npm - metheus-governance-mcp-cli - Versions diffs - 0.2.71 → 0.2.72 - Mend

metheus-governance-mcp-cli 0.2.71 → 0.2.72

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md +2 -1
package/cli.mjs +1 -0
package/lib/bot-commands.mjs +209 -49
package/lib/selftest-bot-commands.mjs +45 -0
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -231,7 +231,8 @@ Behavior:
 - For Telegram, the local env key is auto-generated from the matched server bot name or verified username, so you do not have to invent a separate local nickname first.
 - For Telegram, the CLI tries to match the verified bot identity against the server `me/bots` list first. If the server exposes one logical bot name with multiple roles such as `approval`, `worker`, `review`, and `monitor`, the CLI does not ask you to choose one UUID. It binds by server bot name and keeps the local role/AI fields empty so runtime can use the server bot role for each route.
 - When the Telegram username matches exactly one server bot role, the CLI still auto-fills the local `role_profile` and blank AI defaults from your local `bot-runner.json` `role_profiles` mapping.
-- `bot edit` without flags now uses the same sequential flow every time: provider -> bot entry -> username/token review -> AI field choices -> default choice -> save.
+- `bot edit` without flags now uses the same sequential flow every time: provider -> bot entry -> username/token review -> grouped server-role review when needed -> AI field choices -> default choice -> save.
+- if one server bot name maps to multiple server roles, `bot edit` keeps the Telegram env entry bound to the server identity and lets you review the local `role_profiles` for each detected role instead of forcing one role/profile UUID choice up front.
 - In the normal Telegram edit path, the CLI keeps or re-resolves the server bot binding automatically. It no longer asks you to pick `approval / worker / review / monitor` or a server bot UUID first.
 - `bot set-default` without flags starts a guided numbered flow: provider -> bot entry -> confirm default change.
 - `bot verify` without flags starts a guided numbered flow: provider -> bot entry -> output format.

package/cli.mjs CHANGED Viewed

@@ -3362,6 +3362,7 @@ function buildBotCommandDeps() {
     loadProviderEnvConfig,
     verifyLocalProviderToken,
     loadBotRunnerConfig,
+    saveBotRunnerConfig,
     listServerBots: async ({ provider, baseURL, timeoutSeconds }) => {
       const authFlowDeps = buildAuthFlowDeps();
       const resolved = resolveCurrentAccessToken(authFlowDeps);

package/lib/bot-commands.mjs CHANGED Viewed

@@ -595,6 +595,8 @@ function buildDerivedTelegramBotKey(parsedEnv, deps, preferredValues, { excludeK
 async function editTelegramBotGuided(ui, parsed, selected, current, flags, deps) {
   let serverRoleAutoResolved = "";
+  let groupedServerRoles = [];
+  let groupedServerName = "";
   if (current.serverBotID || current.__preferServerIdentity) {
     current.__preferServerIdentity = true;
     serverRoleAutoResolved = String(current.roleProfile || "").trim() || "__server_binding__";
@@ -641,9 +643,15 @@ async function editTelegramBotGuided(ui, parsed, selected, current, flags, deps)
       current.serverBotID = "";
       current.__preferServerIdentity = true;
       current.roleProfile = "";
+      current.client = "";
+      current.model = "";
+      current.permissionMode = "";
+      current.reasoningEffort = "";
       serverRoleAutoResolved = "__server_role_group__";
+      groupedServerRoles = preferredRoleSort(serverBot.roles);
+      groupedServerName = String(serverBot.name || current.username || current.key).trim();
       process.stdout.write(
-        `Using server Telegram bot "${serverBot.name || current.username || current.key}" with roles: ${ensureArray(serverBot.roles).join(", ")}. Runtime will use the server role automatically.\n`,
+        `Using server Telegram bot "${groupedServerName}" with roles: ${groupedServerRoles.join(", ")}. Runtime will use the server role automatically.\n`,
       );
     } else if (String(serverBot.botID || "").trim()) {
       current.serverBotID = String(serverBot.botID || "").trim();
@@ -672,53 +680,64 @@ async function editTelegramBotGuided(ui, parsed, selected, current, flags, deps)
     }
   }
-  const clientAction = await promptKeepChangeClear(ui, "AI client", {
-    allowClear: true,
-    defaultValue: current.client ? "keep" : "change",
-  });
-  if (clientAction === "change") {
-    current.client = requireDependency(deps, "normalizeLocalAIClientName")(
-      await promptAIClient(ui, deps, current.client),
-      "",
+  if (serverRoleAutoResolved === "__server_role_group__") {
+    await maybePromptGroupedServerRoleProfiles(
+      ui,
+      {
+        name: groupedServerName,
+        roles: groupedServerRoles,
+      },
+      deps,
     );
-  } else if (clientAction === "clear") {
-    current.client = "";
-  }
+  } else {
+    const clientAction = await promptKeepChangeClear(ui, "AI client", {
+      allowClear: true,
+      defaultValue: current.client ? "keep" : "change",
+    });
+    if (clientAction === "change") {
+      current.client = requireDependency(deps, "normalizeLocalAIClientName")(
+        await promptAIClient(ui, deps, current.client),
+        "",
+      );
+    } else if (clientAction === "clear") {
+      current.client = "";
+    }
-  const modelAction = await promptKeepChangeClear(ui, "AI model", {
-    allowClear: true,
-    defaultValue: current.model ? "keep" : "change",
-  });
-  if (modelAction === "change") {
-    current.model = await promptLine(ui, "AI model", current.model);
-  } else if (modelAction === "clear") {
-    current.model = "";
-  }
+    const modelAction = await promptKeepChangeClear(ui, "AI model", {
+      allowClear: true,
+      defaultValue: current.model ? "keep" : "change",
+    });
+    if (modelAction === "change") {
+      current.model = await promptLine(ui, "AI model", current.model);
+    } else if (modelAction === "clear") {
+      current.model = "";
+    }
-  const permissionAction = await promptKeepChangeClear(ui, "AI permission mode", {
-    allowClear: true,
-    defaultValue: current.permissionMode ? "keep" : "change",
-  });
-  if (permissionAction === "change") {
-    current.permissionMode = requireDependency(deps, "normalizeLocalAIPermissionMode")(
-      await promptPermissionMode(ui, current.permissionMode),
-      "",
-    );
-  } else if (permissionAction === "clear") {
-    current.permissionMode = "";
-  }
+    const permissionAction = await promptKeepChangeClear(ui, "AI permission mode", {
+      allowClear: true,
+      defaultValue: current.permissionMode ? "keep" : "change",
+    });
+    if (permissionAction === "change") {
+      current.permissionMode = requireDependency(deps, "normalizeLocalAIPermissionMode")(
+        await promptPermissionMode(ui, current.permissionMode),
+        "",
+      );
+    } else if (permissionAction === "clear") {
+      current.permissionMode = "";
+    }
-  const reasoningAction = await promptKeepChangeClear(ui, "AI reasoning effort", {
-    allowClear: true,
-    defaultValue: current.reasoningEffort ? "keep" : "change",
-  });
-  if (reasoningAction === "change") {
-    current.reasoningEffort = requireDependency(deps, "normalizeLocalAIReasoningEffort")(
-      await promptReasoningEffort(ui, current.reasoningEffort),
-      "",
-    );
-  } else if (reasoningAction === "clear") {
-    current.reasoningEffort = "";
+    const reasoningAction = await promptKeepChangeClear(ui, "AI reasoning effort", {
+      allowClear: true,
+      defaultValue: current.reasoningEffort ? "keep" : "change",
+    });
+    if (reasoningAction === "change") {
+      current.reasoningEffort = requireDependency(deps, "normalizeLocalAIReasoningEffort")(
+        await promptReasoningEffort(ui, current.reasoningEffort),
+        "",
+      );
+    } else if (reasoningAction === "clear") {
+      current.reasoningEffort = "";
+    }
   }
   const defaultChoice = await promptChoice(
@@ -1285,6 +1304,144 @@ function applyRoleProfileDefaults(entry, defaults, { overwrite = false } = {}) {
   }
 }
+function preferredRoleSort(roles) {
+  const order = ["monitor", "review", "worker", "approval"];
+  return ensureArray(roles).slice().sort((left, right) => {
+    const leftText = String(left || "").trim();
+    const rightText = String(right || "").trim();
+    const leftIndex = order.indexOf(leftText);
+    const rightIndex = order.indexOf(rightText);
+    if (leftIndex >= 0 && rightIndex >= 0) return leftIndex - rightIndex;
+    if (leftIndex >= 0) return -1;
+    if (rightIndex >= 0) return 1;
+    return leftText.localeCompare(rightText);
+  });
+}
+function currentRoleProfileState(roleName, deps) {
+  const normalizedRole = requireDependency(deps, "normalizeRunnerRoleProfileName")(roleName || "");
+  const defaults = resolveRoleProfileDefaults(normalizedRole, deps);
+  const config = requireDependency(deps, "loadBotRunnerConfig")({ persistIfNeeded: true });
+  const profile = safeObject(safeObject(config.roleProfiles || {})[normalizedRole]);
+  return {
+    role: normalizedRole,
+    client: requireDependency(deps, "normalizeLocalAIClientName")(profile.client || defaults.client || "", ""),
+    model: String(profile.model || defaults.model || "").trim(),
+    permissionMode: requireDependency(deps, "normalizeLocalAIPermissionMode")(
+      profile.permission_mode || profile.permissionMode || defaults.permissionMode || "",
+      "",
+    ),
+    reasoningEffort: requireDependency(deps, "normalizeLocalAIReasoningEffort")(
+      profile.reasoning_effort || profile.reasoningEffort || defaults.reasoningEffort || "",
+      "",
+    ),
+  };
+}
+function formatRoleProfileSummary(profile) {
+  const current = safeObject(profile);
+  return [
+    current.client ? `client:${current.client}` : "client:(blank)",
+    current.model ? `model:${current.model}` : "model:(blank)",
+    current.permissionMode ? `permission:${current.permissionMode}` : "permission:(blank)",
+    current.reasoningEffort ? `reasoning:${current.reasoningEffort}` : "reasoning:(blank)",
+  ].join(" | ");
+}
+function persistRoleProfileState(profile, deps) {
+  const current = safeObject(profile);
+  const role = requireDependency(deps, "normalizeRunnerRoleProfileName")(current.role || "");
+  if (!role) return null;
+  const config = requireDependency(deps, "loadBotRunnerConfig")({ persistIfNeeded: true });
+  const nextRoleProfiles = {
+    ...safeObject(config.roleProfiles || {}),
+    [role]: {
+      client: String(current.client || "").trim(),
+      model: String(current.model || "").trim(),
+      permission_mode: String(current.permissionMode || "").trim(),
+      reasoning_effort: String(current.reasoningEffort || "").trim(),
+    },
+  };
+  const nextConfig = {
+    ...config,
+    roleProfiles: nextRoleProfiles,
+  };
+  return requireDependency(deps, "saveBotRunnerConfig")(nextConfig, config.filePath);
+}
+async function promptRoleExecutionProfile(ui, roleName, deps) {
+  const current = currentRoleProfileState(roleName, deps);
+  const action = await promptChoice(
+    ui,
+    `Role "${current.role}" local execution profile`,
+    [
+      {
+        value: "keep",
+        label: "Keep current settings",
+        description: formatRoleProfileSummary(current),
+      },
+      {
+        value: "edit",
+        label: "Edit settings",
+        description: "change AI client, model, permission, and reasoning",
+      },
+    ],
+    { defaultIndex: 0 },
+  );
+  if (action?.value !== "edit") {
+    return { changed: false, filePath: "" };
+  }
+  current.client = requireDependency(deps, "normalizeLocalAIClientName")(
+    await promptAIClient(ui, deps, current.client),
+    "",
+  );
+  current.model = await promptLine(ui, `AI model for role "${current.role}"`, current.model);
+  current.permissionMode = requireDependency(deps, "normalizeLocalAIPermissionMode")(
+    await promptPermissionMode(ui, current.permissionMode),
+    "",
+  );
+  current.reasoningEffort = requireDependency(deps, "normalizeLocalAIReasoningEffort")(
+    await promptReasoningEffort(ui, current.reasoningEffort),
+    "",
+  );
+  const filePath = persistRoleProfileState(current, deps);
+  if (filePath) {
+    process.stdout.write(`Saved local execution profile for role "${current.role}" to ${filePath}\n`);
+  }
+  return { changed: true, filePath };
+}
+async function maybePromptGroupedServerRoleProfiles(ui, serverBot, deps) {
+  const roles = preferredRoleSort(ensureArray(serverBot?.roles).filter(Boolean));
+  if (roles.length <= 1) {
+    return false;
+  }
+  const editChoice = await promptChoice(
+    ui,
+    `Server bot "${String(serverBot?.name || "").trim() || "telegram"}" uses multiple roles. What should happen to the local execution settings?`,
+    [
+      {
+        value: "keep",
+        label: "Keep current role settings",
+        description: "use the existing role_profiles defaults as-is",
+      },
+      {
+        value: "review",
+        label: "Review role settings",
+        description: "check each role and change AI client/model/permission/reasoning when needed",
+      },
+    ],
+    { defaultIndex: 0 },
+  );
+  if (editChoice?.value !== "review") {
+    return false;
+  }
+  for (const role of roles) {
+    await promptRoleExecutionProfile(ui, role, deps);
+  }
+  return true;
+}
 function buildTemporaryTelegramEnvConfig({ token, apiBaseURL }) {
   return {
     ok: true,
@@ -1300,8 +1457,11 @@ async function verifyTelegramTokenCandidate(provider, token, apiBaseURL, timeout
 async function autoResolveTelegramServerBot(current, flags, deps) {
   const existingBotID = String(current?.serverBotID || "").trim();
-  const preferredUsername = String(current?.username || "").trim();
-  if (!preferredUsername) {
+  const preferredIdentity = firstNonEmptyString([
+    current?.username,
+    current?.key,
+  ]);
+  if (!preferredIdentity) {
     return {
       botID: existingBotID,
       role: String(current?.roleProfile || "").trim(),
@@ -1314,14 +1474,14 @@ async function autoResolveTelegramServerBot(current, flags, deps) {
     return await resolveServerBotForNonInteractive(
       "telegram",
       {
-        "bot-name": preferredUsername,
+        "bot-name": preferredIdentity,
         "base-url": flags["base-url"] || deps.defaultSiteURL,
         "timeout-seconds": intFromRaw(flags["timeout-seconds"], 15) || 15,
       },
       deps,
       {
-        preferredUsername,
-        preferredName: preferredUsername,
+        preferredUsername: preferredIdentity,
+        preferredName: preferredIdentity,
       },
     );
   } catch {

package/lib/selftest-bot-commands.mjs CHANGED Viewed

@@ -341,6 +341,51 @@ export async function runSelftestBotCommands(push, deps) {
           && String(groupedState.TELEGRAM_BOT_RYOAI_BOT_AI_PERMISSION_MODE || "") === "",
         `username=${String(groupedState.TELEGRAM_BOT_RYOAI_BOT_USERNAME || "")} server_bot_id=${String(groupedState.TELEGRAM_BOT_RYOAI_BOT_SERVER_BOT_ID || "")} role=${String(groupedState.TELEGRAM_BOT_RYOAI_BOT_ROLE_PROFILE || "")}`,
       );
+      await runCLI({
+        cliPath,
+        args: [
+          "bot", "edit",
+          "--base-url", `http://127.0.0.1:${groupedMock.port}`,
+          "--timeout-seconds", "5",
+        ],
+        env: {
+          ...env,
+          METHEUS_SCRIPTED_PROMPT_ANSWERS: JSON.stringify([
+            "1", // provider: telegram
+            "2", // bot entry: ryoai_bot
+            "1", // keep username
+            "1", // keep token
+            "2", // review grouped server role settings
+            "1", // monitor: keep current role profile settings
+            "1", // review: keep current role profile settings
+            "2", // worker: edit settings
+            "3", // worker AI client: claude
+            "worker-sonnet-4",
+            "4", // worker permission: danger_full_access
+            "4", // worker reasoning: high
+            "2", // approval: edit settings
+            "4", // approval AI client: gemini
+            "approval-pro-2",
+            "4", // approval permission: danger_full_access
+            "4", // approval reasoning: high
+            "1", // keep current default setting
+            "y", // save
+          ]),
+        },
+      });
+      const groupedRunnerConfigPath = path.join(tempHome, ".metheus", "bot-runner.json");
+      const groupedRunnerConfig = readJSON(fs.readFileSync(groupedRunnerConfigPath, "utf8"));
+      push(
+        "bot_edit_grouped_server_roles_updates_role_profiles",
+        String(safeObject(safeObject(groupedRunnerConfig.role_profiles || {}).worker).client || "") === "claude"
+          && String(safeObject(safeObject(groupedRunnerConfig.role_profiles || {}).worker).model || "") === "worker-sonnet-4"
+          && String(safeObject(safeObject(groupedRunnerConfig.role_profiles || {}).worker).permission_mode || "") === "danger_full_access"
+          && String(safeObject(safeObject(groupedRunnerConfig.role_profiles || {}).worker).reasoning_effort || "") === "high"
+          && String(safeObject(safeObject(groupedRunnerConfig.role_profiles || {}).approval).client || "") === "gemini"
+          && String(safeObject(safeObject(groupedRunnerConfig.role_profiles || {}).approval).model || "") === "approval-pro-2",
+        `worker=${JSON.stringify(safeObject(safeObject(groupedRunnerConfig.role_profiles || {}).worker))} approval=${JSON.stringify(safeObject(safeObject(groupedRunnerConfig.role_profiles || {}).approval))}`,
+      );
     } finally {
       await groupedMock.close();
       await runCLI({

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "metheus-governance-mcp-cli",
-  "version": "0.2.71",
+  "version": "0.2.72",
   "description": "Metheus Governance MCP CLI (setup + stdio proxy)",
   "type": "module",
   "files": [