instar 0.23.0 → 0.23.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/server.d.ts.map +1 -1
- package/dist/commands/server.js +36 -3
- package/dist/commands/server.js.map +1 -1
- package/dist/messaging/WhatsAppAdapter.d.ts +8 -1
- package/dist/messaging/WhatsAppAdapter.d.ts.map +1 -1
- package/dist/messaging/WhatsAppAdapter.js +14 -1
- package/dist/messaging/WhatsAppAdapter.js.map +1 -1
- package/dist/messaging/backends/BaileysBackend.d.ts +16 -0
- package/dist/messaging/backends/BaileysBackend.d.ts.map +1 -1
- package/dist/messaging/backends/BaileysBackend.js +150 -5
- package/dist/messaging/backends/BaileysBackend.js.map +1 -1
- package/dist/messaging/shared/AuthGate.d.ts +7 -2
- package/dist/messaging/shared/AuthGate.d.ts.map +1 -1
- package/dist/messaging/shared/AuthGate.js +8 -3
- package/dist/messaging/shared/AuthGate.js.map +1 -1
- package/package.json +1 -1
- package/src/data/builtin-manifest.json +2 -2
- package/upgrades/0.23.1.md +28 -0
- package/upgrades/0.23.2.md +32 -0
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
# Upgrade Guide — v0.23.1
|
|
2
|
+
|
|
3
|
+
<!-- bump: patch -->
|
|
4
|
+
|
|
5
|
+
## What Changed
|
|
6
|
+
|
|
7
|
+
**AuthGate default flipped from allow-all to deny-all when no authorized users are configured.**
|
|
8
|
+
|
|
9
|
+
Previously, `AuthGate.isAuthorized()` returned `true` when the `authorizedUsers` set was empty (size === 0). This dangerous default caused a critical bug where a WhatsApp-connected agent with no `authorizedNumbers` configured responded to every incoming message on the account — including personal conversations with unrelated contacts.
|
|
10
|
+
|
|
11
|
+
Now:
|
|
12
|
+
- Empty `authorizedUsers` = deny all (safe default)
|
|
13
|
+
- To explicitly allow all users, include `'*'` in the authorized list (e.g., `authorizedNumbers: ['*']`)
|
|
14
|
+
- WhatsApp adapter logs a console warning when started with no `authorizedNumbers`
|
|
15
|
+
|
|
16
|
+
**Migration impact**: Any agent config with empty or missing `authorizedNumbers` will now correctly reject all messages. Agents that intentionally accept messages from anyone must add `'*'` to their authorized list.
|
|
17
|
+
|
|
18
|
+
## What to Tell Your User
|
|
19
|
+
|
|
20
|
+
- **Security fix**: "I've tightened up who can message me. Previously if no allowed contacts were set, I'd respond to everyone — now I only respond to contacts you've specifically approved. This prevents me from accidentally responding to messages meant for you."
|
|
21
|
+
|
|
22
|
+
## Summary of New Capabilities
|
|
23
|
+
|
|
24
|
+
| Capability | How to Use |
|
|
25
|
+
|-----------|-----------|
|
|
26
|
+
| Safe default authorization | Automatic — empty config now denies all |
|
|
27
|
+
| Wildcard authorization | Add a wildcard entry to your allowed contacts to accept everyone |
|
|
28
|
+
| Missing config warning | Automatic — console warning on startup if no contacts configured |
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
# Upgrade Guide — v0.23.2
|
|
2
|
+
|
|
3
|
+
<!-- bump: patch -->
|
|
4
|
+
|
|
5
|
+
## What Changed
|
|
6
|
+
|
|
7
|
+
**Session respawn loop fixed — spawn-in-progress guard + user-visible failure messages.**
|
|
8
|
+
|
|
9
|
+
Previously, when a session died and kept failing to restart (due to session limit, quota exhaustion, or other errors), the system entered a silent respawn loop:
|
|
10
|
+
- Each incoming Telegram message triggered a new respawn attempt
|
|
11
|
+
- Respawn failures were only logged to console — never reported to the user
|
|
12
|
+
- The user saw repeated "🔄 Session restarting — message queued" messages with no explanation
|
|
13
|
+
|
|
14
|
+
Two fixes:
|
|
15
|
+
|
|
16
|
+
1. **Spawn-in-progress guard**: A per-topic lock prevents multiple concurrent spawn attempts for the same topic. If a spawn is already in progress, subsequent messages receive "Session is still starting up — please wait a moment" instead of triggering another spawn.
|
|
17
|
+
|
|
18
|
+
2. **Failure reporting**: When a respawn fails, the user now receives a Telegram message explaining what happened:
|
|
19
|
+
- Session limit errors: "❌ Session restart failed — session limit reached. Close an existing session or increase maxSessions in your config, then try again."
|
|
20
|
+
- Other errors: "❌ Session restart failed. Try sending your message again in a moment."
|
|
21
|
+
|
|
22
|
+
## What to Tell Your User
|
|
23
|
+
|
|
24
|
+
- **Session restart reliability**: "When my session dies and I can't restart it, I'll now tell you exactly what went wrong — including if you've hit the session limit — instead of just silently failing. Expect clearer error messages."
|
|
25
|
+
|
|
26
|
+
## Summary of New Capabilities
|
|
27
|
+
|
|
28
|
+
| Capability | How to Use |
|
|
29
|
+
|-----------|-----------|
|
|
30
|
+
| Respawn failure messages | Automatic — user receives error via Telegram when restart fails |
|
|
31
|
+
| Session limit error guidance | Automatic — specific message when session limit prevents restart |
|
|
32
|
+
| Spawn deduplication | Automatic — rapid messages during startup no longer create duplicate sessions |
|