instar 1.3.540 → 1.3.541
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/server.d.ts.map +1 -1
- package/dist/commands/server.js +24 -2
- package/dist/commands/server.js.map +1 -1
- package/dist/core/CredentialEnvTokenGate.d.ts +98 -0
- package/dist/core/CredentialEnvTokenGate.d.ts.map +1 -0
- package/dist/core/CredentialEnvTokenGate.js +103 -0
- package/dist/core/CredentialEnvTokenGate.js.map +1 -0
- package/dist/core/SessionManager.d.ts.map +1 -1
- package/dist/core/SessionManager.js +27 -0
- package/dist/core/SessionManager.js.map +1 -1
- package/dist/core/types.d.ts +18 -0
- package/dist/core/types.d.ts.map +1 -1
- package/dist/core/types.js.map +1 -1
- package/dist/server/routes.d.ts +3 -0
- package/dist/server/routes.d.ts.map +1 -1
- package/dist/server/routes.js +29 -3
- package/dist/server/routes.js.map +1 -1
- package/package.json +1 -1
- package/src/data/builtin-manifest.json +47 -47
- package/upgrades/1.3.541.md +29 -0
- package/upgrades/side-effects/ws52-step8-provenance-gate.md +78 -0
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/commands/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAgCH,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAS3D,OAAO,EAAE,eAAe,EAAiC,MAAM,iCAAiC,CAAC;AAuBjG,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAGvD,OAAO,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAiH7D,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAsBtD;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,yBAAyB,CACvC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,gBAAgB,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAC1C,OAAO,CAUT;AAyID,UAAU,YAAY;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;2DACuD;IACvD,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAm3CD,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,eAAe,EACzB,cAAc,EAAE,cAAc,EAC9B,YAAY,CAAC,EAAE,YAAY,EAC3B,WAAW,CAAC,EAAE,WAAW,EACzB,WAAW,CAAC,EAAE,WAAW,EACzB,iBAAiB,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,EAGvE,UAAU,CAAC,EAAE,MAAM,OAAO,8BAA8B,EAAE,WAAW,GAAG,IAAI,EAK5E,qBAAqB,CAAC,EAAE,MAAM,OAAO,gCAAgC,EAAE,kBAAkB,GAAG,IAAI,EAKhG,mBAAmB,CAAC,EAAE,MAAM,MAAM,GAAG,IAAI,GAAG,SAAS,GACpD,IAAI,CA8eN;AA2lBD,wBAAsB,WAAW,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/commands/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAgCH,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAS3D,OAAO,EAAE,eAAe,EAAiC,MAAM,iCAAiC,CAAC;AAuBjG,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAGvD,OAAO,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAiH7D,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAsBtD;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,yBAAyB,CACvC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,gBAAgB,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAC1C,OAAO,CAUT;AAyID,UAAU,YAAY;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;2DACuD;IACvD,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAm3CD,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,eAAe,EACzB,cAAc,EAAE,cAAc,EAC9B,YAAY,CAAC,EAAE,YAAY,EAC3B,WAAW,CAAC,EAAE,WAAW,EACzB,WAAW,CAAC,EAAE,WAAW,EACzB,iBAAiB,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,EAGvE,UAAU,CAAC,EAAE,MAAM,OAAO,8BAA8B,EAAE,WAAW,GAAG,IAAI,EAK5E,qBAAqB,CAAC,EAAE,MAAM,OAAO,gCAAgC,EAAE,kBAAkB,GAAG,IAAI,EAKhG,mBAAmB,CAAC,EAAE,MAAM,MAAM,GAAG,IAAI,GAAG,SAAS,GACpD,IAAI,CA8eN;AA2lBD,wBAAsB,WAAW,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CA4hbtE;AAED,wBAAsB,UAAU,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAsDzE;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,aAAa,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAuD5E"}
|
package/dist/commands/server.js
CHANGED
|
@@ -8545,9 +8545,30 @@ export async function startServer(options) {
|
|
|
8545
8545
|
oracle: new CredentialIdentityOracle(),
|
|
8546
8546
|
emitAttention: credentialGateEmitAttention,
|
|
8547
8547
|
});
|
|
8548
|
+
// The §2.10 env-token gate (Step 8): the §0.b applicability precondition, enforced. Evaluates
|
|
8549
|
+
// BOTH `config.anthropicApiKey` (read LIVE per call — restartless) AND the live running fleet's
|
|
8550
|
+
// durable per-session `credentialSource` flag, so a mid-run flip to an env token cannot silently
|
|
8551
|
+
// un-steer the fleet. Pure evaluator (no IO). Constructed BEFORE the location gate so the
|
|
8552
|
+
// location gate can AND-in its refusal — a §2.10 refusal suppresses ALL re-pointing attribution
|
|
8553
|
+
// (requirement 3: an env-token session's usage is never mis-attributed to a slot tenant).
|
|
8554
|
+
const { CredentialEnvTokenGate } = await import('../core/CredentialEnvTokenGate.js');
|
|
8555
|
+
const credentialEnvTokenGate = new CredentialEnvTokenGate({
|
|
8556
|
+
// SINGLE SOURCE OF TRUTH: the SessionManager spawn site reads `this.config.anthropicApiKey`,
|
|
8557
|
+
// and `sessionManagerConfig` is `{ ...config.sessions }`, so the IDENTICAL value the env-block
|
|
8558
|
+
// predicate sees is `config.sessions.anthropicApiKey`. Read it (not the legacy top-level field)
|
|
8559
|
+
// so the gate's config predicate can never diverge from what actually launched the sessions.
|
|
8560
|
+
getAnthropicApiKey: () => config.sessions?.anthropicApiKey,
|
|
8561
|
+
listSessions: () => state.listSessions(),
|
|
8562
|
+
});
|
|
8548
8563
|
const credentialLocationGate = new CredentialLocationGate({
|
|
8549
|
-
// Live flag read — a restartless config flip is honored on the next read.
|
|
8550
|
-
|
|
8564
|
+
// Live flag read — a restartless config flip is honored on the next read. AND-ed with the
|
|
8565
|
+
// §2.10 env-token gate: when the feature would refuse (config field set OR a live env-token
|
|
8566
|
+
// session in the fleet), re-pointing attribution is suppressed wholesale, so the QuotaPoller
|
|
8567
|
+
// stops routing reads/attribution through moved slots (an env fleet isn't store-steered, and
|
|
8568
|
+
// attributing it would mis-credit usage to a slot tenant). Dark-default: when the feature flag
|
|
8569
|
+
// is off this short-circuits before evaluating the gate, so it's byte-for-byte today's behavior.
|
|
8570
|
+
isEnabled: () => config.subscriptionPool?.credentialRepointing?.enabled === true &&
|
|
8571
|
+
!credentialEnvTokenGate.evaluate().refused,
|
|
8551
8572
|
ledger: credentialLocationLedger,
|
|
8552
8573
|
emitAttention: credentialGateEmitAttention,
|
|
8553
8574
|
});
|
|
@@ -8630,6 +8651,7 @@ export async function startServer(options) {
|
|
|
8630
8651
|
resolveIdentity: credResolveIdentity,
|
|
8631
8652
|
audit: credentialAuditEmit,
|
|
8632
8653
|
levers: credentialManualLevers,
|
|
8654
|
+
envTokenGate: credentialEnvTokenGate,
|
|
8633
8655
|
readBlob: async (slot) => {
|
|
8634
8656
|
const raw = await defaultKeychainExec.readService(credSwapService(slot));
|
|
8635
8657
|
if (!raw)
|