@integrity-labs/agt-cli 0.27.22 → 0.27.24
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/bin/agt.js +4 -4
- package/dist/{chunk-HT6EETEL.js → chunk-6HFXSNNY.js} +31 -18
- package/dist/chunk-6HFXSNNY.js.map +1 -0
- package/dist/{chunk-F4NG4EXD.js → chunk-JIETOJQV.js} +2 -2
- package/dist/{chunk-SUYULB5G.js → chunk-JNDNHPKT.js} +38 -18
- package/dist/{chunk-SUYULB5G.js.map → chunk-JNDNHPKT.js.map} +1 -1
- package/dist/{claude-pair-runtime-OBAJZDXK.js → claude-pair-runtime-3UHTNKZ4.js} +2 -2
- package/dist/lib/manager-worker.js +8 -8
- package/dist/lib/manager-worker.js.map +1 -1
- package/dist/mcp/slack-channel.js +37 -5
- package/dist/{persistent-session-SBSOZG74.js → persistent-session-HSHIZC2Q.js} +3 -3
- package/dist/{responsiveness-probe-DU4IJ2RZ.js → responsiveness-probe-RYKS5TRP.js} +3 -3
- package/package.json +1 -1
- package/dist/chunk-HT6EETEL.js.map +0 -1
- /package/dist/{chunk-F4NG4EXD.js.map → chunk-JIETOJQV.js.map} +0 -0
- /package/dist/{claude-pair-runtime-OBAJZDXK.js.map → claude-pair-runtime-3UHTNKZ4.js.map} +0 -0
- /package/dist/{persistent-session-SBSOZG74.js.map → persistent-session-HSHIZC2Q.js.map} +0 -0
- /package/dist/{responsiveness-probe-DU4IJ2RZ.js.map → responsiveness-probe-RYKS5TRP.js.map} +0 -0
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import {
|
|
2
2
|
claudeModelAlias,
|
|
3
3
|
isClaudeFastMode
|
|
4
|
-
} from "./chunk-
|
|
4
|
+
} from "./chunk-6HFXSNNY.js";
|
|
5
5
|
import {
|
|
6
6
|
reapOrphanChannelMcps
|
|
7
7
|
} from "./chunk-XWVM4KPK.js";
|
|
@@ -1125,4 +1125,4 @@ export {
|
|
|
1125
1125
|
stopAllSessionsAndWait,
|
|
1126
1126
|
getProjectDir
|
|
1127
1127
|
};
|
|
1128
|
-
//# sourceMappingURL=chunk-
|
|
1128
|
+
//# sourceMappingURL=chunk-JIETOJQV.js.map
|
|
@@ -9,7 +9,7 @@ import {
|
|
|
9
9
|
parseDeliveryTarget,
|
|
10
10
|
registerFramework,
|
|
11
11
|
wrapScheduledTaskPrompt
|
|
12
|
-
} from "./chunk-
|
|
12
|
+
} from "./chunk-6HFXSNNY.js";
|
|
13
13
|
|
|
14
14
|
// ../../packages/core/dist/integrations/registry.js
|
|
15
15
|
var INTEGRATION_REGISTRY = [
|
|
@@ -4851,20 +4851,12 @@ ${sections}`
|
|
|
4851
4851
|
},
|
|
4852
4852
|
writeChannelCredentials(codeName, channelId, config, options) {
|
|
4853
4853
|
const tzEnv = options?.agentTimezone && options.agentTimezone.trim() !== "" ? { TZ: options.agentTimezone.trim() } : {};
|
|
4854
|
-
const
|
|
4855
|
-
|
|
4856
|
-
|
|
4857
|
-
|
|
4858
|
-
|
|
4859
|
-
|
|
4860
|
-
// spread below selects the right one per channelId.
|
|
4861
|
-
...sp.mode === "team_agents_only" && sp.team_id ? { AGT_TEAM_ID: sp.team_id } : {},
|
|
4862
|
-
// sentinel keys consumed by the per-channel spread below
|
|
4863
|
-
_SENDER_POLICY_MODE: sp.mode
|
|
4864
|
-
};
|
|
4865
|
-
})();
|
|
4866
|
-
const senderPolicyMode = senderPolicyEnv["_SENDER_POLICY_MODE"];
|
|
4867
|
-
delete senderPolicyEnv["_SENDER_POLICY_MODE"];
|
|
4854
|
+
const senderPolicyMode = options?.senderPolicy?.mode;
|
|
4855
|
+
const senderPolicyTeamId = options?.senderPolicy?.mode === "team_agents_only" || options?.senderPolicy?.mode === "manager_only" ? options.senderPolicy.team_id : void 0;
|
|
4856
|
+
const slackPrincipalId = options?.senderPolicy?.mode === "manager_only" ? options.senderPolicy.principal?.slack_user_id : void 0;
|
|
4857
|
+
const teamsPrincipalId = options?.senderPolicy?.mode === "manager_only" ? options.senderPolicy.principal?.teams_aad_object_id : void 0;
|
|
4858
|
+
const senderPolicyInternalOnly = options?.senderPolicy?.internal_only === true;
|
|
4859
|
+
const senderPolicyEnv = senderPolicyTeamId ? { AGT_TEAM_ID: senderPolicyTeamId } : {};
|
|
4868
4860
|
const agentDir = getAgentDir(codeName);
|
|
4869
4861
|
mkdirSync4(agentDir, { recursive: true });
|
|
4870
4862
|
const isPersistent = options?.sessionMode === "persistent";
|
|
@@ -5022,8 +5014,24 @@ ${sections}`
|
|
|
5022
5014
|
// 'all' is the absence of the env var — same convention the
|
|
5023
5015
|
// MCP filter uses on its own end).
|
|
5024
5016
|
...senderPolicyMode ? { SLACK_SENDER_POLICY: senderPolicyMode } : {},
|
|
5025
|
-
...senderPolicyEnv
|
|
5017
|
+
...senderPolicyEnv,
|
|
5026
5018
|
// AGT_TEAM_ID when team_agents_only
|
|
5019
|
+
// ENG-5842: principal ID for manager_only — Slack user_id from
|
|
5020
|
+
// people.contact_preferences.slack_user_id. Omitted when the
|
|
5021
|
+
// principal has no Slack ID; MCP filter fails closed on the
|
|
5022
|
+
// missing env var by dropping all human inbound.
|
|
5023
|
+
...slackPrincipalId ? { SLACK_SENDER_POLICY_PRINCIPAL_ID: slackPrincipalId } : {},
|
|
5024
|
+
// ENG-5843: org-boundary gate. SLACK_INTERNAL_ONLY signals the
|
|
5025
|
+
// filter to check sender's workspace against SLACK_HOME_TEAM_ID
|
|
5026
|
+
// (sourced from the bot install's team_id, populated by
|
|
5027
|
+
// auth.test at install / first-run). Omitted unless explicitly
|
|
5028
|
+
// enabled — the consumer's env-absent default is "no gate".
|
|
5029
|
+
// When INTERNAL_ONLY is true but home team_id can't be
|
|
5030
|
+
// resolved (config['team_id'] not set on the install), the
|
|
5031
|
+
// MCP boot guard fails closed at startup rather than admitting
|
|
5032
|
+
// every sender as "internal".
|
|
5033
|
+
...senderPolicyInternalOnly ? { SLACK_INTERNAL_ONLY: "true" } : {},
|
|
5034
|
+
...senderPolicyInternalOnly && typeof config["team_id"] === "string" && config["team_id"].length > 0 ? { SLACK_HOME_TEAM_ID: config["team_id"] } : {}
|
|
5027
5035
|
}
|
|
5028
5036
|
};
|
|
5029
5037
|
const provisionMcpPath = join4(agentDir, "provision", ".mcp.json");
|
|
@@ -5203,8 +5211,20 @@ ${sections}`
|
|
|
5203
5211
|
// ENG-5841: MSTEAMS_SENDER_POLICY drives teams-inbound-filter.ts.
|
|
5204
5212
|
// Mirrors the Slack branch above — only emitted when restrictive.
|
|
5205
5213
|
...senderPolicyMode ? { MSTEAMS_SENDER_POLICY: senderPolicyMode } : {},
|
|
5206
|
-
...senderPolicyEnv
|
|
5214
|
+
...senderPolicyEnv,
|
|
5207
5215
|
// AGT_TEAM_ID when team_agents_only
|
|
5216
|
+
// ENG-5842: principal ID for manager_only — Teams AAD object id from
|
|
5217
|
+
// people.contact_preferences.teams_aad_object_id. Same fail-closed
|
|
5218
|
+
// contract as the Slack branch above.
|
|
5219
|
+
...teamsPrincipalId ? { MSTEAMS_SENDER_POLICY_PRINCIPAL_ID: teamsPrincipalId } : {},
|
|
5220
|
+
// ENG-5843: org-boundary gate. MSTEAMS_INTERNAL_ONLY + MSTEAMS_HOME_TENANT_ID
|
|
5221
|
+
// mirror the Slack pair. Source is the same tenantId the existing
|
|
5222
|
+
// MSTEAMS_TENANT_ID env var already carries — defaulting to "common"
|
|
5223
|
+
// would be wrong here (it'd admit any tenant), so we skip the
|
|
5224
|
+
// SLACK_HOME_TEAM_ID-equivalent emission when the install hasn't
|
|
5225
|
+
// pinned a real tenant. MCP boot guard fails closed.
|
|
5226
|
+
...senderPolicyInternalOnly ? { MSTEAMS_INTERNAL_ONLY: "true" } : {},
|
|
5227
|
+
...senderPolicyInternalOnly && tenantId !== "common" ? { MSTEAMS_HOME_TENANT_ID: tenantId } : {}
|
|
5208
5228
|
};
|
|
5209
5229
|
if (isPersistent && existsSync5(localTeamsChannel)) {
|
|
5210
5230
|
mcpServers["msteams"] = {
|
|
@@ -6925,4 +6945,4 @@ export {
|
|
|
6925
6945
|
managerInstallSystemUnitCommand,
|
|
6926
6946
|
managerUninstallSystemUnitCommand
|
|
6927
6947
|
};
|
|
6928
|
-
//# sourceMappingURL=chunk-
|
|
6948
|
+
//# sourceMappingURL=chunk-JNDNHPKT.js.map
|