instar 1.3.352 → 1.3.353

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "instar",
3
- "version": "1.3.352",
3
+ "version": "1.3.353",
4
4
  "description": "Coherence infrastructure for self-evolving AI agents — on the Claude Code or Codex subscription you already have.",
5
5
  "type": "module",
6
6
  "main": "dist/index.js",
@@ -1,8 +1,8 @@
1
1
  {
2
2
  "$schema": "./builtin-manifest.schema.json",
3
3
  "schemaVersion": 1,
4
- "generatedAt": "2026-06-06T07:09:24.156Z",
5
- "instarVersion": "1.3.352",
4
+ "generatedAt": "2026-06-06T07:40:10.127Z",
5
+ "instarVersion": "1.3.353",
6
6
  "entryCount": 199,
7
7
  "entries": {
8
8
  "hook:session-start": {
@@ -418,7 +418,7 @@
418
418
  "type": "route-group",
419
419
  "domain": "monitoring",
420
420
  "sourcePath": "src/server/routes.ts",
421
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
421
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
422
422
  "since": "2025-01-01"
423
423
  },
424
424
  "route-group:agents": {
@@ -426,7 +426,7 @@
426
426
  "type": "route-group",
427
427
  "domain": "sessions",
428
428
  "sourcePath": "src/server/routes.ts",
429
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
429
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
430
430
  "since": "2025-01-01"
431
431
  },
432
432
  "route-group:backups": {
@@ -434,7 +434,7 @@
434
434
  "type": "route-group",
435
435
  "domain": "operations",
436
436
  "sourcePath": "src/server/routes.ts",
437
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
437
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
438
438
  "since": "2025-01-01"
439
439
  },
440
440
  "route-group:git": {
@@ -442,7 +442,7 @@
442
442
  "type": "route-group",
443
443
  "domain": "coordination",
444
444
  "sourcePath": "src/server/routes.ts",
445
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
445
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
446
446
  "since": "2025-01-01"
447
447
  },
448
448
  "route-group:memory": {
@@ -450,7 +450,7 @@
450
450
  "type": "route-group",
451
451
  "domain": "memory",
452
452
  "sourcePath": "src/server/routes.ts",
453
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
453
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
454
454
  "since": "2025-01-01"
455
455
  },
456
456
  "route-group:semantic": {
@@ -458,7 +458,7 @@
458
458
  "type": "route-group",
459
459
  "domain": "memory",
460
460
  "sourcePath": "src/server/routes.ts",
461
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
461
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
462
462
  "since": "2025-01-01"
463
463
  },
464
464
  "route-group:status": {
@@ -466,7 +466,7 @@
466
466
  "type": "route-group",
467
467
  "domain": "monitoring",
468
468
  "sourcePath": "src/server/routes.ts",
469
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
469
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
470
470
  "since": "2025-01-01"
471
471
  },
472
472
  "route-group:capabilities": {
@@ -474,7 +474,7 @@
474
474
  "type": "route-group",
475
475
  "domain": "mapping",
476
476
  "sourcePath": "src/server/routes.ts",
477
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
477
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
478
478
  "since": "2025-01-01"
479
479
  },
480
480
  "route-group:project-map": {
@@ -482,7 +482,7 @@
482
482
  "type": "route-group",
483
483
  "domain": "mapping",
484
484
  "sourcePath": "src/server/routes.ts",
485
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
485
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
486
486
  "since": "2025-01-01"
487
487
  },
488
488
  "route-group:coherence": {
@@ -490,7 +490,7 @@
490
490
  "type": "route-group",
491
491
  "domain": "coherence",
492
492
  "sourcePath": "src/server/routes.ts",
493
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
493
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
494
494
  "since": "2025-01-01"
495
495
  },
496
496
  "route-group:topic-bindings": {
@@ -498,7 +498,7 @@
498
498
  "type": "route-group",
499
499
  "domain": "sessions",
500
500
  "sourcePath": "src/server/routes.ts",
501
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
501
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
502
502
  "since": "2025-01-01"
503
503
  },
504
504
  "route-group:context": {
@@ -506,7 +506,7 @@
506
506
  "type": "route-group",
507
507
  "domain": "context",
508
508
  "sourcePath": "src/server/routes.ts",
509
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
509
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
510
510
  "since": "2025-01-01"
511
511
  },
512
512
  "route-group:scope-coherence": {
@@ -514,7 +514,7 @@
514
514
  "type": "route-group",
515
515
  "domain": "coherence",
516
516
  "sourcePath": "src/server/routes.ts",
517
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
517
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
518
518
  "since": "2025-01-01"
519
519
  },
520
520
  "route-group:canonical-state": {
@@ -522,7 +522,7 @@
522
522
  "type": "route-group",
523
523
  "domain": "state",
524
524
  "sourcePath": "src/server/routes.ts",
525
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
525
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
526
526
  "since": "2025-01-01"
527
527
  },
528
528
  "route-group:ci": {
@@ -530,7 +530,7 @@
530
530
  "type": "route-group",
531
531
  "domain": "monitoring",
532
532
  "sourcePath": "src/server/routes.ts",
533
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
533
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
534
534
  "since": "2025-01-01"
535
535
  },
536
536
  "route-group:sessions": {
@@ -538,7 +538,7 @@
538
538
  "type": "route-group",
539
539
  "domain": "sessions",
540
540
  "sourcePath": "src/server/routes.ts",
541
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
541
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
542
542
  "since": "2025-01-01"
543
543
  },
544
544
  "route-group:jobs": {
@@ -546,7 +546,7 @@
546
546
  "type": "route-group",
547
547
  "domain": "scheduling",
548
548
  "sourcePath": "src/server/routes.ts",
549
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
549
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
550
550
  "since": "2025-01-01"
551
551
  },
552
552
  "route-group:skip-ledger": {
@@ -554,7 +554,7 @@
554
554
  "type": "route-group",
555
555
  "domain": "scheduling",
556
556
  "sourcePath": "src/server/routes.ts",
557
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
557
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
558
558
  "since": "2025-01-01"
559
559
  },
560
560
  "route-group:telegram": {
@@ -562,7 +562,7 @@
562
562
  "type": "route-group",
563
563
  "domain": "communication",
564
564
  "sourcePath": "src/server/routes.ts",
565
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
565
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
566
566
  "since": "2025-01-01"
567
567
  },
568
568
  "route-group:attention": {
@@ -570,7 +570,7 @@
570
570
  "type": "route-group",
571
571
  "domain": "communication",
572
572
  "sourcePath": "src/server/routes.ts",
573
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
573
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
574
574
  "since": "2025-01-01"
575
575
  },
576
576
  "route-group:relationships": {
@@ -578,7 +578,7 @@
578
578
  "type": "route-group",
579
579
  "domain": "relationships",
580
580
  "sourcePath": "src/server/routes.ts",
581
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
581
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
582
582
  "since": "2025-01-01"
583
583
  },
584
584
  "route-group:feedback": {
@@ -586,7 +586,7 @@
586
586
  "type": "route-group",
587
587
  "domain": "feedback",
588
588
  "sourcePath": "src/server/routes.ts",
589
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
589
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
590
590
  "since": "2025-01-01"
591
591
  },
592
592
  "route-group:updates": {
@@ -594,7 +594,7 @@
594
594
  "type": "route-group",
595
595
  "domain": "updates",
596
596
  "sourcePath": "src/server/routes.ts",
597
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
597
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
598
598
  "since": "2025-01-01"
599
599
  },
600
600
  "route-group:dispatches": {
@@ -602,7 +602,7 @@
602
602
  "type": "route-group",
603
603
  "domain": "dispatches",
604
604
  "sourcePath": "src/server/routes.ts",
605
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
605
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
606
606
  "since": "2025-01-01"
607
607
  },
608
608
  "route-group:quota": {
@@ -610,7 +610,7 @@
610
610
  "type": "route-group",
611
611
  "domain": "monitoring",
612
612
  "sourcePath": "src/server/routes.ts",
613
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
613
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
614
614
  "since": "2025-01-01"
615
615
  },
616
616
  "route-group:publishing": {
@@ -618,7 +618,7 @@
618
618
  "type": "route-group",
619
619
  "domain": "publishing",
620
620
  "sourcePath": "src/server/routes.ts",
621
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
621
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
622
622
  "since": "2025-01-01"
623
623
  },
624
624
  "route-group:private-views": {
@@ -626,7 +626,7 @@
626
626
  "type": "route-group",
627
627
  "domain": "publishing",
628
628
  "sourcePath": "src/server/routes.ts",
629
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
629
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
630
630
  "since": "2025-01-01"
631
631
  },
632
632
  "route-group:tunnel": {
@@ -634,7 +634,7 @@
634
634
  "type": "route-group",
635
635
  "domain": "networking",
636
636
  "sourcePath": "src/server/routes.ts",
637
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
637
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
638
638
  "since": "2025-01-01"
639
639
  },
640
640
  "route-group:events": {
@@ -642,7 +642,7 @@
642
642
  "type": "route-group",
643
643
  "domain": "networking",
644
644
  "sourcePath": "src/server/routes.ts",
645
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
645
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
646
646
  "since": "2025-01-01"
647
647
  },
648
648
  "route-group:evolution": {
@@ -650,7 +650,7 @@
650
650
  "type": "route-group",
651
651
  "domain": "evolution",
652
652
  "sourcePath": "src/server/routes.ts",
653
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
653
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
654
654
  "since": "2025-01-01"
655
655
  },
656
656
  "route-group:watchdog": {
@@ -658,7 +658,7 @@
658
658
  "type": "route-group",
659
659
  "domain": "monitoring",
660
660
  "sourcePath": "src/server/routes.ts",
661
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
661
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
662
662
  "since": "2025-01-01"
663
663
  },
664
664
  "route-group:topic-memory": {
@@ -666,7 +666,7 @@
666
666
  "type": "route-group",
667
667
  "domain": "memory",
668
668
  "sourcePath": "src/server/routes.ts",
669
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
669
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
670
670
  "since": "2025-01-01"
671
671
  },
672
672
  "route-group:state-sync": {
@@ -674,7 +674,7 @@
674
674
  "type": "route-group",
675
675
  "domain": "coordination",
676
676
  "sourcePath": "src/server/routes.ts",
677
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
677
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
678
678
  "since": "2025-01-01"
679
679
  },
680
680
  "route-group:intent": {
@@ -682,7 +682,7 @@
682
682
  "type": "route-group",
683
683
  "domain": "intent",
684
684
  "sourcePath": "src/server/routes.ts",
685
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
685
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
686
686
  "since": "2025-01-01"
687
687
  },
688
688
  "route-group:triage": {
@@ -690,7 +690,7 @@
690
690
  "type": "route-group",
691
691
  "domain": "safety",
692
692
  "sourcePath": "src/server/routes.ts",
693
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
693
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
694
694
  "since": "2025-01-01"
695
695
  },
696
696
  "route-group:operations": {
@@ -698,7 +698,7 @@
698
698
  "type": "route-group",
699
699
  "domain": "safety",
700
700
  "sourcePath": "src/server/routes.ts",
701
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
701
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
702
702
  "since": "2025-01-01"
703
703
  },
704
704
  "route-group:sentinel": {
@@ -706,7 +706,7 @@
706
706
  "type": "route-group",
707
707
  "domain": "safety",
708
708
  "sourcePath": "src/server/routes.ts",
709
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
709
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
710
710
  "since": "2025-01-01"
711
711
  },
712
712
  "route-group:trust": {
@@ -714,7 +714,7 @@
714
714
  "type": "route-group",
715
715
  "domain": "safety",
716
716
  "sourcePath": "src/server/routes.ts",
717
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
717
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
718
718
  "since": "2025-01-01"
719
719
  },
720
720
  "route-group:monitoring": {
@@ -722,7 +722,7 @@
722
722
  "type": "route-group",
723
723
  "domain": "monitoring",
724
724
  "sourcePath": "src/server/routes.ts",
725
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
725
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
726
726
  "since": "2025-01-01"
727
727
  },
728
728
  "route-group:commitments": {
@@ -730,7 +730,7 @@
730
730
  "type": "route-group",
731
731
  "domain": "commitments",
732
732
  "sourcePath": "src/server/routes.ts",
733
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
733
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
734
734
  "since": "2025-01-01"
735
735
  },
736
736
  "route-group:episodes": {
@@ -738,7 +738,7 @@
738
738
  "type": "route-group",
739
739
  "domain": "memory",
740
740
  "sourcePath": "src/server/routes.ts",
741
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
741
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
742
742
  "since": "2025-01-01"
743
743
  },
744
744
  "route-group:messages": {
@@ -746,7 +746,7 @@
746
746
  "type": "route-group",
747
747
  "domain": "coordination",
748
748
  "sourcePath": "src/server/routes.ts",
749
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
749
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
750
750
  "since": "2025-01-01"
751
751
  },
752
752
  "route-group:system-reviews": {
@@ -754,7 +754,7 @@
754
754
  "type": "route-group",
755
755
  "domain": "monitoring",
756
756
  "sourcePath": "src/server/routes.ts",
757
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
757
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
758
758
  "since": "2025-01-01"
759
759
  },
760
760
  "route-group:machine-mesh": {
@@ -770,7 +770,7 @@
770
770
  "type": "route-group",
771
771
  "domain": "security",
772
772
  "sourcePath": "src/server/routes.ts",
773
- "contentHash": "d2905deee33cdc5d932612a152d26c87b57cfe33baf8482c5353ca91dee588a5",
773
+ "contentHash": "d0606ad3f054cb473a8cd9271752fb6d525a169d4a0b591d7b4fc0691074ece0",
774
774
  "since": "2025-01-01"
775
775
  },
776
776
  "cli:init": {
@@ -1506,7 +1506,7 @@
1506
1506
  "type": "subsystem",
1507
1507
  "domain": "server",
1508
1508
  "sourcePath": "src/server/AgentServer.ts",
1509
- "contentHash": "42a9832c82d3f2234bb104cbd78cc8b948e0dbe84fead80752d00f443154211a",
1509
+ "contentHash": "800958822ee452d616e5c1c095f5b3da3a9936557cf636ca2dd6fadfb92fbca3",
1510
1510
  "since": "2025-01-01"
1511
1511
  },
1512
1512
  "subsystem:session-manager": {
@@ -0,0 +1,40 @@
1
+ # Upgrade Guide — vNEXT
2
+
3
+ <!-- assembled-by: assemble-next-md -->
4
+ <!-- bump: patch -->
5
+
6
+ ## What Changed
7
+
8
+ Wired the merged `TopicOperatorStore` (#904) into the live `AgentServer` and
9
+ exposed it over HTTP (Know Your Principal standard, security-build increment 2b).
10
+ The store is now composed into the server under the `stateDir` guard (fail-safe:
11
+ `null` → routes `503`, never a crash) and reachable via four Bearer-gated routes.
12
+ This is the runtime arm of the operator-binding spec (#897); the store had no
13
+ consumers before this.
14
+
15
+ ## What to Tell Your User
16
+
17
+ Nothing user-facing changes yet. This is foundation wiring (experimental) for the
18
+ Caroline identity-bleed security fix — it adds routes the system can use but does
19
+ not alter any current conversational behavior. The automatic session-start
20
+ injection of the verified operator is a later increment.
21
+
22
+ ## Summary of New Capabilities
23
+
24
+ - `GET /topic-operator` — all bound operators (names + uids).
25
+ - `GET /topic-operator/:topicId` — one topic's verified operator (or null).
26
+ - `GET /topic-operator/session-context?topicId=N` — the `<topic-operator>`
27
+ session-start injection block (`{ present:false }` when unbound).
28
+ - `POST /topic-operator` — bind a topic operator from the AUTHENTICATED sender
29
+ `{ topicId, platform?, uid (required), displayName? }`; a blank uid is refused
30
+ `400` (a content name can never become the operator).
31
+ - `CapabilityIndex` entry `topicOperator` (prefix `/topic-operator`).
32
+
33
+ ## Evidence
34
+
35
+ Verified by 10 Tier-2 integration tests (full HTTP pipeline over a real
36
+ file-backed store, incl. the blank-uid refusal and the store-not-wired `503`
37
+ degradation) and 6 Tier-3 E2E lifecycle tests (feature-alive on the real
38
+ `AgentServer` boot path — `200` not `503` — full bind→read→inject lifecycle,
39
+ durable-write proof, and the over-the-wire blank-uid refusal). Tier-1 unit
40
+ coverage shipped in #904. Clean `tsc --noEmit`.
@@ -0,0 +1,72 @@
1
+ # Side-effects review — Topic Operator binding (Know Your Principal #898, increment 2b)
2
+
3
+ ## What this change does
4
+ Wires the already-merged `TopicOperatorStore` (#904) into the live `AgentServer`
5
+ composition and exposes it over HTTP, plus the session-start injection block.
6
+
7
+ - `AgentServer.ts`: a new `topicOperatorStore` field constructed under the
8
+ `stateDir` guard inside its own try/catch (mirrors the `approvalLedger`
9
+ precedent), then passed into `routeCtx`.
10
+ - `routes.ts`: a `topicOperatorStore` field on `RouteContext` and four routes —
11
+ `GET /topic-operator`, `GET /topic-operator/:topicId`,
12
+ `GET /topic-operator/session-context?topicId=N`, `POST /topic-operator`.
13
+ - `CapabilityIndex.ts`: a `topicOperator` capability entry (prefix
14
+ `/topic-operator`) so the routes are discoverable.
15
+
16
+ ## Blast radius
17
+ - **Additive only.** No existing route, field, or store is modified. The store
18
+ is constructed when `stateDir` is available and is otherwise `null`; every
19
+ route degrades to `503` (feature-not-available) when it is `null`, never a
20
+ null-deref crash. The E2E test asserts the routes answer `200` on the real
21
+ production boot path (the store is genuinely composed in, not null).
22
+ - **No auth change.** All four routes sit behind the existing Bearer
23
+ middleware, identical to `/topic-bindings` and `/approvals`.
24
+ - **Fail-safe by construction.** An init failure is caught and reported via
25
+ `console.warn`; it can never block server boot. A corrupt store file is
26
+ treated as empty (a missing operator means the cross-principal guard treats
27
+ everything as unverifiable — deny-safe, not allow-safe).
28
+
29
+ ## The load-bearing security property (unchanged from #904)
30
+ The operator is established ONLY from the authenticated sender `uid`. The POST
31
+ route refuses a blank uid with `400`; a `displayName` (a content name) is never
32
+ authoritative — it is only lowercased for prose-matching. There is no code path
33
+ by which a name read from content becomes the operator. This is the structural
34
+ fix for the "Caroline" identity-bleed failure mode, and the integration + E2E
35
+ tests both assert the blank-uid refusal over the wire.
36
+
37
+ ## Migration parity
38
+ No migration is required. These are server-side routes and an in-process store
39
+ field — they reach existing agents automatically on the next server update (the
40
+ Migration Parity Standard governs agent-installed FILES: settings hooks, config
41
+ defaults, CLAUDE.md template, hook scripts, skills — none of which this touches).
42
+ The store auto-creates `state/topic-operators.json` on first write; no config
43
+ key is added, so there is nothing for `migrateConfig` to backfill.
44
+
45
+ The session-start HOOK wiring (so the `<topic-operator>` block is actually
46
+ fetched and injected at boot) is deliberately NOT in this increment — that is a
47
+ hook-template change requiring `migrateHooks`, and is scoped to increment 2c so
48
+ this PR stays a focused, reviewable composition+routes change. Until 2c lands the
49
+ block is reachable at the route but nothing injects it yet; that is intentional.
50
+
51
+ ## Framework generality
52
+ This is framework-agnostic. `platform` is a generic string (`telegram` |
53
+ `whatsapp` | `slack` | …), so the binding works for any messaging adapter, not
54
+ just Telegram. The `session-context` route returns a plain text block that any
55
+ framework's session-start hook can fetch and inject — it is not coupled to
56
+ Claude Code, Codex, or Gemini. The store has no platform-specific logic; it
57
+ delegates identity establishment to `PrincipalGuard.establishOperator`, which is
58
+ itself pure and framework-neutral.
59
+
60
+ ## Tests
61
+ - Tier 1 (unit): `tests/unit/topic-operator-store.test.ts` (10) — shipped in #904.
62
+ - Tier 2 (integration): `tests/integration/topic-operator-routes.test.ts` (10) —
63
+ full HTTP pipeline over a real file-backed store, incl. the blank-uid refusal
64
+ and the store-not-wired 503 degradation.
65
+ - Tier 3 (E2E): `tests/e2e/topic-operator-lifecycle.test.ts` (6) — feature-alive
66
+ on the real `AgentServer` boot path (200 not 503), full bind→read→inject
67
+ lifecycle, durable-write proof, and the over-the-wire blank-uid refusal.
68
+
69
+ ## Rollback
70
+ Revert the three source edits + delete the two test files. The store on disk
71
+ (`state/topic-operators.json`) is inert without the routes and can be left or
72
+ removed with no consequence.
@@ -0,0 +1,47 @@
1
+ # ELI16 — Who's the boss of this chat?
2
+
3
+ ## The problem in one sentence
4
+ An AI agent needs to know, for sure, *which real person* it's working for in a
5
+ given conversation — and it should never get tricked into thinking some other
6
+ name it read somewhere is the boss.
7
+
8
+ ## The story behind it
9
+ Not long ago, an agent running on a shared computer slowly started treating a
10
+ *different real person* — call her Caroline — as the person giving it orders. It
11
+ even wrote her name into its work as if her approvals counted. Nobody caught it,
12
+ because the mix-up happened entirely inside the agent's own writing. There was no
13
+ "front door" guard checking that, because the bad name never came in through a
14
+ message — it leaked in from the machine's settings and the agent's own notes.
15
+
16
+ We already built two pieces to stop this: a detector brain (`PrincipalGuard`)
17
+ that spots when the agent credits a decision to the wrong person, and a small
18
+ filing cabinet (`TopicOperatorStore`) that remembers, per conversation, exactly
19
+ who the verified boss is. The rule the filing cabinet enforces is strict: the
20
+ boss is decided ONLY by the verified ID of whoever actually sent the message —
21
+ never by a name typed in some document.
22
+
23
+ ## What this change adds
24
+ This step plugs that filing cabinet into the running server so the rest of the
25
+ system can actually use it. It adds four simple web endpoints:
26
+
27
+ - "Who's the boss of this chat?" — read one conversation's verified operator.
28
+ - "Show me all the bosses" — list every conversation's verified operator.
29
+ - "Set the boss" — record the boss, but ONLY from a verified sender ID. If you
30
+ try to set it with a blank ID (hoping a typed-in name will stick), it says no.
31
+ - "Give me the boot-up note" — hand back a short block the agent can read at the
32
+ start of a session so it knows, from message one, who it's really serving.
33
+
34
+ ## Why it's safe
35
+ It only *adds* things. Nothing old changes. If the server can't build the filing
36
+ cabinet for some reason, the endpoints politely say "not available" instead of
37
+ crashing. And the one rule that matters most — a name you merely *read* can never
38
+ become the boss, only a verified sender can — is checked right at the web layer,
39
+ and we have tests that prove it by trying to sneak the name "Caroline" in through
40
+ a blank ID and watching it get rejected.
41
+
42
+ ## What's deliberately left for next time
43
+ The actual "read the boot-up note at session start" wiring (so the agent
44
+ automatically sees who its boss is every time it wakes up) is a separate, slightly
45
+ riskier change to the start-up script, so it gets its own follow-up step. For now
46
+ the note is available to ask for; nothing reads it automatically yet. That's on
47
+ purpose — it keeps this change small and easy to review.