switchroom 0.10.0 → 0.11.1

package/dist/cli/switchroom.js

@@ -13850,7 +13850,7 @@ var init_schema = __esm(() => {
     monthly_budget_usd: exports_external.number().positive().optional().describe("Monthly USD spend budget. If unset, the greeting shows raw usage only.")
   });
   HostControlConfigSchema = exports_external.object({
-    enabled: exports_external.boolean().optional().describe("Opt-in to the host-control daemon. Default: false. " + "When true, the compose generator emits per-agent bind mounts " + "at `~/.switchroom/hostd/<name>/sock` for every admin-flagged " + "agent. Install the daemon with `switchroom hostd install` \u2014 " + "it runs as a docker container in its own compose project " + "(`switchroom-hostd`), separate from the agent fleet's compose " + "project so `up -d --remove-orphans` cycles of the fleet " + "can't recreate the daemon mid-RPC. See RFC C \u00a75.1. " + "Since Phase 2 (#1175 PR \u03b3) the gateway's /restart, /new, /reset, " + "and /update apply slash-commands automatically dispatch through " + "hostd when enabled \u2014 replacing the in-container " + "`spawnSwitchroomDetached` shellout that requires docker access. " + "Set enabled: true on docker-mode installs to make those verbs work " + "(they otherwise fail because the agent container has no docker " + "binary/socket).")
+    enabled: exports_external.boolean().default(true).describe("Whether the host-control daemon is in use. Default: true (since " + "RFC C Phase 2 default-flip \u2014 the gateway's /restart, /new, /reset, " + "and /update apply slash-commands all dispatch through hostd, and " + "without it those verbs fail on docker-mode installs because the " + "agent container has no docker binary/socket). " + "When true, the compose generator emits per-agent bind mounts " + "at `~/.switchroom/hostd/<name>/sock` for every admin-flagged " + "agent. Install the daemon with `switchroom hostd install` \u2014 " + "it runs as a docker container in its own compose project " + "(`switchroom-hostd`), separate from the agent fleet's compose " + "project so `up -d --remove-orphans` cycles of the fleet " + "can't recreate the daemon mid-RPC. See RFC C \u00a75.1. " + "Set enabled: false only on legacy systemd-mode installs that " + "still rely on the in-container `spawnSwitchroomDetached` " + "shellout (removal is tracked as RFC C Phase 3).")
   });
   SwitchroomConfigSchema = exports_external.object({
     switchroom: exports_external.object({
@@ -13876,7 +13876,7 @@ var init_schema = __esm(() => {
     drive: GoogleWorkspaceConfigSchema.describe("RFC D legacy key \u2014 use `google_workspace:` instead. Optional Google " + "Workspace onboarding configuration. When set, supplies Google OAuth " + "client credentials, the approver allowlist for `switchroom drive " + "connect`, and the optional tier knob. Env vars " + "(SWITCHROOM_GOOGLE_CLIENT_ID, SWITCHROOM_GOOGLE_CLIENT_SECRET, " + "SWITCHROOM_APPROVER_USER_ID) take precedence over this block when " + "set, preserving back-compat with the env-only flow shipped in #766."),
     google_workspace: GoogleWorkspaceConfigSchema.describe("RFC G canonical key. Top-level Google Workspace configuration \u2014 " + "OAuth client credentials, approver allowlist, and tier knob (`core` " + "| `extended` | `complete`, default `core`). Mutually exclusive with " + "`drive:` at the top level (loader fails fast if both are set)."),
     quota: QuotaConfigSchema.optional().describe("Optional weekly/monthly USD spend budgets rendered in the session " + "greeting. Usage is read from ccusage at runtime; no network calls."),
-    host_control: HostControlConfigSchema.optional().describe("Optional host-control daemon configuration. See RFC C " + "(docs/rfcs/host-control-daemon.md) and the field-level help on " + "`enabled` for the Phase 1 scope."),
+    host_control: HostControlConfigSchema.default({}).describe("Host-control daemon configuration. Defaults to enabled=true since " + "RFC C Phase 2 (docs/rfcs/host-control-daemon.md). Omit the block " + "to accept defaults; set `enabled: false` only on legacy systemd-" + "mode installs (removal tracked as RFC C Phase 3)."),
     google_accounts: exports_external.record(exports_external.string().regex(/^[^@\s:]+@[^@\s:]+\.[^@\s:]+$/, {
       message: "Account key must be a Google account email like 'alice@example.com' (colons not allowed)"
     }).transform((v) => v.trim().toLowerCase()), exports_external.object({
@@ -22669,7 +22669,7 @@ function generateCompose(opts) {
   const buildContext = opts.buildContext;
   const homePrefix = opts.homeDir ?? "${HOME}";
   const containerNamePrefix = opts.containerNamePrefix ?? "switchroom";
-  const hostControlEnabled = config.host_control?.enabled === true;
+  const hostControlEnabled = config.host_control?.enabled !== false;
   const hostHomeForChecks = opts.homeDir ?? process.env.HOME ?? "";
   const switchroomConfigPath = opts.switchroomConfigPath;
   const bundledSkillsPoolDir = opts.bundledSkillsPoolDir ?? getBundledSkillsPoolDir();
@@ -22860,6 +22860,7 @@ function generateCompose(opts) {
   }
   for (const c of authConsumers) {
     lines.push(`  auth-broker-${c.name}-sock:`);
+    lines.push(`    name: auth-broker-${c.name}-sock`);
   }
   lines.push("");
   return lines.join(`
@@ -22951,6 +22952,9 @@ function emitAgentService(lines, a, imageTag, buildMode, buildContext, homePrefi
     if (existsSync13(`${hostHomeForChecks}/.switchroom/vault-audit.log`)) {
       lines.push(`      - ${homePrefix}/.switchroom/vault-audit.log:/state/agent/home/.switchroom/vault-audit.log:ro`);
     }
+    if (existsSync13(`${hostHomeForChecks}/.switchroom/host-control-audit.log`)) {
+      lines.push(`      - ${homePrefix}/.switchroom/host-control-audit.log:/state/agent/home/.switchroom/host-control-audit.log:ro`);
+    }
     if (hostControlEnabled && existsSync13(`${hostHomeForChecks}/.switchroom/hostd/${a.name}`)) {
       lines.push(`      - ${homePrefix}/.switchroom/hostd/${a.name}:/run/switchroom/hostd/${a.name}`);
     }
@@ -25660,17 +25664,22 @@ function checkHindsightConsumer(config, opts) {
 ` + "then run `switchroom apply` to bind the per-consumer socket."
     };
   }
-  const socketProbe = opts?.socketProbe ?? ((p) => existsSync22(p));
-  const home2 = process.env.HOME ?? "";
-  const dockerVolPath = `/var/lib/docker/volumes/switchroom_auth-broker-hindsight-sock/_data/sock`;
-  const altVolPath = join17(home2, ".local", "share", "docker", "volumes", "switchroom_auth-broker-hindsight-sock", "_data", "sock");
-  const present = socketProbe(dockerVolPath) || socketProbe(altVolPath);
-  if (!present) {
+  const probe2 = opts?.socketProbe ?? probeAuthBrokerSocket;
+  const state = probe2(entry.name);
+  if (state === "unreachable") {
     return {
       name: "hindsight consumer",
       status: "warn",
-      detail: `auth.consumers[hindsight] -> ${entry.account} (uid ${entry.uid ?? 0}); ` + `socket not yet bound on disk`,
-      fix: "Run `switchroom apply` to bring up the auth-broker singleton " + "and bind the per-consumer socket. The hindsight container will " + "fetch credentials from it via `get-credentials` at boot."
+      detail: `auth.consumers[hindsight] -> ${entry.account} (uid ${entry.uid ?? 0}); ` + `couldn't query auth-broker container (not running / docker unavailable)`,
+      fix: "Check `auth-broker: service health` row above; if the broker is " + "down, `switchroom apply` will bring it back and bind the socket."
+    };
+  }
+  if (state === "missing") {
+    return {
+      name: "hindsight consumer",
+      status: "warn",
+      detail: `auth.consumers[hindsight] -> ${entry.account} (uid ${entry.uid ?? 0}); ` + `auth-broker is running but socket not bound at /run/switchroom/auth-broker/${entry.name}/sock`,
+      fix: "Run `switchroom apply` to refresh compose and rebind per-consumer sockets."
     };
   }
   return {
@@ -25679,6 +25688,17 @@ function checkHindsightConsumer(config, opts) {
     detail: `auth.consumers[hindsight] -> ${entry.account} (uid ${entry.uid ?? 0})`
   };
 }
+function probeAuthBrokerSocket(consumerName) {
+  const containerPath = `/run/switchroom/auth-broker/${consumerName}/sock`;
+  const r = spawnSync3("docker", ["exec", "switchroom-auth-broker", "test", "-S", containerPath], { stdio: "pipe", timeout: 3000 });
+  if (r.error || r.status === null)
+    return "unreachable";
+  if (r.status === 0)
+    return "present";
+  if (r.status >= 125)
+    return "unreachable";
+  return "missing";
+}
 async function checkHindsight(config) {
   const memoryBackend = config.memory?.backend;
   if (memoryBackend !== "hindsight") {
@@ -27041,7 +27061,7 @@ function decodeResponse2(line) {
   }
   return ResponseSchema2.parse(parsed);
 }
-var MAX_FRAME_BYTES2, PROTOCOL_VERSION = 1, ProviderNameSchema, GetCredentialsRequestSchema, ListStateRequestSchema, SetActiveRequestSchema, MarkExhaustedRequestSchema, RefreshAccountRequestSchema, AnthropicCredentialsSchema, GoogleCredentialsSchema, ProviderCredentialsSchema, AddAccountRequestSchema, RmAccountRequestSchema, SetOverrideRequestSchema, ListGoogleAccountsRequestSchema, RequestSchema2, GetCredentialsDataSchema, AccountStateSchema, AgentStateSchema, ConsumerStateSchema, ListStateDataSchema, SetActiveDataSchema, MarkExhaustedDataSchema, RefreshAccountDataSchema, AddAccountDataSchema, RmAccountDataSchema, SetOverrideDataSchema, GoogleAccountStateSchema, ListGoogleAccountsDataSchema, ErrorBodySchema, SuccessResponseSchema, ErrorResponseSchema2, ResponseSchema2;
+var MAX_FRAME_BYTES2, PROTOCOL_VERSION = 1, ProviderNameSchema, GetCredentialsRequestSchema, ListStateRequestSchema, SetActiveRequestSchema, MarkExhaustedRequestSchema, RefreshAccountRequestSchema, AnthropicCredentialsSchema, GoogleCredentialsSchema, ProviderCredentialsSchema, AddAccountRequestSchema, RmAccountRequestSchema, SetOverrideRequestSchema, ListGoogleAccountsRequestSchema, ProbeQuotaRequestSchema, RequestSchema2, GetCredentialsDataSchema, AccountStateSchema, AgentStateSchema, ConsumerStateSchema, ListStateDataSchema, SetActiveDataSchema, MarkExhaustedDataSchema, RefreshAccountDataSchema, AddAccountDataSchema, RmAccountDataSchema, SetOverrideDataSchema, GoogleAccountStateSchema, ListGoogleAccountsDataSchema, ErrorBodySchema, SuccessResponseSchema, ErrorResponseSchema2, ResponseSchema2;
 var init_protocol2 = __esm(() => {
   init_zod();
   MAX_FRAME_BYTES2 = 64 * 1024;
@@ -27130,6 +27150,13 @@ var init_protocol2 = __esm(() => {
     op: exports_external.literal("list-google-accounts"),
     id: exports_external.string().min(1)
   });
+  ProbeQuotaRequestSchema = exports_external.object({
+    v: exports_external.literal(PROTOCOL_VERSION),
+    op: exports_external.literal("probe-quota"),
+    id: exports_external.string().min(1),
+    accounts: exports_external.array(exports_external.string().min(1)).min(1).max(32),
+    timeoutMs: exports_external.number().int().positive().max(60000).optional()
+  });
   RequestSchema2 = exports_external.discriminatedUnion("op", [
     GetCredentialsRequestSchema,
     ListStateRequestSchema,
@@ -27139,7 +27166,8 @@ var init_protocol2 = __esm(() => {
     AddAccountRequestSchema,
     RmAccountRequestSchema,
     SetOverrideRequestSchema,
-    ListGoogleAccountsRequestSchema
+    ListGoogleAccountsRequestSchema,
+    ProbeQuotaRequestSchema
   ]);
   GetCredentialsDataSchema = exports_external.object({
     account: exports_external.string(),
@@ -27308,6 +27336,16 @@ class AuthBrokerClient {
     });
     return data;
   }
+  async probeQuota(accounts, timeoutMs) {
+    const data = await this.send({
+      v: PROTOCOL_VERSION,
+      id: randomUUID2(),
+      op: "probe-quota",
+      accounts: [...accounts],
+      ...timeoutMs !== undefined ? { timeoutMs } : {}
+    });
+    return data;
+  }
   async setActive(account) {
     const data = await this.send({
       v: PROTOCOL_VERSION,
@@ -27911,14 +27949,14 @@ var init_oauth = __esm(() => {
 
 // src/drive/grants.ts
 function scopeFor(target, action) {
-  const writePrefix = action === "write" ? "write:" : "";
+  const actionPrefix = action === "read" ? "" : `${action}:`;
   switch (target.kind) {
     case "all":
-      return `doc:gdrive:${writePrefix}**`;
+      return `doc:gdrive:${actionPrefix}**`;
     case "folder":
-      return `doc:gdrive:${writePrefix}folder/${target.folder_id}/**`;
+      return `doc:gdrive:${actionPrefix}folder/${target.folder_id}/**`;
     case "doc":
-      return `doc:gdrive:${writePrefix}${target.doc_id}`;
+      return `doc:gdrive:${actionPrefix}${target.doc_id}`;
   }
 }
 
@@ -45296,8 +45334,8 @@ var {
 } = import__.default;
 
 // src/build-info.ts
-var VERSION = "0.10.0";
-var COMMIT_SHA = "a0ee1201";
+var VERSION = "0.11.1";
+var COMMIT_SHA = "f5d84dfb";
 
 // src/cli/deprecated.ts
 init_source();
@@ -47207,6 +47245,7 @@ Don't wait for a slash command. Don't ask permission. Memory work is table stake
 }
 var DOCKER_TELEGRAM_PLUGIN_PATH = "/opt/switchroom/telegram-plugin";
 var DOCKER_HOOKS_PATH = `${DOCKER_TELEGRAM_PLUGIN_PATH}/hooks`;
+var DOCKER_BUNDLED_HOOKS_PATH = "/opt/switchroom/hooks";
 var DOCKER_BIN_PATH = "/opt/switchroom/bin";
 var DOCKER_CONFIG_PATH = "/state/config/switchroom.yaml";
 function scaffoldAgent(name, agentConfigRaw, agentsDir, telegramConfig, switchroomConfig, userIdOverride, switchroomConfigPath) {
@@ -47735,6 +47774,16 @@ function buildSettingsHooksBlock(p) {
         }
       ]
     },
+    {
+      matcher: "^mcp__google-workspace__",
+      hooks: [
+        {
+          type: "command",
+          command: wrap("hook:drive-write-pretool", `node "${join8(DOCKER_BUNDLED_HOOKS_PATH, "drive-write-pretool.mjs")}"`),
+          timeout: 5 * 60 + 30
+        }
+      ]
+    },
     {
       hooks: [
         {
@@ -47757,7 +47806,7 @@ function buildSettingsHooksBlock(p) {
       ]
     },
     {
-      matcher: ".*",
+      matcher: "^(Edit|MultiEdit|Write|NotebookEdit|Bash|mcp__.*)$",
       hooks: [
         {
           type: "command",
@@ -53214,6 +53263,10 @@ async function ensureHostMountSources(config) {
   if (!existsSync23(auditLogPath)) {
     writeFileSync13(auditLogPath, "", { mode: 420 });
   }
+  const hostdAuditLogPath = join18(home2, ".switchroom", "host-control-audit.log");
+  if (!existsSync23(hostdAuditLogPath)) {
+    writeFileSync13(hostdAuditLogPath, "", { mode: 420 });
+  }
 }
 function detectComposeV2() {
   try {
@@ -64973,6 +65026,8 @@ var HINDSIGHT_DEFAULT_MAX_OBSERVATIONS_PER_SCOPE = 1000;
 var HINDSIGHT_CONSUMER_NAME = "hindsight";
 var HINDSIGHT_DEFAULT_UID = 11000;
 var HINDSIGHT_IMAGE = "ghcr.io/switchroom/switchroom-hindsight:latest";
+var HINDSIGHT_DEFAULT_MODEL = "claude-sonnet-4-6";
+var HINDSIGHT_DEFAULT_MCP_STATELESS = true;
 var HINDSIGHT_BROKER_SOCK_VOLUME = `auth-broker-${HINDSIGHT_CONSUMER_NAME}-sock`;
 function isPortFree(port) {
   return new Promise((resolve28) => {
@@ -65040,7 +65095,11 @@ function startHindsight(ports) {
     "-e",
     `HINDSIGHT_API_MAX_OBSERVATIONS_PER_SCOPE=${HINDSIGHT_DEFAULT_MAX_OBSERVATIONS_PER_SCOPE}`,
     "-e",
-    "HINDSIGHT_API_LLM_PROVIDER=claude-code"
+    "HINDSIGHT_API_LLM_PROVIDER=claude-code",
+    "-e",
+    `HINDSIGHT_API_LLM_MODEL=${HINDSIGHT_DEFAULT_MODEL}`,
+    "-e",
+    `HINDSIGHT_API_MCP_STATELESS=${HINDSIGHT_DEFAULT_MCP_STATELESS}`
   ];
   const args = [
     "run",
@@ -65058,7 +65117,7 @@ function startHindsight(ports) {
     "-v",
     `${HINDSIGHT_BROKER_SOCK_VOLUME}:/run/switchroom/auth-broker`,
     "--tmpfs",
-    "/run/claude-creds:rw,mode=0700",
+    `/run/claude-creds:rw,mode=0700,uid=${HINDSIGHT_DEFAULT_UID},gid=${HINDSIGHT_DEFAULT_UID}`,
     ...envArgs,
     HINDSIGHT_IMAGE
   ];
@@ -65093,11 +65152,13 @@ function generateHindsightComposeSnippet() {
     "    environment:",
     `      - HINDSIGHT_API_MAX_OBSERVATIONS_PER_SCOPE=${HINDSIGHT_DEFAULT_MAX_OBSERVATIONS_PER_SCOPE}`,
     "      - HINDSIGHT_API_LLM_PROVIDER=claude-code",
+    `      - HINDSIGHT_API_LLM_MODEL=${HINDSIGHT_DEFAULT_MODEL}`,
+    `      - HINDSIGHT_API_MCP_STATELESS=${HINDSIGHT_DEFAULT_MCP_STATELESS}`,
     "    volumes:",
     "      - switchroom-hindsight-data:/home/hindsight/.pg0",
     `      - ${HINDSIGHT_BROKER_SOCK_VOLUME}:/run/switchroom/auth-broker`,
     "    tmpfs:",
-    "      - /run/claude-creds:rw,mode=0700",
+    `      - /run/claude-creds:rw,mode=0700,uid=${HINDSIGHT_DEFAULT_UID},gid=${HINDSIGHT_DEFAULT_UID}`,
     "    restart: unless-stopped",
     "",
     "volumes:",
@@ -72574,10 +72635,109 @@ function registerMigrateCommand(program3) {
 // src/cli/hostd.ts
 init_source();
 init_helpers();
-import { existsSync as existsSync65, mkdirSync as mkdirSync35, readdirSync as readdirSync26, writeFileSync as writeFileSync31, statSync as statSync26, copyFileSync as copyFileSync11 } from "node:fs";
+import { existsSync as existsSync65, mkdirSync as mkdirSync35, readdirSync as readdirSync26, readFileSync as readFileSync57, writeFileSync as writeFileSync31, statSync as statSync26, copyFileSync as copyFileSync11 } from "node:fs";
+import { homedir as homedir28 } from "node:os";
+import { join as join54 } from "node:path";
+import { spawnSync as spawnSync9 } from "node:child_process";
+
+// src/host-control/audit-reader.ts
 import { homedir as homedir27 } from "node:os";
 import { join as join53 } from "node:path";
-import { spawnSync as spawnSync9 } from "node:child_process";
+function defaultAuditLogPath2(home2 = homedir27()) {
+  return join53(home2, ".switchroom", "host-control-audit.log");
+}
+function parseAuditLine2(line) {
+  const trimmed = line.trim();
+  if (trimmed.length === 0)
+    return null;
+  let obj;
+  try {
+    obj = JSON.parse(trimmed);
+  } catch {
+    return null;
+  }
+  if (typeof obj !== "object" || obj === null)
+    return null;
+  const o = obj;
+  if (typeof o.ts !== "string" || typeof o.op !== "string")
+    return null;
+  if (typeof o.request_id !== "string" || typeof o.result !== "string")
+    return null;
+  if (typeof o.duration_ms !== "number")
+    return null;
+  const callerRaw = o.caller;
+  let caller;
+  if (callerRaw && callerRaw.kind === "agent" && typeof callerRaw.name === "string") {
+    caller = { kind: "agent", name: callerRaw.name };
+  } else if (callerRaw && callerRaw.kind === "operator") {
+    caller = { kind: "operator" };
+  } else {
+    return null;
+  }
+  const exit_code = o.exit_code === null || typeof o.exit_code === "number" ? o.exit_code : null;
+  const entry = {
+    ts: o.ts,
+    op: o.op,
+    caller,
+    request_id: o.request_id,
+    result: o.result,
+    exit_code,
+    duration_ms: o.duration_ms
+  };
+  if (typeof o.error === "string")
+    entry.error = o.error;
+  return entry;
+}
+function filterEntries(entries, filters) {
+  return entries.filter((e) => {
+    if (filters.agent != null) {
+      if (e.caller.kind !== "agent")
+        return false;
+      if (e.caller.name !== filters.agent)
+        return false;
+    }
+    if (filters.op != null && e.op !== filters.op)
+      return false;
+    if (filters.errorOnly) {
+      if (e.result !== "error" && e.result !== "denied")
+        return false;
+    }
+    return true;
+  });
+}
+function readAndFilter(raw, filters, limit) {
+  const lines = raw.split(`
+`);
+  const parsed = [];
+  for (const line of lines) {
+    const e = parseAuditLine2(line);
+    if (e != null)
+      parsed.push(e);
+  }
+  const filtered = filterEntries(parsed, filters);
+  return filtered.slice(-Math.max(1, limit));
+}
+function shortCaller(caller) {
+  return caller.kind === "agent" ? caller.name : "operator";
+}
+function shortTs(ts) {
+  return ts.replace("T", " ").replace(/\.\d+Z$/, "").slice(0, 19);
+}
+function formatForCli(entries) {
+  const out = [];
+  for (const e of entries) {
+    const ts = shortTs(e.ts).padEnd(20);
+    const caller = shortCaller(e.caller).padEnd(15);
+    const op = e.op.padEnd(16);
+    const result = e.result.padEnd(10);
+    const exit = e.exit_code == null ? "  -" : String(e.exit_code).padStart(3);
+    const ms = `${e.duration_ms}ms`.padStart(8);
+    out.push(`${ts} ${caller} ${op} ${result} ${exit} ${ms}`);
+  }
+  return out;
+}
+
+// src/cli/hostd.ts
 var DEFAULT_IMAGE_TAG = "latest";
 var HOSTD_COMPOSE_PROJECT = "switchroom-hostd";
 function renderHostdComposeFile(opts) {
@@ -72660,10 +72820,10 @@ networks:
 `;
 }
 function hostdDir() {
-  return join53(homedir27(), ".switchroom", "hostd");
+  return join54(homedir28(), ".switchroom", "hostd");
 }
 function hostdComposePath() {
-  return join53(hostdDir(), "docker-compose.yml");
+  return join54(hostdDir(), "docker-compose.yml");
 }
 function backupExistingCompose() {
   const p = hostdComposePath();
@@ -72702,7 +72862,7 @@ async function doInstall(opts, program3) {
   const composePath = hostdComposePath();
   mkdirSync35(dir, { recursive: true });
   const yaml = renderHostdComposeFile({
-    hostHome: homedir27(),
+    hostHome: homedir28(),
     imageTag: opts.tag ?? DEFAULT_IMAGE_TAG
   });
   if (opts.dryRun) {
@@ -72770,7 +72930,7 @@ function doStatus() {
       for (const name of readdirSync26(dir)) {
         if (name === "docker-compose.yml" || name.startsWith("docker-compose.yml."))
           continue;
-        const sockPath = join53(dir, name, "sock");
+        const sockPath = join54(dir, name, "sock");
         if (existsSync65(sockPath)) {
           const st = statSync26(sockPath);
           if ((st.mode & 61440) === 49152) {
@@ -72812,6 +72972,48 @@ function registerHostdCommand(program3) {
   }));
   hostd.command("status").description("Show daemon state and bound sockets").action(() => doStatus());
   hostd.command("uninstall").description("Stop the hostd container. Leaves the compose file in place for re-install.").action(() => doUninstall());
+  hostd.command("audit").description("Tail and filter the hostd audit log (privileged-verb call history)").option("--tail <n>", "Number of matching entries to show (default: 50)", "50").option("--agent <name>", "Filter to a specific caller agent").option("--op <verb>", "Filter to a specific hostd verb (e.g. update_apply, agent_restart)").option("--error", "Show only failed (error/denied) entries").option("--path <file>", "Override audit log path (for debugging)").action((opts) => {
+    const logPath = opts.path ?? defaultAuditLogPath2();
+    if (!existsSync65(logPath)) {
+      console.error(source_default.yellow(`Audit log not found at ${logPath}.`) + source_default.gray(`
+The log is created when hostd handles its first privileged-verb request.`));
+      return;
+    }
+    const raw = readFileSync57(logPath, "utf-8");
+    const limit = Math.max(1, parseInt(opts.tail ?? "50", 10) || 50);
+    const filters = {
+      agent: opts.agent,
+      op: opts.op,
+      errorOnly: !!opts.error
+    };
+    const entries = readAndFilter(raw, filters, limit);
+    if (entries.length === 0) {
+      const parts = [];
+      if (opts.agent)
+        parts.push(`agent=${opts.agent}`);
+      if (opts.op)
+        parts.push(`op=${opts.op}`);
+      if (opts.error)
+        parts.push("errors-only");
+      const desc = parts.length > 0 ? ` matching ${parts.join(", ")}` : "";
+      console.log(source_default.dim(`No hostd audit entries${desc}.`));
+      return;
+    }
+    const header = "ts".padEnd(20) + " " + "caller".padEnd(15) + " " + "op".padEnd(16) + " " + "result".padEnd(10) + " " + "exit".padStart(3) + " " + "dur".padStart(8);
+    console.log(source_default.dim(header));
+    console.log(source_default.dim("\u2500".repeat(header.length)));
+    for (const line of formatForCli(entries)) {
+      if (line.includes(" error ") || line.includes(" denied ")) {
+        console.log(source_default.red(line));
+      } else if (line.includes(" started ")) {
+        console.log(source_default.yellow(line));
+      } else {
+        console.log(line);
+      }
+    }
+    console.log();
+    console.log(source_default.dim(`${entries.length} entr${entries.length === 1 ? "y" : "ies"} shown` + (entries.length === limit ? ` (--tail ${limit})` : "") + `  \u00b7  log: ${logPath}`));
+  });
 }
 
 // src/cli/index.ts

package/dist/host-control/main.js

@@ -11286,7 +11286,7 @@ var QuotaConfigSchema = exports_external.object({
   monthly_budget_usd: exports_external.number().positive().optional().describe("Monthly USD spend budget. If unset, the greeting shows raw usage only.")
 });
 var HostControlConfigSchema = exports_external.object({
-  enabled: exports_external.boolean().optional().describe("Opt-in to the host-control daemon. Default: false. " + "When true, the compose generator emits per-agent bind mounts " + "at `~/.switchroom/hostd/<name>/sock` for every admin-flagged " + "agent. Install the daemon with `switchroom hostd install` — " + "it runs as a docker container in its own compose project " + "(`switchroom-hostd`), separate from the agent fleet's compose " + "project so `up -d --remove-orphans` cycles of the fleet " + "can't recreate the daemon mid-RPC. See RFC C §5.1. " + "Since Phase 2 (#1175 PR γ) the gateway's /restart, /new, /reset, " + "and /update apply slash-commands automatically dispatch through " + "hostd when enabled — replacing the in-container " + "`spawnSwitchroomDetached` shellout that requires docker access. " + "Set enabled: true on docker-mode installs to make those verbs work " + "(they otherwise fail because the agent container has no docker " + "binary/socket).")
+  enabled: exports_external.boolean().default(true).describe("Whether the host-control daemon is in use. Default: true (since " + "RFC C Phase 2 default-flip — the gateway's /restart, /new, /reset, " + "and /update apply slash-commands all dispatch through hostd, and " + "without it those verbs fail on docker-mode installs because the " + "agent container has no docker binary/socket). " + "When true, the compose generator emits per-agent bind mounts " + "at `~/.switchroom/hostd/<name>/sock` for every admin-flagged " + "agent. Install the daemon with `switchroom hostd install` — " + "it runs as a docker container in its own compose project " + "(`switchroom-hostd`), separate from the agent fleet's compose " + "project so `up -d --remove-orphans` cycles of the fleet " + "can't recreate the daemon mid-RPC. See RFC C §5.1. " + "Set enabled: false only on legacy systemd-mode installs that " + "still rely on the in-container `spawnSwitchroomDetached` " + "shellout (removal is tracked as RFC C Phase 3).")
 });
 var SwitchroomConfigSchema = exports_external.object({
   switchroom: exports_external.object({
@@ -11312,7 +11312,7 @@ var SwitchroomConfigSchema = exports_external.object({
   drive: GoogleWorkspaceConfigSchema.describe("RFC D legacy key — use `google_workspace:` instead. Optional Google " + "Workspace onboarding configuration. When set, supplies Google OAuth " + "client credentials, the approver allowlist for `switchroom drive " + "connect`, and the optional tier knob. Env vars " + "(SWITCHROOM_GOOGLE_CLIENT_ID, SWITCHROOM_GOOGLE_CLIENT_SECRET, " + "SWITCHROOM_APPROVER_USER_ID) take precedence over this block when " + "set, preserving back-compat with the env-only flow shipped in #766."),
   google_workspace: GoogleWorkspaceConfigSchema.describe("RFC G canonical key. Top-level Google Workspace configuration — " + "OAuth client credentials, approver allowlist, and tier knob (`core` " + "| `extended` | `complete`, default `core`). Mutually exclusive with " + "`drive:` at the top level (loader fails fast if both are set)."),
   quota: QuotaConfigSchema.optional().describe("Optional weekly/monthly USD spend budgets rendered in the session " + "greeting. Usage is read from ccusage at runtime; no network calls."),
-  host_control: HostControlConfigSchema.optional().describe("Optional host-control daemon configuration. See RFC C " + "(docs/rfcs/host-control-daemon.md) and the field-level help on " + "`enabled` for the Phase 1 scope."),
+  host_control: HostControlConfigSchema.default({}).describe("Host-control daemon configuration. Defaults to enabled=true since " + "RFC C Phase 2 (docs/rfcs/host-control-daemon.md). Omit the block " + "to accept defaults; set `enabled: false` only on legacy systemd-" + "mode installs (removal tracked as RFC C Phase 3)."),
   google_accounts: exports_external.record(exports_external.string().regex(/^[^@\s:]+@[^@\s:]+\.[^@\s:]+$/, {
     message: "Account key must be a Google account email like 'alice@example.com' (colons not allowed)"
   }).transform((v) => v.trim().toLowerCase()), exports_external.object({

package/dist/vault/approvals/kernel-server.js

@@ -11278,7 +11278,7 @@ var init_schema = __esm(() => {
     monthly_budget_usd: exports_external.number().positive().optional().describe("Monthly USD spend budget. If unset, the greeting shows raw usage only.")
   });
   HostControlConfigSchema = exports_external.object({
-    enabled: exports_external.boolean().optional().describe("Opt-in to the host-control daemon. Default: false. " + "When true, the compose generator emits per-agent bind mounts " + "at `~/.switchroom/hostd/<name>/sock` for every admin-flagged " + "agent. Install the daemon with `switchroom hostd install` — " + "it runs as a docker container in its own compose project " + "(`switchroom-hostd`), separate from the agent fleet's compose " + "project so `up -d --remove-orphans` cycles of the fleet " + "can't recreate the daemon mid-RPC. See RFC C §5.1. " + "Since Phase 2 (#1175 PR γ) the gateway's /restart, /new, /reset, " + "and /update apply slash-commands automatically dispatch through " + "hostd when enabled — replacing the in-container " + "`spawnSwitchroomDetached` shellout that requires docker access. " + "Set enabled: true on docker-mode installs to make those verbs work " + "(they otherwise fail because the agent container has no docker " + "binary/socket).")
+    enabled: exports_external.boolean().default(true).describe("Whether the host-control daemon is in use. Default: true (since " + "RFC C Phase 2 default-flip — the gateway's /restart, /new, /reset, " + "and /update apply slash-commands all dispatch through hostd, and " + "without it those verbs fail on docker-mode installs because the " + "agent container has no docker binary/socket). " + "When true, the compose generator emits per-agent bind mounts " + "at `~/.switchroom/hostd/<name>/sock` for every admin-flagged " + "agent. Install the daemon with `switchroom hostd install` — " + "it runs as a docker container in its own compose project " + "(`switchroom-hostd`), separate from the agent fleet's compose " + "project so `up -d --remove-orphans` cycles of the fleet " + "can't recreate the daemon mid-RPC. See RFC C §5.1. " + "Set enabled: false only on legacy systemd-mode installs that " + "still rely on the in-container `spawnSwitchroomDetached` " + "shellout (removal is tracked as RFC C Phase 3).")
   });
   SwitchroomConfigSchema = exports_external.object({
     switchroom: exports_external.object({
@@ -11304,7 +11304,7 @@ var init_schema = __esm(() => {
     drive: GoogleWorkspaceConfigSchema.describe("RFC D legacy key — use `google_workspace:` instead. Optional Google " + "Workspace onboarding configuration. When set, supplies Google OAuth " + "client credentials, the approver allowlist for `switchroom drive " + "connect`, and the optional tier knob. Env vars " + "(SWITCHROOM_GOOGLE_CLIENT_ID, SWITCHROOM_GOOGLE_CLIENT_SECRET, " + "SWITCHROOM_APPROVER_USER_ID) take precedence over this block when " + "set, preserving back-compat with the env-only flow shipped in #766."),
     google_workspace: GoogleWorkspaceConfigSchema.describe("RFC G canonical key. Top-level Google Workspace configuration — " + "OAuth client credentials, approver allowlist, and tier knob (`core` " + "| `extended` | `complete`, default `core`). Mutually exclusive with " + "`drive:` at the top level (loader fails fast if both are set)."),
     quota: QuotaConfigSchema.optional().describe("Optional weekly/monthly USD spend budgets rendered in the session " + "greeting. Usage is read from ccusage at runtime; no network calls."),
-    host_control: HostControlConfigSchema.optional().describe("Optional host-control daemon configuration. See RFC C " + "(docs/rfcs/host-control-daemon.md) and the field-level help on " + "`enabled` for the Phase 1 scope."),
+    host_control: HostControlConfigSchema.default({}).describe("Host-control daemon configuration. Defaults to enabled=true since " + "RFC C Phase 2 (docs/rfcs/host-control-daemon.md). Omit the block " + "to accept defaults; set `enabled: false` only on legacy systemd-" + "mode installs (removal tracked as RFC C Phase 3)."),
     google_accounts: exports_external.record(exports_external.string().regex(/^[^@\s:]+@[^@\s:]+\.[^@\s:]+$/, {
       message: "Account key must be a Google account email like 'alice@example.com' (colons not allowed)"
     }).transform((v) => v.trim().toLowerCase()), exports_external.object({

package/dist/vault/broker/server.js

@@ -11278,7 +11278,7 @@ var init_schema = __esm(() => {
     monthly_budget_usd: exports_external.number().positive().optional().describe("Monthly USD spend budget. If unset, the greeting shows raw usage only.")
   });
   HostControlConfigSchema = exports_external.object({
-    enabled: exports_external.boolean().optional().describe("Opt-in to the host-control daemon. Default: false. " + "When true, the compose generator emits per-agent bind mounts " + "at `~/.switchroom/hostd/<name>/sock` for every admin-flagged " + "agent. Install the daemon with `switchroom hostd install` — " + "it runs as a docker container in its own compose project " + "(`switchroom-hostd`), separate from the agent fleet's compose " + "project so `up -d --remove-orphans` cycles of the fleet " + "can't recreate the daemon mid-RPC. See RFC C §5.1. " + "Since Phase 2 (#1175 PR γ) the gateway's /restart, /new, /reset, " + "and /update apply slash-commands automatically dispatch through " + "hostd when enabled — replacing the in-container " + "`spawnSwitchroomDetached` shellout that requires docker access. " + "Set enabled: true on docker-mode installs to make those verbs work " + "(they otherwise fail because the agent container has no docker " + "binary/socket).")
+    enabled: exports_external.boolean().default(true).describe("Whether the host-control daemon is in use. Default: true (since " + "RFC C Phase 2 default-flip — the gateway's /restart, /new, /reset, " + "and /update apply slash-commands all dispatch through hostd, and " + "without it those verbs fail on docker-mode installs because the " + "agent container has no docker binary/socket). " + "When true, the compose generator emits per-agent bind mounts " + "at `~/.switchroom/hostd/<name>/sock` for every admin-flagged " + "agent. Install the daemon with `switchroom hostd install` — " + "it runs as a docker container in its own compose project " + "(`switchroom-hostd`), separate from the agent fleet's compose " + "project so `up -d --remove-orphans` cycles of the fleet " + "can't recreate the daemon mid-RPC. See RFC C §5.1. " + "Set enabled: false only on legacy systemd-mode installs that " + "still rely on the in-container `spawnSwitchroomDetached` " + "shellout (removal is tracked as RFC C Phase 3).")
   });
   SwitchroomConfigSchema = exports_external.object({
     switchroom: exports_external.object({
@@ -11304,7 +11304,7 @@ var init_schema = __esm(() => {
     drive: GoogleWorkspaceConfigSchema.describe("RFC D legacy key — use `google_workspace:` instead. Optional Google " + "Workspace onboarding configuration. When set, supplies Google OAuth " + "client credentials, the approver allowlist for `switchroom drive " + "connect`, and the optional tier knob. Env vars " + "(SWITCHROOM_GOOGLE_CLIENT_ID, SWITCHROOM_GOOGLE_CLIENT_SECRET, " + "SWITCHROOM_APPROVER_USER_ID) take precedence over this block when " + "set, preserving back-compat with the env-only flow shipped in #766."),
     google_workspace: GoogleWorkspaceConfigSchema.describe("RFC G canonical key. Top-level Google Workspace configuration — " + "OAuth client credentials, approver allowlist, and tier knob (`core` " + "| `extended` | `complete`, default `core`). Mutually exclusive with " + "`drive:` at the top level (loader fails fast if both are set)."),
     quota: QuotaConfigSchema.optional().describe("Optional weekly/monthly USD spend budgets rendered in the session " + "greeting. Usage is read from ccusage at runtime; no network calls."),
-    host_control: HostControlConfigSchema.optional().describe("Optional host-control daemon configuration. See RFC C " + "(docs/rfcs/host-control-daemon.md) and the field-level help on " + "`enabled` for the Phase 1 scope."),
+    host_control: HostControlConfigSchema.default({}).describe("Host-control daemon configuration. Defaults to enabled=true since " + "RFC C Phase 2 (docs/rfcs/host-control-daemon.md). Omit the block " + "to accept defaults; set `enabled: false` only on legacy systemd-" + "mode installs (removal tracked as RFC C Phase 3)."),
     google_accounts: exports_external.record(exports_external.string().regex(/^[^@\s:]+@[^@\s:]+\.[^@\s:]+$/, {
       message: "Account key must be a Google account email like 'alice@example.com' (colons not allowed)"
     }).transform((v) => v.trim().toLowerCase()), exports_external.object({

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "switchroom",
-  "version": "0.10.0",
+  "version": "0.11.1",
   "description": "Run Claude Code 24/7 on your Claude Pro/Max subscription over Telegram. Open-source alternative to OpenClaw and NanoClaw — no API keys.",
   "type": "module",
   "bin": {

package/telegram-plugin/admin-commands/dispatch.test.ts

@@ -41,7 +41,7 @@ describe('parseCommandName', () => {
 
 describe('ADMIN_COMMAND_NAMES', () => {
   it('contains the fleet-management admin commands', () => {
-    const required = ['agents', 'logs', 'restart', 'update', 'reconcile', 'stop', 'agentstart', 'grant', 'dangerous', 'permissions', 'vault']
+    const required = ['agents', 'logs', 'restart', 'update', 'reconcile', 'stop', 'agentstart', 'grant', 'dangerous', 'permissions', 'vault', 'audit']
     for (const cmd of required) {
       expect(ADMIN_COMMAND_NAMES.has(cmd)).toBe(true)
     }

package/telegram-plugin/admin-commands/index.ts

@@ -61,6 +61,8 @@ export const ADMIN_COMMAND_NAMES = new Set<string>([
   // Per-agent ops that read shared fleet state via the switchroom CLI
   'memory',
   'topics',
+  // Observability of privileged-verb history
+  'audit',
 ])
 
 /**