@integrity-labs/agt-cli 0.6.6 → 0.6.7

package/dist/host-security-6PDFG7F5.js

@@ -0,0 +1,36 @@
+// src/lib/host-security.ts
+import { execSync } from "child_process";
+import { existsSync } from "fs";
+var SOCKETFILTERFW = "/usr/libexec/ApplicationFirewall/socketfilterfw";
+function runCommand(cmd) {
+  try {
+    return execSync(cmd, { timeout: 5e3, encoding: "utf-8" }).trim();
+  } catch {
+    return null;
+  }
+}
+function parseBool(output, enabledPattern, disabledPattern) {
+  if (!output) return null;
+  if (enabledPattern.test(output)) return true;
+  if (disabledPattern.test(output)) return false;
+  return null;
+}
+function detectHostSecurity() {
+  const os = runCommand("uname -s");
+  if (os !== "Darwin") return null;
+  if (!existsSync(SOCKETFILTERFW)) return null;
+  const globalState = runCommand(`${SOCKETFILTERFW} --getglobalstate`);
+  if (!globalState) return null;
+  const stealthMode = runCommand(`${SOCKETFILTERFW} --getstealthmode`);
+  const blockAll = runCommand(`${SOCKETFILTERFW} --getblockall`);
+  return {
+    os: "darwin",
+    firewall_enabled: parseBool(globalState, /\benabled\b/i, /\bdisabled\b/i),
+    firewall_stealth: parseBool(stealthMode, /\bon\b/i, /\boff\b/i),
+    firewall_block_all: parseBool(blockAll, /\benabled\b/i, /\bdisabled\b/i)
+  };
+}
+export {
+  detectHostSecurity
+};
+//# sourceMappingURL=host-security-6PDFG7F5.js.map

package/dist/host-security-6PDFG7F5.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/lib/host-security.ts"],"sourcesContent":["import { execSync } from 'node:child_process';\nimport { existsSync } from 'node:fs';\n\nexport interface HostSecurityInfo {\n  os: string;\n  firewall_enabled: boolean | null;\n  firewall_stealth: boolean | null;\n  firewall_block_all: boolean | null;\n}\n\nconst SOCKETFILTERFW = '/usr/libexec/ApplicationFirewall/socketfilterfw';\n\nfunction runCommand(cmd: string): string | null {\n  try {\n    return execSync(cmd, { timeout: 5000, encoding: 'utf-8' }).trim();\n  } catch {\n    return null;\n  }\n}\n\nfunction parseBool(\n  output: string | null,\n  enabledPattern: RegExp,\n  disabledPattern: RegExp,\n): boolean | null {\n  if (!output) return null;\n  if (enabledPattern.test(output)) return true;\n  if (disabledPattern.test(output)) return false;\n  return null;\n}\n\n/**\n * Detect macOS Application Firewall state.\n * Returns null on non-macOS or if detection fails.\n */\nexport function detectHostSecurity(): HostSecurityInfo | null {\n  const os = runCommand('uname -s');\n  if (os !== 'Darwin') return null;\n\n  if (!existsSync(SOCKETFILTERFW)) return null;\n\n  const globalState = runCommand(`${SOCKETFILTERFW} --getglobalstate`);\n  if (!globalState) return null;\n\n  const stealthMode = runCommand(`${SOCKETFILTERFW} --getstealthmode`);\n  const blockAll = runCommand(`${SOCKETFILTERFW} --getblockall`);\n\n  return {\n    os: 'darwin',\n    firewall_enabled: parseBool(globalState, /\\benabled\\b/i, /\\bdisabled\\b/i),\n    firewall_stealth: parseBool(stealthMode, /\\bon\\b/i, /\\boff\\b/i),\n    firewall_block_all: parseBool(blockAll, /\\benabled\\b/i, /\\bdisabled\\b/i),\n  };\n}\n"],"mappings":";AAAA,SAAS,gBAAgB;AACzB,SAAS,kBAAkB;AAS3B,IAAM,iBAAiB;AAEvB,SAAS,WAAW,KAA4B;AAC9C,MAAI;AACF,WAAO,SAAS,KAAK,EAAE,SAAS,KAAM,UAAU,QAAQ,CAAC,EAAE,KAAK;AAAA,EAClE,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,SAAS,UACP,QACA,gBACA,iBACgB;AAChB,MAAI,CAAC,OAAQ,QAAO;AACpB,MAAI,eAAe,KAAK,MAAM,EAAG,QAAO;AACxC,MAAI,gBAAgB,KAAK,MAAM,EAAG,QAAO;AACzC,SAAO;AACT;AAMO,SAAS,qBAA8C;AAC5D,QAAM,KAAK,WAAW,UAAU;AAChC,MAAI,OAAO,SAAU,QAAO;AAE5B,MAAI,CAAC,WAAW,cAAc,EAAG,QAAO;AAExC,QAAM,cAAc,WAAW,GAAG,cAAc,mBAAmB;AACnE,MAAI,CAAC,YAAa,QAAO;AAEzB,QAAM,cAAc,WAAW,GAAG,cAAc,mBAAmB;AACnE,QAAM,WAAW,WAAW,GAAG,cAAc,gBAAgB;AAE7D,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,kBAAkB,UAAU,aAAa,gBAAgB,eAAe;AAAA,IACxE,kBAAkB,UAAU,aAAa,WAAW,UAAU;AAAA,IAC9D,oBAAoB,UAAU,UAAU,gBAAgB,eAAe;AAAA,EACzE;AACF;","names":[]}

package/dist/lib/manager-worker.js

@@ -8,7 +8,7 @@ import {
   provision,
   requireHost,
   resolveChannels
-} from "../chunk-EUF2V4N5.js";
+} from "../chunk-UIWXBJSX.js";
 import {
   findTaskByTemplate,
   getProjectDir,
@@ -775,6 +775,7 @@ var state = {
 };
 var registeredAgentsCache = /* @__PURE__ */ new Map();
 var agentFrameworkCache = /* @__PURE__ */ new Map();
+var frameworkBinaryChecked = /* @__PURE__ */ new Set();
 function resolveAgentFramework(codeName) {
   const frameworkId = agentFrameworkCache.get(codeName) ?? "openclaw";
   return getFramework(frameworkId);
@@ -810,6 +811,63 @@ function clearAgentCaches(agentId, codeName) {
 var cachedFrameworkVersion = null;
 var lastVersionCheckAt = 0;
 var VERSION_CHECK_INTERVAL_MS = 5 * 60 * 1e3;
+async function ensureFrameworkBinary(frameworkId) {
+  if (frameworkId !== "claude-code") return;
+  if (frameworkBinaryChecked.has(frameworkId)) return;
+  frameworkBinaryChecked.add(frameworkId);
+  const { execFileSync } = await import("child_process");
+  let brewPath;
+  try {
+    brewPath = execFileSync("which", ["brew"], { timeout: 5e3 }).toString().trim();
+  } catch {
+    log("Homebrew not found \u2014 cannot auto-install/upgrade Claude Code. Install manually: https://claude.ai/download");
+    return;
+  }
+  let claudeExists = false;
+  try {
+    execFileSync("which", ["claude"], { timeout: 5e3 });
+    claudeExists = true;
+  } catch {
+  }
+  if (!claudeExists) {
+    log("Claude Code binary not found \u2014 installing via Homebrew...");
+    try {
+      execFileSync(brewPath, ["install", "--cask", "claude-code"], {
+        timeout: 12e4,
+        stdio: "pipe"
+      });
+    } catch (err) {
+      log(`Claude Code install failed: ${err.message}`);
+      return;
+    }
+    try {
+      execFileSync("which", ["claude"], { timeout: 5e3 });
+      log("Claude Code installed successfully");
+    } catch {
+      log("Claude Code install completed but binary not found on PATH \u2014 you may need to restart your terminal");
+    }
+  } else {
+    log("Checking for Claude Code updates...");
+    try {
+      const output = execFileSync(brewPath, ["upgrade", "--cask", "claude-code"], {
+        timeout: 12e4,
+        stdio: "pipe"
+      }).toString();
+      if (output.includes("already installed") || output.includes("up-to-date")) {
+        log("Claude Code is already up to date");
+      } else {
+        log("Claude Code upgraded successfully");
+      }
+    } catch (err) {
+      const msg = err.message;
+      if (msg.includes("already installed") || msg.includes("up-to-date") || msg.includes("not upgraded")) {
+        log("Claude Code is already up to date");
+      } else {
+        log(`Claude Code upgrade failed: ${msg}`);
+      }
+    }
+  }
+}
 function loadGatewayPorts() {
   try {
     return JSON.parse(readFileSync2(GATEWAY_PORTS_FILE, "utf-8"));
@@ -1126,15 +1184,21 @@ async function pollCycle() {
       lastVersionCheckAt = now;
     }
     try {
+      const { detectHostSecurity } = await import("../host-security-6PDFG7F5.js");
       await api.post("/host/heartbeat", {
         host_id: hostId,
-        framework_version: cachedFrameworkVersion ?? void 0
+        framework_version: cachedFrameworkVersion ?? void 0,
+        host_security: detectHostSecurity() ?? void 0
       });
     } catch (err) {
       log(`Heartbeat failed: ${err.message}`);
     }
     const data = await api.post("/host/agents", { host_id: hostId });
     const agents = data.agents ?? [];
+    const frameworksThisCycle = new Set(agents.map((a) => a.framework).filter(Boolean));
+    for (const fw of frameworksThisCycle) {
+      await ensureFrameworkBinary(fw);
+    }
     activeChannels.clear();
     const agentStates = [];
     for (const agent of agents) {
@@ -1203,6 +1267,13 @@ async function pollCycle() {
     ensureRealtimeAssignStarted(agentStates);
     ensureRealtimeConfigStarted(agentStates);
     ensureRealtimeKanbanStarted(agentStates);
+    try {
+      const spawnData = await api.post("/host/kanban/recurring/spawn");
+      if (spawnData.spawned > 0) {
+        log(`Spawned ${spawnData.spawned} recurring kanban item(s)`);
+      }
+    } catch {
+    }
     state = {
       ...state,
       lastPollAt: (/* @__PURE__ */ new Date()).toISOString(),
@@ -3266,17 +3337,17 @@ function generateArtifacts(agent, refreshData, adapter) {
     denied: [],
     require_approval_to_change: true
   };
-  let teamChannelPolicy;
+  let orgChannelPolicy;
   const policyData = refreshData.team_channel_policy;
   if (policyData) {
-    teamChannelPolicy = {
-      team_id: policyData.team_id,
+    orgChannelPolicy = {
+      organization_id: policyData.team_id,
       allowed_channels: policyData.allowed_channels ?? [],
       denied_channels: policyData.denied_channels ?? [],
       require_elevated_for_pii: policyData.require_elevated_for_pii ?? false
     };
   }
-  const resolvedChannels = resolveChannels(agentChannelPolicy, teamChannelPolicy);
+  const resolvedChannels = resolveChannels(agentChannelPolicy, orgChannelPolicy);
   const effectiveChannels = agent.status === "paused" ? [] : resolvedChannels;
   const provisionInput = {
     agent: refreshData.agent,