instar 1.3.603 → 1.3.605

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (46) hide show
  1. package/dist/commands/server.d.ts.map +1 -1
  2. package/dist/commands/server.js +58 -2
  3. package/dist/commands/server.js.map +1 -1
  4. package/dist/config/ConfigDefaults.d.ts.map +1 -1
  5. package/dist/config/ConfigDefaults.js +15 -0
  6. package/dist/config/ConfigDefaults.js.map +1 -1
  7. package/dist/core/CredentialLocationLedger.d.ts +70 -0
  8. package/dist/core/CredentialLocationLedger.d.ts.map +1 -1
  9. package/dist/core/CredentialLocationLedger.js +126 -0
  10. package/dist/core/CredentialLocationLedger.js.map +1 -1
  11. package/dist/core/PostUpdateMigrator.d.ts.map +1 -1
  12. package/dist/core/PostUpdateMigrator.js +16 -0
  13. package/dist/core/PostUpdateMigrator.js.map +1 -1
  14. package/dist/core/types.d.ts +20 -0
  15. package/dist/core/types.d.ts.map +1 -1
  16. package/dist/core/types.js.map +1 -1
  17. package/dist/feedback-factory/processing/FeedbackProcessingService.d.ts +70 -0
  18. package/dist/feedback-factory/processing/FeedbackProcessingService.d.ts.map +1 -0
  19. package/dist/feedback-factory/processing/FeedbackProcessingService.js +74 -0
  20. package/dist/feedback-factory/processing/FeedbackProcessingService.js.map +1 -0
  21. package/dist/feedback-factory/store/JsonlFeedbackStore.d.ts +34 -0
  22. package/dist/feedback-factory/store/JsonlFeedbackStore.d.ts.map +1 -1
  23. package/dist/feedback-factory/store/JsonlFeedbackStore.js +59 -0
  24. package/dist/feedback-factory/store/JsonlFeedbackStore.js.map +1 -1
  25. package/dist/scaffold/templates.d.ts.map +1 -1
  26. package/dist/scaffold/templates.js +5 -0
  27. package/dist/scaffold/templates.js.map +1 -1
  28. package/dist/server/AgentServer.d.ts +5 -0
  29. package/dist/server/AgentServer.d.ts.map +1 -1
  30. package/dist/server/AgentServer.js +34 -0
  31. package/dist/server/AgentServer.js.map +1 -1
  32. package/dist/server/CapabilityIndex.d.ts.map +1 -1
  33. package/dist/server/CapabilityIndex.js +12 -0
  34. package/dist/server/CapabilityIndex.js.map +1 -1
  35. package/dist/server/routes.d.ts +4 -0
  36. package/dist/server/routes.d.ts.map +1 -1
  37. package/dist/server/routes.js +34 -0
  38. package/dist/server/routes.js.map +1 -1
  39. package/package.json +1 -1
  40. package/src/data/builtin-manifest.json +64 -64
  41. package/src/scaffold/templates/jobs/instar/feedback-factory-process.md +35 -0
  42. package/src/scaffold/templates.ts +5 -0
  43. package/upgrades/1.3.604.md +57 -0
  44. package/upgrades/1.3.605.md +29 -0
  45. package/upgrades/side-effects/credential-identity-audit.md +183 -0
  46. package/upgrades/side-effects/feedback-processor-job.md +60 -0
@@ -1 +1 @@
1
- {"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/commands/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAoCH,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAS3D,OAAO,EAAE,eAAe,EAAiC,MAAM,iCAAiC,CAAC;AAwBjG,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAGvD,OAAO,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAkH7D,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAsBtD;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,yBAAyB,CACvC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,gBAAgB,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAC1C,OAAO,CAUT;AAyID,UAAU,YAAY;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;2DACuD;IACvD,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAg4CD,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,eAAe,EACzB,cAAc,EAAE,cAAc,EAC9B,YAAY,CAAC,EAAE,YAAY,EAC3B,WAAW,CAAC,EAAE,WAAW,EACzB,WAAW,CAAC,EAAE,WAAW,EACzB,iBAAiB,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,EAGvE,UAAU,CAAC,EAAE,MAAM,OAAO,8BAA8B,EAAE,WAAW,GAAG,IAAI,EAK5E,qBAAqB,CAAC,EAAE,MAAM,OAAO,gCAAgC,EAAE,kBAAkB,GAAG,IAAI,EAKhG,mBAAmB,CAAC,EAAE,MAAM,MAAM,GAAG,IAAI,GAAG,SAAS,GACpD,IAAI,CA8eN;AA2lBD,wBAAsB,WAAW,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAs0dtE;AAED,wBAAsB,UAAU,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAsDzE;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,aAAa,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAuD5E"}
1
+ {"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/commands/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAoCH,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAS3D,OAAO,EAAE,eAAe,EAAiC,MAAM,iCAAiC,CAAC;AAwBjG,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAGvD,OAAO,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAkH7D,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAsBtD;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,yBAAyB,CACvC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,gBAAgB,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAC1C,OAAO,CAUT;AAyID,UAAU,YAAY;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;2DACuD;IACvD,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAg4CD,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,eAAe,EACzB,cAAc,EAAE,cAAc,EAC9B,YAAY,CAAC,EAAE,YAAY,EAC3B,WAAW,CAAC,EAAE,WAAW,EACzB,WAAW,CAAC,EAAE,WAAW,EACzB,iBAAiB,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,EAGvE,UAAU,CAAC,EAAE,MAAM,OAAO,8BAA8B,EAAE,WAAW,GAAG,IAAI,EAK5E,qBAAqB,CAAC,EAAE,MAAM,OAAO,gCAAgC,EAAE,kBAAkB,GAAG,IAAI,EAKhG,mBAAmB,CAAC,EAAE,MAAM,MAAM,GAAG,IAAI,GAAG,SAAS,GACpD,IAAI,CA8eN;AA2lBD,wBAAsB,WAAW,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAo4dtE;AAED,wBAAsB,UAAU,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAsDzE;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,aAAa,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAuD5E"}
@@ -9246,7 +9246,7 @@ export async function startServer(options) {
9246
9246
  // off (always, while dark) every gate read returns the enrollment-home fallback, so every
9247
9247
  // consumer is byte-for-byte today's behavior. A never-seeded ledger is the same fallback (back-
9248
9248
  // compat); only UNKNOWN mode (corrupt on-disk) raises a HIGH attention item, never throws.
9249
- const { CredentialLocationLedger, shouldBootSeedCredentialLedger } = await import('../core/CredentialLocationLedger.js');
9249
+ const { CredentialLocationLedger, shouldBootSeedCredentialLedger, shouldRunIdentityAudit } = await import('../core/CredentialLocationLedger.js');
9250
9250
  const { CredentialIdentityOracle } = await import('../core/CredentialIdentityOracle.js');
9251
9251
  const { CredentialLocationGate } = await import('../core/CredentialLocationGate.js');
9252
9252
  const credentialGateEmitAttention = telegram
@@ -9446,14 +9446,22 @@ export async function startServer(options) {
9446
9446
  // never blocked on them; failures are loud at the slot level (quarantine + attention) INSIDE
9447
9447
  // seedFromOracle. Seeding writes ONLY the local slot→account map — it moves ZERO credentials
9448
9448
  // (the executor's dryRun gate + the one-home invariant still guard every real swap). <!-- tracked: 20905 -->
9449
+ // `credSeedInFlight` closes the fresh-agent seed↔audit interleave: a never-seeded boot fires
9450
+ // seedFromOracle() fire-and-forget at t=0, and the boot identity audit fires at t≈90s. If the
9451
+ // oracle hangs past 90s the two passes could otherwise touch the in-memory assignments view at
9452
+ // their respective awaits. isSeeded() does NOT protect this (seedFromOracle bumps version at
9453
+ // 'begin', so isSeeded() flips true mid-seed), so the audit gate also checks this flag.
9454
+ let credSeedInFlight = false;
9449
9455
  if (shouldBootSeedCredentialLedger(resolveDevAgentGate(config.subscriptionPool?.credentialRepointing?.enabled, config), credentialLocationLedger.isSeeded())) {
9456
+ credSeedInFlight = true;
9450
9457
  void credentialLocationLedger
9451
9458
  .seedFromOracle()
9452
9459
  .then((outcomes) => {
9453
9460
  const assigned = outcomes.filter((o) => o.result === 'assigned').length;
9454
9461
  console.log(pc.green(` Credential location ledger seeded: ${assigned}/${outcomes.length} slot(s) mapped`));
9455
9462
  })
9456
- .catch((e) => console.warn(`[CredentialLedger] boot seed failed: ${e instanceof Error ? e.message : String(e)}`));
9463
+ .catch((e) => console.warn(`[CredentialLedger] boot seed failed: ${e instanceof Error ? e.message : String(e)}`))
9464
+ .finally(() => { credSeedInFlight = false; });
9457
9465
  }
9458
9466
  // B3b — the periodic balancer pass. tick() is a strict no-op while the feature resolves dark
9459
9467
  // (so the timer can always run; the gate lives INSIDE tick()), and on a dev agent it runs the
@@ -9471,6 +9479,54 @@ export async function startServer(options) {
9471
9479
  .finally(() => { credRebalancerTickInFlight = false; });
9472
9480
  }, credRebalancerPassMs);
9473
9481
  credRebalancerTimer.unref?.();
9482
+ // B3c — the periodic NON-DESTRUCTIVE identity audit. THE FIX for the inert-optimizer bug:
9483
+ // the rebalancer's every objective (wall-rescue AND the use-it-or-lose-it drain) only acts on
9484
+ // a DESTINATION slot whose identity was verified within `auditCadenceMs` (default 6h). Nothing
9485
+ // re-stamped verification after the boot seed (markVerified had zero callers), so every slot
9486
+ // decayed to "not recently verified" and the rebalancer went permanently inert — it decided
9487
+ // nothing because it had no eligible targets. auditIdentities() re-probes each slot and refreshes
9488
+ // its verification (and lets a since-resolvable slot EXIT quarantine), keeping the optimizer's
9489
+ // target set live. It moves ZERO credentials (ledger verification state only); never triggers a
9490
+ // swap; HOLDS a healthy slot on a transient oracle blip (never re-creates the stall). Same
9491
+ // dev-gate as the rebalancer (strict no-op / no probe on the dark fleet); reentrancy-guarded;
9492
+ // unref'd. Audit cadence = half of auditCadenceMs, capped at 30min, floored at 1min, so a
9493
+ // healthy slot is always re-confirmed well inside the verified-recent window. <!-- tracked: 20905 -->
9494
+ const credAuditCadenceMs = credResolveBalancerConfig({
9495
+ ...(config.subscriptionPool?.credentialRepointing?.balancer ?? {}),
9496
+ slotCount: credentialLocationLedger.getAssignments().length,
9497
+ }).auditCadenceMs;
9498
+ const credAuditIntervalMs = Math.max(60_000, Math.min(Math.floor(credAuditCadenceMs / 2), 30 * 60_000));
9499
+ let credAuditInFlight = false;
9500
+ const runCredentialIdentityAudit = async (trigger) => {
9501
+ // Pure, unit-tested gate (shouldRunIdentityAudit): enabled (no-op/no-probe on the dark fleet)
9502
+ // AND seeded AND not UNKNOWN-mode AND not already in flight (reentrancy guard).
9503
+ // `credSeedInFlight` is the runtime seed↔audit interleave guard (a boot seed can be mid-probe
9504
+ // when the boot audit fires); the pure predicate covers the persistent-state gates.
9505
+ if (credSeedInFlight ||
9506
+ !shouldRunIdentityAudit(resolveDevAgentGate(config.subscriptionPool?.credentialRepointing?.enabled, config), credentialLocationLedger.isSeeded(), credentialLocationLedger.isUnknownMode(), credAuditInFlight)) {
9507
+ return;
9508
+ }
9509
+ credAuditInFlight = true;
9510
+ try {
9511
+ const r = await credentialLocationLedger.auditIdentities();
9512
+ if (r.refreshed || r.recovered || r.quarantined) {
9513
+ console.log(pc.dim(` Credential identity audit (${trigger}): ${r.refreshed} refreshed, ${r.recovered} recovered, ${r.quarantined} quarantined, ${r.unresolved} unresolved`));
9514
+ }
9515
+ }
9516
+ catch (e) {
9517
+ console.warn(`[CredentialIdentityAudit] ${trigger} error: ${e instanceof Error ? e.message : String(e)}`);
9518
+ }
9519
+ finally {
9520
+ credAuditInFlight = false;
9521
+ }
9522
+ };
9523
+ // Boot one-shot (delayed so it never races the boot seed) — refreshes stale verification
9524
+ // immediately on restart so a long-running agent's rebalancer has fresh targets without
9525
+ // waiting a full cadence.
9526
+ const credAuditBootTimer = setTimeout(() => void runCredentialIdentityAudit('boot'), 90_000);
9527
+ credAuditBootTimer.unref?.();
9528
+ const credAuditTimer = setInterval(() => void runCredentialIdentityAudit('periodic'), credAuditIntervalMs);
9529
+ credAuditTimer.unref?.();
9474
9530
  // QuotaPoller — per-account live quota reader (P1.2 of the Subscription &
9475
9531
  // Auth Standard). Reads each account's 5h/weekly utilization + reset dates
9476
9532
  // via the OAuth usage endpoint (transient per-account token, never persisted)