@integrity-labs/agt-cli 0.27.21 → 0.27.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,7 +1,7 @@
1
1
  import {
2
2
  claudeModelAlias,
3
3
  isClaudeFastMode
4
- } from "./chunk-HT6EETEL.js";
4
+ } from "./chunk-6HFXSNNY.js";
5
5
  import {
6
6
  reapOrphanChannelMcps
7
7
  } from "./chunk-XWVM4KPK.js";
@@ -1125,4 +1125,4 @@ export {
1125
1125
  stopAllSessionsAndWait,
1126
1126
  getProjectDir
1127
1127
  };
1128
- //# sourceMappingURL=chunk-F4NG4EXD.js.map
1128
+ //# sourceMappingURL=chunk-JIETOJQV.js.map
@@ -9,7 +9,7 @@ import {
9
9
  parseDeliveryTarget,
10
10
  registerFramework,
11
11
  wrapScheduledTaskPrompt
12
- } from "./chunk-HT6EETEL.js";
12
+ } from "./chunk-6HFXSNNY.js";
13
13
 
14
14
  // ../../packages/core/dist/integrations/registry.js
15
15
  var INTEGRATION_REGISTRY = [
@@ -3050,6 +3050,21 @@ ${activeTasksSection}${personalitySection}## Identity
3050
3050
  - Risk Tier: ${frontmatter.risk_tier}
3051
3051
  - Timezone: ${timezone?.trim() || "UTC"}
3052
3052
  - Channels: ${channelList}
3053
+
3054
+ > **What the Channels list above means** (ENG-5851): \`Channels:\`
3055
+ > enumerates the messaging **protocols** you may use \u2014 \`slack\`,
3056
+ > \`telegram\`, \`msteams\`, etc. It is **not** a list of specific
3057
+ > Slack channels / Telegram chats / Teams threads you're approved to
3058
+ > post in. There is no per-recipient "approved channels" allowlist
3059
+ > anywhere in this platform; you decide where to post based on the
3060
+ > task and the conversation context. If you call a send tool and the
3061
+ > target channel rejects it (e.g. Slack returns \`not_in_channel\` /
3062
+ > \`channel_not_found\`, or Teams returns \`team_not_allowed\`), surface
3063
+ > the error to the user with the recovery action \u2014 typically asking
3064
+ > them to run \`/invite @<your bot handle>\` in the channel so you can
3065
+ > post there next time. Do **not** refuse a posting request on the
3066
+ > grounds that the channel "isn't on the allowlist" \u2014 that conflation
3067
+ > is the bug ENG-5851 was filed to fix.
3053
3068
  ${resolvedChannels?.includes("slack") ? `
3054
3069
  ## Slack
3055
3070
 
@@ -4836,20 +4851,11 @@ ${sections}`
4836
4851
  },
4837
4852
  writeChannelCredentials(codeName, channelId, config, options) {
4838
4853
  const tzEnv = options?.agentTimezone && options.agentTimezone.trim() !== "" ? { TZ: options.agentTimezone.trim() } : {};
4839
- const senderPolicyEnv = (() => {
4840
- const sp = options?.senderPolicy;
4841
- if (!sp)
4842
- return {};
4843
- return {
4844
- // Channel-specific var name to match what the consumer MCP reads;
4845
- // spread below selects the right one per channelId.
4846
- ...sp.mode === "team_agents_only" && sp.team_id ? { AGT_TEAM_ID: sp.team_id } : {},
4847
- // sentinel keys consumed by the per-channel spread below
4848
- _SENDER_POLICY_MODE: sp.mode
4849
- };
4850
- })();
4851
- const senderPolicyMode = senderPolicyEnv["_SENDER_POLICY_MODE"];
4852
- delete senderPolicyEnv["_SENDER_POLICY_MODE"];
4854
+ const senderPolicyMode = options?.senderPolicy?.mode;
4855
+ const senderPolicyTeamId = options?.senderPolicy?.mode === "team_agents_only" || options?.senderPolicy?.mode === "manager_only" ? options.senderPolicy.team_id : void 0;
4856
+ const slackPrincipalId = options?.senderPolicy?.mode === "manager_only" ? options.senderPolicy.principal?.slack_user_id : void 0;
4857
+ const teamsPrincipalId = options?.senderPolicy?.mode === "manager_only" ? options.senderPolicy.principal?.teams_aad_object_id : void 0;
4858
+ const senderPolicyEnv = senderPolicyTeamId ? { AGT_TEAM_ID: senderPolicyTeamId } : {};
4853
4859
  const agentDir = getAgentDir(codeName);
4854
4860
  mkdirSync4(agentDir, { recursive: true });
4855
4861
  const isPersistent = options?.sessionMode === "persistent";
@@ -5007,8 +5013,13 @@ ${sections}`
5007
5013
  // 'all' is the absence of the env var — same convention the
5008
5014
  // MCP filter uses on its own end).
5009
5015
  ...senderPolicyMode ? { SLACK_SENDER_POLICY: senderPolicyMode } : {},
5010
- ...senderPolicyEnv
5016
+ ...senderPolicyEnv,
5011
5017
  // AGT_TEAM_ID when team_agents_only
5018
+ // ENG-5842: principal ID for manager_only — Slack user_id from
5019
+ // people.contact_preferences.slack_user_id. Omitted when the
5020
+ // principal has no Slack ID; MCP filter fails closed on the
5021
+ // missing env var by dropping all human inbound.
5022
+ ...slackPrincipalId ? { SLACK_SENDER_POLICY_PRINCIPAL_ID: slackPrincipalId } : {}
5012
5023
  }
5013
5024
  };
5014
5025
  const provisionMcpPath = join4(agentDir, "provision", ".mcp.json");
@@ -5188,8 +5199,12 @@ ${sections}`
5188
5199
  // ENG-5841: MSTEAMS_SENDER_POLICY drives teams-inbound-filter.ts.
5189
5200
  // Mirrors the Slack branch above — only emitted when restrictive.
5190
5201
  ...senderPolicyMode ? { MSTEAMS_SENDER_POLICY: senderPolicyMode } : {},
5191
- ...senderPolicyEnv
5202
+ ...senderPolicyEnv,
5192
5203
  // AGT_TEAM_ID when team_agents_only
5204
+ // ENG-5842: principal ID for manager_only — Teams AAD object id from
5205
+ // people.contact_preferences.teams_aad_object_id. Same fail-closed
5206
+ // contract as the Slack branch above.
5207
+ ...teamsPrincipalId ? { MSTEAMS_SENDER_POLICY_PRINCIPAL_ID: teamsPrincipalId } : {}
5193
5208
  };
5194
5209
  if (isPersistent && existsSync5(localTeamsChannel)) {
5195
5210
  mcpServers["msteams"] = {
@@ -6910,4 +6925,4 @@ export {
6910
6925
  managerInstallSystemUnitCommand,
6911
6926
  managerUninstallSystemUnitCommand
6912
6927
  };
6913
- //# sourceMappingURL=chunk-UKZ7SN7K.js.map
6928
+ //# sourceMappingURL=chunk-RM4XYPLD.js.map