@ouro.bot/cli 0.1.0-alpha.66 → 0.1.0-alpha.660

package/dist/repertoire/tools-continuity.js

@@ -0,0 +1,252 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.continuityToolDefinitions = void 0;
+const identity_1 = require("../heart/identity");
+const runtime_1 = require("../nerves/runtime");
+const episodes_1 = require("../arc/episodes");
+const cares_1 = require("../arc/cares");
+const presence_1 = require("../arc/presence");
+const intentions_1 = require("../arc/intentions");
+exports.continuityToolDefinitions = [
+    // ── Continuity tools ──────────────────────────────────────────────
+    {
+        tool: {
+            type: "function",
+            function: {
+                name: "query_episodes",
+                description: "Query recent episodes from my continuity log. Returns timestamped records of significant events (obligation shifts, coding milestones, bridge events, care events, turning points).",
+                parameters: {
+                    type: "object",
+                    properties: {
+                        limit: { type: "number", description: "Maximum episodes to return (default 20)" },
+                        kind: { type: "string", description: "Filter by episode kind: obligation_shift, coding_milestone, bridge_event, care_event, tempo_shift, turning_point" },
+                        since: { type: "string", description: "ISO timestamp — only return episodes after this time" },
+                    },
+                },
+            },
+        },
+        handler: (a) => {
+            const agentRoot = (0, identity_1.getAgentRoot)();
+            const options = {};
+            if (a.limit)
+                options.limit = parseInt(a.limit, 10);
+            if (a.kind)
+                options.kinds = [a.kind];
+            if (a.since)
+                options.since = a.since;
+            const episodes = (0, episodes_1.readRecentEpisodes)(agentRoot, options);
+            (0, runtime_1.emitNervesEvent)({ component: "repertoire", event: "repertoire.query_episodes", message: `queried ${episodes.length} episodes`, meta: { count: episodes.length } });
+            return JSON.stringify(episodes, null, 2);
+        },
+    },
+    {
+        tool: {
+            type: "function",
+            function: {
+                name: "capture_episode",
+                description: "Record a turning point or significant moment. This is my tool for saying 'that was important — keep it.' Nearly frictionless: only summary and whyItMattered required.",
+                parameters: {
+                    type: "object",
+                    properties: {
+                        summary: { type: "string", description: "What happened" },
+                        whyItMattered: { type: "string", description: "Why this was significant" },
+                        kind: { type: "string", description: "Episode kind (default: turning_point)" },
+                        salience: { type: "string", description: "low, medium, high, or critical (default: medium)" },
+                    },
+                    required: ["summary", "whyItMattered"],
+                },
+            },
+        },
+        handler: (a) => {
+            const agentRoot = (0, identity_1.getAgentRoot)();
+            const episode = (0, episodes_1.emitEpisode)(agentRoot, {
+                kind: a.kind ?? "turning_point",
+                summary: a.summary,
+                whyItMattered: a.whyItMattered,
+                relatedEntities: [],
+                salience: a.salience ?? "medium",
+            });
+            (0, runtime_1.emitNervesEvent)({ component: "repertoire", event: "repertoire.capture_episode", message: `captured episode ${episode.id}`, meta: { id: episode.id } });
+            return JSON.stringify(episode, null, 2);
+        },
+        riskProfile: { mutates: "durable_state_write", risk: "high", reason: "writes continuity episode state" },
+    },
+    {
+        tool: {
+            type: "function",
+            function: {
+                name: "query_presence",
+                description: "Check who's around — my own availability/lane and known peer agents.",
+                parameters: { type: "object", properties: {} },
+            },
+        },
+        handler: () => {
+            const agentRoot = (0, identity_1.getAgentRoot)();
+            const agentName = (0, identity_1.getAgentName)();
+            const self = (0, presence_1.readPresence)(agentRoot, agentName);
+            const peers = (0, presence_1.readPeerPresence)(agentRoot);
+            (0, runtime_1.emitNervesEvent)({ component: "repertoire", event: "repertoire.query_presence", message: `presence: self + ${peers.length} peers`, meta: { peerCount: peers.length } });
+            return JSON.stringify({ self, peers }, null, 2);
+        },
+    },
+    {
+        tool: {
+            type: "function",
+            function: {
+                name: "query_cares",
+                description: "Query things I care about — ongoing concerns, watched situations, projects, people.",
+                parameters: {
+                    type: "object",
+                    properties: {
+                        status: { type: "string", description: "Filter by status: 'active', 'watching', 'resolved', 'dormant', or 'all' (default: active cares only)" },
+                    },
+                },
+            },
+        },
+        handler: (a) => {
+            const agentRoot = (0, identity_1.getAgentRoot)();
+            const cares = a.status === "all" ? (0, cares_1.readCares)(agentRoot) : (0, cares_1.readActiveCares)(agentRoot);
+            (0, runtime_1.emitNervesEvent)({ component: "repertoire", event: "repertoire.query_cares", message: `queried ${cares.length} cares`, meta: { count: cares.length } });
+            return JSON.stringify(cares, null, 2);
+        },
+    },
+    {
+        tool: {
+            type: "function",
+            function: {
+                name: "care_manage",
+                description: "Create, update, or resolve a care. Cares are things I watch over — people, projects, missions, system health.",
+                parameters: {
+                    type: "object",
+                    properties: {
+                        action: { type: "string", enum: ["create", "update", "resolve"], description: "What to do" },
+                        id: { type: "string", description: "Care ID (required for update/resolve)" },
+                        label: { type: "string", description: "Short label for the care" },
+                        why: { type: "string", description: "Why this matters" },
+                        salience: { type: "string", description: "low, medium, high, or critical" },
+                        kind: { type: "string", description: "person, agent, project, mission, or system" },
+                        stewardship: { type: "string", description: "mine, shared, or delegated" },
+                    },
+                    required: ["action"],
+                },
+            },
+        },
+        handler: (a) => {
+            const agentRoot = (0, identity_1.getAgentRoot)();
+            let result;
+            if (a.action === "create") {
+                result = (0, cares_1.createCare)(agentRoot, {
+                    label: a.label ?? "untitled",
+                    why: a.why ?? "",
+                    kind: a.kind ?? "project",
+                    status: "active",
+                    salience: a.salience ?? "medium",
+                    steward: a.stewardship ?? "mine",
+                    relatedFriendIds: [],
+                    relatedAgentIds: [],
+                    relatedObligationIds: [],
+                    relatedEpisodeIds: [],
+                    currentRisk: null,
+                    nextCheckAt: null,
+                });
+            }
+            else if (a.action === "update") {
+                const updates = {};
+                if (a.label)
+                    updates.label = a.label;
+                if (a.why)
+                    updates.why = a.why;
+                if (a.salience)
+                    updates.salience = a.salience;
+                result = (0, cares_1.updateCare)(agentRoot, a.id, updates);
+            }
+            else if (a.action === "resolve") {
+                result = (0, cares_1.resolveCare)(agentRoot, a.id);
+            }
+            (0, runtime_1.emitNervesEvent)({ component: "repertoire", event: "repertoire.care_manage", message: `care ${a.action}`, meta: { action: a.action, id: a.id } });
+            return JSON.stringify(result, null, 2);
+        },
+        riskProfile: { mutates: "durable_state_write", risk: "high", reason: "creates or updates care state" },
+    },
+    {
+        tool: {
+            type: "function",
+            function: {
+                name: "query_relationships",
+                description: "Query known agent relationships — familiarity, trust, shared missions, interaction history.",
+                parameters: {
+                    type: "object",
+                    properties: {
+                        agentName: { type: "string", description: "Specific agent name to query (omit for all)" },
+                    },
+                },
+            },
+        },
+        handler: async (a, ctx) => {
+            const allFriends = ctx?.friendStore?.listAll ? await ctx.friendStore.listAll() : [];
+            let agents = allFriends.filter((f) => f.kind === "agent");
+            if (a.agentName) {
+                const needle = a.agentName.toLowerCase();
+                agents = agents.filter((f) => f.name?.toLowerCase() === needle);
+            }
+            (0, runtime_1.emitNervesEvent)({ component: "repertoire", event: "repertoire.query_relationships", message: `queried relationships`, meta: { agentName: a.agentName ?? "all" } });
+            return JSON.stringify(agents, null, 2);
+        },
+    },
+    {
+        tool: {
+            type: "function",
+            function: {
+                name: "intention_capture",
+                description: "File a lightweight mental note — something I want to do or check later, below the ceremony threshold of tasks or cares. Cheap to create, easy to close.",
+                parameters: {
+                    type: "object",
+                    properties: {
+                        content: { type: "string", description: "What I want to keep track of" },
+                        salience: { type: "string", description: "low, medium, or high (default: low)" },
+                        nudgeAfter: { type: "string", description: "ISO timestamp — nudge me after this time" },
+                    },
+                    required: ["content"],
+                },
+            },
+        },
+        handler: (a) => {
+            const agentRoot = (0, identity_1.getAgentRoot)();
+            const intention = (0, intentions_1.captureIntention)(agentRoot, {
+                content: a.content,
+                salience: a.salience ?? "low",
+                source: "tool",
+                ...(a.nudgeAfter ? { nudgeAfter: a.nudgeAfter } : {}),
+            });
+            (0, runtime_1.emitNervesEvent)({ component: "repertoire", event: "repertoire.intention_capture", message: `captured intention ${intention.id}`, meta: { id: intention.id } });
+            return JSON.stringify(intention, null, 2);
+        },
+        riskProfile: { mutates: "durable_state_write", risk: "high", reason: "writes intention state" },
+    },
+    {
+        tool: {
+            type: "function",
+            function: {
+                name: "intention_manage",
+                description: "Resolve or dismiss an intention. Resolve = done. Dismiss = no longer relevant. Both remove it from active list.",
+                parameters: {
+                    type: "object",
+                    properties: {
+                        action: { type: "string", enum: ["resolve", "dismiss"], description: "What to do" },
+                        id: { type: "string", description: "Intention ID" },
+                    },
+                    required: ["action", "id"],
+                },
+            },
+        },
+        handler: (a) => {
+            const agentRoot = (0, identity_1.getAgentRoot)();
+            const result = a.action === "resolve"
+                ? (0, intentions_1.resolveIntention)(agentRoot, a.id)
+                : (0, intentions_1.dismissIntention)(agentRoot, a.id);
+            (0, runtime_1.emitNervesEvent)({ component: "repertoire", event: "repertoire.intention_manage", message: `intention ${a.action}: ${a.id}`, meta: { action: a.action, id: a.id } });
+            return JSON.stringify(result, null, 2);
+        },
+        riskProfile: { mutates: "durable_state_write", risk: "high", reason: "updates intention state" },
+    },
+];

package/dist/repertoire/tools-credential.js

@@ -0,0 +1,383 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.credentialToolDefinitions = void 0;
+const crypto = __importStar(require("node:crypto"));
+const credential_access_1 = require("./credential-access");
+const bitwarden_store_1 = require("./bitwarden-store");
+const runtime_1 = require("../nerves/runtime");
+const DEFAULT_PASSWORD_LENGTH = 24;
+const MIN_PASSWORD_LENGTH = 12;
+const MAX_PASSWORD_LENGTH = 128;
+const PASSWORD_CHARSETS = {
+    lower: "abcdefghijkmnopqrstuvwxyz",
+    upper: "ABCDEFGHJKLMNPQRSTUVWXYZ",
+    digits: "23456789",
+    symbols: "!@#$%^&*()-_=+[]{}:,.?",
+};
+function sanitizeCredentialToolError(err, secrets = []) {
+    const raw = err instanceof Error ? err.message : String(err);
+    return (0, bitwarden_store_1.sanitizeCredentialErrorDetail)(raw, { secrets });
+}
+function requireTrimmedText(value, fieldName) {
+    if (typeof value !== "string" || value.trim().length === 0) {
+        throw new Error(`${fieldName} must be a non-empty string.`);
+    }
+    return value.trim();
+}
+function requireNonBlankSecret(value, fieldName) {
+    if (typeof value !== "string" || value.trim().length === 0) {
+        throw new Error(`${fieldName} must be a non-empty string.`);
+    }
+    return value;
+}
+function optionalTrimmedText(value, fieldName) {
+    if (value === undefined)
+        return undefined;
+    if (typeof value !== "string") {
+        throw new Error(`${fieldName} must be a string if provided.`);
+    }
+    const trimmed = value.trim();
+    return trimmed.length > 0 ? trimmed : undefined;
+}
+function resolveVaultItemArg(args, legacyFieldName = "domain") {
+    if (args.item !== undefined)
+        return requireTrimmedText(args.item, "item");
+    return requireTrimmedText(args[legacyFieldName], legacyFieldName);
+}
+function parsePasswordLength(value) {
+    if (value === undefined || value === null || value === "")
+        return DEFAULT_PASSWORD_LENGTH;
+    const parsed = typeof value === "number" ? value : Number(value);
+    if (!Number.isInteger(parsed) || parsed < MIN_PASSWORD_LENGTH || parsed > MAX_PASSWORD_LENGTH) {
+        throw new Error(`length must be an integer between ${MIN_PASSWORD_LENGTH} and ${MAX_PASSWORD_LENGTH}.`);
+    }
+    return parsed;
+}
+function parseSymbolsFlag(value) {
+    if (value === undefined || value === null || value === "")
+        return true;
+    if (typeof value === "boolean")
+        return value;
+    /* v8 ignore next -- handler tests cover string "true"/"false"; branch mapping is noisy here @preserve */
+    if (typeof value === "string") {
+        const normalized = value.trim().toLowerCase();
+        if (normalized === "true")
+            return true;
+        if (normalized === "false")
+            return false;
+    }
+    throw new Error("symbols must be true or false.");
+}
+function randomChar(alphabet) {
+    /* v8 ignore next -- crypto.randomInt stays within bounds; fallback is defensive @preserve */
+    return alphabet[crypto.randomInt(0, alphabet.length)] ?? alphabet[0];
+}
+function secureShuffle(chars) {
+    for (let index = chars.length - 1; index > 0; index -= 1) {
+        const swapIndex = crypto.randomInt(0, index + 1);
+        [chars[index], chars[swapIndex]] = [chars[swapIndex], chars[index]];
+    }
+}
+function generatePassword(length, symbols) {
+    const charsets = [
+        PASSWORD_CHARSETS.lower,
+        PASSWORD_CHARSETS.upper,
+        PASSWORD_CHARSETS.digits,
+        ...(symbols ? [PASSWORD_CHARSETS.symbols] : []),
+    ];
+    const chars = charsets.map((alphabet) => randomChar(alphabet));
+    const combinedAlphabet = charsets.join("");
+    while (chars.length < length) {
+        chars.push(randomChar(combinedAlphabet));
+    }
+    secureShuffle(chars);
+    return chars.join("");
+}
+exports.credentialToolDefinitions = [
+    {
+        tool: {
+            type: "function",
+            function: {
+                name: "credential_get",
+                description: "Get credential metadata for a vault item name/path. Returns username, notes, and creation date. Never returns passwords — the credential gateway handles secret injection internally.",
+                parameters: {
+                    type: "object",
+                    properties: {
+                        item: {
+                            type: "string",
+                            description: "Vault item name/path to look up (e.g. 'airbnb.com' or 'ops/porkbun/account')",
+                        },
+                        domain: {
+                            type: "string",
+                            description: "compatibility alias for item when the vault item name is a service domain",
+                        },
+                    },
+                    required: ["domain"],
+                },
+            },
+        },
+        handler: async (args) => {
+            const itemName = resolveVaultItemArg(args);
+            (0, runtime_1.emitNervesEvent)({
+                component: "repertoire",
+                event: "repertoire.credential_tool_call",
+                message: "credential_get invoked",
+                meta: { tool: "credential_get", domain: itemName, item: itemName },
+            });
+            try {
+                const store = (0, credential_access_1.getCredentialStore)();
+                const meta = await store.get(itemName);
+                if (!meta) {
+                    return `No credential found for "${itemName}".`;
+                }
+                return JSON.stringify(meta, null, 2);
+            }
+            catch (err) {
+                /* v8 ignore next -- defensive: store.get wraps errors @preserve */
+                return `Credential error: ${err instanceof Error ? err.message : String(err)}`;
+            }
+        },
+        summaryKeys: ["domain"],
+    },
+    {
+        tool: {
+            type: "function",
+            function: {
+                name: "credential_generate_password",
+                description: "Generate a strong password for a new account. Use it to complete signup, then immediately call credential_store with the exact accepted password so the vault becomes the source of truth.",
+                parameters: {
+                    type: "object",
+                    properties: {
+                        domain: {
+                            type: "string",
+                            description: "Domain this password will be used for (e.g. 'airbnb.com')",
+                        },
+                        length: {
+                            type: "integer",
+                            description: "Optional password length. Defaults to 24. Allowed range: 12 to 128.",
+                        },
+                        symbols: {
+                            type: "boolean",
+                            description: "Whether to include punctuation symbols. Defaults to true.",
+                        },
+                    },
+                    required: ["domain"],
+                },
+            },
+        },
+        handler: async (args) => {
+            let domain = "";
+            try {
+                domain = requireTrimmedText(args.domain, "domain");
+                const length = parsePasswordLength(args.length);
+                const symbols = parseSymbolsFlag(args.symbols);
+                (0, runtime_1.emitNervesEvent)({
+                    component: "repertoire",
+                    event: "repertoire.credential_tool_call",
+                    message: "credential_generate_password invoked",
+                    meta: { tool: "credential_generate_password", domain, length, symbols },
+                });
+                const password = generatePassword(length, symbols);
+                return JSON.stringify({
+                    domain,
+                    password,
+                    length,
+                    symbols,
+                    nextStep: "Use this password for signup, then call credential_store with the exact accepted password.",
+                }, null, 2);
+            }
+            catch (err) {
+                return `Credential password generation error: ${sanitizeCredentialToolError(err)}`;
+            }
+        },
+        summaryKeys: ["domain", "length", "symbols"],
+    },
+    {
+        tool: {
+            type: "function",
+            function: {
+                name: "credential_store",
+                description: "Store credentials in a vault item name/path after the agent acquired or just used them successfully. Prefer credential_generate_password for new passwords, then call this tool once the site accepts the exact password. Stored passwords are never returned later — only metadata is visible.",
+                parameters: {
+                    type: "object",
+                    properties: {
+                        item: {
+                            type: "string",
+                            description: "Vault item name/path to store under; domains are examples, not the schema",
+                        },
+                        domain: {
+                            type: "string",
+                            description: "compatibility alias for item when the vault item name is a service domain",
+                        },
+                        username: {
+                            type: "string",
+                            description: "Username or email for the account",
+                        },
+                        password: {
+                            type: "string",
+                            description: "Password for the account",
+                        },
+                        notes: {
+                            type: "string",
+                            description: "Optional human/agent orientation notes about this credential; not parsed by code",
+                        },
+                    },
+                    required: ["domain", "username", "password"],
+                },
+            },
+        },
+        handler: async (args) => {
+            let domain = "";
+            let username = "";
+            let password = "";
+            let notes;
+            const itemNameForEvent = typeof args.item === "string" && args.item.trim() ? args.item.trim() : args.domain;
+            (0, runtime_1.emitNervesEvent)({
+                component: "repertoire",
+                event: "repertoire.credential_tool_call",
+                message: "credential_store invoked",
+                meta: { tool: "credential_store", domain: itemNameForEvent, item: itemNameForEvent },
+            });
+            try {
+                domain = resolveVaultItemArg(args);
+                username = requireTrimmedText(args.username, "username");
+                password = requireNonBlankSecret(args.password, "password");
+                notes = optionalTrimmedText(args.notes, "notes");
+                const store = (0, credential_access_1.getCredentialStore)();
+                await store.store(domain, {
+                    username,
+                    password,
+                    notes,
+                });
+                return `Credentials stored and verified for "${domain}".`;
+            }
+            catch (err) {
+                /* v8 ignore next -- defensive: store.store wraps errors @preserve */
+                return `Credential store error: ${sanitizeCredentialToolError(err, [password, username, notes])}`;
+            }
+        },
+        summaryKeys: ["domain"],
+        riskProfile: { mutates: "durable_state_write", risk: "high", reason: "stores credential vault item" },
+    },
+    {
+        tool: {
+            type: "function",
+            function: {
+                name: "credential_list",
+                description: "List stored vault items. Returns metadata only (item/domain name, username, notes, creation date). Never returns passwords.",
+                parameters: {
+                    type: "object",
+                    properties: {
+                        search: {
+                            type: "string",
+                            description: "Optional search filter to match against vault item names/paths",
+                        },
+                    },
+                },
+            },
+        },
+        handler: async (args) => {
+            (0, runtime_1.emitNervesEvent)({
+                component: "repertoire",
+                event: "repertoire.credential_tool_call",
+                message: "credential_list invoked",
+                meta: { tool: "credential_list" },
+            });
+            try {
+                const store = (0, credential_access_1.getCredentialStore)();
+                let items = await store.list();
+                // Client-side search filter
+                if (args.search) {
+                    const term = args.search.toLowerCase();
+                    items = items.filter((item) => item.domain.toLowerCase().includes(term) ||
+                        (item.username && item.username.toLowerCase().includes(term)));
+                }
+                return JSON.stringify(items, null, 2);
+            }
+            catch (err) {
+                /* v8 ignore next -- defensive: store.list wraps errors @preserve */
+                return `Credential list error: ${err instanceof Error ? err.message : String(err)}`;
+            }
+        },
+        summaryKeys: ["search"],
+    },
+    {
+        tool: {
+            type: "function",
+            function: {
+                name: "credential_delete",
+                description: "Delete stored credentials for a vault item name/path.",
+                parameters: {
+                    type: "object",
+                    properties: {
+                        item: {
+                            type: "string",
+                            description: "Vault item name/path whose credentials should be deleted",
+                        },
+                        domain: {
+                            type: "string",
+                            description: "compatibility alias for item when the vault item name is a service domain",
+                        },
+                    },
+                    required: ["domain"],
+                },
+            },
+        },
+        handler: async (args) => {
+            (0, runtime_1.emitNervesEvent)({
+                component: "repertoire",
+                event: "repertoire.credential_tool_call",
+                message: "credential_delete invoked",
+                meta: { tool: "credential_delete", domain: args.domain },
+            });
+            try {
+                const itemName = resolveVaultItemArg(args);
+                const store = (0, credential_access_1.getCredentialStore)();
+                const deleted = await store.delete(itemName);
+                if (deleted) {
+                    return `Credentials for "${itemName}" deleted.`;
+                }
+                return `No credential found for "${itemName}".`;
+            }
+            catch (err) {
+                /* v8 ignore next -- defensive: store.delete wraps errors @preserve */
+                return `Credential delete error: ${err instanceof Error ? err.message : String(err)}`;
+            }
+        },
+        summaryKeys: ["domain"],
+        riskProfile: { mutates: "durable_state_write", risk: "high", reason: "deletes credential vault item" },
+    },
+];