switchroom 0.11.0 → 0.11.1

package/dist/agent-scheduler/index.js

@@ -11286,7 +11286,7 @@ var QuotaConfigSchema = exports_external.object({
   monthly_budget_usd: exports_external.number().positive().optional().describe("Monthly USD spend budget. If unset, the greeting shows raw usage only.")
 });
 var HostControlConfigSchema = exports_external.object({
-  enabled: exports_external.boolean().optional().describe("Opt-in to the host-control daemon. Default: false. " + "When true, the compose generator emits per-agent bind mounts " + "at `~/.switchroom/hostd/<name>/sock` for every admin-flagged " + "agent. Install the daemon with `switchroom hostd install` — " + "it runs as a docker container in its own compose project " + "(`switchroom-hostd`), separate from the agent fleet's compose " + "project so `up -d --remove-orphans` cycles of the fleet " + "can't recreate the daemon mid-RPC. See RFC C §5.1. " + "Since Phase 2 (#1175 PR γ) the gateway's /restart, /new, /reset, " + "and /update apply slash-commands automatically dispatch through " + "hostd when enabled — replacing the in-container " + "`spawnSwitchroomDetached` shellout that requires docker access. " + "Set enabled: true on docker-mode installs to make those verbs work " + "(they otherwise fail because the agent container has no docker " + "binary/socket).")
+  enabled: exports_external.boolean().default(true).describe("Whether the host-control daemon is in use. Default: true (since " + "RFC C Phase 2 default-flip — the gateway's /restart, /new, /reset, " + "and /update apply slash-commands all dispatch through hostd, and " + "without it those verbs fail on docker-mode installs because the " + "agent container has no docker binary/socket). " + "When true, the compose generator emits per-agent bind mounts " + "at `~/.switchroom/hostd/<name>/sock` for every admin-flagged " + "agent. Install the daemon with `switchroom hostd install` — " + "it runs as a docker container in its own compose project " + "(`switchroom-hostd`), separate from the agent fleet's compose " + "project so `up -d --remove-orphans` cycles of the fleet " + "can't recreate the daemon mid-RPC. See RFC C §5.1. " + "Set enabled: false only on legacy systemd-mode installs that " + "still rely on the in-container `spawnSwitchroomDetached` " + "shellout (removal is tracked as RFC C Phase 3).")
 });
 var SwitchroomConfigSchema = exports_external.object({
   switchroom: exports_external.object({
@@ -11312,7 +11312,7 @@ var SwitchroomConfigSchema = exports_external.object({
   drive: GoogleWorkspaceConfigSchema.describe("RFC D legacy key — use `google_workspace:` instead. Optional Google " + "Workspace onboarding configuration. When set, supplies Google OAuth " + "client credentials, the approver allowlist for `switchroom drive " + "connect`, and the optional tier knob. Env vars " + "(SWITCHROOM_GOOGLE_CLIENT_ID, SWITCHROOM_GOOGLE_CLIENT_SECRET, " + "SWITCHROOM_APPROVER_USER_ID) take precedence over this block when " + "set, preserving back-compat with the env-only flow shipped in #766."),
   google_workspace: GoogleWorkspaceConfigSchema.describe("RFC G canonical key. Top-level Google Workspace configuration — " + "OAuth client credentials, approver allowlist, and tier knob (`core` " + "| `extended` | `complete`, default `core`). Mutually exclusive with " + "`drive:` at the top level (loader fails fast if both are set)."),
   quota: QuotaConfigSchema.optional().describe("Optional weekly/monthly USD spend budgets rendered in the session " + "greeting. Usage is read from ccusage at runtime; no network calls."),
-  host_control: HostControlConfigSchema.optional().describe("Optional host-control daemon configuration. See RFC C " + "(docs/rfcs/host-control-daemon.md) and the field-level help on " + "`enabled` for the Phase 1 scope."),
+  host_control: HostControlConfigSchema.default({}).describe("Host-control daemon configuration. Defaults to enabled=true since " + "RFC C Phase 2 (docs/rfcs/host-control-daemon.md). Omit the block " + "to accept defaults; set `enabled: false` only on legacy systemd-" + "mode installs (removal tracked as RFC C Phase 3)."),
   google_accounts: exports_external.record(exports_external.string().regex(/^[^@\s:]+@[^@\s:]+\.[^@\s:]+$/, {
     message: "Account key must be a Google account email like 'alice@example.com' (colons not allowed)"
   }).transform((v) => v.trim().toLowerCase()), exports_external.object({

package/dist/auth-broker/index.js

@@ -11286,7 +11286,7 @@ var QuotaConfigSchema = exports_external.object({
   monthly_budget_usd: exports_external.number().positive().optional().describe("Monthly USD spend budget. If unset, the greeting shows raw usage only.")
 });
 var HostControlConfigSchema = exports_external.object({
-  enabled: exports_external.boolean().optional().describe("Opt-in to the host-control daemon. Default: false. " + "When true, the compose generator emits per-agent bind mounts " + "at `~/.switchroom/hostd/<name>/sock` for every admin-flagged " + "agent. Install the daemon with `switchroom hostd install` — " + "it runs as a docker container in its own compose project " + "(`switchroom-hostd`), separate from the agent fleet's compose " + "project so `up -d --remove-orphans` cycles of the fleet " + "can't recreate the daemon mid-RPC. See RFC C §5.1. " + "Since Phase 2 (#1175 PR γ) the gateway's /restart, /new, /reset, " + "and /update apply slash-commands automatically dispatch through " + "hostd when enabled — replacing the in-container " + "`spawnSwitchroomDetached` shellout that requires docker access. " + "Set enabled: true on docker-mode installs to make those verbs work " + "(they otherwise fail because the agent container has no docker " + "binary/socket).")
+  enabled: exports_external.boolean().default(true).describe("Whether the host-control daemon is in use. Default: true (since " + "RFC C Phase 2 default-flip — the gateway's /restart, /new, /reset, " + "and /update apply slash-commands all dispatch through hostd, and " + "without it those verbs fail on docker-mode installs because the " + "agent container has no docker binary/socket). " + "When true, the compose generator emits per-agent bind mounts " + "at `~/.switchroom/hostd/<name>/sock` for every admin-flagged " + "agent. Install the daemon with `switchroom hostd install` — " + "it runs as a docker container in its own compose project " + "(`switchroom-hostd`), separate from the agent fleet's compose " + "project so `up -d --remove-orphans` cycles of the fleet " + "can't recreate the daemon mid-RPC. See RFC C §5.1. " + "Set enabled: false only on legacy systemd-mode installs that " + "still rely on the in-container `spawnSwitchroomDetached` " + "shellout (removal is tracked as RFC C Phase 3).")
 });
 var SwitchroomConfigSchema = exports_external.object({
   switchroom: exports_external.object({
@@ -11312,7 +11312,7 @@ var SwitchroomConfigSchema = exports_external.object({
   drive: GoogleWorkspaceConfigSchema.describe("RFC D legacy key — use `google_workspace:` instead. Optional Google " + "Workspace onboarding configuration. When set, supplies Google OAuth " + "client credentials, the approver allowlist for `switchroom drive " + "connect`, and the optional tier knob. Env vars " + "(SWITCHROOM_GOOGLE_CLIENT_ID, SWITCHROOM_GOOGLE_CLIENT_SECRET, " + "SWITCHROOM_APPROVER_USER_ID) take precedence over this block when " + "set, preserving back-compat with the env-only flow shipped in #766."),
   google_workspace: GoogleWorkspaceConfigSchema.describe("RFC G canonical key. Top-level Google Workspace configuration — " + "OAuth client credentials, approver allowlist, and tier knob (`core` " + "| `extended` | `complete`, default `core`). Mutually exclusive with " + "`drive:` at the top level (loader fails fast if both are set)."),
   quota: QuotaConfigSchema.optional().describe("Optional weekly/monthly USD spend budgets rendered in the session " + "greeting. Usage is read from ccusage at runtime; no network calls."),
-  host_control: HostControlConfigSchema.optional().describe("Optional host-control daemon configuration. See RFC C " + "(docs/rfcs/host-control-daemon.md) and the field-level help on " + "`enabled` for the Phase 1 scope."),
+  host_control: HostControlConfigSchema.default({}).describe("Host-control daemon configuration. Defaults to enabled=true since " + "RFC C Phase 2 (docs/rfcs/host-control-daemon.md). Omit the block " + "to accept defaults; set `enabled: false` only on legacy systemd-" + "mode installs (removal tracked as RFC C Phase 3)."),
   google_accounts: exports_external.record(exports_external.string().regex(/^[^@\s:]+@[^@\s:]+\.[^@\s:]+$/, {
     message: "Account key must be a Google account email like 'alice@example.com' (colons not allowed)"
   }).transform((v) => v.trim().toLowerCase()), exports_external.object({
@@ -11947,6 +11947,93 @@ function allocateAgentUid(name) {
 }
 var BIND_MOUNT_EXACT_SOURCE_DENY = new Set(["/var/run/docker.sock"]);
 
+// src/auth/quota.ts
+var OAUTH_BETA = "oauth-2025-04-20";
+var DEFAULT_USER_AGENT = "claude-cli/1.0.0 (external, cli)";
+var DEFAULT_PROBE_MODEL = "claude-haiku-4-5-20251001";
+function parseFloatHeader(headers, name) {
+  const v = headers.get(name);
+  if (v == null || v.trim().length === 0)
+    return null;
+  const n = Number(v);
+  return Number.isFinite(n) ? n : null;
+}
+function parseEpochHeader(headers, name) {
+  const v = headers.get(name);
+  if (v == null)
+    return null;
+  const n = Number(v);
+  if (!Number.isFinite(n) || n <= 0)
+    return null;
+  return new Date(n * 1000);
+}
+function parseQuotaHeaders(headers) {
+  const fiveHour = parseFloatHeader(headers, "anthropic-ratelimit-unified-5h-utilization");
+  const sevenDay = parseFloatHeader(headers, "anthropic-ratelimit-unified-7d-utilization");
+  if (fiveHour == null && sevenDay == null) {
+    return {
+      ok: false,
+      reason: "no unified rate-limit headers in response (API token, not OAuth?)"
+    };
+  }
+  return {
+    ok: true,
+    data: {
+      fiveHourUtilizationPct: (fiveHour ?? 0) * 100,
+      sevenDayUtilizationPct: (sevenDay ?? 0) * 100,
+      fiveHourResetAt: parseEpochHeader(headers, "anthropic-ratelimit-unified-5h-reset"),
+      sevenDayResetAt: parseEpochHeader(headers, "anthropic-ratelimit-unified-7d-reset"),
+      representativeClaim: headers.get("anthropic-ratelimit-unified-representative-claim"),
+      overageStatus: headers.get("anthropic-ratelimit-unified-overage-status"),
+      overageDisabledReason: headers.get("anthropic-ratelimit-unified-overage-disabled-reason")
+    }
+  };
+}
+async function fetchQuota(opts) {
+  const token = opts.accessToken?.trim();
+  if (!token || token.length === 0) {
+    return { ok: false, reason: "fetchQuota requires a non-empty accessToken" };
+  }
+  const controller = new AbortController;
+  const timeout = setTimeout(() => controller.abort(), opts.timeoutMs ?? 1e4);
+  const fetchFn = opts.fetchImpl ?? fetch;
+  let resp;
+  try {
+    resp = await fetchFn("https://api.anthropic.com/v1/messages", {
+      method: "POST",
+      headers: {
+        "anthropic-version": "2023-06-01",
+        "anthropic-beta": OAUTH_BETA,
+        authorization: `Bearer ${token}`,
+        "x-app": "cli",
+        "user-agent": DEFAULT_USER_AGENT,
+        "content-type": "application/json"
+      },
+      body: JSON.stringify({
+        model: opts.model ?? DEFAULT_PROBE_MODEL,
+        max_tokens: 1,
+        messages: [{ role: "user", content: "hi" }]
+      }),
+      signal: controller.signal
+    });
+  } catch (err) {
+    const msg = err?.message ?? String(err);
+    clearTimeout(timeout);
+    if (msg.includes("aborted")) {
+      return { ok: false, reason: `quota probe timed out after ${opts.timeoutMs ?? 1e4}ms` };
+    }
+    return { ok: false, reason: `quota probe network error: ${msg}` };
+  }
+  clearTimeout(timeout);
+  const parsed = parseQuotaHeaders(resp.headers);
+  if (parsed.ok)
+    return parsed;
+  if (!resp.ok) {
+    return { ok: false, reason: `HTTP ${resp.status} from Anthropic (${parsed.reason})` };
+  }
+  return parsed;
+}
+
 // src/util/atomic.ts
 import { randomBytes } from "node:crypto";
 import { closeSync, fsyncSync, openSync, renameSync, rmSync, writeSync } from "node:fs";
@@ -12634,6 +12721,13 @@ var ListGoogleAccountsRequestSchema = exports_external.object({
   op: exports_external.literal("list-google-accounts"),
   id: exports_external.string().min(1)
 });
+var ProbeQuotaRequestSchema = exports_external.object({
+  v: exports_external.literal(PROTOCOL_VERSION),
+  op: exports_external.literal("probe-quota"),
+  id: exports_external.string().min(1),
+  accounts: exports_external.array(exports_external.string().min(1)).min(1).max(32),
+  timeoutMs: exports_external.number().int().positive().max(60000).optional()
+});
 var RequestSchema = exports_external.discriminatedUnion("op", [
   GetCredentialsRequestSchema,
   ListStateRequestSchema,
@@ -12643,7 +12737,8 @@ var RequestSchema = exports_external.discriminatedUnion("op", [
   AddAccountRequestSchema,
   RmAccountRequestSchema,
   SetOverrideRequestSchema,
-  ListGoogleAccountsRequestSchema
+  ListGoogleAccountsRequestSchema,
+  ProbeQuotaRequestSchema
 ]);
 var GetCredentialsDataSchema = exports_external.object({
   account: exports_external.string(),
@@ -13167,6 +13262,9 @@ class AuthBroker {
         case "list-google-accounts":
           await this.opListGoogleAccounts(socket, reqId, identity2);
           break;
+        case "probe-quota":
+          await this.opProbeQuota(socket, reqId, identity2, req.accounts, req.timeoutMs);
+          break;
       }
     } catch (err) {
       socket.write(encodeError(reqId, "INTERNAL", err.message));
@@ -13265,6 +13363,30 @@ class AuthBroker {
     this.audit({ op: "list-google-accounts", identity: identity2, ok: true });
     socket.write(encodeSuccess(id, { accounts }));
   }
+  async opProbeQuota(socket, id, identity2, accounts, timeoutMs) {
+    const results = await Promise.all(accounts.map(async (label) => {
+      const creds = readAccountCredentials(label, this.home);
+      const token = creds?.claudeAiOauth?.accessToken;
+      if (!token) {
+        const result2 = {
+          ok: false,
+          reason: "no credentials for account in broker store"
+        };
+        this.audit({ op: "probe-quota", identity: identity2, account: label, ok: false, error: "missing-credentials" });
+        return { label, result: result2 };
+      }
+      const result = await fetchQuota({ accessToken: token, timeoutMs });
+      this.audit({
+        op: "probe-quota",
+        identity: identity2,
+        account: label,
+        ok: result.ok,
+        error: result.ok ? undefined : result.reason
+      });
+      return { label, result };
+    }));
+    socket.write(encodeSuccess(id, { results }));
+  }
   async opSetActive(socket, id, identity2, account) {
     if (!this.isAdmin(identity2)) {
       this.audit({ op: "set-active", identity: identity2, account, ok: false, error: "FORBIDDEN" });

package/dist/cli/drive-write-pretool.mjs

@@ -4000,7 +4000,7 @@ function decodeResponse(line) {
   }
   return ResponseSchema.parse(parsed);
 }
-var MAX_FRAME_BYTES, PROTOCOL_VERSION = 1, ProviderNameSchema, GetCredentialsRequestSchema, ListStateRequestSchema, SetActiveRequestSchema, MarkExhaustedRequestSchema, RefreshAccountRequestSchema, AnthropicCredentialsSchema, GoogleCredentialsSchema, ProviderCredentialsSchema, AddAccountRequestSchema, RmAccountRequestSchema, SetOverrideRequestSchema, ListGoogleAccountsRequestSchema, RequestSchema, GetCredentialsDataSchema, AccountStateSchema, AgentStateSchema, ConsumerStateSchema, ListStateDataSchema, SetActiveDataSchema, MarkExhaustedDataSchema, RefreshAccountDataSchema, AddAccountDataSchema, RmAccountDataSchema, SetOverrideDataSchema, GoogleAccountStateSchema, ListGoogleAccountsDataSchema, ErrorBodySchema, SuccessResponseSchema, ErrorResponseSchema, ResponseSchema;
+var MAX_FRAME_BYTES, PROTOCOL_VERSION = 1, ProviderNameSchema, GetCredentialsRequestSchema, ListStateRequestSchema, SetActiveRequestSchema, MarkExhaustedRequestSchema, RefreshAccountRequestSchema, AnthropicCredentialsSchema, GoogleCredentialsSchema, ProviderCredentialsSchema, AddAccountRequestSchema, RmAccountRequestSchema, SetOverrideRequestSchema, ListGoogleAccountsRequestSchema, ProbeQuotaRequestSchema, RequestSchema, GetCredentialsDataSchema, AccountStateSchema, AgentStateSchema, ConsumerStateSchema, ListStateDataSchema, SetActiveDataSchema, MarkExhaustedDataSchema, RefreshAccountDataSchema, AddAccountDataSchema, RmAccountDataSchema, SetOverrideDataSchema, GoogleAccountStateSchema, ListGoogleAccountsDataSchema, ErrorBodySchema, SuccessResponseSchema, ErrorResponseSchema, ResponseSchema;
 var init_protocol = __esm(() => {
   init_zod();
   MAX_FRAME_BYTES = 64 * 1024;
@@ -4089,6 +4089,13 @@ var init_protocol = __esm(() => {
     op: exports_external.literal("list-google-accounts"),
     id: exports_external.string().min(1)
   });
+  ProbeQuotaRequestSchema = exports_external.object({
+    v: exports_external.literal(PROTOCOL_VERSION),
+    op: exports_external.literal("probe-quota"),
+    id: exports_external.string().min(1),
+    accounts: exports_external.array(exports_external.string().min(1)).min(1).max(32),
+    timeoutMs: exports_external.number().int().positive().max(60000).optional()
+  });
   RequestSchema = exports_external.discriminatedUnion("op", [
     GetCredentialsRequestSchema,
     ListStateRequestSchema,
@@ -4098,7 +4105,8 @@ var init_protocol = __esm(() => {
     AddAccountRequestSchema,
     RmAccountRequestSchema,
     SetOverrideRequestSchema,
-    ListGoogleAccountsRequestSchema
+    ListGoogleAccountsRequestSchema,
+    ProbeQuotaRequestSchema
   ]);
   GetCredentialsDataSchema = exports_external.object({
     account: exports_external.string(),
@@ -4277,6 +4285,16 @@ class AuthBrokerClient {
     });
     return data;
   }
+  async probeQuota(accounts, timeoutMs) {
+    const data = await this.send({
+      v: PROTOCOL_VERSION,
+      id: randomUUID(),
+      op: "probe-quota",
+      accounts: [...accounts],
+      ...timeoutMs !== undefined ? { timeoutMs } : {}
+    });
+    return data;
+  }
   async setActive(account) {
     const data = await this.send({
       v: PROTOCOL_VERSION,

package/dist/cli/switchroom.js

@@ -13850,7 +13850,7 @@ var init_schema = __esm(() => {
     monthly_budget_usd: exports_external.number().positive().optional().describe("Monthly USD spend budget. If unset, the greeting shows raw usage only.")
   });
   HostControlConfigSchema = exports_external.object({
-    enabled: exports_external.boolean().optional().describe("Opt-in to the host-control daemon. Default: false. " + "When true, the compose generator emits per-agent bind mounts " + "at `~/.switchroom/hostd/<name>/sock` for every admin-flagged " + "agent. Install the daemon with `switchroom hostd install` \u2014 " + "it runs as a docker container in its own compose project " + "(`switchroom-hostd`), separate from the agent fleet's compose " + "project so `up -d --remove-orphans` cycles of the fleet " + "can't recreate the daemon mid-RPC. See RFC C \u00a75.1. " + "Since Phase 2 (#1175 PR \u03b3) the gateway's /restart, /new, /reset, " + "and /update apply slash-commands automatically dispatch through " + "hostd when enabled \u2014 replacing the in-container " + "`spawnSwitchroomDetached` shellout that requires docker access. " + "Set enabled: true on docker-mode installs to make those verbs work " + "(they otherwise fail because the agent container has no docker " + "binary/socket).")
+    enabled: exports_external.boolean().default(true).describe("Whether the host-control daemon is in use. Default: true (since " + "RFC C Phase 2 default-flip \u2014 the gateway's /restart, /new, /reset, " + "and /update apply slash-commands all dispatch through hostd, and " + "without it those verbs fail on docker-mode installs because the " + "agent container has no docker binary/socket). " + "When true, the compose generator emits per-agent bind mounts " + "at `~/.switchroom/hostd/<name>/sock` for every admin-flagged " + "agent. Install the daemon with `switchroom hostd install` \u2014 " + "it runs as a docker container in its own compose project " + "(`switchroom-hostd`), separate from the agent fleet's compose " + "project so `up -d --remove-orphans` cycles of the fleet " + "can't recreate the daemon mid-RPC. See RFC C \u00a75.1. " + "Set enabled: false only on legacy systemd-mode installs that " + "still rely on the in-container `spawnSwitchroomDetached` " + "shellout (removal is tracked as RFC C Phase 3).")
   });
   SwitchroomConfigSchema = exports_external.object({
     switchroom: exports_external.object({
@@ -13876,7 +13876,7 @@ var init_schema = __esm(() => {
     drive: GoogleWorkspaceConfigSchema.describe("RFC D legacy key \u2014 use `google_workspace:` instead. Optional Google " + "Workspace onboarding configuration. When set, supplies Google OAuth " + "client credentials, the approver allowlist for `switchroom drive " + "connect`, and the optional tier knob. Env vars " + "(SWITCHROOM_GOOGLE_CLIENT_ID, SWITCHROOM_GOOGLE_CLIENT_SECRET, " + "SWITCHROOM_APPROVER_USER_ID) take precedence over this block when " + "set, preserving back-compat with the env-only flow shipped in #766."),
     google_workspace: GoogleWorkspaceConfigSchema.describe("RFC G canonical key. Top-level Google Workspace configuration \u2014 " + "OAuth client credentials, approver allowlist, and tier knob (`core` " + "| `extended` | `complete`, default `core`). Mutually exclusive with " + "`drive:` at the top level (loader fails fast if both are set)."),
     quota: QuotaConfigSchema.optional().describe("Optional weekly/monthly USD spend budgets rendered in the session " + "greeting. Usage is read from ccusage at runtime; no network calls."),
-    host_control: HostControlConfigSchema.optional().describe("Optional host-control daemon configuration. See RFC C " + "(docs/rfcs/host-control-daemon.md) and the field-level help on " + "`enabled` for the Phase 1 scope."),
+    host_control: HostControlConfigSchema.default({}).describe("Host-control daemon configuration. Defaults to enabled=true since " + "RFC C Phase 2 (docs/rfcs/host-control-daemon.md). Omit the block " + "to accept defaults; set `enabled: false` only on legacy systemd-" + "mode installs (removal tracked as RFC C Phase 3)."),
     google_accounts: exports_external.record(exports_external.string().regex(/^[^@\s:]+@[^@\s:]+\.[^@\s:]+$/, {
       message: "Account key must be a Google account email like 'alice@example.com' (colons not allowed)"
     }).transform((v) => v.trim().toLowerCase()), exports_external.object({
@@ -22669,7 +22669,7 @@ function generateCompose(opts) {
   const buildContext = opts.buildContext;
   const homePrefix = opts.homeDir ?? "${HOME}";
   const containerNamePrefix = opts.containerNamePrefix ?? "switchroom";
-  const hostControlEnabled = config.host_control?.enabled === true;
+  const hostControlEnabled = config.host_control?.enabled !== false;
   const hostHomeForChecks = opts.homeDir ?? process.env.HOME ?? "";
   const switchroomConfigPath = opts.switchroomConfigPath;
   const bundledSkillsPoolDir = opts.bundledSkillsPoolDir ?? getBundledSkillsPoolDir();
@@ -22952,6 +22952,9 @@ function emitAgentService(lines, a, imageTag, buildMode, buildContext, homePrefi
     if (existsSync13(`${hostHomeForChecks}/.switchroom/vault-audit.log`)) {
       lines.push(`      - ${homePrefix}/.switchroom/vault-audit.log:/state/agent/home/.switchroom/vault-audit.log:ro`);
     }
+    if (existsSync13(`${hostHomeForChecks}/.switchroom/host-control-audit.log`)) {
+      lines.push(`      - ${homePrefix}/.switchroom/host-control-audit.log:/state/agent/home/.switchroom/host-control-audit.log:ro`);
+    }
     if (hostControlEnabled && existsSync13(`${hostHomeForChecks}/.switchroom/hostd/${a.name}`)) {
       lines.push(`      - ${homePrefix}/.switchroom/hostd/${a.name}:/run/switchroom/hostd/${a.name}`);
     }
@@ -27058,7 +27061,7 @@ function decodeResponse2(line) {
   }
   return ResponseSchema2.parse(parsed);
 }
-var MAX_FRAME_BYTES2, PROTOCOL_VERSION = 1, ProviderNameSchema, GetCredentialsRequestSchema, ListStateRequestSchema, SetActiveRequestSchema, MarkExhaustedRequestSchema, RefreshAccountRequestSchema, AnthropicCredentialsSchema, GoogleCredentialsSchema, ProviderCredentialsSchema, AddAccountRequestSchema, RmAccountRequestSchema, SetOverrideRequestSchema, ListGoogleAccountsRequestSchema, RequestSchema2, GetCredentialsDataSchema, AccountStateSchema, AgentStateSchema, ConsumerStateSchema, ListStateDataSchema, SetActiveDataSchema, MarkExhaustedDataSchema, RefreshAccountDataSchema, AddAccountDataSchema, RmAccountDataSchema, SetOverrideDataSchema, GoogleAccountStateSchema, ListGoogleAccountsDataSchema, ErrorBodySchema, SuccessResponseSchema, ErrorResponseSchema2, ResponseSchema2;
+var MAX_FRAME_BYTES2, PROTOCOL_VERSION = 1, ProviderNameSchema, GetCredentialsRequestSchema, ListStateRequestSchema, SetActiveRequestSchema, MarkExhaustedRequestSchema, RefreshAccountRequestSchema, AnthropicCredentialsSchema, GoogleCredentialsSchema, ProviderCredentialsSchema, AddAccountRequestSchema, RmAccountRequestSchema, SetOverrideRequestSchema, ListGoogleAccountsRequestSchema, ProbeQuotaRequestSchema, RequestSchema2, GetCredentialsDataSchema, AccountStateSchema, AgentStateSchema, ConsumerStateSchema, ListStateDataSchema, SetActiveDataSchema, MarkExhaustedDataSchema, RefreshAccountDataSchema, AddAccountDataSchema, RmAccountDataSchema, SetOverrideDataSchema, GoogleAccountStateSchema, ListGoogleAccountsDataSchema, ErrorBodySchema, SuccessResponseSchema, ErrorResponseSchema2, ResponseSchema2;
 var init_protocol2 = __esm(() => {
   init_zod();
   MAX_FRAME_BYTES2 = 64 * 1024;
@@ -27147,6 +27150,13 @@ var init_protocol2 = __esm(() => {
     op: exports_external.literal("list-google-accounts"),
     id: exports_external.string().min(1)
   });
+  ProbeQuotaRequestSchema = exports_external.object({
+    v: exports_external.literal(PROTOCOL_VERSION),
+    op: exports_external.literal("probe-quota"),
+    id: exports_external.string().min(1),
+    accounts: exports_external.array(exports_external.string().min(1)).min(1).max(32),
+    timeoutMs: exports_external.number().int().positive().max(60000).optional()
+  });
   RequestSchema2 = exports_external.discriminatedUnion("op", [
     GetCredentialsRequestSchema,
     ListStateRequestSchema,
@@ -27156,7 +27166,8 @@ var init_protocol2 = __esm(() => {
     AddAccountRequestSchema,
     RmAccountRequestSchema,
     SetOverrideRequestSchema,
-    ListGoogleAccountsRequestSchema
+    ListGoogleAccountsRequestSchema,
+    ProbeQuotaRequestSchema
   ]);
   GetCredentialsDataSchema = exports_external.object({
     account: exports_external.string(),
@@ -27325,6 +27336,16 @@ class AuthBrokerClient {
     });
     return data;
   }
+  async probeQuota(accounts, timeoutMs) {
+    const data = await this.send({
+      v: PROTOCOL_VERSION,
+      id: randomUUID2(),
+      op: "probe-quota",
+      accounts: [...accounts],
+      ...timeoutMs !== undefined ? { timeoutMs } : {}
+    });
+    return data;
+  }
   async setActive(account) {
     const data = await this.send({
       v: PROTOCOL_VERSION,
@@ -45313,8 +45334,8 @@ var {
 } = import__.default;
 
 // src/build-info.ts
-var VERSION = "0.11.0";
-var COMMIT_SHA = "abff20c7";
+var VERSION = "0.11.1";
+var COMMIT_SHA = "f5d84dfb";
 
 // src/cli/deprecated.ts
 init_source();
@@ -53242,6 +53263,10 @@ async function ensureHostMountSources(config) {
   if (!existsSync23(auditLogPath)) {
     writeFileSync13(auditLogPath, "", { mode: 420 });
   }
+  const hostdAuditLogPath = join18(home2, ".switchroom", "host-control-audit.log");
+  if (!existsSync23(hostdAuditLogPath)) {
+    writeFileSync13(hostdAuditLogPath, "", { mode: 420 });
+  }
 }
 function detectComposeV2() {
   try {

package/dist/host-control/main.js

@@ -11286,7 +11286,7 @@ var QuotaConfigSchema = exports_external.object({
   monthly_budget_usd: exports_external.number().positive().optional().describe("Monthly USD spend budget. If unset, the greeting shows raw usage only.")
 });
 var HostControlConfigSchema = exports_external.object({
-  enabled: exports_external.boolean().optional().describe("Opt-in to the host-control daemon. Default: false. " + "When true, the compose generator emits per-agent bind mounts " + "at `~/.switchroom/hostd/<name>/sock` for every admin-flagged " + "agent. Install the daemon with `switchroom hostd install` — " + "it runs as a docker container in its own compose project " + "(`switchroom-hostd`), separate from the agent fleet's compose " + "project so `up -d --remove-orphans` cycles of the fleet " + "can't recreate the daemon mid-RPC. See RFC C §5.1. " + "Since Phase 2 (#1175 PR γ) the gateway's /restart, /new, /reset, " + "and /update apply slash-commands automatically dispatch through " + "hostd when enabled — replacing the in-container " + "`spawnSwitchroomDetached` shellout that requires docker access. " + "Set enabled: true on docker-mode installs to make those verbs work " + "(they otherwise fail because the agent container has no docker " + "binary/socket).")
+  enabled: exports_external.boolean().default(true).describe("Whether the host-control daemon is in use. Default: true (since " + "RFC C Phase 2 default-flip — the gateway's /restart, /new, /reset, " + "and /update apply slash-commands all dispatch through hostd, and " + "without it those verbs fail on docker-mode installs because the " + "agent container has no docker binary/socket). " + "When true, the compose generator emits per-agent bind mounts " + "at `~/.switchroom/hostd/<name>/sock` for every admin-flagged " + "agent. Install the daemon with `switchroom hostd install` — " + "it runs as a docker container in its own compose project " + "(`switchroom-hostd`), separate from the agent fleet's compose " + "project so `up -d --remove-orphans` cycles of the fleet " + "can't recreate the daemon mid-RPC. See RFC C §5.1. " + "Set enabled: false only on legacy systemd-mode installs that " + "still rely on the in-container `spawnSwitchroomDetached` " + "shellout (removal is tracked as RFC C Phase 3).")
 });
 var SwitchroomConfigSchema = exports_external.object({
   switchroom: exports_external.object({
@@ -11312,7 +11312,7 @@ var SwitchroomConfigSchema = exports_external.object({
   drive: GoogleWorkspaceConfigSchema.describe("RFC D legacy key — use `google_workspace:` instead. Optional Google " + "Workspace onboarding configuration. When set, supplies Google OAuth " + "client credentials, the approver allowlist for `switchroom drive " + "connect`, and the optional tier knob. Env vars " + "(SWITCHROOM_GOOGLE_CLIENT_ID, SWITCHROOM_GOOGLE_CLIENT_SECRET, " + "SWITCHROOM_APPROVER_USER_ID) take precedence over this block when " + "set, preserving back-compat with the env-only flow shipped in #766."),
   google_workspace: GoogleWorkspaceConfigSchema.describe("RFC G canonical key. Top-level Google Workspace configuration — " + "OAuth client credentials, approver allowlist, and tier knob (`core` " + "| `extended` | `complete`, default `core`). Mutually exclusive with " + "`drive:` at the top level (loader fails fast if both are set)."),
   quota: QuotaConfigSchema.optional().describe("Optional weekly/monthly USD spend budgets rendered in the session " + "greeting. Usage is read from ccusage at runtime; no network calls."),
-  host_control: HostControlConfigSchema.optional().describe("Optional host-control daemon configuration. See RFC C " + "(docs/rfcs/host-control-daemon.md) and the field-level help on " + "`enabled` for the Phase 1 scope."),
+  host_control: HostControlConfigSchema.default({}).describe("Host-control daemon configuration. Defaults to enabled=true since " + "RFC C Phase 2 (docs/rfcs/host-control-daemon.md). Omit the block " + "to accept defaults; set `enabled: false` only on legacy systemd-" + "mode installs (removal tracked as RFC C Phase 3)."),
   google_accounts: exports_external.record(exports_external.string().regex(/^[^@\s:]+@[^@\s:]+\.[^@\s:]+$/, {
     message: "Account key must be a Google account email like 'alice@example.com' (colons not allowed)"
   }).transform((v) => v.trim().toLowerCase()), exports_external.object({

package/dist/vault/approvals/kernel-server.js

@@ -11278,7 +11278,7 @@ var init_schema = __esm(() => {
     monthly_budget_usd: exports_external.number().positive().optional().describe("Monthly USD spend budget. If unset, the greeting shows raw usage only.")
   });
   HostControlConfigSchema = exports_external.object({
-    enabled: exports_external.boolean().optional().describe("Opt-in to the host-control daemon. Default: false. " + "When true, the compose generator emits per-agent bind mounts " + "at `~/.switchroom/hostd/<name>/sock` for every admin-flagged " + "agent. Install the daemon with `switchroom hostd install` — " + "it runs as a docker container in its own compose project " + "(`switchroom-hostd`), separate from the agent fleet's compose " + "project so `up -d --remove-orphans` cycles of the fleet " + "can't recreate the daemon mid-RPC. See RFC C §5.1. " + "Since Phase 2 (#1175 PR γ) the gateway's /restart, /new, /reset, " + "and /update apply slash-commands automatically dispatch through " + "hostd when enabled — replacing the in-container " + "`spawnSwitchroomDetached` shellout that requires docker access. " + "Set enabled: true on docker-mode installs to make those verbs work " + "(they otherwise fail because the agent container has no docker " + "binary/socket).")
+    enabled: exports_external.boolean().default(true).describe("Whether the host-control daemon is in use. Default: true (since " + "RFC C Phase 2 default-flip — the gateway's /restart, /new, /reset, " + "and /update apply slash-commands all dispatch through hostd, and " + "without it those verbs fail on docker-mode installs because the " + "agent container has no docker binary/socket). " + "When true, the compose generator emits per-agent bind mounts " + "at `~/.switchroom/hostd/<name>/sock` for every admin-flagged " + "agent. Install the daemon with `switchroom hostd install` — " + "it runs as a docker container in its own compose project " + "(`switchroom-hostd`), separate from the agent fleet's compose " + "project so `up -d --remove-orphans` cycles of the fleet " + "can't recreate the daemon mid-RPC. See RFC C §5.1. " + "Set enabled: false only on legacy systemd-mode installs that " + "still rely on the in-container `spawnSwitchroomDetached` " + "shellout (removal is tracked as RFC C Phase 3).")
   });
   SwitchroomConfigSchema = exports_external.object({
     switchroom: exports_external.object({
@@ -11304,7 +11304,7 @@ var init_schema = __esm(() => {
     drive: GoogleWorkspaceConfigSchema.describe("RFC D legacy key — use `google_workspace:` instead. Optional Google " + "Workspace onboarding configuration. When set, supplies Google OAuth " + "client credentials, the approver allowlist for `switchroom drive " + "connect`, and the optional tier knob. Env vars " + "(SWITCHROOM_GOOGLE_CLIENT_ID, SWITCHROOM_GOOGLE_CLIENT_SECRET, " + "SWITCHROOM_APPROVER_USER_ID) take precedence over this block when " + "set, preserving back-compat with the env-only flow shipped in #766."),
     google_workspace: GoogleWorkspaceConfigSchema.describe("RFC G canonical key. Top-level Google Workspace configuration — " + "OAuth client credentials, approver allowlist, and tier knob (`core` " + "| `extended` | `complete`, default `core`). Mutually exclusive with " + "`drive:` at the top level (loader fails fast if both are set)."),
     quota: QuotaConfigSchema.optional().describe("Optional weekly/monthly USD spend budgets rendered in the session " + "greeting. Usage is read from ccusage at runtime; no network calls."),
-    host_control: HostControlConfigSchema.optional().describe("Optional host-control daemon configuration. See RFC C " + "(docs/rfcs/host-control-daemon.md) and the field-level help on " + "`enabled` for the Phase 1 scope."),
+    host_control: HostControlConfigSchema.default({}).describe("Host-control daemon configuration. Defaults to enabled=true since " + "RFC C Phase 2 (docs/rfcs/host-control-daemon.md). Omit the block " + "to accept defaults; set `enabled: false` only on legacy systemd-" + "mode installs (removal tracked as RFC C Phase 3)."),
     google_accounts: exports_external.record(exports_external.string().regex(/^[^@\s:]+@[^@\s:]+\.[^@\s:]+$/, {
       message: "Account key must be a Google account email like 'alice@example.com' (colons not allowed)"
     }).transform((v) => v.trim().toLowerCase()), exports_external.object({

package/dist/vault/broker/server.js

@@ -11278,7 +11278,7 @@ var init_schema = __esm(() => {
     monthly_budget_usd: exports_external.number().positive().optional().describe("Monthly USD spend budget. If unset, the greeting shows raw usage only.")
   });
   HostControlConfigSchema = exports_external.object({
-    enabled: exports_external.boolean().optional().describe("Opt-in to the host-control daemon. Default: false. " + "When true, the compose generator emits per-agent bind mounts " + "at `~/.switchroom/hostd/<name>/sock` for every admin-flagged " + "agent. Install the daemon with `switchroom hostd install` — " + "it runs as a docker container in its own compose project " + "(`switchroom-hostd`), separate from the agent fleet's compose " + "project so `up -d --remove-orphans` cycles of the fleet " + "can't recreate the daemon mid-RPC. See RFC C §5.1. " + "Since Phase 2 (#1175 PR γ) the gateway's /restart, /new, /reset, " + "and /update apply slash-commands automatically dispatch through " + "hostd when enabled — replacing the in-container " + "`spawnSwitchroomDetached` shellout that requires docker access. " + "Set enabled: true on docker-mode installs to make those verbs work " + "(they otherwise fail because the agent container has no docker " + "binary/socket).")
+    enabled: exports_external.boolean().default(true).describe("Whether the host-control daemon is in use. Default: true (since " + "RFC C Phase 2 default-flip — the gateway's /restart, /new, /reset, " + "and /update apply slash-commands all dispatch through hostd, and " + "without it those verbs fail on docker-mode installs because the " + "agent container has no docker binary/socket). " + "When true, the compose generator emits per-agent bind mounts " + "at `~/.switchroom/hostd/<name>/sock` for every admin-flagged " + "agent. Install the daemon with `switchroom hostd install` — " + "it runs as a docker container in its own compose project " + "(`switchroom-hostd`), separate from the agent fleet's compose " + "project so `up -d --remove-orphans` cycles of the fleet " + "can't recreate the daemon mid-RPC. See RFC C §5.1. " + "Set enabled: false only on legacy systemd-mode installs that " + "still rely on the in-container `spawnSwitchroomDetached` " + "shellout (removal is tracked as RFC C Phase 3).")
   });
   SwitchroomConfigSchema = exports_external.object({
     switchroom: exports_external.object({
@@ -11304,7 +11304,7 @@ var init_schema = __esm(() => {
     drive: GoogleWorkspaceConfigSchema.describe("RFC D legacy key — use `google_workspace:` instead. Optional Google " + "Workspace onboarding configuration. When set, supplies Google OAuth " + "client credentials, the approver allowlist for `switchroom drive " + "connect`, and the optional tier knob. Env vars " + "(SWITCHROOM_GOOGLE_CLIENT_ID, SWITCHROOM_GOOGLE_CLIENT_SECRET, " + "SWITCHROOM_APPROVER_USER_ID) take precedence over this block when " + "set, preserving back-compat with the env-only flow shipped in #766."),
     google_workspace: GoogleWorkspaceConfigSchema.describe("RFC G canonical key. Top-level Google Workspace configuration — " + "OAuth client credentials, approver allowlist, and tier knob (`core` " + "| `extended` | `complete`, default `core`). Mutually exclusive with " + "`drive:` at the top level (loader fails fast if both are set)."),
     quota: QuotaConfigSchema.optional().describe("Optional weekly/monthly USD spend budgets rendered in the session " + "greeting. Usage is read from ccusage at runtime; no network calls."),
-    host_control: HostControlConfigSchema.optional().describe("Optional host-control daemon configuration. See RFC C " + "(docs/rfcs/host-control-daemon.md) and the field-level help on " + "`enabled` for the Phase 1 scope."),
+    host_control: HostControlConfigSchema.default({}).describe("Host-control daemon configuration. Defaults to enabled=true since " + "RFC C Phase 2 (docs/rfcs/host-control-daemon.md). Omit the block " + "to accept defaults; set `enabled: false` only on legacy systemd-" + "mode installs (removal tracked as RFC C Phase 3)."),
     google_accounts: exports_external.record(exports_external.string().regex(/^[^@\s:]+@[^@\s:]+\.[^@\s:]+$/, {
       message: "Account key must be a Google account email like 'alice@example.com' (colons not allowed)"
     }).transform((v) => v.trim().toLowerCase()), exports_external.object({

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "switchroom",
-  "version": "0.11.0",
+  "version": "0.11.1",
   "description": "Run Claude Code 24/7 on your Claude Pro/Max subscription over Telegram. Open-source alternative to OpenClaw and NanoClaw — no API keys.",
   "type": "module",
   "bin": {

package/telegram-plugin/auto-fallback-fleet.ts

@@ -18,8 +18,8 @@
  *
  * What this module does:
  *
- *   1. Probe live quota for every account in parallel
- *      (`fetchAccountQuota({force: true})`) so we pick the best
+ *   1. Probe live quota for every account in parallel via the
+ *      broker (`client.probeQuota(...)`, #1336) so we pick the best
  *      target with current data, not stale broker disk-cache.
  *   2. Skip blocked accounts entirely; pick the lowest-utilization
  *      healthy candidate (or, if none, the lowest throttling one).
@@ -79,8 +79,8 @@ export interface FleetFallbackDeps {
    *  is testable without spinning up a UDS. */
   state: ListStateData;
   /** Parallel array of live quota probes, same order as `state.accounts`.
-   *  Use `Promise.all(state.accounts.map(a =>
-   *  fetchAccountQuota(a.label, {force: true})))`. */
+   *  Get via `client.probeQuota(state.accounts.map(a => a.label))`
+   *  and map the response back to per-account results (#1336). */
   quotas: QuotaResult[];
   /** Broker `setActive` invoker. Returns the result for logging. */
   setActive: (label: string) => Promise<{ active: string; fanned: string[] }>;