@integrity-labs/agt-cli 0.27.39 → 0.27.40
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/bin/agt.js
CHANGED
|
@@ -27,7 +27,7 @@ import {
|
|
|
27
27
|
success,
|
|
28
28
|
table,
|
|
29
29
|
warn
|
|
30
|
-
} from "../chunk-
|
|
30
|
+
} from "../chunk-YYUWW6CQ.js";
|
|
31
31
|
import {
|
|
32
32
|
CHANNEL_REGISTRY,
|
|
33
33
|
DEPLOYMENT_TEMPLATES,
|
|
@@ -4662,7 +4662,7 @@ import { execFileSync, execSync } from "child_process";
|
|
|
4662
4662
|
import { existsSync as existsSync10, realpathSync as realpathSync2 } from "fs";
|
|
4663
4663
|
import chalk18 from "chalk";
|
|
4664
4664
|
import ora16 from "ora";
|
|
4665
|
-
var cliVersion = true ? "0.27.
|
|
4665
|
+
var cliVersion = true ? "0.27.40" : "dev";
|
|
4666
4666
|
async function fetchLatestVersion() {
|
|
4667
4667
|
const host2 = getHost();
|
|
4668
4668
|
if (!host2) return null;
|
|
@@ -5335,7 +5335,7 @@ function handleError(err) {
|
|
|
5335
5335
|
}
|
|
5336
5336
|
|
|
5337
5337
|
// src/bin/agt.ts
|
|
5338
|
-
var cliVersion2 = true ? "0.27.
|
|
5338
|
+
var cliVersion2 = true ? "0.27.40" : "dev";
|
|
5339
5339
|
var program = new Command();
|
|
5340
5340
|
program.name("agt").description("Augmented CLI \u2014 agent provisioning and management").version(cliVersion2).option("--json", "Emit machine-readable JSON output (suppress spinners and colors)").option("--skip-update-check", "Skip the automatic update check on startup");
|
|
5341
5341
|
program.hook("preAction", (thisCommand) => {
|
|
@@ -3751,6 +3751,7 @@ function syncMcpToProject(codeName) {
|
|
|
3751
3751
|
} catch {
|
|
3752
3752
|
}
|
|
3753
3753
|
renderChannelMessageHandlerForAgent(codeName);
|
|
3754
|
+
renderAugmentedWorkerForAgent(codeName);
|
|
3754
3755
|
}
|
|
3755
3756
|
var INTEGRATIONS_SUMMARY_FILE = "integrations-summary.json";
|
|
3756
3757
|
function integrationsSummaryPath(codeName) {
|
|
@@ -4519,6 +4520,81 @@ Your job:
|
|
|
4519
4520
|
Do NOT post intermediate progress updates unless the work spans 5+ minutes \u2014 keep noise low. The parent already sent a single-line acknowledgement before dispatching you.
|
|
4520
4521
|
${integrationsBlock}`;
|
|
4521
4522
|
}
|
|
4523
|
+
function buildAugmentedWorkerAgent(args) {
|
|
4524
|
+
const mcpServerKeys = args?.mcpServerKeys ?? [];
|
|
4525
|
+
const integrations = args?.integrations ?? [];
|
|
4526
|
+
const mcpWildcards = Array.from(new Set(mcpServerKeys.map((k) => `mcp__${sanitizeMcpName(k)}__*`)));
|
|
4527
|
+
const tools = [
|
|
4528
|
+
"Bash",
|
|
4529
|
+
"Read",
|
|
4530
|
+
"Write",
|
|
4531
|
+
"Edit",
|
|
4532
|
+
"Grep",
|
|
4533
|
+
"Glob",
|
|
4534
|
+
"Skill",
|
|
4535
|
+
"Agent",
|
|
4536
|
+
...mcpWildcards
|
|
4537
|
+
].join(", ");
|
|
4538
|
+
const integrationsBlock = integrations.length === 0 ? "" : `
|
|
4539
|
+
## Integrations available
|
|
4540
|
+
|
|
4541
|
+
You inherit the parent agent's environment, including credentials for the integrations below. Env vars follow the convention \`<DEFINITION_ID>_ACCESS_TOKEN\` for OAuth and \`<DEFINITION_ID>_API_KEY\` for API-key integrations (e.g. \`GITHUB_ACCESS_TOKEN\`, \`POSTIZ_API_KEY\`). Where a CLI is listed, prefer it over raw curl \u2014 the CLI handles auth automatically.
|
|
4542
|
+
|
|
4543
|
+
${integrations.map((i) => {
|
|
4544
|
+
const cli = i.cliBinary ? ` \u2014 use the \`${i.cliBinary}\` CLI` : "";
|
|
4545
|
+
const desc = i.description ? `. ${i.description}` : "";
|
|
4546
|
+
return `- **${i.name}**${cli}${desc}`;
|
|
4547
|
+
}).join("\n")}
|
|
4548
|
+
|
|
4549
|
+
If a capability seems missing, **check first** \u2014 run the CLI, list tools (\`mcp__augmented__list_tools\` or equivalent), or confirm the relevant env var is set **without printing its value** (e.g. \`[ -n "$POSTIZ_API_KEY" ] && echo present || echo absent\`, never \`echo $POSTIZ_API_KEY\`). Do not claim a capability is absent without verifying \u2014 the parent's environment is yours.
|
|
4550
|
+
`;
|
|
4551
|
+
return `---
|
|
4552
|
+
name: augmented-worker
|
|
4553
|
+
description: General-purpose background worker for multi-step tool tasks the parent doesn't want to inline (data pulls, multi-API workflows, CRM enrichments, research that needs MCP tools). Has explicit access to every \`mcp__*\` server the parent has wired. Use this \u2014 not \`general-purpose\` and not the read-only researcher/reviewer subagents from other plugins \u2014 whenever the work requires calling MCP tools (e.g. \`mcp__granola__*\`, \`mcp__composio_attio__*\`, \`mcp__slack-channel__*\`, \`mcp__augmented__*\`). Many community subagents declare restrictive \`tools:\` allowlists that exclude MCP tools, so dispatching to them will silently produce "No such tool available." failures and force unsafe fallback paths (reading raw secrets from \`.mcp.json\`, bypassing the Credential Access Control guardrail).
|
|
4554
|
+
background: true
|
|
4555
|
+
tools: ${tools}
|
|
4556
|
+
---
|
|
4557
|
+
|
|
4558
|
+
You are dispatched by the parent agent to do a multi-step task in the background while the parent's listener turn stays free.
|
|
4559
|
+
|
|
4560
|
+
## What you can do
|
|
4561
|
+
|
|
4562
|
+
Your \`tools:\` allowlist (above) names every MCP server the parent has connected \u2014 Granola, Composio toolkits, Slack/Telegram/Direct-Chat channel tools, the platform \`mcp__augmented__*\` bridge, native integrations (Xero / Postiz / qmd / AWS), etc. \u2014 plus the built-ins (\`Bash\`, \`Read\`, \`Write\`, \`Edit\`, \`Grep\`, \`Glob\`, \`Skill\`, \`Agent\`). All environment variables the parent has are yours: OAuth access tokens (\`GITHUB_ACCESS_TOKEN\`), API keys (\`POSTIZ_API_KEY\`), native-CLI binaries (\`gh\`, \`aws\`, \`xero\`).
|
|
4563
|
+
|
|
4564
|
+
## Hard rules \u2014 Credential Access Control
|
|
4565
|
+
|
|
4566
|
+
1. **Never** read raw secrets out of \`.mcp.json\`, \`~/.augmented/*/provision/.mcp.json\`, or any agent config file. Those files contain bot tokens, API keys, and OAuth credentials. The Credential Access Control guardrail (\`block_read: true\` on secrets) treats reads of those values as a violation regardless of intent.
|
|
4567
|
+
2. **Never** post Slack messages via raw \`chat.postMessage\` + a bot token lifted from config. Use the channel MCP's reply tool (\`mcp__slack-channel__slack_reply\`, \`mcp__telegram-channel__telegram_reply\`, \`mcp__direct-chat__direct_chat_reply\`, etc.) so the call goes through the audited path.
|
|
4568
|
+
3. If an \`mcp__*\` tool you expect to be available returns "No such tool available.", **stop and surface the gap to the parent** in your summary rather than working around it. A missing MCP binding is a platform bug worth fixing \u2014 it's the exact failure shape this sub-agent was added to prevent (see ENG-5897 / ENG-5905).
|
|
4569
|
+
4. When verifying a capability is wired, confirm the relevant env var exists **without printing its value** \u2014 use \`[ -n "$POSTIZ_API_KEY" ] && echo present || echo absent\`, never \`echo $POSTIZ_API_KEY\`. The Credential Access Control guardrail covers tool-call output as well as file reads.
|
|
4570
|
+
|
|
4571
|
+
## What to return
|
|
4572
|
+
|
|
4573
|
+
Hand the parent a tight summary of what you did, what you found, and any follow-ups it should know about. Do not echo intermediate tool transcripts \u2014 keep the parent's context window clean. If you produced an artifact (a file, a draft, a record ID), name it and where it lives.
|
|
4574
|
+
${integrationsBlock}`;
|
|
4575
|
+
}
|
|
4576
|
+
function renderAugmentedWorkerForAgent(codeName) {
|
|
4577
|
+
const agentDir = getAgentDir(codeName);
|
|
4578
|
+
const projectDir = getProjectDir(codeName);
|
|
4579
|
+
const provisionMcpPath = join4(agentDir, "provision", ".mcp.json");
|
|
4580
|
+
let mcpServerKeys;
|
|
4581
|
+
try {
|
|
4582
|
+
const config = JSON.parse(readFileSync5(provisionMcpPath, "utf-8"));
|
|
4583
|
+
mcpServerKeys = Object.keys(config.mcpServers ?? {});
|
|
4584
|
+
} catch {
|
|
4585
|
+
return;
|
|
4586
|
+
}
|
|
4587
|
+
const integrations = readIntegrationsSummaryForAgent(codeName);
|
|
4588
|
+
const content = buildAugmentedWorkerAgent({ mcpServerKeys, integrations });
|
|
4589
|
+
for (const baseDir of [agentDir, projectDir]) {
|
|
4590
|
+
const target = join4(baseDir, ".claude", "agents", "augmented-worker.md");
|
|
4591
|
+
try {
|
|
4592
|
+
mkdirSync4(dirname4(target), { recursive: true });
|
|
4593
|
+
writeFileSync5(target, content);
|
|
4594
|
+
} catch {
|
|
4595
|
+
}
|
|
4596
|
+
}
|
|
4597
|
+
}
|
|
4522
4598
|
function buildPostizMcpEntry(integration) {
|
|
4523
4599
|
const rawBaseUrl = integration.config["base_url"];
|
|
4524
4600
|
const postizBaseUrl = typeof rawBaseUrl === "string" ? rawBaseUrl.trim() : "";
|
|
@@ -4773,6 +4849,18 @@ var claudeCodeAdapter = {
|
|
|
4773
4849
|
integrations: integrationSummaries
|
|
4774
4850
|
})
|
|
4775
4851
|
},
|
|
4852
|
+
// ENG-5905: project-scope augmented-worker sub-agent — sibling of
|
|
4853
|
+
// channel-message-handler, same dynamic render shape, used by the
|
|
4854
|
+
// parent for general multi-step background work that doesn't
|
|
4855
|
+
// require a channel reply. Closes the gap ENG-5897 left open
|
|
4856
|
+
// (the plugin-scope static file never reached the runtime).
|
|
4857
|
+
{
|
|
4858
|
+
relativePath: ".claude/agents/augmented-worker.md",
|
|
4859
|
+
content: buildAugmentedWorkerAgent({
|
|
4860
|
+
mcpServerKeys: initialMcpServerKeys,
|
|
4861
|
+
integrations: integrationSummaries
|
|
4862
|
+
})
|
|
4863
|
+
},
|
|
4776
4864
|
{
|
|
4777
4865
|
relativePath: `provision/${INTEGRATIONS_SUMMARY_FILE}`,
|
|
4778
4866
|
content: JSON.stringify(integrationSummaries, null, 2)
|
|
@@ -5552,6 +5640,7 @@ ${sections}`
|
|
|
5552
5640
|
} catch {
|
|
5553
5641
|
}
|
|
5554
5642
|
renderChannelMessageHandlerForAgent(codeName);
|
|
5643
|
+
renderAugmentedWorkerForAgent(codeName);
|
|
5555
5644
|
},
|
|
5556
5645
|
writeMcpServer(codeName, serverId, config) {
|
|
5557
5646
|
const agentDir = getAgentDir(codeName);
|
|
@@ -7031,4 +7120,4 @@ export {
|
|
|
7031
7120
|
managerInstallSystemUnitCommand,
|
|
7032
7121
|
managerUninstallSystemUnitCommand
|
|
7033
7122
|
};
|
|
7034
|
-
//# sourceMappingURL=chunk-
|
|
7123
|
+
//# sourceMappingURL=chunk-YYUWW6CQ.js.map
|