instar 1.3.614 → 1.3.616

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (54) hide show
  1. package/dashboard/mandates.js +30 -9
  2. package/dist/commands/server.d.ts.map +1 -1
  3. package/dist/commands/server.js +110 -1
  4. package/dist/commands/server.js.map +1 -1
  5. package/dist/config/ConfigDefaults.d.ts.map +1 -1
  6. package/dist/config/ConfigDefaults.js +27 -0
  7. package/dist/config/ConfigDefaults.js.map +1 -1
  8. package/dist/coordination/AccountFollowMeMandateDelivery.d.ts +64 -0
  9. package/dist/coordination/AccountFollowMeMandateDelivery.d.ts.map +1 -0
  10. package/dist/coordination/AccountFollowMeMandateDelivery.js +92 -0
  11. package/dist/coordination/AccountFollowMeMandateDelivery.js.map +1 -0
  12. package/dist/coordination/DeliveredMandateStore.d.ts +67 -0
  13. package/dist/coordination/DeliveredMandateStore.d.ts.map +1 -0
  14. package/dist/coordination/DeliveredMandateStore.js +80 -0
  15. package/dist/coordination/DeliveredMandateStore.js.map +1 -0
  16. package/dist/core/AccountFollowMeRevocationStore.d.ts +34 -0
  17. package/dist/core/AccountFollowMeRevocationStore.d.ts.map +1 -0
  18. package/dist/core/AccountFollowMeRevocationStore.js +76 -0
  19. package/dist/core/AccountFollowMeRevocationStore.js.map +1 -0
  20. package/dist/core/AccountFollowMeSpendSlice.d.ts +197 -0
  21. package/dist/core/AccountFollowMeSpendSlice.d.ts.map +1 -0
  22. package/dist/core/AccountFollowMeSpendSlice.js +196 -0
  23. package/dist/core/AccountFollowMeSpendSlice.js.map +1 -0
  24. package/dist/core/AnthropicSubscriptionRouter.d.ts +28 -0
  25. package/dist/core/AnthropicSubscriptionRouter.d.ts.map +1 -1
  26. package/dist/core/AnthropicSubscriptionRouter.js +17 -0
  27. package/dist/core/AnthropicSubscriptionRouter.js.map +1 -1
  28. package/dist/core/MeshRpc.d.ts +37 -1
  29. package/dist/core/MeshRpc.d.ts.map +1 -1
  30. package/dist/core/MeshRpc.js +30 -0
  31. package/dist/core/MeshRpc.js.map +1 -1
  32. package/dist/core/PostUpdateMigrator.d.ts +9 -0
  33. package/dist/core/PostUpdateMigrator.d.ts.map +1 -1
  34. package/dist/core/PostUpdateMigrator.js +30 -0
  35. package/dist/core/PostUpdateMigrator.js.map +1 -1
  36. package/dist/core/accountFollowMeCooperativeWipe.d.ts +66 -0
  37. package/dist/core/accountFollowMeCooperativeWipe.d.ts.map +1 -0
  38. package/dist/core/accountFollowMeCooperativeWipe.js +179 -0
  39. package/dist/core/accountFollowMeCooperativeWipe.js.map +1 -0
  40. package/dist/server/AgentServer.d.ts +28 -0
  41. package/dist/server/AgentServer.d.ts.map +1 -1
  42. package/dist/server/AgentServer.js +81 -1
  43. package/dist/server/AgentServer.js.map +1 -1
  44. package/dist/server/routes.d.ts +37 -0
  45. package/dist/server/routes.d.ts.map +1 -1
  46. package/dist/server/routes.js +135 -4
  47. package/dist/server/routes.js.map +1 -1
  48. package/package.json +1 -1
  49. package/src/data/builtin-manifest.json +64 -64
  50. package/upgrades/1.3.615.md +35 -0
  51. package/upgrades/1.3.616.md +34 -0
  52. package/upgrades/side-effects/ws52-account-follow-me-r7a-spend-slice.md +70 -0
  53. package/upgrades/side-effects/ws52-account-follow-me-revocation-wiring.md +104 -0
  54. package/upgrades/side-effects/ws52-one-dashboard-mandate-delivery.md +74 -0
@@ -526,31 +526,52 @@ export function createController({ doc, els, fetchImpl }) {
526
526
  return { problems, authorities };
527
527
  }
528
528
 
529
+ // WS5.2 R4a — an account-follow-me authority targets a SPECIFIC machine. From the operator's ONE
530
+ // dashboard, such a mandate is issued AND delivered to that target via /mandate/issue-for-machine
531
+ // (which issues locally then dispatches the R4a-signed bundle over the mesh) — the operator NEVER
532
+ // opens the target's own dashboard. A non-follow-me mandate uses the ordinary /mandate/issue path.
533
+ function followMeTarget(authorities) {
534
+ if (!Array.isArray(authorities)) return null;
535
+ const a = authorities.find((x) => x && x.action === 'account-follow-me'
536
+ && x.bounds && typeof x.bounds.accountId === 'string' && typeof x.bounds.targetMachineId === 'string');
537
+ return a ? { accountId: a.bounds.accountId, targetMachineId: a.bounds.targetMachineId } : null;
538
+ }
539
+
529
540
  async function issue() {
530
541
  const { problems, authorities } = validateIssueForm();
531
542
  if (problems.length > 0) {
532
543
  note('Not issued — fix the following first:\n' + problems.join('\n'), 'error');
533
544
  return;
534
545
  }
535
- const payload = {
536
- pin: els.issuePin.value,
537
- scope: els.issueScope?.value?.trim(),
538
- agents: [els.issueAgentA?.value?.trim(), els.issueAgentB?.value?.trim()],
539
- authorities,
540
- expiresAt: new Date(els.issueExpires.value).toISOString(),
541
- };
546
+ const expiresAt = new Date(els.issueExpires.value).toISOString();
547
+ const pin = els.issuePin.value;
548
+ const agents = [els.issueAgentA?.value?.trim(), els.issueAgentB?.value?.trim()];
549
+ const fm = followMeTarget(authorities);
550
+ // Route an account-follow-me mandate through the one-dashboard issue+deliver path; everything
551
+ // else through the ordinary issue path.
552
+ const endpoint = fm ? '/mandate/issue-for-machine' : '/mandate/issue';
553
+ const payload = fm
554
+ ? { pin, scope: els.issueScope?.value?.trim(), agents, expiresAt, accountId: fm.accountId, targetMachineId: fm.targetMachineId }
555
+ : { pin, scope: els.issueScope?.value?.trim(), agents, authorities, expiresAt };
542
556
  els.issueBtn.disabled = true;
543
557
  try {
544
- const { status, body } = await fetchJson('/mandate/issue', {
558
+ const { status, body } = await fetchJson(endpoint, {
545
559
  method: 'POST',
546
560
  headers: { 'Content-Type': 'application/json' },
547
561
  body: JSON.stringify(payload),
548
562
  });
549
563
  if (els.issuePin) els.issuePin.value = ''; // never retain the PIN
550
564
  if (status === 201) {
551
- note(`✓ Mandate ${body?.mandate?.id ?? ''} issued — it is active and listed above. The agents can now act within its bounds.`, 'success');
565
+ const deliveredNote = fm
566
+ ? (body?.delivered ? ' and delivered to the target machine' : (body?.local ? ' (target is this machine)' : ''))
567
+ : '';
568
+ note(`✓ Mandate ${body?.mandate?.id ?? ''} issued${deliveredNote} — it is active and listed above. The agents can now act within its bounds.`, 'success');
552
569
  if (els.issueDetails) els.issueDetails.open = false;
553
570
  await refresh();
571
+ } else if (fm && status === 502) {
572
+ // Issued locally but cross-machine DELIVERY failed — honest, retry-able.
573
+ note(`Mandate ${body?.mandate?.id ?? ''} issued, but delivery to the target failed: ${body?.reason ?? body?.error ?? `HTTP ${status}`}. Retry to re-deliver (issuance is idempotent on the target).`, 'error');
574
+ await refresh();
554
575
  } else {
555
576
  note(`Not issued — the server refused: ${body?.error ?? `HTTP ${status}`}`, 'error');
556
577
  }
@@ -1 +1 @@
1
- {"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/commands/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAoCH,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAS3D,OAAO,EAAE,eAAe,EAAiC,MAAM,iCAAiC,CAAC;AAwBjG,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAGvD,OAAO,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAkH7D,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAsBtD;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,yBAAyB,CACvC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,gBAAgB,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAC1C,OAAO,CAUT;AAyID,UAAU,YAAY;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;2DACuD;IACvD,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAg4CD,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,eAAe,EACzB,cAAc,EAAE,cAAc,EAC9B,YAAY,CAAC,EAAE,YAAY,EAC3B,WAAW,CAAC,EAAE,WAAW,EACzB,WAAW,CAAC,EAAE,WAAW,EACzB,iBAAiB,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,EAGvE,UAAU,CAAC,EAAE,MAAM,OAAO,8BAA8B,EAAE,WAAW,GAAG,IAAI,EAK5E,qBAAqB,CAAC,EAAE,MAAM,OAAO,gCAAgC,EAAE,kBAAkB,GAAG,IAAI,EAKhG,mBAAmB,CAAC,EAAE,MAAM,MAAM,GAAG,IAAI,GAAG,SAAS,GACpD,IAAI,CA8eN;AA2lBD,wBAAsB,WAAW,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAm0etE;AAED,wBAAsB,UAAU,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAsDzE;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,aAAa,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAuD5E"}
1
+ {"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/commands/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAoCH,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAS3D,OAAO,EAAE,eAAe,EAAiC,MAAM,iCAAiC,CAAC;AAwBjG,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAGvD,OAAO,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAkH7D,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAsBtD;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,yBAAyB,CACvC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,gBAAgB,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAC1C,OAAO,CAUT;AAyID,UAAU,YAAY;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;2DACuD;IACvD,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAy4CD,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,eAAe,EACzB,cAAc,EAAE,cAAc,EAC9B,YAAY,CAAC,EAAE,YAAY,EAC3B,WAAW,CAAC,EAAE,WAAW,EACzB,WAAW,CAAC,EAAE,WAAW,EACzB,iBAAiB,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,EAGvE,UAAU,CAAC,EAAE,MAAM,OAAO,8BAA8B,EAAE,WAAW,GAAG,IAAI,EAK5E,qBAAqB,CAAC,EAAE,MAAM,OAAO,gCAAgC,EAAE,kBAAkB,GAAG,IAAI,EAKhG,mBAAmB,CAAC,EAAE,MAAM,MAAM,GAAG,IAAI,GAAG,SAAS,GACpD,IAAI,CA8eN;AA2lBD,wBAAsB,WAAW,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAs7etE;AAED,wBAAsB,UAAU,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAsDzE;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,aAAa,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAuD5E"}
@@ -418,6 +418,10 @@ let _resolvePeerUrls = null;
418
418
  * pool dark / no client — the transfer route degrades to today's pin path. */
419
419
  let _sendDrain = null;
420
420
  let _listPoolMachines = null;
421
+ /** WS5.2 R4a — operator/issuer leg: deliver an R4a-signed account-follow-me mandate to a REMOTE
422
+ * target over the signed mesh (the new verb). Set in the mesh-client block; null = no mesh client
423
+ * (single-machine) → the issue-for-machine route 503s on a remote target. */
424
+ let _deliverMandateToMachine = null;
421
425
  /** Multi-Machine Session Pool §L4: per-topic placement pin store ("move this to <nickname>"). */
422
426
  let _topicPinStore = null;
423
427
  /** Cross-machine secret-sync (spec Phase 4): route-facing handle (push lever + read-only status). */
@@ -9938,6 +9942,63 @@ export async function startServer(options) {
9938
9942
  }, config.subscriptionPool?.enrollment?.reissueSweepMs ?? 5 * 60_000);
9939
9943
  if (enrollReissueTimer.unref)
9940
9944
  enrollReissueTimer.unref();
9945
+ // ── WS5.2 R12 — Account Follow-Me revocation data-plane wiring (PER-SERVER model, OQ6) ──
9946
+ // The operator revokes the `account-follow-me` mandate on the TARGET machine's OWN dashboard,
9947
+ // so when /mandate/:id/revoke fires here, THIS machine IS the target — the data-plane wipe is
9948
+ // LOCAL (cooperative-online posture), never a cross-machine wipe-instruction. The pure executor
9949
+ // (AccountFollowMeRevocation) is constructed once with REAL deps:
9950
+ // - cooperativeWipe: framework logout against the account's CLAUDE_CONFIG_DIR + delete the
9951
+ // per-account config slot (SafeFsExecutor) + SubscriptionPool.remove(accountId) — FAIL-CLOSED
9952
+ // (a step that throws surfaces as not-done, never a silent "removed").
9953
+ // - pendingStore: a DURABLE JSON ledger (survives restarts) — offline targets get a bounded
9954
+ // pending wipe that fires on reconnect or escalates to revocation-FAILED at the deadline.
9955
+ // - emitRevocationFailed: the real attention emitter (HIGH item, one running item per pair).
9956
+ // - enabled: the SAME dev-gate as the rest of accountFollowMe (LIVE on a dev agent / DARK on
9957
+ // the fleet), read LIVE per-call so a config flip is honored without a restart.
9958
+ // Everything is DARK behind `multiMachine.accountFollowMe`: when the gate resolves OFF, revoke()
9959
+ // is a strict no-op (the route trigger does nothing) and sweepDeadlines() returns [].
9960
+ const { AccountFollowMeRevocation } = await import('../core/AccountFollowMeRevocation.js');
9961
+ const { DurablePendingWipeStore } = await import('../core/AccountFollowMeRevocationStore.js');
9962
+ const { buildCooperativeWipe } = await import('../core/accountFollowMeCooperativeWipe.js');
9963
+ const accountFollowMeRevocationEnabled = () => resolveDevAgentGate(config.multiMachine?.accountFollowMe?.enabled, config);
9964
+ const accountFollowMeRevocation = new AccountFollowMeRevocation({
9965
+ enabled: accountFollowMeRevocationEnabled,
9966
+ cooperativeWipe: buildCooperativeWipe({
9967
+ pool: subscriptionPool,
9968
+ log: (m) => console.log(m),
9969
+ }),
9970
+ pendingStore: new DurablePendingWipeStore({ stateDir: config.stateDir }),
9971
+ emitRevocationFailed: (item) => {
9972
+ if (!telegram)
9973
+ return;
9974
+ void telegram.createAttentionItem({
9975
+ id: item.id,
9976
+ title: item.title,
9977
+ summary: item.body,
9978
+ description: item.body,
9979
+ category: 'account-follow-me',
9980
+ priority: 'HIGH',
9981
+ sourceContext: 'account-follow-me-revocation',
9982
+ });
9983
+ },
9984
+ reconnectDeadlineMs: () => config
9985
+ .multiMachine?.accountFollowMe?.revocationReconnectDeadlineMs ?? 6 * 60 * 60_000,
9986
+ log: (m) => console.log(m),
9987
+ });
9988
+ // R12.iii — periodic deadline sweep so an offline-pending wipe past its reconnect-deadline
9989
+ // ESCALATES to the LOUD revocation-FAILED attention item (resume-queue give-up discipline).
9990
+ // sweepDeadlines() is a strict no-op while the feature resolves dark (the gate lives INSIDE it),
9991
+ // so the timer can always run. Reentrancy is irrelevant (synchronous); unref'd so it never holds
9992
+ // the process open. Cleared on shutdown alongside the other subscription timers.
9993
+ const accountFollowMeRevocationSweepTimer = setInterval(() => {
9994
+ try {
9995
+ accountFollowMeRevocation.sweepDeadlines();
9996
+ }
9997
+ catch (e) {
9998
+ console.warn(`[account-follow-me] revocation deadline sweep error: ${e instanceof Error ? e.message : String(e)}`);
9999
+ }
10000
+ }, 5 * 60_000);
10001
+ accountFollowMeRevocationSweepTimer.unref?.();
9941
10002
  // Commitment Sentinel — LLM-powered scanner that finds unregistered commitments.
9942
10003
  let commitmentSentinel;
9943
10004
  if (sharedIntelligence) {
@@ -15189,6 +15250,15 @@ export async function startServer(options) {
15189
15250
  routerHolder: () => coordinator?.getSyncStatus().leaseHolder ?? null,
15190
15251
  ownerOf: (s) => ownReg.ownerOf(s),
15191
15252
  placementTargetOf: (s) => ownReg.placementTargetOf(s),
15253
+ // WS5.2 R4a — the COARSE gate for account-follow-me-mandate-deliver: follow-me must be
15254
+ // enabled on THIS machine AND the sender a registered ACTIVE peer (verifyEnvelope already
15255
+ // proved the Ed25519/recipient/nonce). DENY-BY-DEFAULT (dark agent → refused here). The
15256
+ // LOAD-BEARING authority is the R4a signature re-verification in the handler below.
15257
+ authorizeMandateDeliver: ({ sender }) => {
15258
+ const afmEnabled = resolveDevAgentGate(config
15259
+ .multiMachine?.accountFollowMe?.enabled, config);
15260
+ return afmEnabled && meshIdMgr.isMachineActive(sender);
15261
+ },
15192
15262
  },
15193
15263
  recordNonce: (s, n) => {
15194
15264
  const t = Date.now();
@@ -15420,6 +15490,21 @@ export async function startServer(options) {
15420
15490
  'secret-share': (cmd, sender) => _secretShareHandler
15421
15491
  ? _secretShareHandler.handle(cmd, sender)
15422
15492
  : { ok: false, reason: 'secret-sync disabled' },
15493
+ // WS5.2 R4a — ONE-DASHBOARD cross-machine mandate DELIVERY (target side). The operator
15494
+ // issued the account-follow-me mandate (PIN-gated) on their single dashboard and
15495
+ // delivered it here. verifyEnvelope already authenticated `sender` (Ed25519, recipient,
15496
+ // nonce, registered-peer); the LOAD-BEARING authority is the R4a issuance-signature
15497
+ // re-verification, done by AgentServer.acceptDeliveredMandateCommand against the SAME
15498
+ // registered operator key verifyEnvelope used (resolved here, NEVER from the payload).
15499
+ // FAIL CLOSED on every uncertainty; an unverified mandate is never persisted.
15500
+ 'account-follow-me-mandate-deliver': (cmd, sender) => {
15501
+ const c = cmd;
15502
+ // Resolve the AUTHENTICATED sender's REGISTERED Ed25519 public key — the trust anchor.
15503
+ const operatorPem = meshIdMgr.getSigningPublicKeyPem(sender);
15504
+ const r = _agentServerRef?.acceptDeliveredMandateCommand(sender, c.portable, operatorPem)
15505
+ ?? { accepted: false, reason: 'agent-server-not-ready' };
15506
+ return r;
15507
+ },
15423
15508
  // WS4.4 holder side (MULTI-MACHINE-SEAMLESSNESS-SPEC §WS4.4). The
15424
15509
  // verifyEnvelope gate already proved WHICH fronting machine is asking
15425
15510
  // (`sender` = the authenticated, registered peer — used as the
@@ -15505,6 +15590,30 @@ export async function startServer(options) {
15505
15590
  });
15506
15591
  const peerUrl = (machineId) => meshIdMgr.getActiveMachines().find((m) => m.machineId === machineId)?.entry.lastKnownUrl ?? null;
15507
15592
  _meshSelfId = meshSelfId;
15593
+ // WS5.2 R4a — operator/issuer leg: deliver an R4a-signed account-follow-me mandate to a
15594
+ // REMOTE target over the signed mesh `account-follow-me-mandate-deliver` verb. Every
15595
+ // failure shape maps to an explicit outcome the issue-for-machine route surfaces honestly
15596
+ // (the mandate is already issued+persisted locally; only delivery may fail → retry-able).
15597
+ _deliverMandateToMachine = async ({ targetMachineId, portable }) => {
15598
+ const url = peerUrl(targetMachineId);
15599
+ if (!url)
15600
+ return { ok: false, status: 0, reason: 'no-peer-url' };
15601
+ try {
15602
+ const res = await meshClient.send({ machineId: targetMachineId, url }, { type: 'account-follow-me-mandate-deliver', portable }, 0, { timeoutMs: 15_000 });
15603
+ if (res.ok) {
15604
+ const r = (res.result ?? {});
15605
+ return r.accepted === true
15606
+ ? { ok: true, status: 200 }
15607
+ : { ok: false, status: 200, reason: typeof r.reason === 'string' ? r.reason : 'target-refused' };
15608
+ }
15609
+ return { ok: false, status: res.status, reason: res.reason ?? `status-${res.status}` };
15610
+ }
15611
+ catch (err) {
15612
+ // @silent-fallback-ok — a failed delivery RPC returns ok:false to the route, which
15613
+ // surfaces a retry-able 502 (the mandate is safe locally); never a stuck/half delivery.
15614
+ return { ok: false, status: 0, reason: err instanceof Error ? err.message : String(err) };
15615
+ }
15616
+ };
15508
15617
  // WS1.2 sender leg: signed drain order to a remote owner. Bounded by
15509
15618
  // the drain bound + slack so a clean drain (≤30s wait + close) can
15510
15619
  // complete within one call; every failure shape maps to an explicit
@@ -16941,7 +17050,7 @@ export async function startServer(options) {
16941
17050
  }
16942
17051
  : null;
16943
17052
  const server = new AgentServer({ config, sessionManager, state, scheduler, telegram, relationships, feedback, feedbackAnomalyDetector, dispatches, updateChecker, autoUpdater, autoDispatcher, quotaTracker, quotaManager, publisher, viewer, tunnel, evolution, watchdog, topicMemory, triageNurse, projectMapper, cartographer: cartographer ?? undefined, coherenceGate: scopeVerifier, contextHierarchy, canonicalState, operationGate, sentinel, adaptiveTrust, memoryMonitor, orphanReaper, coherenceMonitor, commitmentTracker, subscriptionPool, accountFollowMePeerViews: async () => { const machines = (_listPoolMachines?.() ?? []).filter((m) => m.machineId !== _meshSelfId && !!m.lastKnownUrl); if (machines.length === 0)
16944
- return []; const { fetchPeerSubscriptionViews } = await import('../core/fetchPeerSubscriptionViews.js'); return fetchPeerSubscriptionViews({ peers: () => machines.map((m) => ({ machineId: m.machineId, nickname: m.nickname ?? m.machineId, url: m.lastKnownUrl })), fetchImpl: fetch, authToken: config.authToken ?? '' }); }, quotaPoller, quotaAwareScheduler: _quotaAwareScheduler ?? undefined, proactiveSwapMonitor: _proactiveSwapMonitor ?? undefined, inUseAccountResolver, enrollmentWizard, credentialRepointing, semanticMemory, activitySentinel, rateLimitSentinel, releaseReadinessSentinel: releaseReadinessSentinel ?? undefined, greenPrAutoMerger: greenPrAutoMerger ?? undefined, guardLatchStore: guardLatchStore ?? undefined, messageRouter, summarySentinel, spawnManager, systemReviewer, capabilityMapper, selfKnowledgeTree, coverageAuditor, topicResumeMap: _topicResumeMap ?? undefined, topicProfile: _topicProfileCtx ?? undefined, sessionRefresh: _sessionRefresh ?? undefined, autonomyManager, trustElevationTracker, autonomousEvolution, coordinator: coordinator.enabled ? coordinator : undefined, localSigningKeyPem, leaseTransport, onLeasePullRequest: () => leaseCoordinatorRef?.currentLease() ?? null, liveTailReceiver, handoffWireTransport, onHandoffBegin, onHandoffInitiate: handoffInitiate, handoffInProgress: handoffSentinelInProgress, messageLedger, currentInboundByTopic, replyMarkerTransport, onReplyMarker: messageLedger ? (marker) => { const m = marker; messageLedger.applyRemoteReplyMarker(m.dedupeKey, { platform: m.platform, replyIdempotencyKey: m.replyIdempotencyKey, epoch: m.epoch, topic: m.topic ?? null }); } : undefined, whatsapp: whatsappAdapter, slack: slackAdapter, imessage: imessageAdapter, whatsappBusinessBackend, messageBridge, hookEventReceiver, worktreeMonitor, subagentTracker, instructionsVerifier, handshakeManager: threadlineHandshake, threadlineRouter, conversationStore, threadLog, threadMessageRecorder, warrantsReplyGate, collaborationSurfacer, threadResumeMap, topicLinkageHandler: topicLinkageHandler ?? undefined, threadlineRelayClient, threadlineReplyWaiters, listenerManager: listenerManager ?? undefined, a2aDeliveryTracker: a2aDeliveryTracker ?? undefined, responseReviewGate, messagingToneGate, outboundDedupGate, telemetryHeartbeat, pasteManager, featureRegistry, discoveryEvaluator, completionEvaluator, unifiedTrust, liveConfig, sharedStateLedger, ledgerSessionRegistry, worktreeManager, oidcEnrolledRepos: parallelDevConfig?.oidcEnrolledRepos, initiativeTracker, projectRoundRunner, projectDriftChecker, machineHeartbeat, machinePoolRegistry, getInboundQueue: () => _inboundQueue, meshRpcDispatcher, workingSetPullCoordinator, commitmentReplicaStore, preferenceReplicaStore, replicatedRecordEmitter, conflictStore, rollbackUnmerge, droppedOriginRegistry, preferencesUnionReader, forwardCommitmentMutate, sessionOwnershipRegistry, topicPinStore: _topicPinStore ?? undefined, streamTicketStore: _streamTicketStore ?? undefined, poolStreamAllowRemoteInput: config.dashboard?.poolStream?.allowRemoteInput ?? false, poolStreamConnector: _poolStreamConnector ?? undefined, secretSync: _secretSyncHandle ?? undefined, meshSelfId: _meshSelfId ?? undefined, resolveRouterUrl: _resolveRouterUrl ?? undefined, resolvePeerUrls: _resolvePeerUrls ?? undefined, guardRegistry, listPoolMachines: _listPoolMachines ?? undefined, poolLink: _poolLink ?? undefined, poolPollCache: _poolPollCache ?? undefined, sessionPoolE2EResultStore, proxyCoordinator, topicIntentStore, topicIntentArcCheck, usherSignalStore, intelligence: sharedIntelligence ?? undefined, telegramBridgeConfig, telegramBridge: telegramBridge ?? undefined, threadlineObservability, briefDeps, workingMemory, taskFlowRegistry, threadlineFlowBridge, sessionReaper, agentWorktreeReaper, orphanedWorkSentinel, mcpProcessReaper, geminiLoopRunner, sleepController, agentActivityState, reapLog, resumeQueue, resumeDrainer, autonomousLivenessReconciler, prHandLease: prHandLease ?? undefined, operatorStopRecorder: recordOperatorStop, sleepWakeDetector, unjustifiedStopGate, stopGateDb, stopNotifier, liveTestGate, liveTestGateMode, liveTestRunnerCtx }); // Resolve the late-bound topic-operator getter (increment 2e): routing was
17053
+ return []; const { fetchPeerSubscriptionViews } = await import('../core/fetchPeerSubscriptionViews.js'); return fetchPeerSubscriptionViews({ peers: () => machines.map((m) => ({ machineId: m.machineId, nickname: m.nickname ?? m.machineId, url: m.lastKnownUrl })), fetchImpl: fetch, authToken: config.authToken ?? '' }); }, quotaPoller, quotaAwareScheduler: _quotaAwareScheduler ?? undefined, proactiveSwapMonitor: _proactiveSwapMonitor ?? undefined, inUseAccountResolver, enrollmentWizard, accountFollowMeRevocation, credentialRepointing, semanticMemory, activitySentinel, rateLimitSentinel, releaseReadinessSentinel: releaseReadinessSentinel ?? undefined, greenPrAutoMerger: greenPrAutoMerger ?? undefined, guardLatchStore: guardLatchStore ?? undefined, messageRouter, summarySentinel, spawnManager, systemReviewer, capabilityMapper, selfKnowledgeTree, coverageAuditor, topicResumeMap: _topicResumeMap ?? undefined, topicProfile: _topicProfileCtx ?? undefined, sessionRefresh: _sessionRefresh ?? undefined, autonomyManager, trustElevationTracker, autonomousEvolution, coordinator: coordinator.enabled ? coordinator : undefined, localSigningKeyPem, leaseTransport, onLeasePullRequest: () => leaseCoordinatorRef?.currentLease() ?? null, liveTailReceiver, handoffWireTransport, onHandoffBegin, onHandoffInitiate: handoffInitiate, handoffInProgress: handoffSentinelInProgress, messageLedger, currentInboundByTopic, replyMarkerTransport, onReplyMarker: messageLedger ? (marker) => { const m = marker; messageLedger.applyRemoteReplyMarker(m.dedupeKey, { platform: m.platform, replyIdempotencyKey: m.replyIdempotencyKey, epoch: m.epoch, topic: m.topic ?? null }); } : undefined, whatsapp: whatsappAdapter, slack: slackAdapter, imessage: imessageAdapter, whatsappBusinessBackend, messageBridge, hookEventReceiver, worktreeMonitor, subagentTracker, instructionsVerifier, handshakeManager: threadlineHandshake, threadlineRouter, conversationStore, threadLog, threadMessageRecorder, warrantsReplyGate, collaborationSurfacer, threadResumeMap, topicLinkageHandler: topicLinkageHandler ?? undefined, threadlineRelayClient, threadlineReplyWaiters, listenerManager: listenerManager ?? undefined, a2aDeliveryTracker: a2aDeliveryTracker ?? undefined, responseReviewGate, messagingToneGate, outboundDedupGate, telemetryHeartbeat, pasteManager, featureRegistry, discoveryEvaluator, completionEvaluator, unifiedTrust, liveConfig, sharedStateLedger, ledgerSessionRegistry, worktreeManager, oidcEnrolledRepos: parallelDevConfig?.oidcEnrolledRepos, initiativeTracker, projectRoundRunner, projectDriftChecker, machineHeartbeat, machinePoolRegistry, getInboundQueue: () => _inboundQueue, meshRpcDispatcher, workingSetPullCoordinator, commitmentReplicaStore, preferenceReplicaStore, replicatedRecordEmitter, conflictStore, rollbackUnmerge, droppedOriginRegistry, preferencesUnionReader, forwardCommitmentMutate, sessionOwnershipRegistry, topicPinStore: _topicPinStore ?? undefined, streamTicketStore: _streamTicketStore ?? undefined, poolStreamAllowRemoteInput: config.dashboard?.poolStream?.allowRemoteInput ?? false, poolStreamConnector: _poolStreamConnector ?? undefined, secretSync: _secretSyncHandle ?? undefined, meshSelfId: _meshSelfId ?? undefined, resolveRouterUrl: _resolveRouterUrl ?? undefined, resolvePeerUrls: _resolvePeerUrls ?? undefined, guardRegistry, listPoolMachines: _listPoolMachines ?? undefined, deliverMandateToMachine: _deliverMandateToMachine ?? undefined, poolLink: _poolLink ?? undefined, poolPollCache: _poolPollCache ?? undefined, sessionPoolE2EResultStore, proxyCoordinator, topicIntentStore, topicIntentArcCheck, usherSignalStore, intelligence: sharedIntelligence ?? undefined, telegramBridgeConfig, telegramBridge: telegramBridge ?? undefined, threadlineObservability, briefDeps, workingMemory, taskFlowRegistry, threadlineFlowBridge, sessionReaper, agentWorktreeReaper, orphanedWorkSentinel, mcpProcessReaper, geminiLoopRunner, sleepController, agentActivityState, reapLog, resumeQueue, resumeDrainer, autonomousLivenessReconciler, prHandLease: prHandLease ?? undefined, operatorStopRecorder: recordOperatorStop, sleepWakeDetector, unjustifiedStopGate, stopGateDb, stopNotifier, liveTestGate, liveTestGateMode, liveTestRunnerCtx }); // Resolve the late-bound topic-operator getter (increment 2e): routing was
16945
17054
  // wired before the server existed; from here on inbound binds use the
16946
17055
  // server's own store instance.
16947
17056
  _agentServerRef = server;