@integrity-labs/agt-cli 0.27.129 → 0.27.131

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -9,7 +9,7 @@ import {
9
9
  parseDeliveryTarget,
10
10
  registerFramework,
11
11
  wrapScheduledTaskPrompt
12
- } from "./chunk-MH7HA6QV.js";
12
+ } from "./chunk-74UWAA3V.js";
13
13
 
14
14
  // ../../packages/core/dist/integrations/registry.js
15
15
  var INTEGRATION_REGISTRY = [
@@ -49,7 +49,13 @@ var INTEGRATION_REGISTRY = [
49
49
  binary: "gh",
50
50
  env_key: "GITHUB_TOKEN",
51
51
  skill_id: "gh-cli",
52
- installer: "brew"
52
+ // ENG-6206: `brew` never installs on the Linux fleet (root-on-AL2023,
53
+ // no Homebrew) — gh was permanently missing. Use an OS-detecting script
54
+ // that installs from GitHub's official repos: dnf (AL2023 / RHEL),
55
+ // apt (Debian / Ubuntu), and brew (macOS hosts). The catalog is the
56
+ // trust boundary — this string is source-controlled, never runtime data.
57
+ installer: "script",
58
+ script: 'if command -v dnf >/dev/null 2>&1; then curl -fsSL https://cli.github.com/packages/rpm/gh-cli.repo -o /etc/yum.repos.d/gh-cli.repo && dnf install -y gh; elif command -v apt-get >/dev/null 2>&1; then curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg -o /usr/share/keyrings/githubcli-archive-keyring.gpg && chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" > /etc/apt/sources.list.d/github-cli.list && apt-get update && apt-get install -y gh; elif command -v brew >/dev/null 2>&1; then brew install gh; else echo "gh: no supported installer (need dnf, apt-get, or brew)" >&2; exit 1; fi'
53
59
  }
54
60
  },
55
61
  {
@@ -381,6 +387,24 @@ var INTEGRATION_REGISTRY = [
381
387
  }
382
388
  }
383
389
  },
390
+ {
391
+ // ENG-6195: admin-only debugging surface for Integrity Labs STAFF agents.
392
+ // Provisions the @integrity-labs/augmented-admin-mcp stdio broker, which
393
+ // reads end-user agent diagnostics cross-org via /admin/debug/*. `beta` so
394
+ // it is visible/enable-able only by admin-email-domain users; the API
395
+ // double-gates every call on the caller's owning org `is_internal = true`.
396
+ // auth `none` — no end-user OAuth; the host JWT (org_id claim) is the
397
+ // credential. NOT a customer integration; do not promote to `published`.
398
+ id: "augmented-admin",
399
+ name: "Augmented Admin Debug",
400
+ category: "infrastructure",
401
+ description: "Integrity Labs staff-only: cross-org agent/host/integration/alert diagnostics for troubleshooting managed agents.",
402
+ supported_auth_types: ["none"],
403
+ beta: true,
404
+ capabilities: [
405
+ { id: "augmented-admin:read-diagnostics", name: "Read Diagnostics", description: "Cross-org read of agent, host, integration, and alert diagnostics (projection only \u2014 never credentials or transcripts).", access: "read" }
406
+ ]
407
+ },
384
408
  {
385
409
  id: "custom",
386
410
  name: "Custom Integration",
@@ -5115,6 +5139,21 @@ function buildMcpJson(input) {
5115
5139
  }
5116
5140
  };
5117
5141
  }
5142
+ const hasAdminDebug = input.integrations?.some((i) => i.definition_id === "augmented-admin") ?? false;
5143
+ if (hasAdminDebug) {
5144
+ mcpServers["augmented-admin"] = {
5145
+ command: "npx",
5146
+ args: ["-y", "@integrity-labs/augmented-admin-mcp@latest"],
5147
+ env: {
5148
+ AGT_HOST: "${AGT_HOST}",
5149
+ AGT_AGENT_ID: input.agent.agent_id,
5150
+ AGT_RUN_ID: "${AGT_RUN_ID}",
5151
+ AGT_API_KEY: "${AGT_API_KEY}",
5152
+ PATH: process.env["PATH"] ?? "",
5153
+ HOME: process.env["HOME"] ?? ""
5154
+ }
5155
+ };
5156
+ }
5118
5157
  return { mcpServers };
5119
5158
  }
5120
5159
  function parseIntervalMinutes(scheduleEvery) {
@@ -5956,15 +5995,30 @@ ${sections}`
5956
5995
  for (const integration of decryptedIntegrations) {
5957
5996
  const prefix = integration.definition_id.toUpperCase().replace(/[^A-Z0-9]/g, "_");
5958
5997
  const creds = integration.credentials;
5998
+ const def = INTEGRATION_REGISTRY.find((d) => d.id === integration.definition_id);
5999
+ let token;
5959
6000
  if (integration.auth_type === "oauth2") {
5960
- const accessToken = creds.access_token;
5961
- if (accessToken) {
5962
- envUpdates[`${prefix}_ACCESS_TOKEN`] = accessToken;
6001
+ token = creds.access_token;
6002
+ if (token) {
6003
+ envUpdates[`${prefix}_ACCESS_TOKEN`] = token;
5963
6004
  }
5964
6005
  } else if (integration.auth_type === "api_key") {
5965
- const apiKey = creds.api_key;
5966
- if (apiKey) {
5967
- envUpdates[`${prefix}_API_KEY`] = apiKey;
6006
+ token = creds.api_key;
6007
+ if (token) {
6008
+ envUpdates[`${prefix}_API_KEY`] = token;
6009
+ }
6010
+ }
6011
+ if (def?.cli_tool) {
6012
+ const { env_key, extra_env } = def.cli_tool;
6013
+ if (env_key && token && !(env_key in envUpdates)) {
6014
+ envUpdates[env_key] = token;
6015
+ }
6016
+ if (extra_env) {
6017
+ for (const [k, v] of Object.entries(extra_env)) {
6018
+ if (typeof v === "string" && v && !(k in envUpdates)) {
6019
+ envUpdates[k] = v;
6020
+ }
6021
+ }
5968
6022
  }
5969
6023
  }
5970
6024
  if (integration.config) {
@@ -6084,6 +6138,21 @@ ${sections}`
6084
6138
  });
6085
6139
  }
6086
6140
  }
6141
+ const hasAdminDebug = integrations.some((i) => i.definition_id === "augmented-admin");
6142
+ if (hasAdminDebug) {
6143
+ this.writeMcpServer(codeName, "augmented-admin", {
6144
+ command: "npx",
6145
+ args: ["-y", "@integrity-labs/augmented-admin-mcp@latest"],
6146
+ env: {
6147
+ AGT_HOST: "${AGT_HOST}",
6148
+ AGT_AGENT_ID: resolveBrokerAgentId(codeName) ?? agentId ?? "",
6149
+ AGT_RUN_ID: "${AGT_RUN_ID}",
6150
+ AGT_API_KEY: "${AGT_API_KEY}",
6151
+ PATH: process.env["PATH"] ?? "",
6152
+ HOME: process.env["HOME"] ?? ""
6153
+ }
6154
+ });
6155
+ }
6087
6156
  if (this.removeMcpServer) {
6088
6157
  const nativeMcpKeys = INTEGRATION_REGISTRY.filter((d) => d.nativeMcp !== void 0).map((d) => d.nativeMcp.key ?? d.id);
6089
6158
  const integrationDerivedKeys = /* @__PURE__ */ new Set([
@@ -6091,6 +6160,7 @@ ${sections}`
6091
6160
  "postiz",
6092
6161
  "cloud-broker",
6093
6162
  "xero-broker",
6163
+ "augmented-admin",
6094
6164
  ...nativeMcpKeys,
6095
6165
  ...Object.entries(OAUTH_PROVIDERS).filter(([, provider]) => Boolean(provider.mcpUrl)).map(([id]) => id)
6096
6166
  ]);
@@ -6103,6 +6173,8 @@ ${sections}`
6103
6173
  expectedKeys.add("cloud-broker");
6104
6174
  if (hasXeroBroker)
6105
6175
  expectedKeys.add("xero-broker");
6176
+ if (hasAdminDebug)
6177
+ expectedKeys.add("augmented-admin");
6106
6178
  for (const integration of integrations) {
6107
6179
  const def = INTEGRATION_REGISTRY.find((d) => d.id === integration.definition_id);
6108
6180
  if (def?.nativeMcp) {
@@ -7653,4 +7725,4 @@ export {
7653
7725
  managerInstallSystemUnitCommand,
7654
7726
  managerUninstallSystemUnitCommand
7655
7727
  };
7656
- //# sourceMappingURL=chunk-A64MR5QP.js.map
7728
+ //# sourceMappingURL=chunk-AFDMWEXL.js.map