npm - @integrity-labs/agt-cli - Versions diffs - 0.28.147 → 0.28.149 - Mend

@integrity-labs/agt-cli 0.28.147 → 0.28.149

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (25) hide show

package/dist/bin/agt.js CHANGED Viewed

@@ -37,7 +37,7 @@ import {
   success,
   table,
   warn
-} from "../chunk-FAWY7H7Q.js";
+} from "../chunk-A4S52T2C.js";
 import {
   CHANNEL_REGISTRY,
   DEPLOYMENT_TEMPLATES,
@@ -64,7 +64,7 @@ import {
   renderTemplate,
   resolveChannels,
   serializeManifestForSlackCli
-} from "../chunk-POW4BZEC.js";
+} from "../chunk-5AIF4FOP.js";
 // src/bin/agt.ts
 import { join as join22 } from "path";
@@ -4777,7 +4777,7 @@ import { execFileSync, execSync } from "child_process";
 import { existsSync as existsSync10, realpathSync as realpathSync2 } from "fs";
 import chalk18 from "chalk";
 import ora16 from "ora";
-var cliVersion = true ? "0.28.147" : "dev";
+var cliVersion = true ? "0.28.149" : "dev";
 async function fetchLatestVersion() {
   const host2 = getHost();
   if (!host2) return null;
@@ -5791,7 +5791,7 @@ function handleError(err) {
 }
 // src/bin/agt.ts
-var cliVersion2 = true ? "0.28.147" : "dev";
+var cliVersion2 = true ? "0.28.149" : "dev";
 var program = new Command();
 program.name("agt").description("Augmented CLI \u2014 agent provisioning and management").version(cliVersion2).option("--json", "Emit machine-readable JSON output (suppress spinners and colors)").option("--skip-update-check", "Skip the automatic update check on startup");
 program.hook("preAction", async (thisCommand, actionCommand) => {

package/dist/{chunk-POW4BZEC.js → chunk-5AIF4FOP.js} RENAMED Viewed

@@ -1672,6 +1672,15 @@ var FLAG_REGISTRY = [
     // control with no pre-flags env gate to migrate (ADR-0022).
     defaultValue: false
   },
+  {
+    key: "skill-revision-proposals",
+    description: "Agent-proposed corrective rewrites of shared skills (ENG-6824, epic ENG-6805 P2b): when on, an agent can propose a full-body rewrite of a shared (team/org) skill via the skill_propose_revision MCP tool, anchored on an immutable base_version_id; an operator reviews a machine-derived diff and approves (conflict-guarded apply) or rejects. This is the per-org activation gate for the corrective path - off = the propose tool soft-refuses, so no proposal is created. Distinct from skill-fragments (the additive path). Approved revisions land via the existing operator-owned skill body + delivery, so there is nothing to revert when flipped off. Boolean gate; ships dark.",
+    flagType: "boolean",
+    // Declared safe value is `false` (no proposals). Fail-safe direction: a
+    // flag-DB read error must never let an agent file rewrites of operator-owned
+    // shared skills on its own. No envVar - net-new control (ADR-0022).
+    defaultValue: false
+  },
   {
     key: "channel-quarantine-mode",
     description: "Optional-channel quarantine (ENG-5932): off = disabled, shadow = log matches only, enforce = quarantine.",
@@ -4024,6 +4033,37 @@ var OAUTH_PROVIDERS = {
     publicClient: true,
     mcpUrl: "https://mcp.granola.ai/mcp"
   },
+  "brand-ninja": {
+    // ENG-6820: Brand Ninja External-Content MCP, remote streamable-HTTP at
+    // https://ext-api.app.brandninja.ai/v1/mcp. Same shape as Granola: the
+    // server exposes RFC 8414 authorization-server metadata at
+    // /.well-known/oauth-authorization-server (values below are taken verbatim
+    // from that document, not inferred). Auth is OAuth 2.0 authorization-code
+    // with mandatory PKCE (S256) and a public client (token_endpoint_auth_method
+    // 'none') issued via Dynamic Client Registration (RFC 7591). The bootstrap
+    // script (packages/api/scripts/dcr-register.ts) registers a client once at
+    // deploy time against the registration_endpoint
+    // (https://ext-api.app.brandninja.ai/v1/oauth/register); OAUTH_BRAND_NINJA_CLIENT_ID
+    // is set from its output. The AS advertises the refresh_token grant, so the
+    // shared oauth-refresh cron rotates the bearer without operator action.
+    definitionId: "brand-ninja",
+    authorizeUrl: "https://prod-brandninja.auth.ap-southeast-2.amazoncognito.com/oauth2/authorize",
+    tokenUrl: "https://prod-brandninja.auth.ap-southeast-2.amazoncognito.com/oauth2/token",
+    // The resource server (ext-api.app.brandninja.ai) advertises exactly two
+    // scopes: external-api/content.write (the default content surface) and
+    // external-api/admin (read-only credential metadata, granted per account
+    // admin). Default install is least-privilege: content.write only; an
+    // operator can widen to admin out of band. No openid/offline_access in the
+    // advertised scope set, so Cognito issues the refresh_token for the code grant
+    // regardless, so requesting only the resource scope keeps consent minimal.
+    defaultScopes: ["external-api/content.write"],
+    supportsRefresh: true,
+    extraAuthorizeParams: {},
+    clientAuthMethod: "body",
+    pkce: "S256",
+    publicClient: true,
+    mcpUrl: "https://ext-api.app.brandninja.ai/v1/mcp"
+  },
   "notion-cli": {
     // Notion's public OAuth app. Tokens are workspace-scoped and long-lived —
     // Notion does not issue refresh_tokens, so `supportsRefresh: false` and
@@ -6054,6 +6094,7 @@ export {
   detectDrift,
   SUPPRESS_SENTINEL,
   classifyOutput,
+  isVacuousDeliverReason,
   parseDeliverAssertion,
   parseUsageBanner,
   formatRunMarker,
@@ -6073,4 +6114,4 @@ export {
   parseEnvIntegrations,
   probeMcpEnvSubstitution
 };
-//# sourceMappingURL=chunk-POW4BZEC.js.map
+//# sourceMappingURL=chunk-5AIF4FOP.js.map