instar 1.3.601 → 1.3.602
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/core/LiveTestSlackCaller.d.ts +72 -0
- package/dist/core/LiveTestSlackCaller.d.ts.map +1 -0
- package/dist/core/LiveTestSlackCaller.js +114 -0
- package/dist/core/LiveTestSlackCaller.js.map +1 -0
- package/dist/server/routes.d.ts.map +1 -1
- package/dist/server/routes.js +44 -1
- package/dist/server/routes.js.map +1 -1
- package/package.json +1 -1
- package/src/data/builtin-manifest.json +46 -46
- package/upgrades/{1.3.601.md → 1.3.602.md} +49 -0
- package/upgrades/side-effects/xoxc-slack-caller.md +99 -0
package/package.json
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "./builtin-manifest.schema.json",
|
|
3
3
|
"schemaVersion": 1,
|
|
4
|
-
"generatedAt": "2026-06-16T15:
|
|
5
|
-
"instarVersion": "1.3.
|
|
4
|
+
"generatedAt": "2026-06-16T15:34:53.056Z",
|
|
5
|
+
"instarVersion": "1.3.602",
|
|
6
6
|
"entryCount": 201,
|
|
7
7
|
"entries": {
|
|
8
8
|
"hook:session-start": {
|
|
@@ -418,7 +418,7 @@
|
|
|
418
418
|
"type": "route-group",
|
|
419
419
|
"domain": "monitoring",
|
|
420
420
|
"sourcePath": "src/server/routes.ts",
|
|
421
|
-
"contentHash": "
|
|
421
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
422
422
|
"since": "2025-01-01"
|
|
423
423
|
},
|
|
424
424
|
"route-group:agents": {
|
|
@@ -426,7 +426,7 @@
|
|
|
426
426
|
"type": "route-group",
|
|
427
427
|
"domain": "sessions",
|
|
428
428
|
"sourcePath": "src/server/routes.ts",
|
|
429
|
-
"contentHash": "
|
|
429
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
430
430
|
"since": "2025-01-01"
|
|
431
431
|
},
|
|
432
432
|
"route-group:backups": {
|
|
@@ -434,7 +434,7 @@
|
|
|
434
434
|
"type": "route-group",
|
|
435
435
|
"domain": "operations",
|
|
436
436
|
"sourcePath": "src/server/routes.ts",
|
|
437
|
-
"contentHash": "
|
|
437
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
438
438
|
"since": "2025-01-01"
|
|
439
439
|
},
|
|
440
440
|
"route-group:git": {
|
|
@@ -442,7 +442,7 @@
|
|
|
442
442
|
"type": "route-group",
|
|
443
443
|
"domain": "coordination",
|
|
444
444
|
"sourcePath": "src/server/routes.ts",
|
|
445
|
-
"contentHash": "
|
|
445
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
446
446
|
"since": "2025-01-01"
|
|
447
447
|
},
|
|
448
448
|
"route-group:memory": {
|
|
@@ -450,7 +450,7 @@
|
|
|
450
450
|
"type": "route-group",
|
|
451
451
|
"domain": "memory",
|
|
452
452
|
"sourcePath": "src/server/routes.ts",
|
|
453
|
-
"contentHash": "
|
|
453
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
454
454
|
"since": "2025-01-01"
|
|
455
455
|
},
|
|
456
456
|
"route-group:semantic": {
|
|
@@ -458,7 +458,7 @@
|
|
|
458
458
|
"type": "route-group",
|
|
459
459
|
"domain": "memory",
|
|
460
460
|
"sourcePath": "src/server/routes.ts",
|
|
461
|
-
"contentHash": "
|
|
461
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
462
462
|
"since": "2025-01-01"
|
|
463
463
|
},
|
|
464
464
|
"route-group:status": {
|
|
@@ -466,7 +466,7 @@
|
|
|
466
466
|
"type": "route-group",
|
|
467
467
|
"domain": "monitoring",
|
|
468
468
|
"sourcePath": "src/server/routes.ts",
|
|
469
|
-
"contentHash": "
|
|
469
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
470
470
|
"since": "2025-01-01"
|
|
471
471
|
},
|
|
472
472
|
"route-group:capabilities": {
|
|
@@ -474,7 +474,7 @@
|
|
|
474
474
|
"type": "route-group",
|
|
475
475
|
"domain": "mapping",
|
|
476
476
|
"sourcePath": "src/server/routes.ts",
|
|
477
|
-
"contentHash": "
|
|
477
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
478
478
|
"since": "2025-01-01"
|
|
479
479
|
},
|
|
480
480
|
"route-group:project-map": {
|
|
@@ -482,7 +482,7 @@
|
|
|
482
482
|
"type": "route-group",
|
|
483
483
|
"domain": "mapping",
|
|
484
484
|
"sourcePath": "src/server/routes.ts",
|
|
485
|
-
"contentHash": "
|
|
485
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
486
486
|
"since": "2025-01-01"
|
|
487
487
|
},
|
|
488
488
|
"route-group:coherence": {
|
|
@@ -490,7 +490,7 @@
|
|
|
490
490
|
"type": "route-group",
|
|
491
491
|
"domain": "coherence",
|
|
492
492
|
"sourcePath": "src/server/routes.ts",
|
|
493
|
-
"contentHash": "
|
|
493
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
494
494
|
"since": "2025-01-01"
|
|
495
495
|
},
|
|
496
496
|
"route-group:topic-bindings": {
|
|
@@ -498,7 +498,7 @@
|
|
|
498
498
|
"type": "route-group",
|
|
499
499
|
"domain": "sessions",
|
|
500
500
|
"sourcePath": "src/server/routes.ts",
|
|
501
|
-
"contentHash": "
|
|
501
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
502
502
|
"since": "2025-01-01"
|
|
503
503
|
},
|
|
504
504
|
"route-group:context": {
|
|
@@ -506,7 +506,7 @@
|
|
|
506
506
|
"type": "route-group",
|
|
507
507
|
"domain": "context",
|
|
508
508
|
"sourcePath": "src/server/routes.ts",
|
|
509
|
-
"contentHash": "
|
|
509
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
510
510
|
"since": "2025-01-01"
|
|
511
511
|
},
|
|
512
512
|
"route-group:scope-coherence": {
|
|
@@ -514,7 +514,7 @@
|
|
|
514
514
|
"type": "route-group",
|
|
515
515
|
"domain": "coherence",
|
|
516
516
|
"sourcePath": "src/server/routes.ts",
|
|
517
|
-
"contentHash": "
|
|
517
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
518
518
|
"since": "2025-01-01"
|
|
519
519
|
},
|
|
520
520
|
"route-group:canonical-state": {
|
|
@@ -522,7 +522,7 @@
|
|
|
522
522
|
"type": "route-group",
|
|
523
523
|
"domain": "state",
|
|
524
524
|
"sourcePath": "src/server/routes.ts",
|
|
525
|
-
"contentHash": "
|
|
525
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
526
526
|
"since": "2025-01-01"
|
|
527
527
|
},
|
|
528
528
|
"route-group:ci": {
|
|
@@ -530,7 +530,7 @@
|
|
|
530
530
|
"type": "route-group",
|
|
531
531
|
"domain": "monitoring",
|
|
532
532
|
"sourcePath": "src/server/routes.ts",
|
|
533
|
-
"contentHash": "
|
|
533
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
534
534
|
"since": "2025-01-01"
|
|
535
535
|
},
|
|
536
536
|
"route-group:sessions": {
|
|
@@ -538,7 +538,7 @@
|
|
|
538
538
|
"type": "route-group",
|
|
539
539
|
"domain": "sessions",
|
|
540
540
|
"sourcePath": "src/server/routes.ts",
|
|
541
|
-
"contentHash": "
|
|
541
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
542
542
|
"since": "2025-01-01"
|
|
543
543
|
},
|
|
544
544
|
"route-group:jobs": {
|
|
@@ -546,7 +546,7 @@
|
|
|
546
546
|
"type": "route-group",
|
|
547
547
|
"domain": "scheduling",
|
|
548
548
|
"sourcePath": "src/server/routes.ts",
|
|
549
|
-
"contentHash": "
|
|
549
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
550
550
|
"since": "2025-01-01"
|
|
551
551
|
},
|
|
552
552
|
"route-group:skip-ledger": {
|
|
@@ -554,7 +554,7 @@
|
|
|
554
554
|
"type": "route-group",
|
|
555
555
|
"domain": "scheduling",
|
|
556
556
|
"sourcePath": "src/server/routes.ts",
|
|
557
|
-
"contentHash": "
|
|
557
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
558
558
|
"since": "2025-01-01"
|
|
559
559
|
},
|
|
560
560
|
"route-group:telegram": {
|
|
@@ -562,7 +562,7 @@
|
|
|
562
562
|
"type": "route-group",
|
|
563
563
|
"domain": "communication",
|
|
564
564
|
"sourcePath": "src/server/routes.ts",
|
|
565
|
-
"contentHash": "
|
|
565
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
566
566
|
"since": "2025-01-01"
|
|
567
567
|
},
|
|
568
568
|
"route-group:attention": {
|
|
@@ -570,7 +570,7 @@
|
|
|
570
570
|
"type": "route-group",
|
|
571
571
|
"domain": "communication",
|
|
572
572
|
"sourcePath": "src/server/routes.ts",
|
|
573
|
-
"contentHash": "
|
|
573
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
574
574
|
"since": "2025-01-01"
|
|
575
575
|
},
|
|
576
576
|
"route-group:relationships": {
|
|
@@ -578,7 +578,7 @@
|
|
|
578
578
|
"type": "route-group",
|
|
579
579
|
"domain": "relationships",
|
|
580
580
|
"sourcePath": "src/server/routes.ts",
|
|
581
|
-
"contentHash": "
|
|
581
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
582
582
|
"since": "2025-01-01"
|
|
583
583
|
},
|
|
584
584
|
"route-group:feedback": {
|
|
@@ -586,7 +586,7 @@
|
|
|
586
586
|
"type": "route-group",
|
|
587
587
|
"domain": "feedback",
|
|
588
588
|
"sourcePath": "src/server/routes.ts",
|
|
589
|
-
"contentHash": "
|
|
589
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
590
590
|
"since": "2025-01-01"
|
|
591
591
|
},
|
|
592
592
|
"route-group:updates": {
|
|
@@ -594,7 +594,7 @@
|
|
|
594
594
|
"type": "route-group",
|
|
595
595
|
"domain": "updates",
|
|
596
596
|
"sourcePath": "src/server/routes.ts",
|
|
597
|
-
"contentHash": "
|
|
597
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
598
598
|
"since": "2025-01-01"
|
|
599
599
|
},
|
|
600
600
|
"route-group:dispatches": {
|
|
@@ -602,7 +602,7 @@
|
|
|
602
602
|
"type": "route-group",
|
|
603
603
|
"domain": "dispatches",
|
|
604
604
|
"sourcePath": "src/server/routes.ts",
|
|
605
|
-
"contentHash": "
|
|
605
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
606
606
|
"since": "2025-01-01"
|
|
607
607
|
},
|
|
608
608
|
"route-group:quota": {
|
|
@@ -610,7 +610,7 @@
|
|
|
610
610
|
"type": "route-group",
|
|
611
611
|
"domain": "monitoring",
|
|
612
612
|
"sourcePath": "src/server/routes.ts",
|
|
613
|
-
"contentHash": "
|
|
613
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
614
614
|
"since": "2025-01-01"
|
|
615
615
|
},
|
|
616
616
|
"route-group:publishing": {
|
|
@@ -618,7 +618,7 @@
|
|
|
618
618
|
"type": "route-group",
|
|
619
619
|
"domain": "publishing",
|
|
620
620
|
"sourcePath": "src/server/routes.ts",
|
|
621
|
-
"contentHash": "
|
|
621
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
622
622
|
"since": "2025-01-01"
|
|
623
623
|
},
|
|
624
624
|
"route-group:private-views": {
|
|
@@ -626,7 +626,7 @@
|
|
|
626
626
|
"type": "route-group",
|
|
627
627
|
"domain": "publishing",
|
|
628
628
|
"sourcePath": "src/server/routes.ts",
|
|
629
|
-
"contentHash": "
|
|
629
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
630
630
|
"since": "2025-01-01"
|
|
631
631
|
},
|
|
632
632
|
"route-group:tunnel": {
|
|
@@ -634,7 +634,7 @@
|
|
|
634
634
|
"type": "route-group",
|
|
635
635
|
"domain": "networking",
|
|
636
636
|
"sourcePath": "src/server/routes.ts",
|
|
637
|
-
"contentHash": "
|
|
637
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
638
638
|
"since": "2025-01-01"
|
|
639
639
|
},
|
|
640
640
|
"route-group:events": {
|
|
@@ -642,7 +642,7 @@
|
|
|
642
642
|
"type": "route-group",
|
|
643
643
|
"domain": "networking",
|
|
644
644
|
"sourcePath": "src/server/routes.ts",
|
|
645
|
-
"contentHash": "
|
|
645
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
646
646
|
"since": "2025-01-01"
|
|
647
647
|
},
|
|
648
648
|
"route-group:evolution": {
|
|
@@ -650,7 +650,7 @@
|
|
|
650
650
|
"type": "route-group",
|
|
651
651
|
"domain": "evolution",
|
|
652
652
|
"sourcePath": "src/server/routes.ts",
|
|
653
|
-
"contentHash": "
|
|
653
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
654
654
|
"since": "2025-01-01"
|
|
655
655
|
},
|
|
656
656
|
"route-group:watchdog": {
|
|
@@ -658,7 +658,7 @@
|
|
|
658
658
|
"type": "route-group",
|
|
659
659
|
"domain": "monitoring",
|
|
660
660
|
"sourcePath": "src/server/routes.ts",
|
|
661
|
-
"contentHash": "
|
|
661
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
662
662
|
"since": "2025-01-01"
|
|
663
663
|
},
|
|
664
664
|
"route-group:topic-memory": {
|
|
@@ -666,7 +666,7 @@
|
|
|
666
666
|
"type": "route-group",
|
|
667
667
|
"domain": "memory",
|
|
668
668
|
"sourcePath": "src/server/routes.ts",
|
|
669
|
-
"contentHash": "
|
|
669
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
670
670
|
"since": "2025-01-01"
|
|
671
671
|
},
|
|
672
672
|
"route-group:state-sync": {
|
|
@@ -674,7 +674,7 @@
|
|
|
674
674
|
"type": "route-group",
|
|
675
675
|
"domain": "coordination",
|
|
676
676
|
"sourcePath": "src/server/routes.ts",
|
|
677
|
-
"contentHash": "
|
|
677
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
678
678
|
"since": "2025-01-01"
|
|
679
679
|
},
|
|
680
680
|
"route-group:intent": {
|
|
@@ -682,7 +682,7 @@
|
|
|
682
682
|
"type": "route-group",
|
|
683
683
|
"domain": "intent",
|
|
684
684
|
"sourcePath": "src/server/routes.ts",
|
|
685
|
-
"contentHash": "
|
|
685
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
686
686
|
"since": "2025-01-01"
|
|
687
687
|
},
|
|
688
688
|
"route-group:triage": {
|
|
@@ -690,7 +690,7 @@
|
|
|
690
690
|
"type": "route-group",
|
|
691
691
|
"domain": "safety",
|
|
692
692
|
"sourcePath": "src/server/routes.ts",
|
|
693
|
-
"contentHash": "
|
|
693
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
694
694
|
"since": "2025-01-01"
|
|
695
695
|
},
|
|
696
696
|
"route-group:operations": {
|
|
@@ -698,7 +698,7 @@
|
|
|
698
698
|
"type": "route-group",
|
|
699
699
|
"domain": "safety",
|
|
700
700
|
"sourcePath": "src/server/routes.ts",
|
|
701
|
-
"contentHash": "
|
|
701
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
702
702
|
"since": "2025-01-01"
|
|
703
703
|
},
|
|
704
704
|
"route-group:sentinel": {
|
|
@@ -706,7 +706,7 @@
|
|
|
706
706
|
"type": "route-group",
|
|
707
707
|
"domain": "safety",
|
|
708
708
|
"sourcePath": "src/server/routes.ts",
|
|
709
|
-
"contentHash": "
|
|
709
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
710
710
|
"since": "2025-01-01"
|
|
711
711
|
},
|
|
712
712
|
"route-group:trust": {
|
|
@@ -714,7 +714,7 @@
|
|
|
714
714
|
"type": "route-group",
|
|
715
715
|
"domain": "safety",
|
|
716
716
|
"sourcePath": "src/server/routes.ts",
|
|
717
|
-
"contentHash": "
|
|
717
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
718
718
|
"since": "2025-01-01"
|
|
719
719
|
},
|
|
720
720
|
"route-group:monitoring": {
|
|
@@ -722,7 +722,7 @@
|
|
|
722
722
|
"type": "route-group",
|
|
723
723
|
"domain": "monitoring",
|
|
724
724
|
"sourcePath": "src/server/routes.ts",
|
|
725
|
-
"contentHash": "
|
|
725
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
726
726
|
"since": "2025-01-01"
|
|
727
727
|
},
|
|
728
728
|
"route-group:commitments": {
|
|
@@ -730,7 +730,7 @@
|
|
|
730
730
|
"type": "route-group",
|
|
731
731
|
"domain": "commitments",
|
|
732
732
|
"sourcePath": "src/server/routes.ts",
|
|
733
|
-
"contentHash": "
|
|
733
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
734
734
|
"since": "2025-01-01"
|
|
735
735
|
},
|
|
736
736
|
"route-group:episodes": {
|
|
@@ -738,7 +738,7 @@
|
|
|
738
738
|
"type": "route-group",
|
|
739
739
|
"domain": "memory",
|
|
740
740
|
"sourcePath": "src/server/routes.ts",
|
|
741
|
-
"contentHash": "
|
|
741
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
742
742
|
"since": "2025-01-01"
|
|
743
743
|
},
|
|
744
744
|
"route-group:messages": {
|
|
@@ -746,7 +746,7 @@
|
|
|
746
746
|
"type": "route-group",
|
|
747
747
|
"domain": "coordination",
|
|
748
748
|
"sourcePath": "src/server/routes.ts",
|
|
749
|
-
"contentHash": "
|
|
749
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
750
750
|
"since": "2025-01-01"
|
|
751
751
|
},
|
|
752
752
|
"route-group:system-reviews": {
|
|
@@ -754,7 +754,7 @@
|
|
|
754
754
|
"type": "route-group",
|
|
755
755
|
"domain": "monitoring",
|
|
756
756
|
"sourcePath": "src/server/routes.ts",
|
|
757
|
-
"contentHash": "
|
|
757
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
758
758
|
"since": "2025-01-01"
|
|
759
759
|
},
|
|
760
760
|
"route-group:machine-mesh": {
|
|
@@ -770,7 +770,7 @@
|
|
|
770
770
|
"type": "route-group",
|
|
771
771
|
"domain": "security",
|
|
772
772
|
"sourcePath": "src/server/routes.ts",
|
|
773
|
-
"contentHash": "
|
|
773
|
+
"contentHash": "83fa33dd80fa2c8b948a557008e2c265fbc7570fc36852b899eda8a503ea3736",
|
|
774
774
|
"since": "2025-01-01"
|
|
775
775
|
},
|
|
776
776
|
"cli:init": {
|
|
@@ -16,11 +16,47 @@ A new PreToolUse Bash hook (`pr-hand-lease-guard.js`) runs before any `git push`
|
|
|
16
16
|
|
|
17
17
|
Ships **dark + dryRun-first**, dev-gated (`monitoring.prHandLease`, developmentAgent-only). In dryRun the full decision loop runs and audits every would-deny to `logs/pr-lease-decisions.jsonl`, but NO push is ever blocked until a deliberate `dryRun:false`. Single-session agents are a strict no-op. v1 is machine-local (cross-machine coordination is a tracked follow-up).
|
|
18
18
|
|
|
19
|
+
The gold-standard live-test harness can now drive a REAL Slack channel as a REAL
|
|
20
|
+
workspace member. Previously the harness's multi-machine capstone route
|
|
21
|
+
(`POST /live-test/multi-machine-capstone`) built its Slack sender with
|
|
22
|
+
`new SlackApiClient(demoSlackUserToken)`, which only knows how to authenticate
|
|
23
|
+
with a Bearer token (`xoxp`/`xoxb`). But the only DISTINCT non-Echo Slack
|
|
24
|
+
senders captured in the demo workspace are real test-USER identities
|
|
25
|
+
authenticated the browser way — an `xoxc-…` web-client token plus the user's
|
|
26
|
+
`d` session cookie. Those are not Bearer tokens, so the harness could never post
|
|
27
|
+
AS a real member, which defeats the whole point of the standard (drive real
|
|
28
|
+
channels as a real user).
|
|
29
|
+
|
|
30
|
+
A new `LiveTestSlackCaller` credential adapter (implementing the same
|
|
31
|
+
`SlackCaller` seam `SlackLiveSender` already consumes) closes the gap. It routes
|
|
32
|
+
per method: `chat.postMessage` posts AS THE MEMBER via Slack web-client auth
|
|
33
|
+
(`xoxc` token in the form body + the `d` cookie in a `Cookie: d=…` header,
|
|
34
|
+
against the workspace host), while every other method (e.g.
|
|
35
|
+
`conversations.history`) reads over Echo's own clean Bearer bot token at
|
|
36
|
+
`slack.com`. The capstone route detects an `xoxc-` sender by prefix and wires
|
|
37
|
+
the new adapter; a plain Bearer sender keeps the original `SlackApiClient` path.
|
|
38
|
+
Two new config keys — `liveTest.demo.slackUserCookie` and
|
|
39
|
+
`liveTest.demo.slackWorkspaceHost` — supply the cookie + host alongside the
|
|
40
|
+
existing `slackUserToken`. The fail-closed `blockedSurfaces` behavior is intact:
|
|
41
|
+
a missing cookie/host/bot-token records a loud blocked-surface (a real
|
|
42
|
+
driver-error FAIL), never a fabricated reply.
|
|
43
|
+
|
|
44
|
+
This is dark harness/developer infrastructure — it only runs inside the
|
|
45
|
+
dev-gated live-test runner, never on the fleet runtime path, and changes no
|
|
46
|
+
user-facing behavior.
|
|
47
|
+
|
|
19
48
|
## What to Tell Your User
|
|
20
49
|
|
|
21
50
|
- "Nothing changes for you right now — this is internal dev-cycle infrastructure, off by default everywhere and in dry-run (observe-only) even on the development agent."
|
|
22
51
|
- "Once enabled, if two of my own sessions ever try to push to the same branch at once, one quietly waits instead of starting a tug-of-war — so PRs stop getting thrashed by my own parallel work. You'd only notice it as *fewer* stuck merges."
|
|
23
52
|
|
|
53
|
+
Nothing user-facing changes. This is internal developer test-harness plumbing:
|
|
54
|
+
it lets the live-test runner post into a Slack channel as a genuine distinct
|
|
55
|
+
member (via captured web-client credentials) instead of being limited to Bearer
|
|
56
|
+
tokens, so the harness can actually exercise the real Slack surface end-to-end
|
|
57
|
+
before any user does. If your agent isn't a development/instar-dev agent running
|
|
58
|
+
the live-test capstone, you will never see this code execute.
|
|
59
|
+
|
|
24
60
|
## Summary of New Capabilities
|
|
25
61
|
|
|
26
62
|
| Capability | How to Use |
|
|
@@ -29,6 +65,19 @@ Ships **dark + dryRun-first**, dev-gated (`monitoring.prHandLease`, developmentA
|
|
|
29
65
|
| "Who owns this branch's lease?" | `GET /pr-leases` (Bearer-auth) → per-branch holder topic + derived liveness |
|
|
30
66
|
| Decision audit | `logs/pr-lease-decisions.jsonl` (every acquire / renew / yield / auto-heal / release) |
|
|
31
67
|
|
|
68
|
+
- `LiveTestSlackCaller` (`src/core/LiveTestSlackCaller.ts`) — a `SlackCaller`
|
|
69
|
+
adapter that posts `chat.postMessage` AS a real workspace member using an
|
|
70
|
+
`xoxc` web-client token + the member's `d` session cookie, and reads all other
|
|
71
|
+
methods over a Bearer bot token. Pure transport over an injectable `fetch`
|
|
72
|
+
(unit-testable).
|
|
73
|
+
- The multi-machine capstone route (`POST /live-test/multi-machine-capstone`)
|
|
74
|
+
now wires `LiveTestSlackCaller` when the demo Slack sender is an `xoxc` token
|
|
75
|
+
(detected by prefix) and the `d` cookie + workspace host + bot token are
|
|
76
|
+
configured; otherwise it keeps the original Bearer `SlackApiClient` path.
|
|
77
|
+
- New config keys `liveTest.demo.slackUserCookie` and
|
|
78
|
+
`liveTest.demo.slackWorkspaceHost` (read alongside the existing
|
|
79
|
+
`liveTest.demo.slackUserToken`).
|
|
80
|
+
|
|
32
81
|
## Evidence
|
|
33
82
|
|
|
34
83
|
- **Unit** (`tests/unit/pr-hand-lease.test.ts`, 20 passing): `canonicalPushKey` over every refspec variant (explicit / `HEAD:` / `cd &&` / env-prefix / `--delete` / tag); respawn-survival (same-topic, new session → own-topic allow); live-foreign deny; dead→stale; foreign-machine-never-falsely-dead; live-holder-past-ceiling escalate; two-healers CAS race (exactly one wins, loser yields); dryRun ignored; corrupt-state → fail-open + recurrence-attention; tombstone passthrough; derived liveness.
|
|
@@ -0,0 +1,99 @@
|
|
|
1
|
+
# Side-Effects Review — LiveTestSlackCaller (xoxc web-client Slack sender for the live-test harness)
|
|
2
|
+
|
|
3
|
+
**Version / slug:** `xoxc-slack-caller`
|
|
4
|
+
**Date:** `2026-06-16`
|
|
5
|
+
**Author:** Echo (autonomous)
|
|
6
|
+
**Second-pass reviewer:** not-required (Tier 2; dev-gated test-harness-only surface, no fleet runtime path)
|
|
7
|
+
|
|
8
|
+
## Summary of the change
|
|
9
|
+
|
|
10
|
+
The gold-standard live-test harness's multi-machine capstone route
|
|
11
|
+
(`POST /live-test/multi-machine-capstone`) constructs its Slack demo sender with
|
|
12
|
+
`new SlackApiClient(demoSlackUserToken)` — a Bearer-only transport. The only
|
|
13
|
+
DISTINCT non-Echo Slack senders we have captured for the demo workspace are real
|
|
14
|
+
test-USER identities authenticated as a browser is: an `xoxc-…` web-client token
|
|
15
|
+
+ the user's `d` session cookie. These are valid (verified via `auth.test`) but
|
|
16
|
+
are NOT Bearer tokens, so the route's Slack arm could not actually post AS a real
|
|
17
|
+
member — defeating the standard's purpose (drive REAL channels as a real user).
|
|
18
|
+
|
|
19
|
+
Files added:
|
|
20
|
+
- `src/core/LiveTestSlackCaller.ts` — a `SlackCaller` adapter (the seam
|
|
21
|
+
`SlackLiveSender` already consumes). `chat.postMessage` → posts AS the member
|
|
22
|
+
via xoxc-in-body + `d` cookie header against the workspace host; every other
|
|
23
|
+
method → Bearer bot token at `slack.com`. Pure transport over an injectable
|
|
24
|
+
`fetch`.
|
|
25
|
+
- `tests/unit/LiveTestSlackCaller.test.ts` — fake-fetch unit tests asserting the
|
|
26
|
+
two transports, undefined-param skipping, and loud constructor validation.
|
|
27
|
+
- `upgrades/next/xoxc-slack-caller.md` — release fragment.
|
|
28
|
+
|
|
29
|
+
Files modified:
|
|
30
|
+
- `src/server/routes.ts` — the capstone route's Slack branch: detect an `xoxc-`
|
|
31
|
+
sender by prefix; when so (and the `d` cookie + workspace host + a Slack bot
|
|
32
|
+
token are configured) wire `SlackLiveSender({ api: new LiveTestSlackCaller(...) })`;
|
|
33
|
+
otherwise keep the existing Bearer `SlackApiClient` path. Adds config keys
|
|
34
|
+
`liveTest.demo.slackUserCookie` + `liveTest.demo.slackWorkspaceHost` to the
|
|
35
|
+
read-type and reads Echo's own bot token from `ctx.config.messaging` (slack)
|
|
36
|
+
for the history reads.
|
|
37
|
+
|
|
38
|
+
## Decision-point inventory
|
|
39
|
+
|
|
40
|
+
- **Added**: `src/core/LiveTestSlackCaller.ts` `call()` method-routing branch —
|
|
41
|
+
routes `chat.postMessage` to the member (web-client) transport vs everything
|
|
42
|
+
else to the Bearer bot transport. A *transport-selection* decision, not a
|
|
43
|
+
message-flow gate.
|
|
44
|
+
- **Modified**: `src/server/routes.ts` capstone Slack branch — a new
|
|
45
|
+
`isXoxcSender` discriminator selects which sender to build. Fail-closed:
|
|
46
|
+
missing cookie/host/bot-token records a loud `blockedSurfaces` entry (a real
|
|
47
|
+
driver-error FAIL), never a fabricated reply or a silent fallback.
|
|
48
|
+
|
|
49
|
+
No agent-to-user message-flow decision points are added. This is developer
|
|
50
|
+
test-harness infrastructure behind the dev-gated live-test runner.
|
|
51
|
+
|
|
52
|
+
## Roll-up across the seven review dimensions
|
|
53
|
+
|
|
54
|
+
1. **Over-block**: none. The change only adds a new credential path; the
|
|
55
|
+
pre-existing Bearer path is preserved verbatim for non-xoxc tokens. A missing
|
|
56
|
+
credential records the same kind of loud blocked-surface the route already
|
|
57
|
+
used.
|
|
58
|
+
2. **Under-block**: none. No gate was loosened. The xoxc path still requires the
|
|
59
|
+
`d` cookie + workspace host + a bot token; absence is recorded as a FAIL, not
|
|
60
|
+
waved through.
|
|
61
|
+
3. **Level-of-abstraction fit**: correct. The credential mechanics live in a
|
|
62
|
+
dedicated adapter implementing the existing `SlackCaller` seam — the same
|
|
63
|
+
seam `SlackLiveSender` already depends on — so `SlackLiveSender` is unchanged
|
|
64
|
+
and the transport detail is isolated and unit-testable.
|
|
65
|
+
4. **Signal-vs-authority compliance**: N/A to message flow. The only decision is
|
|
66
|
+
transport selection + a fail-closed blocked-surface record; no message is
|
|
67
|
+
blocked, delayed, or rewritten. No silent try/catch (inline guards throw
|
|
68
|
+
loudly) — complies with the no-silent-fallbacks ratchet.
|
|
69
|
+
5. **Interactions**: the route now reads Echo's own Slack bot token from
|
|
70
|
+
`ctx.config.messaging` for history reads. This is read-only config access
|
|
71
|
+
already used elsewhere in the same file (precedent at the channel-invite
|
|
72
|
+
path). No new mutation, no shared state.
|
|
73
|
+
6. **External surfaces**: a new outbound HTTP path to `https://<workspaceHost>/api/chat.postMessage`
|
|
74
|
+
carrying an `xoxc` token + a `d` cookie — but ONLY when an operator has
|
|
75
|
+
configured those demo creds and the dev-gated live-test runner is invoked.
|
|
76
|
+
The xoxc token + cookie are credentials of a throwaway demo test user, never
|
|
77
|
+
the operator's, and never logged (the adapter logs only `ok`/`ts`). No change
|
|
78
|
+
to any fleet runtime path.
|
|
79
|
+
7. **Rollback cost**: low. Single revertable commit; the new file is additive;
|
|
80
|
+
the route change is a guarded branch that falls back to the prior Bearer path
|
|
81
|
+
when the xoxc discriminator is false. No persistent state.
|
|
82
|
+
|
|
83
|
+
## Credential-handling note
|
|
84
|
+
|
|
85
|
+
The adapter handles two secrets: the member `xoxc` token (form body) and the
|
|
86
|
+
`d` session cookie (Cookie header). Both belong to a throwaway demo workspace
|
|
87
|
+
test user, are supplied via `liveTest.demo.*` config, and are never written to
|
|
88
|
+
logs — the adapter's logger emits only `ok` and `ts`. The Bearer history-read
|
|
89
|
+
token is Echo's own bot token, already present in `ctx.config.messaging`.
|
|
90
|
+
|
|
91
|
+
## Evidence pointers
|
|
92
|
+
|
|
93
|
+
- `npx tsc --noEmit` — clean.
|
|
94
|
+
- `npx vitest run tests/unit/LiveTestSlackCaller.test.ts` — 4/4 pass (asserts
|
|
95
|
+
xoxc-in-body + cookie + NOT-Bearer for postMessage; Bearer-bot for history;
|
|
96
|
+
undefined-param skip; loud constructor validation).
|
|
97
|
+
- Ratchets green: `tests/unit/no-silent-fallbacks.test.ts`,
|
|
98
|
+
`tests/unit/CapabilityIndex.test.ts`,
|
|
99
|
+
`tests/unit/feature-delivery-completeness.test.ts`.
|