instar 1.3.614 → 1.3.616
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dashboard/mandates.js +30 -9
- package/dist/commands/server.d.ts.map +1 -1
- package/dist/commands/server.js +110 -1
- package/dist/commands/server.js.map +1 -1
- package/dist/config/ConfigDefaults.d.ts.map +1 -1
- package/dist/config/ConfigDefaults.js +27 -0
- package/dist/config/ConfigDefaults.js.map +1 -1
- package/dist/coordination/AccountFollowMeMandateDelivery.d.ts +64 -0
- package/dist/coordination/AccountFollowMeMandateDelivery.d.ts.map +1 -0
- package/dist/coordination/AccountFollowMeMandateDelivery.js +92 -0
- package/dist/coordination/AccountFollowMeMandateDelivery.js.map +1 -0
- package/dist/coordination/DeliveredMandateStore.d.ts +67 -0
- package/dist/coordination/DeliveredMandateStore.d.ts.map +1 -0
- package/dist/coordination/DeliveredMandateStore.js +80 -0
- package/dist/coordination/DeliveredMandateStore.js.map +1 -0
- package/dist/core/AccountFollowMeRevocationStore.d.ts +34 -0
- package/dist/core/AccountFollowMeRevocationStore.d.ts.map +1 -0
- package/dist/core/AccountFollowMeRevocationStore.js +76 -0
- package/dist/core/AccountFollowMeRevocationStore.js.map +1 -0
- package/dist/core/AccountFollowMeSpendSlice.d.ts +197 -0
- package/dist/core/AccountFollowMeSpendSlice.d.ts.map +1 -0
- package/dist/core/AccountFollowMeSpendSlice.js +196 -0
- package/dist/core/AccountFollowMeSpendSlice.js.map +1 -0
- package/dist/core/AnthropicSubscriptionRouter.d.ts +28 -0
- package/dist/core/AnthropicSubscriptionRouter.d.ts.map +1 -1
- package/dist/core/AnthropicSubscriptionRouter.js +17 -0
- package/dist/core/AnthropicSubscriptionRouter.js.map +1 -1
- package/dist/core/MeshRpc.d.ts +37 -1
- package/dist/core/MeshRpc.d.ts.map +1 -1
- package/dist/core/MeshRpc.js +30 -0
- package/dist/core/MeshRpc.js.map +1 -1
- package/dist/core/PostUpdateMigrator.d.ts +9 -0
- package/dist/core/PostUpdateMigrator.d.ts.map +1 -1
- package/dist/core/PostUpdateMigrator.js +30 -0
- package/dist/core/PostUpdateMigrator.js.map +1 -1
- package/dist/core/accountFollowMeCooperativeWipe.d.ts +66 -0
- package/dist/core/accountFollowMeCooperativeWipe.d.ts.map +1 -0
- package/dist/core/accountFollowMeCooperativeWipe.js +179 -0
- package/dist/core/accountFollowMeCooperativeWipe.js.map +1 -0
- package/dist/server/AgentServer.d.ts +28 -0
- package/dist/server/AgentServer.d.ts.map +1 -1
- package/dist/server/AgentServer.js +81 -1
- package/dist/server/AgentServer.js.map +1 -1
- package/dist/server/routes.d.ts +37 -0
- package/dist/server/routes.d.ts.map +1 -1
- package/dist/server/routes.js +135 -4
- package/dist/server/routes.js.map +1 -1
- package/package.json +1 -1
- package/src/data/builtin-manifest.json +64 -64
- package/upgrades/1.3.615.md +35 -0
- package/upgrades/1.3.616.md +34 -0
- package/upgrades/side-effects/ws52-account-follow-me-r7a-spend-slice.md +70 -0
- package/upgrades/side-effects/ws52-account-follow-me-revocation-wiring.md +104 -0
- package/upgrades/side-effects/ws52-one-dashboard-mandate-delivery.md +74 -0
package/dashboard/mandates.js
CHANGED
|
@@ -526,31 +526,52 @@ export function createController({ doc, els, fetchImpl }) {
|
|
|
526
526
|
return { problems, authorities };
|
|
527
527
|
}
|
|
528
528
|
|
|
529
|
+
// WS5.2 R4a — an account-follow-me authority targets a SPECIFIC machine. From the operator's ONE
|
|
530
|
+
// dashboard, such a mandate is issued AND delivered to that target via /mandate/issue-for-machine
|
|
531
|
+
// (which issues locally then dispatches the R4a-signed bundle over the mesh) — the operator NEVER
|
|
532
|
+
// opens the target's own dashboard. A non-follow-me mandate uses the ordinary /mandate/issue path.
|
|
533
|
+
function followMeTarget(authorities) {
|
|
534
|
+
if (!Array.isArray(authorities)) return null;
|
|
535
|
+
const a = authorities.find((x) => x && x.action === 'account-follow-me'
|
|
536
|
+
&& x.bounds && typeof x.bounds.accountId === 'string' && typeof x.bounds.targetMachineId === 'string');
|
|
537
|
+
return a ? { accountId: a.bounds.accountId, targetMachineId: a.bounds.targetMachineId } : null;
|
|
538
|
+
}
|
|
539
|
+
|
|
529
540
|
async function issue() {
|
|
530
541
|
const { problems, authorities } = validateIssueForm();
|
|
531
542
|
if (problems.length > 0) {
|
|
532
543
|
note('Not issued — fix the following first:\n' + problems.join('\n'), 'error');
|
|
533
544
|
return;
|
|
534
545
|
}
|
|
535
|
-
const
|
|
536
|
-
|
|
537
|
-
|
|
538
|
-
|
|
539
|
-
|
|
540
|
-
|
|
541
|
-
|
|
546
|
+
const expiresAt = new Date(els.issueExpires.value).toISOString();
|
|
547
|
+
const pin = els.issuePin.value;
|
|
548
|
+
const agents = [els.issueAgentA?.value?.trim(), els.issueAgentB?.value?.trim()];
|
|
549
|
+
const fm = followMeTarget(authorities);
|
|
550
|
+
// Route an account-follow-me mandate through the one-dashboard issue+deliver path; everything
|
|
551
|
+
// else through the ordinary issue path.
|
|
552
|
+
const endpoint = fm ? '/mandate/issue-for-machine' : '/mandate/issue';
|
|
553
|
+
const payload = fm
|
|
554
|
+
? { pin, scope: els.issueScope?.value?.trim(), agents, expiresAt, accountId: fm.accountId, targetMachineId: fm.targetMachineId }
|
|
555
|
+
: { pin, scope: els.issueScope?.value?.trim(), agents, authorities, expiresAt };
|
|
542
556
|
els.issueBtn.disabled = true;
|
|
543
557
|
try {
|
|
544
|
-
const { status, body } = await fetchJson(
|
|
558
|
+
const { status, body } = await fetchJson(endpoint, {
|
|
545
559
|
method: 'POST',
|
|
546
560
|
headers: { 'Content-Type': 'application/json' },
|
|
547
561
|
body: JSON.stringify(payload),
|
|
548
562
|
});
|
|
549
563
|
if (els.issuePin) els.issuePin.value = ''; // never retain the PIN
|
|
550
564
|
if (status === 201) {
|
|
551
|
-
|
|
565
|
+
const deliveredNote = fm
|
|
566
|
+
? (body?.delivered ? ' and delivered to the target machine' : (body?.local ? ' (target is this machine)' : ''))
|
|
567
|
+
: '';
|
|
568
|
+
note(`✓ Mandate ${body?.mandate?.id ?? ''} issued${deliveredNote} — it is active and listed above. The agents can now act within its bounds.`, 'success');
|
|
552
569
|
if (els.issueDetails) els.issueDetails.open = false;
|
|
553
570
|
await refresh();
|
|
571
|
+
} else if (fm && status === 502) {
|
|
572
|
+
// Issued locally but cross-machine DELIVERY failed — honest, retry-able.
|
|
573
|
+
note(`Mandate ${body?.mandate?.id ?? ''} issued, but delivery to the target failed: ${body?.reason ?? body?.error ?? `HTTP ${status}`}. Retry to re-deliver (issuance is idempotent on the target).`, 'error');
|
|
574
|
+
await refresh();
|
|
554
575
|
} else {
|
|
555
576
|
note(`Not issued — the server refused: ${body?.error ?? `HTTP ${status}`}`, 'error');
|
|
556
577
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/commands/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAoCH,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAS3D,OAAO,EAAE,eAAe,EAAiC,MAAM,iCAAiC,CAAC;AAwBjG,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAGvD,OAAO,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAkH7D,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAsBtD;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,yBAAyB,CACvC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,gBAAgB,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAC1C,OAAO,CAUT;AAyID,UAAU,YAAY;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;2DACuD;IACvD,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/commands/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAoCH,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAS3D,OAAO,EAAE,eAAe,EAAiC,MAAM,iCAAiC,CAAC;AAwBjG,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAGvD,OAAO,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAkH7D,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAsBtD;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,yBAAyB,CACvC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,gBAAgB,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAC1C,OAAO,CAUT;AAyID,UAAU,YAAY;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;2DACuD;IACvD,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAy4CD,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,eAAe,EACzB,cAAc,EAAE,cAAc,EAC9B,YAAY,CAAC,EAAE,YAAY,EAC3B,WAAW,CAAC,EAAE,WAAW,EACzB,WAAW,CAAC,EAAE,WAAW,EACzB,iBAAiB,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,EAGvE,UAAU,CAAC,EAAE,MAAM,OAAO,8BAA8B,EAAE,WAAW,GAAG,IAAI,EAK5E,qBAAqB,CAAC,EAAE,MAAM,OAAO,gCAAgC,EAAE,kBAAkB,GAAG,IAAI,EAKhG,mBAAmB,CAAC,EAAE,MAAM,MAAM,GAAG,IAAI,GAAG,SAAS,GACpD,IAAI,CA8eN;AA2lBD,wBAAsB,WAAW,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAs7etE;AAED,wBAAsB,UAAU,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAsDzE;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,aAAa,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAuD5E"}
|
package/dist/commands/server.js
CHANGED
|
@@ -418,6 +418,10 @@ let _resolvePeerUrls = null;
|
|
|
418
418
|
* pool dark / no client — the transfer route degrades to today's pin path. */
|
|
419
419
|
let _sendDrain = null;
|
|
420
420
|
let _listPoolMachines = null;
|
|
421
|
+
/** WS5.2 R4a — operator/issuer leg: deliver an R4a-signed account-follow-me mandate to a REMOTE
|
|
422
|
+
* target over the signed mesh (the new verb). Set in the mesh-client block; null = no mesh client
|
|
423
|
+
* (single-machine) → the issue-for-machine route 503s on a remote target. */
|
|
424
|
+
let _deliverMandateToMachine = null;
|
|
421
425
|
/** Multi-Machine Session Pool §L4: per-topic placement pin store ("move this to <nickname>"). */
|
|
422
426
|
let _topicPinStore = null;
|
|
423
427
|
/** Cross-machine secret-sync (spec Phase 4): route-facing handle (push lever + read-only status). */
|
|
@@ -9938,6 +9942,63 @@ export async function startServer(options) {
|
|
|
9938
9942
|
}, config.subscriptionPool?.enrollment?.reissueSweepMs ?? 5 * 60_000);
|
|
9939
9943
|
if (enrollReissueTimer.unref)
|
|
9940
9944
|
enrollReissueTimer.unref();
|
|
9945
|
+
// ── WS5.2 R12 — Account Follow-Me revocation data-plane wiring (PER-SERVER model, OQ6) ──
|
|
9946
|
+
// The operator revokes the `account-follow-me` mandate on the TARGET machine's OWN dashboard,
|
|
9947
|
+
// so when /mandate/:id/revoke fires here, THIS machine IS the target — the data-plane wipe is
|
|
9948
|
+
// LOCAL (cooperative-online posture), never a cross-machine wipe-instruction. The pure executor
|
|
9949
|
+
// (AccountFollowMeRevocation) is constructed once with REAL deps:
|
|
9950
|
+
// - cooperativeWipe: framework logout against the account's CLAUDE_CONFIG_DIR + delete the
|
|
9951
|
+
// per-account config slot (SafeFsExecutor) + SubscriptionPool.remove(accountId) — FAIL-CLOSED
|
|
9952
|
+
// (a step that throws surfaces as not-done, never a silent "removed").
|
|
9953
|
+
// - pendingStore: a DURABLE JSON ledger (survives restarts) — offline targets get a bounded
|
|
9954
|
+
// pending wipe that fires on reconnect or escalates to revocation-FAILED at the deadline.
|
|
9955
|
+
// - emitRevocationFailed: the real attention emitter (HIGH item, one running item per pair).
|
|
9956
|
+
// - enabled: the SAME dev-gate as the rest of accountFollowMe (LIVE on a dev agent / DARK on
|
|
9957
|
+
// the fleet), read LIVE per-call so a config flip is honored without a restart.
|
|
9958
|
+
// Everything is DARK behind `multiMachine.accountFollowMe`: when the gate resolves OFF, revoke()
|
|
9959
|
+
// is a strict no-op (the route trigger does nothing) and sweepDeadlines() returns [].
|
|
9960
|
+
const { AccountFollowMeRevocation } = await import('../core/AccountFollowMeRevocation.js');
|
|
9961
|
+
const { DurablePendingWipeStore } = await import('../core/AccountFollowMeRevocationStore.js');
|
|
9962
|
+
const { buildCooperativeWipe } = await import('../core/accountFollowMeCooperativeWipe.js');
|
|
9963
|
+
const accountFollowMeRevocationEnabled = () => resolveDevAgentGate(config.multiMachine?.accountFollowMe?.enabled, config);
|
|
9964
|
+
const accountFollowMeRevocation = new AccountFollowMeRevocation({
|
|
9965
|
+
enabled: accountFollowMeRevocationEnabled,
|
|
9966
|
+
cooperativeWipe: buildCooperativeWipe({
|
|
9967
|
+
pool: subscriptionPool,
|
|
9968
|
+
log: (m) => console.log(m),
|
|
9969
|
+
}),
|
|
9970
|
+
pendingStore: new DurablePendingWipeStore({ stateDir: config.stateDir }),
|
|
9971
|
+
emitRevocationFailed: (item) => {
|
|
9972
|
+
if (!telegram)
|
|
9973
|
+
return;
|
|
9974
|
+
void telegram.createAttentionItem({
|
|
9975
|
+
id: item.id,
|
|
9976
|
+
title: item.title,
|
|
9977
|
+
summary: item.body,
|
|
9978
|
+
description: item.body,
|
|
9979
|
+
category: 'account-follow-me',
|
|
9980
|
+
priority: 'HIGH',
|
|
9981
|
+
sourceContext: 'account-follow-me-revocation',
|
|
9982
|
+
});
|
|
9983
|
+
},
|
|
9984
|
+
reconnectDeadlineMs: () => config
|
|
9985
|
+
.multiMachine?.accountFollowMe?.revocationReconnectDeadlineMs ?? 6 * 60 * 60_000,
|
|
9986
|
+
log: (m) => console.log(m),
|
|
9987
|
+
});
|
|
9988
|
+
// R12.iii — periodic deadline sweep so an offline-pending wipe past its reconnect-deadline
|
|
9989
|
+
// ESCALATES to the LOUD revocation-FAILED attention item (resume-queue give-up discipline).
|
|
9990
|
+
// sweepDeadlines() is a strict no-op while the feature resolves dark (the gate lives INSIDE it),
|
|
9991
|
+
// so the timer can always run. Reentrancy is irrelevant (synchronous); unref'd so it never holds
|
|
9992
|
+
// the process open. Cleared on shutdown alongside the other subscription timers.
|
|
9993
|
+
const accountFollowMeRevocationSweepTimer = setInterval(() => {
|
|
9994
|
+
try {
|
|
9995
|
+
accountFollowMeRevocation.sweepDeadlines();
|
|
9996
|
+
}
|
|
9997
|
+
catch (e) {
|
|
9998
|
+
console.warn(`[account-follow-me] revocation deadline sweep error: ${e instanceof Error ? e.message : String(e)}`);
|
|
9999
|
+
}
|
|
10000
|
+
}, 5 * 60_000);
|
|
10001
|
+
accountFollowMeRevocationSweepTimer.unref?.();
|
|
9941
10002
|
// Commitment Sentinel — LLM-powered scanner that finds unregistered commitments.
|
|
9942
10003
|
let commitmentSentinel;
|
|
9943
10004
|
if (sharedIntelligence) {
|
|
@@ -15189,6 +15250,15 @@ export async function startServer(options) {
|
|
|
15189
15250
|
routerHolder: () => coordinator?.getSyncStatus().leaseHolder ?? null,
|
|
15190
15251
|
ownerOf: (s) => ownReg.ownerOf(s),
|
|
15191
15252
|
placementTargetOf: (s) => ownReg.placementTargetOf(s),
|
|
15253
|
+
// WS5.2 R4a — the COARSE gate for account-follow-me-mandate-deliver: follow-me must be
|
|
15254
|
+
// enabled on THIS machine AND the sender a registered ACTIVE peer (verifyEnvelope already
|
|
15255
|
+
// proved the Ed25519/recipient/nonce). DENY-BY-DEFAULT (dark agent → refused here). The
|
|
15256
|
+
// LOAD-BEARING authority is the R4a signature re-verification in the handler below.
|
|
15257
|
+
authorizeMandateDeliver: ({ sender }) => {
|
|
15258
|
+
const afmEnabled = resolveDevAgentGate(config
|
|
15259
|
+
.multiMachine?.accountFollowMe?.enabled, config);
|
|
15260
|
+
return afmEnabled && meshIdMgr.isMachineActive(sender);
|
|
15261
|
+
},
|
|
15192
15262
|
},
|
|
15193
15263
|
recordNonce: (s, n) => {
|
|
15194
15264
|
const t = Date.now();
|
|
@@ -15420,6 +15490,21 @@ export async function startServer(options) {
|
|
|
15420
15490
|
'secret-share': (cmd, sender) => _secretShareHandler
|
|
15421
15491
|
? _secretShareHandler.handle(cmd, sender)
|
|
15422
15492
|
: { ok: false, reason: 'secret-sync disabled' },
|
|
15493
|
+
// WS5.2 R4a — ONE-DASHBOARD cross-machine mandate DELIVERY (target side). The operator
|
|
15494
|
+
// issued the account-follow-me mandate (PIN-gated) on their single dashboard and
|
|
15495
|
+
// delivered it here. verifyEnvelope already authenticated `sender` (Ed25519, recipient,
|
|
15496
|
+
// nonce, registered-peer); the LOAD-BEARING authority is the R4a issuance-signature
|
|
15497
|
+
// re-verification, done by AgentServer.acceptDeliveredMandateCommand against the SAME
|
|
15498
|
+
// registered operator key verifyEnvelope used (resolved here, NEVER from the payload).
|
|
15499
|
+
// FAIL CLOSED on every uncertainty; an unverified mandate is never persisted.
|
|
15500
|
+
'account-follow-me-mandate-deliver': (cmd, sender) => {
|
|
15501
|
+
const c = cmd;
|
|
15502
|
+
// Resolve the AUTHENTICATED sender's REGISTERED Ed25519 public key — the trust anchor.
|
|
15503
|
+
const operatorPem = meshIdMgr.getSigningPublicKeyPem(sender);
|
|
15504
|
+
const r = _agentServerRef?.acceptDeliveredMandateCommand(sender, c.portable, operatorPem)
|
|
15505
|
+
?? { accepted: false, reason: 'agent-server-not-ready' };
|
|
15506
|
+
return r;
|
|
15507
|
+
},
|
|
15423
15508
|
// WS4.4 holder side (MULTI-MACHINE-SEAMLESSNESS-SPEC §WS4.4). The
|
|
15424
15509
|
// verifyEnvelope gate already proved WHICH fronting machine is asking
|
|
15425
15510
|
// (`sender` = the authenticated, registered peer — used as the
|
|
@@ -15505,6 +15590,30 @@ export async function startServer(options) {
|
|
|
15505
15590
|
});
|
|
15506
15591
|
const peerUrl = (machineId) => meshIdMgr.getActiveMachines().find((m) => m.machineId === machineId)?.entry.lastKnownUrl ?? null;
|
|
15507
15592
|
_meshSelfId = meshSelfId;
|
|
15593
|
+
// WS5.2 R4a — operator/issuer leg: deliver an R4a-signed account-follow-me mandate to a
|
|
15594
|
+
// REMOTE target over the signed mesh `account-follow-me-mandate-deliver` verb. Every
|
|
15595
|
+
// failure shape maps to an explicit outcome the issue-for-machine route surfaces honestly
|
|
15596
|
+
// (the mandate is already issued+persisted locally; only delivery may fail → retry-able).
|
|
15597
|
+
_deliverMandateToMachine = async ({ targetMachineId, portable }) => {
|
|
15598
|
+
const url = peerUrl(targetMachineId);
|
|
15599
|
+
if (!url)
|
|
15600
|
+
return { ok: false, status: 0, reason: 'no-peer-url' };
|
|
15601
|
+
try {
|
|
15602
|
+
const res = await meshClient.send({ machineId: targetMachineId, url }, { type: 'account-follow-me-mandate-deliver', portable }, 0, { timeoutMs: 15_000 });
|
|
15603
|
+
if (res.ok) {
|
|
15604
|
+
const r = (res.result ?? {});
|
|
15605
|
+
return r.accepted === true
|
|
15606
|
+
? { ok: true, status: 200 }
|
|
15607
|
+
: { ok: false, status: 200, reason: typeof r.reason === 'string' ? r.reason : 'target-refused' };
|
|
15608
|
+
}
|
|
15609
|
+
return { ok: false, status: res.status, reason: res.reason ?? `status-${res.status}` };
|
|
15610
|
+
}
|
|
15611
|
+
catch (err) {
|
|
15612
|
+
// @silent-fallback-ok — a failed delivery RPC returns ok:false to the route, which
|
|
15613
|
+
// surfaces a retry-able 502 (the mandate is safe locally); never a stuck/half delivery.
|
|
15614
|
+
return { ok: false, status: 0, reason: err instanceof Error ? err.message : String(err) };
|
|
15615
|
+
}
|
|
15616
|
+
};
|
|
15508
15617
|
// WS1.2 sender leg: signed drain order to a remote owner. Bounded by
|
|
15509
15618
|
// the drain bound + slack so a clean drain (≤30s wait + close) can
|
|
15510
15619
|
// complete within one call; every failure shape maps to an explicit
|
|
@@ -16941,7 +17050,7 @@ export async function startServer(options) {
|
|
|
16941
17050
|
}
|
|
16942
17051
|
: null;
|
|
16943
17052
|
const server = new AgentServer({ config, sessionManager, state, scheduler, telegram, relationships, feedback, feedbackAnomalyDetector, dispatches, updateChecker, autoUpdater, autoDispatcher, quotaTracker, quotaManager, publisher, viewer, tunnel, evolution, watchdog, topicMemory, triageNurse, projectMapper, cartographer: cartographer ?? undefined, coherenceGate: scopeVerifier, contextHierarchy, canonicalState, operationGate, sentinel, adaptiveTrust, memoryMonitor, orphanReaper, coherenceMonitor, commitmentTracker, subscriptionPool, accountFollowMePeerViews: async () => { const machines = (_listPoolMachines?.() ?? []).filter((m) => m.machineId !== _meshSelfId && !!m.lastKnownUrl); if (machines.length === 0)
|
|
16944
|
-
return []; const { fetchPeerSubscriptionViews } = await import('../core/fetchPeerSubscriptionViews.js'); return fetchPeerSubscriptionViews({ peers: () => machines.map((m) => ({ machineId: m.machineId, nickname: m.nickname ?? m.machineId, url: m.lastKnownUrl })), fetchImpl: fetch, authToken: config.authToken ?? '' }); }, quotaPoller, quotaAwareScheduler: _quotaAwareScheduler ?? undefined, proactiveSwapMonitor: _proactiveSwapMonitor ?? undefined, inUseAccountResolver, enrollmentWizard, credentialRepointing, semanticMemory, activitySentinel, rateLimitSentinel, releaseReadinessSentinel: releaseReadinessSentinel ?? undefined, greenPrAutoMerger: greenPrAutoMerger ?? undefined, guardLatchStore: guardLatchStore ?? undefined, messageRouter, summarySentinel, spawnManager, systemReviewer, capabilityMapper, selfKnowledgeTree, coverageAuditor, topicResumeMap: _topicResumeMap ?? undefined, topicProfile: _topicProfileCtx ?? undefined, sessionRefresh: _sessionRefresh ?? undefined, autonomyManager, trustElevationTracker, autonomousEvolution, coordinator: coordinator.enabled ? coordinator : undefined, localSigningKeyPem, leaseTransport, onLeasePullRequest: () => leaseCoordinatorRef?.currentLease() ?? null, liveTailReceiver, handoffWireTransport, onHandoffBegin, onHandoffInitiate: handoffInitiate, handoffInProgress: handoffSentinelInProgress, messageLedger, currentInboundByTopic, replyMarkerTransport, onReplyMarker: messageLedger ? (marker) => { const m = marker; messageLedger.applyRemoteReplyMarker(m.dedupeKey, { platform: m.platform, replyIdempotencyKey: m.replyIdempotencyKey, epoch: m.epoch, topic: m.topic ?? null }); } : undefined, whatsapp: whatsappAdapter, slack: slackAdapter, imessage: imessageAdapter, whatsappBusinessBackend, messageBridge, hookEventReceiver, worktreeMonitor, subagentTracker, instructionsVerifier, handshakeManager: threadlineHandshake, threadlineRouter, conversationStore, threadLog, threadMessageRecorder, warrantsReplyGate, collaborationSurfacer, threadResumeMap, topicLinkageHandler: topicLinkageHandler ?? undefined, threadlineRelayClient, threadlineReplyWaiters, listenerManager: listenerManager ?? undefined, a2aDeliveryTracker: a2aDeliveryTracker ?? undefined, responseReviewGate, messagingToneGate, outboundDedupGate, telemetryHeartbeat, pasteManager, featureRegistry, discoveryEvaluator, completionEvaluator, unifiedTrust, liveConfig, sharedStateLedger, ledgerSessionRegistry, worktreeManager, oidcEnrolledRepos: parallelDevConfig?.oidcEnrolledRepos, initiativeTracker, projectRoundRunner, projectDriftChecker, machineHeartbeat, machinePoolRegistry, getInboundQueue: () => _inboundQueue, meshRpcDispatcher, workingSetPullCoordinator, commitmentReplicaStore, preferenceReplicaStore, replicatedRecordEmitter, conflictStore, rollbackUnmerge, droppedOriginRegistry, preferencesUnionReader, forwardCommitmentMutate, sessionOwnershipRegistry, topicPinStore: _topicPinStore ?? undefined, streamTicketStore: _streamTicketStore ?? undefined, poolStreamAllowRemoteInput: config.dashboard?.poolStream?.allowRemoteInput ?? false, poolStreamConnector: _poolStreamConnector ?? undefined, secretSync: _secretSyncHandle ?? undefined, meshSelfId: _meshSelfId ?? undefined, resolveRouterUrl: _resolveRouterUrl ?? undefined, resolvePeerUrls: _resolvePeerUrls ?? undefined, guardRegistry, listPoolMachines: _listPoolMachines ?? undefined, poolLink: _poolLink ?? undefined, poolPollCache: _poolPollCache ?? undefined, sessionPoolE2EResultStore, proxyCoordinator, topicIntentStore, topicIntentArcCheck, usherSignalStore, intelligence: sharedIntelligence ?? undefined, telegramBridgeConfig, telegramBridge: telegramBridge ?? undefined, threadlineObservability, briefDeps, workingMemory, taskFlowRegistry, threadlineFlowBridge, sessionReaper, agentWorktreeReaper, orphanedWorkSentinel, mcpProcessReaper, geminiLoopRunner, sleepController, agentActivityState, reapLog, resumeQueue, resumeDrainer, autonomousLivenessReconciler, prHandLease: prHandLease ?? undefined, operatorStopRecorder: recordOperatorStop, sleepWakeDetector, unjustifiedStopGate, stopGateDb, stopNotifier, liveTestGate, liveTestGateMode, liveTestRunnerCtx }); // Resolve the late-bound topic-operator getter (increment 2e): routing was
|
|
17053
|
+
return []; const { fetchPeerSubscriptionViews } = await import('../core/fetchPeerSubscriptionViews.js'); return fetchPeerSubscriptionViews({ peers: () => machines.map((m) => ({ machineId: m.machineId, nickname: m.nickname ?? m.machineId, url: m.lastKnownUrl })), fetchImpl: fetch, authToken: config.authToken ?? '' }); }, quotaPoller, quotaAwareScheduler: _quotaAwareScheduler ?? undefined, proactiveSwapMonitor: _proactiveSwapMonitor ?? undefined, inUseAccountResolver, enrollmentWizard, accountFollowMeRevocation, credentialRepointing, semanticMemory, activitySentinel, rateLimitSentinel, releaseReadinessSentinel: releaseReadinessSentinel ?? undefined, greenPrAutoMerger: greenPrAutoMerger ?? undefined, guardLatchStore: guardLatchStore ?? undefined, messageRouter, summarySentinel, spawnManager, systemReviewer, capabilityMapper, selfKnowledgeTree, coverageAuditor, topicResumeMap: _topicResumeMap ?? undefined, topicProfile: _topicProfileCtx ?? undefined, sessionRefresh: _sessionRefresh ?? undefined, autonomyManager, trustElevationTracker, autonomousEvolution, coordinator: coordinator.enabled ? coordinator : undefined, localSigningKeyPem, leaseTransport, onLeasePullRequest: () => leaseCoordinatorRef?.currentLease() ?? null, liveTailReceiver, handoffWireTransport, onHandoffBegin, onHandoffInitiate: handoffInitiate, handoffInProgress: handoffSentinelInProgress, messageLedger, currentInboundByTopic, replyMarkerTransport, onReplyMarker: messageLedger ? (marker) => { const m = marker; messageLedger.applyRemoteReplyMarker(m.dedupeKey, { platform: m.platform, replyIdempotencyKey: m.replyIdempotencyKey, epoch: m.epoch, topic: m.topic ?? null }); } : undefined, whatsapp: whatsappAdapter, slack: slackAdapter, imessage: imessageAdapter, whatsappBusinessBackend, messageBridge, hookEventReceiver, worktreeMonitor, subagentTracker, instructionsVerifier, handshakeManager: threadlineHandshake, threadlineRouter, conversationStore, threadLog, threadMessageRecorder, warrantsReplyGate, collaborationSurfacer, threadResumeMap, topicLinkageHandler: topicLinkageHandler ?? undefined, threadlineRelayClient, threadlineReplyWaiters, listenerManager: listenerManager ?? undefined, a2aDeliveryTracker: a2aDeliveryTracker ?? undefined, responseReviewGate, messagingToneGate, outboundDedupGate, telemetryHeartbeat, pasteManager, featureRegistry, discoveryEvaluator, completionEvaluator, unifiedTrust, liveConfig, sharedStateLedger, ledgerSessionRegistry, worktreeManager, oidcEnrolledRepos: parallelDevConfig?.oidcEnrolledRepos, initiativeTracker, projectRoundRunner, projectDriftChecker, machineHeartbeat, machinePoolRegistry, getInboundQueue: () => _inboundQueue, meshRpcDispatcher, workingSetPullCoordinator, commitmentReplicaStore, preferenceReplicaStore, replicatedRecordEmitter, conflictStore, rollbackUnmerge, droppedOriginRegistry, preferencesUnionReader, forwardCommitmentMutate, sessionOwnershipRegistry, topicPinStore: _topicPinStore ?? undefined, streamTicketStore: _streamTicketStore ?? undefined, poolStreamAllowRemoteInput: config.dashboard?.poolStream?.allowRemoteInput ?? false, poolStreamConnector: _poolStreamConnector ?? undefined, secretSync: _secretSyncHandle ?? undefined, meshSelfId: _meshSelfId ?? undefined, resolveRouterUrl: _resolveRouterUrl ?? undefined, resolvePeerUrls: _resolvePeerUrls ?? undefined, guardRegistry, listPoolMachines: _listPoolMachines ?? undefined, deliverMandateToMachine: _deliverMandateToMachine ?? undefined, poolLink: _poolLink ?? undefined, poolPollCache: _poolPollCache ?? undefined, sessionPoolE2EResultStore, proxyCoordinator, topicIntentStore, topicIntentArcCheck, usherSignalStore, intelligence: sharedIntelligence ?? undefined, telegramBridgeConfig, telegramBridge: telegramBridge ?? undefined, threadlineObservability, briefDeps, workingMemory, taskFlowRegistry, threadlineFlowBridge, sessionReaper, agentWorktreeReaper, orphanedWorkSentinel, mcpProcessReaper, geminiLoopRunner, sleepController, agentActivityState, reapLog, resumeQueue, resumeDrainer, autonomousLivenessReconciler, prHandLease: prHandLease ?? undefined, operatorStopRecorder: recordOperatorStop, sleepWakeDetector, unjustifiedStopGate, stopGateDb, stopNotifier, liveTestGate, liveTestGateMode, liveTestRunnerCtx }); // Resolve the late-bound topic-operator getter (increment 2e): routing was
|
|
16945
17054
|
// wired before the server existed; from here on inbound binds use the
|
|
16946
17055
|
// server's own store instance.
|
|
16947
17056
|
_agentServerRef = server;
|