instar 0.28.17 → 0.28.19

package/.claude/skills/setup-wizard/SKILL.md

@@ -142,25 +142,37 @@ If they type something else → interpret conversationally and route.
 
 #### If gh_status="auth-needed"
 
-Walk the user through auth FIRST:
+**MANDATORY — DO THIS BEFORE ASKING FOR AN AGENT NAME.** The discovery scan ran without GitHub access. The user may already have agents backed up to GitHub from another machine. You MUST offer to sign them in BEFORE proceeding to fresh-install prompts. Skipping this step has caused users to create duplicate agents instead of restoring existing ones.
 
-> Let me check if you have agents backed up on GitHub.
-> I need to sign you into GitHub — this opens your browser.
+Say:
+> Before we set up a new agent, let me check GitHub for any agents you've backed up from another machine. I need to sign you in — it takes about 30 seconds.
 
-```bash
-gh auth login --web --git-protocol https
-```
-
-After auth, re-scan and present results.
+Then follow the **GitHub Device-Code Auth Flow** below. After auth completes, re-run discovery (call `runDiscovery` via the setup CLI or re-invoke the wizard) and present the updated agent list. Only proceed to fresh-install if discovery still shows zero agents.
 
 #### If gh_status="unavailable"
 
-Ask:
-> Have you used Instar before on another machine?
+GitHub CLI isn't installed. With instar 0.28.18+ this should be rare — the prerequisite check auto-installs gh. If you somehow get here, ask:
+> Have you used Instar before on another machine? If so, I should install GitHub CLI so I can find your existing agents before we create a new one.
 
-If yes: Show install guidance for the platform. After install → auth → scan.
+If yes: Install gh (brew/apt), then follow the **GitHub Device-Code Auth Flow** below, then re-run discovery.
 If no: Continue to fresh install.
 
+#### GitHub Device-Code Auth Flow (use this everywhere `gh auth login` is needed)
+
+**DO NOT run `gh auth login` synchronously in Bash** — it blocks waiting for the user to visit a URL and the Bash tool buffer hides the prompt. The user will see a frozen command and have no idea what to do.
+
+Instead:
+
+1. Start `gh auth login --web --git-protocol https` with `run_in_background: true`.
+2. Poll the background output every 2 seconds (BashOutput tool) until you see a line matching `! First copy your one-time code: XXXX-XXXX` and a line containing `https://github.com/login/device`.
+3. Extract the code and URL, then present them to the user conversationally — NOT as raw Bash output:
+   > To sign in, visit **https://github.com/login/device** and enter this code: **XXXX-XXXX**
+   > I'll wait here until you're done.
+4. Poll `gh auth status` every 5 seconds (foreground, fast). When it exits 0, the user has finished. Stop polling the background process and let it complete on its own.
+5. Confirm: "You're signed in as <username>. Let me check for your agents now."
+
+If 5 minutes pass with no auth completion, ask the user if they want to keep waiting or skip GitHub for now.
+
 #### Normal fresh install options
 
 **If inside a git repo:**
@@ -1909,15 +1921,7 @@ Wait for user to install, then re-check.
 gh auth status 2>&1
 ```
 
-If not authenticated, walk them through it:
-
-> I need to connect to your GitHub account. This opens your browser for a secure sign-in.
-
-```bash
-gh auth login --web --git-protocol https
-```
-
-This is an interactive command that opens the browser — run it with `stdio: 'inherit'` so the user sees the auth flow. Wait for it to complete.
+If not authenticated, use the **GitHub Device-Code Auth Flow** described in Entry Point B (above). DO NOT run `gh auth login` synchronously — it blocks the Bash tool and the user will see a frozen command. Run in background, parse the device code and URL from output, present them conversationally, and poll `gh auth status` until success.
 
 **Step 3: Create private repo**
 

package/dist/commands/server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/commands/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AA2PH,UAAU,YAAY;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;2DACuD;IACvD,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAs0CD,wBAAsB,WAAW,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CA2nItE;AAED,wBAAsB,UAAU,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAsDzE;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,aAAa,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAuD5E"}
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/commands/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AA2PH,UAAU,YAAY;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;2DACuD;IACvD,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AA6zCD,wBAAsB,WAAW,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CA2oItE;AAED,wBAAsB,UAAU,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAsDzE;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,aAAa,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAuD5E"}

package/dist/commands/server.js

@@ -568,34 +568,26 @@ function wireTelegramCallbacks(telegram, sessionManager, state, quotaTracker, ac
         return sessionManager.isSessionAlive(sessionName);
     };
     // Stall verification — check if session has recent output activity
-    // Shared activity patterns for detecting Claude Code session output
-    const sessionActivePatterns = [
-        /\bRead\b|\bWrite\b|\bEdit\b|\bBash\b|\bGrep\b|\bGlob\b|\bAgent\b|\bSkill\b|\bWebFetch\b|\bWebSearch\b/, // Tool names
-        /⠋|⠙|⠹|⠸|⠼|⠴|⠦|⠧|⠇|⠏/, // Spinner characters
-        /\d+\s*tokens?/i, // Token counts
-        /Sent \d+ chars/, // Telegram/Slack reply confirmation
-        /Wandering|Thinking|thought for/i, // Claude thinking indicators
-        /Searching for \d+ pattern/i, // Search activity
-        /ctrl\+[a-z] to/i, // Interactive prompt hints
-        /\+ .*\(thought for/, // Tool execution with thinking
-        /mcp__/, // MCP tool calls
-        /●|○|◉/, // Progress indicators
-    ];
-    /** Check if a session is actively producing output */
-    const isSessionActiveCheck = async (sessionName) => {
+    telegram.onIsSessionActive = async (sessionName) => {
         const output = sessionManager.captureOutput(sessionName, 20);
         if (!output)
             return false;
         const lines = output.trim().split('\n').slice(-15);
+        // Look for signs of Claude Code activity in recent output
+        const activePatterns = [
+            /\bRead\b|\bWrite\b|\bEdit\b|\bBash\b|\bGrep\b|\bGlob\b/, // Tool names
+            /⠋|⠙|⠹|⠸|⠼|⠴|⠦|⠧|⠇|⠏/, // Spinner characters
+            /\d+\s*tokens?/i, // Token counts
+            /Sent \d+ chars/, // Telegram reply confirmation
+        ];
         for (const line of lines) {
-            for (const pattern of sessionActivePatterns) {
+            for (const pattern of activePatterns) {
                 if (pattern.test(line))
                     return true;
             }
         }
         return false;
     };
-    telegram.onIsSessionActive = isSessionActiveCheck;
     // /switch-account — swap active Claude Code account
     if (accountSwitcher) {
         telegram.onSwitchAccountRequest = async (target, replyTopicId) => {
@@ -2745,31 +2737,6 @@ export async function startServer(options) {
                 slackAdapter.onIsSessionAlive = (tmuxSession) => {
                     return sessionManager.isSessionAlive(tmuxSession);
                 };
-                slackAdapter.onIsSessionActive = async (sessionName) => {
-                    const output = sessionManager.captureOutput(sessionName, 20);
-                    if (!output)
-                        return false;
-                    const lines = output.trim().split('\n').slice(-15);
-                    const activePatterns = [
-                        /\bRead\b|\bWrite\b|\bEdit\b|\bBash\b|\bGrep\b|\bGlob\b|\bAgent\b|\bSkill\b|\bWebFetch\b|\bWebSearch\b/,
-                        /⠋|⠙|⠹|⠸|⠼|⠴|⠦|⠧|⠇|⠏/,
-                        /\d+\s*tokens?/i,
-                        /Sent \d+ chars/,
-                        /Wandering|Thinking|thought for/i,
-                        /Searching for \d+ pattern/i,
-                        /ctrl\+[a-z] to/i,
-                        /\+ .*\(thought for/,
-                        /mcp__/,
-                        /●|○|◉/,
-                    ];
-                    for (const line of lines) {
-                        for (const pattern of activePatterns) {
-                            if (pattern.test(line))
-                                return true;
-                        }
-                    }
-                    return false;
-                };
                 // Wire prompt response callback — inject button presses into sessions
                 slackAdapter.onPromptResponse = (channelId, promptId, value) => {
                     // Look up which session is bound to this channel
@@ -3760,58 +3727,82 @@ export async function startServer(options) {
         const { HookEventReceiver } = await import('../monitoring/HookEventReceiver.js');
         const hookEventReceiver = new HookEventReceiver({ stateDir: config.stateDir });
         console.log(pc.green('  Hook event receiver enabled'));
-        // Wire PreCompact events to trigger proactive triage after compaction.
-        // When a session compacts, it goes idle at a prompt. If there are unanswered
-        // user messages (common with Telegram/Slack), Pattern 2b will reinject them.
-        if (triageOrchestrator && telegram) {
-            const _triageOrch = triageOrchestrator;
-            const _telegram = telegram;
-            hookEventReceiver.on('PreCompact', () => {
-                // Delay to let compaction + recovery hooks finish
-                setTimeout(() => {
-                    const topicSessions = _telegram.getAllTopicSessions();
-                    for (const [topicId, sessionName] of topicSessions) {
-                        if (!sessionManager.isSessionAlive(sessionName))
-                            continue;
-                        const history = _telegram.getTopicHistory(topicId, 5);
-                        const lastMsg = history[history.length - 1];
-                        if (lastMsg?.fromUser) {
-                            console.log(`[CompactionResume] PreCompact detected, topic ${topicId} has unanswered message — activating triage`);
-                            _triageOrch.activate(topicId, sessionName, 'watchdog', lastMsg.text, Date.now()).catch(err => {
-                                console.warn(`[CompactionResume] Triage activation failed for topic ${topicId}:`, err);
-                            });
+        // ── Compaction Resume: unified recovery for one session ──────────────
+        // Robust against subsystem misconfiguration: works with or without
+        // triageOrchestrator. If the orchestrator is available we prefer it
+        // (richer recovery semantics); otherwise we fall back to a direct
+        // tmux re-injection of the unanswered user message.
+        //
+        // Three independent triggers call into this:
+        //   1. PreCompact hook event (Claude Code fires it — unreliable)
+        //   2. SessionWatchdog 'compaction-idle' polling (default-enabled)
+        //   3. POST /internal/compaction-resume (compaction-recovery.sh hook)
+        const recoverCompactedSession = async (sessionName, triggerLabel) => {
+            if (!sessionManager.isSessionAlive(sessionName))
+                return false;
+            // Telegram path
+            if (telegram) {
+                const topicId = telegram.getTopicForSession(sessionName);
+                if (topicId) {
+                    const history = telegram.getTopicHistory(topicId, 5);
+                    const lastMsg = history[history.length - 1];
+                    if (lastMsg?.fromUser) {
+                        console.log(`[CompactionResume] (${triggerLabel}) topic ${topicId} session "${sessionName}" has unanswered message — recovering`);
+                        if (triageOrchestrator) {
+                            try {
+                                await triageOrchestrator.activate(topicId, sessionName, 'watchdog', lastMsg.text, Date.now());
+                                return true;
+                            }
+                            catch (err) {
+                                console.warn(`[CompactionResume] orchestrator failed, falling back to direct inject:`, err);
+                            }
                         }
-                    }
-                }, 10_000);
-            });
-            console.log(pc.green('  Compaction auto-resume wired to triage orchestrator (PreCompact event)'));
-        }
-        // Watchdog compaction-idle polling — fallback for when PreCompact events
-        // don't fire (Claude Code doesn't reliably emit them). The watchdog polls
-        // every 30s and detects sessions that compacted + are idle at a prompt.
-        if (watchdog && triageOrchestrator) {
-            const _triageOrch2 = triageOrchestrator;
-            watchdog.on('compaction-idle', (sessionName) => {
-                // Check Telegram topics
-                if (telegram) {
-                    const topicId = telegram.getTopicForSession(sessionName);
-                    if (topicId) {
-                        const history = telegram.getTopicHistory(topicId, 5);
-                        const lastMsg = history[history.length - 1];
-                        if (lastMsg?.fromUser) {
-                            console.log(`[CompactionResume] Watchdog detected compaction-idle, topic ${topicId} has unanswered message — activating triage`);
-                            _triageOrch2.activate(topicId, sessionName, 'watchdog', lastMsg.text, Date.now()).catch(err => {
-                                console.warn(`[CompactionResume] Triage activation failed for topic ${topicId}:`, err);
-                            });
-                            return;
+                        // Fallback: direct injection with topic tag so InputGuard accepts it.
+                        const tagged = `[telegram:${topicId}] ${lastMsg.text}`;
+                        const ok = sessionManager.injectMessage(sessionName, tagged);
+                        if (ok) {
+                            console.log(`[CompactionResume] (${triggerLabel}) direct re-inject OK for topic ${topicId}`);
+                            return true;
                         }
+                        console.warn(`[CompactionResume] (${triggerLabel}) direct re-inject FAILED for topic ${topicId}`);
                     }
                 }
-                // Note: Slack compaction-resume is handled separately below (after
-                // slackChannelToSyntheticId is defined) to avoid TDZ reference errors.
+            }
+            // Slack path — handled in the Slack-aware block below (needs slackChannelToSyntheticId).
+            // We attempt it here lazily via a deferred handler set on globalThis to avoid TDZ.
+            const slackHandler = globalThis.__instarSlackCompactionResume;
+            if (slackHandler) {
+                try {
+                    return await slackHandler(sessionName, triggerLabel);
+                }
+                catch { /* fall through */ }
+            }
+            return false;
+        };
+        // Trigger 1: PreCompact hook event — wired unconditionally now.
+        hookEventReceiver.on('PreCompact', () => {
+            // Delay to let compaction + recovery hooks finish
+            setTimeout(() => {
+                if (!telegram)
+                    return;
+                const topicSessions = telegram.getAllTopicSessions();
+                for (const [, sessionName] of topicSessions) {
+                    recoverCompactedSession(sessionName, 'PreCompact').catch(() => { });
+                }
+            }, 10_000);
+        });
+        console.log(pc.green('  Compaction auto-resume wired (PreCompact hook event)'));
+        // Trigger 2: Watchdog 'compaction-idle' polling — wired unconditionally.
+        if (watchdog) {
+            watchdog.on('compaction-idle', (sessionName) => {
+                recoverCompactedSession(sessionName, 'watchdog-poll').catch(() => { });
             });
-            console.log(pc.green('  Compaction auto-resume wired to watchdog polling (fallback)'));
+            console.log(pc.green('  Compaction auto-resume wired (watchdog poll)'));
         }
+        // Trigger 3: stash the recovery function on globalThis so the HTTP route
+        // (registered later in AgentServer) and the compaction-recovery.sh hook
+        // can invoke it via POST /internal/compaction-resume.
+        globalThis.__instarCompactionRecover = recoverCompactedSession;
         // Subagent Tracker — monitors subagent lifecycle via hook events
         const { SubagentTracker } = await import('../monitoring/SubagentTracker.js');
         const subagentTracker = new SubagentTracker({ stateDir: config.stateDir });
@@ -3946,17 +3937,18 @@ export async function startServer(options) {
                 slackChannelToSyntheticId(channelId);
             }
         }
-        // Slack compaction-resume wiring — needs slackChannelToSyntheticId which is now defined
-        if (watchdog && triageOrchestrator && _slackAdapter) {
-            const _triageOrch3 = triageOrchestrator;
+        // Slack compaction-resume wiring — registered as a deferred handler the
+        // unified recoverCompactedSession() helper above will call. Works with or
+        // without triageOrchestrator (falls back to direct sessionManager inject).
+        if (_slackAdapter) {
             const _slack = _slackAdapter;
-            watchdog.on('compaction-idle', (sessionName) => {
+            const slackRecover = async (sessionName, triggerLabel) => {
                 const channelId = _slack.getChannelForSession(sessionName);
                 if (!channelId)
-                    return;
+                    return false;
                 const syntheticId = slackChannelToSyntheticId(channelId);
-                // Read from the Slack messages JSONL log (local, no API call)
                 const slackLogPath = path.join(config.stateDir, 'slack-messages.jsonl');
+                let lastUserMsg = null;
                 try {
                     const content = fs.readFileSync(slackLogPath, 'utf-8');
                     const lines = content.trim().split('\n').slice(-10);
@@ -3964,21 +3956,37 @@ export async function startServer(options) {
                         try {
                             const msg = JSON.parse(lines[i]);
                             if (msg.channelId === channelId) {
-                                if (msg.fromUser) {
-                                    console.log(`[CompactionResume] Watchdog detected compaction-idle, Slack channel ${channelId} has unanswered message — activating triage`);
-                                    _triageOrch3.activate(syntheticId, sessionName, 'watchdog', msg.text || 'message after compaction', Date.now()).catch(err => {
-                                        console.warn(`[CompactionResume] Triage activation failed for Slack channel ${channelId}:`, err);
-                                    });
-                                }
-                                break; // Only check the most recent message for this channel
+                                if (msg.fromUser)
+                                    lastUserMsg = msg;
+                                break;
                             }
                         }
-                        catch { /* skip malformed line */ }
+                        catch { /* skip malformed */ }
                     }
                 }
-                catch { /* log file doesn't exist — no Slack messages */ }
-            });
-            console.log(pc.green('  Compaction auto-resume wired to watchdog for Slack channels'));
+                catch { /* no log */ }
+                if (!lastUserMsg)
+                    return false;
+                const text = lastUserMsg.text || 'message after compaction';
+                console.log(`[CompactionResume] (${triggerLabel}) Slack channel ${channelId} has unanswered message — recovering`);
+                if (triageOrchestrator) {
+                    try {
+                        await triageOrchestrator.activate(syntheticId, sessionName, 'watchdog', text, Date.now());
+                        return true;
+                    }
+                    catch (err) {
+                        console.warn(`[CompactionResume] Slack orchestrator failed, falling back to direct inject:`, err);
+                    }
+                }
+                const ok = sessionManager.injectMessage(sessionName, text);
+                if (ok) {
+                    console.log(`[CompactionResume] (${triggerLabel}) Slack direct re-inject OK for channel ${channelId}`);
+                    return true;
+                }
+                return false;
+            };
+            globalThis.__instarSlackCompactionResume = slackRecover;
+            console.log(pc.green('  Compaction auto-resume registered (Slack channels)'));
         }
         let presenceProxy;
         if (sharedIntelligence && telegram) {