instar 1.3.418 → 1.3.420
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/core/AgentPassport.d.ts.map +1 -1
- package/dist/core/AgentPassport.js +10 -3
- package/dist/core/AgentPassport.js.map +1 -1
- package/dist/core/OrgIntentManager.d.ts.map +1 -1
- package/dist/core/OrgIntentManager.js +14 -1
- package/dist/core/OrgIntentManager.js.map +1 -1
- package/dist/messaging/OutboundContentDedup.d.ts +7 -1
- package/dist/messaging/OutboundContentDedup.d.ts.map +1 -1
- package/dist/messaging/OutboundContentDedup.js +23 -9
- package/dist/messaging/OutboundContentDedup.js.map +1 -1
- package/dist/messaging/OutboundDedupStore.d.ts +38 -0
- package/dist/messaging/OutboundDedupStore.d.ts.map +1 -0
- package/dist/messaging/OutboundDedupStore.js +99 -0
- package/dist/messaging/OutboundDedupStore.js.map +1 -0
- package/dist/server/routes.d.ts.map +1 -1
- package/dist/server/routes.js +32 -23
- package/dist/server/routes.js.map +1 -1
- package/package.json +1 -1
- package/src/data/builtin-manifest.json +46 -46
- package/upgrades/1.3.419.md +30 -0
- package/upgrades/1.3.420.md +45 -0
- package/upgrades/eli16/exo3-harness-gap-fixes.md +33 -0
- package/upgrades/side-effects/durable-outbound-dedup.md +87 -0
- package/upgrades/side-effects/exo3-harness-gap-fixes.md +69 -0
package/package.json
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "./builtin-manifest.schema.json",
|
|
3
3
|
"schemaVersion": 1,
|
|
4
|
-
"generatedAt": "2026-06-
|
|
5
|
-
"instarVersion": "1.3.
|
|
4
|
+
"generatedAt": "2026-06-08T01:07:40.184Z",
|
|
5
|
+
"instarVersion": "1.3.420",
|
|
6
6
|
"entryCount": 199,
|
|
7
7
|
"entries": {
|
|
8
8
|
"hook:session-start": {
|
|
@@ -418,7 +418,7 @@
|
|
|
418
418
|
"type": "route-group",
|
|
419
419
|
"domain": "monitoring",
|
|
420
420
|
"sourcePath": "src/server/routes.ts",
|
|
421
|
-
"contentHash": "
|
|
421
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
422
422
|
"since": "2025-01-01"
|
|
423
423
|
},
|
|
424
424
|
"route-group:agents": {
|
|
@@ -426,7 +426,7 @@
|
|
|
426
426
|
"type": "route-group",
|
|
427
427
|
"domain": "sessions",
|
|
428
428
|
"sourcePath": "src/server/routes.ts",
|
|
429
|
-
"contentHash": "
|
|
429
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
430
430
|
"since": "2025-01-01"
|
|
431
431
|
},
|
|
432
432
|
"route-group:backups": {
|
|
@@ -434,7 +434,7 @@
|
|
|
434
434
|
"type": "route-group",
|
|
435
435
|
"domain": "operations",
|
|
436
436
|
"sourcePath": "src/server/routes.ts",
|
|
437
|
-
"contentHash": "
|
|
437
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
438
438
|
"since": "2025-01-01"
|
|
439
439
|
},
|
|
440
440
|
"route-group:git": {
|
|
@@ -442,7 +442,7 @@
|
|
|
442
442
|
"type": "route-group",
|
|
443
443
|
"domain": "coordination",
|
|
444
444
|
"sourcePath": "src/server/routes.ts",
|
|
445
|
-
"contentHash": "
|
|
445
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
446
446
|
"since": "2025-01-01"
|
|
447
447
|
},
|
|
448
448
|
"route-group:memory": {
|
|
@@ -450,7 +450,7 @@
|
|
|
450
450
|
"type": "route-group",
|
|
451
451
|
"domain": "memory",
|
|
452
452
|
"sourcePath": "src/server/routes.ts",
|
|
453
|
-
"contentHash": "
|
|
453
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
454
454
|
"since": "2025-01-01"
|
|
455
455
|
},
|
|
456
456
|
"route-group:semantic": {
|
|
@@ -458,7 +458,7 @@
|
|
|
458
458
|
"type": "route-group",
|
|
459
459
|
"domain": "memory",
|
|
460
460
|
"sourcePath": "src/server/routes.ts",
|
|
461
|
-
"contentHash": "
|
|
461
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
462
462
|
"since": "2025-01-01"
|
|
463
463
|
},
|
|
464
464
|
"route-group:status": {
|
|
@@ -466,7 +466,7 @@
|
|
|
466
466
|
"type": "route-group",
|
|
467
467
|
"domain": "monitoring",
|
|
468
468
|
"sourcePath": "src/server/routes.ts",
|
|
469
|
-
"contentHash": "
|
|
469
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
470
470
|
"since": "2025-01-01"
|
|
471
471
|
},
|
|
472
472
|
"route-group:capabilities": {
|
|
@@ -474,7 +474,7 @@
|
|
|
474
474
|
"type": "route-group",
|
|
475
475
|
"domain": "mapping",
|
|
476
476
|
"sourcePath": "src/server/routes.ts",
|
|
477
|
-
"contentHash": "
|
|
477
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
478
478
|
"since": "2025-01-01"
|
|
479
479
|
},
|
|
480
480
|
"route-group:project-map": {
|
|
@@ -482,7 +482,7 @@
|
|
|
482
482
|
"type": "route-group",
|
|
483
483
|
"domain": "mapping",
|
|
484
484
|
"sourcePath": "src/server/routes.ts",
|
|
485
|
-
"contentHash": "
|
|
485
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
486
486
|
"since": "2025-01-01"
|
|
487
487
|
},
|
|
488
488
|
"route-group:coherence": {
|
|
@@ -490,7 +490,7 @@
|
|
|
490
490
|
"type": "route-group",
|
|
491
491
|
"domain": "coherence",
|
|
492
492
|
"sourcePath": "src/server/routes.ts",
|
|
493
|
-
"contentHash": "
|
|
493
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
494
494
|
"since": "2025-01-01"
|
|
495
495
|
},
|
|
496
496
|
"route-group:topic-bindings": {
|
|
@@ -498,7 +498,7 @@
|
|
|
498
498
|
"type": "route-group",
|
|
499
499
|
"domain": "sessions",
|
|
500
500
|
"sourcePath": "src/server/routes.ts",
|
|
501
|
-
"contentHash": "
|
|
501
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
502
502
|
"since": "2025-01-01"
|
|
503
503
|
},
|
|
504
504
|
"route-group:context": {
|
|
@@ -506,7 +506,7 @@
|
|
|
506
506
|
"type": "route-group",
|
|
507
507
|
"domain": "context",
|
|
508
508
|
"sourcePath": "src/server/routes.ts",
|
|
509
|
-
"contentHash": "
|
|
509
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
510
510
|
"since": "2025-01-01"
|
|
511
511
|
},
|
|
512
512
|
"route-group:scope-coherence": {
|
|
@@ -514,7 +514,7 @@
|
|
|
514
514
|
"type": "route-group",
|
|
515
515
|
"domain": "coherence",
|
|
516
516
|
"sourcePath": "src/server/routes.ts",
|
|
517
|
-
"contentHash": "
|
|
517
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
518
518
|
"since": "2025-01-01"
|
|
519
519
|
},
|
|
520
520
|
"route-group:canonical-state": {
|
|
@@ -522,7 +522,7 @@
|
|
|
522
522
|
"type": "route-group",
|
|
523
523
|
"domain": "state",
|
|
524
524
|
"sourcePath": "src/server/routes.ts",
|
|
525
|
-
"contentHash": "
|
|
525
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
526
526
|
"since": "2025-01-01"
|
|
527
527
|
},
|
|
528
528
|
"route-group:ci": {
|
|
@@ -530,7 +530,7 @@
|
|
|
530
530
|
"type": "route-group",
|
|
531
531
|
"domain": "monitoring",
|
|
532
532
|
"sourcePath": "src/server/routes.ts",
|
|
533
|
-
"contentHash": "
|
|
533
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
534
534
|
"since": "2025-01-01"
|
|
535
535
|
},
|
|
536
536
|
"route-group:sessions": {
|
|
@@ -538,7 +538,7 @@
|
|
|
538
538
|
"type": "route-group",
|
|
539
539
|
"domain": "sessions",
|
|
540
540
|
"sourcePath": "src/server/routes.ts",
|
|
541
|
-
"contentHash": "
|
|
541
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
542
542
|
"since": "2025-01-01"
|
|
543
543
|
},
|
|
544
544
|
"route-group:jobs": {
|
|
@@ -546,7 +546,7 @@
|
|
|
546
546
|
"type": "route-group",
|
|
547
547
|
"domain": "scheduling",
|
|
548
548
|
"sourcePath": "src/server/routes.ts",
|
|
549
|
-
"contentHash": "
|
|
549
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
550
550
|
"since": "2025-01-01"
|
|
551
551
|
},
|
|
552
552
|
"route-group:skip-ledger": {
|
|
@@ -554,7 +554,7 @@
|
|
|
554
554
|
"type": "route-group",
|
|
555
555
|
"domain": "scheduling",
|
|
556
556
|
"sourcePath": "src/server/routes.ts",
|
|
557
|
-
"contentHash": "
|
|
557
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
558
558
|
"since": "2025-01-01"
|
|
559
559
|
},
|
|
560
560
|
"route-group:telegram": {
|
|
@@ -562,7 +562,7 @@
|
|
|
562
562
|
"type": "route-group",
|
|
563
563
|
"domain": "communication",
|
|
564
564
|
"sourcePath": "src/server/routes.ts",
|
|
565
|
-
"contentHash": "
|
|
565
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
566
566
|
"since": "2025-01-01"
|
|
567
567
|
},
|
|
568
568
|
"route-group:attention": {
|
|
@@ -570,7 +570,7 @@
|
|
|
570
570
|
"type": "route-group",
|
|
571
571
|
"domain": "communication",
|
|
572
572
|
"sourcePath": "src/server/routes.ts",
|
|
573
|
-
"contentHash": "
|
|
573
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
574
574
|
"since": "2025-01-01"
|
|
575
575
|
},
|
|
576
576
|
"route-group:relationships": {
|
|
@@ -578,7 +578,7 @@
|
|
|
578
578
|
"type": "route-group",
|
|
579
579
|
"domain": "relationships",
|
|
580
580
|
"sourcePath": "src/server/routes.ts",
|
|
581
|
-
"contentHash": "
|
|
581
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
582
582
|
"since": "2025-01-01"
|
|
583
583
|
},
|
|
584
584
|
"route-group:feedback": {
|
|
@@ -586,7 +586,7 @@
|
|
|
586
586
|
"type": "route-group",
|
|
587
587
|
"domain": "feedback",
|
|
588
588
|
"sourcePath": "src/server/routes.ts",
|
|
589
|
-
"contentHash": "
|
|
589
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
590
590
|
"since": "2025-01-01"
|
|
591
591
|
},
|
|
592
592
|
"route-group:updates": {
|
|
@@ -594,7 +594,7 @@
|
|
|
594
594
|
"type": "route-group",
|
|
595
595
|
"domain": "updates",
|
|
596
596
|
"sourcePath": "src/server/routes.ts",
|
|
597
|
-
"contentHash": "
|
|
597
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
598
598
|
"since": "2025-01-01"
|
|
599
599
|
},
|
|
600
600
|
"route-group:dispatches": {
|
|
@@ -602,7 +602,7 @@
|
|
|
602
602
|
"type": "route-group",
|
|
603
603
|
"domain": "dispatches",
|
|
604
604
|
"sourcePath": "src/server/routes.ts",
|
|
605
|
-
"contentHash": "
|
|
605
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
606
606
|
"since": "2025-01-01"
|
|
607
607
|
},
|
|
608
608
|
"route-group:quota": {
|
|
@@ -610,7 +610,7 @@
|
|
|
610
610
|
"type": "route-group",
|
|
611
611
|
"domain": "monitoring",
|
|
612
612
|
"sourcePath": "src/server/routes.ts",
|
|
613
|
-
"contentHash": "
|
|
613
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
614
614
|
"since": "2025-01-01"
|
|
615
615
|
},
|
|
616
616
|
"route-group:publishing": {
|
|
@@ -618,7 +618,7 @@
|
|
|
618
618
|
"type": "route-group",
|
|
619
619
|
"domain": "publishing",
|
|
620
620
|
"sourcePath": "src/server/routes.ts",
|
|
621
|
-
"contentHash": "
|
|
621
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
622
622
|
"since": "2025-01-01"
|
|
623
623
|
},
|
|
624
624
|
"route-group:private-views": {
|
|
@@ -626,7 +626,7 @@
|
|
|
626
626
|
"type": "route-group",
|
|
627
627
|
"domain": "publishing",
|
|
628
628
|
"sourcePath": "src/server/routes.ts",
|
|
629
|
-
"contentHash": "
|
|
629
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
630
630
|
"since": "2025-01-01"
|
|
631
631
|
},
|
|
632
632
|
"route-group:tunnel": {
|
|
@@ -634,7 +634,7 @@
|
|
|
634
634
|
"type": "route-group",
|
|
635
635
|
"domain": "networking",
|
|
636
636
|
"sourcePath": "src/server/routes.ts",
|
|
637
|
-
"contentHash": "
|
|
637
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
638
638
|
"since": "2025-01-01"
|
|
639
639
|
},
|
|
640
640
|
"route-group:events": {
|
|
@@ -642,7 +642,7 @@
|
|
|
642
642
|
"type": "route-group",
|
|
643
643
|
"domain": "networking",
|
|
644
644
|
"sourcePath": "src/server/routes.ts",
|
|
645
|
-
"contentHash": "
|
|
645
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
646
646
|
"since": "2025-01-01"
|
|
647
647
|
},
|
|
648
648
|
"route-group:evolution": {
|
|
@@ -650,7 +650,7 @@
|
|
|
650
650
|
"type": "route-group",
|
|
651
651
|
"domain": "evolution",
|
|
652
652
|
"sourcePath": "src/server/routes.ts",
|
|
653
|
-
"contentHash": "
|
|
653
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
654
654
|
"since": "2025-01-01"
|
|
655
655
|
},
|
|
656
656
|
"route-group:watchdog": {
|
|
@@ -658,7 +658,7 @@
|
|
|
658
658
|
"type": "route-group",
|
|
659
659
|
"domain": "monitoring",
|
|
660
660
|
"sourcePath": "src/server/routes.ts",
|
|
661
|
-
"contentHash": "
|
|
661
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
662
662
|
"since": "2025-01-01"
|
|
663
663
|
},
|
|
664
664
|
"route-group:topic-memory": {
|
|
@@ -666,7 +666,7 @@
|
|
|
666
666
|
"type": "route-group",
|
|
667
667
|
"domain": "memory",
|
|
668
668
|
"sourcePath": "src/server/routes.ts",
|
|
669
|
-
"contentHash": "
|
|
669
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
670
670
|
"since": "2025-01-01"
|
|
671
671
|
},
|
|
672
672
|
"route-group:state-sync": {
|
|
@@ -674,7 +674,7 @@
|
|
|
674
674
|
"type": "route-group",
|
|
675
675
|
"domain": "coordination",
|
|
676
676
|
"sourcePath": "src/server/routes.ts",
|
|
677
|
-
"contentHash": "
|
|
677
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
678
678
|
"since": "2025-01-01"
|
|
679
679
|
},
|
|
680
680
|
"route-group:intent": {
|
|
@@ -682,7 +682,7 @@
|
|
|
682
682
|
"type": "route-group",
|
|
683
683
|
"domain": "intent",
|
|
684
684
|
"sourcePath": "src/server/routes.ts",
|
|
685
|
-
"contentHash": "
|
|
685
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
686
686
|
"since": "2025-01-01"
|
|
687
687
|
},
|
|
688
688
|
"route-group:triage": {
|
|
@@ -690,7 +690,7 @@
|
|
|
690
690
|
"type": "route-group",
|
|
691
691
|
"domain": "safety",
|
|
692
692
|
"sourcePath": "src/server/routes.ts",
|
|
693
|
-
"contentHash": "
|
|
693
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
694
694
|
"since": "2025-01-01"
|
|
695
695
|
},
|
|
696
696
|
"route-group:operations": {
|
|
@@ -698,7 +698,7 @@
|
|
|
698
698
|
"type": "route-group",
|
|
699
699
|
"domain": "safety",
|
|
700
700
|
"sourcePath": "src/server/routes.ts",
|
|
701
|
-
"contentHash": "
|
|
701
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
702
702
|
"since": "2025-01-01"
|
|
703
703
|
},
|
|
704
704
|
"route-group:sentinel": {
|
|
@@ -706,7 +706,7 @@
|
|
|
706
706
|
"type": "route-group",
|
|
707
707
|
"domain": "safety",
|
|
708
708
|
"sourcePath": "src/server/routes.ts",
|
|
709
|
-
"contentHash": "
|
|
709
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
710
710
|
"since": "2025-01-01"
|
|
711
711
|
},
|
|
712
712
|
"route-group:trust": {
|
|
@@ -714,7 +714,7 @@
|
|
|
714
714
|
"type": "route-group",
|
|
715
715
|
"domain": "safety",
|
|
716
716
|
"sourcePath": "src/server/routes.ts",
|
|
717
|
-
"contentHash": "
|
|
717
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
718
718
|
"since": "2025-01-01"
|
|
719
719
|
},
|
|
720
720
|
"route-group:monitoring": {
|
|
@@ -722,7 +722,7 @@
|
|
|
722
722
|
"type": "route-group",
|
|
723
723
|
"domain": "monitoring",
|
|
724
724
|
"sourcePath": "src/server/routes.ts",
|
|
725
|
-
"contentHash": "
|
|
725
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
726
726
|
"since": "2025-01-01"
|
|
727
727
|
},
|
|
728
728
|
"route-group:commitments": {
|
|
@@ -730,7 +730,7 @@
|
|
|
730
730
|
"type": "route-group",
|
|
731
731
|
"domain": "commitments",
|
|
732
732
|
"sourcePath": "src/server/routes.ts",
|
|
733
|
-
"contentHash": "
|
|
733
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
734
734
|
"since": "2025-01-01"
|
|
735
735
|
},
|
|
736
736
|
"route-group:episodes": {
|
|
@@ -738,7 +738,7 @@
|
|
|
738
738
|
"type": "route-group",
|
|
739
739
|
"domain": "memory",
|
|
740
740
|
"sourcePath": "src/server/routes.ts",
|
|
741
|
-
"contentHash": "
|
|
741
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
742
742
|
"since": "2025-01-01"
|
|
743
743
|
},
|
|
744
744
|
"route-group:messages": {
|
|
@@ -746,7 +746,7 @@
|
|
|
746
746
|
"type": "route-group",
|
|
747
747
|
"domain": "coordination",
|
|
748
748
|
"sourcePath": "src/server/routes.ts",
|
|
749
|
-
"contentHash": "
|
|
749
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
750
750
|
"since": "2025-01-01"
|
|
751
751
|
},
|
|
752
752
|
"route-group:system-reviews": {
|
|
@@ -754,7 +754,7 @@
|
|
|
754
754
|
"type": "route-group",
|
|
755
755
|
"domain": "monitoring",
|
|
756
756
|
"sourcePath": "src/server/routes.ts",
|
|
757
|
-
"contentHash": "
|
|
757
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
758
758
|
"since": "2025-01-01"
|
|
759
759
|
},
|
|
760
760
|
"route-group:machine-mesh": {
|
|
@@ -770,7 +770,7 @@
|
|
|
770
770
|
"type": "route-group",
|
|
771
771
|
"domain": "security",
|
|
772
772
|
"sourcePath": "src/server/routes.ts",
|
|
773
|
-
"contentHash": "
|
|
773
|
+
"contentHash": "ba95e48c020a055480ff5c548630cc97e7797d6f79cb919affdb589ebd3f8d48",
|
|
774
774
|
"since": "2025-01-01"
|
|
775
775
|
},
|
|
776
776
|
"cli:init": {
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
# Upgrade Guide — vNEXT
|
|
2
|
+
|
|
3
|
+
<!-- assembled-by: assemble-next-md -->
|
|
4
|
+
<!-- bump: patch -->
|
|
5
|
+
|
|
6
|
+
## What Changed
|
|
7
|
+
|
|
8
|
+
Three latent bugs in EXO 3.0 capabilities, surfaced by a new from-every-angle test harness, are fixed — each with a regression test:
|
|
9
|
+
|
|
10
|
+
- Agent-passport verification no longer returns a 500 when a peer's passport omits a field. `permits()` defaults `forbiddenActions`/`allowedCapabilities` to `[]`, so a partial peer card yields a verdict instead of throwing "Cannot read properties of undefined (reading 'length')".
|
|
11
|
+
- The org-intent Tradeoff Hierarchy parser now accepts the documented single-line `Safety > Operator trust > ...` chained form, not only bullet lists. The resolver previously saw an empty hierarchy and reported "no tradeoff hierarchy defined".
|
|
12
|
+
- The learning-velocity metric now reads its three real event sources — the registered-learnings registry under `state/evolution/` (timestamp at `source.discoveredAt`), the `action-queue.json` evolution actions, and the SQLite correction ledger — instead of three paths the agent never writes. It previously always reported zero events.
|
|
13
|
+
|
|
14
|
+
## What to Tell Your User
|
|
15
|
+
|
|
16
|
+
- "I found and fixed three small internal bugs in my EXO 3.0 self-checks, each surfaced by a new test harness that probes every capability from several angles. A peer-passport check could crash on an incomplete card; a value-priority list wasn't being read; and a learning-pace number was stuck at zero because it looked in the wrong places. These are correctness fixes with no change to how I behave for you — the learning-pace number will now reflect my real activity."
|
|
17
|
+
|
|
18
|
+
## Summary of New Capabilities
|
|
19
|
+
|
|
20
|
+
| Capability | How to Use |
|
|
21
|
+
|-----------|-----------|
|
|
22
|
+
| Passport verify tolerates a partial peer passport | Automatic. A passport missing a field yields a verdict instead of a 500. |
|
|
23
|
+
| Tradeoff Hierarchy chained-form parsing | Automatic. The org-intent A-greater-than-B line now resolves via the tradeoff endpoint. |
|
|
24
|
+
| Learning-velocity real sources | Automatic. The metric reads the real learnings / evolution-actions / corrections stores. |
|
|
25
|
+
|
|
26
|
+
## Evidence
|
|
27
|
+
|
|
28
|
+
Before: `POST /passport/verify` with a passport missing `allowedCapabilities` returned HTTP 500 "Cannot read properties of undefined (reading 'length')". `POST /intent/tradeoff-resolve` returned "no tradeoff hierarchy defined" even though the hierarchy was present in the org-intent file. `GET /metrics/learning-velocity` returned `totalEvents: 0` / `insufficient-data` on an agent with hundreds of real evolution actions and registered learnings on disk.
|
|
29
|
+
|
|
30
|
+
After: the same partial-passport request returns a 200 verdict (covered by a unit test, plus a regression test that still denies a forbidden action on a partial card). tradeoff-resolve resolves a value pair against the parsed order (unit test asserts the chained line parses to the ordered array; the bulleted form still parses). learning-velocity returns the real event count across learnings, evolution actions, and corrections (integration test seeds the real source paths/shapes and asserts a non-zero total). The pre-existing learning-velocity integration test had encoded the buggy paths, which is why the bug stayed green — it now seeds the real paths.
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
# Upgrade Guide — vNEXT
|
|
2
|
+
|
|
3
|
+
<!-- assembled-by: assemble-next-md -->
|
|
4
|
+
<!-- bump: patch -->
|
|
5
|
+
|
|
6
|
+
## What Changed
|
|
7
|
+
|
|
8
|
+
Fixes a cross-restart duplicate-reply bug (topic 21816): the outbound
|
|
9
|
+
duplicate-suppressor (`OutboundContentDedup`) kept its "recently sent" fingerprints
|
|
10
|
+
only in per-process memory, so a restart (or overlapping processes during restart
|
|
11
|
+
churn) wiped that memory and the same reply could go out multiple times — observed
|
|
12
|
+
as a byte-identical reply sent 5× in 19s during the "server temporarily down"
|
|
13
|
+
instability. Adds `OutboundDedupStore` (SQLite-backed durable fingerprints); the
|
|
14
|
+
suppressor now consults it when the in-memory map misses, so an identical recent
|
|
15
|
+
send is caught across restarts/processes. Wired at the existing `/telegram/reply`
|
|
16
|
+
dedup point.
|
|
17
|
+
|
|
18
|
+
## What to Tell Your User
|
|
19
|
+
|
|
20
|
+
If you ever saw the agent post the exact same reply several times in a row
|
|
21
|
+
(especially right around a restart/update), that's fixed — the duplicate-catcher
|
|
22
|
+
now remembers across restarts instead of forgetting.
|
|
23
|
+
|
|
24
|
+
## Summary of New Capabilities
|
|
25
|
+
|
|
26
|
+
- Outbound content-dedup is now durable across restarts/processes. **Fail-open**: a
|
|
27
|
+
db hiccup degrades to the prior in-memory-only behavior and can never suppress a
|
|
28
|
+
legitimate message. No config change (reuses the `outboundContentDedup` block);
|
|
29
|
+
a per-agent `outbound-dedup.db` is auto-created.
|
|
30
|
+
|
|
31
|
+
## Evidence
|
|
32
|
+
|
|
33
|
+
`tests/unit/outbound-dedup-durable.test.ts` (6, incl the cross-restart catch +
|
|
34
|
+
fail-open paths); existing `OutboundContentDedup.test` (11) still green;
|
|
35
|
+
no-silent-fallbacks at baseline (fail-open catches marked `@silent-fallback-ok`);
|
|
36
|
+
`tsc --noEmit` clean. causalAutopsy: latent — the dedup was in-memory-only since it
|
|
37
|
+
shipped (2026-06-06); harmful only once restart churn (this incident) reset/split
|
|
38
|
+
the in-memory state mid-window.
|
|
39
|
+
|
|
40
|
+
## Scope (honest)
|
|
41
|
+
|
|
42
|
+
Contained fix in messaging. Catches byte-identical recent re-sends to the same
|
|
43
|
+
topic (the observed bug, verified identical); does not catch near-identical
|
|
44
|
+
*regenerations* — a deeper inbound "don't re-process an in-flight message across a
|
|
45
|
+
restart" guard is a noted follow-up. Fail-open is the load-bearing safety property.
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
# EXO 3.0 Harness Gap Fixes — Plain-English Overview
|
|
2
|
+
|
|
3
|
+
> The one-line version: a new from-every-angle test harness for our EXO 3.0 features found three small, real bugs that shipped because the old tests checked the wrong things — this fixes all three.
|
|
4
|
+
|
|
5
|
+
## The problem in one breath
|
|
6
|
+
|
|
7
|
+
We built a harness that probes every EXO 3.0 capability through its real endpoint, from several angles. It surfaced three genuine bugs that were invisible before because the existing tests quietly encoded the same wrong assumptions the code had. None of them are big — but each made a real capability lie about itself.
|
|
8
|
+
|
|
9
|
+
## What already exists
|
|
10
|
+
|
|
11
|
+
- **Agent Passport** — a portable card that says what an agent may and may not do; a peer can check an action against it before trusting it.
|
|
12
|
+
- **Org-Intent / tradeoff hierarchy** — our purpose file lists, in priority order, which value wins when two collide (Safety first, then Operator trust, and so on).
|
|
13
|
+
- **Learning-velocity metric** — a read-only number meant to show how fast the agent is actually learning, by counting real learning events.
|
|
14
|
+
|
|
15
|
+
## What this adds
|
|
16
|
+
|
|
17
|
+
This is three surgical fixes, no new features:
|
|
18
|
+
|
|
19
|
+
- **Passport verify no longer crashes on a partial card.** A peer's passport that omits a field (it didn't go through our builder) used to make the verifier throw a 500 error. Now any missing list defaults to empty, so the verifier always returns a clean yes/no verdict instead of crashing.
|
|
20
|
+
- **The tradeoff hierarchy now actually parses.** Our purpose file writes the hierarchy the documented way — one line, "Safety > Operator trust > Correctness > …". The parser only understood bullet lists, so it read an empty hierarchy and the resolver said "no hierarchy defined." Now it understands the chained form too.
|
|
21
|
+
- **Learning-velocity reads the real event sources.** The metric was reading three file paths the agent never actually writes to (wrong directory, wrong timestamp field, and a JSONL file for data that lives in a database). So it always reported zero. Now it reads the registered-learnings registry (with the right timestamp), the evolution action queue, and the corrections database.
|
|
22
|
+
|
|
23
|
+
## The safeguards
|
|
24
|
+
|
|
25
|
+
**Prevents the verifier from crashing on untrusted input.** A passport is, by design, handed over by another agent — so it must be treated as possibly-partial. Defaulting the array fields means a malformed card produces a verdict, never an exception.
|
|
26
|
+
|
|
27
|
+
**Prevents silent zero-reporting.** The learning-velocity test used to write fixtures to the same wrong paths the route read, so both were wrong together and the test stayed green. The test now seeds the REAL paths and shapes the live agent writes, so it can never again pass while the live metric reads zero.
|
|
28
|
+
|
|
29
|
+
**No behavior change for healthy inputs.** A complete passport, a bulleted hierarchy, and an agent with no learning events all behave exactly as before. These fixes only add tolerance and correct paths.
|
|
30
|
+
|
|
31
|
+
## What ships when
|
|
32
|
+
|
|
33
|
+
One PR, all three fixes together — they were all surfaced by the same harness run and share the same root (latent bugs masked by tests that encoded the same wrong assumptions). Regression tests ship alongside each fix.
|
|
@@ -0,0 +1,87 @@
|
|
|
1
|
+
# Side-Effects Review — durable outbound content-dedup (cross-restart)
|
|
2
|
+
|
|
3
|
+
**Version / slug:** `durable-outbound-dedup`
|
|
4
|
+
**Date:** `2026-06-07`
|
|
5
|
+
**Author:** `Echo`
|
|
6
|
+
**Tier:** 1 (durable backing for an existing dedup; fail-open; no API/route/config/migration surface; both-sides tested)
|
|
7
|
+
**Second-pass reviewer:** `Echo (self) — Tier-1; the fail-open design is the load-bearing safety property and is directly tested`
|
|
8
|
+
|
|
9
|
+
## Summary of the change
|
|
10
|
+
|
|
11
|
+
Fixes the cross-restart duplicate-reply bug (topic 21816,
|
|
12
|
+
finding_cross_restart_duplicate_replies): during the "server temporarily down"
|
|
13
|
+
restart instability a byte-identical refusal went to the same topic **5× in 19s**
|
|
14
|
+
(confirmed byte-identical by sha). The existing `OutboundContentDedup` couldn't
|
|
15
|
+
catch it because its fingerprint Map is **per-process in-memory** and resets on
|
|
16
|
+
restart / isn't shared across overlapping processes — exactly the window the
|
|
17
|
+
restart churn opened.
|
|
18
|
+
|
|
19
|
+
Adds `OutboundDedupStore` (`src/messaging/OutboundDedupStore.ts`): a SQLite-backed
|
|
20
|
+
durable fingerprint store. `OutboundContentDedup` now takes an optional store —
|
|
21
|
+
`isDuplicate` consults it when the in-memory Map misses (catching a duplicate
|
|
22
|
+
across a restart), and `record` mirrors to it. Wired in `routes.ts` at the existing
|
|
23
|
+
`/telegram/reply` dedup point with `SqliteOutboundDedupStore(stateDir)`.
|
|
24
|
+
|
|
25
|
+
## The load-bearing safety property: FAIL-OPEN
|
|
26
|
+
|
|
27
|
+
A dedup that wrongly suppresses a **legitimate** reply is strictly worse than the
|
|
28
|
+
duplicate it prevents. So every store method swallows its own errors and returns
|
|
29
|
+
"no durable signal" — a missing / locked / corrupt / native-binding-broken db ⇒
|
|
30
|
+
silent no-op, the caller behaves exactly as the in-memory-only path did. The
|
|
31
|
+
construct path is guarded too (better-sqlite3 binding fragility was itself a factor
|
|
32
|
+
in this incident). Directly tested: a throwing store + an unwritable path both
|
|
33
|
+
no-op without throwing, and in-memory dedup still works.
|
|
34
|
+
|
|
35
|
+
## Decision-point inventory
|
|
36
|
+
|
|
37
|
+
- The only new decision: "was this fingerprint sent recently, per the durable
|
|
38
|
+
store?" — consulted ONLY when in-memory misses, ANDed into the existing window +
|
|
39
|
+
length-floor gates (unchanged). The narrow-by-design protections (≥40 chars,
|
|
40
|
+
`allowDuplicate` escape hatch, record-only-after-success) are all preserved.
|
|
41
|
+
|
|
42
|
+
## 1. False positive (suppress a legitimate message)
|
|
43
|
+
|
|
44
|
+
Mitigated three ways: (a) fail-open (any store trouble ⇒ allow the send), (b) the
|
|
45
|
+
existing ≥40-char floor + window + `allowDuplicate` escape hatch are unchanged, (c)
|
|
46
|
+
fingerprint is (normalized-text + length), so only a byte-identical recent send to
|
|
47
|
+
the SAME topic is ever a duplicate. Tested: different text / different topic / past
|
|
48
|
+
window are NOT suppressed.
|
|
49
|
+
|
|
50
|
+
## 2. False negative (still duplicates)
|
|
51
|
+
|
|
52
|
+
The durable store catches byte-identical re-sends across restarts/processes (the
|
|
53
|
+
observed bug). It does NOT catch near-identical *regenerations* (different bytes) —
|
|
54
|
+
but the incident's 5 sends were byte-identical (verified), so this is the right
|
|
55
|
+
shape. (A deeper inbound "don't re-inject an in-flight message across restart"
|
|
56
|
+
guard is noted as a follow-up in the finding; this closes the observed symptom.)
|
|
57
|
+
|
|
58
|
+
## 2b. DB lifecycle + hygiene (CI follow-up)
|
|
59
|
+
|
|
60
|
+
The store registers its handle via `registerSqliteHandle` (SqliteRegistry close-on-
|
|
61
|
+
exit) so it's closed once at shutdown and never leaks — db-leak hygiene that fits the
|
|
62
|
+
topic-21816 resource theme; listed in the SqliteRegistry-wiring LONG_LIVED_STORES
|
|
63
|
+
allowlist. The route-level dedup test got an isolated per-test `stateDir` (the durable
|
|
64
|
+
db persists to `stateDir/outbound-dedup.db`, so a shared dir leaked fingerprints
|
|
65
|
+
across cases — the cross-process persistence this feature adds, surfaced as a
|
|
66
|
+
test-isolation requirement).
|
|
67
|
+
|
|
68
|
+
## 3. Blast radius
|
|
69
|
+
|
|
70
|
+
`/telegram/reply` adds one SQLite point-query per reply (fast; better-sqlite3 is
|
|
71
|
+
synchronous + already used widely). A new per-agent `outbound-dedup.db` is
|
|
72
|
+
auto-created (no migration). Fail-open bounds worst case to today's behavior. No
|
|
73
|
+
config change (reuses the existing `outboundContentDedup` config block).
|
|
74
|
+
|
|
75
|
+
## 4. Rollback
|
|
76
|
+
|
|
77
|
+
Pass `null` as the store (or revert the routes wiring) ⇒ in-memory-only (today's
|
|
78
|
+
behavior). Delete `outbound-dedup.db` is harmless (auto-recreated). No format/state
|
|
79
|
+
migration.
|
|
80
|
+
|
|
81
|
+
## 5. Tests
|
|
82
|
+
|
|
83
|
+
`tests/unit/outbound-dedup-durable.test.ts` (6): catches a duplicate across a
|
|
84
|
+
restart (fresh instance, same db file — the bug); in-memory still works + length
|
|
85
|
+
floor; different text/topic not suppressed; window honored; fail-open on a throwing
|
|
86
|
+
store; store fail-opens on an unwritable path. Existing `OutboundContentDedup.test`
|
|
87
|
+
(11) still green; no-silent-fallbacks at baseline (fail-open catches marked); tsc clean.
|