instar 0.7.36 → 0.7.38

package/dist/core/types.d.ts

@@ -112,6 +112,8 @@ export interface JobState {
     lastResult?: 'success' | 'failure' | 'timeout' | 'pending';
     /** Error message from the last failure (cleared on success) */
     lastError?: string;
+    /** Handoff notes from the last successful run — claims to verify, not facts */
+    lastHandoff?: string;
     nextScheduled?: string;
     consecutiveFailures: number;
 }

package/dist/monitoring/AccountSwitcher.js

@@ -6,8 +6,9 @@
  *
  * Ported from Dawn's dawn-server equivalent for general Instar use.
  */
-import { execSync } from 'node:child_process';
+import { execFileSync } from 'node:child_process';
 import fs from 'node:fs';
+import os from 'node:os';
 import path from 'node:path';
 const KEYCHAIN_SERVICE = 'Claude Code-credentials';
 export class AccountSwitcher {
@@ -16,12 +17,7 @@ export class AccountSwitcher {
     constructor(registryPath) {
         this.registryPath = registryPath || path.join(process.env.HOME || '', '.dawn-server/account-registry.json');
         // Get the macOS username for Keychain access
-        try {
-            this.keychainAccount = execSync('whoami', { encoding: 'utf-8' }).trim();
-        }
-        catch {
-            this.keychainAccount = 'justin';
-        }
+        this.keychainAccount = os.userInfo().username;
     }
     /**
      * Switch to a target account. Supports fuzzy matching:
@@ -160,13 +156,19 @@ export class AccountSwitcher {
         return null;
     }
     readFromKeychain() {
-        const result = execSync(`security find-generic-password -s "${KEYCHAIN_SERVICE}" -w 2>/dev/null`, { encoding: 'utf-8', timeout: 10000 });
+        const result = execFileSync('security', ['find-generic-password', '-s', KEYCHAIN_SERVICE, '-w'], { encoding: 'utf-8', timeout: 10000, stdio: ['pipe', 'pipe', 'pipe'] });
         return JSON.parse(result.trim());
     }
     writeToKeychain(data) {
         const jsonStr = JSON.stringify(data);
         const hexStr = Buffer.from(jsonStr).toString('hex');
-        execSync(`security -i <<< 'add-generic-password -U -a "${this.keychainAccount}" -s "${KEYCHAIN_SERVICE}" -X "${hexStr}"'`, { timeout: 10000, shell: '/bin/bash' });
+        // Use execFileSync with stdin input instead of shell heredoc
+        execFileSync('security', ['-i'], {
+            input: `add-generic-password -U -a "${this.keychainAccount}" -s "${KEYCHAIN_SERVICE}" -X "${hexStr}"\n`,
+            encoding: 'utf-8',
+            timeout: 10000,
+            stdio: ['pipe', 'pipe', 'pipe'],
+        });
     }
     loadRegistry() {
         try {

package/dist/scaffold/templates.js

@@ -223,6 +223,11 @@ This routes feedback to the Instar maintainers automatically. Valid types: \`bug
 - Register work: \`curl -X POST -H "Authorization: Bearer $AUTH" http://localhost:${port}/skip-ledger/workload -H 'Content-Type: application/json' -d '{"workloadId":"job-name","itemId":"unique-item","metadata":{}}'\`
 - **When to use**: Any job that processes a list of items (emails, feedback entries, messages) should check the skip ledger first to avoid re-processing.
 
+**Job Handoff Notes** — Pass context between job runs. At the end of a job session, write notes for the next run to \`.instar/state/job-handoff-{slug}.md\`. The next run's session-start hook will inject these notes automatically.
+- **Write**: \`echo "your notes" > .instar/state/job-handoff-YOUR-SLUG.md\`
+- **CRITICAL**: Handoff notes from previous runs are CLAIMS, not facts. Any assertion about external state (file status, API availability, deployment state) MUST be verified with actual commands before including in your own output. The previous session may have been wrong, or the state may have changed since.
+- **When to use**: Any job that needs continuity — tracking what was processed, what to check next, what state was observed.
+
 **Dispatch System** — Receive behavioral instructions from Instar maintainers. Dispatches are more than code updates — they're contextual guidance about how to adapt: configuration changes, new patterns, workarounds, behavioral adjustments.
 - View dispatches: \`curl -H "Authorization: Bearer $AUTH" http://localhost:${port}/dispatches\`
 - Pending: \`curl -H "Authorization: Bearer $AUTH" http://localhost:${port}/dispatches/pending\`
@@ -404,6 +409,8 @@ I run with \`--dangerously-skip-permissions\` — meaning I have full access to
 
 **"Settle for Failure"** — If a tool returns empty or fails, try alternatives before concluding something is impossible.
 
+**"Inherit Without Verifying"** — Handoff notes and MEMORY.md are claims from previous sessions, not ground truth. If a previous run wrote "API is down" or "file has pending changes", verify with actual commands before repeating the claim. Previous sessions can hallucinate or go stale. Run the command, then report what you see.
+
 **"Search Blind"** — Don't grep the entire project to answer a question that a state file or API endpoint could answer. Check \`.instar/\` state files, \`MEMORY.md\`, and \`/capabilities\` first. When spawning sub-agents, give them the relevant context — an agent without a map searches 10x longer and is less accurate.
 
 **"Unfortunately I Can't"** — This phrase should NEVER appear in my responses. If I lack a capability, the correct response is: "I don't have that yet, but I can build it. Want me to set it up?" My job is to grow to meet the user's needs, not to list my limitations. Every "I can't" is an opportunity to evolve. Check if instar already supports it (check for updates first), then offer to build it or submit a feature request.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "instar",
-  "version": "0.7.36",
+  "version": "0.7.38",
   "description": "Persistent autonomy infrastructure for AI agents",
   "type": "module",
   "main": "dist/index.js",