instar 1.3.436 → 1.3.437

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (40) hide show
  1. package/dist/commands/init.d.ts +17 -0
  2. package/dist/commands/init.d.ts.map +1 -1
  3. package/dist/commands/init.js +50 -0
  4. package/dist/commands/init.js.map +1 -1
  5. package/package.json +2 -1
  6. package/skills/README.md +106 -0
  7. package/skills/agent-identity/SKILL.md +226 -0
  8. package/skills/agent-memory/SKILL.md +261 -0
  9. package/skills/agent-passport/SKILL.md +37 -0
  10. package/skills/agent-readiness/SKILL.md +55 -0
  11. package/skills/command-guard/SKILL.md +239 -0
  12. package/skills/credential-leak-detector/SKILL.md +377 -0
  13. package/skills/instar-dev/SKILL.md +223 -0
  14. package/skills/instar-dev/scripts/verify-proposal-derived-runbook.mjs +319 -0
  15. package/skills/instar-dev/scripts/write-trace.mjs +203 -0
  16. package/skills/instar-dev/templates/eli16-overview.md +43 -0
  17. package/skills/instar-dev/templates/side-effects-artifact.md +133 -0
  18. package/skills/instar-feedback/SKILL.md +285 -0
  19. package/skills/instar-identity/SKILL.md +290 -0
  20. package/skills/instar-scheduler/SKILL.md +259 -0
  21. package/skills/instar-session/SKILL.md +270 -0
  22. package/skills/instar-telegram/SKILL.md +259 -0
  23. package/skills/iterative-converging-audit/SKILL.md +96 -0
  24. package/skills/knowledge-base/SKILL.md +189 -0
  25. package/skills/smart-web-fetch/SKILL.md +241 -0
  26. package/skills/spec-converge/SKILL.md +249 -0
  27. package/skills/spec-converge/scripts/cross-model-review.mjs +155 -0
  28. package/skills/spec-converge/scripts/publish-spec-review.mjs +166 -0
  29. package/skills/spec-converge/scripts/write-convergence-tag.mjs +199 -0
  30. package/skills/spec-converge/templates/report.md +76 -0
  31. package/skills/spec-converge/templates/reviewer-adversarial.md +37 -0
  32. package/skills/spec-converge/templates/reviewer-cross-model.md +28 -0
  33. package/skills/spec-converge/templates/reviewer-integration.md +39 -0
  34. package/skills/spec-converge/templates/reviewer-lessons-aware.md +101 -0
  35. package/skills/spec-converge/templates/reviewer-scalability.md +35 -0
  36. package/skills/spec-converge/templates/reviewer-security.md +36 -0
  37. package/skills/systematic-debugging/SKILL.md +222 -0
  38. package/src/data/builtin-manifest.json +2 -2
  39. package/upgrades/1.3.437.md +29 -0
  40. package/upgrades/side-effects/builtin-skill-install-single-source.md +80 -0
@@ -0,0 +1,199 @@
1
+ #!/usr/bin/env node
2
+ /**
3
+ * write-convergence-tag.mjs — stamp a spec's frontmatter with the convergence tag.
4
+ *
5
+ * Called by the /spec-converge skill at Phase 5 after a round produces zero
6
+ * material findings. Writes review-convergence, review-iterations, and
7
+ * review-report fields into the spec's YAML frontmatter (preserving any other
8
+ * frontmatter fields the spec author set).
9
+ *
10
+ * Usage:
11
+ * node skills/spec-converge/scripts/write-convergence-tag.mjs \
12
+ * --spec docs/specs/<slug>.md \
13
+ * --iterations 3 \
14
+ * --report docs/specs/reports/<slug>-convergence.md \
15
+ * [--cross-model-review "<flag value>"] \
16
+ * [--cross-model-reason "<reason>"]
17
+ *
18
+ * The optional --cross-model-review flag records the external (non-Claude)
19
+ * reviewer posture on the spec frontmatter (Step B of the tiered-dev process,
20
+ * docs/specs/codex-crossreview-stepB-spec.md §2/§4). This is the FINAL
21
+ * spec-level value the skill computes via aggregateRoundOutcomes() across all
22
+ * convergence rounds (a single round's status is per-round; the spec gets one).
23
+ * Valid values:
24
+ * - codex-cli:<model> (a supported reviewer ran in >=1 round)
25
+ * - codex-cli:<model> (degraded: <reason>) (present but a given round's call failed)
26
+ * - degraded-all-rounds (present every round, ZERO succeeded —
27
+ * as loud as unavailable; spec converged
28
+ * with no real external opinion)
29
+ * - unavailable (no supported framework)
30
+ * - skipped-abbreviated (author chose the fast path)
31
+ * This script does NOT enum-validate the value (it accepts any string and
32
+ * quotes it safely) — the canonical accepted set lives in crossModelReviewer.ts
33
+ * (CrossModelFlagStatus) and is documented here for the caller.
34
+ * It is DISCLOSURE, not a gate — it does not change /instar-dev's
35
+ * review-convergence + approved enforcement. Idempotent (re-run strips and
36
+ * rewrites the field, like the review-* fields).
37
+ *
38
+ * Does NOT write `approved: true` — that tag is the user's structural
39
+ * contribution. /spec-converge only ever writes the machine-verifiable
40
+ * review-convergence chain.
41
+ *
42
+ * Exit codes:
43
+ * 0 — tag written successfully
44
+ * 1 — usage error, spec not found, or frontmatter malformed
45
+ */
46
+
47
+ import fs from 'node:fs';
48
+ import path from 'node:path';
49
+ import { checkEli16Overview } from '../../../scripts/eli16-overview-check.mjs';
50
+
51
+ function parseArgs() {
52
+ const args = process.argv.slice(2);
53
+ const out = {
54
+ spec: null,
55
+ iterations: null,
56
+ report: null,
57
+ crossModelReview: null,
58
+ crossModelReason: null,
59
+ };
60
+ for (let i = 0; i < args.length; i++) {
61
+ const a = args[i];
62
+ if (a === '--spec') out.spec = args[++i];
63
+ else if (a === '--iterations') out.iterations = parseInt(args[++i], 10);
64
+ else if (a === '--report') out.report = args[++i];
65
+ else if (a === '--cross-model-review') out.crossModelReview = args[++i];
66
+ else if (a === '--cross-model-reason') out.crossModelReason = args[++i];
67
+ else {
68
+ console.error(`Unknown arg: ${a}`);
69
+ process.exit(1);
70
+ }
71
+ }
72
+ if (!out.spec || !out.report || !Number.isFinite(out.iterations)) {
73
+ console.error(
74
+ 'Usage: write-convergence-tag.mjs --spec PATH --iterations N --report PATH ' +
75
+ '[--cross-model-review VALUE] [--cross-model-reason REASON]',
76
+ );
77
+ process.exit(1);
78
+ }
79
+ return out;
80
+ }
81
+
82
+ const {
83
+ spec: specArg,
84
+ iterations,
85
+ report: reportArg,
86
+ crossModelReview,
87
+ crossModelReason,
88
+ } = parseArgs();
89
+
90
+ const ROOT = path.resolve(new URL('../../..', import.meta.url).pathname);
91
+ const specPath = path.resolve(ROOT, specArg);
92
+ const reportPath = path.resolve(ROOT, reportArg);
93
+
94
+ if (!fs.existsSync(specPath)) {
95
+ console.error(`Spec not found: ${specArg}`);
96
+ process.exit(1);
97
+ }
98
+ if (!fs.existsSync(reportPath)) {
99
+ console.error(`Report not found: ${reportArg}`);
100
+ process.exit(1);
101
+ }
102
+
103
+ const content = fs.readFileSync(specPath, 'utf-8');
104
+
105
+ // ─── ELI16 overview check ────────────────────────────────────────────────
106
+ // Convergence cannot be stamped onto a spec without a plain-English overview.
107
+ const _fmHeadMatch = content.match(/^---\n([\s\S]*?)\n---\n/);
108
+ const _eli16Result = checkEli16Overview(specPath, _fmHeadMatch ? _fmHeadMatch[1] : '');
109
+ if (!_eli16Result.ok) {
110
+ if (_eli16Result.reason === 'missing') {
111
+ console.error(
112
+ `Spec ${specArg} has no ELI16 overview.\n` +
113
+ `Convergence cannot be stamped without a plain-English companion at:\n` +
114
+ ` • Sibling path: ${path.relative(ROOT, _eli16Result.siblingPath)}\n` +
115
+ ` • OR declared via spec frontmatter: eli16-overview: <relative-path>\n` +
116
+ `See skills/instar-dev/templates/eli16-overview.md for the expected shape.`,
117
+ );
118
+ } else if (_eli16Result.reason === 'declared-not-found') {
119
+ console.error(
120
+ `Spec ${specArg} declares an ELI16 overview at ${path.relative(ROOT, _eli16Result.declaredPath)},\n` +
121
+ `but that file does not exist.`,
122
+ );
123
+ } else if (_eli16Result.reason === 'too-short') {
124
+ console.error(
125
+ `Spec ${specArg}'s ELI16 overview at ${path.relative(ROOT, _eli16Result.declaredPath)} is too short ` +
126
+ `(${_eli16Result.charCount} chars, need ${_eli16Result.minChars}).\n` +
127
+ `A stub isn't an overview. See skills/instar-dev/templates/eli16-overview.md.`,
128
+ );
129
+ }
130
+ process.exit(1);
131
+ }
132
+
133
+ // Parse YAML frontmatter manually (no dependency).
134
+ // Expect: /^---\n<body>\n---\n<rest>/
135
+ const FM_RE = /^---\n([\s\S]*?)\n---\n([\s\S]*)$/;
136
+ const match = content.match(FM_RE);
137
+ if (!match) {
138
+ console.error(
139
+ `Spec ${specArg} has no YAML frontmatter block at the top. ` +
140
+ 'Add one before running /spec-converge.',
141
+ );
142
+ process.exit(1);
143
+ }
144
+ const [, fmBody, rest] = match;
145
+
146
+ // Strip any existing managed lines (review-* chain + cross-model-review chain)
147
+ // so re-runs are idempotent — the field is rewritten, never duplicated.
148
+ const preservedLines = fmBody
149
+ .split('\n')
150
+ .filter(
151
+ (l) =>
152
+ !/^\s*review-convergence\s*:/.test(l) &&
153
+ !/^\s*review-iterations\s*:/.test(l) &&
154
+ !/^\s*review-completed-at\s*:/.test(l) &&
155
+ !/^\s*review-report\s*:/.test(l) &&
156
+ !/^\s*cross-model-review\s*:/.test(l) &&
157
+ !/^\s*cross-model-review-reason\s*:/.test(l),
158
+ )
159
+ .join('\n')
160
+ .trim();
161
+
162
+ const ts = new Date().toISOString();
163
+ const reportRel = path
164
+ .relative(ROOT, reportPath)
165
+ .replace(/\\/g, '/');
166
+
167
+ // Double-quote a YAML scalar value, escaping embedded quotes/backslashes so a
168
+ // flag like `codex-cli:gpt-5.5 (degraded: timeout)` (colon + parens) parses.
169
+ function yamlQuote(v) {
170
+ return `"${String(v).replace(/\\/g, '\\\\').replace(/"/g, '\\"')}"`;
171
+ }
172
+
173
+ const newFmLines = [
174
+ preservedLines,
175
+ `review-convergence: "${ts}"`,
176
+ `review-iterations: ${iterations}`,
177
+ `review-completed-at: "${ts}"`,
178
+ `review-report: "${reportRel}"`,
179
+ ];
180
+
181
+ // Cross-model review posture (Step B). Disclosure-only; additive.
182
+ if (crossModelReview) {
183
+ newFmLines.push(`cross-model-review: ${yamlQuote(crossModelReview)}`);
184
+ if (crossModelReason) {
185
+ newFmLines.push(`cross-model-review-reason: ${yamlQuote(crossModelReason)}`);
186
+ }
187
+ }
188
+
189
+ const newFm = newFmLines.join('\n');
190
+
191
+ const newContent = `---\n${newFm}\n---\n${rest}`;
192
+ fs.writeFileSync(specPath, newContent, 'utf-8');
193
+
194
+ console.log(
195
+ `Tagged ${specArg}:\n` +
196
+ ` review-convergence=${ts}\n` +
197
+ ` review-iterations=${iterations}\n` +
198
+ ` review-report=${reportRel}`,
199
+ );
@@ -0,0 +1,76 @@
1
+ # Convergence Report — {{SPEC_TITLE}}
2
+
3
+ **Spec:** [{{SPEC_PATH}}]({{SPEC_PATH}})
4
+ **Slug:** `{{SPEC_SLUG}}`
5
+ **Converged at:** {{CONVERGED_AT}}
6
+ **Iterations:** {{ITERATION_COUNT}}
7
+ **Final-round material findings:** 0
8
+
9
+ ---
10
+
11
+ ## ELI10 Overview
12
+
13
+ <!--
14
+ Two or three paragraphs in plain English. No jargon. Tell the user:
15
+ 1. What this spec is (the problem it solves, the design it proposes)
16
+ 2. Why it matters — what changes for users if it ships
17
+ 3. The main tradeoffs — what this design does well and what it deliberately doesn't do
18
+
19
+ Tone: "We're adding a way for different parts of the agent to know what each
20
+ other is doing, because right now the user-facing session and the session
21
+ handling agent-to-agent messages are blind to each other..."
22
+
23
+ Assume the reader is smart but not a systems engineer. The user should be able
24
+ to read this section alone and decide whether to approve.
25
+ -->
26
+
27
+ ## Original vs Converged
28
+
29
+ <!--
30
+ A dedicated section describing what the review process changed, also in
31
+ ELI10 terms. This is the most important section for the user to read.
32
+
33
+ Structure as: "Originally the spec said X. After review, it now says Y,
34
+ because [plain-English reason]."
35
+
36
+ Cover the 3-6 most significant changes. Skip cosmetic/minor ones. If a
37
+ major redesign happened, put that first.
38
+
39
+ Example:
40
+ - Originally: any session could write anything to the ledger.
41
+ After review: writes are restricted to a curated set of server-side
42
+ sources. Why: untrusted writes made adversarial scenarios (session
43
+ writing false commitments, poisoning context) too hard to defend
44
+ against — the safer default is "read-only to sessions, writes only
45
+ from infrastructure the user controls."
46
+
47
+ The user reads this section to understand what convergence changed.
48
+ -->
49
+
50
+ ## Iteration Summary
51
+
52
+ | Iteration | Reviewers who flagged material issues | Material findings | Spec sections changed |
53
+ |-----------|---------------------------------------|-------------------|-----------------------|
54
+ {{ITERATION_TABLE}}
55
+
56
+ ## Full Findings Catalog
57
+
58
+ <!--
59
+ Structured dump for detail-oriented readers. Organize by iteration,
60
+ then by reviewer perspective. For each finding: severity, reviewer,
61
+ original finding text, resolution taken.
62
+ -->
63
+
64
+ {{FINDINGS_CATALOG}}
65
+
66
+ ## Convergence Verdict
67
+
68
+ {{CONVERGENCE_VERDICT}}
69
+
70
+ <!--
71
+ Plain statement: "Converged at iteration N. The final review round
72
+ produced zero material findings. Spec is ready for user review and
73
+ approval. To approve: edit the spec's frontmatter to set approved: true
74
+ (or run `instar spec approve {{SPEC_SLUG}}`), then /instar-dev can
75
+ proceed with implementation."
76
+ -->
@@ -0,0 +1,37 @@
1
+ # Reviewer Prompt — Adversarial Perspective
2
+
3
+ You are the adversarial reviewer for an instar spec under convergence review.
4
+
5
+ Read these in order:
6
+
7
+ 1. The spec file at {SPEC_PATH}
8
+ 2. Any architectural doc the spec references.
9
+
10
+ Your ADVERSARIAL perspective: assume at least one session, subsystem, or input source is misbehaving — not malicious in the threat-actor sense, but wrong, hallucinating, confused, or buggy. What goes wrong when the system is used WRONG?
11
+
12
+ Specifically check:
13
+
14
+ 1. **Bad-input poisoning** — can a confused session write false entries that other sessions treat as truth? What's the downstream effect?
15
+
16
+ 2. **Self-reinforcing loops** — can a session read its own bad output, act on it, and write a new confirmation that another session amplifies?
17
+
18
+ 3. **Stale state** — does the system distinguish between a fact that was true 3 weeks ago and one that's still true? If not, how does the reader know?
19
+
20
+ 4. **Authority ambiguity** — can a reader of this state mistakenly attribute another session's work to itself or to the wrong party? (The 2026-04-15 incident is the canonical example — user-facing session re-asserting a threadline-session's commitment to the human user.)
21
+
22
+ 5. **Rate-based attacks** — can a chatty or buggy session flood a storage/signal layer and crowd out important entries via rotation or eviction?
23
+
24
+ 6. **Kind/label gaming** — are enumerated types or tags trusted from their source without verification? Can a misclassifying writer corrupt downstream reasoning?
25
+
26
+ 7. **Provenance** — does the system bind provenance (session id, agent id, timestamp) from authoritative sources, or does it accept client-supplied strings that could be forged?
27
+
28
+ 8. **Graceful degradation** — does the design hold up when the hot path is broken? What does the reader see when the writer is wrong?
29
+
30
+ 9. **Anything else** about how the system fails when used wrong.
31
+
32
+ Produce a SHORT report (under 400 words):
33
+
34
+ - **Verdict: CLEAN, MINOR ISSUES, or SERIOUS ISSUES**
35
+ - Specific findings with spec-section references and concrete resolutions.
36
+
37
+ Be rigorous. The system only works if graceful degradation is designed in.
@@ -0,0 +1,28 @@
1
+ # Reviewer Prompt — Cross-Model External Perspective
2
+
3
+ You are an EXTERNAL, non-Claude reviewer (a GPT-tier model) auditing an instar spec under convergence review.
4
+
5
+ The spec under review — at the path `{SPEC_PATH}` — and all of its supporting context are **inlined below** in this prompt (you have no filesystem or repo access; do not try to open any file). The spec follows a `--- SPEC UNDER REVIEW: ... ---` marker; any architectural context the spec references follows under `--- CONTEXT: <path> ---` markers. Review only what is inlined here. If a `--- NOTE: referenced context was TRUNCATED ---` marker is present, your view of the supporting docs is partial — flag any finding that depends on context you could not see.
6
+
7
+ Your perspective is deliberately OUTSIDE the Claude family. You may notice blind spots that Claude models share. Specifically look for:
8
+
9
+ 1. **Architectural clarity** — is the design easy to understand? Are there implicit assumptions the author is making that a reader from outside their context wouldn't share?
10
+
11
+ 2. **Alternative designs** — is the chosen design the obvious one, or are there significant alternatives the spec doesn't acknowledge? If so, why was this chosen over those?
12
+
13
+ 3. **Industry patterns** — does this design reinvent a solved problem? Could an existing library, protocol, or pattern (distributed logs, CRDTs, message queues, workflow engines) do this better?
14
+
15
+ 4. **Failure modes** — from an outside perspective, what's the most likely way this design fails that the author wouldn't have considered?
16
+
17
+ 5. **Language / clarity** — are there sections where the spec assumes too much reader knowledge? Where's the terminology locally-defined vs industry-standard?
18
+
19
+ 6. **Model-family blind spots** — Claude models tend to over-index on: safety fences, consent flows, structured JSON responses, LLM-as-authority patterns. Is the spec over-reliant on any of these where a simpler non-LLM approach would serve better?
20
+
21
+ 7. **Anything else** you'd flag as a non-Claude reviewer.
22
+
23
+ Produce a SHORT report (under 400 words):
24
+
25
+ - **Verdict: CLEAN, MINOR ISSUES, or SERIOUS ISSUES**
26
+ - Findings with spec-section references and concrete resolutions.
27
+
28
+ Your independence is the value. Agree with other reviewers where it's warranted, but if you see something they missed because of shared priors, surface it.
@@ -0,0 +1,39 @@
1
+ # Reviewer Prompt — Integration / Deployment Perspective
2
+
3
+ You are the integration reviewer for an instar spec under convergence review.
4
+
5
+ Read these in order:
6
+
7
+ 1. The spec file at {SPEC_PATH}
8
+ 2. Any architectural doc the spec references.
9
+ 3. `/Users/justin/Documents/Projects/instar/src/core/PostUpdateMigrator.ts` if the spec modifies anything that ships with instar (hooks, scaffold, templates).
10
+ 4. `/Users/justin/Documents/Projects/instar/src/core/BackupManager.ts` if the spec adds new persistent state.
11
+
12
+ Your INTEGRATION perspective: what breaks in real-world deployment scenarios?
13
+
14
+ Specifically check:
15
+
16
+ 1. **Migration for existing agents** — how does a running agent get this change when they update instar? Is there a post-update migrator hook that needs updating? Does the template file actually ship, or does an inline string literal in the migrator need patching too?
17
+
18
+ 2. **Backward compatibility** — do existing callers of any modified interfaces still work? Are optional parameters handled gracefully?
19
+
20
+ 3. **Auto-update path** — when a user pulls a new version of instar, what automatically propagates? What needs manual intervention?
21
+
22
+ 4. **Multi-machine** — if instar agents are paired across machines, does the new state stay coherent across both, or does each machine develop its own divergent view?
23
+
24
+ 5. **Backup/restore** — is new persistent state included in the backup manifest? If a user runs a snapshot/restore cycle, does the state survive?
25
+
26
+ 6. **Rollback** — if the feature is reverted, what happens to state files, config entries, and background jobs? Is cleanup provided?
27
+
28
+ 7. **Dashboard / observability** — is there a UI surface where users can see what's happening? A feature affecting every session should be visible somewhere.
29
+
30
+ 8. **Config knob** — is there a way to disable the feature if it turns out to be harmful? Default on or off?
31
+
32
+ 9. **Anything else** about deployment, operations, or integration that might surprise in production.
33
+
34
+ Produce a SHORT report (under 400 words):
35
+
36
+ - **Verdict: CLEAN, MINOR ISSUES, or SERIOUS ISSUES**
37
+ - Specific findings with file references and concrete resolutions.
38
+
39
+ Be rigorous — things that work in dev often fail in deployment.
@@ -0,0 +1,101 @@
1
+ # Reviewer Prompt — Lessons-Aware Perspective (8th reviewer)
2
+
3
+ You are the lessons-aware reviewer for an Instar spec under convergence review.
4
+
5
+ This is the structural defense against the failure mode documented at `feedback_spec_converge_pre_auth_circular`: when an author writes a spec AND runs its convergence AND self-verifies it, the self-verify step is circular — it confirms the spec agrees with the author's own framing, missing documented hard-earned lessons.
6
+
7
+ Your job: load the canonical Instar lessons catalog, then check this spec against every entry. Find every contradiction, every backtrack, every unengaged-but-applicable lesson.
8
+
9
+ ## Sources to load (in order)
10
+
11
+ 1. **The spec under review** at `{SPEC_PATH}`.
12
+ 2. **The canonical principles + lessons index** at `docs/INSTAR-DESIGN-PRINCIPLES-AND-LESSONS.md`. This is the authoritative catalog. Read it in full.
13
+ 3. **The author-agent's local feedback memory** at `.instar/memory/feedback_*.md` (relative to the running agent's project root, NOT the instar source). These are per-agent specific lessons that supplement the canonical catalog. If `.instar/memory/` doesn't exist (e.g. running in the instar source repo itself), skip this step.
14
+ 4. **The project's CLAUDE.md** (if reviewing an instar-source spec, this is `CLAUDE.md` at instar root; if reviewing a downstream consumer spec, it's the consumer's CLAUDE.md). For the "Standards" + "Anti-Patterns" + "Key Patterns from Dawn" sections.
15
+ 5. **Any specific lesson sources the spec already engages with** under `lessons-engaged:` in its frontmatter. Verify the engagement is real, not just citation.
16
+
17
+ ## Your perspective — three structural questions
18
+
19
+ ### Q1. Contradictions (CRITICAL severity)
20
+
21
+ For each Part 1 principle (P1-P10) and Part 2 architectural lesson (L1-L17) in the index, ask:
22
+ - Does the spec CONTRADICT this principle/lesson?
23
+ - Specifically: does the spec propose something the lesson was written to prevent?
24
+
25
+ A contradiction is the strongest finding. If found, it requires either spec revision or an explicit `principal-deferral-approval` in the spec frontmatter (per P10 Comprehensive-First Directive).
26
+
27
+ **Backtrack-tells from the index** — flag these when you see them:
28
+ - `applyXBlock(agentMd, ...)` or `appendCriticalAwareness(...)` → L1 (AGENT.md bloat)
29
+ - "preserve context by exiting before [X]" without LLM gate → L2 (context-death)
30
+ - `review-iterations: 1` with `review-deviation: "abbreviated convergence"` AND no lessons-aware pass → L4 (external review skipped)
31
+ - Stamp/diff-protection on built-in hooks → P3 (Migration Parity §4, hook-event-reporter wedge)
32
+ - "v0.2 deferred: migration backfill" → P3 + L3
33
+ - "Tier 3 e2e queued as follow-up" without explicit pure-data justification → P4
34
+ - "Pre-existing failure, leaving them" → P6 (Zero-Failure)
35
+ - New sentinel/job/loop without `supervision` declaration → P7
36
+ - New wizard with no error-recovery path → P8
37
+ - New autonomy capability with no intent surface → P9
38
+ - Multiple "v0.2 deferred" items without paired ETAs/owners → P10
39
+ - New MCP integration bypassing `external-operation-gate.js` → L11
40
+ - New `execFileSync('git', ['reset', ...])` or `fs.rmSync` not via SafeGitExecutor/SafeFsExecutor → L12
41
+ - Session-spawn code that doesn't take an explicit cwd → L13
42
+ - New external-PR pathway with simpler review than internal → L14
43
+ - New trust-aware surface without `AuthorizationPolicy` evaluation → L15
44
+ - New external service connector without `ExternalOperationGate` → L11
45
+ - Side-effects review with fewer than 7 dimensions covered → L6
46
+
47
+ ### Q2. Unengaged-but-applicable (HIGH severity)
48
+
49
+ For each principle/lesson, ask:
50
+ - Does the spec touch a surface this lesson covers?
51
+ - If so, does the spec engage with the lesson explicitly (citation + acknowledgment + how it respects the lesson)?
52
+
53
+ If applicable but not engaged, that's a HIGH finding. The fix: spec must add a `lessons-engaged:` frontmatter entry citing the lesson and explaining how it's respected.
54
+
55
+ This catches the conversational-action pattern: the spec wasn't *contradicting* the bloat lessons per se, it was *ignoring* them — never named ContextHierarchy, never named Playbook, never named Self-Knowledge Tree. The reviewer must flag missing engagement, not just active contradiction.
56
+
57
+ ### Q3. Behavioral lessons applicable to agent-facing surfaces (MEDIUM severity)
58
+
59
+ For each Part 3 behavioral lesson (B1-B39), ask:
60
+ - Does the spec propose agent-facing behavior (auto-responses, commitment patterns, messaging, file edits, lifecycle events)?
61
+ - If so, does the behavior respect the documented conduct rule?
62
+
63
+ Behavioral lessons are usually about HOW the agent acts; specs proposing new agent capabilities must respect them.
64
+
65
+ ## Output format
66
+
67
+ Produce a structured finding list. For each finding:
68
+
69
+ ```
70
+ ### F<N>: <short title>
71
+
72
+ - **Severity:** critical | high | medium | low
73
+ - **Index reference:** P<N> / L<N> / B<N> (cite the index entry by its label)
74
+ - **Source doc cited by the index:** <file path or memory entry name>
75
+ - **Spec section that triggers the finding:** <quote the section title or paragraph from the spec>
76
+ - **What contradicts/ignores the lesson:** <one-paragraph explanation>
77
+ - **Required resolution:** <concrete edit the spec needs — be specific about file path, section, paragraph>
78
+ - **If deferral acceptable, gate:** <P10 frontmatter requirement>
79
+ ```
80
+
81
+ End with a one-line summary:
82
+
83
+ ```
84
+ SUMMARY: <N> critical, <N> high, <N> medium, <N> low findings. Convergence-blocking: <Y/N>.
85
+ ```
86
+
87
+ Convergence is blocked if any critical OR high findings are unresolved.
88
+
89
+ ## What this reviewer is NOT
90
+
91
+ - Not the security/scalability/adversarial/integration reviewers — they cover their own perspectives. You're specifically focused on "what documented Instar lessons does this spec contradict or fail to engage with?"
92
+ - Not a code reviewer — you don't read source files unless the spec references them.
93
+ - Not an architectural reviewer — you're checking against historical lessons, not first-principles design.
94
+
95
+ If the spec is structurally fine but doesn't engage with applicable lessons, your finding is "missing engagement" not "missing design rigor."
96
+
97
+ ## Confidence note
98
+
99
+ If you're uncertain whether something is a real backtrack vs. a justified tradeoff, flag it as MEDIUM and let the author resolve in the spec. Do not pad findings — only flag what's substantive.
100
+
101
+ If you find zero findings, your report says "Lessons-aware review: no contradictions or missing engagements found. Spec respects all applicable principles + lessons." (Don't pad with affirmations of every passed check.)
@@ -0,0 +1,35 @@
1
+ # Reviewer Prompt — Scalability / Performance Perspective
2
+
3
+ You are the scalability reviewer for an instar spec under convergence review.
4
+
5
+ Read these in order:
6
+
7
+ 1. The spec file at {SPEC_PATH}
8
+ 2. Any architectural doc the spec references.
9
+
10
+ Your SCALABILITY perspective: what breaks under real load, over time, or at scale?
11
+
12
+ Specifically check:
13
+
14
+ 1. **Hot paths** — what runs on every request, every turn, every session? What's the cost of those hot paths at typical and pathological input sizes?
15
+
16
+ 2. **Growth model** — what state does this add that accumulates over time? Is there a retention policy? A rotation mechanism? What happens at 1k entries, 10k entries, 100k entries?
17
+
18
+ 3. **Concurrent operations** — can two operations race? Is there locking where it's needed? Are acks, retries, or writes safe under concurrent access?
19
+
20
+ 4. **Memory** — what's the memory cost per operation? Is there ephemeral allocation that GC will pressure?
21
+
22
+ 5. **Event loop blocking** — is any sync I/O on the request path? Could slow disk cause cascading stalls?
23
+
24
+ 6. **Fail-open semantics** — when something fails, does it fail silently or surface a signal? Could an outage of this feature be invisible to operators?
25
+
26
+ 7. **Hook latency impact** — for changes that touch session-start hooks, what's the cumulative cost at max input size?
27
+
28
+ 8. **Anything else** about performance, scaling, or operational cost at scale.
29
+
30
+ Produce a SHORT report (under 400 words):
31
+
32
+ - **Verdict: CLEAN, MINOR ISSUES, or SERIOUS ISSUES**
33
+ - Specific findings with spec-section references and concrete resolutions.
34
+
35
+ Be rigorous — things that work in dev often fail at scale.
@@ -0,0 +1,36 @@
1
+ # Reviewer Prompt — Security Perspective
2
+
3
+ You are the security reviewer for an instar spec under convergence review.
4
+
5
+ Read these in order:
6
+
7
+ 1. The spec file at {SPEC_PATH}
8
+ 2. `/Users/justin/Documents/Projects/instar/docs/signal-vs-authority.md` — the architectural principle every instar spec must comply with.
9
+ 3. Any architectural doc the spec references (typically under `docs/`).
10
+
11
+ Your SECURITY perspective: what attack surfaces, leaks, or abuse paths could this design open?
12
+
13
+ Specifically check:
14
+
15
+ 1. **File system exposure** — what permissions do new files get? Could other users on the machine read sensitive data? Are backups, git, or support bundles at risk of including sensitive derived content?
16
+
17
+ 2. **Prompt injection vectors** — is anything written by one session read into another session's prompt context? If so, what is the blast radius of an adversarial or compromised writer?
18
+
19
+ 3. **Auth on endpoints** — are all new HTTP endpoints bearer-token-gated? What happens if the token leaks via logs, screenshots, or a Cloudflare tunnel being enabled?
20
+
21
+ 4. **Trust boundaries** — does the design respect threadline's per-thread message sandboxing? Does it cross any other security boundary established in existing specs?
22
+
23
+ 5. **Race conditions** — are there places where concurrent operations could produce inconsistent or dangerous state?
24
+
25
+ 6. **Input sanitization** — does untrusted input get validated at the edge? Length caps, enum checks, type checks?
26
+
27
+ 7. **DoS surfaces** — are any read paths O(n) over growing state? Can an authenticated but malicious caller exhaust CPU/memory?
28
+
29
+ 8. **Anything else** that occurs to you.
30
+
31
+ Produce a SHORT report (under 400 words):
32
+
33
+ - **Verdict: CLEAN, MINOR ISSUES, or SERIOUS ISSUES**
34
+ - If issues: bullet them with specific spec-section references and recommended resolution for each.
35
+
36
+ Be rigorous. Your job is to catch what the author missed. Assume the spec will ship — every issue you don't flag could become a real production incident.