instar 1.3.459 → 1.3.461

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,8 +1,8 @@
1
1
  {
2
2
  "$schema": "./builtin-manifest.schema.json",
3
3
  "schemaVersion": 1,
4
- "generatedAt": "2026-06-10T02:35:41.285Z",
5
- "instarVersion": "1.3.459",
4
+ "generatedAt": "2026-06-10T03:19:26.946Z",
5
+ "instarVersion": "1.3.461",
6
6
  "entryCount": 199,
7
7
  "entries": {
8
8
  "hook:session-start": {
@@ -418,7 +418,7 @@
418
418
  "type": "route-group",
419
419
  "domain": "monitoring",
420
420
  "sourcePath": "src/server/routes.ts",
421
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
421
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
422
422
  "since": "2025-01-01"
423
423
  },
424
424
  "route-group:agents": {
@@ -426,7 +426,7 @@
426
426
  "type": "route-group",
427
427
  "domain": "sessions",
428
428
  "sourcePath": "src/server/routes.ts",
429
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
429
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
430
430
  "since": "2025-01-01"
431
431
  },
432
432
  "route-group:backups": {
@@ -434,7 +434,7 @@
434
434
  "type": "route-group",
435
435
  "domain": "operations",
436
436
  "sourcePath": "src/server/routes.ts",
437
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
437
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
438
438
  "since": "2025-01-01"
439
439
  },
440
440
  "route-group:git": {
@@ -442,7 +442,7 @@
442
442
  "type": "route-group",
443
443
  "domain": "coordination",
444
444
  "sourcePath": "src/server/routes.ts",
445
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
445
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
446
446
  "since": "2025-01-01"
447
447
  },
448
448
  "route-group:memory": {
@@ -450,7 +450,7 @@
450
450
  "type": "route-group",
451
451
  "domain": "memory",
452
452
  "sourcePath": "src/server/routes.ts",
453
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
453
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
454
454
  "since": "2025-01-01"
455
455
  },
456
456
  "route-group:semantic": {
@@ -458,7 +458,7 @@
458
458
  "type": "route-group",
459
459
  "domain": "memory",
460
460
  "sourcePath": "src/server/routes.ts",
461
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
461
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
462
462
  "since": "2025-01-01"
463
463
  },
464
464
  "route-group:status": {
@@ -466,7 +466,7 @@
466
466
  "type": "route-group",
467
467
  "domain": "monitoring",
468
468
  "sourcePath": "src/server/routes.ts",
469
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
469
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
470
470
  "since": "2025-01-01"
471
471
  },
472
472
  "route-group:capabilities": {
@@ -474,7 +474,7 @@
474
474
  "type": "route-group",
475
475
  "domain": "mapping",
476
476
  "sourcePath": "src/server/routes.ts",
477
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
477
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
478
478
  "since": "2025-01-01"
479
479
  },
480
480
  "route-group:project-map": {
@@ -482,7 +482,7 @@
482
482
  "type": "route-group",
483
483
  "domain": "mapping",
484
484
  "sourcePath": "src/server/routes.ts",
485
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
485
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
486
486
  "since": "2025-01-01"
487
487
  },
488
488
  "route-group:coherence": {
@@ -490,7 +490,7 @@
490
490
  "type": "route-group",
491
491
  "domain": "coherence",
492
492
  "sourcePath": "src/server/routes.ts",
493
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
493
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
494
494
  "since": "2025-01-01"
495
495
  },
496
496
  "route-group:topic-bindings": {
@@ -498,7 +498,7 @@
498
498
  "type": "route-group",
499
499
  "domain": "sessions",
500
500
  "sourcePath": "src/server/routes.ts",
501
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
501
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
502
502
  "since": "2025-01-01"
503
503
  },
504
504
  "route-group:context": {
@@ -506,7 +506,7 @@
506
506
  "type": "route-group",
507
507
  "domain": "context",
508
508
  "sourcePath": "src/server/routes.ts",
509
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
509
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
510
510
  "since": "2025-01-01"
511
511
  },
512
512
  "route-group:scope-coherence": {
@@ -514,7 +514,7 @@
514
514
  "type": "route-group",
515
515
  "domain": "coherence",
516
516
  "sourcePath": "src/server/routes.ts",
517
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
517
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
518
518
  "since": "2025-01-01"
519
519
  },
520
520
  "route-group:canonical-state": {
@@ -522,7 +522,7 @@
522
522
  "type": "route-group",
523
523
  "domain": "state",
524
524
  "sourcePath": "src/server/routes.ts",
525
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
525
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
526
526
  "since": "2025-01-01"
527
527
  },
528
528
  "route-group:ci": {
@@ -530,7 +530,7 @@
530
530
  "type": "route-group",
531
531
  "domain": "monitoring",
532
532
  "sourcePath": "src/server/routes.ts",
533
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
533
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
534
534
  "since": "2025-01-01"
535
535
  },
536
536
  "route-group:sessions": {
@@ -538,7 +538,7 @@
538
538
  "type": "route-group",
539
539
  "domain": "sessions",
540
540
  "sourcePath": "src/server/routes.ts",
541
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
541
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
542
542
  "since": "2025-01-01"
543
543
  },
544
544
  "route-group:jobs": {
@@ -546,7 +546,7 @@
546
546
  "type": "route-group",
547
547
  "domain": "scheduling",
548
548
  "sourcePath": "src/server/routes.ts",
549
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
549
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
550
550
  "since": "2025-01-01"
551
551
  },
552
552
  "route-group:skip-ledger": {
@@ -554,7 +554,7 @@
554
554
  "type": "route-group",
555
555
  "domain": "scheduling",
556
556
  "sourcePath": "src/server/routes.ts",
557
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
557
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
558
558
  "since": "2025-01-01"
559
559
  },
560
560
  "route-group:telegram": {
@@ -562,7 +562,7 @@
562
562
  "type": "route-group",
563
563
  "domain": "communication",
564
564
  "sourcePath": "src/server/routes.ts",
565
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
565
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
566
566
  "since": "2025-01-01"
567
567
  },
568
568
  "route-group:attention": {
@@ -570,7 +570,7 @@
570
570
  "type": "route-group",
571
571
  "domain": "communication",
572
572
  "sourcePath": "src/server/routes.ts",
573
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
573
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
574
574
  "since": "2025-01-01"
575
575
  },
576
576
  "route-group:relationships": {
@@ -578,7 +578,7 @@
578
578
  "type": "route-group",
579
579
  "domain": "relationships",
580
580
  "sourcePath": "src/server/routes.ts",
581
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
581
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
582
582
  "since": "2025-01-01"
583
583
  },
584
584
  "route-group:feedback": {
@@ -586,7 +586,7 @@
586
586
  "type": "route-group",
587
587
  "domain": "feedback",
588
588
  "sourcePath": "src/server/routes.ts",
589
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
589
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
590
590
  "since": "2025-01-01"
591
591
  },
592
592
  "route-group:updates": {
@@ -594,7 +594,7 @@
594
594
  "type": "route-group",
595
595
  "domain": "updates",
596
596
  "sourcePath": "src/server/routes.ts",
597
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
597
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
598
598
  "since": "2025-01-01"
599
599
  },
600
600
  "route-group:dispatches": {
@@ -602,7 +602,7 @@
602
602
  "type": "route-group",
603
603
  "domain": "dispatches",
604
604
  "sourcePath": "src/server/routes.ts",
605
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
605
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
606
606
  "since": "2025-01-01"
607
607
  },
608
608
  "route-group:quota": {
@@ -610,7 +610,7 @@
610
610
  "type": "route-group",
611
611
  "domain": "monitoring",
612
612
  "sourcePath": "src/server/routes.ts",
613
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
613
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
614
614
  "since": "2025-01-01"
615
615
  },
616
616
  "route-group:publishing": {
@@ -618,7 +618,7 @@
618
618
  "type": "route-group",
619
619
  "domain": "publishing",
620
620
  "sourcePath": "src/server/routes.ts",
621
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
621
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
622
622
  "since": "2025-01-01"
623
623
  },
624
624
  "route-group:private-views": {
@@ -626,7 +626,7 @@
626
626
  "type": "route-group",
627
627
  "domain": "publishing",
628
628
  "sourcePath": "src/server/routes.ts",
629
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
629
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
630
630
  "since": "2025-01-01"
631
631
  },
632
632
  "route-group:tunnel": {
@@ -634,7 +634,7 @@
634
634
  "type": "route-group",
635
635
  "domain": "networking",
636
636
  "sourcePath": "src/server/routes.ts",
637
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
637
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
638
638
  "since": "2025-01-01"
639
639
  },
640
640
  "route-group:events": {
@@ -642,7 +642,7 @@
642
642
  "type": "route-group",
643
643
  "domain": "networking",
644
644
  "sourcePath": "src/server/routes.ts",
645
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
645
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
646
646
  "since": "2025-01-01"
647
647
  },
648
648
  "route-group:evolution": {
@@ -650,7 +650,7 @@
650
650
  "type": "route-group",
651
651
  "domain": "evolution",
652
652
  "sourcePath": "src/server/routes.ts",
653
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
653
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
654
654
  "since": "2025-01-01"
655
655
  },
656
656
  "route-group:watchdog": {
@@ -658,7 +658,7 @@
658
658
  "type": "route-group",
659
659
  "domain": "monitoring",
660
660
  "sourcePath": "src/server/routes.ts",
661
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
661
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
662
662
  "since": "2025-01-01"
663
663
  },
664
664
  "route-group:topic-memory": {
@@ -666,7 +666,7 @@
666
666
  "type": "route-group",
667
667
  "domain": "memory",
668
668
  "sourcePath": "src/server/routes.ts",
669
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
669
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
670
670
  "since": "2025-01-01"
671
671
  },
672
672
  "route-group:state-sync": {
@@ -674,7 +674,7 @@
674
674
  "type": "route-group",
675
675
  "domain": "coordination",
676
676
  "sourcePath": "src/server/routes.ts",
677
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
677
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
678
678
  "since": "2025-01-01"
679
679
  },
680
680
  "route-group:intent": {
@@ -682,7 +682,7 @@
682
682
  "type": "route-group",
683
683
  "domain": "intent",
684
684
  "sourcePath": "src/server/routes.ts",
685
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
685
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
686
686
  "since": "2025-01-01"
687
687
  },
688
688
  "route-group:triage": {
@@ -690,7 +690,7 @@
690
690
  "type": "route-group",
691
691
  "domain": "safety",
692
692
  "sourcePath": "src/server/routes.ts",
693
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
693
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
694
694
  "since": "2025-01-01"
695
695
  },
696
696
  "route-group:operations": {
@@ -698,7 +698,7 @@
698
698
  "type": "route-group",
699
699
  "domain": "safety",
700
700
  "sourcePath": "src/server/routes.ts",
701
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
701
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
702
702
  "since": "2025-01-01"
703
703
  },
704
704
  "route-group:sentinel": {
@@ -706,7 +706,7 @@
706
706
  "type": "route-group",
707
707
  "domain": "safety",
708
708
  "sourcePath": "src/server/routes.ts",
709
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
709
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
710
710
  "since": "2025-01-01"
711
711
  },
712
712
  "route-group:trust": {
@@ -714,7 +714,7 @@
714
714
  "type": "route-group",
715
715
  "domain": "safety",
716
716
  "sourcePath": "src/server/routes.ts",
717
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
717
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
718
718
  "since": "2025-01-01"
719
719
  },
720
720
  "route-group:monitoring": {
@@ -722,7 +722,7 @@
722
722
  "type": "route-group",
723
723
  "domain": "monitoring",
724
724
  "sourcePath": "src/server/routes.ts",
725
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
725
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
726
726
  "since": "2025-01-01"
727
727
  },
728
728
  "route-group:commitments": {
@@ -730,7 +730,7 @@
730
730
  "type": "route-group",
731
731
  "domain": "commitments",
732
732
  "sourcePath": "src/server/routes.ts",
733
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
733
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
734
734
  "since": "2025-01-01"
735
735
  },
736
736
  "route-group:episodes": {
@@ -738,7 +738,7 @@
738
738
  "type": "route-group",
739
739
  "domain": "memory",
740
740
  "sourcePath": "src/server/routes.ts",
741
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
741
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
742
742
  "since": "2025-01-01"
743
743
  },
744
744
  "route-group:messages": {
@@ -746,7 +746,7 @@
746
746
  "type": "route-group",
747
747
  "domain": "coordination",
748
748
  "sourcePath": "src/server/routes.ts",
749
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
749
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
750
750
  "since": "2025-01-01"
751
751
  },
752
752
  "route-group:system-reviews": {
@@ -754,7 +754,7 @@
754
754
  "type": "route-group",
755
755
  "domain": "monitoring",
756
756
  "sourcePath": "src/server/routes.ts",
757
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
757
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
758
758
  "since": "2025-01-01"
759
759
  },
760
760
  "route-group:machine-mesh": {
@@ -770,7 +770,7 @@
770
770
  "type": "route-group",
771
771
  "domain": "security",
772
772
  "sourcePath": "src/server/routes.ts",
773
- "contentHash": "eb4defe5f4d62b96e65a44a77d27e716388b052e5eb94d1edf19358f96ee9b5a",
773
+ "contentHash": "1ed553bfb7805aff766d3d95e6e8f65778d535f804d86ba5b6b7916bc36f9068",
774
774
  "since": "2025-01-01"
775
775
  },
776
776
  "cli:init": {
@@ -0,0 +1,44 @@
1
+ # Upgrade Guide — vNEXT
2
+
3
+ <!-- assembled-by: assemble-next-md -->
4
+ <!-- bump: patch -->
5
+
6
+ ## What Changed
7
+
8
+ When two agents on the SAME computer talk over Threadline, a reply could get silently quarantined by
9
+ the anti-hijack guard. The cause: same-computer delivery labels the sender by NAME, but the
10
+ conversation is filed under the sender's FINGERPRINT (derived from their public key) — so the guard
11
+ compared a name against a fingerprint, decided they didn't match, and isolated the reply into a fresh
12
+ empty thread (the conversation "read empty"). The fix teaches the receiving side to work out the
13
+ sender's fingerprint — using the exact same recipe the conversation was filed with (`fingerprint`, else
14
+ the first 32 chars of the public key) — and hand the guard just that one fact. Now a legitimate reply
15
+ matches its conversation and resumes; an unknown sender is still isolated (fail-safe). The cross-machine
16
+ (internet) path was never affected — it already carries the fingerprint. This is the inbound companion
17
+ to the duplicate-identity fix shipped just before it.
18
+
19
+ ## What to Tell Your User
20
+
21
+ If you run more than one agent on the same machine and noticed that a co-located agent's replies were
22
+ "going through but not arriving" — or that a conversation between two of your agents kept restarting in
23
+ empty threads — this fixes it. Their replies now stay on the same conversation thread. You don't need
24
+ to do anything; it takes effect after the agent updates and restarts. Nothing changes for agents talking
25
+ across different machines.
26
+
27
+ ## Summary of New Capabilities
28
+
29
+ A reliability/correctness fix, not a new feature: same-computer agent-to-agent replies now resolve to
30
+ the right conversation instead of being false-isolated by the anti-hijack guard. The guard stays fully
31
+ active and still isolates any sender it can't resolve.
32
+
33
+ ## Evidence
34
+
35
+ - 13 unit tests for the shared name→fingerprint resolver (incl. the publicKey-only shape that was the
36
+ blocking case, name collisions → no-guess, and malformed/missing-file fail-safe).
37
+ - 3 unit tests driving the REAL anti-hijack guard: the no-hint case reproduces the live incident
38
+ (`sagemind` isolated on thread `199c20fe owned by 1db85f…`); the hint case resumes; a mismatched hint
39
+ still isolates.
40
+ - 2 integration tests chaining the real resolver (against a real on-disk `known-agents.json`) into the
41
+ real guard, on the exact incident data shape.
42
+ - Typecheck clean; 1710 existing threadline tests unaffected; independent second-pass security review:
43
+ CONCUR.
44
+ - Spec (converged iter 2, approved): `docs/specs/threadline-local-delivery-fingerprint-attribution.md`.
@@ -0,0 +1,30 @@
1
+ # Upgrade Guide — vNEXT
2
+
3
+ <!-- assembled-by: assemble-next-md -->
4
+ <!-- bump: patch -->
5
+
6
+ ## What Changed
7
+
8
+ Adds **Phase 7 — Auto-merge on green** to the `instar-dev` skill: once an instar-dev PR's CI is fully
9
+ green, the instar-developing agent merges it via the existing `scripts/safe-merge.mjs` wrapper (which
10
+ waits for every check, refuses on any red, and confirms the e2e job ran and passed) and narrates the
11
+ ship via the Agent Updates channel — it no longer pauses to ask the operator "ready to merge?".
12
+ Auto-merge-on-green now applies to **every tier**, not just Tier-1; the Tier-1 wording is corrected so
13
+ it no longer reads as a Tier-1-only privilege. No runtime code changes — the merge mechanism and CI
14
+ gates it relies on are unchanged. Structure-over-Willpower fix for an operator directive (never pause
15
+ to ask for merge; the gates already guarantee mergeability by the time CI is green).
16
+
17
+ ## What to Tell Your User
18
+
19
+ None — internal change (no user-facing surface).
20
+
21
+ ## Summary of New Capabilities
22
+
23
+ None — internal change (no user-facing surface).
24
+
25
+ ## Evidence
26
+
27
+ - `skills/instar-dev/SKILL.md` — new Phase 7 + corrected Tier-1 line.
28
+ - Mechanism unchanged: `scripts/safe-merge.mjs` already re-imposes all-checks-green (incl. e2e) before
29
+ merging. Tier-1 instar-dev gate passed (ELI16 + side-effects + trace); this PR auto-merges on green
30
+ per the very phase it adds.
@@ -0,0 +1,88 @@
1
+ # Side-Effects Review — instar-dev: auto-merge on green (every tier)
2
+
3
+ **Version / slug:** `instar-dev-automerge-on-green`
4
+ **Date:** `2026-06-09`
5
+ **Author:** `Instar Agent (echo)`
6
+ **Second-pass reviewer:** `not required (Tier 1 — documentation/process change to the dev skill; the merge mechanism it mandates (safe-merge.mjs + CI) is unchanged and already gated)`
7
+
8
+ ## Summary of the change
9
+
10
+ Adds **Phase 7 — Auto-merge on green (every tier)** to `skills/instar-dev/SKILL.md`, and corrects the
11
+ Tier-1 description so auto-merge no longer reads as a Tier-1-only privilege. The new phase mandates that
12
+ once an instar-dev PR's CI is fully green, the agent merges it via the existing
13
+ `scripts/safe-merge.mjs <PR> --squash --admin` wrapper and narrates the ship via `/telegram/post-update`
14
+ — it does NOT pause to ask the operator "ready to merge?". Documentation/process change only; no runtime
15
+ code, no new gate, no new merge mechanism (safe-merge.mjs already exists and re-imposes all-checks-green
16
+ before merging, including an explicit e2e-ran-and-passed check). Driven by the operator directive
17
+ (2026-06-09, topic 23178): "never pause and ask me to merge; we have enough infra in place to ensure
18
+ it's good to merge by the time it gets there. Lets fix this via infrastructure."
19
+
20
+ ## Decision-point inventory
21
+
22
+ - No decision point added/changed. This is a process-doc change to the instar-dev skill. The actual
23
+ merge safety lives in `safe-merge.mjs` (waits for all checks, refuses on any red, confirms e2e) + CI
24
+ branch protection — both unchanged.
25
+
26
+ ## 1. Over-block
27
+
28
+ No block/allow surface — over-block not applicable.
29
+
30
+ ## 2. Under-block
31
+
32
+ No block/allow surface — under-block not applicable. (The only behavior changed is removing a human
33
+ pause AFTER green CI; the green verdict itself — the actual quality gate — is unchanged. `safe-merge.mjs`
34
+ still refuses to merge anything not fully green.)
35
+
36
+ ## 3. Level-of-abstraction fit
37
+
38
+ Correct layer. The fix Justin asked for is behavioral: stop pausing to ask for merge. The instar-dev
39
+ skill is exactly where the dev-agent's process is defined, so adding Phase 7 there is the
40
+ right-altitude structural fix (Structure > Willpower — the behavior is now baked into the governing
41
+ process doc, not left to the agent "remembering" not to pause). The merge mechanism it points at
42
+ (`safe-merge.mjs`) already existed; this just makes invoking it the mandated final step for every tier.
43
+
44
+ ## 4. Signal vs authority compliance
45
+
46
+ - [x] No — this change has no block/allow surface (documentation/process change).
47
+
48
+ ## 5. Interactions
49
+
50
+ - **Shadowing / double-fire:** none. `safe-merge.mjs` is idempotent-safe (it no-ops / refuses if the PR
51
+ isn't green or is already merged).
52
+ - **Races:** none introduced.
53
+ - **Existing Tier-1 auto-merge wording:** the prior line implied auto-merge was a Tier-1 privilege;
54
+ Phase 7 generalizes it and the Tier-1 line is corrected to point at Phase 7, so the two no longer
55
+ conflict.
56
+
57
+ ## 6. External surfaces
58
+
59
+ - **Merge behavior:** the agent now auto-merges green instar-dev PRs instead of asking. This is the
60
+ intended change. It is bounded by CI + `safe-merge.mjs` (refuses on any red, confirms e2e ran+passed),
61
+ so an unsafe PR cannot be auto-merged. Ship narration moves to the Agent Updates channel
62
+ (`/telegram/post-update`) rather than a "ready to merge?" question in the working topic.
63
+ - **Migration Parity:** this updates the **instar-dev DEV skill** — used only by the instar-developing
64
+ agent (Echo / a dev-assigned agent), not an end-user feature skill. Per the known skill-install gap
65
+ (the root `skills/` dir, including `instar-dev`, is not synced by `installBuiltinSkills()` and has no
66
+ PostUpdateMigrator path — a separately-tracked issue), the canonical source change here reaches the
67
+ repo; the installed-copy sync for dev agents rides that pre-existing gap. The authoring agent updates
68
+ its own installed `.claude/skills/instar-dev/SKILL.md` directly so the behavior is live immediately.
69
+ A general fix to dev-skill sync is out of scope (it is the standing skill-install-gap project).
70
+ - **No config / CLAUDE.md template / hook / route change.** No persisted state.
71
+
72
+ ## 7. Rollback cost
73
+
74
+ Pure documentation revert — revert the PR; the skill returns to the Tier-1-only auto-merge wording. No
75
+ data migration, no runtime impact, no agent-state repair.
76
+
77
+ ## Conclusion
78
+
79
+ A focused Structure-over-Willpower fix for the operator's directive: auto-merge-on-green becomes the
80
+ mandated final phase for every instar-dev tier, removing the redundant "ask to merge" pause while
81
+ leaving the actual merge-safety mechanism (`safe-merge.mjs` + CI) untouched. Tier 1 (doc/process change
82
+ to the dev skill); second-pass not required. It will be auto-merged on green per the very phase it adds.
83
+
84
+ ## Second-pass review (if required)
85
+
86
+ **Reviewer:** not required — Tier-1 documentation/process change to the dev skill; no block/allow,
87
+ session-lifecycle, sentinel/guard/gate, or recovery-path code is modified. The merge mechanism
88
+ (`safe-merge.mjs`) and CI gates it relies on are unchanged.