@integrity-labs/agt-cli 0.28.171 → 0.28.172

package/dist/{chunk-CPB4L4TB.js → chunk-XGTHOGKA.js}

@@ -16,7 +16,7 @@ import {
   resolveConnectivityProbe,
   worseConnectivityOutcome,
   wrapScheduledTaskPrompt
-} from "./chunk-76XB2I4P.js";
+} from "./chunk-OMC7BHRP.js";
 
 // ../../packages/core/dist/provisioning/mcp-config-guards.js
 import { chmodSync, existsSync, readFileSync, renameSync, writeFileSync, unlinkSync } from "fs";
@@ -1719,20 +1719,22 @@ var INTEGRATION_REGISTRY = [
     id: "deck",
     name: "Deck",
     category: "workspace-productivity",
-    description: "Computer-use agents that operate any software through real interfaces (no API required) and return schema-validated results. Higher-level alternative to Anchor Browser: Deck owns the auth lifecycle (encrypted credential vault, login, MFA, CAPTCHA) and provisions isolated desktop sessions on demand.",
+    description: "Computer-use agents that operate any software through its real interface (no API required) and return schema-validated results. A higher-level alternative to Anchor Browser: Deck owns the auth lifecycle (encrypted credential vault, login, MFA, CAPTCHA) and provisions isolated desktop sessions on demand. Augmented Team manages Deck access for you and gives each agent its own isolated Deck workspace, so there is no credential to enter.",
     // Deck is REST-only (base https://api.deck.co/v2, Bearer `sk_live_` account
     // key) — it ships NO MCP server, so unlike anchor-browser there is no
-    // `remoteMcp`/`nativeMcp` drop-in. Per-agent isolation is modelled on
-    // Deck's first-class resources: the control plane holds one account key
-    // (stored per-row as the `api_key` credential, same shape as anchor) and
-    // provisions one Deck agent (`agt_`) + vault credential (`cred_`) per
-    // Augmented agent via POST /:id/provision-deck. Those ids land in
+    // `remoteMcp`/`nativeMcp` drop-in; the agent-facing tools are brokered
+    // server-side (deck-broker.ts). Deck is the first PREMIUM integration:
+    // Augmented owns ONE Deck account that every customer agent's runs bill back
+    // to (per-org charging is tracked in ENG-6920, not yet live), so the account
+    // key is a single platform-held secret (`DECK_ACCOUNT_KEY`), NOT a per-agent
+    // credential. Auth type is therefore `none` — customers never enter a key.
+    // Per-agent isolation is modelled on Deck's first-class resources: that one
+    // key provisions one Deck agent (`agt_`) + vault credential (`cred_`) per
+    // Augmented agent via POST /:id/provision-deck; the ids land in
     // `agent_integrations.config` (deck_agent_id / deck_credential_id), so
     // revocation + audit happen at the per-agent Deck-resource level without a
     // distinct API key per agent (Deck exposes no key-minting admin API).
-    // The agent-facing tool surface is a follow-up (Deck has no MCP), so this
-    // entry is catalog + provisioning only for now.
-    supported_auth_types: ["api_key"],
+    supported_auth_types: ["none"],
     capabilities: [
       { id: "deck:provision", name: "Provision Agent Access", description: "Provision a per-agent Deck agent and vault credential under the account key (create_agent, create_credential)", access: "admin" },
       { id: "deck:run", name: "Run Tasks", description: "Submit tasks to the agent and read schema-validated structured results (run_task, get_task_run)", access: "write" },
@@ -5956,7 +5958,7 @@ function requireHost() {
 }
 
 // src/lib/api-client.ts
-var agtCliVersion = true ? "0.28.171" : "dev";
+var agtCliVersion = true ? "0.28.172" : "dev";
 var lastConfigHash = null;
 function setConfigHash(hash) {
   lastConfigHash = hash && hash.length > 0 ? hash : null;
@@ -7261,4 +7263,4 @@ export {
   managerInstallSystemUnitCommand,
   managerUninstallSystemUnitCommand
 };
-//# sourceMappingURL=chunk-CPB4L4TB.js.map
+//# sourceMappingURL=chunk-XGTHOGKA.js.map