@integrity-labs/agt-cli 0.28.43 → 0.28.45
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/bin/agt.js
CHANGED
|
@@ -37,7 +37,7 @@ import {
|
|
|
37
37
|
success,
|
|
38
38
|
table,
|
|
39
39
|
warn
|
|
40
|
-
} from "../chunk-
|
|
40
|
+
} from "../chunk-YEAHEXU7.js";
|
|
41
41
|
import {
|
|
42
42
|
CHANNEL_REGISTRY,
|
|
43
43
|
DEPLOYMENT_TEMPLATES,
|
|
@@ -4777,7 +4777,7 @@ import { execFileSync, execSync } from "child_process";
|
|
|
4777
4777
|
import { existsSync as existsSync10, realpathSync as realpathSync2 } from "fs";
|
|
4778
4778
|
import chalk18 from "chalk";
|
|
4779
4779
|
import ora16 from "ora";
|
|
4780
|
-
var cliVersion = true ? "0.28.
|
|
4780
|
+
var cliVersion = true ? "0.28.45" : "dev";
|
|
4781
4781
|
async function fetchLatestVersion() {
|
|
4782
4782
|
const host2 = getHost();
|
|
4783
4783
|
if (!host2) return null;
|
|
@@ -5787,7 +5787,7 @@ function handleError(err) {
|
|
|
5787
5787
|
}
|
|
5788
5788
|
|
|
5789
5789
|
// src/bin/agt.ts
|
|
5790
|
-
var cliVersion2 = true ? "0.28.
|
|
5790
|
+
var cliVersion2 = true ? "0.28.45" : "dev";
|
|
5791
5791
|
var program = new Command();
|
|
5792
5792
|
program.name("agt").description("Augmented CLI \u2014 agent provisioning and management").version(cliVersion2).option("--json", "Emit machine-readable JSON output (suppress spinners and colors)").option("--skip-update-check", "Skip the automatic update check on startup");
|
|
5793
5793
|
program.hook("preAction", async (thisCommand, actionCommand) => {
|
|
@@ -7259,7 +7259,7 @@ function requireHost() {
|
|
|
7259
7259
|
}
|
|
7260
7260
|
|
|
7261
7261
|
// src/lib/api-client.ts
|
|
7262
|
-
var agtCliVersion = true ? "0.28.
|
|
7262
|
+
var agtCliVersion = true ? "0.28.45" : "dev";
|
|
7263
7263
|
var lastConfigHash = null;
|
|
7264
7264
|
function setConfigHash(hash) {
|
|
7265
7265
|
lastConfigHash = hash && hash.length > 0 ? hash : null;
|
|
@@ -8540,4 +8540,4 @@ export {
|
|
|
8540
8540
|
managerInstallSystemUnitCommand,
|
|
8541
8541
|
managerUninstallSystemUnitCommand
|
|
8542
8542
|
};
|
|
8543
|
-
//# sourceMappingURL=chunk-
|
|
8543
|
+
//# sourceMappingURL=chunk-YEAHEXU7.js.map
|
|
@@ -27,7 +27,7 @@ import {
|
|
|
27
27
|
requireHost,
|
|
28
28
|
safeWriteJsonAtomic,
|
|
29
29
|
setConfigHash
|
|
30
|
-
} from "../chunk-
|
|
30
|
+
} from "../chunk-YEAHEXU7.js";
|
|
31
31
|
import {
|
|
32
32
|
getProjectDir as getProjectDir2,
|
|
33
33
|
getReadyTasks,
|
|
@@ -6626,7 +6626,7 @@ var cachedMaintenanceWindow = null;
|
|
|
6626
6626
|
var lastVersionCheckAt = 0;
|
|
6627
6627
|
var VERSION_CHECK_INTERVAL_MS = 5 * 60 * 1e3;
|
|
6628
6628
|
var lastResponsivenessProbeAt = 0;
|
|
6629
|
-
var agtCliVersion = true ? "0.28.
|
|
6629
|
+
var agtCliVersion = true ? "0.28.45" : "dev";
|
|
6630
6630
|
function resolveBrewPath(execFileSync4) {
|
|
6631
6631
|
try {
|
|
6632
6632
|
const out = execFileSync4("which", ["brew"], { timeout: 5e3 }).toString().trim();
|
|
@@ -21103,6 +21103,9 @@ var AdminDebugClient = class _AdminDebugClient {
|
|
|
21103
21103
|
tailLogs(args) {
|
|
21104
21104
|
return this.get("/admin/debug/tail-logs", _AdminDebugClient.cleanQuery(args));
|
|
21105
21105
|
}
|
|
21106
|
+
probeIntegration(args) {
|
|
21107
|
+
return this.get("/admin/debug/probe-integration", _AdminDebugClient.cleanQuery(args));
|
|
21108
|
+
}
|
|
21106
21109
|
queryAuditLog(args) {
|
|
21107
21110
|
return this.get("/admin/debug/audit-log", _AdminDebugClient.cleanQuery(args));
|
|
21108
21111
|
}
|
|
@@ -21179,6 +21182,19 @@ var AdminDebugClient = class _AdminDebugClient {
|
|
|
21179
21182
|
run_id: this.runId
|
|
21180
21183
|
});
|
|
21181
21184
|
}
|
|
21185
|
+
/** Request a HITL-gated, allowlisted diagnostic SSM run (ENG-6442). */
|
|
21186
|
+
requestSsmRun(args) {
|
|
21187
|
+
if (!this.agentId) {
|
|
21188
|
+
throw makeError(400, "AdminDebugClient.requestSsmRun requires agentId (set AGT_AGENT_ID)");
|
|
21189
|
+
}
|
|
21190
|
+
return this.post("/admin/debug/actions/ssm-run", {
|
|
21191
|
+
target_agent_id: args.target_agent_id,
|
|
21192
|
+
command_key: args.command,
|
|
21193
|
+
reason: args.reason,
|
|
21194
|
+
agent_id: this.agentId,
|
|
21195
|
+
run_id: this.runId
|
|
21196
|
+
});
|
|
21197
|
+
}
|
|
21182
21198
|
/** Poll a remedial action's HITL decision. */
|
|
21183
21199
|
getActionStatus(requestId) {
|
|
21184
21200
|
return this.get(`/admin/debug/actions/${encodeURIComponent(requestId)}`);
|
|
@@ -21218,6 +21234,17 @@ var tailLogsSchema = external_exports.object({
|
|
|
21218
21234
|
"Trailing lines to return (default 200, max 2000). Output is also byte-capped (~20 KB, newest kept) to stay within SSM limits \u2014 `truncated` flags when it clipped."
|
|
21219
21235
|
)
|
|
21220
21236
|
});
|
|
21237
|
+
var probeIntegrationSchema = external_exports.object({
|
|
21238
|
+
agent_id: external_exports.string().min(1).max(64).describe(
|
|
21239
|
+
"UUID of the agent whose integration to probe. Fails closed (uniform not-found) if you are not authorized for its org."
|
|
21240
|
+
),
|
|
21241
|
+
slug: external_exports.string().min(1).max(128).regex(
|
|
21242
|
+
/^[a-z0-9][a-z0-9._-]*$/i,
|
|
21243
|
+
"slug must be an integration definition code_name (alphanumeric, may include . _ -)"
|
|
21244
|
+
).describe(
|
|
21245
|
+
"The integration slug (its definition code_name, e.g. `gmail`, `slack`, `here-now`) to probe on that agent."
|
|
21246
|
+
)
|
|
21247
|
+
});
|
|
21221
21248
|
var listAlertsSchema = external_exports.object({
|
|
21222
21249
|
severity: external_exports.string().max(16).optional().describe("Filter by severity (critical | warning | info)."),
|
|
21223
21250
|
open: external_exports.boolean().optional().describe("When true, only currently-open (unclosed) alerts."),
|
|
@@ -21245,7 +21272,14 @@ var requestConfigUpdateSchema = external_exports.object({
|
|
|
21245
21272
|
reason: external_exports.string().min(1).max(2e3).describe("Why this change is needed \u2014 shown verbatim to the human approver. Be specific.")
|
|
21246
21273
|
});
|
|
21247
21274
|
var checkActionStatusSchema = external_exports.object({
|
|
21248
|
-
request_id: external_exports.string().min(1).max(64).describe("The action request_id returned by request_action or
|
|
21275
|
+
request_id: external_exports.string().min(1).max(64).describe("The action request_id returned by request_action, request_config_update, or request_ssm_run.")
|
|
21276
|
+
});
|
|
21277
|
+
var requestSsmRunSchema = external_exports.object({
|
|
21278
|
+
target_agent_id: external_exports.string().min(1).max(64).describe("UUID of the customer agent whose host to run the diagnostic on."),
|
|
21279
|
+
command: external_exports.enum(["host_health", "manager_status", "manager_journal", "process_list", "agent_dir"]).describe(
|
|
21280
|
+
"The allowlisted, READ-ONLY diagnostic to run (closed set \u2014 no free-form shell). host_health = uptime + df -h + free -m (is the box wedged / out of disk / out of memory?); manager_status = systemctl status agt-manager.service (is the manager daemon up?); manager_journal = journalctl -u agt-manager.service -n 200 (recent systemd-captured manager output); process_list = ps (pid/ppid/user/etime/rss/comm, no argv/env) filtered to claude + agt-manager; agent_dir = ls -la ~/.augmented/<code_name>/ (file NAMES only \u2014 stuck markers, state files; never contents). For file CONTENTS use debug_tail_logs (it covers manager.log/pane.log/channel-stderr/manager-state.json)."
|
|
21281
|
+
),
|
|
21282
|
+
reason: external_exports.string().min(1).max(2e3).describe("Why this diagnostic is needed \u2014 shown verbatim to the human approver. Be specific.")
|
|
21249
21283
|
});
|
|
21250
21284
|
var queryAuditLogSchema = external_exports.object({
|
|
21251
21285
|
agent_id: external_exports.string().min(1).max(64).optional().describe(
|
|
@@ -21408,6 +21442,19 @@ server.tool(
|
|
|
21408
21442
|
}
|
|
21409
21443
|
}
|
|
21410
21444
|
);
|
|
21445
|
+
server.tool(
|
|
21446
|
+
"debug_probe_integration",
|
|
21447
|
+
"Force a FRESH host-side connectivity probe for ONE of an agent's integrations and return the LIVE verdict \u2014 use when a user reports an integration \"isn't working\" but the console shows it connected, or to confirm a fix landed. Unlike the cached status the dashboard shows, this SSH-less SSM-invokes the agent's host to run the probe against its actual wired `.mcp.json` + credentials, so it can't disagree with reality. Returns { agent_id, code_name, slug, host, verdict, message, probed_at, ssm_status }. `verdict` is the live result: `ok` | `degraded` | `transient_error` (retryable) | `down` | `not_probeable` (no probe wired for this kind) \u2014 or a central degrade: `unreachable` (agent has no host), `not_installed` (integration not on this agent), `host_cli_too_old` (the host predates the probe \u2014 update its agt-cli), `probe_error`. Pass { agent_id, slug } where slug is the integration's definition code_name (e.g. `gmail`, `slack`, `here-now`). Fails closed for an unauthorized org; every call is audited as a cross-org host access.",
|
|
21448
|
+
probeIntegrationSchema.shape,
|
|
21449
|
+
async (args) => {
|
|
21450
|
+
try {
|
|
21451
|
+
const result = await client.probeIntegration(args);
|
|
21452
|
+
return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
|
|
21453
|
+
} catch (err) {
|
|
21454
|
+
return { content: [{ type: "text", text: formatError2(err) }], isError: true };
|
|
21455
|
+
}
|
|
21456
|
+
}
|
|
21457
|
+
);
|
|
21411
21458
|
server.tool(
|
|
21412
21459
|
"debug_query_audit_log",
|
|
21413
21460
|
'Read recent audit events to troubleshoot why/when agents bounced \u2014 primarily restart events. Defaults to the "agent.restart" action: each event returns { created_at, source, reason, actor_kind, agent_id, code_name }, where `source` is the restart trigger (agent-self-request, channel-command, maintenance-window, stale-mcp, hot-reload-mcp, mcp-presence-reaper, day-rollover, auth-tuple-change, \u2026) and `reason` is the free-text rationale when one was given (e.g. the agent\'s own words for a request_restart). Two modes: (1) pass { agent_id } to scope to ONE agent (fails closed if you\'re not authorized for its org) \u2014 use when a specific agent went quiet. (2) OMIT agent_id for a CROSS-AGENT sweep across every org you\'re authorized for (optionally narrow with { org_id }) \u2014 use to spot fleet-wide restart storms or compare agents. Filter the action with `action` (pass "all" to drop the action filter and read every event type), and bound with { since_hours?, limit? }. Cross-agent results are org-walled in SQL; unauthorized orgs are invisible.',
|
|
@@ -21471,9 +21518,26 @@ server.tool(
|
|
|
21471
21518
|
}
|
|
21472
21519
|
}
|
|
21473
21520
|
);
|
|
21521
|
+
server.tool(
|
|
21522
|
+
"request_ssm_run",
|
|
21523
|
+
"Request a HITL-gated, ALLOWLISTED read-only DIAGNOSTIC command on a customer agent's host over SSM \u2014 the escape hatch for host/process/service facts the typed read tools (debug_get_agent, debug_tail_logs, debug_host_versions) don't cover. A HUMAN must approve the EXACT command in Slack before it runs, and only if writes are armed (shadow mode runs the approval but executes nothing). This is NOT a shell: `command` is a CLOSED enum \u2014 host_health (uptime/df/free), manager_status (systemctl status agt-manager), manager_journal (journalctl -n 200), process_list (ps comm-only, no argv/env), agent_dir (ls -la ~/.augmented/<code_name>/, names only). No free-form commands, no file-content reads (use debug_tail_logs for log contents). Async: returns { request_id, status, write_mode, command_key, resolved_command, notification_status }; after approval, poll check_action_status to read the command OUTPUT in result_payload. Pass { target_agent_id, command, reason }.",
|
|
21524
|
+
requestSsmRunSchema.shape,
|
|
21525
|
+
async (args) => {
|
|
21526
|
+
try {
|
|
21527
|
+
const result = await client.requestSsmRun({
|
|
21528
|
+
target_agent_id: args.target_agent_id,
|
|
21529
|
+
command: args.command,
|
|
21530
|
+
reason: args.reason
|
|
21531
|
+
});
|
|
21532
|
+
return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
|
|
21533
|
+
} catch (err) {
|
|
21534
|
+
return { content: [{ type: "text", text: formatError2(err) }], isError: true };
|
|
21535
|
+
}
|
|
21536
|
+
}
|
|
21537
|
+
);
|
|
21474
21538
|
server.tool(
|
|
21475
21539
|
"check_action_status",
|
|
21476
|
-
"Poll the decision on a remedial action you requested (the approval result is also pushed to you via direct-chat). Returns { status, result_payload, denial_reason, resolved_at }. Pass { request_id }.",
|
|
21540
|
+
"Poll the decision on a remedial action you requested (the approval result is also pushed to you via direct-chat). Returns { status, result_payload, denial_reason, resolved_at } \u2014 for an approved request_ssm_run, result_payload carries the command output. Pass { request_id }.",
|
|
21477
21541
|
checkActionStatusSchema.shape,
|
|
21478
21542
|
async (args) => {
|
|
21479
21543
|
try {
|
package/package.json
CHANGED
|
File without changes
|