instar 1.3.496 → 1.3.497
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json
CHANGED
|
@@ -95,6 +95,7 @@
|
|
|
95
95
|
- External systems (Telegram, Slack, GitHub, Cloudflare, etc.)?
|
|
96
96
|
- Persistent state (databases, ledgers, memory files)?
|
|
97
97
|
- Timing or runtime conditions we don't fully control?
|
|
98
|
+
- **Operator surface (Mobile-Complete Operator Actions):** does every operator-facing action this change adds or touches have a phone-completable surface — a dashboard form or a link the agent can send? A PIN-gated or approval-class route with no human surface is an incomplete feature, not a finished API (the 2026-06-12 floor-grant lesson: the route was correct, signed, audited — and laptop-bound). "No operator-facing actions" is a valid answer; an API-only operator action is not.
|
|
98
99
|
|
|
99
100
|
[Specific findings. "The response format for 422 changes — callers parsing the `issue` field will still see a non-empty string. Verified in telegram-reply.sh." "No external surface changes" is also valid if true.]
|
|
100
101
|
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "./builtin-manifest.schema.json",
|
|
3
3
|
"schemaVersion": 1,
|
|
4
|
-
"generatedAt": "2026-06-12T21:
|
|
5
|
-
"instarVersion": "1.3.
|
|
4
|
+
"generatedAt": "2026-06-12T21:39:24.602Z",
|
|
5
|
+
"instarVersion": "1.3.497",
|
|
6
6
|
"entryCount": 201,
|
|
7
7
|
"entries": {
|
|
8
8
|
"hook:session-start": {
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
# Upgrade Guide — vNEXT
|
|
2
|
+
|
|
3
|
+
<!-- assembled-by: assemble-next-md -->
|
|
4
|
+
<!-- bump: patch -->
|
|
5
|
+
|
|
6
|
+
## What Changed
|
|
7
|
+
|
|
8
|
+
The Standards Registry (`docs/STANDARDS-REGISTRY.md`, Interaction section) gains a new operator-ratified standard: **Mobile-Complete Operator Actions** — every action that needs the operator (approvals, grants, credential submissions, decisions, PIN-gated authority) must be completable from a phone via the dashboard or a sent link; a terminal command, file edit, or laptop-only step in an operator loop is a defect. Earned from the 2026-06-12 floor-grant incident (Slack live-test scenario 8/8: a correct, PIN-gated, signed route that was laptop-bound because it shipped API-only), ratified by operator directive (Justin, topic 22367). The entry records the sharper sub-lesson too: the outbound advisory blocked the raw-CLI message and the agent complied in format only — guards catch format, the constitution states substance.
|
|
9
|
+
|
|
10
|
+
Review-time enforcement ships with it: the side-effects artifact template (`skills/instar-dev/templates/side-effects-artifact.md`, question 6 — External surfaces) now explicitly asks whether every operator-facing action the change adds or touches has a phone-completable surface. The crystallizing incident's conversion (the Mandates-tab grant form, instar#1080/PR #1082) is the standard's first applied-through artifact; the durable generalization (one-time Operator Approval Links) is tracked to go through `/spec-converge`.
|
|
11
|
+
|
|
12
|
+
## What to Tell Your User
|
|
13
|
+
|
|
14
|
+
None — internal change (no user-facing surface).
|
|
15
|
+
|
|
16
|
+
## Summary of New Capabilities
|
|
17
|
+
|
|
18
|
+
None — internal change (no user-facing surface).
|
|
19
|
+
|
|
20
|
+
## Evidence
|
|
21
|
+
|
|
22
|
+
- The registry entry follows the constitution's established format (Rule / In practice / Earned from / Ratified by / Traces to the goal / Applied through) with the operator's ratifying directive quoted.
|
|
23
|
+
- Registry-parsing guards stay green: `tests/unit/standards-enforcement-auditor.test.ts` (incl. the zero-dangling-refs canary — every guard the entry cites exists on disk), `tests/unit/standards-conformance-gate.test.ts`, and the deferral scan (the entry's known-open generalization carries a tracked marker).
|
|
24
|
+
- Side-effects artifact: `upgrades/side-effects/mobile-complete-operator-actions.md`.
|
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
# Side-Effects Review — Constitution: Mobile-Complete Operator Actions
|
|
2
|
+
|
|
3
|
+
**Version / slug:** `mobile-complete-operator-actions`
|
|
4
|
+
**Date:** `2026-06-12`
|
|
5
|
+
**Author:** `Instar Agent (echo)`
|
|
6
|
+
**Second-pass reviewer:** `not required (documentation + review-template change; no runtime surface, no decision points)`
|
|
7
|
+
|
|
8
|
+
## Summary of the change
|
|
9
|
+
|
|
10
|
+
Adds the operator-ratified **Mobile-Complete Operator Actions** standard to `docs/STANDARDS-REGISTRY.md` (Interaction section) and its review-time enforcement hook: an operator-surface bullet in the side-effects template's question 6 (`skills/instar-dev/templates/side-effects-artifact.md`). Earned from the 2026-06-12 floor-grant incident; ratified by operator directive (Justin, topic 22367). No runtime code changes.
|
|
11
|
+
|
|
12
|
+
## Decision-point inventory
|
|
13
|
+
|
|
14
|
+
No decision points touched. The registry is read by the spec-review conformance gate and the standards-enforcement auditor — both observe/classify; neither gains new blocking logic from this entry. The template change adds a QUESTION future authors must answer in writing; the pre-commit hook's artifact checks are unchanged (it verifies artifact existence/coverage, not per-question structure).
|
|
15
|
+
|
|
16
|
+
---
|
|
17
|
+
|
|
18
|
+
## 1. Over-block
|
|
19
|
+
|
|
20
|
+
**What legitimate inputs does this change reject that it shouldn't?**
|
|
21
|
+
|
|
22
|
+
Nothing is blocked by this change. The new template question could be answered "No operator-facing actions" by any change without one — no legitimate change gains friction beyond one written sentence. No issue identified.
|
|
23
|
+
|
|
24
|
+
## 2. Under-block
|
|
25
|
+
|
|
26
|
+
**What failure modes does this still miss?**
|
|
27
|
+
|
|
28
|
+
The standard's enforcement is review-time prose (the template question) — an author can answer it wrongly and ship an API-only operator action anyway; the conformance audit will classify this standard as `spec-only` strength until a structural ratchet exists (the named candidate: a UI-surface map for PIN-class routes). That gap is the Standards Enforcement Coverage system working as designed — it surfaces which standards are wishes — and the registry entry names the intended ratchet honestly rather than claiming structural enforcement it doesn't have.
|
|
29
|
+
|
|
30
|
+
## 3. Level-of-abstraction fit
|
|
31
|
+
|
|
32
|
+
**Is this at the right layer?**
|
|
33
|
+
|
|
34
|
+
Yes. The 2026-06-12 incident proved a gate alone is the wrong layer: the outbound advisory fired and the substance still shipped laptop-bound. A constitutional entry is the layer that states substance; gates and ratchets grow toward it (and the spec-review conformance gate starts checking drafts against it immediately, since it reads the registry).
|
|
35
|
+
|
|
36
|
+
## 4. Signal vs authority compliance
|
|
37
|
+
|
|
38
|
+
**Does this hold blocking authority with brittle logic?**
|
|
39
|
+
|
|
40
|
+
No blocking authority is added anywhere. Reference reviewed: `docs/signal-vs-authority.md`. No issue identified.
|
|
41
|
+
|
|
42
|
+
## 5. Interactions
|
|
43
|
+
|
|
44
|
+
**Does it shadow another check, get shadowed, double-fire, race with adjacent cleanup?**
|
|
45
|
+
|
|
46
|
+
- Registry parsers verified green against the new entry: `standards-enforcement-auditor` (including the zero-dangling-refs canary — every guard the entry cites must exist on disk, which is why this PR lands AFTER the grant-form PR that contains `GET /permissions/users`), `standards-conformance-gate`, and the pre-commit deferral scan (the entry's known-open generalization carries a `tracked:` marker).
|
|
47
|
+
- The entry sits beside "No Manual Work (user *or* agent)" as a sibling, not a duplicate: that standard says interactions must be automatic/channel-borne; this one pins the DEVICE bar for the human half of those interactions.
|
|
48
|
+
|
|
49
|
+
## 6. External surfaces
|
|
50
|
+
|
|
51
|
+
**Does this change anything visible outside the immediate code path?**
|
|
52
|
+
|
|
53
|
+
- The registry is read by the spec-review conformance gate, the runtime Usher, and the standards-enforcement auditor — all gain one more standard to surface/classify. That is the intended effect.
|
|
54
|
+
- The template change reaches future instar authors only (the template is copied at artifact-writing time; existing artifacts are untouched).
|
|
55
|
+
- **Operator surface (the new question, answered for this change itself):** this change adds no operator-facing actions. The standard it documents was applied to the incident's own surface in PR #1082.
|
|
56
|
+
|
|
57
|
+
## 7. Rollback cost
|
|
58
|
+
|
|
59
|
+
**If this turns out wrong in production, what's the back-out?**
|
|
60
|
+
|
|
61
|
+
Revert the docs commit. No state, no migrations, no runtime behavior. The conformance gate simply stops checking drafts against the entry. Trivial rollback.
|
|
62
|
+
|
|
63
|
+
---
|
|
64
|
+
|
|
65
|
+
## Second-pass review
|
|
66
|
+
|
|
67
|
+
Not required — documentation + review-template change with no runtime surface or decision points (per the skill's Phase 5 trigger list). The artifact's "documentation-level impact" conclusion is the valid outcome the skill explicitly names for this class of change.
|