agent-tempo 1.6.0 → 1.6.1

package/dashboard/package.json

@@ -1,7 +1,7 @@
 {
   "name": "agent-tempo-dashboard",
   "private": true,
-  "version": "1.6.0",
+  "version": "1.6.1",
   "type": "module",
   "description": "Web dashboard for agent-tempo. Bundled into the npm package; served by the daemon at /dashboard/*.",
   "scripts": {

package/dist/cli/commands.js

@@ -938,6 +938,7 @@ function temporalCliExists() {
 }
 function registerSearchAttributes(temporalAddress, namespace = 'default') {
     let failed = 0;
+    let permissionBlocked = 0;
     for (const attr of sa_preflight_1.REQUIRED_SEARCH_ATTRIBUTES) {
         const r = (0, sa_preflight_1.registerSearchAttribute)(attr, temporalAddress, namespace);
         switch (r.status) {
@@ -948,17 +949,33 @@ function registerSearchAttributes(temporalAddress, namespace = 'default') {
                 out.dim(`  ${attr.name} (already registered)`);
                 break;
             case 'failed':
-                // Surface the real error — pre-#605 this branch was silently
-                // labeled "already exists" and the operator only discovered the
-                // problem hours later when workflow start failed with
-                // INVALID_ARGUMENT. Most common cause on the SQLite dev server is
-                // the 10-Keyword-per-namespace cap (often hit when a namespace
-                // accumulates both old + new wire-rename attribute families).
-                failed++;
-                out.warn(`Failed to register ${attr.name}: ${r.detail}`);
+                // A PERMISSION error (Temporal Cloud namespace API keys can't reach the
+                // operator service) means we can't tell whether the SA exists — NOT that
+                // it's missing. Don't print a scary per-attr "Failed to register" or count
+                // it as a failure; collapse to ONE soft line below and PROCEED. Reserve
+                // the per-attr warning + hard "will fail" conclusion for DEFINITIVE
+                // failures (e.g. the SQLite dev server's 10-Keyword-per-namespace cap).
+                if ((0, sa_preflight_1.isPermissionError)(r.detail)) {
+                    permissionBlocked++;
+                }
+                else {
+                    failed++;
+                    out.warn(`Failed to register ${attr.name}: ${r.detail}`);
+                }
                 break;
         }
     }
+    // Permission-blocked (normal on Temporal Cloud): one accurate, non-alarming
+    // line — we couldn't manage the SAs, but that doesn't mean they're missing.
+    if (permissionBlocked > 0) {
+        const saList = sa_preflight_1.REQUIRED_SEARCH_ATTRIBUTES.map((a) => `${a.name}:${a.type}`).join(', ');
+        out.warn(`Couldn't verify search attributes — this credential lacks permission to manage them ` +
+            `(normal on Temporal Cloud, where search attributes are managed via the Cloud UI or tcld). ` +
+            `If workflow starts fail with "search attribute ... is not defined", create these ` +
+            `${sa_preflight_1.REQUIRED_SEARCH_ATTRIBUTES.length} via the Cloud UI / tcld: ${saList}. ` +
+            `Otherwise this is safe to ignore.`);
+    }
+    // DEFINITIVE failures genuinely block — keep the hard, actionable conclusion.
     if (failed > 0) {
         out.warn(`${failed} search attribute${failed === 1 ? '' : 's'} not registered — ` +
             `workflow starts will fail. Resolve the errors above before continuing.`);

package/dist/cli/config-command.d.ts

@@ -11,8 +11,24 @@ import type { AgentType } from '../types';
  *     are not offered here.
  * Single source of truth for the interactive selector + `config set` validation
  * (#666 — adds `pi` so the new interactive Pi conductor can be the default).
+ *
+ * DELIBERATE SUBSET of `AGENT_TYPES` (NOT derived from it): this is a CAPABILITY
+ * allowlist (conductor-capable production agents), distinct from `parseAgent`'s
+ * type-VALIDITY check, which accepts all of `AGENT_TYPES`. Keep the two separate —
+ * #683 was caused by a validity check (`config.ts`) that had been hardcoded to a
+ * stale subset; this one is intentionally narrow and must stay that way.
  */
 export declare const VALID_DEFAULT_AGENTS: readonly AgentType[];
+/** True when a config key holds a credential value that must be masked on display. */
+export declare function isSecretKey(key: string): boolean;
+/**
+ * Render a secret for display: a short non-sensitive prefix (when the value is
+ * long enough that the prefix reveals only a small fraction) + a masked tail +
+ * the char count. NEVER returns the full value. Empty/unset → "(not set)".
+ *
+ * Examples: `sk-ant-…•••• (set, 47 chars)` · short secret → `•••• (set, 6 chars)`.
+ */
+export declare function maskSecret(value: string | undefined | null): string;
 /** Interactive config setup: `agent-tempo config` */
 export declare function configInteractive(): Promise<void>;
 /** Non-interactive: `agent-tempo config set <key> <value>` */

package/dist/cli/config-command.js

@@ -34,6 +34,8 @@ var __importStar = (this && this.__importStar) || (function () {
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.VALID_DEFAULT_AGENTS = void 0;
+exports.isSecretKey = isSecretKey;
+exports.maskSecret = maskSecret;
 exports.configInteractive = configInteractive;
 exports.configSet = configSet;
 exports.configShow = configShow;
@@ -54,6 +56,12 @@ const out = __importStar(require("./output"));
  *     are not offered here.
  * Single source of truth for the interactive selector + `config set` validation
  * (#666 — adds `pi` so the new interactive Pi conductor can be the default).
+ *
+ * DELIBERATE SUBSET of `AGENT_TYPES` (NOT derived from it): this is a CAPABILITY
+ * allowlist (conductor-capable production agents), distinct from `parseAgent`'s
+ * type-VALIDITY check, which accepts all of `AGENT_TYPES`. Keep the two separate —
+ * #683 was caused by a validity check (`config.ts`) that had been hardcoded to a
+ * stale subset; this one is intentionally narrow and must stay that way.
  */
 exports.VALID_DEFAULT_AGENTS = ['claude', 'copilot', 'pi'];
 // NOTE: `createTemporalConnection` is dynamic-imported inside `configInteractive`'s
@@ -61,7 +69,38 @@ exports.VALID_DEFAULT_AGENTS = ['claude', 'copilot', 'pi'];
 // `@temporalio/client`, defeating the crash-proof property of `config show` /
 // `config set` — both of which are pure fs operations and must remain operable
 // under a broken Temporal SDK install.
-const SECRET_KEYS = new Set(['temporalApiKey']);
+// #684 — secret-masking. Any config field whose name looks like a credential is
+// masked in EVERY display path (show / interactive default / set echo) so a key is
+// never printed raw (terminal scrollback, screen-share, logs). Generalized on
+// purpose: a future secret added to the config is masked BY DEFAULT, not leaked.
+const SECRET_KEYS = new Set(['temporalApiKey', 'httpToken', 'readToken', 'adminToken']);
+// Matches *_API_KEY / *ApiKey / *Token / *Secret / *Password but NOT path fields
+// (e.g. temporalTlsKeyPath is a file path, not the key — it must stay visible).
+const SECRET_KEY_PATTERN = /(api[_-]?key|token|secret|password)/i;
+/** True when a config key holds a credential value that must be masked on display. */
+function isSecretKey(key) {
+    if (/path$/i.test(key))
+        return false; // *Path fields are file locations, not secrets
+    return SECRET_KEYS.has(key) || SECRET_KEY_PATTERN.test(key);
+}
+/**
+ * Render a secret for display: a short non-sensitive prefix (when the value is
+ * long enough that the prefix reveals only a small fraction) + a masked tail +
+ * the char count. NEVER returns the full value. Empty/unset → "(not set)".
+ *
+ * Examples: `sk-ant-…•••• (set, 47 chars)` · short secret → `•••• (set, 6 chars)`.
+ */
+function maskSecret(value) {
+    if (value == null || value === '')
+        return '(not set)';
+    const len = value.length;
+    // Reveal a prefix only when it's a small fraction of the whole; never for short
+    // secrets (so the output can never contain the full input — see the unit test).
+    const prefixLen = len >= 12 ? 6 : len >= 8 ? 3 : 0;
+    const prefix = value.slice(0, prefixLen);
+    const masked = prefixLen > 0 ? `${prefix}…••••` : '••••';
+    return `${masked} (set, ${len} chars)`;
+}
 /** Read a line from stdin with a prompt and optional default value. */
 function ask(prompt, defaultVal, mask = false) {
     return new Promise((resolve) => {
@@ -69,7 +108,11 @@ function ask(prompt, defaultVal, mask = false) {
             input: process.stdin,
             output: process.stdout,
         });
-        const display = defaultVal ? `${prompt} (${defaultVal}): ` : `${prompt}: `;
+        // #684 — for masked (secret) prompts NEVER echo the raw existing value as the
+        // shown default; render a masked hint instead. The real `defaultVal` is still
+        // returned on empty input, so an existing key is preserved without exposing it.
+        const shownDefault = mask ? maskSecret(defaultVal) : defaultVal;
+        const display = defaultVal ? `${prompt} (${shownDefault}): ` : `${prompt}: `;
         if (mask) {
             // For secret input: write prompt manually, mute output
             process.stdout.write(`? ${display}`);
@@ -212,7 +255,9 @@ function configSet(key, value) {
     }
     config[configKey] = value;
     (0, config_1.saveConfigFile)(config);
-    out.success(`Set ${configKey} = ${configKey.includes('Key') ? '****' : value}`);
+    // #684 — echo through the same secret-masking path so `config set temporalApiKey …`
+    // never prints the value back raw (and a *Path field still shows its location).
+    out.success(`Set ${configKey} = ${isSecretKey(configKey) ? maskSecret(value) : value}`);
 }
 /** Show current config: `agent-tempo config show` */
 function configShow() {
@@ -234,8 +279,9 @@ function configShow() {
     for (const { key, configKey } of keys) {
         const value = config[configKey];
         const source = sources[configKey];
-        const isSecret = SECRET_KEYS.has(key);
-        const display = !value ? '(not set)' : isSecret ? '****' : value;
+        // #684 — secret-like fields go through maskSecret (prefix + masked tail + char
+        // count); everything else shows its value or "(not set)".
+        const display = isSecretKey(key) ? maskSecret(value) : (!value ? '(not set)' : value);
         out.log(`  ${key.padEnd(22)} ${display.padEnd(30)} ${out.dim(source)}`);
     }
     console.log();

package/dist/cli/resolve-ensemble.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Resolve the target ensemble with the precedence every CLI command uses (#685):
+ *
+ *   `--ensemble` flag  >  positional arg  >  `AGENT_TEMPO_ENSEMBLE` env  >  `'default'`
+ *
+ * `up` previously passed a bare positional-derived value and IGNORED the
+ * `--ensemble` flag (so `agent-tempo up --ensemble pitest` silently launched in
+ * `default`). Centralizing the rule here makes it a single, unit-testable source
+ * of truth so it can't drift per-command again.
+ *
+ * Pure: `env` is injectable (defaults to the live `AGENT_TEMPO_ENSEMBLE`) so the
+ * precedence is testable without mutating `process.env`.
+ */
+export declare function resolveEnsemble(args: {
+    ensemble?: string;
+    positional: string[];
+}, env?: string | undefined): string;

package/dist/cli/resolve-ensemble.js

@@ -0,0 +1,20 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.resolveEnsemble = resolveEnsemble;
+const config_1 = require("../config");
+/**
+ * Resolve the target ensemble with the precedence every CLI command uses (#685):
+ *
+ *   `--ensemble` flag  >  positional arg  >  `AGENT_TEMPO_ENSEMBLE` env  >  `'default'`
+ *
+ * `up` previously passed a bare positional-derived value and IGNORED the
+ * `--ensemble` flag (so `agent-tempo up --ensemble pitest` silently launched in
+ * `default`). Centralizing the rule here makes it a single, unit-testable source
+ * of truth so it can't drift per-command again.
+ *
+ * Pure: `env` is injectable (defaults to the live `AGENT_TEMPO_ENSEMBLE`) so the
+ * precedence is testable without mutating `process.env`.
+ */
+function resolveEnsemble(args, env = process.env[config_1.ENV.ENSEMBLE]) {
+    return args.ensemble || args.positional[1] || env || 'default';
+}

package/dist/cli/sa-preflight.d.ts

@@ -88,6 +88,14 @@ export interface RegistrationResult {
     /** stderr from the temporal CLI, populated when `status === 'failed'`. */
     detail?: string;
 }
+/**
+ * True when a registration error means "this credential can't manage search
+ * attributes" (a permission/authorization failure) rather than a definitive
+ * registration failure (e.g. the SQLite dev server's 10-Keyword cap). Used to
+ * avoid the false "not registered → starts will fail" conclusion on Temporal
+ * Cloud, where SA management lives behind the Cloud UI / `tcld`.
+ */
+export declare function isPermissionError(detail: string | undefined): boolean;
 /**
  * Pure classifier — turn a temporal CLI exit into a {@link RegistrationStatus}.
  * Extracted from {@link registerSearchAttribute} so the matching rules can

package/dist/cli/sa-preflight.js

@@ -39,6 +39,7 @@ exports.isTemporalCloud = isTemporalCloud;
 exports.sdkProbeRegisteredAttributes = sdkProbeRegisteredAttributes;
 exports.formatPreflightError = formatPreflightError;
 exports.verifySearchAttributes = verifySearchAttributes;
+exports.isPermissionError = isPermissionError;
 exports.classifyRegistrationOutput = classifyRegistrationOutput;
 exports.registerSearchAttribute = registerSearchAttribute;
 exports.assertSearchAttributesOrExit = assertSearchAttributesOrExit;
@@ -284,6 +285,36 @@ async function verifySearchAttributes(opts) {
         message: formatPreflightError(missing, opts.temporalNamespace, probeError, cloud),
     };
 }
+/**
+ * Substrings signalling the credential lacks PERMISSION to manage search
+ * attributes — distinct from a definitive registration failure. Temporal Cloud
+ * namespace API keys can't reach the operator service (Cloud manages SAs via its
+ * UI / `tcld`), so `temporal operator search-attribute create/list` returns
+ * "Request unauthorized" / PermissionDenied. That means we CANNOT determine
+ * whether the SAs are registered — NOT that they're missing. Concluding
+ * "not registered → workflow starts will fail" from a permission error is a
+ * false alarm: on Cloud the SAs are typically already present and starts succeed.
+ */
+const PERMISSION_ERROR_MARKERS = [
+    'request unauthorized',
+    'permission denied',
+    'permissiondenied',
+    'unauthorized',
+    'not authorized',
+];
+/**
+ * True when a registration error means "this credential can't manage search
+ * attributes" (a permission/authorization failure) rather than a definitive
+ * registration failure (e.g. the SQLite dev server's 10-Keyword cap). Used to
+ * avoid the false "not registered → starts will fail" conclusion on Temporal
+ * Cloud, where SA management lives behind the Cloud UI / `tcld`.
+ */
+function isPermissionError(detail) {
+    if (!detail)
+        return false;
+    const d = detail.toLowerCase();
+    return PERMISSION_ERROR_MARKERS.some((m) => d.includes(m));
+}
 /**
  * Pure classifier — turn a temporal CLI exit into a {@link RegistrationStatus}.
  * Extracted from {@link registerSearchAttribute} so the matching rules can

package/dist/cli.js

@@ -62,6 +62,7 @@ const types_1 = require("./types");
 const config_1 = require("./config");
 const legacy_migration_1 = require("./cli/legacy-migration");
 const global_wrapper_1 = require("./cli/global-wrapper");
+const resolve_ensemble_1 = require("./cli/resolve-ensemble");
 const grpc_shutdown_guard_1 = require("./utils/grpc-shutdown-guard");
 /** Package root — cli.js compiles to dist/cli.js, so one level up. Used by the inline `version` handler. */
 const PACKAGE_ROOT = (0, path_1.resolve)(__dirname, '..');
@@ -473,7 +474,10 @@ async function main() {
             break;
         case 'up':
             await up({
-                ensemble,
+                // #685 — honor `--ensemble` (flag > positional > env > 'default'), via the
+                // shared resolver. Previously `up` passed the bare positional-derived
+                // `ensemble`, so `--ensemble <name>` was silently ignored → launched in `default`.
+                ensemble: (0, resolve_ensemble_1.resolveEnsemble)(args),
                 name: args.name,
                 lineup: args.lineup,
                 noHold: args.noHold,

package/dist/config.d.ts

@@ -334,9 +334,18 @@ export declare function loadTemporalCliConfig(): PersistedConfig;
  */
 export declare function parseTemporalYaml(content: string): PersistedConfig;
 /**
- * Parse an agent value against the {@link AgentType} union.
- * Throws when `value` is present but not a valid agent; returns `'claude'`
- * for empty/unset values so callers can use it as a source-aware default.
+ * Parse an agent value against the canonical {@link AGENT_TYPES} union — the
+ * SINGLE SOURCE OF TRUTH for agent validity (shared with `cli.ts`'s `--agent`
+ * parser). Throws when `value` is present but not a known agent; returns
+ * `'claude'` for empty/unset values so callers can use it as a source-aware default.
+ *
+ * This is a pure type-VALIDITY check — it accepts EVERY `AgentType` (including
+ * `mock` and the headless adapters). Narrower CAPABILITY constraints are gated
+ * separately downstream: the recruit pre-flight rejects `mock` outside dev mode,
+ * and `config`'s `VALID_DEFAULT_AGENTS` restricts the persistent default to the
+ * conductor-capable subset. (#683: the former hardcoded `['claude','copilot']`
+ * list was stale — it rejected `defaultAgent=pi` at config LOAD, poisoning every
+ * command before the `--agent` flag was even read.)
  */
 export declare function parseAgent(value: string | undefined, source: ConfigSource): AgentType;
 /**

package/dist/config.js

@@ -23,14 +23,8 @@ const fs_1 = require("fs");
 const path_1 = require("path");
 const os_1 = require("os");
 const zod_1 = require("zod");
+const types_1 = require("./types");
 const validation_1 = require("./utils/validation");
-// `'mock'` is a valid `AgentType` value but intentionally NOT in the resolved
-// `defaultAgent` set — recruit pre-flight rejects it outside dev mode anyway,
-// and it's never a sensible *default* (each mock spawn is configured per call
-// via the `agent: 'mock'` flag, not via the resolved chain). Listing it here
-// would only enable users to set `defaultAgent=mock` in `~/.agent-tempo/config.json`,
-// which the recruit gate would then turn around and reject in production.
-const VALID_AGENTS = ['claude', 'copilot'];
 /** Environment variable name constants — use these instead of string literals. */
 exports.ENV = {
     ENSEMBLE: 'AGENT_TEMPO_ENSEMBLE',
@@ -458,16 +452,25 @@ const AGENT_SOURCE_LABELS = {
     none: 'none',
 };
 /**
- * Parse an agent value against the {@link AgentType} union.
- * Throws when `value` is present but not a valid agent; returns `'claude'`
- * for empty/unset values so callers can use it as a source-aware default.
+ * Parse an agent value against the canonical {@link AGENT_TYPES} union — the
+ * SINGLE SOURCE OF TRUTH for agent validity (shared with `cli.ts`'s `--agent`
+ * parser). Throws when `value` is present but not a known agent; returns
+ * `'claude'` for empty/unset values so callers can use it as a source-aware default.
+ *
+ * This is a pure type-VALIDITY check — it accepts EVERY `AgentType` (including
+ * `mock` and the headless adapters). Narrower CAPABILITY constraints are gated
+ * separately downstream: the recruit pre-flight rejects `mock` outside dev mode,
+ * and `config`'s `VALID_DEFAULT_AGENTS` restricts the persistent default to the
+ * conductor-capable subset. (#683: the former hardcoded `['claude','copilot']`
+ * list was stale — it rejected `defaultAgent=pi` at config LOAD, poisoning every
+ * command before the `--agent` flag was even read.)
  */
 function parseAgent(value, source) {
     if (value == null || value === '')
         return 'claude';
-    if (!VALID_AGENTS.includes(value)) {
+    if (!types_1.AGENT_TYPES.includes(value)) {
         throw new Error(`Invalid agent "${value}" from ${AGENT_SOURCE_LABELS[source]}. ` +
-            `Valid values: ${VALID_AGENTS.join(', ')}.`);
+            `Valid values: ${types_1.AGENT_TYPES.join(', ')}.`);
     }
     return value;
 }

package/dist/pi/cue-pump.js

@@ -18,7 +18,15 @@ function buildPiInjector(rt) {
         const sendUser = typeof pi?.sendUserMessage === 'function' ? pi.sendUserMessage.bind(pi) : null;
         return {
             inject: (msg, opts) => send(msg, opts),
-            ...(sendUser ? { escalate: (text) => sendUser(text) } : {}),
+            // #688 — escalate with `deliverAs: 'followUp'`. maybeEscalate can fire while a
+            // turn is ALREADY in flight (one that started BEFORE the inject — a busy
+            // false-positive), and a bare sendUserMessage (no deliverAs) while Pi is
+            // streaming throws "Agent is already processing". followUp is correct in BOTH
+            // cases: cold-idle (behavior ignored → the user message still starts a turn,
+            // escalation works) and busy (queues + drains in order, no throw). NOT 'steer'
+            // — steer would let a peer cue preempt the operator's in-flight turn, breaking
+            // the operator-vs-peer guarantee (see file header).
+            ...(sendUser ? { escalate: (text) => sendUser(text, { deliverAs: 'followUp' }) } : {}),
             lastTurnStartAt: () => rt.lastTurnStartAt,
         };
     }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agent-tempo",
-  "version": "1.6.0",
+  "version": "1.6.1",
   "description": "Many agents, one tempo. Durable coordination for multi-agent work via Temporal.",
   "keywords": [
     "mcp",