instar 1.3.455 → 1.3.456
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/server.d.ts.map +1 -1
- package/dist/commands/server.js +9 -8
- package/dist/commands/server.js.map +1 -1
- package/dist/core/devAgentGate.d.ts +39 -0
- package/dist/core/devAgentGate.d.ts.map +1 -0
- package/dist/core/devAgentGate.js +37 -0
- package/dist/core/devAgentGate.js.map +1 -0
- package/dist/server/AgentServer.d.ts.map +1 -1
- package/dist/server/AgentServer.js +3 -2
- package/dist/server/AgentServer.js.map +1 -1
- package/dist/server/routes.d.ts.map +1 -1
- package/dist/server/routes.js +2 -1
- package/dist/server/routes.js.map +1 -1
- package/package.json +4 -2
- package/scripts/lint-dev-agent-dark-gate.js +196 -0
- package/scripts/lint-no-direct-destructive.js +4 -0
- package/src/data/builtin-manifest.json +47 -47
- package/upgrades/1.3.456.md +33 -0
- package/upgrades/side-effects/dev-agent-dark-gate-lint.md +104 -0
|
@@ -0,0 +1,104 @@
|
|
|
1
|
+
# Side-Effects Review — Dev-Agent Dark-Gate Conformance Guard (Slice 1)
|
|
2
|
+
|
|
3
|
+
**Change:** Add a structural guard for the `developmentAgent` dark-feature gate
|
|
4
|
+
so a feature can't ship dark on dev agents by hand-rolling/forgetting the gate
|
|
5
|
+
(the PR #1001 miss). Slice 1:
|
|
6
|
+
- `src/core/devAgentGate.ts` — `resolveDevAgentGate(explicit, config)` funnel
|
|
7
|
+
(`explicit ?? !!config?.developmentAgent`).
|
|
8
|
+
- `scripts/lint-dev-agent-dark-gate.js` — assertion A (no hand-rolled
|
|
9
|
+
`?? !!<x>.developmentAgent` outside the funnel) + assertion B (no hardcoded
|
|
10
|
+
`enabled: false` under a dev-gate marker comment in `ConfigDefaults.ts`).
|
|
11
|
+
Wired into the `lint` npm script (Repo Invariants CI).
|
|
12
|
+
- Migrated the 11 existing hand-rolled sites in `src/server/AgentServer.ts`,
|
|
13
|
+
`src/commands/server.ts`, and `src/server/routes.ts` to the funnel
|
|
14
|
+
(behavior-identical). Assertion B is brace-matched on the config block (not a
|
|
15
|
+
fixed line window) — the fix for the convergence-review finding that a long
|
|
16
|
+
marker comment hid the growthAnalyst block from the original window.
|
|
17
|
+
|
|
18
|
+
**Files:**
|
|
19
|
+
- `src/core/devAgentGate.ts` (new), `tests/unit/devAgentGate.test.ts` (new, 8).
|
|
20
|
+
- `scripts/lint-dev-agent-dark-gate.js` (new), `tests/unit/lint-dev-agent-dark-gate.test.ts` (new, 7).
|
|
21
|
+
- `src/server/AgentServer.ts`, `src/commands/server.ts`, `src/server/routes.ts` — 11 call sites + imports.
|
|
22
|
+
- `scripts/lint-no-direct-destructive.js` — allowlist the new lint (reads
|
|
23
|
+
`git diff --cached` for `--staged`, same as its siblings).
|
|
24
|
+
- `package.json` — `lint` script + two convenience scripts.
|
|
25
|
+
- `tests/unit/growth-analyst-gate-wiring.test.ts`, `tests/unit/resource-sampler-wiring.test.ts`
|
|
26
|
+
— source-pattern assertions updated to the funnel form.
|
|
27
|
+
- `docs/specs/DEV-AGENT-DARK-GATE-CONFORMANCE-SPEC.md` (the design).
|
|
28
|
+
|
|
29
|
+
## 1. Over-block — what legitimate inputs does this reject that it shouldn't?
|
|
30
|
+
Assertion A bans `?? !!<x>.developmentAgent` everywhere but the funnel. A future
|
|
31
|
+
legitimate need to read `config.developmentAgent` for a non-gate purpose (e.g.
|
|
32
|
+
logging which agent kind it is) would trip it. Mitigation: the regex requires the
|
|
33
|
+
`?? ` nullish-coalesce immediately before `.developmentAgent`, so a bare
|
|
34
|
+
`config.developmentAgent` read does NOT match — only the gate-resolution shape
|
|
35
|
+
does. Assertion B only fires on `enabled: false` in *code* lines within 8 lines
|
|
36
|
+
of a dev-gate marker comment in `ConfigDefaults.ts`; `enabled: true` (fleet-flip)
|
|
37
|
+
and comment prose are deliberately not flagged. Verified clean on the real tree
|
|
38
|
+
(the convention's own documentation does not trip it).
|
|
39
|
+
|
|
40
|
+
## 2. Under-block — what failure modes does this still miss?
|
|
41
|
+
The honest, central limit (named in the spec's layer table): **a feature that
|
|
42
|
+
should be dev-gated but omits the gate entirely** is invisible to both
|
|
43
|
+
assertions — there is no `?? developmentAgent` to flag and no marker comment to
|
|
44
|
+
anchor on. That is exactly the #1001 *shape* (it had a hardcoded `enabled: false`
|
|
45
|
+
default and a `=== true` construction with no gate). Assertion B catches the
|
|
46
|
+
`enabled: false`-under-marker variant, but not a gate-less feature with no
|
|
47
|
+
marker. The layer that truly catches forgot-entirely is the both-sides wiring
|
|
48
|
+
test over a dev-gated-feature registry (Slice 2) and the spec-intent cross-check
|
|
49
|
+
(Slice 3) — explicitly deferred and tracked (CMT-1253), not silently skipped.
|
|
50
|
+
|
|
51
|
+
## 3. Level-of-abstraction fit — right layer?
|
|
52
|
+
Yes. The funnel mirrors the established single-funnel pattern (SafeFsExecutor,
|
|
53
|
+
SafeGitExecutor); the lint joins the existing `lint-*` family run in Repo
|
|
54
|
+
Invariants. The guard lives in CI (the same layer that already enforces
|
|
55
|
+
no-direct-destructive, no-unfunneled-topic-creation, etc.), not in a prompt.
|
|
56
|
+
|
|
57
|
+
## 4. Signal vs authority compliance (docs/signal-vs-authority.md)
|
|
58
|
+
The lint is AUTHORITY (it fails CI / blocks a commit) — appropriate, identical to
|
|
59
|
+
its lint siblings: a deterministic, mechanical invariant with a clear fix
|
|
60
|
+
message, not a judgment call. The runtime helper is pure and behavior-identical
|
|
61
|
+
to the code it replaces, so it holds no new authority over runtime behavior.
|
|
62
|
+
|
|
63
|
+
## 5. Interactions — shadowing, double-fire, races?
|
|
64
|
+
None. The helper is a pure function with no state. The lint reads files only. The
|
|
65
|
+
migration is a mechanical rewrite (`X ?? !!c.developmentAgent` →
|
|
66
|
+
`resolveDevAgentGate(X, c)`) that `tsc --noEmit` confirms type-identical;
|
|
67
|
+
`resolveDevAgentGate` returns exactly `X ?? !!c?.developmentAgent`, so every
|
|
68
|
+
migrated gate resolves to the same boolean as before for all inputs.
|
|
69
|
+
|
|
70
|
+
## 6. External surfaces — visible to other agents/users/systems?
|
|
71
|
+
None. No routes, no config, no agent-installed files, no Telegram. Purely
|
|
72
|
+
repo-internal source + CI. No Migration Parity entry needed (the spec's Migration
|
|
73
|
+
Parity section says so explicitly).
|
|
74
|
+
|
|
75
|
+
## 7. Rollback cost — back-out if wrong?
|
|
76
|
+
Trivial and low-blast-radius. Revert the lint line in `package.json` to disable
|
|
77
|
+
the CI gate instantly; revert the migration commits to restore the hand-rolled
|
|
78
|
+
sites (behavior was never changed, so a revert is a no-op at runtime). No data,
|
|
79
|
+
no state, no deployed artifact to unwind.
|
|
80
|
+
|
|
81
|
+
## No deferrals
|
|
82
|
+
Slices 2 (registry + both-sides wiring test) and 3 (spec-intent cross-check) are
|
|
83
|
+
NOT deferrals of this slice's scope — they are the explicitly-scoped follow-on
|
|
84
|
+
layers named in the spec and tracked as commitment CMT-1253, so the gap is
|
|
85
|
+
visible and re-surfaced, not dropped.
|
|
86
|
+
|
|
87
|
+
## Second-pass review (independent)
|
|
88
|
+
**Done — via /spec-converge (5 internal reviewers, 2 iterations; report at
|
|
89
|
+
docs/specs/reports/dev-agent-dark-gate-conformance-convergence.md).** The
|
|
90
|
+
independent pass found three material issues that this change now fixes:
|
|
91
|
+
1. **Assertion B silently no-op'd on its origin case.** The original fixed 8-line
|
|
92
|
+
window missed the real growthAnalyst block (its ~10-line marker comment pushed
|
|
93
|
+
the fields out of range) — empirically, an injected `enabled: false` reported
|
|
94
|
+
"clean." Fixed by brace-matching the block; re-tested: now caught, real tree
|
|
95
|
+
still clean.
|
|
96
|
+
2. **An 11th un-migrated site + regex blind spot.** `routes.ts` used
|
|
97
|
+
`?? Boolean(ctx.config.developmentAgent)` — missed by the `!!`-only first pass
|
|
98
|
+
and unmatched by the lint. Migrated; regex broadened to `!!`/`Boolean(`/bracket.
|
|
99
|
+
3. **Spec overclaim.** Softened "catches #1001 directly" → "when gate-marked" and
|
|
100
|
+
"only legal path" → "for the realistic spellings"; layer table now names the
|
|
101
|
+
alias/wrapper and markerless misses.
|
|
102
|
+
Round 2 (lessons-aware + adversarial) returned CONVERGED — no material findings.
|
|
103
|
+
Security and scalability reviewers found nothing material (fails safe toward
|
|
104
|
+
dark-on-fleet; ~0.3s scan, no regex backtracking).
|