@integrity-labs/agt-cli 0.27.168 → 0.27.170

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1490,6 +1490,24 @@ var ACCOUNT_RESOLUTION_ERROR_PATTERNS = [
1490
1490
  "auth config",
1491
1491
  "no connection found"
1492
1492
  ];
1493
+ var UPSTREAM_AUTH_ERROR_PATTERNS = [
1494
+ "authentication required",
1495
+ "not authenticated",
1496
+ "unauthorized",
1497
+ "authentication_error",
1498
+ "authentication error",
1499
+ "invalid authentication",
1500
+ "invalid credentials",
1501
+ "invalid api key",
1502
+ "invalid access token",
1503
+ "token expired",
1504
+ "token has expired",
1505
+ "expired access token",
1506
+ "expired credentials",
1507
+ "permission denied",
1508
+ "access denied",
1509
+ "forbidden"
1510
+ ];
1493
1511
  function isReadonlyToolDescriptor(t) {
1494
1512
  if (!t?.name)
1495
1513
  return false;
@@ -1525,6 +1543,24 @@ function isAccountResolutionError(message) {
1525
1543
  const m = message.toLowerCase();
1526
1544
  return ACCOUNT_RESOLUTION_ERROR_PATTERNS.some((p) => m.includes(p));
1527
1545
  }
1546
+ function isUpstreamAuthError(message) {
1547
+ const m = message.toLowerCase();
1548
+ if (UPSTREAM_AUTH_ERROR_PATTERNS.some((p) => m.includes(p)))
1549
+ return true;
1550
+ if (/\b(401|403)\s+client error/.test(m))
1551
+ return true;
1552
+ return /(status(?:_?code)?|http_?status(?:_code)?|mercury_last_http_status_code)["'\\\s]*[:=]["'\\\s]*(401|403)\b/.test(m);
1553
+ }
1554
+ function isComposioFailureEnvelope(text) {
1555
+ return /["'\\]*(successful|successfull)["'\\\s]*:\s*false\b/i.test(text);
1556
+ }
1557
+ function classifyToolCallFailure(text) {
1558
+ if (isAccountResolutionError(text))
1559
+ return "account";
1560
+ if (isUpstreamAuthError(text))
1561
+ return "auth";
1562
+ return "benign";
1563
+ }
1528
1564
  async function parseRpc(res, expectedId) {
1529
1565
  const ct = res.headers.get("content-type") ?? "";
1530
1566
  if (ct.includes("text/event-stream")) {
@@ -1629,28 +1665,29 @@ async function probeComposioMcpToolCall(config, fetchImpl = fetch) {
1629
1665
  if (raw)
1630
1666
  baseDetails.response = raw.length > 2e3 ? `${raw.slice(0, 2e3)}\u2026` : raw;
1631
1667
  }
1632
- if (callRpc && "error" in callRpc) {
1633
- const errMsg = callRpc["error"]?.message ?? "";
1634
- if (isAccountResolutionError(errMsg)) {
1668
+ const rpcErrMsg = callRpc && "error" in callRpc ? callRpc["error"]?.message ?? "" : "";
1669
+ const result = callRpc?.["result"];
1670
+ const contentText = (result?.content ?? []).map((c) => c.text ?? "").join(" ").trim();
1671
+ const failed = Boolean(rpcErrMsg) || Boolean(result?.isError) || isComposioFailureEnvelope(contentText);
1672
+ if (failed) {
1673
+ const failureText = [rpcErrMsg, contentText].filter(Boolean).join(" ");
1674
+ const snippet = failureText.length > 200 ? `${failureText.slice(0, 200)}\u2026` : failureText;
1675
+ const kind = classifyToolCallFailure(failureText);
1676
+ if (kind === "account") {
1635
1677
  return {
1636
1678
  status: "down",
1637
- message: `Live tool call '${toolName}' failed to resolve the connected account: ${errMsg}`,
1679
+ message: `Live tool call '${toolName}' failed to resolve the connected account: ${snippet}`,
1638
1680
  details: baseDetails
1639
1681
  };
1640
1682
  }
1641
- return { status: "ok", message: `Live tool call '${toolName}' resolved the account (tool error: ${errMsg})`, details: baseDetails };
1642
- }
1643
- const result = callRpc?.["result"];
1644
- if (result?.isError) {
1645
- const text = (result.content ?? []).map((c) => c.text ?? "").join(" ");
1646
- if (isAccountResolutionError(text)) {
1683
+ if (kind === "auth") {
1647
1684
  return {
1648
1685
  status: "down",
1649
- message: `Live tool call '${toolName}' failed to resolve the connected account: ${text}`,
1650
- details: baseDetails
1686
+ message: `Live tool call '${toolName}' was rejected by the provider \u2014 the connection's credential is no longer valid (reconnect required): ${snippet}`,
1687
+ details: { ...baseDetails, reason: "upstream_auth_rejected" }
1651
1688
  };
1652
1689
  }
1653
- return { status: "ok", message: `Live tool call '${toolName}' resolved the account (tool error)`, details: baseDetails };
1690
+ return { status: "ok", message: `Live tool call '${toolName}' resolved the account (tool error: ${snippet})`, details: baseDetails };
1654
1691
  }
1655
1692
  return { status: "ok", message: `Live tool call '${toolName}' resolved the connected account`, details: baseDetails };
1656
1693
  } catch (err) {
@@ -2372,6 +2409,18 @@ var FLAG_REGISTRY = [
2372
2409
  // Enforcement gate: weakening it (enforce → shadow/off) drops a channel
2373
2410
  // safety control, so mutations require explicit confirmation.
2374
2411
  sensitive: true
2412
+ },
2413
+ {
2414
+ key: "projects-menu",
2415
+ description: "Show the Projects nav item in the webapp (ADR-0017 Projects soft launch, ENG-6342). Replaces the isAdmin/adminOnly gate with a per-org rollout flag.",
2416
+ flagType: "boolean",
2417
+ // PUBLIC (ADR-0022 §2): this is a UI-rollout flag the browser legitimately
2418
+ // needs, so it's the one flag serialized to the client via GET /flags.
2419
+ // Evaluated per the caller's active org — flip it on per-org from the admin
2420
+ // Feature Flags page to reveal Projects for that org. No env override (UI
2421
+ // flag, not an operator gate). Ships dark (default false).
2422
+ public: true,
2423
+ defaultValue: false
2375
2424
  }
2376
2425
  ];
2377
2426
  var REGISTRY_BY_KEY = new Map(FLAG_REGISTRY.map((definition) => [definition.key, definition]));
@@ -5076,4 +5125,4 @@ export {
5076
5125
  coerceEnvValue,
5077
5126
  FLAGS_SCHEMA_VERSION
5078
5127
  };
5079
- //# sourceMappingURL=chunk-3A2H4ZLD.js.map
5128
+ //# sourceMappingURL=chunk-YX35EONG.js.map