instar 1.3.401 → 1.3.403
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dashboard/index.html +74 -0
- package/dashboard/subscriptions.js +264 -0
- package/dist/commands/server.d.ts.map +1 -1
- package/dist/commands/server.js +59 -1
- package/dist/commands/server.js.map +1 -1
- package/dist/core/EnrollmentWizard.d.ts +84 -0
- package/dist/core/EnrollmentWizard.d.ts.map +1 -0
- package/dist/core/EnrollmentWizard.js +107 -0
- package/dist/core/EnrollmentWizard.js.map +1 -0
- package/dist/core/FrameworkLoginDriver.d.ts +85 -0
- package/dist/core/FrameworkLoginDriver.d.ts.map +1 -0
- package/dist/core/FrameworkLoginDriver.js +110 -0
- package/dist/core/FrameworkLoginDriver.js.map +1 -0
- package/dist/core/PendingLoginStore.d.ts +118 -0
- package/dist/core/PendingLoginStore.d.ts.map +1 -0
- package/dist/core/PendingLoginStore.js +201 -0
- package/dist/core/PendingLoginStore.js.map +1 -0
- package/dist/core/types.d.ts +8 -0
- package/dist/core/types.d.ts.map +1 -1
- package/dist/core/types.js.map +1 -1
- package/dist/server/AgentServer.d.ts +1 -0
- package/dist/server/AgentServer.d.ts.map +1 -1
- package/dist/server/AgentServer.js +1 -0
- package/dist/server/AgentServer.js.map +1 -1
- package/dist/server/routes.d.ts +2 -0
- package/dist/server/routes.d.ts.map +1 -1
- package/dist/server/routes.js +59 -0
- package/dist/server/routes.js.map +1 -1
- package/package.json +1 -1
- package/src/data/builtin-manifest.json +47 -47
- package/upgrades/1.3.402.md +64 -0
- package/upgrades/1.3.403.md +50 -0
- package/upgrades/side-effects/subscription-auth-enrollment.md +91 -0
package/package.json
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "./builtin-manifest.schema.json",
|
|
3
3
|
"schemaVersion": 1,
|
|
4
|
-
"generatedAt": "2026-06-07T08:
|
|
5
|
-
"instarVersion": "1.3.
|
|
4
|
+
"generatedAt": "2026-06-07T08:45:36.629Z",
|
|
5
|
+
"instarVersion": "1.3.403",
|
|
6
6
|
"entryCount": 199,
|
|
7
7
|
"entries": {
|
|
8
8
|
"hook:session-start": {
|
|
@@ -418,7 +418,7 @@
|
|
|
418
418
|
"type": "route-group",
|
|
419
419
|
"domain": "monitoring",
|
|
420
420
|
"sourcePath": "src/server/routes.ts",
|
|
421
|
-
"contentHash": "
|
|
421
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
422
422
|
"since": "2025-01-01"
|
|
423
423
|
},
|
|
424
424
|
"route-group:agents": {
|
|
@@ -426,7 +426,7 @@
|
|
|
426
426
|
"type": "route-group",
|
|
427
427
|
"domain": "sessions",
|
|
428
428
|
"sourcePath": "src/server/routes.ts",
|
|
429
|
-
"contentHash": "
|
|
429
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
430
430
|
"since": "2025-01-01"
|
|
431
431
|
},
|
|
432
432
|
"route-group:backups": {
|
|
@@ -434,7 +434,7 @@
|
|
|
434
434
|
"type": "route-group",
|
|
435
435
|
"domain": "operations",
|
|
436
436
|
"sourcePath": "src/server/routes.ts",
|
|
437
|
-
"contentHash": "
|
|
437
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
438
438
|
"since": "2025-01-01"
|
|
439
439
|
},
|
|
440
440
|
"route-group:git": {
|
|
@@ -442,7 +442,7 @@
|
|
|
442
442
|
"type": "route-group",
|
|
443
443
|
"domain": "coordination",
|
|
444
444
|
"sourcePath": "src/server/routes.ts",
|
|
445
|
-
"contentHash": "
|
|
445
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
446
446
|
"since": "2025-01-01"
|
|
447
447
|
},
|
|
448
448
|
"route-group:memory": {
|
|
@@ -450,7 +450,7 @@
|
|
|
450
450
|
"type": "route-group",
|
|
451
451
|
"domain": "memory",
|
|
452
452
|
"sourcePath": "src/server/routes.ts",
|
|
453
|
-
"contentHash": "
|
|
453
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
454
454
|
"since": "2025-01-01"
|
|
455
455
|
},
|
|
456
456
|
"route-group:semantic": {
|
|
@@ -458,7 +458,7 @@
|
|
|
458
458
|
"type": "route-group",
|
|
459
459
|
"domain": "memory",
|
|
460
460
|
"sourcePath": "src/server/routes.ts",
|
|
461
|
-
"contentHash": "
|
|
461
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
462
462
|
"since": "2025-01-01"
|
|
463
463
|
},
|
|
464
464
|
"route-group:status": {
|
|
@@ -466,7 +466,7 @@
|
|
|
466
466
|
"type": "route-group",
|
|
467
467
|
"domain": "monitoring",
|
|
468
468
|
"sourcePath": "src/server/routes.ts",
|
|
469
|
-
"contentHash": "
|
|
469
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
470
470
|
"since": "2025-01-01"
|
|
471
471
|
},
|
|
472
472
|
"route-group:capabilities": {
|
|
@@ -474,7 +474,7 @@
|
|
|
474
474
|
"type": "route-group",
|
|
475
475
|
"domain": "mapping",
|
|
476
476
|
"sourcePath": "src/server/routes.ts",
|
|
477
|
-
"contentHash": "
|
|
477
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
478
478
|
"since": "2025-01-01"
|
|
479
479
|
},
|
|
480
480
|
"route-group:project-map": {
|
|
@@ -482,7 +482,7 @@
|
|
|
482
482
|
"type": "route-group",
|
|
483
483
|
"domain": "mapping",
|
|
484
484
|
"sourcePath": "src/server/routes.ts",
|
|
485
|
-
"contentHash": "
|
|
485
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
486
486
|
"since": "2025-01-01"
|
|
487
487
|
},
|
|
488
488
|
"route-group:coherence": {
|
|
@@ -490,7 +490,7 @@
|
|
|
490
490
|
"type": "route-group",
|
|
491
491
|
"domain": "coherence",
|
|
492
492
|
"sourcePath": "src/server/routes.ts",
|
|
493
|
-
"contentHash": "
|
|
493
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
494
494
|
"since": "2025-01-01"
|
|
495
495
|
},
|
|
496
496
|
"route-group:topic-bindings": {
|
|
@@ -498,7 +498,7 @@
|
|
|
498
498
|
"type": "route-group",
|
|
499
499
|
"domain": "sessions",
|
|
500
500
|
"sourcePath": "src/server/routes.ts",
|
|
501
|
-
"contentHash": "
|
|
501
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
502
502
|
"since": "2025-01-01"
|
|
503
503
|
},
|
|
504
504
|
"route-group:context": {
|
|
@@ -506,7 +506,7 @@
|
|
|
506
506
|
"type": "route-group",
|
|
507
507
|
"domain": "context",
|
|
508
508
|
"sourcePath": "src/server/routes.ts",
|
|
509
|
-
"contentHash": "
|
|
509
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
510
510
|
"since": "2025-01-01"
|
|
511
511
|
},
|
|
512
512
|
"route-group:scope-coherence": {
|
|
@@ -514,7 +514,7 @@
|
|
|
514
514
|
"type": "route-group",
|
|
515
515
|
"domain": "coherence",
|
|
516
516
|
"sourcePath": "src/server/routes.ts",
|
|
517
|
-
"contentHash": "
|
|
517
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
518
518
|
"since": "2025-01-01"
|
|
519
519
|
},
|
|
520
520
|
"route-group:canonical-state": {
|
|
@@ -522,7 +522,7 @@
|
|
|
522
522
|
"type": "route-group",
|
|
523
523
|
"domain": "state",
|
|
524
524
|
"sourcePath": "src/server/routes.ts",
|
|
525
|
-
"contentHash": "
|
|
525
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
526
526
|
"since": "2025-01-01"
|
|
527
527
|
},
|
|
528
528
|
"route-group:ci": {
|
|
@@ -530,7 +530,7 @@
|
|
|
530
530
|
"type": "route-group",
|
|
531
531
|
"domain": "monitoring",
|
|
532
532
|
"sourcePath": "src/server/routes.ts",
|
|
533
|
-
"contentHash": "
|
|
533
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
534
534
|
"since": "2025-01-01"
|
|
535
535
|
},
|
|
536
536
|
"route-group:sessions": {
|
|
@@ -538,7 +538,7 @@
|
|
|
538
538
|
"type": "route-group",
|
|
539
539
|
"domain": "sessions",
|
|
540
540
|
"sourcePath": "src/server/routes.ts",
|
|
541
|
-
"contentHash": "
|
|
541
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
542
542
|
"since": "2025-01-01"
|
|
543
543
|
},
|
|
544
544
|
"route-group:jobs": {
|
|
@@ -546,7 +546,7 @@
|
|
|
546
546
|
"type": "route-group",
|
|
547
547
|
"domain": "scheduling",
|
|
548
548
|
"sourcePath": "src/server/routes.ts",
|
|
549
|
-
"contentHash": "
|
|
549
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
550
550
|
"since": "2025-01-01"
|
|
551
551
|
},
|
|
552
552
|
"route-group:skip-ledger": {
|
|
@@ -554,7 +554,7 @@
|
|
|
554
554
|
"type": "route-group",
|
|
555
555
|
"domain": "scheduling",
|
|
556
556
|
"sourcePath": "src/server/routes.ts",
|
|
557
|
-
"contentHash": "
|
|
557
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
558
558
|
"since": "2025-01-01"
|
|
559
559
|
},
|
|
560
560
|
"route-group:telegram": {
|
|
@@ -562,7 +562,7 @@
|
|
|
562
562
|
"type": "route-group",
|
|
563
563
|
"domain": "communication",
|
|
564
564
|
"sourcePath": "src/server/routes.ts",
|
|
565
|
-
"contentHash": "
|
|
565
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
566
566
|
"since": "2025-01-01"
|
|
567
567
|
},
|
|
568
568
|
"route-group:attention": {
|
|
@@ -570,7 +570,7 @@
|
|
|
570
570
|
"type": "route-group",
|
|
571
571
|
"domain": "communication",
|
|
572
572
|
"sourcePath": "src/server/routes.ts",
|
|
573
|
-
"contentHash": "
|
|
573
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
574
574
|
"since": "2025-01-01"
|
|
575
575
|
},
|
|
576
576
|
"route-group:relationships": {
|
|
@@ -578,7 +578,7 @@
|
|
|
578
578
|
"type": "route-group",
|
|
579
579
|
"domain": "relationships",
|
|
580
580
|
"sourcePath": "src/server/routes.ts",
|
|
581
|
-
"contentHash": "
|
|
581
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
582
582
|
"since": "2025-01-01"
|
|
583
583
|
},
|
|
584
584
|
"route-group:feedback": {
|
|
@@ -586,7 +586,7 @@
|
|
|
586
586
|
"type": "route-group",
|
|
587
587
|
"domain": "feedback",
|
|
588
588
|
"sourcePath": "src/server/routes.ts",
|
|
589
|
-
"contentHash": "
|
|
589
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
590
590
|
"since": "2025-01-01"
|
|
591
591
|
},
|
|
592
592
|
"route-group:updates": {
|
|
@@ -594,7 +594,7 @@
|
|
|
594
594
|
"type": "route-group",
|
|
595
595
|
"domain": "updates",
|
|
596
596
|
"sourcePath": "src/server/routes.ts",
|
|
597
|
-
"contentHash": "
|
|
597
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
598
598
|
"since": "2025-01-01"
|
|
599
599
|
},
|
|
600
600
|
"route-group:dispatches": {
|
|
@@ -602,7 +602,7 @@
|
|
|
602
602
|
"type": "route-group",
|
|
603
603
|
"domain": "dispatches",
|
|
604
604
|
"sourcePath": "src/server/routes.ts",
|
|
605
|
-
"contentHash": "
|
|
605
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
606
606
|
"since": "2025-01-01"
|
|
607
607
|
},
|
|
608
608
|
"route-group:quota": {
|
|
@@ -610,7 +610,7 @@
|
|
|
610
610
|
"type": "route-group",
|
|
611
611
|
"domain": "monitoring",
|
|
612
612
|
"sourcePath": "src/server/routes.ts",
|
|
613
|
-
"contentHash": "
|
|
613
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
614
614
|
"since": "2025-01-01"
|
|
615
615
|
},
|
|
616
616
|
"route-group:publishing": {
|
|
@@ -618,7 +618,7 @@
|
|
|
618
618
|
"type": "route-group",
|
|
619
619
|
"domain": "publishing",
|
|
620
620
|
"sourcePath": "src/server/routes.ts",
|
|
621
|
-
"contentHash": "
|
|
621
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
622
622
|
"since": "2025-01-01"
|
|
623
623
|
},
|
|
624
624
|
"route-group:private-views": {
|
|
@@ -626,7 +626,7 @@
|
|
|
626
626
|
"type": "route-group",
|
|
627
627
|
"domain": "publishing",
|
|
628
628
|
"sourcePath": "src/server/routes.ts",
|
|
629
|
-
"contentHash": "
|
|
629
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
630
630
|
"since": "2025-01-01"
|
|
631
631
|
},
|
|
632
632
|
"route-group:tunnel": {
|
|
@@ -634,7 +634,7 @@
|
|
|
634
634
|
"type": "route-group",
|
|
635
635
|
"domain": "networking",
|
|
636
636
|
"sourcePath": "src/server/routes.ts",
|
|
637
|
-
"contentHash": "
|
|
637
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
638
638
|
"since": "2025-01-01"
|
|
639
639
|
},
|
|
640
640
|
"route-group:events": {
|
|
@@ -642,7 +642,7 @@
|
|
|
642
642
|
"type": "route-group",
|
|
643
643
|
"domain": "networking",
|
|
644
644
|
"sourcePath": "src/server/routes.ts",
|
|
645
|
-
"contentHash": "
|
|
645
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
646
646
|
"since": "2025-01-01"
|
|
647
647
|
},
|
|
648
648
|
"route-group:evolution": {
|
|
@@ -650,7 +650,7 @@
|
|
|
650
650
|
"type": "route-group",
|
|
651
651
|
"domain": "evolution",
|
|
652
652
|
"sourcePath": "src/server/routes.ts",
|
|
653
|
-
"contentHash": "
|
|
653
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
654
654
|
"since": "2025-01-01"
|
|
655
655
|
},
|
|
656
656
|
"route-group:watchdog": {
|
|
@@ -658,7 +658,7 @@
|
|
|
658
658
|
"type": "route-group",
|
|
659
659
|
"domain": "monitoring",
|
|
660
660
|
"sourcePath": "src/server/routes.ts",
|
|
661
|
-
"contentHash": "
|
|
661
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
662
662
|
"since": "2025-01-01"
|
|
663
663
|
},
|
|
664
664
|
"route-group:topic-memory": {
|
|
@@ -666,7 +666,7 @@
|
|
|
666
666
|
"type": "route-group",
|
|
667
667
|
"domain": "memory",
|
|
668
668
|
"sourcePath": "src/server/routes.ts",
|
|
669
|
-
"contentHash": "
|
|
669
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
670
670
|
"since": "2025-01-01"
|
|
671
671
|
},
|
|
672
672
|
"route-group:state-sync": {
|
|
@@ -674,7 +674,7 @@
|
|
|
674
674
|
"type": "route-group",
|
|
675
675
|
"domain": "coordination",
|
|
676
676
|
"sourcePath": "src/server/routes.ts",
|
|
677
|
-
"contentHash": "
|
|
677
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
678
678
|
"since": "2025-01-01"
|
|
679
679
|
},
|
|
680
680
|
"route-group:intent": {
|
|
@@ -682,7 +682,7 @@
|
|
|
682
682
|
"type": "route-group",
|
|
683
683
|
"domain": "intent",
|
|
684
684
|
"sourcePath": "src/server/routes.ts",
|
|
685
|
-
"contentHash": "
|
|
685
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
686
686
|
"since": "2025-01-01"
|
|
687
687
|
},
|
|
688
688
|
"route-group:triage": {
|
|
@@ -690,7 +690,7 @@
|
|
|
690
690
|
"type": "route-group",
|
|
691
691
|
"domain": "safety",
|
|
692
692
|
"sourcePath": "src/server/routes.ts",
|
|
693
|
-
"contentHash": "
|
|
693
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
694
694
|
"since": "2025-01-01"
|
|
695
695
|
},
|
|
696
696
|
"route-group:operations": {
|
|
@@ -698,7 +698,7 @@
|
|
|
698
698
|
"type": "route-group",
|
|
699
699
|
"domain": "safety",
|
|
700
700
|
"sourcePath": "src/server/routes.ts",
|
|
701
|
-
"contentHash": "
|
|
701
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
702
702
|
"since": "2025-01-01"
|
|
703
703
|
},
|
|
704
704
|
"route-group:sentinel": {
|
|
@@ -706,7 +706,7 @@
|
|
|
706
706
|
"type": "route-group",
|
|
707
707
|
"domain": "safety",
|
|
708
708
|
"sourcePath": "src/server/routes.ts",
|
|
709
|
-
"contentHash": "
|
|
709
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
710
710
|
"since": "2025-01-01"
|
|
711
711
|
},
|
|
712
712
|
"route-group:trust": {
|
|
@@ -714,7 +714,7 @@
|
|
|
714
714
|
"type": "route-group",
|
|
715
715
|
"domain": "safety",
|
|
716
716
|
"sourcePath": "src/server/routes.ts",
|
|
717
|
-
"contentHash": "
|
|
717
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
718
718
|
"since": "2025-01-01"
|
|
719
719
|
},
|
|
720
720
|
"route-group:monitoring": {
|
|
@@ -722,7 +722,7 @@
|
|
|
722
722
|
"type": "route-group",
|
|
723
723
|
"domain": "monitoring",
|
|
724
724
|
"sourcePath": "src/server/routes.ts",
|
|
725
|
-
"contentHash": "
|
|
725
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
726
726
|
"since": "2025-01-01"
|
|
727
727
|
},
|
|
728
728
|
"route-group:commitments": {
|
|
@@ -730,7 +730,7 @@
|
|
|
730
730
|
"type": "route-group",
|
|
731
731
|
"domain": "commitments",
|
|
732
732
|
"sourcePath": "src/server/routes.ts",
|
|
733
|
-
"contentHash": "
|
|
733
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
734
734
|
"since": "2025-01-01"
|
|
735
735
|
},
|
|
736
736
|
"route-group:episodes": {
|
|
@@ -738,7 +738,7 @@
|
|
|
738
738
|
"type": "route-group",
|
|
739
739
|
"domain": "memory",
|
|
740
740
|
"sourcePath": "src/server/routes.ts",
|
|
741
|
-
"contentHash": "
|
|
741
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
742
742
|
"since": "2025-01-01"
|
|
743
743
|
},
|
|
744
744
|
"route-group:messages": {
|
|
@@ -746,7 +746,7 @@
|
|
|
746
746
|
"type": "route-group",
|
|
747
747
|
"domain": "coordination",
|
|
748
748
|
"sourcePath": "src/server/routes.ts",
|
|
749
|
-
"contentHash": "
|
|
749
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
750
750
|
"since": "2025-01-01"
|
|
751
751
|
},
|
|
752
752
|
"route-group:system-reviews": {
|
|
@@ -754,7 +754,7 @@
|
|
|
754
754
|
"type": "route-group",
|
|
755
755
|
"domain": "monitoring",
|
|
756
756
|
"sourcePath": "src/server/routes.ts",
|
|
757
|
-
"contentHash": "
|
|
757
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
758
758
|
"since": "2025-01-01"
|
|
759
759
|
},
|
|
760
760
|
"route-group:machine-mesh": {
|
|
@@ -770,7 +770,7 @@
|
|
|
770
770
|
"type": "route-group",
|
|
771
771
|
"domain": "security",
|
|
772
772
|
"sourcePath": "src/server/routes.ts",
|
|
773
|
-
"contentHash": "
|
|
773
|
+
"contentHash": "71db98cdd2a2ec55361f6a66447e40f0f97436817e2ae4b8f0496dc803248cbf",
|
|
774
774
|
"since": "2025-01-01"
|
|
775
775
|
},
|
|
776
776
|
"cli:init": {
|
|
@@ -1506,7 +1506,7 @@
|
|
|
1506
1506
|
"type": "subsystem",
|
|
1507
1507
|
"domain": "server",
|
|
1508
1508
|
"sourcePath": "src/server/AgentServer.ts",
|
|
1509
|
-
"contentHash": "
|
|
1509
|
+
"contentHash": "1b7d450ba6a4b4793a0497d93dde540c42227edb34d6b6fd92ab641c76b64438",
|
|
1510
1510
|
"since": "2025-01-01"
|
|
1511
1511
|
},
|
|
1512
1512
|
"subsystem:session-manager": {
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
# Upgrade Guide — vNEXT
|
|
2
|
+
|
|
3
|
+
<!-- assembled-by: assemble-next-md -->
|
|
4
|
+
<!-- bump: minor -->
|
|
5
|
+
|
|
6
|
+
## What Changed
|
|
7
|
+
|
|
8
|
+
Added the enrollment wizard — the fourth piece of the Subscription & Auth
|
|
9
|
+
Standard, on top of the P1.1 account registry, P1.2 quota poller, and P1.3
|
|
10
|
+
auto-swap scheduler. It assists logging a new subscription account into the pool
|
|
11
|
+
from a phone, and makes the flow expiry-proof.
|
|
12
|
+
|
|
13
|
+
Three new core pieces:
|
|
14
|
+
|
|
15
|
+
- **`PendingLoginStore`** — a durable ledger of logins-in-progress. Each record
|
|
16
|
+
holds PUBLIC artifacts only: the verification URL, the optional short device
|
|
17
|
+
code, the flow kind, when it expires, and a re-issue count. There is no field
|
|
18
|
+
to hold a token — credential-safety by construction, the same structural guard
|
|
19
|
+
the account registry uses. The store persists to disk, so an in-flight login
|
|
20
|
+
survives a server restart.
|
|
21
|
+
- **`EnrollmentWizard`** — orchestration on top of the store: start a login
|
|
22
|
+
(drive the framework's login flow, capture the public code/URL, store it with
|
|
23
|
+
its TTL visible), and a sweep that auto-reissues any expired login WITHOUT the
|
|
24
|
+
operator asking — the exact gap the pi-harness live-test exposed (a code that
|
|
25
|
+
expired before the operator got to it). A failed re-drive is skipped and retried
|
|
26
|
+
next sweep, so one bad login can't abort the sweep.
|
|
27
|
+
- **`FrameworkLoginDriver`** — the concrete driver: spawns the framework's login
|
|
28
|
+
command under the target account's config home and scrapes the public
|
|
29
|
+
verification URL + device code + TTL from the pane (Codex = device-code; Claude =
|
|
30
|
+
URL + paste-back-code). The scrape logic is pure and unit-tested against real
|
|
31
|
+
captured-output fixtures.
|
|
32
|
+
|
|
33
|
+
Routes (under `/subscription-pool`, internal/dark until graduation):
|
|
34
|
+
`POST /subscription-pool/enroll`, `GET /subscription-pool/pending-logins`,
|
|
35
|
+
`POST /subscription-pool/enroll/:id/complete`,
|
|
36
|
+
`POST /subscription-pool/enroll/reissue-expired`. A low-frequency background tick
|
|
37
|
+
calls the reissue sweep. The list/sweep routes answer `200 { enabled:false }` when
|
|
38
|
+
the wizard is unwired — never 503.
|
|
39
|
+
|
|
40
|
+
Coverage: unit tests for the store, the wizard (incl. the auto-reissue gap +
|
|
41
|
+
driver-failure resilience), and the driver scrape logic; integration tests for
|
|
42
|
+
the HTTP routes (asserting no token field ever appears in a response); an
|
|
43
|
+
end-to-end test that confirms the routes are alive and a started enrollment
|
|
44
|
+
survives a server restart.
|
|
45
|
+
|
|
46
|
+
## What to Tell Your User
|
|
47
|
+
|
|
48
|
+
You can add another subscription account from your phone. I'll show you a short
|
|
49
|
+
code and a link; you open the provider's own page and approve. Nothing secret
|
|
50
|
+
ever passes through me — only the public code and link. And if the code expires
|
|
51
|
+
before you get to it, I quietly issue a fresh one instead of leaving you stuck —
|
|
52
|
+
no trip back to a terminal. An enrollment you start is remembered even if I
|
|
53
|
+
restart in the middle.
|
|
54
|
+
|
|
55
|
+
## Summary of New Capabilities
|
|
56
|
+
|
|
57
|
+
- **Phone-friendly enrollment** — start a new-account login and get a short
|
|
58
|
+
code + link to approve on the provider's own page; nothing secret transits the
|
|
59
|
+
agent.
|
|
60
|
+
- **Auto-reissue on expiry** — an expired login code is silently refreshed on a
|
|
61
|
+
sweep, so a code that ages out before you act doesn't strand the flow.
|
|
62
|
+
- **Durable pending logins** — in-flight logins survive a server restart.
|
|
63
|
+
- **Pending-logins surface** — `GET /subscription-pool/pending-logins` lists the
|
|
64
|
+
active codes/links + their TTL (the phone surface + the dashboard panel feed).
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
# Upgrade Guide — vNEXT
|
|
2
|
+
|
|
3
|
+
<!-- assembled-by: assemble-next-md -->
|
|
4
|
+
<!-- bump: minor -->
|
|
5
|
+
|
|
6
|
+
## What Changed
|
|
7
|
+
|
|
8
|
+
Added a **Subscriptions** tab to the dashboard — the visual surface for the
|
|
9
|
+
multi-account Subscription & Auth pool (P1.1–P2.1). It shows, per account: the
|
|
10
|
+
nickname, a friendly status, and live quota bars for the 5-hour and weekly
|
|
11
|
+
windows with a "resets in …" countdown. A **Pending Logins** panel below lists
|
|
12
|
+
any in-flight enrollment — the device code / verification URL (shown as copyable
|
|
13
|
+
text, never a live link) with its TTL countdown and how many times it has been
|
|
14
|
+
re-issued.
|
|
15
|
+
|
|
16
|
+
The tab is a self-contained browser-native ESM module (`dashboard/subscriptions.js`)
|
|
17
|
+
served statically, registered in `index.html` exactly like the Process Health and
|
|
18
|
+
Preferences tabs (lazy dynamic-import, start/stop on tab activation, polled every
|
|
19
|
+
30s). It consumes the existing `GET /subscription-pool` and
|
|
20
|
+
`GET /subscription-pool/pending-logins` routes — no new server routes, no `src/`
|
|
21
|
+
change. When the pool isn't set up the routes answer `{ enabled:false }` and the
|
|
22
|
+
tab shows a friendly "not set up yet" message (never an error).
|
|
23
|
+
|
|
24
|
+
It carries the same load-bearing display-safety contract as the Process Health
|
|
25
|
+
tab: every dynamic value is sanitized (NFKC fold + control/bidi/chrome-glyph
|
|
26
|
+
strip + grapheme cap) before the DOM, all writes are `textContent` only, and the
|
|
27
|
+
only dynamic attribute (a quota-bar width) comes from a clamped 0–100 integer.
|
|
28
|
+
|
|
29
|
+
Coverage: 26 tests across three tiers — render unit tests (sanitize/clamp/
|
|
30
|
+
countdown/renderers + XSS-survives-as-inert-text), a controller integration test
|
|
31
|
+
(jsdom + injected fetch/timers: render, feature-dark, XSS through the controller,
|
|
32
|
+
fetch-failure resilience, visibility gating), and an e2e feature-alive test that
|
|
33
|
+
boots a real server with the production routes and drives the shipped controller
|
|
34
|
+
against it (accounts + pending logins render; feature-off → friendly copy).
|
|
35
|
+
|
|
36
|
+
## What to Tell Your User
|
|
37
|
+
|
|
38
|
+
There's a new **Subscriptions** tab on your dashboard. It shows each of your
|
|
39
|
+
subscription accounts, how much of each is left (5-hour and weekly) and when it
|
|
40
|
+
resets, and any logins still waiting for you to approve on your phone — with the
|
|
41
|
+
code and a countdown. Open it from any device with your dashboard PIN.
|
|
42
|
+
|
|
43
|
+
## Summary of New Capabilities
|
|
44
|
+
|
|
45
|
+
- **Subscriptions dashboard tab** — per-account live quota bars (5h + weekly) with
|
|
46
|
+
reset countdowns + friendly status, on any device behind the dashboard PIN.
|
|
47
|
+
- **Pending Logins panel** — in-flight enrollment codes / verification URLs (as
|
|
48
|
+
copyable text) with TTL countdown + re-issue count.
|
|
49
|
+
- **Mobile-responsive + safe** — sanitized, `textContent`-only rendering; no live
|
|
50
|
+
links; reuses the Process Health tab's hardened display contract.
|
|
@@ -0,0 +1,91 @@
|
|
|
1
|
+
# Side-Effects Review — Mobile-first enrollment wizard (P2.1)
|
|
2
|
+
|
|
3
|
+
## Scope of change
|
|
4
|
+
|
|
5
|
+
- `src/core/PendingLoginStore.ts` (new) — durable ledger of in-flight logins (public artifacts only).
|
|
6
|
+
- `src/core/EnrollmentWizard.ts` (new) — orchestration: start + auto-reissue-on-expiry + complete.
|
|
7
|
+
- `src/core/FrameworkLoginDriver.ts` (new) — concrete LoginDriver: spawn framework login under the account's config home, scrape the public code/URL.
|
|
8
|
+
- `src/server/routes.ts` — RouteContext `enrollmentWizard` + 4 routes under `/subscription-pool`.
|
|
9
|
+
- `src/server/AgentServer.ts` — `enrollmentWizard?` option + private field + RouteContext plumbing.
|
|
10
|
+
- `src/commands/server.ts` — instantiate the store + driver + wizard; pass to AgentServer; background reissue tick (unref'd).
|
|
11
|
+
- tests (unit + integration + e2e) + api.md.
|
|
12
|
+
|
|
13
|
+
## The concern: a wizard that spawns a login process + writes a durable store
|
|
14
|
+
|
|
15
|
+
The new authority here is (a) spawning a framework login command, and (b) writing
|
|
16
|
+
a durable store. The safety design:
|
|
17
|
+
|
|
18
|
+
- **Spawning is injected + scoped.** The interactive leg (driving the login CLI)
|
|
19
|
+
is the injected `LoginDriver`. The concrete `FrameworkLoginDriver` spawns the
|
|
20
|
+
framework's OWN login command under a per-account `CLAUDE_CONFIG_DIR` — it does
|
|
21
|
+
not extract, read, or transmit any credential. The credential is written by the
|
|
22
|
+
framework's own client into that config home; instar only reads the PUBLIC
|
|
23
|
+
artifact (verification URL + short code) the provider prints to be typed into
|
|
24
|
+
its own page.
|
|
25
|
+
- **No secret can enter the store by construction.** `PendingLoginStore`'s record
|
|
26
|
+
type has no token/secret field. There is nothing to smuggle a credential into —
|
|
27
|
+
the same structural guarantee P1.1 enforces for the account registry. The
|
|
28
|
+
integration test asserts no token-like field ever appears in a response body.
|
|
29
|
+
- **Dark + operator/internal.** The routes nest under `/subscription-pool`
|
|
30
|
+
(already INTERNAL, not surfaced in /capabilities until graduation) and do
|
|
31
|
+
nothing until an operator starts an enrollment. No live-session path is touched.
|
|
32
|
+
- **The background tick is inert + bounded.** The reissue sweep only re-drives
|
|
33
|
+
logins that are already EXPIRED; with no pending logins it is a no-op. The timer
|
|
34
|
+
is `unref()`'d so it never holds the process open.
|
|
35
|
+
|
|
36
|
+
## Authority / autonomy analysis
|
|
37
|
+
|
|
38
|
+
- **Tier-2 by association** (spawns a process, writes a store) but ships dark +
|
|
39
|
+
operator-gated. The driving spec (`subscription-auth-p2.1-enrollment.md`) is
|
|
40
|
+
converged + `approved: true` (Justin, Telegram topic 20905, 2026-06-07 — blanket
|
|
41
|
+
approval of the remaining phases under the autonomy directive).
|
|
42
|
+
- **No autonomous credential handling.** The agent never holds a token; the
|
|
43
|
+
operator approves at the provider's own page. The wizard's only autonomy is
|
|
44
|
+
re-issuing an EXPIRED public code — which carries no secret and strands nothing.
|
|
45
|
+
- **Honest failure.** A driver failure during a reissue is logged + the login is
|
|
46
|
+
left expired for the next sweep (no false "reissued" claim); a scrape timeout
|
|
47
|
+
throws and the login is left for the operator (no fabricated artifact).
|
|
48
|
+
|
|
49
|
+
## Failure modes considered
|
|
50
|
+
|
|
51
|
+
- Login code expires before the operator acts → auto-reissued on the next sweep (the headline fix).
|
|
52
|
+
- Driver/scrape failure → logged, login left expired, sweep continues (one bad login can't abort it).
|
|
53
|
+
- Server restart mid-enrollment → the pending login persisted to disk; it reloads and stays on the surface.
|
|
54
|
+
- Wizard unwired (dark) → list/sweep routes answer 200 `{ enabled:false }`, never 503.
|
|
55
|
+
- No pending logins → the background sweep is a no-op; the timer is unref'd.
|
|
56
|
+
|
|
57
|
+
## Blast radius
|
|
58
|
+
|
|
59
|
+
Contained by the dark/operator-gated rollout + the credential-safety-by-construction
|
|
60
|
+
store. With no enrollment started (the default), none of this code executes beyond
|
|
61
|
+
an inert sweep over an empty store. The risk surface is the spawn-+-scrape path,
|
|
62
|
+
exercised only when an operator explicitly starts an enrollment.
|
|
63
|
+
|
|
64
|
+
## Framework generality
|
|
65
|
+
|
|
66
|
+
The wizard is framework-agnostic in shape, framework-specific in effect:
|
|
67
|
+
|
|
68
|
+
- `EnrollmentWizard` + `PendingLoginStore` are fully generic — they carry
|
|
69
|
+
`provider` + `framework` fields and treat the login artifact uniformly. The
|
|
70
|
+
per-provider default flow kind (`defaultKind`) encodes the only branch: Codex/
|
|
71
|
+
OpenAI = device-code (its endorsed flow); everyone else = url-code-paste (the
|
|
72
|
+
phone-friendly Claude path). Adding a framework is a one-line default + a driver
|
|
73
|
+
case, not a structural change.
|
|
74
|
+
- `FrameworkLoginDriver` is where framework specificity lives, and it is honest
|
|
75
|
+
about it: the spawn command + the scrape patterns are per-flow (device-code vs
|
|
76
|
+
url-code-paste), and the pure `parseArtifact` handles both. The two real flows
|
|
77
|
+
(Codex device-code, Claude URL-paste) are implemented; gemini-cli / pi-cli slot
|
|
78
|
+
into the same `framework` union and reuse the same scrape patterns when their
|
|
79
|
+
login flows are wired — no Claude-only assumption is baked into the abstraction.
|
|
80
|
+
- Per the constitution's "Framework-Agnostic — and Framework-Optimizing": the
|
|
81
|
+
store + wizard stay neutral across providers; the optimization (which login flow,
|
|
82
|
+
what to scrape) is per-framework in the driver. This matches the standard's
|
|
83
|
+
Claude-first scope (Justin's decision 3) without foreclosing the others.
|
|
84
|
+
|
|
85
|
+
## Migration / parity
|
|
86
|
+
|
|
87
|
+
All three new classes are additive (new files; the store is created lazily on
|
|
88
|
+
first enrollment). Routes stay under the already-classified `/subscription-pool`
|
|
89
|
+
INTERNAL prefix (no CapabilityIndex change until graduation). An optional
|
|
90
|
+
`subscriptionPool.enrollment` config block tunes TTL/sweep cadence; absent, shipped
|
|
91
|
+
defaults apply. No existing behaviour changes. Ships via dist.
|