instar 1.2.83 → 1.3.1

package/dist/core/PostUpdateMigrator.d.ts

@@ -474,7 +474,7 @@ export declare class PostUpdateMigrator {
      * Get the content of a named hook template.
      * Used by init.ts to share canonical hook content without duplication.
      */
-    getHookContent(name: 'session-start' | 'compaction-recovery' | 'external-operation-gate' | 'deferral-detector' | 'slopcheck-guard' | 'post-action-reflection' | 'external-communication-guard' | 'scope-coherence-collector' | 'scope-coherence-checkpoint' | 'claim-intercept' | 'claim-intercept-response' | 'telegram-topic-context' | 'response-review' | 'auto-approve-permissions' | 'skill-usage-telemetry' | 'build-stop-hook'): string;
+    getHookContent(name: 'session-start' | 'compaction-recovery' | 'external-operation-gate' | 'deferral-detector' | 'slopcheck-guard' | 'post-action-reflection' | 'external-communication-guard' | 'scope-coherence-collector' | 'scope-coherence-checkpoint' | 'claim-intercept' | 'claim-intercept-response' | 'telegram-topic-context' | 'response-review' | 'stop-gate-router' | 'auto-approve-permissions' | 'skill-usage-telemetry' | 'build-stop-hook'): string;
     /** Public accessor for grounding-before-messaging hook content (used by init.ts) */
     getGroundingBeforeMessagingPublic(): string;
     /** Public accessor for convergence-check script content (used by init.ts) */
@@ -542,6 +542,7 @@ export declare class PostUpdateMigrator {
     private getFreeTextGuardHook;
     private getClaimInterceptHook;
     private getResponseReviewHook;
+    private getStopGateRouterHook;
     private getClaimInterceptResponseHook;
     private getSkillUsageTelemetryHook;
     private getBuildStopHook;

package/dist/core/PostUpdateMigrator.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"PostUpdateMigrator.d.ts","sourceRoot":"","sources":["../../src/core/PostUpdateMigrator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAoCH,OAAO,EAEL,KAAK,YAAY,EACjB,KAAK,qBAAqB,EAC3B,MAAM,yBAAyB,CAAC;AAIjC,MAAM,WAAW,eAAe;IAC9B,wBAAwB;IACxB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,kCAAkC;IAClC,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,2CAA2C;IAC3C,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED,MAAM,WAAW,cAAc;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,OAAO,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,MAAM,CAAiB;IAC/B;;;;;;OAMG;IACH,OAAO,CAAC,UAAU,CAAiC;gBAEvC,MAAM,EAAE,cAAc;IAIlC;;;;;;;;;;;;;;OAcG;IACH,OAAO,CAAC,oBAAoB;IAoB5B;;;;;;;;;;;OAWG;IACH,YAAY,CAAC,IAAI,EAAE,YAAY,GAAG,IAAI;IAItC;;;;;;OAMG;IACG,eAAe,CACnB,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,qBAAqB,CAAC;IAIjC,OAAO,CAAC,aAAa;IAOrB,OAAO,CAAC,kBAAkB;IAO1B;;;;OAIG;IACH,OAAO,CAAC,YAAY;IASpB;;;OAGG;IACH,OAAO,IAAI,eAAe;IAwC1B;;;;;;;;;;;;;OAaG;IACH,OAAO,CAAC,0BAA0B;IAsElC,OAAO,CAAC,0BAA0B;IAmDlC;;;;;;;;;;OAUG;IACH,OAAO,CAAC,kCAAkC;IAwH1C,OAAO,CAAC,uBAAuB;IAwE/B,OAAO,CAAC,4CAA4C;IA+CpD,OAAO,CAAC,yBAAyB;IA6FjC;;;;;;;;;;OAUG;IACG,YAAY,IAAI,OAAO,CAAC,eAAe,CAAC;YA4BhC,uBAAuB;IAkGrC,OAAO,CAAC,0BAA0B;IAkGlC,OAAO,CAAC,0BAA0B;IAkElC,OAAO,CAAC,oBAAoB;IA4G5B,OAAO,CAAC,8BAA8B;IA2EtC;;;;OAIG;IACH,OAAO,CAAC,gBAAgB;IAaxB;;;;;;;;;;;;OAYG;IACH,OAAO,CAAC,0BAA0B;IA8BlC;;;;;;;;;;;OAWG;IACH,OAAO,CAAC,4BAA4B;IAwBpC;;;;;;;;;;;;;;;;OAgBG;IACH,OAAO,CAAC,mCAAmC;IA0C3C;;;OAGG;IACH,OAAO,CAAC,oBAAoB;IAW5B;;;;;;;;;OASG;IACH,OAAO,CAAC,kBAAkB;IA2B1B;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACH,OAAO,CAAC,yBAAyB;IA4HjC;6EACyE;IACzE,OAAO,CAAC,wBAAwB;IAShC;sDACkD;IAClD,OAAO,CAAC,wBAAwB;IAQhC;;;;OAIG;IACH,OAAO,CAAC,YAAY;IA6NpB;;;;;;;;OAQG;IACH,sBAAsB,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,eAAe,GAAG,IAAI;IA6CvE;;;;OAIG;IACH,OAAO,CAAC,iBAAiB;IAgEzB;;;OAGG;IACH,OAAO,CAAC,wBAAwB;IAkChC;;;;;;;;;OASG;IACH,OAAO,CAAC,wBAAwB;IAoEhC;;;;;;OAMG;IACH,OAAO,CAAC,oBAAoB;IAiE5B;;;;;OAKG;IACH,OAAO,CAAC,2BAA2B;IA8BnC;;;;OAIG;IACH,OAAO,CAAC,wBAAwB;IAwGhC;;;;;;OAMG;IACH,OAAO,CAAC,8BAA8B;IAwDtC,OAAO,CAAC,0BAA0B;IA8DlC;;;OAGG;IACH,OAAO,CAAC,eAAe;IAg0BvB;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACH,OAAO,CAAC,kCAAkC;IAkG1C;;;OAGG;IACH,OAAO,CAAC,cAAc;IA6ItB;;;OAGG;IACH,OAAO,CAAC,eAAe;IAqQvB;;;OAGG;IACH,OAAO,CAAC,aAAa;IAqFrB;;;OAGG;IACH;;;OAGG;IACH;;;;;;;;;;;;;;;;;;OAkBG;IACH,OAAO,CAAC,wBAAwB;IAmEhC,OAAO,CAAC,wBAAwB;IAqChC,OAAO,CAAC,gBAAgB;IAiBxB;;;;;;;;;;;;;;;;;;;;;;;;;OAyBG;IACH,OAAO,CAAC,qBAAqB;IAkE7B;;;;;;;;;;;;;;;;;;;OAmBG;IACH,OAAO,CAAC,0BAA0B;IAgDlC;;;;;OAKG;IACH,OAAO,CAAC,oBAAoB;IAkC5B;;;;;;;;;;OAUG;IACH,OAAO,CAAC,kBAAkB;IA2C1B;;;;;OAKG;IACH,OAAO,CAAC,iBAAiB;IA+BzB,OAAO,CAAC,oBAAoB;IAgC5B;;;OAGG;IACH,OAAO,CAAC,aAAa;IAyBrB;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAqC9B;;;OAGG;IACH,cAAc,CAAC,IAAI,EAAE,eAAe,GAAG,qBAAqB,GAAG,yBAAyB,GAAG,mBAAmB,GAAG,iBAAiB,GAAG,wBAAwB,GAAG,8BAA8B,GAAG,2BAA2B,GAAG,4BAA4B,GAAG,iBAAiB,GAAG,0BAA0B,GAAG,wBAAwB,GAAG,iBAAiB,GAAG,0BAA0B,GAAG,uBAAuB,GAAG,iBAAiB,GAAG,MAAM;IAqB/a,oFAAoF;IACpF,iCAAiC,IAAI,MAAM;IAI3C,6EAA6E;IAC7E,yBAAyB,IAAI,MAAM;IAInC,OAAO,CAAC,mBAAmB;IAoY3B,OAAO,CAAC,wBAAwB;IA8EhC,OAAO,CAAC,2BAA2B;IAoEnC,OAAO,CAAC,yBAAyB;IAuGjC,OAAO,CAAC,2BAA2B;IAqInC,OAAO,CAAC,qBAAqB;IAqP7B,OAAO,CAAC,uBAAuB;IAqJ/B,OAAO,CAAC,qBAAqB;IAsH7B,OAAO,CAAC,2BAA2B;IA8GnC,OAAO,CAAC,iCAAiC;IA6DzC,OAAO,CAAC,4BAA4B;IA4LpC;;;;;;;;;;OAUG;IACH;;;;;;;;;;;OAWG;IAEH,gBAAuB,iCAAiC,EAAE,WAAW,CAAC,MAAM,CAAC,CA4B1E;IAEH;;;;;;;;;;;OAWG;IACH,OAAO,CAAC,8BAA8B;IAiHtC,OAAO,CAAC,uBAAuB;IA4B/B;;;;OAIG;IACH,OAAO,CAAC,iBAAiB;IAIzB,OAAO,CAAC,sBAAsB;IAwC9B,OAAO,CAAC,iBAAiB;IAwBzB,OAAO,CAAC,mBAAmB;IAa3B,OAAO,CAAC,8BAA8B;IAoHtC,OAAO,CAAC,+BAA+B;IA+JvC,OAAO,CAAC,oBAAoB;IAY5B,OAAO,CAAC,qBAAqB;IA4N7B,OAAO,CAAC,qBAAqB;IA4H7B,OAAO,CAAC,6BAA6B;IAyKrC,OAAO,CAAC,0BAA0B;IAgClC,OAAO,CAAC,gBAAgB;IAqFxB,OAAO,CAAC,6BAA6B;CAoCtC"}
+{"version":3,"file":"PostUpdateMigrator.d.ts","sourceRoot":"","sources":["../../src/core/PostUpdateMigrator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAoCH,OAAO,EAEL,KAAK,YAAY,EACjB,KAAK,qBAAqB,EAC3B,MAAM,yBAAyB,CAAC;AAIjC,MAAM,WAAW,eAAe;IAC9B,wBAAwB;IACxB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,kCAAkC;IAClC,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,2CAA2C;IAC3C,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED,MAAM,WAAW,cAAc;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,OAAO,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,MAAM,CAAiB;IAC/B;;;;;;OAMG;IACH,OAAO,CAAC,UAAU,CAAiC;gBAEvC,MAAM,EAAE,cAAc;IAIlC;;;;;;;;;;;;;;OAcG;IACH,OAAO,CAAC,oBAAoB;IAoB5B;;;;;;;;;;;OAWG;IACH,YAAY,CAAC,IAAI,EAAE,YAAY,GAAG,IAAI;IAItC;;;;;;OAMG;IACG,eAAe,CACnB,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,qBAAqB,CAAC;IAIjC,OAAO,CAAC,aAAa;IAOrB,OAAO,CAAC,kBAAkB;IAO1B;;;;OAIG;IACH,OAAO,CAAC,YAAY;IASpB;;;OAGG;IACH,OAAO,IAAI,eAAe;IAwC1B;;;;;;;;;;;;;OAaG;IACH,OAAO,CAAC,0BAA0B;IAsElC,OAAO,CAAC,0BAA0B;IAmDlC;;;;;;;;;;OAUG;IACH,OAAO,CAAC,kCAAkC;IAwH1C,OAAO,CAAC,uBAAuB;IAwE/B,OAAO,CAAC,4CAA4C;IA+CpD,OAAO,CAAC,yBAAyB;IA6FjC;;;;;;;;;;OAUG;IACG,YAAY,IAAI,OAAO,CAAC,eAAe,CAAC;YA4BhC,uBAAuB;IAkGrC,OAAO,CAAC,0BAA0B;IAkGlC,OAAO,CAAC,0BAA0B;IAkElC,OAAO,CAAC,oBAAoB;IA4G5B,OAAO,CAAC,8BAA8B;IA2EtC;;;;OAIG;IACH,OAAO,CAAC,gBAAgB;IAaxB;;;;;;;;;;;;OAYG;IACH,OAAO,CAAC,0BAA0B;IA8BlC;;;;;;;;;;;OAWG;IACH,OAAO,CAAC,4BAA4B;IAwBpC;;;;;;;;;;;;;;;;OAgBG;IACH,OAAO,CAAC,mCAAmC;IA0C3C;;;OAGG;IACH,OAAO,CAAC,oBAAoB;IAW5B;;;;;;;;;OASG;IACH,OAAO,CAAC,kBAAkB;IA2B1B;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACH,OAAO,CAAC,yBAAyB;IA4HjC;6EACyE;IACzE,OAAO,CAAC,wBAAwB;IAShC;sDACkD;IAClD,OAAO,CAAC,wBAAwB;IAQhC;;;;OAIG;IACH,OAAO,CAAC,YAAY;IAoOpB;;;;;;;;OAQG;IACH,sBAAsB,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,eAAe,GAAG,IAAI;IA6CvE;;;;OAIG;IACH,OAAO,CAAC,iBAAiB;IAiEzB;;;OAGG;IACH,OAAO,CAAC,wBAAwB;IAkChC;;;;;;;;;OASG;IACH,OAAO,CAAC,wBAAwB;IAoEhC;;;;;;OAMG;IACH,OAAO,CAAC,oBAAoB;IAiE5B;;;;;OAKG;IACH,OAAO,CAAC,2BAA2B;IA8BnC;;;;OAIG;IACH,OAAO,CAAC,wBAAwB;IAiHhC;;;;;;OAMG;IACH,OAAO,CAAC,8BAA8B;IAwDtC,OAAO,CAAC,0BAA0B;IA8DlC;;;OAGG;IACH,OAAO,CAAC,eAAe;IAs0BvB;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACH,OAAO,CAAC,kCAAkC;IAkG1C;;;OAGG;IACH,OAAO,CAAC,cAAc;IA6ItB;;;OAGG;IACH,OAAO,CAAC,eAAe;IAwRvB;;;OAGG;IACH,OAAO,CAAC,aAAa;IAqFrB;;;OAGG;IACH;;;OAGG;IACH;;;;;;;;;;;;;;;;;;OAkBG;IACH,OAAO,CAAC,wBAAwB;IAmEhC,OAAO,CAAC,wBAAwB;IAqChC,OAAO,CAAC,gBAAgB;IAiBxB;;;;;;;;;;;;;;;;;;;;;;;;;OAyBG;IACH,OAAO,CAAC,qBAAqB;IAkE7B;;;;;;;;;;;;;;;;;;;OAmBG;IACH,OAAO,CAAC,0BAA0B;IAgDlC;;;;;OAKG;IACH,OAAO,CAAC,oBAAoB;IAkC5B;;;;;;;;;;OAUG;IACH,OAAO,CAAC,kBAAkB;IA2C1B;;;;;OAKG;IACH,OAAO,CAAC,iBAAiB;IA+BzB,OAAO,CAAC,oBAAoB;IAgC5B;;;OAGG;IACH,OAAO,CAAC,aAAa;IAyBrB;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAqC9B;;;OAGG;IACH,cAAc,CAAC,IAAI,EAAE,eAAe,GAAG,qBAAqB,GAAG,yBAAyB,GAAG,mBAAmB,GAAG,iBAAiB,GAAG,wBAAwB,GAAG,8BAA8B,GAAG,2BAA2B,GAAG,4BAA4B,GAAG,iBAAiB,GAAG,0BAA0B,GAAG,wBAAwB,GAAG,iBAAiB,GAAG,kBAAkB,GAAG,0BAA0B,GAAG,uBAAuB,GAAG,iBAAiB,GAAG,MAAM;IAsBpc,oFAAoF;IACpF,iCAAiC,IAAI,MAAM;IAI3C,6EAA6E;IAC7E,yBAAyB,IAAI,MAAM;IAInC,OAAO,CAAC,mBAAmB;IAoY3B,OAAO,CAAC,wBAAwB;IA8EhC,OAAO,CAAC,2BAA2B;IAoEnC,OAAO,CAAC,yBAAyB;IAuGjC,OAAO,CAAC,2BAA2B;IAqInC,OAAO,CAAC,qBAAqB;IAqP7B,OAAO,CAAC,uBAAuB;IAqJ/B,OAAO,CAAC,qBAAqB;IAsH7B,OAAO,CAAC,2BAA2B;IA8GnC,OAAO,CAAC,iCAAiC;IA6DzC,OAAO,CAAC,4BAA4B;IA4LpC;;;;;;;;;;OAUG;IACH;;;;;;;;;;;OAWG;IAEH,gBAAuB,iCAAiC,EAAE,WAAW,CAAC,MAAM,CAAC,CA4B1E;IAEH;;;;;;;;;;;OAWG;IACH,OAAO,CAAC,8BAA8B;IAiHtC,OAAO,CAAC,uBAAuB;IA4B/B;;;;OAIG;IACH,OAAO,CAAC,iBAAiB;IAIzB,OAAO,CAAC,sBAAsB;IAwC9B,OAAO,CAAC,iBAAiB;IAwBzB,OAAO,CAAC,mBAAmB;IAa3B,OAAO,CAAC,8BAA8B;IAoHtC,OAAO,CAAC,+BAA+B;IA+JvC,OAAO,CAAC,oBAAoB;IAY5B,OAAO,CAAC,qBAAqB;IA4N7B,OAAO,CAAC,qBAAqB;IA4H7B,OAAO,CAAC,qBAAqB;IA0K7B,OAAO,CAAC,6BAA6B;IAyKrC,OAAO,CAAC,0BAA0B;IAgClC,OAAO,CAAC,gBAAgB;IAmJxB,OAAO,CAAC,6BAA6B;CAoCtC"}

package/dist/core/PostUpdateMigrator.js

@@ -1671,6 +1671,13 @@ export class PostUpdateMigrator {
         catch (err) {
             result.errors.push(`response-review.js: ${err instanceof Error ? err.message : String(err)}`);
         }
+        try {
+            fs.writeFileSync(path.join(instarHooksDir, 'stop-gate-router.js'), this.getStopGateRouterHook(), { mode: 0o755 });
+            result.upgraded.push('hooks/instar/stop-gate-router.js (unjustified Stop gate router)');
+        }
+        catch (err) {
+            result.errors.push(`stop-gate-router.js: ${err instanceof Error ? err.message : String(err)}`);
+        }
         try {
             fs.writeFileSync(path.join(instarHooksDir, 'auto-approve-permissions.js'), this.getAutoApprovePermissionsHook(), { mode: 0o755 });
             result.upgraded.push('hooks/instar/auto-approve-permissions.js (subagent permission unblocking)');
@@ -1785,6 +1792,7 @@ export class PostUpdateMigrator {
             'scope-coherence-collector.js', 'scope-coherence-checkpoint.js',
             'instructions-loaded-tracker.js', 'subagent-start-tracker.js',
             'free-text-guard.sh', 'claim-intercept.js', 'claim-intercept-response.js', 'response-review.js',
+            'stop-gate-router.js',
             'auto-approve-permissions.js',
         ];
         // Check if we're still on the old flat layout (hooks directly in .instar/hooks/)
@@ -2112,15 +2120,23 @@ export class PostUpdateMigrator {
         const stopEntries = hooks.Stop;
         const hasAutonomousHook = stopEntries.some(e => e.hooks?.some(h => h.command?.includes('autonomous-stop-hook')));
         if (!hasAutonomousHook) {
-            // Must be first in the Stop chain so it blocks before other hooks run
-            hooks.Stop.unshift({
+            // Keep stop-gate-router first when present so shadow telemetry sees every
+            // Stop event before legacy autonomous blocking can short-circuit the chain.
+            const autonomousEntry = {
                 matcher: '',
                 hooks: [{
                         type: 'command',
                         command: 'bash ${CLAUDE_PROJECT_DIR}/.claude/skills/autonomous/hooks/autonomous-stop-hook.sh',
                         timeout: 10000,
                     }],
-            });
+            };
+            const stopGateIndex = stopEntries.findIndex(e => e.hooks?.some(h => h.command?.includes('stop-gate-router.js')));
+            if (stopGateIndex >= 0) {
+                stopEntries.splice(stopGateIndex + 1, 0, autonomousEntry);
+            }
+            else {
+                stopEntries.unshift(autonomousEntry);
+            }
             result.upgraded.push('.claude/settings.json: registered autonomous stop hook (structural enforcement)');
             patched = true;
         }
@@ -2307,18 +2323,20 @@ Threadline activity NEVER spawns a new Telegram topic per event. Notices route o
 - A conversation **bound to a parent topic** → its real replies surface THERE (handled automatically).
 - A **parentless** conversation + any **status/housekeeping** notice → a single, SILENT **"Threadline" hub topic**. It does not buzz the user — agent-to-agent chatter isn't the user's job by default; the hub is a calm, browsable record.
 
-When the user is reading the Threadline hub topic and says **"open this"** or **"tie this to <an existing topic>"**, act on it by calling the bind endpoint — do NOT just reply inline:
-\`\`\`bash
-# open this → create a fresh topic and bind the conversation (most-recent unbound, or pass threadId)
-curl -X POST -H "Authorization: Bearer $AUTH" -H 'Content-Type: application/json' http://localhost:${port}/threadline/hub/bind -d '{"action":"open"}'
-# tie this to an existing topic
-curl -X POST -H "Authorization: Bearer $AUTH" -H 'Content-Type: application/json' http://localhost:${port}/threadline/hub/bind -d '{"action":"tie","targetTopicId":1234}'
-\`\`\`
-After binding, that conversation's future updates flow to the bound topic automatically. If more than one conversation is unbound, the endpoint returns 409 — ask the user which one (pass its \`threadId\`).
+When the user is reading the Threadline hub topic and says **"open this"** or **"tie this to <an existing topic>"**, this is handled **structurally** — the system intercepts those exact commands in the hub topic and binds the conversation automatically (bare "open this" opens the most-recent one) BEFORE the message reaches me. I will not see "open this" as a message to interpret, and must NOT reply to it conversationally. (Also available as \`POST /threadline/hub/bind\` \`{action:"open"|"tie", ...}\` for scripted use.) After binding, that conversation's future updates flow to the bound topic automatically.
 `;
             content += '\n' + hubSection;
             patched = true;
-            result.upgraded.push('CLAUDE.md: added Threadline hub + "open this"/bind guidance (CMT-519)');
+            result.upgraded.push('CLAUDE.md: added Threadline hub + "open this" guidance (CMT-519)');
+        }
+        // CMT-529 — agents migrated under CMT-519 got the OLD "call the bind endpoint"
+        // wording; "open this" is now a STRUCTURAL intercept (handled before the agent).
+        // Re-patch the stale sentence so the agent doesn't try to call the endpoint /
+        // reply to a command it will never actually see.
+        if (content.includes('act on it by calling the bind endpoint')) {
+            content = content.replace(/When the user is reading the Threadline hub topic and says \*\*"open this"\*\*[\s\S]*?(?:returns 409 — ask the user which one \(pass its `threadId`\)\.)/, `When the user is reading the Threadline hub topic and says **"open this"** or **"tie this to <an existing topic>"**, this is handled **structurally** — the system intercepts those exact commands and binds the conversation automatically (bare "open this" opens the most-recent one) BEFORE the message reaches me. I will not see "open this" as a message to interpret, and must NOT reply to it conversationally.`);
+            patched = true;
+            result.upgraded.push('CLAUDE.md: updated "open this" guidance to structural-intercept (CMT-529)');
         }
         // Multi-Session Autonomy awareness (Agent Awareness Standard). Existing
         // agents need to know they can run concurrent per-topic autonomous jobs and
@@ -3544,6 +3562,23 @@ Create worktrees for collaborator repos with \`instar worktree create <branch>\`
             this.migrateSettingsHookPaths(hooks.PostToolUse, result);
             patched = true;
         }
+        {
+            const stopHooks = (hooks.Stop ?? []);
+            const hasStopGateRouter = stopHooks.some(e => e.hooks?.some(h => h.command?.includes('stop-gate-router.js')));
+            if (!hasStopGateRouter) {
+                stopHooks.unshift({
+                    matcher: '',
+                    hooks: [{
+                            type: 'command',
+                            command: 'node ${CLAUDE_PROJECT_DIR}/.instar/hooks/instar/stop-gate-router.js',
+                            timeout: 5000,
+                        }],
+                });
+                hooks.Stop = stopHooks;
+                patched = true;
+                result.upgraded.push('.claude/settings.json: added Stop stop-gate-router hook');
+            }
+        }
         if (hooks.Stop) {
             this.migrateSettingsHookPaths(hooks.Stop, result);
             patched = true;
@@ -4188,6 +4223,7 @@ Create worktrees for collaborator repos with \`instar worktree create <branch>\`
             case 'claim-intercept-response': return this.getClaimInterceptResponseHook();
             case 'telegram-topic-context': return this.getTelegramTopicContextHook();
             case 'response-review': return this.getResponseReviewHook();
+            case 'stop-gate-router': return this.getStopGateRouterHook();
             case 'auto-approve-permissions': return this.getAutoApprovePermissionsHook();
             case 'skill-usage-telemetry': return this.getSkillUsageTelemetryHook();
             case 'build-stop-hook': return this.getBuildStopHook();
@@ -6711,6 +6747,175 @@ process.stdin.on('end', async () => {
     process.exit(0);
   }
 });
+`;
+    }
+    getStopGateRouterHook() {
+        const port = this.config.port;
+        return `#!/usr/bin/env node
+// Unjustified Stop Gate router.
+//
+// Thin client: reads Stop-hook JSON from stdin, asks the local Instar server
+// for hot-path state, and in shadow/enforce mode submits trusted evidence
+// metadata to /internal/stop-gate/evaluate. Shadow mode only records telemetry;
+// enforce mode blocks only on a server-side "continue" decision.
+
+const _r = require;
+const fs = _r('fs');
+const path = _r('path');
+const childProcess = _r('child_process');
+
+const projectDir = process.env.CLAUDE_PROJECT_DIR || process.cwd();
+const configPath = path.join(projectDir, '.instar', 'config.json');
+let serverPort = ${port};
+let authToken = '';
+try {
+  const cfg = JSON.parse(fs.readFileSync(configPath, 'utf-8'));
+  serverPort = cfg.port || ${port};
+  authToken = cfg.authToken || '';
+} catch {}
+
+function postJson(urlPath, payload, timeoutMs) {
+  const controller = new AbortController();
+  const timer = setTimeout(function () { controller.abort(); }, timeoutMs);
+  return fetch('http://127.0.0.1:' + serverPort + urlPath, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      'Authorization': 'Bearer ' + authToken,
+    },
+    body: JSON.stringify(payload),
+    signal: controller.signal,
+  }).then(async function (res) {
+    clearTimeout(timer);
+    if (!res.ok) throw new Error('http ' + res.status);
+    return res.json();
+  }, function (err) {
+    clearTimeout(timer);
+    throw err;
+  });
+}
+
+function getJson(urlPath, timeoutMs) {
+  const controller = new AbortController();
+  const timer = setTimeout(function () { controller.abort(); }, timeoutMs);
+  return fetch('http://127.0.0.1:' + serverPort + urlPath, {
+    headers: { 'Authorization': 'Bearer ' + authToken },
+    signal: controller.signal,
+  }).then(async function (res) {
+    clearTimeout(timer);
+    if (!res.ok) throw new Error('http ' + res.status);
+    return res.json();
+  }, function (err) {
+    clearTimeout(timer);
+    throw err;
+  });
+}
+
+function git(args) {
+  try {
+    return childProcess.execFileSync('git', ['-C', projectDir].concat(args), {
+      encoding: 'utf-8',
+      timeout: 800,
+      stdio: ['ignore', 'pipe', 'ignore'],
+    }).trim();
+  } catch {
+    return '';
+  }
+}
+
+function firstLine(value) {
+  return String(value || '').split(/\\r?\\n/).filter(Boolean)[0] || null;
+}
+
+function listEvidenceArtifacts(sessionStartTs) {
+  const out = git(['ls-files']);
+  if (!out) return [];
+  const files = out.split(/\\r?\\n/).filter(function (file) {
+    if (!file) return false;
+    if (!/\\.(md|markdown|json|jsonl|txt)$/i.test(file)) return false;
+    return /(^|\\/)(docs\\/specs|specs|plans?|tasks?|upgrades|MEMORY\\.md|AGENTS\\.md)|spec|plan|handoff|todo|next|round/i.test(file);
+  }).slice(0, 30);
+  return files.map(function (file) {
+    const introducingCommit = firstLine(git(['log', '--follow', '--format=%H', '--reverse', '--', file]));
+    const latestCommit = firstLine(git(['log', '--format=%H', '-1', '--', file]));
+    let createdThisSession = false;
+    let modifiedThisSession = false;
+    if (sessionStartTs && latestCommit) {
+      const ts = Number(firstLine(git(['show', '-s', '--format=%ct', latestCommit])) || '0') * 1000;
+      modifiedThisSession = ts >= sessionStartTs;
+      if (introducingCommit) {
+        const createdTs = Number(firstLine(git(['show', '-s', '--format=%ct', introducingCommit])) || '0') * 1000;
+        createdThisSession = createdTs >= sessionStartTs;
+      }
+    }
+    return {
+      path: file,
+      introducingCommit: introducingCommit,
+      latestCommit: latestCommit,
+      createdThisSession: createdThisSession,
+      modifiedThisSession: modifiedThisSession,
+    };
+  });
+}
+
+function buildSignals(stopReason, message) {
+  const text = String(stopReason || '') + '\\n' + String(message || '');
+  return {
+    mentionsContextLimit: /context|window|token|compact/i.test(text),
+    mentionsFreshSession: /fresh session|new session|restart|continue in a new/i.test(text),
+    claimsShouldStopForContext: /stop|pause|wrap up|hand off/i.test(text) && /context|fresh|compact/i.test(text),
+  };
+}
+
+function exitOpen() {
+  process.exit(0);
+}
+
+let data = '';
+process.stdin.on('data', function (chunk) { data += chunk; });
+process.stdin.on('end', async function () {
+  let input;
+  try {
+    input = data ? JSON.parse(data) : {};
+  } catch {
+    exitOpen();
+    return;
+  }
+
+  if (input.stop_hook_active) exitOpen();
+  const sessionId = String(input.session_id || input.sessionId || process.env.INSTAR_SESSION_ID || 'unknown');
+
+  try {
+    const hot = await getJson('/internal/stop-gate/hot-path?session=' + encodeURIComponent(sessionId), 1500);
+    if (!hot || hot.killSwitch || hot.mode === 'off' || hot.compactionInFlight) exitOpen();
+
+    const message = String(input.last_assistant_message || '');
+    const stopReason = String(input.stop_reason || input.reason || message || '');
+    const evidenceMetadata = {
+      artifacts: listEvidenceArtifacts(hot.sessionStartTs || null),
+      signals: buildSignals(stopReason, message),
+      sessionStartTs: hot.sessionStartTs || null,
+    };
+
+    const result = await postJson('/internal/stop-gate/evaluate', {
+      sessionId: sessionId,
+      evidenceMetadata: evidenceMetadata,
+      untrustedContent: {
+        stopReason: stopReason,
+        recentTurns: message ? [{ source: 'agent', text: message }] : [],
+      },
+    }, 2500);
+
+    if (hot.mode === 'enforce' && result && result.decision === 'continue' && result.reminder) {
+      process.stdout.write(JSON.stringify({ decision: 'block', reason: result.reminder }));
+      process.exit(2);
+      return;
+    }
+    exitOpen();
+  } catch {
+    exitOpen();
+  }
+});
 `;
     }
     getClaimInterceptResponseHook() {
@@ -6942,6 +7147,68 @@ if [ "\$PHASE" = "complete" ] || [ "\$PHASE" = "failed" ] || [ "\$PHASE" = "esca
   exit 0
 fi
 
+# ── Session-scope ownership (BUILD-STOP-HOOK-SESSION-SCOPING-SPEC) ───────────
+# build-state stamps the owning session (tmux name + Claude session UUID) at /build
+# start. Only the OWNER session's Stop should be blocked; any other concurrent
+# session of the same agent must approve-exit WITHOUT spending the owner's
+# reinforcement budget. This closes the cross-session stop-hook leak + budget drain.
+HOOK_INPUT=\$(cat 2>/dev/null || echo "")
+HOOK_SESSION=\$(printf '%s' "\$HOOK_INPUT" | python3 -c "import sys,json
+try: print((json.load(sys.stdin) or {}).get('session_id','') or '')
+except Exception: print('')" 2>/dev/null)
+
+# Resolve MY tmux session name (the stable, cwd-independent owner address).
+# Test seams: INSTAR_HOOK_TMUX_SESSION (if set, even empty, wins);
+# INSTAR_HOOK_NO_TMUX=1 forces empty.
+if [ "\${INSTAR_HOOK_NO_TMUX:-}" = "1" ]; then
+  MY_TMUX=""
+elif [ -n "\${INSTAR_HOOK_TMUX_SESSION+x}" ]; then
+  MY_TMUX="\${INSTAR_HOOK_TMUX_SESSION}"
+else
+  MY_TMUX=\$(tmux display-message -p '#S' 2>/dev/null || echo "")
+fi
+
+OWNERSHIP=\$(STATE_FILE="\$STATE_FILE" MY_TMUX="\$MY_TMUX" HOOK_SESSION="\$HOOK_SESSION" python3 -c "
+import json, os, sys
+try:
+    state = json.load(open(os.environ['STATE_FILE']))
+except Exception:
+    print('approve'); sys.exit(0)
+owner = state.get('owner') or {}
+o_tmux = owner.get('tmux') or ''
+o_sess = owner.get('session') or ''
+my_tmux = os.environ.get('MY_TMUX', '')
+my_sess = os.environ.get('HOOK_SESSION', '')
+
+# (a) No owner stamped -> conservative no-adopt: approve, never claim ownership.
+if not o_tmux and not o_sess:
+    print('approve'); sys.exit(0)
+
+# (b)/(c) Owner stamped: block only the proven owner. A session that cannot match
+# (including one with no resolvable identity) is approved -> never trap, no drain.
+is_owner = (bool(o_tmux) and o_tmux == my_tmux) or (bool(o_sess) and o_sess == my_sess)
+if not is_owner:
+    print('approve'); sys.exit(0)
+
+# Owner confirmed. Restart reconcile: ONLY on a confirmed tmux-owner match whose
+# session UUID rotated (restart) do we update owner.session. The write is gated
+# strictly behind the tmux match, so a non-owner can never clobber owner.session.
+if o_tmux and o_tmux == my_tmux and my_sess and o_sess != my_sess:
+    owner['session'] = my_sess
+    state['owner'] = owner
+    try:
+        with open(os.environ['STATE_FILE'], 'w') as f:
+            json.dump(state, f, indent=2)
+    except Exception:
+        pass
+print('owner')
+" 2>/dev/null)
+
+if [ "\$OWNERSHIP" != "owner" ]; then
+  echo '{"decision":"approve"}'
+  exit 0
+fi
+
 # Check and update reinforcement counter
 RESULT=\$(python3 -c "
 import json, sys