@ouro.bot/cli 0.1.0-alpha.553 → 0.1.0-alpha.555

package/dist/heart/daemon/doctor.js

@@ -108,15 +108,6 @@ const SENSITIVE_CONFIG_KEYS = ["apiKey", "token", "secret", "password"];
 function credentialKeyLeaks(raw) {
     return SENSITIVE_CONFIG_KEYS.filter((key) => raw.includes(`"${key}"`));
 }
-function checkCredentialLeak(checks, label, raw) {
-    const found = credentialKeyLeaks(raw);
-    if (found.length > 0) {
-        checks.push({ label, status: "warn", detail: `contains credential-looking keys: ${found.join(", ")}` });
-    }
-    else {
-        checks.push({ label, status: "pass", detail: "no credential keys" });
-    }
-}
 function checkAgents(deps) {
     const checks = [];
     if (!deps.existsSync(deps.bundlesRoot)) {
@@ -368,15 +359,6 @@ function checkSecurity(deps) {
                 checks.push({ label: `${agentDir} credential leak`, status: "fail", detail: "could not read agent.json" });
             }
         }
-        const providerStatePath = `${deps.bundlesRoot}/${agentDir}/state/providers.json`;
-        if (deps.existsSync(providerStatePath)) {
-            try {
-                checkCredentialLeak(checks, `${agentDir} state/providers.json credential leak`, deps.readFileSync(providerStatePath));
-            }
-            catch {
-                checks.push({ label: `${agentDir} state/providers.json credential leak`, status: "fail", detail: "could not read state/providers.json" });
-            }
-        }
     }
     if (checks.length === 0) {
         checks.push({ label: "security", status: "warn", detail: "no agents found" });

package/dist/heart/daemon/inner-status.js

@@ -74,18 +74,6 @@ function buildInnerStatusOutput(input) {
     // Attention
     const thoughtWord = attentionCount === 1 ? "thought" : "thoughts";
     lines.push(`  attention: ${attentionCount} held ${thoughtWord}`);
-    // Layer 4 drift advisory. Renders one line per finding with the
-    // lane, intent vs observed binding, and the copy-pasteable repair
-    // command. Suppressed entirely when no findings exist (or the field
-    // is absent — pre-Layer-4 callers).
-    const driftFindings = input.driftFindings ?? [];
-    if (driftFindings.length > 0) {
-        lines.push("  drift advisory:");
-        for (const finding of driftFindings) {
-            lines.push(`    - ${finding.lane}: intent ${finding.intentProvider}/${finding.intentModel} vs observed ${finding.observedProvider}/${finding.observedModel}`);
-            lines.push(`      repair: ${finding.repairCommand}`);
-        }
-    }
     (0, runtime_1.emitNervesEvent)({
         component: "daemon",
         event: "daemon.inner_status_read",
@@ -95,7 +83,6 @@ function buildInnerStatusOutput(input) {
             status: runtimeState?.status ?? "unknown",
             journalCount: journalFiles.length,
             attentionCount,
-            driftCount: driftFindings.length,
         },
     });
     return lines.join("\n");

package/dist/heart/hatch/hatch-flow.js

@@ -44,9 +44,6 @@ const runtime_1 = require("../../nerves/runtime");
 const auth_flow_1 = require("../auth/auth-flow");
 const provider_models_1 = require("../provider-models");
 const habit_parser_1 = require("../habits/habit-parser");
-const machine_identity_1 = require("../machine-identity");
-const provider_credentials_1 = require("../provider-credentials");
-const provider_state_1 = require("../provider-state");
 const hatch_specialist_1 = require("./hatch-specialist");
 function requiredCredentialKeys(provider) {
     return identity_1.PROVIDER_CREDENTIALS[provider].required;
@@ -134,22 +131,6 @@ function writeHatchlingAgentConfig(bundleRoot, input) {
     template.enabled = true;
     fs.writeFileSync(path.join(bundleRoot, "agent.json"), `${JSON.stringify(template, null, 2)}\n`, "utf-8");
 }
-function writeHatchlingProviderState(bundleRoot, input, now) {
-    const model = (0, provider_models_1.getDefaultModelForProvider)(input.provider);
-    const machine = (0, machine_identity_1.loadOrCreateMachineIdentity)({
-        homeDir: (0, provider_credentials_1.providerCredentialMachineHomeDir)(),
-        now: () => now,
-    });
-    const state = (0, provider_state_1.bootstrapProviderStateFromAgentConfig)({
-        machineId: machine.machineId,
-        now,
-        agentConfig: {
-            humanFacing: { provider: input.provider, model },
-            agentFacing: { provider: input.provider, model },
-        },
-    });
-    (0, provider_state_1.writeProviderState)(bundleRoot, state);
-}
 async function runHatchFlow(input, deps = {}) {
     (0, runtime_1.emitNervesEvent)({
         component: "daemon",
@@ -186,7 +167,6 @@ async function runHatchFlow(input, deps = {}) {
     writeReadme(path.join(bundleRoot, "senses", "teams"), "Teams sense config.");
     writeHatchlingAgentConfig(bundleRoot, input);
     const credentialPath = await storeHatchlingProviderCredentials(input.agentName, input.provider, input.credentials);
-    writeHatchlingProviderState(bundleRoot, input, now);
     writeDiaryScaffold(bundleRoot);
     writeFriendImprint(bundleRoot, input.humanName, now);
     writeHeartbeatHabit(bundleRoot, now);

package/dist/heart/provider-binding-resolver.js

@@ -1,16 +1,55 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.normalizeProviderLane = normalizeProviderLane;
 exports.resolveEffectiveProviderBinding = resolveEffectiveProviderBinding;
+const path = __importStar(require("path"));
 const runtime_1 = require("../nerves/runtime");
+const identity_1 = require("./identity");
+const auth_flow_1 = require("./auth/auth-flow");
 const provider_credentials_1 = require("./provider-credentials");
-const provider_state_1 = require("./provider-state");
+const provider_readiness_cache_1 = require("./provider-readiness-cache");
 function legacyLaneWarning(selector, lane) {
     return {
         code: "legacy-lane-selector",
         message: `${selector} is legacy provider wording; using ${lane} lane`,
     };
 }
+function facingKeyForProviderLane(lane) {
+    return lane === "outward" ? "humanFacing" : "agentFacing";
+}
 function normalizeProviderLane(selector) {
     switch (selector) {
         case "outward":
@@ -25,12 +64,10 @@ function normalizeProviderLane(selector) {
             return { lane: "inner", warnings: [legacyLaneWarning(selector, "inner")] };
     }
 }
-function buildUseRepair(agentName, lane, force = false) {
+function buildUseRepair(agentName, lane) {
     return {
-        command: `ouro use --agent ${agentName} --lane ${lane} --provider <provider> --model <model>${force ? " --force" : ""}`,
-        message: force
-            ? `Rewrite this machine's ${lane} provider binding for ${agentName}.`
-            : `Choose the provider/model this machine should use for ${agentName}'s ${lane} lane.`,
+        command: `ouro use --agent ${agentName} --lane ${lane} --provider <provider> --model <model>`,
+        message: `Choose the provider/model ${agentName}'s ${lane} lane should use in agent.json.`,
     };
 }
 function buildAuthRepair(agentName, provider) {
@@ -39,16 +76,10 @@ function buildAuthRepair(agentName, provider) {
         message: `Store ${provider} credentials in ${agentName}'s vault.`,
     };
 }
-function missingProviderStateWarning(agentName) {
-    return {
-        code: "provider-state-missing",
-        message: `No local provider binding exists for ${agentName} on this machine.`,
-    };
-}
-function invalidProviderStateWarning(agentName) {
+function invalidAgentConfigWarning(agentName, error) {
     return {
-        code: "provider-state-invalid",
-        message: `Local provider binding state for ${agentName} is invalid.`,
+        code: "agent-config-invalid",
+        message: `agent.json provider selection for ${agentName} is invalid: ${error}`,
     };
 }
 function missingCredentialWarning(provider) {
@@ -121,120 +152,101 @@ function resolveCredential(poolResult, provider, agentName) {
         warnings: [missingCredentialWarning(provider)],
     };
 }
-function readinessFromState(readiness) {
-    return {
-        status: readiness.status,
-        checkedAt: readiness.checkedAt,
-        credentialRevision: readiness.credentialRevision,
-        error: readiness.error,
-        attempts: readiness.attempts,
-    };
+function resolveReadiness(agentName, lane, provider, model, credential) {
+    if (credential.status === "missing") {
+        return { status: "unknown", reason: "credential-missing" };
+    }
+    if (credential.status === "invalid-pool") {
+        return { status: "unknown", reason: "credential-pool-invalid" };
+    }
+    if (credential.status === "present") {
+        const cached = (0, provider_readiness_cache_1.readProviderLaneReadiness)({
+            agentName,
+            lane,
+            provider,
+            model,
+            credentialRevision: credential.revision,
+        });
+        if (cached) {
+            return {
+                status: cached.status,
+                checkedAt: cached.checkedAt,
+                ...(cached.error ? { error: cached.error } : {}),
+                ...(cached.attempts !== undefined ? { attempts: cached.attempts } : {}),
+            };
+        }
+    }
+    return { status: "unknown" };
 }
-function staleReadiness(readiness, reason) {
-    return {
-        ...readinessFromState(readiness),
-        status: "stale",
-        previousStatus: readiness.status,
-        reason,
-    };
+function isAgentProvider(value) {
+    return typeof value === "string" && Object.prototype.hasOwnProperty.call(identity_1.PROVIDER_CREDENTIALS, value);
 }
-function resolveReadiness(input) {
-    if (!input.readiness) {
-        if (input.credential.status === "not-loaded") {
-            return { readiness: { status: "unknown" }, warnings: [] };
-        }
-        if (input.credential.status === "missing") {
-            return { readiness: { status: "unknown", reason: "credential-missing" }, warnings: [] };
+function resolveAgentConfigLane(input, lane) {
+    const configPath = path.join(input.agentRoot, "agent.json");
+    try {
+        const { config, configPath: resolvedConfigPath } = (0, auth_flow_1.readAgentConfigForAgent)(input.agentName, path.dirname(input.agentRoot));
+        const facingKey = facingKeyForProviderLane(lane);
+        const binding = config[facingKey];
+        /* v8 ignore next -- readAgentConfigForAgent rejects unsupported providers before this defensive guard @preserve */
+        if (!isAgentProvider(binding.provider)) {
+            return { ok: false, configPath: resolvedConfigPath, error: `${facingKey}.provider must be a supported provider` };
         }
-        if (input.credential.status === "invalid-pool") {
-            return { readiness: { status: "unknown", reason: "credential-pool-invalid" }, warnings: [] };
+        const model = typeof binding.model === "string" ? binding.model.trim() : "";
+        if (model.length === 0) {
+            return { ok: false, configPath: resolvedConfigPath, error: `${facingKey}.model must be a non-empty string` };
         }
-        return { readiness: { status: "unknown" }, warnings: [] };
-    }
-    if (input.readiness.provider !== input.provider || input.readiness.model !== input.model) {
         return {
-            readiness: staleReadiness(input.readiness, "provider-model-changed"),
-            warnings: [{
-                    code: "readiness-stale",
-                    message: `${input.provider}/${input.model} readiness is stale because the last check was for ${input.readiness.provider}/${input.readiness.model}.`,
-                }],
-        };
-    }
-    if (input.credential.status === "present"
-        && input.readiness.credentialRevision !== undefined
-        && input.readiness.credentialRevision !== input.credential.revision) {
-        return {
-            readiness: staleReadiness(input.readiness, "credential-revision-changed"),
-            warnings: [{
-                    code: "readiness-stale",
-                    message: `${input.provider}/${input.model} readiness is stale because credential revision changed from ${input.readiness.credentialRevision} to ${input.credential.revision}.`,
-                }],
-        };
-    }
-    if (input.credential.status === "missing") {
-        return {
-            readiness: staleReadiness(input.readiness, "credential-missing"),
-            warnings: [],
+            ok: true,
+            configPath: resolvedConfigPath,
+            provider: binding.provider,
+            model,
         };
     }
-    if (input.credential.status === "invalid-pool") {
+    catch (error) {
         return {
-            readiness: staleReadiness(input.readiness, "credential-pool-invalid"),
-            warnings: [],
+            ok: false,
+            configPath,
+            /* v8 ignore next -- readAgentConfigForAgent/file IO failures are Error instances in supported runtimes @preserve */
+            error: error instanceof Error ? error.message : String(error),
         };
     }
-    if (input.credential.status === "not-loaded") {
-        return { readiness: readinessFromState(input.readiness), warnings: [] };
-    }
-    return { readiness: readinessFromState(input.readiness), warnings: [] };
 }
 function resolveEffectiveProviderBinding(input) {
     const laneResolution = normalizeProviderLane(input.lane);
-    const stateResult = (0, provider_state_1.readProviderState)(input.agentRoot);
-    if (!stateResult.ok) {
-        const reason = stateResult.reason === "missing" ? "provider-state-missing" : "provider-state-invalid";
-        const stateWarning = stateResult.reason === "missing"
-            ? missingProviderStateWarning(input.agentName)
-            : invalidProviderStateWarning(input.agentName);
+    const agentConfigResult = resolveAgentConfigLane(input, laneResolution.lane);
+    if (!agentConfigResult.ok) {
         const result = {
             ok: false,
             lane: laneResolution.lane,
-            reason,
-            statePath: stateResult.statePath,
-            warnings: [...laneResolution.warnings, stateWarning],
-            repair: buildUseRepair(input.agentName, laneResolution.lane, stateResult.reason === "invalid"),
+            reason: "agent-config-invalid",
+            configPath: agentConfigResult.configPath,
+            error: agentConfigResult.error,
+            warnings: [...laneResolution.warnings, invalidAgentConfigWarning(input.agentName, agentConfigResult.error)],
+            repair: buildUseRepair(input.agentName, laneResolution.lane),
         };
         (0, runtime_1.emitNervesEvent)({
             component: "config/identity",
             event: "config.provider_binding_resolution_failed",
             message: "provider binding resolution failed",
-            meta: { agentName: input.agentName, lane: laneResolution.lane, reason },
+            meta: { agentName: input.agentName, lane: laneResolution.lane, reason: result.reason },
         });
         return result;
     }
-    const laneBinding = stateResult.state.lanes[laneResolution.lane];
     const poolResult = (0, provider_credentials_1.readProviderCredentialPool)(input.agentName);
-    const credentialResult = resolveCredential(poolResult, laneBinding.provider, input.agentName);
-    const readinessResult = resolveReadiness({
-        provider: laneBinding.provider,
-        model: laneBinding.model,
-        readiness: stateResult.state.readiness[laneResolution.lane],
-        credential: credentialResult.credential,
-    });
+    const credentialResult = resolveCredential(poolResult, agentConfigResult.provider, input.agentName);
+    const readiness = resolveReadiness(input.agentName, laneResolution.lane, agentConfigResult.provider, agentConfigResult.model, credentialResult.credential);
     const warnings = [
         ...laneResolution.warnings,
         ...credentialResult.warnings,
-        ...readinessResult.warnings,
     ];
     const binding = {
         lane: laneResolution.lane,
-        provider: laneBinding.provider,
-        model: laneBinding.model,
-        source: laneBinding.source,
-        machineId: stateResult.state.machineId,
-        statePath: stateResult.statePath,
+        provider: agentConfigResult.provider,
+        model: agentConfigResult.model,
+        source: "agent.json",
+        configPath: agentConfigResult.configPath,
         credential: credentialResult.credential,
-        readiness: readinessResult.readiness,
+        readiness,
         warnings,
     };
     (0, runtime_1.emitNervesEvent)({

package/dist/heart/provider-credentials.js

@@ -372,13 +372,13 @@ async function upsertProviderCredential(input) {
         password: JSON.stringify(payload),
         notes: "Ouro provider credentials. The vault item password is a versioned JSON payload.",
     });
-    input.onProgress?.(`refreshing local provider snapshot from ${input.agentName}'s vault...`);
+    input.onProgress?.(`refreshing in-memory provider credential pool from ${input.agentName}'s vault...`);
     const refreshResult = await refreshProviderCredentialPool(input.agentName, {
         providers: [input.provider],
         onProgress: input.onProgress,
     });
     if (!refreshResult.ok) {
-        throw new Error(`credential stored in vault, but the local provider snapshot could not be refreshed: ${refreshResult.error}. ` +
+        throw new Error(`credential stored in vault, but the in-memory provider credential pool could not be refreshed: ${refreshResult.error}. ` +
             `Run 'ouro provider refresh --agent ${input.agentName}' after fixing vault access, then run 'ouro auth verify --agent ${input.agentName}'.`);
     }
     (0, runtime_1.emitNervesEvent)({

package/dist/heart/provider-failover.js

@@ -268,7 +268,7 @@ async function runMachineProviderFailoverInventory(agentName, currentProvider, o
 }
 /**
  * Re-verify a failover candidate is actually reachable right before we mutate
- * provider state. The inventory ping that produced the candidate may be stale
+ * agent.json. The inventory ping that produced the candidate may be stale
  * (creds revoked between inventory and reply); without this preflight, an
  * agent-driven "switch to <provider>" can move the lane onto an unreachable
  * provider and brick the next turn.

package/dist/heart/provider-readiness-cache.js

@@ -0,0 +1,40 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.recordProviderLaneReadiness = recordProviderLaneReadiness;
+exports.readProviderLaneReadiness = readProviderLaneReadiness;
+exports.clearProviderReadinessCache = clearProviderReadinessCache;
+const runtime_1 = require("../nerves/runtime");
+const readinessByLane = new Map();
+function cacheKey(agentName, lane) {
+    return `${agentName}\0${lane}`;
+}
+function recordProviderLaneReadiness(entry) {
+    readinessByLane.set(cacheKey(entry.agentName, entry.lane), { ...entry });
+    (0, runtime_1.emitNervesEvent)({
+        component: "config/identity",
+        event: "config.provider_readiness_recorded",
+        message: "recorded in-memory provider readiness",
+        meta: {
+            agentName: entry.agentName,
+            lane: entry.lane,
+            provider: entry.provider,
+            model: entry.model,
+            status: entry.status,
+        },
+    });
+}
+function readProviderLaneReadiness(input) {
+    const entry = readinessByLane.get(cacheKey(input.agentName, input.lane));
+    if (!entry)
+        return null;
+    if (entry.provider !== input.provider)
+        return null;
+    if (entry.model !== input.model)
+        return null;
+    if (entry.credentialRevision !== input.credentialRevision)
+        return null;
+    return { ...entry };
+}
+function clearProviderReadinessCache() {
+    readinessByLane.clear();
+}

package/dist/heart/provider-visibility.js

@@ -128,12 +128,12 @@ function formatProviderVisibilityLine(lane) {
 function formatAgentProviderVisibilityForPrompt(visibility) {
     if (visibility.lanes.every((lane) => lane.status === "unconfigured")) {
         return [
-            "provider bindings are not configured on this machine.",
+            "provider bindings are not configured in agent.json.",
             ...visibility.lanes.map((lane) => `- ${formatProviderVisibilityLine(lane)}`),
         ].join("\n");
     }
     return [
-        "runtime uses local provider bindings for this machine:",
+        "runtime uses provider bindings from agent.json:",
         ...visibility.lanes.map((lane) => `- ${formatProviderVisibilityLine(lane)}`),
     ].join("\n");
 }

package/dist/heart/start-of-turn-packet.js

@@ -228,7 +228,7 @@ function renderStartOfTurnPacket(packet) {
         // are actionable "fix your git" signals. bundleState is preferred
         // because it's structured (array of enum values) while syncFailure is
         // a legacy free-form string; both render when populated.
-        { label: "provider", content: packet.providerState ?? "", priority: 8 },
+        { label: "provider", content: packet.providerSelection ?? "", priority: 8 },
         { label: "bundleState", content: (0, bundle_state_1.renderBundleStateHint)(packet.bundleState ?? []), priority: 7 },
         { label: "syncFailure", content: packet.syncFailure ?? "", priority: 7 },
         { label: "resume", content: packet.resumeHint, priority: 6 },

package/dist/nerves/coverage/file-completeness.js

@@ -93,16 +93,6 @@ const DISPATCH_EXEMPT_PATTERNS = [
     // buildDaemonHealthState → DaemonHealthWriter) owns observability via
     // daemon.health_written when the rolled-up state is persisted.
     "daemon/daemon-rollup",
-    // Drift comparator + thin I/O loader: `detectProviderBindingDrift`
-    // is a pure intent-vs-observed comparator with no side effects;
-    // `loadDriftInputsForAgent` is a small fs-read wrapper that returns
-    // `null` on missing/invalid state rather than emitting. The caller
-    // (daemon-entry.ts buildDaemonHealthState's per-agent drift probe)
-    // owns observability — drift findings ride along through
-    // `daemon.health_written` as part of the rolled-up state, and
-    // `agent-config-check.ts` carries `driftFindings` through its
-    // existing instrumentation. Same pattern as `daemon-rollup`.
-    "daemon/drift-detection",
     // Attachment helper modules: generic file-path/extension utilities and the
     // source registry are pure support seams. The orchestrator/adapters that
     // call them own the observability.

package/dist/senses/pipeline.js

@@ -47,12 +47,12 @@ const commands_1 = require("./commands");
 const continuity_1 = require("./continuity");
 const manager_1 = require("../heart/bridges/manager");
 const identity_1 = require("../heart/identity");
+const auth_flow_1 = require("../heart/auth/auth-flow");
 const socket_client_1 = require("../heart/daemon/socket-client");
 const active_work_1 = require("../heart/active-work");
 const delegation_1 = require("../heart/delegation");
 const obligations_1 = require("../arc/obligations");
 const provider_failover_1 = require("../heart/provider-failover");
-const provider_state_1 = require("../heart/provider-state");
 const tempo_1 = require("../heart/tempo");
 const temporal_view_1 = require("../heart/temporal-view");
 const start_of_turn_packet_1 = require("../heart/start-of-turn-packet");
@@ -88,17 +88,13 @@ function providerLaneForChannel(channel) {
     return channel === "inner" ? "inner" : "outward";
 }
 function resolveCurrentFailoverBinding(agentName, lane) {
-    const stateResult = (0, provider_state_1.readProviderState)((0, identity_1.getAgentRoot)(agentName));
-    if (stateResult.ok) {
-        const binding = stateResult.state.lanes[lane];
-        return { provider: binding.provider, model: binding.model };
-    }
-    const agentConfig = (0, identity_1.loadAgentConfig)();
+    const agentRoot = (0, identity_1.getAgentRoot)();
+    const { config: agentConfig } = (0, auth_flow_1.readAgentConfigForAgent)(agentName, path.dirname(agentRoot));
     const fallback = lane === "inner" ? agentConfig.agentFacing : agentConfig.humanFacing;
     return { provider: fallback.provider, model: fallback.model };
 }
 /**
- * Apply an agent-driven failover switch to provider state, but only after
+ * Apply an agent-driven failover switch to agent.json, but only after
  * re-pinging the candidate. The inventory ping that produced the candidate
  * may be stale by the time the agent replies — without this preflight, a
  * "switch to <provider>" reply can move the lane onto an unreachable provider.
@@ -109,38 +105,23 @@ function resolveCurrentFailoverBinding(agentName, lane) {
  *                                surface the refusal to the agent
  * Throws on disk errors only (caught by caller as before).
  */
-async function writeFailoverProviderStateSwitch(agentName, action) {
+async function writeFailoverAgentConfigSwitch(agentName, action) {
     const validation = await (0, provider_failover_1.validateFailoverSwitchCandidate)(agentName, { provider: action.provider, model: action.model });
     if (!validation.ok) {
         return { ok: false, refused: true, classification: validation.classification, message: validation.message };
     }
-    const agentRoot = (0, identity_1.getAgentRoot)(agentName);
-    const stateResult = (0, provider_state_1.readProviderState)(agentRoot);
-    if (!stateResult.ok) {
-        throw new Error(`Cannot switch ${action.lane} lane for ${agentName}: ${stateResult.error}`);
-    }
-    const updatedAt = new Date().toISOString();
-    const lanes = { ...stateResult.state.lanes };
-    lanes[action.lane] = {
-        provider: action.provider,
-        model: action.model,
-        source: "local",
-        updatedAt,
-    };
-    const readiness = { ...stateResult.state.readiness };
-    readiness[action.lane] = {
-        status: "ready",
-        provider: action.provider,
-        model: action.model,
-        checkedAt: updatedAt,
-        ...(action.credentialRevision ? { credentialRevision: action.credentialRevision } : {}),
+    const agentRoot = (0, identity_1.getAgentRoot)();
+    const { configPath, config } = (0, auth_flow_1.readAgentConfigForAgent)(agentName, path.dirname(agentRoot));
+    const facingKey = action.lane === "inner" ? "agentFacing" : "humanFacing";
+    const nextConfig = {
+        ...config,
+        [facingKey]: {
+            ...config[facingKey],
+            provider: action.provider,
+            model: action.model,
+        },
     };
-    (0, provider_state_1.writeProviderState)(agentRoot, {
-        ...stateResult.state,
-        updatedAt,
-        lanes,
-        readiness,
-    });
+    fs.writeFileSync(configPath, `${JSON.stringify(nextConfig, null, 2)}\n`, "utf-8");
     return { ok: true };
 }
 function formatFailoverSwitchLabel(action) {
@@ -219,7 +200,7 @@ async function handleInboundTurn(input) {
         if (failoverAction.action === "switch") {
             let switchOutcome = null;
             try {
-                switchOutcome = await writeFailoverProviderStateSwitch(failoverAgentName, failoverAction);
+                switchOutcome = await writeFailoverAgentConfigSwitch(failoverAgentName, failoverAction);
                 /* v8 ignore start -- defensive: write failure during provider switch @preserve */
             }
             catch (switchError) {
@@ -499,7 +480,7 @@ async function handleInboundTurn(input) {
                 startOfTurnPacket.syncFailure = syncFailure;
             }
             if (ctx.providerVisibility) {
-                startOfTurnPacket.providerState = (0, provider_visibility_1.formatAgentProviderVisibilityForStartOfTurn)(ctx.providerVisibility);
+                startOfTurnPacket.providerSelection = (0, provider_visibility_1.formatAgentProviderVisibilityForStartOfTurn)(ctx.providerVisibility);
             }
             // Structured bundle state detection — surfaces discrete issues the
             // agent can remediate via the bundle_* tools. Runs independently of

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ouro.bot/cli",
-  "version": "0.1.0-alpha.553",
+  "version": "0.1.0-alpha.555",
   "main": "dist/heart/daemon/ouro-entry.js",
   "bin": {
     "cli": "dist/heart/daemon/ouro-bot-entry.js",
@@ -34,7 +34,7 @@
     "test:mailbox-ui": "npm test --prefix packages/mailbox-ui",
     "test:coverage:vitest": "vitest run --coverage",
     "test:coverage": "node scripts/run-coverage-gate.cjs",
-    "build": "tsc && (cd packages/mailbox-ui && npm install --ignore-scripts 2>/dev/null && npm run build && cd ../.. && node scripts/copy-mailbox-ui.cjs) || echo 'mailbox-ui build skipped'",
+    "build": "node scripts/clean-dist.cjs && tsc && (cd packages/mailbox-ui && npm install --ignore-scripts 2>/dev/null && npm run build && cd ../.. && node scripts/copy-mailbox-ui.cjs) || echo 'mailbox-ui build skipped'",
     "lint": "eslint src/",
     "release:preflight": "node scripts/release-preflight.cjs",
     "release:smoke": "node scripts/release-smoke.cjs",