instar 1.3.475 → 1.3.477
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/config/ConfigDefaults.d.ts.map +1 -1
- package/dist/config/ConfigDefaults.js +13 -0
- package/dist/config/ConfigDefaults.js.map +1 -1
- package/dist/core/StageTransitionValidator.d.ts +15 -0
- package/dist/core/StageTransitionValidator.d.ts.map +1 -1
- package/dist/core/StageTransitionValidator.js +23 -2
- package/dist/core/StageTransitionValidator.js.map +1 -1
- package/dist/core/types.d.ts +10 -0
- package/dist/core/types.d.ts.map +1 -1
- package/dist/core/types.js.map +1 -1
- package/package.json +1 -1
- package/scripts/instar-dev-precommit.js +69 -5
- package/scripts/lib/convergence-recognition.mjs +126 -0
- package/scripts/lib/throwaway-identity.mjs +150 -0
- package/scripts/throwaway-identity.mjs +77 -0
- package/src/data/builtin-manifest.json +2 -2
- package/upgrades/1.3.476.md +33 -0
- package/upgrades/1.3.477.md +63 -0
- package/upgrades/side-effects/converging-audit-default.md +82 -0
- package/upgrades/side-effects/throwaway-identity-helper.md +48 -0
|
@@ -0,0 +1,82 @@
|
|
|
1
|
+
# Side-Effects Review — Report-Backed Converging Audit (spec #4, Tier 2)
|
|
2
|
+
|
|
3
|
+
**Version / slug:** `converging-audit-default`
|
|
4
|
+
**Date:** `2026-06-10`
|
|
5
|
+
**Author:** `Echo`
|
|
6
|
+
**Spec:** `docs/specs/CONVERGING-AUDIT-DEFAULT.md` (converged 1 round + a focused buildability/back-compat review, approved)
|
|
7
|
+
**Second-pass reviewer:** `not required — a focused convergence review verified the bug + the byte-identical back-compat + pinned the env-var threading; this review covers the seven dimensions on the as-built code`
|
|
8
|
+
|
|
9
|
+
## Summary of the change
|
|
10
|
+
|
|
11
|
+
Fixes the convergence gate and makes the report-backed converging audit the default
|
|
12
|
+
(dark): **(A)** `StageTransitionValidator` checked `review-convergence === true`
|
|
13
|
+
(boolean) but the real tooling writes a timestamp string — so the formal gate
|
|
14
|
+
**rejected every properly-converged spec**; fixed via a pure `isConvergenceTagPresent`
|
|
15
|
+
predicate that accepts the canonical timestamp (and boolean `true` for back-compat).
|
|
16
|
+
**(B)** A default-off `specReview.requireConvergenceReport` flag that, when on, makes
|
|
17
|
+
the precommit gate also require the convergence **report** file (proof the audit ran)
|
|
18
|
+
— the precommit reads it via an env var (it runs pre-compile and reads no config).
|
|
19
|
+
**(C)** A cross-gate consistency test so the formal validator and the precommit gate
|
|
20
|
+
cannot drift apart. **(D)** Surfaces the `cross-model-review` value in diagnostics
|
|
21
|
+
(observe-only).
|
|
22
|
+
|
|
23
|
+
## Files touched
|
|
24
|
+
|
|
25
|
+
- `src/core/StageTransitionValidator.ts` — `isConvergenceTagPresent` predicate (Part A). The existing `CONVERGENCE_REPORT_MISSING` check is UNCHANGED + unconditional.
|
|
26
|
+
- `src/config/ConfigDefaults.ts` + `src/core/types.ts` — `specReview.requireConvergenceReport: false` (deep-merge backfill).
|
|
27
|
+
- `scripts/instar-dev-precommit.js` — Step-6 recognition routed through the new pure module; env-gated report check (Part B); cross-model surfacing (Part D).
|
|
28
|
+
- `.husky/pre-commit` — fail-open one-liner exporting the env from config.
|
|
29
|
+
- NEW `scripts/lib/convergence-recognition.mjs` — the pure recognizer both the precommit and the consistency test use.
|
|
30
|
+
- Tests: validator (timestamp acceptance), consistency, `/projects/:id/advance` integration, the real-precommit E2E.
|
|
31
|
+
|
|
32
|
+
## 1. Over-block
|
|
33
|
+
|
|
34
|
+
Part A makes the formal gate accept MORE (the timestamp it should always have
|
|
35
|
+
accepted) — it can never over-block more than before. Part B's report requirement can
|
|
36
|
+
over-block only when the flag is ON (default off); and the formal gate already
|
|
37
|
+
required the report unconditionally, so Part B merely brings the precommit to parity.
|
|
38
|
+
|
|
39
|
+
## 2. Under-block
|
|
40
|
+
|
|
41
|
+
Could a spec fake convergence? With the flag on, the report file must exist — a
|
|
42
|
+
hand-added tag alone no longer passes the precommit. With the flag off, behavior is
|
|
43
|
+
unchanged from today (the report requirement is inert). The predicate rejects
|
|
44
|
+
empty/false/missing tags (tested).
|
|
45
|
+
|
|
46
|
+
## 3. Level-of-abstraction fit
|
|
47
|
+
|
|
48
|
+
The recognition logic is factored into one pure module (`convergence-recognition.mjs`)
|
|
49
|
+
the precommit imports; the validator has its own pure predicate; a consistency test
|
|
50
|
+
binds them. This is the right shape given the compile boundary (the precommit `.js`
|
|
51
|
+
cannot import the TS validator).
|
|
52
|
+
|
|
53
|
+
## 4. Back-compat safety (the critical dimension — this gate runs on every commit)
|
|
54
|
+
|
|
55
|
+
The flag defaults false and the precommit's new branch is gated on the env var being
|
|
56
|
+
`1`; when unset, the report `fs.existsSync` probe is skipped and the Step-6 checks
|
|
57
|
+
reuse the IDENTICAL regexes as before — byte-identical. The `.husky/pre-commit` config
|
|
58
|
+
read is fail-open (any error → env unset → today's behavior). **An E2E test runs the
|
|
59
|
+
REAL precommit script and proves: env unset → a timestamp-tagged+approved spec with no
|
|
60
|
+
report commits cleanly; env=1 + no report → blocked; env=1 + report → commits.** This
|
|
61
|
+
very PR's own commit goes through the modified precommit with the flag off — a live
|
|
62
|
+
proof the default path works.
|
|
63
|
+
|
|
64
|
+
## 5. Tier-1 exemption
|
|
65
|
+
|
|
66
|
+
The precommit's `tier1-lite` path exits before Step 6, so the new report check
|
|
67
|
+
correctly does not apply to Tier-1 commits; the consistency test scopes its precommit
|
|
68
|
+
fixtures to the tier-2/3 path.
|
|
69
|
+
|
|
70
|
+
## 6. Security / load
|
|
71
|
+
|
|
72
|
+
None — build-time gate only. The new checks are local `fs.existsSync`; no network, no
|
|
73
|
+
LLM in-gate. No load impact.
|
|
74
|
+
|
|
75
|
+
## 7. Migration / compatibility
|
|
76
|
+
|
|
77
|
+
`specReview.requireConvergenceReport` rides `applyDefaults` add-missing deep-merge
|
|
78
|
+
(Migration Parity automatic — no `migrateConfig` block). This is a dev-process gate,
|
|
79
|
+
NOT an agent-facing runtime capability — so no CLAUDE.md template / migrateClaudeMd
|
|
80
|
+
section is required (the feature-completeness test governs only agent-facing
|
|
81
|
+
capabilities; verified it stays green) and no new route. Rollback: the flag
|
|
82
|
+
default-false IS the rollback.
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
# Side-Effects Review — throwaway-identity helper
|
|
2
|
+
|
|
3
|
+
**Version / slug:** `throwaway-identity-helper`
|
|
4
|
+
**Date:** `2026-06-10`
|
|
5
|
+
**Author:** `echo`
|
|
6
|
+
**Tier:** `1` (standalone test-tooling script + lib + hermetic test; no runtime/gate/config wiring)
|
|
7
|
+
**Second-pass reviewer:** `not required`
|
|
8
|
+
|
|
9
|
+
## Summary of the change
|
|
10
|
+
|
|
11
|
+
Adds `scripts/lib/throwaway-identity.mjs` (importable) + `scripts/throwaway-identity.mjs`
|
|
12
|
+
(CLI) — mints genuinely-distinct, readable throwaway email inboxes via the mail.tm public
|
|
13
|
+
disposable-mailbox API, and polls/extracts codes+links from them. The autonomous half of
|
|
14
|
+
test-identity provisioning for live-integration test harnesses (Slack/Discord/…). + a fully
|
|
15
|
+
hermetic unit test (injected fetch + clock, no network) and an ELI16.
|
|
16
|
+
|
|
17
|
+
## Decision-point inventory
|
|
18
|
+
|
|
19
|
+
None in runtime — it's standalone tooling, never imported by `src/` or wired into a gate.
|
|
20
|
+
Internal branch points (domain selection, message-match filter, timeout) are pure functions
|
|
21
|
+
covered by the test.
|
|
22
|
+
|
|
23
|
+
## 1. Over-block
|
|
24
|
+
|
|
25
|
+
Nothing is rejected at runtime. The tool only calls a public disposable-mail API and reads
|
|
26
|
+
inboxes it just created. It is not on any agent code path.
|
|
27
|
+
|
|
28
|
+
## 2. Under-block
|
|
29
|
+
|
|
30
|
+
It deliberately does NOT cover the anti-bot signup CAPTCHA at workspace/account creation —
|
|
31
|
+
that is a human-verification control and remains a ~30s human handoff (documented in the
|
|
32
|
+
live-run runbook). It is the email half only.
|
|
33
|
+
|
|
34
|
+
## 3. Level-of-abstraction fit
|
|
35
|
+
|
|
36
|
+
Right layer: a `scripts/` + `scripts/lib/` test utility beside the other dev/test scripts,
|
|
37
|
+
with the HTTP injected so the test is hermetic. Reusable by any integration's live harness,
|
|
38
|
+
not coupled to the permission gate.
|
|
39
|
+
|
|
40
|
+
## Migration / rollback
|
|
41
|
+
|
|
42
|
+
No migration (standalone tooling). Rollback = delete the two scripts + the test.
|
|
43
|
+
|
|
44
|
+
## Testing-integrity note
|
|
45
|
+
|
|
46
|
+
15 hermetic unit tests (pure extractors + the full mint / poll-until-match / timeout flow,
|
|
47
|
+
HTTP + clock injected). A separate live CLI smoke confirmed it mints a real inbox
|
|
48
|
+
(`echo-…@web-library.net` + token). `tsc --noEmit` clean.
|