@integrity-labs/agt-cli 0.27.69 → 0.27.71

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/bin/agt.js CHANGED
@@ -1,6 +1,7 @@
1
1
  #!/usr/bin/env node
2
2
  import {
3
3
  ApiError,
4
+ LITERAL_SECRET_PATTERNS,
4
5
  PROD_AGT_HOST,
5
6
  api,
6
7
  error,
@@ -27,7 +28,7 @@ import {
27
28
  success,
28
29
  table,
29
30
  warn
30
- } from "../chunk-HAM7MGCF.js";
31
+ } from "../chunk-EWWJUVDY.js";
31
32
  import {
32
33
  CHANNEL_REGISTRY,
33
34
  DEPLOYMENT_TEMPLATES,
@@ -2148,7 +2149,7 @@ function rewriteServerEntry(serverName, raw, ctx) {
2148
2149
  }
2149
2150
  function fillIfEmpty(env, key, value) {
2150
2151
  const current = env[key];
2151
- if (typeof current !== "string" || current.length === 0) {
2152
+ if (typeof current !== "string" || current.length === 0 || current === `\${${key}}`) {
2152
2153
  env[key] = value;
2153
2154
  }
2154
2155
  }
@@ -4929,7 +4930,7 @@ import { execFileSync, execSync } from "child_process";
4929
4930
  import { existsSync as existsSync10, realpathSync as realpathSync2 } from "fs";
4930
4931
  import chalk18 from "chalk";
4931
4932
  import ora16 from "ora";
4932
- var cliVersion = true ? "0.27.69" : "dev";
4933
+ var cliVersion = true ? "0.27.71" : "dev";
4933
4934
  async function fetchLatestVersion() {
4934
4935
  const host2 = getHost();
4935
4936
  if (!host2) return null;
@@ -5413,31 +5414,6 @@ import { join as join19 } from "path";
5413
5414
  // src/lib/secret-leak-audit.ts
5414
5415
  import { readdirSync as readdirSync6, readFileSync as readFileSync11, statSync as statSync4 } from "fs";
5415
5416
  import { join as join18 } from "path";
5416
-
5417
- // ../../packages/core/dist/provisioning/mcp-secret-lint.js
5418
- var LITERAL_SECRET_PATTERNS = [
5419
- // Slack bot token — `xoxb-<workspace>-<...>`
5420
- { name: "slack_bot_token", re: /^xoxb-/ },
5421
- // Slack app-level token (Socket Mode) — `xapp-<...>`
5422
- { name: "slack_app_token", re: /^xapp-/ },
5423
- // AGT host API key — `tlk_<...>` (see claudecode-plugin-augmented README).
5424
- { name: "agt_host_api_key", re: /^tlk_/ },
5425
- // Composio / generic api-key prefix — `ak_<...>`
5426
- { name: "composio_api_key", re: /^ak_/ },
5427
- // Telegram bot token — `<10-digit bot id>:AAE<...>` (BotFather format).
5428
- { name: "telegram_bot_token", re: /^\d{10}:AAE/ },
5429
- // ENG-5901 extension beyond the original AC's five patterns: a literal
5430
- // JWT (`eyJ...`) is the shape of a leaked AGT_API_KEY, which the
5431
- // value-prefix patterns above would otherwise miss. Header values often
5432
- // carry it behind `Bearer ` (or a copy-pasted `Authorization: Bearer `),
5433
- // so those prefixes are optionally consumed (CodeRabbit #1731).
5434
- // Templates (`Bearer ${AGT_API_KEY}`) and concrete non-secret values
5435
- // (UUIDs, hosts) never put `eyJ` after the prefix, so this stays
5436
- // false-positive-safe inside .mcp.json.
5437
- { name: "jwt_agt_api_key", re: /^(?:authorization:\s*)?(?:bearer\s+)?eyJ[A-Za-z0-9_-]+\./i }
5438
- ];
5439
-
5440
- // src/lib/secret-leak-audit.ts
5441
5417
  var SECRET_KEY_NAME_RE = /TOKEN|KEY|SECRET|BEARER|PASSWORD/i;
5442
5418
  function isTemplated(value) {
5443
5419
  return value.includes("${");
@@ -5877,7 +5853,7 @@ function handleError(err) {
5877
5853
  }
5878
5854
 
5879
5855
  // src/bin/agt.ts
5880
- var cliVersion2 = true ? "0.27.69" : "dev";
5856
+ var cliVersion2 = true ? "0.27.71" : "dev";
5881
5857
  var program = new Command();
5882
5858
  program.name("agt").description("Augmented CLI \u2014 agent provisioning and management").version(cliVersion2).option("--json", "Emit machine-readable JSON output (suppress spinners and colors)").option("--skip-update-check", "Skip the automatic update check on startup");
5883
5859
  program.hook("preAction", async (thisCommand, actionCommand) => {