instar 1.3.332 → 1.3.333

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "instar",
3
- "version": "1.3.332",
3
+ "version": "1.3.333",
4
4
  "description": "Coherence infrastructure for self-evolving AI agents — on the Claude Code or Codex subscription you already have.",
5
5
  "type": "module",
6
6
  "main": "dist/index.js",
@@ -1,8 +1,8 @@
1
1
  {
2
2
  "$schema": "./builtin-manifest.schema.json",
3
3
  "schemaVersion": 1,
4
- "generatedAt": "2026-06-06T03:31:31.289Z",
5
- "instarVersion": "1.3.332",
4
+ "generatedAt": "2026-06-06T03:35:43.361Z",
5
+ "instarVersion": "1.3.333",
6
6
  "entryCount": 199,
7
7
  "entries": {
8
8
  "hook:session-start": {
@@ -15,6 +15,14 @@ housekeeping channel — the reporter's per-feature 1h cooldown bounds even an
15
15
  all-topics-stale storm to a single alert). Success clears the episode. The
16
16
  `reportStaleStandby` dep is optional — omitted, behavior is byte-identical.
17
17
 
18
+ Made the three `telegram-reply.sh` test harnesses hermetic against a live
19
+ agent session's environment: each script-spawn now blanks
20
+ `INSTAR_AUTH_TOKEN` so the script exercises the config-file auth fallback
21
+ the tests intend, instead of inheriting the runner's real session token
22
+ (which the test servers' auth middleware correctly rejects, failing the
23
+ tests only when run inside an agent session). Same hermeticity class as
24
+ the #862 unit-suite fix, applied to the reply-script family.
25
+
18
26
  ## What to Tell Your User
19
27
 
20
28
  Only relevant if I run on more than one machine: when the standby machine's
@@ -40,3 +48,8 @@ removed. Focused adversarial second-pass: CONCUR (episode timing, firing bound
40
48
  DegradationReporter flood analysis). Tests: 21 green in LiveTailSource.test.ts
41
49
  incl. the P19 sustained-failure bound (~100 failing windows → exactly 1
42
50
  signal) and the server.ts wiring pin; tsc clean.
51
+
52
+ - Bisected: `tests/integration/telegram-reply-end-to-end.test.ts` fails
53
+ with `INSTAR_AUTH_TOKEN` exported, passes without; single-var culprit.
54
+ - Post-fix: all 4 reply-script test files (32 tests) green BOTH under a
55
+ live agent env and a stripped env.
@@ -0,0 +1,67 @@
1
+ # Side-Effects Review — Hermetic env for telegram-reply script tests
2
+
3
+ **Version / slug:** `test-env-hermetic-reply-scripts`
4
+ **Date:** `2026-06-05`
5
+ **Author:** `echo`
6
+ **Second-pass reviewer:** `not required (test-only change, no runtime surface)`
7
+
8
+ ## Summary of the change
9
+
10
+ Three tests that spawn `telegram-reply.sh` (`tests/integration/telegram-reply-end-to-end.test.ts`, `tests/unit/telegram-reply-recoverable-classification.test.ts`, `tests/unit/reply-scripts.test.ts`) inherited the full process env via `{ ...process.env }`. Inside a live agent session, `INSTAR_AUTH_TOKEN` is exported (SessionManager injects it), the script's documented env-first auth resolution picks it up, and the test server's auth middleware rejects the mismatched Bearer before the route handler records the hit — failing the test only when run inside an agent session. Each spawn site now sets `INSTAR_AUTH_TOKEN: ''` so the script exercises the config-file fallback the tests intend. No runtime files changed.
11
+
12
+ ## Decision-point inventory
13
+
14
+ No decision-point surface — test-only. The script's env-first auth precedence is intentionally UNCHANGED (it is documented, load-bearing behavior); only the tests' spawn environments changed.
15
+
16
+ ---
17
+
18
+ ## 1. Over-block
19
+
20
+ No block/allow surface — not applicable.
21
+
22
+ ## 2. Under-block
23
+
24
+ No block/allow surface — not applicable.
25
+
26
+ ## 3. Level-of-abstraction fit
27
+
28
+ Right layer: the fix is at the test spawn sites, not the script. Weakening the script's env-first precedence to make tests pass would invert the actual contract. The sibling `telegram-reply-port-resolution.test.ts` already constructs a minimal env (`{ PATH }`) — the targeted blank keeps each test's existing env needs intact while removing the one leaking variable.
29
+
30
+ ## 4. Signal vs authority compliance
31
+
32
+ **Required reference:** [docs/signal-vs-authority.md](../../docs/signal-vs-authority.md)
33
+
34
+ - [x] No — this change has no block/allow surface.
35
+
36
+ ## 5. Interactions
37
+
38
+ - Shadowing/double-fire/races/feedback loops: none — test-only env construction.
39
+ - Verified the three tests + the already-hermetic sibling all pass together under a live agent env AND under a stripped env (both run locally).
40
+
41
+ ## 6. External surfaces
42
+
43
+ None. No runtime change; CI behavior identical (CI never had the variable set — that's why CI was green while local was red).
44
+
45
+ ## 7. Rollback cost
46
+
47
+ Trivial revert of three test lines. No persistent state.
48
+
49
+ ---
50
+
51
+ ## Conclusion
52
+
53
+ Closes a hermeticity gap in the reply-script test family (the same class PR #862 closed for the unit suite's config leakage): tests must not change verdict based on the runner's live agent environment. Found via Zero-Failure triage of a local full-suite run. Clear to ship.
54
+
55
+ ---
56
+
57
+ ## Second-pass review (if required)
58
+
59
+ **Reviewer:** not required
60
+ **Independent read of the artifact:** not required — test-only.
61
+
62
+ ---
63
+
64
+ ## Evidence pointers
65
+
66
+ - Repro: `npx vitest run tests/integration/telegram-reply-end-to-end.test.ts` fails with `INSTAR_AUTH_TOKEN` exported, passes with it unset (bisected: that single var).
67
+ - Post-fix: all 4 reply-script test files green under the live agent env (32 tests).
@@ -0,0 +1,9 @@
1
+ # Tests stop failing just because a real agent is running them
2
+
3
+ Three of our tests check the little script that delivers my chat replies. Each test builds a fake miniature server, points the script at it, and watches what the script does. The problem: when those tests run inside a LIVE agent work session (instead of a clean CI machine), the session environment carries the agent's REAL access token in an environment variable — and the script is designed to prefer that variable when it exists. So the script walks up to the fake test server holding the real token, the fake server's door check rejects it (wrong token), and the test fails with a confusing "the script never called the server" error — even though nothing is actually broken.
4
+
5
+ This bit us tonight: the full test suite went red on my machine for exactly this reason, while the same tests pass everywhere else. The "fix" each time would have been to shrug and re-run on CI — which trains everyone to distrust local test runs, the opposite of what a test suite is for.
6
+
7
+ The change is three one-line edits: each test now explicitly blanks that environment variable when launching the script, so the script falls back to reading the token from the test's own config file — the path the tests were always meant to exercise. A fourth sibling test already did this correctly (it builds a minimal clean environment from scratch), which is how we knew the pattern. Comments at each site explain why, so the next person who writes a test like this copies the safe pattern.
8
+
9
+ Nothing about the real script changes. Production behavior is untouched — this only makes the tests honest about what environment they run in. Tests now pass identically on a clean CI box and inside a live agent session.