@ouro.bot/cli 0.1.0-alpha.557 → 0.1.0-alpha.558

package/changelog.json

@@ -1,6 +1,14 @@
 {
   "_note": "This changelog is maintained as part of the PR/version-bump workflow. Agent-curated, not auto-generated. Agents read this file directly via read_file to understand what changed between versions.",
   "versions": [
+    {
+      "version": "0.1.0-alpha.558",
+      "changes": [
+        "Rejected local vault unlock material is now cleared after Bitwarden proves it is wrong, so a stale Keychain/DPAPI/Secret Service/plaintext entry cannot keep retrying across fresh CLI processes and rate-limit the agent vault.",
+        "Legacy vault unlock entries are no longer copied to canonical coordinates during read. Ouro now canonicalizes them only after a successful vault login, preventing unvalidated local material from poisoning the primary unlock slot.",
+        "`@ouro.bot/cli` and the `ouro.bot` wrapper are version-synced for the invalid local unlock quarantine release."
+      ]
+    },
     {
       "version": "0.1.0-alpha.557",
       "changes": [

package/dist/repertoire/bitwarden-store.js

@@ -401,6 +401,8 @@ class BitwardenCredentialStore {
     email;
     masterPassword;
     appDataDir;
+    onInvalidUnlockSecret;
+    onLoginSuccess;
     sessionToken = null;
     terminalLoginError = null;
     bwBinaryPath = "bw";
@@ -410,6 +412,8 @@ class BitwardenCredentialStore {
         this.email = email;
         this.masterPassword = masterPassword;
         this.appDataDir = options.appDataDir;
+        this.onInvalidUnlockSecret = options.onInvalidUnlockSecret;
+        this.onLoginSuccess = options.onLoginSuccess;
     }
     isReady() {
         return true;
@@ -420,6 +424,27 @@ class BitwardenCredentialStore {
     execBwWithPasswordEnv(args) {
         return execBw([...args, "--passwordenv", BW_PASSWORD_ENV], undefined, this.appDataDir, undefined, this.bwBinaryPath, { [BW_PASSWORD_ENV]: this.masterPassword });
     }
+    async notifyInvalidUnlockSecret(error) {
+        if (!this.onInvalidUnlockSecret)
+            return;
+        try {
+            await this.onInvalidUnlockSecret(error);
+        }
+        catch (callbackError) {
+            (0, runtime_1.emitNervesEvent)({
+                level: "warn",
+                event: "repertoire.bw_invalid_unlock_cleanup_failed",
+                component: "repertoire",
+                message: "failed to clean up rejected local vault unlock material",
+                meta: {
+                    email: this.email,
+                    serverUrl: this.serverUrl,
+                    error: callbackError instanceof Error ? callbackError.message : String(callbackError),
+                    originalError: error.message,
+                },
+            });
+        }
+    }
     /**
      * Ensure the bw CLI is authenticated and unlocked.
      * Handles three states: logged out → login, locked → unlock, already unlocked → no-op.
@@ -438,6 +463,7 @@ class BitwardenCredentialStore {
         for (let attempt = 0; attempt < MAX_RETRIES; attempt++) {
             try {
                 await this.loginAttempt();
+                await this.onLoginSuccess?.();
                 return;
             }
             catch (err) {
@@ -446,6 +472,9 @@ class BitwardenCredentialStore {
                 // Don't retry non-transient errors (auth failures, bw not installed)
                 if (!isTransientError(lastError)) {
                     this.terminalLoginError = lastError;
+                    if (isBwInvalidUnlockSecretMessage(lastError.message)) {
+                        await this.notifyInvalidUnlockSecret(lastError);
+                    }
                     throw lastError;
                 }
                 // Don't retry after final attempt
@@ -462,6 +491,10 @@ class BitwardenCredentialStore {
             }
         }
         this.terminalLoginError = lastError;
+        /* v8 ignore next -- invalid unlock errors are non-transient and exit through the non-retry path above @preserve */
+        if (isBwInvalidUnlockSecretMessage(lastError.message)) {
+            await this.notifyInvalidUnlockSecret(lastError);
+        }
         throw lastError;
     }
     /** Single login attempt — called by login() retry loop. */

package/dist/repertoire/credential-access.js

@@ -92,7 +92,63 @@ function getCredentialStore(agentNameInput) {
         email: vaultConfig.email,
         serverUrl: vaultConfig.serverUrl,
     });
-    const store = new bitwarden_store_1.BitwardenCredentialStore(vaultConfig.serverUrl, vaultConfig.email, unlock.secret, { appDataDir: bitwardenAppDataDir(agentName, vaultConfig) });
+    const unlockConfig = { agentName, email: vaultConfig.email, serverUrl: vaultConfig.serverUrl };
+    const unlockSource = unlock.source ?? unlockConfig;
+    let invalidUnlockCleared = false;
+    let canonicalUnlockStored = false;
+    const store = new bitwarden_store_1.BitwardenCredentialStore(vaultConfig.serverUrl, vaultConfig.email, unlock.secret, {
+        appDataDir: bitwardenAppDataDir(agentName, vaultConfig),
+        onInvalidUnlockSecret: (error) => {
+            if (invalidUnlockCleared)
+                return;
+            invalidUnlockCleared = true;
+            (0, vault_unlock_1.clearVaultUnlockSecret)({
+                agentName,
+                email: unlockSource.email,
+                serverUrl: unlockSource.serverUrl,
+            });
+            stores.delete(cacheKey);
+            (0, runtime_1.emitNervesEvent)({
+                level: "warn",
+                event: "repertoire.credential_store_invalid_unlock_cleared",
+                component: "repertoire",
+                message: "cleared rejected local vault unlock material",
+                meta: {
+                    agentName,
+                    serverUrl: vaultConfig.serverUrl,
+                    email: vaultConfig.email,
+                    sourceServerUrl: unlockSource.serverUrl,
+                    error: error.message,
+                },
+            });
+        },
+        onLoginSuccess: () => {
+            if (canonicalUnlockStored)
+                return;
+            if (unlockSource.serverUrl === vaultConfig.serverUrl && unlockSource.email === vaultConfig.email)
+                return;
+            canonicalUnlockStored = true;
+            try {
+                (0, vault_unlock_1.storeVaultUnlockSecret)(unlockConfig, unlock.secret);
+                (0, vault_unlock_1.noteVaultUnlockSelfHeal)(unlockConfig, unlock.store.kind, unlockSource.serverUrl);
+            }
+            catch (error) {
+                (0, runtime_1.emitNervesEvent)({
+                    level: "warn",
+                    event: "repertoire.vault_unlock_self_heal_failed",
+                    component: "repertoire",
+                    message: "failed to rewrite local unlock material using canonical vault coordinates",
+                    meta: {
+                        store: unlock.store.kind,
+                        email: vaultConfig.email,
+                        sourceServerUrl: unlockSource.serverUrl,
+                        targetServerUrl: vaultConfig.serverUrl,
+                        error: error instanceof Error ? error.message : String(error),
+                    },
+                });
+            }
+        },
+    });
     stores.set(cacheKey, store);
     (0, runtime_1.emitNervesEvent)({
         event: "repertoire.credential_store_init",

package/dist/repertoire/vault-unlock.js

@@ -39,6 +39,8 @@ exports.isCredentialVaultNotConfiguredError = isCredentialVaultNotConfiguredErro
 exports.vaultCreateRecoverFix = vaultCreateRecoverFix;
 exports.promptConfirmedVaultUnlockSecret = promptConfirmedVaultUnlockSecret;
 exports.resolveVaultUnlockStore = resolveVaultUnlockStore;
+exports.noteVaultUnlockSelfHeal = noteVaultUnlockSelfHeal;
+exports.clearVaultUnlockSecret = clearVaultUnlockSecret;
 exports.readVaultUnlockSecret = readVaultUnlockSecret;
 exports.storeVaultUnlockSecret = storeVaultUnlockSecret;
 exports.getVaultUnlockStatus = getVaultUnlockStatus;
@@ -82,6 +84,12 @@ function vaultConfigCandidates(config) {
         serverUrl,
     }));
 }
+function exactVaultConfig(config) {
+    return {
+        ...config,
+        serverUrl: config.serverUrl.trim().replace(/\/+$/, ""),
+    };
+}
 function plaintextUnlockPath(config, deps) {
     const digest = crypto.createHash("sha256").update(vaultKey(config)).digest("hex").slice(0, 24);
     return path.join(homeDir(deps), PLAINTEXT_UNLOCK_DIR, `${digest}.secret`);
@@ -265,37 +273,13 @@ function noteVaultUnlockSelfHeal(config, storeKind, sourceServerUrl) {
         },
     });
 }
-function warnVaultUnlockSelfHealFailure(config, storeKind, sourceServerUrl, error) {
-    (0, runtime_1.emitNervesEvent)({
-        level: "warn",
-        component: "repertoire",
-        event: "repertoire.vault_unlock_self_heal_failed",
-        message: "failed to rewrite local unlock material using canonical vault coordinates",
-        meta: {
-            store: storeKind,
-            email: config.email,
-            sourceServerUrl,
-            targetServerUrl: config.serverUrl,
-            error: error instanceof Error ? error.message : String(error),
-        },
-    });
-}
 function readFromMacosKeychain(config, deps) {
     const candidates = vaultConfigCandidates(config);
-    for (const [index, candidate] of candidates.entries()) {
+    for (const candidate of candidates) {
         const secret = readFromMacosKeychainExact(vaultKey(candidate), deps);
-        if (!secret)
-            continue;
-        if (index > 0) {
-            try {
-                writeToMacosKeychain(config, secret, deps);
-                noteVaultUnlockSelfHeal(config, "macos-keychain", candidate.serverUrl);
-            }
-            catch (error) {
-                warnVaultUnlockSelfHealFailure(config, "macos-keychain", candidate.serverUrl, error);
-            }
+        if (secret) {
+            return { secret, source: exactVaultConfig(candidate) };
         }
-        return secret;
     }
     return null;
 }
@@ -337,20 +321,11 @@ function readFromLinuxSecretServiceExact(accountKey, deps) {
 }
 function readFromLinuxSecretService(config, deps) {
     const candidates = vaultConfigCandidates(config);
-    for (const [index, candidate] of candidates.entries()) {
+    for (const candidate of candidates) {
         const secret = readFromLinuxSecretServiceExact(vaultKey(candidate), deps);
-        if (!secret)
-            continue;
-        if (index > 0) {
-            try {
-                writeToLinuxSecretService(config, secret, deps);
-                noteVaultUnlockSelfHeal(config, "linux-secret-service", candidate.serverUrl);
-            }
-            catch (error) {
-                warnVaultUnlockSelfHealFailure(config, "linux-secret-service", candidate.serverUrl, error);
-            }
+        if (secret) {
+            return { secret, source: exactVaultConfig(candidate) };
         }
-        return secret;
     }
     return null;
 }
@@ -417,20 +392,11 @@ function readFromWindowsDpapiExact(config, deps) {
 }
 function readFromWindowsDpapi(config, deps) {
     const candidates = vaultConfigCandidates(config);
-    for (const [index, candidate] of candidates.entries()) {
+    for (const candidate of candidates) {
         const secret = readFromWindowsDpapiExact(candidate, deps);
-        if (!secret)
-            continue;
-        if (index > 0) {
-            try {
-                writeToWindowsDpapi(config, secret, deps);
-                noteVaultUnlockSelfHeal(config, "windows-dpapi", candidate.serverUrl);
-            }
-            catch (error) {
-                warnVaultUnlockSelfHealFailure(config, "windows-dpapi", candidate.serverUrl, error);
-            }
+        if (secret) {
+            return { secret, source: exactVaultConfig(candidate) };
         }
-        return secret;
     }
     return null;
 }
@@ -455,20 +421,11 @@ function readFromPlaintextFileExact(config, deps) {
 }
 function readFromPlaintextFile(config, deps) {
     const candidates = vaultConfigCandidates(config);
-    for (const [index, candidate] of candidates.entries()) {
+    for (const candidate of candidates) {
         const secret = readFromPlaintextFileExact(candidate, deps);
-        if (!secret)
-            continue;
-        if (index > 0) {
-            try {
-                writeToPlaintextFile(config, secret, deps);
-                noteVaultUnlockSelfHeal(config, "plaintext-file", candidate.serverUrl);
-            }
-            catch (error) {
-                warnVaultUnlockSelfHealFailure(config, "plaintext-file", candidate.serverUrl, error);
-            }
+        if (secret) {
+            return { secret, source: exactVaultConfig(candidate) };
         }
-        return secret;
     }
     return null;
 }
@@ -505,20 +462,96 @@ function writeToStore(config, store, secret, deps) {
     }
     writeToPlaintextFile(config, secret, deps);
 }
+function deleteFromMacosKeychainExact(config, deps) {
+    const result = spawnSync(deps)("security", [
+        "delete-generic-password",
+        "-s",
+        VAULT_UNLOCK_SERVICE,
+        "-a",
+        vaultKey(config),
+    ], { encoding: "utf8" });
+    if (result.status === 0)
+        return true;
+    const stderr = typeof result.stderr === "string" ? result.stderr.trim() : "";
+    const error = result.error instanceof Error ? result.error.message : "";
+    const detail = stderr || error;
+    if (!detail || /could not be found in the keychain/i.test(detail))
+        return false;
+    throw new Error(`failed to clear vault unlock secret from macOS Keychain: ${detail}`);
+}
+function deleteFromLinuxSecretServiceExact(config, deps) {
+    const result = spawnSync(deps)("secret-tool", [
+        "clear",
+        "service",
+        VAULT_UNLOCK_SERVICE,
+        "account",
+        vaultKey(config),
+    ], { encoding: "utf8" });
+    if (result.status === 0)
+        return true;
+    const stderr = typeof result.stderr === "string" ? result.stderr.trim() : "";
+    const error = result.error instanceof Error ? result.error.message : "";
+    const detail = stderr || error;
+    if (!detail || /not found/i.test(detail))
+        return false;
+    throw new Error(`failed to clear vault unlock secret from Linux Secret Service: ${detail}`);
+}
+function deleteFromWindowsDpapiExact(config, deps) {
+    const filePath = windowsDpapiUnlockPath(config, deps);
+    const existed = fs.existsSync(filePath);
+    fs.rmSync(filePath, { force: true });
+    return existed;
+}
+function deleteFromPlaintextFileExact(config, deps) {
+    const filePath = plaintextUnlockPath(config, deps);
+    const existed = fs.existsSync(filePath);
+    fs.rmSync(filePath, { force: true });
+    return existed;
+}
+function deleteFromStoreExact(config, store, deps) {
+    if (store.kind === "macos-keychain")
+        return deleteFromMacosKeychainExact(config, deps);
+    if (store.kind === "linux-secret-service")
+        return deleteFromLinuxSecretServiceExact(config, deps);
+    if (store.kind === "windows-dpapi")
+        return deleteFromWindowsDpapiExact(config, deps);
+    return deleteFromPlaintextFileExact(config, deps);
+}
+function clearVaultUnlockSecret(config, deps = {}) {
+    const canonicalConfig = canonicalizeVaultUnlockConfig(config);
+    const store = resolveVaultUnlockStore(canonicalConfig, deps);
+    const deletedAccounts = new Set();
+    let deleted = false;
+    for (const candidate of vaultConfigCandidates(config)) {
+        const exactCandidate = exactVaultConfig(candidate);
+        const key = vaultKey(exactCandidate);
+        if (deletedAccounts.has(key))
+            continue;
+        deletedAccounts.add(key);
+        deleted = deleteFromStoreExact(exactCandidate, store, deps) || deleted;
+    }
+    (0, runtime_1.emitNervesEvent)({
+        component: "repertoire",
+        event: "repertoire.vault_unlock_cleared",
+        message: "cleared local vault unlock material",
+        meta: { store: store.kind, secure: store.secure, hasAgentName: !!config.agentName, deleted },
+    });
+    return store;
+}
 function readVaultUnlockSecret(config, deps = {}) {
     const canonicalConfig = canonicalizeVaultUnlockConfig(config);
     const store = resolveVaultUnlockStore(canonicalConfig, deps);
-    const secret = readFromStore(canonicalConfig, store, deps);
-    if (!secret) {
+    const loaded = readFromStore(canonicalConfig, store, deps);
+    if (!loaded) {
         throw new Error(lockedMessage(canonicalConfig, store));
     }
     (0, runtime_1.emitNervesEvent)({
         component: "repertoire",
         event: "repertoire.vault_unlock_loaded",
         message: "loaded vault unlock material from local store",
-        meta: { store: store.kind, secure: store.secure, hasAgentName: !!config.agentName },
+        meta: { store: store.kind, secure: store.secure, hasAgentName: !!config.agentName, sourceServerUrl: loaded.source.serverUrl },
     });
-    return { secret, store };
+    return { secret: loaded.secret, store, source: loaded.source };
 }
 function storeVaultUnlockSecret(config, secret, deps = {}) {
     const canonicalConfig = canonicalizeVaultUnlockConfig(config);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ouro.bot/cli",
-  "version": "0.1.0-alpha.557",
+  "version": "0.1.0-alpha.558",
   "main": "dist/heart/daemon/ouro-entry.js",
   "bin": {
     "cli": "dist/heart/daemon/ouro-bot-entry.js",