instar 1.3.609 → 1.3.611
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/server.d.ts.map +1 -1
- package/dist/commands/server.js +19 -0
- package/dist/commands/server.js.map +1 -1
- package/dist/core/EnrollmentWizard.d.ts +50 -0
- package/dist/core/EnrollmentWizard.d.ts.map +1 -1
- package/dist/core/EnrollmentWizard.js +52 -0
- package/dist/core/EnrollmentWizard.js.map +1 -1
- package/dist/core/PendingLoginStore.d.ts +8 -0
- package/dist/core/PendingLoginStore.d.ts.map +1 -1
- package/dist/core/PendingLoginStore.js +1 -0
- package/dist/core/PendingLoginStore.js.map +1 -1
- package/dist/core/QuotaAwareScheduler.d.ts +4 -2
- package/dist/core/QuotaAwareScheduler.d.ts.map +1 -1
- package/dist/core/QuotaAwareScheduler.js +7 -8
- package/dist/core/QuotaAwareScheduler.js.map +1 -1
- package/dist/core/SubscriptionPool.d.ts +20 -0
- package/dist/core/SubscriptionPool.d.ts.map +1 -1
- package/dist/core/SubscriptionPool.js +26 -0
- package/dist/core/SubscriptionPool.js.map +1 -1
- package/dist/server/routes.d.ts.map +1 -1
- package/dist/server/routes.js +51 -0
- package/dist/server/routes.js.map +1 -1
- package/package.json +1 -1
- package/src/data/builtin-manifest.json +46 -46
- package/upgrades/1.3.610.md +24 -0
- package/upgrades/1.3.611.md +22 -0
- package/upgrades/side-effects/ws52-account-follow-me-email-gate.md +70 -0
- package/upgrades/side-effects/ws52-account-follow-me-locally-executable.md +69 -0
package/dist/server/routes.js
CHANGED
|
@@ -19169,6 +19169,57 @@ export function createRoutes(ctx) {
|
|
|
19169
19169
|
}
|
|
19170
19170
|
res.json({ enabled: true, login });
|
|
19171
19171
|
});
|
|
19172
|
+
// WS5.2 §5.3 step 3 / S7 — Account Follow-Me completion with the email-validation gate.
|
|
19173
|
+
// When an operator-authorized follow-me enrollment COMPLETES on this target machine, the
|
|
19174
|
+
// freshly-minted login's account email is validated against the operator's expectation BEFORE
|
|
19175
|
+
// the account becomes a selectable pool account. A surprise/mismatched/unverifiable email is
|
|
19176
|
+
// HELD (NOT added to the pool) and raises a HIGH attention item. Only a verified match adds
|
|
19177
|
+
// the account to the SubscriptionPool. Dark behind multiMachine.accountFollowMe (503 when off).
|
|
19178
|
+
router.post('/subscription-pool/follow-me/enroll/:id/complete', async (req, res) => {
|
|
19179
|
+
const afmCfg = ctx.config.multiMachine?.accountFollowMe;
|
|
19180
|
+
if (!resolveDevAgentGate(afmCfg?.enabled, ctx.config)) {
|
|
19181
|
+
res.status(503).json({ error: 'account follow-me not enabled' });
|
|
19182
|
+
return;
|
|
19183
|
+
}
|
|
19184
|
+
if (!ctx.enrollmentWizard || !ctx.subscriptionPool) {
|
|
19185
|
+
res.status(503).json({ error: 'enrollment wizard or subscription pool not configured' });
|
|
19186
|
+
return;
|
|
19187
|
+
}
|
|
19188
|
+
const nickname = (req.body?.nickname && typeof req.body.nickname === 'string' && req.body.nickname.trim())
|
|
19189
|
+
? req.body.nickname.trim()
|
|
19190
|
+
: 'this machine';
|
|
19191
|
+
try {
|
|
19192
|
+
const result = await ctx.enrollmentWizard.completeFollowMe(req.params.id, nickname);
|
|
19193
|
+
if (result.outcome === 'not-found') {
|
|
19194
|
+
res.status(404).json({ error: `pending login ${req.params.id} not found` });
|
|
19195
|
+
return;
|
|
19196
|
+
}
|
|
19197
|
+
if (result.outcome === 'held') {
|
|
19198
|
+
// Fail-closed: the account is NOT added to the pool; the gate already raised the
|
|
19199
|
+
// HIGH attention item for the operator.
|
|
19200
|
+
res.json({ enabled: true, outcome: 'held', reason: result.reason, login: result.login });
|
|
19201
|
+
return;
|
|
19202
|
+
}
|
|
19203
|
+
// outcome === 'validated' — the email matched operator expectation; make it selectable.
|
|
19204
|
+
const { login, email } = result;
|
|
19205
|
+
const account = ctx.subscriptionPool.add({
|
|
19206
|
+
id: login.id,
|
|
19207
|
+
nickname: login.label,
|
|
19208
|
+
provider: login.provider,
|
|
19209
|
+
framework: login.framework,
|
|
19210
|
+
configHome: login.configHome ?? '',
|
|
19211
|
+
status: 'active',
|
|
19212
|
+
email,
|
|
19213
|
+
});
|
|
19214
|
+
res.status(201).json({ enabled: true, outcome: 'validated', account });
|
|
19215
|
+
}
|
|
19216
|
+
catch (err) {
|
|
19217
|
+
const isValidation = err instanceof Error && err.name === 'ValidationError';
|
|
19218
|
+
res.status(isValidation ? 400 : 500).json({
|
|
19219
|
+
error: err instanceof Error ? err.message : 'follow-me completion failed',
|
|
19220
|
+
});
|
|
19221
|
+
}
|
|
19222
|
+
});
|
|
19172
19223
|
// ── Live credential re-pointing — levers + ledger census + audit-scrub (WS5.2 Step 7) ──
|
|
19173
19224
|
//
|
|
19174
19225
|
// POST /credentials/swap|set-default|restore-enrollment (DETECTIVE controls: operator
|