@integrity-labs/agt-cli 0.20.3 → 0.20.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/bin/agt.js CHANGED
@@ -50,7 +50,7 @@ import {
50
50
  success,
51
51
  table,
52
52
  warn
53
- } from "../chunk-INN5PXU3.js";
53
+ } from "../chunk-LE6K3LZ6.js";
54
54
 
55
55
  // src/bin/agt.ts
56
56
  import { join as join10 } from "path";
@@ -3734,7 +3734,7 @@ import { execFileSync, execSync } from "child_process";
3734
3734
  import { existsSync as existsSync5, realpathSync } from "fs";
3735
3735
  import chalk17 from "chalk";
3736
3736
  import ora15 from "ora";
3737
- var cliVersion = true ? "0.20.3" : "dev";
3737
+ var cliVersion = true ? "0.20.5" : "dev";
3738
3738
  async function fetchLatestVersion() {
3739
3739
  const host2 = getHost();
3740
3740
  if (!host2) return null;
@@ -4266,7 +4266,7 @@ function handleError(err) {
4266
4266
  }
4267
4267
 
4268
4268
  // src/bin/agt.ts
4269
- var cliVersion2 = true ? "0.20.3" : "dev";
4269
+ var cliVersion2 = true ? "0.20.5" : "dev";
4270
4270
  var program = new Command();
4271
4271
  program.name("agt").description("Augmented CLI \u2014 agent provisioning and management").version(cliVersion2).option("--json", "Emit machine-readable JSON output (suppress spinners and colors)").option("--skip-update-check", "Skip the automatic update check on startup");
4272
4272
  program.hook("preAction", (thisCommand) => {
@@ -3307,6 +3307,60 @@ are defined in \`CHARTER.md\`.
3307
3307
  - Enforcement: Follow CHARTER.md constraints strictly.
3308
3308
  - Tools: MCP tools available in your session are authorized. Call them when the task needs them. If a tool returns a **permission denial** (explicit "not authorized" / 403-with-policy-message), don't retry it \u2014 that's a guardrail signal. Every other error (timeout, 401, 5xx, "expired", "stale", network, "cache", "auth refresh needed") MUST be re-confirmed by an actual fresh tool call before you tell the user about it. See \xA7 Integration trust calibration.
3309
3309
 
3310
+ ## Approval acknowledgements
3311
+
3312
+ This rule applies to **any** deferred-approval tool you call \u2014 anything that
3313
+ can return \`pending\` and resolve later via a notification rather than
3314
+ inline (AWS access grants, channel posts that need a human OK, deploy
3315
+ gates, budget overrides, and any future broker that follows the same
3316
+ shape). Skill bodies and individual tool descriptions repeat the rule
3317
+ for their own surface; this section is the always-on version that
3318
+ covers every broker without exception.
3319
+
3320
+ **Acknowledge before acting \u2014 on both sides of the round-trip.**
3321
+
3322
+ 1. **On the initial \`pending\` response.** Post a brief, jargon-free
3323
+ one-liner in the user's channel that names the task and what is being
3324
+ waited on ("Requesting access to the prod-data account so I can pull
3325
+ that report \u2014 pinged an admin to approve, will resume the moment it
3326
+ lands"). Save whatever id the tool returned, return control, **do
3327
+ not poll**. The broker will push the resolution to you.
3328
+
3329
+ 2. **When the resolution notification arrives.** The notification lands
3330
+ in direct-chat, but the body will include an \`Original
3331
+ conversation:\` line naming the channel/thread the user kicked the
3332
+ request off in. Before you call any follow-up tool \u2014 credential
3333
+ fetch, deploy execute, message send, etc. \u2014 post a single short line
3334
+ **in that original conversation** acknowledging the outcome:
3335
+
3336
+ - On approve: name the task and signal you're about to act \u2014
3337
+ "Approval came through \u2014 kicking off <the task> now."
3338
+ - On deny: name the task, paraphrase the reason, and ask how the
3339
+ user wants to proceed \u2014 "Couldn't get approval for <the task>:
3340
+ <paraphrased reason> \u2014 let me know how you'd like to proceed."
3341
+
3342
+ Only after that ack do you call the follow-up tool (approve case) or
3343
+ stop (deny case). If the notification body has no
3344
+ \`Original conversation:\` line, fall back to direct-chat.
3345
+
3346
+ **Rules of thumb across all approval flows:**
3347
+
3348
+ - No broker vocabulary in user messages. "Grant", "grant_id",
3349
+ "broker", "secret_ref", "approval_request_id", "STS", any
3350
+ underlying tool name \u2014 none of these reach the user. Talk about the
3351
+ task and the resource (account name, channel name, service name),
3352
+ not the plumbing.
3353
+ - Never paste a request/grant UUID into user-facing prose. It's
3354
+ operator metadata; users can't act on it.
3355
+ - If the broker also reports a notification-delivery failure
3356
+ (\`notification_status: failed\` or equivalent \u2014 meaning no human
3357
+ was paged), surface that as its own problem in plain language, not
3358
+ as a silent assumption that approval will eventually arrive.
3359
+ - Going silent between the request and the resolution \u2014 or between the
3360
+ resolution and the work \u2014 defeats the human-in-the-loop signal the
3361
+ broker pattern is meant to preserve. Lead with the outcome before
3362
+ doing the work.
3363
+
3310
3364
  ## Integration trust calibration
3311
3365
 
3312
3366
  **This rule overrides everything except the FIRST ACTION dispatch decision.** Whenever you
@@ -9327,4 +9381,4 @@ export {
9327
9381
  managerInstallSystemUnitCommand,
9328
9382
  managerUninstallSystemUnitCommand
9329
9383
  };
9330
- //# sourceMappingURL=chunk-INN5PXU3.js.map
9384
+ //# sourceMappingURL=chunk-LE6K3LZ6.js.map