npm - @integrity-labs/agt-cli - Versions diffs - 0.10.2 → 0.10.3 - Mend

@integrity-labs/agt-cli 0.10.2 → 0.10.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/bin/agt.js +3 -3
package/dist/bin/agt.js.map +1 -1
package/dist/{chunk-VCKY6MN2.js → chunk-6YGOQRAR.js} +313 -18
package/dist/chunk-6YGOQRAR.js.map +1 -0
package/dist/lib/manager-worker.js +47 -4
package/dist/lib/manager-worker.js.map +1 -1
package/mcp/slack-channel.js +30 -3
package/package.json +2 -2
package/dist/chunk-VCKY6MN2.js.map +0 -1

package/dist/{chunk-VCKY6MN2.js → chunk-6YGOQRAR.js} RENAMED Viewed

@@ -1859,7 +1859,7 @@ function extractAllowedDomains(input) {
 registerFramework(nemoClawAdapter);
 // ../../packages/core/dist/provisioning/frameworks/claudecode/index.js
-import { readFileSync as readFileSync3, writeFileSync as writeFileSync3, mkdirSync as mkdirSync3, existsSync as existsSync3, chmodSync as chmodSync3 } from "fs";
+import { readFileSync as readFileSync3, writeFileSync as writeFileSync3, mkdirSync as mkdirSync3, existsSync as existsSync3, chmodSync as chmodSync3, readdirSync, rmSync } from "fs";
 import { join as join3, relative } from "path";
 import { homedir as homedir2 } from "os";
 import { execFile as execFile3 } from "child_process";
@@ -1931,7 +1931,7 @@ function buildKnowledgeSection2(knowledge) {
     return "";
   const orgEntries = knowledge.filter((k) => k.scope === "org");
   const teamEntries = knowledge.filter((k) => k.scope === "team");
-  const formatEntry = (k) => `- **${k.title}** (skill: \`knowledge-${k.slug}\`)`;
+  const formatEntry = (k) => `- **${k.title}**`;
   let body = "";
   if (orgEntries.length) {
     body += `### Organization
@@ -1950,9 +1950,9 @@ ${teamEntries.map(formatEntry).join("\n")}
   }
   return `## Core Knowledge
-Your team has provided the following core knowledge as skills. These are
-automatically available \u2014 Claude Code will surface the relevant skill when
-you need context. You do not need to read files manually.
+Your team has provided core knowledge via the \`core-knowledge\` skill.
+It is automatically available \u2014 Claude Code will surface it when you need
+context. You do not need to read files manually.
 ${body}
 `;
@@ -2158,6 +2158,32 @@ function deployArtifactsToProject(codeName, provisionDir) {
     } catch {
     }
   }
+  const skillsDir = join3(provisionDir, ".claude", "skills");
+  const destSkillsDir = join3(projectDir, ".claude", "skills");
+  try {
+    if (existsSync3(destSkillsDir)) {
+      const srcFolders = existsSync3(skillsDir) ? new Set(readdirSync(skillsDir)) : /* @__PURE__ */ new Set();
+      for (const folder of readdirSync(destSkillsDir)) {
+        if (folder.startsWith("knowledge-") || folder === "core-knowledge" && !srcFolders.has(folder)) {
+          try {
+            rmSync(join3(destSkillsDir, folder), { recursive: true });
+          } catch {
+          }
+        }
+      }
+    }
+    if (existsSync3(skillsDir)) {
+      for (const skillFolder of readdirSync(skillsDir)) {
+        const srcSkillFile = join3(skillsDir, skillFolder, "SKILL.md");
+        if (!existsSync3(srcSkillFile))
+          continue;
+        const destFolder = join3(destSkillsDir, skillFolder);
+        mkdirSync3(destFolder, { recursive: true });
+        writeFileSync3(join3(destFolder, "SKILL.md"), readFileSync3(srcSkillFile, "utf-8"));
+      }
+    }
+  } catch {
+  }
   const agentMcpPath = join3(getAgentDir(codeName), "provision", ".mcp.json");
   const projectMcpPath = join3(projectDir, ".mcp.json");
   try {
@@ -2474,20 +2500,28 @@ var claudeCodeAdapter = {
       { relativePath: "CHARTER.md", content: input.charterContent },
       { relativePath: "TOOLS.md", content: input.toolsContent }
     ];
-    for (const entry of input.knowledge ?? []) {
-      const skillPath = `.claude/skills/knowledge-${entry.slug}/SKILL.md`;
-      assertSafeRelativePath(skillPath);
-      const scopeLabel = entry.scope === "org" ? "organization" : "team";
+    const knowledgeEntries = input.knowledge ?? [];
+    if (knowledgeEntries.length > 0) {
+      const safeTitles = knowledgeEntries.map((k) => k.title.replace(/[\n\r"\\]/g, " ").trim().toLowerCase()).filter(Boolean);
+      const sections = knowledgeEntries.map((entry) => {
+        const scopeLabel = entry.scope === "org" ? "Organization" : "Team";
+        const safeTitle = entry.title.replace(/[\n\r]/g, " ").trim();
+        return `## ${safeTitle}
+*${scopeLabel} knowledge*
+${entry.content}`;
+      }).join("\n\n---\n\n");
+      const description = `Use this skill when the user asks about the company, organization, team, products, or any of: ${safeTitles.join(", ")}. Provides core reference material from the knowledge base.`;
       artifacts.push({
-        relativePath: skillPath,
+        relativePath: ".claude/skills/core-knowledge/SKILL.md",
         content: `---
-name: knowledge-${entry.slug}
-description: "${entry.title} \u2014 ${scopeLabel}-level core knowledge. Use when you need context about ${entry.title.toLowerCase()}."
+name: core-knowledge
+description: ${JSON.stringify(description)}
 ---
-# ${entry.title}
+# Core Knowledge
-${entry.content}`
+${sections}`
       });
     }
     return artifacts;
@@ -2503,8 +2537,8 @@ ${entry.content}`
     const augDir = join3(homeDir, ".augmented");
     const agents = /* @__PURE__ */ new Set();
     try {
-      const { readdirSync, statSync } = await import("fs");
-      const entries = readdirSync(augDir);
+      const { readdirSync: readdirSync2, statSync } = await import("fs");
+      const entries = readdirSync2(augDir);
       for (const entry of entries) {
         const ccDir = join3(augDir, entry, "claudecode");
         try {
@@ -2874,6 +2908,9 @@ ${entry.content}`
   },
   installSkillFiles(codeName, skillId, files) {
     assertValidCodeName(skillId);
+    const isPluginManaged = skillId.startsWith("plugin-");
+    const READ_ONLY_MODE = 292;
+    const READ_WRITE_MODE = 420;
     const agentDir = getAgentDir(codeName);
     const projectDir = getProjectDir(codeName);
     for (const baseDir of [join3(agentDir, "skills"), join3(projectDir, ".claude", "skills")]) {
@@ -2887,7 +2924,19 @@ ${entry.content}`
           throw new Error(`Path traversal detected: ${file.relativePath} resolves outside ${skillDir}`);
         }
         mkdirSync3(join3(filePath, ".."), { recursive: true });
+        if (isPluginManaged && existsSync3(filePath)) {
+          try {
+            chmodSync3(filePath, READ_WRITE_MODE);
+          } catch {
+          }
+        }
         writeFileSync3(filePath, file.content);
+        if (isPluginManaged) {
+          try {
+            chmodSync3(filePath, READ_ONLY_MODE);
+          } catch {
+          }
+        }
       }
     }
   },
@@ -2971,6 +3020,250 @@ ${entry.content}`
 };
 registerFramework(claudeCodeAdapter);
+// ../../packages/core/dist/provisioning/frameworks/managed-agents/system-prompt.js
+function generateSystemPrompt(input) {
+  const { agent, charterFrontmatter, charterContent, resolvedChannels, integrations } = input;
+  const sections = [];
+  sections.push(`# Agent Identity
+**Name**: ${agent.display_name} (\`${agent.code_name}\`)
+**Environment**: ${agent.environment}
+**Risk Tier**: ${agent.risk_tier}
+**Owner**: ${charterFrontmatter.owner.name}${charterFrontmatter.owner.email ? ` <${charterFrontmatter.owner.email}>` : ""}
+**Augmented Agent ID**: ${agent.agent_id}`);
+  const bodyContent = stripFrontmatter(charterContent).trim();
+  if (bodyContent) {
+    sections.push(bodyContent);
+  }
+  if (resolvedChannels.length > 0) {
+    sections.push(`## Allowed Channels
+This agent is permitted to communicate via the following channels:
+${resolvedChannels.map((ch) => `- ${ch}`).join("\n")}`);
+  }
+  const budget = charterFrontmatter.budget;
+  const limits = charterFrontmatter.limits;
+  if (budget || limits) {
+    const budgetLines = [];
+    if (budget) {
+      const window = budget.window;
+      if (budget.type === "tokens" || budget.type === "both") {
+        budgetLines.push(`- Token budget: ${(budget.limit_tokens ?? budget.limit).toLocaleString()} tokens per ${window}`);
+      }
+      if (budget.type === "dollars" || budget.type === "both") {
+        budgetLines.push(`- Cost budget: $${(budget.limit_dollars ?? budget.limit).toFixed(2)} per ${window}`);
+      }
+      if (budget.enforcement) {
+        budgetLines.push(`- Enforcement: ${budget.enforcement}`);
+      }
+    }
+    if (limits) {
+      budgetLines.push(`- Max tokens per request: ${limits.max_tokens_per_request.toLocaleString()}`);
+      budgetLines.push(`- Max tokens per run: ${limits.max_tokens_per_run.toLocaleString()}`);
+    }
+    sections.push(`## Budget Constraints
+${budgetLines.join("\n")}`);
+  }
+  const apiKeyIntegrations = (integrations ?? []).filter((i) => i.auth_type === "api_key" && i.credentials.api_key);
+  if (apiKeyIntegrations.length > 0) {
+    const credLines = apiKeyIntegrations.map((i) => {
+      const envKey = `${i.definition_id.toUpperCase().replace(/[^A-Z0-9]/g, "_")}_API_KEY`;
+      return `- **${i.display_name}**: API key available as \`${envKey}\``;
+    });
+    sections.push(`## Available Integrations (API Keys)
+The following integration credentials are available for use in this session:
+${credLines.join("\n")}
+These credentials are pre-loaded. Reference them by their environment variable names when invoking tools.`);
+  }
+  return sections.join("\n\n");
+}
+function stripFrontmatter(content) {
+  if (!content.startsWith("---"))
+    return content;
+  const secondDelimiter = content.indexOf("\n---", 3);
+  if (secondDelimiter === -1)
+    return content;
+  return content.slice(secondDelimiter + 4);
+}
+// ../../packages/core/dist/provisioning/frameworks/managed-agents/tools-mapper.js
+var TOOL_ID_TO_ANTHROPIC = [
+  ["bash", "bash"],
+  ["shell", "bash"],
+  ["exec", "bash"],
+  ["read", "read"],
+  ["fs_read", "read"],
+  ["file_read", "read"],
+  ["write", "write"],
+  ["fs_write", "write"],
+  ["file_write", "write"],
+  ["edit", "edit"],
+  ["fs_edit", "edit"],
+  ["file_edit", "edit"],
+  ["glob", "glob"],
+  ["fs_glob", "glob"],
+  ["grep", "grep"],
+  ["fs_grep", "grep"],
+  ["web_fetch", "web_fetch"],
+  ["fetch", "web_fetch"],
+  ["http", "web_fetch"],
+  ["web_search", "web_search"],
+  ["search", "web_search"]
+];
+function mapToolsToAgentToolset(toolsFrontmatter) {
+  const enabledTools = /* @__PURE__ */ new Set();
+  for (const tool of toolsFrontmatter.tools) {
+    const id = tool.id.toLowerCase();
+    for (const [prefix, anthropicTool] of TOOL_ID_TO_ANTHROPIC) {
+      if (id === prefix || id.startsWith(`${prefix}_`) || id.startsWith(`${prefix}-`)) {
+        enabledTools.add(anthropicTool);
+        break;
+      }
+    }
+  }
+  const allTools = [
+    "bash",
+    "read",
+    "write",
+    "edit",
+    "glob",
+    "grep",
+    "web_fetch",
+    "web_search"
+  ];
+  return {
+    type: "agent_toolset_20260401",
+    default_config: { enabled: false },
+    configs: allTools.map((name) => ({ name, enabled: enabledTools.has(name) }))
+  };
+}
+function extractAllowedHosts(toolsFrontmatter) {
+  const hosts = /* @__PURE__ */ new Set();
+  for (const tool of toolsFrontmatter.tools) {
+    for (const domain of tool.network?.allowlist_domains ?? []) {
+      hosts.add(domain);
+    }
+  }
+  return [...hosts];
+}
+// ../../packages/core/dist/provisioning/frameworks/managed-agents/environment-config.js
+function buildEnvironmentConfig(riskTier, allowedHosts) {
+  switch (riskTier) {
+    case "Low":
+      return {
+        type: "cloud",
+        networking: { type: "unrestricted" }
+      };
+    case "Medium":
+      return {
+        type: "cloud",
+        networking: {
+          type: "limited",
+          allowed_hosts: allowedHosts,
+          allow_mcp_servers: true,
+          allow_package_managers: true
+        }
+      };
+    case "High":
+      return {
+        type: "cloud",
+        networking: {
+          type: "limited",
+          allowed_hosts: [],
+          allow_mcp_servers: true,
+          allow_package_managers: false
+        }
+      };
+  }
+}
+// ../../packages/core/dist/provisioning/frameworks/managed-agents/index.js
+function buildMcpServers(input) {
+  const servers = [];
+  for (const integration of input.integrations ?? []) {
+    if (integration.auth_type !== "managed")
+      continue;
+    const config = integration.config;
+    const mcpUrl = config["mcp_server_url"];
+    if (!mcpUrl)
+      continue;
+    const connectedAccountId = integration.credentials["connected_account_id"];
+    const apiKey = integration.credentials["api_key"];
+    const headers = {};
+    if (apiKey)
+      headers["Authorization"] = `secret_ref://${integration.definition_id}/api_key`;
+    if (connectedAccountId)
+      headers["X-Connected-Account-Id"] = String(connectedAccountId);
+    servers.push({
+      type: "url",
+      name: integration.definition_id.replace(/[^a-z0-9-]/gi, "-").toLowerCase(),
+      url: mcpUrl,
+      ...Object.keys(headers).length > 0 ? { headers } : {}
+    });
+  }
+  return servers;
+}
+var ManagedAgentsAdapter = {
+  id: "managed-agents",
+  label: "Managed Agents (Anthropic Cloud)",
+  buildArtifacts(input) {
+    const { agent, toolsFrontmatter } = input;
+    const toolset = mapToolsToAgentToolset(toolsFrontmatter);
+    const allowedHosts = extractAllowedHosts(toolsFrontmatter);
+    const environmentConfig = buildEnvironmentConfig(agent.risk_tier, allowedHosts);
+    const mcpServers = buildMcpServers(input);
+    const tools = [toolset];
+    for (const server of mcpServers) {
+      tools.push({ type: "mcp_toolset", mcp_server_name: server.name });
+    }
+    const config = {
+      name: agent.display_name,
+      model: agent.primary_model ?? "claude-sonnet-4-6",
+      system: generateSystemPrompt(input),
+      tools,
+      mcp_servers: mcpServers,
+      description: agent.description,
+      metadata: {
+        augmented_agent_id: agent.agent_id,
+        augmented_code_name: agent.code_name,
+        augmented_environment: agent.environment,
+        augmented_risk_tier: agent.risk_tier,
+        augmented_framework: "managed-agents"
+      },
+      _environment_config: environmentConfig
+    };
+    return [
+      {
+        relativePath: "managed-agent.json",
+        content: JSON.stringify(config, null, 2)
+      }
+    ];
+  },
+  driftTrackedFiles() {
+    return ["managed-agent.json"];
+  },
+  // -------------------------------------------------------------------------
+  // No local runtime — all execution is in Anthropic's cloud.
+  // These methods are intentional no-ops.
+  // -------------------------------------------------------------------------
+  async getRegisteredAgents() {
+    return /* @__PURE__ */ new Set();
+  },
+  async registerAgent(_codeName, _teamDir) {
+    return true;
+  },
+  async deregisterAgent(_codeName) {
+    return true;
+  },
+  writeAuthProfiles(_codeName, _profiles) {
+  }
+};
+registerFramework(ManagedAgentsAdapter);
 // src/lib/config.ts
 import { readFileSync as readFileSync4, writeFileSync as writeFileSync4, mkdirSync as mkdirSync4, existsSync as existsSync4 } from "fs";
 import { join as join4 } from "path";
@@ -4780,8 +5073,10 @@ var ROLE_PERMISSIONS = {
     "agent.view",
     "audit_log.view",
     "host.view",
+    "plugin.view",
     "plugin.install",
-    "plugin.view"
+    "plugin.configure",
+    "plugin.manage_scopes"
   ],
   viewer: [
     "agent.view",
@@ -5244,4 +5539,4 @@ export {
   detectDrift,
   provision
 };
-//# sourceMappingURL=chunk-VCKY6MN2.js.map
+//# sourceMappingURL=chunk-6YGOQRAR.js.map