instar 1.3.446 → 1.3.448
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/server.d.ts.map +1 -1
- package/dist/commands/server.js +22 -2
- package/dist/commands/server.js.map +1 -1
- package/dist/core/types.d.ts +12 -0
- package/dist/core/types.d.ts.map +1 -1
- package/dist/core/types.js.map +1 -1
- package/dist/monitoring/SessionWatchdog.d.ts +22 -1
- package/dist/monitoring/SessionWatchdog.d.ts.map +1 -1
- package/dist/monitoring/SessionWatchdog.js +35 -5
- package/dist/monitoring/SessionWatchdog.js.map +1 -1
- package/dist/permissions/RelationshipAnomalyScorer.d.ts +123 -0
- package/dist/permissions/RelationshipAnomalyScorer.d.ts.map +1 -0
- package/dist/permissions/RelationshipAnomalyScorer.js +249 -0
- package/dist/permissions/RelationshipAnomalyScorer.js.map +1 -0
- package/dist/permissions/RelationshipBehaviorStore.d.ts +90 -0
- package/dist/permissions/RelationshipBehaviorStore.d.ts.map +1 -0
- package/dist/permissions/RelationshipBehaviorStore.js +156 -0
- package/dist/permissions/RelationshipBehaviorStore.js.map +1 -0
- package/dist/permissions/SlackPermissionObserver.d.ts +24 -0
- package/dist/permissions/SlackPermissionObserver.d.ts.map +1 -1
- package/dist/permissions/SlackPermissionObserver.js +35 -0
- package/dist/permissions/SlackPermissionObserver.js.map +1 -1
- package/dist/permissions/index.d.ts +2 -0
- package/dist/permissions/index.d.ts.map +1 -1
- package/dist/permissions/index.js +2 -0
- package/dist/permissions/index.js.map +1 -1
- package/dist/server/routes.d.ts.map +1 -1
- package/dist/server/routes.js +19 -0
- package/dist/server/routes.js.map +1 -1
- package/package.json +1 -1
- package/src/data/builtin-manifest.json +46 -46
- package/src/data/state-coherence-registry.json +12 -0
- package/upgrades/1.3.447.md +27 -0
- package/upgrades/1.3.448.md +97 -0
- package/upgrades/side-effects/slack-relationship-stepup.md +107 -0
- package/upgrades/side-effects/watchdog-stuck-failclosed.md +70 -0
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/commands/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAaH,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAS3D,OAAO,EAAE,eAAe,EAAiC,MAAM,iCAAiC,CAAC;AAuBjG,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAGvD,OAAO,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAiG7D,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAsBtD;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,yBAAyB,CACvC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,gBAAgB,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAC1C,OAAO,CAUT;AAyID,UAAU,YAAY;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;2DACuD;IACvD,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AA05BD,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,eAAe,EACzB,cAAc,EAAE,cAAc,EAC9B,YAAY,CAAC,EAAE,YAAY,EAC3B,WAAW,CAAC,EAAE,WAAW,EACzB,WAAW,CAAC,EAAE,WAAW,EACzB,iBAAiB,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,EAGvE,UAAU,CAAC,EAAE,MAAM,OAAO,8BAA8B,EAAE,WAAW,GAAG,IAAI,EAK5E,qBAAqB,CAAC,EAAE,MAAM,OAAO,gCAAgC,EAAE,kBAAkB,GAAG,IAAI,EAKhG,mBAAmB,CAAC,EAAE,MAAM,MAAM,GAAG,IAAI,GAAG,SAAS,GACpD,IAAI,CA0UN;AA2lBD,wBAAsB,WAAW,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/commands/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAaH,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAS3D,OAAO,EAAE,eAAe,EAAiC,MAAM,iCAAiC,CAAC;AAuBjG,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAGvD,OAAO,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAiG7D,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAsBtD;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,yBAAyB,CACvC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,gBAAgB,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAC1C,OAAO,CAUT;AAyID,UAAU,YAAY;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;2DACuD;IACvD,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AA05BD,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,eAAe,EACzB,cAAc,EAAE,cAAc,EAC9B,YAAY,CAAC,EAAE,YAAY,EAC3B,WAAW,CAAC,EAAE,WAAW,EACzB,WAAW,CAAC,EAAE,WAAW,EACzB,iBAAiB,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,EAGvE,UAAU,CAAC,EAAE,MAAM,OAAO,8BAA8B,EAAE,WAAW,GAAG,IAAI,EAK5E,qBAAqB,CAAC,EAAE,MAAM,OAAO,gCAAgC,EAAE,kBAAkB,GAAG,IAAI,EAKhG,mBAAmB,CAAC,EAAE,MAAM,MAAM,GAAG,IAAI,GAAG,SAAS,GACpD,IAAI,CA0UN;AA2lBD,wBAAsB,WAAW,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CA20UtE;AAED,wBAAsB,UAAU,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAsDzE;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,aAAa,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAuD5E"}
|
package/dist/commands/server.js
CHANGED
|
@@ -4255,7 +4255,7 @@ export async function startServer(options) {
|
|
|
4255
4255
|
const slackCfg = slackConfig.config;
|
|
4256
4256
|
const pgCfg = slackCfg.permissionGate;
|
|
4257
4257
|
if (pgCfg && (pgCfg.observeOnly || pgCfg.enforce)) {
|
|
4258
|
-
const { SlackPermissionObserver, SlackPrincipalResolver, SlackPermissionGate, PermissionDecisionLedger, RolePolicy, HeuristicIntentClassifier, LlmIntentClassifier, HeuristicAnomalyScorer, MandateBackedGrantStore, } = await import('../permissions/index.js');
|
|
4258
|
+
const { SlackPermissionObserver, SlackPrincipalResolver, SlackPermissionGate, PermissionDecisionLedger, RolePolicy, HeuristicIntentClassifier, LlmIntentClassifier, HeuristicAnomalyScorer, RelationshipBehaviorStore, RelationshipAnomalyScorer, MandateBackedGrantStore, } = await import('../permissions/index.js');
|
|
4259
4259
|
// Own UserManager instance for verified-principal resolution (the
|
|
4260
4260
|
// Telegram-block userManager is out of scope here). Reads users.json.
|
|
4261
4261
|
const slackUserManager = new UserManager(config.stateDir, config.users);
|
|
@@ -4314,6 +4314,24 @@ export async function startServer(options) {
|
|
|
4314
4314
|
else {
|
|
4315
4315
|
intentClassifier = new HeuristicIntentClassifier();
|
|
4316
4316
|
}
|
|
4317
|
+
// ── Pillar 3 relationship-aware anomaly second factor (DARK by default) ──
|
|
4318
|
+
// With `relationshipAnomaly.enabled`, wire the durable behavioral baseline
|
|
4319
|
+
// store + the RelationshipAnomalyScorer. The baseline grows from observed
|
|
4320
|
+
// traffic (recorded SHAPE only, never content) via the observer. With the
|
|
4321
|
+
// flag OFF, we keep the placeholder HeuristicAnomalyScorer (urgency-only)
|
|
4322
|
+
// exactly as before — nothing changes.
|
|
4323
|
+
const raCfg = pgCfg.relationshipAnomaly;
|
|
4324
|
+
let anomalyScorer = new HeuristicAnomalyScorer();
|
|
4325
|
+
let behaviorStore;
|
|
4326
|
+
if (raCfg?.enabled && config.stateDir) {
|
|
4327
|
+
behaviorStore = new RelationshipBehaviorStore(config.stateDir);
|
|
4328
|
+
anomalyScorer = new RelationshipAnomalyScorer(behaviorStore, {
|
|
4329
|
+
useLlmStyleCheck: raCfg.useLlmStyleCheck === true,
|
|
4330
|
+
// Fail-closed LLM style check uses the shared internal provider when present.
|
|
4331
|
+
intelligence: sharedIntelligence ?? undefined,
|
|
4332
|
+
});
|
|
4333
|
+
console.log(`[slack] relationship-aware anomaly scorer attached (observe-only baseline; LLM style check ${raCfg.useLlmStyleCheck ? 'ON' : 'off'})`);
|
|
4334
|
+
}
|
|
4317
4335
|
const observer = new SlackPermissionObserver({
|
|
4318
4336
|
resolver: new SlackPrincipalResolver({
|
|
4319
4337
|
resolveFromSlackUserId: (id) => slackUserManager.resolveFromSlackUserId(id),
|
|
@@ -4321,11 +4339,13 @@ export async function startServer(options) {
|
|
|
4321
4339
|
gate: new SlackPermissionGate({
|
|
4322
4340
|
rolePolicy: new RolePolicy(),
|
|
4323
4341
|
classifier: intentClassifier,
|
|
4324
|
-
anomalyScorer
|
|
4342
|
+
anomalyScorer,
|
|
4325
4343
|
grants: grantStore,
|
|
4344
|
+
...(raCfg?.stepUpThreshold !== undefined ? { stepUpThreshold: raCfg.stepUpThreshold } : {}),
|
|
4326
4345
|
}),
|
|
4327
4346
|
ledger: new PermissionDecisionLedger(config.stateDir),
|
|
4328
4347
|
enforce: pgCfg.enforce === true,
|
|
4348
|
+
behaviorStore,
|
|
4329
4349
|
});
|
|
4330
4350
|
slackAdapter.setPermissionObserver(observer);
|
|
4331
4351
|
console.log(`[slack] permission gate attached (${pgCfg.enforce ? 'ENFORCE' : 'observe-only'})`);
|