npm - @integrity-labs/agt-cli - Versions diffs - 0.15.1 → 0.15.3 - Mend

@integrity-labs/agt-cli 0.15.1 → 0.15.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/bin/agt.js +3 -3
package/dist/{chunk-7QE6SJQB.js → chunk-IQI7XAQ6.js} +1 -11
package/dist/chunk-IQI7XAQ6.js.map +1 -0
package/dist/lib/manager-worker.js +2 -57
package/dist/lib/manager-worker.js.map +1 -1
package/mcp/index.js +55 -14
package/mcp/slack-channel.js +16 -15
package/package.json +1 -1
package/dist/chunk-7QE6SJQB.js.map +0 -1

package/mcp/index.js CHANGED Viewed

@@ -20985,6 +20985,36 @@ var StdioServerTransport = class {
   }
 };
+// src/token-refresh-selection.ts
+var REFRESH_WINDOW_MS = 10 * 6e4;
+function selectIntegrationsToRefresh(input) {
+  const now = input.now ?? Date.now();
+  const windowMs = input.windowMs ?? REFRESH_WINDOW_MS;
+  const oauth = input.integrations.filter((i) => i.auth_type === "oauth2");
+  if (input.integration_id) {
+    const target = oauth.find((i) => i.id === input.integration_id);
+    if (!target) return [];
+    return [{ kind: "force_refresh", integration: target }];
+  }
+  return oauth.map((integration) => {
+    if (!integration.credentials.access_token) {
+      return { kind: "force_refresh", integration };
+    }
+    const expiresAtRaw = integration.credentials.token_expires_at;
+    if (!expiresAtRaw) {
+      return { kind: "force_refresh", integration };
+    }
+    const expiresAt = Date.parse(expiresAtRaw);
+    if (Number.isNaN(expiresAt)) {
+      return { kind: "force_refresh", integration };
+    }
+    if (expiresAt - now < windowMs) {
+      return { kind: "force_refresh", integration };
+    }
+    return { kind: "return_cached", integration };
+  });
+}
 // src/index.ts
 import { spawn } from "child_process";
 var DeliveryTargetSchema = external_exports.union([
@@ -21371,40 +21401,48 @@ server.tool(
 );
 server.tool(
   "token.refresh",
-  "Request fresh OAuth tokens for an integration. Returns the new access token directly \u2014 no file-based handoff needed.",
+  "Get a working OAuth access token for an integration. Returns the current cached token when it is still valid (the server-side cron rotates tokens every ~15 minutes) and forces a refresh only when the cached token is expiring or missing. Pass `integration_id` to force-refresh a specific integration after a 401/TokenExpired from the provider.",
   {
-    integration_id: external_exports.string().optional().describe("Specific integration UUID to refresh. If omitted, refreshes all expiring tokens.")
+    integration_id: external_exports.string().optional().describe("Specific integration UUID to force-refresh (use after a 401 from the provider). If omitted, returns current tokens for all OAuth integrations, refreshing any that are within ~10 minutes of expiry.")
   },
   async (params) => {
     const integrations = await apiPost("/host/agent-integrations", {
       agent_id: AGT_AGENT_ID
     });
-    const TEN_MINUTES_MS = 10 * 6e4;
-    const oauthIntegrations = integrations.integrations.filter((i) => {
-      if (i.auth_type !== "oauth2") return false;
-      if (params.integration_id) return i.id === params.integration_id;
-      if (!i.credentials.token_expires_at) return true;
-      return new Date(i.credentials.token_expires_at).getTime() - Date.now() < TEN_MINUTES_MS;
+    const decisions = selectIntegrationsToRefresh({
+      integrations: integrations.integrations,
+      integration_id: params.integration_id
     });
-    if (oauthIntegrations.length === 0) {
+    if (decisions.length === 0) {
       return {
         content: [
           {
             type: "text",
-            text: params.integration_id ? `No OAuth integration found with ID ${params.integration_id}.` : "No expiring OAuth tokens found for this agent."
+            text: params.integration_id ? `No OAuth integration found with ID ${params.integration_id}.` : "No OAuth integrations found for this agent."
           }
         ]
       };
     }
     const results = [];
-    for (const integration of oauthIntegrations) {
+    for (const decision of decisions) {
+      const { integration } = decision;
+      if (decision.kind === "return_cached") {
+        results.push({
+          definition_id: integration.definition_id,
+          access_token: integration.credentials.access_token,
+          expires_at: integration.credentials.token_expires_at,
+          source: "cached"
+        });
+        continue;
+      }
       try {
         const refreshed = await apiPost(`/integrations/oauth/${integration.id}/refresh`, {});
         if (refreshed.ok && refreshed.access_token) {
           results.push({
             definition_id: integration.definition_id,
             access_token: refreshed.access_token,
-            expires_at: refreshed.expires_at
+            expires_at: refreshed.expires_at,
+            source: "refreshed"
           });
         } else {
           results.push({ definition_id: integration.definition_id, error: true });
@@ -21414,17 +21452,20 @@ server.tool(
       }
     }
     const summary = results.map(
-      (r) => r.access_token ? `${r.definition_id}: refreshed (expires ${r.expires_at ?? "unknown"})` : `${r.definition_id}: refresh failed`
+      (r) => r.access_token ? `${r.definition_id}: ${r.source} (expires ${r.expires_at ?? "unknown"})` : `${r.definition_id}: refresh failed`
     );
     return {
       content: [
         {
           type: "text",
           text: JSON.stringify({
+            // Key is `refreshed` for backwards compatibility — entries can now
+            // be either cached or freshly-rotated, distinguished by `source`.
             refreshed: results.filter((r) => r.access_token).map((r) => ({
               definition_id: r.definition_id,
               access_token: r.access_token,
-              expires_at: r.expires_at
+              expires_at: r.expires_at,
+              source: r.source
             })),
             failed: results.filter((r) => r.error).map((r) => r.definition_id),
             summary: summary.join("; ")

package/mcp/slack-channel.js CHANGED Viewed

@@ -14229,6 +14229,21 @@ if (!BOT_TOKEN || !APP_TOKEN) {
   );
   process.exit(1);
 }
+async function getBotUserId() {
+  try {
+    const res = await fetch("https://slack.com/api/auth.test", {
+      headers: { Authorization: `Bearer ${BOT_TOKEN}` }
+    });
+    const data = await res.json();
+    return data.ok ? data.user_id ?? null : null;
+  } catch {
+    return null;
+  }
+}
+var botUserId = await getBotUserId();
+process.stderr.write(`slack-channel: Bot user ID: ${botUserId}
+`);
+var selfIdentityInstruction = botUserId ? `Your own Slack user_id is ${botUserId}. Treat <@${botUserId}> mentions as directed at you, even inside auto_followed threads.` : "";
 var mcp = new Server(
   { name: "slack", version: "0.1.0" },
   {
@@ -14241,6 +14256,7 @@ var mcp = new Server(
     // and the agent silently loses attachment-handling guidance.
     instructions: [
       'Messages from Slack arrive as <channel source="slack" user="<slack-id>" user_name="<display-name>" channel="..." thread_ts="...">.',
+      ...selfIdentityInstruction ? [selfIdentityInstruction] : [],
       "Inbound attachments: the <channel> tag's `files` attribute is a JSON-serialised array \u2014 JSON.parse it before iterating. If a file entry has a `path`, the image is ALREADY DOWNLOADED locally \u2014 Read that path directly, do NOT call slack.download_attachment. That tool is only for entries with `file_id` but NO `path` (PDF, docx, csv, etc.): pass file_id + channel verbatim (never paraphrase), then Read the returned path. Single-image messages also get a top-level `image_path` convenience attribute; multi-image messages omit it. Never tell the user about internal file-handling failures that don't affect the answer.",
       "Reply via slack.reply passing channel and thread_ts from the tag. Always include thread_ts on threaded replies so the response lands in the same thread.",
       "Address users by user_name, never by raw user ID. In multi-participant threads the CURRENT speaker is the one on the latest <channel> tag \u2014 don't conflate with earlier participants.",
@@ -14768,18 +14784,6 @@ async function buildInboundFileMeta(rawFiles, codeName, channel) {
   return out;
 }
 await mcp.connect(new StdioServerTransport());
-var botUserId = null;
-async function getBotUserId() {
-  try {
-    const res = await fetch("https://slack.com/api/auth.test", {
-      headers: { Authorization: `Bearer ${BOT_TOKEN}` }
-    });
-    const data = await res.json();
-    return data.ok ? data.user_id ?? null : null;
-  } catch {
-    return null;
-  }
-}
 var userNameCache = /* @__PURE__ */ new Map();
 async function resolveUserName(userId) {
   if (!userId || userId === "unknown") return userId ?? "unknown";
@@ -14983,7 +14987,4 @@ if (THREAD_STORE_PATH) {
     "slack-channel: AGT_AGENT_CODE_NAME not set \u2014 running without thread-follow persistence\n"
   );
 }
-botUserId = await getBotUserId();
-process.stderr.write(`slack-channel: Bot user ID: ${botUserId}
-`);
 connectSocketModeSafely();

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@integrity-labs/agt-cli",
-  "version": "0.15.1",
+  "version": "0.15.3",
   "description": "Augmented Team CLI — agent provisioning and management",
   "type": "module",
   "engines": {