@ouro.bot/cli 0.1.0-alpha.71 → 0.1.0-alpha.73

package/changelog.json

@@ -1,6 +1,22 @@
 {
   "_note": "This changelog is maintained as part of the PR/version-bump workflow. Agent-curated, not auto-generated. Agents read this file directly via read_file to understand what changed between versions.",
   "versions": [
+    {
+      "version": "0.1.0-alpha.73",
+      "changes": [
+        "New `ouro config models --agent <name>` command: list available models for the current provider. For github-copilot, queries the models API; other providers show a static message.",
+        "Fix: `ouro config model` now validates model availability for github-copilot before writing, showing available models if the requested one isn't found.",
+        "Fix: system prompt now tells the agent that model/provider changes take effect on the next turn automatically (no restart needed)."
+      ]
+    },
+    {
+      "version": "0.1.0-alpha.72",
+      "changes": [
+        "Fix: Compound shell commands (&&, ;, |, ||) are now checked per-subcommand for untrusted users instead of blanket-blocked. Safe compound commands like `ls && pwd` are allowed; only commands containing an untrusted subcommand are denied.",
+        "New `ouro config model --agent <name> <model-name>` command: change the active model for any provider. Reads provider from agent.json, updates the model field in secrets.json. Gated at friend trust level.",
+        "New `ouro friend update <id> --trust <level>` command: change an existing friend's trust level (stranger, acquaintance, friend, family). Gated at family trust level."
+      ]
+    },
     {
       "version": "0.1.0-alpha.71",
       "changes": [

package/dist/heart/daemon/auth-flow.js

@@ -37,6 +37,7 @@ exports.readAgentConfigForAgent = readAgentConfigForAgent;
 exports.writeAgentProviderSelection = writeAgentProviderSelection;
 exports.loadAgentSecrets = loadAgentSecrets;
 exports.writeProviderCredentials = writeProviderCredentials;
+exports.writeAgentModel = writeAgentModel;
 exports.collectRuntimeAuthCredentials = collectRuntimeAuthCredentials;
 exports.resolveHatchCredentials = resolveHatchCredentials;
 exports.runRuntimeAuthFlow = runRuntimeAuthFlow;
@@ -186,6 +187,26 @@ function writeProviderCredentials(agentName, provider, credentials, deps = {}) {
     writeSecrets(secretsPath, secrets);
     return { secretsPath, secrets };
 }
+const MODEL_FIELD = {
+    azure: "modelName",
+    minimax: "model",
+    anthropic: "model",
+    "openai-codex": "model",
+    "github-copilot": "model",
+};
+function writeAgentModel(agentName, modelName, deps = {}) {
+    const { config } = readAgentConfigForAgent(agentName, deps.bundlesRoot);
+    const provider = config.provider;
+    const { secretsPath, secrets } = loadAgentSecrets(agentName, deps);
+    const providerSecrets = secrets.providers[provider];
+    /* v8 ignore next -- fallback: all known providers are in MODEL_FIELD @preserve */
+    const fieldName = MODEL_FIELD[provider] ?? "model";
+    /* v8 ignore next -- defensive: fieldName always exists in template @preserve */
+    const previousModel = providerSecrets[fieldName] ?? "";
+    providerSecrets[fieldName] = modelName;
+    writeSecrets(secretsPath, secrets);
+    return { secretsPath, provider, previousModel };
+}
 function readCodexAccessToken(homeDir) {
     const authPath = path.join(homeDir, ".codex", "auth.json");
     try {

package/dist/heart/daemon/daemon-cli.js

@@ -34,6 +34,7 @@ var __importStar = (this && this.__importStar) || (function () {
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.ensureDaemonRunning = ensureDaemonRunning;
+exports.listGithubCopilotModels = listGithubCopilotModels;
 exports.parseOuroCommand = parseOuroCommand;
 exports.discoverExistingCredentials = discoverExistingCredentials;
 exports.createDefaultOuroCliDeps = createDefaultOuroCliDeps;
@@ -269,6 +270,8 @@ function usage() {
         "  ouro [up]",
         "  ouro stop|down|status|logs|hatch",
         "  ouro -v|--version",
+        "  ouro config model --agent <name> <model-name>",
+        "  ouro config models --agent <name>",
         "  ouro auth --agent <name> [--provider <provider>]",
         "  ouro auth verify --agent <name> [--provider <provider>]",
         "  ouro auth switch --agent <name> --provider <provider>",
@@ -285,6 +288,7 @@ function usage() {
         "  ouro friend list [--agent <name>]",
         "  ouro friend show <id> [--agent <name>]",
         "  ouro friend create --name <name> [--trust <level>] [--agent <name>]",
+        "  ouro friend update <id> --trust <level> [--agent <name>]",
         "  ouro thoughts [--last <n>] [--json] [--follow] [--agent <name>]",
         "  ouro friend link <agent> --friend <id> --provider <p> --external-id <eid>",
         "  ouro friend unlink <agent> --friend <id> --provider <p> --external-id <eid>",
@@ -486,7 +490,30 @@ async function verifyProviderCredentials(provider, providers, fetchImpl = fetch)
         return "failed (no api key)";
     return "ok";
 }
-/* v8 ignore stop */
+async function listGithubCopilotModels(baseUrl, token, fetchImpl = fetch) {
+    const url = `${baseUrl.replace(/\/+$/, "")}/models`;
+    const response = await fetchImpl(url, {
+        headers: { Authorization: `Bearer ${token}` },
+    });
+    if (!response.ok) {
+        throw new Error(`model listing failed (HTTP ${response.status})`);
+    }
+    const body = await response.json();
+    /* v8 ignore start -- response shape handling: tested via config-models.test.ts @preserve */
+    const items = Array.isArray(body) ? body : (body?.data ?? []);
+    return items.map((item) => {
+        const rec = item;
+        const capabilities = Array.isArray(rec.capabilities)
+            ? rec.capabilities.filter((c) => typeof c === "string")
+            : undefined;
+        return {
+            id: String(rec.id ?? rec.name ?? ""),
+            name: String(rec.name ?? rec.id ?? ""),
+            ...(capabilities ? { capabilities } : {}),
+        };
+    });
+    /* v8 ignore stop */
+}
 function parseHatchCommand(args) {
     let agentName;
     let humanName;
@@ -760,12 +787,56 @@ function parseFriendCommand(args) {
             ...(agent ? { agent } : {}),
         };
     }
+    if (sub === "update") {
+        const friendId = rest[0];
+        if (!friendId)
+            throw new Error(`Usage: ouro friend update <id> --trust <level>`);
+        let trustLevel;
+        /* v8 ignore start -- flag parsing loop: tested via CLI parsing tests @preserve */
+        for (let i = 1; i < rest.length; i++) {
+            if (rest[i] === "--trust" && rest[i + 1]) {
+                trustLevel = rest[i + 1];
+                i += 1;
+            }
+        }
+        /* v8 ignore stop */
+        const VALID_TRUST_LEVELS = new Set(["stranger", "acquaintance", "friend", "family"]);
+        if (!trustLevel || !VALID_TRUST_LEVELS.has(trustLevel)) {
+            throw new Error(`Usage: ouro friend update <id> --trust <stranger|acquaintance|friend|family>`);
+        }
+        return {
+            kind: "friend.update",
+            friendId,
+            trustLevel: trustLevel,
+            ...(agent ? { agent } : {}),
+        };
+    }
     if (sub === "link")
         return parseLinkCommand(rest, "friend.link");
     if (sub === "unlink")
         return parseLinkCommand(rest, "friend.unlink");
     throw new Error(`Usage\n${usage()}`);
 }
+function parseConfigCommand(args) {
+    const { agent, rest: cleaned } = extractAgentFlag(args);
+    const [sub, ...rest] = cleaned;
+    if (!sub)
+        throw new Error(`Usage\n${usage()}`);
+    if (sub === "model") {
+        if (!agent)
+            throw new Error("--agent is required for config model");
+        const modelName = rest[0];
+        if (!modelName)
+            throw new Error(`Usage: ouro config model --agent <name> <model-name>`);
+        return { kind: "config.model", agent, modelName };
+    }
+    if (sub === "models") {
+        if (!agent)
+            throw new Error("--agent is required for config models");
+        return { kind: "config.models", agent };
+    }
+    throw new Error(`Usage\n${usage()}`);
+}
 function parseMcpCommand(args) {
     const [sub, ...rest] = args;
     if (!sub)
@@ -808,6 +879,8 @@ function parseOuroCommand(args) {
         return parseReminderCommand(args.slice(1));
     if (head === "friend")
         return parseFriendCommand(args.slice(1));
+    if (head === "config")
+        return parseConfigCommand(args.slice(1));
     if (head === "mcp")
         return parseMcpCommand(args.slice(1));
     if (head === "whoami") {
@@ -1447,6 +1520,19 @@ async function executeFriendCommand(command, store) {
         });
         return `created: ${id} (${command.name}, ${trustLevel})`;
     }
+    if (command.kind === "friend.update") {
+        const current = await store.get(command.friendId);
+        if (!current)
+            return `friend not found: ${command.friendId}`;
+        const now = new Date().toISOString();
+        await store.put(command.friendId, {
+            ...current,
+            trustLevel: command.trustLevel,
+            role: command.trustLevel,
+            updatedAt: now,
+        });
+        return `updated: ${command.friendId} → trust=${command.trustLevel}`;
+    }
     if (command.kind === "friend.link") {
         const current = await store.get(command.friendId);
         if (!current)
@@ -1673,7 +1759,7 @@ async function runOuroCli(args, deps = createDefaultOuroCliDeps()) {
     }
     // ── friend subcommands (local, no daemon socket needed) ──
     if (command.kind === "friend.list" || command.kind === "friend.show" || command.kind === "friend.create" ||
-        command.kind === "friend.link" || command.kind === "friend.unlink") {
+        command.kind === "friend.update" || command.kind === "friend.link" || command.kind === "friend.unlink") {
         /* v8 ignore start -- production default: requires full identity setup @preserve */
         let store = deps.friendStore;
         if (!store) {
@@ -1740,6 +1826,70 @@ async function runOuroCli(args, deps = createDefaultOuroCliDeps()) {
         return message;
     }
     /* v8 ignore stop */
+    // ── config models (local, no daemon socket needed) ──
+    /* v8 ignore start -- config models: tested via daemon-cli.test.ts @preserve */
+    if (command.kind === "config.models") {
+        const { config } = (0, auth_flow_1.readAgentConfigForAgent)(command.agent);
+        const provider = config.provider;
+        if (provider !== "github-copilot") {
+            const message = `model listing not available for ${provider} — check provider documentation.`;
+            deps.writeStdout(message);
+            return message;
+        }
+        const { secrets } = (0, auth_flow_1.loadAgentSecrets)(command.agent);
+        const ghConfig = secrets.providers["github-copilot"];
+        if (!ghConfig.githubToken || !ghConfig.baseUrl) {
+            throw new Error(`github-copilot credentials not configured. Run \`ouro auth --agent ${command.agent} --provider github-copilot\` first.`);
+        }
+        const fetchFn = deps.fetchImpl ?? fetch;
+        const models = await listGithubCopilotModels(ghConfig.baseUrl, ghConfig.githubToken, fetchFn);
+        if (models.length === 0) {
+            const message = "no models found";
+            deps.writeStdout(message);
+            return message;
+        }
+        const lines = ["available models:"];
+        for (const m of models) {
+            const caps = m.capabilities?.length ? ` (${m.capabilities.join(", ")})` : "";
+            lines.push(`  ${m.id}${caps}`);
+        }
+        const message = lines.join("\n");
+        deps.writeStdout(message);
+        return message;
+    }
+    /* v8 ignore stop */
+    // ── config model (local, no daemon socket needed) ──
+    /* v8 ignore start -- config model: tested via daemon-cli.test.ts @preserve */
+    if (command.kind === "config.model") {
+        // Validate model availability for github-copilot before writing
+        const { config } = (0, auth_flow_1.readAgentConfigForAgent)(command.agent);
+        if (config.provider === "github-copilot") {
+            const { secrets } = (0, auth_flow_1.loadAgentSecrets)(command.agent);
+            const ghConfig = secrets.providers["github-copilot"];
+            if (ghConfig.githubToken && ghConfig.baseUrl) {
+                const fetchFn = deps.fetchImpl ?? fetch;
+                try {
+                    const models = await listGithubCopilotModels(ghConfig.baseUrl, ghConfig.githubToken, fetchFn);
+                    const available = models.map((m) => m.id);
+                    if (available.length > 0 && !available.includes(command.modelName)) {
+                        const message = `model '${command.modelName}' not found. available models:\n${available.map((id) => `  ${id}`).join("\n")}`;
+                        deps.writeStdout(message);
+                        return message;
+                    }
+                }
+                catch {
+                    // Validation failed — fall through and write anyway
+                }
+            }
+        }
+        const { provider, previousModel } = (0, auth_flow_1.writeAgentModel)(command.agent, command.modelName);
+        const message = previousModel
+            ? `updated ${command.agent} model on ${provider}: ${previousModel} → ${command.modelName}`
+            : `set ${command.agent} model on ${provider}: ${command.modelName}`;
+        deps.writeStdout(message);
+        return message;
+    }
+    /* v8 ignore stop */
     // ── whoami (local, no daemon socket needed) ──
     if (command.kind === "whoami") {
         if (command.agent) {

package/dist/mind/prompt.js

@@ -178,14 +178,19 @@ my bones give me the \`ouro\` cli. always pass \`--agent ${agentName}\`:
   ouro task update --agent ${agentName} <id> <status>
   ouro friend list --agent ${agentName}
   ouro friend show --agent ${agentName} <id>
+  ouro friend update --agent ${agentName} <id> --trust <level>
   ouro session list --agent ${agentName}
   ouro reminder create --agent ${agentName} <title> --body <body>
+  ouro config model --agent ${agentName} <model-name>
+  ouro config models --agent ${agentName}
   ouro auth --agent ${agentName} --provider <provider>
   ouro auth verify --agent ${agentName} [--provider <provider>]
   ouro auth switch --agent ${agentName} --provider <provider>
   ouro mcp list --agent ${agentName}
   ouro mcp call --agent ${agentName} <server> <tool> --args '{...}'
-  ouro --help`;
+  ouro --help
+
+provider/model changes via \`ouro config model\` or \`ouro auth switch\` take effect on the next turn automatically — no restart needed.`;
 }
 function mcpToolsSection(mcpManager) {
     if (!mcpManager)

package/dist/repertoire/guardrails.js

@@ -48,7 +48,6 @@ const REASONS = {
     readBeforeOverwrite: "i need to read that file first before i can overwrite it.",
     protectedPath: "that path is protected — i can read it but not modify it.",
     destructiveCommand: "that command is too dangerous to run — it could cause irreversible damage.",
-    compoundCommand: "i can only run simple commands for you — no chaining with && or ;",
     // Trust reasons (vary by relationship)
     needsTrust: "i'd need a closer friend to vouch for you before i can do that.",
     needsTrustForWrite: "i'd need a closer friend to vouch for you before i can write files outside my home.",
@@ -90,9 +89,6 @@ function splitShellCommands(command) {
         return [command];
     return command.split(COMPOUND_SEPARATORS).filter(Boolean);
 }
-function isCompoundCommand(command) {
-    return SUBSHELL_PATTERN.test(command) || splitShellCommands(command).length > 1;
-}
 // --- shell commands that write to protected paths ---
 function shellWritesToProtectedPath(command) {
     const redirectMatch = command.match(/>\s*(\S+)/);
@@ -169,7 +165,10 @@ exports.OURO_CLI_TRUST_MANIFEST = {
     "friend list": "friend",
     "friend show": "friend",
     "friend create": "friend",
+    "friend update": "family",
     "reminder create": "friend",
+    "config model": "friend",
+    "config models": "friend",
     "mcp list": "acquaintance",
     "mcp call": "friend",
     auth: "family",
@@ -234,11 +233,21 @@ function checkSingleShellCommandTrust(command, trustLevel) {
     return deny(REASONS.needsTrust);
 }
 function checkShellTrustGuardrails(command, trustLevel) {
-    // Compound commands: for untrusted users, reject entirely.
-    // This prevents "ouro whoami && rm -rf /" from smuggling dangerous commands.
-    if (isCompoundCommand(command))
-        return deny(REASONS.compoundCommand);
-    return checkSingleShellCommandTrust(command, trustLevel);
+    // Subshell patterns ($(), backticks) can't be reliably split — check as single command
+    /* v8 ignore next -- subshell branch: tested via guardrails.test.ts @preserve */
+    if (SUBSHELL_PATTERN.test(command)) {
+        return checkSingleShellCommandTrust(command, trustLevel);
+    }
+    // Compound commands: check each subcommand individually
+    const subcommands = splitShellCommands(command);
+    if (subcommands.length === 0)
+        return checkSingleShellCommandTrust(command, trustLevel);
+    for (const sub of subcommands) {
+        const result = checkSingleShellCommandTrust(sub, trustLevel);
+        if (!result.allowed)
+            return result;
+    }
+    return allow;
 }
 function checkWriteTrustGuardrails(toolName, args, context) {
     if (toolName !== "write_file" && toolName !== "edit_file")

package/dist/repertoire/tools.js

@@ -103,7 +103,7 @@ async function execTool(name, args, ctx) {
         event: "tool.start",
         component: "tools",
         message: "tool execution started",
-        meta: { name },
+        meta: { name, ...(name === "shell" && args.command ? { command: args.command } : {}) },
     });
     // Look up from combined registry
     const def = allDefinitions.find((d) => d.tool.function.name === name);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ouro.bot/cli",
-  "version": "0.1.0-alpha.71",
+  "version": "0.1.0-alpha.73",
   "main": "dist/heart/daemon/ouro-entry.js",
   "bin": {
     "cli": "dist/heart/daemon/ouro-bot-entry.js",