@integrity-labs/agt-cli 0.28.128 → 0.28.130

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (18) hide show
  1. package/dist/bin/agt.js +4 -4
  2. package/dist/{chunk-NCRDTQ54.js → chunk-RIT2OY5S.js} +29 -21
  3. package/dist/chunk-RIT2OY5S.js.map +1 -0
  4. package/dist/{chunk-O55BMAX7.js → chunk-RTSX4A54.js} +26 -22
  5. package/dist/chunk-RTSX4A54.js.map +1 -0
  6. package/dist/{chunk-7YAD4ECZ.js → chunk-XBF7ACI5.js} +15 -6
  7. package/dist/chunk-XBF7ACI5.js.map +1 -0
  8. package/dist/{claude-pair-runtime-G6OZ2VVG.js → claude-pair-runtime-F5KZNGVO.js} +2 -2
  9. package/dist/lib/manager-worker.js +8 -8
  10. package/dist/{persistent-session-ZSBDAKGL.js → persistent-session-YU3FIAUK.js} +3 -3
  11. package/dist/{responsiveness-probe-QPRFO2EJ.js → responsiveness-probe-TN5JW2NM.js} +3 -3
  12. package/package.json +1 -1
  13. package/dist/chunk-7YAD4ECZ.js.map +0 -1
  14. package/dist/chunk-NCRDTQ54.js.map +0 -1
  15. package/dist/chunk-O55BMAX7.js.map +0 -1
  16. /package/dist/{claude-pair-runtime-G6OZ2VVG.js.map → claude-pair-runtime-F5KZNGVO.js.map} +0 -0
  17. /package/dist/{persistent-session-ZSBDAKGL.js.map → persistent-session-YU3FIAUK.js.map} +0 -0
  18. /package/dist/{responsiveness-probe-QPRFO2EJ.js.map → responsiveness-probe-TN5JW2NM.js.map} +0 -0
package/dist/bin/agt.js CHANGED
@@ -37,7 +37,7 @@ import {
37
37
  success,
38
38
  table,
39
39
  warn
40
- } from "../chunk-O55BMAX7.js";
40
+ } from "../chunk-RTSX4A54.js";
41
41
  import {
42
42
  CHANNEL_REGISTRY,
43
43
  DEPLOYMENT_TEMPLATES,
@@ -64,7 +64,7 @@ import {
64
64
  renderTemplate,
65
65
  resolveChannels,
66
66
  serializeManifestForSlackCli
67
- } from "../chunk-NCRDTQ54.js";
67
+ } from "../chunk-RIT2OY5S.js";
68
68
 
69
69
  // src/bin/agt.ts
70
70
  import { join as join22 } from "path";
@@ -4777,7 +4777,7 @@ import { execFileSync, execSync } from "child_process";
4777
4777
  import { existsSync as existsSync10, realpathSync as realpathSync2 } from "fs";
4778
4778
  import chalk18 from "chalk";
4779
4779
  import ora16 from "ora";
4780
- var cliVersion = true ? "0.28.128" : "dev";
4780
+ var cliVersion = true ? "0.28.130" : "dev";
4781
4781
  async function fetchLatestVersion() {
4782
4782
  const host2 = getHost();
4783
4783
  if (!host2) return null;
@@ -5791,7 +5791,7 @@ function handleError(err) {
5791
5791
  }
5792
5792
 
5793
5793
  // src/bin/agt.ts
5794
- var cliVersion2 = true ? "0.28.128" : "dev";
5794
+ var cliVersion2 = true ? "0.28.130" : "dev";
5795
5795
  var program = new Command();
5796
5796
  program.name("agt").description("Augmented CLI \u2014 agent provisioning and management").version(cliVersion2).option("--json", "Emit machine-readable JSON output (suppress spinners and colors)").option("--skip-update-check", "Skip the automatic update check on startup");
5797
5797
  program.hook("preAction", async (thisCommand, actionCommand) => {
package/dist/{chunk-NCRDTQ54.js → chunk-RIT2OY5S.js} RENAMED
@@ -1930,20 +1930,33 @@ var charter_frontmatter_v1_default = {
1930
1930
  },
1931
1931
  tools: {
1932
1932
  type: "object",
1933
- description: "ENG-4588: gates on agent-driven actions (currently the skill-management MCP tools).",
1933
+ description: "ENG-6707: agent-driven skill authoring is governed by the SkillSpector scanner gate; tools.skills carries only the shared-scope kill switch.",
1934
1934
  properties: {
1935
1935
  skills: {
1936
1936
  type: "object",
1937
1937
  properties: {
1938
+ shared_authoring: {
1939
+ type: "boolean",
1940
+ default: true,
1941
+ description: "ENG-6707 kill switch for agent-driven shared-scope (team/organization) skill authoring. Default true (open): shared skills auto-publish on a clean SkillSpector scan, else land as drafts for operator review (fail-closed). Set false to revoke shared-scope authoring for a compromised agent; agent-scope authoring stays available."
1942
+ },
1938
1943
  write_team: {
1939
1944
  type: "boolean",
1940
1945
  default: false,
1941
- description: "Allow the agent's MCP tools to write skill_definitions rows at team scope. Default false \u2014 agents start untrusted."
1946
+ deprecated: true,
1947
+ description: "DEPRECATED (ENG-6707): ignored. Superseded by the scanner gate + shared_authoring kill switch. Retained so charters written before the migration still validate."
1948
+ },
1949
+ write_organization: {
1950
+ type: "boolean",
1951
+ default: false,
1952
+ deprecated: true,
1953
+ description: "DEPRECATED (ENG-6707): ignored. Org-scope authoring is governed by the same scanner gate + shared_authoring kill switch as team scope. Retained so charters written before the migration still validate."
1942
1954
  },
1943
1955
  publish: {
1944
1956
  type: "boolean",
1945
1957
  default: false,
1946
- description: "Skip the pending-publication review for agent-authored skills. Default false \u2014 drafts go to operator review (ENG-4589)."
1958
+ deprecated: true,
1959
+ description: "DEPRECATED (ENG-6707): ignored. Auto-publish is now driven by a clean SkillSpector scan, not this flag. Retained for back-compat."
1947
1960
  }
1948
1961
  },
1949
1962
  additionalProperties: false
@@ -2488,13 +2501,16 @@ ${desc}
2488
2501
 
2489
2502
  ## Optional permissions
2490
2503
 
2491
- These fields default to off. Add them to the YAML frontmatter above to enable.
2504
+ Agents may author skills at any scope by default. Shared-scope (team /
2505
+ organization) skills auto-publish on a clean SkillSpector scan and land as
2506
+ drafts for operator review otherwise. To REVOKE shared-scope authoring for a
2507
+ compromised agent, add the kill switch below to the YAML frontmatter above
2508
+ (agent-scope authoring stays available).
2492
2509
 
2493
2510
  \`\`\`yaml
2494
2511
  tools:
2495
2512
  skills:
2496
- write_team: false # ENG-4588: allow agent MCP to write team-scoped skills
2497
- publish: false # ENG-4588: skip operator review for agent-authored skills
2513
+ shared_authoring: false # ENG-6707: revoke this agent's team/org skill authoring (default: true / open)
2498
2514
  \`\`\`
2499
2515
  `;
2500
2516
  }
@@ -2613,22 +2629,14 @@ function runSemanticRules(file, charter) {
2613
2629
  }
2614
2630
  }
2615
2631
  }
2616
- if (charter.risk_tier === "High" && charter.tools?.skills?.publish === true) {
2632
+ const skillsTools = charter.tools?.skills;
2633
+ if (skillsTools && (skillsTools.write_team !== void 0 || skillsTools.publish !== void 0 || skillsTools.write_organization !== void 0)) {
2617
2634
  diagnostics.push({
2618
2635
  file,
2619
- code: "CHARTER.SEMANTIC.HIGH_RISK_SKILL_PUBLISH",
2620
- path: "tools.skills.publish",
2621
- severity: "warning",
2622
- message: "High-risk agents should not have tools.skills.publish enabled \u2014 keep operator review on agent-authored skills"
2623
- });
2624
- }
2625
- if (charter.risk_tier === "High" && charter.tools?.skills?.write_team === true) {
2626
- diagnostics.push({
2627
- file,
2628
- code: "CHARTER.SEMANTIC.HIGH_RISK_SKILL_WRITE_TEAM",
2629
- path: "tools.skills.write_team",
2630
- severity: "warning",
2631
- message: "High-risk agents should not be granted tools.skills.write_team \u2014 they can pollute the shared team catalog"
2636
+ code: "CHARTER.SEMANTIC.SKILL_FLAGS_DEPRECATED",
2637
+ path: "tools.skills",
2638
+ severity: "info",
2639
+ message: "tools.skills.write_team / publish / write_organization are deprecated and ignored (ENG-6707). Agent-driven skill authoring is governed by the SkillSpector scan; set tools.skills.shared_authoring: false to revoke shared-scope authoring for a compromised agent."
2632
2640
  });
2633
2641
  }
2634
2642
  return diagnostics;
@@ -5780,4 +5788,4 @@ export {
5780
5788
  parseEnvIntegrations,
5781
5789
  probeMcpEnvSubstitution
5782
5790
  };
5783
- //# sourceMappingURL=chunk-NCRDTQ54.js.map
5791
+ //# sourceMappingURL=chunk-RIT2OY5S.js.map