instar 1.3.441 → 1.3.443

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (33) hide show
  1. package/dist/commands/server.d.ts.map +1 -1
  2. package/dist/commands/server.js +58 -2
  3. package/dist/commands/server.js.map +1 -1
  4. package/dist/coordination/MandateStore.d.ts +30 -2
  5. package/dist/coordination/MandateStore.d.ts.map +1 -1
  6. package/dist/coordination/MandateStore.js +89 -3
  7. package/dist/coordination/MandateStore.js.map +1 -1
  8. package/dist/coordination/types.d.ts +35 -0
  9. package/dist/coordination/types.d.ts.map +1 -1
  10. package/dist/permissions/LlmIntentClassifier.d.ts +77 -0
  11. package/dist/permissions/LlmIntentClassifier.d.ts.map +1 -0
  12. package/dist/permissions/LlmIntentClassifier.js +225 -0
  13. package/dist/permissions/LlmIntentClassifier.js.map +1 -0
  14. package/dist/permissions/MandateBackedGrantStore.d.ts +40 -0
  15. package/dist/permissions/MandateBackedGrantStore.d.ts.map +1 -0
  16. package/dist/permissions/MandateBackedGrantStore.js +72 -0
  17. package/dist/permissions/MandateBackedGrantStore.js.map +1 -0
  18. package/dist/permissions/index.d.ts +2 -0
  19. package/dist/permissions/index.d.ts.map +1 -1
  20. package/dist/permissions/index.js +2 -0
  21. package/dist/permissions/index.js.map +1 -1
  22. package/dist/server/CapabilityIndex.d.ts.map +1 -1
  23. package/dist/server/CapabilityIndex.js +1 -0
  24. package/dist/server/CapabilityIndex.js.map +1 -1
  25. package/dist/server/routes.d.ts.map +1 -1
  26. package/dist/server/routes.js +57 -0
  27. package/dist/server/routes.js.map +1 -1
  28. package/package.json +1 -1
  29. package/src/data/builtin-manifest.json +46 -46
  30. package/upgrades/1.3.442.md +28 -0
  31. package/upgrades/1.3.443.md +25 -0
  32. package/upgrades/side-effects/mandate-user-grants.md +78 -0
  33. package/upgrades/side-effects/slack-llm-intent-classifier.md +67 -0
@@ -1 +1 @@
1
- {"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/commands/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAaH,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAS3D,OAAO,EAAE,eAAe,EAAiC,MAAM,iCAAiC,CAAC;AAuBjG,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAGvD,OAAO,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAiG7D,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AA6JtD,UAAU,YAAY;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;2DACuD;IACvD,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AA05BD,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,eAAe,EACzB,cAAc,EAAE,cAAc,EAC9B,YAAY,CAAC,EAAE,YAAY,EAC3B,WAAW,CAAC,EAAE,WAAW,EACzB,WAAW,CAAC,EAAE,WAAW,EACzB,iBAAiB,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,EAGvE,UAAU,CAAC,EAAE,MAAM,OAAO,8BAA8B,EAAE,WAAW,GAAG,IAAI,EAK5E,qBAAqB,CAAC,EAAE,MAAM,OAAO,gCAAgC,EAAE,kBAAkB,GAAG,IAAI,GAC/F,IAAI,CAyUN;AA2lBD,wBAAsB,WAAW,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAmpUtE;AAED,wBAAsB,UAAU,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAsDzE;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,aAAa,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAuD5E"}
1
+ {"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/commands/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAaH,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAS3D,OAAO,EAAE,eAAe,EAAiC,MAAM,iCAAiC,CAAC;AAuBjG,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAGvD,OAAO,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAiG7D,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AA6JtD,UAAU,YAAY;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;2DACuD;IACvD,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AA05BD,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,eAAe,EACzB,cAAc,EAAE,cAAc,EAC9B,YAAY,CAAC,EAAE,YAAY,EAC3B,WAAW,CAAC,EAAE,WAAW,EACzB,WAAW,CAAC,EAAE,WAAW,EACzB,iBAAiB,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,EAGvE,UAAU,CAAC,EAAE,MAAM,OAAO,8BAA8B,EAAE,WAAW,GAAG,IAAI,EAK5E,qBAAqB,CAAC,EAAE,MAAM,OAAO,gCAAgC,EAAE,kBAAkB,GAAG,IAAI,GAC/F,IAAI,CAyUN;AA2lBD,wBAAsB,WAAW,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAgtUtE;AAED,wBAAsB,UAAU,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAsDzE;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,aAAa,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAuD5E"}
@@ -4221,18 +4221,74 @@ export async function startServer(options) {
4221
4221
  const slackCfg = slackConfig.config;
4222
4222
  const pgCfg = slackCfg.permissionGate;
4223
4223
  if (pgCfg && (pgCfg.observeOnly || pgCfg.enforce)) {
4224
- const { SlackPermissionObserver, SlackPrincipalResolver, SlackPermissionGate, PermissionDecisionLedger, RolePolicy, HeuristicIntentClassifier, HeuristicAnomalyScorer, } = await import('../permissions/index.js');
4224
+ const { SlackPermissionObserver, SlackPrincipalResolver, SlackPermissionGate, PermissionDecisionLedger, RolePolicy, HeuristicIntentClassifier, LlmIntentClassifier, HeuristicAnomalyScorer, MandateBackedGrantStore, } = await import('../permissions/index.js');
4225
4225
  // Own UserManager instance for verified-principal resolution (the
4226
4226
  // Telegram-block userManager is out of scope here). Reads users.json.
4227
4227
  const slackUserManager = new UserManager(config.stateDir, config.users);
4228
+ // ── Floor-action grants are read from the SIGNED Coordination Mandate ──
4229
+ // A MandateStore reader over the SAME file + SAME HMAC sign/verify deps as
4230
+ // the coordination engine in AgentServer (which is constructed later, so we
4231
+ // can't share the instance) — a stateless reader, so a second instance over
4232
+ // the same on-disk mandates is correct. With no stateDir, leave grants
4233
+ // unset (deny-by-default: the gate then refuses every floor action).
4234
+ let grantStore;
4235
+ if (config.stateDir) {
4236
+ try {
4237
+ const { MandateStore } = await import('../coordination/MandateStore.js');
4238
+ const cryptoMod = await import('node:crypto');
4239
+ const issuanceKey = config.authToken || 'mandate-issuance-unsigned-dev-key';
4240
+ const mSign = (canonical) => cryptoMod.createHmac('sha256', issuanceKey).update(canonical).digest('hex');
4241
+ const mVerify = (canonical, proof) => {
4242
+ const expected = mSign(canonical);
4243
+ try {
4244
+ return expected.length === proof.length
4245
+ && cryptoMod.timingSafeEqual(Buffer.from(expected), Buffer.from(proof));
4246
+ }
4247
+ catch { /* @silent-fallback-ok — a malformed proof must verify FALSE (deny-safe), never throw */
4248
+ return false;
4249
+ }
4250
+ };
4251
+ const mandateStore = new MandateStore({
4252
+ filePath: path.join(config.stateDir, 'state', 'coordination-mandates.json'),
4253
+ sign: mSign,
4254
+ verifySig: mVerify,
4255
+ });
4256
+ grantStore = new MandateBackedGrantStore({ store: mandateStore });
4257
+ }
4258
+ catch (ge) {
4259
+ console.warn('[slack] mandate-backed grant store wiring skipped:', ge.message);
4260
+ }
4261
+ }
4262
+ // ── Judgment-band classifier selection (opt-in, dark by default) ──
4263
+ // Default stays the deterministic HeuristicIntentClassifier. When
4264
+ // `permissionGate.classifier === 'llm'` AND an internal LLM provider is
4265
+ // available, use LlmIntentClassifier for the judgment band ABOVE the
4266
+ // deterministic floor — it fails CLOSED to the heuristic on any LLM
4267
+ // failure (never a silent allow). With 'llm' selected but no provider,
4268
+ // we stay on the heuristic and say so.
4269
+ let intentClassifier;
4270
+ if (pgCfg.classifier === 'llm') {
4271
+ if (sharedIntelligence) {
4272
+ intentClassifier = new LlmIntentClassifier({ intelligence: sharedIntelligence });
4273
+ console.log('[slack] permission gate using LLM judgment-band intent classifier (fail-closed to heuristic)');
4274
+ }
4275
+ else {
4276
+ intentClassifier = new HeuristicIntentClassifier();
4277
+ console.warn('[slack] permissionGate.classifier=llm requested but no intelligence provider available — staying on heuristic classifier');
4278
+ }
4279
+ }
4280
+ else {
4281
+ intentClassifier = new HeuristicIntentClassifier();
4282
+ }
4228
4283
  const observer = new SlackPermissionObserver({
4229
4284
  resolver: new SlackPrincipalResolver({
4230
4285
  resolveFromSlackUserId: (id) => slackUserManager.resolveFromSlackUserId(id),
4231
4286
  }),
4232
4287
  gate: new SlackPermissionGate({
4233
4288
  rolePolicy: new RolePolicy(),
4234
- classifier: new HeuristicIntentClassifier(),
4289
+ classifier: intentClassifier,
4235
4290
  anomalyScorer: new HeuristicAnomalyScorer(),
4291
+ grants: grantStore,
4236
4292
  }),
4237
4293
  ledger: new PermissionDecisionLedger(config.stateDir),
4238
4294
  enforce: pgCfg.enforce === true,