@integrity-labs/agt-cli 0.27.66 → 0.27.68

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -9,7 +9,7 @@ import {
9
9
  parseDeliveryTarget,
10
10
  registerFramework,
11
11
  wrapScheduledTaskPrompt
12
- } from "./chunk-PM3CC2SJ.js";
12
+ } from "./chunk-KPD5KJY7.js";
13
13
 
14
14
  // ../../packages/core/dist/integrations/registry.js
15
15
  var INTEGRATION_REGISTRY = [
@@ -2356,6 +2356,212 @@ function extractAllowedDomains(input) {
2356
2356
  }
2357
2357
  registerFramework(nemoClawAdapter);
2358
2358
 
2359
+ // ../../packages/core/dist/provisioning/mcp-config-guards.js
2360
+ import { chmodSync as chmodSync4, existsSync as existsSync4, readFileSync as readFileSync4, renameSync as renameSync3, writeFileSync as writeFileSync4, unlinkSync as unlinkSync3 } from "fs";
2361
+ var MCP_FILE_MODE = 384;
2362
+ var REQUIRED_ENV_RULES_BY_SERVER = {
2363
+ "cloud-broker": [
2364
+ { key: "AGT_HOST", mustBeConcrete: false },
2365
+ { key: "AGT_API_KEY", mustBeConcrete: false },
2366
+ // ENG-4744: this is the bug shape — writer used to omit this
2367
+ // entirely, or render it as a literal `${AGT_AGENT_ID}` instead
2368
+ // of the agent's real UUID. The broker has no way to substitute
2369
+ // it post-spawn, so a placeholder here = silently broken agent.
2370
+ { key: "AGT_AGENT_ID", mustBeConcrete: true }
2371
+ ]
2372
+ };
2373
+ var PLACEHOLDER_RE = /\$\{[^}]+\}/;
2374
+ function validateRenderedMcpConfig(config) {
2375
+ const errors = [];
2376
+ if (typeof config !== "object" || config === null || Array.isArray(config)) {
2377
+ return {
2378
+ ok: false,
2379
+ errors: [
2380
+ {
2381
+ kind: "invalid_json_shape",
2382
+ server: "*",
2383
+ message: "config root must be a non-null object"
2384
+ }
2385
+ ]
2386
+ };
2387
+ }
2388
+ const root = config;
2389
+ if (root.mcpServers === void 0) {
2390
+ return { ok: true };
2391
+ }
2392
+ if (typeof root.mcpServers !== "object" || root.mcpServers === null) {
2393
+ return {
2394
+ ok: false,
2395
+ errors: [
2396
+ {
2397
+ kind: "invalid_json_shape",
2398
+ server: "*",
2399
+ message: "mcpServers must be an object"
2400
+ }
2401
+ ]
2402
+ };
2403
+ }
2404
+ if (Array.isArray(root.mcpServers)) {
2405
+ return {
2406
+ ok: false,
2407
+ errors: [
2408
+ {
2409
+ kind: "invalid_json_shape",
2410
+ server: "*",
2411
+ message: "mcpServers must be an object"
2412
+ }
2413
+ ]
2414
+ };
2415
+ }
2416
+ for (const [serverKey, raw] of Object.entries(root.mcpServers)) {
2417
+ if (typeof raw !== "object" || raw === null || Array.isArray(raw)) {
2418
+ errors.push({
2419
+ kind: "invalid_json_shape",
2420
+ server: serverKey,
2421
+ message: `entry must be an object`
2422
+ });
2423
+ continue;
2424
+ }
2425
+ const entry = raw;
2426
+ const entryRecord = entry;
2427
+ if (typeof entryRecord["url"] === "string") {
2428
+ const type = entryRecord["type"];
2429
+ if (type !== "http" && type !== "sse") {
2430
+ errors.push({
2431
+ kind: "remote_mcp_missing_type",
2432
+ server: serverKey,
2433
+ message: `url-based entry must include \`type: "http"\` or \`type: "sse"\` (Claude Code MCP schema requires it)`
2434
+ });
2435
+ }
2436
+ }
2437
+ const rules = REQUIRED_ENV_RULES_BY_SERVER[serverKey];
2438
+ if (rules) {
2439
+ const env = entry.env ?? {};
2440
+ for (const rule of rules) {
2441
+ const value = env[rule.key];
2442
+ if (typeof value !== "string" || value.length === 0) {
2443
+ errors.push({
2444
+ kind: "missing_required_env",
2445
+ server: serverKey,
2446
+ message: `missing required env key: ${rule.key}`
2447
+ });
2448
+ continue;
2449
+ }
2450
+ if (rule.mustBeConcrete && PLACEHOLDER_RE.test(value)) {
2451
+ errors.push({
2452
+ kind: "unexpanded_placeholder",
2453
+ server: serverKey,
2454
+ message: `env.${rule.key} contains an unexpanded \${...} placeholder; expected a concrete value`
2455
+ });
2456
+ }
2457
+ }
2458
+ }
2459
+ }
2460
+ return errors.length === 0 ? { ok: true } : { ok: false, errors };
2461
+ }
2462
+ function formatValidationErrors(errors) {
2463
+ return errors.map((e) => `${e.server}:${e.kind}=${e.message}`).join("; ");
2464
+ }
2465
+ function safeWriteJsonAtomic(path, content, opts = {}) {
2466
+ const keepBackup = opts.keepBackup !== false;
2467
+ const rename = opts.renamer ?? renameSync3;
2468
+ const tmpPath = `${path}.new`;
2469
+ const bakPath = `${path}.bak`;
2470
+ let movedOriginalToBackup = false;
2471
+ try {
2472
+ writeFileSync4(tmpPath, content);
2473
+ if (opts.mode !== void 0) {
2474
+ chmodSync4(tmpPath, opts.mode);
2475
+ }
2476
+ } catch (err) {
2477
+ try {
2478
+ if (existsSync4(tmpPath))
2479
+ unlinkSync3(tmpPath);
2480
+ } catch {
2481
+ }
2482
+ throw err;
2483
+ }
2484
+ try {
2485
+ if (keepBackup && existsSync4(path)) {
2486
+ rename(path, bakPath);
2487
+ movedOriginalToBackup = true;
2488
+ }
2489
+ rename(tmpPath, path);
2490
+ } catch (err) {
2491
+ try {
2492
+ if (existsSync4(tmpPath))
2493
+ unlinkSync3(tmpPath);
2494
+ } catch {
2495
+ }
2496
+ if (movedOriginalToBackup && !existsSync4(path) && existsSync4(bakPath)) {
2497
+ try {
2498
+ renameSync3(bakPath, path);
2499
+ } catch {
2500
+ }
2501
+ }
2502
+ throw err;
2503
+ }
2504
+ }
2505
+ function safeWriteMcpJson(path, config) {
2506
+ const validation = validateRenderedMcpConfig(config);
2507
+ if (!validation.ok) {
2508
+ return { written: false, errors: validation.errors };
2509
+ }
2510
+ safeWriteJsonAtomic(path, JSON.stringify(config, null, 2), { mode: MCP_FILE_MODE });
2511
+ return { written: true, errors: [] };
2512
+ }
2513
+ var SECRET_FIELD_NAME_RE = /TOKEN|KEY|SECRET|BEARER|PASSWORD/i;
2514
+ function collectSecretFields(config) {
2515
+ const out = /* @__PURE__ */ new Map();
2516
+ if (typeof config !== "object" || config === null)
2517
+ return out;
2518
+ const servers = config.mcpServers;
2519
+ if (typeof servers !== "object" || servers === null)
2520
+ return out;
2521
+ for (const [server, raw] of Object.entries(servers)) {
2522
+ if (typeof raw !== "object" || raw === null)
2523
+ continue;
2524
+ const entry = raw;
2525
+ for (const [block, location] of [
2526
+ [entry.env, "env"],
2527
+ [entry.headers, "header"]
2528
+ ]) {
2529
+ if (!block)
2530
+ continue;
2531
+ for (const [field, value] of Object.entries(block)) {
2532
+ if (typeof value !== "string")
2533
+ continue;
2534
+ if (!SECRET_FIELD_NAME_RE.test(field))
2535
+ continue;
2536
+ out.set(`${server}\0${field}`, { location, value });
2537
+ }
2538
+ }
2539
+ }
2540
+ return out;
2541
+ }
2542
+ function mcpMirrorParityErrors(provision2, project) {
2543
+ const a = collectSecretFields(provision2);
2544
+ const b = collectSecretFields(project);
2545
+ const mismatches = [];
2546
+ const keys = /* @__PURE__ */ new Set([...a.keys(), ...b.keys()]);
2547
+ for (const key of keys) {
2548
+ const [server, field] = key.split("\0");
2549
+ const pv = a.get(key);
2550
+ const pj = b.get(key);
2551
+ if (pv && !pj) {
2552
+ mismatches.push({ server, field, location: pv.location, reason: "missing-in-project" });
2553
+ } else if (!pv && pj) {
2554
+ mismatches.push({ server, field, location: pj.location, reason: "missing-in-provision" });
2555
+ } else if (pv && pj && pv.value !== pj.value) {
2556
+ mismatches.push({ server, field, location: pv.location, reason: "value-diverges" });
2557
+ }
2558
+ }
2559
+ return mismatches;
2560
+ }
2561
+ function formatMirrorMismatch(m) {
2562
+ return `[mcp-mirror] [parity-violation] server=${m.server} field=${m.field} location=${m.location} reason=${m.reason}`;
2563
+ }
2564
+
2359
2565
  // ../../packages/core/dist/provisioning/frameworks/claudecode/identity.js
2360
2566
  function buildMemorySection(hasQmd) {
2361
2567
  const recall = hasQmd ? `### Recall
@@ -3464,157 +3670,11 @@ ${frontmatter.environment === "prod" ? "- Production environment: exercise extra
3464
3670
  }
3465
3671
 
3466
3672
  // ../../packages/core/dist/provisioning/frameworks/claudecode/index.js
3467
- import { readFileSync as readFileSync5, writeFileSync as writeFileSync5, mkdirSync as mkdirSync4, existsSync as existsSync5, chmodSync as chmodSync4, readdirSync, rmSync, copyFileSync } from "fs";
3673
+ import { readFileSync as readFileSync5, writeFileSync as writeFileSync5, mkdirSync as mkdirSync4, existsSync as existsSync5, chmodSync as chmodSync5, readdirSync, rmSync, copyFileSync } from "fs";
3468
3674
  import { join as join4, relative, dirname as dirname4 } from "path";
3469
3675
  import { homedir as homedir3 } from "os";
3470
3676
  import { execFile as execFile3 } from "child_process";
3471
3677
 
3472
- // ../../packages/core/dist/provisioning/mcp-config-guards.js
3473
- import { existsSync as existsSync4, readFileSync as readFileSync4, renameSync as renameSync3, writeFileSync as writeFileSync4, unlinkSync as unlinkSync3 } from "fs";
3474
- var REQUIRED_ENV_RULES_BY_SERVER = {
3475
- "cloud-broker": [
3476
- { key: "AGT_HOST", mustBeConcrete: false },
3477
- { key: "AGT_API_KEY", mustBeConcrete: false },
3478
- // ENG-4744: this is the bug shape — writer used to omit this
3479
- // entirely, or render it as a literal `${AGT_AGENT_ID}` instead
3480
- // of the agent's real UUID. The broker has no way to substitute
3481
- // it post-spawn, so a placeholder here = silently broken agent.
3482
- { key: "AGT_AGENT_ID", mustBeConcrete: true }
3483
- ]
3484
- };
3485
- var PLACEHOLDER_RE = /\$\{[^}]+\}/;
3486
- function validateRenderedMcpConfig(config) {
3487
- const errors = [];
3488
- if (typeof config !== "object" || config === null || Array.isArray(config)) {
3489
- return {
3490
- ok: false,
3491
- errors: [
3492
- {
3493
- kind: "invalid_json_shape",
3494
- server: "*",
3495
- message: "config root must be a non-null object"
3496
- }
3497
- ]
3498
- };
3499
- }
3500
- const root = config;
3501
- if (root.mcpServers === void 0) {
3502
- return { ok: true };
3503
- }
3504
- if (typeof root.mcpServers !== "object" || root.mcpServers === null) {
3505
- return {
3506
- ok: false,
3507
- errors: [
3508
- {
3509
- kind: "invalid_json_shape",
3510
- server: "*",
3511
- message: "mcpServers must be an object"
3512
- }
3513
- ]
3514
- };
3515
- }
3516
- if (Array.isArray(root.mcpServers)) {
3517
- return {
3518
- ok: false,
3519
- errors: [
3520
- {
3521
- kind: "invalid_json_shape",
3522
- server: "*",
3523
- message: "mcpServers must be an object"
3524
- }
3525
- ]
3526
- };
3527
- }
3528
- for (const [serverKey, raw] of Object.entries(root.mcpServers)) {
3529
- if (typeof raw !== "object" || raw === null || Array.isArray(raw)) {
3530
- errors.push({
3531
- kind: "invalid_json_shape",
3532
- server: serverKey,
3533
- message: `entry must be an object`
3534
- });
3535
- continue;
3536
- }
3537
- const entry = raw;
3538
- const entryRecord = entry;
3539
- if (typeof entryRecord["url"] === "string") {
3540
- const type = entryRecord["type"];
3541
- if (type !== "http" && type !== "sse") {
3542
- errors.push({
3543
- kind: "remote_mcp_missing_type",
3544
- server: serverKey,
3545
- message: `url-based entry must include \`type: "http"\` or \`type: "sse"\` (Claude Code MCP schema requires it)`
3546
- });
3547
- }
3548
- }
3549
- const rules = REQUIRED_ENV_RULES_BY_SERVER[serverKey];
3550
- if (rules) {
3551
- const env = entry.env ?? {};
3552
- for (const rule of rules) {
3553
- const value = env[rule.key];
3554
- if (typeof value !== "string" || value.length === 0) {
3555
- errors.push({
3556
- kind: "missing_required_env",
3557
- server: serverKey,
3558
- message: `missing required env key: ${rule.key}`
3559
- });
3560
- continue;
3561
- }
3562
- if (rule.mustBeConcrete && PLACEHOLDER_RE.test(value)) {
3563
- errors.push({
3564
- kind: "unexpanded_placeholder",
3565
- server: serverKey,
3566
- message: `env.${rule.key} contains an unexpanded \${...} placeholder; expected a concrete value`
3567
- });
3568
- }
3569
- }
3570
- }
3571
- }
3572
- return errors.length === 0 ? { ok: true } : { ok: false, errors };
3573
- }
3574
- function formatValidationErrors(errors) {
3575
- return errors.map((e) => `${e.server}:${e.kind}=${e.message}`).join("; ");
3576
- }
3577
- function safeWriteJsonAtomic(path, content, opts = {}) {
3578
- const keepBackup = opts.keepBackup !== false;
3579
- const rename = opts.renamer ?? renameSync3;
3580
- const tmpPath = `${path}.new`;
3581
- const bakPath = `${path}.bak`;
3582
- let movedOriginalToBackup = false;
3583
- try {
3584
- writeFileSync4(tmpPath, content);
3585
- } catch (err) {
3586
- throw err;
3587
- }
3588
- try {
3589
- if (keepBackup && existsSync4(path)) {
3590
- rename(path, bakPath);
3591
- movedOriginalToBackup = true;
3592
- }
3593
- rename(tmpPath, path);
3594
- } catch (err) {
3595
- try {
3596
- if (existsSync4(tmpPath))
3597
- unlinkSync3(tmpPath);
3598
- } catch {
3599
- }
3600
- if (movedOriginalToBackup && !existsSync4(path) && existsSync4(bakPath)) {
3601
- try {
3602
- renameSync3(bakPath, path);
3603
- } catch {
3604
- }
3605
- }
3606
- throw err;
3607
- }
3608
- }
3609
- function safeWriteMcpJson(path, config) {
3610
- const validation = validateRenderedMcpConfig(config);
3611
- if (!validation.ok) {
3612
- return { written: false, errors: validation.errors };
3613
- }
3614
- safeWriteJsonAtomic(path, JSON.stringify(config, null, 2));
3615
- return { written: true, errors: [] };
3616
- }
3617
-
3618
3678
  // ../../packages/core/dist/provisioning/remote-mcp.js
3619
3679
  function envVarForToken(definitionId) {
3620
3680
  return `${definitionId.replace(/-/g, "_").toUpperCase()}_ACCESS_TOKEN`;
@@ -3794,7 +3854,19 @@ function syncMcpToProject(codeName) {
3794
3854
  try {
3795
3855
  const content = readFileSync5(provisionMcpPath, "utf-8");
3796
3856
  mkdirSync4(projectDir, { recursive: true });
3797
- writeFileSync5(projectMcpPath, content);
3857
+ writeFileSync5(projectMcpPath, content, { mode: MCP_FILE_MODE });
3858
+ try {
3859
+ chmodSync5(projectMcpPath, MCP_FILE_MODE);
3860
+ } catch {
3861
+ }
3862
+ try {
3863
+ const mismatches = mcpMirrorParityErrors(JSON.parse(content), JSON.parse(readFileSync5(projectMcpPath, "utf-8")));
3864
+ for (const m of mismatches) {
3865
+ process.stderr.write(`${formatMirrorMismatch(m)} agent=${codeName}
3866
+ `);
3867
+ }
3868
+ } catch {
3869
+ }
3798
3870
  } catch {
3799
3871
  }
3800
3872
  renderChannelMessageHandlerForAgent(codeName);
@@ -3904,7 +3976,15 @@ function deployArtifactsToProject(codeName, provisionDir) {
3904
3976
  continue;
3905
3977
  }
3906
3978
  }
3907
- writeFileSync5(dest, srcContent);
3979
+ if (file === ".mcp.json") {
3980
+ writeFileSync5(dest, srcContent, { mode: MCP_FILE_MODE });
3981
+ try {
3982
+ chmodSync5(dest, MCP_FILE_MODE);
3983
+ } catch {
3984
+ }
3985
+ } else {
3986
+ writeFileSync5(dest, srcContent);
3987
+ }
3908
3988
  } catch {
3909
3989
  }
3910
3990
  }
@@ -4012,7 +4092,7 @@ function deployArtifactsToProject(codeName, provisionDir) {
4012
4092
  const upToDate = existsSync5(hookDest) && readFileSync5(hookDest, "utf-8") === srcContent;
4013
4093
  if (!upToDate)
4014
4094
  writeFileSync5(hookDest, srcContent);
4015
- chmodSync4(hookDest, 493);
4095
+ chmodSync5(hookDest, 493);
4016
4096
  }
4017
4097
  } catch {
4018
4098
  }
@@ -4612,7 +4692,7 @@ Your \`tools:\` allowlist (above) names every MCP server the parent has connecte
4612
4692
 
4613
4693
  ## Hard rules \u2014 Credential Access Control
4614
4694
 
4615
- 1. **Never** read raw secrets out of \`.mcp.json\`, \`~/.augmented/*/provision/.mcp.json\`, or any agent config file. Those files contain bot tokens, API keys, and OAuth credentials. The Credential Access Control guardrail (\`block_read: true\` on secrets) treats reads of those values as a violation regardless of intent.
4695
+ 1. **Never** read raw secrets out of \`.mcp.json\`, \`~/.augmented/*/provision/.mcp.json\`, \`.env.integrations\`, or any agent config file. Those files contain bot tokens, API keys, and OAuth credentials. The Credential Access Control guardrail (\`block_read: true\` on secrets) treats reads of those values as a violation regardless of intent. As **defence-in-depth (not structural enforcement)**, the plugin's \`settings.json\` also denies \`Bash(cat:*/.mcp.json)\`, \`Bash(cat:*/.env.integrations)\`, and \`Bash(jq:*/.mcp.json)\` (ENG-5901 / ADR-0018) \u2014 these block the obvious copy-paste paths but a determined in-process reader can still reach the values; the durable fix is Phase 2/3 of ADR-0018.
4616
4696
  2. **Never** post Slack messages via raw \`chat.postMessage\` + a bot token lifted from config. Use the channel MCP's reply tool (\`mcp__slack-channel__slack_reply\`, \`mcp__telegram-channel__telegram_reply\`, \`mcp__direct-chat__direct_chat_reply\`, etc.) so the call goes through the audited path.
4617
4697
  3. If an \`mcp__*\` tool you expect to be available returns "No such tool available.", **stop and surface the gap to the parent** in your summary rather than working around it. A missing MCP binding is a platform bug worth fixing \u2014 it's the exact failure shape this sub-agent was added to prevent (see ENG-5897 / ENG-5905).
4618
4698
  4. When verifying a capability is wired, confirm the relevant env var exists **without printing its value** \u2014 use \`[ -n "$POSTIZ_API_KEY" ] && echo present || echo absent\`, never \`echo $POSTIZ_API_KEY\`. The Credential Access Control guardrail covers tool-call output as well as file reads.
@@ -5027,7 +5107,7 @@ ${sections}`
5027
5107
  if (envLines.length > 1) {
5028
5108
  const envPath = join4(agentDir, ".env");
5029
5109
  writeFileSync5(envPath, envLines.join("\n") + "\n");
5030
- chmodSync4(envPath, SECRET_FILE_MODE);
5110
+ chmodSync5(envPath, SECRET_FILE_MODE);
5031
5111
  }
5032
5112
  },
5033
5113
  // Claude Code has no gateway process — methods intentionally omitted
@@ -5561,7 +5641,7 @@ ${sections}`
5561
5641
  if (envLines.length > 1) {
5562
5642
  const envPath = join4(agentDir, ".env.integrations");
5563
5643
  writeFileSync5(envPath, envLines.join("\n") + "\n");
5564
- chmodSync4(envPath, SECRET_FILE_MODE);
5644
+ chmodSync5(envPath, SECRET_FILE_MODE);
5565
5645
  }
5566
5646
  writeXurlStoreForIntegrations(decryptedIntegrations);
5567
5647
  for (const integration of decryptedIntegrations) {
@@ -5760,14 +5840,14 @@ ${sections}`
5760
5840
  mkdirSync4(join4(filePath, ".."), { recursive: true });
5761
5841
  if (isPluginManaged && existsSync5(filePath)) {
5762
5842
  try {
5763
- chmodSync4(filePath, READ_WRITE_MODE);
5843
+ chmodSync5(filePath, READ_WRITE_MODE);
5764
5844
  } catch {
5765
5845
  }
5766
5846
  }
5767
5847
  writeFileSync5(filePath, file.content);
5768
5848
  if (isPluginManaged) {
5769
5849
  try {
5770
- chmodSync4(filePath, READ_ONLY_MODE);
5850
+ chmodSync5(filePath, READ_ONLY_MODE);
5771
5851
  } catch {
5772
5852
  }
5773
5853
  }
@@ -5948,7 +6028,7 @@ ${sections}`
5948
6028
  return;
5949
6029
  const tokenPath = join4(agentDir, ".tokens.json");
5950
6030
  writeFileSync5(tokenPath, JSON.stringify(tokens, null, 2));
5951
- chmodSync4(tokenPath, SECRET_FILE_MODE);
6031
+ chmodSync5(tokenPath, SECRET_FILE_MODE);
5952
6032
  }
5953
6033
  };
5954
6034
  registerFramework(claudeCodeAdapter);
@@ -6526,7 +6606,7 @@ import { homedir as homedir6, userInfo } from "os";
6526
6606
  import { spawn as spawn3 } from "child_process";
6527
6607
 
6528
6608
  // src/lib/watchdog.ts
6529
- import { readFileSync as readFileSync7, writeFileSync as writeFileSync7, unlinkSync as unlinkSync4, existsSync as existsSync7, mkdirSync as mkdirSync6, openSync, closeSync, chmodSync as chmodSync5 } from "fs";
6609
+ import { readFileSync as readFileSync7, writeFileSync as writeFileSync7, unlinkSync as unlinkSync4, existsSync as existsSync7, mkdirSync as mkdirSync6, openSync, closeSync, chmodSync as chmodSync6 } from "fs";
6530
6610
  import { join as join7 } from "path";
6531
6611
  import { spawn as spawn2, execFileSync } from "child_process";
6532
6612
  var DEFAULT_CONFIG_DIR = join7(process.env["HOME"] ?? "/tmp", ".augmented");
@@ -6620,7 +6700,7 @@ function startWatchdog(opts) {
6620
6700
  const { logFile } = getManagerPaths(configDir);
6621
6701
  const logFd = openSync(logFile, "a", 384);
6622
6702
  try {
6623
- chmodSync5(logFile, 384);
6703
+ chmodSync6(logFile, 384);
6624
6704
  } catch {
6625
6705
  }
6626
6706
  const intervalSec = String(Math.max(Math.floor(opts.intervalMs / 1e3), 5));
@@ -7133,6 +7213,7 @@ async function managerUninstallSystemUnitCommand() {
7133
7213
  export {
7134
7214
  getIntegration,
7135
7215
  extractCommandNotFound,
7216
+ safeWriteJsonAtomic,
7136
7217
  INTEGRATIONS_SECTION_START,
7137
7218
  INTEGRATIONS_SECTION_END,
7138
7219
  estimateActiveTasksTokens,
@@ -7169,4 +7250,4 @@ export {
7169
7250
  managerInstallSystemUnitCommand,
7170
7251
  managerUninstallSystemUnitCommand
7171
7252
  };
7172
- //# sourceMappingURL=chunk-TIS3QVYS.js.map
7253
+ //# sourceMappingURL=chunk-GBUPVHIR.js.map