Keeper-Security · ukumar-ks · Mar 10, 2026 · Mar 5, 2026 · Mar 5, 2026 · Mar 5, 2026
diff --git a/keepercommander/commands/pedm/pedm_admin.py b/keepercommander/commands/pedm/pedm_admin.py
@@ -654,6 +654,8 @@ def execute(self, context: KeeperParams, **kwargs):
             if isinstance(status, admin_types.EntityStatus) and not status.success:
                 raise base.CommandError(f'Failed to update policy "{status.entity_uid}": {status.message}')
 
+        utils.get_logger().info('Successfully updated deployment: %s', deployment.name or deployment.deployment_uid)
+
 
 class PedmDeploymentDeleteCommand(base.ArgparseCommand):
     def __init__(self):
@@ -718,9 +720,12 @@ def execute(self, context: KeeperParams, **kwargs) -> Optional[str]:
         token = f'{host}:{deployment.deployment_uid}:{utils.base64_url_encode(deployment.private_key)}'
         filename = kwargs.get('file')
         if filename:
+            if os.path.isdir(filename):
+                raise base.CommandError(f'"{filename}" is a directory. Please provide a full file path, e.g. "{os.path.join(filename, "deployment-token.txt")}"')
             with open(filename, 'wt') as f:
                 f.write(token)
-                return None
+            utils.get_logger().info('Deployment token saved to: %s', os.path.abspath(filename))
+            return None
 
         if not kwargs.get('verbose'):
             return token
@@ -855,11 +860,24 @@ def execute(self, context: KeeperParams, **kwargs) -> Any:
         if len(agent_uid_list) == 0:
             return
 
-        statuses = plugin.modify_agents( remove_agents=agent_uid_list)
+        force = kwargs.get('force') is True
+        if not force:
+            answer = prompt_utils.user_choice(f'Do you want to delete {len(agent_uid_list)} agent(s)?', 'yN')
+            if answer.lower() not in {'y', 'yes'}:
+                return
+
+        statuses = plugin.modify_agents(remove_agents=agent_uid_list)
+        deleted_count = 0
         if isinstance(statuses.remove, list):
             for status in statuses.remove:
-                if isinstance(status, admin_types.EntityStatus) and not status.success:
-                    utils.get_logger().warning(f'Failed to remove agent "{status.entity_uid}": {status.message}')
+                if isinstance(status, admin_types.EntityStatus):
+                    if status.success:
+                        deleted_count += 1
+                        utils.get_logger().info('Agent "%s" deleted successfully.', status.entity_uid)
+                    else:
+                        utils.get_logger().warning(f'Failed to remove agent "{status.entity_uid}": {status.message}')
+        if deleted_count > 0:
+            utils.get_logger().info('%d agent(s) deleted successfully.', deleted_count)
 
 
 class PedmAgentEditCommand(base.ArgparseCommand):
@@ -878,9 +896,8 @@ def execute(self, context: KeeperParams, **kwargs) -> Any:
 
         deployment_uid = kwargs.get('deployment')
         if deployment_uid:
-            deployment = plugin.deployments.get_entity(deployment_uid)
-            if not deployment:
-                raise base.CommandError(f'Deployment "{deployment_uid}" does not exist')
+            deployment = PedmUtils.resolve_single_deployment(plugin, deployment_uid)
+            deployment_uid = deployment.deployment_uid
         else:
             deployment_uid = None
 
@@ -912,8 +929,11 @@ def execute(self, context: KeeperParams, **kwargs) -> Any:
             statuses = plugin.modify_agents(update_agents=update_agents)
             if isinstance(statuses.update, list):
                 for status in statuses.update:
-                    if isinstance(status, admin_types.EntityStatus) and not status.success:
-                        utils.get_logger().warning(f'Failed to update agent "{status.entity_uid}": {status.message}')
+                    if isinstance(status, admin_types.EntityStatus):
+                        if status.success:
+                            utils.get_logger().info(f'Agent "{status.entity_uid}" updated successfully.')
+                        else:
+                            utils.get_logger().warning(f'Failed to update agent "{status.entity_uid}": {status.message}')
 
 
 class PedmAgentListCommand(base.ArgparseCommand):
@@ -2080,10 +2100,19 @@ def execute(self, context: KeeperParams, **kwargs) -> Any:
             approval.expire_in
         )
 
+        fmt = kwargs.get('format')
+        justification = approval.justification
+        if fmt != 'json' and isinstance(justification, str):
+            try:
+                parsed = json.loads(justification)
+                if isinstance(parsed, dict):
+                    justification = parsed.get('text', justification)
+            except (json.JSONDecodeError, ValueError):
+                pass
+
         row = [approval.approval_uid, approval_type, approval_status, approval.agent_uid, approval.account_info,
-               approval.application_info, approval.justification, approval.expire_in, approval.created]
+               approval.application_info, justification, approval.expire_in, approval.created]
 
-        fmt = kwargs.get('format')
         if fmt == 'json':
             table = [row]
         else:
@@ -2109,6 +2138,7 @@ def execute(self, context: KeeperParams, **kwargs) -> Any:
             approval_type = approval_type.lower()
         else:
             approval_type = None
+        fmt = kwargs.get('format')
         table: List[List[Any]] = []
         headers = ['approval_uid', 'approval_type', 'status', 'agent_uid', 'account_info', 'application_info', 'justification', 'expire_in', 'created']
         for approval in plugin.approvals.get_all_entities():
@@ -2124,12 +2154,19 @@ def execute(self, context: KeeperParams, **kwargs) -> Any:
 
             account_info = [y[:30] for y in (f'{k}={v}' for k, v in approval.account_info.items())]
             application_info = [y[:30] for y in (f'{k}={v}' for k, v in approval.application_info.items())]
+            justification = approval.justification
+            if fmt != 'json' and isinstance(justification, str):
+                try:
+                    parsed = json.loads(justification)
+                    if isinstance(parsed, dict):
+                        justification = parsed.get('text', justification)
+                except (json.JSONDecodeError, ValueError):
+                    pass
             table.append([approval.approval_uid, pedm_shared.approval_type_to_name(approval.approval_type),
-                          status, approval.agent_uid, account_info, application_info, approval.justification,
+                          status, approval.agent_uid, account_info, application_info, justification,
                           approval.expire_in, approval.created])
 
         table.sort(key=lambda x: x[8], reverse=True)
-        fmt = kwargs.get('format')
         if fmt != 'json':
             headers = [report_utils.field_to_title(x) for x in headers]
         return report_utils.dump_report_data(table, headers, fmt=fmt, filename=kwargs.get('output'))