@ouro.bot/cli 0.1.0-alpha.661 → 0.1.0-alpha.663

package/changelog.json

@@ -1,6 +1,22 @@
 {
   "_note": "This changelog is maintained as part of the PR/version-bump workflow. Agent-curated, not auto-generated. Agents read this file directly via read_file to understand what changed between versions.",
   "versions": [
+    {
+      "version": "0.1.0-alpha.663",
+      "changes": [
+        "Add deterministic Arc Sentinel recovery receipts, lifecycle refreshes, and Workbench Sentinel history.",
+        "Harden Sentinel recovery receipts with canonical POSIX Arc locators, invalid timestamp rejection, inherited blocker provenance, and exact latest-ready recovery after Sentinel-authored blockers.",
+        "Make Sentinel's printed `ouro provider check --agent <agent> --lane <lane>` repair command executable, persist non-secret provider readiness under the agent bundle for cross-process recovery, and prefer the freshest exact-matching readiness without mutating orientation-only probes.",
+        "Include non-OK generic daemon health results in Sentinel receipts so failures such as crashed managed agents, cron delays, or disk pressure appear in Workbench and start-of-turn recovery context alongside sense health."
+      ]
+    },
+    {
+      "version": "0.1.0-alpha.662",
+      "changes": [
+        "Parse `--github-token` and `--base-url` in `ouro hatch` so the GitHub Copilot provider can be connected headlessly at cold-start. The credential type, per-provider validation, and storage split already supported github-copilot (githubToken -> vault credential, baseUrl -> config); only the argv parsing was missing, which left the provider selectable but unconnectable from a non-interactive hatch — the exact path Ouro Workbench's provider-config form uses for the work agent.",
+        "Override the transitive `shell-quote` dependency to `^1.8.4` (pulled in via `ink` -> `react-devtools-core`) to clear the newly-disclosed GHSA-w7jw-789q-3m8p critical advisory that was failing the release-preflight `npm audit` gate on every PR."
+      ]
+    },
     {
       "version": "0.1.0-alpha.661",
       "changes": [

package/dist/arc/flight-recorder.js

@@ -34,6 +34,7 @@ var __importStar = (this && this.__importStar) || (function () {
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.flightRecorderLatestPath = flightRecorderLatestPath;
+exports.isFlightRecorderResume = isFlightRecorderResume;
 exports.readFlightRecorderResume = readFlightRecorderResume;
 exports.writeFlightRecorderResume = writeFlightRecorderResume;
 exports.recordFlightRecorderEvent = recordFlightRecorderEvent;
@@ -123,7 +124,7 @@ function isStringArray(value) {
 function isNullableString(value) {
     return value === null || typeof value === "string";
 }
-function isResumeCandidate(value) {
+function isFlightRecorderResume(value) {
     if (!value || typeof value !== "object" || Array.isArray(value))
         return false;
     const record = value;
@@ -217,6 +218,10 @@ function latestFromEvent(event, previous) {
     const nextSafeActionValue = event.nextSafeAction !== undefined ? event.nextSafeAction : previous.nextSafeAction.value;
     const currentAskSourceEventIds = event.currentAsk !== undefined ? [event.id] : previous.currentAsk.sourceEventIds;
     const nextSafeActionSourceEventIds = event.nextSafeAction !== undefined ? [event.id] : previous.nextSafeAction.sourceEventIds;
+    const inheritedBlocker = event.blockedBecause === undefined && previous.blockedBecause.length > 0;
+    const lastSafeCheckpointEventIds = inheritedBlocker
+        ? uniqueStrings([...previous.lastSafeCheckpoint.sourceEventIds, event.id])
+        : [event.id];
     const hasCurrentAsk = typeof currentAskValue === "string" && currentAskValue.trim().length > 0;
     const hasNextSafeAction = typeof nextSafeActionValue === "string" && nextSafeActionValue.trim().length > 0;
     return {
@@ -248,7 +253,7 @@ function latestFromEvent(event, previous) {
             turnId: event.turnId ?? previous.lastSafeCheckpoint.turnId,
             sessionRef: event.sessionRef ?? previous.lastSafeCheckpoint.sessionRef,
             recordedAt: event.recordedAt,
-            sourceEventIds: [event.id],
+            sourceEventIds: lastSafeCheckpointEventIds,
         },
         recorderHealth: { status: "ok", issues: [] },
     };
@@ -257,7 +262,7 @@ function readFlightRecorderResume(agentRoot) {
     const latestPath = flightRecorderLatestPath(agentRoot);
     try {
         const parsed = JSON.parse(fs.readFileSync(latestPath, "utf-8"));
-        if (!isResumeCandidate(parsed)) {
+        if (!isFlightRecorderResume(parsed)) {
             throw new Error("latest.json has invalid flight-recorder resume shape");
         }
         const resume = normalizeResumeInvariants(parsed);

package/dist/heart/context-loss-gauntlet.js

@@ -282,7 +282,7 @@ function summarize(verdict) {
     return "blocked: context-loss recovery would lose or mislead the agent";
 }
 function runContextLossGauntlet(agentName, agentRoot, options = {}) {
-    const flightRecorderResume = (0, flight_recorder_1.readFlightRecorderResume)(agentRoot);
+    const flightRecorderResume = options.flightRecorderResume ?? (0, flight_recorder_1.readFlightRecorderResume)(agentRoot);
     const card = (0, work_card_1.buildWorkCard)(agentName, agentRoot, { ...options, flightRecorderResume });
     const generatedAt = (options.now ?? (() => new Date()))().toISOString();
     const checks = [