@ouro.bot/cli 0.1.0-alpha.70 → 0.1.0-alpha.72

package/changelog.json

@@ -1,6 +1,22 @@
 {
   "_note": "This changelog is maintained as part of the PR/version-bump workflow. Agent-curated, not auto-generated. Agents read this file directly via read_file to understand what changed between versions.",
   "versions": [
+    {
+      "version": "0.1.0-alpha.72",
+      "changes": [
+        "Fix: Compound shell commands (&&, ;, |, ||) are now checked per-subcommand for untrusted users instead of blanket-blocked. Safe compound commands like `ls && pwd` are allowed; only commands containing an untrusted subcommand are denied.",
+        "New `ouro config model --agent <name> <model-name>` command: change the active model for any provider. Reads provider from agent.json, updates the model field in secrets.json. Gated at friend trust level.",
+        "New `ouro friend update <id> --trust <level>` command: change an existing friend's trust level (stranger, acquaintance, friend, family). Gated at family trust level."
+      ]
+    },
+    {
+      "version": "0.1.0-alpha.71",
+      "changes": [
+        "Fix: `ouro auth switch` now works with both `ouro auth switch --agent X --provider Y` and `ouro auth --switch --agent X --provider Y` syntax.",
+        "Fix: `ouro auth verify` now makes a real API call for github-copilot (GET copilot_internal/user) instead of only checking token format.",
+        "Fix: `ouro auth --verify` flag form also accepted alongside positional `verify` subcommand."
+      ]
+    },
     {
       "version": "0.1.0-alpha.70",
       "changes": [

package/dist/heart/daemon/auth-flow.js

@@ -37,6 +37,7 @@ exports.readAgentConfigForAgent = readAgentConfigForAgent;
 exports.writeAgentProviderSelection = writeAgentProviderSelection;
 exports.loadAgentSecrets = loadAgentSecrets;
 exports.writeProviderCredentials = writeProviderCredentials;
+exports.writeAgentModel = writeAgentModel;
 exports.collectRuntimeAuthCredentials = collectRuntimeAuthCredentials;
 exports.resolveHatchCredentials = resolveHatchCredentials;
 exports.runRuntimeAuthFlow = runRuntimeAuthFlow;
@@ -186,6 +187,26 @@ function writeProviderCredentials(agentName, provider, credentials, deps = {}) {
     writeSecrets(secretsPath, secrets);
     return { secretsPath, secrets };
 }
+const MODEL_FIELD = {
+    azure: "modelName",
+    minimax: "model",
+    anthropic: "model",
+    "openai-codex": "model",
+    "github-copilot": "model",
+};
+function writeAgentModel(agentName, modelName, deps = {}) {
+    const { config } = readAgentConfigForAgent(agentName, deps.bundlesRoot);
+    const provider = config.provider;
+    const { secretsPath, secrets } = loadAgentSecrets(agentName, deps);
+    const providerSecrets = secrets.providers[provider];
+    /* v8 ignore next -- fallback: all known providers are in MODEL_FIELD @preserve */
+    const fieldName = MODEL_FIELD[provider] ?? "model";
+    /* v8 ignore next -- defensive: fieldName always exists in template @preserve */
+    const previousModel = providerSecrets[fieldName] ?? "";
+    providerSecrets[fieldName] = modelName;
+    writeSecrets(secretsPath, secrets);
+    return { secretsPath, provider, previousModel };
+}
 function readCodexAccessToken(homeDir) {
     const authPath = path.join(homeDir, ".codex", "auth.json");
     try {

package/dist/heart/daemon/daemon-cli.js

@@ -269,6 +269,7 @@ function usage() {
         "  ouro [up]",
         "  ouro stop|down|status|logs|hatch",
         "  ouro -v|--version",
+        "  ouro config model --agent <name> <model-name>",
         "  ouro auth --agent <name> [--provider <provider>]",
         "  ouro auth verify --agent <name> [--provider <provider>]",
         "  ouro auth switch --agent <name> --provider <provider>",
@@ -285,6 +286,7 @@ function usage() {
         "  ouro friend list [--agent <name>]",
         "  ouro friend show <id> [--agent <name>]",
         "  ouro friend create --name <name> [--trust <level>] [--agent <name>]",
+        "  ouro friend update <id> --trust <level> [--agent <name>]",
         "  ouro thoughts [--last <n>] [--json] [--follow] [--agent <name>]",
         "  ouro friend link <agent> --friend <id> --provider <p> --external-id <eid>",
         "  ouro friend unlink <agent> --friend <id> --provider <p> --external-id <eid>",
@@ -443,7 +445,7 @@ function hasStoredCredentials(provider, providerSecrets) {
 }
 /* v8 ignore stop */
 /* v8 ignore start -- verifyProviderCredentials: per-provider branches tested via auth verify tests @preserve */
-function verifyProviderCredentials(provider, providers) {
+async function verifyProviderCredentials(provider, providers, fetchImpl = fetch) {
     const p = providers[provider];
     if (!p)
         return "not configured";
@@ -461,7 +463,17 @@ function verifyProviderCredentials(provider, providers) {
     }
     if (provider === "github-copilot") {
         const token = p.githubToken || "";
-        return token ? "ok" : "failed (no token)";
+        if (!token)
+            return "failed (no token)";
+        try {
+            const response = await fetchImpl("https://api.github.com/copilot_internal/user", {
+                headers: { Authorization: `Bearer ${token}` },
+            });
+            return response.ok ? "ok" : `failed (HTTP ${response.status})`;
+        }
+        catch (error) {
+            return `failed (${error.message})`;
+        }
     }
     if (provider === "minimax") {
         const apiKey = p.apiKey || "";
@@ -593,7 +605,9 @@ function parseTaskCommand(args) {
 }
 function parseAuthCommand(args) {
     const first = args[0];
-    if (first === "verify" || first === "switch") {
+    // Support both positional (`auth switch`) and flag (`auth --switch`) forms
+    if (first === "verify" || first === "switch" || first === "--verify" || first === "--switch") {
+        const subcommand = first.replace(/^--/, "");
         const { agent, rest } = extractAgentFlag(args.slice(1));
         let provider;
         /* v8 ignore start -- provider flag parsing: branches tested via CLI parsing tests @preserve */
@@ -611,7 +625,7 @@ function parseAuthCommand(args) {
         /* v8 ignore next -- defensive: agent always provided in tests @preserve */
         if (!agent)
             throw new Error(`Usage\n${usage()}`);
-        if (first === "switch") {
+        if (subcommand === "switch") {
             if (!provider)
                 throw new Error(`auth switch requires --provider.\n${usage()}`);
             return { kind: "auth.switch", agent, provider };
@@ -748,12 +762,51 @@ function parseFriendCommand(args) {
             ...(agent ? { agent } : {}),
         };
     }
+    if (sub === "update") {
+        const friendId = rest[0];
+        if (!friendId)
+            throw new Error(`Usage: ouro friend update <id> --trust <level>`);
+        let trustLevel;
+        /* v8 ignore start -- flag parsing loop: tested via CLI parsing tests @preserve */
+        for (let i = 1; i < rest.length; i++) {
+            if (rest[i] === "--trust" && rest[i + 1]) {
+                trustLevel = rest[i + 1];
+                i += 1;
+            }
+        }
+        /* v8 ignore stop */
+        const VALID_TRUST_LEVELS = new Set(["stranger", "acquaintance", "friend", "family"]);
+        if (!trustLevel || !VALID_TRUST_LEVELS.has(trustLevel)) {
+            throw new Error(`Usage: ouro friend update <id> --trust <stranger|acquaintance|friend|family>`);
+        }
+        return {
+            kind: "friend.update",
+            friendId,
+            trustLevel: trustLevel,
+            ...(agent ? { agent } : {}),
+        };
+    }
     if (sub === "link")
         return parseLinkCommand(rest, "friend.link");
     if (sub === "unlink")
         return parseLinkCommand(rest, "friend.unlink");
     throw new Error(`Usage\n${usage()}`);
 }
+function parseConfigCommand(args) {
+    const { agent, rest: cleaned } = extractAgentFlag(args);
+    const [sub, ...rest] = cleaned;
+    if (!sub)
+        throw new Error(`Usage\n${usage()}`);
+    if (sub === "model") {
+        if (!agent)
+            throw new Error("--agent is required for config model");
+        const modelName = rest[0];
+        if (!modelName)
+            throw new Error(`Usage: ouro config model --agent <name> <model-name>`);
+        return { kind: "config.model", agent, modelName };
+    }
+    throw new Error(`Usage\n${usage()}`);
+}
 function parseMcpCommand(args) {
     const [sub, ...rest] = args;
     if (!sub)
@@ -796,6 +849,8 @@ function parseOuroCommand(args) {
         return parseReminderCommand(args.slice(1));
     if (head === "friend")
         return parseFriendCommand(args.slice(1));
+    if (head === "config")
+        return parseConfigCommand(args.slice(1));
     if (head === "mcp")
         return parseMcpCommand(args.slice(1));
     if (head === "whoami") {
@@ -1435,6 +1490,19 @@ async function executeFriendCommand(command, store) {
         });
         return `created: ${id} (${command.name}, ${trustLevel})`;
     }
+    if (command.kind === "friend.update") {
+        const current = await store.get(command.friendId);
+        if (!current)
+            return `friend not found: ${command.friendId}`;
+        const now = new Date().toISOString();
+        await store.put(command.friendId, {
+            ...current,
+            trustLevel: command.trustLevel,
+            role: command.trustLevel,
+            updatedAt: now,
+        });
+        return `updated: ${command.friendId} → trust=${command.trustLevel}`;
+    }
     if (command.kind === "friend.link") {
         const current = await store.get(command.friendId);
         if (!current)
@@ -1661,7 +1729,7 @@ async function runOuroCli(args, deps = createDefaultOuroCliDeps()) {
     }
     // ── friend subcommands (local, no daemon socket needed) ──
     if (command.kind === "friend.list" || command.kind === "friend.show" || command.kind === "friend.create" ||
-        command.kind === "friend.link" || command.kind === "friend.unlink") {
+        command.kind === "friend.update" || command.kind === "friend.link" || command.kind === "friend.unlink") {
         /* v8 ignore start -- production default: requires full identity setup @preserve */
         let store = deps.friendStore;
         if (!store) {
@@ -1697,15 +1765,16 @@ async function runOuroCli(args, deps = createDefaultOuroCliDeps()) {
     if (command.kind === "auth.verify") {
         const { secrets } = (0, auth_flow_1.loadAgentSecrets)(command.agent);
         const providers = secrets.providers;
+        const fetchFn = deps.fetchImpl ?? fetch;
         if (command.provider) {
-            const status = verifyProviderCredentials(command.provider, providers);
+            const status = await verifyProviderCredentials(command.provider, providers, fetchFn);
             const message = `${command.provider}: ${status}`;
             deps.writeStdout(message);
             return message;
         }
         const lines = [];
         for (const p of Object.keys(providers)) {
-            const status = verifyProviderCredentials(p, providers);
+            const status = await verifyProviderCredentials(p, providers, fetchFn);
             lines.push(`${p}: ${status}`);
         }
         const message = lines.join("\n");
@@ -1727,6 +1796,17 @@ async function runOuroCli(args, deps = createDefaultOuroCliDeps()) {
         return message;
     }
     /* v8 ignore stop */
+    // ── config model (local, no daemon socket needed) ──
+    /* v8 ignore start -- config model: tested via daemon-cli.test.ts @preserve */
+    if (command.kind === "config.model") {
+        const { provider, previousModel } = (0, auth_flow_1.writeAgentModel)(command.agent, command.modelName);
+        const message = previousModel
+            ? `updated ${command.agent} model on ${provider}: ${previousModel} → ${command.modelName}`
+            : `set ${command.agent} model on ${provider}: ${command.modelName}`;
+        deps.writeStdout(message);
+        return message;
+    }
+    /* v8 ignore stop */
     // ── whoami (local, no daemon socket needed) ──
     if (command.kind === "whoami") {
         if (command.agent) {

package/dist/mind/prompt.js

@@ -178,8 +178,10 @@ my bones give me the \`ouro\` cli. always pass \`--agent ${agentName}\`:
   ouro task update --agent ${agentName} <id> <status>
   ouro friend list --agent ${agentName}
   ouro friend show --agent ${agentName} <id>
+  ouro friend update --agent ${agentName} <id> --trust <level>
   ouro session list --agent ${agentName}
   ouro reminder create --agent ${agentName} <title> --body <body>
+  ouro config model --agent ${agentName} <model-name>
   ouro auth --agent ${agentName} --provider <provider>
   ouro auth verify --agent ${agentName} [--provider <provider>]
   ouro auth switch --agent ${agentName} --provider <provider>

package/dist/repertoire/guardrails.js

@@ -48,7 +48,6 @@ const REASONS = {
     readBeforeOverwrite: "i need to read that file first before i can overwrite it.",
     protectedPath: "that path is protected — i can read it but not modify it.",
     destructiveCommand: "that command is too dangerous to run — it could cause irreversible damage.",
-    compoundCommand: "i can only run simple commands for you — no chaining with && or ;",
     // Trust reasons (vary by relationship)
     needsTrust: "i'd need a closer friend to vouch for you before i can do that.",
     needsTrustForWrite: "i'd need a closer friend to vouch for you before i can write files outside my home.",
@@ -90,9 +89,6 @@ function splitShellCommands(command) {
         return [command];
     return command.split(COMPOUND_SEPARATORS).filter(Boolean);
 }
-function isCompoundCommand(command) {
-    return SUBSHELL_PATTERN.test(command) || splitShellCommands(command).length > 1;
-}
 // --- shell commands that write to protected paths ---
 function shellWritesToProtectedPath(command) {
     const redirectMatch = command.match(/>\s*(\S+)/);
@@ -169,7 +165,9 @@ exports.OURO_CLI_TRUST_MANIFEST = {
     "friend list": "friend",
     "friend show": "friend",
     "friend create": "friend",
+    "friend update": "family",
     "reminder create": "friend",
+    "config model": "friend",
     "mcp list": "acquaintance",
     "mcp call": "friend",
     auth: "family",
@@ -234,11 +232,21 @@ function checkSingleShellCommandTrust(command, trustLevel) {
     return deny(REASONS.needsTrust);
 }
 function checkShellTrustGuardrails(command, trustLevel) {
-    // Compound commands: for untrusted users, reject entirely.
-    // This prevents "ouro whoami && rm -rf /" from smuggling dangerous commands.
-    if (isCompoundCommand(command))
-        return deny(REASONS.compoundCommand);
-    return checkSingleShellCommandTrust(command, trustLevel);
+    // Subshell patterns ($(), backticks) can't be reliably split — check as single command
+    /* v8 ignore next -- subshell branch: tested via guardrails.test.ts @preserve */
+    if (SUBSHELL_PATTERN.test(command)) {
+        return checkSingleShellCommandTrust(command, trustLevel);
+    }
+    // Compound commands: check each subcommand individually
+    const subcommands = splitShellCommands(command);
+    if (subcommands.length === 0)
+        return checkSingleShellCommandTrust(command, trustLevel);
+    for (const sub of subcommands) {
+        const result = checkSingleShellCommandTrust(sub, trustLevel);
+        if (!result.allowed)
+            return result;
+    }
+    return allow;
 }
 function checkWriteTrustGuardrails(toolName, args, context) {
     if (toolName !== "write_file" && toolName !== "edit_file")

package/dist/repertoire/tools.js

@@ -103,7 +103,7 @@ async function execTool(name, args, ctx) {
         event: "tool.start",
         component: "tools",
         message: "tool execution started",
-        meta: { name },
+        meta: { name, ...(name === "shell" && args.command ? { command: args.command } : {}) },
     });
     // Look up from combined registry
     const def = allDefinitions.find((d) => d.tool.function.name === name);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ouro.bot/cli",
-  "version": "0.1.0-alpha.70",
+  "version": "0.1.0-alpha.72",
   "main": "dist/heart/daemon/ouro-entry.js",
   "bin": {
     "cli": "dist/heart/daemon/ouro-bot-entry.js",