@integrity-labs/agt-cli 0.25.0 → 0.25.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -350,6 +350,27 @@ function stripTrailingSlash(value) {
350
350
  return value.replace(/\/+$/, "");
351
351
  }
352
352
 
353
+ // ../../packages/core/dist/types/models.js
354
+ var DEFAULT_MODELS = {
355
+ primary: "openrouter/anthropic/claude-opus-4-6",
356
+ secondary: "openrouter/google/gemini-3.1-flash-lite-preview",
357
+ tertiary: "openrouter/openai/gpt-5.4-nano"
358
+ };
359
+ function claudeModelAlias(primaryModel) {
360
+ if (!primaryModel)
361
+ return null;
362
+ const name = (primaryModel.split("/").pop() ?? "").trim().toLowerCase();
363
+ if (!name)
364
+ return null;
365
+ if (name.includes("opus"))
366
+ return "opus";
367
+ if (name.includes("sonnet"))
368
+ return "sonnet";
369
+ if (name.includes("haiku"))
370
+ return "haiku";
371
+ return null;
372
+ }
373
+
353
374
  // ../../packages/core/dist/provisioning/framework-registry.js
354
375
  var adapters = /* @__PURE__ */ new Map();
355
376
  function registerFramework(adapter) {
@@ -381,13 +402,6 @@ function classifyActor(lastActorId, selfAgentId) {
381
402
  return "unknown";
382
403
  }
383
404
 
384
- // ../../packages/core/dist/types/models.js
385
- var DEFAULT_MODELS = {
386
- primary: "openrouter/anthropic/claude-opus-4-6",
387
- secondary: "openrouter/google/gemini-3.1-flash-lite-preview",
388
- tertiary: "openrouter/openai/gpt-5.4-nano"
389
- };
390
-
391
405
  // ../../packages/core/dist/types/plugin.js
392
406
  var HITL_TIER_ORDER = [
393
407
  "read",
@@ -994,6 +1008,33 @@ var CAPACITY_TABLE = {
994
1008
  };
995
1009
  var KNOWN_INSTANCE_TYPES = Object.keys(CAPACITY_TABLE);
996
1010
 
1011
+ // ../../packages/core/dist/provisioning/ec2-pricing.js
1012
+ var HOURLY_BY_REGION = {
1013
+ "ap-southeast-2": {
1014
+ "t3.micro": 0.0132,
1015
+ "t3.small": 0.0264,
1016
+ "t3.medium": 0.0528,
1017
+ "t3.large": 0.1056,
1018
+ "t3.xlarge": 0.2112,
1019
+ "t3.2xlarge": 0.4224,
1020
+ // m6i — general-purpose; in-fleet as of 2026-05 (ENG-5652).
1021
+ "m6i.large": 0.12,
1022
+ "m6i.xlarge": 0.24
1023
+ },
1024
+ "us-east-1": {
1025
+ "t3.micro": 0.0104,
1026
+ "t3.small": 0.0208,
1027
+ "t3.medium": 0.0416,
1028
+ "t3.large": 0.0832,
1029
+ "t3.xlarge": 0.1664,
1030
+ "t3.2xlarge": 0.3328,
1031
+ // m6i — kept symmetric with ap-southeast-2 (ENG-5652).
1032
+ "m6i.large": 0.096,
1033
+ "m6i.xlarge": 0.192
1034
+ }
1035
+ };
1036
+ var KNOWN_PRICING_REGIONS = Object.keys(HOURLY_BY_REGION);
1037
+
997
1038
  // ../../packages/core/dist/scheduled-tasks/suppress.js
998
1039
  var SENTINEL_REGEX = /<no-delivery\/>/g;
999
1040
  function classifyOutput(output) {
@@ -2932,6 +2973,302 @@ var ajv2 = new Ajv20202({ allErrors: true, strict: false });
2932
2973
  addFormats2(ajv2);
2933
2974
  var compiledMetaSchema = ajv2.compile(context_meta_schema_default);
2934
2975
 
2976
+ // ../../packages/core/dist/integrations/oauth-providers.js
2977
+ var OAUTH_PROVIDERS = {
2978
+ "google-workspace": {
2979
+ definitionId: "google-workspace",
2980
+ authorizeUrl: "https://accounts.google.com/o/oauth2/v2/auth",
2981
+ tokenUrl: "https://oauth2.googleapis.com/token",
2982
+ revokeUrl: "https://oauth2.googleapis.com/revoke",
2983
+ defaultScopes: [
2984
+ "https://www.googleapis.com/auth/gmail.modify",
2985
+ "https://www.googleapis.com/auth/calendar",
2986
+ "https://www.googleapis.com/auth/drive",
2987
+ "https://www.googleapis.com/auth/spreadsheets",
2988
+ "https://www.googleapis.com/auth/documents",
2989
+ "https://www.googleapis.com/auth/chat.messages",
2990
+ "https://www.googleapis.com/auth/chat.spaces.readonly"
2991
+ ],
2992
+ supportsRefresh: true,
2993
+ extraAuthorizeParams: {
2994
+ access_type: "offline",
2995
+ prompt: "consent"
2996
+ },
2997
+ clientAuthMethod: "body",
2998
+ userInfoUrl: "https://www.googleapis.com/oauth2/v2/userinfo"
2999
+ },
3000
+ "github": {
3001
+ definitionId: "github",
3002
+ authorizeUrl: "https://github.com/login/oauth/authorize",
3003
+ tokenUrl: "https://github.com/login/oauth/access_token",
3004
+ defaultScopes: ["repo", "read:org", "gist", "workflow"],
3005
+ supportsRefresh: true,
3006
+ extraAuthorizeParams: {},
3007
+ clientAuthMethod: "body",
3008
+ userInfoUrl: "https://api.github.com/user"
3009
+ },
3010
+ "granola": {
3011
+ // Granola MCP — remote streamable-HTTP at https://mcp.granola.ai/mcp.
3012
+ // The AS is at mcp-auth.granola.ai and exposes RFC 8414 metadata at
3013
+ // /.well-known/oauth-authorization-server. Auth is OAuth 2.0 with
3014
+ // mandatory PKCE (S256) and a public client (no client_secret) issued
3015
+ // via Dynamic Client Registration (RFC 7591). The bootstrap script
3016
+ // (`packages/api/scripts/dcr-register.ts`) registers a client once at
3017
+ // deploy time; OAUTH_GRANOLA_CLIENT_ID is set from its output.
3018
+ definitionId: "granola",
3019
+ authorizeUrl: "https://mcp-auth.granola.ai/oauth2/authorize",
3020
+ tokenUrl: "https://mcp-auth.granola.ai/oauth2/token",
3021
+ // Minimal scope set: `offline_access` earns the refresh_token so the
3022
+ // refresh cron can rotate the bearer without operator action; `openid`
3023
+ // is required for the OIDC code flow even when we don't request an
3024
+ // id_token. Profile/email are intentionally omitted — we have no
3025
+ // userInfoUrl wired up here, so requesting them would over-ask consent
3026
+ // for fields the callback can't read.
3027
+ defaultScopes: ["openid", "offline_access"],
3028
+ supportsRefresh: true,
3029
+ extraAuthorizeParams: {},
3030
+ clientAuthMethod: "body",
3031
+ pkce: "S256",
3032
+ publicClient: true,
3033
+ mcpUrl: "https://mcp.granola.ai/mcp"
3034
+ },
3035
+ "notion-cli": {
3036
+ // Notion's public OAuth app. Tokens are workspace-scoped and long-lived —
3037
+ // Notion does not issue refresh_tokens, so `supportsRefresh: false` and
3038
+ // the refresh cron skips this provider entirely. Scopes are not part of
3039
+ // Notion's authorize URL contract; consent is governed by what the user
3040
+ // grants in the OAuth screen, so `defaultScopes` stays empty.
3041
+ // `owner=user` forces the user-OAuth variant (vs internal integration).
3042
+ // Requires OAUTH_NOTION_CLI_CLIENT_ID and OAUTH_NOTION_CLI_CLIENT_SECRET.
3043
+ definitionId: "notion-cli",
3044
+ authorizeUrl: "https://api.notion.com/v1/oauth/authorize",
3045
+ tokenUrl: "https://api.notion.com/v1/oauth/token",
3046
+ defaultScopes: [],
3047
+ supportsRefresh: false,
3048
+ extraAuthorizeParams: {
3049
+ owner: "user"
3050
+ },
3051
+ clientAuthMethod: "basic"
3052
+ },
3053
+ "xero": {
3054
+ definitionId: "xero",
3055
+ authorizeUrl: "https://login.xero.com/identity/connect/authorize",
3056
+ tokenUrl: "https://identity.xero.com/connect/token",
3057
+ revokeUrl: "https://identity.xero.com/connect/revocation",
3058
+ defaultScopes: [
3059
+ "openid",
3060
+ "profile",
3061
+ "email",
3062
+ "offline_access",
3063
+ // Granular scopes (required for apps created after March 2, 2026 —
3064
+ // do NOT revert to the broad `accounting.transactions` /
3065
+ // `accounting.contacts` scopes, Xero rejects the manifest).
3066
+ // The variant *without* `.read` is the read+write granular scope.
3067
+ "accounting.settings.read",
3068
+ // contacts: write enables agent-driven supplier/customer creation
3069
+ // (required for bill creation since a bill must reference a contact).
3070
+ "accounting.contacts",
3071
+ // invoices: write enables bill creation (Type=ACCPAY invoices) and
3072
+ // updates to sales invoices alongside the existing read access.
3073
+ "accounting.invoices",
3074
+ // attachments: write enables agents to attach the source PDF to a
3075
+ // bill at creation time. Read-only would force a follow-up manual
3076
+ // upload in Xero; write closes the loop.
3077
+ "accounting.attachments",
3078
+ // accounting.transactions.read → granular read-only replacements
3079
+ // for the surfaces we don't yet need write access on.
3080
+ "accounting.payments.read",
3081
+ "accounting.banktransactions.read",
3082
+ "accounting.manualjournals.read",
3083
+ // accounting.reports.read → granular read-only replacements
3084
+ "accounting.reports.balancesheet.read",
3085
+ "accounting.reports.profitandloss.read",
3086
+ "accounting.reports.trialbalance.read",
3087
+ "accounting.reports.budgetsummary.read",
3088
+ "accounting.reports.banksummary.read",
3089
+ "accounting.reports.executivesummary.read",
3090
+ "accounting.reports.aged.read"
3091
+ ],
3092
+ supportsRefresh: true,
3093
+ extraAuthorizeParams: {},
3094
+ clientAuthMethod: "basic",
3095
+ userInfoUrl: "https://api.xero.com/connections"
3096
+ }
3097
+ };
3098
+ function getOAuthProvider(definitionId) {
3099
+ return OAUTH_PROVIDERS[definitionId];
3100
+ }
3101
+
3102
+ // ../../packages/core/dist/integrations/connectivity-probe.js
3103
+ var HTTP_PROBE_PROVIDERS = /* @__PURE__ */ new Set([
3104
+ "linear",
3105
+ "google-workspace",
3106
+ "xero",
3107
+ "v0"
3108
+ ]);
3109
+ var CLI_PROBE_ARGS = {
3110
+ gcloud: ["version"]
3111
+ // most CLIs respond to --version; override here only when they don't.
3112
+ };
3113
+ function cliArgsFor(definitionId) {
3114
+ return CLI_PROBE_ARGS[definitionId] ?? ["--version"];
3115
+ }
3116
+ function resolveConnectivityProbe(input) {
3117
+ const { definitionId, sourceType, authType } = input;
3118
+ if (authType === "managed" || sourceType === "managed") {
3119
+ return {
3120
+ kind: "composio_account",
3121
+ sourceType: "managed",
3122
+ readOnly: true,
3123
+ label: `${definitionId}: connected-account check`,
3124
+ centralReachable: true
3125
+ };
3126
+ }
3127
+ if (HTTP_PROBE_PROVIDERS.has(definitionId)) {
3128
+ return {
3129
+ kind: "http_provider",
3130
+ sourceType: sourceType ?? "mcp_server",
3131
+ readOnly: true,
3132
+ label: `${definitionId}: read-only API check`,
3133
+ centralReachable: true,
3134
+ httpProvider: definitionId
3135
+ };
3136
+ }
3137
+ if (getOAuthProvider(definitionId)?.mcpUrl) {
3138
+ return {
3139
+ kind: "mcp_tools_list",
3140
+ sourceType: sourceType ?? "mcp_server",
3141
+ readOnly: true,
3142
+ label: `${definitionId}: MCP tools/list`,
3143
+ centralReachable: false
3144
+ };
3145
+ }
3146
+ switch (sourceType) {
3147
+ case "mcp_server":
3148
+ return {
3149
+ kind: "mcp_tools_list",
3150
+ sourceType: "mcp_server",
3151
+ readOnly: true,
3152
+ label: `${definitionId}: MCP tools/list`,
3153
+ centralReachable: false
3154
+ };
3155
+ case "cli_tool":
3156
+ return {
3157
+ kind: "cli_command",
3158
+ sourceType: "cli_tool",
3159
+ readOnly: true,
3160
+ label: `${definitionId}: CLI reachability`,
3161
+ centralReachable: false,
3162
+ cliArgs: cliArgsFor(definitionId)
3163
+ };
3164
+ case "native":
3165
+ return {
3166
+ kind: "builtin",
3167
+ sourceType: "native",
3168
+ readOnly: true,
3169
+ label: `${definitionId}: built-in check`,
3170
+ centralReachable: false
3171
+ };
3172
+ default:
3173
+ return {
3174
+ kind: "unsupported",
3175
+ sourceType: sourceType ?? "native",
3176
+ readOnly: true,
3177
+ label: `${definitionId}: no connectivity probe available`,
3178
+ centralReachable: false
3179
+ };
3180
+ }
3181
+ }
3182
+
3183
+ // ../../packages/core/dist/integrations/connectivity-http-probes.js
3184
+ var PROBE_TIMEOUT_MS = 1e4;
3185
+ async function timedFetch(fetchImpl, url, init) {
3186
+ const controller = new AbortController();
3187
+ const timer = setTimeout(() => controller.abort(), PROBE_TIMEOUT_MS);
3188
+ try {
3189
+ return await fetchImpl(url, { ...init, signal: controller.signal });
3190
+ } finally {
3191
+ clearTimeout(timer);
3192
+ }
3193
+ }
3194
+ function statusForHttp(httpStatus) {
3195
+ if (httpStatus === 401 || httpStatus === 403)
3196
+ return "down";
3197
+ if (httpStatus >= 500)
3198
+ return "transient_error";
3199
+ return "down";
3200
+ }
3201
+ function networkOutcome(err) {
3202
+ const isAbort = err?.name === "AbortError";
3203
+ return {
3204
+ status: "transient_error",
3205
+ message: isAbort ? `Connection timed out after ${PROBE_TIMEOUT_MS / 1e3}s` : `Connection failed: ${err.message}`
3206
+ };
3207
+ }
3208
+ async function probeLinear(creds, fetchImpl) {
3209
+ const key = creds.api_key ?? creds.access_token;
3210
+ if (!key)
3211
+ return { status: "down", message: "No Linear credential present" };
3212
+ try {
3213
+ const res = await timedFetch(fetchImpl, "https://api.linear.app/graphql", {
3214
+ method: "POST",
3215
+ headers: { "Content-Type": "application/json", Authorization: String(key) },
3216
+ body: JSON.stringify({ query: "{ viewer { id name email } }" })
3217
+ });
3218
+ if (!res.ok)
3219
+ return { status: statusForHttp(res.status), message: `Linear API returned ${res.status}` };
3220
+ const body = await res.json();
3221
+ if (body.errors?.length)
3222
+ return { status: "down", message: body.errors[0]?.message ?? "Unknown Linear error" };
3223
+ const viewer = body.data?.viewer;
3224
+ if (!viewer)
3225
+ return { status: "down", message: "Invalid key \u2014 no viewer returned" };
3226
+ return { status: "ok", message: `Connected as ${viewer.name ?? viewer.email ?? "unknown"}` };
3227
+ } catch (err) {
3228
+ return networkOutcome(err);
3229
+ }
3230
+ }
3231
+ async function probeBearerJson(url, creds, fetchImpl, interpret) {
3232
+ const token = creds.access_token ?? creds.api_key;
3233
+ if (!token)
3234
+ return { status: "down", message: "No credential present" };
3235
+ try {
3236
+ const res = await timedFetch(fetchImpl, url, { headers: { Authorization: `Bearer ${token}` } });
3237
+ if (!res.ok) {
3238
+ const message = res.status === 401 ? "Token expired or revoked \u2014 reconnect required" : `API returned ${res.status}`;
3239
+ return { status: statusForHttp(res.status), message };
3240
+ }
3241
+ return interpret(await res.json());
3242
+ } catch (err) {
3243
+ return networkOutcome(err);
3244
+ }
3245
+ }
3246
+ async function probeHttpProvider(definitionId, credentials, fetchImpl = fetch) {
3247
+ switch (definitionId) {
3248
+ case "linear":
3249
+ return probeLinear(credentials, fetchImpl);
3250
+ case "google-workspace":
3251
+ return probeBearerJson("https://www.googleapis.com/oauth2/v2/userinfo", credentials, fetchImpl, (body) => {
3252
+ const info = body;
3253
+ return { status: "ok", message: `Connected as ${info.name ?? info.email ?? "unknown"}` };
3254
+ });
3255
+ case "xero":
3256
+ return probeBearerJson("https://api.xero.com/connections", credentials, fetchImpl, (body) => {
3257
+ const conns = body ?? [];
3258
+ if (!conns.length)
3259
+ return { status: "down", message: "No Xero organisations connected" };
3260
+ return { status: "ok", message: `Connected to ${conns[0]?.tenantName ?? "Xero"}` };
3261
+ });
3262
+ case "v0":
3263
+ return probeBearerJson("https://api.v0.dev/v1/user", credentials, fetchImpl, (body) => {
3264
+ const user = body;
3265
+ return { status: "ok", message: `Connected as ${user.name ?? user.email ?? "unknown"}` };
3266
+ });
3267
+ default:
3268
+ return null;
3269
+ }
3270
+ }
3271
+
2935
3272
  // ../../packages/core/dist/drift/comparators.js
2936
3273
  function compareToolPolicy(expected, actual) {
2937
3274
  const findings = [];
@@ -3352,6 +3689,14 @@ function attributeTranscriptUsageByRun(jsonl) {
3352
3689
  return { perRunModel: [...agg.values()], runIds: [...runIds] };
3353
3690
  }
3354
3691
 
3692
+ // ../../packages/core/dist/conversations/metrics.js
3693
+ var PERIOD_CONFIG = {
3694
+ "24h": { windowMs: 24 * 60 * 60 * 1e3, bucket: "hour" },
3695
+ "7d": { windowMs: 7 * 24 * 60 * 60 * 1e3, bucket: "day" },
3696
+ "30d": { windowMs: 30 * 24 * 60 * 60 * 1e3, bucket: "day" }
3697
+ };
3698
+ var CONVERSATION_METRICS_PERIODS = Object.keys(PERIOD_CONFIG);
3699
+
3355
3700
  export {
3356
3701
  wrapScheduledTaskPrompt,
3357
3702
  parseDeliveryTarget,
@@ -3362,11 +3707,13 @@ export {
3362
3707
  isResolveError,
3363
3708
  deriveConsoleUrl,
3364
3709
  DEFAULT_MODELS,
3710
+ claudeModelAlias,
3365
3711
  registerFramework,
3366
3712
  getFramework,
3367
3713
  CHANNEL_REGISTRY,
3368
3714
  getChannel,
3369
3715
  getAllChannelIds,
3716
+ OAUTH_PROVIDERS,
3370
3717
  formatActorId,
3371
3718
  isSelfCompletion,
3372
3719
  classifyActor,
@@ -3388,6 +3735,8 @@ export {
3388
3735
  renderTemplate,
3389
3736
  DEPLOYMENT_TEMPLATES,
3390
3737
  getTemplate,
3738
+ resolveConnectivityProbe,
3739
+ probeHttpProvider,
3391
3740
  detectDrift,
3392
3741
  classifyOutput,
3393
3742
  parseUsageBanner,
@@ -3398,4 +3747,4 @@ export {
3398
3747
  KANBAN_LOOP_COMMAND,
3399
3748
  KANBAN_CHECK_COMMAND
3400
3749
  };
3401
- //# sourceMappingURL=chunk-7DRLULIO.js.map
3750
+ //# sourceMappingURL=chunk-VWOXS4YP.js.map