nemoris 0.1.0 → 0.1.2

package/src/memory/write-policy.js

@@ -1,36 +1,36 @@
-export function evaluateDurableWrite(candidate, policy, writesThisRun = 0) {
-  const reasons = [];
-
-  if (!policy?.allow_durable_writes) {
-    reasons.push("durable writes disabled");
-  }
-
-  if (policy?.max_writes_per_run != null && writesThisRun >= policy.max_writes_per_run) {
-    reasons.push("write budget exhausted");
-  }
-
-  const category = candidate.category || "unknown";
-  const allowed = policy?.categories?.allowed;
-  const blocked = policy?.categories?.blocked || [];
-
-  if (Array.isArray(allowed) && !allowed.includes(category)) {
-    reasons.push(`category not allowed: ${category}`);
-  }
-
-  if (blocked.includes(category)) {
-    reasons.push(`category blocked: ${category}`);
-  }
-
-  if (policy?.require_source_reference && (!candidate.sourceRefs || candidate.sourceRefs.length === 0)) {
-    reasons.push("source reference required");
-  }
-
-  if (policy?.require_write_reason && !candidate.reason) {
-    reasons.push("write reason required");
-  }
-
-  return {
-    accepted: reasons.length === 0,
-    reasons
-  };
-}
+export function evaluateDurableWrite(candidate, policy, writesThisRun = 0) {
+  const reasons = [];
+
+  if (!policy?.allow_durable_writes) {
+    reasons.push("durable writes disabled");
+  }
+
+  if (policy?.max_writes_per_run != null && writesThisRun >= policy.max_writes_per_run) {
+    reasons.push("write budget exhausted");
+  }
+
+  const category = candidate.category || "unknown";
+  const allowed = policy?.categories?.allowed;
+  const blocked = policy?.categories?.blocked || [];
+
+  if (Array.isArray(allowed) && !allowed.includes(category)) {
+    reasons.push(`category not allowed: ${category}`);
+  }
+
+  if (blocked.includes(category)) {
+    reasons.push(`category blocked: ${category}`);
+  }
+
+  if (policy?.require_source_reference && (!candidate.sourceRefs || candidate.sourceRefs.length === 0)) {
+    reasons.push("source reference required");
+  }
+
+  if (policy?.require_write_reason && !candidate.reason) {
+    reasons.push("write reason required");
+  }
+
+  return {
+    accepted: reasons.length === 0,
+    reasons
+  };
+}

package/src/onboarding/aliases.js

@@ -1,33 +1,33 @@
-/**
- * CLI command alias resolver.
- *
- * resolveAlias(command, args) returns the resolved args array for known
- * aliases, or null for unknown commands.
- *
- * Real command handlers in cli-main.js now own start/stop/logs/restart.
- * This alias layer only maps legacy convenience shorthands.
- */
-
-/**
- * @param {string} command
- * @param {string[]} args
- * @returns {string[] | null}
- */
-export function resolveAlias(command, args) {
-  switch (command) {
-    case "status":
-      return ["runtime-status"];
-
-    case "run": {
-      const [jobName, ...rest] = args;
-      if (!jobName) return ["execute-job", "provider"];
-      return ["execute-job", jobName, "provider", ...rest];
-    }
-
-    case "runs":
-      return ["review-runs", "10"];
-
-    default:
-      return null;
-  }
-}
+/**
+ * CLI command alias resolver.
+ *
+ * resolveAlias(command, args) returns the resolved args array for known
+ * aliases, or null for unknown commands.
+ *
+ * Real command handlers in cli-main.js now own start/stop/logs/restart.
+ * This alias layer only maps legacy convenience shorthands.
+ */
+
+/**
+ * @param {string} command
+ * @param {string[]} args
+ * @returns {string[] | null}
+ */
+export function resolveAlias(command, args) {
+  switch (command) {
+    case "status":
+      return ["runtime-status"];
+
+    case "run": {
+      const [jobName, ...rest] = args;
+      if (!jobName) return ["execute-job", "provider"];
+      return ["execute-job", jobName, "provider", ...rest];
+    }
+
+    case "runs":
+      return ["review-runs", "10"];
+
+    default:
+      return null;
+  }
+}

package/src/onboarding/auth/api-key.js

@@ -1,224 +1,224 @@
-/**
- * Auth handlers: API key detection, validation, .env writing, and provider resolution.
- */
-
-import fs from "node:fs";
-import path from "node:path";
-import os from "node:os";
-import { buildAnthropicAuthHeaders } from "../../providers/anthropic.js";
-import { resolveInstallDir } from "../../auth/auth-profiles.js";
-
-// Env var names for each provider
-const ENV_VAR_MAP = {
-  anthropic: ["NEMORIS_ANTHROPIC_API_KEY", "ANTHROPIC_API_KEY"],
-  openai: ["NEMORIS_OPENAI_API_KEY", "OPENAI_API_KEY"],
-  openrouter: ["OPENROUTER_API_KEY"],
-};
-
-// Default paths to search for .env files (in priority order)
-function defaultSearchPaths() {
-  const installDir = resolveInstallDir();
-  return [
-    path.join(installDir, ".env"),
-    path.join(os.homedir(), ".nemoris", ".env"),
-    path.join(os.homedir(), ".openclaw", ".env"),
-  ];
-}
-
-/**
- * Parse a .env file into a key/value map.
- * Handles lines of the form KEY=value, ignoring comments and blank lines.
- *
- * @param {string} filePath
- * @returns {Record<string, string>}
- */
-function parseEnvFile(filePath) {
-  try {
-    const content = fs.readFileSync(filePath, "utf8");
-    const result = {};
-    for (const line of content.split(/\r?\n/)) {
-      const trimmed = line.trim();
-      if (!trimmed || trimmed.startsWith("#")) continue;
-      const eqIdx = trimmed.indexOf("=");
-      if (eqIdx === -1) continue;
-      const key = trimmed.slice(0, eqIdx).trim();
-      const value = trimmed.slice(eqIdx + 1).trim();
-      if (key) result[key] = value;
-    }
-    return result;
-  } catch {
-    return {};
-  }
-}
-
-/**
- * Detect existing API keys from environment variables and optional .env file search paths.
- * Environment variables take priority over file values.
- *
- * @param {object} [options]
- * @param {string[]} [options.searchPaths] - Ordered list of .env file paths to check
- * @returns {{ anthropic: string|null, openai: string|null, openrouter: string|null }}
- */
-export function detectExistingKeys({ searchPaths } = {}) {
-  const paths = searchPaths ?? defaultSearchPaths();
-  const fileEnv = {};
-  for (let i = paths.length - 1; i >= 0; i--) {
-    const parsed = parseEnvFile(paths[i]);
-    Object.assign(fileEnv, parsed);
-  }
-
-  const result = {};
-  for (const [provider, envVars] of Object.entries(ENV_VAR_MAP)) {
-    result[provider] = null;
-    for (const envVar of envVars) {
-      const value = process.env[envVar] || fileEnv[envVar] || null;
-      if (value) {
-        result[provider] = value;
-        break;
-      }
-    }
-  }
-  return result;
-}
-
-export function validateApiKeyFormat(provider, key) {
-  const token = String(key || "").trim();
-  if (!token) {
-    return { ok: false, error: "missing token" };
-  }
-
-  const rules = {
-    anthropic: {
-      prefixes: ["sk-ant-oat-", "sk-ant-api-", "sk-ant-"],
-      minLength: 16,
-      label: "Anthropic token"
-    },
-    openai: {
-      prefixes: ["sk-"],
-      minLength: 12,
-      label: "OpenAI API key"
-    },
-    openrouter: {
-      prefixes: ["sk-or-"],
-      minLength: 12,
-      label: "OpenRouter API key"
-    }
-  };
-
-  const rule = rules[provider];
-  if (!rule) {
-    return { ok: true };
-  }
-
-  if (!rule.prefixes.some((prefix) => token.startsWith(prefix))) {
-    return {
-      ok: false,
-      error: `${rule.label} must start with ${rule.prefixes.join(" or ")}`
-    };
-  }
-
-  if (token.length < rule.minLength) {
-    return {
-      ok: false,
-      error: `${rule.label} looks too short`
-    };
-  }
-
-  return { ok: true };
-}
-
-/**
- * Validate an API key against a provider's health endpoint.
- * Ollama is not validated here (no auth needed) — use ollama-detect.js instead.
- *
- * @param {"anthropic"|"openai"|"openrouter"} provider
- * @param {string} key
- * @param {object} [options]
- * @param {Function} [options.fetchImpl]
- * @returns {Promise<{ ok: boolean, status?: number, error?: string }>}
- */
-export async function validateApiKey(provider, key, options = {}) {
-  if (provider === "ollama") {
-    return { ok: true };
-  }
-
-  const fetch = options.fetchImpl || globalThis.fetch;
-  const providerTargets = {
-    anthropic: {
-      url: "https://api.anthropic.com/v1/messages/count_tokens",
-      method: "POST",
-      headers: {
-        "content-type": "application/json",
-        ...buildAnthropicAuthHeaders(key)
-      },
-      body: JSON.stringify({
-        model: "claude-haiku-4-5",
-        messages: [{ role: "user", content: "ping" }]
-      })
-    },
-    openai: {
-      url: "https://api.openai.com/v1/models",
-      method: "GET",
-      headers: {
-        Authorization: `Bearer ${key}`
-      }
-    },
-    openrouter: {
-      url: "https://openrouter.ai/api/v1/models",
-      method: "GET",
-      headers: {
-        Authorization: `Bearer ${key}`
-      }
-    }
-  };
-
-  const target = providerTargets[provider];
-  if (!target) {
-    throw new Error(`Unknown provider: ${provider}`);
-  }
-
-  try {
-    const response = await fetch(target.url, {
-      method: target.method,
-      headers: target.headers,
-      body: target.body,
-      signal: AbortSignal.timeout(10000)
-    });
-    return {
-      ok: response.ok,
-      status: response.status
-    };
-  } catch (error) {
-    return { ok: false, error: error.message };
-  }
-}
-
-/**
- * Write or merge keys into an .env file at installDir/.env.
- * Existing keys not being overwritten are preserved.
- *
- * @param {string} installDir - Directory where .env will be written
- * @param {Record<string, string>} keys - Key/value pairs to write
- */
-export function writeEnvFile(installDir, keys) {
-  const envPath = path.join(installDir, ".env");
-  const existing = parseEnvFile(envPath);
-  const merged = { ...existing, ...keys };
-  const lines = Object.entries(merged).map(([k, v]) => `${k}=${v}`);
-  fs.writeFileSync(envPath, lines.join("\n") + "\n", { encoding: "utf8", mode: 0o600 });
-}
-
-/**
- * Determine which provider IDs to generate TOML configs for based on available keys.
- *
- * @param {{ anthropic?: string|null, openrouter?: string|null, openai?: string|null, ollama?: boolean }} keys
- * @returns {string[]} Array of provider IDs (e.g. ["anthropic", "openrouter", "ollama"])
- */
-export function resolveProviders(keys) {
-  const providers = [];
-  if (keys.anthropic) providers.push("anthropic");
-  if (keys.openrouter) providers.push("openrouter");
-  if (keys.openai) providers.push("openai");
-  if (keys.ollama) providers.push("ollama");
-  return providers;
-}
+/**
+ * Auth handlers: API key detection, validation, .env writing, and provider resolution.
+ */
+
+import fs from "node:fs";
+import path from "node:path";
+import os from "node:os";
+import { buildAnthropicAuthHeaders } from "../../providers/anthropic.js";
+import { resolveInstallDir } from "../../auth/auth-profiles.js";
+
+// Env var names for each provider
+const ENV_VAR_MAP = {
+  anthropic: ["NEMORIS_ANTHROPIC_API_KEY", "ANTHROPIC_API_KEY"],
+  openai: ["NEMORIS_OPENAI_API_KEY", "OPENAI_API_KEY"],
+  openrouter: ["OPENROUTER_API_KEY"],
+};
+
+// Default paths to search for .env files (in priority order)
+function defaultSearchPaths() {
+  const installDir = resolveInstallDir();
+  return [
+    path.join(installDir, ".env"),
+    path.join(os.homedir(), ".nemoris", ".env"),
+    path.join(os.homedir(), ".openclaw", ".env"),
+  ];
+}
+
+/**
+ * Parse a .env file into a key/value map.
+ * Handles lines of the form KEY=value, ignoring comments and blank lines.
+ *
+ * @param {string} filePath
+ * @returns {Record<string, string>}
+ */
+function parseEnvFile(filePath) {
+  try {
+    const content = fs.readFileSync(filePath, "utf8");
+    const result = {};
+    for (const line of content.split(/\r?\n/)) {
+      const trimmed = line.trim();
+      if (!trimmed || trimmed.startsWith("#")) continue;
+      const eqIdx = trimmed.indexOf("=");
+      if (eqIdx === -1) continue;
+      const key = trimmed.slice(0, eqIdx).trim();
+      const value = trimmed.slice(eqIdx + 1).trim();
+      if (key) result[key] = value;
+    }
+    return result;
+  } catch {
+    return {};
+  }
+}
+
+/**
+ * Detect existing API keys from environment variables and optional .env file search paths.
+ * Environment variables take priority over file values.
+ *
+ * @param {object} [options]
+ * @param {string[]} [options.searchPaths] - Ordered list of .env file paths to check
+ * @returns {{ anthropic: string|null, openai: string|null, openrouter: string|null }}
+ */
+export function detectExistingKeys({ searchPaths } = {}) {
+  const paths = searchPaths ?? defaultSearchPaths();
+  const fileEnv = {};
+  for (let i = paths.length - 1; i >= 0; i--) {
+    const parsed = parseEnvFile(paths[i]);
+    Object.assign(fileEnv, parsed);
+  }
+
+  const result = {};
+  for (const [provider, envVars] of Object.entries(ENV_VAR_MAP)) {
+    result[provider] = null;
+    for (const envVar of envVars) {
+      const value = process.env[envVar] || fileEnv[envVar] || null;
+      if (value) {
+        result[provider] = value;
+        break;
+      }
+    }
+  }
+  return result;
+}
+
+export function validateApiKeyFormat(provider, key) {
+  const token = String(key || "").trim();
+  if (!token) {
+    return { ok: false, error: "missing token" };
+  }
+
+  const rules = {
+    anthropic: {
+      prefixes: ["sk-ant-oat-", "sk-ant-api-", "sk-ant-"],
+      minLength: 16,
+      label: "Anthropic token"
+    },
+    openai: {
+      prefixes: ["sk-"],
+      minLength: 12,
+      label: "OpenAI API key"
+    },
+    openrouter: {
+      prefixes: ["sk-or-"],
+      minLength: 12,
+      label: "OpenRouter API key"
+    }
+  };
+
+  const rule = rules[provider];
+  if (!rule) {
+    return { ok: true };
+  }
+
+  if (!rule.prefixes.some((prefix) => token.startsWith(prefix))) {
+    return {
+      ok: false,
+      error: `${rule.label} must start with ${rule.prefixes.join(" or ")}`
+    };
+  }
+
+  if (token.length < rule.minLength) {
+    return {
+      ok: false,
+      error: `${rule.label} looks too short`
+    };
+  }
+
+  return { ok: true };
+}
+
+/**
+ * Validate an API key against a provider's health endpoint.
+ * Ollama is not validated here (no auth needed) — use ollama-detect.js instead.
+ *
+ * @param {"anthropic"|"openai"|"openrouter"} provider
+ * @param {string} key
+ * @param {object} [options]
+ * @param {Function} [options.fetchImpl]
+ * @returns {Promise<{ ok: boolean, status?: number, error?: string }>}
+ */
+export async function validateApiKey(provider, key, options = {}) {
+  if (provider === "ollama") {
+    return { ok: true };
+  }
+
+  const fetch = options.fetchImpl || globalThis.fetch;
+  const providerTargets = {
+    anthropic: {
+      url: "https://api.anthropic.com/v1/messages/count_tokens",
+      method: "POST",
+      headers: {
+        "content-type": "application/json",
+        ...buildAnthropicAuthHeaders(key)
+      },
+      body: JSON.stringify({
+        model: "claude-haiku-4-5",
+        messages: [{ role: "user", content: "ping" }]
+      })
+    },
+    openai: {
+      url: "https://api.openai.com/v1/models",
+      method: "GET",
+      headers: {
+        Authorization: `Bearer ${key}`
+      }
+    },
+    openrouter: {
+      url: "https://openrouter.ai/api/v1/models",
+      method: "GET",
+      headers: {
+        Authorization: `Bearer ${key}`
+      }
+    }
+  };
+
+  const target = providerTargets[provider];
+  if (!target) {
+    throw new Error(`Unknown provider: ${provider}`);
+  }
+
+  try {
+    const response = await fetch(target.url, {
+      method: target.method,
+      headers: target.headers,
+      body: target.body,
+      signal: AbortSignal.timeout(10000)
+    });
+    return {
+      ok: response.ok,
+      status: response.status
+    };
+  } catch (error) {
+    return { ok: false, error: error.message };
+  }
+}
+
+/**
+ * Write or merge keys into an .env file at installDir/.env.
+ * Existing keys not being overwritten are preserved.
+ *
+ * @param {string} installDir - Directory where .env will be written
+ * @param {Record<string, string>} keys - Key/value pairs to write
+ */
+export function writeEnvFile(installDir, keys) {
+  const envPath = path.join(installDir, ".env");
+  const existing = parseEnvFile(envPath);
+  const merged = { ...existing, ...keys };
+  const lines = Object.entries(merged).map(([k, v]) => `${k}=${v}`);
+  fs.writeFileSync(envPath, lines.join("\n") + "\n", { encoding: "utf8", mode: 0o600 });
+}
+
+/**
+ * Determine which provider IDs to generate TOML configs for based on available keys.
+ *
+ * @param {{ anthropic?: string|null, openrouter?: string|null, openai?: string|null, ollama?: boolean }} keys
+ * @returns {string[]} Array of provider IDs (e.g. ["anthropic", "openrouter", "ollama"])
+ */
+export function resolveProviders(keys) {
+  const providers = [];
+  if (keys.anthropic) providers.push("anthropic");
+  if (keys.openrouter) providers.push("openrouter");
+  if (keys.openai) providers.push("openai");
+  if (keys.ollama) providers.push("ollama");
+  return providers;
+}

package/src/onboarding/auth/ollama-detect.js

@@ -1,42 +1,42 @@
-/**
- * Ollama local instance detection.
- * Probes localhost:11434/api/tags and returns model list metadata.
- */
-
-import { inspectOutboundUrl, OUTBOUND_ADDRESS_POLICY } from "../../security/ssrf-check.js";
-
-/**
- * Detect a running Ollama instance and enumerate available models.
- *
- * @param {object} [options]
- * @param {Function} [options.fetchImpl] - Injectable fetch implementation (defaults to globalThis.fetch)
- * @param {Function} [options.lookupImpl] - Injectable DNS lookup used for loopback verification
- * @returns {Promise<{ ok: boolean, modelCount: number, models: string[] }>}
- */
-export async function detectOllama({ fetchImpl, lookupImpl } = {}) {
-  const fetch = fetchImpl || globalThis.fetch;
-  const baseUrl = process.env.OLLAMA_HOST || "http://localhost:11434";
-  const url = `${baseUrl}/api/tags`;
-
-  try {
-    const inspection = await inspectOutboundUrl(url, {
-      lookupImpl,
-      addressPolicy: OUTBOUND_ADDRESS_POLICY.REQUIRE_LOOPBACK,
-      loopbackOnlyMessage: `Ollama base URL must resolve to loopback only; refusing ${url}.`,
-    });
-    if (!inspection.ok) {
-      return { ok: false, modelCount: 0, models: [], error: inspection.reason };
-    }
-    const response = await fetch(url);
-    if (!response.ok) {
-      return { ok: false, modelCount: 0, models: [] };
-    }
-    const data = await response.json();
-    const models = Array.isArray(data?.models)
-      ? data.models.map((m) => m?.name || m?.model || null).filter(Boolean)
-      : [];
-    return { ok: true, modelCount: models.length, models };
-  } catch {
-    return { ok: false, modelCount: 0, models: [] };
-  }
-}
+/**
+ * Ollama local instance detection.
+ * Probes localhost:11434/api/tags and returns model list metadata.
+ */
+
+import { inspectOutboundUrl, OUTBOUND_ADDRESS_POLICY } from "../../security/ssrf-check.js";
+
+/**
+ * Detect a running Ollama instance and enumerate available models.
+ *
+ * @param {object} [options]
+ * @param {Function} [options.fetchImpl] - Injectable fetch implementation (defaults to globalThis.fetch)
+ * @param {Function} [options.lookupImpl] - Injectable DNS lookup used for loopback verification
+ * @returns {Promise<{ ok: boolean, modelCount: number, models: string[] }>}
+ */
+export async function detectOllama({ fetchImpl, lookupImpl } = {}) {
+  const fetch = fetchImpl || globalThis.fetch;
+  const baseUrl = process.env.OLLAMA_HOST || "http://localhost:11434";
+  const url = `${baseUrl}/api/tags`;
+
+  try {
+    const inspection = await inspectOutboundUrl(url, {
+      lookupImpl,
+      addressPolicy: OUTBOUND_ADDRESS_POLICY.REQUIRE_LOOPBACK,
+      loopbackOnlyMessage: `Ollama base URL must resolve to loopback only; refusing ${url}.`,
+    });
+    if (!inspection.ok) {
+      return { ok: false, modelCount: 0, models: [], error: inspection.reason };
+    }
+    const response = await fetch(url);
+    if (!response.ok) {
+      return { ok: false, modelCount: 0, models: [] };
+    }
+    const data = await response.json();
+    const models = Array.isArray(data?.models)
+      ? data.models.map((m) => m?.name || m?.model || null).filter(Boolean)
+      : [];
+    return { ok: true, modelCount: models.length, models };
+  } catch {
+    return { ok: false, modelCount: 0, models: [] };
+  }
+}