instar 1.3.342 → 1.3.344

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (120) hide show
  1. package/dist/commands/init.d.ts +4 -4
  2. package/dist/commands/init.d.ts.map +1 -1
  3. package/dist/commands/init.js.map +1 -1
  4. package/dist/commands/server.d.ts.map +1 -1
  5. package/dist/commands/server.js +47 -0
  6. package/dist/commands/server.js.map +1 -1
  7. package/dist/commands/setup.d.ts +1 -1
  8. package/dist/commands/setup.d.ts.map +1 -1
  9. package/dist/commands/setup.js.map +1 -1
  10. package/dist/core/Config.d.ts +12 -3
  11. package/dist/core/Config.d.ts.map +1 -1
  12. package/dist/core/Config.js +40 -6
  13. package/dist/core/Config.js.map +1 -1
  14. package/dist/core/FrameworkSessionStore.d.ts +1 -1
  15. package/dist/core/FrameworkSessionStore.d.ts.map +1 -1
  16. package/dist/core/PiCliIntelligenceProvider.d.ts +52 -0
  17. package/dist/core/PiCliIntelligenceProvider.d.ts.map +1 -0
  18. package/dist/core/PiCliIntelligenceProvider.js +71 -0
  19. package/dist/core/PiCliIntelligenceProvider.js.map +1 -0
  20. package/dist/core/PostUpdateMigrator.d.ts.map +1 -1
  21. package/dist/core/PostUpdateMigrator.js +14 -0
  22. package/dist/core/PostUpdateMigrator.js.map +1 -1
  23. package/dist/core/PreCompactionFlush.d.ts +1 -1
  24. package/dist/core/PreCompactionFlush.d.ts.map +1 -1
  25. package/dist/core/ResumeValidator.d.ts +1 -1
  26. package/dist/core/ResumeValidator.d.ts.map +1 -1
  27. package/dist/core/SessionManager.d.ts.map +1 -1
  28. package/dist/core/SessionManager.js +35 -1
  29. package/dist/core/SessionManager.js.map +1 -1
  30. package/dist/core/TopicFrameworksStore.d.ts.map +1 -1
  31. package/dist/core/TopicFrameworksStore.js +3 -0
  32. package/dist/core/TopicFrameworksStore.js.map +1 -1
  33. package/dist/core/frameworkInjectionProcesses.d.ts.map +1 -1
  34. package/dist/core/frameworkInjectionProcesses.js +4 -0
  35. package/dist/core/frameworkInjectionProcesses.js.map +1 -1
  36. package/dist/core/frameworkSessionLaunch.d.ts +8 -0
  37. package/dist/core/frameworkSessionLaunch.d.ts.map +1 -1
  38. package/dist/core/frameworkSessionLaunch.js +73 -0
  39. package/dist/core/frameworkSessionLaunch.js.map +1 -1
  40. package/dist/core/intelligenceProviderFactory.d.ts +15 -1
  41. package/dist/core/intelligenceProviderFactory.d.ts.map +1 -1
  42. package/dist/core/intelligenceProviderFactory.js +39 -1
  43. package/dist/core/intelligenceProviderFactory.js.map +1 -1
  44. package/dist/core/types.d.ts +18 -7
  45. package/dist/core/types.d.ts.map +1 -1
  46. package/dist/core/types.js.map +1 -1
  47. package/dist/messaging/shared/telegramRelayPrompt.d.ts +1 -1
  48. package/dist/messaging/shared/telegramRelayPrompt.d.ts.map +1 -1
  49. package/dist/monitoring/SessionReaper.d.ts +1 -1
  50. package/dist/monitoring/SessionReaper.d.ts.map +1 -1
  51. package/dist/monitoring/SessionReaper.js.map +1 -1
  52. package/dist/monitoring/frameworkActivitySignals.d.ts.map +1 -1
  53. package/dist/monitoring/frameworkActivitySignals.js +21 -0
  54. package/dist/monitoring/frameworkActivitySignals.js.map +1 -1
  55. package/dist/monitoring/frameworkProcessSignals.d.ts.map +1 -1
  56. package/dist/monitoring/frameworkProcessSignals.js +22 -0
  57. package/dist/monitoring/frameworkProcessSignals.js.map +1 -1
  58. package/dist/providers/adapters/pi-cli/capabilities.d.ts +31 -0
  59. package/dist/providers/adapters/pi-cli/capabilities.d.ts.map +1 -0
  60. package/dist/providers/adapters/pi-cli/capabilities.js +40 -0
  61. package/dist/providers/adapters/pi-cli/capabilities.js.map +1 -0
  62. package/dist/providers/adapters/pi-cli/config.d.ts +65 -0
  63. package/dist/providers/adapters/pi-cli/config.d.ts.map +1 -0
  64. package/dist/providers/adapters/pi-cli/config.js +43 -0
  65. package/dist/providers/adapters/pi-cli/config.js.map +1 -0
  66. package/dist/providers/adapters/pi-cli/control/piHardKill.d.ts +19 -0
  67. package/dist/providers/adapters/pi-cli/control/piHardKill.d.ts.map +1 -0
  68. package/dist/providers/adapters/pi-cli/control/piHardKill.js +67 -0
  69. package/dist/providers/adapters/pi-cli/control/piHardKill.js.map +1 -0
  70. package/dist/providers/adapters/pi-cli/errors.d.ts +43 -0
  71. package/dist/providers/adapters/pi-cli/errors.d.ts.map +1 -0
  72. package/dist/providers/adapters/pi-cli/errors.js +71 -0
  73. package/dist/providers/adapters/pi-cli/errors.js.map +1 -0
  74. package/dist/providers/adapters/pi-cli/index.d.ts +39 -0
  75. package/dist/providers/adapters/pi-cli/index.d.ts.map +1 -0
  76. package/dist/providers/adapters/pi-cli/index.js +69 -0
  77. package/dist/providers/adapters/pi-cli/index.js.map +1 -0
  78. package/dist/providers/adapters/pi-cli/observability/sessionId.d.ts +27 -0
  79. package/dist/providers/adapters/pi-cli/observability/sessionId.d.ts.map +1 -0
  80. package/dist/providers/adapters/pi-cli/observability/sessionId.js +53 -0
  81. package/dist/providers/adapters/pi-cli/observability/sessionId.js.map +1 -0
  82. package/dist/providers/adapters/pi-cli/policy.d.ts +44 -0
  83. package/dist/providers/adapters/pi-cli/policy.d.ts.map +1 -0
  84. package/dist/providers/adapters/pi-cli/policy.js +74 -0
  85. package/dist/providers/adapters/pi-cli/policy.js.map +1 -0
  86. package/dist/providers/adapters/pi-cli/transport/agenticSessionRpc.d.ts +34 -0
  87. package/dist/providers/adapters/pi-cli/transport/agenticSessionRpc.d.ts.map +1 -0
  88. package/dist/providers/adapters/pi-cli/transport/agenticSessionRpc.js +194 -0
  89. package/dist/providers/adapters/pi-cli/transport/agenticSessionRpc.js.map +1 -0
  90. package/dist/providers/adapters/pi-cli/transport/oneShotCompletion.d.ts +33 -0
  91. package/dist/providers/adapters/pi-cli/transport/oneShotCompletion.d.ts.map +1 -0
  92. package/dist/providers/adapters/pi-cli/transport/oneShotCompletion.js +166 -0
  93. package/dist/providers/adapters/pi-cli/transport/oneShotCompletion.js.map +1 -0
  94. package/dist/providers/adapters/pi-cli/transport/piSpawn.d.ts +87 -0
  95. package/dist/providers/adapters/pi-cli/transport/piSpawn.d.ts.map +1 -0
  96. package/dist/providers/adapters/pi-cli/transport/piSpawn.js +242 -0
  97. package/dist/providers/adapters/pi-cli/transport/piSpawn.js.map +1 -0
  98. package/dist/providers/adapters/pi-cli/transport/rpcClient.d.ts +103 -0
  99. package/dist/providers/adapters/pi-cli/transport/rpcClient.d.ts.map +1 -0
  100. package/dist/providers/adapters/pi-cli/transport/rpcClient.js +238 -0
  101. package/dist/providers/adapters/pi-cli/transport/rpcClient.js.map +1 -0
  102. package/dist/providers/bootRegistration.d.ts +38 -0
  103. package/dist/providers/bootRegistration.d.ts.map +1 -1
  104. package/dist/providers/bootRegistration.js +52 -0
  105. package/dist/providers/bootRegistration.js.map +1 -1
  106. package/dist/providers/parity/rules/skillParityRule.d.ts.map +1 -1
  107. package/dist/providers/parity/rules/skillParityRule.js +6 -0
  108. package/dist/providers/parity/rules/skillParityRule.js.map +1 -1
  109. package/dist/redteam/ScenarioPack.d.ts +161 -0
  110. package/dist/redteam/ScenarioPack.d.ts.map +1 -0
  111. package/dist/redteam/ScenarioPack.js +200 -0
  112. package/dist/redteam/ScenarioPack.js.map +1 -0
  113. package/dist/scaffold/templates.js +1 -1
  114. package/package.json +1 -1
  115. package/src/data/builtin-manifest.json +20 -20
  116. package/src/scaffold/templates.ts +1 -1
  117. package/upgrades/1.3.343.md +49 -0
  118. package/upgrades/1.3.344.md +46 -0
  119. package/upgrades/side-effects/pi-harness-integration.md +82 -0
  120. package/upgrades/side-effects/redteam-harness-phase1-core.md +53 -0
@@ -0,0 +1,46 @@
1
+ # Upgrade Guide — vNEXT
2
+
3
+ <!-- assembled-by: assemble-next-md -->
4
+ <!-- bump: minor -->
5
+
6
+ ## What Changed
7
+
8
+ instar gained a fourth agentic framework: **pi-cli** (the pi coding agent,
9
+ `@earendil-works/pi-coding-agent` — the minimal harness powering OpenClaw).
10
+ Ships completely DARK: nothing registers and no behavior changes unless an
11
+ agent's config explicitly lists `'pi-cli'` in `enabledFrameworks` AND the
12
+ `pi` binary is installed. Opting in gets: (1) pi topic sessions in tmux with
13
+ IDENTICAL dashboard streaming/typing (TUI-in-tmux v1; launch builders +
14
+ stuck-input detection pinned against real captured panes); (2) a
15
+ provider-substrate adapter with pi's NATIVE structured RPC channel (prompt /
16
+ mid-stream steer / abort, strict-LF JSONL, canonical event normalization)
17
+ plus one-shot completions reporting tokens AND cost; (3)
18
+ `sessions.componentFrameworks` can route internal components (sentinels,
19
+ gates) to `'pi-cli'` — e.g. background chatter onto a Codex/Copilot
20
+ subscription via pi; (4) a STRUCTURAL subscription guard: Anthropic/Claude-
21
+ routed pi model patterns are DENIED by default at every call-construction
22
+ path (Claude-via-pi bills as per-token extra usage, not plan limits — so it
23
+ can never be selected silently; file-config-only override, audit-logged).
24
+ Verified hands-on against the real binary (pi 0.78.1) with a hermetic mock
25
+ provider — zero credentials, all three test tiers.
26
+
27
+ ## What to Tell Your User
28
+
29
+ Nothing proactively — this ships dark and changes nothing by default. If your
30
+ user asks about pi/OpenClaw support, or about spreading background LLM load
31
+ onto other subscriptions: instar can now drive the pi coding agent as an
32
+ additional framework (experimental, opt-in), with a built-in guard that
33
+ prevents accidental Anthropic extra-usage billing.
34
+
35
+ ## Summary of New Capabilities
36
+
37
+ - **pi-cli framework** (⚗️ experimental, opt-in via `enabledFrameworks`) — drive
38
+ the pi coding agent as a fourth framework alongside claude-code / codex-cli /
39
+ gemini-cli. Sessions run in tmux (dashboard streaming unchanged).
40
+ - **pi provider adapter** — `GET /providers/registry` lists `pi-cli` (one-shot
41
+ completion + native RPC session + session-id + hard-kill) when enabled.
42
+ - **pi component routing** — `sessions.componentFrameworks` accepts `pi-cli`,
43
+ so sentinels/gates can run on pi (onto a non-Claude subscription).
44
+ - **Subscription guard** — `piCli.allowAnthropicProviders` (default false):
45
+ routing pi at an Anthropic/Claude model is denied unless explicitly opted in,
46
+ and the opt-in is audit-logged with a cost warning.
@@ -0,0 +1,82 @@
1
+ # Side-Effects Review — pi-harness-integration (Phases A-D)
2
+
3
+ ## Blast radius
4
+
5
+ Additive at every layer; ships DARK behind `enabledFrameworks` containing
6
+ `'pi-cli'` (default absent) AND a detectable `pi` binary. With the default
7
+ config, NOTHING registers and NO dispatch path changes outcome.
8
+
9
+ Shared-file behavior changes (the only non-additive surfaces):
10
+
11
+ 1. **SessionManager.isMarkerStuckAtPrompt** — adds a new detection branch
12
+ (marker sandwiched between two `─` rule lines, pi's input box). Requires
13
+ BOTH the injected marker AND a rule within 2 lines above AND below —
14
+ normal transcript output and the other frameworks' panes cannot satisfy
15
+ it (their input areas use prompt chars, not rule sandwiches). Existing
16
+ prompt-char branches untouched; pinned by tests against real captured
17
+ pane bytes for all four frameworks.
18
+ 2. **SessionManager binary resolution** — pi-cli now resolves to bare `'pi'`
19
+ instead of falling back to `claudePath` (which holds a CLAUDE binary).
20
+ Without this, a pi topic on a claude install would silently launch
21
+ Claude — the exact additive-only violation this project forbids. Other
22
+ frameworks' resolution is byte-identical.
23
+ 3. **framework-arg-rendering-matrix test** — now DERIVED from
24
+ SUPPORTED_FRAMEWORKS instead of a hand-list (which had silently dropped
25
+ gemini-cli). Test-only.
26
+
27
+ ## Framework generality
28
+
29
+ This change EXTENDS the framework abstraction rather than special-casing:
30
+ 'pi-cli' rides the same Record<IntelligenceFramework, …> dispatch maps as
31
+ claude-code / codex-cli / gemini-cli (launch builders, injection processes,
32
+ activity + process signals, parity renderer), and the never-exhaustiveness
33
+ checks force every future dispatch site to handle all four. The
34
+ framework-agnosticism test suite passes with pi included; the arg-rendering
35
+ matrix now derives from the registry so a fifth framework cannot silently
36
+ miss coverage. Warm-session injection works for pi via the
37
+ FRAMEWORK_INJECTION_PROCESS_NAMES entry ('pi'), same as every framework.
38
+
39
+ ## Security / spend surfaces
40
+
41
+ - **Subscription guard (structural)**: Anthropic/Claude-routed pi model
42
+ patterns are DENIED at every call-construction path (one-shot transport,
43
+ RPC session start, intelligence provider construction), including
44
+ aggregator pass-throughs (`openrouter/anthropic/...`) and the
45
+ pattern-less case (pi's ambient default could be an Anthropic login).
46
+ Override is file-config only (`piCli.allowAnthropicProviders`), never env
47
+ or per-call; allowed calls are audit-logged with a cost warning.
48
+ - **Child env hardening**: pi child processes get an explicit allowlist env
49
+ with UNCONDITIONAL deletion of all billing-capable vars (ANTHROPIC/
50
+ OPENAI/GEMINI/GOOGLE/XAI/GROQ/OPENROUTER keys + CLAUDE_CODE_OAUTH_TOKEN),
51
+ mirroring the gemini Rule-1a analog. pi authenticates via its own
52
+ ~/.pi/agent/auth.json (subscription OAuth) or models.json custom keys.
53
+ - **No permission system in pi**: instar's gate layer wraps pi sessions
54
+ exactly like other frameworks; containerization noted as future hardening
55
+ in the spec (§ kickoff Risks).
56
+
57
+ ## Rollback
58
+
59
+ Revert the commit. No migrations mutate state destructively (the CLAUDE.md
60
+ migration is content-sniffed append-only; no config defaults are written).
61
+ Agents that opted in simply lose the pi framework value on downgrade —
62
+ their claude-code/codex-cli/gemini-cli behavior is untouched.
63
+
64
+ ## Deliberate non-goals (tracked in spec §9, not silent drops)
65
+
66
+ Replacing any Claude Code path; pi-ai adoption for non-pi internal calls;
67
+ OAuth flow automation; cross-provider mid-session handoff; event-stream
68
+ dashboard renderer (optional Phase E, decided after the core lands).
69
+
70
+ ## CI-fix follow-up (post-first-commit)
71
+
72
+ Greening CI surfaced expected churn, no behavior change:
73
+ - Three existing tests hardcoded the 3-framework SUPPORTED list → added
74
+ 'pi-cli' to the expectations.
75
+ - The `no-silent-fallbacks` ratchet counted the intelligenceProviderFactory
76
+ pi-cli degrade-to-null catch → marked `@silent-fallback-ok` (it warns
77
+ loudly and the router emits its own DegradationReporter; a second report
78
+ here would double-count the same degrade).
79
+ - The release-fragment lint required `## Summary of New Capabilities` → added
80
+ it and switched to the canonical `<!-- bump -->` comment.
81
+ None of these touch runtime behavior; they align the new framework with the
82
+ existing structural gates.
@@ -0,0 +1,53 @@
1
+ # Side-effects review — MTP Red-Team Harness Phase-1 core (EXO 3.0 G7)
2
+
3
+ ## What this change is
4
+ A new, self-contained module `src/redteam/ScenarioPack.ts` (pure logic) + two
5
+ default scenario packs under `src/redteam/packs/` + a unit test. It adds NO
6
+ route, NO CLI command, NO session/lifecycle hook, NO config key, and is imported
7
+ by nothing in the running server yet. It is foundation code for a Phase-2
8
+ productization (CLI/route).
9
+
10
+ ## Blast radius
11
+ - **Runtime impact: none.** Nothing imports `ScenarioPack.ts` at server boot or
12
+ in any job/sentinel/route. Adding the file cannot change any live behavior. A
13
+ grep for `redteam` / `ScenarioPack` across `src/server`, `src/commands`,
14
+ `src/core` composition shows no consumer.
15
+ - **Only dependency is inward**: it imports `IntentTestHarness` and the
16
+ `ParsedOrgIntent` type — both read-only, already-shipped. It calls
17
+ `IntentTestHarness.testRefusal()` (a pure function over parsed intent); it
18
+ never mutates intent, never writes files, never performs I/O.
19
+ - **The packs are data.** The two `pack.json` files + committed `L0.md`/`L1.md`
20
+ payloads are inert until a future runner reads them. No code loads them yet.
21
+
22
+ ## Security / safety review
23
+ - **Payload-by-reference is enforced in the type system**: the module handles
24
+ payloads as `{ path, sha256 }` only and has no code path that reads a payload
25
+ body. The committed payloads (`L0.md` declared-audit, `L1.md` naive benign
26
+ ask) were authored in an isolated subagent session, never in the orchestrator
27
+ transcript — honoring the CMT-1115 lesson (inline red-team payloads
28
+ permanently wedged a session via an AUP-rejection loop).
29
+ - **Engineered payloads are NOT committed**: `L2.md` (pressure) and `L3.md`
30
+ (engineered) are gitignored; their `pack.json` sha reads
31
+ `PENDING-LOCAL-AUTHOR`. So the reviewable PR diff contains no engineered
32
+ attack text — a reviewing agent reading this diff cannot be wedged by it.
33
+ - **No new external surface**: no network calls, no new auth, no new file
34
+ writes. The classifier's regexes are local string checks.
35
+
36
+ ## Framework generality
37
+ This change does not route through the session-launch / inject abstraction or
38
+ message delivery — it is framework-agnostic pure logic operating on parsed
39
+ ORG-INTENT, which is identical across claude-code / codex-cli / gemini-cli. The
40
+ harness it seeds is explicitly designed to be org-agnostic AND framework-neutral
41
+ (it tests an agent's behavior through whatever channel, independent of the
42
+ underlying framework). No Claude-specific assumption is introduced.
43
+
44
+ ## Test coverage
45
+ 25 unit tests (`tests/unit/redteam-scenario-pack.test.ts`) cover both sides of
46
+ every decision boundary: coherent vs incoherent transport, governed vs
47
+ ungoverned, each outcome class, pass vs fail, and the boundary-map edges
48
+ (holds-through-L2-cracks-at-L3, cracks-at-L0, holds-everywhere, derivation
49
+ ratio, ungoverned surface). `tsc --noEmit` is clean.
50
+
51
+ ## Rollback
52
+ Deleting `src/redteam/` + the test + reverting the `.gitignore` lines fully
53
+ removes the change with zero runtime consequence (nothing depends on it).