npm - instar - Versions diffs - 1.2.62 → 1.2.63 - Mend

instar 1.2.62 → 1.2.63

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/dist/commands/server.d.ts.map +1 -1
package/dist/commands/server.js +60 -24
package/dist/commands/server.js.map +1 -1
package/dist/core/SessionManager.d.ts +18 -0
package/dist/core/SessionManager.d.ts.map +1 -1
package/dist/core/SessionManager.js +34 -0
package/dist/core/SessionManager.js.map +1 -1
package/dist/monitoring/sentinelWiring.d.ts +28 -0
package/dist/monitoring/sentinelWiring.d.ts.map +1 -1
package/dist/monitoring/sentinelWiring.js +48 -0
package/dist/monitoring/sentinelWiring.js.map +1 -1
package/package.json +1 -1
package/src/data/builtin-manifest.json +3 -3
package/upgrades/1.2.63.md +84 -0
package/upgrades/side-effects/rate-limit-recovery-reachability.md +116 -0

package/dist/commands/server.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/commands/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAuQH,UAAU,YAAY;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;2DACuD;IACvD,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAiqDD,wBAAsB,WAAW,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,~~CAy4LtE~~;AAED,wBAAsB,UAAU,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAsDzE;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,aAAa,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAuD5E"}
1	+ {"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/commands/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAuQH,UAAU,YAAY;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;2DACuD;IACvD,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAiqDD,wBAAsB,WAAW,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CA+6LtE;AAED,wBAAsB,UAAU,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAsDzE;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,aAAa,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAuD5E"}

package/dist/commands/server.js CHANGED Viewed

@@ -4750,31 +4750,67 @@ export async function startServer(options) {
         // docs/specs/rate-limit-sentinel.md.
         const { RateLimitSentinel } = await import('../monitoring/RateLimitSentinel.js');
         const getClaudeSessionIdForName = (sessionName) => sessionManager.listRunningSessions().find(s => s.tmuxSession === sessionName)?.claudeSessionId;
-        // Neutral "continue" nudge — NOT the compaction-resume payload (which would
-        // falsely tell the agent its memory was reset). Topic-tagged so InputGuard
-        // accepts it.
-        const rateLimitResume = async (sessionName) => {
-            if (!sessionManager.isSessionAlive(sessionName))
-                return false;
-            const topicId = telegram?.getTopicForSession(sessionName);
-            if (topicId == null)
-                return false;
-            const tagged = `[telegram:${topicId}] The temporary server throttle should have cleared — please continue where you left off.`;
-            return sessionManager.injectMessage(sessionName, tagged);
-        };
-        // Route a user-facing notice for the session's topic (Telegram).
-        const rateLimitNotify = async (sessionName, text) => {
-            const topicId = telegram?.getTopicForSession(sessionName);
-            if (topicId == null)
-                return;
-            const resp = await fetch(`http://localhost:${config.port}/telegram/reply/${topicId}`, {
-                method: 'POST',
-                headers: { 'Content-Type': 'application/json', 'Authorization': `Bearer ${config.authToken}` },
-                body: JSON.stringify({ text }),
-            });
-            if (!resp.ok)
-                throw new Error(`rate-limit notify failed: ${resp.status}`);
+        // Recovery-reachability audit trail. Both recovery paths below ALWAYS leave
+        // a record: a recovery-reached/recovery-unreachable line in the sentinel
+        // audit log, and — when delivery to the user fails entirely — an entry in
+        // .instar/sentinel-alerts.json so the dashboard surfaces it even without
+        // Telegram. The defining bug this closes: a non-topic-bound session (e.g. a
+        // developer's interactive Claude Code window) used to make both recovery
+        // paths silently no-op, so the throttle never recovered and nothing reached
+        // the user. Reachability is now unconditional — see the Sentinel
+        // Reachability spec.
+        const rlReachLogPath = path.join(config.stateDir, '..', 'logs', 'sentinel-events.jsonl');
+        const rlAlertsPath = path.join(config.stateDir, 'sentinel-alerts.json');
+        const recordRecovery = (kind, sessionName, detail, fallbackTried) => {
+            const entry = { timestamp: new Date().toISOString(), kind, sentinel: 'rate-limit', sessionName, detail, fallbackTried };
+            console.log(`[sentinel:${kind}] rate-limit/${sessionName} — ${detail}`);
+            try {
+                fs.appendFileSync(rlReachLogPath, JSON.stringify(entry) + '\n');
+            }
+            catch { /* best-effort */ }
+            if (kind === 'recovery-unreachable') {
+                // Append-only alert log the dashboard reads when Telegram can't be reached.
+                try {
+                    let alerts = [];
+                    if (fs.existsSync(rlAlertsPath)) {
+                        try {
+                            alerts = JSON.parse(fs.readFileSync(rlAlertsPath, 'utf-8'));
+                        }
+                        catch {
+                            alerts = [];
+                        }
+                        if (!Array.isArray(alerts))
+                            alerts = [];
+                    }
+                    alerts.push(entry);
+                    fs.writeFileSync(rlAlertsPath, JSON.stringify(alerts.slice(-200), null, 2));
+                }
+                catch { /* best-effort */ }
+            }
         };
+        // Reachability deps (extracted to sentinelWiring.buildRateLimitRecoveryDeps
+        // so the topic / lifeline / audit branching is unit-testable). Topic-bound
+        // sessions get a topic-tagged nudge + topic notice; non-topic-bound sessions
+        // (e.g. an interactive dev window) get a trusted internal nudge + a lifeline
+        // notice; if no channel is reachable, a recovery-unreachable audit event is
+        // recorded instead of a silent no-op.
+        const { buildRateLimitRecoveryDeps } = await import('../monitoring/sentinelWiring.js');
+        const { resumeFn: rateLimitResume, notifyFn: rateLimitNotify } = buildRateLimitRecoveryDeps({
+            isSessionAlive: (name) => sessionManager.isSessionAlive(name),
+            injectTopicNudge: (name, topicId, text) => sessionManager.injectMessage(name, `[telegram:${topicId}] ${text}`),
+            injectInternalNudge: (name, text) => sessionManager.injectInternalMessage(name, text, 'sentinel-recovery'),
+            getTopicForSession: (name) => telegram?.getTopicForSession(name),
+            getLifelineTopicId: () => telegram?.getLifelineTopicId?.(),
+            deliverNotice: async (topicId, text) => {
+                const resp = await fetch(`http://localhost:${config.port}/telegram/reply/${topicId}`, {
+                    method: 'POST',
+                    headers: { 'Content-Type': 'application/json', 'Authorization': `Bearer ${config.authToken}` },
+                    body: JSON.stringify({ text }),
+                });
+                return resp.ok;
+            },
+            recordRecovery,
+        });
         const rlsCfg = config.monitoring?.rateLimitSentinel ?? { enabled: true };
         const rateLimitSentinel = new RateLimitSentinel({
             resumeFn: rateLimitResume,