instar 1.3.356 → 1.3.358

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "instar",
3
- "version": "1.3.356",
3
+ "version": "1.3.358",
4
4
  "description": "Coherence infrastructure for self-evolving AI agents — on the Claude Code or Codex subscription you already have.",
5
5
  "type": "module",
6
6
  "main": "dist/index.js",
@@ -1,8 +1,8 @@
1
1
  {
2
2
  "$schema": "./builtin-manifest.schema.json",
3
3
  "schemaVersion": 1,
4
- "generatedAt": "2026-06-06T08:09:49.249Z",
5
- "instarVersion": "1.3.356",
4
+ "generatedAt": "2026-06-06T09:11:03.969Z",
5
+ "instarVersion": "1.3.358",
6
6
  "entryCount": 199,
7
7
  "entries": {
8
8
  "hook:session-start": {
@@ -418,7 +418,7 @@
418
418
  "type": "route-group",
419
419
  "domain": "monitoring",
420
420
  "sourcePath": "src/server/routes.ts",
421
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
421
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
422
422
  "since": "2025-01-01"
423
423
  },
424
424
  "route-group:agents": {
@@ -426,7 +426,7 @@
426
426
  "type": "route-group",
427
427
  "domain": "sessions",
428
428
  "sourcePath": "src/server/routes.ts",
429
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
429
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
430
430
  "since": "2025-01-01"
431
431
  },
432
432
  "route-group:backups": {
@@ -434,7 +434,7 @@
434
434
  "type": "route-group",
435
435
  "domain": "operations",
436
436
  "sourcePath": "src/server/routes.ts",
437
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
437
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
438
438
  "since": "2025-01-01"
439
439
  },
440
440
  "route-group:git": {
@@ -442,7 +442,7 @@
442
442
  "type": "route-group",
443
443
  "domain": "coordination",
444
444
  "sourcePath": "src/server/routes.ts",
445
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
445
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
446
446
  "since": "2025-01-01"
447
447
  },
448
448
  "route-group:memory": {
@@ -450,7 +450,7 @@
450
450
  "type": "route-group",
451
451
  "domain": "memory",
452
452
  "sourcePath": "src/server/routes.ts",
453
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
453
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
454
454
  "since": "2025-01-01"
455
455
  },
456
456
  "route-group:semantic": {
@@ -458,7 +458,7 @@
458
458
  "type": "route-group",
459
459
  "domain": "memory",
460
460
  "sourcePath": "src/server/routes.ts",
461
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
461
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
462
462
  "since": "2025-01-01"
463
463
  },
464
464
  "route-group:status": {
@@ -466,7 +466,7 @@
466
466
  "type": "route-group",
467
467
  "domain": "monitoring",
468
468
  "sourcePath": "src/server/routes.ts",
469
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
469
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
470
470
  "since": "2025-01-01"
471
471
  },
472
472
  "route-group:capabilities": {
@@ -474,7 +474,7 @@
474
474
  "type": "route-group",
475
475
  "domain": "mapping",
476
476
  "sourcePath": "src/server/routes.ts",
477
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
477
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
478
478
  "since": "2025-01-01"
479
479
  },
480
480
  "route-group:project-map": {
@@ -482,7 +482,7 @@
482
482
  "type": "route-group",
483
483
  "domain": "mapping",
484
484
  "sourcePath": "src/server/routes.ts",
485
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
485
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
486
486
  "since": "2025-01-01"
487
487
  },
488
488
  "route-group:coherence": {
@@ -490,7 +490,7 @@
490
490
  "type": "route-group",
491
491
  "domain": "coherence",
492
492
  "sourcePath": "src/server/routes.ts",
493
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
493
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
494
494
  "since": "2025-01-01"
495
495
  },
496
496
  "route-group:topic-bindings": {
@@ -498,7 +498,7 @@
498
498
  "type": "route-group",
499
499
  "domain": "sessions",
500
500
  "sourcePath": "src/server/routes.ts",
501
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
501
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
502
502
  "since": "2025-01-01"
503
503
  },
504
504
  "route-group:context": {
@@ -506,7 +506,7 @@
506
506
  "type": "route-group",
507
507
  "domain": "context",
508
508
  "sourcePath": "src/server/routes.ts",
509
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
509
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
510
510
  "since": "2025-01-01"
511
511
  },
512
512
  "route-group:scope-coherence": {
@@ -514,7 +514,7 @@
514
514
  "type": "route-group",
515
515
  "domain": "coherence",
516
516
  "sourcePath": "src/server/routes.ts",
517
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
517
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
518
518
  "since": "2025-01-01"
519
519
  },
520
520
  "route-group:canonical-state": {
@@ -522,7 +522,7 @@
522
522
  "type": "route-group",
523
523
  "domain": "state",
524
524
  "sourcePath": "src/server/routes.ts",
525
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
525
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
526
526
  "since": "2025-01-01"
527
527
  },
528
528
  "route-group:ci": {
@@ -530,7 +530,7 @@
530
530
  "type": "route-group",
531
531
  "domain": "monitoring",
532
532
  "sourcePath": "src/server/routes.ts",
533
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
533
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
534
534
  "since": "2025-01-01"
535
535
  },
536
536
  "route-group:sessions": {
@@ -538,7 +538,7 @@
538
538
  "type": "route-group",
539
539
  "domain": "sessions",
540
540
  "sourcePath": "src/server/routes.ts",
541
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
541
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
542
542
  "since": "2025-01-01"
543
543
  },
544
544
  "route-group:jobs": {
@@ -546,7 +546,7 @@
546
546
  "type": "route-group",
547
547
  "domain": "scheduling",
548
548
  "sourcePath": "src/server/routes.ts",
549
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
549
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
550
550
  "since": "2025-01-01"
551
551
  },
552
552
  "route-group:skip-ledger": {
@@ -554,7 +554,7 @@
554
554
  "type": "route-group",
555
555
  "domain": "scheduling",
556
556
  "sourcePath": "src/server/routes.ts",
557
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
557
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
558
558
  "since": "2025-01-01"
559
559
  },
560
560
  "route-group:telegram": {
@@ -562,7 +562,7 @@
562
562
  "type": "route-group",
563
563
  "domain": "communication",
564
564
  "sourcePath": "src/server/routes.ts",
565
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
565
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
566
566
  "since": "2025-01-01"
567
567
  },
568
568
  "route-group:attention": {
@@ -570,7 +570,7 @@
570
570
  "type": "route-group",
571
571
  "domain": "communication",
572
572
  "sourcePath": "src/server/routes.ts",
573
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
573
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
574
574
  "since": "2025-01-01"
575
575
  },
576
576
  "route-group:relationships": {
@@ -578,7 +578,7 @@
578
578
  "type": "route-group",
579
579
  "domain": "relationships",
580
580
  "sourcePath": "src/server/routes.ts",
581
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
581
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
582
582
  "since": "2025-01-01"
583
583
  },
584
584
  "route-group:feedback": {
@@ -586,7 +586,7 @@
586
586
  "type": "route-group",
587
587
  "domain": "feedback",
588
588
  "sourcePath": "src/server/routes.ts",
589
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
589
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
590
590
  "since": "2025-01-01"
591
591
  },
592
592
  "route-group:updates": {
@@ -594,7 +594,7 @@
594
594
  "type": "route-group",
595
595
  "domain": "updates",
596
596
  "sourcePath": "src/server/routes.ts",
597
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
597
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
598
598
  "since": "2025-01-01"
599
599
  },
600
600
  "route-group:dispatches": {
@@ -602,7 +602,7 @@
602
602
  "type": "route-group",
603
603
  "domain": "dispatches",
604
604
  "sourcePath": "src/server/routes.ts",
605
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
605
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
606
606
  "since": "2025-01-01"
607
607
  },
608
608
  "route-group:quota": {
@@ -610,7 +610,7 @@
610
610
  "type": "route-group",
611
611
  "domain": "monitoring",
612
612
  "sourcePath": "src/server/routes.ts",
613
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
613
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
614
614
  "since": "2025-01-01"
615
615
  },
616
616
  "route-group:publishing": {
@@ -618,7 +618,7 @@
618
618
  "type": "route-group",
619
619
  "domain": "publishing",
620
620
  "sourcePath": "src/server/routes.ts",
621
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
621
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
622
622
  "since": "2025-01-01"
623
623
  },
624
624
  "route-group:private-views": {
@@ -626,7 +626,7 @@
626
626
  "type": "route-group",
627
627
  "domain": "publishing",
628
628
  "sourcePath": "src/server/routes.ts",
629
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
629
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
630
630
  "since": "2025-01-01"
631
631
  },
632
632
  "route-group:tunnel": {
@@ -634,7 +634,7 @@
634
634
  "type": "route-group",
635
635
  "domain": "networking",
636
636
  "sourcePath": "src/server/routes.ts",
637
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
637
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
638
638
  "since": "2025-01-01"
639
639
  },
640
640
  "route-group:events": {
@@ -642,7 +642,7 @@
642
642
  "type": "route-group",
643
643
  "domain": "networking",
644
644
  "sourcePath": "src/server/routes.ts",
645
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
645
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
646
646
  "since": "2025-01-01"
647
647
  },
648
648
  "route-group:evolution": {
@@ -650,7 +650,7 @@
650
650
  "type": "route-group",
651
651
  "domain": "evolution",
652
652
  "sourcePath": "src/server/routes.ts",
653
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
653
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
654
654
  "since": "2025-01-01"
655
655
  },
656
656
  "route-group:watchdog": {
@@ -658,7 +658,7 @@
658
658
  "type": "route-group",
659
659
  "domain": "monitoring",
660
660
  "sourcePath": "src/server/routes.ts",
661
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
661
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
662
662
  "since": "2025-01-01"
663
663
  },
664
664
  "route-group:topic-memory": {
@@ -666,7 +666,7 @@
666
666
  "type": "route-group",
667
667
  "domain": "memory",
668
668
  "sourcePath": "src/server/routes.ts",
669
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
669
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
670
670
  "since": "2025-01-01"
671
671
  },
672
672
  "route-group:state-sync": {
@@ -674,7 +674,7 @@
674
674
  "type": "route-group",
675
675
  "domain": "coordination",
676
676
  "sourcePath": "src/server/routes.ts",
677
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
677
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
678
678
  "since": "2025-01-01"
679
679
  },
680
680
  "route-group:intent": {
@@ -682,7 +682,7 @@
682
682
  "type": "route-group",
683
683
  "domain": "intent",
684
684
  "sourcePath": "src/server/routes.ts",
685
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
685
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
686
686
  "since": "2025-01-01"
687
687
  },
688
688
  "route-group:triage": {
@@ -690,7 +690,7 @@
690
690
  "type": "route-group",
691
691
  "domain": "safety",
692
692
  "sourcePath": "src/server/routes.ts",
693
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
693
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
694
694
  "since": "2025-01-01"
695
695
  },
696
696
  "route-group:operations": {
@@ -698,7 +698,7 @@
698
698
  "type": "route-group",
699
699
  "domain": "safety",
700
700
  "sourcePath": "src/server/routes.ts",
701
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
701
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
702
702
  "since": "2025-01-01"
703
703
  },
704
704
  "route-group:sentinel": {
@@ -706,7 +706,7 @@
706
706
  "type": "route-group",
707
707
  "domain": "safety",
708
708
  "sourcePath": "src/server/routes.ts",
709
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
709
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
710
710
  "since": "2025-01-01"
711
711
  },
712
712
  "route-group:trust": {
@@ -714,7 +714,7 @@
714
714
  "type": "route-group",
715
715
  "domain": "safety",
716
716
  "sourcePath": "src/server/routes.ts",
717
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
717
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
718
718
  "since": "2025-01-01"
719
719
  },
720
720
  "route-group:monitoring": {
@@ -722,7 +722,7 @@
722
722
  "type": "route-group",
723
723
  "domain": "monitoring",
724
724
  "sourcePath": "src/server/routes.ts",
725
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
725
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
726
726
  "since": "2025-01-01"
727
727
  },
728
728
  "route-group:commitments": {
@@ -730,7 +730,7 @@
730
730
  "type": "route-group",
731
731
  "domain": "commitments",
732
732
  "sourcePath": "src/server/routes.ts",
733
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
733
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
734
734
  "since": "2025-01-01"
735
735
  },
736
736
  "route-group:episodes": {
@@ -738,7 +738,7 @@
738
738
  "type": "route-group",
739
739
  "domain": "memory",
740
740
  "sourcePath": "src/server/routes.ts",
741
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
741
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
742
742
  "since": "2025-01-01"
743
743
  },
744
744
  "route-group:messages": {
@@ -746,7 +746,7 @@
746
746
  "type": "route-group",
747
747
  "domain": "coordination",
748
748
  "sourcePath": "src/server/routes.ts",
749
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
749
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
750
750
  "since": "2025-01-01"
751
751
  },
752
752
  "route-group:system-reviews": {
@@ -754,7 +754,7 @@
754
754
  "type": "route-group",
755
755
  "domain": "monitoring",
756
756
  "sourcePath": "src/server/routes.ts",
757
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
757
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
758
758
  "since": "2025-01-01"
759
759
  },
760
760
  "route-group:machine-mesh": {
@@ -770,7 +770,7 @@
770
770
  "type": "route-group",
771
771
  "domain": "security",
772
772
  "sourcePath": "src/server/routes.ts",
773
- "contentHash": "dd4e2aa5edf9df31d6193e61f9b36f739282b4403c52c5ae73a218ae09c67e9d",
773
+ "contentHash": "5455fb08f0a997120fadd63be41f30d19fb619beaa19970b889b1f1fa90446b7",
774
774
  "since": "2025-01-01"
775
775
  },
776
776
  "cli:init": {
@@ -0,0 +1,40 @@
1
+ # Upgrade Guide — vNEXT
2
+
3
+ <!-- assembled-by: assemble-next-md -->
4
+ <!-- bump: patch -->
5
+
6
+ ## What Changed
7
+
8
+ The verified topic operator is now recorded AUTOMATICALLY (Know Your Principal
9
+ standard, security-build increment 2d — the WRITE side). On the lifeline-forward
10
+ inbound path (`POST /internal/telegram-forward`), a real user message from an
11
+ AUTHENTICATED + AUTHORIZED sender binds that sender as the topic's operator, so
12
+ the session-start hook (#908) injects it without a manual `POST /topic-operator`.
13
+ Added a public `TelegramAdapter.isAuthorizedSender()` (the authorized-only gate)
14
+ wrapping the private `isAuthorized`.
15
+
16
+ ## What to Tell Your User
17
+
18
+ Nothing user-facing changes. Foundation wiring (experimental) for the Caroline
19
+ identity-bleed security fix: the agent now learns its verified operator on its own
20
+ from authorized inbound messages. ONLY authorized senders are recorded — an
21
+ unauthorized party in the group is never seated as operator. Fail-soft: a bind
22
+ failure never affects message handling.
23
+
24
+ ## Summary of New Capabilities
25
+
26
+ - Auto-bind of the topic operator on `/internal/telegram-forward` (authorized
27
+ senders only; a2a bot messages and unauthorized senders never bind; fail-soft;
28
+ idempotent).
29
+ - `TelegramAdapter.isAuthorizedSender(number|string)` — public read-only auth check.
30
+ - Known gap (tracked for Inc-2e): the adapter long-poll (no-lifeline) path is not
31
+ yet covered; a no-lifeline install has no auto-bind (fail-safe).
32
+
33
+ ## Evidence
34
+
35
+ Verified by 5 Tier-1 unit tests (`telegram-isauthorizedsender`: both sides of the
36
+ boundary, number/string ids, blank/NaN guard, no-allowlist model) and 4 Tier-2
37
+ integration tests (`topic-operator-autobind-route`: over the wire — authorized
38
+ binds, unauthorized doesn't, a2a bot doesn't, null store no-op). The 14 existing
39
+ `/internal/telegram-forward` integration tests stay green (no regression). Clean
40
+ `tsc --noEmit`.
@@ -0,0 +1,44 @@
1
+ # Upgrade Guide — vNEXT
2
+
3
+ <!-- assembled-by: assemble-next-md -->
4
+ <!-- bump: patch -->
5
+
6
+ ## What Changed
7
+
8
+ The agent now runs an OBSERVE-ONLY coherence check on its OWN outbound messages
9
+ (Know Your Principal standard, security-build increment 3 — the READ side). When
10
+ a finalized message credits an operator-ROLE decision (approval / mandate /
11
+ credential / lock / acting-for) to a principal who is NOT the topic's VERIFIED
12
+ operator, a structured finding is appended to `state/principal-coherence.jsonl`.
13
+ This is the first runtime consumer of `PrincipalGuard` (shipped pure in #902):
14
+ the verified operator comes from the authenticated-sender binding
15
+ (#904/#906/#909), never from a name in content.
16
+
17
+ ## What to Tell Your User
18
+
19
+ Nothing user-facing changes. Foundation observability (experimental) for the
20
+ "Caroline" identity-bleed security fix: the agent can now NOTICE — in its own
21
+ output, where no inbound gate watches — when it credits a decision to someone who
22
+ isn't its verified operator. It is SIGNAL-ONLY: it NEVER blocks, delays, or
23
+ rewrites a message; it only writes a log line. It ships off by default (dark) so
24
+ the detector's false-positive rate can be measured on real outbound before any
25
+ warn or block surface is ever considered.
26
+
27
+ ## Summary of New Capabilities
28
+
29
+ - `monitoring.principalCoherence.enabled` config flag (default false / absent).
30
+ - Observe-only outbound check on the `checkOutboundMessage` delivery seam,
31
+ modeled on the existing `observeSelfViolation` (fire-and-forget, fail-open,
32
+ dark by default).
33
+ - Audit trail at `state/principal-coherence.jsonl` (one JSON line per finding:
34
+ topicId, operatorUid, operatorBound, principal, attributionKind, verdict,
35
+ snippet, reason). The `verdict` is recorded for analysis, NEVER enforced.
36
+
37
+ ## Evidence
38
+
39
+ 14 tests across all three tiers, all green: Tier-1 unit
40
+ (`principal-coherence-operator-seam`, 5 — the store→guard contract, both sides),
41
+ Tier-2 integration (`principal-coherence-signal`, 5 — over the wire, gating both
42
+ sides), Tier-3 e2e (`principal-coherence-lifecycle`, 4 — production boot,
43
+ feature-is-alive, signal-only proof that a block-verdict finding still returns
44
+ 200 not 422). Clean `tsc --noEmit`; docs-coverage `--check` passes (no new route).
@@ -0,0 +1,82 @@
1
+ # Side-effects review — Principal-Coherence Signal, observe-only (Know Your Principal, increment 3)
2
+
3
+ ## What this change does
4
+ The READ side of the operator binding — the first runtime consumer of
5
+ `PrincipalGuard.evaluatePrincipalCoherence` (shipped pure + unwired in #902).
6
+ On the outbound delivery seam (`checkOutboundMessage` in routes.ts), every
7
+ finalized agent message is checked against the topic's VERIFIED operator. When
8
+ the message credits an operator-ROLE decision (approval / mandate / credential /
9
+ lock / acting-for) to a principal who is NOT the bound operator — the "Caroline"
10
+ identity-bleed failure, caught in the agent's OWN output — a structured line is
11
+ appended to `state/principal-coherence.jsonl`.
12
+
13
+ - `src/core/types.ts`: one new optional config block,
14
+ `monitoring.principalCoherence?: { enabled: boolean }`. Documented, off by
15
+ default by absence.
16
+ - `src/server/routes.ts`: one new observe function `observePrincipalCoherence`,
17
+ modeled byte-for-byte on the existing `observeSelfViolation`, plus one
18
+ fire-and-forget `void observePrincipalCoherence(...)` call placed next to the
19
+ existing `void observeSelfViolation(...)` at the top of `checkOutboundMessage`
20
+ (before the gate-availability early-return, so it runs regardless of whether a
21
+ tone gate is configured).
22
+
23
+ ## The load-bearing security property
24
+ The operator the check resolves against comes ONLY from
25
+ `TopicOperatorStore.asVerifiedOperator(topicId)` — the authenticated-sender
26
+ binding (#904/#906/#2d), never a name read from content. A name in the agent's
27
+ prose can therefore never become the "known good" principal; it can only ever be
28
+ the thing being CHECKED. This is the whole point of the standard: an unverified
29
+ identity is a guess, not a fact.
30
+
31
+ ## SIGNAL-ONLY contract (identical to observeSelfViolation)
32
+ - **Returns void; fire-and-forget.** It has NO path to block, delay, rewrite, or
33
+ influence the outbound message or the tone-gate verdict. The verdict field in
34
+ the audit line (block for mandate/credential, warn otherwise) is RECORDED for
35
+ later analysis and NEVER enforced — proven by an e2e assertion that a
36
+ credential misattribution still returns 200, not 422.
37
+ - **Fail-open.** Every operation is guarded; the outer body is try/catch and each
38
+ fs op is independently guarded. Any throw is swallowed and the message sends.
39
+ - **Dark by default.** Inert unless `monitoring.principalCoherence.enabled === true`
40
+ AND `ctx.topicOperatorStore` is non-null AND the topic id is numeric. Absent
41
+ config (every existing + new agent today) = fully inert, zero cost.
42
+ - **Observe-first rationale.** The PrincipalGuard regex can false-positive on
43
+ prose that merely names a capitalized person. Observe mode exists precisely to
44
+ measure that FP rate on real outbound BEFORE any warn/block surface is built.
45
+
46
+ ## Blast radius
47
+ - **Additive.** No route added, no class added, no dependency added. One config
48
+ key, one function, one fire-and-forget call.
49
+ - **Hot path, but cold by default.** The call sits on the outbound delivery path,
50
+ but when the flag is off it returns on the first `if` before touching the store
51
+ or importing PrincipalGuard (dynamic import, so the cold path never even loads
52
+ the module).
53
+ - **Audit write.** On a finding it appends to `state/principal-coherence.jsonl`,
54
+ mkdir-ing `state/` defensively first (the TopicOperatorStore only creates that
55
+ dir on its first write, which may not have happened yet). Append-only; bounded
56
+ per message by the number of distinct attributions found.
57
+
58
+ ## Migration parity
59
+ None required. This is server-side route behavior + a config TYPE only. The
60
+ config flag follows the exact convention of its sibling observe flag
61
+ `monitoring.correctionLearning` — read with `=== true`, so absent → off. Behavior
62
+ is therefore IDENTICAL for new and existing agents with no migrateConfig write
63
+ (adding one would only cosmetically materialize a false flag). The
64
+ `correctionLearning` flag has no migrateConfig/generateDefaultConfig entry for
65
+ the same reason; this mirrors it.
66
+
67
+ ## Tests (all three tiers)
68
+ - Tier 1 (unit): `tests/unit/principal-coherence-operator-seam.test.ts` (5) —
69
+ locks the store→guard contract the wiring depends on, both sides of the
70
+ boundary (bound operator resolves → no finding; outsider → finding; unbound →
71
+ finding; credential/mandate → block verdict; benign prose → nothing).
72
+ - Tier 2 (integration): `tests/integration/principal-coherence-signal.test.ts`
73
+ (5) — over the wire: flag on + bound operator + misattribution logs; bound
74
+ operator attribution logs nothing; unbound logs operatorBound:false; flag off
75
+ logs nothing; a block-verdict finding never 422s.
76
+ - Tier 3 (e2e): `tests/e2e/principal-coherence-lifecycle.test.ts` (4) — production
77
+ AgentServer boot; feature-is-alive write lands; signal-only (credential → 200,
78
+ not 422); bound-operator no-op; flag-off dark.
79
+
80
+ ## Rollback
81
+ Revert the one observe function + its one call site + the config type, and delete
82
+ the three test files. The jsonl on disk is inert. No data migration to unwind.
@@ -0,0 +1,70 @@
1
+ # Side-effects review — Topic Operator inbound auto-bind (Know Your Principal #898, increment 2d)
2
+
3
+ ## What this change does
4
+ The WRITE side of the operator binding. On the lifeline-forward inbound path
5
+ (`POST /internal/telegram-forward`), the verified operator of a topic is now
6
+ recorded automatically from the AUTHENTICATED + AUTHORIZED sender of a real user
7
+ message — so the session-start hook (#908) and the future cross-principal guard
8
+ have a populated binding instead of relying on a manual `POST /topic-operator`.
9
+
10
+ - `TelegramAdapter`: new public `isAuthorizedSender(number|string): boolean`,
11
+ wrapping the private `isAuthorized` (number/string tolerant; blank/non-numeric
12
+ → false). Read-only; no behavior change to the private path.
13
+ - `routes.ts` `/internal/telegram-forward`: one additive block, placed AFTER the
14
+ a2a-hook short-circuit and BEFORE `onTopicMessage`, that binds the operator iff
15
+ `ctx.telegram.isAuthorizedSender(fromUserId)` is true.
16
+
17
+ ## The load-bearing security property
18
+ ONLY an authorized sender becomes the operator. An unauthorized party in the
19
+ bot's group is never seated — that is exactly the cross-principal ("Caroline")
20
+ bug, and the integration test proves the over-the-wire refusal (a `fromUserId`
21
+ outside the allowlist, even with `fromFirstName: "Caroline"`, binds nothing).
22
+ The uid is the platform-authenticated sender id; a content name is never the
23
+ source (`TopicOperatorStore.setOperator` enforces this by construction, #904).
24
+
25
+ ## Blast radius (hot path — reviewed carefully)
26
+ - **Additive + fail-soft.** The block is wrapped in try/catch and only runs when
27
+ `ctx.topicOperatorStore` is non-null, `fromUserId` is present, and `topicId` is
28
+ a number. Any error is logged and swallowed — an auto-bind failure can NEVER
29
+ break message routing. `setOperator` is a fast local JSON write, idempotent on
30
+ the same uid (a redelivered message re-binds the same operator harmlessly).
31
+ - **a2a-safe.** Placed after the a2a short-circuit, so agent-to-agent bot messages
32
+ return before the bind; a bot id is also not in `authorizedUserIds` anyway. The
33
+ 14 existing `/internal/telegram-forward` integration tests stay green (no
34
+ regression to the version handshake, exactly-once, sentinel, or a2a paths).
35
+ - **No new route / class / config key / dependency.** It consumes the store +
36
+ routes shipped in #904/#906 and the injection from #908.
37
+
38
+ ## No-allowlist trust model (documented)
39
+ `isAuthorizedSender` mirrors `isAuthorized`: with NO `authorizedUserIds` allowlist
40
+ configured, every authenticated sender is accepted (the agent already serves
41
+ everyone in that mode), so the operator becomes the most-recent authenticated
42
+ sender. This is consistent with the existing trust model and is NOT a
43
+ Caroline-class bleed (the uid is Telegram-authenticated, not a content name). A
44
+ secure deployment configures `authorizedUserIds`, and then only those uids bind.
45
+
46
+ ## Scope (deliberate) + the known gap
47
+ This binds on the **lifeline-forward path only** — the instar fleet's primary
48
+ inbound route. The adapter's own long-poll path (`onTopicMessage`, the
49
+ no-lifeline case) is NOT covered here, because its single shared callback is
50
+ defined in `src/commands/server.ts` (the production composition root, not
51
+ route-testable). That gap is tracked for a follow-up (Inc-2e): bind in the shared
52
+ `onTopicMessage` handler to cover both paths with one change. Until then, a
53
+ no-lifeline install simply has no auto-bind (fail-safe: no binding → no injection
54
+ → no false identity), and `POST /topic-operator` remains the manual path.
55
+
56
+ ## Migration parity
57
+ None required — server-side route behavior + an in-process adapter method reach
58
+ existing agents on the next server update (the Migration Parity Standard governs
59
+ agent-installed FILES; this touches none).
60
+
61
+ ## Tests
62
+ - Tier 1 (unit): `tests/unit/telegram-isauthorizedsender.test.ts` (5) — both sides
63
+ of the boundary, number/string ids, blank/NaN guard, no-allowlist model.
64
+ - Tier 2 (integration): `tests/integration/topic-operator-autobind-route.test.ts`
65
+ (4) — over the wire: authorized binds, unauthorized doesn't, a2a bot doesn't,
66
+ null store no-op. Existing telegram-forward suites (14) stay green.
67
+
68
+ ## Rollback
69
+ Revert the one route block + the `isAuthorizedSender` method + delete the two
70
+ tests. The store on disk is inert without the bind.