atris 3.26.0 → 3.28.0

package/commands/moves.js

@@ -0,0 +1,156 @@
+'use strict';
+
+// `atris moves`: alive onboarding. Shows the 3 highest-leverage next moves and
+// lets you approve (seed it into the loop), kill (stop suggesting it), or skip.
+// This is the seed of proactiveness: the workspace proposes, you steer.
+
+const readline = require('readline');
+const {
+  nextMoves,
+  recordDecision,
+  seedInboxFromMove,
+} = require('../lib/next-moves');
+
+function currentMoves(root, limit) {
+  return nextMoves(root, limit);
+}
+
+function renderMoves(moves) {
+  if (!moves.length) {
+    return [
+      '',
+      'your next moves',
+      '',
+      '  nothing queued. add an item to ROADMAP.md under "## Open loop items",',
+      '  or jot an idea with `atris log`.',
+      '',
+    ].join('\n');
+  }
+  const lines = ['', 'your next moves', ''];
+  moves.forEach((m, i) => {
+    lines.push(`  ${i + 1}. ${m.title}`);
+    lines.push(`     why: ${m.why}   id: ${m.id}`);
+    lines.push('');
+  });
+  lines.push('  approve:  atris moves --approve <id|N>   seed it into the loop');
+  lines.push('  kill:     atris moves --kill <id|N>      stop suggesting it');
+  lines.push('  (use the id when you act later; the numbered order can shift)');
+  lines.push('');
+  return lines.join('\n');
+}
+
+function parseIndexes(value) {
+  return String(value || '')
+    .split(/[\s,]+/)
+    .map((s) => parseInt(s, 10))
+    .filter((n) => Number.isInteger(n) && n >= 1);
+}
+
+// Resolve --approve/--kill tokens to move objects. A token is either a stable
+// move id (m_...) or a 1-based position. The id is preferred because the list
+// can re-rank between viewing and acting, so a bare index can hit a different
+// move than the one you saw.
+function resolveSelection(moves, value) {
+  const tokens = String(value || '').split(/[\s,]+/).filter(Boolean);
+  const byId = new Map(moves.map((m) => [m.id, m]));
+  const seen = new Set();
+  const out = [];
+  for (const tok of tokens) {
+    let move = null;
+    if (byId.has(tok)) move = byId.get(tok);
+    else if (/^\d+$/.test(tok)) move = moves[parseInt(tok, 10) - 1];
+    if (move && !seen.has(move.id)) { seen.add(move.id); out.push(move); }
+  }
+  return out;
+}
+
+function applyDecision(root, selectedMoves, decision, stamp) {
+  const { claimRoadmapItem } = require('../lib/next-moves');
+  const acted = [];
+  for (const move of selectedMoves) {
+    recordDecision(root, move, decision, stamp);
+    if (decision === 'approve') {
+      // Seed then claim, mirroring the loop. For a roadmap-sourced move, mark it
+      // claimed in ROADMAP so the loop and the moves list agree it is handled.
+      const seeded = seedInboxFromMove(root, move);
+      if (move.source === 'roadmap') claimRoadmapItem(root, move.title);
+      acted.push({ move, seeded });
+    } else {
+      acted.push({ move });
+    }
+  }
+  return acted;
+}
+
+function readArgValue(args, name) {
+  const i = args.indexOf(name);
+  if (i === -1) return null;
+  return args[i + 1] || '';
+}
+
+async function movesCommand(args = [], root = process.cwd()) {
+  if (args.includes('--help') || args.includes('-h') || args[0] === 'help') {
+    console.log('');
+    console.log('Usage: atris moves [--approve <id|N>] [--kill <id|N>] [--json] [--limit N]');
+    console.log('');
+    console.log('Show the next moves and steer them. Each move has a stable id; prefer it');
+    console.log('over the position number, which can shift between viewing and acting.');
+    console.log('');
+    console.log('  atris moves                  Show the 3 next moves (prompts on a terminal)');
+    console.log('  atris moves --approve <id|N> Seed that move into the loop (writes the inbox)');
+    console.log('  atris moves --kill <id|N>    Stop suggesting that move');
+    console.log('  atris moves --json           Print the moves (with ids) as JSON, no prompt');
+    console.log('  atris moves --limit N        Show N moves (default 3)');
+    console.log('');
+    return 0;
+  }
+
+  const limitArg = readArgValue(args, '--limit');
+  const limit = limitArg && !Number.isNaN(parseInt(limitArg, 10)) ? Math.max(1, parseInt(limitArg, 10)) : 3;
+  const stamp = new Date().toISOString();
+
+  const approveVal = readArgValue(args, '--approve');
+  const killVal = readArgValue(args, '--kill');
+
+  if (approveVal !== null || killVal !== null) {
+    const moves = currentMoves(root, limit);
+    const killed = applyDecision(root, resolveSelection(moves, killVal), 'kill', stamp);
+    const approved = applyDecision(root, resolveSelection(moves, approveVal), 'approve', stamp);
+    for (const a of approved) {
+      const note = a.seeded && a.seeded.alreadyPresent ? 'already in the inbox' : 'seeded into the loop';
+      console.log(`approved: ${a.move.title}  ->  ${note}`);
+    }
+    for (const k of killed) console.log(`killed: ${k.move.title}  ->  will not suggest again`);
+    if (!approved.length && !killed.length) console.log('no matching move for that id or number.');
+    return 0;
+  }
+
+  const moves = currentMoves(root, limit);
+
+  if (args.includes('--json')) {
+    console.log(JSON.stringify({ moves }, null, 2));
+    return 0;
+  }
+
+  console.log(renderMoves(moves));
+
+  // Only prompt on a real terminal, so spawned/non-interactive runs never hang.
+  if (!process.stdin.isTTY || !moves.length) return 0;
+
+  const answer = await new Promise((resolve) => {
+    const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+    rl.question('approve N, kill kN, or enter to skip: ', (a) => { rl.close(); resolve(a.trim()); });
+  });
+  if (!answer) return 0;
+
+  const killTokens = (answer.match(/k\s*\d+/gi) || []).map((t) => t.replace(/k/i, '').trim());
+  const approveTokens = answer.replace(/k\s*\d+/gi, '').trim();
+
+  const killed = applyDecision(root, resolveSelection(moves, killTokens.join(' ')), 'kill', stamp);
+  const approved = applyDecision(root, resolveSelection(moves, approveTokens), 'approve', stamp);
+  for (const a of approved) console.log(`approved: ${a.move.title}  ->  seeded into the loop`);
+  for (const k of killed) console.log(`killed: ${k.move.title}`);
+  return 0;
+}
+
+module.exports = { movesCommand, renderMoves, currentMoves, parseIndexes, resolveSelection };

package/commands/plugin.js

@@ -46,7 +46,7 @@ function generateManifest(skills, projectDir) {
     version: pkg.version || '1.0.0',
     description: `Atris workspace skills for Cowork — ${skills.length} integrations (email, calendar, slack, drive, notion, and more)`,
     author: {
-      name: typeof pkg.author === 'string' ? pkg.author : (pkg.author?.name || 'Atris Labs')
+      name: typeof pkg.author === 'string' ? pkg.author : (pkg.author?.name || 'Atris')
     },
     homepage: pkg.homepage || 'https://github.com/atrislabs/atris',
     keywords: ['atris', 'workspace', 'integrations', 'email', 'calendar', 'slack', 'notion', 'drive']

package/commands/pull.js

@@ -110,9 +110,9 @@ async function pullAtris() {
     console.log('  Local files that conflict with cloud are replaced by the cloud version.');
     console.log('');
     console.log('  atris pull                   Pull into current business workspace');
-    console.log('  atris pull doordash          Pull a business into ./doordash or --into <path>');
-    console.log('  atris pull doordash --into /tmp/doordash');
-    console.log('  atris pull doordash --only atris/wiki/');
+    console.log('  atris pull <business>         Pull a business into ./<business> or --into <path>');
+    console.log('  atris pull <business> --into /tmp/<business>');
+    console.log('  atris pull <business> --only atris/wiki/');
     console.log('  atris pull --keep-local      Preserve conflicting local edits as .remote files (legacy)');
     console.log('  atris pull --dry-run         Preview pull changes without writing local files');
     console.log('  atris pull --no-manifest     Pull for inspection without changing this machine\'s sync anchor');
@@ -249,7 +249,7 @@ async function pullBusiness(slug) {
   // correct workspace for THIS business — i.e. it has a `.atris/business.json`
   // whose slug matches `slug`. Any other signal (a stray `atris/` folder, a
   // business.json for a different business, etc.) is NOT enough: pulling
-  // atris-labs on top of another business workspace would mix two businesses into
+  // one business on top of another business workspace would mix two businesses into
   // one directory and write one manifest over the other (or vice
   // versa), causing the next sync to do strange things.
   //

package/commands/security-review.js

@@ -0,0 +1,132 @@
+// atris security-review — deterministic secrets / PII / privacy scan (no LLM).
+//
+// "Is this workspace safe to commit, publish, or hand to an autonomous loop?"
+// Answers it with facts: file:line + rule + severity. Exit 1 on a HIGH finding,
+// so it drops into the autopilot/mission/CI verification gate. `--json` emits a
+// SOC 2 evidence artifact. Scans git-tracked files by default (what is exposed
+// is what is committed), or a path you pass.
+//
+// Usage:
+//   atris security-review                 scan tracked files (default)
+//   atris security-review src/            scan a path
+//   atris security-review --staged        scan staged changes (pre-commit gate)
+//   atris security-review --json          machine output for CI / the loop
+//   atris security-review --strict        also fail on MEDIUM (PII/paths)
+//   atris security-review hook            install a pre-commit gate
+//
+// Exit code: 0 = clean, 1 = findings at/over the fail threshold, 2 = bad usage.
+
+const fs = require('fs');
+const path = require('path');
+const { runScan, RULES } = require('../lib/security-scan');
+
+const ICON = { high: '✗', medium: '!', low: '·', privacy: '✗', secret: '✗', pii: '!' };
+const SEV_ORDER = { high: 0, medium: 1, low: 2 };
+
+function securityReviewCommand(argv = []) {
+  const sub = argv[0];
+  if (sub === 'help' || argv.includes('-h') || argv.includes('--help')) return printHelp();
+  if (sub === 'rules') return printRules();
+  if (sub === 'hook' || sub === 'install-hook') return installHook();
+
+  const json = argv.includes('--json');
+  const quiet = argv.includes('--quiet');
+  const strict = argv.includes('--strict');
+  const staged = argv.includes('--staged');
+  const paths = argv.filter((a) => !a.startsWith('-') && a !== 'scan');
+  const root = process.cwd();
+
+  let result;
+  try {
+    result = runScan({ root, paths, staged });
+  } catch (e) {
+    console.error(`security-review: ${e.message}`);
+    return 2;
+  }
+
+  const { findings, counts, scanned } = result;
+  findings.sort((a, b) => (SEV_ORDER[a.sev] - SEV_ORDER[b.sev]) || a.file.localeCompare(b.file) || (a.line - b.line));
+  const failThreshold = strict ? ['high', 'medium'] : ['high'];
+  const failing = findings.filter((f) => failThreshold.includes(f.sev)).length;
+
+  if (json) {
+    console.log(JSON.stringify({
+      ok: failing === 0,
+      scanned,
+      counts,
+      fail_threshold: strict ? 'medium' : 'high',
+      findings,
+      generated_for: 'soc2-evidence',
+    }, null, 2));
+    return failing ? 1 : 0;
+  }
+
+  if (!quiet) {
+    console.log('\n  ◉ atris security review');
+    if (!findings.length) {
+      console.log(`\n  ✓ clean — no secrets, PII, or sensitive files in ${scanned} tracked file${scanned === 1 ? '' : 's'}\n`);
+      return 0;
+    }
+    console.log('');
+    const w = Math.max(...findings.map((f) => `${f.file}${f.line ? ':' + f.line : ''}`.length));
+    for (const f of findings) {
+      const loc = `${f.file}${f.line ? ':' + f.line : ''}`.padEnd(w);
+      console.log(`  ${ICON[f.sev] || '·'} ${f.sev.toUpperCase().padEnd(6)} ${loc}  ${f.rule.padEnd(22)} ${f.why}`);
+    }
+  }
+  console.log(`\n  ${counts.high || 0} high · ${counts.medium || 0} medium · ${counts.low || 0} low across ${scanned} file${scanned === 1 ? '' : 's'}`);
+  if (failing) {
+    console.log(`  ${failing} finding${failing === 1 ? '' : 's'} at/over the ${strict ? 'MEDIUM' : 'HIGH'} threshold · exit 1`);
+    console.log('  fix or suppress (trailing `atris-allow-secret`), then re-run.\n');
+  } else {
+    console.log(`  no findings at the ${strict ? 'MEDIUM' : 'HIGH'} threshold · exit 0\n`);
+  }
+  return failing ? 1 : 0;
+}
+
+function printRules() {
+  console.log('\n  atris security-review — deterministic rules:\n');
+  for (const r of RULES) console.log(`  ${r.sev.toUpperCase().padEnd(6)} ${r.cat.padEnd(8)} ${r.id.padEnd(22)} ${r.why}`);
+  console.log(`\n  ${RULES.length} rules + tracked-sensitive-file check. Suppress a line with a trailing \`atris-allow-secret\`.\n`);
+  return 0;
+}
+
+function installHook() {
+  const root = process.cwd();
+  const hookDir = path.join(root, '.git', 'hooks');
+  try {
+    fs.mkdirSync(hookDir, { recursive: true });
+    const hookPath = path.join(hookDir, 'pre-commit');
+    const marker = '# atris security gate';
+    let content = '';
+    try { content = fs.readFileSync(hookPath, 'utf8'); } catch {}
+    if (content.includes(marker)) { console.log(`\n  already installed: ${path.relative(root, hookPath)}\n`); return 0; }
+    if (!content) content = '#!/bin/sh\n';
+    if (!content.endsWith('\n')) content += '\n';
+    content += `\n${marker}\nif command -v atris >/dev/null 2>&1; then atris security-review --staged --quiet || exit 1; fi\n`;
+    fs.writeFileSync(hookPath, content);
+    fs.chmodSync(hookPath, 0o755);
+    console.log(`\n  ✓ security pre-commit gate installed: ${path.relative(root, hookPath)}\n    every commit now runs: atris security-review --staged\n`);
+    return 0;
+  } catch (e) { console.error(`  ${e.message}`); return 2; }
+}
+
+function printHelp() {
+  console.log(`
+  atris security-review — deterministic secrets / PII / privacy scan (no LLM)
+
+    atris security-review            scan git-tracked files (default)
+    atris security-review <path>     scan a file or dir
+    atris security-review --staged   scan staged changes (pre-commit gate)
+    atris security-review --strict   also fail on MEDIUM (PII / personal paths)
+    atris security-review --json     machine output / SOC 2 evidence artifact
+    atris security-review rules       list the active detectors
+    atris security-review hook        install a pre-commit gate
+
+  Scans for hardcoded secrets, API keys, personal data, and tracked sensitive
+  files. exit 0 = clean, 1 = found. Wire into the autopilot/mission gate and CI.
+`);
+  return 0;
+}
+
+module.exports = { securityReviewCommand };

package/commands/signup.js

@@ -0,0 +1,101 @@
+// atris signup <handle>
+//
+// One-call seedless agent signup. A brand-new agent with no account hits
+// POST /api/auth/agent/signup (unauthenticated) and gets back a real, INERT
+// Atris identity + token, then we write the active profile so `atris play`
+// works on the very next command. This closes the install -> signup -> play
+// seam: `npm i -g atris && atris signup x && atris play`.
+//
+// The account is born inert by design (0 credits, no executing agent, external
+// mail paid-gated) — identity is free, capability is earned via AgentXP.
+// Backend: backend/routers/agent_auth_router.py (POST /auth/agent/signup).
+
+const crypto = require('crypto');
+const { apiRequestJson, getApiBaseUrl } = require('../utils/api');
+const { saveCredentials } = require('../utils/auth');
+
+// Mirror the server rule exactly (^[a-z0-9]{3,30}$) so we fail fast and friendly
+// before spending a network round trip / a rate-limit slot.
+const HANDLE_RE = /^[a-z0-9]{3,30}$/;
+
+// Proof-of-work — mirror the server (agent_auth_router.py). The signup endpoint
+// requires a nonce whose sha256(prefix:handle:bucket:nonce) has DIFFICULTY_BITS
+// leading zero bits. Bucket = current 5-min window. Solved locally (~1s) so
+// signup stays a single call; this is the cost that makes mass-minting expensive.
+const POW_PREFIX = 'atris-signup-v1';
+const POW_WINDOW_S = 300;
+const POW_DIFFICULTY_BITS = 20;
+
+function solvePow(handle) {
+  const bucket = Math.floor(Date.now() / 1000 / POW_WINDOW_S);
+  const fullBytes = Math.floor(POW_DIFFICULTY_BITS / 8);
+  const remBits = POW_DIFFICULTY_BITS % 8;
+  for (let n = 0; ; n++) {
+    const d = crypto.createHash('sha256').update(`${POW_PREFIX}:${handle}:${bucket}:${n}`).digest();
+    let ok = true;
+    for (let i = 0; i < fullBytes; i++) { if (d[i] !== 0) { ok = false; break; } }
+    if (ok && remBits && (d[fullBytes] >> (8 - remBits)) !== 0) ok = false;
+    if (ok) return String(n);
+  }
+}
+
+function parseHandle(args = []) {
+  const positional = args.find((a) => a && !a.startsWith('-'));
+  return (positional || '').trim().toLowerCase();
+}
+
+async function signupCommand(args = []) {
+  const handle = parseHandle(args);
+
+  if (!handle) {
+    console.error('Usage: atris signup <handle>');
+    console.error('  handle: 3–30 characters, lowercase letters and digits only.');
+    return 1;
+  }
+  if (!HANDLE_RE.test(handle)) {
+    console.error(`✗ Invalid handle "${handle}".`);
+    console.error('  Must be 3–30 characters, lowercase letters and digits (a–z, 0–9). No spaces or symbols.');
+    return 1;
+  }
+
+  console.log(`Claiming @${handle} … (solving proof-of-work)`);
+  const pow = solvePow(handle);
+
+  const res = await apiRequestJson('/auth/agent/signup', {
+    method: 'POST',
+    body: { handle, pow },
+  });
+
+  if (res.ok && res.data && res.data.token) {
+    const { token, email, user_id: userId } = res.data;
+    const identity = email || `${handle}@atrismail.com`;
+    saveCredentials(token, null, identity, userId || null, 'atrisos');
+    console.log(`\n✓ You're in — ${identity}`);
+    console.log('  Inert starter account (0 credits): identity is free, capability is earned.');
+    console.log('  Saved to your active profile.');
+    console.log('\nNext:');
+    console.log('  atris play     # claim a starter mission and earn your first proof-backed rep');
+    console.log('  atris xp       # see where you stand on the board');
+    return 0;
+  }
+
+  // Friendly, actionable errors — no stack traces for expected cases.
+  if (res.status === 409) {
+    console.error(`✗ "${handle}" is already taken or reserved. Try a different handle.`);
+    return 1;
+  }
+  if (res.status === 429) {
+    console.error('✗ Too many signups right now. Wait a minute and try again.');
+    return 1;
+  }
+  if (res.status === 404) {
+    console.error('✗ Seedless signup isn’t available on this backend yet.');
+    console.error('  Use `atris login` for now, or try again after the next deploy.');
+    return 1;
+  }
+  console.error(`✗ Signup failed: ${res.error || 'unknown error'} (status ${res.status}).`);
+  console.error(`  API: ${getApiBaseUrl()}`);
+  return 1;
+}
+
+module.exports = { signupCommand, parseHandle, HANDLE_RE };

package/commands/task.js

@@ -616,7 +616,6 @@ function readGoalSources(root = process.cwd()) {
   const candidates = [
     path.join(root, 'atris', 'goals.md'),
     path.join(root, 'goals.md'),
-    path.join(root, 'atris', 'wiki', 'concepts', 'atris-labs-goals.md'),
   ];
   for (const file of candidates) {
     if (!fs.existsSync(file)) continue;

package/lib/clarity.js

@@ -0,0 +1,97 @@
+'use strict';
+
+// The clarity interview. The front door of the product: draw out how the human
+// works, write it down once, and let every agent read it so they prompt
+// themselves well. A small, high-signal profile, not a survey.
+
+const fs = require('fs');
+const path = require('path');
+
+// One or two ideas at a time, plain English. Each answer is free text; the
+// parenthetical is a nudge, not a fixed menu.
+const QUESTIONS = [
+  { key: 'focus', q: 'what are you building, and who is it for?' },
+  { key: 'voice', q: 'how should output sound? (plain, terse, warm, formal)' },
+  { key: 'cadence', q: 'how do you like to work? (one idea at a time, batch, overnight autonomous)' },
+  { key: 'done', q: 'what does "done" mean to you? (tests green, shipped, you reviewed it)' },
+  { key: 'leash', q: 'how much should agents do without asking? (ask first, proceed and report, full auto)' },
+];
+
+const KEYS = QUESTIONS.map((x) => x.key);
+
+function isEmptyProfile(profile) {
+  return !profile || !KEYS.some((k) => profile[k]);
+}
+
+function renderClarityMd(profile = {}) {
+  const labels = {
+    focus: 'Focus',
+    voice: 'Voice',
+    cadence: 'Cadence',
+    done: 'Done means',
+    leash: 'Leash',
+  };
+  const lines = [
+    '# Clarity profile',
+    '',
+    'How the operator works. Agents read this to prompt themselves well,',
+    'so the human does not have to repeat themselves.',
+    '',
+  ];
+  for (const key of KEYS) {
+    if (profile[key]) lines.push(`- ${labels[key]}: ${profile[key]}`);
+  }
+  if (isEmptyProfile(profile)) {
+    lines.push('- (not set yet, run `atris clarity` to fill this in)');
+  }
+  lines.push('');
+  if (profile.updated_at) lines.push(`Updated: ${profile.updated_at}`);
+  lines.push('');
+  return lines.join('\n');
+}
+
+function profilePaths(root = process.cwd()) {
+  return {
+    json: path.join(root, '.atris', 'clarity.json'),
+    md: path.join(root, 'atris', 'CLARITY.md'),
+  };
+}
+
+function readProfile(root = process.cwd()) {
+  const { json } = profilePaths(root);
+  try {
+    return JSON.parse(fs.readFileSync(json, 'utf8'));
+  } catch {
+    return {};
+  }
+}
+
+function writeProfile(root, profile) {
+  const { json, md } = profilePaths(root);
+  fs.mkdirSync(path.dirname(json), { recursive: true });
+  fs.mkdirSync(path.dirname(md), { recursive: true });
+  fs.writeFileSync(json, `${JSON.stringify(profile, null, 2)}\n`, 'utf8');
+  fs.writeFileSync(md, renderClarityMd(profile), 'utf8');
+  return { json, md };
+}
+
+// Merge new answers over an existing profile (so --set is incremental).
+function mergeProfile(existing, answers, stamp) {
+  const merged = { ...existing };
+  for (const key of KEYS) {
+    if (typeof answers[key] === 'string' && answers[key].trim()) merged[key] = answers[key].trim();
+  }
+  merged.updated_at = stamp || merged.updated_at || null;
+  return merged;
+}
+
+module.exports = {
+  QUESTIONS,
+  KEYS,
+  mergeProfile,
+  isEmptyProfile,
+  renderClarityMd,
+  profilePaths,
+  readProfile,
+  writeProfile,
+};