npm - @integrity-labs/agt-cli - Versions diffs - 0.28.162 → 0.28.164 - Mend

@integrity-labs/agt-cli 0.28.162 → 0.28.164

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/dist/{claude-pair-runtime-PJ4OZ3DE.js → claude-pair-runtime-6ZLSPL6Z.js} RENAMED Viewed

@@ -100,7 +100,7 @@ async function spawnPairSession(session) {
     return { ok: true };
   } catch {
   }
-  const { resolveClaudeBinary } = await import("./persistent-session-T7Q53HW5.js");
+  const { resolveClaudeBinary } = await import("./persistent-session-XIW3I5CQ.js");
   const claudeBin = resolveClaudeBinary();
   const pairEnv = {
     ...process.env,
@@ -373,4 +373,4 @@ export {
   startClaudePair,
   submitClaudePairCode
 };
-//# sourceMappingURL=claude-pair-runtime-PJ4OZ3DE.js.map
+//# sourceMappingURL=claude-pair-runtime-6ZLSPL6Z.js.map

package/dist/lib/manager-worker.js CHANGED Viewed

@@ -28,7 +28,7 @@ import {
   requireHost,
   safeWriteJsonAtomic,
   setConfigHash
-} from "../chunk-G6NDQYBC.js";
+} from "../chunk-7YBYMQNJ.js";
 import {
   getProjectDir as getProjectDir2,
   getReadyTasks,
@@ -70,7 +70,7 @@ import {
   takeZombieDetection,
   transcriptActivityAgeSeconds,
   writeEgressAllowlist
-} from "../chunk-MNW2HVGO.js";
+} from "../chunk-6TIVVGA7.js";
 import {
   CONVERSATION_FAILURE_CATEGORIES,
   DEFAULT_FRAMEWORK,
@@ -111,7 +111,7 @@ import {
   resolveChannels,
   resolveDmTarget,
   sumTranscriptUsageInWindow
-} from "../chunk-U6HS4U7L.js";
+} from "../chunk-SDUFTHIF.js";
 import {
   parsePsRows,
   reapOrphanChannelMcps
@@ -6878,7 +6878,7 @@ var agentRestartTimezoneInputs = /* @__PURE__ */ new Map();
 var lastVersionCheckAt = 0;
 var VERSION_CHECK_INTERVAL_MS = 5 * 60 * 1e3;
 var lastResponsivenessProbeAt = 0;
-var agtCliVersion = true ? "0.28.162" : "dev";
+var agtCliVersion = true ? "0.28.164" : "dev";
 function resolveBrewPath(execFileSync4) {
   try {
     const out = execFileSync4("which", ["brew"], { timeout: 5e3 }).toString().trim();
@@ -8011,7 +8011,7 @@ async function pollCycle() {
     }
     try {
       const { detectHostSecurity } = await import("../host-security-6PDFG7F5.js");
-      const { collectDiagnostics } = await import("../persistent-session-T7Q53HW5.js");
+      const { collectDiagnostics } = await import("../persistent-session-XIW3I5CQ.js");
       const diagCodeNames = [...agentState.persistentSessionAgents];
       const agentDiagnostics = diagCodeNames.length > 0 ? collectDiagnostics(diagCodeNames) : void 0;
       let tailscaleHostname;
@@ -8159,7 +8159,7 @@ async function pollCycle() {
       const {
         collectResponsivenessProbes,
         getResponsivenessIntervalMs
-      } = await import("../responsiveness-probe-K4Y7BXRH.js");
+      } = await import("../responsiveness-probe-7JTG6QMB.js");
       const probeIntervalMs = getResponsivenessIntervalMs();
       if (now - lastResponsivenessProbeAt > probeIntervalMs) {
         const probeCodeNames = [...agentState.persistentSessionAgents];
@@ -8191,7 +8191,7 @@ async function pollCycle() {
           collectResponsivenessProbes,
           livePendingInboundOldestAgeSeconds,
           parkPendingInbound
-        } = await import("../responsiveness-probe-K4Y7BXRH.js");
+        } = await import("../responsiveness-probe-7JTG6QMB.js");
         const { getProjectDir: wedgeProjectDir } = await import("../claude-scheduler-FATCLHDM.js");
         const wedgeNow = /* @__PURE__ */ new Date();
         const liveAgents = agentState.persistentSessionAgents;
@@ -11692,7 +11692,7 @@ async function processClaudePairSessions(agents) {
     killPairSession,
     pairTmuxSession,
     finalizeClaudePairOnboarding
-  } = await import("../claude-pair-runtime-PJ4OZ3DE.js");
+  } = await import("../claude-pair-runtime-6ZLSPL6Z.js");
   for (const pairId of pendingResp.cancelled_pair_ids ?? []) {
     log(`[claude-pair] sweeping orphan tmux session for pair ${pairId.slice(0, 8)}`);
     const killed = await killPairSession(pairTmuxSession(pairId));

package/dist/mcp/remote-oauth-proxy.js CHANGED Viewed

@@ -10,15 +10,48 @@ import { resolve as resolvePath } from "path";
 var URL_ENV = "AGT_REMOTE_MCP_URL";
 var TOKEN_FILE_ENV = "AGT_REMOTE_MCP_TOKEN_FILE";
 var TOKEN_VAR_ENV = "AGT_REMOTE_MCP_TOKEN_VAR";
+var ALLOWLIST_ENV = "AGT_REMOTE_MCP_TOOL_ALLOWLIST";
 var REMOTE_FETCH_TIMEOUT_MS = 3e4;
 var remoteUrl = process.env[URL_ENV] ?? "";
 var tokenFile = process.env[TOKEN_FILE_ENV] ?? "";
 var tokenVar = process.env[TOKEN_VAR_ENV] ?? "";
 var label = process.env["AGT_REMOTE_MCP_LABEL"] || tokenVar || "remote-oauth";
+var toolAllowlist = parseToolAllowlist(process.env[ALLOWLIST_ENV] ?? "");
 function logErr(msg) {
   process.stderr.write(`[remote-oauth-proxy:${label}] ${msg}
 `);
 }
+function parseToolAllowlist(raw) {
+  const out = /* @__PURE__ */ new Set();
+  for (const part of (raw || "").split(",")) {
+    const name = part.trim();
+    if (name) out.add(name);
+  }
+  return out;
+}
+function filterToolsListMessage(message, allow) {
+  if (allow.size === 0) return { message, total: 0, kept: 0, advertised: [] };
+  let obj;
+  try {
+    obj = JSON.parse(message);
+  } catch {
+    return { message, total: 0, kept: 0, advertised: [] };
+  }
+  const result = obj?.result;
+  const tools = result?.tools;
+  if (!Array.isArray(tools)) return { message, total: 0, kept: 0, advertised: [] };
+  const nameOf = (t) => t && typeof t === "object" && typeof t.name === "string" ? t.name : "";
+  const advertised = tools.map(nameOf).filter((n) => n.length > 0);
+  const filtered = tools.filter((t) => allow.has(nameOf(t)));
+  result.tools = filtered;
+  return { message: JSON.stringify(obj), total: tools.length, kept: filtered.length, advertised };
+}
+function isToolCallBlocked(method, params, allow) {
+  if (allow.size === 0 || method !== "tools/call") return { blocked: false, name: "" };
+  const name = params && typeof params === "object" && typeof params.name === "string" ? params.name : "";
+  if (name && !allow.has(name)) return { blocked: true, name };
+  return { blocked: false, name };
+}
 function readCurrentToken(file, varName) {
   let raw;
   try {
@@ -71,7 +104,7 @@ function extractJsonRpcMessages(contentType, body) {
   }
   return out;
 }
-async function forward(line, id, isNotification) {
+async function forward(line, id, isNotification, method) {
   const token = readCurrentToken(tokenFile, tokenVar);
   if (!token) {
     logErr(`no token in ${tokenFile} (var ${tokenVar})`);
@@ -102,7 +135,24 @@ async function forward(line, id, isNotification) {
   }
   if (isNotification) return [];
   const messages = extractJsonRpcMessages(ct, body);
-  if (messages.length > 0) return messages;
+  if (messages.length > 0) {
+    if (method === "tools/list" && toolAllowlist.size > 0) {
+      return messages.map((m) => {
+        const r = filterToolsListMessage(m, toolAllowlist);
+        if (r.total !== r.kept) {
+          logErr(`tools/list filtered ${r.total} -> ${r.kept} (allowlist ${toolAllowlist.size})`);
+        }
+        if (r.advertised.length > 0) {
+          const missing = [...toolAllowlist].filter((n) => !r.advertised.includes(n));
+          if (missing.length > 0) {
+            logErr(`allowlisted tools not advertised by server: ${missing.join(", ")}`);
+          }
+        }
+        return r.message;
+      });
+    }
+    return messages;
+  }
   const detail = body.slice(0, 300).replace(/\s+/g, " ").trim();
   return [jsonRpcError(id, -32002, `${label}: MCP server returned HTTP ${res.status}${detail ? ` (${detail})` : ""}`)];
 }
@@ -139,7 +189,19 @@ async function main() {
     }
     const isNotification = !("id" in parsed);
     const id = parsed.id;
-    const task = forward(text, id, isNotification).then(writeReplies).catch((err) => {
+    if (!isNotification) {
+      const block = isToolCallBlocked(parsed.method, parsed.params, toolAllowlist);
+      if (block.blocked) {
+        logErr(`blocked tools/call to non-allowlisted tool "${block.name}"`);
+        const task2 = writeReplies([
+          jsonRpcError(id, -32601, `${label}: tool "${block.name}" is not enabled for this integration`)
+        ]).catch((err) => logErr(`handler error: ${err.message}`));
+        inflight.add(task2);
+        void task2.finally(() => inflight.delete(task2));
+        return;
+      }
+    }
+    const task = forward(text, id, isNotification, parsed.method).then(writeReplies).catch((err) => {
       logErr(`handler error: ${err.message}`);
     });
     inflight.add(task);
@@ -163,6 +225,9 @@ if (invokedDirectly) {
 }
 export {
   extractJsonRpcMessages,
+  filterToolsListMessage,
+  isToolCallBlocked,
   main,
+  parseToolAllowlist,
   readCurrentToken
 };

package/dist/mcp/slack-channel.js CHANGED Viewed

@@ -14562,8 +14562,8 @@ function shouldPostUndeliverableNotice(lastNoticeAtMs, nowMs, throttleMs = UNDEL
 function undeliverableNoticeText(replayEnabled = channelReplayEnabled()) {
   return replayEnabled ? "\u23F3 I can't get to this right now \u2014 no need to resend; I'll pick it up automatically as soon as I'm free." : "\u23F3 I can't get to this right now. Please resend in a few minutes \u2014 I may not see this one.";
 }
-var BUSY_ACK_THRESHOLD_MS = 9e4;
-var BUSY_ACK_NOTICE_THROTTLE_MS = 10 * 60 * 1e3;
+var BUSY_ACK_THRESHOLD_MS = 12e4;
+var BUSY_ACK_NOTICE_THROTTLE_MS = 20 * 60 * 1e3;
 function channelBusyAckEnabled() {
   return resolveHostBooleanFlag({
     key: "channel-busy-ack",
@@ -14620,7 +14620,7 @@ function decideGiveUpNotice(input) {
 function giveUpNoticeText() {
   return "\u26A0\uFE0F I couldn't read your last message \u2014 please resend it.";
 }
-function oldestPendingMarkerAgeMs(dir, now = Date.now()) {
+function oldestPendingMarkerAgeMs(dir, now = Date.now(), opts) {
   if (!dir) return null;
   let names;
   try {
@@ -14635,7 +14635,7 @@ function oldestPendingMarkerAgeMs(dir, now = Date.now()) {
     try {
       const raw = JSON.parse(readFileSync2(join2(dir, name), "utf-8"));
       if (raw.discretionary === true) continue;
-      if (typeof raw.seen_at === "string" && raw.seen_at) continue;
+      if (!opts?.includeSeen && typeof raw.seen_at === "string" && raw.seen_at) continue;
       receivedAt = raw.received_at;
     } catch {
       continue;
@@ -14649,6 +14649,9 @@ function oldestPendingMarkerAgeMs(dir, now = Date.now()) {
   }
   return oldest;
 }
+function hasInFlightInbound(dir, now = Date.now()) {
+  return oldestPendingMarkerAgeMs(dir, now, { includeSeen: true }) != null;
+}
 function isPendingMarkerStale(receivedAt, nowMs, thresholdMs) {
   if (!receivedAt) return true;
   const t = Date.parse(receivedAt);
@@ -20830,6 +20833,7 @@ async function connectSocketMode() {
         paneLogFreshAgeMs
       };
       const ackDecision = decideAckReaction(ackInputs);
+      const arrivedWhileBusy = hasInFlightInbound(SLACK_PENDING_INBOUND_DIR);
       if (ackDecision === "undeliverable") {
         const cause = classifyUndeliverableCause(ackInputs) ?? "unknown";
         recordChannelDeflection(SLACK_AGENT_DIR, "slack", cause);
@@ -20861,7 +20865,7 @@ async function connectSocketMode() {
             threadTs,
             ts,
             isThreadReply,
-            ackInputs.oldestPendingAgeMs != null
+            arrivedWhileBusy
           );
         }
       }

package/dist/mcp/telegram-channel.js CHANGED Viewed

@@ -16733,8 +16733,8 @@ function shouldPostUndeliverableNotice(lastNoticeAtMs, nowMs, throttleMs = UNDEL
 function undeliverableNoticeText(replayEnabled = channelReplayEnabled()) {
   return replayEnabled ? "\u23F3 I can't get to this right now \u2014 no need to resend; I'll pick it up automatically as soon as I'm free." : "\u23F3 I can't get to this right now. Please resend in a few minutes \u2014 I may not see this one.";
 }
-var BUSY_ACK_THRESHOLD_MS = 9e4;
-var BUSY_ACK_NOTICE_THROTTLE_MS = 10 * 60 * 1e3;
+var BUSY_ACK_THRESHOLD_MS = 12e4;
+var BUSY_ACK_NOTICE_THROTTLE_MS = 20 * 60 * 1e3;
 function channelBusyAckEnabled() {
   return resolveHostBooleanFlag({
     key: "channel-busy-ack",
@@ -16791,7 +16791,7 @@ function decideGiveUpNotice(input) {
 function giveUpNoticeText() {
   return "\u26A0\uFE0F I couldn't read your last message \u2014 please resend it.";
 }
-function oldestPendingMarkerAgeMs(dir, now = Date.now()) {
+function oldestPendingMarkerAgeMs(dir, now = Date.now(), opts) {
   if (!dir) return null;
   let names;
   try {
@@ -16806,7 +16806,7 @@ function oldestPendingMarkerAgeMs(dir, now = Date.now()) {
     try {
       const raw = JSON.parse(readFileSync9(join7(dir, name), "utf-8"));
       if (raw.discretionary === true) continue;
-      if (typeof raw.seen_at === "string" && raw.seen_at) continue;
+      if (!opts?.includeSeen && typeof raw.seen_at === "string" && raw.seen_at) continue;
       receivedAt = raw.received_at;
     } catch {
       continue;
@@ -16820,6 +16820,9 @@ function oldestPendingMarkerAgeMs(dir, now = Date.now()) {
   }
   return oldest;
 }
+function hasInFlightInbound(dir, now = Date.now()) {
+  return oldestPendingMarkerAgeMs(dir, now, { includeSeen: true }) != null;
+}
 function isPendingMarkerStale(receivedAt, nowMs, thresholdMs) {
   if (!receivedAt) return true;
   const t = Date.parse(receivedAt);
@@ -19798,6 +19801,7 @@ async function pollLoop() {
           paneLogFreshAgeMs
         };
         const ackDecision = decideAckReaction(ackInputs);
+        const arrivedWhileBusy = hasInFlightInbound(PENDING_INBOUND_DIR);
         if (ackDecision === "undeliverable") {
           const cause = classifyUndeliverableCause(ackInputs) ?? "unknown";
           recordChannelDeflection(AGENT_DIR, "telegram", cause);
@@ -19876,7 +19880,7 @@ async function pollLoop() {
           channelPayload
         );
         if (ackDecision === "ack") {
-          scheduleBusyAck(chatId, messageId, ackInputs.oldestPendingAgeMs != null);
+          scheduleBusyAck(chatId, messageId, arrivedWhileBusy);
         }
         await mcp.notification({
           method: "notifications/claude/channel",

package/dist/{persistent-session-T7Q53HW5.js → persistent-session-XIW3I5CQ.js} RENAMED Viewed

@@ -34,8 +34,8 @@ import {
   writeDirectChatSessionState,
   writeEgressAllowlist,
   writePersistentClaudeWrapper
-} from "./chunk-MNW2HVGO.js";
-import "./chunk-U6HS4U7L.js";
+} from "./chunk-6TIVVGA7.js";
+import "./chunk-SDUFTHIF.js";
 import "./chunk-XWVM4KPK.js";
 export {
   EGRESS_BASELINE_DOMAINS,
@@ -74,4 +74,4 @@ export {
   writeEgressAllowlist,
   writePersistentClaudeWrapper
 };
-//# sourceMappingURL=persistent-session-T7Q53HW5.js.map
+//# sourceMappingURL=persistent-session-XIW3I5CQ.js.map

package/dist/{responsiveness-probe-K4Y7BXRH.js → responsiveness-probe-7JTG6QMB.js} RENAMED Viewed

@@ -1,7 +1,7 @@
 import {
   paneLogPath
-} from "./chunk-MNW2HVGO.js";
-import "./chunk-U6HS4U7L.js";
+} from "./chunk-6TIVVGA7.js";
+import "./chunk-SDUFTHIF.js";
 import "./chunk-XWVM4KPK.js";
 // src/lib/responsiveness-probe.ts
@@ -304,4 +304,4 @@ export {
   readAndResetChannelDeflections,
   readAndResetChannelLaneClassifications
 };
-//# sourceMappingURL=responsiveness-probe-K4Y7BXRH.js.map
+//# sourceMappingURL=responsiveness-probe-7JTG6QMB.js.map

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@integrity-labs/agt-cli",
-  "version": "0.28.162",
+  "version": "0.28.164",
   "description": "Augmented Team CLI — agent provisioning and management",
   "type": "module",
   "engines": {