instar 1.3.540 → 1.3.542

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1 +1 @@
1
- {"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/commands/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAgCH,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAS3D,OAAO,EAAE,eAAe,EAAiC,MAAM,iCAAiC,CAAC;AAuBjG,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAGvD,OAAO,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAiH7D,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAsBtD;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,yBAAyB,CACvC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,gBAAgB,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAC1C,OAAO,CAUT;AAyID,UAAU,YAAY;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;2DACuD;IACvD,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAm3CD,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,eAAe,EACzB,cAAc,EAAE,cAAc,EAC9B,YAAY,CAAC,EAAE,YAAY,EAC3B,WAAW,CAAC,EAAE,WAAW,EACzB,WAAW,CAAC,EAAE,WAAW,EACzB,iBAAiB,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,EAGvE,UAAU,CAAC,EAAE,MAAM,OAAO,8BAA8B,EAAE,WAAW,GAAG,IAAI,EAK5E,qBAAqB,CAAC,EAAE,MAAM,OAAO,gCAAgC,EAAE,kBAAkB,GAAG,IAAI,EAKhG,mBAAmB,CAAC,EAAE,MAAM,MAAM,GAAG,IAAI,GAAG,SAAS,GACpD,IAAI,CA8eN;AA2lBD,wBAAsB,WAAW,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAqgbtE;AAED,wBAAsB,UAAU,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAsDzE;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,aAAa,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAuD5E"}
1
+ {"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/commands/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAgCH,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAS3D,OAAO,EAAE,eAAe,EAAiC,MAAM,iCAAiC,CAAC;AAuBjG,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAGvD,OAAO,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAiH7D,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAsBtD;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,yBAAyB,CACvC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,gBAAgB,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAC1C,OAAO,CAUT;AAyID,UAAU,YAAY;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;2DACuD;IACvD,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAm3CD,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,eAAe,EACzB,cAAc,EAAE,cAAc,EAC9B,YAAY,CAAC,EAAE,YAAY,EAC3B,WAAW,CAAC,EAAE,WAAW,EACzB,WAAW,CAAC,EAAE,WAAW,EACzB,iBAAiB,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,EAGvE,UAAU,CAAC,EAAE,MAAM,OAAO,8BAA8B,EAAE,WAAW,GAAG,IAAI,EAK5E,qBAAqB,CAAC,EAAE,MAAM,OAAO,gCAAgC,EAAE,kBAAkB,GAAG,IAAI,EAKhG,mBAAmB,CAAC,EAAE,MAAM,MAAM,GAAG,IAAI,GAAG,SAAS,GACpD,IAAI,CA8eN;AA2lBD,wBAAsB,WAAW,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CA4hbtE;AAED,wBAAsB,UAAU,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAsDzE;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,aAAa,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAuD5E"}
@@ -8545,9 +8545,30 @@ export async function startServer(options) {
8545
8545
  oracle: new CredentialIdentityOracle(),
8546
8546
  emitAttention: credentialGateEmitAttention,
8547
8547
  });
8548
+ // The §2.10 env-token gate (Step 8): the §0.b applicability precondition, enforced. Evaluates
8549
+ // BOTH `config.anthropicApiKey` (read LIVE per call — restartless) AND the live running fleet's
8550
+ // durable per-session `credentialSource` flag, so a mid-run flip to an env token cannot silently
8551
+ // un-steer the fleet. Pure evaluator (no IO). Constructed BEFORE the location gate so the
8552
+ // location gate can AND-in its refusal — a §2.10 refusal suppresses ALL re-pointing attribution
8553
+ // (requirement 3: an env-token session's usage is never mis-attributed to a slot tenant).
8554
+ const { CredentialEnvTokenGate } = await import('../core/CredentialEnvTokenGate.js');
8555
+ const credentialEnvTokenGate = new CredentialEnvTokenGate({
8556
+ // SINGLE SOURCE OF TRUTH: the SessionManager spawn site reads `this.config.anthropicApiKey`,
8557
+ // and `sessionManagerConfig` is `{ ...config.sessions }`, so the IDENTICAL value the env-block
8558
+ // predicate sees is `config.sessions.anthropicApiKey`. Read it (not the legacy top-level field)
8559
+ // so the gate's config predicate can never diverge from what actually launched the sessions.
8560
+ getAnthropicApiKey: () => config.sessions?.anthropicApiKey,
8561
+ listSessions: () => state.listSessions(),
8562
+ });
8548
8563
  const credentialLocationGate = new CredentialLocationGate({
8549
- // Live flag read — a restartless config flip is honored on the next read.
8550
- isEnabled: () => config.subscriptionPool?.credentialRepointing?.enabled === true,
8564
+ // Live flag read — a restartless config flip is honored on the next read. AND-ed with the
8565
+ // §2.10 env-token gate: when the feature would refuse (config field set OR a live env-token
8566
+ // session in the fleet), re-pointing attribution is suppressed wholesale, so the QuotaPoller
8567
+ // stops routing reads/attribution through moved slots (an env fleet isn't store-steered, and
8568
+ // attributing it would mis-credit usage to a slot tenant). Dark-default: when the feature flag
8569
+ // is off this short-circuits before evaluating the gate, so it's byte-for-byte today's behavior.
8570
+ isEnabled: () => config.subscriptionPool?.credentialRepointing?.enabled === true &&
8571
+ !credentialEnvTokenGate.evaluate().refused,
8551
8572
  ledger: credentialLocationLedger,
8552
8573
  emitAttention: credentialGateEmitAttention,
8553
8574
  });
@@ -8630,6 +8651,7 @@ export async function startServer(options) {
8630
8651
  resolveIdentity: credResolveIdentity,
8631
8652
  audit: credentialAuditEmit,
8632
8653
  levers: credentialManualLevers,
8654
+ envTokenGate: credentialEnvTokenGate,
8633
8655
  readBlob: async (slot) => {
8634
8656
  const raw = await defaultKeychainExec.readService(credSwapService(slot));
8635
8657
  if (!raw)