instar 1.3.440 → 1.3.442
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/server.d.ts.map +1 -1
- package/dist/commands/server.js +36 -1
- package/dist/commands/server.js.map +1 -1
- package/dist/coordination/MandateStore.d.ts +30 -2
- package/dist/coordination/MandateStore.d.ts.map +1 -1
- package/dist/coordination/MandateStore.js +89 -3
- package/dist/coordination/MandateStore.js.map +1 -1
- package/dist/coordination/types.d.ts +35 -0
- package/dist/coordination/types.d.ts.map +1 -1
- package/dist/messaging/slack/SlackAdapter.d.ts.map +1 -1
- package/dist/messaging/slack/SlackAdapter.js +26 -6
- package/dist/messaging/slack/SlackAdapter.js.map +1 -1
- package/dist/permissions/MandateBackedGrantStore.d.ts +40 -0
- package/dist/permissions/MandateBackedGrantStore.d.ts.map +1 -0
- package/dist/permissions/MandateBackedGrantStore.js +72 -0
- package/dist/permissions/MandateBackedGrantStore.js.map +1 -0
- package/dist/permissions/SlackUserRegistry.d.ts +64 -0
- package/dist/permissions/SlackUserRegistry.d.ts.map +1 -0
- package/dist/permissions/SlackUserRegistry.js +114 -0
- package/dist/permissions/SlackUserRegistry.js.map +1 -0
- package/dist/permissions/index.d.ts +2 -0
- package/dist/permissions/index.d.ts.map +1 -1
- package/dist/permissions/index.js +2 -0
- package/dist/permissions/index.js.map +1 -1
- package/dist/server/CapabilityIndex.d.ts.map +1 -1
- package/dist/server/CapabilityIndex.js +1 -0
- package/dist/server/CapabilityIndex.js.map +1 -1
- package/dist/server/routes.d.ts.map +1 -1
- package/dist/server/routes.js +117 -0
- package/dist/server/routes.js.map +1 -1
- package/package.json +1 -1
- package/src/data/builtin-manifest.json +46 -46
- package/src/data/state-coherence-registry.json +12 -0
- package/upgrades/1.3.441.md +26 -0
- package/upgrades/1.3.442.md +28 -0
- package/upgrades/side-effects/mandate-user-grants.md +78 -0
- package/upgrades/side-effects/slack-org-permissions-phase1.md +68 -0
package/package.json
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "./builtin-manifest.schema.json",
|
|
3
3
|
"schemaVersion": 1,
|
|
4
|
-
"generatedAt": "2026-06-
|
|
5
|
-
"instarVersion": "1.3.
|
|
4
|
+
"generatedAt": "2026-06-09T09:03:26.370Z",
|
|
5
|
+
"instarVersion": "1.3.442",
|
|
6
6
|
"entryCount": 199,
|
|
7
7
|
"entries": {
|
|
8
8
|
"hook:session-start": {
|
|
@@ -418,7 +418,7 @@
|
|
|
418
418
|
"type": "route-group",
|
|
419
419
|
"domain": "monitoring",
|
|
420
420
|
"sourcePath": "src/server/routes.ts",
|
|
421
|
-
"contentHash": "
|
|
421
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
422
422
|
"since": "2025-01-01"
|
|
423
423
|
},
|
|
424
424
|
"route-group:agents": {
|
|
@@ -426,7 +426,7 @@
|
|
|
426
426
|
"type": "route-group",
|
|
427
427
|
"domain": "sessions",
|
|
428
428
|
"sourcePath": "src/server/routes.ts",
|
|
429
|
-
"contentHash": "
|
|
429
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
430
430
|
"since": "2025-01-01"
|
|
431
431
|
},
|
|
432
432
|
"route-group:backups": {
|
|
@@ -434,7 +434,7 @@
|
|
|
434
434
|
"type": "route-group",
|
|
435
435
|
"domain": "operations",
|
|
436
436
|
"sourcePath": "src/server/routes.ts",
|
|
437
|
-
"contentHash": "
|
|
437
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
438
438
|
"since": "2025-01-01"
|
|
439
439
|
},
|
|
440
440
|
"route-group:git": {
|
|
@@ -442,7 +442,7 @@
|
|
|
442
442
|
"type": "route-group",
|
|
443
443
|
"domain": "coordination",
|
|
444
444
|
"sourcePath": "src/server/routes.ts",
|
|
445
|
-
"contentHash": "
|
|
445
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
446
446
|
"since": "2025-01-01"
|
|
447
447
|
},
|
|
448
448
|
"route-group:memory": {
|
|
@@ -450,7 +450,7 @@
|
|
|
450
450
|
"type": "route-group",
|
|
451
451
|
"domain": "memory",
|
|
452
452
|
"sourcePath": "src/server/routes.ts",
|
|
453
|
-
"contentHash": "
|
|
453
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
454
454
|
"since": "2025-01-01"
|
|
455
455
|
},
|
|
456
456
|
"route-group:semantic": {
|
|
@@ -458,7 +458,7 @@
|
|
|
458
458
|
"type": "route-group",
|
|
459
459
|
"domain": "memory",
|
|
460
460
|
"sourcePath": "src/server/routes.ts",
|
|
461
|
-
"contentHash": "
|
|
461
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
462
462
|
"since": "2025-01-01"
|
|
463
463
|
},
|
|
464
464
|
"route-group:status": {
|
|
@@ -466,7 +466,7 @@
|
|
|
466
466
|
"type": "route-group",
|
|
467
467
|
"domain": "monitoring",
|
|
468
468
|
"sourcePath": "src/server/routes.ts",
|
|
469
|
-
"contentHash": "
|
|
469
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
470
470
|
"since": "2025-01-01"
|
|
471
471
|
},
|
|
472
472
|
"route-group:capabilities": {
|
|
@@ -474,7 +474,7 @@
|
|
|
474
474
|
"type": "route-group",
|
|
475
475
|
"domain": "mapping",
|
|
476
476
|
"sourcePath": "src/server/routes.ts",
|
|
477
|
-
"contentHash": "
|
|
477
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
478
478
|
"since": "2025-01-01"
|
|
479
479
|
},
|
|
480
480
|
"route-group:project-map": {
|
|
@@ -482,7 +482,7 @@
|
|
|
482
482
|
"type": "route-group",
|
|
483
483
|
"domain": "mapping",
|
|
484
484
|
"sourcePath": "src/server/routes.ts",
|
|
485
|
-
"contentHash": "
|
|
485
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
486
486
|
"since": "2025-01-01"
|
|
487
487
|
},
|
|
488
488
|
"route-group:coherence": {
|
|
@@ -490,7 +490,7 @@
|
|
|
490
490
|
"type": "route-group",
|
|
491
491
|
"domain": "coherence",
|
|
492
492
|
"sourcePath": "src/server/routes.ts",
|
|
493
|
-
"contentHash": "
|
|
493
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
494
494
|
"since": "2025-01-01"
|
|
495
495
|
},
|
|
496
496
|
"route-group:topic-bindings": {
|
|
@@ -498,7 +498,7 @@
|
|
|
498
498
|
"type": "route-group",
|
|
499
499
|
"domain": "sessions",
|
|
500
500
|
"sourcePath": "src/server/routes.ts",
|
|
501
|
-
"contentHash": "
|
|
501
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
502
502
|
"since": "2025-01-01"
|
|
503
503
|
},
|
|
504
504
|
"route-group:context": {
|
|
@@ -506,7 +506,7 @@
|
|
|
506
506
|
"type": "route-group",
|
|
507
507
|
"domain": "context",
|
|
508
508
|
"sourcePath": "src/server/routes.ts",
|
|
509
|
-
"contentHash": "
|
|
509
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
510
510
|
"since": "2025-01-01"
|
|
511
511
|
},
|
|
512
512
|
"route-group:scope-coherence": {
|
|
@@ -514,7 +514,7 @@
|
|
|
514
514
|
"type": "route-group",
|
|
515
515
|
"domain": "coherence",
|
|
516
516
|
"sourcePath": "src/server/routes.ts",
|
|
517
|
-
"contentHash": "
|
|
517
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
518
518
|
"since": "2025-01-01"
|
|
519
519
|
},
|
|
520
520
|
"route-group:canonical-state": {
|
|
@@ -522,7 +522,7 @@
|
|
|
522
522
|
"type": "route-group",
|
|
523
523
|
"domain": "state",
|
|
524
524
|
"sourcePath": "src/server/routes.ts",
|
|
525
|
-
"contentHash": "
|
|
525
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
526
526
|
"since": "2025-01-01"
|
|
527
527
|
},
|
|
528
528
|
"route-group:ci": {
|
|
@@ -530,7 +530,7 @@
|
|
|
530
530
|
"type": "route-group",
|
|
531
531
|
"domain": "monitoring",
|
|
532
532
|
"sourcePath": "src/server/routes.ts",
|
|
533
|
-
"contentHash": "
|
|
533
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
534
534
|
"since": "2025-01-01"
|
|
535
535
|
},
|
|
536
536
|
"route-group:sessions": {
|
|
@@ -538,7 +538,7 @@
|
|
|
538
538
|
"type": "route-group",
|
|
539
539
|
"domain": "sessions",
|
|
540
540
|
"sourcePath": "src/server/routes.ts",
|
|
541
|
-
"contentHash": "
|
|
541
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
542
542
|
"since": "2025-01-01"
|
|
543
543
|
},
|
|
544
544
|
"route-group:jobs": {
|
|
@@ -546,7 +546,7 @@
|
|
|
546
546
|
"type": "route-group",
|
|
547
547
|
"domain": "scheduling",
|
|
548
548
|
"sourcePath": "src/server/routes.ts",
|
|
549
|
-
"contentHash": "
|
|
549
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
550
550
|
"since": "2025-01-01"
|
|
551
551
|
},
|
|
552
552
|
"route-group:skip-ledger": {
|
|
@@ -554,7 +554,7 @@
|
|
|
554
554
|
"type": "route-group",
|
|
555
555
|
"domain": "scheduling",
|
|
556
556
|
"sourcePath": "src/server/routes.ts",
|
|
557
|
-
"contentHash": "
|
|
557
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
558
558
|
"since": "2025-01-01"
|
|
559
559
|
},
|
|
560
560
|
"route-group:telegram": {
|
|
@@ -562,7 +562,7 @@
|
|
|
562
562
|
"type": "route-group",
|
|
563
563
|
"domain": "communication",
|
|
564
564
|
"sourcePath": "src/server/routes.ts",
|
|
565
|
-
"contentHash": "
|
|
565
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
566
566
|
"since": "2025-01-01"
|
|
567
567
|
},
|
|
568
568
|
"route-group:attention": {
|
|
@@ -570,7 +570,7 @@
|
|
|
570
570
|
"type": "route-group",
|
|
571
571
|
"domain": "communication",
|
|
572
572
|
"sourcePath": "src/server/routes.ts",
|
|
573
|
-
"contentHash": "
|
|
573
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
574
574
|
"since": "2025-01-01"
|
|
575
575
|
},
|
|
576
576
|
"route-group:relationships": {
|
|
@@ -578,7 +578,7 @@
|
|
|
578
578
|
"type": "route-group",
|
|
579
579
|
"domain": "relationships",
|
|
580
580
|
"sourcePath": "src/server/routes.ts",
|
|
581
|
-
"contentHash": "
|
|
581
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
582
582
|
"since": "2025-01-01"
|
|
583
583
|
},
|
|
584
584
|
"route-group:feedback": {
|
|
@@ -586,7 +586,7 @@
|
|
|
586
586
|
"type": "route-group",
|
|
587
587
|
"domain": "feedback",
|
|
588
588
|
"sourcePath": "src/server/routes.ts",
|
|
589
|
-
"contentHash": "
|
|
589
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
590
590
|
"since": "2025-01-01"
|
|
591
591
|
},
|
|
592
592
|
"route-group:updates": {
|
|
@@ -594,7 +594,7 @@
|
|
|
594
594
|
"type": "route-group",
|
|
595
595
|
"domain": "updates",
|
|
596
596
|
"sourcePath": "src/server/routes.ts",
|
|
597
|
-
"contentHash": "
|
|
597
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
598
598
|
"since": "2025-01-01"
|
|
599
599
|
},
|
|
600
600
|
"route-group:dispatches": {
|
|
@@ -602,7 +602,7 @@
|
|
|
602
602
|
"type": "route-group",
|
|
603
603
|
"domain": "dispatches",
|
|
604
604
|
"sourcePath": "src/server/routes.ts",
|
|
605
|
-
"contentHash": "
|
|
605
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
606
606
|
"since": "2025-01-01"
|
|
607
607
|
},
|
|
608
608
|
"route-group:quota": {
|
|
@@ -610,7 +610,7 @@
|
|
|
610
610
|
"type": "route-group",
|
|
611
611
|
"domain": "monitoring",
|
|
612
612
|
"sourcePath": "src/server/routes.ts",
|
|
613
|
-
"contentHash": "
|
|
613
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
614
614
|
"since": "2025-01-01"
|
|
615
615
|
},
|
|
616
616
|
"route-group:publishing": {
|
|
@@ -618,7 +618,7 @@
|
|
|
618
618
|
"type": "route-group",
|
|
619
619
|
"domain": "publishing",
|
|
620
620
|
"sourcePath": "src/server/routes.ts",
|
|
621
|
-
"contentHash": "
|
|
621
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
622
622
|
"since": "2025-01-01"
|
|
623
623
|
},
|
|
624
624
|
"route-group:private-views": {
|
|
@@ -626,7 +626,7 @@
|
|
|
626
626
|
"type": "route-group",
|
|
627
627
|
"domain": "publishing",
|
|
628
628
|
"sourcePath": "src/server/routes.ts",
|
|
629
|
-
"contentHash": "
|
|
629
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
630
630
|
"since": "2025-01-01"
|
|
631
631
|
},
|
|
632
632
|
"route-group:tunnel": {
|
|
@@ -634,7 +634,7 @@
|
|
|
634
634
|
"type": "route-group",
|
|
635
635
|
"domain": "networking",
|
|
636
636
|
"sourcePath": "src/server/routes.ts",
|
|
637
|
-
"contentHash": "
|
|
637
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
638
638
|
"since": "2025-01-01"
|
|
639
639
|
},
|
|
640
640
|
"route-group:events": {
|
|
@@ -642,7 +642,7 @@
|
|
|
642
642
|
"type": "route-group",
|
|
643
643
|
"domain": "networking",
|
|
644
644
|
"sourcePath": "src/server/routes.ts",
|
|
645
|
-
"contentHash": "
|
|
645
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
646
646
|
"since": "2025-01-01"
|
|
647
647
|
},
|
|
648
648
|
"route-group:evolution": {
|
|
@@ -650,7 +650,7 @@
|
|
|
650
650
|
"type": "route-group",
|
|
651
651
|
"domain": "evolution",
|
|
652
652
|
"sourcePath": "src/server/routes.ts",
|
|
653
|
-
"contentHash": "
|
|
653
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
654
654
|
"since": "2025-01-01"
|
|
655
655
|
},
|
|
656
656
|
"route-group:watchdog": {
|
|
@@ -658,7 +658,7 @@
|
|
|
658
658
|
"type": "route-group",
|
|
659
659
|
"domain": "monitoring",
|
|
660
660
|
"sourcePath": "src/server/routes.ts",
|
|
661
|
-
"contentHash": "
|
|
661
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
662
662
|
"since": "2025-01-01"
|
|
663
663
|
},
|
|
664
664
|
"route-group:topic-memory": {
|
|
@@ -666,7 +666,7 @@
|
|
|
666
666
|
"type": "route-group",
|
|
667
667
|
"domain": "memory",
|
|
668
668
|
"sourcePath": "src/server/routes.ts",
|
|
669
|
-
"contentHash": "
|
|
669
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
670
670
|
"since": "2025-01-01"
|
|
671
671
|
},
|
|
672
672
|
"route-group:state-sync": {
|
|
@@ -674,7 +674,7 @@
|
|
|
674
674
|
"type": "route-group",
|
|
675
675
|
"domain": "coordination",
|
|
676
676
|
"sourcePath": "src/server/routes.ts",
|
|
677
|
-
"contentHash": "
|
|
677
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
678
678
|
"since": "2025-01-01"
|
|
679
679
|
},
|
|
680
680
|
"route-group:intent": {
|
|
@@ -682,7 +682,7 @@
|
|
|
682
682
|
"type": "route-group",
|
|
683
683
|
"domain": "intent",
|
|
684
684
|
"sourcePath": "src/server/routes.ts",
|
|
685
|
-
"contentHash": "
|
|
685
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
686
686
|
"since": "2025-01-01"
|
|
687
687
|
},
|
|
688
688
|
"route-group:triage": {
|
|
@@ -690,7 +690,7 @@
|
|
|
690
690
|
"type": "route-group",
|
|
691
691
|
"domain": "safety",
|
|
692
692
|
"sourcePath": "src/server/routes.ts",
|
|
693
|
-
"contentHash": "
|
|
693
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
694
694
|
"since": "2025-01-01"
|
|
695
695
|
},
|
|
696
696
|
"route-group:operations": {
|
|
@@ -698,7 +698,7 @@
|
|
|
698
698
|
"type": "route-group",
|
|
699
699
|
"domain": "safety",
|
|
700
700
|
"sourcePath": "src/server/routes.ts",
|
|
701
|
-
"contentHash": "
|
|
701
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
702
702
|
"since": "2025-01-01"
|
|
703
703
|
},
|
|
704
704
|
"route-group:sentinel": {
|
|
@@ -706,7 +706,7 @@
|
|
|
706
706
|
"type": "route-group",
|
|
707
707
|
"domain": "safety",
|
|
708
708
|
"sourcePath": "src/server/routes.ts",
|
|
709
|
-
"contentHash": "
|
|
709
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
710
710
|
"since": "2025-01-01"
|
|
711
711
|
},
|
|
712
712
|
"route-group:trust": {
|
|
@@ -714,7 +714,7 @@
|
|
|
714
714
|
"type": "route-group",
|
|
715
715
|
"domain": "safety",
|
|
716
716
|
"sourcePath": "src/server/routes.ts",
|
|
717
|
-
"contentHash": "
|
|
717
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
718
718
|
"since": "2025-01-01"
|
|
719
719
|
},
|
|
720
720
|
"route-group:monitoring": {
|
|
@@ -722,7 +722,7 @@
|
|
|
722
722
|
"type": "route-group",
|
|
723
723
|
"domain": "monitoring",
|
|
724
724
|
"sourcePath": "src/server/routes.ts",
|
|
725
|
-
"contentHash": "
|
|
725
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
726
726
|
"since": "2025-01-01"
|
|
727
727
|
},
|
|
728
728
|
"route-group:commitments": {
|
|
@@ -730,7 +730,7 @@
|
|
|
730
730
|
"type": "route-group",
|
|
731
731
|
"domain": "commitments",
|
|
732
732
|
"sourcePath": "src/server/routes.ts",
|
|
733
|
-
"contentHash": "
|
|
733
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
734
734
|
"since": "2025-01-01"
|
|
735
735
|
},
|
|
736
736
|
"route-group:episodes": {
|
|
@@ -738,7 +738,7 @@
|
|
|
738
738
|
"type": "route-group",
|
|
739
739
|
"domain": "memory",
|
|
740
740
|
"sourcePath": "src/server/routes.ts",
|
|
741
|
-
"contentHash": "
|
|
741
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
742
742
|
"since": "2025-01-01"
|
|
743
743
|
},
|
|
744
744
|
"route-group:messages": {
|
|
@@ -746,7 +746,7 @@
|
|
|
746
746
|
"type": "route-group",
|
|
747
747
|
"domain": "coordination",
|
|
748
748
|
"sourcePath": "src/server/routes.ts",
|
|
749
|
-
"contentHash": "
|
|
749
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
750
750
|
"since": "2025-01-01"
|
|
751
751
|
},
|
|
752
752
|
"route-group:system-reviews": {
|
|
@@ -754,7 +754,7 @@
|
|
|
754
754
|
"type": "route-group",
|
|
755
755
|
"domain": "monitoring",
|
|
756
756
|
"sourcePath": "src/server/routes.ts",
|
|
757
|
-
"contentHash": "
|
|
757
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
758
758
|
"since": "2025-01-01"
|
|
759
759
|
},
|
|
760
760
|
"route-group:machine-mesh": {
|
|
@@ -770,7 +770,7 @@
|
|
|
770
770
|
"type": "route-group",
|
|
771
771
|
"domain": "security",
|
|
772
772
|
"sourcePath": "src/server/routes.ts",
|
|
773
|
-
"contentHash": "
|
|
773
|
+
"contentHash": "c97e88e91a1ff4fb009958d29e03026d7f764e19e529054aa23675b4906699dd",
|
|
774
774
|
"since": "2025-01-01"
|
|
775
775
|
},
|
|
776
776
|
"cli:init": {
|
|
@@ -125,6 +125,18 @@
|
|
|
125
125
|
],
|
|
126
126
|
"grandfathered": false
|
|
127
127
|
},
|
|
128
|
+
{
|
|
129
|
+
"category": "slack-pending-registrations",
|
|
130
|
+
"description": "Durable pending Slack self-registration requests awaiting admin approval (SlackUserRegistry). Cleared on approve/deny. See docs/specs/SLACK-ORG-INTEGRATION-SPEC.md §6.3.",
|
|
131
|
+
"scope": "machine-local",
|
|
132
|
+
"freshness": "eventual",
|
|
133
|
+
"conflictShape": "single-writer",
|
|
134
|
+
"transport": "none",
|
|
135
|
+
"paths": [
|
|
136
|
+
"state/slack-pending-registrations.json"
|
|
137
|
+
],
|
|
138
|
+
"grandfathered": false
|
|
139
|
+
},
|
|
128
140
|
{
|
|
129
141
|
"category": "topic-placement-history",
|
|
130
142
|
"description": "Topic<->machine placement history (does not exist as its own store yet; the journal's first stream materializes it). Distinct from current-owner pool state.",
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
# Upgrade Guide — vNEXT
|
|
2
|
+
|
|
3
|
+
<!-- assembled-by: assemble-next-md -->
|
|
4
|
+
<!-- bump: patch -->
|
|
5
|
+
|
|
6
|
+
## What Changed
|
|
7
|
+
|
|
8
|
+
feat(permissions): Slack org permissions **Phase 1** — conversational user registration + the enforce path, both **dark by default**. Builds on Slice 0 (the observe-only permission gate, #1005).
|
|
9
|
+
|
|
10
|
+
- **Registration** (`SlackUserRegistry` + `POST /permissions/registrations/{register,approve,deny}`, `GET …/pending`): admins register users with a role; self-registration creates a pending entry for approval. Persists to `state/slack-pending-registrations.json` (registered machine-local).
|
|
11
|
+
- **Enforce path** (`SlackAdapter._handleMessage`): when the injected permission observer is `enforcing`, a non-`allow` verdict sends the conversational refusal/clarify reply (in-thread, via the existing `sendToChannel`) and blocks the message from reaching the session. When NOT enforcing (the default), behavior is identical to Slice 0 observe-only.
|
|
12
|
+
|
|
13
|
+
The enforce path installs the blocking authority but leaves it **inert** — enabling `enforce:true` is gated behind a later phase that requires real false-positive-rate data from the observe ledger and the LLM judgment band holding authority (carried over from the Slice 0 §4 follow-up). No new Slack Web API surface (the reply reuses the contract-tested `sendToChannel`).
|
|
14
|
+
|
|
15
|
+
## What to Tell Your User
|
|
16
|
+
|
|
17
|
+
None — internal change (no user-facing surface).
|
|
18
|
+
|
|
19
|
+
## Summary of New Capabilities
|
|
20
|
+
|
|
21
|
+
None — internal change (no user-facing surface).
|
|
22
|
+
|
|
23
|
+
## Evidence
|
|
24
|
+
|
|
25
|
+
- 14 tests green: `slack-user-registry.test.ts` (7), `slack-permission-enforce.test.ts` (3), `slack-registration-routes.test.ts` (4). `tsc --noEmit` clean. `/permissions` prefix classified INTERNAL in CapabilityIndex (capabilities lint green).
|
|
26
|
+
- Side-effects review (`upgrades/side-effects/slack-org-permissions-phase1.md`) with an independent Phase-5 second-pass (block/allow on inbound messaging).
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
# Upgrade Guide — vNEXT
|
|
2
|
+
|
|
3
|
+
<!-- assembled-by: assemble-next-md -->
|
|
4
|
+
<!-- bump: patch -->
|
|
5
|
+
|
|
6
|
+
## What Changed
|
|
7
|
+
|
|
8
|
+
feat(coordination): user→agent authority grants in the Coordination Mandate — a verified operator can grant a specific floor action to a specific Slack user, **signed into the mandate** so it can't be forged. Completes the Slack-permission floor-authorization path (the gate's `GrantStore.activeGrant` now has a signature-backed implementation).
|
|
9
|
+
|
|
10
|
+
- `canonicalMandate()` appends grants to the signed bytes **only when non-empty**, so every existing no-grant mandate serializes byte-for-byte as before and its `authProof` still verifies (backward-compatible by construction).
|
|
11
|
+
- `addGrants()` re-signs through the PIN-gated path and rejects any grant whose expiry exceeds the mandate's (a grant can't outlive its delegation); `issue()` enforces the same clamp.
|
|
12
|
+
- `MandateBackedGrantStore` reads grants deny-by-default: authorship + mandate-revocation + mandate-expiry + grant-expiry all checked before a grant clears a floor action.
|
|
13
|
+
- New PIN-gated route `POST /mandate/:id/grants`; every grant decision audited through the hash-chained `MandateAudit`.
|
|
14
|
+
|
|
15
|
+
Dark/no-op until an operator mints a grant; the Slack gate that consumes it is still observe-only.
|
|
16
|
+
|
|
17
|
+
## What to Tell Your User
|
|
18
|
+
|
|
19
|
+
Nothing changes for you right now — this ships dark. It's an operator capability that becomes useful once the Slack permission gate is enabled: from then on you (the verified operator) can grant a *specific* Slack person permission for a *specific* high-risk action (e.g. a production deploy), time-boxed, signed so it can't be forged, and minted only behind your dashboard PIN. Until you mint a grant and turn the gate on, agent behavior is unchanged.
|
|
20
|
+
|
|
21
|
+
## Summary of New Capabilities
|
|
22
|
+
|
|
23
|
+
- **PIN-gated `POST /mandate/:id/grants`** — your verified operator grants a Slack user a specific floor authority, signed into the Coordination Mandate (can't be forged or widened by an agent; can't outlive its mandate; every grant decision is written to the tamper-evident audit log). Operator/internal — not surfaced in `/capabilities` while the Slack gate is dark.
|
|
24
|
+
|
|
25
|
+
## Evidence
|
|
26
|
+
|
|
27
|
+
- 19 new unit tests incl. the backward-compat test (legacy no-grant mandate verifies) + the forged-grant tamper test (grant added without re-signing → verification FAILS) + expiry-clamp/revoke/expiry-bypass coverage. `tsc --noEmit` clean; lint clean; 130/130 in the related coordination/permission sweep.
|
|
28
|
+
- Side-effects review (`upgrades/side-effects/mandate-user-grants.md`) + an independent adversarial Phase-5 second-pass on the signing path.
|
|
@@ -0,0 +1,78 @@
|
|
|
1
|
+
# Side-Effects Review — Coordination Mandate user→agent authority grants
|
|
2
|
+
|
|
3
|
+
**Version / slug:** `mandate-user-grants`
|
|
4
|
+
**Date:** 2026-06-09
|
|
5
|
+
**Author:** Instar Agent (echo)
|
|
6
|
+
**Second-pass reviewer:** REQUIRED (authority/signing crypto — trust-level decision) — independent adversarial review, see Phase 5
|
|
7
|
+
|
|
8
|
+
## Summary of the change
|
|
9
|
+
|
|
10
|
+
Extends the Coordination Mandate so a verified operator can grant a SPECIFIC floor authority to a SPECIFIC Slack user, signed into the mandate so it cannot be forged. This is what lets a non-owner be permitted a floor action (e.g. a prod-deploy) — the Slack permission gate's floor check already calls `GrantStore.activeGrant(slackUserId, scope, now)`; this provides the production, signature-backed implementation.
|
|
11
|
+
|
|
12
|
+
Files: `src/coordination/types.ts` (the `UserAuthorityGrant` type + optional `grants?` on `CoordinationMandate`), `src/coordination/MandateStore.ts` (the security-critical `canonicalMandate()` change + `addGrants()` re-sign path + `issue()` carrying grants), `src/permissions/MandateBackedGrantStore.ts` (new — reads signed grants, deny-by-default), `src/permissions/index.ts`, `src/server/routes.ts` (PIN-gated `POST /mandate/:id/grants`), `src/server/CapabilityIndex.ts` (route registration), `src/commands/server.ts` (wire the store into the gate).
|
|
13
|
+
|
|
14
|
+
Decision points touched: the floor-authorization decision (a grant can now clear a floor action for a non-owner) — but only via a SIGNED grant minted on the PIN-gated path.
|
|
15
|
+
|
|
16
|
+
## Decision-point inventory
|
|
17
|
+
|
|
18
|
+
- `MandateBackedGrantStore.activeGrant` — **add** — resolves a signed grant → clears a floor action for the named user. Deny-by-default; authorship + mandate-expiry + mandate-revocation + grant-expiry all checked before a grant is honored.
|
|
19
|
+
- `canonicalMandate()` — **modify (security-critical)** — grants are now part of the signed bytes (append-only-when-non-empty for backward-compat).
|
|
20
|
+
- `POST /mandate/:id/grants` — **add** — PIN-gated issuance (re-signs the mandate with the grant); mirrors `issue`/`revoke`.
|
|
21
|
+
|
|
22
|
+
---
|
|
23
|
+
|
|
24
|
+
## 1. Over-block
|
|
25
|
+
|
|
26
|
+
The grant store is the ALLOW side (it clears a floor action). Over-allow, not over-block, is the risk here — see §4. No legitimate input is wrongly blocked: absent a valid grant, the gate's pre-existing behavior (owner authorizes floor / others refused) is unchanged.
|
|
27
|
+
|
|
28
|
+
## 2. Under-block (the real risk for an allow-path)
|
|
29
|
+
|
|
30
|
+
The danger is honoring a grant that shouldn't be honored. Mitigations, all enforced before a grant clears a floor:
|
|
31
|
+
- The mandate's `authProof` must verify (the grant is part of the signed bytes — a forged/added grant fails).
|
|
32
|
+
- The mandate must not be revoked and not be expired.
|
|
33
|
+
- The grant itself must not be expired, and its `expiresAt` is clamped to never exceed the mandate's `expiresAt` (a grant cannot outlive its delegation — enforced at `addGrants` AND at `issue`).
|
|
34
|
+
- Match is exact on `grantedTo` (slackUserId) and `floorAction` (no substring/coercion).
|
|
35
|
+
Deny-by-default: any check failing → no grant returned.
|
|
36
|
+
|
|
37
|
+
## 3. Level-of-abstraction fit
|
|
38
|
+
|
|
39
|
+
Correct. The mandate is already the audited, HMAC-signed authority primitive (requester ≠ authorizer; PIN-gated issuance). User→agent grants are a natural extension of the same signed object — NOT a new parallel authority. The gate consumes grants via the existing `GrantStore` interface (Slice 0), so this is the consume side of an established seam.
|
|
40
|
+
|
|
41
|
+
## 4. Signal vs authority compliance
|
|
42
|
+
|
|
43
|
+
**Required reference:** docs/signal-vs-authority.md. This IS an authority (a grant clears a floor action), and it is NOT brittle:
|
|
44
|
+
- A grant only has force if it is covered by the mandate's HMAC `authProof`, which is only produced by the PIN-gated issuance path (`MandateStore.sign`). An agent cannot mint or widen its own grant.
|
|
45
|
+
- `MandateBackedGrantStore` verifies authorship BEFORE trusting `grants` — it never reads a grant off an unverified mandate.
|
|
46
|
+
- The expiry clamp + revoke + mandate-expiry checks are deterministic (no LLM, no heuristic in the authorization path). Fail-closed.
|
|
47
|
+
|
|
48
|
+
## 5. Interactions
|
|
49
|
+
|
|
50
|
+
- **Backward-compat (the #1 interaction):** existing signed mandates have no `grants` field; `canonicalMandate()` appends grants ONLY when present + non-empty, so a no-grant mandate serializes byte-for-byte as before → every previously-signed mandate (incl. Dawn's live ones) still verifies. Proven by the backward-compat test (legacy on-disk mandate with no `grants` key verifies TRUE) + the append-only guard in `issue()`.
|
|
51
|
+
- **Two `MandateStore` instances:** the gate (built in `commands/server.ts` before AgentServer) uses a second, stateless, READ-ONLY `MandateStore` reader over the same file with the same HMAC derivation (`config.authToken`). It only reads/verifies — no writes — so there's no write race; the writer is the AgentServer/route path.
|
|
52
|
+
- **Audit:** every grant decision (allow on accept, deny on reject) is recorded through the existing hash-chained `MandateAudit`.
|
|
53
|
+
|
|
54
|
+
## 6. External surfaces
|
|
55
|
+
|
|
56
|
+
- **Other agents / install base:** none by default — no grants exist until an operator mints one on the PIN-gated route; the Slack gate is dark/observe-only. Pure no-op for existing agents.
|
|
57
|
+
- **External systems:** none (no new outbound calls).
|
|
58
|
+
- **Persistent state:** grants live inside the existing `state/coordination-mandates.json` (no new state file); the field is optional + append-only-when-non-empty.
|
|
59
|
+
- **HTTP:** one new PIN-gated route `POST /mandate/:id/grants` (registered INTERNAL in CapabilityIndex + documented).
|
|
60
|
+
|
|
61
|
+
## 7. Rollback cost
|
|
62
|
+
|
|
63
|
+
Low / additive. Back-out = revert + patch. Because `canonicalMandate` is append-only-when-non-empty, reverting it does NOT invalidate existing no-grant mandates. The only durable artifact is grants inside mandates; if reverted, a grant-bearing mandate would fail to verify (its proof covers grants the reverted code wouldn't serialize) — but NO deployed mandate carries grants yet, so there is no live signed-grant data to break. No agent-state repair needed for the no-grant fleet.
|
|
64
|
+
|
|
65
|
+
## Phase 5 — Second-pass review (independent, adversarial)
|
|
66
|
+
|
|
67
|
+
REQUIRED (authority/signing crypto). An independent reviewer attempted to forge a grant, break backward-compat, and escape the expiry/revoke checks. Verdict appended below.
|
|
68
|
+
|
|
69
|
+
### Verdict: CONCUR — no exploitable issue found (independent adversarial review)
|
|
70
|
+
|
|
71
|
+
The reviewer attempted 9 distinct attacks against the live source (forge-a-grant, backward-compat break, expiry-clamp escape, revoke/expiry bypass, privilege confusion, issuance-auth bypass) via a standalone probe script + the full test suite, and could not land an exploit:
|
|
72
|
+
- **Forge:** `MandateBackedGrantStore.activeGrant` calls `verifyAuthorship(mandate)` BEFORE reading `mandate.grants` — no path trusts grants off an unverified mandate; a re-signed-with-attacker-key mandate is rejected by the HMAC `timingSafeEqual`.
|
|
73
|
+
- **Backward-compat:** `grants` undefined / `[]` / no-key all canonicalize byte-identically to the pre-extension baseline; a legacy on-disk no-grant mandate verifies TRUE.
|
|
74
|
+
- **Expiry/revoke:** `activeGrant` skips revoked + expired mandates and past-expiry grants; the effective expiry is `min(grant, mandate)`.
|
|
75
|
+
- **Privilege confusion:** strict `!==` equality on `grantedTo` + `floorAction` (no substring/coercion).
|
|
76
|
+
- **Issuance auth:** `POST /mandate/:id/grants` is PIN-gated (same timing-safe gate as issue/revoke); Bearer-only → 403.
|
|
77
|
+
|
|
78
|
+
**One hardening the reviewer flagged — IMPLEMENTED in this change:** the `issue()` library path originally did not enforce the `grant.expiresAt <= mandate.expiresAt` clamp that `addGrants()` does (it was unreachable from any untrusted surface — the issue route drops grants — and neutralized by the query-side clamp, so "hardening, not a blocker"). To make the library contract uniformly safe for any future caller, `issue()` now applies the same validation + clamp (throws on an over-long or malformed grant), covered by a new test (`issue() with grants applies the SAME expiry clamp as addGrants`). Total unit tests: 20.
|
|
@@ -0,0 +1,68 @@
|
|
|
1
|
+
# Side-Effects Review — Slack org permissions Phase 1 (registration + enforce path)
|
|
2
|
+
|
|
3
|
+
**Version / slug:** `slack-org-permissions-phase1`
|
|
4
|
+
**Date:** 2026-06-09
|
|
5
|
+
**Author:** Instar Agent (echo)
|
|
6
|
+
**Second-pass reviewer:** REQUIRED (block/allow on inbound messaging) — see Phase 5 below
|
|
7
|
+
|
|
8
|
+
## Summary of the change
|
|
9
|
+
|
|
10
|
+
Builds on Slice 0 (the dark/observe-only Slack permission gate, merged in #1005). Phase 1 adds two things:
|
|
11
|
+
1. **Conversational registration** (`src/permissions/SlackUserRegistry.ts` + `src/server/routes.ts` `POST /permissions/registrations/{register,approve,deny}` + `GET …/pending`): admins register users with a role; self-registration creates a pending entry for approval. Persists to `state/slack-pending-registrations.json` (registered in `state-coherence-registry.json`).
|
|
12
|
+
2. **The enforce path** (`src/messaging/slack/SlackAdapter._handleMessage`): when the injected permission observer is **enforcing**, a non-`allow` verdict sends the conversational refusal/clarify reply (via the existing `sendToChannel`, in-thread) and returns — blocking the message from reaching the session. When NOT enforcing (the default), the observe call stays fire-and-forget exactly as in Slice 0.
|
|
13
|
+
|
|
14
|
+
Decision points touched: the inbound-message block/allow in `_handleMessage` (the enforce branch).
|
|
15
|
+
|
|
16
|
+
## Decision-point inventory
|
|
17
|
+
|
|
18
|
+
- `SlackAdapter._handleMessage` enforce branch — **add** — when `observer.enforcing`, a non-allow verdict blocks message processing + sends the gate reply. Dark by default (`enforcing=false` → unchanged observe-only behavior).
|
|
19
|
+
- `SlackUserRegistry` register/approve/deny — **add** — identity/role assignment; not a message gate (data layer feeding the principal resolver).
|
|
20
|
+
- `POST /permissions/registrations/*` routes — **add** — Bearer-gated admin/operator routes; classified INTERNAL (capabilities) like the rest of `/permissions`.
|
|
21
|
+
|
|
22
|
+
---
|
|
23
|
+
|
|
24
|
+
## 1. Over-block
|
|
25
|
+
|
|
26
|
+
When `enforcing=true`, the gate blocks any inbound message whose verdict ≠ `allow`. Over-block risk: a legitimate message mis-classified as floor/clarify is withheld from the session and gets a refusal/clarify reply instead. **Mitigation:** the path ships dark (default `enforcing=false`); the verdict logic is Slice 0's (floor = deterministic-conservative; the judgment band routes ambiguity to CLARIFY, which still replies to the user rather than silently dropping). Enabling enforce is gated behind a later phase that requires real FP-rate data from the observe ledger first (carried over from the Slice 0 §4 follow-up).
|
|
27
|
+
|
|
28
|
+
## 2. Under-block
|
|
29
|
+
|
|
30
|
+
When `enforcing=false` (default) the gate blocks nothing — identical to Slice 0 observe-only. That is intentional: Phase 1 ships the mechanism dark; it does not claim to protect anything yet. The registration layer does not itself enforce (a registered role only matters once the gate consumes it). No new protection is asserted.
|
|
31
|
+
|
|
32
|
+
## 3. Level-of-abstraction fit
|
|
33
|
+
|
|
34
|
+
Correct layer. The enforce decision sits in `_handleMessage` AFTER the fail-closed `authorizedUserIds` AuthGate and uses the SAME observer/verdict the observe path already produced — so it's the consume side of an existing signal, not a new parallel detector. Registration is a data layer (identity → role), feeding the existing `SlackPrincipalResolver`; it does not re-implement identity.
|
|
35
|
+
|
|
36
|
+
## 4. Signal vs authority compliance
|
|
37
|
+
|
|
38
|
+
**Required reference:** docs/signal-vs-authority.md. This is the change that turns the Slice 0 SIGNAL into an AUTHORITY (it can block) — so the compliance bar is real:
|
|
39
|
+
- The blocking authority is NOT brittle: the floor is deterministic-conservative-fail-closed; the judgment band is the injectable `IntentClassifier` (heuristic = deterministic test/fallback; LLM-backed in production) and routes ambiguity to CLARIFY, never to a silent allow. A blocked **directed** request (DM or @mention) always gets a conversational reply. (Precise nuance, per the second-pass review: the one no-reply block path is an *overheard/undirected* actionable message in `respondMode:'all'` — verdict `refuse/overheard/''` — which is correctly NOT actioned and NOT replied-to per §6.9; that is by design, not a silent drop of a directed user request.)
|
|
40
|
+
- It ships **dark** (`enforcing=false`), so the authority is installed but inert until a later, FP-data-gated phase explicitly enables it with the LLM judge holding the band — not the heuristic. **This artifact does NOT authorize `enforce:true`.**
|
|
41
|
+
|
|
42
|
+
## 5. Interactions
|
|
43
|
+
|
|
44
|
+
- **Shadowing:** the enforce branch runs in the same spot as the Slice 0 observe call (after AuthGate, before the mention-only skip). When enforcing, it returns early (blocks) — so it shadows the normal handler BY DESIGN for non-allow verdicts; when not enforcing it changes nothing.
|
|
45
|
+
- **Double-fire:** the observe ledger write and the enforce decision use the same single verdict; no double evaluation.
|
|
46
|
+
- **Races:** `SlackUserRegistry` writes `slack-pending-registrations.json` (single-writer per process, atomic write); the enforce decision is synchronous in the handler (no race with the fire-and-forget observe path, which only runs when NOT enforcing).
|
|
47
|
+
- **Registration vs gate:** an unregistered user resolves to the lowest role → the gate treats them conservatively; registration only ever raises trust via an explicit admin/approval action.
|
|
48
|
+
|
|
49
|
+
## 6. External surfaces
|
|
50
|
+
|
|
51
|
+
- **Other agents / install base:** none — dark by default (no permission observer attached unless configured); pure no-op for every existing agent.
|
|
52
|
+
- **External systems (Slack):** **no new Slack Web API calls** — the enforce reply reuses the existing `sendToChannel` (already contract-tested in Slice 0). The Slack API contract surface is unchanged by Phase 1 (verified: no new `client.*`/`postMessage` calls in the diff).
|
|
53
|
+
- **Persistent state:** one new file `state/slack-pending-registrations.json` (registered machine-local in `state-coherence-registry.json`). Created lazily; bounded.
|
|
54
|
+
- **HTTP:** four new Bearer-gated routes under `/permissions/registrations/*` (classified INTERNAL — agent-invisible while dark).
|
|
55
|
+
|
|
56
|
+
## 7. Rollback cost
|
|
57
|
+
|
|
58
|
+
Low / additive. Back-out = revert the 3 commits + ship a patch. No migration: `slack-pending-registrations.json` is observe/admin data (deletable with no consequence); the enforce branch is inert while dark, so reverting it changes nothing on any install (no one has `enforcing=true`). No agent-state repair, no user-visible regression.
|
|
59
|
+
|
|
60
|
+
## Phase 5 — Second-pass review
|
|
61
|
+
|
|
62
|
+
REQUIRED: this change adds a **block/allow decision on inbound messaging**. An independent reviewer must audit this artifact and append "Concur" or "Concern: …" below before the trace is written with `--second-pass true`.
|
|
63
|
+
|
|
64
|
+
## Second-pass review (independent reviewer)
|
|
65
|
+
|
|
66
|
+
**Concur with the review.** Verified against the actual code: the blocking authority is genuinely fail-closed — the floor (`SlackPermissionGate` lines 140–180) is deterministic, regex-detected via `HeuristicIntentClassifier` (no LLM in the floor path), `roleCanAuthorizeFloor` clears only `owner`/explicit grant, an unregistered user resolves to `guest`/`registered:false` and is refused, ambiguity routes to `clarify` (line 131), and `NullAnomalyScorer` (default) can't spuriously raise step-up; the enforce branch sits after the fail-closed AuthGate, reuses the single observe verdict, and is genuinely inert when `enforcing=false` (`observer.enforcing` → `deps.enforce ?? false` → original fire-and-forget path, proven by the `enforcing=false` unit test), with no new Slack API calls (reuses pre-existing `sendToChannel`; diff grep for `client.*`/`postMessage`/`chat.*` additions returns none).
|
|
67
|
+
|
|
68
|
+
*Minor wording nuance (not a blocker, no code change needed):* §4's "a blocked message **always** gets a conversational reply" is slightly overstated. The one non-allow verdict carrying an empty message is `refuse / overheard / ''` (gate line 108), reachable only for an **undirected** (non-DM, non-mention) actionable message in `respondMode:'all'` — in that case the enforce branch blocks with no reply (`if (verdict.message)` is false → silent `return`). This is correct by design (an overheard command must not be actioned per §6.9, and replying to a message not directed at the bot would be channel noise) — it is not a silent drop of a *directed* user request, and it ships dark regardless. Worth a one-word softening of §4 ("a blocked *directed* request always gets a reply") at the authoring agent's discretion; the behavior itself is sound.
|