@integrity-labs/agt-cli 0.27.90 → 0.27.92

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/bin/agt.js CHANGED
@@ -28,7 +28,7 @@ import {
28
28
  success,
29
29
  table,
30
30
  warn
31
- } from "../chunk-BGXIKCLR.js";
31
+ } from "../chunk-FXXCD523.js";
32
32
  import {
33
33
  CHANNEL_REGISTRY,
34
34
  DEPLOYMENT_TEMPLATES,
@@ -4934,7 +4934,7 @@ import { execFileSync, execSync } from "child_process";
4934
4934
  import { existsSync as existsSync10, realpathSync as realpathSync2 } from "fs";
4935
4935
  import chalk18 from "chalk";
4936
4936
  import ora16 from "ora";
4937
- var cliVersion = true ? "0.27.90" : "dev";
4937
+ var cliVersion = true ? "0.27.92" : "dev";
4938
4938
  async function fetchLatestVersion() {
4939
4939
  const host2 = getHost();
4940
4940
  if (!host2) return null;
@@ -5857,7 +5857,7 @@ function handleError(err) {
5857
5857
  }
5858
5858
 
5859
5859
  // src/bin/agt.ts
5860
- var cliVersion2 = true ? "0.27.90" : "dev";
5860
+ var cliVersion2 = true ? "0.27.92" : "dev";
5861
5861
  var program = new Command();
5862
5862
  program.name("agt").description("Augmented CLI \u2014 agent provisioning and management").version(cliVersion2).option("--json", "Emit machine-readable JSON output (suppress spinners and colors)").option("--skip-update-check", "Skip the automatic update check on startup");
5863
5863
  program.hook("preAction", async (thisCommand, actionCommand) => {
@@ -5483,6 +5483,7 @@ ${sections}`
5483
5483
  const appToken = config["app_token"];
5484
5484
  const threadAutoFollow = config["thread_auto_follow"];
5485
5485
  const channelResponseMode = config["channel_response_mode"];
5486
+ const allowedUsers = Array.isArray(config["allowed_users"]) ? config["allowed_users"].filter((v) => typeof v === "string" && v.trim().length > 0).map((v) => v.trim()) : [];
5486
5487
  const blockKitEnabled = config["block_kit_enabled"] === true;
5487
5488
  const blockKitAskUserEnabled = config["block_kit_ask_user_enabled"] === true;
5488
5489
  const blockKitDisabled = process.env["SLACK_BLOCK_KIT_DISABLED"] === "true";
@@ -5588,7 +5589,16 @@ ${sections}`
5588
5589
  // MCP boot guard fails closed at startup rather than admitting
5589
5590
  // every sender as "internal".
5590
5591
  ...senderPolicyInternalOnly ? { SLACK_INTERNAL_ONLY: "true" } : {},
5591
- ...senderPolicyInternalOnly && typeof config["team_id"] === "string" && config["team_id"].length > 0 ? { SLACK_HOME_TEAM_ID: config["team_id"] } : {}
5592
+ ...senderPolicyInternalOnly && typeof config["team_id"] === "string" && config["team_id"].length > 0 ? { SLACK_HOME_TEAM_ID: config["team_id"] } : {},
5593
+ // ENG-6035: per-agent diagnostic/restart allowlist. Gates
5594
+ // /investigate-<code-name> (fail-closed: command disabled when
5595
+ // unset) and /restart-<code-name> (open when unset). An explicit
5596
+ // env entry here overrides any host-level systemd value, which
5597
+ // is the point — the host-wide drop-in pattern wrongly scoped
5598
+ // the allowlist to every agent on the host. Omitted when empty
5599
+ // so the host fallback (and the fail-closed /investigate
5600
+ // default) still apply to unconfigured agents.
5601
+ ...allowedUsers.length > 0 ? { SLACK_ALLOWED_USERS: allowedUsers.join(",") } : {}
5592
5602
  }
5593
5603
  };
5594
5604
  const provisionMcpPath = join4(agentDir, "provision", ".mcp.json");
@@ -5644,6 +5654,8 @@ ${sections}`
5644
5654
  const slackAutoFollowEnv = slackThreadAutoFollow && slackThreadAutoFollow !== "off" ? { SLACK_THREAD_AUTO_FOLLOW: slackThreadAutoFollow } : {};
5645
5655
  const slackChannelResponseMode = config["channel_response_mode"];
5646
5656
  const slackResponseModeEnv = slackChannelResponseMode && slackChannelResponseMode !== "mention_only" ? { SLACK_CHANNEL_RESPONSE_MODE: slackChannelResponseMode } : {};
5657
+ const slackAllowedUsersList = Array.isArray(config["allowed_users"]) ? config["allowed_users"].filter((v) => typeof v === "string" && v.trim().length > 0).map((v) => v.trim()) : [];
5658
+ const slackAllowedUsersEnv = slackAllowedUsersList.length > 0 ? { SLACK_ALLOWED_USERS: slackAllowedUsersList.join(",") } : {};
5647
5659
  const oneshotBlockKitEnabled = config["block_kit_enabled"] === true;
5648
5660
  const oneshotBlockKitAskUserEnabled = config["block_kit_ask_user_enabled"] === true;
5649
5661
  const oneshotBlockKitDisabled = process.env["SLACK_BLOCK_KIT_DISABLED"] === "true";
@@ -5707,6 +5719,7 @@ ${sections}`
5707
5719
  ...appToken ? { SLACK_APP_TOKEN: "${SLACK_APP_TOKEN}" } : {},
5708
5720
  ...slackAutoFollowEnv,
5709
5721
  ...slackResponseModeEnv,
5722
+ ...slackAllowedUsersEnv,
5710
5723
  ...oneshotBlockKitEnv,
5711
5724
  ...slackPeerEnv,
5712
5725
  ...slackAgtAuthEnv,
@@ -5722,6 +5735,7 @@ ${sections}`
5722
5735
  ...appToken ? { SLACK_APP_TOKEN: "${SLACK_APP_TOKEN}" } : {},
5723
5736
  ...slackAutoFollowEnv,
5724
5737
  ...slackResponseModeEnv,
5738
+ ...slackAllowedUsersEnv,
5725
5739
  ...oneshotBlockKitEnv,
5726
5740
  ...slackPeerEnv,
5727
5741
  ...slackAgtAuthEnv,
@@ -7564,4 +7578,4 @@ export {
7564
7578
  managerInstallSystemUnitCommand,
7565
7579
  managerUninstallSystemUnitCommand
7566
7580
  };
7567
- //# sourceMappingURL=chunk-BGXIKCLR.js.map
7581
+ //# sourceMappingURL=chunk-FXXCD523.js.map