@integrity-labs/agt-cli 0.28.67 → 0.28.69

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -3,7 +3,7 @@ import {
3
3
  formatMissingVar,
4
4
  isClaudeFastMode,
5
5
  probeMcpEnvSubstitution
6
- } from "./chunk-CDMYI3G6.js";
6
+ } from "./chunk-F7LALIIP.js";
7
7
  import {
8
8
  reapOrphanChannelMcps
9
9
  } from "./chunk-XWVM4KPK.js";
@@ -1395,4 +1395,4 @@ export {
1395
1395
  stopAllSessionsAndWait,
1396
1396
  getProjectDir
1397
1397
  };
1398
- //# sourceMappingURL=chunk-4W57ZRW6.js.map
1398
+ //# sourceMappingURL=chunk-NAKDDR6O.js.map
@@ -22,7 +22,7 @@ import {
22
22
  resolveConnectivityProbe,
23
23
  worseConnectivityOutcome,
24
24
  wrapScheduledTaskPrompt
25
- } from "./chunk-CDMYI3G6.js";
25
+ } from "./chunk-F7LALIIP.js";
26
26
 
27
27
  // ../../packages/core/dist/integrations/registry.js
28
28
  var INTEGRATION_REGISTRY = [
@@ -7347,7 +7347,7 @@ function requireHost() {
7347
7347
  }
7348
7348
 
7349
7349
  // src/lib/api-client.ts
7350
- var agtCliVersion = true ? "0.28.67" : "dev";
7350
+ var agtCliVersion = true ? "0.28.69" : "dev";
7351
7351
  var lastConfigHash = null;
7352
7352
  function setConfigHash(hash) {
7353
7353
  lastConfigHash = hash && hash.length > 0 ? hash : null;
@@ -8643,4 +8643,4 @@ export {
8643
8643
  managerInstallSystemUnitCommand,
8644
8644
  managerUninstallSystemUnitCommand
8645
8645
  };
8646
- //# sourceMappingURL=chunk-M4PTVE27.js.map
8646
+ //# sourceMappingURL=chunk-RTQ42HVY.js.map
@@ -100,7 +100,7 @@ async function spawnPairSession(session) {
100
100
  return { ok: true };
101
101
  } catch {
102
102
  }
103
- const { resolveClaudeBinary } = await import("./persistent-session-XVVQWPD6.js");
103
+ const { resolveClaudeBinary } = await import("./persistent-session-37EAR7QR.js");
104
104
  const claudeBin = resolveClaudeBinary();
105
105
  const pairEnv = {
106
106
  ...process.env,
@@ -373,4 +373,4 @@ export {
373
373
  startClaudePair,
374
374
  submitClaudePairCode
375
375
  };
376
- //# sourceMappingURL=claude-pair-runtime-ICHMWZPP.js.map
376
+ //# sourceMappingURL=claude-pair-runtime-W6D56XZG.js.map
@@ -27,7 +27,7 @@ import {
27
27
  requireHost,
28
28
  safeWriteJsonAtomic,
29
29
  setConfigHash
30
- } from "../chunk-M4PTVE27.js";
30
+ } from "../chunk-RTQ42HVY.js";
31
31
  import {
32
32
  getProjectDir as getProjectDir2,
33
33
  getReadyTasks,
@@ -65,7 +65,7 @@ import {
65
65
  takeWatchdogGiveUpCount,
66
66
  takeZombieDetection,
67
67
  transcriptActivityAgeSeconds
68
- } from "../chunk-4W57ZRW6.js";
68
+ } from "../chunk-NAKDDR6O.js";
69
69
  import {
70
70
  FLAGS_SCHEMA_VERSION,
71
71
  FLAG_REGISTRY,
@@ -96,7 +96,7 @@ import {
96
96
  resolveDmTarget,
97
97
  sumTranscriptUsageInWindow,
98
98
  wrapScheduledTaskPrompt
99
- } from "../chunk-CDMYI3G6.js";
99
+ } from "../chunk-F7LALIIP.js";
100
100
  import {
101
101
  parsePsRows,
102
102
  reapOrphanChannelMcps
@@ -6734,7 +6734,7 @@ var cachedMaintenanceWindow = null;
6734
6734
  var lastVersionCheckAt = 0;
6735
6735
  var VERSION_CHECK_INTERVAL_MS = 5 * 60 * 1e3;
6736
6736
  var lastResponsivenessProbeAt = 0;
6737
- var agtCliVersion = true ? "0.28.67" : "dev";
6737
+ var agtCliVersion = true ? "0.28.69" : "dev";
6738
6738
  function resolveBrewPath(execFileSync4) {
6739
6739
  try {
6740
6740
  const out = execFileSync4("which", ["brew"], { timeout: 5e3 }).toString().trim();
@@ -7842,7 +7842,7 @@ async function pollCycle() {
7842
7842
  }
7843
7843
  try {
7844
7844
  const { detectHostSecurity } = await import("../host-security-6PDFG7F5.js");
7845
- const { collectDiagnostics } = await import("../persistent-session-XVVQWPD6.js");
7845
+ const { collectDiagnostics } = await import("../persistent-session-37EAR7QR.js");
7846
7846
  const diagCodeNames = [...agentState.persistentSessionAgents];
7847
7847
  const agentDiagnostics = diagCodeNames.length > 0 ? collectDiagnostics(diagCodeNames) : void 0;
7848
7848
  let tailscaleHostname;
@@ -7943,7 +7943,7 @@ async function pollCycle() {
7943
7943
  const {
7944
7944
  collectResponsivenessProbes,
7945
7945
  getResponsivenessIntervalMs
7946
- } = await import("../responsiveness-probe-IRGV6O77.js");
7946
+ } = await import("../responsiveness-probe-WI5X7C55.js");
7947
7947
  const probeIntervalMs = getResponsivenessIntervalMs();
7948
7948
  if (now - lastResponsivenessProbeAt > probeIntervalMs) {
7949
7949
  const probeCodeNames = [...agentState.persistentSessionAgents];
@@ -7975,7 +7975,7 @@ async function pollCycle() {
7975
7975
  collectResponsivenessProbes,
7976
7976
  livePendingInboundOldestAgeSeconds,
7977
7977
  parkPendingInbound
7978
- } = await import("../responsiveness-probe-IRGV6O77.js");
7978
+ } = await import("../responsiveness-probe-WI5X7C55.js");
7979
7979
  const { getProjectDir: wedgeProjectDir } = await import("../claude-scheduler-FATCLHDM.js");
7980
7980
  const wedgeNow = /* @__PURE__ */ new Date();
7981
7981
  const liveAgents = agentState.persistentSessionAgents;
@@ -11409,7 +11409,7 @@ async function processClaudePairSessions(agents) {
11409
11409
  killPairSession,
11410
11410
  pairTmuxSession,
11411
11411
  finalizeClaudePairOnboarding
11412
- } = await import("../claude-pair-runtime-ICHMWZPP.js");
11412
+ } = await import("../claude-pair-runtime-W6D56XZG.js");
11413
11413
  for (const pairId of pendingResp.cancelled_pair_ids ?? []) {
11414
11414
  log(`[claude-pair] sweeping orphan tmux session for pair ${pairId.slice(0, 8)}`);
11415
11415
  const killed = await killPairSession(pairTmuxSession(pairId));
@@ -21098,6 +21098,26 @@ var AdminDebugClient = class _AdminDebugClient {
21098
21098
  getHost(args) {
21099
21099
  return this.get("/admin/debug/get-host", _AdminDebugClient.cleanQuery(args));
21100
21100
  }
21101
+ /** Effective feature flags WITH source attribution for an agent/host (ENG-6517). */
21102
+ inspectFlags(args) {
21103
+ return this.get("/admin/debug/inspect-flags", _AdminDebugClient.cleanQuery(args));
21104
+ }
21105
+ // ENG-6516: alert triage writes — a single triage route, three ergonomic verbs.
21106
+ triageAlert(alertId, body) {
21107
+ return this.post(`/admin/debug/alerts/${encodeURIComponent(alertId)}/triage`, body);
21108
+ }
21109
+ /** Acknowledge an open alert (ENG-6516). */
21110
+ ackAlert(args) {
21111
+ return this.triageAlert(args.alert_id, { action: "ack", reason: args.reason });
21112
+ }
21113
+ /** Snooze an open alert until 15m|1h|4h|until_tomorrow (ENG-6516). */
21114
+ snoozeAlert(args) {
21115
+ return this.triageAlert(args.alert_id, { action: "snooze", duration: args.duration, reason: args.reason });
21116
+ }
21117
+ /** Close an open alert (closed_reason=manual) (ENG-6516). */
21118
+ closeAlert(args) {
21119
+ return this.triageAlert(args.alert_id, { action: "close", reason: args.reason });
21120
+ }
21101
21121
  /** List the orgs you're authorized to read, with tier + grant standing + rollups (ENG-6483). */
21102
21122
  searchOrgs(args) {
21103
21123
  return this.get("/admin/debug/orgs", _AdminDebugClient.cleanQuery(args));
@@ -21274,6 +21294,25 @@ var getHostSchema = external_exports.object({
21274
21294
  host: external_exports.string().min(1).max(128).describe("The host id (uuid) or its exact, case-insensitive name. Use the id if the name is ambiguous."),
21275
21295
  since_hours: external_exports.number().int().min(1).max(720).optional().describe("Window for the restart-count rollup, in hours. Default 24.")
21276
21296
  });
21297
+ var inspectFlagsSchema = external_exports.object({
21298
+ host: external_exports.string().min(1).max(128).optional().describe("The host id (uuid) or its exact, case-insensitive name. Pass this OR agent_id."),
21299
+ agent_id: external_exports.string().min(1).max(64).optional().describe("The agent UUID \u2014 flags are inspected on the agent's current host. Pass this OR host.")
21300
+ });
21301
+ var alertIdField = external_exports.string().min(1).max(64).describe("The alert id (uuid), from debug_list_alerts.");
21302
+ var triageReasonField = external_exports.string().max(2e3).optional().describe("Why \u2014 recorded on the cross-org audit trail. Be specific.");
21303
+ var ackAlertSchema = external_exports.object({
21304
+ alert_id: alertIdField,
21305
+ reason: triageReasonField
21306
+ });
21307
+ var snoozeAlertSchema = external_exports.object({
21308
+ alert_id: alertIdField,
21309
+ duration: external_exports.enum(["15m", "1h", "4h", "until_tomorrow"]).describe("How long to suppress paging: 15m | 1h | 4h | until_tomorrow (09:00 UTC next day)."),
21310
+ reason: triageReasonField
21311
+ });
21312
+ var closeAlertSchema = external_exports.object({
21313
+ alert_id: alertIdField,
21314
+ reason: triageReasonField
21315
+ });
21277
21316
  var hostVersionsSchema = external_exports.object({
21278
21317
  q: external_exports.string().max(128).optional().describe("Case-insensitive substring match on host name."),
21279
21318
  status: external_exports.string().max(32).optional().describe("Filter by host status (active | decommissioned)."),
@@ -21515,6 +21554,27 @@ server.tool(
21515
21554
  }
21516
21555
  }
21517
21556
  );
21557
+ server.tool(
21558
+ "debug_inspect_flags",
21559
+ "Inspect an agent/host's EFFECTIVE feature flags WITH source attribution \u2014 the one-call answer to \"is an env override silently masking a flag?\" (the ENG-6478 / koda drift class), instead of grepping manager.log for WARN spam. For each registry flag it returns { effective, source, env_value, env_var, heartbeat_value, central_value, default_value, env_masks_heartbeat, host_stale, sensitive }. `source` mirrors how the host actually resolves a flag: env override > heartbeat-materialized (the value the control plane last sent the host) > compiled default. `env_masks_heartbeat:true` is the smoking gun for ENG-6478 (a host env gate overriding a different DB-resolved value); `host_stale:true` means the host hasn't picked up a central change. Host-side values come from the host's latest config snapshot (so snapshot:null \u21D2 the host hasn't reported one and attribution degrades to default + central). Top-level `drift_keys` lists the flags worth looking at. Pass exactly one of { host } (id or exact name) or { agent_id } (inspects its current host). Read-only; fails closed for an unauthorized/unknown target; audited as a cross-org access.",
21560
+ inspectFlagsSchema.shape,
21561
+ async (args) => {
21562
+ try {
21563
+ const hasHost = typeof args.host === "string" && args.host.length > 0;
21564
+ const hasAgent = typeof args.agent_id === "string" && args.agent_id.length > 0;
21565
+ if (hasHost === hasAgent) {
21566
+ return {
21567
+ content: [{ type: "text", text: "Pass exactly one of host or agent_id." }],
21568
+ isError: true
21569
+ };
21570
+ }
21571
+ const result = await client.inspectFlags(args);
21572
+ return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
21573
+ } catch (err) {
21574
+ return { content: [{ type: "text", text: formatError2(err) }], isError: true };
21575
+ }
21576
+ }
21577
+ );
21518
21578
  server.tool(
21519
21579
  "debug_list_alerts",
21520
21580
  "List recent platform alerts across authorized orgs (host-down, agent-stale, probe-timeout, auth-failed), including NULL-team host alerts. Returns a projection per alert (kind, severity, message, source, open/closed state). Filter with { severity, open, limit }.",
@@ -21528,6 +21588,45 @@ server.tool(
21528
21588
  }
21529
21589
  }
21530
21590
  );
21591
+ server.tool(
21592
+ "debug_ack_alert",
21593
+ "Acknowledge an open alert \u2014 close the triage loop here instead of bouncing to the webapp. Stops escalation/paging for it without closing it. Unlike the host-affecting remedial actions this is a low-risk, reversible control-plane write (it sets acknowledged_at/by on the alert row), so it applies directly \u2014 gated by the admin-debug write mode and authorized against the alert's org (a NULL-org infra alert is IL-internal-only). Returns { alert_id, action, write_mode, applied, alert }. `applied:false` means write mode is `shadow` (validated, not written). Get the alert id from debug_list_alerts. Pass { alert_id, reason? }. Every call is audited as a cross-org access.",
21594
+ ackAlertSchema.shape,
21595
+ async (args) => {
21596
+ try {
21597
+ const result = await client.ackAlert(args);
21598
+ return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
21599
+ } catch (err) {
21600
+ return { content: [{ type: "text", text: formatError2(err) }], isError: true };
21601
+ }
21602
+ }
21603
+ );
21604
+ server.tool(
21605
+ "debug_snooze_alert",
21606
+ "Snooze an open alert \u2014 suppress fresh pages for it until 15m | 1h | 4h | until_tomorrow (09:00 UTC next day), without closing it. Low-risk reversible control-plane write (sets snoozed_until); applies directly under the admin-debug write mode, authorized against the alert's org. Returns { alert_id, action, write_mode, applied, alert }; `applied:false` \u21D2 shadow mode. Pass { alert_id, duration, reason? }. Audited as a cross-org access.",
21607
+ snoozeAlertSchema.shape,
21608
+ async (args) => {
21609
+ try {
21610
+ const result = await client.snoozeAlert(args);
21611
+ return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
21612
+ } catch (err) {
21613
+ return { content: [{ type: "text", text: formatError2(err) }], isError: true };
21614
+ }
21615
+ }
21616
+ );
21617
+ server.tool(
21618
+ "debug_close_alert",
21619
+ "Close an open alert (closed_reason=manual) \u2014 resolve it from here when you've confirmed it's handled, instead of the webapp. Low-risk control-plane write (sets closed_at + closed_reason); applies directly under the admin-debug write mode, authorized against the alert's org. Only OPEN alerts can be closed (a 409 means it was already closed). Returns { alert_id, action, write_mode, applied, alert }; `applied:false` \u21D2 shadow mode. Pass { alert_id, reason? }. Audited as a cross-org access.",
21620
+ closeAlertSchema.shape,
21621
+ async (args) => {
21622
+ try {
21623
+ const result = await client.closeAlert(args);
21624
+ return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
21625
+ } catch (err) {
21626
+ return { content: [{ type: "text", text: formatError2(err) }], isError: true };
21627
+ }
21628
+ }
21629
+ );
21531
21630
  server.tool(
21532
21631
  "debug_search_orgs",
21533
21632
  `List the ORGANIZATIONS you're authorized to read \u2014 the org-level entry point for triage and access decisions, so you don't have to infer orgs off agent/host rows or probe one org's tier with debug_request_access. Returns a projection per org: { organization_id, organization_slug, display_name, is_internal, management_mode (fully_managed | self_managed), standing_reason (internal | fully_managed | granted \u2014 WHY you can read it), has_active_grant (do you hold a live grant right now), host_count, agent_count, active_agent_count, open_alert_count, created_at }. Use it to (1) decide access in one read \u2014 see a self_managed org and its grant state before deciding to debug_request_access; (2) triage the fleet \u2014 "which orgs have open alerts" (open_alert_count includes stuck-restart alerts) without walking agents; (3) disambiguate a slug \u2192 id \u2192 tier without needing an agent/host to exist. Authorized = IL-owned (is_internal) + fully-managed orgs (standing) plus any self-managed org you hold an active grant for. Filter with { q (slug/name substring), management_mode, is_internal, limit }. Projection only \u2014 no secrets, no transcripts; org-walled in SQL and audited as a cross-org access.`,
@@ -25,8 +25,8 @@ import {
25
25
  takeZombieDetection,
26
26
  writeDirectChatSessionState,
27
27
  writePersistentClaudeWrapper
28
- } from "./chunk-4W57ZRW6.js";
29
- import "./chunk-CDMYI3G6.js";
28
+ } from "./chunk-NAKDDR6O.js";
29
+ import "./chunk-F7LALIIP.js";
30
30
  import "./chunk-XWVM4KPK.js";
31
31
  export {
32
32
  SEND_KEYS_ENTER_DELAY_MS,
@@ -56,4 +56,4 @@ export {
56
56
  writeDirectChatSessionState,
57
57
  writePersistentClaudeWrapper
58
58
  };
59
- //# sourceMappingURL=persistent-session-XVVQWPD6.js.map
59
+ //# sourceMappingURL=persistent-session-37EAR7QR.js.map
@@ -1,7 +1,7 @@
1
1
  import {
2
2
  paneLogPath
3
- } from "./chunk-4W57ZRW6.js";
4
- import "./chunk-CDMYI3G6.js";
3
+ } from "./chunk-NAKDDR6O.js";
4
+ import "./chunk-F7LALIIP.js";
5
5
  import "./chunk-XWVM4KPK.js";
6
6
 
7
7
  // src/lib/responsiveness-probe.ts
@@ -250,4 +250,4 @@ export {
250
250
  parkPendingInbound,
251
251
  readAndResetChannelDeflections
252
252
  };
253
- //# sourceMappingURL=responsiveness-probe-IRGV6O77.js.map
253
+ //# sourceMappingURL=responsiveness-probe-WI5X7C55.js.map
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@integrity-labs/agt-cli",
3
- "version": "0.28.67",
3
+ "version": "0.28.69",
4
4
  "description": "Augmented Team CLI — agent provisioning and management",
5
5
  "type": "module",
6
6
  "engines": {