@integrity-labs/agt-cli 0.27.168 → 0.27.170
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/bin/agt.js +4 -257
- package/dist/bin/agt.js.map +1 -1
- package/dist/{chunk-5TBIEU36.js → chunk-BMQQ63W2.js} +2 -177
- package/dist/chunk-BMQQ63W2.js.map +1 -0
- package/dist/{chunk-ZQGQVROS.js → chunk-U6LHLWWG.js} +50 -35
- package/dist/chunk-U6LHLWWG.js.map +1 -0
- package/dist/{chunk-3A2H4ZLD.js → chunk-YX35EONG.js} +63 -14
- package/dist/chunk-YX35EONG.js.map +1 -0
- package/dist/{claude-pair-runtime-ZEFIYDUH.js → claude-pair-runtime-IDCPU7YT.js} +2 -2
- package/dist/lib/manager-worker.js +10 -17
- package/dist/lib/manager-worker.js.map +1 -1
- package/dist/{persistent-session-7BLPRGWR.js → persistent-session-YQTDRXSB.js} +3 -7
- package/dist/{responsiveness-probe-7NDEHXXZ.js → responsiveness-probe-IGQQFMSC.js} +3 -3
- package/package.json +1 -1
- package/dist/chunk-3A2H4ZLD.js.map +0 -1
- package/dist/chunk-5TBIEU36.js.map +0 -1
- package/dist/chunk-ZQGQVROS.js.map +0 -1
- /package/dist/{claude-pair-runtime-ZEFIYDUH.js.map → claude-pair-runtime-IDCPU7YT.js.map} +0 -0
- /package/dist/{persistent-session-7BLPRGWR.js.map → persistent-session-YQTDRXSB.js.map} +0 -0
- /package/dist/{responsiveness-probe-7NDEHXXZ.js.map → responsiveness-probe-IGQQFMSC.js.map} +0 -0
|
@@ -1490,6 +1490,24 @@ var ACCOUNT_RESOLUTION_ERROR_PATTERNS = [
|
|
|
1490
1490
|
"auth config",
|
|
1491
1491
|
"no connection found"
|
|
1492
1492
|
];
|
|
1493
|
+
var UPSTREAM_AUTH_ERROR_PATTERNS = [
|
|
1494
|
+
"authentication required",
|
|
1495
|
+
"not authenticated",
|
|
1496
|
+
"unauthorized",
|
|
1497
|
+
"authentication_error",
|
|
1498
|
+
"authentication error",
|
|
1499
|
+
"invalid authentication",
|
|
1500
|
+
"invalid credentials",
|
|
1501
|
+
"invalid api key",
|
|
1502
|
+
"invalid access token",
|
|
1503
|
+
"token expired",
|
|
1504
|
+
"token has expired",
|
|
1505
|
+
"expired access token",
|
|
1506
|
+
"expired credentials",
|
|
1507
|
+
"permission denied",
|
|
1508
|
+
"access denied",
|
|
1509
|
+
"forbidden"
|
|
1510
|
+
];
|
|
1493
1511
|
function isReadonlyToolDescriptor(t) {
|
|
1494
1512
|
if (!t?.name)
|
|
1495
1513
|
return false;
|
|
@@ -1525,6 +1543,24 @@ function isAccountResolutionError(message) {
|
|
|
1525
1543
|
const m = message.toLowerCase();
|
|
1526
1544
|
return ACCOUNT_RESOLUTION_ERROR_PATTERNS.some((p) => m.includes(p));
|
|
1527
1545
|
}
|
|
1546
|
+
function isUpstreamAuthError(message) {
|
|
1547
|
+
const m = message.toLowerCase();
|
|
1548
|
+
if (UPSTREAM_AUTH_ERROR_PATTERNS.some((p) => m.includes(p)))
|
|
1549
|
+
return true;
|
|
1550
|
+
if (/\b(401|403)\s+client error/.test(m))
|
|
1551
|
+
return true;
|
|
1552
|
+
return /(status(?:_?code)?|http_?status(?:_code)?|mercury_last_http_status_code)["'\\\s]*[:=]["'\\\s]*(401|403)\b/.test(m);
|
|
1553
|
+
}
|
|
1554
|
+
function isComposioFailureEnvelope(text) {
|
|
1555
|
+
return /["'\\]*(successful|successfull)["'\\\s]*:\s*false\b/i.test(text);
|
|
1556
|
+
}
|
|
1557
|
+
function classifyToolCallFailure(text) {
|
|
1558
|
+
if (isAccountResolutionError(text))
|
|
1559
|
+
return "account";
|
|
1560
|
+
if (isUpstreamAuthError(text))
|
|
1561
|
+
return "auth";
|
|
1562
|
+
return "benign";
|
|
1563
|
+
}
|
|
1528
1564
|
async function parseRpc(res, expectedId) {
|
|
1529
1565
|
const ct = res.headers.get("content-type") ?? "";
|
|
1530
1566
|
if (ct.includes("text/event-stream")) {
|
|
@@ -1629,28 +1665,29 @@ async function probeComposioMcpToolCall(config, fetchImpl = fetch) {
|
|
|
1629
1665
|
if (raw)
|
|
1630
1666
|
baseDetails.response = raw.length > 2e3 ? `${raw.slice(0, 2e3)}\u2026` : raw;
|
|
1631
1667
|
}
|
|
1632
|
-
|
|
1633
|
-
|
|
1634
|
-
|
|
1668
|
+
const rpcErrMsg = callRpc && "error" in callRpc ? callRpc["error"]?.message ?? "" : "";
|
|
1669
|
+
const result = callRpc?.["result"];
|
|
1670
|
+
const contentText = (result?.content ?? []).map((c) => c.text ?? "").join(" ").trim();
|
|
1671
|
+
const failed = Boolean(rpcErrMsg) || Boolean(result?.isError) || isComposioFailureEnvelope(contentText);
|
|
1672
|
+
if (failed) {
|
|
1673
|
+
const failureText = [rpcErrMsg, contentText].filter(Boolean).join(" ");
|
|
1674
|
+
const snippet = failureText.length > 200 ? `${failureText.slice(0, 200)}\u2026` : failureText;
|
|
1675
|
+
const kind = classifyToolCallFailure(failureText);
|
|
1676
|
+
if (kind === "account") {
|
|
1635
1677
|
return {
|
|
1636
1678
|
status: "down",
|
|
1637
|
-
message: `Live tool call '${toolName}' failed to resolve the connected account: ${
|
|
1679
|
+
message: `Live tool call '${toolName}' failed to resolve the connected account: ${snippet}`,
|
|
1638
1680
|
details: baseDetails
|
|
1639
1681
|
};
|
|
1640
1682
|
}
|
|
1641
|
-
|
|
1642
|
-
}
|
|
1643
|
-
const result = callRpc?.["result"];
|
|
1644
|
-
if (result?.isError) {
|
|
1645
|
-
const text = (result.content ?? []).map((c) => c.text ?? "").join(" ");
|
|
1646
|
-
if (isAccountResolutionError(text)) {
|
|
1683
|
+
if (kind === "auth") {
|
|
1647
1684
|
return {
|
|
1648
1685
|
status: "down",
|
|
1649
|
-
message: `Live tool call '${toolName}'
|
|
1650
|
-
details: baseDetails
|
|
1686
|
+
message: `Live tool call '${toolName}' was rejected by the provider \u2014 the connection's credential is no longer valid (reconnect required): ${snippet}`,
|
|
1687
|
+
details: { ...baseDetails, reason: "upstream_auth_rejected" }
|
|
1651
1688
|
};
|
|
1652
1689
|
}
|
|
1653
|
-
return { status: "ok", message: `Live tool call '${toolName}' resolved the account (tool error)`, details: baseDetails };
|
|
1690
|
+
return { status: "ok", message: `Live tool call '${toolName}' resolved the account (tool error: ${snippet})`, details: baseDetails };
|
|
1654
1691
|
}
|
|
1655
1692
|
return { status: "ok", message: `Live tool call '${toolName}' resolved the connected account`, details: baseDetails };
|
|
1656
1693
|
} catch (err) {
|
|
@@ -2372,6 +2409,18 @@ var FLAG_REGISTRY = [
|
|
|
2372
2409
|
// Enforcement gate: weakening it (enforce → shadow/off) drops a channel
|
|
2373
2410
|
// safety control, so mutations require explicit confirmation.
|
|
2374
2411
|
sensitive: true
|
|
2412
|
+
},
|
|
2413
|
+
{
|
|
2414
|
+
key: "projects-menu",
|
|
2415
|
+
description: "Show the Projects nav item in the webapp (ADR-0017 Projects soft launch, ENG-6342). Replaces the isAdmin/adminOnly gate with a per-org rollout flag.",
|
|
2416
|
+
flagType: "boolean",
|
|
2417
|
+
// PUBLIC (ADR-0022 §2): this is a UI-rollout flag the browser legitimately
|
|
2418
|
+
// needs, so it's the one flag serialized to the client via GET /flags.
|
|
2419
|
+
// Evaluated per the caller's active org — flip it on per-org from the admin
|
|
2420
|
+
// Feature Flags page to reveal Projects for that org. No env override (UI
|
|
2421
|
+
// flag, not an operator gate). Ships dark (default false).
|
|
2422
|
+
public: true,
|
|
2423
|
+
defaultValue: false
|
|
2375
2424
|
}
|
|
2376
2425
|
];
|
|
2377
2426
|
var REGISTRY_BY_KEY = new Map(FLAG_REGISTRY.map((definition) => [definition.key, definition]));
|
|
@@ -5076,4 +5125,4 @@ export {
|
|
|
5076
5125
|
coerceEnvValue,
|
|
5077
5126
|
FLAGS_SCHEMA_VERSION
|
|
5078
5127
|
};
|
|
5079
|
-
//# sourceMappingURL=chunk-
|
|
5128
|
+
//# sourceMappingURL=chunk-YX35EONG.js.map
|