instar 0.25.9 → 0.26.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "instar",
-  "version": "0.25.9",
+  "version": "0.26.0",
   "description": "Persistent autonomy infrastructure for AI agents",
   "type": "module",
   "main": "dist/index.js",

package/src/data/builtin-manifest.json

@@ -1,8 +1,8 @@
 {
   "$schema": "./builtin-manifest.schema.json",
   "schemaVersion": 1,
-  "generatedAt": "2026-04-01T03:06:49.847Z",
-  "instarVersion": "0.25.9",
+  "generatedAt": "2026-04-01T17:58:54.321Z",
+  "instarVersion": "0.26.0",
   "entryCount": 180,
   "entries": {
     "hook:session-start": {
@@ -11,7 +11,7 @@
       "domain": "identity",
       "sourcePath": "src/core/PostUpdateMigrator.ts",
       "installedPath": ".instar/hooks/instar/session-start.sh",
-      "contentHash": "4add58a53e70e51267eda59e5545c1509bbea98449a9b609270e081c77ec9fe8",
+      "contentHash": "6962a5ea43ab7ac29cad9871706213f2998c1ebd39b0fc06e68e1154ab284333",
       "since": "2025-01-01"
     },
     "hook:dangerous-command-guard": {
@@ -20,7 +20,7 @@
       "domain": "safety",
       "sourcePath": "src/core/PostUpdateMigrator.ts",
       "installedPath": ".instar/hooks/instar/dangerous-command-guard.sh",
-      "contentHash": "4add58a53e70e51267eda59e5545c1509bbea98449a9b609270e081c77ec9fe8",
+      "contentHash": "6962a5ea43ab7ac29cad9871706213f2998c1ebd39b0fc06e68e1154ab284333",
       "since": "2025-01-01"
     },
     "hook:grounding-before-messaging": {
@@ -29,7 +29,7 @@
       "domain": "safety",
       "sourcePath": "src/core/PostUpdateMigrator.ts",
       "installedPath": ".instar/hooks/instar/grounding-before-messaging.sh",
-      "contentHash": "4add58a53e70e51267eda59e5545c1509bbea98449a9b609270e081c77ec9fe8",
+      "contentHash": "6962a5ea43ab7ac29cad9871706213f2998c1ebd39b0fc06e68e1154ab284333",
       "since": "2025-01-01"
     },
     "hook:compaction-recovery": {
@@ -38,7 +38,7 @@
       "domain": "identity",
       "sourcePath": "src/core/PostUpdateMigrator.ts",
       "installedPath": ".instar/hooks/instar/compaction-recovery.sh",
-      "contentHash": "4add58a53e70e51267eda59e5545c1509bbea98449a9b609270e081c77ec9fe8",
+      "contentHash": "6962a5ea43ab7ac29cad9871706213f2998c1ebd39b0fc06e68e1154ab284333",
       "since": "2025-01-01"
     },
     "hook:external-operation-gate": {
@@ -47,7 +47,7 @@
       "domain": "safety",
       "sourcePath": "src/core/PostUpdateMigrator.ts",
       "installedPath": ".instar/hooks/instar/external-operation-gate.js",
-      "contentHash": "4add58a53e70e51267eda59e5545c1509bbea98449a9b609270e081c77ec9fe8",
+      "contentHash": "6962a5ea43ab7ac29cad9871706213f2998c1ebd39b0fc06e68e1154ab284333",
       "since": "2025-01-01"
     },
     "hook:deferral-detector": {
@@ -56,7 +56,7 @@
       "domain": "safety",
       "sourcePath": "src/core/PostUpdateMigrator.ts",
       "installedPath": ".instar/hooks/instar/deferral-detector.js",
-      "contentHash": "4add58a53e70e51267eda59e5545c1509bbea98449a9b609270e081c77ec9fe8",
+      "contentHash": "6962a5ea43ab7ac29cad9871706213f2998c1ebd39b0fc06e68e1154ab284333",
       "since": "2025-01-01"
     },
     "hook:post-action-reflection": {
@@ -65,7 +65,7 @@
       "domain": "evolution",
       "sourcePath": "src/core/PostUpdateMigrator.ts",
       "installedPath": ".instar/hooks/instar/post-action-reflection.js",
-      "contentHash": "4add58a53e70e51267eda59e5545c1509bbea98449a9b609270e081c77ec9fe8",
+      "contentHash": "6962a5ea43ab7ac29cad9871706213f2998c1ebd39b0fc06e68e1154ab284333",
       "since": "2025-01-01"
     },
     "hook:external-communication-guard": {
@@ -74,7 +74,7 @@
       "domain": "safety",
       "sourcePath": "src/core/PostUpdateMigrator.ts",
       "installedPath": ".instar/hooks/instar/external-communication-guard.js",
-      "contentHash": "4add58a53e70e51267eda59e5545c1509bbea98449a9b609270e081c77ec9fe8",
+      "contentHash": "6962a5ea43ab7ac29cad9871706213f2998c1ebd39b0fc06e68e1154ab284333",
       "since": "2025-01-01"
     },
     "hook:scope-coherence-collector": {
@@ -83,7 +83,7 @@
       "domain": "coherence",
       "sourcePath": "src/core/PostUpdateMigrator.ts",
       "installedPath": ".instar/hooks/instar/scope-coherence-collector.js",
-      "contentHash": "4add58a53e70e51267eda59e5545c1509bbea98449a9b609270e081c77ec9fe8",
+      "contentHash": "6962a5ea43ab7ac29cad9871706213f2998c1ebd39b0fc06e68e1154ab284333",
       "since": "2025-01-01"
     },
     "hook:scope-coherence-checkpoint": {
@@ -92,7 +92,7 @@
       "domain": "coherence",
       "sourcePath": "src/core/PostUpdateMigrator.ts",
       "installedPath": ".instar/hooks/instar/scope-coherence-checkpoint.js",
-      "contentHash": "4add58a53e70e51267eda59e5545c1509bbea98449a9b609270e081c77ec9fe8",
+      "contentHash": "6962a5ea43ab7ac29cad9871706213f2998c1ebd39b0fc06e68e1154ab284333",
       "since": "2025-01-01"
     },
     "hook:free-text-guard": {
@@ -101,7 +101,7 @@
       "domain": "safety",
       "sourcePath": "src/core/PostUpdateMigrator.ts",
       "installedPath": ".instar/hooks/instar/free-text-guard.sh",
-      "contentHash": "4add58a53e70e51267eda59e5545c1509bbea98449a9b609270e081c77ec9fe8",
+      "contentHash": "6962a5ea43ab7ac29cad9871706213f2998c1ebd39b0fc06e68e1154ab284333",
       "since": "2025-01-01"
     },
     "hook:claim-intercept": {
@@ -110,7 +110,7 @@
       "domain": "coherence",
       "sourcePath": "src/core/PostUpdateMigrator.ts",
       "installedPath": ".instar/hooks/instar/claim-intercept.js",
-      "contentHash": "4add58a53e70e51267eda59e5545c1509bbea98449a9b609270e081c77ec9fe8",
+      "contentHash": "6962a5ea43ab7ac29cad9871706213f2998c1ebd39b0fc06e68e1154ab284333",
       "since": "2025-01-01"
     },
     "hook:claim-intercept-response": {
@@ -119,7 +119,7 @@
       "domain": "coherence",
       "sourcePath": "src/core/PostUpdateMigrator.ts",
       "installedPath": ".instar/hooks/instar/claim-intercept-response.js",
-      "contentHash": "4add58a53e70e51267eda59e5545c1509bbea98449a9b609270e081c77ec9fe8",
+      "contentHash": "6962a5ea43ab7ac29cad9871706213f2998c1ebd39b0fc06e68e1154ab284333",
       "since": "2025-01-01"
     },
     "hook:auto-approve-permissions": {
@@ -128,7 +128,7 @@
       "domain": "safety",
       "sourcePath": "src/core/PostUpdateMigrator.ts",
       "installedPath": ".instar/hooks/instar/auto-approve-permissions.js",
-      "contentHash": "4add58a53e70e51267eda59e5545c1509bbea98449a9b609270e081c77ec9fe8",
+      "contentHash": "6962a5ea43ab7ac29cad9871706213f2998c1ebd39b0fc06e68e1154ab284333",
       "since": "2025-01-01"
     },
     "job:health-check": {
@@ -1384,7 +1384,7 @@
       "type": "subsystem",
       "domain": "updates",
       "sourcePath": "src/core/PostUpdateMigrator.ts",
-      "contentHash": "4add58a53e70e51267eda59e5545c1509bbea98449a9b609270e081c77ec9fe8",
+      "contentHash": "6962a5ea43ab7ac29cad9871706213f2998c1ebd39b0fc06e68e1154ab284333",
       "since": "2025-01-01"
     },
     "subsystem:scheduler": {
@@ -1392,7 +1392,7 @@
       "type": "subsystem",
       "domain": "scheduling",
       "sourcePath": "src/scheduler/JobScheduler.ts",
-      "contentHash": "a15671c557bc938e0e82facafde627c3da8fd51239c93985dd8f8e233a449927",
+      "contentHash": "74829f742495f2ed35c6448f122570a63de6b835c69b439a2e9bd5698085071f",
       "since": "2025-01-01"
     },
     "subsystem:project-mapper": {

package/upgrades/0.25.10.md

@@ -0,0 +1,26 @@
+# v0.25.10 — Robustness Hardening
+
+## What Changed
+
+Four reliability improvements that prevent the cascade failure pattern where a stuck git rebase takes down an entire agent for days:
+
+1. **GitSync pre-flight recovery** — Before every pull, git-sync now checks for stuck rebases and detached HEAD states. If found, it automatically aborts the rebase and re-attaches to the main branch. Previously, a stuck rebase from an interrupted pull would silently block all future syncs.
+
+2. **ServerSupervisor git state healing** — The supervisor's preflight self-heal now detects and aborts stuck git rebases before spawning the server. This catches the problem even earlier in the startup chain.
+
+3. **Wider slow-retry window** — The circuit breaker's slow-retry mode now uses a 60-second detection window (up from 10 seconds). The old window was so narrow that retries could be missed entirely if health check timing didn't align with the 2-hour boundary.
+
+4. **AgentRegistry sync lock retries** — Synchronous registry operations now retry up to 5 times with exponential backoff when encountering lock contention. Previously, sync lock acquisition had zero retries and would fail immediately, causing constant heartbeat errors on machines running multiple agents.
+
+5. **Shell detection fix** — The supervisor's shell execution helper now uses the SHELL environment variable instead of hardcoding /bin/sh, which could fail in certain environments.
+
+## What to Tell Your User
+
+We fixed a reliability issue where a stuck git rebase could take down an agent for days. The system now automatically detects and recovers from stuck rebases, and the retry logic is more resilient. If you've seen agents go stale and not recover, this update addresses that.
+
+## Summary of New Capabilities
+
+- Automatic recovery from stuck git rebases during sync and server startup
+- More reliable agent registry operations under concurrent access from multiple agents
+- Wider retry windows so the circuit breaker doesn't silently miss recovery attempts
+- Better shell compatibility across different environments

package/upgrades/0.26.0.md

@@ -0,0 +1,23 @@
+# v0.26.0 — Unified Config Defaults System
+
+## What Changed
+
+**Single source of truth for config defaults** — Config defaults are now defined once in ConfigDefaults.ts and consumed by both the init command (new agents) and PostUpdateMigrator (existing agents). This structurally prevents the recurring bug where new config fields were added to init but forgotten in the migration path, causing existing agents to silently miss features.
+
+**Agent-type-aware defaults** — Managed-project and standalone agents get different defaults where appropriate (e.g., quota tracking). Migration uses more conservative values for security-sensitive fields like trust levels.
+
+**Safety mechanisms** — Atomic config writes with backup, opt-out via _instar_noMigrate, migration version tracking via _instar_migrations, and audit trail to security.jsonl.
+
+**CI enforcement** — 15 tests verify init/migration equivalence, idempotency, no-overwrite guarantees, opt-out handling, type safety, and array-as-leaf behavior.
+
+## What to Tell Your User
+
+Config management got a structural upgrade. New features will now automatically be available to both new and existing agents on update. Previously, some features like PromptGate were missing for existing agents because the update path did not include them. That gap is now structurally impossible — any new config default added by the developer is automatically applied to all agents on their next update, while never overwriting your customizations.
+
+## Summary of New Capabilities
+
+| Capability | How to Use |
+|-----------|-----------|
+| Auto-applied config defaults | Automatic on update — no action needed |
+| Opt-out of specific migrations | Add field names to _instar_noMigrate array in config.json |
+| Migration audit trail | Check _instar_migrations in config.json or security.jsonl |

package/upgrades/NEXT.md

@@ -0,0 +1,35 @@
+# Upgrade Guide — vNEXT
+
+<!-- bump: patch -->
+<!-- Valid values: patch, minor, major -->
+<!-- patch = bug fixes, refactors, test additions, doc updates -->
+<!-- minor = new features, new APIs, new capabilities (backwards-compatible) -->
+<!-- major = breaking changes to existing APIs or behavior -->
+
+## What Changed
+
+<!-- Describe what changed technically. What new features, APIs, behavioral changes? -->
+<!-- Write this for the AGENT — they need to understand the system deeply. -->
+
+## What to Tell Your User
+
+<!-- Write talking points the agent should relay to their user. -->
+<!-- This should be warm, conversational, user-facing — not a changelog. -->
+<!-- Focus on what THEY can now do, not internal plumbing. -->
+<!--                                                                    -->
+<!-- PROHIBITED in this section (will fail validation):                 -->
+<!--   camelCase config keys: silentReject, maxRetries, telegramNotify -->
+<!--   Inline code backtick references like silentReject: false        -->
+<!--   Fenced code blocks                                              -->
+<!--   Instructions to edit files or run commands                      -->
+<!--                                                                    -->
+<!-- CORRECT style: "I can turn that on for you" not "set X to false"  -->
+<!-- The agent relays this to their user — keep it human.              -->
+
+- **[Feature name]**: "[Brief, friendly description of what this means for the user]"
+
+## Summary of New Capabilities
+
+| Capability | How to Use |
+|-----------|-----------|
+| [Capability] | [Endpoint, command, or "automatic"] |