instar 1.3.332 → 1.3.333
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "./builtin-manifest.schema.json",
|
|
3
3
|
"schemaVersion": 1,
|
|
4
|
-
"generatedAt": "2026-06-06T03:
|
|
5
|
-
"instarVersion": "1.3.
|
|
4
|
+
"generatedAt": "2026-06-06T03:35:43.361Z",
|
|
5
|
+
"instarVersion": "1.3.333",
|
|
6
6
|
"entryCount": 199,
|
|
7
7
|
"entries": {
|
|
8
8
|
"hook:session-start": {
|
|
@@ -15,6 +15,14 @@ housekeeping channel — the reporter's per-feature 1h cooldown bounds even an
|
|
|
15
15
|
all-topics-stale storm to a single alert). Success clears the episode. The
|
|
16
16
|
`reportStaleStandby` dep is optional — omitted, behavior is byte-identical.
|
|
17
17
|
|
|
18
|
+
Made the three `telegram-reply.sh` test harnesses hermetic against a live
|
|
19
|
+
agent session's environment: each script-spawn now blanks
|
|
20
|
+
`INSTAR_AUTH_TOKEN` so the script exercises the config-file auth fallback
|
|
21
|
+
the tests intend, instead of inheriting the runner's real session token
|
|
22
|
+
(which the test servers' auth middleware correctly rejects, failing the
|
|
23
|
+
tests only when run inside an agent session). Same hermeticity class as
|
|
24
|
+
the #862 unit-suite fix, applied to the reply-script family.
|
|
25
|
+
|
|
18
26
|
## What to Tell Your User
|
|
19
27
|
|
|
20
28
|
Only relevant if I run on more than one machine: when the standby machine's
|
|
@@ -40,3 +48,8 @@ removed. Focused adversarial second-pass: CONCUR (episode timing, firing bound
|
|
|
40
48
|
DegradationReporter flood analysis). Tests: 21 green in LiveTailSource.test.ts
|
|
41
49
|
incl. the P19 sustained-failure bound (~100 failing windows → exactly 1
|
|
42
50
|
signal) and the server.ts wiring pin; tsc clean.
|
|
51
|
+
|
|
52
|
+
- Bisected: `tests/integration/telegram-reply-end-to-end.test.ts` fails
|
|
53
|
+
with `INSTAR_AUTH_TOKEN` exported, passes without; single-var culprit.
|
|
54
|
+
- Post-fix: all 4 reply-script test files (32 tests) green BOTH under a
|
|
55
|
+
live agent env and a stripped env.
|
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
# Side-Effects Review — Hermetic env for telegram-reply script tests
|
|
2
|
+
|
|
3
|
+
**Version / slug:** `test-env-hermetic-reply-scripts`
|
|
4
|
+
**Date:** `2026-06-05`
|
|
5
|
+
**Author:** `echo`
|
|
6
|
+
**Second-pass reviewer:** `not required (test-only change, no runtime surface)`
|
|
7
|
+
|
|
8
|
+
## Summary of the change
|
|
9
|
+
|
|
10
|
+
Three tests that spawn `telegram-reply.sh` (`tests/integration/telegram-reply-end-to-end.test.ts`, `tests/unit/telegram-reply-recoverable-classification.test.ts`, `tests/unit/reply-scripts.test.ts`) inherited the full process env via `{ ...process.env }`. Inside a live agent session, `INSTAR_AUTH_TOKEN` is exported (SessionManager injects it), the script's documented env-first auth resolution picks it up, and the test server's auth middleware rejects the mismatched Bearer before the route handler records the hit — failing the test only when run inside an agent session. Each spawn site now sets `INSTAR_AUTH_TOKEN: ''` so the script exercises the config-file fallback the tests intend. No runtime files changed.
|
|
11
|
+
|
|
12
|
+
## Decision-point inventory
|
|
13
|
+
|
|
14
|
+
No decision-point surface — test-only. The script's env-first auth precedence is intentionally UNCHANGED (it is documented, load-bearing behavior); only the tests' spawn environments changed.
|
|
15
|
+
|
|
16
|
+
---
|
|
17
|
+
|
|
18
|
+
## 1. Over-block
|
|
19
|
+
|
|
20
|
+
No block/allow surface — not applicable.
|
|
21
|
+
|
|
22
|
+
## 2. Under-block
|
|
23
|
+
|
|
24
|
+
No block/allow surface — not applicable.
|
|
25
|
+
|
|
26
|
+
## 3. Level-of-abstraction fit
|
|
27
|
+
|
|
28
|
+
Right layer: the fix is at the test spawn sites, not the script. Weakening the script's env-first precedence to make tests pass would invert the actual contract. The sibling `telegram-reply-port-resolution.test.ts` already constructs a minimal env (`{ PATH }`) — the targeted blank keeps each test's existing env needs intact while removing the one leaking variable.
|
|
29
|
+
|
|
30
|
+
## 4. Signal vs authority compliance
|
|
31
|
+
|
|
32
|
+
**Required reference:** [docs/signal-vs-authority.md](../../docs/signal-vs-authority.md)
|
|
33
|
+
|
|
34
|
+
- [x] No — this change has no block/allow surface.
|
|
35
|
+
|
|
36
|
+
## 5. Interactions
|
|
37
|
+
|
|
38
|
+
- Shadowing/double-fire/races/feedback loops: none — test-only env construction.
|
|
39
|
+
- Verified the three tests + the already-hermetic sibling all pass together under a live agent env AND under a stripped env (both run locally).
|
|
40
|
+
|
|
41
|
+
## 6. External surfaces
|
|
42
|
+
|
|
43
|
+
None. No runtime change; CI behavior identical (CI never had the variable set — that's why CI was green while local was red).
|
|
44
|
+
|
|
45
|
+
## 7. Rollback cost
|
|
46
|
+
|
|
47
|
+
Trivial revert of three test lines. No persistent state.
|
|
48
|
+
|
|
49
|
+
---
|
|
50
|
+
|
|
51
|
+
## Conclusion
|
|
52
|
+
|
|
53
|
+
Closes a hermeticity gap in the reply-script test family (the same class PR #862 closed for the unit suite's config leakage): tests must not change verdict based on the runner's live agent environment. Found via Zero-Failure triage of a local full-suite run. Clear to ship.
|
|
54
|
+
|
|
55
|
+
---
|
|
56
|
+
|
|
57
|
+
## Second-pass review (if required)
|
|
58
|
+
|
|
59
|
+
**Reviewer:** not required
|
|
60
|
+
**Independent read of the artifact:** not required — test-only.
|
|
61
|
+
|
|
62
|
+
---
|
|
63
|
+
|
|
64
|
+
## Evidence pointers
|
|
65
|
+
|
|
66
|
+
- Repro: `npx vitest run tests/integration/telegram-reply-end-to-end.test.ts` fails with `INSTAR_AUTH_TOKEN` exported, passes with it unset (bisected: that single var).
|
|
67
|
+
- Post-fix: all 4 reply-script test files green under the live agent env (32 tests).
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
# Tests stop failing just because a real agent is running them
|
|
2
|
+
|
|
3
|
+
Three of our tests check the little script that delivers my chat replies. Each test builds a fake miniature server, points the script at it, and watches what the script does. The problem: when those tests run inside a LIVE agent work session (instead of a clean CI machine), the session environment carries the agent's REAL access token in an environment variable — and the script is designed to prefer that variable when it exists. So the script walks up to the fake test server holding the real token, the fake server's door check rejects it (wrong token), and the test fails with a confusing "the script never called the server" error — even though nothing is actually broken.
|
|
4
|
+
|
|
5
|
+
This bit us tonight: the full test suite went red on my machine for exactly this reason, while the same tests pass everywhere else. The "fix" each time would have been to shrug and re-run on CI — which trains everyone to distrust local test runs, the opposite of what a test suite is for.
|
|
6
|
+
|
|
7
|
+
The change is three one-line edits: each test now explicitly blanks that environment variable when launching the script, so the script falls back to reading the token from the test's own config file — the path the tests were always meant to exercise. A fourth sibling test already did this correctly (it builds a minimal clean environment from scratch), which is how we knew the pattern. Comments at each site explain why, so the next person who writes a test like this copies the safe pattern.
|
|
8
|
+
|
|
9
|
+
Nothing about the real script changes. Production behavior is untouched — this only makes the tests honest about what environment they run in. Tests now pass identically on a clean CI box and inside a live agent session.
|