@integrity-labs/agt-cli 0.28.38 → 0.28.40

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/bin/agt.js CHANGED
@@ -33,7 +33,7 @@ import {
33
33
  success,
34
34
  table,
35
35
  warn
36
- } from "../chunk-IJT4B5PH.js";
36
+ } from "../chunk-DA776TZO.js";
37
37
  import {
38
38
  CHANNEL_REGISTRY,
39
39
  DEPLOYMENT_TEMPLATES,
@@ -60,7 +60,7 @@ import {
60
60
  renderTemplate,
61
61
  resolveChannels,
62
62
  serializeManifestForSlackCli
63
- } from "../chunk-RYB5QSVS.js";
63
+ } from "../chunk-X5E2Q3W2.js";
64
64
 
65
65
  // src/bin/agt.ts
66
66
  import { join as join21 } from "path";
@@ -4773,7 +4773,7 @@ import { execFileSync, execSync } from "child_process";
4773
4773
  import { existsSync as existsSync10, realpathSync as realpathSync2 } from "fs";
4774
4774
  import chalk18 from "chalk";
4775
4775
  import ora16 from "ora";
4776
- var cliVersion = true ? "0.28.38" : "dev";
4776
+ var cliVersion = true ? "0.28.40" : "dev";
4777
4777
  async function fetchLatestVersion() {
4778
4778
  const host2 = getHost();
4779
4779
  if (!host2) return null;
@@ -5696,7 +5696,7 @@ function handleError(err) {
5696
5696
  }
5697
5697
 
5698
5698
  // src/bin/agt.ts
5699
- var cliVersion2 = true ? "0.28.38" : "dev";
5699
+ var cliVersion2 = true ? "0.28.40" : "dev";
5700
5700
  var program = new Command();
5701
5701
  program.name("agt").description("Augmented CLI \u2014 agent provisioning and management").version(cliVersion2).option("--json", "Emit machine-readable JSON output (suppress spinners and colors)").option("--skip-update-check", "Skip the automatic update check on startup");
5702
5702
  program.hook("preAction", async (thisCommand, actionCommand) => {
@@ -1,7 +1,7 @@
1
1
  import {
2
2
  claudeModelAlias,
3
3
  isClaudeFastMode
4
- } from "./chunk-RYB5QSVS.js";
4
+ } from "./chunk-X5E2Q3W2.js";
5
5
  import {
6
6
  reapOrphanChannelMcps
7
7
  } from "./chunk-XWVM4KPK.js";
@@ -1487,4 +1487,4 @@ export {
1487
1487
  stopAllSessionsAndWait,
1488
1488
  getProjectDir
1489
1489
  };
1490
- //# sourceMappingURL=chunk-2V5QUET6.js.map
1490
+ //# sourceMappingURL=chunk-57MHPANB.js.map
@@ -14,7 +14,7 @@ import {
14
14
  registerFramework,
15
15
  resolveAvatarEnvUrl,
16
16
  wrapScheduledTaskPrompt
17
- } from "./chunk-RYB5QSVS.js";
17
+ } from "./chunk-X5E2Q3W2.js";
18
18
 
19
19
  // ../../packages/core/dist/integrations/registry.js
20
20
  var INTEGRATION_REGISTRY = [
@@ -3390,54 +3390,43 @@ acknowledge before you start.
3390
3390
  - **FAST (< 60s):** handle inline. Reply via the channel tool
3391
3391
  (slack.reply / telegram.reply / directchat.reply) and end your turn.
3392
3392
 
3393
- - **SLOW (\u2265 60s):** acknowledge, dispatch to a background channel worker,
3394
- stay responsive.
3393
+ - **SLOW (\u2265 60s):** acknowledge, dispatch to background, stay responsive.
3395
3394
  1. Send a one-line acknowledgement via the channel tool \u2014 short, warm,
3396
3395
  and tell the user you'll come back. Example shape (don't copy verbatim,
3397
3396
  match your voice): "On it \u2014 this'll take a minute or two, I'll ping
3398
3397
  when it's done."
3399
- 2. Dispatch the work to a background \`channel-message-handler\` sub-agent:
3400
- the Agent tool with \`subagent_type: channel-message-handler\` AND
3401
- \`run_in_background: true\`. Put EVERYTHING the worker needs in the
3402
- dispatch prompt \u2014 the user's full request, relevant thread context,
3403
- which integrations/tools to use \u2014 plus the **channel-specific routing
3404
- keys** its reply tool needs: Slack threads \u2192 \`{ channel_id, thread_ts }\`;
3405
- Slack non-thread DMs \u2192 \`{ channel_id }\`; Telegram \u2192 \`{ chat_id, message_id }\`;
3406
- Direct Chat \u2192 \`{ conversation_id }\`. Pass these verbatim from the
3407
- inbound \`<channel>\` tag \u2014 don't substitute a generic \`message_ts\`,
3408
- since only Slack threads use it. The worker inherits your full MCP tool
3409
- surface but NOT your conversation context.
3398
+ 2. Dispatch the work to a background sub-agent: the Agent tool with
3399
+ \`subagent_type: general-purpose\` AND \`run_in_background: true\`.
3400
+ Put EVERYTHING the worker needs in the dispatch prompt \u2014 the user's
3401
+ full request, relevant thread context, which integrations/tools to
3402
+ use, and the exact shape of result you want back. The worker inherits
3403
+ your full MCP tool surface but NOT your conversation context.
3410
3404
  3. End your turn after dispatching. This is the point: you stay free to
3411
3405
  answer other messages while the worker grinds. Do NOT wait, poll, or
3412
3406
  dispatch the same work synchronously \u2014 a synchronous dispatch blocks
3413
3407
  your turn and defeats the purpose.
3414
- 4. \`channel-message-handler\` posts the substantive reply **itself**, via
3415
- its own channel reply tool (\`slack.reply\` / \`telegram.reply\` /
3416
- \`directchat.reply\`) addressed by the routing keys you passed \u2014 you do
3417
- NOT relay it. Its completion notification lands automatically as a
3418
- system message; read it just to confirm the reply went out.
3419
- 5. If the completion notification reports a failure \u2014 or that the worker
3420
- could not post \u2014 post the reply (or a brief status) yourself to the
3421
- same thread / chat / conversation you acknowledged in step 1, and
3422
- either re-dispatch with a better prompt or handle it inline. Never go
3423
- silent.
3424
-
3425
- > **Why a background \`channel-message-handler\` dispatch:** two findings
3426
- > combine into this shape. (1) ENG-6274 (2026-06-10, Claude Code 2.1.170,
3427
- > \`docs/spikes/ENG-6274-run-in-background-dispatch.md\`): a background
3428
- > dispatch returns immediately, your turn ends, and inbound messages get
3429
- > answered in seconds while the worker runs \u2014 the completion arrives as a
3430
- > notification you handle like any other turn. (2) ENG-6273 (on-host probe
3431
- > at the fleet's pinned 2.1.170,
3432
- > \`docs/spikes/ENG-6273-verify-64909-onhost-probe.md\`): the upstream
3433
- > empty-registry bug
3408
+ 4. When the worker's completion notification arrives (it lands
3409
+ automatically as a system message), read its result and reply via the
3410
+ channel tool (\`slack.reply\` / \`telegram.reply\` / \`directchat.reply\`)
3411
+ to the same thread / chat / conversation you acknowledged in step 1.
3412
+ **You post the substantive reply \u2014 the worker has no channel tools.**
3413
+ 5. If the completion notification reports a failure or an unusable
3414
+ result, tell the user what happened and either re-dispatch with a
3415
+ better prompt or handle it inline \u2014 never go silent.
3416
+
3417
+ > **Why background dispatch (and why \`general-purpose\`):** validated
3418
+ > 2026-06-10 on Claude Code 2.1.170 (ENG-6274 spike,
3419
+ > \`docs/spikes/ENG-6274-run-in-background-dispatch.md\`): background
3420
+ > dispatch returns immediately, your turn ends, inbound messages get
3421
+ > answered in seconds while the worker runs, and the completion arrives
3422
+ > as a notification you handle like any other turn. Use
3423
+ > \`subagent_type: general-purpose\` (inherit-all tools) \u2014 NOT
3424
+ > \`channel-message-handler\` or \`augmented-worker\` \u2014 until ENG-6273
3425
+ > re-verifies on this host that the upstream allowlist bug
3434
3426
  > ([anthropics/claude-code#64909](https://github.com/anthropics/claude-code/issues/64909),
3435
- > 0/6 MCP tools in named sub-agents on 2026-06-03) is **fixed** \u2014 a named
3436
- > sub-agent with an explicit \`tools:\` allowlist binds the full MCP surface
3437
- > again (10/11, zero empty-registry misses). So \`channel-message-handler\`
3438
- > can reach its own channel reply tool: dispatch it in the background and it
3439
- > both does the work AND posts the reply over the audited channel path,
3440
- > while you stay free.
3427
+ > empirically 0/6 MCP tools in named sub-agents on 2026-06-03) is fixed
3428
+ > at the fleet's pinned Claude Code version. \`general-purpose\` escapes
3429
+ > that bug by construction either way.
3441
3430
 
3442
3431
  **Why this triage decision still matters more than any other instruction
3443
3432
  below:** if you skip the acknowledgement and just dive into slow work
@@ -3457,20 +3446,31 @@ consistency.
3457
3446
 
3458
3447
  For background tool work that **isn't** a channel reply \u2014 multi-step data
3459
3448
  pulls, CRM enrichments, research workflows, cross-MCP orchestration \u2014 use
3460
- \`subagent_type: augmented-worker\`. It carries an explicit allowlist of
3461
- every \`mcp__*\` server you have wired \u2014 a tighter, safer tool surface than
3462
- inherit-all \u2014 and binds them reliably now that ENG-6273's on-host probe
3463
- confirmed the upstream allowlist bug (claude-code#64909) is fixed at the
3464
- fleet's pinned Claude Code 2.1.170. For anything expected to take more than
3465
- a minute, add \`run_in_background: true\` so your turn ends and you stay
3466
- responsive; the completion notification brings you the result. Don't
3467
- background-dispatch trivial work \u2014 each dispatch is a fresh context and
3468
- costs real tokens.
3449
+ \`subagent_type: general-purpose\` (Anthropic's built-in). It inherits the
3450
+ full MCP tool surface from this session and reliably binds every
3451
+ \`mcp__*\` server you have available. For anything expected to take more
3452
+ than a minute, add \`run_in_background: true\` so your turn ends and you
3453
+ stay responsive; the completion notification brings you the result.
3454
+ Don't background-dispatch trivial work \u2014 each dispatch is a fresh
3455
+ context and costs real tokens.
3456
+
3457
+ **Why not \`augmented-worker\` for now:** there is an upstream Claude Code
3458
+ bug ([anthropics/claude-code#64909](https://github.com/anthropics/claude-code/issues/64909))
3459
+ where sub-agents with an explicit \`tools:\` allowlist get an empty MCP
3460
+ tool registry \u2014 every \`mcp__*\` call returns "No such tool available."
3461
+ \`general-purpose\` uses \`tools: *\` (inherit-all) and escapes the bug.
3462
+ The fix appears to have shipped upstream (verified locally on Claude Code
3463
+ 2.1.170, 2026-06-10 \u2014 ENG-6269 spike); once ENG-6273 re-verifies it on
3464
+ this host's pinned version, \`augmented-worker\` becomes preferred again
3465
+ (restricted tool surface for safety + working MCP binding) and
3466
+ \`channel-message-handler\` returns as a dispatch target. Until then,
3467
+ \`general-purpose\` only.
3469
3468
 
3470
3469
  For slow **channel** replies, see \xA7 FIRST ACTION above \u2014 those are
3471
- dispatched as background \`channel-message-handler\` workers, the channel-aware
3472
- sibling of \`augmented-worker\`, which post the reply themselves over the
3473
- audited channel path.
3470
+ dispatched as background \`general-purpose\` workers and **you** post the
3471
+ result back to the channel when the completion notification arrives
3472
+ (\`channel-message-handler\` is not yet the dispatch target for the same
3473
+ ENG-6273-pending reason).
3474
3474
 
3475
3475
  ${activeTasksSection}${personalitySection}## Identity
3476
3476
 
@@ -3500,10 +3500,10 @@ ${resolvedChannels?.includes("slack") ? `
3500
3500
 
3501
3501
  You have a Slack MCP server connected. **First, see \xA7 FIRST ACTION on
3502
3502
  every channel message: triage** at the top of this document \u2014 decide
3503
- fast vs slow before anything else. Handle fast requests inline;
3504
- acknowledge slow ones, then dispatch them to a background
3505
- \`channel-message-handler\` worker (which posts the reply itself) and stay
3506
- responsive \u2014 see the FIRST ACTION section for the full rationale.
3503
+ fast vs slow before anything else, then acknowledge inline before
3504
+ diving into slow work (sub-agent dispatch for channel replies is
3505
+ currently disabled due to an upstream Claude Code bug; see the FIRST
3506
+ ACTION section for the full rationale).
3507
3507
 
3508
3508
  For fast requests, respond directly in the conversation. You can also
3509
3509
  proactively use:
@@ -5330,7 +5330,7 @@ If a capability seems missing, **check first** \u2014 run the CLI, list tools (\
5330
5330
  `;
5331
5331
  return `---
5332
5332
  name: augmented-worker
5333
- description: General-purpose background worker for multi-step tool tasks the parent doesn't want to inline (data pulls, multi-API workflows, CRM enrichments, research that needs MCP tools). Has explicit access to every \`mcp__*\` server the parent has wired. Use this \u2014 not \`general-purpose\` and not the read-only researcher/reviewer subagents from other plugins \u2014 whenever the work requires calling MCP tools (e.g. \`mcp__granola__*\`, \`mcp__composio_attio__*\`, \`mcp__slack__*\`, \`mcp__augmented__*\`). Many community subagents declare restrictive \`tools:\` allowlists that exclude MCP tools, so dispatching to them will silently produce "No such tool available." failures and force unsafe fallback paths (reading raw secrets from \`.mcp.json\`, bypassing the Credential Access Control guardrail).
5333
+ description: Background worker for multi-step tool tasks the parent doesn't want to inline (data pulls, multi-API workflows, CRM enrichments, research that needs MCP tools). Carries an explicit \`mcp__*\` wildcard allowlist for every server the parent has wired. **Until [anthropics/claude-code#64909](https://github.com/anthropics/claude-code/issues/64909) ships an upstream fix, prefer \`subagent_type: general-purpose\` for MCP-tool dispatch** \u2014 the bug is in Claude Code's sub-agent dispatch path: sub-agents with an explicit \`tools:\` allowlist get an empty MCP tool registry (every \`mcp__*\` call returns "No such tool available."), while \`general-purpose\` (\`tools: *\` inherit-all) correctly binds the full MCP surface. This subagent's allowlist is correct and will work the moment Anthropic lands the fix; until then it is retained for the eventual structural fix and the rare case where you specifically need a restricted tool surface AND can accept the MCP gap. See [[ENG-5938]] for the workaround tracker.
5334
5334
  background: true
5335
5335
  tools: ${tools}
5336
5336
  ---
@@ -5344,7 +5344,7 @@ Your \`tools:\` allowlist (above) names every MCP server the parent has connecte
5344
5344
  ## Hard rules \u2014 Credential Access Control
5345
5345
 
5346
5346
  1. **Never** read raw secrets out of \`.mcp.json\`, \`~/.augmented/*/provision/.mcp.json\`, \`.env.integrations\`, or any agent config file. Those files contain bot tokens, API keys, and OAuth credentials. The Credential Access Control guardrail (\`block_read: true\` on secrets) treats reads of those values as a violation regardless of intent. As **defence-in-depth (not structural enforcement)**, the plugin's \`settings.json\` also denies \`Bash(cat:*/.mcp.json)\`, \`Bash(cat:*/.env.integrations)\`, and \`Bash(jq:*/.mcp.json)\` (ENG-5901 / ADR-0018) \u2014 these block the obvious copy-paste paths but a determined in-process reader can still reach the values; the durable fix is Phase 2/3 of ADR-0018.
5347
- 2. **Never** post Slack messages via raw \`chat.postMessage\` + a bot token lifted from config. Use the channel MCP's reply tool (\`mcp__slack__slack_reply\`, \`mcp__telegram__telegram_reply\`, \`mcp__direct-chat__direct_chat_reply\`, etc.) so the call goes through the audited path.
5347
+ 2. **Never** post channel messages via raw API calls + bot tokens lifted from config. Use the channel MCP reply tools (\`mcp__slack__slack_reply\`, \`mcp__telegram__telegram_reply\`, \`mcp__direct_chat__direct_chat_reply\`, etc.) so calls go through the audited path.
5348
5348
  3. If an \`mcp__*\` tool you expect to be available returns "No such tool available.", **stop and surface the gap to the parent** in your summary rather than working around it. A missing MCP binding is a platform bug worth fixing \u2014 it's the exact failure shape this sub-agent was added to prevent (see ENG-5897 / ENG-5905).
5349
5349
  4. When verifying a capability is wired, confirm the relevant env var exists **without printing its value** \u2014 use \`[ -n "$POSTIZ_API_KEY" ] && echo present || echo absent\`, never \`echo $POSTIZ_API_KEY\`. The Credential Access Control guardrail covers tool-call output as well as file reads.
5350
5350
 
@@ -7266,7 +7266,7 @@ function requireHost() {
7266
7266
  }
7267
7267
 
7268
7268
  // src/lib/api-client.ts
7269
- var agtCliVersion = true ? "0.28.38" : "dev";
7269
+ var agtCliVersion = true ? "0.28.40" : "dev";
7270
7270
  var lastConfigHash = null;
7271
7271
  function setConfigHash(hash) {
7272
7272
  lastConfigHash = hash && hash.length > 0 ? hash : null;
@@ -8326,4 +8326,4 @@ export {
8326
8326
  managerInstallSystemUnitCommand,
8327
8327
  managerUninstallSystemUnitCommand
8328
8328
  };
8329
- //# sourceMappingURL=chunk-IJT4B5PH.js.map
8329
+ //# sourceMappingURL=chunk-DA776TZO.js.map