npm - @ouro.bot/cli - Versions diffs - 0.1.0-alpha.71 → 0.1.0-alpha.72 - Mend

@ouro.bot/cli 0.1.0-alpha.71 → 0.1.0-alpha.72

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/changelog.json +8 -0
package/dist/heart/daemon/auth-flow.js +21 -0
package/dist/heart/daemon/daemon-cli.js +68 -1
package/dist/mind/prompt.js +2 -0
package/dist/repertoire/guardrails.js +17 -9
package/dist/repertoire/tools.js +1 -1
package/package.json +1 -1

package/changelog.json CHANGED Viewed

@@ -1,6 +1,14 @@
 {
   "_note": "This changelog is maintained as part of the PR/version-bump workflow. Agent-curated, not auto-generated. Agents read this file directly via read_file to understand what changed between versions.",
   "versions": [
+    {
+      "version": "0.1.0-alpha.72",
+      "changes": [
+        "Fix: Compound shell commands (&&, ;, |, ||) are now checked per-subcommand for untrusted users instead of blanket-blocked. Safe compound commands like `ls && pwd` are allowed; only commands containing an untrusted subcommand are denied.",
+        "New `ouro config model --agent <name> <model-name>` command: change the active model for any provider. Reads provider from agent.json, updates the model field in secrets.json. Gated at friend trust level.",
+        "New `ouro friend update <id> --trust <level>` command: change an existing friend's trust level (stranger, acquaintance, friend, family). Gated at family trust level."
+      ]
+    },
     {
       "version": "0.1.0-alpha.71",
       "changes": [

package/dist/heart/daemon/auth-flow.js CHANGED Viewed

@@ -37,6 +37,7 @@ exports.readAgentConfigForAgent = readAgentConfigForAgent;
 exports.writeAgentProviderSelection = writeAgentProviderSelection;
 exports.loadAgentSecrets = loadAgentSecrets;
 exports.writeProviderCredentials = writeProviderCredentials;
+exports.writeAgentModel = writeAgentModel;
 exports.collectRuntimeAuthCredentials = collectRuntimeAuthCredentials;
 exports.resolveHatchCredentials = resolveHatchCredentials;
 exports.runRuntimeAuthFlow = runRuntimeAuthFlow;
@@ -186,6 +187,26 @@ function writeProviderCredentials(agentName, provider, credentials, deps = {}) {
     writeSecrets(secretsPath, secrets);
     return { secretsPath, secrets };
 }
+const MODEL_FIELD = {
+    azure: "modelName",
+    minimax: "model",
+    anthropic: "model",
+    "openai-codex": "model",
+    "github-copilot": "model",
+};
+function writeAgentModel(agentName, modelName, deps = {}) {
+    const { config } = readAgentConfigForAgent(agentName, deps.bundlesRoot);
+    const provider = config.provider;
+    const { secretsPath, secrets } = loadAgentSecrets(agentName, deps);
+    const providerSecrets = secrets.providers[provider];
+    /* v8 ignore next -- fallback: all known providers are in MODEL_FIELD @preserve */
+    const fieldName = MODEL_FIELD[provider] ?? "model";
+    /* v8 ignore next -- defensive: fieldName always exists in template @preserve */
+    const previousModel = providerSecrets[fieldName] ?? "";
+    providerSecrets[fieldName] = modelName;
+    writeSecrets(secretsPath, secrets);
+    return { secretsPath, provider, previousModel };
+}
 function readCodexAccessToken(homeDir) {
     const authPath = path.join(homeDir, ".codex", "auth.json");
     try {

package/dist/heart/daemon/daemon-cli.js CHANGED Viewed

@@ -269,6 +269,7 @@ function usage() {
         "  ouro [up]",
         "  ouro stop|down|status|logs|hatch",
         "  ouro -v|--version",
+        "  ouro config model --agent <name> <model-name>",
         "  ouro auth --agent <name> [--provider <provider>]",
         "  ouro auth verify --agent <name> [--provider <provider>]",
         "  ouro auth switch --agent <name> --provider <provider>",
@@ -285,6 +286,7 @@ function usage() {
         "  ouro friend list [--agent <name>]",
         "  ouro friend show <id> [--agent <name>]",
         "  ouro friend create --name <name> [--trust <level>] [--agent <name>]",
+        "  ouro friend update <id> --trust <level> [--agent <name>]",
         "  ouro thoughts [--last <n>] [--json] [--follow] [--agent <name>]",
         "  ouro friend link <agent> --friend <id> --provider <p> --external-id <eid>",
         "  ouro friend unlink <agent> --friend <id> --provider <p> --external-id <eid>",
@@ -760,12 +762,51 @@ function parseFriendCommand(args) {
             ...(agent ? { agent } : {}),
         };
     }
+    if (sub === "update") {
+        const friendId = rest[0];
+        if (!friendId)
+            throw new Error(`Usage: ouro friend update <id> --trust <level>`);
+        let trustLevel;
+        /* v8 ignore start -- flag parsing loop: tested via CLI parsing tests @preserve */
+        for (let i = 1; i < rest.length; i++) {
+            if (rest[i] === "--trust" && rest[i + 1]) {
+                trustLevel = rest[i + 1];
+                i += 1;
+            }
+        }
+        /* v8 ignore stop */
+        const VALID_TRUST_LEVELS = new Set(["stranger", "acquaintance", "friend", "family"]);
+        if (!trustLevel || !VALID_TRUST_LEVELS.has(trustLevel)) {
+            throw new Error(`Usage: ouro friend update <id> --trust <stranger|acquaintance|friend|family>`);
+        }
+        return {
+            kind: "friend.update",
+            friendId,
+            trustLevel: trustLevel,
+            ...(agent ? { agent } : {}),
+        };
+    }
     if (sub === "link")
         return parseLinkCommand(rest, "friend.link");
     if (sub === "unlink")
         return parseLinkCommand(rest, "friend.unlink");
     throw new Error(`Usage\n${usage()}`);
 }
+function parseConfigCommand(args) {
+    const { agent, rest: cleaned } = extractAgentFlag(args);
+    const [sub, ...rest] = cleaned;
+    if (!sub)
+        throw new Error(`Usage\n${usage()}`);
+    if (sub === "model") {
+        if (!agent)
+            throw new Error("--agent is required for config model");
+        const modelName = rest[0];
+        if (!modelName)
+            throw new Error(`Usage: ouro config model --agent <name> <model-name>`);
+        return { kind: "config.model", agent, modelName };
+    }
+    throw new Error(`Usage\n${usage()}`);
+}
 function parseMcpCommand(args) {
     const [sub, ...rest] = args;
     if (!sub)
@@ -808,6 +849,8 @@ function parseOuroCommand(args) {
         return parseReminderCommand(args.slice(1));
     if (head === "friend")
         return parseFriendCommand(args.slice(1));
+    if (head === "config")
+        return parseConfigCommand(args.slice(1));
     if (head === "mcp")
         return parseMcpCommand(args.slice(1));
     if (head === "whoami") {
@@ -1447,6 +1490,19 @@ async function executeFriendCommand(command, store) {
         });
         return `created: ${id} (${command.name}, ${trustLevel})`;
     }
+    if (command.kind === "friend.update") {
+        const current = await store.get(command.friendId);
+        if (!current)
+            return `friend not found: ${command.friendId}`;
+        const now = new Date().toISOString();
+        await store.put(command.friendId, {
+            ...current,
+            trustLevel: command.trustLevel,
+            role: command.trustLevel,
+            updatedAt: now,
+        });
+        return `updated: ${command.friendId} → trust=${command.trustLevel}`;
+    }
     if (command.kind === "friend.link") {
         const current = await store.get(command.friendId);
         if (!current)
@@ -1673,7 +1729,7 @@ async function runOuroCli(args, deps = createDefaultOuroCliDeps()) {
     }
     // ── friend subcommands (local, no daemon socket needed) ──
     if (command.kind === "friend.list" || command.kind === "friend.show" || command.kind === "friend.create" ||
-        command.kind === "friend.link" || command.kind === "friend.unlink") {
+        command.kind === "friend.update" || command.kind === "friend.link" || command.kind === "friend.unlink") {
         /* v8 ignore start -- production default: requires full identity setup @preserve */
         let store = deps.friendStore;
         if (!store) {
@@ -1740,6 +1796,17 @@ async function runOuroCli(args, deps = createDefaultOuroCliDeps()) {
         return message;
     }
     /* v8 ignore stop */
+    // ── config model (local, no daemon socket needed) ──
+    /* v8 ignore start -- config model: tested via daemon-cli.test.ts @preserve */
+    if (command.kind === "config.model") {
+        const { provider, previousModel } = (0, auth_flow_1.writeAgentModel)(command.agent, command.modelName);
+        const message = previousModel
+            ? `updated ${command.agent} model on ${provider}: ${previousModel} → ${command.modelName}`
+            : `set ${command.agent} model on ${provider}: ${command.modelName}`;
+        deps.writeStdout(message);
+        return message;
+    }
+    /* v8 ignore stop */
     // ── whoami (local, no daemon socket needed) ──
     if (command.kind === "whoami") {
         if (command.agent) {

package/dist/mind/prompt.js CHANGED Viewed

@@ -178,8 +178,10 @@ my bones give me the \`ouro\` cli. always pass \`--agent ${agentName}\`:
   ouro task update --agent ${agentName} <id> <status>
   ouro friend list --agent ${agentName}
   ouro friend show --agent ${agentName} <id>
+  ouro friend update --agent ${agentName} <id> --trust <level>
   ouro session list --agent ${agentName}
   ouro reminder create --agent ${agentName} <title> --body <body>
+  ouro config model --agent ${agentName} <model-name>
   ouro auth --agent ${agentName} --provider <provider>
   ouro auth verify --agent ${agentName} [--provider <provider>]
   ouro auth switch --agent ${agentName} --provider <provider>

package/dist/repertoire/guardrails.js CHANGED Viewed

@@ -48,7 +48,6 @@ const REASONS = {
     readBeforeOverwrite: "i need to read that file first before i can overwrite it.",
     protectedPath: "that path is protected — i can read it but not modify it.",
     destructiveCommand: "that command is too dangerous to run — it could cause irreversible damage.",
-    compoundCommand: "i can only run simple commands for you — no chaining with && or ;",
     // Trust reasons (vary by relationship)
     needsTrust: "i'd need a closer friend to vouch for you before i can do that.",
     needsTrustForWrite: "i'd need a closer friend to vouch for you before i can write files outside my home.",
@@ -90,9 +89,6 @@ function splitShellCommands(command) {
         return [command];
     return command.split(COMPOUND_SEPARATORS).filter(Boolean);
 }
-function isCompoundCommand(command) {
-    return SUBSHELL_PATTERN.test(command) || splitShellCommands(command).length > 1;
-}
 // --- shell commands that write to protected paths ---
 function shellWritesToProtectedPath(command) {
     const redirectMatch = command.match(/>\s*(\S+)/);
@@ -169,7 +165,9 @@ exports.OURO_CLI_TRUST_MANIFEST = {
     "friend list": "friend",
     "friend show": "friend",
     "friend create": "friend",
+    "friend update": "family",
     "reminder create": "friend",
+    "config model": "friend",
     "mcp list": "acquaintance",
     "mcp call": "friend",
     auth: "family",
@@ -234,11 +232,21 @@ function checkSingleShellCommandTrust(command, trustLevel) {
     return deny(REASONS.needsTrust);
 }
 function checkShellTrustGuardrails(command, trustLevel) {
-    // Compound commands: for untrusted users, reject entirely.
-    // This prevents "ouro whoami && rm -rf /" from smuggling dangerous commands.
-    if (isCompoundCommand(command))
-        return deny(REASONS.compoundCommand);
-    return checkSingleShellCommandTrust(command, trustLevel);
+    // Subshell patterns ($(), backticks) can't be reliably split — check as single command
+    /* v8 ignore next -- subshell branch: tested via guardrails.test.ts @preserve */
+    if (SUBSHELL_PATTERN.test(command)) {
+        return checkSingleShellCommandTrust(command, trustLevel);
+    }
+    // Compound commands: check each subcommand individually
+    const subcommands = splitShellCommands(command);
+    if (subcommands.length === 0)
+        return checkSingleShellCommandTrust(command, trustLevel);
+    for (const sub of subcommands) {
+        const result = checkSingleShellCommandTrust(sub, trustLevel);
+        if (!result.allowed)
+            return result;
+    }
+    return allow;
 }
 function checkWriteTrustGuardrails(toolName, args, context) {
     if (toolName !== "write_file" && toolName !== "edit_file")

package/dist/repertoire/tools.js CHANGED Viewed

@@ -103,7 +103,7 @@ async function execTool(name, args, ctx) {
         event: "tool.start",
         component: "tools",
         message: "tool execution started",
-        meta: { name },
+        meta: { name, ...(name === "shell" && args.command ? { command: args.command } : {}) },
     });
     // Look up from combined registry
     const def = allDefinitions.find((d) => d.tool.function.name === name);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@ouro.bot/cli",
-  "version": "0.1.0-alpha.71",
+  "version": "0.1.0-alpha.72",
   "main": "dist/heart/daemon/ouro-entry.js",
   "bin": {
     "cli": "dist/heart/daemon/ouro-bot-entry.js",