nemoris 0.1.1 → 0.1.2

package/README.md

@@ -184,7 +184,7 @@ Requires Node.js >= 22.
 git clone https://github.com/amzer24/nemoris.git
 cd nemoris
 npm install
-npm test           # 1179 tests
+npm test           # 1403 tests
 npm run test:e2e   # End-to-end tests
 ```
 

package/SECURITY.md

@@ -38,6 +38,22 @@ We follow responsible disclosure practices. If you report a vulnerability:
 - We will credit you in the release notes (unless you prefer anonymity)
 - We will coordinate disclosure timing with you
 
+## Deployment Boundaries
+
+Nemoris is a single operator, single-user runtime designed to run on your own machine.
+
+It is not designed to be:
+
+- a hardened multi-tenant sandbox
+- a public-facing web service
+- a shared server runtime
+
+For recovery procedures, see [docs/RECOVERY-FLOWS.md](docs/RECOVERY-FLOWS.md).
+
+## Vulnerability Tracking
+
+Known vulnerabilities are tracked via GitHub Security Advisories on this repository.
+
 ## Dependencies
 
 Nemoris keeps dependencies minimal by design. We monitor for known vulnerabilities via `npm audit` and update promptly.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nemoris",
-  "version": "0.1.1",
+  "version": "0.1.2",
   "type": "module",
   "description": "Personal AI agent runtime — persistent memory, delivery guarantees, task contracts, self-healing. Local-first, no cloud.",
   "license": "MIT",

package/src/onboarding/phases/auth.js

@@ -24,7 +24,6 @@ import {
   resolveOpenAICodexAccess,
 } from "../../auth/openai-codex-oauth.js";
 import { getAuthProfile, resolveAuthProfilesPath } from "../../auth/auth-profiles.js";
-import { buildModelSelectionOptions, fetchOpenAIModels } from "../model-catalog.js";
 
 const PROVIDER_CONFIGS = {
   anthropic: {
@@ -179,25 +178,23 @@ function providerDisplayName(provider) {
 }
 
 async function fetchProviderModelIds(provider, key, { fetchImpl = globalThis.fetch } = {}) {
-  if (provider === "anthropic") {
-    return PROVIDER_MODEL_PRESETS.anthropic.map((item) => item.id);
-  }
-
-  const target = provider === "openrouter"
-    ? {
-        url: "https://openrouter.ai/api/v1/models",
-        headers: { authorization: `Bearer ${key}` },
-      }
-    : provider === "openai"
-      ? {
-          url: "https://api.openai.com/v1/models",
-          headers: { authorization: `Bearer ${key}` },
-        }
-      : null;
+  const targets = {
+    anthropic: {
+      url: "https://api.anthropic.com/v1/models",
+      headers: { "x-api-key": key, "anthropic-version": "2023-06-01" },
+    },
+    openrouter: {
+      url: "https://openrouter.ai/api/v1/models",
+      headers: { authorization: `Bearer ${key}` },
+    },
+    openai: {
+      url: "https://api.openai.com/v1/models",
+      headers: { authorization: `Bearer ${key}` },
+    },
+  };
 
-  if (!target) {
-    return [];
-  }
+  const target = targets[provider];
+  if (!target) return [];
 
   try {
     const response = await fetchImpl(target.url, {
@@ -206,48 +203,43 @@ async function fetchProviderModelIds(provider, key, { fetchImpl = globalThis.fet
       signal: AbortSignal.timeout(10000),
     });
     const data = await response.json();
-    if (!response.ok) {
-      return [];
-    }
+    if (!response.ok) return PROVIDER_MODEL_PRESETS[provider]?.map((item) => item.id) ?? [];
     const ids = Array.isArray(data?.data)
       ? data.data.map((item) => item?.id).filter(Boolean)
       : [];
-    if (provider === "openrouter") {
-      return ids.map((id) => ensureProviderModelPrefix(provider, id));
-    }
-    if (provider === "openai") {
-      return ids.map((id) => ensureProviderModelPrefix(provider, id));
-    }
-    return ids;
+    return ids.map((id) => ensureProviderModelPrefix(provider, id));
   } catch {
-    return [];
+    return PROVIDER_MODEL_PRESETS[provider]?.map((item) => item.id) ?? [];
   }
 }
 
 async function buildProviderSelectionOptions(provider, key, { fetchImpl = globalThis.fetch } = {}) {
-  if (provider === "openai") {
-    const discoveredModels = await fetchOpenAIModels(key, { fetchImpl });
-    return buildModelSelectionOptions({
-      provider,
-      discoveredModels,
-      includeKeep: false,
-      includeManual: true,
-    }).map((entry) => ({
-      value: entry.value,
-      label: entry.label,
-      description: entry.hint,
-    }));
-  }
-
   const curated = PROVIDER_MODEL_PRESETS[provider] || [];
-  const available = new Set(await fetchProviderModelIds(provider, key, { fetchImpl }));
-  const selectable = curated.filter((item) => available.size === 0 || available.has(item.id));
-  const options = selectable.length > 0 ? selectable : curated;
-  return options.map((item) => ({
-    value: item.id,
-    label: item.label,
-    description: item.description,
-  }));
+  const fetched = await fetchProviderModelIds(provider, key, { fetchImpl });
+  const fetchedSet = new Set(fetched);
+
+  // Curated models that exist in the fetched list (fall back to all curated if fetch failed)
+  const curatedAvailable = fetched.length > 0
+    ? curated.filter((item) => fetchedSet.has(item.id))
+    : curated;
+  const curatedIds = new Set(curatedAvailable.map((item) => item.id));
+
+  // Remaining fetched models not already shown as curated
+  const extra = fetched
+    .filter((id) => !curatedIds.has(id))
+    .map((id) => {
+      const displayId = id
+        .replace(/^openrouter\//, "")
+        .replace(/^openai-codex\//, "")
+        .replace(/^anthropic\//, "");
+      return { value: id, label: displayId, description: "available from provider" };
+    });
+
+  return [
+    ...curatedAvailable.map((item) => ({ value: item.id, label: item.label, description: item.description })),
+    ...extra,
+    { value: "__custom__", label: "Enter a different model name...", description: "Use a specific model id not shown in the list." },
+  ];
 }
 
 async function promptForProviderModels(provider, key, tui, { fetchImpl = globalThis.fetch } = {}) {
@@ -256,7 +248,7 @@ async function promptForProviderModels(provider, key, tui, { fetchImpl = globalT
 
   const options = await buildProviderSelectionOptions(provider, key, { fetchImpl });
   const chosen = [];
-  const manualOptionValue = provider === "openai" ? "__manual__" : "__custom__";
+  const manualOptionValue = "__custom__";
   const defaultModelValue = options.find((item) => !String(item.value).startsWith("__"))?.value || "";
 
   console.log(`\n  ${cyan(`Choose ${provider === "openrouter" ? "OpenRouter" : provider === "openai" ? "OpenAI" : "Anthropic"} models`)}`);
@@ -271,19 +263,14 @@ async function promptForProviderModels(provider, key, tui, { fetchImpl = globalT
     }));
 
     if (chosen.length > 0) {
-      pickerOptions.push({
-        label: "Done",
-        value: "__done__",
-        description: "Continue setup with the models already selected.",
-      });
-    }
-
-    if (provider !== "openai") {
-      pickerOptions.push({
-        label: "Enter a different model name...",
-        value: manualOptionValue,
-        description: "Use a specific model id not shown in the curated list.",
-      });
+      // Insert "Done" before the custom-entry option at the end
+      const customIndex = pickerOptions.findIndex((item) => item.value === "__custom__");
+      const doneOption = { label: "Done", value: "__done__", description: "Continue setup with the models already selected." };
+      if (customIndex >= 0) {
+        pickerOptions.splice(customIndex, 0, doneOption);
+      } else {
+        pickerOptions.push(doneOption);
+      }
     }
 
     const picked = await select(

package/src/onboarding/wizard.js

@@ -164,6 +164,23 @@ async function runInteractiveWizard({
   flowOverride = null,
 }) {
   const prompter = createClackPrompter();
+
+  // ASCII banner — ANSI Shadow font, brand accent colour
+  const BRAND = "\x1b[38;2;45;212;191m";
+  const RESET = "\x1b[0m";
+  const DIM = "\x1b[2m";
+  const ascii = [
+    "",
+    `${BRAND}  ███╗   ██╗███████╗███╗   ███╗ ██████╗ ██████╗ ██╗███████╗${RESET}`,
+    `${BRAND}  ████╗  ██║██╔════╝████╗ ████║██╔═══██╗██╔══██╗██║██╔════╝${RESET}`,
+    `${BRAND}  ██╔██╗ ██║█████╗  ██╔████╔██║██║   ██║██████╔╝██║███████╗${RESET}`,
+    `${BRAND}  ██║╚██╗██║██╔══╝  ██║╚██╔╝██║██║   ██║██╔══██╗██║╚════██║${RESET}`,
+    `${BRAND}  ██║ ╚████║███████╗██║ ╚═╝ ██║╚██████╔╝██║  ██║██║███████║${RESET}`,
+    `${BRAND}  ╚═╝  ╚═══╝╚══════╝╚═╝     ╚═╝ ╚═════╝ ╚═╝  ╚═╝╚═╝╚══════╝${RESET}`,
+    "",
+  ].join("\n");
+  console.log(ascii);
+
   await prompter.intro("Nemoris setup");
 
   await prompter.note([
@@ -193,9 +210,9 @@ async function runInteractiveWizard({
     const action = await prompter.select({
       message: "Config handling",
       options: [
-        { value: "keep", label: "Use existing values" },
-        { value: "update", label: "Update values" },
-        { value: "reset", label: "Reset everything" },
+        { value: "keep", label: "Use existing values", hint: "Skip setup — keep current config and start running" },
+        { value: "update", label: "Update values", hint: "Walk through setup again, pre-filled with current config" },
+        { value: "reset", label: "Reset everything", hint: "Wipe and start fresh" },
       ],
     });
 
@@ -208,9 +225,9 @@ async function runInteractiveWizard({
       const scope = await prompter.select({
         message: "Reset scope",
         options: [
-          { value: "config", label: "Config only" },
-          { value: "config+state", label: "Config + state (memory, runs, scheduler)" },
-          { value: "full", label: "Full reset (everything)" },
+          { value: "config", label: "Config only", hint: "Rewrites agents, router, and provider config. Keeps memory and history." },
+          { value: "config+state", label: "Config + state", hint: "Config + wipes memory, run history, and scheduler data. Agent identities kept." },
+          { value: "full", label: "Full reset", hint: "Deletes everything and starts completely fresh. Like a first install." },
         ],
       });
       resetInstallArtifacts(installDir, scope);