instar 1.3.394 → 1.3.395
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/server.d.ts.map +1 -1
- package/dist/commands/server.js +17 -1
- package/dist/commands/server.js.map +1 -1
- package/dist/core/QuotaPoller.d.ts +120 -0
- package/dist/core/QuotaPoller.d.ts.map +1 -0
- package/dist/core/QuotaPoller.js +286 -0
- package/dist/core/QuotaPoller.js.map +1 -0
- package/dist/server/AgentServer.d.ts +1 -0
- package/dist/server/AgentServer.d.ts.map +1 -1
- package/dist/server/AgentServer.js +1 -0
- package/dist/server/AgentServer.js.map +1 -1
- package/dist/server/routes.d.ts +2 -0
- package/dist/server/routes.d.ts.map +1 -1
- package/dist/server/routes.js +36 -0
- package/dist/server/routes.js.map +1 -1
- package/package.json +1 -1
- package/scripts/lint-no-direct-llm-http.js +6 -0
- package/src/data/builtin-manifest.json +47 -47
- package/upgrades/1.3.395.md +57 -0
- package/upgrades/side-effects/subscription-quota-poller.md +71 -0
package/package.json
CHANGED
|
@@ -53,6 +53,12 @@ const ALLOWLIST = new Set([
|
|
|
53
53
|
'src/providers/adapters/anthropic-headless/errors.ts',
|
|
54
54
|
'src/providers/adapters/anthropic-headless/_smoketest.ts',
|
|
55
55
|
'src/providers/adapters/anthropic-headless/capability/fileSystemAccess.ts',
|
|
56
|
+
// Subscription & Auth Standard P1.2: QuotaPoller calls the READ-ONLY
|
|
57
|
+
// /api/oauth/usage telemetry endpoint (the same one the official client's
|
|
58
|
+
// /usage screen calls) to read per-account quota — NOT an LLM inference call,
|
|
59
|
+
// so there is nothing for burn-detection to attribute. Same class as the
|
|
60
|
+
// anthropic-headless usageMeterProvider above.
|
|
61
|
+
'src/core/QuotaPoller.ts',
|
|
56
62
|
]);
|
|
57
63
|
|
|
58
64
|
/**
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "./builtin-manifest.schema.json",
|
|
3
3
|
"schemaVersion": 1,
|
|
4
|
-
"generatedAt": "2026-06-
|
|
5
|
-
"instarVersion": "1.3.
|
|
4
|
+
"generatedAt": "2026-06-07T06:01:10.022Z",
|
|
5
|
+
"instarVersion": "1.3.395",
|
|
6
6
|
"entryCount": 199,
|
|
7
7
|
"entries": {
|
|
8
8
|
"hook:session-start": {
|
|
@@ -418,7 +418,7 @@
|
|
|
418
418
|
"type": "route-group",
|
|
419
419
|
"domain": "monitoring",
|
|
420
420
|
"sourcePath": "src/server/routes.ts",
|
|
421
|
-
"contentHash": "
|
|
421
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
422
422
|
"since": "2025-01-01"
|
|
423
423
|
},
|
|
424
424
|
"route-group:agents": {
|
|
@@ -426,7 +426,7 @@
|
|
|
426
426
|
"type": "route-group",
|
|
427
427
|
"domain": "sessions",
|
|
428
428
|
"sourcePath": "src/server/routes.ts",
|
|
429
|
-
"contentHash": "
|
|
429
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
430
430
|
"since": "2025-01-01"
|
|
431
431
|
},
|
|
432
432
|
"route-group:backups": {
|
|
@@ -434,7 +434,7 @@
|
|
|
434
434
|
"type": "route-group",
|
|
435
435
|
"domain": "operations",
|
|
436
436
|
"sourcePath": "src/server/routes.ts",
|
|
437
|
-
"contentHash": "
|
|
437
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
438
438
|
"since": "2025-01-01"
|
|
439
439
|
},
|
|
440
440
|
"route-group:git": {
|
|
@@ -442,7 +442,7 @@
|
|
|
442
442
|
"type": "route-group",
|
|
443
443
|
"domain": "coordination",
|
|
444
444
|
"sourcePath": "src/server/routes.ts",
|
|
445
|
-
"contentHash": "
|
|
445
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
446
446
|
"since": "2025-01-01"
|
|
447
447
|
},
|
|
448
448
|
"route-group:memory": {
|
|
@@ -450,7 +450,7 @@
|
|
|
450
450
|
"type": "route-group",
|
|
451
451
|
"domain": "memory",
|
|
452
452
|
"sourcePath": "src/server/routes.ts",
|
|
453
|
-
"contentHash": "
|
|
453
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
454
454
|
"since": "2025-01-01"
|
|
455
455
|
},
|
|
456
456
|
"route-group:semantic": {
|
|
@@ -458,7 +458,7 @@
|
|
|
458
458
|
"type": "route-group",
|
|
459
459
|
"domain": "memory",
|
|
460
460
|
"sourcePath": "src/server/routes.ts",
|
|
461
|
-
"contentHash": "
|
|
461
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
462
462
|
"since": "2025-01-01"
|
|
463
463
|
},
|
|
464
464
|
"route-group:status": {
|
|
@@ -466,7 +466,7 @@
|
|
|
466
466
|
"type": "route-group",
|
|
467
467
|
"domain": "monitoring",
|
|
468
468
|
"sourcePath": "src/server/routes.ts",
|
|
469
|
-
"contentHash": "
|
|
469
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
470
470
|
"since": "2025-01-01"
|
|
471
471
|
},
|
|
472
472
|
"route-group:capabilities": {
|
|
@@ -474,7 +474,7 @@
|
|
|
474
474
|
"type": "route-group",
|
|
475
475
|
"domain": "mapping",
|
|
476
476
|
"sourcePath": "src/server/routes.ts",
|
|
477
|
-
"contentHash": "
|
|
477
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
478
478
|
"since": "2025-01-01"
|
|
479
479
|
},
|
|
480
480
|
"route-group:project-map": {
|
|
@@ -482,7 +482,7 @@
|
|
|
482
482
|
"type": "route-group",
|
|
483
483
|
"domain": "mapping",
|
|
484
484
|
"sourcePath": "src/server/routes.ts",
|
|
485
|
-
"contentHash": "
|
|
485
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
486
486
|
"since": "2025-01-01"
|
|
487
487
|
},
|
|
488
488
|
"route-group:coherence": {
|
|
@@ -490,7 +490,7 @@
|
|
|
490
490
|
"type": "route-group",
|
|
491
491
|
"domain": "coherence",
|
|
492
492
|
"sourcePath": "src/server/routes.ts",
|
|
493
|
-
"contentHash": "
|
|
493
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
494
494
|
"since": "2025-01-01"
|
|
495
495
|
},
|
|
496
496
|
"route-group:topic-bindings": {
|
|
@@ -498,7 +498,7 @@
|
|
|
498
498
|
"type": "route-group",
|
|
499
499
|
"domain": "sessions",
|
|
500
500
|
"sourcePath": "src/server/routes.ts",
|
|
501
|
-
"contentHash": "
|
|
501
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
502
502
|
"since": "2025-01-01"
|
|
503
503
|
},
|
|
504
504
|
"route-group:context": {
|
|
@@ -506,7 +506,7 @@
|
|
|
506
506
|
"type": "route-group",
|
|
507
507
|
"domain": "context",
|
|
508
508
|
"sourcePath": "src/server/routes.ts",
|
|
509
|
-
"contentHash": "
|
|
509
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
510
510
|
"since": "2025-01-01"
|
|
511
511
|
},
|
|
512
512
|
"route-group:scope-coherence": {
|
|
@@ -514,7 +514,7 @@
|
|
|
514
514
|
"type": "route-group",
|
|
515
515
|
"domain": "coherence",
|
|
516
516
|
"sourcePath": "src/server/routes.ts",
|
|
517
|
-
"contentHash": "
|
|
517
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
518
518
|
"since": "2025-01-01"
|
|
519
519
|
},
|
|
520
520
|
"route-group:canonical-state": {
|
|
@@ -522,7 +522,7 @@
|
|
|
522
522
|
"type": "route-group",
|
|
523
523
|
"domain": "state",
|
|
524
524
|
"sourcePath": "src/server/routes.ts",
|
|
525
|
-
"contentHash": "
|
|
525
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
526
526
|
"since": "2025-01-01"
|
|
527
527
|
},
|
|
528
528
|
"route-group:ci": {
|
|
@@ -530,7 +530,7 @@
|
|
|
530
530
|
"type": "route-group",
|
|
531
531
|
"domain": "monitoring",
|
|
532
532
|
"sourcePath": "src/server/routes.ts",
|
|
533
|
-
"contentHash": "
|
|
533
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
534
534
|
"since": "2025-01-01"
|
|
535
535
|
},
|
|
536
536
|
"route-group:sessions": {
|
|
@@ -538,7 +538,7 @@
|
|
|
538
538
|
"type": "route-group",
|
|
539
539
|
"domain": "sessions",
|
|
540
540
|
"sourcePath": "src/server/routes.ts",
|
|
541
|
-
"contentHash": "
|
|
541
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
542
542
|
"since": "2025-01-01"
|
|
543
543
|
},
|
|
544
544
|
"route-group:jobs": {
|
|
@@ -546,7 +546,7 @@
|
|
|
546
546
|
"type": "route-group",
|
|
547
547
|
"domain": "scheduling",
|
|
548
548
|
"sourcePath": "src/server/routes.ts",
|
|
549
|
-
"contentHash": "
|
|
549
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
550
550
|
"since": "2025-01-01"
|
|
551
551
|
},
|
|
552
552
|
"route-group:skip-ledger": {
|
|
@@ -554,7 +554,7 @@
|
|
|
554
554
|
"type": "route-group",
|
|
555
555
|
"domain": "scheduling",
|
|
556
556
|
"sourcePath": "src/server/routes.ts",
|
|
557
|
-
"contentHash": "
|
|
557
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
558
558
|
"since": "2025-01-01"
|
|
559
559
|
},
|
|
560
560
|
"route-group:telegram": {
|
|
@@ -562,7 +562,7 @@
|
|
|
562
562
|
"type": "route-group",
|
|
563
563
|
"domain": "communication",
|
|
564
564
|
"sourcePath": "src/server/routes.ts",
|
|
565
|
-
"contentHash": "
|
|
565
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
566
566
|
"since": "2025-01-01"
|
|
567
567
|
},
|
|
568
568
|
"route-group:attention": {
|
|
@@ -570,7 +570,7 @@
|
|
|
570
570
|
"type": "route-group",
|
|
571
571
|
"domain": "communication",
|
|
572
572
|
"sourcePath": "src/server/routes.ts",
|
|
573
|
-
"contentHash": "
|
|
573
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
574
574
|
"since": "2025-01-01"
|
|
575
575
|
},
|
|
576
576
|
"route-group:relationships": {
|
|
@@ -578,7 +578,7 @@
|
|
|
578
578
|
"type": "route-group",
|
|
579
579
|
"domain": "relationships",
|
|
580
580
|
"sourcePath": "src/server/routes.ts",
|
|
581
|
-
"contentHash": "
|
|
581
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
582
582
|
"since": "2025-01-01"
|
|
583
583
|
},
|
|
584
584
|
"route-group:feedback": {
|
|
@@ -586,7 +586,7 @@
|
|
|
586
586
|
"type": "route-group",
|
|
587
587
|
"domain": "feedback",
|
|
588
588
|
"sourcePath": "src/server/routes.ts",
|
|
589
|
-
"contentHash": "
|
|
589
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
590
590
|
"since": "2025-01-01"
|
|
591
591
|
},
|
|
592
592
|
"route-group:updates": {
|
|
@@ -594,7 +594,7 @@
|
|
|
594
594
|
"type": "route-group",
|
|
595
595
|
"domain": "updates",
|
|
596
596
|
"sourcePath": "src/server/routes.ts",
|
|
597
|
-
"contentHash": "
|
|
597
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
598
598
|
"since": "2025-01-01"
|
|
599
599
|
},
|
|
600
600
|
"route-group:dispatches": {
|
|
@@ -602,7 +602,7 @@
|
|
|
602
602
|
"type": "route-group",
|
|
603
603
|
"domain": "dispatches",
|
|
604
604
|
"sourcePath": "src/server/routes.ts",
|
|
605
|
-
"contentHash": "
|
|
605
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
606
606
|
"since": "2025-01-01"
|
|
607
607
|
},
|
|
608
608
|
"route-group:quota": {
|
|
@@ -610,7 +610,7 @@
|
|
|
610
610
|
"type": "route-group",
|
|
611
611
|
"domain": "monitoring",
|
|
612
612
|
"sourcePath": "src/server/routes.ts",
|
|
613
|
-
"contentHash": "
|
|
613
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
614
614
|
"since": "2025-01-01"
|
|
615
615
|
},
|
|
616
616
|
"route-group:publishing": {
|
|
@@ -618,7 +618,7 @@
|
|
|
618
618
|
"type": "route-group",
|
|
619
619
|
"domain": "publishing",
|
|
620
620
|
"sourcePath": "src/server/routes.ts",
|
|
621
|
-
"contentHash": "
|
|
621
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
622
622
|
"since": "2025-01-01"
|
|
623
623
|
},
|
|
624
624
|
"route-group:private-views": {
|
|
@@ -626,7 +626,7 @@
|
|
|
626
626
|
"type": "route-group",
|
|
627
627
|
"domain": "publishing",
|
|
628
628
|
"sourcePath": "src/server/routes.ts",
|
|
629
|
-
"contentHash": "
|
|
629
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
630
630
|
"since": "2025-01-01"
|
|
631
631
|
},
|
|
632
632
|
"route-group:tunnel": {
|
|
@@ -634,7 +634,7 @@
|
|
|
634
634
|
"type": "route-group",
|
|
635
635
|
"domain": "networking",
|
|
636
636
|
"sourcePath": "src/server/routes.ts",
|
|
637
|
-
"contentHash": "
|
|
637
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
638
638
|
"since": "2025-01-01"
|
|
639
639
|
},
|
|
640
640
|
"route-group:events": {
|
|
@@ -642,7 +642,7 @@
|
|
|
642
642
|
"type": "route-group",
|
|
643
643
|
"domain": "networking",
|
|
644
644
|
"sourcePath": "src/server/routes.ts",
|
|
645
|
-
"contentHash": "
|
|
645
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
646
646
|
"since": "2025-01-01"
|
|
647
647
|
},
|
|
648
648
|
"route-group:evolution": {
|
|
@@ -650,7 +650,7 @@
|
|
|
650
650
|
"type": "route-group",
|
|
651
651
|
"domain": "evolution",
|
|
652
652
|
"sourcePath": "src/server/routes.ts",
|
|
653
|
-
"contentHash": "
|
|
653
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
654
654
|
"since": "2025-01-01"
|
|
655
655
|
},
|
|
656
656
|
"route-group:watchdog": {
|
|
@@ -658,7 +658,7 @@
|
|
|
658
658
|
"type": "route-group",
|
|
659
659
|
"domain": "monitoring",
|
|
660
660
|
"sourcePath": "src/server/routes.ts",
|
|
661
|
-
"contentHash": "
|
|
661
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
662
662
|
"since": "2025-01-01"
|
|
663
663
|
},
|
|
664
664
|
"route-group:topic-memory": {
|
|
@@ -666,7 +666,7 @@
|
|
|
666
666
|
"type": "route-group",
|
|
667
667
|
"domain": "memory",
|
|
668
668
|
"sourcePath": "src/server/routes.ts",
|
|
669
|
-
"contentHash": "
|
|
669
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
670
670
|
"since": "2025-01-01"
|
|
671
671
|
},
|
|
672
672
|
"route-group:state-sync": {
|
|
@@ -674,7 +674,7 @@
|
|
|
674
674
|
"type": "route-group",
|
|
675
675
|
"domain": "coordination",
|
|
676
676
|
"sourcePath": "src/server/routes.ts",
|
|
677
|
-
"contentHash": "
|
|
677
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
678
678
|
"since": "2025-01-01"
|
|
679
679
|
},
|
|
680
680
|
"route-group:intent": {
|
|
@@ -682,7 +682,7 @@
|
|
|
682
682
|
"type": "route-group",
|
|
683
683
|
"domain": "intent",
|
|
684
684
|
"sourcePath": "src/server/routes.ts",
|
|
685
|
-
"contentHash": "
|
|
685
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
686
686
|
"since": "2025-01-01"
|
|
687
687
|
},
|
|
688
688
|
"route-group:triage": {
|
|
@@ -690,7 +690,7 @@
|
|
|
690
690
|
"type": "route-group",
|
|
691
691
|
"domain": "safety",
|
|
692
692
|
"sourcePath": "src/server/routes.ts",
|
|
693
|
-
"contentHash": "
|
|
693
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
694
694
|
"since": "2025-01-01"
|
|
695
695
|
},
|
|
696
696
|
"route-group:operations": {
|
|
@@ -698,7 +698,7 @@
|
|
|
698
698
|
"type": "route-group",
|
|
699
699
|
"domain": "safety",
|
|
700
700
|
"sourcePath": "src/server/routes.ts",
|
|
701
|
-
"contentHash": "
|
|
701
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
702
702
|
"since": "2025-01-01"
|
|
703
703
|
},
|
|
704
704
|
"route-group:sentinel": {
|
|
@@ -706,7 +706,7 @@
|
|
|
706
706
|
"type": "route-group",
|
|
707
707
|
"domain": "safety",
|
|
708
708
|
"sourcePath": "src/server/routes.ts",
|
|
709
|
-
"contentHash": "
|
|
709
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
710
710
|
"since": "2025-01-01"
|
|
711
711
|
},
|
|
712
712
|
"route-group:trust": {
|
|
@@ -714,7 +714,7 @@
|
|
|
714
714
|
"type": "route-group",
|
|
715
715
|
"domain": "safety",
|
|
716
716
|
"sourcePath": "src/server/routes.ts",
|
|
717
|
-
"contentHash": "
|
|
717
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
718
718
|
"since": "2025-01-01"
|
|
719
719
|
},
|
|
720
720
|
"route-group:monitoring": {
|
|
@@ -722,7 +722,7 @@
|
|
|
722
722
|
"type": "route-group",
|
|
723
723
|
"domain": "monitoring",
|
|
724
724
|
"sourcePath": "src/server/routes.ts",
|
|
725
|
-
"contentHash": "
|
|
725
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
726
726
|
"since": "2025-01-01"
|
|
727
727
|
},
|
|
728
728
|
"route-group:commitments": {
|
|
@@ -730,7 +730,7 @@
|
|
|
730
730
|
"type": "route-group",
|
|
731
731
|
"domain": "commitments",
|
|
732
732
|
"sourcePath": "src/server/routes.ts",
|
|
733
|
-
"contentHash": "
|
|
733
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
734
734
|
"since": "2025-01-01"
|
|
735
735
|
},
|
|
736
736
|
"route-group:episodes": {
|
|
@@ -738,7 +738,7 @@
|
|
|
738
738
|
"type": "route-group",
|
|
739
739
|
"domain": "memory",
|
|
740
740
|
"sourcePath": "src/server/routes.ts",
|
|
741
|
-
"contentHash": "
|
|
741
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
742
742
|
"since": "2025-01-01"
|
|
743
743
|
},
|
|
744
744
|
"route-group:messages": {
|
|
@@ -746,7 +746,7 @@
|
|
|
746
746
|
"type": "route-group",
|
|
747
747
|
"domain": "coordination",
|
|
748
748
|
"sourcePath": "src/server/routes.ts",
|
|
749
|
-
"contentHash": "
|
|
749
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
750
750
|
"since": "2025-01-01"
|
|
751
751
|
},
|
|
752
752
|
"route-group:system-reviews": {
|
|
@@ -754,7 +754,7 @@
|
|
|
754
754
|
"type": "route-group",
|
|
755
755
|
"domain": "monitoring",
|
|
756
756
|
"sourcePath": "src/server/routes.ts",
|
|
757
|
-
"contentHash": "
|
|
757
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
758
758
|
"since": "2025-01-01"
|
|
759
759
|
},
|
|
760
760
|
"route-group:machine-mesh": {
|
|
@@ -770,7 +770,7 @@
|
|
|
770
770
|
"type": "route-group",
|
|
771
771
|
"domain": "security",
|
|
772
772
|
"sourcePath": "src/server/routes.ts",
|
|
773
|
-
"contentHash": "
|
|
773
|
+
"contentHash": "397e804f5973a87f0b4476495e57b80d1dca0394c2928753539e91a7761ab6cf",
|
|
774
774
|
"since": "2025-01-01"
|
|
775
775
|
},
|
|
776
776
|
"cli:init": {
|
|
@@ -1506,7 +1506,7 @@
|
|
|
1506
1506
|
"type": "subsystem",
|
|
1507
1507
|
"domain": "server",
|
|
1508
1508
|
"sourcePath": "src/server/AgentServer.ts",
|
|
1509
|
-
"contentHash": "
|
|
1509
|
+
"contentHash": "fd430ec1928c24390016a239a8dc013cbb0c02c5156caf4dd7e3e8e987a77e8d",
|
|
1510
1510
|
"since": "2025-01-01"
|
|
1511
1511
|
},
|
|
1512
1512
|
"subsystem:session-manager": {
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
# Upgrade Guide — vNEXT
|
|
2
|
+
|
|
3
|
+
<!-- assembled-by: assemble-next-md -->
|
|
4
|
+
<!-- bump: minor -->
|
|
5
|
+
|
|
6
|
+
## What Changed
|
|
7
|
+
|
|
8
|
+
Added `QuotaPoller` — the second piece of the Subscription & Auth Standard, built
|
|
9
|
+
on the P1.1 account registry. For each enrolled Claude account it reads live
|
|
10
|
+
usage (5-hour and weekly utilization, reset dates, per-model breakdown, and
|
|
11
|
+
extra-usage credit state) and writes that snapshot onto the account in the
|
|
12
|
+
registry. It also computes a MEASURED burn rate (utilization points per hour from
|
|
13
|
+
consecutive reads) rather than relying on call counts, which the auto-swap
|
|
14
|
+
scheduler (P1.3) will use to drain each account before its reset and switch
|
|
15
|
+
before a limit.
|
|
16
|
+
|
|
17
|
+
Read mechanism (operator decision C, hybrid): the poller resolves each account's
|
|
18
|
+
login token transiently from that account's own config home — never persisted,
|
|
19
|
+
never logged — and calls the read-only Anthropic usage endpoint (the same one
|
|
20
|
+
the official client's usage screen calls) at low frequency, stamping each
|
|
21
|
+
snapshot with its source. A hands-on finding shaped this: Claude Code does not
|
|
22
|
+
persist usage to disk or expose a non-interactive usage command, so the "have the
|
|
23
|
+
client report its own usage" primary we sketched does not exist; the endpoint
|
|
24
|
+
read is the only viable mechanism and it stays inside the subscription-only,
|
|
25
|
+
official-login-reused bounds. An authentication failure flags the account for
|
|
26
|
+
re-login; a later clean read clears the flag.
|
|
27
|
+
|
|
28
|
+
Two new routes under the existing subscription-pool surface: an on-demand poll
|
|
29
|
+
trigger and a per-account quota+burn-rate read. The background poll loop runs
|
|
30
|
+
only when at least one account is enrolled, so single-account agents and agents
|
|
31
|
+
with an empty pool are completely unaffected. Coverage: 16 tests across all three
|
|
32
|
+
tiers, fully hermetic (injected fetch and token resolver — zero credentials, zero
|
|
33
|
+
network), including the feature-alive check that the poll route answers in both
|
|
34
|
+
the dark and live states.
|
|
35
|
+
|
|
36
|
+
## What to Tell Your User
|
|
37
|
+
|
|
38
|
+
I can now read how much of each of your subscription accounts you've used — the
|
|
39
|
+
5-hour and weekly windows, when they reset, and how fast each one is burning down
|
|
40
|
+
— and I keep that fresh in the background. I never store your actual login
|
|
41
|
+
secrets to do it; I read them just for the moment of the check and let them go.
|
|
42
|
+
Nothing switches accounts yet — that's the next piece. This is still switched off
|
|
43
|
+
until you enrol accounts, and it only ever reads, never changes anything.
|
|
44
|
+
|
|
45
|
+
## Summary of New Capabilities
|
|
46
|
+
|
|
47
|
+
- **Per-account live quota** — for each enrolled Claude account: 5-hour and weekly
|
|
48
|
+
utilization, reset dates, per-model breakdown, extra-usage credits. Stored on
|
|
49
|
+
the account and refreshed on a low-frequency background loop (only when accounts
|
|
50
|
+
exist) plus an on-demand poll.
|
|
51
|
+
- **Measured burn rate** — utilization points per hour from consecutive reads, so
|
|
52
|
+
the upcoming scheduler decides on real burn, not call volume.
|
|
53
|
+
- **Re-auth detection** — an account whose usage read returns an auth error is
|
|
54
|
+
flagged for re-login, and a later clean read clears it automatically.
|
|
55
|
+
- **Read-only + dark + transient tokens** — observe-only (no behavior change),
|
|
56
|
+
inactive until accounts are enrolled, and login tokens are read transiently and
|
|
57
|
+
never persisted or logged.
|
|
@@ -0,0 +1,71 @@
|
|
|
1
|
+
# Side-Effects Review — QuotaPoller (P1.2)
|
|
2
|
+
|
|
3
|
+
## Scope of change
|
|
4
|
+
|
|
5
|
+
- `src/core/QuotaPoller.ts` (new) — per-account quota reader + mapper + burn rate.
|
|
6
|
+
- `src/server/routes.ts` — 2 new routes under the existing `/subscription-pool`
|
|
7
|
+
prefix (POST `/subscription-pool/poll`, GET `/subscription-pool/:id/quota`) +
|
|
8
|
+
RouteContext `quotaPoller` field.
|
|
9
|
+
- `src/server/AgentServer.ts` — threads the `quotaPoller` option → RouteContext.
|
|
10
|
+
- `src/commands/server.ts` — instantiates the poller; starts the background loop
|
|
11
|
+
ONLY when the pool is non-empty.
|
|
12
|
+
- tests (unit/integration/e2e).
|
|
13
|
+
|
|
14
|
+
## Mutability / authority analysis
|
|
15
|
+
|
|
16
|
+
- **External network call with a credential — the notable surface.** The poller
|
|
17
|
+
resolves each account's OAuth access token transiently from that account's own
|
|
18
|
+
config home and calls the READ-ONLY `GET /api/oauth/usage` telemetry endpoint.
|
|
19
|
+
It is NOT inference and NOT a mutation of any Anthropic-side state — it reads
|
|
20
|
+
usage stats, the same endpoint the official client's /usage screen calls. This
|
|
21
|
+
stays inside Justin's accepted decision-C bounds (subscription-only, official-
|
|
22
|
+
client login reused, no API keys). It is distinct from the inference-spoofing
|
|
23
|
+
Anthropic enforces against.
|
|
24
|
+
- **Token handling (the security-sensitive part).** Tokens are read TRANSIENTLY
|
|
25
|
+
for the duration of one fetch and never persisted, never logged, never
|
|
26
|
+
returned. The SubscriptionPool still stores only the config-home LOCATION; the
|
|
27
|
+
poller reads the token from the OS credential store (macOS keychain entry
|
|
28
|
+
`Claude Code-credentials-<sha256(configHome)[0:8]>`, or `<configHome>/.credentials.json`
|
|
29
|
+
on other platforms) at read time only.
|
|
30
|
+
- **Local writes.** The only persisted effect is writing each account's
|
|
31
|
+
`lastQuota` snapshot (and a `needs-reauth`/`active` status transition) into the
|
|
32
|
+
pool's single JSON file via the pool's existing atomic update path. No new
|
|
33
|
+
files, no deletes.
|
|
34
|
+
- **No behavior authority.** The poller does not gate, block, spawn, kill,
|
|
35
|
+
message, route, or alter any session/scheduling behavior. It is observe-only;
|
|
36
|
+
the consumer that ACTS on quota (the swap scheduler) is P1.3.
|
|
37
|
+
- **Frequency.** Background loop is low-frequency (default 15 min) and only runs
|
|
38
|
+
when the pool has ≥1 account. On-demand poll is available via the POST route.
|
|
39
|
+
|
|
40
|
+
## Failure modes considered
|
|
41
|
+
|
|
42
|
+
- **Unresolvable token** → account skipped, no snapshot (warn-logged, no token in log).
|
|
43
|
+
- **401/403 (revoked / password change)** → account flagged `needs-reauth`; a
|
|
44
|
+
later clean read restores it to `active`. Covered both sides by tests.
|
|
45
|
+
- **Network error / timeout** → null snapshot this cycle, status unchanged, retry
|
|
46
|
+
next cycle. Covered.
|
|
47
|
+
- **Sparse/partial usage response** → mapper tolerates missing windows. Covered.
|
|
48
|
+
- **Non-claude/disabled accounts** → skipped by pollAll. Covered.
|
|
49
|
+
|
|
50
|
+
## Blast radius if wrong
|
|
51
|
+
|
|
52
|
+
Contained. Dark (no accounts → no polling). Observe-only (no behavior change).
|
|
53
|
+
Worst realistic case: a stale or missing `lastQuota` value on an account, or an
|
|
54
|
+
account wrongly flagged needs-reauth (self-heals on the next clean read). No
|
|
55
|
+
session/scheduling impact until P1.3 consumes the data.
|
|
56
|
+
|
|
57
|
+
## Migration / parity
|
|
58
|
+
|
|
59
|
+
None. No config defaults, hooks, skills, or CLAUDE.md template changes. New
|
|
60
|
+
routes stay under the already-classified `/subscription-pool` INTERNAL prefix
|
|
61
|
+
(no CapabilityIndex change). Ships via dist on update.
|
|
62
|
+
|
|
63
|
+
## Tier rationale
|
|
64
|
+
|
|
65
|
+
Declared Tier 1 despite risk-floor signals (new route + new class). The change
|
|
66
|
+
is read-only external TELEMETRY, observe-only (no behavior authority), dark, with
|
|
67
|
+
transient-never-persisted token handling and fully hermetic tests (injected fetch
|
|
68
|
+
+ token resolver — zero credentials, zero network). The one genuinely sensitive
|
|
69
|
+
aspect — reading a per-account token to call the usage endpoint — is within the
|
|
70
|
+
operator's explicitly-chosen decision-C bounds and is flagged to the operator in
|
|
71
|
+
the progress report. Below-floor recorded for audit (the mind holds authority).
|