switchroom 0.11.0 → 0.11.1

package/telegram-plugin/dist/gateway/gateway.js

@@ -16105,7 +16105,7 @@ function decodeResponse(line) {
   }
   return ResponseSchema.parse(parsed);
 }
-var MAX_FRAME_BYTES, PROTOCOL_VERSION = 1, ProviderNameSchema, GetCredentialsRequestSchema, ListStateRequestSchema, SetActiveRequestSchema, MarkExhaustedRequestSchema, RefreshAccountRequestSchema, AnthropicCredentialsSchema, GoogleCredentialsSchema, ProviderCredentialsSchema, AddAccountRequestSchema, RmAccountRequestSchema, SetOverrideRequestSchema, ListGoogleAccountsRequestSchema, RequestSchema, GetCredentialsDataSchema, AccountStateSchema, AgentStateSchema, ConsumerStateSchema, ListStateDataSchema, SetActiveDataSchema, MarkExhaustedDataSchema, RefreshAccountDataSchema, AddAccountDataSchema, RmAccountDataSchema, SetOverrideDataSchema, GoogleAccountStateSchema, ListGoogleAccountsDataSchema, ErrorBodySchema, SuccessResponseSchema, ErrorResponseSchema, ResponseSchema;
+var MAX_FRAME_BYTES, PROTOCOL_VERSION = 1, ProviderNameSchema, GetCredentialsRequestSchema, ListStateRequestSchema, SetActiveRequestSchema, MarkExhaustedRequestSchema, RefreshAccountRequestSchema, AnthropicCredentialsSchema, GoogleCredentialsSchema, ProviderCredentialsSchema, AddAccountRequestSchema, RmAccountRequestSchema, SetOverrideRequestSchema, ListGoogleAccountsRequestSchema, ProbeQuotaRequestSchema, RequestSchema, GetCredentialsDataSchema, AccountStateSchema, AgentStateSchema, ConsumerStateSchema, ListStateDataSchema, SetActiveDataSchema, MarkExhaustedDataSchema, RefreshAccountDataSchema, AddAccountDataSchema, RmAccountDataSchema, SetOverrideDataSchema, GoogleAccountStateSchema, ListGoogleAccountsDataSchema, ErrorBodySchema, SuccessResponseSchema, ErrorResponseSchema, ResponseSchema;
 var init_protocol = __esm(() => {
   init_zod();
   MAX_FRAME_BYTES = 64 * 1024;
@@ -16194,6 +16194,13 @@ var init_protocol = __esm(() => {
     op: exports_external.literal("list-google-accounts"),
     id: exports_external.string().min(1)
   });
+  ProbeQuotaRequestSchema = exports_external.object({
+    v: exports_external.literal(PROTOCOL_VERSION),
+    op: exports_external.literal("probe-quota"),
+    id: exports_external.string().min(1),
+    accounts: exports_external.array(exports_external.string().min(1)).min(1).max(32),
+    timeoutMs: exports_external.number().int().positive().max(60000).optional()
+  });
   RequestSchema = exports_external.discriminatedUnion("op", [
     GetCredentialsRequestSchema,
     ListStateRequestSchema,
@@ -16203,7 +16210,8 @@ var init_protocol = __esm(() => {
     AddAccountRequestSchema,
     RmAccountRequestSchema,
     SetOverrideRequestSchema,
-    ListGoogleAccountsRequestSchema
+    ListGoogleAccountsRequestSchema,
+    ProbeQuotaRequestSchema
   ]);
   GetCredentialsDataSchema = exports_external.object({
     account: exports_external.string(),
@@ -16382,6 +16390,16 @@ class AuthBrokerClient {
     });
     return data;
   }
+  async probeQuota(accounts, timeoutMs) {
+    const data = await this.send({
+      v: PROTOCOL_VERSION,
+      id: randomUUID3(),
+      op: "probe-quota",
+      accounts: [...accounts],
+      ...timeoutMs !== undefined ? { timeoutMs } : {}
+    });
+    return data;
+  }
   async setActive(account) {
     const data = await this.send({
       v: PROTOCOL_VERSION,
@@ -23889,7 +23907,7 @@ var init_schema = __esm(() => {
     monthly_budget_usd: exports_external.number().positive().optional().describe("Monthly USD spend budget. If unset, the greeting shows raw usage only.")
   });
   HostControlConfigSchema = exports_external.object({
-    enabled: exports_external.boolean().optional().describe("Opt-in to the host-control daemon. Default: false. " + "When true, the compose generator emits per-agent bind mounts " + "at `~/.switchroom/hostd/<name>/sock` for every admin-flagged " + "agent. Install the daemon with `switchroom hostd install` \u2014 " + "it runs as a docker container in its own compose project " + "(`switchroom-hostd`), separate from the agent fleet's compose " + "project so `up -d --remove-orphans` cycles of the fleet " + "can't recreate the daemon mid-RPC. See RFC C \u00a75.1. " + "Since Phase 2 (#1175 PR \u03b3) the gateway's /restart, /new, /reset, " + "and /update apply slash-commands automatically dispatch through " + "hostd when enabled \u2014 replacing the in-container " + "`spawnSwitchroomDetached` shellout that requires docker access. " + "Set enabled: true on docker-mode installs to make those verbs work " + "(they otherwise fail because the agent container has no docker " + "binary/socket).")
+    enabled: exports_external.boolean().default(true).describe("Whether the host-control daemon is in use. Default: true (since " + "RFC C Phase 2 default-flip \u2014 the gateway's /restart, /new, /reset, " + "and /update apply slash-commands all dispatch through hostd, and " + "without it those verbs fail on docker-mode installs because the " + "agent container has no docker binary/socket). " + "When true, the compose generator emits per-agent bind mounts " + "at `~/.switchroom/hostd/<name>/sock` for every admin-flagged " + "agent. Install the daemon with `switchroom hostd install` \u2014 " + "it runs as a docker container in its own compose project " + "(`switchroom-hostd`), separate from the agent fleet's compose " + "project so `up -d --remove-orphans` cycles of the fleet " + "can't recreate the daemon mid-RPC. See RFC C \u00a75.1. " + "Set enabled: false only on legacy systemd-mode installs that " + "still rely on the in-container `spawnSwitchroomDetached` " + "shellout (removal is tracked as RFC C Phase 3).")
   });
   SwitchroomConfigSchema = exports_external.object({
     switchroom: exports_external.object({
@@ -23915,7 +23933,7 @@ var init_schema = __esm(() => {
     drive: GoogleWorkspaceConfigSchema.describe("RFC D legacy key \u2014 use `google_workspace:` instead. Optional Google " + "Workspace onboarding configuration. When set, supplies Google OAuth " + "client credentials, the approver allowlist for `switchroom drive " + "connect`, and the optional tier knob. Env vars " + "(SWITCHROOM_GOOGLE_CLIENT_ID, SWITCHROOM_GOOGLE_CLIENT_SECRET, " + "SWITCHROOM_APPROVER_USER_ID) take precedence over this block when " + "set, preserving back-compat with the env-only flow shipped in #766."),
     google_workspace: GoogleWorkspaceConfigSchema.describe("RFC G canonical key. Top-level Google Workspace configuration \u2014 " + "OAuth client credentials, approver allowlist, and tier knob (`core` " + "| `extended` | `complete`, default `core`). Mutually exclusive with " + "`drive:` at the top level (loader fails fast if both are set)."),
     quota: QuotaConfigSchema.optional().describe("Optional weekly/monthly USD spend budgets rendered in the session " + "greeting. Usage is read from ccusage at runtime; no network calls."),
-    host_control: HostControlConfigSchema.optional().describe("Optional host-control daemon configuration. See RFC C " + "(docs/rfcs/host-control-daemon.md) and the field-level help on " + "`enabled` for the Phase 1 scope."),
+    host_control: HostControlConfigSchema.default({}).describe("Host-control daemon configuration. Defaults to enabled=true since " + "RFC C Phase 2 (docs/rfcs/host-control-daemon.md). Omit the block " + "to accept defaults; set `enabled: false` only on legacy systemd-" + "mode installs (removal tracked as RFC C Phase 3)."),
     google_accounts: exports_external.record(exports_external.string().regex(/^[^@\s:]+@[^@\s:]+\.[^@\s:]+$/, {
       message: "Account key must be a Google account email like 'alice@example.com' (colons not allowed)"
     }).transform((v) => v.trim().toLowerCase()), exports_external.object({
@@ -24901,7 +24919,7 @@ function isDockerRuntime() {
 import * as net3 from "node:net";
 import * as fs from "node:fs";
 import { homedir as homedir7 } from "node:os";
-import { join as join17 } from "node:path";
+import { join as join16 } from "node:path";
 function defaultBrokerSocketPath() {
   if (isDockerRuntime()) {
     if (fs.existsSync(OPERATOR_SOCKET_PATH))
@@ -24911,7 +24929,7 @@ function defaultBrokerSocketPath() {
   return LEGACY_SOCKET_PATH;
 }
 function vaultTokenFilePath(agentSlug) {
-  return join17(homedir7(), ".switchroom", "agents", agentSlug, ".vault-token");
+  return join16(homedir7(), ".switchroom", "agents", agentSlug, ".vault-token");
 }
 function readVaultTokenFile(agentSlug) {
   const filePath = vaultTokenFilePath(agentSlug);
@@ -25038,8 +25056,8 @@ var DEFAULT_TIMEOUT_MS3 = 2000, LEGACY_SOCKET_PATH, OPERATOR_SOCKET_PATH;
 var init_client2 = __esm(() => {
   init_protocol2();
   init_peercred();
-  LEGACY_SOCKET_PATH = join17(homedir7(), ".switchroom", "vault-broker.sock");
-  OPERATOR_SOCKET_PATH = join17(homedir7(), ".switchroom", "broker-operator", "sock");
+  LEGACY_SOCKET_PATH = join16(homedir7(), ".switchroom", "vault-broker.sock");
+  OPERATOR_SOCKET_PATH = join16(homedir7(), ".switchroom", "broker-operator", "sock");
 });
 
 // ../src/drive/deep-links.ts
@@ -38161,7 +38179,8 @@ function createAuthBrokerClient() {
     setActive: (label) => broker.setActive(label),
     rmAccount: (label) => broker.rmAccount(label),
     refreshAccount: (label) => broker.refreshAccount(label),
-    setOverride: (agent, account) => broker.setOverride(agent, account)
+    setOverride: (agent, account) => broker.setOverride(agent, account),
+    probeQuota: (accounts, timeoutMs) => broker.probeQuota(accounts, timeoutMs)
   };
   return { client: client3, close: () => broker.close() };
 }
@@ -38272,6 +38291,16 @@ class AuthBrokerClient2 {
     });
     return data;
   }
+  async probeQuota(accounts, timeoutMs) {
+    const data = await this.send({
+      v: PROTOCOL_VERSION,
+      id: randomUUID4(),
+      op: "probe-quota",
+      accounts: [...accounts],
+      ...timeoutMs !== undefined ? { timeoutMs } : {}
+    });
+    return data;
+  }
   async setActive(account) {
     const data = await this.send({
       v: PROTOCOL_VERSION,
@@ -39195,194 +39224,6 @@ function pctSummary(q) {
   return `${Math.round(q.fiveHourUtilizationPct)}% / ${Math.round(q.sevenDayUtilizationPct)}%`;
 }
 
-// quota-check.ts
-import { readFileSync as readFileSync9, existsSync as existsSync13 } from "fs";
-import { join as join13 } from "path";
-var OAUTH_BETA2 = "oauth-2025-04-20";
-var DEFAULT_USER_AGENT2 = "claude-cli/1.0.0 (external, cli)";
-var DEFAULT_PROBE_MODEL2 = "claude-haiku-4-5-20251001";
-function readOauthToken2(claudeConfigDir) {
-  const tokenFile = join13(claudeConfigDir, ".oauth-token");
-  if (!existsSync13(tokenFile))
-    return null;
-  try {
-    const raw = readFileSync9(tokenFile, "utf-8").trim();
-    return raw.length > 0 ? raw : null;
-  } catch {
-    return null;
-  }
-}
-function parseFloatHeader2(headers, name) {
-  const v = headers.get(name);
-  if (v == null || v.trim().length === 0)
-    return null;
-  const n = Number(v);
-  return Number.isFinite(n) ? n : null;
-}
-function parseEpochHeader2(headers, name) {
-  const v = headers.get(name);
-  if (v == null)
-    return null;
-  const n = Number(v);
-  if (!Number.isFinite(n) || n <= 0)
-    return null;
-  return new Date(n * 1000);
-}
-function parseQuotaHeaders2(headers) {
-  const fiveHour = parseFloatHeader2(headers, "anthropic-ratelimit-unified-5h-utilization");
-  const sevenDay = parseFloatHeader2(headers, "anthropic-ratelimit-unified-7d-utilization");
-  if (fiveHour == null && sevenDay == null) {
-    return {
-      ok: false,
-      reason: "no unified rate-limit headers in response (API token, not OAuth?)"
-    };
-  }
-  return {
-    ok: true,
-    data: {
-      fiveHourUtilizationPct: (fiveHour ?? 0) * 100,
-      sevenDayUtilizationPct: (sevenDay ?? 0) * 100,
-      fiveHourResetAt: parseEpochHeader2(headers, "anthropic-ratelimit-unified-5h-reset"),
-      sevenDayResetAt: parseEpochHeader2(headers, "anthropic-ratelimit-unified-7d-reset"),
-      representativeClaim: headers.get("anthropic-ratelimit-unified-representative-claim"),
-      overageStatus: headers.get("anthropic-ratelimit-unified-overage-status"),
-      overageDisabledReason: headers.get("anthropic-ratelimit-unified-overage-disabled-reason")
-    }
-  };
-}
-async function fetchQuota2(opts) {
-  let token;
-  if (opts.accessToken && opts.claudeConfigDir) {
-    return {
-      ok: false,
-      reason: "pass only one of `accessToken` or `claudeConfigDir`, not both"
-    };
-  }
-  if (opts.accessToken) {
-    token = opts.accessToken.trim().length > 0 ? opts.accessToken : null;
-  } else if (opts.claudeConfigDir) {
-    token = readOauthToken2(opts.claudeConfigDir);
-  } else {
-    return {
-      ok: false,
-      reason: "fetchQuota requires `accessToken` or `claudeConfigDir`"
-    };
-  }
-  if (!token) {
-    return { ok: false, reason: "no OAuth token at .oauth-token" };
-  }
-  const controller = new AbortController;
-  const timeout = setTimeout(() => controller.abort(), opts.timeoutMs ?? 1e4);
-  const fetchFn = opts.fetchImpl ?? fetch;
-  let resp;
-  try {
-    resp = await fetchFn("https://api.anthropic.com/v1/messages", {
-      method: "POST",
-      headers: {
-        "anthropic-version": "2023-06-01",
-        "anthropic-beta": OAUTH_BETA2,
-        authorization: `Bearer ${token}`,
-        "x-app": "cli",
-        "user-agent": DEFAULT_USER_AGENT2,
-        "content-type": "application/json"
-      },
-      body: JSON.stringify({
-        model: opts.model ?? DEFAULT_PROBE_MODEL2,
-        max_tokens: 1,
-        messages: [{ role: "user", content: "hi" }]
-      }),
-      signal: controller.signal
-    });
-  } catch (err) {
-    const msg = err?.message ?? String(err);
-    return { ok: false, reason: `request failed: ${msg}` };
-  } finally {
-    clearTimeout(timeout);
-  }
-  if (resp.status === 401 || resp.status === 403) {
-    return { ok: false, reason: `auth rejected (HTTP ${resp.status})` };
-  }
-  const parsed = parseQuotaHeaders2(resp.headers);
-  if (!parsed.ok && resp.status >= 400) {
-    return { ok: false, reason: `HTTP ${resp.status}, ${parsed.reason}` };
-  }
-  return parsed;
-}
-function formatResetRelative2(target, now = new Date) {
-  if (!target)
-    return "\u2014";
-  const deltaMs = target.getTime() - now.getTime();
-  if (deltaMs <= 0)
-    return "resets now";
-  const totalMin = Math.round(deltaMs / 60000);
-  if (totalMin < 60)
-    return `resets in ${totalMin}m`;
-  const hours = Math.floor(totalMin / 60);
-  const mins = totalMin % 60;
-  if (hours < 24)
-    return mins > 0 ? `resets in ${hours}h ${mins}m` : `resets in ${hours}h`;
-  const days = Math.floor(hours / 24);
-  const remH = hours % 24;
-  return remH > 0 ? `resets in ${days}d ${remH}h` : `resets in ${days}d`;
-}
-function formatQuotaBlock(q, now = new Date) {
-  const lines = [];
-  lines.push("<b>Claude plan quota</b>");
-  lines.push("");
-  lines.push(`<b>5h window</b>  ${Math.round(q.fiveHourUtilizationPct)}% \u00b7 ${formatResetRelative2(q.fiveHourResetAt, now)}`);
-  lines.push(`<b>7d window</b>  ${Math.round(q.sevenDayUtilizationPct)}% \u00b7 ${formatResetRelative2(q.sevenDayResetAt, now)}`);
-  if (q.representativeClaim) {
-    lines.push("");
-    lines.push(`<i>Binding window: ${q.representativeClaim.replace(/_/g, " ")}</i>`);
-  }
-  if (q.overageStatus && q.overageStatus !== "allowed") {
-    const reason = q.overageDisabledReason ? ` (${q.overageDisabledReason})` : "";
-    lines.push(`<i>Overage: ${q.overageStatus}${reason}</i>`);
-  }
-  return lines.join(`
-`);
-}
-function readAccountAccessToken(label, home2 = process.env.HOME ?? "/root") {
-  const credPath = join13(home2, ".switchroom", "accounts", label, "credentials.json");
-  if (!existsSync13(credPath))
-    return null;
-  try {
-    const raw = readFileSync9(credPath, "utf-8");
-    const parsed = JSON.parse(raw);
-    const token = parsed.claudeAiOauth?.accessToken?.trim();
-    return token && token.length > 0 ? token : null;
-  } catch {
-    return null;
-  }
-}
-var ACCOUNT_QUOTA_CACHE_TTL_MS2 = 5 * 60000;
-var accountQuotaCache2 = new Map;
-async function fetchAccountQuota(label, opts = {}) {
-  const now = opts.now?.() ?? Date.now();
-  if (!opts.force) {
-    const cached = accountQuotaCache2.get(label);
-    if (cached && now - cached.fetchedAt < ACCOUNT_QUOTA_CACHE_TTL_MS2) {
-      return cached.result;
-    }
-  }
-  const token = readAccountAccessToken(label, opts.home);
-  if (!token) {
-    const result2 = {
-      ok: false,
-      reason: "no credentials.json or accessToken for account"
-    };
-    accountQuotaCache2.set(label, { fetchedAt: now, result: result2 });
-    return result2;
-  }
-  const result = await fetchQuota2({
-    accessToken: token,
-    fetchImpl: opts.fetchImpl,
-    timeoutMs: opts.timeoutMs
-  });
-  accountQuotaCache2.set(label, { fetchedAt: now, result });
-  return result;
-}
-
 // gateway/restart-watchdog.ts
 function parseSystemdShowOutput(raw) {
   const lines = raw.split(/\r?\n/);
@@ -40278,8 +40119,8 @@ function isTurnFlushSafetyEnabled(env = process.env) {
 }
 
 // handoff-continuity.ts
-import { readFileSync as readFileSync10, unlinkSync as unlinkSync2, existsSync as existsSync14, writeFileSync as writeFileSync6, renameSync as renameSync2 } from "node:fs";
-import { dirname as dirname7, join as join14 } from "node:path";
+import { readFileSync as readFileSync9, unlinkSync as unlinkSync2, existsSync as existsSync13, writeFileSync as writeFileSync6, renameSync as renameSync2 } from "node:fs";
+import { dirname as dirname7, join as join13 } from "node:path";
 var TOPIC_DISPLAY_MAX = 117;
 var HANDOFF_TOPIC_FILENAME = ".handoff-topic";
 var LAST_TURN_SUMMARY_FILENAME = ".last-turn-summary";
@@ -40290,12 +40131,12 @@ function resolveAgentDirFromEnv() {
   return dirname7(state3);
 }
 function readHandoffTopic(agentDir) {
-  const p = join14(agentDir, HANDOFF_TOPIC_FILENAME);
-  if (!existsSync14(p))
+  const p = join13(agentDir, HANDOFF_TOPIC_FILENAME);
+  if (!existsSync13(p))
     return null;
   let raw;
   try {
-    raw = readFileSync10(p, "utf-8");
+    raw = readFileSync9(p, "utf-8");
   } catch {
     return null;
   }
@@ -40309,12 +40150,12 @@ function readHandoffTopic(agentDir) {
   return topic;
 }
 function readLastTurnSummary(agentDir) {
-  const p = join14(agentDir, LAST_TURN_SUMMARY_FILENAME);
-  if (!existsSync14(p))
+  const p = join13(agentDir, LAST_TURN_SUMMARY_FILENAME);
+  if (!existsSync13(p))
     return null;
   let raw;
   try {
-    raw = readFileSync10(p, "utf-8");
+    raw = readFileSync9(p, "utf-8");
   } catch {
     return null;
   }
@@ -40329,8 +40170,8 @@ function readLastTurnSummary(agentDir) {
 }
 function consumeHandoffTopic(agentDir) {
   const primary = readHandoffTopic(agentDir);
-  const primaryPath = join14(agentDir, HANDOFF_TOPIC_FILENAME);
-  const fallbackPath = join14(agentDir, LAST_TURN_SUMMARY_FILENAME);
+  const primaryPath = join13(agentDir, HANDOFF_TOPIC_FILENAME);
+  const fallbackPath = join13(agentDir, LAST_TURN_SUMMARY_FILENAME);
   const removeFallback = () => {
     try {
       unlinkSync2(fallbackPath);
@@ -40383,19 +40224,19 @@ function escapeMarkdownV2(s) {
 }
 
 // active-reactions.ts
-import { readFileSync as readFileSync11, writeFileSync as writeFileSync7, renameSync as renameSync3, existsSync as existsSync15, unlinkSync as unlinkSync3 } from "node:fs";
-import { join as join15 } from "node:path";
+import { readFileSync as readFileSync10, writeFileSync as writeFileSync7, renameSync as renameSync3, existsSync as existsSync14, unlinkSync as unlinkSync3 } from "node:fs";
+import { join as join14 } from "node:path";
 var ACTIVE_REACTIONS_FILENAME = ".active-reactions.json";
 function reactionsPath(agentDir) {
-  return join15(agentDir, ACTIVE_REACTIONS_FILENAME);
+  return join14(agentDir, ACTIVE_REACTIONS_FILENAME);
 }
 function readActiveReactions(agentDir) {
   const p = reactionsPath(agentDir);
-  if (!existsSync15(p))
+  if (!existsSync14(p))
     return [];
   let raw;
   try {
-    raw = readFileSync11(p, "utf-8");
+    raw = readFileSync10(p, "utf-8");
   } catch {
     return [];
   }
@@ -40451,19 +40292,19 @@ function clearActiveReactions(agentDir) {
 }
 
 // active-reactions.ts
-import { readFileSync as readFileSync12, writeFileSync as writeFileSync8, renameSync as renameSync4, existsSync as existsSync16, unlinkSync as unlinkSync4 } from "node:fs";
-import { join as join16 } from "node:path";
+import { readFileSync as readFileSync11, writeFileSync as writeFileSync8, renameSync as renameSync4, existsSync as existsSync15, unlinkSync as unlinkSync4 } from "node:fs";
+import { join as join15 } from "node:path";
 var ACTIVE_REACTIONS_FILENAME2 = ".active-reactions.json";
 function reactionsPath2(agentDir) {
-  return join16(agentDir, ACTIVE_REACTIONS_FILENAME2);
+  return join15(agentDir, ACTIVE_REACTIONS_FILENAME2);
 }
 function readActiveReactions2(agentDir) {
   const p = reactionsPath2(agentDir);
-  if (!existsSync16(p))
+  if (!existsSync15(p))
     return [];
   let raw;
   try {
-    raw = readFileSync12(p, "utf-8");
+    raw = readFileSync11(p, "utf-8");
   } catch {
     return [];
   }
@@ -41321,6 +41162,156 @@ async function approvalRecord(args, opts) {
   return r.resp.decision_id;
 }
 
+// quota-check.ts
+import { readFileSync as readFileSync13, existsSync as existsSync17 } from "fs";
+import { join as join17 } from "path";
+var OAUTH_BETA2 = "oauth-2025-04-20";
+var DEFAULT_USER_AGENT2 = "claude-cli/1.0.0 (external, cli)";
+var DEFAULT_PROBE_MODEL2 = "claude-haiku-4-5-20251001";
+function readOauthToken2(claudeConfigDir) {
+  const tokenFile = join17(claudeConfigDir, ".oauth-token");
+  if (!existsSync17(tokenFile))
+    return null;
+  try {
+    const raw = readFileSync13(tokenFile, "utf-8").trim();
+    return raw.length > 0 ? raw : null;
+  } catch {
+    return null;
+  }
+}
+function parseFloatHeader2(headers, name) {
+  const v = headers.get(name);
+  if (v == null || v.trim().length === 0)
+    return null;
+  const n = Number(v);
+  return Number.isFinite(n) ? n : null;
+}
+function parseEpochHeader2(headers, name) {
+  const v = headers.get(name);
+  if (v == null)
+    return null;
+  const n = Number(v);
+  if (!Number.isFinite(n) || n <= 0)
+    return null;
+  return new Date(n * 1000);
+}
+function parseQuotaHeaders2(headers) {
+  const fiveHour = parseFloatHeader2(headers, "anthropic-ratelimit-unified-5h-utilization");
+  const sevenDay = parseFloatHeader2(headers, "anthropic-ratelimit-unified-7d-utilization");
+  if (fiveHour == null && sevenDay == null) {
+    return {
+      ok: false,
+      reason: "no unified rate-limit headers in response (API token, not OAuth?)"
+    };
+  }
+  return {
+    ok: true,
+    data: {
+      fiveHourUtilizationPct: (fiveHour ?? 0) * 100,
+      sevenDayUtilizationPct: (sevenDay ?? 0) * 100,
+      fiveHourResetAt: parseEpochHeader2(headers, "anthropic-ratelimit-unified-5h-reset"),
+      sevenDayResetAt: parseEpochHeader2(headers, "anthropic-ratelimit-unified-7d-reset"),
+      representativeClaim: headers.get("anthropic-ratelimit-unified-representative-claim"),
+      overageStatus: headers.get("anthropic-ratelimit-unified-overage-status"),
+      overageDisabledReason: headers.get("anthropic-ratelimit-unified-overage-disabled-reason")
+    }
+  };
+}
+async function fetchQuota2(opts) {
+  let token;
+  if (opts.accessToken && opts.claudeConfigDir) {
+    return {
+      ok: false,
+      reason: "pass only one of `accessToken` or `claudeConfigDir`, not both"
+    };
+  }
+  if (opts.accessToken) {
+    token = opts.accessToken.trim().length > 0 ? opts.accessToken : null;
+  } else if (opts.claudeConfigDir) {
+    token = readOauthToken2(opts.claudeConfigDir);
+  } else {
+    return {
+      ok: false,
+      reason: "fetchQuota requires `accessToken` or `claudeConfigDir`"
+    };
+  }
+  if (!token) {
+    return { ok: false, reason: "no OAuth token at .oauth-token" };
+  }
+  const controller = new AbortController;
+  const timeout = setTimeout(() => controller.abort(), opts.timeoutMs ?? 1e4);
+  const fetchFn = opts.fetchImpl ?? fetch;
+  let resp;
+  try {
+    resp = await fetchFn("https://api.anthropic.com/v1/messages", {
+      method: "POST",
+      headers: {
+        "anthropic-version": "2023-06-01",
+        "anthropic-beta": OAUTH_BETA2,
+        authorization: `Bearer ${token}`,
+        "x-app": "cli",
+        "user-agent": DEFAULT_USER_AGENT2,
+        "content-type": "application/json"
+      },
+      body: JSON.stringify({
+        model: opts.model ?? DEFAULT_PROBE_MODEL2,
+        max_tokens: 1,
+        messages: [{ role: "user", content: "hi" }]
+      }),
+      signal: controller.signal
+    });
+  } catch (err) {
+    const msg = err?.message ?? String(err);
+    return { ok: false, reason: `request failed: ${msg}` };
+  } finally {
+    clearTimeout(timeout);
+  }
+  if (resp.status === 401 || resp.status === 403) {
+    return { ok: false, reason: `auth rejected (HTTP ${resp.status})` };
+  }
+  const parsed = parseQuotaHeaders2(resp.headers);
+  if (!parsed.ok && resp.status >= 400) {
+    return { ok: false, reason: `HTTP ${resp.status}, ${parsed.reason}` };
+  }
+  return parsed;
+}
+function formatResetRelative2(target, now = new Date) {
+  if (!target)
+    return "\u2014";
+  const deltaMs = target.getTime() - now.getTime();
+  if (deltaMs <= 0)
+    return "resets now";
+  const totalMin = Math.round(deltaMs / 60000);
+  if (totalMin < 60)
+    return `resets in ${totalMin}m`;
+  const hours = Math.floor(totalMin / 60);
+  const mins = totalMin % 60;
+  if (hours < 24)
+    return mins > 0 ? `resets in ${hours}h ${mins}m` : `resets in ${hours}h`;
+  const days = Math.floor(hours / 24);
+  const remH = hours % 24;
+  return remH > 0 ? `resets in ${days}d ${remH}h` : `resets in ${days}d`;
+}
+function formatQuotaBlock(q, now = new Date) {
+  const lines = [];
+  lines.push("<b>Claude plan quota</b>");
+  lines.push("");
+  lines.push(`<b>5h window</b>  ${Math.round(q.fiveHourUtilizationPct)}% \u00b7 ${formatResetRelative2(q.fiveHourResetAt, now)}`);
+  lines.push(`<b>7d window</b>  ${Math.round(q.sevenDayUtilizationPct)}% \u00b7 ${formatResetRelative2(q.sevenDayResetAt, now)}`);
+  if (q.representativeClaim) {
+    lines.push("");
+    lines.push(`<i>Binding window: ${q.representativeClaim.replace(/_/g, " ")}</i>`);
+  }
+  if (q.overageStatus && q.overageStatus !== "allowed") {
+    const reason = q.overageDisabledReason ? ` (${q.overageDisabledReason})` : "";
+    lines.push(`<i>Overage: ${q.overageStatus}${reason}</i>`);
+  }
+  return lines.join(`
+`);
+}
+var ACCOUNT_QUOTA_CACHE_TTL_MS2 = 5 * 60000;
+var accountQuotaCache2 = new Map;
+
 // auto-fallback.ts
 var DEFAULT_FALLBACK_COOLDOWN_MS = 2 * 60000;
 var LOCKOUT_FILE = "auto-fallback-lockout.json";
@@ -42419,7 +42410,7 @@ function isHostdEnabled() {
     return _hostdEnabled;
   try {
     const cfg = loadConfig();
-    _hostdEnabled = cfg.host_control?.enabled === true;
+    _hostdEnabled = cfg.host_control?.enabled !== false;
   } catch {
     _hostdEnabled = false;
   }
@@ -46241,10 +46232,10 @@ function sweepStaleTurnActiveMarker(stateDir, opts) {
 }
 
 // ../src/build-info.ts
-var VERSION = "0.11.0";
-var COMMIT_SHA = "abff20c7";
-var COMMIT_DATE = "2026-05-15T16:50:03+10:00";
-var LATEST_PR = 1335;
+var VERSION = "0.11.1";
+var COMMIT_SHA = "f5d84dfb";
+var COMMIT_DATE = "2026-05-15T19:01:48+10:00";
+var LATEST_PR = 1342;
 var COMMITS_AHEAD_OF_TAG = 0;
 
 // gateway/boot-version.ts
@@ -51962,7 +51953,11 @@ async function doFireFleetAutoFallback(triggerAgent) {
       return false;
     }
     const state3 = await client3.listState();
-    const quotas = await Promise.all(state3.accounts.map((a) => fetchAccountQuota(a.label, { force: true })));
+    const probeResp = state3.accounts.length > 0 ? await client3.probeQuota(state3.accounts.map((a) => a.label)).catch(() => ({ results: [] })) : { results: [] };
+    const quotas = state3.accounts.map((a) => {
+      const hit = probeResp.results.find((r) => r.label === a.label);
+      return hit?.result ?? { ok: false, reason: "broker returned no result for account" };
+    });
     const tz = process.env.SWITCHROOM_TIMEZONE ?? process.env.TZ ?? "UTC";
     const outcome = await runFleetAutoFallback({
       state: state3,
@@ -52087,7 +52082,20 @@ Send <code>/auth cancel</code> to abort.`, { html: true });
     isAdmin: isAdmin2,
     client: client3,
     chatId,
-    liveQuotas: async (accounts) => Promise.all(accounts.map((a) => fetchAccountQuota(a.label, { force: true }))),
+    liveQuotas: async (accounts) => {
+      try {
+        const { results } = await client3.probeQuota(accounts.map((a) => a.label));
+        return accounts.map((a) => {
+          const hit = results.find((r) => r.label === a.label);
+          if (!hit)
+            return { ok: false, reason: "broker returned no result for account" };
+          return hit.result;
+        });
+      } catch (err) {
+        const reason = `broker probe-quota failed: ${err?.message ?? String(err)}`;
+        return accounts.map(() => ({ ok: false, reason }));
+      }
+    },
     tz: process.env.SWITCHROOM_TIMEZONE ?? process.env.TZ
   });
   if (reply.keyboard && reply.keyboard.length > 0) {
@@ -53095,7 +53103,11 @@ async function handleAuthDashboardCallback(ctx) {
         return;
       }
       const state3 = await client3.listState();
-      const quotas = await Promise.all(state3.accounts.map((a) => fetchAccountQuota(a.label, { force: true })));
+      const probeResp = state3.accounts.length > 0 ? await client3.probeQuota(state3.accounts.map((a) => a.label)).catch(() => ({ results: [] })) : { results: [] };
+      const quotas = state3.accounts.map((a) => {
+        const hit = probeResp.results.find((r) => r.label === a.label);
+        return hit?.result ?? { ok: false, reason: "broker returned no result for account" };
+      });
       const tz = process.env.SWITCHROOM_TIMEZONE ?? process.env.TZ ?? "UTC";
       const { renderAuthSnapshotFormat2: renderAuthSnapshotFormat23, buildSnapshotsFromState: buildSnapshotsFromState3, buildSnapshotKeyboard: buildSnapshotKeyboard3 } = await Promise.resolve().then(() => (init_auth_snapshot_format(), exports_auth_snapshot_format));
       const snapshots = buildSnapshotsFromState3(state3, quotas);
@@ -53488,7 +53500,11 @@ bot.command("usage", async (ctx) => {
     if (client3) {
       const state3 = await client3.listState();
       if (state3.accounts.length > 0) {
-        const quotas = await Promise.all(state3.accounts.map((a) => fetchAccountQuota(a.label, { force: true })));
+        const probeResp = await client3.probeQuota(state3.accounts.map((a) => a.label)).catch(() => ({ results: [] }));
+        const quotas = state3.accounts.map((a) => {
+          const hit = probeResp.results.find((r) => r.label === a.label);
+          return hit?.result ?? { ok: false, reason: "broker returned no result for account" };
+        });
         const { renderAuthSnapshotFormat2: renderAuthSnapshotFormat23, buildSnapshotsFromState: buildSnapshotsFromState3 } = await Promise.resolve().then(() => (init_auth_snapshot_format(), exports_auth_snapshot_format));
         const tz = process.env.SWITCHROOM_TIMEZONE ?? process.env.TZ ?? "UTC";
         const snapshots = buildSnapshotsFromState3(state3, quotas);

package/telegram-plugin/gateway/auth-broker-client.ts

@@ -30,6 +30,8 @@ export function createAuthBrokerClient(): {
     refreshAccount: (label: string) => broker.refreshAccount(label),
     setOverride: (agent: string, account: string | null) =>
       broker.setOverride(agent, account),
+    probeQuota: (accounts: readonly string[], timeoutMs?: number) =>
+      broker.probeQuota(accounts, timeoutMs),
   }
   return { client, close: () => broker.close() }
 }