instar 1.3.539 → 1.3.541
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/server.d.ts.map +1 -1
- package/dist/commands/server.js +37 -7
- package/dist/commands/server.js.map +1 -1
- package/dist/config/ConfigDefaults.d.ts.map +1 -1
- package/dist/config/ConfigDefaults.js +23 -21
- package/dist/config/ConfigDefaults.js.map +1 -1
- package/dist/core/CredentialEnvTokenGate.d.ts +98 -0
- package/dist/core/CredentialEnvTokenGate.d.ts.map +1 -0
- package/dist/core/CredentialEnvTokenGate.js +103 -0
- package/dist/core/CredentialEnvTokenGate.js.map +1 -0
- package/dist/core/PostUpdateMigrator.d.ts +1 -0
- package/dist/core/PostUpdateMigrator.d.ts.map +1 -1
- package/dist/core/PostUpdateMigrator.js +83 -0
- package/dist/core/PostUpdateMigrator.js.map +1 -1
- package/dist/core/SessionManager.d.ts.map +1 -1
- package/dist/core/SessionManager.js +27 -0
- package/dist/core/SessionManager.js.map +1 -1
- package/dist/core/devGatedFeatures.d.ts +12 -1
- package/dist/core/devGatedFeatures.d.ts.map +1 -1
- package/dist/core/devGatedFeatures.js +51 -37
- package/dist/core/devGatedFeatures.js.map +1 -1
- package/dist/core/types.d.ts +18 -0
- package/dist/core/types.d.ts.map +1 -1
- package/dist/core/types.js.map +1 -1
- package/dist/monitoring/guardManifest.js +4 -4
- package/dist/monitoring/guardManifest.js.map +1 -1
- package/dist/server/AgentServer.d.ts.map +1 -1
- package/dist/server/AgentServer.js +15 -11
- package/dist/server/AgentServer.js.map +1 -1
- package/dist/server/CapabilityIndex.d.ts.map +1 -1
- package/dist/server/CapabilityIndex.js +4 -1
- package/dist/server/CapabilityIndex.js.map +1 -1
- package/dist/server/routes.d.ts +3 -0
- package/dist/server/routes.d.ts.map +1 -1
- package/dist/server/routes.js +29 -3
- package/dist/server/routes.js.map +1 -1
- package/package.json +1 -1
- package/scripts/lib/dark-gate-attribution.js +7 -2
- package/scripts/lint-dev-agent-dark-gate.js +19 -1
- package/src/data/builtin-manifest.json +65 -65
- package/upgrades/1.3.540.md +70 -0
- package/upgrades/1.3.541.md +29 -0
- package/upgrades/side-effects/dev-agent-dark-gate-teeth.md +201 -0
- package/upgrades/side-effects/ws52-step8-provenance-gate.md +78 -0
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/commands/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAgCH,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAS3D,OAAO,EAAE,eAAe,EAAiC,MAAM,iCAAiC,CAAC;AAuBjG,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAGvD,OAAO,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAiH7D,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAsBtD;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,yBAAyB,CACvC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,gBAAgB,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAC1C,OAAO,CAUT;AAyID,UAAU,YAAY;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;2DACuD;IACvD,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAm3CD,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,eAAe,EACzB,cAAc,EAAE,cAAc,EAC9B,YAAY,CAAC,EAAE,YAAY,EAC3B,WAAW,CAAC,EAAE,WAAW,EACzB,WAAW,CAAC,EAAE,WAAW,EACzB,iBAAiB,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,EAGvE,UAAU,CAAC,EAAE,MAAM,OAAO,8BAA8B,EAAE,WAAW,GAAG,IAAI,EAK5E,qBAAqB,CAAC,EAAE,MAAM,OAAO,gCAAgC,EAAE,kBAAkB,GAAG,IAAI,EAKhG,mBAAmB,CAAC,EAAE,MAAM,MAAM,GAAG,IAAI,GAAG,SAAS,GACpD,IAAI,CA8eN;AA2lBD,wBAAsB,WAAW,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/commands/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAgCH,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAS3D,OAAO,EAAE,eAAe,EAAiC,MAAM,iCAAiC,CAAC;AAuBjG,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAGvD,OAAO,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAiH7D,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAsBtD;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,yBAAyB,CACvC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,gBAAgB,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAC1C,OAAO,CAUT;AAyID,UAAU,YAAY;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;2DACuD;IACvD,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAm3CD,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,eAAe,EACzB,cAAc,EAAE,cAAc,EAC9B,YAAY,CAAC,EAAE,YAAY,EAC3B,WAAW,CAAC,EAAE,WAAW,EACzB,WAAW,CAAC,EAAE,WAAW,EACzB,iBAAiB,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,EAGvE,UAAU,CAAC,EAAE,MAAM,OAAO,8BAA8B,EAAE,WAAW,GAAG,IAAI,EAK5E,qBAAqB,CAAC,EAAE,MAAM,OAAO,gCAAgC,EAAE,kBAAkB,GAAG,IAAI,EAKhG,mBAAmB,CAAC,EAAE,MAAM,MAAM,GAAG,IAAI,GAAG,SAAS,GACpD,IAAI,CA8eN;AA2lBD,wBAAsB,WAAW,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CA4hbtE;AAED,wBAAsB,UAAU,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAsDzE;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,aAAa,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAuD5E"}
|
package/dist/commands/server.js
CHANGED
|
@@ -2767,11 +2767,13 @@ export async function startServer(options) {
|
|
|
2767
2767
|
// runs BEFORE AgentServer binds its port, so for minutes nothing answers
|
|
2768
2768
|
// /health and the supervisor can mistake a slow boot for a dead process →
|
|
2769
2769
|
// the restart loop. This minimal beacon answers /health from the very start
|
|
2770
|
-
// of boot; it is closed at the handoff just before server.start().
|
|
2771
|
-
//
|
|
2772
|
-
//
|
|
2770
|
+
// of boot; it is closed at the handoff just before server.start().
|
|
2771
|
+
// DEV-GATED (CMT-1438): `enabled` OMITTED from defaults so the developmentAgent
|
|
2772
|
+
// gate decides — LIVE on a dev agent, DARK on the fleet; the grace bump (#979)
|
|
2773
|
+
// covers the window on the fleet. D4-verified read-only (localhost-only inbound
|
|
2774
|
+
// socket, zero outbound). Belt-and-suspenders, not a boot reorder.
|
|
2773
2775
|
let bootBeacon;
|
|
2774
|
-
if (config.monitoring?.bootHealthBeacon?.enabled) {
|
|
2776
|
+
if (resolveDevAgentGate(config.monitoring?.bootHealthBeacon?.enabled, config)) {
|
|
2775
2777
|
try {
|
|
2776
2778
|
bootBeacon = new BootHealthBeacon(config.port);
|
|
2777
2779
|
await bootBeacon.start();
|
|
@@ -8543,9 +8545,30 @@ export async function startServer(options) {
|
|
|
8543
8545
|
oracle: new CredentialIdentityOracle(),
|
|
8544
8546
|
emitAttention: credentialGateEmitAttention,
|
|
8545
8547
|
});
|
|
8548
|
+
// The §2.10 env-token gate (Step 8): the §0.b applicability precondition, enforced. Evaluates
|
|
8549
|
+
// BOTH `config.anthropicApiKey` (read LIVE per call — restartless) AND the live running fleet's
|
|
8550
|
+
// durable per-session `credentialSource` flag, so a mid-run flip to an env token cannot silently
|
|
8551
|
+
// un-steer the fleet. Pure evaluator (no IO). Constructed BEFORE the location gate so the
|
|
8552
|
+
// location gate can AND-in its refusal — a §2.10 refusal suppresses ALL re-pointing attribution
|
|
8553
|
+
// (requirement 3: an env-token session's usage is never mis-attributed to a slot tenant).
|
|
8554
|
+
const { CredentialEnvTokenGate } = await import('../core/CredentialEnvTokenGate.js');
|
|
8555
|
+
const credentialEnvTokenGate = new CredentialEnvTokenGate({
|
|
8556
|
+
// SINGLE SOURCE OF TRUTH: the SessionManager spawn site reads `this.config.anthropicApiKey`,
|
|
8557
|
+
// and `sessionManagerConfig` is `{ ...config.sessions }`, so the IDENTICAL value the env-block
|
|
8558
|
+
// predicate sees is `config.sessions.anthropicApiKey`. Read it (not the legacy top-level field)
|
|
8559
|
+
// so the gate's config predicate can never diverge from what actually launched the sessions.
|
|
8560
|
+
getAnthropicApiKey: () => config.sessions?.anthropicApiKey,
|
|
8561
|
+
listSessions: () => state.listSessions(),
|
|
8562
|
+
});
|
|
8546
8563
|
const credentialLocationGate = new CredentialLocationGate({
|
|
8547
|
-
// Live flag read — a restartless config flip is honored on the next read.
|
|
8548
|
-
|
|
8564
|
+
// Live flag read — a restartless config flip is honored on the next read. AND-ed with the
|
|
8565
|
+
// §2.10 env-token gate: when the feature would refuse (config field set OR a live env-token
|
|
8566
|
+
// session in the fleet), re-pointing attribution is suppressed wholesale, so the QuotaPoller
|
|
8567
|
+
// stops routing reads/attribution through moved slots (an env fleet isn't store-steered, and
|
|
8568
|
+
// attributing it would mis-credit usage to a slot tenant). Dark-default: when the feature flag
|
|
8569
|
+
// is off this short-circuits before evaluating the gate, so it's byte-for-byte today's behavior.
|
|
8570
|
+
isEnabled: () => config.subscriptionPool?.credentialRepointing?.enabled === true &&
|
|
8571
|
+
!credentialEnvTokenGate.evaluate().refused,
|
|
8549
8572
|
ledger: credentialLocationLedger,
|
|
8550
8573
|
emitAttention: credentialGateEmitAttention,
|
|
8551
8574
|
});
|
|
@@ -8628,6 +8651,7 @@ export async function startServer(options) {
|
|
|
8628
8651
|
resolveIdentity: credResolveIdentity,
|
|
8629
8652
|
audit: credentialAuditEmit,
|
|
8630
8653
|
levers: credentialManualLevers,
|
|
8654
|
+
envTokenGate: credentialEnvTokenGate,
|
|
8631
8655
|
readBlob: async (slot) => {
|
|
8632
8656
|
const raw = await defaultKeychainExec.readService(credSwapService(slot));
|
|
8633
8657
|
if (!raw)
|
|
@@ -12638,7 +12662,13 @@ export async function startServer(options) {
|
|
|
12638
12662
|
{
|
|
12639
12663
|
const rrCfg = config.monitoring?.releaseReadiness;
|
|
12640
12664
|
const repoPath = rrCfg?.repoPath ?? process.cwd();
|
|
12641
|
-
|
|
12665
|
+
// DEV-GATED (CMT-1438): `enabled` OMITTED from defaults so the developmentAgent
|
|
12666
|
+
// gate decides — LIVE on a dev agent, DARK on the fleet. D4-verified
|
|
12667
|
+
// inert-on-enable: this only constructs the READ surface; ticks/sends require
|
|
12668
|
+
// the SEPARATE off-by-default release-readiness-check job (two-switch). The
|
|
12669
|
+
// `rrCfg &&` guard preserves the original "block must exist" semantics
|
|
12670
|
+
// (applyDefaults always injects it) and narrows the type for the field reads.
|
|
12671
|
+
if (rrCfg && resolveDevAgentGate(rrCfg.enabled, config)) {
|
|
12642
12672
|
const { isAnalyzableRepo, buildReleaseReadinessDeps } = await import('../monitoring/releaseReadinessWiring.js');
|
|
12643
12673
|
if (isAnalyzableRepo(repoPath)) {
|
|
12644
12674
|
const { ReleaseReadinessSentinel } = await import('../monitoring/ReleaseReadinessSentinel.js');
|