switchroom 0.10.0 → 0.11.1

package/README.md

@@ -4,10 +4,11 @@
 
 # Switchroom
 
-[![Build status](https://badge.buildkite.com/833b2727d7b26bf72e26a6d7968d99c29ec7f1b68888adfb10.svg?branch=main)](https://buildkite.com/ken-thompson/switchroom)
-[![Tests](https://img.shields.io/endpoint?url=https%3A%2F%2Fgist.githubusercontent.com%2Fmekenthompson%2F002f3482b19111d35e57c1903b3733e2%2Fraw%2Fswitchroom-tests.json)](https://buildkite.com/ken-thompson/switchroom)
-[![Trigger evals](https://img.shields.io/endpoint?url=https%3A%2F%2Fgist.githubusercontent.com%2Fmekenthompson%2F002f3482b19111d35e57c1903b3733e2%2Fraw%2Fswitchroom-trigger-evals.json)](https://buildkite.com/ken-thompson/switchroom)
-[![Quality evals](https://img.shields.io/endpoint?url=https%3A%2F%2Fgist.githubusercontent.com%2Fmekenthompson%2F002f3482b19111d35e57c1903b3733e2%2Fraw%2Fswitchroom-quality-evals.json)](https://buildkite.com/ken-thompson/switchroom)
+[![Tests](https://github.com/switchroom/switchroom/actions/workflows/ci-tests-core.yml/badge.svg?branch=main)](https://github.com/switchroom/switchroom/actions/workflows/ci-tests-core.yml)
+[![Plugin tests](https://github.com/switchroom/switchroom/actions/workflows/ci-tests-plugin.yml/badge.svg?branch=main)](https://github.com/switchroom/switchroom/actions/workflows/ci-tests-plugin.yml)
+[![Docker e2e](https://github.com/switchroom/switchroom/actions/workflows/docker-e2e.yml/badge.svg?branch=main)](https://github.com/switchroom/switchroom/actions/workflows/docker-e2e.yml)
+[![Trigger evals](https://img.shields.io/endpoint?url=https%3A%2F%2Fgist.githubusercontent.com%2Fmekenthompson%2F002f3482b19111d35e57c1903b3733e2%2Fraw%2Fswitchroom-trigger-evals.json)](https://github.com/switchroom/switchroom/actions/workflows/ci-evals.yml)
+[![Quality evals](https://img.shields.io/endpoint?url=https%3A%2F%2Fgist.githubusercontent.com%2Fmekenthompson%2F002f3482b19111d35e57c1903b3733e2%2Fraw%2Fswitchroom-quality-evals.json)](https://github.com/switchroom/switchroom/actions/workflows/ci-evals.yml)
 
 **A switchboard for your Pro or Max.** Your Claude subscription, as a fleet of always-on specialist agents you talk to from Telegram. Opinionated UX, done properly.
 

package/dist/agent-scheduler/index.js

@@ -11286,7 +11286,7 @@ var QuotaConfigSchema = exports_external.object({
   monthly_budget_usd: exports_external.number().positive().optional().describe("Monthly USD spend budget. If unset, the greeting shows raw usage only.")
 });
 var HostControlConfigSchema = exports_external.object({
-  enabled: exports_external.boolean().optional().describe("Opt-in to the host-control daemon. Default: false. " + "When true, the compose generator emits per-agent bind mounts " + "at `~/.switchroom/hostd/<name>/sock` for every admin-flagged " + "agent. Install the daemon with `switchroom hostd install` — " + "it runs as a docker container in its own compose project " + "(`switchroom-hostd`), separate from the agent fleet's compose " + "project so `up -d --remove-orphans` cycles of the fleet " + "can't recreate the daemon mid-RPC. See RFC C §5.1. " + "Since Phase 2 (#1175 PR γ) the gateway's /restart, /new, /reset, " + "and /update apply slash-commands automatically dispatch through " + "hostd when enabled — replacing the in-container " + "`spawnSwitchroomDetached` shellout that requires docker access. " + "Set enabled: true on docker-mode installs to make those verbs work " + "(they otherwise fail because the agent container has no docker " + "binary/socket).")
+  enabled: exports_external.boolean().default(true).describe("Whether the host-control daemon is in use. Default: true (since " + "RFC C Phase 2 default-flip — the gateway's /restart, /new, /reset, " + "and /update apply slash-commands all dispatch through hostd, and " + "without it those verbs fail on docker-mode installs because the " + "agent container has no docker binary/socket). " + "When true, the compose generator emits per-agent bind mounts " + "at `~/.switchroom/hostd/<name>/sock` for every admin-flagged " + "agent. Install the daemon with `switchroom hostd install` — " + "it runs as a docker container in its own compose project " + "(`switchroom-hostd`), separate from the agent fleet's compose " + "project so `up -d --remove-orphans` cycles of the fleet " + "can't recreate the daemon mid-RPC. See RFC C §5.1. " + "Set enabled: false only on legacy systemd-mode installs that " + "still rely on the in-container `spawnSwitchroomDetached` " + "shellout (removal is tracked as RFC C Phase 3).")
 });
 var SwitchroomConfigSchema = exports_external.object({
   switchroom: exports_external.object({
@@ -11312,7 +11312,7 @@ var SwitchroomConfigSchema = exports_external.object({
   drive: GoogleWorkspaceConfigSchema.describe("RFC D legacy key — use `google_workspace:` instead. Optional Google " + "Workspace onboarding configuration. When set, supplies Google OAuth " + "client credentials, the approver allowlist for `switchroom drive " + "connect`, and the optional tier knob. Env vars " + "(SWITCHROOM_GOOGLE_CLIENT_ID, SWITCHROOM_GOOGLE_CLIENT_SECRET, " + "SWITCHROOM_APPROVER_USER_ID) take precedence over this block when " + "set, preserving back-compat with the env-only flow shipped in #766."),
   google_workspace: GoogleWorkspaceConfigSchema.describe("RFC G canonical key. Top-level Google Workspace configuration — " + "OAuth client credentials, approver allowlist, and tier knob (`core` " + "| `extended` | `complete`, default `core`). Mutually exclusive with " + "`drive:` at the top level (loader fails fast if both are set)."),
   quota: QuotaConfigSchema.optional().describe("Optional weekly/monthly USD spend budgets rendered in the session " + "greeting. Usage is read from ccusage at runtime; no network calls."),
-  host_control: HostControlConfigSchema.optional().describe("Optional host-control daemon configuration. See RFC C " + "(docs/rfcs/host-control-daemon.md) and the field-level help on " + "`enabled` for the Phase 1 scope."),
+  host_control: HostControlConfigSchema.default({}).describe("Host-control daemon configuration. Defaults to enabled=true since " + "RFC C Phase 2 (docs/rfcs/host-control-daemon.md). Omit the block " + "to accept defaults; set `enabled: false` only on legacy systemd-" + "mode installs (removal tracked as RFC C Phase 3)."),
   google_accounts: exports_external.record(exports_external.string().regex(/^[^@\s:]+@[^@\s:]+\.[^@\s:]+$/, {
     message: "Account key must be a Google account email like 'alice@example.com' (colons not allowed)"
   }).transform((v) => v.trim().toLowerCase()), exports_external.object({

package/dist/auth-broker/index.js

@@ -11286,7 +11286,7 @@ var QuotaConfigSchema = exports_external.object({
   monthly_budget_usd: exports_external.number().positive().optional().describe("Monthly USD spend budget. If unset, the greeting shows raw usage only.")
 });
 var HostControlConfigSchema = exports_external.object({
-  enabled: exports_external.boolean().optional().describe("Opt-in to the host-control daemon. Default: false. " + "When true, the compose generator emits per-agent bind mounts " + "at `~/.switchroom/hostd/<name>/sock` for every admin-flagged " + "agent. Install the daemon with `switchroom hostd install` — " + "it runs as a docker container in its own compose project " + "(`switchroom-hostd`), separate from the agent fleet's compose " + "project so `up -d --remove-orphans` cycles of the fleet " + "can't recreate the daemon mid-RPC. See RFC C §5.1. " + "Since Phase 2 (#1175 PR γ) the gateway's /restart, /new, /reset, " + "and /update apply slash-commands automatically dispatch through " + "hostd when enabled — replacing the in-container " + "`spawnSwitchroomDetached` shellout that requires docker access. " + "Set enabled: true on docker-mode installs to make those verbs work " + "(they otherwise fail because the agent container has no docker " + "binary/socket).")
+  enabled: exports_external.boolean().default(true).describe("Whether the host-control daemon is in use. Default: true (since " + "RFC C Phase 2 default-flip — the gateway's /restart, /new, /reset, " + "and /update apply slash-commands all dispatch through hostd, and " + "without it those verbs fail on docker-mode installs because the " + "agent container has no docker binary/socket). " + "When true, the compose generator emits per-agent bind mounts " + "at `~/.switchroom/hostd/<name>/sock` for every admin-flagged " + "agent. Install the daemon with `switchroom hostd install` — " + "it runs as a docker container in its own compose project " + "(`switchroom-hostd`), separate from the agent fleet's compose " + "project so `up -d --remove-orphans` cycles of the fleet " + "can't recreate the daemon mid-RPC. See RFC C §5.1. " + "Set enabled: false only on legacy systemd-mode installs that " + "still rely on the in-container `spawnSwitchroomDetached` " + "shellout (removal is tracked as RFC C Phase 3).")
 });
 var SwitchroomConfigSchema = exports_external.object({
   switchroom: exports_external.object({
@@ -11312,7 +11312,7 @@ var SwitchroomConfigSchema = exports_external.object({
   drive: GoogleWorkspaceConfigSchema.describe("RFC D legacy key — use `google_workspace:` instead. Optional Google " + "Workspace onboarding configuration. When set, supplies Google OAuth " + "client credentials, the approver allowlist for `switchroom drive " + "connect`, and the optional tier knob. Env vars " + "(SWITCHROOM_GOOGLE_CLIENT_ID, SWITCHROOM_GOOGLE_CLIENT_SECRET, " + "SWITCHROOM_APPROVER_USER_ID) take precedence over this block when " + "set, preserving back-compat with the env-only flow shipped in #766."),
   google_workspace: GoogleWorkspaceConfigSchema.describe("RFC G canonical key. Top-level Google Workspace configuration — " + "OAuth client credentials, approver allowlist, and tier knob (`core` " + "| `extended` | `complete`, default `core`). Mutually exclusive with " + "`drive:` at the top level (loader fails fast if both are set)."),
   quota: QuotaConfigSchema.optional().describe("Optional weekly/monthly USD spend budgets rendered in the session " + "greeting. Usage is read from ccusage at runtime; no network calls."),
-  host_control: HostControlConfigSchema.optional().describe("Optional host-control daemon configuration. See RFC C " + "(docs/rfcs/host-control-daemon.md) and the field-level help on " + "`enabled` for the Phase 1 scope."),
+  host_control: HostControlConfigSchema.default({}).describe("Host-control daemon configuration. Defaults to enabled=true since " + "RFC C Phase 2 (docs/rfcs/host-control-daemon.md). Omit the block " + "to accept defaults; set `enabled: false` only on legacy systemd-" + "mode installs (removal tracked as RFC C Phase 3)."),
   google_accounts: exports_external.record(exports_external.string().regex(/^[^@\s:]+@[^@\s:]+\.[^@\s:]+$/, {
     message: "Account key must be a Google account email like 'alice@example.com' (colons not allowed)"
   }).transform((v) => v.trim().toLowerCase()), exports_external.object({
@@ -11947,6 +11947,93 @@ function allocateAgentUid(name) {
 }
 var BIND_MOUNT_EXACT_SOURCE_DENY = new Set(["/var/run/docker.sock"]);
 
+// src/auth/quota.ts
+var OAUTH_BETA = "oauth-2025-04-20";
+var DEFAULT_USER_AGENT = "claude-cli/1.0.0 (external, cli)";
+var DEFAULT_PROBE_MODEL = "claude-haiku-4-5-20251001";
+function parseFloatHeader(headers, name) {
+  const v = headers.get(name);
+  if (v == null || v.trim().length === 0)
+    return null;
+  const n = Number(v);
+  return Number.isFinite(n) ? n : null;
+}
+function parseEpochHeader(headers, name) {
+  const v = headers.get(name);
+  if (v == null)
+    return null;
+  const n = Number(v);
+  if (!Number.isFinite(n) || n <= 0)
+    return null;
+  return new Date(n * 1000);
+}
+function parseQuotaHeaders(headers) {
+  const fiveHour = parseFloatHeader(headers, "anthropic-ratelimit-unified-5h-utilization");
+  const sevenDay = parseFloatHeader(headers, "anthropic-ratelimit-unified-7d-utilization");
+  if (fiveHour == null && sevenDay == null) {
+    return {
+      ok: false,
+      reason: "no unified rate-limit headers in response (API token, not OAuth?)"
+    };
+  }
+  return {
+    ok: true,
+    data: {
+      fiveHourUtilizationPct: (fiveHour ?? 0) * 100,
+      sevenDayUtilizationPct: (sevenDay ?? 0) * 100,
+      fiveHourResetAt: parseEpochHeader(headers, "anthropic-ratelimit-unified-5h-reset"),
+      sevenDayResetAt: parseEpochHeader(headers, "anthropic-ratelimit-unified-7d-reset"),
+      representativeClaim: headers.get("anthropic-ratelimit-unified-representative-claim"),
+      overageStatus: headers.get("anthropic-ratelimit-unified-overage-status"),
+      overageDisabledReason: headers.get("anthropic-ratelimit-unified-overage-disabled-reason")
+    }
+  };
+}
+async function fetchQuota(opts) {
+  const token = opts.accessToken?.trim();
+  if (!token || token.length === 0) {
+    return { ok: false, reason: "fetchQuota requires a non-empty accessToken" };
+  }
+  const controller = new AbortController;
+  const timeout = setTimeout(() => controller.abort(), opts.timeoutMs ?? 1e4);
+  const fetchFn = opts.fetchImpl ?? fetch;
+  let resp;
+  try {
+    resp = await fetchFn("https://api.anthropic.com/v1/messages", {
+      method: "POST",
+      headers: {
+        "anthropic-version": "2023-06-01",
+        "anthropic-beta": OAUTH_BETA,
+        authorization: `Bearer ${token}`,
+        "x-app": "cli",
+        "user-agent": DEFAULT_USER_AGENT,
+        "content-type": "application/json"
+      },
+      body: JSON.stringify({
+        model: opts.model ?? DEFAULT_PROBE_MODEL,
+        max_tokens: 1,
+        messages: [{ role: "user", content: "hi" }]
+      }),
+      signal: controller.signal
+    });
+  } catch (err) {
+    const msg = err?.message ?? String(err);
+    clearTimeout(timeout);
+    if (msg.includes("aborted")) {
+      return { ok: false, reason: `quota probe timed out after ${opts.timeoutMs ?? 1e4}ms` };
+    }
+    return { ok: false, reason: `quota probe network error: ${msg}` };
+  }
+  clearTimeout(timeout);
+  const parsed = parseQuotaHeaders(resp.headers);
+  if (parsed.ok)
+    return parsed;
+  if (!resp.ok) {
+    return { ok: false, reason: `HTTP ${resp.status} from Anthropic (${parsed.reason})` };
+  }
+  return parsed;
+}
+
 // src/util/atomic.ts
 import { randomBytes } from "node:crypto";
 import { closeSync, fsyncSync, openSync, renameSync, rmSync, writeSync } from "node:fs";
@@ -12634,6 +12721,13 @@ var ListGoogleAccountsRequestSchema = exports_external.object({
   op: exports_external.literal("list-google-accounts"),
   id: exports_external.string().min(1)
 });
+var ProbeQuotaRequestSchema = exports_external.object({
+  v: exports_external.literal(PROTOCOL_VERSION),
+  op: exports_external.literal("probe-quota"),
+  id: exports_external.string().min(1),
+  accounts: exports_external.array(exports_external.string().min(1)).min(1).max(32),
+  timeoutMs: exports_external.number().int().positive().max(60000).optional()
+});
 var RequestSchema = exports_external.discriminatedUnion("op", [
   GetCredentialsRequestSchema,
   ListStateRequestSchema,
@@ -12643,7 +12737,8 @@ var RequestSchema = exports_external.discriminatedUnion("op", [
   AddAccountRequestSchema,
   RmAccountRequestSchema,
   SetOverrideRequestSchema,
-  ListGoogleAccountsRequestSchema
+  ListGoogleAccountsRequestSchema,
+  ProbeQuotaRequestSchema
 ]);
 var GetCredentialsDataSchema = exports_external.object({
   account: exports_external.string(),
@@ -13167,6 +13262,9 @@ class AuthBroker {
         case "list-google-accounts":
           await this.opListGoogleAccounts(socket, reqId, identity2);
           break;
+        case "probe-quota":
+          await this.opProbeQuota(socket, reqId, identity2, req.accounts, req.timeoutMs);
+          break;
       }
     } catch (err) {
       socket.write(encodeError(reqId, "INTERNAL", err.message));
@@ -13265,6 +13363,30 @@ class AuthBroker {
     this.audit({ op: "list-google-accounts", identity: identity2, ok: true });
     socket.write(encodeSuccess(id, { accounts }));
   }
+  async opProbeQuota(socket, id, identity2, accounts, timeoutMs) {
+    const results = await Promise.all(accounts.map(async (label) => {
+      const creds = readAccountCredentials(label, this.home);
+      const token = creds?.claudeAiOauth?.accessToken;
+      if (!token) {
+        const result2 = {
+          ok: false,
+          reason: "no credentials for account in broker store"
+        };
+        this.audit({ op: "probe-quota", identity: identity2, account: label, ok: false, error: "missing-credentials" });
+        return { label, result: result2 };
+      }
+      const result = await fetchQuota({ accessToken: token, timeoutMs });
+      this.audit({
+        op: "probe-quota",
+        identity: identity2,
+        account: label,
+        ok: result.ok,
+        error: result.ok ? undefined : result.reason
+      });
+      return { label, result };
+    }));
+    socket.write(encodeSuccess(id, { results }));
+  }
   async opSetActive(socket, id, identity2, account) {
     if (!this.isAdmin(identity2)) {
       this.audit({ op: "set-active", identity: identity2, account, ok: false, error: "FORBIDDEN" });