instar 1.3.475 → 1.3.477

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,82 @@
1
+ # Side-Effects Review — Report-Backed Converging Audit (spec #4, Tier 2)
2
+
3
+ **Version / slug:** `converging-audit-default`
4
+ **Date:** `2026-06-10`
5
+ **Author:** `Echo`
6
+ **Spec:** `docs/specs/CONVERGING-AUDIT-DEFAULT.md` (converged 1 round + a focused buildability/back-compat review, approved)
7
+ **Second-pass reviewer:** `not required — a focused convergence review verified the bug + the byte-identical back-compat + pinned the env-var threading; this review covers the seven dimensions on the as-built code`
8
+
9
+ ## Summary of the change
10
+
11
+ Fixes the convergence gate and makes the report-backed converging audit the default
12
+ (dark): **(A)** `StageTransitionValidator` checked `review-convergence === true`
13
+ (boolean) but the real tooling writes a timestamp string — so the formal gate
14
+ **rejected every properly-converged spec**; fixed via a pure `isConvergenceTagPresent`
15
+ predicate that accepts the canonical timestamp (and boolean `true` for back-compat).
16
+ **(B)** A default-off `specReview.requireConvergenceReport` flag that, when on, makes
17
+ the precommit gate also require the convergence **report** file (proof the audit ran)
18
+ — the precommit reads it via an env var (it runs pre-compile and reads no config).
19
+ **(C)** A cross-gate consistency test so the formal validator and the precommit gate
20
+ cannot drift apart. **(D)** Surfaces the `cross-model-review` value in diagnostics
21
+ (observe-only).
22
+
23
+ ## Files touched
24
+
25
+ - `src/core/StageTransitionValidator.ts` — `isConvergenceTagPresent` predicate (Part A). The existing `CONVERGENCE_REPORT_MISSING` check is UNCHANGED + unconditional.
26
+ - `src/config/ConfigDefaults.ts` + `src/core/types.ts` — `specReview.requireConvergenceReport: false` (deep-merge backfill).
27
+ - `scripts/instar-dev-precommit.js` — Step-6 recognition routed through the new pure module; env-gated report check (Part B); cross-model surfacing (Part D).
28
+ - `.husky/pre-commit` — fail-open one-liner exporting the env from config.
29
+ - NEW `scripts/lib/convergence-recognition.mjs` — the pure recognizer both the precommit and the consistency test use.
30
+ - Tests: validator (timestamp acceptance), consistency, `/projects/:id/advance` integration, the real-precommit E2E.
31
+
32
+ ## 1. Over-block
33
+
34
+ Part A makes the formal gate accept MORE (the timestamp it should always have
35
+ accepted) — it can never over-block more than before. Part B's report requirement can
36
+ over-block only when the flag is ON (default off); and the formal gate already
37
+ required the report unconditionally, so Part B merely brings the precommit to parity.
38
+
39
+ ## 2. Under-block
40
+
41
+ Could a spec fake convergence? With the flag on, the report file must exist — a
42
+ hand-added tag alone no longer passes the precommit. With the flag off, behavior is
43
+ unchanged from today (the report requirement is inert). The predicate rejects
44
+ empty/false/missing tags (tested).
45
+
46
+ ## 3. Level-of-abstraction fit
47
+
48
+ The recognition logic is factored into one pure module (`convergence-recognition.mjs`)
49
+ the precommit imports; the validator has its own pure predicate; a consistency test
50
+ binds them. This is the right shape given the compile boundary (the precommit `.js`
51
+ cannot import the TS validator).
52
+
53
+ ## 4. Back-compat safety (the critical dimension — this gate runs on every commit)
54
+
55
+ The flag defaults false and the precommit's new branch is gated on the env var being
56
+ `1`; when unset, the report `fs.existsSync` probe is skipped and the Step-6 checks
57
+ reuse the IDENTICAL regexes as before — byte-identical. The `.husky/pre-commit` config
58
+ read is fail-open (any error → env unset → today's behavior). **An E2E test runs the
59
+ REAL precommit script and proves: env unset → a timestamp-tagged+approved spec with no
60
+ report commits cleanly; env=1 + no report → blocked; env=1 + report → commits.** This
61
+ very PR's own commit goes through the modified precommit with the flag off — a live
62
+ proof the default path works.
63
+
64
+ ## 5. Tier-1 exemption
65
+
66
+ The precommit's `tier1-lite` path exits before Step 6, so the new report check
67
+ correctly does not apply to Tier-1 commits; the consistency test scopes its precommit
68
+ fixtures to the tier-2/3 path.
69
+
70
+ ## 6. Security / load
71
+
72
+ None — build-time gate only. The new checks are local `fs.existsSync`; no network, no
73
+ LLM in-gate. No load impact.
74
+
75
+ ## 7. Migration / compatibility
76
+
77
+ `specReview.requireConvergenceReport` rides `applyDefaults` add-missing deep-merge
78
+ (Migration Parity automatic — no `migrateConfig` block). This is a dev-process gate,
79
+ NOT an agent-facing runtime capability — so no CLAUDE.md template / migrateClaudeMd
80
+ section is required (the feature-completeness test governs only agent-facing
81
+ capabilities; verified it stays green) and no new route. Rollback: the flag
82
+ default-false IS the rollback.
@@ -0,0 +1,48 @@
1
+ # Side-Effects Review — throwaway-identity helper
2
+
3
+ **Version / slug:** `throwaway-identity-helper`
4
+ **Date:** `2026-06-10`
5
+ **Author:** `echo`
6
+ **Tier:** `1` (standalone test-tooling script + lib + hermetic test; no runtime/gate/config wiring)
7
+ **Second-pass reviewer:** `not required`
8
+
9
+ ## Summary of the change
10
+
11
+ Adds `scripts/lib/throwaway-identity.mjs` (importable) + `scripts/throwaway-identity.mjs`
12
+ (CLI) — mints genuinely-distinct, readable throwaway email inboxes via the mail.tm public
13
+ disposable-mailbox API, and polls/extracts codes+links from them. The autonomous half of
14
+ test-identity provisioning for live-integration test harnesses (Slack/Discord/…). + a fully
15
+ hermetic unit test (injected fetch + clock, no network) and an ELI16.
16
+
17
+ ## Decision-point inventory
18
+
19
+ None in runtime — it's standalone tooling, never imported by `src/` or wired into a gate.
20
+ Internal branch points (domain selection, message-match filter, timeout) are pure functions
21
+ covered by the test.
22
+
23
+ ## 1. Over-block
24
+
25
+ Nothing is rejected at runtime. The tool only calls a public disposable-mail API and reads
26
+ inboxes it just created. It is not on any agent code path.
27
+
28
+ ## 2. Under-block
29
+
30
+ It deliberately does NOT cover the anti-bot signup CAPTCHA at workspace/account creation —
31
+ that is a human-verification control and remains a ~30s human handoff (documented in the
32
+ live-run runbook). It is the email half only.
33
+
34
+ ## 3. Level-of-abstraction fit
35
+
36
+ Right layer: a `scripts/` + `scripts/lib/` test utility beside the other dev/test scripts,
37
+ with the HTTP injected so the test is hermetic. Reusable by any integration's live harness,
38
+ not coupled to the permission gate.
39
+
40
+ ## Migration / rollback
41
+
42
+ No migration (standalone tooling). Rollback = delete the two scripts + the test.
43
+
44
+ ## Testing-integrity note
45
+
46
+ 15 hermetic unit tests (pure extractors + the full mint / poll-until-match / timeout flow,
47
+ HTTP + clock injected). A separate live CLI smoke confirmed it mints a real inbox
48
+ (`echo-…@web-library.net` + token). `tsc --noEmit` clean.