instar 1.3.446 → 1.3.447
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/server.d.ts.map +1 -1
- package/dist/commands/server.js +22 -2
- package/dist/commands/server.js.map +1 -1
- package/dist/permissions/RelationshipAnomalyScorer.d.ts +123 -0
- package/dist/permissions/RelationshipAnomalyScorer.d.ts.map +1 -0
- package/dist/permissions/RelationshipAnomalyScorer.js +249 -0
- package/dist/permissions/RelationshipAnomalyScorer.js.map +1 -0
- package/dist/permissions/RelationshipBehaviorStore.d.ts +90 -0
- package/dist/permissions/RelationshipBehaviorStore.d.ts.map +1 -0
- package/dist/permissions/RelationshipBehaviorStore.js +156 -0
- package/dist/permissions/RelationshipBehaviorStore.js.map +1 -0
- package/dist/permissions/SlackPermissionObserver.d.ts +24 -0
- package/dist/permissions/SlackPermissionObserver.d.ts.map +1 -1
- package/dist/permissions/SlackPermissionObserver.js +35 -0
- package/dist/permissions/SlackPermissionObserver.js.map +1 -1
- package/dist/permissions/index.d.ts +2 -0
- package/dist/permissions/index.d.ts.map +1 -1
- package/dist/permissions/index.js +2 -0
- package/dist/permissions/index.js.map +1 -1
- package/dist/server/routes.d.ts.map +1 -1
- package/dist/server/routes.js +19 -0
- package/dist/server/routes.js.map +1 -1
- package/package.json +1 -1
- package/src/data/builtin-manifest.json +46 -46
- package/src/data/state-coherence-registry.json +12 -0
- package/upgrades/1.3.447.md +27 -0
- package/upgrades/side-effects/slack-relationship-stepup.md +107 -0
package/package.json
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "./builtin-manifest.schema.json",
|
|
3
3
|
"schemaVersion": 1,
|
|
4
|
-
"generatedAt": "2026-06-
|
|
5
|
-
"instarVersion": "1.3.
|
|
4
|
+
"generatedAt": "2026-06-09T18:08:35.007Z",
|
|
5
|
+
"instarVersion": "1.3.447",
|
|
6
6
|
"entryCount": 199,
|
|
7
7
|
"entries": {
|
|
8
8
|
"hook:session-start": {
|
|
@@ -418,7 +418,7 @@
|
|
|
418
418
|
"type": "route-group",
|
|
419
419
|
"domain": "monitoring",
|
|
420
420
|
"sourcePath": "src/server/routes.ts",
|
|
421
|
-
"contentHash": "
|
|
421
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
422
422
|
"since": "2025-01-01"
|
|
423
423
|
},
|
|
424
424
|
"route-group:agents": {
|
|
@@ -426,7 +426,7 @@
|
|
|
426
426
|
"type": "route-group",
|
|
427
427
|
"domain": "sessions",
|
|
428
428
|
"sourcePath": "src/server/routes.ts",
|
|
429
|
-
"contentHash": "
|
|
429
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
430
430
|
"since": "2025-01-01"
|
|
431
431
|
},
|
|
432
432
|
"route-group:backups": {
|
|
@@ -434,7 +434,7 @@
|
|
|
434
434
|
"type": "route-group",
|
|
435
435
|
"domain": "operations",
|
|
436
436
|
"sourcePath": "src/server/routes.ts",
|
|
437
|
-
"contentHash": "
|
|
437
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
438
438
|
"since": "2025-01-01"
|
|
439
439
|
},
|
|
440
440
|
"route-group:git": {
|
|
@@ -442,7 +442,7 @@
|
|
|
442
442
|
"type": "route-group",
|
|
443
443
|
"domain": "coordination",
|
|
444
444
|
"sourcePath": "src/server/routes.ts",
|
|
445
|
-
"contentHash": "
|
|
445
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
446
446
|
"since": "2025-01-01"
|
|
447
447
|
},
|
|
448
448
|
"route-group:memory": {
|
|
@@ -450,7 +450,7 @@
|
|
|
450
450
|
"type": "route-group",
|
|
451
451
|
"domain": "memory",
|
|
452
452
|
"sourcePath": "src/server/routes.ts",
|
|
453
|
-
"contentHash": "
|
|
453
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
454
454
|
"since": "2025-01-01"
|
|
455
455
|
},
|
|
456
456
|
"route-group:semantic": {
|
|
@@ -458,7 +458,7 @@
|
|
|
458
458
|
"type": "route-group",
|
|
459
459
|
"domain": "memory",
|
|
460
460
|
"sourcePath": "src/server/routes.ts",
|
|
461
|
-
"contentHash": "
|
|
461
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
462
462
|
"since": "2025-01-01"
|
|
463
463
|
},
|
|
464
464
|
"route-group:status": {
|
|
@@ -466,7 +466,7 @@
|
|
|
466
466
|
"type": "route-group",
|
|
467
467
|
"domain": "monitoring",
|
|
468
468
|
"sourcePath": "src/server/routes.ts",
|
|
469
|
-
"contentHash": "
|
|
469
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
470
470
|
"since": "2025-01-01"
|
|
471
471
|
},
|
|
472
472
|
"route-group:capabilities": {
|
|
@@ -474,7 +474,7 @@
|
|
|
474
474
|
"type": "route-group",
|
|
475
475
|
"domain": "mapping",
|
|
476
476
|
"sourcePath": "src/server/routes.ts",
|
|
477
|
-
"contentHash": "
|
|
477
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
478
478
|
"since": "2025-01-01"
|
|
479
479
|
},
|
|
480
480
|
"route-group:project-map": {
|
|
@@ -482,7 +482,7 @@
|
|
|
482
482
|
"type": "route-group",
|
|
483
483
|
"domain": "mapping",
|
|
484
484
|
"sourcePath": "src/server/routes.ts",
|
|
485
|
-
"contentHash": "
|
|
485
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
486
486
|
"since": "2025-01-01"
|
|
487
487
|
},
|
|
488
488
|
"route-group:coherence": {
|
|
@@ -490,7 +490,7 @@
|
|
|
490
490
|
"type": "route-group",
|
|
491
491
|
"domain": "coherence",
|
|
492
492
|
"sourcePath": "src/server/routes.ts",
|
|
493
|
-
"contentHash": "
|
|
493
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
494
494
|
"since": "2025-01-01"
|
|
495
495
|
},
|
|
496
496
|
"route-group:topic-bindings": {
|
|
@@ -498,7 +498,7 @@
|
|
|
498
498
|
"type": "route-group",
|
|
499
499
|
"domain": "sessions",
|
|
500
500
|
"sourcePath": "src/server/routes.ts",
|
|
501
|
-
"contentHash": "
|
|
501
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
502
502
|
"since": "2025-01-01"
|
|
503
503
|
},
|
|
504
504
|
"route-group:context": {
|
|
@@ -506,7 +506,7 @@
|
|
|
506
506
|
"type": "route-group",
|
|
507
507
|
"domain": "context",
|
|
508
508
|
"sourcePath": "src/server/routes.ts",
|
|
509
|
-
"contentHash": "
|
|
509
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
510
510
|
"since": "2025-01-01"
|
|
511
511
|
},
|
|
512
512
|
"route-group:scope-coherence": {
|
|
@@ -514,7 +514,7 @@
|
|
|
514
514
|
"type": "route-group",
|
|
515
515
|
"domain": "coherence",
|
|
516
516
|
"sourcePath": "src/server/routes.ts",
|
|
517
|
-
"contentHash": "
|
|
517
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
518
518
|
"since": "2025-01-01"
|
|
519
519
|
},
|
|
520
520
|
"route-group:canonical-state": {
|
|
@@ -522,7 +522,7 @@
|
|
|
522
522
|
"type": "route-group",
|
|
523
523
|
"domain": "state",
|
|
524
524
|
"sourcePath": "src/server/routes.ts",
|
|
525
|
-
"contentHash": "
|
|
525
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
526
526
|
"since": "2025-01-01"
|
|
527
527
|
},
|
|
528
528
|
"route-group:ci": {
|
|
@@ -530,7 +530,7 @@
|
|
|
530
530
|
"type": "route-group",
|
|
531
531
|
"domain": "monitoring",
|
|
532
532
|
"sourcePath": "src/server/routes.ts",
|
|
533
|
-
"contentHash": "
|
|
533
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
534
534
|
"since": "2025-01-01"
|
|
535
535
|
},
|
|
536
536
|
"route-group:sessions": {
|
|
@@ -538,7 +538,7 @@
|
|
|
538
538
|
"type": "route-group",
|
|
539
539
|
"domain": "sessions",
|
|
540
540
|
"sourcePath": "src/server/routes.ts",
|
|
541
|
-
"contentHash": "
|
|
541
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
542
542
|
"since": "2025-01-01"
|
|
543
543
|
},
|
|
544
544
|
"route-group:jobs": {
|
|
@@ -546,7 +546,7 @@
|
|
|
546
546
|
"type": "route-group",
|
|
547
547
|
"domain": "scheduling",
|
|
548
548
|
"sourcePath": "src/server/routes.ts",
|
|
549
|
-
"contentHash": "
|
|
549
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
550
550
|
"since": "2025-01-01"
|
|
551
551
|
},
|
|
552
552
|
"route-group:skip-ledger": {
|
|
@@ -554,7 +554,7 @@
|
|
|
554
554
|
"type": "route-group",
|
|
555
555
|
"domain": "scheduling",
|
|
556
556
|
"sourcePath": "src/server/routes.ts",
|
|
557
|
-
"contentHash": "
|
|
557
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
558
558
|
"since": "2025-01-01"
|
|
559
559
|
},
|
|
560
560
|
"route-group:telegram": {
|
|
@@ -562,7 +562,7 @@
|
|
|
562
562
|
"type": "route-group",
|
|
563
563
|
"domain": "communication",
|
|
564
564
|
"sourcePath": "src/server/routes.ts",
|
|
565
|
-
"contentHash": "
|
|
565
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
566
566
|
"since": "2025-01-01"
|
|
567
567
|
},
|
|
568
568
|
"route-group:attention": {
|
|
@@ -570,7 +570,7 @@
|
|
|
570
570
|
"type": "route-group",
|
|
571
571
|
"domain": "communication",
|
|
572
572
|
"sourcePath": "src/server/routes.ts",
|
|
573
|
-
"contentHash": "
|
|
573
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
574
574
|
"since": "2025-01-01"
|
|
575
575
|
},
|
|
576
576
|
"route-group:relationships": {
|
|
@@ -578,7 +578,7 @@
|
|
|
578
578
|
"type": "route-group",
|
|
579
579
|
"domain": "relationships",
|
|
580
580
|
"sourcePath": "src/server/routes.ts",
|
|
581
|
-
"contentHash": "
|
|
581
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
582
582
|
"since": "2025-01-01"
|
|
583
583
|
},
|
|
584
584
|
"route-group:feedback": {
|
|
@@ -586,7 +586,7 @@
|
|
|
586
586
|
"type": "route-group",
|
|
587
587
|
"domain": "feedback",
|
|
588
588
|
"sourcePath": "src/server/routes.ts",
|
|
589
|
-
"contentHash": "
|
|
589
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
590
590
|
"since": "2025-01-01"
|
|
591
591
|
},
|
|
592
592
|
"route-group:updates": {
|
|
@@ -594,7 +594,7 @@
|
|
|
594
594
|
"type": "route-group",
|
|
595
595
|
"domain": "updates",
|
|
596
596
|
"sourcePath": "src/server/routes.ts",
|
|
597
|
-
"contentHash": "
|
|
597
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
598
598
|
"since": "2025-01-01"
|
|
599
599
|
},
|
|
600
600
|
"route-group:dispatches": {
|
|
@@ -602,7 +602,7 @@
|
|
|
602
602
|
"type": "route-group",
|
|
603
603
|
"domain": "dispatches",
|
|
604
604
|
"sourcePath": "src/server/routes.ts",
|
|
605
|
-
"contentHash": "
|
|
605
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
606
606
|
"since": "2025-01-01"
|
|
607
607
|
},
|
|
608
608
|
"route-group:quota": {
|
|
@@ -610,7 +610,7 @@
|
|
|
610
610
|
"type": "route-group",
|
|
611
611
|
"domain": "monitoring",
|
|
612
612
|
"sourcePath": "src/server/routes.ts",
|
|
613
|
-
"contentHash": "
|
|
613
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
614
614
|
"since": "2025-01-01"
|
|
615
615
|
},
|
|
616
616
|
"route-group:publishing": {
|
|
@@ -618,7 +618,7 @@
|
|
|
618
618
|
"type": "route-group",
|
|
619
619
|
"domain": "publishing",
|
|
620
620
|
"sourcePath": "src/server/routes.ts",
|
|
621
|
-
"contentHash": "
|
|
621
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
622
622
|
"since": "2025-01-01"
|
|
623
623
|
},
|
|
624
624
|
"route-group:private-views": {
|
|
@@ -626,7 +626,7 @@
|
|
|
626
626
|
"type": "route-group",
|
|
627
627
|
"domain": "publishing",
|
|
628
628
|
"sourcePath": "src/server/routes.ts",
|
|
629
|
-
"contentHash": "
|
|
629
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
630
630
|
"since": "2025-01-01"
|
|
631
631
|
},
|
|
632
632
|
"route-group:tunnel": {
|
|
@@ -634,7 +634,7 @@
|
|
|
634
634
|
"type": "route-group",
|
|
635
635
|
"domain": "networking",
|
|
636
636
|
"sourcePath": "src/server/routes.ts",
|
|
637
|
-
"contentHash": "
|
|
637
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
638
638
|
"since": "2025-01-01"
|
|
639
639
|
},
|
|
640
640
|
"route-group:events": {
|
|
@@ -642,7 +642,7 @@
|
|
|
642
642
|
"type": "route-group",
|
|
643
643
|
"domain": "networking",
|
|
644
644
|
"sourcePath": "src/server/routes.ts",
|
|
645
|
-
"contentHash": "
|
|
645
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
646
646
|
"since": "2025-01-01"
|
|
647
647
|
},
|
|
648
648
|
"route-group:evolution": {
|
|
@@ -650,7 +650,7 @@
|
|
|
650
650
|
"type": "route-group",
|
|
651
651
|
"domain": "evolution",
|
|
652
652
|
"sourcePath": "src/server/routes.ts",
|
|
653
|
-
"contentHash": "
|
|
653
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
654
654
|
"since": "2025-01-01"
|
|
655
655
|
},
|
|
656
656
|
"route-group:watchdog": {
|
|
@@ -658,7 +658,7 @@
|
|
|
658
658
|
"type": "route-group",
|
|
659
659
|
"domain": "monitoring",
|
|
660
660
|
"sourcePath": "src/server/routes.ts",
|
|
661
|
-
"contentHash": "
|
|
661
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
662
662
|
"since": "2025-01-01"
|
|
663
663
|
},
|
|
664
664
|
"route-group:topic-memory": {
|
|
@@ -666,7 +666,7 @@
|
|
|
666
666
|
"type": "route-group",
|
|
667
667
|
"domain": "memory",
|
|
668
668
|
"sourcePath": "src/server/routes.ts",
|
|
669
|
-
"contentHash": "
|
|
669
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
670
670
|
"since": "2025-01-01"
|
|
671
671
|
},
|
|
672
672
|
"route-group:state-sync": {
|
|
@@ -674,7 +674,7 @@
|
|
|
674
674
|
"type": "route-group",
|
|
675
675
|
"domain": "coordination",
|
|
676
676
|
"sourcePath": "src/server/routes.ts",
|
|
677
|
-
"contentHash": "
|
|
677
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
678
678
|
"since": "2025-01-01"
|
|
679
679
|
},
|
|
680
680
|
"route-group:intent": {
|
|
@@ -682,7 +682,7 @@
|
|
|
682
682
|
"type": "route-group",
|
|
683
683
|
"domain": "intent",
|
|
684
684
|
"sourcePath": "src/server/routes.ts",
|
|
685
|
-
"contentHash": "
|
|
685
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
686
686
|
"since": "2025-01-01"
|
|
687
687
|
},
|
|
688
688
|
"route-group:triage": {
|
|
@@ -690,7 +690,7 @@
|
|
|
690
690
|
"type": "route-group",
|
|
691
691
|
"domain": "safety",
|
|
692
692
|
"sourcePath": "src/server/routes.ts",
|
|
693
|
-
"contentHash": "
|
|
693
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
694
694
|
"since": "2025-01-01"
|
|
695
695
|
},
|
|
696
696
|
"route-group:operations": {
|
|
@@ -698,7 +698,7 @@
|
|
|
698
698
|
"type": "route-group",
|
|
699
699
|
"domain": "safety",
|
|
700
700
|
"sourcePath": "src/server/routes.ts",
|
|
701
|
-
"contentHash": "
|
|
701
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
702
702
|
"since": "2025-01-01"
|
|
703
703
|
},
|
|
704
704
|
"route-group:sentinel": {
|
|
@@ -706,7 +706,7 @@
|
|
|
706
706
|
"type": "route-group",
|
|
707
707
|
"domain": "safety",
|
|
708
708
|
"sourcePath": "src/server/routes.ts",
|
|
709
|
-
"contentHash": "
|
|
709
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
710
710
|
"since": "2025-01-01"
|
|
711
711
|
},
|
|
712
712
|
"route-group:trust": {
|
|
@@ -714,7 +714,7 @@
|
|
|
714
714
|
"type": "route-group",
|
|
715
715
|
"domain": "safety",
|
|
716
716
|
"sourcePath": "src/server/routes.ts",
|
|
717
|
-
"contentHash": "
|
|
717
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
718
718
|
"since": "2025-01-01"
|
|
719
719
|
},
|
|
720
720
|
"route-group:monitoring": {
|
|
@@ -722,7 +722,7 @@
|
|
|
722
722
|
"type": "route-group",
|
|
723
723
|
"domain": "monitoring",
|
|
724
724
|
"sourcePath": "src/server/routes.ts",
|
|
725
|
-
"contentHash": "
|
|
725
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
726
726
|
"since": "2025-01-01"
|
|
727
727
|
},
|
|
728
728
|
"route-group:commitments": {
|
|
@@ -730,7 +730,7 @@
|
|
|
730
730
|
"type": "route-group",
|
|
731
731
|
"domain": "commitments",
|
|
732
732
|
"sourcePath": "src/server/routes.ts",
|
|
733
|
-
"contentHash": "
|
|
733
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
734
734
|
"since": "2025-01-01"
|
|
735
735
|
},
|
|
736
736
|
"route-group:episodes": {
|
|
@@ -738,7 +738,7 @@
|
|
|
738
738
|
"type": "route-group",
|
|
739
739
|
"domain": "memory",
|
|
740
740
|
"sourcePath": "src/server/routes.ts",
|
|
741
|
-
"contentHash": "
|
|
741
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
742
742
|
"since": "2025-01-01"
|
|
743
743
|
},
|
|
744
744
|
"route-group:messages": {
|
|
@@ -746,7 +746,7 @@
|
|
|
746
746
|
"type": "route-group",
|
|
747
747
|
"domain": "coordination",
|
|
748
748
|
"sourcePath": "src/server/routes.ts",
|
|
749
|
-
"contentHash": "
|
|
749
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
750
750
|
"since": "2025-01-01"
|
|
751
751
|
},
|
|
752
752
|
"route-group:system-reviews": {
|
|
@@ -754,7 +754,7 @@
|
|
|
754
754
|
"type": "route-group",
|
|
755
755
|
"domain": "monitoring",
|
|
756
756
|
"sourcePath": "src/server/routes.ts",
|
|
757
|
-
"contentHash": "
|
|
757
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
758
758
|
"since": "2025-01-01"
|
|
759
759
|
},
|
|
760
760
|
"route-group:machine-mesh": {
|
|
@@ -770,7 +770,7 @@
|
|
|
770
770
|
"type": "route-group",
|
|
771
771
|
"domain": "security",
|
|
772
772
|
"sourcePath": "src/server/routes.ts",
|
|
773
|
-
"contentHash": "
|
|
773
|
+
"contentHash": "2ee1fcd31c96470a77ceb7efbbac2b2267e60260820d3caff565b7212c68c5c5",
|
|
774
774
|
"since": "2025-01-01"
|
|
775
775
|
},
|
|
776
776
|
"cli:init": {
|
|
@@ -137,6 +137,18 @@
|
|
|
137
137
|
],
|
|
138
138
|
"grandfathered": false
|
|
139
139
|
},
|
|
140
|
+
{
|
|
141
|
+
"category": "slack-relationship-baselines",
|
|
142
|
+
"description": "Durable per-principal behavioral baseline (Pillar 3 relationship-aware anomaly second factor): privacy-respecting SHAPE aggregates only — action repertoire, tier/hour histograms, coarse message-length stats, urgency rate — NEVER message content. Fed observe-only from authorized Slack traffic; read by RelationshipAnomalyScorer. Ships DARK. See docs/specs/SLACK-ORG-INTEGRATION-SPEC.md §7.1-7.2, §7.6.",
|
|
143
|
+
"scope": "machine-local",
|
|
144
|
+
"freshness": "eventual",
|
|
145
|
+
"conflictShape": "single-writer",
|
|
146
|
+
"transport": "none",
|
|
147
|
+
"paths": [
|
|
148
|
+
"state/slack-relationship-baselines.json"
|
|
149
|
+
],
|
|
150
|
+
"grandfathered": false
|
|
151
|
+
},
|
|
140
152
|
{
|
|
141
153
|
"category": "topic-placement-history",
|
|
142
154
|
"description": "Topic<->machine placement history (does not exist as its own store yet; the journal's first stream materializes it). Distinct from current-owner pool state.",
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
# Upgrade Guide — vNEXT
|
|
2
|
+
|
|
3
|
+
<!-- assembled-by: assemble-next-md -->
|
|
4
|
+
<!-- bump: patch -->
|
|
5
|
+
|
|
6
|
+
## What Changed
|
|
7
|
+
|
|
8
|
+
feat(permissions): Slack org permissions **Phase 3** — relationship-aware anomaly detection + a step-up ladder (the relationship second factor on the permission gate). **Observe-only / dark, opt-in.**
|
|
9
|
+
|
|
10
|
+
- `RelationshipBehaviorStore` — durable, per-principal behavioral baseline recording **SHAPE only** (action labels, tier/hour-of-day counts, coarse message-length stats) — **never message content**.
|
|
11
|
+
- `RelationshipAnomalyScorer` (a real `AnomalyScorer`) — scores how far a request deviates from the principal's baseline via 5 deterministic weighted signals (out-of-character action, tier escalation, off-cadence hour, sudden urgency, length-style deviation); confidence scales with baseline depth.
|
|
12
|
+
- Step-up ladder: a would-be-allowed FLOOR action that scores anomalous → a `step-up` verdict (out-of-band verification). **OBSERVE-ONLY** (enforce=false → logged to the decision ledger, never live-challenged). Anomaly can ONLY raise a would-allow to step-up — a refuse stays a refuse; the deterministic floor is untouched.
|
|
13
|
+
- New/thin baseline → conservative (no spurious step-up; no authority-by-suspicion). Optional LLM style-check is off by default + strictly add-only (fail-closed). `GET /permissions/baselines` read-only inspection.
|
|
14
|
+
|
|
15
|
+
## What to Tell Your User
|
|
16
|
+
|
|
17
|
+
Nothing changes by default — observe-only and dark. When enabled, it's the "is this really you?" second factor: if a high-authority account suddenly makes an out-of-character high-risk request (off your usual cadence, an unusually sensitive action, a mismatched style), the agent flags it for step-up verification instead of just trusting it — your compromised-CEO scenario. For now it only *logs* what it would do (so we can measure accuracy before turning it on), it can only ever ask for *more* verification (never less), and it only learns the SHAPE of interactions, never the content of your messages.
|
|
18
|
+
|
|
19
|
+
## Summary of New Capabilities
|
|
20
|
+
|
|
21
|
+
- **`slack.permissionGate.relationshipAnomaly: { enabled, useLlmStyleCheck, stepUpThreshold }`** (opt-in, observe-only) — turns on relationship-aware anomaly scoring + the step-up ladder for the Slack permission gate. Off by default (Null scorer = no anomaly, no step-up).
|
|
22
|
+
- **`GET /permissions/baselines`** — read-only inspection of the per-principal behavioral baselines (SHAPE only; operator/internal).
|
|
23
|
+
|
|
24
|
+
## Evidence
|
|
25
|
+
|
|
26
|
+
- 19 unit (store durability/privacy, 5-signal scoring, no-baseline conservatism, confidence scaling, LLM fail-closed/match/mismatch, gate composition incl. spoofed-CEO→step-up + member-floor-stays-refuse + new-owner-no-spurious-step-up, observer dark-default-records-nothing) + 3 integration (baselines route). `tsc --noEmit` clean; lint clean (incl. no-silent-llm-fallback ratchet); build clean.
|
|
27
|
+
- Side-effects review (`upgrades/side-effects/slack-relationship-stepup.md`) + an independent adversarial Phase-5 second-pass (baseline-poisoning / never-lower / no-leak).
|
|
@@ -0,0 +1,107 @@
|
|
|
1
|
+
# Side-Effects Review — Slack Permission System Phase 3: relationship-aware anomaly + step-up ladder
|
|
2
|
+
|
|
3
|
+
**Version / slug:** `slack-relationship-stepup`
|
|
4
|
+
**Date:** 2026-06-09
|
|
5
|
+
**Author:** Echo
|
|
6
|
+
**Second-pass reviewer:** Echo (self, dedicated reviewer pass — this touches a "gate" decision surface)
|
|
7
|
+
|
|
8
|
+
## Summary of the change
|
|
9
|
+
|
|
10
|
+
Phase 3 (Pillar 3) of the Slack org permission system: a relationship-aware behavioral second factor. It adds two new modules in `src/permissions/`: `RelationshipBehaviorStore.ts` (a durable, deterministic, privacy-respecting per-principal behavioral baseline — it records the SHAPE of each interaction: action label, sensitivity tier, hour-of-day, message length, urgency flag — NEVER message content) and `RelationshipAnomalyScorer.ts` (a real implementation of the existing `AnomalyScorer` interface that scores how out-of-character a request is across five deterministic signals plus an OPTIONAL fail-closed LLM style check). `SlackPermissionObserver.ts` is extended to FEED the baseline (observe-only, directed requests only) from real traffic. `index.ts` exports the new modules. `server.ts` wires them DARK/opt-in behind `slack.permissionGate.relationshipAnomaly.enabled` (default: the existing urgency-only `HeuristicAnomalyScorer` — nothing changes). `routes.ts` adds a read-only `GET /permissions/baselines` inspection route. `state-coherence-registry.json` registers the new `slack-relationship-baselines` state category. Decision points it interacts with: the existing `SlackPermissionGate.evaluate` step-up path (§7.4 composition — anomaly can only RAISE a would-be-allowed FLOOR action to step-up, never lower any bar). Everything is OBSERVE-ONLY: the step-up verdict is computed and logged to the decision ledger; nothing is live-challenged or blocked (the observer ships enforce=false).
|
|
11
|
+
|
|
12
|
+
## Decision-point inventory
|
|
13
|
+
|
|
14
|
+
- `SlackPermissionGate.evaluate` step-up path (`src/permissions/SlackPermissionGate.ts:167-179`) — pass-through (UNCHANGED) — the gate already consumes an `AnomalyScorer.assess()` score against `stepUpThreshold` and escalates a would-be-allowed floor action to `step-up`. This change supplies a richer scorer into the SAME slot; the gate logic is untouched.
|
|
15
|
+
- `RelationshipAnomalyScorer.assess` (new) — add — produces a 0..1 anomaly SIGNAL (no blocking authority of its own). It is consumed by the gate; it never blocks/allows directly.
|
|
16
|
+
- `RelationshipBehaviorStore.record` (new) — add — append/aggregate per-principal baseline; pure data, no decision.
|
|
17
|
+
- `SlackPermissionObserver.recordBehavior` (new) — add — feeds the baseline observe-only; no decision, no block.
|
|
18
|
+
- `GET /permissions/baselines` (new route) — add — read-only inspection; no decision surface.
|
|
19
|
+
|
|
20
|
+
---
|
|
21
|
+
|
|
22
|
+
## 1. Over-block
|
|
23
|
+
|
|
24
|
+
**What legitimate inputs does this change reject that it shouldn't?**
|
|
25
|
+
|
|
26
|
+
In OBSERVE-ONLY mode (the only mode this ships in): NONE. No message is ever blocked or challenged — the step-up verdict is logged, never acted on (the observer's `enforce` flag stays false; this PR does not enable enforce).
|
|
27
|
+
|
|
28
|
+
For the FUTURE enforce path (data-gated, not enabled here), the relevant over-fire is a spurious step-up: e.g. a legitimate owner who genuinely changes their behavior (new role, travels to a new timezone shifting their hour-of-day, suddenly writes longer messages). The scorer mitigates this conservatively: a thin baseline (< establishedMin=5 interactions) suppresses the action/tier/style signals entirely (no "out of character" without an established "character"); a no-baseline principal scores 0 (no fabricated step-up); and anomaly can ONLY raise the bar on a request that was ALREADY going to be allowed — it never invents a new gate. The composition (§7.4) means an over-fire's worst case is "I'd like to confirm it's really you via your known channel," not a hard deny.
|
|
29
|
+
|
|
30
|
+
---
|
|
31
|
+
|
|
32
|
+
## 2. Under-block
|
|
33
|
+
|
|
34
|
+
**What failure modes does this still miss?**
|
|
35
|
+
|
|
36
|
+
- A compromised account that mimics the principal's exact style/cadence/action repertoire and avoids urgency language scores low — the behavioral factor is a probabilistic signal, not a guarantee (by design; §7 frames it as "feeling something off," not proof).
|
|
37
|
+
- The deterministic style signal is coarse (message LENGTH z-score only). A content-level voice mismatch is only caught when the optional LLM style check is enabled (and even then only on a clear MISMATCH).
|
|
38
|
+
- A NEW principal (no baseline) has no "character," so a first-ever out-of-character request from a brand-new compromised account scores 0. This is the documented conservative choice: the FLOOR (RolePolicy) still protects the dangerous action regardless — a new owner still needs owner-role authority for a floor action; anomaly is an ADD-ON tightener, not the floor.
|
|
39
|
+
- Off-cadence detection uses local server hour vs the principal's recorded hour histogram; a principal who legitimately works irregular hours has a flat histogram and rarely trips off-cadence (acceptable — fewer false positives).
|
|
40
|
+
|
|
41
|
+
These are acceptable for an observe-only second factor whose entire purpose is to be MEASURED (FP/FN rate) before it ever enforces.
|
|
42
|
+
|
|
43
|
+
---
|
|
44
|
+
|
|
45
|
+
## 3. Level-of-abstraction fit
|
|
46
|
+
|
|
47
|
+
This is correctly a DETECTOR (a signal producer), not an authority. `RelationshipAnomalyScorer` returns a score + reasons; it holds no block/allow authority. The AUTHORITY remains `SlackPermissionGate`, which already owns the deterministic Layer-0 floor and the role ceilings — the dangerous decisions stay in code, not in the brittle scorer. The scorer FEEDS the gate's existing step-up slot rather than running parallel to it. The durable baseline is a dedicated store rather than a retrofit onto the generic `RelationshipManager`: the generic manager has no structured per-request SHAPE history (action-tier/hour histograms, length stats) and adding privacy-sensitive structured tracking to it would over-couple a cross-platform memory system to a Slack-permission concern. The new store is small, Slack-scoped, and content-free — the right layer. This mirrors how the rest of the permissions module is decoupled (it imports nothing from core; deps are injected).
|
|
48
|
+
|
|
49
|
+
---
|
|
50
|
+
|
|
51
|
+
## 4. Signal vs authority compliance
|
|
52
|
+
|
|
53
|
+
**Required reference:** [docs/signal-vs-authority.md](../../docs/signal-vs-authority.md)
|
|
54
|
+
|
|
55
|
+
- [x] No — this change produces a SIGNAL consumed by an existing smart gate.
|
|
56
|
+
|
|
57
|
+
`RelationshipAnomalyScorer` is a pure signal producer: it returns `{ score, reasons }` and never blocks. The `SlackPermissionGate` (the authority) consumes that signal and is the only thing that produces a verdict — and even then, anomaly can ONLY raise a would-be-allowed floor action to step-up; it can never turn a refuse into an allow (verified by the "anomaly can only RAISE the bar" test). The OPTIONAL LLM style check is `gating: true` (provider-swaps at the IntelligenceRouter) and fails CLOSED (any failure omits its contribution; it never widens) — compliant with the No-Silent-Degradation standard. The deterministic signals stand alone with no LLM dependency, so the dangerous path never depends on an LLM.
|
|
58
|
+
|
|
59
|
+
---
|
|
60
|
+
|
|
61
|
+
## 5. Interactions
|
|
62
|
+
|
|
63
|
+
- **Shadowing:** The scorer runs INSIDE `SlackPermissionGate.evaluate`, only on the would-allow-a-floor-action branch (after the deterministic floor + grant check). It cannot shadow the floor check — the floor runs first and a refuse is returned before the scorer is ever consulted. Verified by the member-floor-request test (stays a refuse).
|
|
64
|
+
- **Double-fire:** The observer records the baseline AND the existing decision ledger records the verdict on the same `observe()` call — two distinct append-only writes to two distinct files, no contention. Baseline recording is gated to directed requests only (overheard chatter is excluded), so channel noise doesn't pollute the baseline.
|
|
65
|
+
- **Races:** `RelationshipBehaviorStore` writes via temp-file + rename (atomic-ish) so a crash mid-write can't truncate the baseline. It is per-principal-keyed within a single JSON file; the single-writer model matches the registry `conflictShape: single-writer`. The observer is the only writer in production.
|
|
66
|
+
- **Feedback loops:** The baseline is fed by observed traffic and read by the scorer — but recording is post-verdict and never influences the SAME message's verdict (the verdict is computed from the baseline AS-OF-BEFORE this message). No self-reinforcing loop within a turn.
|
|
67
|
+
|
|
68
|
+
---
|
|
69
|
+
|
|
70
|
+
## 6. External surfaces
|
|
71
|
+
|
|
72
|
+
- **Other agents / install base:** None. The feature ships DARK behind `slack.permissionGate.relationshipAnomaly.enabled` (default off). With the flag off, `server.ts` keeps the existing `HeuristicAnomalyScorer` (urgency-only) exactly as before — byte-for-byte unchanged behavior for every existing agent. No CLAUDE.md template or PostUpdateMigrator change (consistent with Slices 0/1/2, which also added nothing there — this is internal server-wired config, not an agent-installed file or a conversational capability).
|
|
73
|
+
- **External systems (Slack):** No change to Slack message handling. Observe-only: nothing is sent, blocked, or reacted-to differently.
|
|
74
|
+
- **Persistent state:** Adds ONE new state file `slack-relationship-baselines.json` (registered in the coherence registry, machine-local, content-free SHAPE aggregates). It is only written when the feature is enabled AND a behaviorStore is wired; otherwise the file never exists.
|
|
75
|
+
- **New read route:** `GET /permissions/baselines` returns SHAPE aggregates only (verified by a test asserting no message content appears in the payload).
|
|
76
|
+
- **Timing/runtime:** Off-cadence uses server-local hour; documented limitation, no correctness dependency.
|
|
77
|
+
|
|
78
|
+
---
|
|
79
|
+
|
|
80
|
+
## 7. Rollback cost
|
|
81
|
+
|
|
82
|
+
Pure additive code change, ships dark. Rollback = revert the commit and ship a patch; no migration, no agent-state repair, no user-visible regression (the feature was never on by default). The new state file, if any agent had enabled the feature, is a self-contained machine-local JSON that can be deleted with no downstream effect (the scorer treats a missing baseline as "no baseline" → score 0). The new coherence-registry category is descriptive metadata; removing it has no runtime effect. Estimated rollback: one revert commit, zero downtime.
|
|
83
|
+
|
|
84
|
+
## Conclusion
|
|
85
|
+
|
|
86
|
+
The review produced no design changes — the change was built as a signal producer feeding the existing authority from the start, and ships observe-only/dark, matching the spec's §7.6 ("the anomaly detector ships dark/observe-only; logs would-be step-ups; nothing gates until the FP rate is known-good"). The conservative no-baseline / thin-baseline behavior is the documented, deliberate choice (don't fabricate a step-up you can't justify from history; the floor protects the dangerous action regardless). The optional LLM style check is fail-closed and add-only. The deterministic core has no LLM dependency. Clear to ship as a dark/observe-only Phase 3 increment pending the spec's convergence gate (the spec is operator-approved but `review-convergence: pending`, so this lands as a Tier-2 increment behind that gate).
|
|
87
|
+
|
|
88
|
+
---
|
|
89
|
+
|
|
90
|
+
## Second-pass review (independent adversarial — "gate"-class change)
|
|
91
|
+
|
|
92
|
+
**Verdict: CONCUR on all five invariants, with one substantive CONCERN (baseline-poisoning) — mitigation #1 applied + regression-tested in this PR; deeper mitigations tracked as follow-ups.**
|
|
93
|
+
|
|
94
|
+
The independent adversarial reviewer verified against the code: (1) anomaly only RAISES a would-be-allowed floor verdict to step-up — it can never convert a refuse to allow, weaken the floor, or suppress a required step-up (the score is consulted only after the deterministic deny-by-default floor check passes); (2) message text cannot LOWER the deterministic score (shape-based; the urgency regex + length z-score are add-only) and the optional LLM check is strictly add-only (a prompt-injected "this is the real CEO" → MATCH/empty/unparseable → adds nothing); (3) the store persists SHAPE only (no text/topics; tests + the route assert it); (4) observe-only + dark default confirmed; (5) no authority-by-suspicion (new/thin baseline → no spurious step-up; the floor still protects).
|
|
95
|
+
|
|
96
|
+
**CONCERN — baseline poisoning (was real):** the highest-weight signal (out-of-character action, 0.45) fired only when `actionCounts[action] === 0`, so a patient attacker / slowly-compromised account could seed a single prior observation to permanently disable it; the reviewer reproduced a poisoned baseline scoring 0.45 < the 0.5 step-up threshold → no step-up. It was a follow-up (not a merge blocker) since the change ships observe-only and the deterministic floor still requires owner/grant regardless — but it had to be closed before enforcement is ever turned on (the whole value of Pillar 3 is catching a *legitimately-authorized* account behaving out of character, which is exactly what poisoning targets).
|
|
97
|
+
|
|
98
|
+
**Mitigation #1 APPLIED in this PR (`RelationshipAnomalyScorer.ts`):** the out-of-character signal now fires when the action's SHARE is below a floor (`rareActionShareFloor`, default 0.10), not only when never-seen, with the weight scaled by rarity (full at never-seen → 0 at the floor) so a genuinely-routine action never trips it. Regression test added (the reviewer's exact poisoned baseline — 50 reads + 2 seeded money-movement obs → the malicious request now scores ≥ 0.5 and the rare-action signal still names it). **Follow-ups tracked (deeper poisoning resistance):** (#2) recency/EWMA-decay weighting so a recent burst can't durably reshape the histogram; (#3) a minimum-baseline-AGE gate (using the existing `firstSeen`) + a per-principal observation-rate cap. These are schema-touching and not required while observe-only — to be done before the enforce flip.
|
|
99
|
+
|
|
100
|
+
---
|
|
101
|
+
|
|
102
|
+
## Evidence pointers
|
|
103
|
+
|
|
104
|
+
- `tests/unit/slack-relationship-anomaly.test.ts` — 19 tests (store durability/privacy, five-signal scoring, no-baseline conservatism, confidence scaling, LLM fail-closed, gate composition, observer recording).
|
|
105
|
+
- `tests/integration/permissions-routes.test.ts` — `GET /permissions/baselines` route (SHAPE-only, single-principal, empty-state).
|
|
106
|
+
- `npx tsc --noEmit` — clean. `npm run lint` — clean (state-registry lint accepts the new category; no-silent-llm-fallback ratchet accepts the gating:true style-check callsite).
|
|
107
|
+
- Spec: `docs/specs/SLACK-ORG-INTEGRATION-SPEC.md` §7.1–7.4, §7.6.
|