@ouro.bot/cli 0.1.0-alpha.59 → 0.1.0-alpha.60

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/changelog.json CHANGED
@@ -1,6 +1,14 @@
1
1
  {
2
2
  "_note": "This changelog is maintained as part of the PR/version-bump workflow. Agent-curated, not auto-generated. Agents read this file directly via read_file to understand what changed between versions.",
3
3
  "versions": [
4
+ {
5
+ "version": "0.1.0-alpha.60",
6
+ "changes": [
7
+ "Azure OpenAI provider now supports DefaultAzureCredential for managed identity auth in production and az-login auth for local dev, with API key as an optional fallback.",
8
+ "The @azure/identity package is lazy-loaded only when the managed identity path is used, so API key users and other providers pay no cold-start cost.",
9
+ "Auth failure errors now preserve the original cause and list all three resolution paths (API key, az login, managed identity)."
10
+ ]
11
+ },
4
12
  {
5
13
  "version": "0.1.0-alpha.59",
6
14
  "changes": [
@@ -70,6 +70,7 @@ const DEFAULT_SECRETS_TEMPLATE = {
70
70
  endpoint: "",
71
71
  deployment: "",
72
72
  apiVersion: "2025-04-01-preview",
73
+ managedIdentityClientId: "",
73
74
  },
74
75
  minimax: {
75
76
  model: "",
@@ -29,8 +29,8 @@ function getProviderRuntimeFingerprint() {
29
29
  const provider = (0, identity_1.loadAgentConfig)().provider;
30
30
  switch (provider) {
31
31
  case "azure": {
32
- const { apiKey, endpoint, deployment, modelName, apiVersion } = (0, config_1.getAzureConfig)();
33
- return JSON.stringify({ provider, apiKey, endpoint, deployment, modelName, apiVersion });
32
+ const { apiKey, endpoint, deployment, modelName, apiVersion, managedIdentityClientId } = (0, config_1.getAzureConfig)();
33
+ return JSON.stringify({ provider, apiKey, endpoint, deployment, modelName, apiVersion, managedIdentityClientId });
34
34
  }
35
35
  case "anthropic": {
36
36
  const { model, setupToken } = (0, config_1.getAnthropicConfig)();
@@ -1,34 +1,106 @@
1
1
  "use strict";
2
+ var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
3
+ if (k2 === undefined) k2 = k;
4
+ var desc = Object.getOwnPropertyDescriptor(m, k);
5
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
6
+ desc = { enumerable: true, get: function() { return m[k]; } };
7
+ }
8
+ Object.defineProperty(o, k2, desc);
9
+ }) : (function(o, m, k, k2) {
10
+ if (k2 === undefined) k2 = k;
11
+ o[k2] = m[k];
12
+ }));
13
+ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
14
+ Object.defineProperty(o, "default", { enumerable: true, value: v });
15
+ }) : function(o, v) {
16
+ o["default"] = v;
17
+ });
18
+ var __importStar = (this && this.__importStar) || (function () {
19
+ var ownKeys = function(o) {
20
+ ownKeys = Object.getOwnPropertyNames || function (o) {
21
+ var ar = [];
22
+ for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
23
+ return ar;
24
+ };
25
+ return ownKeys(o);
26
+ };
27
+ return function (mod) {
28
+ if (mod && mod.__esModule) return mod;
29
+ var result = {};
30
+ if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
31
+ __setModuleDefault(result, mod);
32
+ return result;
33
+ };
34
+ })();
2
35
  Object.defineProperty(exports, "__esModule", { value: true });
36
+ exports.createAzureTokenProvider = createAzureTokenProvider;
3
37
  exports.createAzureProviderRuntime = createAzureProviderRuntime;
4
38
  const openai_1 = require("openai");
5
39
  const config_1 = require("../config");
6
40
  const runtime_1 = require("../../nerves/runtime");
7
41
  const streaming_1 = require("../streaming");
8
42
  const model_capabilities_1 = require("../model-capabilities");
43
+ const COGNITIVE_SERVICES_SCOPE = "https://cognitiveservices.azure.com/.default";
44
+ // @azure/identity is imported dynamically (below) rather than at the top level
45
+ // because it's a heavy package (~30+ transitive deps) and we only need it when
46
+ // using the managed-identity auth path. API-key users and other providers
47
+ // shouldn't pay the cold-start cost.
48
+ function createAzureTokenProvider(managedIdentityClientId) {
49
+ let credential = null;
50
+ return async () => {
51
+ try {
52
+ if (!credential) {
53
+ const { DefaultAzureCredential } = await Promise.resolve().then(() => __importStar(require("@azure/identity")));
54
+ const credentialOptions = managedIdentityClientId
55
+ ? { managedIdentityClientId }
56
+ : undefined;
57
+ credential = new DefaultAzureCredential(credentialOptions);
58
+ }
59
+ const tokenResponse = await credential.getToken(COGNITIVE_SERVICES_SCOPE);
60
+ return tokenResponse.token;
61
+ }
62
+ catch (err) {
63
+ const detail = err instanceof Error ? err.message : String(err);
64
+ throw new Error(`Azure OpenAI authentication failed: ${detail}\n` +
65
+ "To fix this, either:\n" +
66
+ " 1. Set providers.azure.apiKey in secrets.json, or\n" +
67
+ " 2. Run 'az login' to authenticate with your Azure account (for local dev), or\n" +
68
+ " 3. Attach a managed identity to your App Service and set providers.azure.managedIdentityClientId in secrets.json (for deployed environments)");
69
+ }
70
+ };
71
+ }
9
72
  function createAzureProviderRuntime() {
73
+ const azureConfig = (0, config_1.getAzureConfig)();
74
+ const useApiKey = !!azureConfig.apiKey;
75
+ const authMethod = useApiKey ? "key" : "managed-identity";
10
76
  (0, runtime_1.emitNervesEvent)({
11
77
  component: "engine",
12
78
  event: "engine.provider_init",
13
79
  message: "azure provider init",
14
- meta: { provider: "azure" },
80
+ meta: { provider: "azure", authMethod },
15
81
  });
16
- const azureConfig = (0, config_1.getAzureConfig)();
17
- if (!(azureConfig.apiKey && azureConfig.endpoint && azureConfig.deployment && azureConfig.modelName)) {
82
+ if (!(azureConfig.endpoint && azureConfig.deployment && azureConfig.modelName)) {
18
83
  throw new Error("provider 'azure' is selected in agent.json but providers.azure is incomplete in secrets.json.");
19
84
  }
20
85
  const modelCaps = (0, model_capabilities_1.getModelCapabilities)(azureConfig.modelName);
21
86
  const capabilities = new Set();
22
87
  if (modelCaps.reasoningEffort)
23
88
  capabilities.add("reasoning-effort");
24
- const client = new openai_1.AzureOpenAI({
25
- apiKey: azureConfig.apiKey,
89
+ const clientOptions = {
26
90
  endpoint: azureConfig.endpoint.replace(/\/openai.*$/, ""),
27
91
  deployment: azureConfig.deployment,
28
92
  apiVersion: azureConfig.apiVersion,
29
93
  timeout: 30000,
30
94
  maxRetries: 0,
31
- });
95
+ };
96
+ if (useApiKey) {
97
+ clientOptions.apiKey = azureConfig.apiKey;
98
+ }
99
+ else {
100
+ const managedIdentityClientId = azureConfig.managedIdentityClientId || undefined;
101
+ clientOptions.azureADTokenProvider = createAzureTokenProvider(managedIdentityClientId);
102
+ }
103
+ const client = new openai_1.AzureOpenAI(clientOptions);
32
104
  let nativeInput = null;
33
105
  let nativeInstructions = "";
34
106
  return {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@ouro.bot/cli",
3
- "version": "0.1.0-alpha.59",
3
+ "version": "0.1.0-alpha.60",
4
4
  "main": "dist/heart/daemon/ouro-entry.js",
5
5
  "bin": {
6
6
  "cli": "dist/heart/daemon/ouro-bot-entry.js",
@@ -33,6 +33,7 @@
33
33
  },
34
34
  "dependencies": {
35
35
  "@anthropic-ai/sdk": "^0.78.0",
36
+ "@azure/identity": "^4.13.0",
36
37
  "@microsoft/teams.apps": "^2.0.5",
37
38
  "@microsoft/teams.dev": "^2.0.5",
38
39
  "fast-glob": "^3.3.3",