@openparachute/agent 0.1.0

package/container/agent-runner/src/config.ts

@@ -0,0 +1,55 @@
+/**
+ * Runner config — reads /workspace/agent/container.json at startup.
+ *
+ * This file is mounted read-only inside the container. The host writes it;
+ * the runner only reads. All parachute-agent-specific configuration lives here
+ * instead of environment variables.
+ */
+import fs from 'fs';
+
+const CONFIG_PATH = '/workspace/agent/container.json';
+
+export interface RunnerConfig {
+  provider: string;
+  assistantName: string;
+  groupName: string;
+  agentGroupId: string;
+  maxMessagesPerPrompt: number;
+  mcpServers: Record<string, { command: string; args: string[]; env: Record<string, string> }>;
+}
+
+const DEFAULT_MAX_MESSAGES = 10;
+
+let _config: RunnerConfig | null = null;
+
+/**
+ * Load config from container.json. Called once at startup.
+ * Falls back to sensible defaults for any missing field.
+ */
+export function loadConfig(): RunnerConfig {
+  if (_config) return _config;
+
+  let raw: Record<string, unknown> = {};
+  try {
+    raw = JSON.parse(fs.readFileSync(CONFIG_PATH, 'utf8'));
+  } catch {
+    console.error(`[config] Failed to read ${CONFIG_PATH}, using defaults`);
+  }
+
+  _config = {
+    provider: (raw.provider as string) || 'claude',
+    assistantName: (raw.assistantName as string) || '',
+    groupName: (raw.groupName as string) || '',
+    agentGroupId: (raw.agentGroupId as string) || '',
+    maxMessagesPerPrompt: (raw.maxMessagesPerPrompt as number) || DEFAULT_MAX_MESSAGES,
+    mcpServers: (raw.mcpServers as RunnerConfig['mcpServers']) || {},
+  };
+
+  return _config;
+}
+
+/** Get the loaded config. Throws if loadConfig() hasn't been called. */
+export function getConfig(): RunnerConfig {
+  if (!_config) throw new Error('Config not loaded — call loadConfig() first');
+  return _config;
+}

package/container/agent-runner/src/db/connection.ts

@@ -0,0 +1,267 @@
+/**
+ * Two-DB connection layer.
+ *
+ * The session uses two SQLite files to eliminate write contention across
+ * the host-container mount boundary:
+ *
+ *   inbound.db  — host writes new messages here; container opens READ-ONLY
+ *   outbound.db — container writes responses + acks here; host opens read-only
+ *
+ * Each file has exactly one writer, so no cross-process lock contention.
+ *
+ * ⚠ Cross-mount visibility: inbound.db MUST be journal_mode=DELETE (set by
+ * the host when the file is created). WAL's `-shm` is memory-mapped and
+ * VirtioFS does not propagate mmap coherency from host to guest, so a
+ * WAL-mode inbound.db would leave this reader frozen on an early snapshot
+ * and it would silently never see new host messages. See
+ * src/session-manager.ts for the full set of cross-mount invariants and
+ * scripts/sanity-live-poll.ts for the empirical validation.
+ */
+import { Database } from 'bun:sqlite';
+import fs from 'fs';
+
+const DEFAULT_INBOUND_PATH = '/workspace/inbound.db';
+const DEFAULT_OUTBOUND_PATH = '/workspace/outbound.db';
+const DEFAULT_HEARTBEAT_PATH = '/workspace/.heartbeat';
+
+let _inbound: Database | null = null;
+let _outbound: Database | null = null;
+let _heartbeatPath: string = DEFAULT_HEARTBEAT_PATH;
+
+/** Inbound DB — container opens read-only (host is the sole writer). */
+export function getInboundDb(): Database {
+  if (!_inbound) {
+    _inbound = new Database(DEFAULT_INBOUND_PATH, { readonly: true });
+    _inbound.exec('PRAGMA busy_timeout = 5000');
+  }
+  return _inbound;
+}
+
+/** Outbound DB — container owns this file (sole writer). */
+export function getOutboundDb(): Database {
+  if (!_outbound) {
+    _outbound = new Database(DEFAULT_OUTBOUND_PATH);
+    _outbound.exec('PRAGMA journal_mode = DELETE');
+    _outbound.exec('PRAGMA busy_timeout = 5000');
+    _outbound.exec('PRAGMA foreign_keys = ON');
+    // Lightweight forward-compat: session_state was added after the initial
+    // v2 schema, so older session DBs don't have it. Create it on demand
+    // instead of requiring a formal migration pass. Also handle the case
+    // where an earlier revision of this table existed without updated_at —
+    // ALTER TABLE to add any missing columns.
+    _outbound.exec(`
+      CREATE TABLE IF NOT EXISTS session_state (
+        key        TEXT PRIMARY KEY,
+        value      TEXT NOT NULL,
+        updated_at TEXT NOT NULL
+      );
+    `);
+    const cols = new Set(
+      (_outbound.prepare("PRAGMA table_info('session_state')").all() as Array<{ name: string }>).map((c) => c.name),
+    );
+    if (!cols.has('updated_at')) {
+      _outbound.exec(`ALTER TABLE session_state ADD COLUMN updated_at TEXT NOT NULL DEFAULT ''`);
+    }
+    // container_state: tracks the current tool in flight (if any) so the host
+    // sweep can widen its stuck tolerance when Bash is running with a user-
+    // declared long timeout. Forward-compat for older outbound.db files.
+    _outbound.exec(`
+      CREATE TABLE IF NOT EXISTS container_state (
+        id                       INTEGER PRIMARY KEY CHECK (id = 1),
+        current_tool             TEXT,
+        tool_declared_timeout_ms INTEGER,
+        tool_started_at          TEXT,
+        updated_at               TEXT NOT NULL
+      );
+    `);
+    // activity: append-only ledger of tool invocations, drained by the host's
+    // delivery loop into central agent_activity. seq is monotonic and serves
+    // as the host's merge cursor (sessions.activity_synced_seq). Forward-
+    // compat for older outbound.db files. Privacy: never write secret values
+    // or full Bash command strings into `summary` — env-injected creds can
+    // leak via argv. Caller (PreToolUse hook) is responsible.
+    _outbound.exec(`
+      CREATE TABLE IF NOT EXISTS activity (
+        seq        INTEGER PRIMARY KEY AUTOINCREMENT,
+        ts         TEXT NOT NULL,
+        kind       TEXT NOT NULL,
+        target     TEXT,
+        summary    TEXT
+      );
+    `);
+  }
+  return _outbound;
+}
+
+/**
+ * Append a tool-invocation row to the outbound activity ledger. Called from
+ * the provider's PreToolUse hook. Sanitization is the caller's job — pass
+ * `summary = null` for kinds that may carry secrets (e.g. Bash argv).
+ */
+export function appendActivity(kind: string, target: string | null, summary: string | null): void {
+  const ts = new Date().toISOString();
+  getOutboundDb()
+    .prepare(`INSERT INTO activity (ts, kind, target, summary) VALUES (?, ?, ?, ?)`)
+    .run(ts, kind, target, summary);
+}
+
+/**
+ * Record that a tool is starting. `declaredTimeoutMs` is the tool's own
+ * timeout hint when one is available (Bash exposes it in the tool_use input);
+ * omit for tools with no declared timeout.
+ */
+export function setContainerToolInFlight(tool: string, declaredTimeoutMs: number | null): void {
+  const now = new Date().toISOString();
+  getOutboundDb()
+    .prepare(
+      `INSERT INTO container_state (id, current_tool, tool_declared_timeout_ms, tool_started_at, updated_at)
+       VALUES (1, ?, ?, ?, ?)
+       ON CONFLICT(id) DO UPDATE SET
+         current_tool = excluded.current_tool,
+         tool_declared_timeout_ms = excluded.tool_declared_timeout_ms,
+         tool_started_at = excluded.tool_started_at,
+         updated_at = excluded.updated_at`,
+    )
+    .run(tool, declaredTimeoutMs, now, now);
+}
+
+/** Clear the in-flight tool — called on PostToolUse / PostToolUseFailure. */
+export function clearContainerToolInFlight(): void {
+  const now = new Date().toISOString();
+  getOutboundDb()
+    .prepare(
+      `INSERT INTO container_state (id, current_tool, tool_declared_timeout_ms, tool_started_at, updated_at)
+       VALUES (1, NULL, NULL, NULL, ?)
+       ON CONFLICT(id) DO UPDATE SET
+         current_tool = NULL,
+         tool_declared_timeout_ms = NULL,
+         tool_started_at = NULL,
+         updated_at = excluded.updated_at`,
+    )
+    .run(now);
+}
+
+/**
+ * Touch the heartbeat file — replaces the old touchProcessing() DB writes.
+ * The host checks this file's mtime for stale container detection.
+ * A file touch is cheaper and avoids cross-boundary DB write contention.
+ */
+export function touchHeartbeat(): void {
+  const p = _heartbeatPath;
+  const now = new Date();
+  try {
+    fs.utimesSync(p, now, now);
+  } catch {
+    try {
+      fs.writeFileSync(p, '');
+    } catch {
+      // Silently ignore — parent dir may not exist (e.g., in-memory test DBs)
+    }
+  }
+}
+
+/**
+ * Clear stale processing_ack entries on container startup.
+ * If the previous container crashed, 'processing' entries are leftover.
+ * Clearing them lets the new container re-process those messages.
+ */
+export function clearStaleProcessingAcks(): void {
+  getOutboundDb().prepare("DELETE FROM processing_ack WHERE status = 'processing'").run();
+}
+
+/** For tests — creates in-memory DBs with the session schemas. */
+export function initTestSessionDb(): { inbound: Database; outbound: Database } {
+  _inbound = new Database(':memory:');
+  _inbound.exec('PRAGMA foreign_keys = ON');
+  _inbound.exec(`
+    CREATE TABLE messages_in (
+      id             TEXT PRIMARY KEY,
+      seq            INTEGER UNIQUE,
+      kind           TEXT NOT NULL,
+      timestamp      TEXT NOT NULL,
+      status         TEXT DEFAULT 'pending',
+      process_after  TEXT,
+      recurrence     TEXT,
+      series_id      TEXT,
+      tries          INTEGER DEFAULT 0,
+      trigger        INTEGER NOT NULL DEFAULT 1,
+      platform_id    TEXT,
+      channel_type   TEXT,
+      thread_id      TEXT,
+      content        TEXT NOT NULL
+    );
+    CREATE TABLE delivered (
+      message_out_id      TEXT PRIMARY KEY,
+      platform_message_id TEXT,
+      status              TEXT NOT NULL DEFAULT 'delivered',
+      delivered_at        TEXT NOT NULL
+    );
+    CREATE TABLE destinations (
+      name            TEXT PRIMARY KEY,
+      display_name    TEXT,
+      type            TEXT NOT NULL,
+      channel_type    TEXT,
+      platform_id     TEXT,
+      agent_group_id  TEXT
+    );
+  `);
+
+  _outbound = new Database(':memory:');
+  _outbound.exec('PRAGMA foreign_keys = ON');
+  _outbound.exec(`
+    CREATE TABLE messages_out (
+      id             TEXT PRIMARY KEY,
+      seq            INTEGER UNIQUE,
+      in_reply_to    TEXT,
+      timestamp      TEXT NOT NULL,
+      deliver_after  TEXT,
+      recurrence     TEXT,
+      kind           TEXT NOT NULL,
+      platform_id    TEXT,
+      channel_type   TEXT,
+      thread_id      TEXT,
+      content        TEXT NOT NULL
+    );
+    CREATE TABLE processing_ack (
+      message_id     TEXT PRIMARY KEY,
+      status         TEXT NOT NULL,
+      status_changed TEXT NOT NULL
+    );
+    CREATE TABLE session_state (
+      key        TEXT PRIMARY KEY,
+      value      TEXT NOT NULL,
+      updated_at TEXT NOT NULL
+    );
+    CREATE TABLE container_state (
+      id                       INTEGER PRIMARY KEY CHECK (id = 1),
+      current_tool             TEXT,
+      tool_declared_timeout_ms INTEGER,
+      tool_started_at          TEXT,
+      updated_at               TEXT NOT NULL
+    );
+    CREATE TABLE activity (
+      seq        INTEGER PRIMARY KEY AUTOINCREMENT,
+      ts         TEXT NOT NULL,
+      kind       TEXT NOT NULL,
+      target     TEXT,
+      summary    TEXT
+    );
+  `);
+
+  return { inbound: _inbound, outbound: _outbound };
+}
+
+export function closeSessionDb(): void {
+  _inbound?.close();
+  _inbound = null;
+  _outbound?.close();
+  _outbound = null;
+}
+
+/**
+ * @deprecated Use getInboundDb() / getOutboundDb() instead.
+ * Kept for backward compatibility during migration.
+ */
+export function getSessionDb(): Database {
+  return getInboundDb();
+}

package/container/agent-runner/src/db/index.ts

@@ -0,0 +1,20 @@
+export {
+  getInboundDb,
+  getOutboundDb,
+  getSessionDb,
+  initTestSessionDb,
+  closeSessionDb,
+  touchHeartbeat,
+  clearStaleProcessingAcks,
+} from './connection.js';
+export {
+  getPendingMessages,
+  markProcessing,
+  markCompleted,
+  markFailed,
+  getMessageIn,
+  findQuestionResponse,
+} from './messages-in.js';
+export type { MessageInRow } from './messages-in.js';
+export { writeMessageOut, getUndeliveredMessages } from './messages-out.js';
+export type { MessageOutRow, WriteMessageOut } from './messages-out.js';

package/container/agent-runner/src/db/messages-in.ts

@@ -0,0 +1,138 @@
+/**
+ * Inbound message operations (container side).
+ *
+ * Reads from inbound.db (host-owned, opened read-only).
+ * Writes processing status to processing_ack in outbound.db (container-owned).
+ *
+ * The container never writes to inbound.db — all status tracking goes through
+ * processing_ack. The host reads processing_ack to sync message lifecycle.
+ */
+import { getConfig } from '../config.js';
+import { getInboundDb, getOutboundDb } from './connection.js';
+
+export interface MessageInRow {
+  id: string;
+  seq: number | null;
+  kind: string;
+  timestamp: string;
+  status: string;
+  process_after: string | null;
+  recurrence: string | null;
+  tries: number;
+  /** 1 = wake-eligible (default); 0 = accumulated context only */
+  trigger: number;
+  platform_id: string | null;
+  channel_type: string | null;
+  thread_id: string | null;
+  content: string;
+}
+
+// Cap on how many messages reach the agent in one prompt. Read from
+// container.json; falls back to 10.
+function getMaxMessagesPerPrompt(): number {
+  try {
+    return getConfig().maxMessagesPerPrompt;
+  } catch {
+    // Config not loaded yet (e.g. test harness) — use default
+    return 10;
+  }
+}
+
+/**
+ * Fetch pending messages that are due for processing.
+ * Reads from inbound.db (read-only), filters against processing_ack in outbound.db
+ * to skip messages already picked up by this or a previous container run.
+ *
+ * Returns the most recent `MAX_MESSAGES_PER_PROMPT` pending rows in
+ * chronological order, regardless of their `trigger` flag: accumulated
+ * context (trigger=0) rides along with the wake-eligible rows so the agent
+ * sees the prior context it missed. Host's countDueMessages gates waking on
+ * trigger=1 separately (see src/db/session-db.ts).
+ */
+export function getPendingMessages(): MessageInRow[] {
+  const inbound = getInboundDb();
+  const outbound = getOutboundDb();
+
+  const pending = inbound
+    .prepare(
+      `SELECT * FROM messages_in
+       WHERE status = 'pending'
+         AND (process_after IS NULL OR datetime(process_after) <= datetime('now'))
+       ORDER BY seq DESC
+       LIMIT ?`,
+    )
+    .all(getMaxMessagesPerPrompt()) as MessageInRow[];
+
+  if (pending.length === 0) return [];
+
+  // Filter out messages already acknowledged in outbound.db
+  const ackedIds = new Set(
+    (outbound.prepare('SELECT message_id FROM processing_ack').all() as Array<{ message_id: string }>).map(
+      (r) => r.message_id,
+    ),
+  );
+
+  // Reverse: we fetched DESC to take the most recent N, but the agent
+  // should see them in chronological order (oldest first).
+  return pending.filter((m) => !ackedIds.has(m.id)).reverse();
+}
+
+/** Mark messages as processing — writes to processing_ack in outbound.db. */
+export function markProcessing(ids: string[]): void {
+  if (ids.length === 0) return;
+  const db = getOutboundDb();
+  const stmt = db.prepare(
+    "INSERT OR REPLACE INTO processing_ack (message_id, status, status_changed) VALUES (?, 'processing', datetime('now'))",
+  );
+  db.transaction(() => {
+    for (const id of ids) stmt.run(id);
+  })();
+}
+
+/** Mark messages as completed — updates processing_ack in outbound.db. */
+export function markCompleted(ids: string[]): void {
+  if (ids.length === 0) return;
+  const db = getOutboundDb();
+  const stmt = db.prepare(
+    "INSERT OR REPLACE INTO processing_ack (message_id, status, status_changed) VALUES (?, 'completed', datetime('now'))",
+  );
+  db.transaction(() => {
+    for (const id of ids) stmt.run(id);
+  })();
+}
+
+/** Mark a single message as failed — writes to processing_ack in outbound.db. */
+export function markFailed(id: string): void {
+  getOutboundDb()
+    .prepare(
+      "INSERT OR REPLACE INTO processing_ack (message_id, status, status_changed) VALUES (?, 'failed', datetime('now'))",
+    )
+    .run(id);
+}
+
+/** Get a message by ID (read from inbound.db). */
+export function getMessageIn(id: string): MessageInRow | undefined {
+  return getInboundDb().prepare('SELECT * FROM messages_in WHERE id = ?').get(id) as MessageInRow | undefined;
+}
+
+/**
+ * Find a pending response to a question (by questionId in content).
+ * Reads from inbound.db, checks processing_ack to skip already-handled responses.
+ */
+export function findQuestionResponse(questionId: string): MessageInRow | undefined {
+  const inbound = getInboundDb();
+  const outbound = getOutboundDb();
+
+  const response = inbound
+    .prepare("SELECT * FROM messages_in WHERE status = 'pending' AND content LIKE ?")
+    .get(`%"questionId":"${questionId}"%`) as MessageInRow | undefined;
+
+  if (!response) return undefined;
+
+  // Check it hasn't been acked already
+  const acked = outbound.prepare('SELECT 1 FROM processing_ack WHERE message_id = ?').get(response.id);
+  if (acked) return undefined;
+
+  return response;
+}
+

package/container/agent-runner/src/db/messages-out.ts

@@ -0,0 +1,143 @@
+/**
+ * Outbound message operations (container side).
+ *
+ * Writes to outbound.db (container-owned).
+ * The host polls this DB (read-only) for undelivered messages.
+ */
+import { getInboundDb, getOutboundDb } from './connection.js';
+
+export interface MessageOutRow {
+  id: string;
+  seq: number | null;
+  in_reply_to: string | null;
+  timestamp: string;
+  deliver_after: string | null;
+  recurrence: string | null;
+  kind: string;
+  platform_id: string | null;
+  channel_type: string | null;
+  thread_id: string | null;
+  content: string;
+}
+
+export interface WriteMessageOut {
+  id: string;
+  in_reply_to?: string | null;
+  deliver_after?: string | null;
+  recurrence?: string | null;
+  kind: string;
+  platform_id?: string | null;
+  channel_type?: string | null;
+  thread_id?: string | null;
+  content: string;
+}
+
+/**
+ * Write a new outbound message, auto-assigning an odd seq number.
+ * Container uses odd seq (1, 3, 5...), host uses even (2, 4, 6...).
+ *
+ * The disjoint namespace is load-bearing, not just collision avoidance:
+ * seq is the agent-facing message ID returned by send_message and accepted
+ * by edit_message / add_reaction, and getMessageIdBySeq() below looks up
+ * by seq across BOTH tables. If inbound and outbound could share a seq,
+ * the agent's "edit message #5" could resolve to the wrong row.
+ */
+export function writeMessageOut(msg: WriteMessageOut): number {
+  const outbound = getOutboundDb();
+  const inbound = getInboundDb();
+
+  // Read max seq from both DBs to maintain global ordering.
+  // Safe: each side only reads the other DB, never writes to it.
+  const maxOut = (outbound.prepare('SELECT COALESCE(MAX(seq), 0) AS m FROM messages_out').get() as { m: number }).m;
+  const maxIn = (inbound.prepare('SELECT COALESCE(MAX(seq), 0) AS m FROM messages_in').get() as { m: number }).m;
+  const max = Math.max(maxOut, maxIn);
+  const nextSeq = max % 2 === 0 ? max + 1 : max + 2; // next odd
+
+  // bun:sqlite requires named parameters to be passed with the prefix character
+  // in the JS object keys (better-sqlite3 auto-stripped it, bun:sqlite does not).
+  outbound
+    .prepare(
+      `INSERT INTO messages_out (id, seq, in_reply_to, timestamp, deliver_after, recurrence, kind, platform_id, channel_type, thread_id, content)
+     VALUES ($id, $seq, $in_reply_to, datetime('now'), $deliver_after, $recurrence, $kind, $platform_id, $channel_type, $thread_id, $content)`,
+    )
+    .run({
+      $id: msg.id,
+      $seq: nextSeq,
+      $in_reply_to: msg.in_reply_to ?? null,
+      $deliver_after: msg.deliver_after ?? null,
+      $recurrence: msg.recurrence ?? null,
+      $kind: msg.kind,
+      $platform_id: msg.platform_id ?? null,
+      $channel_type: msg.channel_type ?? null,
+      $thread_id: msg.thread_id ?? null,
+      $content: msg.content,
+    });
+
+  return nextSeq;
+}
+
+/**
+ * Look up a message's platform ID by seq number.
+ * Searches both inbound and outbound DBs since seq spans both.
+ *
+ * For inbound messages, the Chat SDK message ID is already the platform message ID
+ * (e.g., "6037840640:42" for Telegram).
+ *
+ * For outbound messages, the internal ID (msg-xxx) won't work for edits/reactions.
+ * Instead, look up the platform_message_id from the delivered table (host writes this
+ * after successful delivery).
+ */
+export function getMessageIdBySeq(seq: number): string | null {
+  const inbound = getInboundDb();
+
+  // Inbound messages: ID is already the platform message ID
+  const inRow = inbound.prepare('SELECT id FROM messages_in WHERE seq = ?').get(seq) as
+    | { id: string }
+    | undefined;
+  if (inRow) return inRow.id;
+
+  // Outbound messages: look up platform message ID from delivered table
+  const outRow = getOutboundDb().prepare('SELECT id FROM messages_out WHERE seq = ?').get(seq) as
+    | { id: string }
+    | undefined;
+  if (!outRow) return null;
+
+  // Check if host has stored the platform message ID after delivery
+  const deliveredRow = inbound
+    .prepare('SELECT platform_message_id FROM delivered WHERE message_out_id = ?')
+    .get(outRow.id) as { platform_message_id: string | null } | undefined;
+  if (deliveredRow?.platform_message_id) return deliveredRow.platform_message_id;
+
+  // Fallback to internal ID (edits/reactions on undelivered messages won't work)
+  return outRow.id;
+}
+
+/**
+ * Look up the routing fields for a message by seq (for edit/reaction targeting).
+ * Returns the channel_type, platform_id, thread_id of the referenced message.
+ */
+export function getRoutingBySeq(
+  seq: number,
+): { channel_type: string | null; platform_id: string | null; thread_id: string | null } | null {
+  const inbound = getInboundDb();
+  const inRow = inbound
+    .prepare('SELECT channel_type, platform_id, thread_id FROM messages_in WHERE seq = ?')
+    .get(seq) as { channel_type: string | null; platform_id: string | null; thread_id: string | null } | undefined;
+  if (inRow) return inRow;
+
+  const outRow = getOutboundDb()
+    .prepare('SELECT channel_type, platform_id, thread_id FROM messages_out WHERE seq = ?')
+    .get(seq) as { channel_type: string | null; platform_id: string | null; thread_id: string | null } | undefined;
+  return outRow ?? null;
+}
+
+/** Get undelivered messages (for host polling — reads from outbound.db). */
+export function getUndeliveredMessages(): MessageOutRow[] {
+  return getOutboundDb()
+    .prepare(
+      `SELECT * FROM messages_out
+       WHERE (deliver_after IS NULL OR deliver_after <= datetime('now'))
+       ORDER BY timestamp ASC`,
+    )
+    .all() as MessageOutRow[];
+}

package/container/agent-runner/src/db/session-routing.ts

@@ -0,0 +1,30 @@
+/**
+ * Default reply routing for this session — written by the host on every
+ * container wake (see src/session-manager.ts `writeSessionRouting`).
+ *
+ * Read by the MCP tools as the default destination for outbound messages
+ * when the agent doesn't specify an explicit `to`. This is what makes
+ * "agent replies in the thread it's currently in" work: the router strips
+ * or preserves thread_id based on the adapter's thread support, and we
+ * just read the fixed routing the host committed for this session.
+ */
+import { getInboundDb } from './connection.js';
+
+export interface SessionRouting {
+  channel_type: string | null;
+  platform_id: string | null;
+  thread_id: string | null;
+}
+
+export function getSessionRouting(): SessionRouting {
+  const db = getInboundDb();
+  try {
+    const row = db
+      .prepare('SELECT channel_type, platform_id, thread_id FROM session_routing WHERE id = 1')
+      .get() as SessionRouting | undefined;
+    if (row) return row;
+  } catch {
+    // Table may not exist on an older session DB — fall through to defaults
+  }
+  return { channel_type: null, platform_id: null, thread_id: null };
+}