instar 1.3.538 → 1.3.540
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/server.d.ts.map +1 -1
- package/dist/commands/server.js +87 -6
- package/dist/commands/server.js.map +1 -1
- package/dist/config/ConfigDefaults.d.ts.map +1 -1
- package/dist/config/ConfigDefaults.js +23 -21
- package/dist/config/ConfigDefaults.js.map +1 -1
- package/dist/core/CredentialAuditEmit.d.ts +82 -0
- package/dist/core/CredentialAuditEmit.d.ts.map +1 -0
- package/dist/core/CredentialAuditEmit.js +132 -0
- package/dist/core/CredentialAuditEmit.js.map +1 -0
- package/dist/core/CredentialManualLevers.d.ts +57 -0
- package/dist/core/CredentialManualLevers.d.ts.map +1 -0
- package/dist/core/CredentialManualLevers.js +0 -0
- package/dist/core/CredentialManualLevers.js.map +1 -0
- package/dist/core/CredentialRestoreEnrollment.d.ts +76 -0
- package/dist/core/CredentialRestoreEnrollment.d.ts.map +1 -0
- package/dist/core/CredentialRestoreEnrollment.js +76 -0
- package/dist/core/CredentialRestoreEnrollment.js.map +1 -0
- package/dist/core/PostUpdateMigrator.d.ts +1 -0
- package/dist/core/PostUpdateMigrator.d.ts.map +1 -1
- package/dist/core/PostUpdateMigrator.js +83 -0
- package/dist/core/PostUpdateMigrator.js.map +1 -1
- package/dist/core/devGatedFeatures.d.ts +12 -1
- package/dist/core/devGatedFeatures.d.ts.map +1 -1
- package/dist/core/devGatedFeatures.js +51 -37
- package/dist/core/devGatedFeatures.js.map +1 -1
- package/dist/core/types.d.ts +7 -0
- package/dist/core/types.d.ts.map +1 -1
- package/dist/core/types.js.map +1 -1
- package/dist/monitoring/guardManifest.js +4 -4
- package/dist/monitoring/guardManifest.js.map +1 -1
- package/dist/server/AgentServer.d.ts +1 -0
- package/dist/server/AgentServer.d.ts.map +1 -1
- package/dist/server/AgentServer.js +16 -11
- package/dist/server/AgentServer.js.map +1 -1
- package/dist/server/CapabilityIndex.d.ts.map +1 -1
- package/dist/server/CapabilityIndex.js +20 -1
- package/dist/server/CapabilityIndex.js.map +1 -1
- package/dist/server/routes.d.ts +20 -0
- package/dist/server/routes.d.ts.map +1 -1
- package/dist/server/routes.js +213 -0
- package/dist/server/routes.js.map +1 -1
- package/package.json +1 -1
- package/scripts/lib/dark-gate-attribution.js +7 -2
- package/scripts/lint-dev-agent-dark-gate.js +19 -1
- package/src/data/builtin-manifest.json +64 -64
- package/upgrades/1.3.539.md +29 -0
- package/upgrades/1.3.540.md +70 -0
- package/upgrades/side-effects/dev-agent-dark-gate-teeth.md +201 -0
- package/upgrades/side-effects/ws52-step7-routes-audit.md +39 -0
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/commands/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAgCH,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAS3D,OAAO,EAAE,eAAe,EAAiC,MAAM,iCAAiC,CAAC;AAuBjG,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAGvD,OAAO,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAiH7D,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAsBtD;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,yBAAyB,CACvC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,gBAAgB,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAC1C,OAAO,CAUT;AAyID,UAAU,YAAY;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;2DACuD;IACvD,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAm3CD,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,eAAe,EACzB,cAAc,EAAE,cAAc,EAC9B,YAAY,CAAC,EAAE,YAAY,EAC3B,WAAW,CAAC,EAAE,WAAW,EACzB,WAAW,CAAC,EAAE,WAAW,EACzB,iBAAiB,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,EAGvE,UAAU,CAAC,EAAE,MAAM,OAAO,8BAA8B,EAAE,WAAW,GAAG,IAAI,EAK5E,qBAAqB,CAAC,EAAE,MAAM,OAAO,gCAAgC,EAAE,kBAAkB,GAAG,IAAI,EAKhG,mBAAmB,CAAC,EAAE,MAAM,MAAM,GAAG,IAAI,GAAG,SAAS,GACpD,IAAI,CA8eN;AA2lBD,wBAAsB,WAAW,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/commands/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAgCH,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAS3D,OAAO,EAAE,eAAe,EAAiC,MAAM,iCAAiC,CAAC;AAuBjG,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAGvD,OAAO,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAiH7D,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAsBtD;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,yBAAyB,CACvC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,gBAAgB,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAC1C,OAAO,CAUT;AAyID,UAAU,YAAY;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;2DACuD;IACvD,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAm3CD,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,eAAe,EACzB,cAAc,EAAE,cAAc,EAC9B,YAAY,CAAC,EAAE,YAAY,EAC3B,WAAW,CAAC,EAAE,WAAW,EACzB,WAAW,CAAC,EAAE,WAAW,EACzB,iBAAiB,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,EAGvE,UAAU,CAAC,EAAE,MAAM,OAAO,8BAA8B,EAAE,WAAW,GAAG,IAAI,EAK5E,qBAAqB,CAAC,EAAE,MAAM,OAAO,gCAAgC,EAAE,kBAAkB,GAAG,IAAI,EAKhG,mBAAmB,CAAC,EAAE,MAAM,MAAM,GAAG,IAAI,GAAG,SAAS,GACpD,IAAI,CA8eN;AA2lBD,wBAAsB,WAAW,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAqgbtE;AAED,wBAAsB,UAAU,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAsDzE;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,aAAa,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAuD5E"}
|
package/dist/commands/server.js
CHANGED
|
@@ -2767,11 +2767,13 @@ export async function startServer(options) {
|
|
|
2767
2767
|
// runs BEFORE AgentServer binds its port, so for minutes nothing answers
|
|
2768
2768
|
// /health and the supervisor can mistake a slow boot for a dead process →
|
|
2769
2769
|
// the restart loop. This minimal beacon answers /health from the very start
|
|
2770
|
-
// of boot; it is closed at the handoff just before server.start().
|
|
2771
|
-
//
|
|
2772
|
-
//
|
|
2770
|
+
// of boot; it is closed at the handoff just before server.start().
|
|
2771
|
+
// DEV-GATED (CMT-1438): `enabled` OMITTED from defaults so the developmentAgent
|
|
2772
|
+
// gate decides — LIVE on a dev agent, DARK on the fleet; the grace bump (#979)
|
|
2773
|
+
// covers the window on the fleet. D4-verified read-only (localhost-only inbound
|
|
2774
|
+
// socket, zero outbound). Belt-and-suspenders, not a boot reorder.
|
|
2773
2775
|
let bootBeacon;
|
|
2774
|
-
if (config.monitoring?.bootHealthBeacon?.enabled) {
|
|
2776
|
+
if (resolveDevAgentGate(config.monitoring?.bootHealthBeacon?.enabled, config)) {
|
|
2775
2777
|
try {
|
|
2776
2778
|
bootBeacon = new BootHealthBeacon(config.port);
|
|
2777
2779
|
await bootBeacon.start();
|
|
@@ -8569,6 +8571,79 @@ export async function startServer(options) {
|
|
|
8569
8571
|
});
|
|
8570
8572
|
// Census #5/#6: spawn placement resolves a pinned account's home through the gate (no-op dark).
|
|
8571
8573
|
sessionManager.setCredentialLocationGate(credentialLocationGate);
|
|
8574
|
+
// ── WS5.2 Step 7 — manual levers + audit-scrub chokepoint ──
|
|
8575
|
+
// The CredentialAuditEmit is the SINGLE secret-scrub chokepoint: every credential-swaps.jsonl
|
|
8576
|
+
// write, every /credentials/* response body, and every attention-item routes through its
|
|
8577
|
+
// scrub() (reuses redactToken). The CredentialSwapExecutor is CONSTRUCTED + run live HERE (the
|
|
8578
|
+
// Step-5 residual closes). Both ship DARK — the executor's own `config.enabled`/`dryRun` gate
|
|
8579
|
+
// (read from `subscriptionPool.credentialRepointing`) makes it a strict no-op while dark, and
|
|
8580
|
+
// the routes 503/no-op on the same flag, so this is byte-for-byte today's behavior.
|
|
8581
|
+
const { CredentialAuditEmit } = await import('../core/CredentialAuditEmit.js');
|
|
8582
|
+
const { CredentialSwapExecutor } = await import('../core/CredentialSwapExecutor.js');
|
|
8583
|
+
const { CredentialManualLevers } = await import('../core/CredentialManualLevers.js');
|
|
8584
|
+
const { credentialWriteFunnel } = await import('../core/CredentialWriteFunnel.js');
|
|
8585
|
+
const { defaultKeychainExec } = await import('../core/CredentialSwapExecutor.js');
|
|
8586
|
+
const { claudeCredentialService: credSwapService } = await import('../core/OAuthRefresher.js');
|
|
8587
|
+
const credSwapsLogPath = path.join(config.stateDir, 'logs', 'credential-swaps.jsonl');
|
|
8588
|
+
const credentialAuditEmit = new CredentialAuditEmit({
|
|
8589
|
+
writeLine: (line) => { try {
|
|
8590
|
+
fs.appendFileSync(credSwapsLogPath, line);
|
|
8591
|
+
}
|
|
8592
|
+
catch { /* @silent-fallback-ok: audit jsonl is observability; the swap is the load-bearing action and is unaffected. The line was scrubbed before this write, so a failure leaks nothing. */ } },
|
|
8593
|
+
emitAttention: credentialGateEmitAttention,
|
|
8594
|
+
});
|
|
8595
|
+
// Compose the host identity resolver: REAL oracle (slot blob → email) → pool (email → accountId).
|
|
8596
|
+
const { CredentialIdentityOracle: CredSwapOracle } = await import('../core/CredentialIdentityOracle.js');
|
|
8597
|
+
const credSwapOracle = new CredSwapOracle();
|
|
8598
|
+
const credResolveIdentity = async (slot) => {
|
|
8599
|
+
const r = await credSwapOracle.resolveSlotTenant(slot);
|
|
8600
|
+
if (r.unavailable || !r.email)
|
|
8601
|
+
return { unavailable: true, reason: r.reason ?? 'oracle unavailable' };
|
|
8602
|
+
const matches = subscriptionPool.list().filter((a) => a.email && a.email === r.email);
|
|
8603
|
+
if (matches.length !== 1)
|
|
8604
|
+
return { unavailable: true, reason: `ambiguous/unknown email (${matches.length} pool matches)` };
|
|
8605
|
+
return { accountId: matches[0].id };
|
|
8606
|
+
};
|
|
8607
|
+
const credentialSwapExecutor = new CredentialSwapExecutor({
|
|
8608
|
+
funnel: credentialWriteFunnel,
|
|
8609
|
+
ledger: credentialLocationLedger,
|
|
8610
|
+
resolveIdentity: credResolveIdentity,
|
|
8611
|
+
// The executor reads the SAME dark gate the routes do — strict no-op while disabled.
|
|
8612
|
+
config: {
|
|
8613
|
+
enabled: config.subscriptionPool?.credentialRepointing?.enabled === true,
|
|
8614
|
+
dryRun: config.subscriptionPool?.credentialRepointing?.dryRun !== false,
|
|
8615
|
+
},
|
|
8616
|
+
emitAudit: (rec) => credentialAuditEmit.audit({ event: 'swap-step', ...rec }),
|
|
8617
|
+
emitAttention: (item) => void credentialAuditEmit.attention(item),
|
|
8618
|
+
onSlotsChanged: (slots) => { try {
|
|
8619
|
+
inUseAccountResolver.bustCache?.();
|
|
8620
|
+
}
|
|
8621
|
+
catch { /* @silent-fallback-ok: cache-bust is an observability nicety (a stale badge self-corrects at TTL); a throwing consumer must never break the committed swap */ } void slots; },
|
|
8622
|
+
});
|
|
8623
|
+
const credentialManualLevers = new CredentialManualLevers({
|
|
8624
|
+
maxForcedPerWindow: config.subscriptionPool?.credentialRepointing?.maxForcedManualSwapsPerWindow,
|
|
8625
|
+
forcedWindowMs: config.subscriptionPool?.credentialRepointing?.forcedManualSwapWindowMs,
|
|
8626
|
+
});
|
|
8627
|
+
const credentialRepointing = {
|
|
8628
|
+
ledger: credentialLocationLedger,
|
|
8629
|
+
swapExecutor: credentialSwapExecutor,
|
|
8630
|
+
resolveIdentity: credResolveIdentity,
|
|
8631
|
+
audit: credentialAuditEmit,
|
|
8632
|
+
levers: credentialManualLevers,
|
|
8633
|
+
readBlob: async (slot) => {
|
|
8634
|
+
const raw = await defaultKeychainExec.readService(credSwapService(slot));
|
|
8635
|
+
if (!raw)
|
|
8636
|
+
return null;
|
|
8637
|
+
try {
|
|
8638
|
+
const parsed = JSON.parse(raw);
|
|
8639
|
+
const oauth = (parsed?.claudeAiOauth ?? null);
|
|
8640
|
+
return { raw, oauth };
|
|
8641
|
+
}
|
|
8642
|
+
catch {
|
|
8643
|
+
return { raw, oauth: null }; // @silent-fallback-ok: unparseable blob → coherence classifier parks it one-directionally (never exchanged); the raw is returned only so the classifier sees "has-raw-but-no-oauth"
|
|
8644
|
+
}
|
|
8645
|
+
},
|
|
8646
|
+
};
|
|
8572
8647
|
// QuotaPoller — per-account live quota reader (P1.2 of the Subscription &
|
|
8573
8648
|
// Auth Standard). Reads each account's 5h/weekly utilization + reset dates
|
|
8574
8649
|
// via the OAuth usage endpoint (transient per-account token, never persisted)
|
|
@@ -12565,7 +12640,13 @@ export async function startServer(options) {
|
|
|
12565
12640
|
{
|
|
12566
12641
|
const rrCfg = config.monitoring?.releaseReadiness;
|
|
12567
12642
|
const repoPath = rrCfg?.repoPath ?? process.cwd();
|
|
12568
|
-
|
|
12643
|
+
// DEV-GATED (CMT-1438): `enabled` OMITTED from defaults so the developmentAgent
|
|
12644
|
+
// gate decides — LIVE on a dev agent, DARK on the fleet. D4-verified
|
|
12645
|
+
// inert-on-enable: this only constructs the READ surface; ticks/sends require
|
|
12646
|
+
// the SEPARATE off-by-default release-readiness-check job (two-switch). The
|
|
12647
|
+
// `rrCfg &&` guard preserves the original "block must exist" semantics
|
|
12648
|
+
// (applyDefaults always injects it) and narrows the type for the field reads.
|
|
12649
|
+
if (rrCfg && resolveDevAgentGate(rrCfg.enabled, config)) {
|
|
12569
12650
|
const { isAnalyzableRepo, buildReleaseReadinessDeps } = await import('../monitoring/releaseReadinessWiring.js');
|
|
12570
12651
|
if (isAnalyzableRepo(repoPath)) {
|
|
12571
12652
|
const { ReleaseReadinessSentinel } = await import('../monitoring/ReleaseReadinessSentinel.js');
|
|
@@ -15175,7 +15256,7 @@ export async function startServer(options) {
|
|
|
15175
15256
|
carrier: _topicProfileCarrier,
|
|
15176
15257
|
}
|
|
15177
15258
|
: null;
|
|
15178
|
-
const server = new AgentServer({ config, sessionManager, state, scheduler, telegram, relationships, feedback, feedbackAnomalyDetector, dispatches, updateChecker, autoUpdater, autoDispatcher, quotaTracker, quotaManager, publisher, viewer, tunnel, evolution, watchdog, topicMemory, triageNurse, projectMapper, cartographer: cartographer ?? undefined, coherenceGate: scopeVerifier, contextHierarchy, canonicalState, operationGate, sentinel, adaptiveTrust, memoryMonitor, orphanReaper, coherenceMonitor, commitmentTracker, subscriptionPool, quotaPoller, quotaAwareScheduler: _quotaAwareScheduler ?? undefined, proactiveSwapMonitor: _proactiveSwapMonitor ?? undefined, inUseAccountResolver, enrollmentWizard, semanticMemory, activitySentinel, rateLimitSentinel, releaseReadinessSentinel: releaseReadinessSentinel ?? undefined, greenPrAutoMerger: greenPrAutoMerger ?? undefined, guardLatchStore: guardLatchStore ?? undefined, messageRouter, summarySentinel, spawnManager, systemReviewer, capabilityMapper, selfKnowledgeTree, coverageAuditor, topicResumeMap: _topicResumeMap ?? undefined, topicProfile: _topicProfileCtx ?? undefined, sessionRefresh: _sessionRefresh ?? undefined, autonomyManager, trustElevationTracker, autonomousEvolution, coordinator: coordinator.enabled ? coordinator : undefined, localSigningKeyPem, leaseTransport, onLeasePullRequest: () => leaseCoordinatorRef?.currentLease() ?? null, liveTailReceiver, handoffWireTransport, onHandoffBegin, onHandoffInitiate: handoffInitiate, handoffInProgress: handoffSentinelInProgress, messageLedger, currentInboundByTopic, replyMarkerTransport, onReplyMarker: messageLedger ? (marker) => { const m = marker; messageLedger.applyRemoteReplyMarker(m.dedupeKey, { platform: m.platform, replyIdempotencyKey: m.replyIdempotencyKey, epoch: m.epoch, topic: m.topic ?? null }); } : undefined, whatsapp: whatsappAdapter, slack: slackAdapter, imessage: imessageAdapter, whatsappBusinessBackend, messageBridge, hookEventReceiver, worktreeMonitor, subagentTracker, instructionsVerifier, handshakeManager: threadlineHandshake, threadlineRouter, conversationStore, threadLog, threadMessageRecorder, warrantsReplyGate, collaborationSurfacer, threadResumeMap, topicLinkageHandler: topicLinkageHandler ?? undefined, threadlineRelayClient, threadlineReplyWaiters, listenerManager: listenerManager ?? undefined, a2aDeliveryTracker: a2aDeliveryTracker ?? undefined, responseReviewGate, messagingToneGate, outboundDedupGate, telemetryHeartbeat, pasteManager, featureRegistry, discoveryEvaluator, completionEvaluator, unifiedTrust, liveConfig, sharedStateLedger, ledgerSessionRegistry, worktreeManager, oidcEnrolledRepos: parallelDevConfig?.oidcEnrolledRepos, initiativeTracker, projectRoundRunner, projectDriftChecker, machineHeartbeat, machinePoolRegistry, getInboundQueue: () => _inboundQueue, meshRpcDispatcher, workingSetPullCoordinator, commitmentReplicaStore, preferenceReplicaStore, conflictStore, rollbackUnmerge, droppedOriginRegistry, preferencesUnionReader, forwardCommitmentMutate, sessionOwnershipRegistry, topicPinStore: _topicPinStore ?? undefined, streamTicketStore: _streamTicketStore ?? undefined, poolStreamAllowRemoteInput: config.dashboard?.poolStream?.allowRemoteInput ?? false, poolStreamConnector: _poolStreamConnector ?? undefined, secretSync: _secretSyncHandle ?? undefined, meshSelfId: _meshSelfId ?? undefined, resolveRouterUrl: _resolveRouterUrl ?? undefined, resolvePeerUrls: _resolvePeerUrls ?? undefined, guardRegistry, listPoolMachines: _listPoolMachines ?? undefined, poolLink: _poolLink ?? undefined, sessionPoolE2EResultStore, proxyCoordinator, topicIntentStore, topicIntentArcCheck, usherSignalStore, intelligence: sharedIntelligence ?? undefined, telegramBridgeConfig, telegramBridge: telegramBridge ?? undefined, threadlineObservability, briefDeps, workingMemory, taskFlowRegistry, threadlineFlowBridge, sessionReaper, agentWorktreeReaper, orphanedWorkSentinel, mcpProcessReaper, geminiLoopRunner, sleepController, agentActivityState, reapLog, resumeQueue, resumeDrainer, operatorStopRecorder: recordOperatorStop, sleepWakeDetector, unjustifiedStopGate, stopGateDb, stopNotifier }); // Resolve the late-bound topic-operator getter (increment 2e): routing was
|
|
15259
|
+
const server = new AgentServer({ config, sessionManager, state, scheduler, telegram, relationships, feedback, feedbackAnomalyDetector, dispatches, updateChecker, autoUpdater, autoDispatcher, quotaTracker, quotaManager, publisher, viewer, tunnel, evolution, watchdog, topicMemory, triageNurse, projectMapper, cartographer: cartographer ?? undefined, coherenceGate: scopeVerifier, contextHierarchy, canonicalState, operationGate, sentinel, adaptiveTrust, memoryMonitor, orphanReaper, coherenceMonitor, commitmentTracker, subscriptionPool, quotaPoller, quotaAwareScheduler: _quotaAwareScheduler ?? undefined, proactiveSwapMonitor: _proactiveSwapMonitor ?? undefined, inUseAccountResolver, enrollmentWizard, credentialRepointing, semanticMemory, activitySentinel, rateLimitSentinel, releaseReadinessSentinel: releaseReadinessSentinel ?? undefined, greenPrAutoMerger: greenPrAutoMerger ?? undefined, guardLatchStore: guardLatchStore ?? undefined, messageRouter, summarySentinel, spawnManager, systemReviewer, capabilityMapper, selfKnowledgeTree, coverageAuditor, topicResumeMap: _topicResumeMap ?? undefined, topicProfile: _topicProfileCtx ?? undefined, sessionRefresh: _sessionRefresh ?? undefined, autonomyManager, trustElevationTracker, autonomousEvolution, coordinator: coordinator.enabled ? coordinator : undefined, localSigningKeyPem, leaseTransport, onLeasePullRequest: () => leaseCoordinatorRef?.currentLease() ?? null, liveTailReceiver, handoffWireTransport, onHandoffBegin, onHandoffInitiate: handoffInitiate, handoffInProgress: handoffSentinelInProgress, messageLedger, currentInboundByTopic, replyMarkerTransport, onReplyMarker: messageLedger ? (marker) => { const m = marker; messageLedger.applyRemoteReplyMarker(m.dedupeKey, { platform: m.platform, replyIdempotencyKey: m.replyIdempotencyKey, epoch: m.epoch, topic: m.topic ?? null }); } : undefined, whatsapp: whatsappAdapter, slack: slackAdapter, imessage: imessageAdapter, whatsappBusinessBackend, messageBridge, hookEventReceiver, worktreeMonitor, subagentTracker, instructionsVerifier, handshakeManager: threadlineHandshake, threadlineRouter, conversationStore, threadLog, threadMessageRecorder, warrantsReplyGate, collaborationSurfacer, threadResumeMap, topicLinkageHandler: topicLinkageHandler ?? undefined, threadlineRelayClient, threadlineReplyWaiters, listenerManager: listenerManager ?? undefined, a2aDeliveryTracker: a2aDeliveryTracker ?? undefined, responseReviewGate, messagingToneGate, outboundDedupGate, telemetryHeartbeat, pasteManager, featureRegistry, discoveryEvaluator, completionEvaluator, unifiedTrust, liveConfig, sharedStateLedger, ledgerSessionRegistry, worktreeManager, oidcEnrolledRepos: parallelDevConfig?.oidcEnrolledRepos, initiativeTracker, projectRoundRunner, projectDriftChecker, machineHeartbeat, machinePoolRegistry, getInboundQueue: () => _inboundQueue, meshRpcDispatcher, workingSetPullCoordinator, commitmentReplicaStore, preferenceReplicaStore, conflictStore, rollbackUnmerge, droppedOriginRegistry, preferencesUnionReader, forwardCommitmentMutate, sessionOwnershipRegistry, topicPinStore: _topicPinStore ?? undefined, streamTicketStore: _streamTicketStore ?? undefined, poolStreamAllowRemoteInput: config.dashboard?.poolStream?.allowRemoteInput ?? false, poolStreamConnector: _poolStreamConnector ?? undefined, secretSync: _secretSyncHandle ?? undefined, meshSelfId: _meshSelfId ?? undefined, resolveRouterUrl: _resolveRouterUrl ?? undefined, resolvePeerUrls: _resolvePeerUrls ?? undefined, guardRegistry, listPoolMachines: _listPoolMachines ?? undefined, poolLink: _poolLink ?? undefined, sessionPoolE2EResultStore, proxyCoordinator, topicIntentStore, topicIntentArcCheck, usherSignalStore, intelligence: sharedIntelligence ?? undefined, telegramBridgeConfig, telegramBridge: telegramBridge ?? undefined, threadlineObservability, briefDeps, workingMemory, taskFlowRegistry, threadlineFlowBridge, sessionReaper, agentWorktreeReaper, orphanedWorkSentinel, mcpProcessReaper, geminiLoopRunner, sleepController, agentActivityState, reapLog, resumeQueue, resumeDrainer, operatorStopRecorder: recordOperatorStop, sleepWakeDetector, unjustifiedStopGate, stopGateDb, stopNotifier }); // Resolve the late-bound topic-operator getter (increment 2e): routing was
|
|
15179
15260
|
// wired before the server existed; from here on inbound binds use the
|
|
15180
15261
|
// server's own store instance.
|
|
15181
15262
|
_agentServerRef = server;
|