@integrity-labs/agt-cli 0.28.150 → 0.28.152

package/dist/mcp/remote-oauth-proxy.js

@@ -0,0 +1,168 @@
+#!/usr/bin/env node
+import { createRequire as __augmentedCreateRequire } from 'module';
+globalThis.require ??= __augmentedCreateRequire(import.meta.url);
+
+// src/remote-oauth-proxy.ts
+import { createInterface } from "readline";
+import { readFileSync } from "fs";
+import { fileURLToPath } from "url";
+import { resolve as resolvePath } from "path";
+var URL_ENV = "AGT_REMOTE_MCP_URL";
+var TOKEN_FILE_ENV = "AGT_REMOTE_MCP_TOKEN_FILE";
+var TOKEN_VAR_ENV = "AGT_REMOTE_MCP_TOKEN_VAR";
+var REMOTE_FETCH_TIMEOUT_MS = 3e4;
+var remoteUrl = process.env[URL_ENV] ?? "";
+var tokenFile = process.env[TOKEN_FILE_ENV] ?? "";
+var tokenVar = process.env[TOKEN_VAR_ENV] ?? "";
+var label = process.env["AGT_REMOTE_MCP_LABEL"] || tokenVar || "remote-oauth";
+function logErr(msg) {
+  process.stderr.write(`[remote-oauth-proxy:${label}] ${msg}
+`);
+}
+function readCurrentToken(file, varName) {
+  let raw;
+  try {
+    raw = readFileSync(file, "utf8");
+  } catch {
+    return null;
+  }
+  let value = null;
+  for (const line of raw.split("\n")) {
+    const trimmed = line.trim();
+    if (!trimmed || trimmed.startsWith("#")) continue;
+    const eq = trimmed.indexOf("=");
+    if (eq < 0) continue;
+    const key = trimmed.slice(0, eq).replace(/^export\s+/, "").trim();
+    if (key !== varName) continue;
+    let v = trimmed.slice(eq + 1).trim();
+    if (v.length >= 2 && (v[0] === '"' && v[v.length - 1] === '"' || v[0] === "'" && v[v.length - 1] === "'")) {
+      v = v.slice(1, -1);
+    }
+    value = v;
+  }
+  return value && value.length > 0 ? value : null;
+}
+function jsonRpcError(id, code, message) {
+  return JSON.stringify({ jsonrpc: "2.0", id: id ?? null, error: { code, message } });
+}
+function extractJsonRpcMessages(contentType, body) {
+  const ct = (contentType || "").toLowerCase();
+  const out = [];
+  if (ct.includes("text/event-stream")) {
+    for (const line of body.split("\n")) {
+      const t = line.trimEnd();
+      if (!t.startsWith("data:")) continue;
+      const payload = t.slice(5).trim();
+      if (!payload || payload === "[DONE]") continue;
+      try {
+        JSON.parse(payload);
+        out.push(payload);
+      } catch {
+      }
+    }
+    return out;
+  }
+  const trimmed = body.trim();
+  if (!trimmed) return out;
+  try {
+    JSON.parse(trimmed);
+    out.push(trimmed);
+  } catch {
+  }
+  return out;
+}
+async function forward(line, id, isNotification) {
+  const token = readCurrentToken(tokenFile, tokenVar);
+  if (!token) {
+    logErr(`no token in ${tokenFile} (var ${tokenVar})`);
+    return isNotification ? [] : [jsonRpcError(id, -32e3, `${label}: no current access token available (reconnect the integration)`)];
+  }
+  let res;
+  try {
+    res = await fetch(remoteUrl, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Accept: "application/json, text/event-stream",
+        Authorization: `Bearer ${token}`
+      },
+      body: line,
+      signal: AbortSignal.timeout(REMOTE_FETCH_TIMEOUT_MS)
+    });
+  } catch (err) {
+    logErr(`fetch failed: ${err.message}`);
+    return isNotification ? [] : [jsonRpcError(id, -32001, `${label}: transport error contacting MCP server`)];
+  }
+  const ct = res.headers.get("content-type") ?? "";
+  let body = "";
+  try {
+    body = await res.text();
+  } catch {
+    body = "";
+  }
+  if (isNotification) return [];
+  const messages = extractJsonRpcMessages(ct, body);
+  if (messages.length > 0) return messages;
+  const detail = body.slice(0, 300).replace(/\s+/g, " ").trim();
+  return [jsonRpcError(id, -32002, `${label}: MCP server returned HTTP ${res.status}${detail ? ` (${detail})` : ""}`)];
+}
+function isMissingConfig() {
+  if (!remoteUrl) return URL_ENV;
+  if (!tokenFile) return TOKEN_FILE_ENV;
+  if (!tokenVar) return TOKEN_VAR_ENV;
+  return null;
+}
+async function main() {
+  const missing = isMissingConfig();
+  if (missing) {
+    logErr(`missing required env ${missing}; exiting`);
+    process.exit(1);
+  }
+  const rl = createInterface({ input: process.stdin, crlfDelay: Infinity });
+  let writeLock = Promise.resolve();
+  const writeReplies = (replies) => {
+    writeLock = writeLock.then(() => {
+      for (const reply of replies) process.stdout.write(reply + "\n");
+    });
+    return writeLock;
+  };
+  const inflight = /* @__PURE__ */ new Set();
+  rl.on("line", (line) => {
+    const text = line.trim();
+    if (!text) return;
+    let parsed;
+    try {
+      parsed = JSON.parse(text);
+    } catch {
+      logErr("dropping non-JSON stdin line");
+      return;
+    }
+    const isNotification = !("id" in parsed);
+    const id = parsed.id;
+    const task = forward(text, id, isNotification).then(writeReplies).catch((err) => {
+      logErr(`handler error: ${err.message}`);
+    });
+    inflight.add(task);
+    void task.finally(() => inflight.delete(task));
+  });
+  await new Promise((resolve) => rl.on("close", () => resolve()));
+  await Promise.all([...inflight]);
+  await writeLock;
+}
+var invokedDirectly = (() => {
+  try {
+    const entry = process.argv[1];
+    if (!entry) return false;
+    return fileURLToPath(import.meta.url) === resolvePath(entry);
+  } catch {
+    return false;
+  }
+})();
+if (invokedDirectly) {
+  void main();
+}
+export {
+  extractJsonRpcMessages,
+  main,
+  readCurrentToken
+};

package/dist/mcp/slack-channel.js

@@ -16399,7 +16399,26 @@ function buildChannelInfoResult(args) {
     return { ok: false, reason: "unknown", bot_user_handle: botUserHandle, raw_error: err };
   }
   const ch = infoRes.channel;
-  if (!ch || !ch.id || !ch.name) {
+  if (!ch || !ch.id) {
+    return { ok: false, reason: "unknown", bot_user_handle: botUserHandle, raw_error: "malformed_response" };
+  }
+  const isDm = ch.is_im === true || typeof ch.user === "string" && ch.user.length > 0;
+  if (isDm) {
+    const dmChannel = {
+      id: ch.id,
+      name: ch.user ?? ch.id,
+      is_private: true,
+      is_archived: ch.is_archived === true,
+      is_member: true,
+      kind: "dm",
+      user: ch.user
+    };
+    if (dmChannel.is_archived) {
+      return { ok: false, channel: dmChannel, bot_user_handle: botUserHandle, reason: "archived" };
+    }
+    return { ok: true, channel: dmChannel, bot_user_handle: botUserHandle };
+  }
+  if (!ch.name) {
     return { ok: false, reason: "unknown", bot_user_handle: botUserHandle, raw_error: "malformed_response" };
   }
   const channel = {
@@ -16417,6 +16436,17 @@ function buildChannelInfoResult(args) {
   }
   return { ok: true, channel, bot_user_handle: botUserHandle };
 }
+function buildDmUserInfo(usersInfoRes) {
+  if (!usersInfoRes || usersInfoRes.ok === false || !usersInfoRes.user) return {};
+  const u = usersInfoRes.user;
+  const nonEmpty = (s) => typeof s === "string" && s.trim().length > 0 ? s : void 0;
+  const user_name = nonEmpty(u.profile?.display_name) ?? nonEmpty(u.profile?.real_name) ?? nonEmpty(u.real_name);
+  const user_handle = nonEmpty(u.name);
+  const out = {};
+  if (user_handle) out.user_handle = user_handle;
+  if (user_name) out.user_name = user_name;
+  return out;
+}
 
 // src/slack-peer-classifier.ts
 var CODE_NAME_RE = /^[a-z0-9]+(-[a-z0-9]+)*$/;
@@ -19208,13 +19238,13 @@ mcp.setRequestHandler(ListToolsRequestSchema, async () => ({
     },
     {
       name: "slack.channel_info",
-      description: 'Verify the bot can post to a specific Slack channel. Use this before relying on a channel ID for delivery (e.g. before submitting an AWS access request that will notify an approval channel) to avoid silent posting failures. Works for both public AND private channels \u2014 unlike slack.list_channels which is public-only. Returns `{ ok, channel: { id, name, is_private, is_archived, is_member }, bot_user_handle, reason? }`. When `ok=false`, branch on `reason`: "channel_not_found" or "not_in_channel" \u2192 tell the user to run `/invite @<bot_user_handle>` in that channel (the configured ID exists but your bot isn\'t a member, or the ID is from a workspace the bot isn\'t installed in); "archived" \u2192 the channel exists but is archived, ask an admin to point the integration at a non-archived channel; "auth_failed" \u2192 bot token is invalid, escalate to an operator (do not surface to the end user). Pass the raw C0... channel ID, not a human name (use slack.list_channels for name \u2192 ID).',
+      description: 'Verify the bot can post to a specific Slack channel, OR resolve who is on the other side of a DM. Use this before relying on a channel ID for delivery (e.g. before submitting an AWS access request that will notify an approval channel) to avoid silent posting failures, and to confirm the human behind a DM channel id before claiming a message reached a named person. Works for public AND private channels (unlike slack.list_channels, which is public-only) and for DM (`D0...`) channels. Returns `{ ok, channel: { id, name, is_private, is_archived, is_member, kind }, bot_user_handle, reason? }`. For a DM, `kind` is "dm" and the result also carries `channel.user` (the partner\'s Slack user id) plus best-effort `channel.user_handle` and `channel.user_name` (the human\'s handle and display name); use these to VERIFY a DM\'s recipient rather than assuming whose DM it is. When `ok=false`, branch on `reason`: "channel_not_found" or "not_in_channel" \u2192 tell the user to run `/invite @<bot_user_handle>` in that channel (the configured ID exists but your bot isn\'t a member, or the ID is from a workspace the bot isn\'t installed in); "archived" \u2192 the channel exists but is archived, ask an admin to point the integration at a non-archived channel; "auth_failed" \u2192 bot token is invalid, escalate to an operator (do not surface to the end user). Pass the raw C0.../G0.../D0... channel ID, not a human name (use slack.list_channels for name \u2192 ID).',
       inputSchema: {
         type: "object",
         properties: {
           channel_id: {
             type: "string",
-            description: "Slack channel ID (C0..., G0... for legacy private). Required."
+            description: "Slack channel ID: C0... (public), G0... (legacy private), or D0... (DM). Required."
           }
         },
         required: ["channel_id"]
@@ -19736,6 +19766,25 @@ async function handleChannelInfo(args) {
     infoRes: infoData,
     botUserHandle
   });
+  if (result.channel?.kind === "dm" && result.channel.user) {
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), 3e3);
+    try {
+      const usersRes = await fetch(
+        `https://slack.com/api/users.info?user=${encodeURIComponent(result.channel.user)}`,
+        { headers: { Authorization: `Bearer ${BOT_TOKEN}` }, signal: controller.signal }
+      );
+      const usersData = await usersRes.json();
+      const { user_handle, user_name } = buildDmUserInfo(usersData);
+      if (user_handle) result.channel.user_handle = user_handle;
+      if (user_name) result.channel.user_name = user_name;
+      if (user_name) result.channel.name = user_name;
+      else if (user_handle) result.channel.name = user_handle;
+    } catch {
+    } finally {
+      clearTimeout(timeout);
+    }
+  }
   return {
     content: [{ type: "text", text: JSON.stringify(result, null, 2) }]
   };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@integrity-labs/agt-cli",
-  "version": "0.28.150",
+  "version": "0.28.152",
   "description": "Augmented Team CLI — agent provisioning and management",
   "type": "module",
   "engines": {
@@ -23,7 +23,7 @@
   },
   "scripts": {
     "build": "tsup && npm run build:mcp-assets && npm run build:cli-assets",
-    "build:mcp-assets": "mkdir -p dist/mcp && cp ../../packages/mcp/dist/index.js dist/mcp/index.js && cp ../../packages/mcp/dist/slack-channel.js dist/mcp/slack-channel.js && cp ../../packages/mcp/dist/direct-chat-channel.js dist/mcp/direct-chat-channel.js && cp ../../packages/mcp/dist/telegram-channel.js dist/mcp/telegram-channel.js && cp ../../packages/mcp/dist/teams-channel.js dist/mcp/teams-channel.js && cp ../../packages/mcp/dist/whatsapp-channel.js dist/mcp/whatsapp-channel.js && cp ../../packages/mcp/dist/whatsapp-link.js dist/mcp/whatsapp-link.js && cp ../../packages/augmented-admin-mcp/dist/index.js dist/mcp/augmented-admin.js",
+    "build:mcp-assets": "mkdir -p dist/mcp && cp ../../packages/mcp/dist/index.js dist/mcp/index.js && cp ../../packages/mcp/dist/slack-channel.js dist/mcp/slack-channel.js && cp ../../packages/mcp/dist/direct-chat-channel.js dist/mcp/direct-chat-channel.js && cp ../../packages/mcp/dist/telegram-channel.js dist/mcp/telegram-channel.js && cp ../../packages/mcp/dist/teams-channel.js dist/mcp/teams-channel.js && cp ../../packages/mcp/dist/whatsapp-channel.js dist/mcp/whatsapp-channel.js && cp ../../packages/mcp/dist/whatsapp-link.js dist/mcp/whatsapp-link.js && cp ../../packages/mcp/dist/remote-oauth-proxy.js dist/mcp/remote-oauth-proxy.js && cp ../../packages/augmented-admin-mcp/dist/index.js dist/mcp/augmented-admin.js",
     "build:cli-assets": "mkdir -p dist/assets && cp assets/impersonate-statusline.sh dist/assets/impersonate-statusline.sh && chmod +x dist/assets/impersonate-statusline.sh",
     "dev": "tsx watch src/bin/agt.ts",
     "test": "vitest run",