instar 1.3.537 → 1.3.539
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/server.d.ts.map +1 -1
- package/dist/commands/server.js +133 -2
- package/dist/commands/server.js.map +1 -1
- package/dist/core/CredentialAuditEmit.d.ts +82 -0
- package/dist/core/CredentialAuditEmit.d.ts.map +1 -0
- package/dist/core/CredentialAuditEmit.js +132 -0
- package/dist/core/CredentialAuditEmit.js.map +1 -0
- package/dist/core/CredentialLocationGate.d.ts +99 -0
- package/dist/core/CredentialLocationGate.d.ts.map +1 -0
- package/dist/core/CredentialLocationGate.js +127 -0
- package/dist/core/CredentialLocationGate.js.map +1 -0
- package/dist/core/CredentialManualLevers.d.ts +57 -0
- package/dist/core/CredentialManualLevers.d.ts.map +1 -0
- package/dist/core/CredentialManualLevers.js +0 -0
- package/dist/core/CredentialManualLevers.js.map +1 -0
- package/dist/core/CredentialRestoreEnrollment.d.ts +76 -0
- package/dist/core/CredentialRestoreEnrollment.d.ts.map +1 -0
- package/dist/core/CredentialRestoreEnrollment.js +76 -0
- package/dist/core/CredentialRestoreEnrollment.js.map +1 -0
- package/dist/core/CredentialSwapExecutor.d.ts +10 -0
- package/dist/core/CredentialSwapExecutor.d.ts.map +1 -1
- package/dist/core/CredentialSwapExecutor.js +19 -0
- package/dist/core/CredentialSwapExecutor.js.map +1 -1
- package/dist/core/InUseAccountResolver.d.ts +28 -1
- package/dist/core/InUseAccountResolver.d.ts.map +1 -1
- package/dist/core/InUseAccountResolver.js +34 -1
- package/dist/core/InUseAccountResolver.js.map +1 -1
- package/dist/core/QuotaPoller.d.ts +22 -0
- package/dist/core/QuotaPoller.d.ts.map +1 -1
- package/dist/core/QuotaPoller.js +42 -8
- package/dist/core/QuotaPoller.js.map +1 -1
- package/dist/core/SessionManager.d.ts +19 -0
- package/dist/core/SessionManager.d.ts.map +1 -1
- package/dist/core/SessionManager.js +37 -5
- package/dist/core/SessionManager.js.map +1 -1
- package/dist/core/types.d.ts +7 -0
- package/dist/core/types.d.ts.map +1 -1
- package/dist/core/types.js.map +1 -1
- package/dist/monitoring/AccountSwitcher.d.ts.map +1 -1
- package/dist/monitoring/AccountSwitcher.js +12 -1
- package/dist/monitoring/AccountSwitcher.js.map +1 -1
- package/dist/monitoring/CredentialProvider.d.ts +32 -1
- package/dist/monitoring/CredentialProvider.d.ts.map +1 -1
- package/dist/monitoring/CredentialProvider.js +32 -2
- package/dist/monitoring/CredentialProvider.js.map +1 -1
- package/dist/server/AgentServer.d.ts +1 -0
- package/dist/server/AgentServer.d.ts.map +1 -1
- package/dist/server/AgentServer.js +1 -0
- package/dist/server/AgentServer.js.map +1 -1
- package/dist/server/CapabilityIndex.d.ts.map +1 -1
- package/dist/server/CapabilityIndex.js +16 -0
- package/dist/server/CapabilityIndex.js.map +1 -1
- package/dist/server/routes.d.ts +20 -0
- package/dist/server/routes.d.ts.map +1 -1
- package/dist/server/routes.js +228 -0
- package/dist/server/routes.js.map +1 -1
- package/package.json +1 -1
- package/src/data/builtin-manifest.json +48 -48
- package/upgrades/1.3.538.md +51 -0
- package/upgrades/1.3.539.md +29 -0
- package/upgrades/side-effects/ws52-step6-census-rerouting.md +143 -0
- package/upgrades/side-effects/ws52-step7-routes-audit.md +39 -0
- package/upgrades/1.3.537.md +0 -27
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/commands/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAgCH,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAS3D,OAAO,EAAE,eAAe,EAAiC,MAAM,iCAAiC,CAAC;AAuBjG,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAGvD,OAAO,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAiH7D,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAsBtD;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,yBAAyB,CACvC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,gBAAgB,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAC1C,OAAO,CAUT;AAyID,UAAU,YAAY;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;2DACuD;IACvD,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAm3CD,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,eAAe,EACzB,cAAc,EAAE,cAAc,EAC9B,YAAY,CAAC,EAAE,YAAY,EAC3B,WAAW,CAAC,EAAE,WAAW,EACzB,WAAW,CAAC,EAAE,WAAW,EACzB,iBAAiB,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,EAGvE,UAAU,CAAC,EAAE,MAAM,OAAO,8BAA8B,EAAE,WAAW,GAAG,IAAI,EAK5E,qBAAqB,CAAC,EAAE,MAAM,OAAO,gCAAgC,EAAE,kBAAkB,GAAG,IAAI,EAKhG,mBAAmB,CAAC,EAAE,MAAM,MAAM,GAAG,IAAI,GAAG,SAAS,GACpD,IAAI,CA8eN;AA2lBD,wBAAsB,WAAW,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/commands/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAgCH,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAS3D,OAAO,EAAE,eAAe,EAAiC,MAAM,iCAAiC,CAAC;AAuBjG,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAGvD,OAAO,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAiH7D,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAsBtD;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,yBAAyB,CACvC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,gBAAgB,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAC1C,OAAO,CAUT;AAyID,UAAU,YAAY;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;2DACuD;IACvD,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAm3CD,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,eAAe,EACzB,cAAc,EAAE,cAAc,EAC9B,YAAY,CAAC,EAAE,YAAY,EAC3B,WAAW,CAAC,EAAE,WAAW,EACzB,WAAW,CAAC,EAAE,WAAW,EACzB,iBAAiB,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,EAGvE,UAAU,CAAC,EAAE,MAAM,OAAO,8BAA8B,EAAE,WAAW,GAAG,IAAI,EAK5E,qBAAqB,CAAC,EAAE,MAAM,OAAO,gCAAgC,EAAE,kBAAkB,GAAG,IAAI,EAKhG,mBAAmB,CAAC,EAAE,MAAM,MAAM,GAAG,IAAI,GAAG,SAAS,GACpD,IAAI,CA8eN;AA2lBD,wBAAsB,WAAW,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CA6/atE;AAED,wBAAsB,UAAU,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAsDzE;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,aAAa,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAuD5E"}
|
package/dist/commands/server.js
CHANGED
|
@@ -8515,6 +8515,133 @@ export async function startServer(options) {
|
|
|
8515
8515
|
if (subscriptionPool.size() > 0) {
|
|
8516
8516
|
console.log(pc.green(` Subscription pool: ${subscriptionPool.size()} account(s) registered`));
|
|
8517
8517
|
}
|
|
8518
|
+
// ── Live credential re-pointing — census consumer re-routing (WS5.2 Step 6) ──
|
|
8519
|
+
// The CredentialLocationLedger is the machine-local source of truth for "which account is in
|
|
8520
|
+
// which config-home slot" once re-pointing is enabled. The CredentialLocationGate re-routes
|
|
8521
|
+
// the §2.2 census consumers (quota poll, spawn placement, in-use badge) through it. Ships DARK:
|
|
8522
|
+
// the gate reads `subscriptionPool.credentialRepointing.enabled` LIVE per call — with the flag
|
|
8523
|
+
// off (always, while dark) every gate read returns the enrollment-home fallback, so every
|
|
8524
|
+
// consumer is byte-for-byte today's behavior. A never-seeded ledger is the same fallback (back-
|
|
8525
|
+
// compat); only UNKNOWN mode (corrupt on-disk) raises a HIGH attention item, never throws.
|
|
8526
|
+
const { CredentialLocationLedger } = await import('../core/CredentialLocationLedger.js');
|
|
8527
|
+
const { CredentialIdentityOracle } = await import('../core/CredentialIdentityOracle.js');
|
|
8528
|
+
const { CredentialLocationGate } = await import('../core/CredentialLocationGate.js');
|
|
8529
|
+
const credentialGateEmitAttention = telegram
|
|
8530
|
+
? (item) => void telegram.createAttentionItem({
|
|
8531
|
+
id: item.id,
|
|
8532
|
+
title: item.title,
|
|
8533
|
+
summary: item.summary,
|
|
8534
|
+
description: item.description,
|
|
8535
|
+
category: item.category,
|
|
8536
|
+
priority: item.priority,
|
|
8537
|
+
sourceContext: item.sourceContext,
|
|
8538
|
+
})
|
|
8539
|
+
: undefined;
|
|
8540
|
+
const credentialLocationLedger = new CredentialLocationLedger({
|
|
8541
|
+
stateDir: config.stateDir,
|
|
8542
|
+
pool: subscriptionPool,
|
|
8543
|
+
oracle: new CredentialIdentityOracle(),
|
|
8544
|
+
emitAttention: credentialGateEmitAttention,
|
|
8545
|
+
});
|
|
8546
|
+
const credentialLocationGate = new CredentialLocationGate({
|
|
8547
|
+
// Live flag read — a restartless config flip is honored on the next read.
|
|
8548
|
+
isEnabled: () => config.subscriptionPool?.credentialRepointing?.enabled === true,
|
|
8549
|
+
ledger: credentialLocationLedger,
|
|
8550
|
+
emitAttention: credentialGateEmitAttention,
|
|
8551
|
+
});
|
|
8552
|
+
// Census #9: the manager-level competing-writer refusal gate. Installed process-wide so
|
|
8553
|
+
// AccountSwitcher / `/switch-account` / autoMigrate refuse a write to a repointing-owned slot
|
|
8554
|
+
// at the funnel chokepoint, not just on a route. Refuses ONLY when re-pointing is enabled AND
|
|
8555
|
+
// the ledger holds a tenant for the (canonicalized) slot.
|
|
8556
|
+
const { setCredentialWriteRefusalGate } = await import('../monitoring/CredentialProvider.js');
|
|
8557
|
+
const { credentialSlotKey: canonicalizeSlot } = await import('../core/OAuthRefresher.js');
|
|
8558
|
+
setCredentialWriteRefusalGate({
|
|
8559
|
+
shouldRefuse: (canonicalSlot) => {
|
|
8560
|
+
if (config.subscriptionPool?.credentialRepointing?.enabled !== true)
|
|
8561
|
+
return false;
|
|
8562
|
+
// The funnel passes a canonicalized slot key, but the ledger stores raw enrollment-home
|
|
8563
|
+
// spellings (`~/.claude`, an enrollment path). Compare canonical-to-canonical so a
|
|
8564
|
+
// repointing-owned slot is recognized regardless of spelling.
|
|
8565
|
+
return credentialLocationLedger
|
|
8566
|
+
.getAssignments()
|
|
8567
|
+
.some((a) => !!a.accountId && canonicalizeSlot(a.slot) === canonicalSlot);
|
|
8568
|
+
},
|
|
8569
|
+
});
|
|
8570
|
+
// Census #5/#6: spawn placement resolves a pinned account's home through the gate (no-op dark).
|
|
8571
|
+
sessionManager.setCredentialLocationGate(credentialLocationGate);
|
|
8572
|
+
// ── WS5.2 Step 7 — manual levers + audit-scrub chokepoint ──
|
|
8573
|
+
// The CredentialAuditEmit is the SINGLE secret-scrub chokepoint: every credential-swaps.jsonl
|
|
8574
|
+
// write, every /credentials/* response body, and every attention-item routes through its
|
|
8575
|
+
// scrub() (reuses redactToken). The CredentialSwapExecutor is CONSTRUCTED + run live HERE (the
|
|
8576
|
+
// Step-5 residual closes). Both ship DARK — the executor's own `config.enabled`/`dryRun` gate
|
|
8577
|
+
// (read from `subscriptionPool.credentialRepointing`) makes it a strict no-op while dark, and
|
|
8578
|
+
// the routes 503/no-op on the same flag, so this is byte-for-byte today's behavior.
|
|
8579
|
+
const { CredentialAuditEmit } = await import('../core/CredentialAuditEmit.js');
|
|
8580
|
+
const { CredentialSwapExecutor } = await import('../core/CredentialSwapExecutor.js');
|
|
8581
|
+
const { CredentialManualLevers } = await import('../core/CredentialManualLevers.js');
|
|
8582
|
+
const { credentialWriteFunnel } = await import('../core/CredentialWriteFunnel.js');
|
|
8583
|
+
const { defaultKeychainExec } = await import('../core/CredentialSwapExecutor.js');
|
|
8584
|
+
const { claudeCredentialService: credSwapService } = await import('../core/OAuthRefresher.js');
|
|
8585
|
+
const credSwapsLogPath = path.join(config.stateDir, 'logs', 'credential-swaps.jsonl');
|
|
8586
|
+
const credentialAuditEmit = new CredentialAuditEmit({
|
|
8587
|
+
writeLine: (line) => { try {
|
|
8588
|
+
fs.appendFileSync(credSwapsLogPath, line);
|
|
8589
|
+
}
|
|
8590
|
+
catch { /* @silent-fallback-ok: audit jsonl is observability; the swap is the load-bearing action and is unaffected. The line was scrubbed before this write, so a failure leaks nothing. */ } },
|
|
8591
|
+
emitAttention: credentialGateEmitAttention,
|
|
8592
|
+
});
|
|
8593
|
+
// Compose the host identity resolver: REAL oracle (slot blob → email) → pool (email → accountId).
|
|
8594
|
+
const { CredentialIdentityOracle: CredSwapOracle } = await import('../core/CredentialIdentityOracle.js');
|
|
8595
|
+
const credSwapOracle = new CredSwapOracle();
|
|
8596
|
+
const credResolveIdentity = async (slot) => {
|
|
8597
|
+
const r = await credSwapOracle.resolveSlotTenant(slot);
|
|
8598
|
+
if (r.unavailable || !r.email)
|
|
8599
|
+
return { unavailable: true, reason: r.reason ?? 'oracle unavailable' };
|
|
8600
|
+
const matches = subscriptionPool.list().filter((a) => a.email && a.email === r.email);
|
|
8601
|
+
if (matches.length !== 1)
|
|
8602
|
+
return { unavailable: true, reason: `ambiguous/unknown email (${matches.length} pool matches)` };
|
|
8603
|
+
return { accountId: matches[0].id };
|
|
8604
|
+
};
|
|
8605
|
+
const credentialSwapExecutor = new CredentialSwapExecutor({
|
|
8606
|
+
funnel: credentialWriteFunnel,
|
|
8607
|
+
ledger: credentialLocationLedger,
|
|
8608
|
+
resolveIdentity: credResolveIdentity,
|
|
8609
|
+
// The executor reads the SAME dark gate the routes do — strict no-op while disabled.
|
|
8610
|
+
config: {
|
|
8611
|
+
enabled: config.subscriptionPool?.credentialRepointing?.enabled === true,
|
|
8612
|
+
dryRun: config.subscriptionPool?.credentialRepointing?.dryRun !== false,
|
|
8613
|
+
},
|
|
8614
|
+
emitAudit: (rec) => credentialAuditEmit.audit({ event: 'swap-step', ...rec }),
|
|
8615
|
+
emitAttention: (item) => void credentialAuditEmit.attention(item),
|
|
8616
|
+
onSlotsChanged: (slots) => { try {
|
|
8617
|
+
inUseAccountResolver.bustCache?.();
|
|
8618
|
+
}
|
|
8619
|
+
catch { /* @silent-fallback-ok: cache-bust is an observability nicety (a stale badge self-corrects at TTL); a throwing consumer must never break the committed swap */ } void slots; },
|
|
8620
|
+
});
|
|
8621
|
+
const credentialManualLevers = new CredentialManualLevers({
|
|
8622
|
+
maxForcedPerWindow: config.subscriptionPool?.credentialRepointing?.maxForcedManualSwapsPerWindow,
|
|
8623
|
+
forcedWindowMs: config.subscriptionPool?.credentialRepointing?.forcedManualSwapWindowMs,
|
|
8624
|
+
});
|
|
8625
|
+
const credentialRepointing = {
|
|
8626
|
+
ledger: credentialLocationLedger,
|
|
8627
|
+
swapExecutor: credentialSwapExecutor,
|
|
8628
|
+
resolveIdentity: credResolveIdentity,
|
|
8629
|
+
audit: credentialAuditEmit,
|
|
8630
|
+
levers: credentialManualLevers,
|
|
8631
|
+
readBlob: async (slot) => {
|
|
8632
|
+
const raw = await defaultKeychainExec.readService(credSwapService(slot));
|
|
8633
|
+
if (!raw)
|
|
8634
|
+
return null;
|
|
8635
|
+
try {
|
|
8636
|
+
const parsed = JSON.parse(raw);
|
|
8637
|
+
const oauth = (parsed?.claudeAiOauth ?? null);
|
|
8638
|
+
return { raw, oauth };
|
|
8639
|
+
}
|
|
8640
|
+
catch {
|
|
8641
|
+
return { raw, oauth: null }; // @silent-fallback-ok: unparseable blob → coherence classifier parks it one-directionally (never exchanged); the raw is returned only so the classifier sees "has-raw-but-no-oauth"
|
|
8642
|
+
}
|
|
8643
|
+
},
|
|
8644
|
+
};
|
|
8518
8645
|
// QuotaPoller — per-account live quota reader (P1.2 of the Subscription &
|
|
8519
8646
|
// Auth Standard). Reads each account's 5h/weekly utilization + reset dates
|
|
8520
8647
|
// via the OAuth usage endpoint (transient per-account token, never persisted)
|
|
@@ -8526,6 +8653,8 @@ export async function startServer(options) {
|
|
|
8526
8653
|
const quotaPoller = new QuotaPoller({
|
|
8527
8654
|
pool: subscriptionPool,
|
|
8528
8655
|
logger: { log: (m) => console.log(m), warn: (m) => console.warn(m) },
|
|
8656
|
+
// Census #1–#4: resolve each account's LIVE slot through the ledger (no-op while dark).
|
|
8657
|
+
locationGate: credentialLocationGate,
|
|
8529
8658
|
});
|
|
8530
8659
|
if (subscriptionPool.size() > 0) {
|
|
8531
8660
|
quotaPoller.start();
|
|
@@ -8535,7 +8664,9 @@ export async function startServer(options) {
|
|
|
8535
8664
|
// right now" for the dashboard "in use" badge (read-only; cached probe of
|
|
8536
8665
|
// `claude auth status`). One shared instance so the TTL cache is honored.
|
|
8537
8666
|
const { InUseAccountResolver } = await import('../core/InUseAccountResolver.js');
|
|
8538
|
-
|
|
8667
|
+
// Census #8 (the E4a liar): when re-pointing is enabled and the ledger knows the `~/.claude`
|
|
8668
|
+
// tenant, the badge resolves from the ledger — NOT a stale `claude auth status` re-probe.
|
|
8669
|
+
const inUseAccountResolver = new InUseAccountResolver({ locationGate: credentialLocationGate });
|
|
8539
8670
|
// EnrollmentWizard — mobile-first new-account login (P2.1 of the Subscription
|
|
8540
8671
|
// & Auth Standard). Dark with the pool: the /subscription-pool/enroll routes
|
|
8541
8672
|
// do nothing until an operator starts an enrollment. The login driver reuses
|
|
@@ -15117,7 +15248,7 @@ export async function startServer(options) {
|
|
|
15117
15248
|
carrier: _topicProfileCarrier,
|
|
15118
15249
|
}
|
|
15119
15250
|
: null;
|
|
15120
|
-
const server = new AgentServer({ config, sessionManager, state, scheduler, telegram, relationships, feedback, feedbackAnomalyDetector, dispatches, updateChecker, autoUpdater, autoDispatcher, quotaTracker, quotaManager, publisher, viewer, tunnel, evolution, watchdog, topicMemory, triageNurse, projectMapper, cartographer: cartographer ?? undefined, coherenceGate: scopeVerifier, contextHierarchy, canonicalState, operationGate, sentinel, adaptiveTrust, memoryMonitor, orphanReaper, coherenceMonitor, commitmentTracker, subscriptionPool, quotaPoller, quotaAwareScheduler: _quotaAwareScheduler ?? undefined, proactiveSwapMonitor: _proactiveSwapMonitor ?? undefined, inUseAccountResolver, enrollmentWizard, semanticMemory, activitySentinel, rateLimitSentinel, releaseReadinessSentinel: releaseReadinessSentinel ?? undefined, greenPrAutoMerger: greenPrAutoMerger ?? undefined, guardLatchStore: guardLatchStore ?? undefined, messageRouter, summarySentinel, spawnManager, systemReviewer, capabilityMapper, selfKnowledgeTree, coverageAuditor, topicResumeMap: _topicResumeMap ?? undefined, topicProfile: _topicProfileCtx ?? undefined, sessionRefresh: _sessionRefresh ?? undefined, autonomyManager, trustElevationTracker, autonomousEvolution, coordinator: coordinator.enabled ? coordinator : undefined, localSigningKeyPem, leaseTransport, onLeasePullRequest: () => leaseCoordinatorRef?.currentLease() ?? null, liveTailReceiver, handoffWireTransport, onHandoffBegin, onHandoffInitiate: handoffInitiate, handoffInProgress: handoffSentinelInProgress, messageLedger, currentInboundByTopic, replyMarkerTransport, onReplyMarker: messageLedger ? (marker) => { const m = marker; messageLedger.applyRemoteReplyMarker(m.dedupeKey, { platform: m.platform, replyIdempotencyKey: m.replyIdempotencyKey, epoch: m.epoch, topic: m.topic ?? null }); } : undefined, whatsapp: whatsappAdapter, slack: slackAdapter, imessage: imessageAdapter, whatsappBusinessBackend, messageBridge, hookEventReceiver, worktreeMonitor, subagentTracker, instructionsVerifier, handshakeManager: threadlineHandshake, threadlineRouter, conversationStore, threadLog, threadMessageRecorder, warrantsReplyGate, collaborationSurfacer, threadResumeMap, topicLinkageHandler: topicLinkageHandler ?? undefined, threadlineRelayClient, threadlineReplyWaiters, listenerManager: listenerManager ?? undefined, a2aDeliveryTracker: a2aDeliveryTracker ?? undefined, responseReviewGate, messagingToneGate, outboundDedupGate, telemetryHeartbeat, pasteManager, featureRegistry, discoveryEvaluator, completionEvaluator, unifiedTrust, liveConfig, sharedStateLedger, ledgerSessionRegistry, worktreeManager, oidcEnrolledRepos: parallelDevConfig?.oidcEnrolledRepos, initiativeTracker, projectRoundRunner, projectDriftChecker, machineHeartbeat, machinePoolRegistry, getInboundQueue: () => _inboundQueue, meshRpcDispatcher, workingSetPullCoordinator, commitmentReplicaStore, preferenceReplicaStore, conflictStore, rollbackUnmerge, droppedOriginRegistry, preferencesUnionReader, forwardCommitmentMutate, sessionOwnershipRegistry, topicPinStore: _topicPinStore ?? undefined, streamTicketStore: _streamTicketStore ?? undefined, poolStreamAllowRemoteInput: config.dashboard?.poolStream?.allowRemoteInput ?? false, poolStreamConnector: _poolStreamConnector ?? undefined, secretSync: _secretSyncHandle ?? undefined, meshSelfId: _meshSelfId ?? undefined, resolveRouterUrl: _resolveRouterUrl ?? undefined, resolvePeerUrls: _resolvePeerUrls ?? undefined, guardRegistry, listPoolMachines: _listPoolMachines ?? undefined, poolLink: _poolLink ?? undefined, sessionPoolE2EResultStore, proxyCoordinator, topicIntentStore, topicIntentArcCheck, usherSignalStore, intelligence: sharedIntelligence ?? undefined, telegramBridgeConfig, telegramBridge: telegramBridge ?? undefined, threadlineObservability, briefDeps, workingMemory, taskFlowRegistry, threadlineFlowBridge, sessionReaper, agentWorktreeReaper, orphanedWorkSentinel, mcpProcessReaper, geminiLoopRunner, sleepController, agentActivityState, reapLog, resumeQueue, resumeDrainer, operatorStopRecorder: recordOperatorStop, sleepWakeDetector, unjustifiedStopGate, stopGateDb, stopNotifier }); // Resolve the late-bound topic-operator getter (increment 2e): routing was
|
|
15251
|
+
const server = new AgentServer({ config, sessionManager, state, scheduler, telegram, relationships, feedback, feedbackAnomalyDetector, dispatches, updateChecker, autoUpdater, autoDispatcher, quotaTracker, quotaManager, publisher, viewer, tunnel, evolution, watchdog, topicMemory, triageNurse, projectMapper, cartographer: cartographer ?? undefined, coherenceGate: scopeVerifier, contextHierarchy, canonicalState, operationGate, sentinel, adaptiveTrust, memoryMonitor, orphanReaper, coherenceMonitor, commitmentTracker, subscriptionPool, quotaPoller, quotaAwareScheduler: _quotaAwareScheduler ?? undefined, proactiveSwapMonitor: _proactiveSwapMonitor ?? undefined, inUseAccountResolver, enrollmentWizard, credentialRepointing, semanticMemory, activitySentinel, rateLimitSentinel, releaseReadinessSentinel: releaseReadinessSentinel ?? undefined, greenPrAutoMerger: greenPrAutoMerger ?? undefined, guardLatchStore: guardLatchStore ?? undefined, messageRouter, summarySentinel, spawnManager, systemReviewer, capabilityMapper, selfKnowledgeTree, coverageAuditor, topicResumeMap: _topicResumeMap ?? undefined, topicProfile: _topicProfileCtx ?? undefined, sessionRefresh: _sessionRefresh ?? undefined, autonomyManager, trustElevationTracker, autonomousEvolution, coordinator: coordinator.enabled ? coordinator : undefined, localSigningKeyPem, leaseTransport, onLeasePullRequest: () => leaseCoordinatorRef?.currentLease() ?? null, liveTailReceiver, handoffWireTransport, onHandoffBegin, onHandoffInitiate: handoffInitiate, handoffInProgress: handoffSentinelInProgress, messageLedger, currentInboundByTopic, replyMarkerTransport, onReplyMarker: messageLedger ? (marker) => { const m = marker; messageLedger.applyRemoteReplyMarker(m.dedupeKey, { platform: m.platform, replyIdempotencyKey: m.replyIdempotencyKey, epoch: m.epoch, topic: m.topic ?? null }); } : undefined, whatsapp: whatsappAdapter, slack: slackAdapter, imessage: imessageAdapter, whatsappBusinessBackend, messageBridge, hookEventReceiver, worktreeMonitor, subagentTracker, instructionsVerifier, handshakeManager: threadlineHandshake, threadlineRouter, conversationStore, threadLog, threadMessageRecorder, warrantsReplyGate, collaborationSurfacer, threadResumeMap, topicLinkageHandler: topicLinkageHandler ?? undefined, threadlineRelayClient, threadlineReplyWaiters, listenerManager: listenerManager ?? undefined, a2aDeliveryTracker: a2aDeliveryTracker ?? undefined, responseReviewGate, messagingToneGate, outboundDedupGate, telemetryHeartbeat, pasteManager, featureRegistry, discoveryEvaluator, completionEvaluator, unifiedTrust, liveConfig, sharedStateLedger, ledgerSessionRegistry, worktreeManager, oidcEnrolledRepos: parallelDevConfig?.oidcEnrolledRepos, initiativeTracker, projectRoundRunner, projectDriftChecker, machineHeartbeat, machinePoolRegistry, getInboundQueue: () => _inboundQueue, meshRpcDispatcher, workingSetPullCoordinator, commitmentReplicaStore, preferenceReplicaStore, conflictStore, rollbackUnmerge, droppedOriginRegistry, preferencesUnionReader, forwardCommitmentMutate, sessionOwnershipRegistry, topicPinStore: _topicPinStore ?? undefined, streamTicketStore: _streamTicketStore ?? undefined, poolStreamAllowRemoteInput: config.dashboard?.poolStream?.allowRemoteInput ?? false, poolStreamConnector: _poolStreamConnector ?? undefined, secretSync: _secretSyncHandle ?? undefined, meshSelfId: _meshSelfId ?? undefined, resolveRouterUrl: _resolveRouterUrl ?? undefined, resolvePeerUrls: _resolvePeerUrls ?? undefined, guardRegistry, listPoolMachines: _listPoolMachines ?? undefined, poolLink: _poolLink ?? undefined, sessionPoolE2EResultStore, proxyCoordinator, topicIntentStore, topicIntentArcCheck, usherSignalStore, intelligence: sharedIntelligence ?? undefined, telegramBridgeConfig, telegramBridge: telegramBridge ?? undefined, threadlineObservability, briefDeps, workingMemory, taskFlowRegistry, threadlineFlowBridge, sessionReaper, agentWorktreeReaper, orphanedWorkSentinel, mcpProcessReaper, geminiLoopRunner, sleepController, agentActivityState, reapLog, resumeQueue, resumeDrainer, operatorStopRecorder: recordOperatorStop, sleepWakeDetector, unjustifiedStopGate, stopGateDb, stopNotifier }); // Resolve the late-bound topic-operator getter (increment 2e): routing was
|
|
15121
15252
|
// wired before the server existed; from here on inbound binds use the
|
|
15122
15253
|
// server's own store instance.
|
|
15123
15254
|
_agentServerRef = server;
|