instar 1.3.314 → 1.3.315

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "instar",
3
- "version": "1.3.314",
3
+ "version": "1.3.315",
4
4
  "description": "Coherence infrastructure for self-evolving AI agents — on the Claude Code or Codex subscription you already have.",
5
5
  "type": "module",
6
6
  "main": "dist/index.js",
@@ -1,8 +1,8 @@
1
1
  {
2
2
  "$schema": "./builtin-manifest.schema.json",
3
3
  "schemaVersion": 1,
4
- "generatedAt": "2026-06-05T18:49:31.951Z",
5
- "instarVersion": "1.3.314",
4
+ "generatedAt": "2026-06-05T19:05:04.256Z",
5
+ "instarVersion": "1.3.315",
6
6
  "entryCount": 199,
7
7
  "entries": {
8
8
  "hook:session-start": {
@@ -418,7 +418,7 @@
418
418
  "type": "route-group",
419
419
  "domain": "monitoring",
420
420
  "sourcePath": "src/server/routes.ts",
421
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
421
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
422
422
  "since": "2025-01-01"
423
423
  },
424
424
  "route-group:agents": {
@@ -426,7 +426,7 @@
426
426
  "type": "route-group",
427
427
  "domain": "sessions",
428
428
  "sourcePath": "src/server/routes.ts",
429
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
429
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
430
430
  "since": "2025-01-01"
431
431
  },
432
432
  "route-group:backups": {
@@ -434,7 +434,7 @@
434
434
  "type": "route-group",
435
435
  "domain": "operations",
436
436
  "sourcePath": "src/server/routes.ts",
437
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
437
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
438
438
  "since": "2025-01-01"
439
439
  },
440
440
  "route-group:git": {
@@ -442,7 +442,7 @@
442
442
  "type": "route-group",
443
443
  "domain": "coordination",
444
444
  "sourcePath": "src/server/routes.ts",
445
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
445
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
446
446
  "since": "2025-01-01"
447
447
  },
448
448
  "route-group:memory": {
@@ -450,7 +450,7 @@
450
450
  "type": "route-group",
451
451
  "domain": "memory",
452
452
  "sourcePath": "src/server/routes.ts",
453
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
453
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
454
454
  "since": "2025-01-01"
455
455
  },
456
456
  "route-group:semantic": {
@@ -458,7 +458,7 @@
458
458
  "type": "route-group",
459
459
  "domain": "memory",
460
460
  "sourcePath": "src/server/routes.ts",
461
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
461
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
462
462
  "since": "2025-01-01"
463
463
  },
464
464
  "route-group:status": {
@@ -466,7 +466,7 @@
466
466
  "type": "route-group",
467
467
  "domain": "monitoring",
468
468
  "sourcePath": "src/server/routes.ts",
469
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
469
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
470
470
  "since": "2025-01-01"
471
471
  },
472
472
  "route-group:capabilities": {
@@ -474,7 +474,7 @@
474
474
  "type": "route-group",
475
475
  "domain": "mapping",
476
476
  "sourcePath": "src/server/routes.ts",
477
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
477
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
478
478
  "since": "2025-01-01"
479
479
  },
480
480
  "route-group:project-map": {
@@ -482,7 +482,7 @@
482
482
  "type": "route-group",
483
483
  "domain": "mapping",
484
484
  "sourcePath": "src/server/routes.ts",
485
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
485
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
486
486
  "since": "2025-01-01"
487
487
  },
488
488
  "route-group:coherence": {
@@ -490,7 +490,7 @@
490
490
  "type": "route-group",
491
491
  "domain": "coherence",
492
492
  "sourcePath": "src/server/routes.ts",
493
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
493
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
494
494
  "since": "2025-01-01"
495
495
  },
496
496
  "route-group:topic-bindings": {
@@ -498,7 +498,7 @@
498
498
  "type": "route-group",
499
499
  "domain": "sessions",
500
500
  "sourcePath": "src/server/routes.ts",
501
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
501
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
502
502
  "since": "2025-01-01"
503
503
  },
504
504
  "route-group:context": {
@@ -506,7 +506,7 @@
506
506
  "type": "route-group",
507
507
  "domain": "context",
508
508
  "sourcePath": "src/server/routes.ts",
509
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
509
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
510
510
  "since": "2025-01-01"
511
511
  },
512
512
  "route-group:scope-coherence": {
@@ -514,7 +514,7 @@
514
514
  "type": "route-group",
515
515
  "domain": "coherence",
516
516
  "sourcePath": "src/server/routes.ts",
517
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
517
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
518
518
  "since": "2025-01-01"
519
519
  },
520
520
  "route-group:canonical-state": {
@@ -522,7 +522,7 @@
522
522
  "type": "route-group",
523
523
  "domain": "state",
524
524
  "sourcePath": "src/server/routes.ts",
525
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
525
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
526
526
  "since": "2025-01-01"
527
527
  },
528
528
  "route-group:ci": {
@@ -530,7 +530,7 @@
530
530
  "type": "route-group",
531
531
  "domain": "monitoring",
532
532
  "sourcePath": "src/server/routes.ts",
533
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
533
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
534
534
  "since": "2025-01-01"
535
535
  },
536
536
  "route-group:sessions": {
@@ -538,7 +538,7 @@
538
538
  "type": "route-group",
539
539
  "domain": "sessions",
540
540
  "sourcePath": "src/server/routes.ts",
541
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
541
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
542
542
  "since": "2025-01-01"
543
543
  },
544
544
  "route-group:jobs": {
@@ -546,7 +546,7 @@
546
546
  "type": "route-group",
547
547
  "domain": "scheduling",
548
548
  "sourcePath": "src/server/routes.ts",
549
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
549
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
550
550
  "since": "2025-01-01"
551
551
  },
552
552
  "route-group:skip-ledger": {
@@ -554,7 +554,7 @@
554
554
  "type": "route-group",
555
555
  "domain": "scheduling",
556
556
  "sourcePath": "src/server/routes.ts",
557
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
557
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
558
558
  "since": "2025-01-01"
559
559
  },
560
560
  "route-group:telegram": {
@@ -562,7 +562,7 @@
562
562
  "type": "route-group",
563
563
  "domain": "communication",
564
564
  "sourcePath": "src/server/routes.ts",
565
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
565
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
566
566
  "since": "2025-01-01"
567
567
  },
568
568
  "route-group:attention": {
@@ -570,7 +570,7 @@
570
570
  "type": "route-group",
571
571
  "domain": "communication",
572
572
  "sourcePath": "src/server/routes.ts",
573
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
573
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
574
574
  "since": "2025-01-01"
575
575
  },
576
576
  "route-group:relationships": {
@@ -578,7 +578,7 @@
578
578
  "type": "route-group",
579
579
  "domain": "relationships",
580
580
  "sourcePath": "src/server/routes.ts",
581
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
581
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
582
582
  "since": "2025-01-01"
583
583
  },
584
584
  "route-group:feedback": {
@@ -586,7 +586,7 @@
586
586
  "type": "route-group",
587
587
  "domain": "feedback",
588
588
  "sourcePath": "src/server/routes.ts",
589
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
589
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
590
590
  "since": "2025-01-01"
591
591
  },
592
592
  "route-group:updates": {
@@ -594,7 +594,7 @@
594
594
  "type": "route-group",
595
595
  "domain": "updates",
596
596
  "sourcePath": "src/server/routes.ts",
597
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
597
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
598
598
  "since": "2025-01-01"
599
599
  },
600
600
  "route-group:dispatches": {
@@ -602,7 +602,7 @@
602
602
  "type": "route-group",
603
603
  "domain": "dispatches",
604
604
  "sourcePath": "src/server/routes.ts",
605
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
605
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
606
606
  "since": "2025-01-01"
607
607
  },
608
608
  "route-group:quota": {
@@ -610,7 +610,7 @@
610
610
  "type": "route-group",
611
611
  "domain": "monitoring",
612
612
  "sourcePath": "src/server/routes.ts",
613
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
613
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
614
614
  "since": "2025-01-01"
615
615
  },
616
616
  "route-group:publishing": {
@@ -618,7 +618,7 @@
618
618
  "type": "route-group",
619
619
  "domain": "publishing",
620
620
  "sourcePath": "src/server/routes.ts",
621
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
621
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
622
622
  "since": "2025-01-01"
623
623
  },
624
624
  "route-group:private-views": {
@@ -626,7 +626,7 @@
626
626
  "type": "route-group",
627
627
  "domain": "publishing",
628
628
  "sourcePath": "src/server/routes.ts",
629
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
629
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
630
630
  "since": "2025-01-01"
631
631
  },
632
632
  "route-group:tunnel": {
@@ -634,7 +634,7 @@
634
634
  "type": "route-group",
635
635
  "domain": "networking",
636
636
  "sourcePath": "src/server/routes.ts",
637
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
637
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
638
638
  "since": "2025-01-01"
639
639
  },
640
640
  "route-group:events": {
@@ -642,7 +642,7 @@
642
642
  "type": "route-group",
643
643
  "domain": "networking",
644
644
  "sourcePath": "src/server/routes.ts",
645
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
645
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
646
646
  "since": "2025-01-01"
647
647
  },
648
648
  "route-group:evolution": {
@@ -650,7 +650,7 @@
650
650
  "type": "route-group",
651
651
  "domain": "evolution",
652
652
  "sourcePath": "src/server/routes.ts",
653
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
653
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
654
654
  "since": "2025-01-01"
655
655
  },
656
656
  "route-group:watchdog": {
@@ -658,7 +658,7 @@
658
658
  "type": "route-group",
659
659
  "domain": "monitoring",
660
660
  "sourcePath": "src/server/routes.ts",
661
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
661
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
662
662
  "since": "2025-01-01"
663
663
  },
664
664
  "route-group:topic-memory": {
@@ -666,7 +666,7 @@
666
666
  "type": "route-group",
667
667
  "domain": "memory",
668
668
  "sourcePath": "src/server/routes.ts",
669
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
669
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
670
670
  "since": "2025-01-01"
671
671
  },
672
672
  "route-group:state-sync": {
@@ -674,7 +674,7 @@
674
674
  "type": "route-group",
675
675
  "domain": "coordination",
676
676
  "sourcePath": "src/server/routes.ts",
677
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
677
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
678
678
  "since": "2025-01-01"
679
679
  },
680
680
  "route-group:intent": {
@@ -682,7 +682,7 @@
682
682
  "type": "route-group",
683
683
  "domain": "intent",
684
684
  "sourcePath": "src/server/routes.ts",
685
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
685
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
686
686
  "since": "2025-01-01"
687
687
  },
688
688
  "route-group:triage": {
@@ -690,7 +690,7 @@
690
690
  "type": "route-group",
691
691
  "domain": "safety",
692
692
  "sourcePath": "src/server/routes.ts",
693
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
693
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
694
694
  "since": "2025-01-01"
695
695
  },
696
696
  "route-group:operations": {
@@ -698,7 +698,7 @@
698
698
  "type": "route-group",
699
699
  "domain": "safety",
700
700
  "sourcePath": "src/server/routes.ts",
701
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
701
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
702
702
  "since": "2025-01-01"
703
703
  },
704
704
  "route-group:sentinel": {
@@ -706,7 +706,7 @@
706
706
  "type": "route-group",
707
707
  "domain": "safety",
708
708
  "sourcePath": "src/server/routes.ts",
709
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
709
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
710
710
  "since": "2025-01-01"
711
711
  },
712
712
  "route-group:trust": {
@@ -714,7 +714,7 @@
714
714
  "type": "route-group",
715
715
  "domain": "safety",
716
716
  "sourcePath": "src/server/routes.ts",
717
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
717
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
718
718
  "since": "2025-01-01"
719
719
  },
720
720
  "route-group:monitoring": {
@@ -722,7 +722,7 @@
722
722
  "type": "route-group",
723
723
  "domain": "monitoring",
724
724
  "sourcePath": "src/server/routes.ts",
725
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
725
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
726
726
  "since": "2025-01-01"
727
727
  },
728
728
  "route-group:commitments": {
@@ -730,7 +730,7 @@
730
730
  "type": "route-group",
731
731
  "domain": "commitments",
732
732
  "sourcePath": "src/server/routes.ts",
733
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
733
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
734
734
  "since": "2025-01-01"
735
735
  },
736
736
  "route-group:episodes": {
@@ -738,7 +738,7 @@
738
738
  "type": "route-group",
739
739
  "domain": "memory",
740
740
  "sourcePath": "src/server/routes.ts",
741
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
741
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
742
742
  "since": "2025-01-01"
743
743
  },
744
744
  "route-group:messages": {
@@ -746,7 +746,7 @@
746
746
  "type": "route-group",
747
747
  "domain": "coordination",
748
748
  "sourcePath": "src/server/routes.ts",
749
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
749
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
750
750
  "since": "2025-01-01"
751
751
  },
752
752
  "route-group:system-reviews": {
@@ -754,7 +754,7 @@
754
754
  "type": "route-group",
755
755
  "domain": "monitoring",
756
756
  "sourcePath": "src/server/routes.ts",
757
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
757
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
758
758
  "since": "2025-01-01"
759
759
  },
760
760
  "route-group:machine-mesh": {
@@ -770,7 +770,7 @@
770
770
  "type": "route-group",
771
771
  "domain": "security",
772
772
  "sourcePath": "src/server/routes.ts",
773
- "contentHash": "26dde9a216b2facadce61a94d60df46175292843555fdf095cf7dd6075420a82",
773
+ "contentHash": "5c3d0c3cc5bc87d76aa8560c569c883d93f3874d00f121df15663cb4549837a4",
774
774
  "since": "2025-01-01"
775
775
  },
776
776
  "cli:init": {
@@ -0,0 +1,41 @@
1
+ # Upgrade Guide — vNEXT
2
+
3
+ <!-- assembled-by: assemble-next-md -->
4
+ <!-- bump: patch -->
5
+
6
+ ## What Changed
7
+
8
+ The server now refuses to deliver any agent→user message that contains a
9
+ clickable machine-local link (`http://localhost:…`, `127.x.x.x`, `0.0.0.0`,
10
+ `[::1]`). Users are almost never on the machine the agent's server runs on —
11
+ such links are unopenable from their device. The send is rejected with a 422
12
+ whose error text tells the agent exactly how to fix it: fetch the public
13
+ tunnel URL (`GET /tunnel`) and substitute, or omit the link and say it will
14
+ follow. Prose mentions of localhost/ports still pass — only clickable links
15
+ are policed.
16
+
17
+ ## What to Tell Your User
18
+
19
+ Nothing to configure. If you ever asked your agent for a dashboard or view
20
+ link and received a localhost address you couldn't open — that mistake is
21
+ now structurally impossible; you'll always get the public tunnel link.
22
+
23
+ ## Summary of New Capabilities
24
+
25
+ - Localhost-link guard at the outbound message chokepoint (all user-facing
26
+ channels: Telegram, Slack, WhatsApp, iMessage). Deterministic, independent
27
+ of the LLM tone gate, active even where no gate is configured.
28
+ - Agent guidance lives in the rejection itself: the 422 names the offending
29
+ link and the remediation, so the failure self-corrects in one round trip.
30
+ - Rare deliberate sends of a raw local URL (operator explicitly asked):
31
+ resend with `metadata.allowLocalhostLink: true` on `/telegram/reply`.
32
+ - Maturity: stable (deterministic guard + tests; no config surface).
33
+
34
+ ## Evidence
35
+
36
+ Born from a real 2026-06-05 incident: an agent sent its operator
37
+ `http://localhost:4040/dashboard` over Telegram — unopenable from the phone,
38
+ and the port belonged to a DIFFERENT agent on the same machine. 25 tests
39
+ green (20 detector cases incl. the incident string and boundary hostnames
40
+ like localhost.example.com; 5 route-level cases over real HTTP proving 422 +
41
+ no-send, tunnel-link pass, and the escape hatch); `tsc --noEmit` clean.
@@ -0,0 +1,32 @@
1
+ # Localhost-Link Guard — Plain-English Overview
2
+
3
+ > The one-line version: the server now refuses to send a user any message containing a `localhost` link, because the user is almost never sitting on the machine that link points at.
4
+
5
+ ## The problem in one breath
6
+
7
+ An agent shared its dashboard with the operator by sending `http://localhost:4040/dashboard` over Telegram. The operator was on his phone — a localhost link points at *the phone itself*, so it can never work. Worse, the port was wrong too (it belonged to a different agent on the same machine). The operator called for a strong rule: never send localhost links to a user, ever.
8
+
9
+ ## What already exists
10
+
11
+ - **The outbound message gate** — every agent-authored message to a user already passes through one checkpoint on the server before it reaches Telegram (or Slack/WhatsApp/iMessage). An LLM reviewer there catches tone problems and technical leakage.
12
+ - **The tunnel** — every agent already has a public HTTPS address (the Cloudflare tunnel) that works from any device. That is the link users should always get.
13
+ - **Hard deterministic checks** — some rules don't need an LLM's judgment: a message over 4096 characters is rejected flat. This guard joins that family.
14
+
15
+ ## What this adds
16
+
17
+ A deterministic check at that same chokepoint: if an outgoing user message contains a clickable `http(s)://localhost`, `127.x.x.x`, `0.0.0.0`, or `[::1]` link, the send is rejected with a clear explanation telling the agent to use the public tunnel URL instead (and exactly how to fetch it). The agent gets corrected at the moment of the mistake — no memory or willpower required, and it works fleet-wide the moment a server updates.
18
+
19
+ - Only **clickable links** are policed. Prose like "my server listens on port 4042" or "the localhost config" passes — the rule is about links a user might tap, not about discussing local machinery.
20
+ - Hostnames that merely *start* with localhost (like `localhost.example.com`) are not flagged — the matcher requires a real loopback host.
21
+ - A narrow escape hatch exists for the rare case where the operator explicitly asks to see the raw local URL: the sender can mark the message `allowLocalhostLink: true` and it goes through.
22
+ - The guard runs even on installs that have no LLM tone gate configured at all — it's independent of that machinery.
23
+
24
+ ## What does NOT change
25
+
26
+ - Nothing about how tunnel links are generated or shared.
27
+ - Agent-to-agent (Threadline) messages are untouched — this is strictly the agent→user path.
28
+ - System-template messages (sentinel alerts etc.) were already reviewed at code-review time and keep their existing bypass.
29
+
30
+ ## Why a hard block instead of a warning
31
+
32
+ A localhost link in a user-bound message has no legitimate reading — the user cannot open it. Warning-and-send would still deliver a broken link; rejecting forces the agent to re-send with the working one. The rejection message itself teaches the fix, so the failure is self-correcting in one round trip.
@@ -0,0 +1,58 @@
1
+ # Side-effects review — localhost-link guard at the outbound message chokepoint
2
+
3
+ Operator-mandated STRONG RULE (Justin, 2026-06-05, after receiving
4
+ `http://localhost:4040/dashboard` on his phone — unopenable AND the wrong
5
+ agent's port): never send a machine-local link to a user.
6
+
7
+ ## 1. The change
8
+
9
+ - **`src/core/localhost-link.ts`** (new) — `detectLocalhostLink(text)`:
10
+ deterministic regex over SCHEME-BEARING links only
11
+ (`http(s)://localhost | 127.x.x.x | 0.0.0.0 | [::1]`, any port/path), with a
12
+ host-boundary lookahead so loopback-looking PREFIXES of public hostnames
13
+ (`localhost.example.com`) do NOT match. Prose mentions ("port 4042",
14
+ "localhost config") never match — only clickable links are policed.
15
+ - **`src/server/routes.ts`** — `checkOutboundMessage()` (the SINGLE authority
16
+ for agent→user delivery across telegram/slack/whatsapp/imessage call sites)
17
+ gains a deterministic block BEFORE the tone-gate availability early-return:
18
+ detected link → 422 `{ blockedBy: 'localhost-link-guard', match, error }`
19
+ with remediation in the error text (fetch `GET /tunnel`, substitute, or omit
20
+ + follow up). New option `allowLocalhostLink` (deny-by-default escape hatch)
21
+ plumbed from `metadata.allowLocalhostLink` at the `/telegram/reply` call
22
+ site only.
23
+
24
+ ## 2. Why a hard deterministic block (not a tone-gate signal)
25
+
26
+ Per docs/signal-vs-authority.md, detectors whose verdict needs conversational
27
+ judgment emit signals for the LLM authority. A loopback link in a user-bound
28
+ message has NO legitimate reading — like the 4096-length check, it's a fact,
29
+ not a judgment. Blocking also makes the failure self-correcting: the 422 text
30
+ tells the sending agent exactly how to fix and re-send.
31
+
32
+ ## 3. Blast radius
33
+
34
+ - All user-facing channel sends that flow through `checkOutboundMessage`
35
+ enforce the rule the moment a server updates — fleet-wide, no migration
36
+ needed (server-side change only; no template/hook/config surface).
37
+ - Paths that SKIP `checkOutboundMessage` keep their existing behavior:
38
+ proxy messages (`metadata.isProxy`), matched system templates, and
39
+ standby→holder relays (the holder gates on receipt, so the rule still
40
+ applies there).
41
+ - False-positive risk: bounded by the scheme requirement + host boundary;
42
+ the unit matrix covers tunnel links, prose mentions, path-embedded
43
+ "localhost", `ssh://` schemes, and `localhost.example.com` as passes.
44
+ - Agent ergonomics: a blocked agent sees the remediation in the error; the
45
+ escape hatch requires an explicit per-message opt-in, so it cannot become
46
+ ambient.
47
+
48
+ ## 4. Test coverage
49
+
50
+ - `tests/unit/localhost-link.test.ts` — 20 cases: 9 detection shapes
51
+ (ports, paths, case, IPv6, bare host, the real incident string, markdown
52
+ punctuation boundaries) + 11 pass shapes (tunnel/public links, prose,
53
+ boundary hostnames, empty).
54
+ - `tests/unit/localhost-link-guard-route.test.ts` — 5 route-level cases over
55
+ real HTTP against `createRoutes` with NO tone gate configured: 422 +
56
+ `blockedBy` + no send for localhost/127.0.0.1; 200 + send for tunnel link
57
+ and prose; escape hatch honored.
58
+ - `npx tsc --noEmit` clean.