instar 1.3.683 → 1.3.685
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/core/DynamicMcpManager.d.ts +105 -0
- package/dist/core/DynamicMcpManager.d.ts.map +1 -0
- package/dist/core/DynamicMcpManager.js +119 -0
- package/dist/core/DynamicMcpManager.js.map +1 -0
- package/dist/core/DynamicMcpService.d.ts +76 -0
- package/dist/core/DynamicMcpService.d.ts.map +1 -0
- package/dist/core/DynamicMcpService.js +103 -0
- package/dist/core/DynamicMcpService.js.map +1 -0
- package/dist/core/McpApprovalNonceStore.d.ts +46 -0
- package/dist/core/McpApprovalNonceStore.d.ts.map +1 -0
- package/dist/core/McpApprovalNonceStore.js +83 -0
- package/dist/core/McpApprovalNonceStore.js.map +1 -0
- package/dist/core/McpLoadedSetStore.d.ts +39 -0
- package/dist/core/McpLoadedSetStore.d.ts.map +1 -0
- package/dist/core/McpLoadedSetStore.js +82 -0
- package/dist/core/McpLoadedSetStore.js.map +1 -0
- package/dist/core/PendingMcpApprovalStore.d.ts +56 -0
- package/dist/core/PendingMcpApprovalStore.d.ts.map +1 -0
- package/dist/core/PendingMcpApprovalStore.js +74 -0
- package/dist/core/PendingMcpApprovalStore.js.map +1 -0
- package/dist/core/PostUpdateMigrator.d.ts +1 -0
- package/dist/core/PostUpdateMigrator.d.ts.map +1 -1
- package/dist/core/PostUpdateMigrator.js +19 -0
- package/dist/core/PostUpdateMigrator.js.map +1 -1
- package/dist/core/SessionManager.d.ts +20 -0
- package/dist/core/SessionManager.d.ts.map +1 -1
- package/dist/core/SessionManager.js +89 -0
- package/dist/core/SessionManager.js.map +1 -1
- package/dist/core/dynamicMcpConfig.d.ts +141 -0
- package/dist/core/dynamicMcpConfig.d.ts.map +1 -0
- package/dist/core/dynamicMcpConfig.js +125 -0
- package/dist/core/dynamicMcpConfig.js.map +1 -0
- package/dist/core/frameworkSessionLaunch.d.ts +11 -0
- package/dist/core/frameworkSessionLaunch.d.ts.map +1 -1
- package/dist/core/frameworkSessionLaunch.js +7 -0
- package/dist/core/frameworkSessionLaunch.js.map +1 -1
- package/dist/core/mcpPidCapture.d.ts +43 -0
- package/dist/core/mcpPidCapture.d.ts.map +1 -0
- package/dist/core/mcpPidCapture.js +44 -0
- package/dist/core/mcpPidCapture.js.map +1 -0
- package/dist/core/types.d.ts +10 -0
- package/dist/core/types.d.ts.map +1 -1
- package/dist/core/types.js.map +1 -1
- package/dist/monitoring/McpIdleOffloadSweep.d.ts +61 -0
- package/dist/monitoring/McpIdleOffloadSweep.d.ts.map +1 -0
- package/dist/monitoring/McpIdleOffloadSweep.js +89 -0
- package/dist/monitoring/McpIdleOffloadSweep.js.map +1 -0
- package/dist/monitoring/mcpIdleLiveOffload.d.ts +68 -0
- package/dist/monitoring/mcpIdleLiveOffload.d.ts.map +1 -0
- package/dist/monitoring/mcpIdleLiveOffload.js +59 -0
- package/dist/monitoring/mcpIdleLiveOffload.js.map +1 -0
- package/dist/scaffold/templates.d.ts.map +1 -1
- package/dist/scaffold/templates.js +2 -1
- package/dist/scaffold/templates.js.map +1 -1
- package/dist/server/AgentServer.d.ts +2 -0
- package/dist/server/AgentServer.d.ts.map +1 -1
- package/dist/server/AgentServer.js +165 -0
- package/dist/server/AgentServer.js.map +1 -1
- package/dist/server/CapabilityIndex.d.ts.map +1 -1
- package/dist/server/CapabilityIndex.js +1 -0
- package/dist/server/CapabilityIndex.js.map +1 -1
- package/dist/server/routes.d.ts +4 -0
- package/dist/server/routes.d.ts.map +1 -1
- package/dist/server/routes.js +153 -0
- package/dist/server/routes.js.map +1 -1
- package/package.json +1 -1
- package/src/data/builtin-manifest.json +65 -65
- package/src/scaffold/templates.ts +2 -1
- package/upgrades/1.3.684.md +62 -0
- package/upgrades/1.3.685.md +37 -0
- package/upgrades/side-effects/dynamic-mcp-awareness.md +36 -0
- package/upgrades/side-effects/dynamic-mcp-baseline-at-spawn.md +74 -0
- package/upgrades/side-effects/dynamic-mcp-capability-classification.md +36 -0
- package/upgrades/side-effects/dynamic-mcp-driver.md +53 -0
- package/upgrades/side-effects/dynamic-mcp-idle-sweep.md +40 -0
- package/upgrades/side-effects/dynamic-mcp-launch-resolver.md +44 -0
- package/upgrades/side-effects/dynamic-mcp-loaded-set-store.md +37 -0
- package/upgrades/side-effects/dynamic-mcp-nonce-store.md +38 -0
- package/upgrades/side-effects/dynamic-mcp-operator-approval-route.md +44 -0
- package/upgrades/side-effects/dynamic-mcp-pure-cores.md +53 -0
- package/upgrades/side-effects/dynamic-mcp-real-offload.md +57 -0
- package/upgrades/side-effects/dynamic-mcp-routes-wiring.md +59 -0
- package/upgrades/side-effects/dynamic-mcp-service.md +41 -0
- package/upgrades/side-effects/dynamic-mcp-sweep-wiring.md +46 -0
- package/upgrades/side-effects/pending-mcp-approval-store.md +33 -0
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
# Side-effects review — dynamic-MCP composition service
|
|
2
|
+
|
|
3
|
+
**Change:** New `src/core/DynamicMcpService.ts` — the composition root that
|
|
4
|
+
assembles DynamicMcpManager + McpLoadedSetStore + McpApprovalNonceStore and wires
|
|
5
|
+
them to INJECTED host primitives (restart, preapproval, pid capture/reap,
|
|
6
|
+
mid-tool-use). Exposes getSessionState / requestLoad / requestOffload. 7 unit tests.
|
|
7
|
+
|
|
8
|
+
## 1. Blast radius
|
|
9
|
+
Zero at runtime. No importer yet — AgentServer wires it with real primitives in the
|
|
10
|
+
final commit (behind the dark flag).
|
|
11
|
+
|
|
12
|
+
## 2. Reversibility
|
|
13
|
+
Fully reversible — delete the file + tests. No migration; consumes the dynamicMcp
|
|
14
|
+
config block only when instantiated (which nothing does yet).
|
|
15
|
+
|
|
16
|
+
## 3. State / data touched
|
|
17
|
+
Indirectly via McpLoadedSetStore (writes `.instar/state/mcp-loaded/<topic>.json`)
|
|
18
|
+
and reads `.mcp.json` — but ONLY when a caller invokes requestLoad/requestOffload,
|
|
19
|
+
which only the tests do in this commit. Never mutates `.mcp.json`.
|
|
20
|
+
|
|
21
|
+
## 4. Failure modes
|
|
22
|
+
Inherits the manager's fail-safety (verified-auth, two-phase rollback, capture-then-
|
|
23
|
+
reap, mid-tool-use abort). `.mcp.json` unreadable ⇒ [] names ⇒ a load is
|
|
24
|
+
unknown-server no-op; currentServers falls back baseline→full safely.
|
|
25
|
+
|
|
26
|
+
## 5. Security / authority
|
|
27
|
+
The authority gate lives in the injected `isPreapproved` + the nonce store: a
|
|
28
|
+
non-preapproved request returns needs-approval with a server-minted nonce and
|
|
29
|
+
performs no restart. The service never trusts a caller-supplied approval; only a
|
|
30
|
+
consumed nonce or a live preapproval proceeds.
|
|
31
|
+
|
|
32
|
+
## 6. Framework generality
|
|
33
|
+
Framework-neutral composition. The Claude-Code-specific surface lives in the
|
|
34
|
+
primitives AgentServer injects (the restart maps SessionRefresh, which returns
|
|
35
|
+
not_telegram_bound ⇒ unsupported-unbound for sessions it can't restart).
|
|
36
|
+
|
|
37
|
+
## 7. Tests
|
|
38
|
+
7 unit tests vs a real temp projectDir: lean-baseline state read; full load+restart+
|
|
39
|
+
commit; not-preapproved ⇒ needs-approval then nonce authorizes; forged nonce
|
|
40
|
+
rejected; offload drops+reaps; offload aborts on unknown mid-tool-use; failed
|
|
41
|
+
restart leaves committed set unchanged (rollback). tsc clean.
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
# Side-effects review — dynamic-MCP idle-offload sweep wiring
|
|
2
|
+
|
|
3
|
+
**Change:** Wire McpIdleOffloadSweep into AgentServer on a timer so the automatic
|
|
4
|
+
idle-offload actually runs. Two edits:
|
|
5
|
+
- `src/server/AgentServer.ts`: build the sweep with real deps (heavy-live-proc
|
|
6
|
+
listing via the reaper deps + resolveOwningSession; session→topic via
|
|
7
|
+
getTopicForSession; signature→server via the reverse map; mid-tool-use via the
|
|
8
|
+
live pane frame; requestOffload via the gated driver) and tick it on an
|
|
9
|
+
`.unref()`'d interval; clear it in `stop()`.
|
|
10
|
+
- `src/core/dynamicMcpConfig.ts`: add the `sweep` config block type.
|
|
11
|
+
|
|
12
|
+
## 1. Blast radius
|
|
13
|
+
Dark + dryRun-first. The sweep timer is created ONLY when BOTH
|
|
14
|
+
`sessions.dynamicMcp.enabled` AND `sessions.dynamicMcp.sweep.enabled` are true; and
|
|
15
|
+
`sweep.dryRun` defaults true, so even then it only LOGS "would offload". Construction
|
|
16
|
+
is wrapped (a fault ⇒ no sweep, never a broken boot). The e2e boot is unaffected
|
|
17
|
+
(verified — no sweep config ⇒ no timer).
|
|
18
|
+
|
|
19
|
+
## 2. Reversibility
|
|
20
|
+
Fully reversible — remove the block + the config type. The timer is `.unref()`'d and
|
|
21
|
+
cleared on stop, so it never holds the event loop or leaks across a restart.
|
|
22
|
+
|
|
23
|
+
## 3. State / data touched
|
|
24
|
+
Read-only at the host level (ps + tmux pane map + pane capture). When NOT dryRun and
|
|
25
|
+
a server is eligible, it calls the gated `requestOffload`, which is the SAME path an
|
|
26
|
+
explicit request uses (loaded-set state write + restart + capture-then-reap).
|
|
27
|
+
|
|
28
|
+
## 4. Failure modes
|
|
29
|
+
Fail-closed throughout: a busy/unknown mid-tool-use resets the idle clock; an
|
|
30
|
+
unmapped server or non-topic session is skipped; a thrown tick is swallowed; the
|
|
31
|
+
timer never keeps the process alive. The sweep adds NO new destructive path — it only
|
|
32
|
+
DECIDES and delegates to the authorization-gated driver (which itself aborts on
|
|
33
|
+
mid-tool-use, requires authorization, and reaps only captured pids).
|
|
34
|
+
|
|
35
|
+
## 5. Security / authority
|
|
36
|
+
No new authority. An idle-offload it triggers on a non-preapproved session returns
|
|
37
|
+
needs-approval (no silent restart) exactly like an explicit request. dryRun (default)
|
|
38
|
+
takes no action at all.
|
|
39
|
+
|
|
40
|
+
## 6. Framework generality
|
|
41
|
+
The timer/sweep are framework-neutral; the mid-tool-use probe is framework-aware.
|
|
42
|
+
|
|
43
|
+
## 7. Tests
|
|
44
|
+
The sweep orchestration has 9 unit tests (committed prior). This wiring is verified
|
|
45
|
+
by the e2e AgentServer boot remaining green (no sweep config ⇒ no timer ⇒ unchanged),
|
|
46
|
+
and tsc clean. A live run is part of the operator live-channel proof (the gate).
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
# Side-effects review — PendingMcpApprovalStore (operator-approval tap-surface foundation)
|
|
2
|
+
|
|
3
|
+
**Change:** New `src/core/PendingMcpApprovalStore.ts` — an in-memory registry that
|
|
4
|
+
lets the operator-approval tap surface put an OPAQUE requestId in the link while the
|
|
5
|
+
server-minted nonce stays server-side (vs. a nonce-in-URL leak). 6 unit tests.
|
|
6
|
+
|
|
7
|
+
## 1. Blast radius
|
|
8
|
+
Zero at runtime. No importer yet — the approval-page routes (the next increment,
|
|
9
|
+
sequenced after the live-test informs the UI) will use it. Inert + dark-feature.
|
|
10
|
+
|
|
11
|
+
## 2. Reversibility
|
|
12
|
+
Fully reversible — delete the file + tests. In-memory only; no persisted state.
|
|
13
|
+
|
|
14
|
+
## 3. State / data touched
|
|
15
|
+
None on disk. An in-memory Map keyed by an opaque requestId → {topicId, kind, server,
|
|
16
|
+
nonce, expiresAt}, TTL-pruned.
|
|
17
|
+
|
|
18
|
+
## 4. Failure modes
|
|
19
|
+
Fail-closed: peek/consume return null on absent/expired; consume is single-use
|
|
20
|
+
(removes regardless). peek NEVER returns the nonce (the page can't leak it).
|
|
21
|
+
|
|
22
|
+
## 5. Security / authority
|
|
23
|
+
The nonce is the approval secret; this store keeps it SERVER-SIDE and exposes it only
|
|
24
|
+
once via `consume` (called by the PIN-gated submit), never via `peek` (the page). The
|
|
25
|
+
opaque requestId carries no secret. No authority is exercised — it's a holding ledger;
|
|
26
|
+
the PIN gate + nonce consume in the route are the authority.
|
|
27
|
+
|
|
28
|
+
## 6. Framework generality
|
|
29
|
+
Framework-neutral in-memory store; no launch/inject surface.
|
|
30
|
+
|
|
31
|
+
## 7. Tests
|
|
32
|
+
6 unit tests: opaque id + peek-never-leaks-nonce; single-use consume; peek-doesn't-
|
|
33
|
+
consume; unknown-id null; TTL expiry (peek + consume); size/prune. tsc clean.
|