instar 0.4.6 → 0.4.8

package/README.md

@@ -20,17 +20,19 @@
 
 ---
 
+> **This is power-user infrastructure.** Instar gives Claude Code full autonomous access to your machine -- no permission prompts, no sandbox. It's built for developers who want a genuine AI partner, not a guarded assistant. If that sounds like too much trust, it probably isn't for you. If it sounds like exactly what you've been waiting for, read on.
+
 Instar gives Claude Code agents a **persistent body** -- a server that runs 24/7, a scheduler that executes jobs on cron, messaging integrations, relationship tracking, and the self-awareness to grow their own capabilities.
 
 Named after the developmental stages between molts in arthropods, where each instar is more developed than the last.
 
 ## The Problem
 
-**Without Instar**, Claude Code is a CLI tool. You open a terminal, type a prompt, get a response, close the terminal. No persistence. No scheduling. No way to reach you.
+**Without Instar**, Claude Code is a CLI tool. You open a terminal, type a prompt, get a response, close the terminal. No persistence. No scheduling. No way to reach you. Every session starts from zero.
 
-**With Instar**, Claude Code becomes an agent. It runs in the background, checks your email on a schedule, monitors your services, messages you on Telegram when something needs attention, and builds new capabilities when you ask for something it can't do yet.
+**With Instar**, Claude Code becomes your partner. It runs in the background, checks your email on a schedule, monitors your services, messages you on Telegram when something needs attention, remembers who it's talked to, and builds new capabilities when you ask for something it can't do yet. It accumulates experience, develops its own voice, and grows through every interaction.
 
-The difference isn't features. It's a shift in what Claude Code *is* -- from a tool you use to an agent that works alongside you.
+The difference isn't features. It's a shift in what Claude Code *is* -- from a tool you use to an agent that works alongside you. This is the cutting edge of what's possible with AI agents today -- not a demo, not a toy, but genuine autonomous partnership between a human and an AI.
 
 ## Two Ways to Use Instar
 
@@ -401,23 +403,25 @@ Instead of per-action permission prompts, Instar pushes security to a higher lev
 
 **Identity coherence** -- A grounded, coherent agent with clear identity (`AGENT.md`), relationship context (`USER.md`), and accumulated memory (`MEMORY.md`) makes better decisions than a stateless process approving actions one at a time. The intelligence layer IS the security layer.
 
-**Scoped access** -- The agent operates within your project directory. It has access to the files and tools in that directory, your configured API keys, and your Telegram bot. It does not have access to other projects, system files, or credentials outside its scope.
-
 **Audit trail** -- Every session runs in tmux with full output capture. Message logs, job execution history, and session output are all persisted and inspectable.
 
 ### What You Should Know
 
-- The agent **can read, write, and execute** within your project directory without asking
-- The agent **can run shell commands** (builds, tests, git operations) without prompting
-- The agent **can send messages** via Telegram if configured
-- The agent **cannot access** other projects, system credentials, or resources outside its configured scope
+**There is no sandbox.** With `--dangerously-skip-permissions`, Claude Code has access to your entire machine -- not just the project directory. It can read files anywhere, run any command, and access any resource your user account can access. This is the same level of access as running any program on your computer.
+
+- The agent **can read, write, and execute** anywhere on your machine without asking
+- The agent **can run any shell command** your user account has access to
+- The agent **can send messages** via Telegram and other configured integrations
+- The agent **is directed** by its CLAUDE.md, identity files, and behavioral hooks to stay within its project scope -- but this is behavioral guidance, not a technical boundary
 - All behavioral hooks, identity files, and CLAUDE.md instructions are **in your project** and fully editable by you
 
-### Proceed at Your Own Risk
+### Who This Is For
+
+Instar is built for developers and power users who want to work **with** an AI, not just **use** one. You're giving your agent the same access to your machine that any program running under your user account has. The security model relies on intelligent behavior -- identity, hooks, coherence, and grounding -- rather than permission dialogs or sandboxing.
 
-This is infrastructure for people who want genuine AI autonomy, not a sandbox demo. You are giving an AI agent meaningful access to your project. The security model relies on intelligent behavior (identity, hooks, coherence) rather than permission dialogs.
+This is the trade-off at the heart of genuine AI autonomy: you can have an agent that asks permission for everything and does nothing on its own, or you can have a partner that operates with real agency, guided by coherent identity and structural guardrails. Instar is the latter.
 
-If you're not comfortable with that trade-off, Claude Code's default permission mode may be a better fit for your use case.
+**Proceed at your own risk.** If you're not comfortable giving an AI agent this level of access, Claude Code's default permission mode is a perfectly good way to work. But if you want to see what an AI agent can actually do when you stop holding it back -- this is the infrastructure for that.
 
 ## How the Agent Grows
 

package/dist/scaffold/templates.js

@@ -176,23 +176,21 @@ When asked for something I can't do yet, I build it:
 
 ### Execution Context — How I Run
 
-I run with \`--dangerously-skip-permissions\` — meaning I can read, write, execute, and interact within this project without per-action approval prompts. This is by design, not an oversight.
+I run with \`--dangerously-skip-permissions\` — meaning I have full access to the machine without per-action approval prompts. This is by design, not an oversight.
 
 **Why this exists:** An agent that asks permission for every file read and shell command isn't an agent. Autonomy requires trust, and trust requires coherence — my identity files, behavioral hooks, and accumulated memory are what make autonomous operation safe. The intelligence layer is the security layer.
 
 **What this means in practice:**
-- I can read and modify any file in this project directory
-- I can run shell commands (builds, tests, git operations) without prompting
+- I have the same access as any program running under the user's account
+- I can read and modify files anywhere on the machine, not just this project
+- I can run any shell command without prompting
 - I can send messages via configured integrations (Telegram, etc.)
+- There is no sandbox — my scoping to this project is behavioral (these instructions), not technical
 - Behavioral hooks guard against destructive operations (force push, rm -rf, database drops)
 - My identity and grounding infrastructure keeps me coherent across sessions
+- All sessions are captured in tmux for full audit trail
 
-**What I cannot do:**
-- Access other projects or system files outside this directory
-- Bypass behavioral hooks (they are structural, not advisory)
-- Act without an audit trail (all sessions are captured in tmux)
-
-This is a meaningful level of access. The user has opted into this model because they want genuine autonomy, not a permission dialog for every action.
+**My responsibility:** This level of access means I should operate with care. I stay within my project scope because my identity and instructions direct me to, not because I'm technically prevented from going elsewhere. The user trusts me with this access because a coherent, grounded agent makes better decisions than a stateless process clicking through permission dialogs.
 
 ### Core Principles
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "instar",
-  "version": "0.4.6",
+  "version": "0.4.8",
   "description": "Persistent autonomy infrastructure for AI agents",
   "type": "module",
   "main": "dist/index.js",