instar 1.3.621 → 1.3.623
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dashboard/subscriptions.js +49 -15
- package/dist/commands/server.d.ts.map +1 -1
- package/dist/commands/server.js +18 -3
- package/dist/commands/server.js.map +1 -1
- package/dist/core/FrameworkLoginDriver.d.ts.map +1 -1
- package/dist/core/FrameworkLoginDriver.js +36 -1
- package/dist/core/FrameworkLoginDriver.js.map +1 -1
- package/dist/server/AgentServer.d.ts +20 -0
- package/dist/server/AgentServer.d.ts.map +1 -1
- package/dist/server/AgentServer.js +116 -0
- package/dist/server/AgentServer.js.map +1 -1
- package/dist/server/routes.d.ts.map +1 -1
- package/dist/server/routes.js +41 -2
- package/dist/server/routes.js.map +1 -1
- package/package.json +1 -1
- package/src/data/builtin-manifest.json +47 -47
- package/upgrades/1.3.622.md +26 -0
- package/upgrades/1.3.623.md +21 -0
- package/upgrades/side-effects/ws52-code-t-fix.md +37 -0
- package/upgrades/side-effects/ws52-enroll-seams.md +75 -0
|
@@ -247,6 +247,21 @@ export function buildFollowMeIssuePayload(card, offers, pinValue) {
|
|
|
247
247
|
}
|
|
248
248
|
|
|
249
249
|
/** Pending Logins panel: device code / verification URL (as TEXT) + TTL + reissues. */
|
|
250
|
+
// Only render a verification URL as a TAPPABLE link when it is https AND points at a
|
|
251
|
+
// known provider sign-in host. Anything else falls back to plain text (preserves the
|
|
252
|
+
// "never make an arbitrary href clickable" intent while giving a real one-tap sign-in
|
|
253
|
+
// for the legitimate provider OAuth URLs).
|
|
254
|
+
const PROVIDER_LOGIN_HOSTS = ['claude.com', 'claude.ai', 'anthropic.com', 'openai.com', 'auth.openai.com', 'accounts.google.com', 'google.com'];
|
|
255
|
+
function trustedLoginUrl(raw) {
|
|
256
|
+
if (typeof raw !== 'string' || !raw) return null;
|
|
257
|
+
try {
|
|
258
|
+
const u = new URL(raw);
|
|
259
|
+
if (u.protocol !== 'https:') return null;
|
|
260
|
+
const host = u.hostname.toLowerCase();
|
|
261
|
+
return PROVIDER_LOGIN_HOSTS.some((h) => host === h || host.endsWith('.' + h)) ? u.href : null;
|
|
262
|
+
} catch { return null; }
|
|
263
|
+
}
|
|
264
|
+
|
|
250
265
|
export function renderPendingLogins(doc, target, logins, now = Date.now()) {
|
|
251
266
|
if (!target) return;
|
|
252
267
|
target.replaceChildren();
|
|
@@ -256,25 +271,42 @@ export function renderPendingLogins(doc, target, logins, now = Date.now()) {
|
|
|
256
271
|
}
|
|
257
272
|
for (const l of logins) {
|
|
258
273
|
const row = el(doc, 'div', 'sub-pending');
|
|
259
|
-
|
|
260
|
-
|
|
261
|
-
const
|
|
262
|
-
|
|
263
|
-
|
|
264
|
-
|
|
265
|
-
|
|
266
|
-
|
|
267
|
-
|
|
274
|
+
|
|
275
|
+
// Lead with a plain-language headline naming what to do + where (machine).
|
|
276
|
+
const machine = sanitizeForDisplay(l && (l.machineNickname || l.machineId), 'label');
|
|
277
|
+
const who = sanitizeForDisplay(l && l.label, 'label');
|
|
278
|
+
const headline = machine
|
|
279
|
+
? `Sign in to finish setting up ${who} on ${machine}`
|
|
280
|
+
: `Sign in to finish setting up ${who}`;
|
|
281
|
+
row.appendChild(el(doc, 'div', 'sub-pending-headline', headline));
|
|
282
|
+
|
|
283
|
+
// The PRIMARY action: one tappable "Sign in" link to the provider's own OAuth URL.
|
|
284
|
+
// Falls back to copy-text only if the URL isn't a trusted provider sign-in host.
|
|
285
|
+
const href = trustedLoginUrl(l && l.verificationUrl);
|
|
286
|
+
if (href) {
|
|
287
|
+
const a = doc.createElement('a');
|
|
288
|
+
a.setAttribute('href', href);
|
|
289
|
+
a.setAttribute('target', '_blank');
|
|
290
|
+
a.setAttribute('rel', 'noopener noreferrer');
|
|
291
|
+
a.setAttribute('class', 'sub-pending-signin');
|
|
292
|
+
a.textContent = 'Sign in';
|
|
293
|
+
row.appendChild(a);
|
|
294
|
+
} else if (l && l.verificationUrl) {
|
|
295
|
+
row.appendChild(el(doc, 'div', 'sub-pending-url', sanitizeForDisplay(l.verificationUrl, 'url')));
|
|
268
296
|
}
|
|
297
|
+
|
|
298
|
+
// A device code (only some flows) — shown compactly under the button.
|
|
269
299
|
if (l && l.userCode) {
|
|
270
300
|
row.appendChild(el(doc, 'div', 'sub-pending-code', `Code: ${sanitizeForDisplay(l.userCode, 'code')}`));
|
|
271
301
|
}
|
|
272
|
-
|
|
273
|
-
|
|
274
|
-
const
|
|
275
|
-
if (
|
|
276
|
-
|
|
302
|
+
|
|
303
|
+
// One short secondary line: the TTL, and the flow notice only if present (trimmed).
|
|
304
|
+
const ttl = l && l.ttlExpiresAt ? countdown(l.ttlExpiresAt, now) : '';
|
|
305
|
+
if (ttl) row.appendChild(el(doc, 'div', 'sub-pending-ttl', `Link expires in ${ttl}`));
|
|
306
|
+
if (l && l.notice) {
|
|
307
|
+
row.appendChild(el(doc, 'div', 'sub-pending-notice', sanitizeForDisplay(l.notice, 'summary')));
|
|
277
308
|
}
|
|
309
|
+
// (No "re-issued N times" noise — it confused more than it informed.)
|
|
278
310
|
target.appendChild(row);
|
|
279
311
|
}
|
|
280
312
|
}
|
|
@@ -291,7 +323,9 @@ export function renderDisabled(doc, els) {
|
|
|
291
323
|
// ── Controller (fetch /subscription-pool + /pending-logins, render) ─────────
|
|
292
324
|
const URLS = {
|
|
293
325
|
accounts: '/subscription-pool',
|
|
294
|
-
|
|
326
|
+
// scope=pool so a follow-me login created on ANOTHER machine (e.g. the Mac Mini) surfaces on the
|
|
327
|
+
// operator's single dashboard (WS5.2 seam #3) — without it the device-code link never appears here.
|
|
328
|
+
pending: '/subscription-pool/pending-logins?scope=pool',
|
|
295
329
|
inUse: '/subscription-pool/in-use',
|
|
296
330
|
scan: '/subscription-pool/follow-me/scan', // POST — follow-me consent offers (one-tap card)
|
|
297
331
|
issue: '/mandate/issue-for-machine', // POST (PIN-gated) — Approve issues the mandate
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/commands/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAoCH,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAS3D,OAAO,EAAE,eAAe,EAAiC,MAAM,iCAAiC,CAAC;AAwBjG,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAGvD,OAAO,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAkH7D,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAsBtD;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,yBAAyB,CACvC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,gBAAgB,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAC1C,OAAO,CAUT;AAyID,UAAU,YAAY;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;2DACuD;IACvD,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAy4CD,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,eAAe,EACzB,cAAc,EAAE,cAAc,EAC9B,YAAY,CAAC,EAAE,YAAY,EAC3B,WAAW,CAAC,EAAE,WAAW,EACzB,WAAW,CAAC,EAAE,WAAW,EACzB,iBAAiB,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,EAGvE,UAAU,CAAC,EAAE,MAAM,OAAO,8BAA8B,EAAE,WAAW,GAAG,IAAI,EAK5E,qBAAqB,CAAC,EAAE,MAAM,OAAO,gCAAgC,EAAE,kBAAkB,GAAG,IAAI,EAKhG,mBAAmB,CAAC,EAAE,MAAM,MAAM,GAAG,IAAI,GAAG,SAAS,GACpD,IAAI,CA8eN;AA2lBD,wBAAsB,WAAW,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/commands/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAoCH,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAS3D,OAAO,EAAE,eAAe,EAAiC,MAAM,iCAAiC,CAAC;AAwBjG,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAGvD,OAAO,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAkH7D,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAsBtD;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,yBAAyB,CACvC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,gBAAgB,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAC1C,OAAO,CAUT;AAyID,UAAU,YAAY;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;2DACuD;IACvD,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAy4CD,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,eAAe,EACzB,cAAc,EAAE,cAAc,EAC9B,YAAY,CAAC,EAAE,YAAY,EAC3B,WAAW,CAAC,EAAE,WAAW,EACzB,WAAW,CAAC,EAAE,WAAW,EACzB,iBAAiB,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,EAGvE,UAAU,CAAC,EAAE,MAAM,OAAO,8BAA8B,EAAE,WAAW,GAAG,IAAI,EAK5E,qBAAqB,CAAC,EAAE,MAAM,OAAO,gCAAgC,EAAE,kBAAkB,GAAG,IAAI,EAKhG,mBAAmB,CAAC,EAAE,MAAM,MAAM,GAAG,IAAI,GAAG,SAAS,GACpD,IAAI,CA8eN;AA2lBD,wBAAsB,WAAW,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAk8etE;AAED,wBAAsB,UAAU,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAsDzE;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,aAAa,CAAC,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAuD5E"}
|
package/dist/commands/server.js
CHANGED
|
@@ -9909,7 +9909,20 @@ export async function startServer(options) {
|
|
|
9909
9909
|
})
|
|
9910
9910
|
: undefined,
|
|
9911
9911
|
driveLogin: new FrameworkLoginDriver({
|
|
9912
|
-
capture
|
|
9912
|
+
// Capture with `tmux capture-pane -J` so a hard-WRAPPED verification URL is
|
|
9913
|
+
// joined back into one line (the 2026-06-18 "code=t" truncation bug). Falls
|
|
9914
|
+
// back to the generic capture if tmux/the -J capture is unavailable;
|
|
9915
|
+
// parseArtifact ALSO de-wraps defensively.
|
|
9916
|
+
capture: async (session) => {
|
|
9917
|
+
const tmuxPath = detectTmuxPath();
|
|
9918
|
+
if (tmuxPath) {
|
|
9919
|
+
try {
|
|
9920
|
+
return execFileSync(tmuxPath, ['capture-pane', '-p', '-J', '-S', '-300', '-t', `=${session}:`], { encoding: 'utf-8', timeout: 5000 }) || '';
|
|
9921
|
+
}
|
|
9922
|
+
catch { /* @silent-fallback-ok — fall through to the generic capture */ }
|
|
9923
|
+
}
|
|
9924
|
+
return sessionManager.captureOutput(session, 120) || '';
|
|
9925
|
+
},
|
|
9913
9926
|
spawn: async ({ framework, configHome }) => {
|
|
9914
9927
|
const tmuxPath = detectTmuxPath();
|
|
9915
9928
|
if (!tmuxPath)
|
|
@@ -17049,8 +17062,10 @@ export async function startServer(options) {
|
|
|
17049
17062
|
carrier: _topicProfileCarrier,
|
|
17050
17063
|
}
|
|
17051
17064
|
: null;
|
|
17052
|
-
const server = new AgentServer({ config, sessionManager, state, scheduler, telegram, relationships, feedback, feedbackAnomalyDetector, dispatches, updateChecker, autoUpdater, autoDispatcher, quotaTracker, quotaManager, publisher, viewer, tunnel, evolution, watchdog, topicMemory, triageNurse, projectMapper, cartographer: cartographer ?? undefined, coherenceGate: scopeVerifier, contextHierarchy, canonicalState, operationGate, sentinel, adaptiveTrust, memoryMonitor, orphanReaper, coherenceMonitor, commitmentTracker, subscriptionPool, accountFollowMePeerViews: async () => { const
|
|
17053
|
-
|
|
17065
|
+
const server = new AgentServer({ config, sessionManager, state, scheduler, telegram, relationships, feedback, feedbackAnomalyDetector, dispatches, updateChecker, autoUpdater, autoDispatcher, quotaTracker, quotaManager, publisher, viewer, tunnel, evolution, watchdog, topicMemory, triageNurse, projectMapper, cartographer: cartographer ?? undefined, coherenceGate: scopeVerifier, contextHierarchy, canonicalState, operationGate, sentinel, adaptiveTrust, memoryMonitor, orphanReaper, coherenceMonitor, commitmentTracker, subscriptionPool, accountFollowMePeerViews: async () => { const nickById = new Map((_listPoolMachines?.() ?? []).map((m) => [m.machineId, m.nickname ?? m.machineId])); let peers = (_resolvePeerUrls?.() ?? []).map((p) => ({ machineId: p.machineId, nickname: nickById.get(p.machineId) ?? p.machineId, url: p.url })); if (peers.length === 0) {
|
|
17066
|
+
peers = (_listPoolMachines?.() ?? []).filter((m) => m.machineId !== _meshSelfId && !!m.lastKnownUrl).map((m) => ({ machineId: m.machineId, nickname: m.nickname ?? m.machineId, url: m.lastKnownUrl }));
|
|
17067
|
+
} if (peers.length === 0)
|
|
17068
|
+
return []; const { fetchPeerSubscriptionViews } = await import('../core/fetchPeerSubscriptionViews.js'); return fetchPeerSubscriptionViews({ peers: () => peers, fetchImpl: fetch, authToken: config.authToken ?? '' }); }, quotaPoller, quotaAwareScheduler: _quotaAwareScheduler ?? undefined, proactiveSwapMonitor: _proactiveSwapMonitor ?? undefined, inUseAccountResolver, enrollmentWizard, accountFollowMeRevocation, credentialRepointing, semanticMemory, activitySentinel, rateLimitSentinel, releaseReadinessSentinel: releaseReadinessSentinel ?? undefined, greenPrAutoMerger: greenPrAutoMerger ?? undefined, guardLatchStore: guardLatchStore ?? undefined, messageRouter, summarySentinel, spawnManager, systemReviewer, capabilityMapper, selfKnowledgeTree, coverageAuditor, topicResumeMap: _topicResumeMap ?? undefined, topicProfile: _topicProfileCtx ?? undefined, sessionRefresh: _sessionRefresh ?? undefined, autonomyManager, trustElevationTracker, autonomousEvolution, coordinator: coordinator.enabled ? coordinator : undefined, localSigningKeyPem, leaseTransport, onLeasePullRequest: () => leaseCoordinatorRef?.currentLease() ?? null, liveTailReceiver, handoffWireTransport, onHandoffBegin, onHandoffInitiate: handoffInitiate, handoffInProgress: handoffSentinelInProgress, messageLedger, currentInboundByTopic, replyMarkerTransport, onReplyMarker: messageLedger ? (marker) => { const m = marker; messageLedger.applyRemoteReplyMarker(m.dedupeKey, { platform: m.platform, replyIdempotencyKey: m.replyIdempotencyKey, epoch: m.epoch, topic: m.topic ?? null }); } : undefined, whatsapp: whatsappAdapter, slack: slackAdapter, imessage: imessageAdapter, whatsappBusinessBackend, messageBridge, hookEventReceiver, worktreeMonitor, subagentTracker, instructionsVerifier, handshakeManager: threadlineHandshake, threadlineRouter, conversationStore, threadLog, threadMessageRecorder, warrantsReplyGate, collaborationSurfacer, threadResumeMap, topicLinkageHandler: topicLinkageHandler ?? undefined, threadlineRelayClient, threadlineReplyWaiters, listenerManager: listenerManager ?? undefined, a2aDeliveryTracker: a2aDeliveryTracker ?? undefined, responseReviewGate, messagingToneGate, outboundDedupGate, telemetryHeartbeat, pasteManager, featureRegistry, discoveryEvaluator, completionEvaluator, unifiedTrust, liveConfig, sharedStateLedger, ledgerSessionRegistry, worktreeManager, oidcEnrolledRepos: parallelDevConfig?.oidcEnrolledRepos, initiativeTracker, projectRoundRunner, projectDriftChecker, machineHeartbeat, machinePoolRegistry, getInboundQueue: () => _inboundQueue, meshRpcDispatcher, workingSetPullCoordinator, commitmentReplicaStore, preferenceReplicaStore, replicatedRecordEmitter, conflictStore, rollbackUnmerge, droppedOriginRegistry, preferencesUnionReader, forwardCommitmentMutate, sessionOwnershipRegistry, topicPinStore: _topicPinStore ?? undefined, streamTicketStore: _streamTicketStore ?? undefined, poolStreamAllowRemoteInput: config.dashboard?.poolStream?.allowRemoteInput ?? false, poolStreamConnector: _poolStreamConnector ?? undefined, secretSync: _secretSyncHandle ?? undefined, meshSelfId: _meshSelfId ?? undefined, resolveRouterUrl: _resolveRouterUrl ?? undefined, resolvePeerUrls: _resolvePeerUrls ?? undefined, guardRegistry, listPoolMachines: _listPoolMachines ?? undefined, deliverMandateToMachine: _deliverMandateToMachine ?? undefined, poolLink: _poolLink ?? undefined, poolPollCache: _poolPollCache ?? undefined, sessionPoolE2EResultStore, proxyCoordinator, topicIntentStore, topicIntentArcCheck, usherSignalStore, intelligence: sharedIntelligence ?? undefined, telegramBridgeConfig, telegramBridge: telegramBridge ?? undefined, threadlineObservability, briefDeps, workingMemory, taskFlowRegistry, threadlineFlowBridge, sessionReaper, agentWorktreeReaper, orphanedWorkSentinel, mcpProcessReaper, geminiLoopRunner, sleepController, agentActivityState, reapLog, resumeQueue, resumeDrainer, autonomousLivenessReconciler, prHandLease: prHandLease ?? undefined, operatorStopRecorder: recordOperatorStop, sleepWakeDetector, unjustifiedStopGate, stopGateDb, stopNotifier, liveTestGate, liveTestGateMode, liveTestRunnerCtx }); // Resolve the late-bound topic-operator getter (increment 2e): routing was
|
|
17054
17069
|
// wired before the server existed; from here on inbound binds use the
|
|
17055
17070
|
// server's own store instance.
|
|
17056
17071
|
_agentServerRef = server;
|