@integrity-labs/agt-cli 0.28.44 → 0.28.45

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/bin/agt.js CHANGED
@@ -37,7 +37,7 @@ import {
37
37
  success,
38
38
  table,
39
39
  warn
40
- } from "../chunk-HQHLMAIW.js";
40
+ } from "../chunk-YEAHEXU7.js";
41
41
  import {
42
42
  CHANNEL_REGISTRY,
43
43
  DEPLOYMENT_TEMPLATES,
@@ -4777,7 +4777,7 @@ import { execFileSync, execSync } from "child_process";
4777
4777
  import { existsSync as existsSync10, realpathSync as realpathSync2 } from "fs";
4778
4778
  import chalk18 from "chalk";
4779
4779
  import ora16 from "ora";
4780
- var cliVersion = true ? "0.28.44" : "dev";
4780
+ var cliVersion = true ? "0.28.45" : "dev";
4781
4781
  async function fetchLatestVersion() {
4782
4782
  const host2 = getHost();
4783
4783
  if (!host2) return null;
@@ -5787,7 +5787,7 @@ function handleError(err) {
5787
5787
  }
5788
5788
 
5789
5789
  // src/bin/agt.ts
5790
- var cliVersion2 = true ? "0.28.44" : "dev";
5790
+ var cliVersion2 = true ? "0.28.45" : "dev";
5791
5791
  var program = new Command();
5792
5792
  program.name("agt").description("Augmented CLI \u2014 agent provisioning and management").version(cliVersion2).option("--json", "Emit machine-readable JSON output (suppress spinners and colors)").option("--skip-update-check", "Skip the automatic update check on startup");
5793
5793
  program.hook("preAction", async (thisCommand, actionCommand) => {
@@ -7259,7 +7259,7 @@ function requireHost() {
7259
7259
  }
7260
7260
 
7261
7261
  // src/lib/api-client.ts
7262
- var agtCliVersion = true ? "0.28.44" : "dev";
7262
+ var agtCliVersion = true ? "0.28.45" : "dev";
7263
7263
  var lastConfigHash = null;
7264
7264
  function setConfigHash(hash) {
7265
7265
  lastConfigHash = hash && hash.length > 0 ? hash : null;
@@ -8540,4 +8540,4 @@ export {
8540
8540
  managerInstallSystemUnitCommand,
8541
8541
  managerUninstallSystemUnitCommand
8542
8542
  };
8543
- //# sourceMappingURL=chunk-HQHLMAIW.js.map
8543
+ //# sourceMappingURL=chunk-YEAHEXU7.js.map
@@ -27,7 +27,7 @@ import {
27
27
  requireHost,
28
28
  safeWriteJsonAtomic,
29
29
  setConfigHash
30
- } from "../chunk-HQHLMAIW.js";
30
+ } from "../chunk-YEAHEXU7.js";
31
31
  import {
32
32
  getProjectDir as getProjectDir2,
33
33
  getReadyTasks,
@@ -6626,7 +6626,7 @@ var cachedMaintenanceWindow = null;
6626
6626
  var lastVersionCheckAt = 0;
6627
6627
  var VERSION_CHECK_INTERVAL_MS = 5 * 60 * 1e3;
6628
6628
  var lastResponsivenessProbeAt = 0;
6629
- var agtCliVersion = true ? "0.28.44" : "dev";
6629
+ var agtCliVersion = true ? "0.28.45" : "dev";
6630
6630
  function resolveBrewPath(execFileSync4) {
6631
6631
  try {
6632
6632
  const out = execFileSync4("which", ["brew"], { timeout: 5e3 }).toString().trim();
@@ -21182,6 +21182,19 @@ var AdminDebugClient = class _AdminDebugClient {
21182
21182
  run_id: this.runId
21183
21183
  });
21184
21184
  }
21185
+ /** Request a HITL-gated, allowlisted diagnostic SSM run (ENG-6442). */
21186
+ requestSsmRun(args) {
21187
+ if (!this.agentId) {
21188
+ throw makeError(400, "AdminDebugClient.requestSsmRun requires agentId (set AGT_AGENT_ID)");
21189
+ }
21190
+ return this.post("/admin/debug/actions/ssm-run", {
21191
+ target_agent_id: args.target_agent_id,
21192
+ command_key: args.command,
21193
+ reason: args.reason,
21194
+ agent_id: this.agentId,
21195
+ run_id: this.runId
21196
+ });
21197
+ }
21185
21198
  /** Poll a remedial action's HITL decision. */
21186
21199
  getActionStatus(requestId) {
21187
21200
  return this.get(`/admin/debug/actions/${encodeURIComponent(requestId)}`);
@@ -21259,7 +21272,14 @@ var requestConfigUpdateSchema = external_exports.object({
21259
21272
  reason: external_exports.string().min(1).max(2e3).describe("Why this change is needed \u2014 shown verbatim to the human approver. Be specific.")
21260
21273
  });
21261
21274
  var checkActionStatusSchema = external_exports.object({
21262
- request_id: external_exports.string().min(1).max(64).describe("The action request_id returned by request_action or request_config_update.")
21275
+ request_id: external_exports.string().min(1).max(64).describe("The action request_id returned by request_action, request_config_update, or request_ssm_run.")
21276
+ });
21277
+ var requestSsmRunSchema = external_exports.object({
21278
+ target_agent_id: external_exports.string().min(1).max(64).describe("UUID of the customer agent whose host to run the diagnostic on."),
21279
+ command: external_exports.enum(["host_health", "manager_status", "manager_journal", "process_list", "agent_dir"]).describe(
21280
+ "The allowlisted, READ-ONLY diagnostic to run (closed set \u2014 no free-form shell). host_health = uptime + df -h + free -m (is the box wedged / out of disk / out of memory?); manager_status = systemctl status agt-manager.service (is the manager daemon up?); manager_journal = journalctl -u agt-manager.service -n 200 (recent systemd-captured manager output); process_list = ps (pid/ppid/user/etime/rss/comm, no argv/env) filtered to claude + agt-manager; agent_dir = ls -la ~/.augmented/<code_name>/ (file NAMES only \u2014 stuck markers, state files; never contents). For file CONTENTS use debug_tail_logs (it covers manager.log/pane.log/channel-stderr/manager-state.json)."
21281
+ ),
21282
+ reason: external_exports.string().min(1).max(2e3).describe("Why this diagnostic is needed \u2014 shown verbatim to the human approver. Be specific.")
21263
21283
  });
21264
21284
  var queryAuditLogSchema = external_exports.object({
21265
21285
  agent_id: external_exports.string().min(1).max(64).optional().describe(
@@ -21498,9 +21518,26 @@ server.tool(
21498
21518
  }
21499
21519
  }
21500
21520
  );
21521
+ server.tool(
21522
+ "request_ssm_run",
21523
+ "Request a HITL-gated, ALLOWLISTED read-only DIAGNOSTIC command on a customer agent's host over SSM \u2014 the escape hatch for host/process/service facts the typed read tools (debug_get_agent, debug_tail_logs, debug_host_versions) don't cover. A HUMAN must approve the EXACT command in Slack before it runs, and only if writes are armed (shadow mode runs the approval but executes nothing). This is NOT a shell: `command` is a CLOSED enum \u2014 host_health (uptime/df/free), manager_status (systemctl status agt-manager), manager_journal (journalctl -n 200), process_list (ps comm-only, no argv/env), agent_dir (ls -la ~/.augmented/<code_name>/, names only). No free-form commands, no file-content reads (use debug_tail_logs for log contents). Async: returns { request_id, status, write_mode, command_key, resolved_command, notification_status }; after approval, poll check_action_status to read the command OUTPUT in result_payload. Pass { target_agent_id, command, reason }.",
21524
+ requestSsmRunSchema.shape,
21525
+ async (args) => {
21526
+ try {
21527
+ const result = await client.requestSsmRun({
21528
+ target_agent_id: args.target_agent_id,
21529
+ command: args.command,
21530
+ reason: args.reason
21531
+ });
21532
+ return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
21533
+ } catch (err) {
21534
+ return { content: [{ type: "text", text: formatError2(err) }], isError: true };
21535
+ }
21536
+ }
21537
+ );
21501
21538
  server.tool(
21502
21539
  "check_action_status",
21503
- "Poll the decision on a remedial action you requested (the approval result is also pushed to you via direct-chat). Returns { status, result_payload, denial_reason, resolved_at }. Pass { request_id }.",
21540
+ "Poll the decision on a remedial action you requested (the approval result is also pushed to you via direct-chat). Returns { status, result_payload, denial_reason, resolved_at } \u2014 for an approved request_ssm_run, result_payload carries the command output. Pass { request_id }.",
21504
21541
  checkActionStatusSchema.shape,
21505
21542
  async (args) => {
21506
21543
  try {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@integrity-labs/agt-cli",
3
- "version": "0.28.44",
3
+ "version": "0.28.45",
4
4
  "description": "Augmented Team CLI — agent provisioning and management",
5
5
  "type": "module",
6
6
  "engines": {