instar 1.3.441 → 1.3.443
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/server.d.ts.map +1 -1
- package/dist/commands/server.js +58 -2
- package/dist/commands/server.js.map +1 -1
- package/dist/coordination/MandateStore.d.ts +30 -2
- package/dist/coordination/MandateStore.d.ts.map +1 -1
- package/dist/coordination/MandateStore.js +89 -3
- package/dist/coordination/MandateStore.js.map +1 -1
- package/dist/coordination/types.d.ts +35 -0
- package/dist/coordination/types.d.ts.map +1 -1
- package/dist/permissions/LlmIntentClassifier.d.ts +77 -0
- package/dist/permissions/LlmIntentClassifier.d.ts.map +1 -0
- package/dist/permissions/LlmIntentClassifier.js +225 -0
- package/dist/permissions/LlmIntentClassifier.js.map +1 -0
- package/dist/permissions/MandateBackedGrantStore.d.ts +40 -0
- package/dist/permissions/MandateBackedGrantStore.d.ts.map +1 -0
- package/dist/permissions/MandateBackedGrantStore.js +72 -0
- package/dist/permissions/MandateBackedGrantStore.js.map +1 -0
- package/dist/permissions/index.d.ts +2 -0
- package/dist/permissions/index.d.ts.map +1 -1
- package/dist/permissions/index.js +2 -0
- package/dist/permissions/index.js.map +1 -1
- package/dist/server/CapabilityIndex.d.ts.map +1 -1
- package/dist/server/CapabilityIndex.js +1 -0
- package/dist/server/CapabilityIndex.js.map +1 -1
- package/dist/server/routes.d.ts.map +1 -1
- package/dist/server/routes.js +57 -0
- package/dist/server/routes.js.map +1 -1
- package/package.json +1 -1
- package/src/data/builtin-manifest.json +46 -46
- package/upgrades/1.3.442.md +28 -0
- package/upgrades/1.3.443.md +25 -0
- package/upgrades/side-effects/mandate-user-grants.md +78 -0
- package/upgrades/side-effects/slack-llm-intent-classifier.md +67 -0
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/commands/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAaH,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAS3D,OAAO,EAAE,eAAe,EAAiC,MAAM,iCAAiC,CAAC;AAuBjG,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAGvD,OAAO,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAiG7D,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AA6JtD,UAAU,YAAY;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;2DACuD;IACvD,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AA05BD,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,eAAe,EACzB,cAAc,EAAE,cAAc,EAC9B,YAAY,CAAC,EAAE,YAAY,EAC3B,WAAW,CAAC,EAAE,WAAW,EACzB,WAAW,CAAC,EAAE,WAAW,EACzB,iBAAiB,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,EAGvE,UAAU,CAAC,EAAE,MAAM,OAAO,8BAA8B,EAAE,WAAW,GAAG,IAAI,EAK5E,qBAAqB,CAAC,EAAE,MAAM,OAAO,gCAAgC,EAAE,kBAAkB,GAAG,IAAI,GAC/F,IAAI,CAyUN;AA2lBD,wBAAsB,WAAW,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/commands/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAaH,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAS3D,OAAO,EAAE,eAAe,EAAiC,MAAM,iCAAiC,CAAC;AAuBjG,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAGvD,OAAO,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAiG7D,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AA6JtD,UAAU,YAAY;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;2DACuD;IACvD,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AA05BD,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,eAAe,EACzB,cAAc,EAAE,cAAc,EAC9B,YAAY,CAAC,EAAE,YAAY,EAC3B,WAAW,CAAC,EAAE,WAAW,EACzB,WAAW,CAAC,EAAE,WAAW,EACzB,iBAAiB,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,EAGvE,UAAU,CAAC,EAAE,MAAM,OAAO,8BAA8B,EAAE,WAAW,GAAG,IAAI,EAK5E,qBAAqB,CAAC,EAAE,MAAM,OAAO,gCAAgC,EAAE,kBAAkB,GAAG,IAAI,GAC/F,IAAI,CAyUN;AA2lBD,wBAAsB,WAAW,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAgtUtE;AAED,wBAAsB,UAAU,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAsDzE;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,aAAa,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAuD5E"}
|
package/dist/commands/server.js
CHANGED
|
@@ -4221,18 +4221,74 @@ export async function startServer(options) {
|
|
|
4221
4221
|
const slackCfg = slackConfig.config;
|
|
4222
4222
|
const pgCfg = slackCfg.permissionGate;
|
|
4223
4223
|
if (pgCfg && (pgCfg.observeOnly || pgCfg.enforce)) {
|
|
4224
|
-
const { SlackPermissionObserver, SlackPrincipalResolver, SlackPermissionGate, PermissionDecisionLedger, RolePolicy, HeuristicIntentClassifier, HeuristicAnomalyScorer, } = await import('../permissions/index.js');
|
|
4224
|
+
const { SlackPermissionObserver, SlackPrincipalResolver, SlackPermissionGate, PermissionDecisionLedger, RolePolicy, HeuristicIntentClassifier, LlmIntentClassifier, HeuristicAnomalyScorer, MandateBackedGrantStore, } = await import('../permissions/index.js');
|
|
4225
4225
|
// Own UserManager instance for verified-principal resolution (the
|
|
4226
4226
|
// Telegram-block userManager is out of scope here). Reads users.json.
|
|
4227
4227
|
const slackUserManager = new UserManager(config.stateDir, config.users);
|
|
4228
|
+
// ── Floor-action grants are read from the SIGNED Coordination Mandate ──
|
|
4229
|
+
// A MandateStore reader over the SAME file + SAME HMAC sign/verify deps as
|
|
4230
|
+
// the coordination engine in AgentServer (which is constructed later, so we
|
|
4231
|
+
// can't share the instance) — a stateless reader, so a second instance over
|
|
4232
|
+
// the same on-disk mandates is correct. With no stateDir, leave grants
|
|
4233
|
+
// unset (deny-by-default: the gate then refuses every floor action).
|
|
4234
|
+
let grantStore;
|
|
4235
|
+
if (config.stateDir) {
|
|
4236
|
+
try {
|
|
4237
|
+
const { MandateStore } = await import('../coordination/MandateStore.js');
|
|
4238
|
+
const cryptoMod = await import('node:crypto');
|
|
4239
|
+
const issuanceKey = config.authToken || 'mandate-issuance-unsigned-dev-key';
|
|
4240
|
+
const mSign = (canonical) => cryptoMod.createHmac('sha256', issuanceKey).update(canonical).digest('hex');
|
|
4241
|
+
const mVerify = (canonical, proof) => {
|
|
4242
|
+
const expected = mSign(canonical);
|
|
4243
|
+
try {
|
|
4244
|
+
return expected.length === proof.length
|
|
4245
|
+
&& cryptoMod.timingSafeEqual(Buffer.from(expected), Buffer.from(proof));
|
|
4246
|
+
}
|
|
4247
|
+
catch { /* @silent-fallback-ok — a malformed proof must verify FALSE (deny-safe), never throw */
|
|
4248
|
+
return false;
|
|
4249
|
+
}
|
|
4250
|
+
};
|
|
4251
|
+
const mandateStore = new MandateStore({
|
|
4252
|
+
filePath: path.join(config.stateDir, 'state', 'coordination-mandates.json'),
|
|
4253
|
+
sign: mSign,
|
|
4254
|
+
verifySig: mVerify,
|
|
4255
|
+
});
|
|
4256
|
+
grantStore = new MandateBackedGrantStore({ store: mandateStore });
|
|
4257
|
+
}
|
|
4258
|
+
catch (ge) {
|
|
4259
|
+
console.warn('[slack] mandate-backed grant store wiring skipped:', ge.message);
|
|
4260
|
+
}
|
|
4261
|
+
}
|
|
4262
|
+
// ── Judgment-band classifier selection (opt-in, dark by default) ──
|
|
4263
|
+
// Default stays the deterministic HeuristicIntentClassifier. When
|
|
4264
|
+
// `permissionGate.classifier === 'llm'` AND an internal LLM provider is
|
|
4265
|
+
// available, use LlmIntentClassifier for the judgment band ABOVE the
|
|
4266
|
+
// deterministic floor — it fails CLOSED to the heuristic on any LLM
|
|
4267
|
+
// failure (never a silent allow). With 'llm' selected but no provider,
|
|
4268
|
+
// we stay on the heuristic and say so.
|
|
4269
|
+
let intentClassifier;
|
|
4270
|
+
if (pgCfg.classifier === 'llm') {
|
|
4271
|
+
if (sharedIntelligence) {
|
|
4272
|
+
intentClassifier = new LlmIntentClassifier({ intelligence: sharedIntelligence });
|
|
4273
|
+
console.log('[slack] permission gate using LLM judgment-band intent classifier (fail-closed to heuristic)');
|
|
4274
|
+
}
|
|
4275
|
+
else {
|
|
4276
|
+
intentClassifier = new HeuristicIntentClassifier();
|
|
4277
|
+
console.warn('[slack] permissionGate.classifier=llm requested but no intelligence provider available — staying on heuristic classifier');
|
|
4278
|
+
}
|
|
4279
|
+
}
|
|
4280
|
+
else {
|
|
4281
|
+
intentClassifier = new HeuristicIntentClassifier();
|
|
4282
|
+
}
|
|
4228
4283
|
const observer = new SlackPermissionObserver({
|
|
4229
4284
|
resolver: new SlackPrincipalResolver({
|
|
4230
4285
|
resolveFromSlackUserId: (id) => slackUserManager.resolveFromSlackUserId(id),
|
|
4231
4286
|
}),
|
|
4232
4287
|
gate: new SlackPermissionGate({
|
|
4233
4288
|
rolePolicy: new RolePolicy(),
|
|
4234
|
-
classifier:
|
|
4289
|
+
classifier: intentClassifier,
|
|
4235
4290
|
anomalyScorer: new HeuristicAnomalyScorer(),
|
|
4291
|
+
grants: grantStore,
|
|
4236
4292
|
}),
|
|
4237
4293
|
ledger: new PermissionDecisionLedger(config.stateDir),
|
|
4238
4294
|
enforce: pgCfg.enforce === true,
|