instar 1.2.71 → 1.2.72

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "instar",
-  "version": "1.2.71",
+  "version": "1.2.72",
   "description": "Coherence infrastructure for self-evolving AI agents — on the Claude Code or Codex subscription you already have.",
   "type": "module",
   "main": "dist/index.js",

package/src/data/builtin-manifest.json

@@ -1,8 +1,8 @@
 {
   "$schema": "./builtin-manifest.schema.json",
   "schemaVersion": 1,
-  "generatedAt": "2026-05-25T06:38:58.237Z",
-  "instarVersion": "1.2.71",
+  "generatedAt": "2026-05-25T07:03:59.683Z",
+  "instarVersion": "1.2.72",
   "entryCount": 191,
   "entries": {
     "hook:session-start": {
@@ -392,7 +392,7 @@
       "type": "route-group",
       "domain": "monitoring",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:agents": {
@@ -400,7 +400,7 @@
       "type": "route-group",
       "domain": "sessions",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:backups": {
@@ -408,7 +408,7 @@
       "type": "route-group",
       "domain": "operations",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:git": {
@@ -416,7 +416,7 @@
       "type": "route-group",
       "domain": "coordination",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:memory": {
@@ -424,7 +424,7 @@
       "type": "route-group",
       "domain": "memory",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:semantic": {
@@ -432,7 +432,7 @@
       "type": "route-group",
       "domain": "memory",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:status": {
@@ -440,7 +440,7 @@
       "type": "route-group",
       "domain": "monitoring",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:capabilities": {
@@ -448,7 +448,7 @@
       "type": "route-group",
       "domain": "mapping",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:project-map": {
@@ -456,7 +456,7 @@
       "type": "route-group",
       "domain": "mapping",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:coherence": {
@@ -464,7 +464,7 @@
       "type": "route-group",
       "domain": "coherence",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:topic-bindings": {
@@ -472,7 +472,7 @@
       "type": "route-group",
       "domain": "sessions",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:context": {
@@ -480,7 +480,7 @@
       "type": "route-group",
       "domain": "context",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:scope-coherence": {
@@ -488,7 +488,7 @@
       "type": "route-group",
       "domain": "coherence",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:canonical-state": {
@@ -496,7 +496,7 @@
       "type": "route-group",
       "domain": "state",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:ci": {
@@ -504,7 +504,7 @@
       "type": "route-group",
       "domain": "monitoring",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:sessions": {
@@ -512,7 +512,7 @@
       "type": "route-group",
       "domain": "sessions",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:jobs": {
@@ -520,7 +520,7 @@
       "type": "route-group",
       "domain": "scheduling",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:skip-ledger": {
@@ -528,7 +528,7 @@
       "type": "route-group",
       "domain": "scheduling",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:telegram": {
@@ -536,7 +536,7 @@
       "type": "route-group",
       "domain": "communication",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:attention": {
@@ -544,7 +544,7 @@
       "type": "route-group",
       "domain": "communication",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:relationships": {
@@ -552,7 +552,7 @@
       "type": "route-group",
       "domain": "relationships",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:feedback": {
@@ -560,7 +560,7 @@
       "type": "route-group",
       "domain": "feedback",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:updates": {
@@ -568,7 +568,7 @@
       "type": "route-group",
       "domain": "updates",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:dispatches": {
@@ -576,7 +576,7 @@
       "type": "route-group",
       "domain": "dispatches",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:quota": {
@@ -584,7 +584,7 @@
       "type": "route-group",
       "domain": "monitoring",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:publishing": {
@@ -592,7 +592,7 @@
       "type": "route-group",
       "domain": "publishing",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:private-views": {
@@ -600,7 +600,7 @@
       "type": "route-group",
       "domain": "publishing",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:tunnel": {
@@ -608,7 +608,7 @@
       "type": "route-group",
       "domain": "networking",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:events": {
@@ -616,7 +616,7 @@
       "type": "route-group",
       "domain": "networking",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:evolution": {
@@ -624,7 +624,7 @@
       "type": "route-group",
       "domain": "evolution",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:watchdog": {
@@ -632,7 +632,7 @@
       "type": "route-group",
       "domain": "monitoring",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:topic-memory": {
@@ -640,7 +640,7 @@
       "type": "route-group",
       "domain": "memory",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:state-sync": {
@@ -648,7 +648,7 @@
       "type": "route-group",
       "domain": "coordination",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:intent": {
@@ -656,7 +656,7 @@
       "type": "route-group",
       "domain": "intent",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:triage": {
@@ -664,7 +664,7 @@
       "type": "route-group",
       "domain": "safety",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:operations": {
@@ -672,7 +672,7 @@
       "type": "route-group",
       "domain": "safety",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:sentinel": {
@@ -680,7 +680,7 @@
       "type": "route-group",
       "domain": "safety",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:trust": {
@@ -688,7 +688,7 @@
       "type": "route-group",
       "domain": "safety",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:monitoring": {
@@ -696,7 +696,7 @@
       "type": "route-group",
       "domain": "monitoring",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:commitments": {
@@ -704,7 +704,7 @@
       "type": "route-group",
       "domain": "commitments",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:episodes": {
@@ -712,7 +712,7 @@
       "type": "route-group",
       "domain": "memory",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:messages": {
@@ -720,7 +720,7 @@
       "type": "route-group",
       "domain": "coordination",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:system-reviews": {
@@ -728,7 +728,7 @@
       "type": "route-group",
       "domain": "monitoring",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "route-group:machine-mesh": {
@@ -744,7 +744,7 @@
       "type": "route-group",
       "domain": "security",
       "sourcePath": "src/server/routes.ts",
-      "contentHash": "6a31120bfd57e5d3ee971467e04df141698c7706d1f827900d79bb10abe364f1",
+      "contentHash": "5dc56bb977d66452b6a563412f2ea396d6e684c52b233add8771a15288c6c208",
       "since": "2025-01-01"
     },
     "cli:init": {

package/upgrades/1.2.72.md

@@ -0,0 +1,23 @@
+# Upgrade Notes — NEXT
+
+## What Changed
+
+Fixed a P0 safety gap: the **emergency-stop** ("stop everything" / "cancel" / "halt") detector was not honored for agents that run in lifeline-owned polling mode. The MessageSentinel intercept lived only in the Telegram adapter's own poll loop (`processUpdate`), which lifeline-owned agents never run — their messages arrive through the server's `/internal/telegram-forward` route, which had no sentinel check. As a result, an emergency-stop message was delivered to the session as ordinary text and never structurally halted a running (or wedged, mid-tool-call) session.
+
+The same emergency-stop/pause intercept is now wired into the lifeline forward path, reusing the existing kill/pause/autonomous-clear logic. It is **fail-open**: if the detector ever errors, the message is delivered normally — the safety check can never block message delivery. A wiring-integrity test now asserts that the forward route classifies before routing, so this drift cannot silently recur.
+
+## What to Tell Your User
+
+Saying "stop everything" now reliably halts your agent, no matter how its messages reach it. Before this fix, agents running in the more crash-resistant background mode could miss that command and keep working. Nothing changes for normal messages — only genuine stop and pause signals are intercepted, and if the safety check ever has a hiccup your messages still get through untouched.
+
+## Summary of New Capabilities
+
+- Emergency-stop and pause now fire on the lifeline message-forwarding path, not just the direct-polling path — closing a gap for the most robust class of agents.
+- A regression guard (wiring-integrity test) keeps the stop-switch connected to every inbound path going forward.
+
+## Evidence
+
+- **Reproduction (pre-fix):** live classify call returned `emergency-stop` for "stop everything"; a code-path trace confirmed `/internal/telegram-forward` (the live ingress for lifeline-owned agents) contained zero sentinel references, so the message was routed to the session as normal text.
+- **Post-fix proof:** new integration suite `tests/integration/telegram-forward-sentinel-intercept.test.ts` — 6/6 green, covering both sides of every boundary: emergency-stop kills the session and is not routed; pause pauses and is not routed; normal messages route untouched; a throwing detector still delivers the message (fail-open); and a no-active-session emergency-stop acknowledges without routing. Plus a wiring-integrity assertion that classification precedes routing.
+- **Regression:** forward-route suite green (10/10 on the rebased branch; 23/23 including the full handshake/drift/error set) — no regression. Typecheck clean.
+- **Side-effects review:** `upgrades/side-effects/emergency-stop-forward-path-wiring.md`.

package/upgrades/side-effects/emergency-stop-forward-path-wiring.md

@@ -0,0 +1,94 @@
+# Side-Effects Review — Emergency-stop on the lifeline forward path
+
+**Version / slug:** `emergency-stop-forward-path-wiring`
+**Date:** `2026-05-24`
+**Author:** `echo`
+**Second-pass reviewer:** `not required (single localized, fail-open route addition; spec-driven)`
+
+## Summary of the change
+
+Wires the existing `MessageSentinel` emergency-stop/pause intercept into `POST /internal/telegram-forward` (the lifeline ingress path) so that lifeline-owned-polling agents — which never run `TelegramAdapter.processUpdate()`, where the intercept currently lives — actually honor "stop everything". Before this, those agents (e.g. echo) delivered emergency-stop messages to the session as normal text and nothing halted a running/wedged session. One file touched: `src/server/routes.ts` (a ~50-line block inserted after request validation, before message logging/routing). Reuses the existing `ctx.telegram.onSentinelKillSession`/`onSentinelPauseSession` callbacks and `stopAutonomousTopic`; adds no new kill logic. Spec: `docs/specs/emergency-stop-forward-path-wiring.md`.
+
+## Decision-point inventory
+
+- `MessageSentinel.classify` (existing authority) — **pass-through** — its verdict is unchanged; this change only routes the verdict to an action on a path that previously ignored it.
+- `/internal/telegram-forward` routing decision — **modify** — adds an emergency-stop/pause short-circuit before the existing `onTopicMessage`/registry-inject routing. Normal messages are unaffected.
+- Session kill / pause / autonomous-clear — **pass-through** — reuses `onSentinelKillSession`, `onSentinelPauseSession`, `stopAutonomousTopic` exactly as the `processUpdate` path does.
+
+---
+
+## 1. Over-block
+
+**What legitimate inputs does this change reject that it shouldn't?**
+
+Only messages the sentinel classifies as `emergency-stop` or `pause` are intercepted (not routed to the session). That is the intended behavior and matches the already-live `processUpdate` path. The classifier's own over-block surface is unchanged (live-tested: a long sentence merely containing "stop" → `normal`, routed normally). A false-positive emergency-stop would terminate the session — but (a) the classifier already gates this with word-count + exact/regex/LLM disambiguation, and (b) the user can simply send a new message to respawn; no data loss (resume UUID is saved by `onSentinelKillSession`). No new over-block beyond what `processUpdate` already exhibits.
+
+---
+
+## 2. Under-block
+
+**What failure modes does this still miss?**
+
+- A genuinely-wedged classifier (LLM provider down) → fail-open → the emergency-stop is NOT honored (message routes normally). This is the deliberate trade: never block delivery. The deterministic exact/regex patterns ("stop", "cancel", "halt") do not require the LLM, so the most common emergency phrasings still classify without a provider.
+- Non-Telegram lifeline paths (none currently) would need the same treatment.
+- This change does not address the still-dark `processUpdate`-only assumption for any *other* per-message safety hook; scope is the sentinel only.
+
+---
+
+## 3. Level-of-abstraction fit
+
+**Is this at the right layer?**
+
+Yes. The smart authority (`MessageSentinel`, LLM + deterministic patterns) already exists and already owns the decision. This change is pure routing: it ensures the authority's verdict reaches the action on the server-side ingress path that lifeline-owned agents use. It does not re-implement classification (would be the wrong layer); it consumes the existing authority's output. It places the intercept at the server route layer — the correct single choke-point for the lifeline path, mirroring where `processUpdate` sits for the adapter-poll path.
+
+---
+
+## 4. Signal vs authority compliance
+
+**Required reference:** docs/signal-vs-authority.md
+
+- [x] No — this change produces no new block/allow logic; it routes an existing smart-gate (`MessageSentinel`, LLM-backed with deterministic patterns) verdict to its action.
+
+The sentinel remains the sole authority. The forward route is a consumer of its verdict, not a new detector. No brittle logic gains blocking authority. (And the action is fail-open: a classifier error degrades to normal delivery, never to a wrong block.)
+
+---
+
+## 5. Interactions
+
+- **Shadowing:** The new block runs AFTER the version-handshake (426/400 still short-circuit first) and BEFORE message logging + `onTopicMessage` routing. It does not shadow the handshake. It intentionally shadows routing for emergency-stop/pause (that's the point) — confirmed `logInboundMessage` is skipped for intercepted messages, which is acceptable (an emergency-stop need not be logged as a conversational turn; the kill is logged to the server log).
+- **Double-fire:** For lifeline-owned agents, `processUpdate` does not run, so there is no double-intercept. For adapter-poll agents, the forward route is not used, so again no double-fire. The two paths are mutually exclusive per deployment mode. No agent runs both for the same message.
+- **Races:** `onSentinelKillSession` already encapsulates resume-UUID save + kill (its existing concurrency behavior is unchanged). `stopAutonomousTopic` is idempotent (best-effort, try/catch). Session resolution reads the registry file read-only.
+- **Feedback loops:** None. The intercept terminates routing; it does not feed back into the sentinel.
+
+---
+
+## 6. External surfaces
+
+- **Other agents on same machine:** none — server-local route logic.
+- **Install base:** ships to every agent via the normal server build. Adapter-poll agents are unaffected (path unused); lifeline-owned agents gain the (intended) emergency-stop. No agent-installed file (hook/config/template) changes → no `PostUpdateMigrator` work.
+- **External systems:** on emergency-stop/pause the route now sends one Telegram message ("Session terminated." / "Session paused." / "No active session to stop."), matching the `processUpdate` user-facing copy. No new external endpoints.
+- **Persistent state:** none added. Reads `topic-session-registry.json` read-only; `onSentinelKillSession` writes the resume-UUID map exactly as today.
+- **Response shape:** the route now may return `{ ok:true, sentinel:'emergency-stop'|'pause', killed|paused }` instead of `{ ok:true, forwarded:true }` for intercepted messages. The lifeline treats any 200 as delivered; the new fields are additive and ignored by existing callers.
+
+---
+
+## 7. Rollback cost
+
+Pure code change in one route, fail-open by design. Back-out = revert the block; behavior returns to current (sentinel dark on the forward path). No persistent state, no schema, no migration, no agent-state repair. The fail-open guarantee means even a bug in the block degrades to "behaves like today" (message routes), never to blocked delivery — so the rollback urgency is low even if a defect ships.
+
+## Conclusion
+
+The review produced no design changes — the fix is a faithful port of the already-tested `processUpdate` intercept to the lifeline ingress path, consuming the existing sentinel authority, fail-open. The only behavioral change is that emergency-stop/pause now fire for lifeline-owned agents, which is the intended P0 safety fix. Integration tests cover both sides of every boundary (kill/pause/normal/fail-open/no-session) plus a wiring-integrity assertion that classification precedes routing (the guard whose absence caused the original drift). Clear to ship. Live end-to-end verification (real Telegram "stop everything" terminating a real session) occurs post-deploy, since it requires the merged build running; pre-merge proof is the integration suite exercising the real route handler.
+
+---
+
+## Second-pass review (if required)
+
+Not required — single localized, fail-open route addition with full test coverage and no new decision logic.
+
+---
+
+## Evidence pointers
+
+- Reproduction (pre-fix): live `POST /sentinel/classify` returns `emergency-stop` for "stop everything"; code trace shows `/internal/telegram-forward` (the live path for lifeline-owned echo) had zero sentinel references → message routed as normal.
+- Post-fix proof: `tests/integration/telegram-forward-sentinel-intercept.test.ts` — 6/6 green (emergency-stop kills + not-routed; pause; normal-routes; fail-open-routes; no-session; wiring-integrity classify-before-route).