instar 1.3.666 → 1.3.668
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/server.d.ts.map +1 -1
- package/dist/commands/server.js +12 -9
- package/dist/commands/server.js.map +1 -1
- package/dist/core/MessageSentinel.d.ts +62 -1
- package/dist/core/MessageSentinel.d.ts.map +1 -1
- package/dist/core/MessageSentinel.js +123 -1
- package/dist/core/MessageSentinel.js.map +1 -1
- package/dist/monitoring/AgentWorktreeReaper.d.ts +17 -0
- package/dist/monitoring/AgentWorktreeReaper.d.ts.map +1 -1
- package/dist/monitoring/AgentWorktreeReaper.js +38 -0
- package/dist/monitoring/AgentWorktreeReaper.js.map +1 -1
- package/dist/monitoring/agentWorktreeGit.d.ts +12 -0
- package/dist/monitoring/agentWorktreeGit.d.ts.map +1 -1
- package/dist/monitoring/agentWorktreeGit.js +27 -2
- package/dist/monitoring/agentWorktreeGit.js.map +1 -1
- package/dist/server/routes.d.ts.map +1 -1
- package/dist/server/routes.js +10 -5
- package/dist/server/routes.js.map +1 -1
- package/package.json +1 -1
- package/src/data/builtin-manifest.json +46 -46
- package/upgrades/1.3.667.md +32 -0
- package/upgrades/1.3.668.md +24 -0
- package/upgrades/side-effects/operator-channel-sacred.md +31 -0
- package/upgrades/side-effects/worktree-reaper-untracked-blindspot.md +22 -0
package/package.json
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "./builtin-manifest.schema.json",
|
|
3
3
|
"schemaVersion": 1,
|
|
4
|
-
"generatedAt": "2026-06-
|
|
5
|
-
"instarVersion": "1.3.
|
|
4
|
+
"generatedAt": "2026-06-26T04:26:35.476Z",
|
|
5
|
+
"instarVersion": "1.3.668",
|
|
6
6
|
"entryCount": 202,
|
|
7
7
|
"entries": {
|
|
8
8
|
"hook:session-start": {
|
|
@@ -418,7 +418,7 @@
|
|
|
418
418
|
"type": "route-group",
|
|
419
419
|
"domain": "monitoring",
|
|
420
420
|
"sourcePath": "src/server/routes.ts",
|
|
421
|
-
"contentHash": "
|
|
421
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
422
422
|
"since": "2025-01-01"
|
|
423
423
|
},
|
|
424
424
|
"route-group:agents": {
|
|
@@ -426,7 +426,7 @@
|
|
|
426
426
|
"type": "route-group",
|
|
427
427
|
"domain": "sessions",
|
|
428
428
|
"sourcePath": "src/server/routes.ts",
|
|
429
|
-
"contentHash": "
|
|
429
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
430
430
|
"since": "2025-01-01"
|
|
431
431
|
},
|
|
432
432
|
"route-group:backups": {
|
|
@@ -434,7 +434,7 @@
|
|
|
434
434
|
"type": "route-group",
|
|
435
435
|
"domain": "operations",
|
|
436
436
|
"sourcePath": "src/server/routes.ts",
|
|
437
|
-
"contentHash": "
|
|
437
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
438
438
|
"since": "2025-01-01"
|
|
439
439
|
},
|
|
440
440
|
"route-group:git": {
|
|
@@ -442,7 +442,7 @@
|
|
|
442
442
|
"type": "route-group",
|
|
443
443
|
"domain": "coordination",
|
|
444
444
|
"sourcePath": "src/server/routes.ts",
|
|
445
|
-
"contentHash": "
|
|
445
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
446
446
|
"since": "2025-01-01"
|
|
447
447
|
},
|
|
448
448
|
"route-group:memory": {
|
|
@@ -450,7 +450,7 @@
|
|
|
450
450
|
"type": "route-group",
|
|
451
451
|
"domain": "memory",
|
|
452
452
|
"sourcePath": "src/server/routes.ts",
|
|
453
|
-
"contentHash": "
|
|
453
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
454
454
|
"since": "2025-01-01"
|
|
455
455
|
},
|
|
456
456
|
"route-group:semantic": {
|
|
@@ -458,7 +458,7 @@
|
|
|
458
458
|
"type": "route-group",
|
|
459
459
|
"domain": "memory",
|
|
460
460
|
"sourcePath": "src/server/routes.ts",
|
|
461
|
-
"contentHash": "
|
|
461
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
462
462
|
"since": "2025-01-01"
|
|
463
463
|
},
|
|
464
464
|
"route-group:status": {
|
|
@@ -466,7 +466,7 @@
|
|
|
466
466
|
"type": "route-group",
|
|
467
467
|
"domain": "monitoring",
|
|
468
468
|
"sourcePath": "src/server/routes.ts",
|
|
469
|
-
"contentHash": "
|
|
469
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
470
470
|
"since": "2025-01-01"
|
|
471
471
|
},
|
|
472
472
|
"route-group:capabilities": {
|
|
@@ -474,7 +474,7 @@
|
|
|
474
474
|
"type": "route-group",
|
|
475
475
|
"domain": "mapping",
|
|
476
476
|
"sourcePath": "src/server/routes.ts",
|
|
477
|
-
"contentHash": "
|
|
477
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
478
478
|
"since": "2025-01-01"
|
|
479
479
|
},
|
|
480
480
|
"route-group:project-map": {
|
|
@@ -482,7 +482,7 @@
|
|
|
482
482
|
"type": "route-group",
|
|
483
483
|
"domain": "mapping",
|
|
484
484
|
"sourcePath": "src/server/routes.ts",
|
|
485
|
-
"contentHash": "
|
|
485
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
486
486
|
"since": "2025-01-01"
|
|
487
487
|
},
|
|
488
488
|
"route-group:coherence": {
|
|
@@ -490,7 +490,7 @@
|
|
|
490
490
|
"type": "route-group",
|
|
491
491
|
"domain": "coherence",
|
|
492
492
|
"sourcePath": "src/server/routes.ts",
|
|
493
|
-
"contentHash": "
|
|
493
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
494
494
|
"since": "2025-01-01"
|
|
495
495
|
},
|
|
496
496
|
"route-group:topic-bindings": {
|
|
@@ -498,7 +498,7 @@
|
|
|
498
498
|
"type": "route-group",
|
|
499
499
|
"domain": "sessions",
|
|
500
500
|
"sourcePath": "src/server/routes.ts",
|
|
501
|
-
"contentHash": "
|
|
501
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
502
502
|
"since": "2025-01-01"
|
|
503
503
|
},
|
|
504
504
|
"route-group:context": {
|
|
@@ -506,7 +506,7 @@
|
|
|
506
506
|
"type": "route-group",
|
|
507
507
|
"domain": "context",
|
|
508
508
|
"sourcePath": "src/server/routes.ts",
|
|
509
|
-
"contentHash": "
|
|
509
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
510
510
|
"since": "2025-01-01"
|
|
511
511
|
},
|
|
512
512
|
"route-group:scope-coherence": {
|
|
@@ -514,7 +514,7 @@
|
|
|
514
514
|
"type": "route-group",
|
|
515
515
|
"domain": "coherence",
|
|
516
516
|
"sourcePath": "src/server/routes.ts",
|
|
517
|
-
"contentHash": "
|
|
517
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
518
518
|
"since": "2025-01-01"
|
|
519
519
|
},
|
|
520
520
|
"route-group:canonical-state": {
|
|
@@ -522,7 +522,7 @@
|
|
|
522
522
|
"type": "route-group",
|
|
523
523
|
"domain": "state",
|
|
524
524
|
"sourcePath": "src/server/routes.ts",
|
|
525
|
-
"contentHash": "
|
|
525
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
526
526
|
"since": "2025-01-01"
|
|
527
527
|
},
|
|
528
528
|
"route-group:ci": {
|
|
@@ -530,7 +530,7 @@
|
|
|
530
530
|
"type": "route-group",
|
|
531
531
|
"domain": "monitoring",
|
|
532
532
|
"sourcePath": "src/server/routes.ts",
|
|
533
|
-
"contentHash": "
|
|
533
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
534
534
|
"since": "2025-01-01"
|
|
535
535
|
},
|
|
536
536
|
"route-group:sessions": {
|
|
@@ -538,7 +538,7 @@
|
|
|
538
538
|
"type": "route-group",
|
|
539
539
|
"domain": "sessions",
|
|
540
540
|
"sourcePath": "src/server/routes.ts",
|
|
541
|
-
"contentHash": "
|
|
541
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
542
542
|
"since": "2025-01-01"
|
|
543
543
|
},
|
|
544
544
|
"route-group:jobs": {
|
|
@@ -546,7 +546,7 @@
|
|
|
546
546
|
"type": "route-group",
|
|
547
547
|
"domain": "scheduling",
|
|
548
548
|
"sourcePath": "src/server/routes.ts",
|
|
549
|
-
"contentHash": "
|
|
549
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
550
550
|
"since": "2025-01-01"
|
|
551
551
|
},
|
|
552
552
|
"route-group:skip-ledger": {
|
|
@@ -554,7 +554,7 @@
|
|
|
554
554
|
"type": "route-group",
|
|
555
555
|
"domain": "scheduling",
|
|
556
556
|
"sourcePath": "src/server/routes.ts",
|
|
557
|
-
"contentHash": "
|
|
557
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
558
558
|
"since": "2025-01-01"
|
|
559
559
|
},
|
|
560
560
|
"route-group:telegram": {
|
|
@@ -562,7 +562,7 @@
|
|
|
562
562
|
"type": "route-group",
|
|
563
563
|
"domain": "communication",
|
|
564
564
|
"sourcePath": "src/server/routes.ts",
|
|
565
|
-
"contentHash": "
|
|
565
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
566
566
|
"since": "2025-01-01"
|
|
567
567
|
},
|
|
568
568
|
"route-group:attention": {
|
|
@@ -570,7 +570,7 @@
|
|
|
570
570
|
"type": "route-group",
|
|
571
571
|
"domain": "communication",
|
|
572
572
|
"sourcePath": "src/server/routes.ts",
|
|
573
|
-
"contentHash": "
|
|
573
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
574
574
|
"since": "2025-01-01"
|
|
575
575
|
},
|
|
576
576
|
"route-group:relationships": {
|
|
@@ -578,7 +578,7 @@
|
|
|
578
578
|
"type": "route-group",
|
|
579
579
|
"domain": "relationships",
|
|
580
580
|
"sourcePath": "src/server/routes.ts",
|
|
581
|
-
"contentHash": "
|
|
581
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
582
582
|
"since": "2025-01-01"
|
|
583
583
|
},
|
|
584
584
|
"route-group:feedback": {
|
|
@@ -586,7 +586,7 @@
|
|
|
586
586
|
"type": "route-group",
|
|
587
587
|
"domain": "feedback",
|
|
588
588
|
"sourcePath": "src/server/routes.ts",
|
|
589
|
-
"contentHash": "
|
|
589
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
590
590
|
"since": "2025-01-01"
|
|
591
591
|
},
|
|
592
592
|
"route-group:updates": {
|
|
@@ -594,7 +594,7 @@
|
|
|
594
594
|
"type": "route-group",
|
|
595
595
|
"domain": "updates",
|
|
596
596
|
"sourcePath": "src/server/routes.ts",
|
|
597
|
-
"contentHash": "
|
|
597
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
598
598
|
"since": "2025-01-01"
|
|
599
599
|
},
|
|
600
600
|
"route-group:dispatches": {
|
|
@@ -602,7 +602,7 @@
|
|
|
602
602
|
"type": "route-group",
|
|
603
603
|
"domain": "dispatches",
|
|
604
604
|
"sourcePath": "src/server/routes.ts",
|
|
605
|
-
"contentHash": "
|
|
605
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
606
606
|
"since": "2025-01-01"
|
|
607
607
|
},
|
|
608
608
|
"route-group:quota": {
|
|
@@ -610,7 +610,7 @@
|
|
|
610
610
|
"type": "route-group",
|
|
611
611
|
"domain": "monitoring",
|
|
612
612
|
"sourcePath": "src/server/routes.ts",
|
|
613
|
-
"contentHash": "
|
|
613
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
614
614
|
"since": "2025-01-01"
|
|
615
615
|
},
|
|
616
616
|
"route-group:publishing": {
|
|
@@ -618,7 +618,7 @@
|
|
|
618
618
|
"type": "route-group",
|
|
619
619
|
"domain": "publishing",
|
|
620
620
|
"sourcePath": "src/server/routes.ts",
|
|
621
|
-
"contentHash": "
|
|
621
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
622
622
|
"since": "2025-01-01"
|
|
623
623
|
},
|
|
624
624
|
"route-group:private-views": {
|
|
@@ -626,7 +626,7 @@
|
|
|
626
626
|
"type": "route-group",
|
|
627
627
|
"domain": "publishing",
|
|
628
628
|
"sourcePath": "src/server/routes.ts",
|
|
629
|
-
"contentHash": "
|
|
629
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
630
630
|
"since": "2025-01-01"
|
|
631
631
|
},
|
|
632
632
|
"route-group:tunnel": {
|
|
@@ -634,7 +634,7 @@
|
|
|
634
634
|
"type": "route-group",
|
|
635
635
|
"domain": "networking",
|
|
636
636
|
"sourcePath": "src/server/routes.ts",
|
|
637
|
-
"contentHash": "
|
|
637
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
638
638
|
"since": "2025-01-01"
|
|
639
639
|
},
|
|
640
640
|
"route-group:events": {
|
|
@@ -642,7 +642,7 @@
|
|
|
642
642
|
"type": "route-group",
|
|
643
643
|
"domain": "networking",
|
|
644
644
|
"sourcePath": "src/server/routes.ts",
|
|
645
|
-
"contentHash": "
|
|
645
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
646
646
|
"since": "2025-01-01"
|
|
647
647
|
},
|
|
648
648
|
"route-group:evolution": {
|
|
@@ -650,7 +650,7 @@
|
|
|
650
650
|
"type": "route-group",
|
|
651
651
|
"domain": "evolution",
|
|
652
652
|
"sourcePath": "src/server/routes.ts",
|
|
653
|
-
"contentHash": "
|
|
653
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
654
654
|
"since": "2025-01-01"
|
|
655
655
|
},
|
|
656
656
|
"route-group:watchdog": {
|
|
@@ -658,7 +658,7 @@
|
|
|
658
658
|
"type": "route-group",
|
|
659
659
|
"domain": "monitoring",
|
|
660
660
|
"sourcePath": "src/server/routes.ts",
|
|
661
|
-
"contentHash": "
|
|
661
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
662
662
|
"since": "2025-01-01"
|
|
663
663
|
},
|
|
664
664
|
"route-group:topic-memory": {
|
|
@@ -666,7 +666,7 @@
|
|
|
666
666
|
"type": "route-group",
|
|
667
667
|
"domain": "memory",
|
|
668
668
|
"sourcePath": "src/server/routes.ts",
|
|
669
|
-
"contentHash": "
|
|
669
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
670
670
|
"since": "2025-01-01"
|
|
671
671
|
},
|
|
672
672
|
"route-group:state-sync": {
|
|
@@ -674,7 +674,7 @@
|
|
|
674
674
|
"type": "route-group",
|
|
675
675
|
"domain": "coordination",
|
|
676
676
|
"sourcePath": "src/server/routes.ts",
|
|
677
|
-
"contentHash": "
|
|
677
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
678
678
|
"since": "2025-01-01"
|
|
679
679
|
},
|
|
680
680
|
"route-group:intent": {
|
|
@@ -682,7 +682,7 @@
|
|
|
682
682
|
"type": "route-group",
|
|
683
683
|
"domain": "intent",
|
|
684
684
|
"sourcePath": "src/server/routes.ts",
|
|
685
|
-
"contentHash": "
|
|
685
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
686
686
|
"since": "2025-01-01"
|
|
687
687
|
},
|
|
688
688
|
"route-group:triage": {
|
|
@@ -690,7 +690,7 @@
|
|
|
690
690
|
"type": "route-group",
|
|
691
691
|
"domain": "safety",
|
|
692
692
|
"sourcePath": "src/server/routes.ts",
|
|
693
|
-
"contentHash": "
|
|
693
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
694
694
|
"since": "2025-01-01"
|
|
695
695
|
},
|
|
696
696
|
"route-group:operations": {
|
|
@@ -698,7 +698,7 @@
|
|
|
698
698
|
"type": "route-group",
|
|
699
699
|
"domain": "safety",
|
|
700
700
|
"sourcePath": "src/server/routes.ts",
|
|
701
|
-
"contentHash": "
|
|
701
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
702
702
|
"since": "2025-01-01"
|
|
703
703
|
},
|
|
704
704
|
"route-group:sentinel": {
|
|
@@ -706,7 +706,7 @@
|
|
|
706
706
|
"type": "route-group",
|
|
707
707
|
"domain": "safety",
|
|
708
708
|
"sourcePath": "src/server/routes.ts",
|
|
709
|
-
"contentHash": "
|
|
709
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
710
710
|
"since": "2025-01-01"
|
|
711
711
|
},
|
|
712
712
|
"route-group:trust": {
|
|
@@ -714,7 +714,7 @@
|
|
|
714
714
|
"type": "route-group",
|
|
715
715
|
"domain": "safety",
|
|
716
716
|
"sourcePath": "src/server/routes.ts",
|
|
717
|
-
"contentHash": "
|
|
717
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
718
718
|
"since": "2025-01-01"
|
|
719
719
|
},
|
|
720
720
|
"route-group:monitoring": {
|
|
@@ -722,7 +722,7 @@
|
|
|
722
722
|
"type": "route-group",
|
|
723
723
|
"domain": "monitoring",
|
|
724
724
|
"sourcePath": "src/server/routes.ts",
|
|
725
|
-
"contentHash": "
|
|
725
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
726
726
|
"since": "2025-01-01"
|
|
727
727
|
},
|
|
728
728
|
"route-group:commitments": {
|
|
@@ -730,7 +730,7 @@
|
|
|
730
730
|
"type": "route-group",
|
|
731
731
|
"domain": "commitments",
|
|
732
732
|
"sourcePath": "src/server/routes.ts",
|
|
733
|
-
"contentHash": "
|
|
733
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
734
734
|
"since": "2025-01-01"
|
|
735
735
|
},
|
|
736
736
|
"route-group:episodes": {
|
|
@@ -738,7 +738,7 @@
|
|
|
738
738
|
"type": "route-group",
|
|
739
739
|
"domain": "memory",
|
|
740
740
|
"sourcePath": "src/server/routes.ts",
|
|
741
|
-
"contentHash": "
|
|
741
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
742
742
|
"since": "2025-01-01"
|
|
743
743
|
},
|
|
744
744
|
"route-group:messages": {
|
|
@@ -746,7 +746,7 @@
|
|
|
746
746
|
"type": "route-group",
|
|
747
747
|
"domain": "coordination",
|
|
748
748
|
"sourcePath": "src/server/routes.ts",
|
|
749
|
-
"contentHash": "
|
|
749
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
750
750
|
"since": "2025-01-01"
|
|
751
751
|
},
|
|
752
752
|
"route-group:system-reviews": {
|
|
@@ -754,7 +754,7 @@
|
|
|
754
754
|
"type": "route-group",
|
|
755
755
|
"domain": "monitoring",
|
|
756
756
|
"sourcePath": "src/server/routes.ts",
|
|
757
|
-
"contentHash": "
|
|
757
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
758
758
|
"since": "2025-01-01"
|
|
759
759
|
},
|
|
760
760
|
"route-group:machine-mesh": {
|
|
@@ -770,7 +770,7 @@
|
|
|
770
770
|
"type": "route-group",
|
|
771
771
|
"domain": "security",
|
|
772
772
|
"sourcePath": "src/server/routes.ts",
|
|
773
|
-
"contentHash": "
|
|
773
|
+
"contentHash": "6ae21e4fd87307ef55497fdcae8d20b5d3cb4b0040e9eee1cd6deececa91a8c2",
|
|
774
774
|
"since": "2025-01-01"
|
|
775
775
|
},
|
|
776
776
|
"cli:init": {
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
# Upgrade Guide — vNEXT
|
|
2
|
+
|
|
3
|
+
<!-- assembled-by: assemble-next-md -->
|
|
4
|
+
<!-- bump: patch -->
|
|
5
|
+
|
|
6
|
+
## What Changed
|
|
7
|
+
|
|
8
|
+
Fixed the "session paused" lockout (topic 28130): `MessageSentinel` was consuming the operator's benign inbound messages whenever its LLM classifier returned — or capacity-shed to — `'pause'`, and the "send a message to resume" recovery routed back through the same failing gate, an inescapable loop. New constitutional standard **"The Operator Channel Is Sacred — Critical-Path Gates Fail Toward Delivery"** (in `STANDARDS-REGISTRY.md`) + its exemplar fix:
|
|
9
|
+
|
|
10
|
+
- `'pause'` now consumes a message ONLY on a DETERMINISTIC fast-path match; a bare-LLM or capacity-shed `'pause'` routes THROUGH (delivered to the agent), never consumed.
|
|
11
|
+
- Before routing a non-deterministic result through, a non-word-count-gated stop-token scan rescues a long-form genuine "stop" to a kill (so a real stop is never dropped).
|
|
12
|
+
- A per-topic circuit-breaker bounds blast radius (a misclassification stream can't permanently lock the operator out).
|
|
13
|
+
- Both inbound consume paths (`onSentinelIntercept` + `/internal/telegram-forward`) decide via one shared `MessageSentinel.decideInboundDisposition`, so policy can't diverge.
|
|
14
|
+
- `/sentinel/stats` now exposes disposition counters (consumed / routed-through / breaker-recovered).
|
|
15
|
+
|
|
16
|
+
## What to Tell Your User
|
|
17
|
+
|
|
18
|
+
If your agent ever appeared "paused" and ignored your messages — replying "Session paused. Send a message to resume." in a loop — that's fixed. A safety check could mislabel an ordinary message as a "pause" command and silently eat it (worse, under load it defaulted to pausing). Now your messages are delivered unless you *unambiguously* typed a pause/stop command, and a genuine "stop" is always honored. The channel to your agent can no longer be sealed by a wrong guess.
|
|
19
|
+
|
|
20
|
+
## Summary of New Capabilities
|
|
21
|
+
|
|
22
|
+
- Standard "The Operator Channel Is Sacred" — a gate on the operator's inbound channel must fail toward DELIVERY; a brittle signal may not consume/block a message; recovery must not route through the failing gate; decision-gates have bounded blast radius.
|
|
23
|
+
- `MessageSentinel.decideInboundDisposition` + `hasStopToken` + disposition observability counters.
|
|
24
|
+
|
|
25
|
+
## Evidence
|
|
26
|
+
|
|
27
|
+
- `tests/unit/MessageSentinel-operator-channel-sacred.test.ts` (13) — deterministic pause consumes; benign LLM-pause + capacity-shed route through; long-form stop rescued to kill; circuit-breaker auto-recovers; per-topic isolation; counters; hasStopToken both-sides.
|
|
28
|
+
- `tests/integration/operator-channel-sacred-wiring.test.ts` (3) — both consume sites use the shared disposition helper; old consume-on-any-pause gone.
|
|
29
|
+
- `tests/integration/telegram-forward-sentinel-intercept.test.ts` — updated to the disposition contract incl. a new route-through-delivers test.
|
|
30
|
+
- `tests/e2e/operator-channel-lockout-regression.test.ts` (4) — no benign stream (even with the LLM mislabeling every message, or sustained capacity-shed) can lock the channel; recovery is escapable; a genuine stop still honored.
|
|
31
|
+
- `npm run build` + `tsc --noEmit` clean; consume-path + MessageSentinel suites green.
|
|
32
|
+
- Converged + approved spec; convergence report at docs/specs/reports/operator-channel-sacred-convergence.md.
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
# Upgrade Guide — vNEXT
|
|
2
|
+
|
|
3
|
+
<!-- assembled-by: assemble-next-md -->
|
|
4
|
+
<!-- bump: patch -->
|
|
5
|
+
|
|
6
|
+
## What Changed
|
|
7
|
+
|
|
8
|
+
The stale-worktree reaper (`AgentWorktreeReaper`) no longer treats harmless leftover files as "uncommitted work." Its cleanliness check now uses the existing residue-aware `classifyPorcelain` with a NARROW, reaper-specific never-work denylist (`dist/`, `node_modules/`, `.cache/`, `.turbo/`, `*.tsbuildinfo`, `.metadata_never_index`, `.instar/instar-dev-traces/`) — fail-CLOSED on any git error (a transient `git status` failure can never make a worktree look reapable). A new per-path reclaim-failure breaker stops retrying a permanently-unremovable worktree forever (surfaced as `keep('reclaim-failed')`).
|
|
9
|
+
|
|
10
|
+
This fixes unbounded `.worktrees/` growth: on one agent, 246 of 289 worktrees were kept solely because of untracked droppings — overwhelmingly the `.metadata_never_index` Spotlight-exclusion marker that gets dropped into every worktree (so the file added to *reduce* indexing load was *blocking* the cleanup that reduces it). Real work is still always kept: ANY non-residue change — a tracked modification OR a hand-authored untracked file (including under `out/`/`build/`/`coverage/` or a `*.log`, which the narrow list deliberately excludes) — keeps the worktree.
|
|
11
|
+
|
|
12
|
+
## What to Tell Your User
|
|
13
|
+
|
|
14
|
+
If your agent's disk fills up with old throwaway worktrees (or a "machine overloaded" warning turns out to be a background file-indexer churning on a huge worktrees folder), the cleanup can now reclaim merged, idle worktrees whose only leftovers are build artifacts or the agent's own marker files — while never touching anything with real unsaved work. It stays off until you turn it on, and it can show you exactly the list it would remove before it deletes anything.
|
|
15
|
+
|
|
16
|
+
## Summary of New Capabilities
|
|
17
|
+
|
|
18
|
+
- Residue-aware, fail-closed worktree cleanliness check (a narrow never-delete list) so the cleanup reclaims droppings-only worktrees instead of hoarding them.
|
|
19
|
+
- A per-worktree failure breaker so an un-removable worktree is given up on after a few tries instead of being retried forever.
|
|
20
|
+
|
|
21
|
+
## Evidence
|
|
22
|
+
|
|
23
|
+
- `tests/unit/agent-worktree-reaper.test.ts` (31 green): residue-only→clean, narrow-residue→clean, tracked-mod→dirty/KEEP, untracked-source→dirty/KEEP, broad-entry (`build/`,`*.log`,`out/`,`coverage/`)→dirty/KEEP, git-error→fail-CLOSED/KEEP, breaker trip+emit-once+clear-on-success.
|
|
24
|
+
- Convergence (adversarial + lessons-aware + conformance gate) caught and resolved a deletion-safety BLOCKER (fail-open→fail-closed) + 2 MAJORs: `docs/specs/reports/worktree-reaper-untracked-blindspot-convergence.md`.
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
# Side-Effects Review — Operator Channel Is Sacred (MessageSentinel pause-lockout fix)
|
|
2
|
+
|
|
3
|
+
Spec: docs/specs/operator-channel-sacred.md (converged + approved). Standard integrated into docs/STANDARDS-REGISTRY.md.
|
|
4
|
+
Change: MessageSentinel `'pause'` consumes a message ONLY on a deterministic match; a bare-LLM or capacity-shed `'pause'` routes THROUGH (with a stop-token rescue); a per-topic circuit-breaker bounds blast radius; both inbound consume paths (server.ts onSentinelIntercept + routes.ts /internal/telegram-forward) decide via one shared `decideInboundDisposition`.
|
|
5
|
+
|
|
6
|
+
## 1. Over-block
|
|
7
|
+
The change can ONLY reduce consumption (more messages delivered). The one residual: `hasStopToken` is intentionally conservative (a whole-word "stop" anywhere → rescue to kill), so a benign message that the classifier already called 'pause' AND contains a whole-word stop ("non-stop") would be killed. Accepted: a kill is RECOVERABLE ("send a new message to start fresh"), unlike the pause lockout; and it only triggers on an already-pause-classified message, not normal traffic.
|
|
8
|
+
|
|
9
|
+
## 2. Under-block
|
|
10
|
+
A genuine pause directive that is non-deterministic (LLM-only) is now NOT honored (routes through). Accepted per the standard + the code's own comment ("pause's value is politeness, not safety"). A genuine STOP is preserved: deterministic fast-path stop fires instantly; a long-form/capacity-shed stop is rescued by `hasStopToken`.
|
|
11
|
+
|
|
12
|
+
## 3. Level-of-abstraction fit
|
|
13
|
+
The standard lives in ONE place (`MessageSentinel.decideInboundDisposition`); both consume sites call it, so policy cannot diverge between the poll path and the lifeline-forward path. Signal-vs-Authority: the classifier signals; the deterministic gate holds consume authority.
|
|
14
|
+
|
|
15
|
+
## 4. Signal vs authority compliance
|
|
16
|
+
Compliant + the exemplar of the new standard. A brittle (LLM/capacity-shed) signal no longer has authority to consume the operator's message; only a deterministic match (or a rescued stop) actuates.
|
|
17
|
+
|
|
18
|
+
## 5. Interactions
|
|
19
|
+
- detectRateLimited / throttle path: unchanged (separate).
|
|
20
|
+
- The capacity-shed return (llmClassify catch, confidence 0.4) now routes through instead of consuming — reconciled with the fork-bomb/No-Silent-Degradation fail-closed posture as a NAMED inbound exception (the deterministic emergency-stop pre-check + the stop-token rescue keep a real stop from ever being dropped).
|
|
21
|
+
- Emergency-stop kill path + resume-queue stop custody: unchanged for `disposition: 'kill'`.
|
|
22
|
+
- Circuit-breaker is in-memory shared across both paths (same MessageSentinel instance); in-memory is safe because the PRIMARY guard is deterministic-only-consume — a restart resetting the breaker cannot reintroduce the lockout. (Reasoned deviation from the spec's "durable" FD2: the build showed deterministic-only-consume makes breaker durability non-load-bearing; documented here.)
|
|
23
|
+
|
|
24
|
+
## 6. External surfaces
|
|
25
|
+
The user-facing change: benign messages that were being eaten as "Session paused" now reach the agent. `getStats()` (/sentinel/stats) now also exposes `disposition` counters (pause.consumed / .routed-through / breaker.recovered) — additive. No new route, no config schema change (the existing `externalOperations.sentinel.enabled` still gates the whole sentinel).
|
|
26
|
+
|
|
27
|
+
## 7. Multi-machine posture
|
|
28
|
+
Machine-local: each machine's MessageSentinel decides for its own inbound; both consume paths on a machine share its one instance + breaker. No cross-machine state. (Lifeline-owned agents hit the routes.ts path; poll-mode hits onSentinelIntercept — both on the same machine, same sentinel.)
|
|
29
|
+
|
|
30
|
+
## 8. Rollback cost
|
|
31
|
+
Single-commit revert restores the prior classify-then-consume logic. No migration, no durable state. The interim safeguard (`externalOperations.sentinel.enabled:false`) can stay until this merges, then be re-enabled (this fix makes the sentinel safe to re-enable).
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
# Side-effects review — worktree-reaper-untracked-blindspot
|
|
2
|
+
|
|
3
|
+
Change: the AgentWorktreeReaper's `isClean` now treats reaper-residue-only worktrees (build artifacts + instar markers, esp. `.metadata_never_index`) as clean via the PURE `classifyPorcelain` + a NARROW `REAPER_RESIDUE_DENYLIST`, fail-CLOSED on git error; plus a per-path reclaim-failure breaker. Files: `src/monitoring/agentWorktreeGit.ts`, `src/monitoring/AgentWorktreeReaper.ts`, `tests/unit/agent-worktree-reaper.test.ts`.
|
|
4
|
+
|
|
5
|
+
1. **Over-block (reject legit inputs it shouldn't):** N/A in the gating sense — this LOOSENS an over-conservative KEEP gate. The "over-block" analog (keeping a reclaimable worktree) is the bug being fixed. No new over-block.
|
|
6
|
+
|
|
7
|
+
2. **Under-block (still misses failure modes):** A worktree whose ONLY change is a *non-residue* untracked file (a hand-authored `.ts`/`.md`/`.log`/`build/*` never `git add`ed) is still KEPT — by design (conservative; possibly-precious). The narrow denylist deliberately excludes `out/`/`build/`/`coverage/`/`*.log` so user-authored files there are never silently reaped. Multi-commit squash-merges are still reported unmerged → KEPT (pre-existing `git cherry` conservatism).
|
|
8
|
+
|
|
9
|
+
3. **Level-of-abstraction fit:** Correct layer. `isClean` is the reaper's per-worktree cleanliness signal; residue-awareness belongs exactly there. Reuses the existing tested PURE `classifyPorcelain` rather than a parallel re-implementation.
|
|
10
|
+
|
|
11
|
+
4. **Signal vs authority:** This is a deterministic policy evaluator over an objective git fact (porcelain + denylist), feeding a gate that is ANDed with `isMerged` (git cherry patch-id) + `isInUse`. No brittle string-matcher gains block authority; it REFINES a KEEP gate. Fail direction is the safety crux: **fail-CLOSED** (git error → dirty → KEEP), the opposite of the fail-open `makeWorktreeDirtyCheck` wrapper which would be unsafe for a deletion gate (the convergence BLOCKER).
|
|
12
|
+
|
|
13
|
+
5. **Interactions / shared consumers:** `isClean` (from `makeAgentWorktreeReaperDeps`) is shared by THREE consumers — the reaper (delete), and via `orphanedWorkGit.ts` the `OrphanedWorkSentinel` (preserve work) and any other caller. Widening "clean" to ignore the narrow never-work set is correct for all three (none should treat a marker-only worktree as holding work). `DEFAULT_RESIDUE_DENYLIST` is NOT modified, so the build-session-yield-safety killer's config-sourced list and other consumers are untouched. Tested: marker-only → clean; tracked diff → never hidden.
|
|
14
|
+
|
|
15
|
+
6. **External surfaces:** No new routes/messages. `GET /worktrees/agent-reaper` now reports more `reap-eligible` worktrees (and a new `reclaim-failed` keep reason when the breaker trips). A new `reclaim-breaker` event is emitted (consumed for observability only).
|
|
16
|
+
|
|
17
|
+
7. **Multi-machine posture:** Machine-local BY DESIGN. Worktrees live on one disk; the reaper only ever evaluates its own machine's `.worktrees/`. No replication/proxy/URL surface. (Cross-Machine Coherence: machine-local with reason.)
|
|
18
|
+
|
|
19
|
+
8. **Rollback cost:** Low. `agentWorktreeReaper.enabled: false` fully disables (existing knob); `dryRun: true` classifies without deleting (review the report first); `maxReclaimFailuresPerPath: 0` disables the breaker. The denylist is a code const (revert = one-line). No data migration. A reclaimed worktree's branch + commits remain in git (only the redundant checkout is removed), so even a wrong reap loses no committed work — and non-residue/tracked work is never reaped.
|
|
20
|
+
|
|
21
|
+
## Second-pass review (required — touches a destructive safety gate)
|
|
22
|
+
Convergence ran an adversarial + lessons-aware reviewer (see `docs/specs/reports/worktree-reaper-untracked-blindspot-convergence.md`). They caught a deletion-safety BLOCKER (fail-open→fail-closed), the broad-denylist hazard (→ narrow list), and the undisclosed OrphanedWorkSentinel consumer. ALL addressed in the implementation and pinned by unit tests (residue→clean, non-residue→dirty, broad-entry→dirty, git-error→KEEP, breaker trip+clear; 31 tests green). Concur with the resolved design.
|