",
+        severity: "degraded",
+        actor: "human-choice",
+        summary: input.summary,
+        ...(input.detail ? { detail: input.detail } : {}),
+        actions: input.fix
+            ? [{
+                    kind: "provider-use",
+                    label: "Follow the printed fix",
+                    command: input.fix,
+                    actor: "human-choice",
+                    executable: false,
+                }]
+            : [],
+    };
+}
+function isKnownReadinessIssue(issue) {
+    return !!issue && issue.kind !== "generic";
+}
+function renderReadinessIssue(issue) {
+    const lines = [issue.summary];
+    if (issue.detail) {
+        lines.push(`  ${issue.detail}`);
+    }
+    if (issue.actions.length > 0) {
+        lines.push("");
+    }
+    issue.actions.forEach((action, index) => {
+        if (index > 0)
+            lines.push("");
+        lines.push(`${index + 1}. ${action.label}`);
+        lines.push(`   ${action.command}`);
+    });
+    if (issue.actions.length > 0) {
+        lines.push("");
+    }
+    lines.push(`${issue.actions.length + 1}. Skip for now`);
+    return lines.join("\n");
+}
+function renderReadinessIssueNextSteps(issue) {
+    const lines = [issue.summary];
+    if (issue.detail && issue.kind !== "vault-locked") {
+        lines.push(`  ${issue.detail}`);
+    }
+    issue.actions.forEach((action, index) => {
+        lines.push(`  ${index === 0 ? "next" : "or"}: ${action.command}`);
+    });
+    return lines;
+}
+function selectedActionFor(answer, issue) {
+    const selected = Number.parseInt(answer.trim(), 10);
+    if (!Number.isFinite(selected))
+        return null;
+    if (selected === issue.actions.length + 1)
+        return "skip";
+    if (selected < 1 || selected > issue.actions.length)
+        return null;
+    /* v8 ignore next -- defensive: bounds were checked above, but keep sparse arrays harmless @preserve */
+    return issue.actions[selected - 1] ?? null;
+}
+function isExecutableAction(action) {
+    if (action.executable === false)
+        return false;
+    return !action.command.includes("<");
+}
+async function runGuidedReadinessRepair(reports, deps) {
+    (0, runtime_1.emitNervesEvent)({
+        level: "info",
+        component: "daemon",
+        event: "daemon.readiness_repair_start",
+        message: "guided readiness repair started",
+        meta: { reportCount: reports.length },
+    });
+    let repairsAttempted = false;
+    for (const report of reports) {
+        if (report.ok || report.issues.length === 0)
+            continue;
+        for (const issue of report.issues) {
+            if (deps.isTTY) {
+                const snapshot = (0, human_readiness_1.buildHumanReadinessSnapshot)({
+                    agent: report.agent,
+                    title: `Repair ${report.agent}`,
+                    items: [
+                        (0, human_readiness_1.readinessItemFromIssue)(issue, {
+                            key: `${report.agent}:${issue.kind}`,
+                            title: issue.summary,
+                        }),
+                    ],
+                });
+                deps.writeStdout((0, human_command_screens_1.renderHumanReadinessBoard)({
+                    agent: report.agent,
+                    title: `Repair ${report.agent}`,
+                    subtitle: "Choose the path that matches what the human actually has.",
+                    snapshot,
+                    isTTY: true,
+                    columns: deps.stdoutColumns,
+                    prompt: `Choose [1-${issue.actions.length + 1}]: `,
+                }).trimEnd());
+            }
+            else {
+                deps.writeStdout(renderReadinessIssue(issue));
+            }
+            if (!deps.promptInput) {
+                deps.writeStdout(`manual repair required for ${report.agent}; run one of the commands above.`);
+                continue;
+            }
+            const answer = await deps.promptInput(`Choose [1-${issue.actions.length + 1}]: `);
+            const action = selectedActionFor(answer, issue);
+            if (action === "skip") {
+                deps.writeStdout(`skipped ${report.agent} for now.`);
+                continue;
+            }
+            if (!action) {
+                deps.writeStdout(`invalid choice for ${report.agent}; no repair attempted.`);
+                continue;
+            }
+            if (!isExecutableAction(action)) {
+                deps.writeStdout(`manual step for ${report.agent}: ${action.command}`);
+                continue;
+            }
+            if (!deps.runRepairAction) {
+                deps.writeStdout(`repair runner unavailable for ${report.agent}; run \`${action.command}\` manually.`);
+                continue;
+            }
+            try {
+                deps.onActionAttempted?.(report.agent, action, issue);
+                await deps.runRepairAction(report.agent, action, issue);
+                repairsAttempted = true;
+                deps.writeStdout(`repair step finished for ${report.agent}.`);
+            }
+            catch (error) {
+                const message = error instanceof Error ? error.message : String(error);
+                repairsAttempted = true;
+                deps.writeStdout(`repair error for ${report.agent}: ${message}`);
+                (0, runtime_1.emitNervesEvent)({
+                    level: "error",
+                    component: "daemon",
+                    event: "daemon.readiness_repair_error",
+                    message: "guided readiness repair action failed",
+                    meta: { agent: report.agent, issue: issue.kind, action: action.kind, error: message },
+                });
+            }
+        }
+    }
+    (0, runtime_1.emitNervesEvent)({
+        level: "info",
+        component: "daemon",
+        event: "daemon.readiness_repair_end",
+        message: "guided readiness repair completed",
+        meta: { repairsAttempted },
+    });
+    return { repairsAttempted };
+}

package/dist/heart/daemon/run-hooks.js

@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.runHooks = runHooks;
 const runtime_1 = require("../../nerves/runtime");
 const bundle_meta_1 = require("./hooks/bundle-meta");
+const agent_config_v2_1 = require("./hooks/agent-config-v2");
 async function runHooks(deps) {
     (0, runtime_1.emitNervesEvent)({
         component: "daemon",
@@ -12,6 +13,7 @@ async function runHooks(deps) {
     });
     try {
         deps.registerUpdateHook(bundle_meta_1.bundleMetaHook);
+        deps.registerUpdateHook(agent_config_v2_1.agentConfigV2Hook);
         const currentVersion = deps.getPackageVersion();
         await deps.applyPendingUpdates(deps.bundlesRoot, currentVersion);
         (0, runtime_1.emitNervesEvent)({

package/dist/heart/daemon/runtime-logging.js

@@ -35,53 +35,104 @@ var __importStar = (this && this.__importStar) || (function () {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.configureDaemonRuntimeLogger = configureDaemonRuntimeLogger;
 const fs = __importStar(require("fs"));
-const os = __importStar(require("os"));
 const path = __importStar(require("path"));
 const nerves_1 = require("../../nerves");
 const runtime_1 = require("../../nerves/runtime");
-const DEFAULT_RUNTIME_LOGGING = {
+const identity_1 = require("../identity");
+const LEGACY_SHARED_RUNTIME_LOGGING = {
     level: "info",
     sinks: ["terminal", "ndjson"],
 };
-function defaultLevelForProcess(processName) {
-    return processName === "daemon" ? "info" : "warn";
+function defaultLoggingForProcess(processName) {
+    if (processName === "ouro" || processName === "ouro-bot") {
+        return {
+            level: "info",
+            sinks: ["ndjson"],
+        };
+    }
+    if (processName === "bluebubbles" || processName === "mail") {
+        return {
+            level: "warn",
+            sinks: ["terminal", "ndjson"],
+        };
+    }
+    return { ...LEGACY_SHARED_RUNTIME_LOGGING };
 }
 function isLogLevel(value) {
     return value === "debug" || value === "info" || value === "warn" || value === "error";
 }
+function normalizeSinks(value, fallback) {
+    if (!Array.isArray(value)) {
+        return [...fallback];
+    }
+    const sinks = value.filter((entry) => entry === "terminal" || entry === "ndjson");
+    return sinks.length > 0 ? [...new Set(sinks)] : [...fallback];
+}
+function isLegacySharedDefaultConfig(candidate, normalizedLevel, normalizedSinks) {
+    return normalizedLevel === LEGACY_SHARED_RUNTIME_LOGGING.level
+        && normalizedSinks.length === LEGACY_SHARED_RUNTIME_LOGGING.sinks.length
+        && LEGACY_SHARED_RUNTIME_LOGGING.sinks.every((sink) => normalizedSinks.includes(sink))
+        && Object.keys(candidate).every((key) => key === "level" || key === "sinks");
+}
 function resolveRuntimeLoggingConfig(configPath, processName) {
-    const defaultLevel = defaultLevelForProcess(processName);
+    const processDefault = defaultLoggingForProcess(processName);
     let parsed = null;
     try {
         const raw = fs.readFileSync(configPath, "utf-8");
         parsed = JSON.parse(raw);
     }
     catch {
-        return { ...DEFAULT_RUNTIME_LOGGING, level: defaultLevel };
+        return { ...processDefault };
     }
     if (!parsed || typeof parsed !== "object") {
-        return { ...DEFAULT_RUNTIME_LOGGING, level: defaultLevel };
+        return { ...processDefault };
     }
     const candidate = parsed;
-    const level = isLogLevel(candidate.level) ? candidate.level : defaultLevel;
-    const sinks = Array.isArray(candidate.sinks)
-        ? candidate.sinks.filter((entry) => entry === "terminal" || entry === "ndjson")
-        : DEFAULT_RUNTIME_LOGGING.sinks;
+    const level = isLogLevel(candidate.level) ? candidate.level : processDefault.level;
+    const sinks = normalizeSinks(candidate.sinks, processDefault.sinks);
+    if ((processName === "ouro" || processName === "ouro-bot")
+        && isLegacySharedDefaultConfig(candidate, level, sinks)) {
+        return { ...processDefault };
+    }
     return {
         level,
-        sinks: sinks.length > 0 ? [...new Set(sinks)] : [...DEFAULT_RUNTIME_LOGGING.sinks],
+        sinks,
     };
 }
+function resolveAgentNameForPaths(explicit) {
+    if (explicit && explicit.trim().length > 0)
+        return explicit.trim();
+    try {
+        return (0, identity_1.getAgentName)();
+    }
+    catch {
+        return "slugger";
+    }
+}
 function configureDaemonRuntimeLogger(processName, options = {}) {
-    const homeDir = options.homeDir ?? os.homedir();
-    const configPath = options.configPath ?? path.join(homeDir, ".agentstate", "daemon", "logging.json");
+    const agentName = resolveAgentNameForPaths(options.agentName);
+    const configPath = options.configPath
+        ?? (options.homeDir
+            ? path.join(options.homeDir, "AgentBundles", `${agentName}.ouro`, "state", "daemon", "logging.json")
+            : (0, identity_1.getAgentDaemonLoggingConfigPath)(agentName));
     const config = resolveRuntimeLoggingConfig(configPath, processName);
+    const logsDir = options.homeDir
+        ? path.join(options.homeDir, "AgentBundles", `${agentName}.ouro`, "state", "daemon", "logs")
+        : (0, identity_1.getAgentDaemonLogsDir)(agentName);
+    // Rotation policy per daemon ndjson stream (Unit 1c):
+    //   25 MB threshold x 5 gzipped generations = ~30 MB peak per stream.
+    // Call sites previously relied on the implicit 50 MB default; we now pass
+    // the options object explicitly so the policy is visible at the call site.
     const sinks = config.sinks.map((sinkName) => {
         if (sinkName === "terminal") {
             return (0, nerves_1.createTerminalSink)();
         }
-        const ndjsonPath = path.join(homeDir, ".agentstate", "daemon", "logs", `${processName}.ndjson`);
-        return (0, nerves_1.createNdjsonFileSink)(ndjsonPath);
+        const ndjsonPath = path.join(logsDir, `${processName}.ndjson`);
+        return (0, nerves_1.createNdjsonFileSink)(ndjsonPath, {
+            maxSizeBytes: 25 * 1024 * 1024,
+            maxGenerations: 5,
+            compress: true,
+        });
     });
     const logger = (0, nerves_1.createLogger)({
         level: config.level,

package/dist/heart/daemon/runtime-metadata.js

@@ -36,7 +36,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.getRuntimeMetadata = getRuntimeMetadata;
 const crypto_1 = require("crypto");
 const fs = __importStar(require("fs"));
-const os = __importStar(require("os"));
 const path = __importStar(require("path"));
 const childProcess = __importStar(require("child_process"));
 const identity_1 = require("../identity");
@@ -87,19 +86,7 @@ function readLastUpdated(repoRoot, packageJsonPath, statSyncImpl, execFileSyncIm
         return { value: UNKNOWN_METADATA, source: "unknown" };
     }
 }
-function readHomeDir() {
-    const homedirImpl = optionalFunction(os, "homedir");
-    if (!homedirImpl) {
-        return null;
-    }
-    try {
-        return homedirImpl.call(os);
-    }
-    catch {
-        return null;
-    }
-}
-function listConfigTargets(bundlesRoot, secretsRoot, daemonLoggingPath, readdirSyncImpl) {
+function listConfigTargets(bundlesRoot, daemonLoggingPath, readdirSyncImpl) {
     if (!readdirSyncImpl)
         return [];
     const targets = new Set();
@@ -117,19 +104,6 @@ function listConfigTargets(bundlesRoot, secretsRoot, daemonLoggingPath, readdirS
     catch {
         // ignore unreadable bundle roots
     }
-    if (secretsRoot) {
-        try {
-            const secretEntries = readdirSyncImpl(secretsRoot, { withFileTypes: true });
-            for (const entry of secretEntries) {
-                if (!entry.isDirectory())
-                    continue;
-                targets.add(path.join(secretsRoot, entry.name, "secrets.json"));
-            }
-        }
-        catch {
-            // ignore unreadable secrets roots
-        }
-    }
     return [...targets].sort();
 }
 function readConfigFingerprint(targets, readFileSyncImpl, existsSyncImpl) {
@@ -172,9 +146,7 @@ function readConfigFingerprint(targets, readFileSyncImpl, existsSyncImpl) {
 function getRuntimeMetadata(deps = {}) {
     const repoRoot = deps.repoRoot ?? (0, identity_1.getRepoRoot)();
     const bundlesRoot = deps.bundlesRoot ?? (0, identity_1.getAgentBundlesRoot)();
-    const homeDir = readHomeDir();
-    const secretsRoot = deps.secretsRoot ?? (homeDir ? path.join(homeDir, ".agentsecrets") : null);
-    const daemonLoggingPath = deps.daemonLoggingPath ?? (homeDir ? path.join(homeDir, ".agentstate", "daemon", "logging.json") : null);
+    const daemonLoggingPath = deps.daemonLoggingPath ?? (0, identity_1.getAgentDaemonLoggingConfigPath)();
     const readFileSyncImpl = deps.readFileSync ?? optionalFunction(fs, "readFileSync")?.bind(fs) ?? null;
     const statSyncImpl = deps.statSync ?? optionalFunction(fs, "statSync")?.bind(fs) ?? null;
     const readdirSyncImpl = deps.readdirSync ?? optionalFunction(fs, "readdirSync")?.bind(fs) ?? null;
@@ -191,7 +163,7 @@ function getRuntimeMetadata(deps = {}) {
             throw new Error("git unavailable");
         }))
         : { value: UNKNOWN_METADATA, source: "unknown" };
-    const configTargets = listConfigTargets(bundlesRoot, secretsRoot, daemonLoggingPath, readdirSyncImpl);
+    const configTargets = listConfigTargets(bundlesRoot, daemonLoggingPath, readdirSyncImpl);
     const configFingerprint = readConfigFingerprint(configTargets, readFileSyncImpl, existsSyncImpl);
     (0, runtime_1.emitNervesEvent)({
         component: "daemon",