npm - @ouro.bot/cli - Versions diffs - 0.1.0-alpha.83 → 0.1.0-alpha.85 - Mend

@ouro.bot/cli 0.1.0-alpha.83 → 0.1.0-alpha.85

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/changelog.json +14 -0
package/dist/heart/safe-workspace.js +44 -3
package/dist/mind/prompt.js +11 -0
package/dist/repertoire/tools-base.js +31 -1
package/dist/repertoire/tools.js +12 -1
package/package.json +1 -1

package/changelog.json CHANGED Viewed

@@ -1,6 +1,20 @@
 {
   "_note": "This changelog is maintained as part of the PR/version-bump workflow. Agent-curated, not auto-generated. Agents read this file directly via read_file to understand what changed between versions.",
   "versions": [
+    {
+      "version": "0.1.0-alpha.85",
+      "changes": [
+        "Relative repo paths now route through the chosen safe workspace too, so read/edit/write file tools actually operate in the dedicated clone or worktree instead of silently hitting the wrong checkout.",
+        "File-edit guardrails now normalize paths the same way file reads do, which means a `read_file` followed by `edit_file` on the same relative path no longer self-blocks during safe-workspace routing."
+      ]
+    },
+    {
+      "version": "0.1.0-alpha.84",
+      "changes": [
+        "Safe workspace routing now covers repo-local shell commands too, so agents that discover a harness friction through `shell` land in the dedicated worktree instead of wandering in the shared checkout.",
+        "The new `safe_workspace` tool and prompt guidance make the chosen workspace path, branch, and first concrete repo action explicit before the first edit, tightening the visible OODA loop."
+      ]
+    },
     {
       "version": "0.1.0-alpha.83",
       "changes": [

package/dist/heart/safe-workspace.js CHANGED Viewed

@@ -37,6 +37,7 @@ exports.resetSafeWorkspaceSelection = resetSafeWorkspaceSelection;
 exports.getActiveSafeWorkspaceSelection = getActiveSafeWorkspaceSelection;
 exports.ensureSafeRepoWorkspace = ensureSafeRepoWorkspace;
 exports.resolveSafeRepoPath = resolveSafeRepoPath;
+exports.resolveSafeShellExecution = resolveSafeShellExecution;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const child_process_1 = require("child_process");
@@ -96,7 +97,7 @@ function createDedicatedWorktree(repoRoot, workspaceRoot, branchSuffix, existsSy
         rmSync(workspaceRoot, { recursive: true, force: true });
     }
     assertGitOk(runGit(repoRoot, ["worktree", "add", "-B", branchName, workspaceRoot, "origin/main"], spawnSync), "git worktree add");
-    return { workspaceRoot, created: true };
+    return { workspaceRoot, created: true, branchName };
 }
 function createScratchClone(workspaceRoot, cloneUrl, existsSync, mkdirSync, rmSync, spawnSync) {
     mkdirSync(path.dirname(workspaceRoot), { recursive: true });
@@ -107,7 +108,11 @@ function createScratchClone(workspaceRoot, cloneUrl, existsSync, mkdirSync, rmSy
         stdio: ["ignore", "pipe", "pipe"],
     });
     assertGitOk(result, "git clone");
-    return { workspaceRoot, created: true };
+    return { workspaceRoot, created: true, branchName: "main" };
+}
+const REPO_LOCAL_SHELL_COMMAND = /^(?:[A-Za-z_][A-Za-z0-9_]*=\S+\s+)*(git|npm|npx|node|pnpm|yarn|bun|rg|sed|cat|ls|find|grep|vitest|tsc|eslint)\b/;
+function looksRepoLocalShellCommand(command) {
+    return REPO_LOCAL_SHELL_COMMAND.test(command.trim());
 }
 function registerCleanupHook(options) {
     if (cleanupHookRegistered)
@@ -160,6 +165,7 @@ function ensureSafeRepoWorkspace(options = {}) {
                 runtimeKind: "clone-main",
                 repoRoot,
                 workspaceRoot: created.workspaceRoot,
+                workspaceBranch: created.branchName,
                 sourceBranch: branch,
                 sourceCloneUrl: canonicalRepoUrl,
                 cleanupAfterMerge: false,
@@ -174,6 +180,7 @@ function ensureSafeRepoWorkspace(options = {}) {
                 runtimeKind: "clone-non-main",
                 repoRoot,
                 workspaceRoot: created.workspaceRoot,
+                workspaceBranch: created.branchName,
                 sourceBranch: branch,
                 sourceCloneUrl: canonicalRepoUrl,
                 cleanupAfterMerge: false,
@@ -189,6 +196,7 @@ function ensureSafeRepoWorkspace(options = {}) {
             runtimeKind: "installed-runtime",
             repoRoot,
             workspaceRoot: created.workspaceRoot,
+            workspaceBranch: created.branchName,
             sourceBranch: null,
             sourceCloneUrl: canonicalRepoUrl,
             cleanupAfterMerge: true,
@@ -205,6 +213,7 @@ function ensureSafeRepoWorkspace(options = {}) {
             runtimeKind: selection.runtimeKind,
             repoRoot: selection.repoRoot,
             workspaceRoot: selection.workspaceRoot,
+            workspaceBranch: selection.workspaceBranch,
             sourceBranch: selection.sourceBranch,
             sourceCloneUrl: selection.sourceCloneUrl,
             cleanupAfterMerge: selection.cleanupAfterMerge,
@@ -213,8 +222,16 @@ function ensureSafeRepoWorkspace(options = {}) {
     return selection;
 }
 function resolveSafeRepoPath(options) {
-    const requestedPath = path.resolve(options.requestedPath);
+    const rawRequestedPath = options.requestedPath;
     const repoRoot = path.resolve(options.repoRoot ?? (0, identity_1.getRepoRoot)());
+    if (!path.isAbsolute(rawRequestedPath) && !rawRequestedPath.startsWith("~")) {
+        const selection = activeSelection ?? ensureSafeRepoWorkspace(options);
+        return {
+            selection,
+            resolvedPath: path.resolve(selection.workspaceRoot, rawRequestedPath),
+        };
+    }
+    const requestedPath = path.resolve(rawRequestedPath);
     if (activeSelection && requestedPath.startsWith(activeSelection.workspaceRoot + path.sep)) {
         return { selection: activeSelection, resolvedPath: requestedPath };
     }
@@ -226,3 +243,27 @@ function resolveSafeRepoPath(options) {
     const resolvedPath = relativePath ? path.join(selection.workspaceRoot, relativePath) : selection.workspaceRoot;
     return { selection, resolvedPath };
 }
+function resolveSafeShellExecution(command, options = {}) {
+    const trimmed = command.trim();
+    if (!trimmed) {
+        return { selection: activeSelection, command };
+    }
+    if (activeSelection && command.includes(activeSelection.workspaceRoot)) {
+        return { selection: activeSelection, command, cwd: activeSelection.workspaceRoot };
+    }
+    const repoRoot = path.resolve(options.repoRoot ?? (0, identity_1.getRepoRoot)());
+    const mentionsRepoRoot = command.includes(repoRoot);
+    const shouldRoute = mentionsRepoRoot || looksRepoLocalShellCommand(trimmed);
+    if (!shouldRoute) {
+        return { selection: activeSelection, command };
+    }
+    const selection = ensureSafeRepoWorkspace(options);
+    const rewrittenCommand = mentionsRepoRoot
+        ? command.split(repoRoot).join(selection.workspaceRoot)
+        : command;
+    return {
+        selection,
+        command: rewrittenCommand,
+        cwd: selection.workspaceRoot,
+    };
+}

package/dist/mind/prompt.js CHANGED Viewed

@@ -565,6 +565,16 @@ tool_choice is set to "required" -- i must call a tool on every turn.
 \`final_answer\` must be the ONLY tool call in that turn. do not combine it with other tool calls.
 do NOT call no-op tools just before \`final_answer\`. if i am done, i call \`final_answer\` directly.`;
 }
+function workspaceDisciplineSection() {
+    return `## repo workspace discipline
+when a shared-harness or local code fix needs repo work, i get the real workspace first with \`safe_workspace\`.
+\`read_file\`, \`write_file\`, and \`edit_file\` already map repo paths into that workspace. shell commands that target the harness run there too.
+before the first repo edit, i tell the user in 1-2 short lines:
+- the friction i'm fixing
+- the workspace path/branch i'm using
+- the first concrete action i'm taking`;
+}
 function contextSection(context, options) {
     if (!context)
         return "";
@@ -699,6 +709,7 @@ async function buildSystem(channel = "cli", options, context) {
         toolsSection(channel, options, context),
         mcpToolsSection(options?.mcpManager),
         reasoningEffortSection(options),
+        workspaceDisciplineSection(),
         toolRestrictionSection(context),
         trustContextSection(context),
         mixedTrustGroupSection(context),

package/dist/repertoire/tools-base.js CHANGED Viewed

@@ -404,6 +404,29 @@ exports.baseToolDefinitions = [
             return allResults.join("\n");
         },
     },
+    {
+        tool: {
+            type: "function",
+            function: {
+                name: "safe_workspace",
+                description: "acquire or inspect the safe harness repo workspace for local edits. returns the real workspace path, branch, and why it was chosen.",
+                parameters: {
+                    type: "object",
+                    properties: {},
+                },
+            },
+        },
+        handler: () => {
+            const selection = (0, safe_workspace_1.ensureSafeRepoWorkspace)();
+            return [
+                `workspace: ${selection.workspaceRoot}`,
+                `branch: ${selection.workspaceBranch}`,
+                `runtime: ${selection.runtimeKind}`,
+                `cleanup_after_merge: ${selection.cleanupAfterMerge ? "yes" : "no"}`,
+                `note: ${selection.note}`,
+            ].join("\n");
+        },
+    },
     {
         tool: {
             type: "function",
@@ -417,7 +440,14 @@ exports.baseToolDefinitions = [
                 },
             },
         },
-        handler: (a) => (0, child_process_1.execSync)(a.command, { encoding: "utf-8", timeout: 30000 }),
+        handler: (a) => {
+            const prepared = (0, safe_workspace_1.resolveSafeShellExecution)(a.command);
+            return (0, child_process_1.execSync)(prepared.command, {
+                encoding: "utf-8",
+                timeout: 30000,
+                ...(prepared.cwd ? { cwd: prepared.cwd } : {}),
+            });
+        },
     },
     {
         tool: {

package/dist/repertoire/tools.js CHANGED Viewed

@@ -13,6 +13,7 @@ const tools_github_1 = require("./tools-github");
 const runtime_1 = require("../nerves/runtime");
 const guardrails_1 = require("./guardrails");
 const identity_1 = require("../heart/identity");
+const safe_workspace_1 = require("../heart/safe-workspace");
 function safeGetAgentRoot() {
     try {
         return (0, identity_1.getAgentRoot)();
@@ -99,6 +100,15 @@ function isConfirmationRequired(toolName) {
     const def = allDefinitions.find((d) => d.tool.function.name === toolName);
     return def?.confirmationRequired === true;
 }
+function normalizeGuardArgs(name, args) {
+    if ((name === "read_file" || name === "write_file" || name === "edit_file") && args.path) {
+        return {
+            ...args,
+            path: (0, safe_workspace_1.resolveSafeRepoPath)({ requestedPath: args.path }).resolvedPath,
+        };
+    }
+    return args;
+}
 async function execTool(name, args, ctx) {
     (0, runtime_1.emitNervesEvent)({
         event: "tool.start",
@@ -124,7 +134,8 @@ async function execTool(name, args, ctx) {
         trustLevel: ctx?.context?.friend?.trustLevel,
         agentRoot: safeGetAgentRoot(),
     };
-    const guardResult = (0, guardrails_1.guardInvocation)(name, args, guardContext);
+    const guardArgs = normalizeGuardArgs(name, args);
+    const guardResult = (0, guardrails_1.guardInvocation)(name, guardArgs, guardContext);
     if (!guardResult.allowed) {
         (0, runtime_1.emitNervesEvent)({
             level: "warn",

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@ouro.bot/cli",
-  "version": "0.1.0-alpha.83",
+  "version": "0.1.0-alpha.85",
   "main": "dist/heart/daemon/ouro-entry.js",
   "bin": {
     "cli": "dist/heart/daemon/ouro-bot-entry.js",