instar 1.3.543 → 1.3.544
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/server.js +3 -3
- package/dist/commands/server.js.map +1 -1
- package/dist/config/ConfigDefaults.d.ts.map +1 -1
- package/dist/config/ConfigDefaults.js +9 -5
- package/dist/config/ConfigDefaults.js.map +1 -1
- package/dist/core/PostUpdateMigrator.d.ts +12 -0
- package/dist/core/PostUpdateMigrator.d.ts.map +1 -1
- package/dist/core/PostUpdateMigrator.js +49 -1
- package/dist/core/PostUpdateMigrator.js.map +1 -1
- package/dist/core/devGatedFeatures.d.ts.map +1 -1
- package/dist/core/devGatedFeatures.js +10 -5
- package/dist/core/devGatedFeatures.js.map +1 -1
- package/dist/scaffold/templates.js +1 -1
- package/dist/server/CapabilityIndex.js +1 -1
- package/dist/server/CapabilityIndex.js.map +1 -1
- package/dist/server/routes.js +2 -2
- package/dist/server/routes.js.map +1 -1
- package/package.json +1 -1
- package/src/data/builtin-manifest.json +63 -63
- package/src/scaffold/templates.ts +1 -1
- package/upgrades/1.3.544.md +27 -0
- package/upgrades/side-effects/ws52-regate-dev-live.md +42 -0
package/dist/commands/server.js
CHANGED
|
@@ -8567,7 +8567,7 @@ export async function startServer(options) {
|
|
|
8567
8567
|
// stops routing reads/attribution through moved slots (an env fleet isn't store-steered, and
|
|
8568
8568
|
// attributing it would mis-credit usage to a slot tenant). Dark-default: when the feature flag
|
|
8569
8569
|
// is off this short-circuits before evaluating the gate, so it's byte-for-byte today's behavior.
|
|
8570
|
-
isEnabled: () => config.subscriptionPool?.credentialRepointing?.enabled
|
|
8570
|
+
isEnabled: () => resolveDevAgentGate(config.subscriptionPool?.credentialRepointing?.enabled, config) &&
|
|
8571
8571
|
!credentialEnvTokenGate.evaluate().refused,
|
|
8572
8572
|
ledger: credentialLocationLedger,
|
|
8573
8573
|
emitAttention: credentialGateEmitAttention,
|
|
@@ -8580,7 +8580,7 @@ export async function startServer(options) {
|
|
|
8580
8580
|
const { credentialSlotKey: canonicalizeSlot } = await import('../core/OAuthRefresher.js');
|
|
8581
8581
|
setCredentialWriteRefusalGate({
|
|
8582
8582
|
shouldRefuse: (canonicalSlot) => {
|
|
8583
|
-
if (config.subscriptionPool?.credentialRepointing?.enabled
|
|
8583
|
+
if (!resolveDevAgentGate(config.subscriptionPool?.credentialRepointing?.enabled, config))
|
|
8584
8584
|
return false;
|
|
8585
8585
|
// The funnel passes a canonicalized slot key, but the ledger stores raw enrollment-home
|
|
8586
8586
|
// spellings (`~/.claude`, an enrollment path). Compare canonical-to-canonical so a
|
|
@@ -8631,7 +8631,7 @@ export async function startServer(options) {
|
|
|
8631
8631
|
resolveIdentity: credResolveIdentity,
|
|
8632
8632
|
// The executor reads the SAME dark gate the routes do — strict no-op while disabled.
|
|
8633
8633
|
config: {
|
|
8634
|
-
enabled: config.subscriptionPool?.credentialRepointing?.enabled
|
|
8634
|
+
enabled: resolveDevAgentGate(config.subscriptionPool?.credentialRepointing?.enabled, config),
|
|
8635
8635
|
dryRun: config.subscriptionPool?.credentialRepointing?.dryRun !== false,
|
|
8636
8636
|
},
|
|
8637
8637
|
emitAudit: (rec) => credentialAuditEmit.audit({ event: 'swap-step', ...rec }),
|