switchroom 0.12.0 → 0.12.2

package/dist/cli/switchroom.js

@@ -21988,6 +21988,7 @@ __export(exports_client, {
   listGrantsViaBroker: () => listGrantsViaBroker,
   getViaBrokerStructured: () => getViaBrokerStructured,
   getViaBroker: () => getViaBroker,
+  defaultBrokerSocketPath: () => defaultBrokerSocketPath,
   createBrokerClient: () => createBrokerClient,
   brokerIsComposeManaged: () => brokerIsComposeManaged,
   VaultTokenRejectedError: () => VaultTokenRejectedError
@@ -22252,7 +22253,7 @@ async function lockViaBroker(opts) {
 async function unlockViaBroker(passphrase, opts) {
   const dataSocketPath = resolveBrokerSocketPath(opts);
   const unlockSocketPath = unlockSocketFor(dataSocketPath);
-  const timeoutMs = opts?.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+  const timeoutMs = opts?.timeoutMs ?? UNLOCK_TIMEOUT_MS;
   return new Promise((resolve8) => {
     let settled = false;
     const settle = (val) => {
@@ -22354,7 +22355,7 @@ async function revokeGrantViaBroker(id, opts) {
     return { kind: "error", msg: resp.msg };
   return { kind: "error", msg: "unexpected broker response" };
 }
-var DEFAULT_TIMEOUT_MS = 2000, LEGACY_SOCKET_PATH, OPERATOR_SOCKET_PATH, VaultTokenRejectedError;
+var DEFAULT_TIMEOUT_MS = 2000, UNLOCK_TIMEOUT_MS = 30000, LEGACY_SOCKET_PATH, OPERATOR_SOCKET_PATH, VaultTokenRejectedError;
 var init_client = __esm(() => {
   init_protocol();
   init_peercred();
@@ -23085,6 +23086,8 @@ function emitAgentService(lines, a, imageTag, buildMode, buildContext, homePrefi
     NPM_CONFIG_PREFIX: "/state/agent/home/.npm-global",
     PIP_BREAK_SYSTEM_PACKAGES: "1",
     PIP_USER: "1",
+    DISABLE_AUTOUPDATER: "1",
+    CLAUDE_CODE_ATTRIBUTION_HEADER: "0",
     SWITCHROOM_AGENT_NAME: a.name,
     SWITCHROOM_CONTAINER: "1",
     SWITCHROOM_VAULT_BROKER_SOCK: `/run/switchroom/broker/sock`,
@@ -27070,6 +27073,151 @@ var init_via_claude = __esm(() => {
   ];
 });
 
+// src/vault/broker/acl.ts
+function parseCronUnit(unitName) {
+  const m = unitName.match(/^switchroom-([a-zA-Z0-9_-]+)-cron-(\d+)\.service$/);
+  if (!m)
+    return null;
+  const agentName = m[1];
+  const index = parseInt(m[2], 10);
+  if (!agentName)
+    return null;
+  return { agentName, index };
+}
+function agentSlugFromPeer(peer) {
+  if (peer.systemdUnit === null)
+    return null;
+  const parsed = parseCronUnit(peer.systemdUnit);
+  return parsed?.agentName ?? null;
+}
+function checkEntryScope(scope, agentSlug) {
+  if (scope === undefined || scope === null) {
+    return { allow: true };
+  }
+  const deny = scope.deny ?? [];
+  const allow = scope.allow ?? [];
+  if (agentSlug !== null && deny.includes(agentSlug)) {
+    return {
+      allow: false,
+      reason: `agent '${agentSlug}' is in the entry's deny list (scope-deny)`
+    };
+  }
+  if (allow.length > 0) {
+    if (agentSlug === null || !allow.includes(agentSlug)) {
+      return {
+        allow: false,
+        reason: agentSlug === null ? "caller agent slug could not be determined; entry has a non-empty allow list (scope-allow)" : `agent '${agentSlug}' is not in the entry's allow list (scope-allow)`
+      };
+    }
+  }
+  return { allow: true };
+}
+function checkAcl(peer, config, key) {
+  if (peer.systemdUnit !== null) {
+    const parsed = parseCronUnit(peer.systemdUnit);
+    if (parsed === null) {
+      return {
+        allow: false,
+        reason: `systemd unit '${peer.systemdUnit}' does not match switchroom cron unit naming convention`
+      };
+    }
+    const { agentName, index } = parsed;
+    const agentConfig = config.agents?.[agentName];
+    if (!agentConfig) {
+      return { allow: false, reason: `agent '${agentName}' not found in config` };
+    }
+    const schedule = agentConfig.schedule ?? [];
+    if (index >= schedule.length || index < 0) {
+      return {
+        allow: false,
+        reason: `schedule index ${index} out of range for agent '${agentName}' (${schedule.length} entries)`
+      };
+    }
+    const entry = schedule[index];
+    const allowedKeys = entry.secrets ?? [];
+    if (!allowedKeys.includes(key)) {
+      return {
+        allow: false,
+        reason: `key '${key}' not in ACL for ${agentName}/schedule[${index}]`
+      };
+    }
+    return { allow: true };
+  }
+  return {
+    allow: false,
+    reason: "caller is not a switchroom cron unit; use 'switchroom vault get --no-broker' for interactive access"
+  };
+}
+function checkAclByAgent(config, agentName, key) {
+  if (!agentName) {
+    return { allow: false, reason: "agent name unresolved" };
+  }
+  const agentConfig = config.agents?.[agentName];
+  if (!agentConfig) {
+    return { allow: false, reason: `agent '${agentName}' not found in config` };
+  }
+  const googleSlot = parseGoogleAccountSlotKey(key);
+  if (googleSlot !== null) {
+    return checkGoogleAccountAcl(config, agentName, googleSlot.account, key);
+  }
+  const agentBot = agentConfig.bot_token;
+  const botRef = agentBot && agentBot.length > 0 ? agentBot : config.telegram?.bot_token;
+  if (typeof botRef === "string" && botRef.startsWith("vault:")) {
+    const botKey = botRef.slice("vault:".length).split("#")[0];
+    if (botKey.length > 0 && botKey === key) {
+      return { allow: true };
+    }
+  }
+  const schedule = agentConfig.schedule ?? [];
+  if (schedule.length === 0) {
+    return {
+      allow: false,
+      reason: `agent '${agentName}' has no schedule entries declaring 'secrets'; nothing is broker-accessible`
+    };
+  }
+  for (const entry of schedule) {
+    const allowed = entry?.secrets ?? [];
+    if (allowed.includes(key)) {
+      return { allow: true };
+    }
+  }
+  return {
+    allow: false,
+    reason: `key '${key}' not in ACL for agent '${agentName}'`
+  };
+}
+function parseGoogleAccountSlotKey(key) {
+  const match = key.match(/^google:([^:]+):([a-z_]+)$/);
+  if (!match)
+    return null;
+  return { account: match[1], field: match[2] };
+}
+function checkGoogleAccountAcl(config, agentName, account, key) {
+  const accounts = config.google_accounts ?? {};
+  const accountKey = account.toLowerCase();
+  const accountEntry = accounts[accountKey] ?? accounts[account];
+  if (!accountEntry) {
+    return {
+      allow: false,
+      reason: `google_accounts['${account}'] not configured (key '${key}')`
+    };
+  }
+  const enabled = accountEntry.enabled_for ?? [];
+  if (enabled.length === 0) {
+    return {
+      allow: false,
+      reason: `google_accounts['${account}'].enabled_for is empty (key '${key}')`
+    };
+  }
+  if (!enabled.includes(agentName)) {
+    return {
+      allow: false,
+      reason: `agent '${agentName}' not in google_accounts['${account}'].enabled_for (key '${key}')`
+    };
+  }
+  return { allow: true };
+}
+
 // src/util/audit-hashchain.ts
 import { createHash as createHash6 } from "node:crypto";
 import { openSync as openSync7, readSync as readSync2, fstatSync as fstatSync2, closeSync as closeSync7 } from "node:fs";
@@ -27916,6 +28064,108 @@ var init_doctor_auth_broker = __esm(() => {
   init_paths();
 });
 
+// src/cli/doctor-hostd.ts
+import { spawnSync as spawnSync6 } from "node:child_process";
+function realDockerInspect(ref, format) {
+  try {
+    const r = spawnSync6("docker", ["inspect", ref, "--format", format], {
+      encoding: "utf-8",
+      timeout: 5000
+    });
+    if (r.status !== 0)
+      return null;
+    const out = (r.stdout ?? "").trim();
+    return out.length > 0 ? out : null;
+  } catch {
+    return null;
+  }
+}
+function imageCreatedAt(container, dockerInspect) {
+  const imageId = dockerInspect(container, "{{.Image}}");
+  if (!imageId)
+    return null;
+  return dockerInspect(imageId, "{{.Created}}");
+}
+function runHostdChecks(config, deps = {}) {
+  const dockerInspect = deps.dockerInspect ?? realDockerInspect;
+  const enabled = config.host_control?.enabled === true;
+  if (!enabled) {
+    return [
+      {
+        name: "hostd: configured",
+        status: "warn",
+        detail: "host_control.enabled is not true \u2014 /restart and /update apply " + "use the legacy in-agent fallback, which fails on docker installs (#926)",
+        fix: "Set `host_control: { enabled: true }` in switchroom.yaml and run `switchroom hostd install`"
+      }
+    ];
+  }
+  const results = [
+    {
+      name: "hostd: configured",
+      status: "ok",
+      detail: "host_control.enabled: true"
+    }
+  ];
+  const status = dockerInspect(HOSTD_CONTAINER, "{{.State.Status}}");
+  if (status !== "running") {
+    results.push({
+      name: "hostd: running",
+      status: "fail",
+      detail: status === null ? `${HOSTD_CONTAINER} container not found` : `${HOSTD_CONTAINER} is ${status}, not running`,
+      fix: "Run `switchroom hostd install` on the host to (re)create the daemon"
+    });
+    return results;
+  }
+  results.push({
+    name: "hostd: running",
+    status: "ok",
+    detail: `${HOSTD_CONTAINER} running`
+  });
+  const hostdCreated = imageCreatedAt(HOSTD_CONTAINER, dockerInspect);
+  let agentCreated = null;
+  for (const name of Object.keys(config.agents ?? {})) {
+    agentCreated = imageCreatedAt(`switchroom-${name}`, dockerInspect);
+    if (agentCreated)
+      break;
+  }
+  if (!hostdCreated || !agentCreated) {
+    results.push({
+      name: "hostd: image drift",
+      status: "ok",
+      detail: "skipped \u2014 no running agent image to compare against"
+    });
+    return results;
+  }
+  const hostdMs = Date.parse(hostdCreated);
+  const agentMs = Date.parse(agentCreated);
+  if (Number.isNaN(hostdMs) || Number.isNaN(agentMs)) {
+    results.push({
+      name: "hostd: image drift",
+      status: "ok",
+      detail: "skipped \u2014 unparseable image timestamps"
+    });
+    return results;
+  }
+  const lagHours = (agentMs - hostdMs) / 3600000;
+  if (lagHours > HOSTD_DRIFT_HOURS) {
+    results.push({
+      name: "hostd: image drift",
+      status: "warn",
+      detail: `hostd image is ~${lagHours.toFixed(1)}h older than the agent fleet ` + `image \u2014 likely a \`switchroom update --skip-images\` left it behind ` + `(that flag skips the refresh-hostd step)`,
+      fix: "Run `switchroom hostd install` (or `switchroom update` without `--skip-images`)"
+    });
+  } else {
+    results.push({
+      name: "hostd: image drift",
+      status: "ok",
+      detail: `in sync with the agent fleet image (\u00b1${HOSTD_DRIFT_HOURS}h)`
+    });
+  }
+  return results;
+}
+var HOSTD_CONTAINER = "switchroom-hostd", HOSTD_DRIFT_HOURS = 2;
+var init_doctor_hostd = () => {};
+
 // src/cli/doctor-drive.ts
 import {
   existsSync as realExistsSync,
@@ -28205,6 +28455,181 @@ function runCredentialsMigrationChecks(config, deps = {}) {
 }
 var init_doctor_credentials_migration = () => {};
 
+// src/cli/doctor-secret-access.ts
+import {
+  accessSync,
+  constants as fsConstants4,
+  existsSync as existsSync46,
+  realpathSync as realpathSync4,
+  statSync as statSync20
+} from "node:fs";
+import { userInfo } from "node:os";
+function resolveVaultPath2(config) {
+  return config.vault?.path ? config.vault.path.replace(/^~/, process.env.HOME ?? "") : resolveStatePath("vault.enc");
+}
+function defaultStatVault(path4) {
+  if (!existsSync46(path4)) {
+    return { exists: false, readable: false, uid: -1, mode: 0, realPath: path4 };
+  }
+  let real = path4;
+  try {
+    real = realpathSync4(path4);
+  } catch {}
+  let uid = -1;
+  let mode = 0;
+  try {
+    const s = statSync20(real);
+    uid = s.uid;
+    mode = s.mode & 511;
+  } catch {
+    return { exists: true, readable: false, uid, mode, realPath: real };
+  }
+  let readable = false;
+  try {
+    accessSync(real, fsConstants4.R_OK);
+    readable = true;
+  } catch {
+    readable = false;
+  }
+  return { exists: true, readable, uid, mode, realPath: real };
+}
+function collectVaultRefs2(value, out) {
+  if (typeof value === "string") {
+    if (value.startsWith("vault:")) {
+      const key = value.slice("vault:".length).split("#")[0].trim();
+      if (key)
+        out.add(key);
+    }
+    return;
+  }
+  if (Array.isArray(value)) {
+    for (const v of value)
+      collectVaultRefs2(v, out);
+    return;
+  }
+  if (value && typeof value === "object") {
+    for (const v of Object.values(value)) {
+      collectVaultRefs2(v, out);
+    }
+  }
+}
+function runSecretAccessChecks(config, deps = {}) {
+  const results = [];
+  const vaultPath = deps.vaultPath ?? resolveVaultPath2(config);
+  const statVault = deps.statVault ?? defaultStatVault;
+  const selfUid = deps.selfUid ?? (typeof process.getuid === "function" ? process.getuid() : -1);
+  let selfUser = deps.selfUser;
+  if (selfUser === undefined) {
+    try {
+      selfUser = userInfo().username;
+    } catch {
+      selfUser = "<you>";
+    }
+  }
+  const vf = statVault(vaultPath);
+  if (!vf.exists) {
+    results.push({
+      name: "vault: operator readable",
+      status: "ok",
+      detail: `vault file not present at ${vaultPath} \u2014 see the Vault section`
+    });
+  } else if (!vf.readable) {
+    results.push({
+      name: "vault: operator readable",
+      status: "fail",
+      detail: `${vf.realPath} is owned by uid ${vf.uid} (mode 0${vf.mode.toString(8)}) \u2014 ` + `the operator (uid ${selfUid} ${selfUser}) cannot read it, so every ` + `\`switchroom vault \u2026\` fails. The broker still works (CAP_DAC_READ_SEARCH), ` + `which masks this until you touch the vault directly.`,
+      fix: `sudo chown ${selfUser}:${selfUser} ${vf.realPath}`
+    });
+  } else {
+    results.push({
+      name: "vault: operator readable",
+      status: "ok",
+      detail: `operator can read ${vf.realPath}`
+    });
+  }
+  const passphrase = deps.passphrase ?? process.env.SWITCHROOM_VAULT_PASSPHRASE;
+  if (!passphrase) {
+    results.push({
+      name: "agent secret access",
+      status: "warn",
+      detail: "SWITCHROOM_VAULT_PASSPHRASE not set \u2014 cannot enumerate vault keys/ACLs " + "to verify per-agent secret access",
+      fix: "Export SWITCHROOM_VAULT_PASSPHRASE and re-run `switchroom doctor`"
+    });
+    return results;
+  }
+  let entries;
+  try {
+    entries = (deps.openVault ?? openVault)(passphrase, vaultPath);
+  } catch (err) {
+    results.push({
+      name: "agent secret access",
+      status: vf.readable ? "fail" : "warn",
+      detail: `cannot open the vault: ${err.message}`,
+      fix: vf.readable ? "SWITCHROOM_VAULT_PASSPHRASE may be wrong, or the vault is corrupt" : "fix the vault file ownership above first (operator cannot read it)"
+    });
+    return results;
+  }
+  const agents = Object.keys(config.agents ?? {});
+  for (const name of agents) {
+    const resolved = resolveAgentConfig(config.defaults, config.profiles, config.agents[name]);
+    const cronKeys = new Set;
+    for (const entry of resolved.schedule ?? []) {
+      for (const s of entry.secrets ?? [])
+        cronKeys.add(s);
+    }
+    const refKeys = new Set;
+    collectVaultRefs2(resolved, refKeys);
+    const needed = new Set([...cronKeys, ...refKeys]);
+    if (needed.size === 0) {
+      results.push({
+        name: `secret access: ${name}`,
+        status: "ok",
+        detail: "no declared vault secrets"
+      });
+      continue;
+    }
+    const gaps = [];
+    for (const key of [...needed].sort()) {
+      const isGoogleSlot = key.startsWith("google:");
+      if (!isGoogleSlot && !(key in entries)) {
+        gaps.push(`'${key}' missing from the vault`);
+        continue;
+      }
+      const byScope = checkEntryScope(entries[key]?.scope, name);
+      if (cronKeys.has(key)) {
+        const byAgent = checkAclByAgent(config, name, key);
+        if (!byAgent.allow) {
+          gaps.push(`'${key}' (cron) \u2014 no static ACL grants read (${byAgent.reason})`);
+          continue;
+        }
+      }
+      if (!byScope.allow) {
+        gaps.push(`'${key}' \u2014 per-key scope denies read (${byScope.reason})`);
+      }
+    }
+    if (gaps.length === 0) {
+      results.push({
+        name: `secret access: ${name}`,
+        status: "ok",
+        detail: `${needed.size} secret(s): all present + ACL ok`
+      });
+    } else {
+      results.push({
+        name: `secret access: ${name}`,
+        status: "fail",
+        detail: `${gaps.length}/${needed.size} unreachable \u2014 ${gaps.join("; ")}`,
+        fix: "`switchroom vault set <key>` for missing keys; " + "`switchroom vault set <key> --allow " + name + "` to grant this agent read access"
+      });
+    }
+  }
+  return results;
+}
+var init_doctor_secret_access = __esm(() => {
+  init_paths();
+  init_merge();
+  init_vault();
+});
+
 // src/cli/doctor-inlined-secrets.ts
 import { readFileSync as fsReadFileSync } from "node:fs";
 function isSecretShapedKey(key) {
@@ -28394,7 +28819,9 @@ __export(exports_doctor, {
   parsePythonVersion: () => parsePythonVersion,
   parseNodeVersion: () => parseNodeVersion,
   parseEnvFile: () => parseEnvFile,
+  mffEnvState: () => mffEnvState,
   mffEnvPath: () => mffEnvPath,
+  mffAgentName: () => mffAgentName,
   isSwitchroomCheckout: () => isSwitchroomCheckout,
   findChromium: () => findChromium,
   deriveEd25519PublicKeyBytes: () => deriveEd25519PublicKeyBytes,
@@ -28420,18 +28847,18 @@ __export(exports_doctor, {
   checkAgents: () => checkAgents,
   MFF_VAULT_KEY: () => MFF_VAULT_KEY
 });
-import { execSync as execSync3, spawnSync as spawnSync6 } from "node:child_process";
+import { execSync as execSync3, spawnSync as spawnSync7 } from "node:child_process";
 import {
-  accessSync,
-  constants as fsConstants4,
-  existsSync as existsSync46,
+  accessSync as accessSync2,
+  constants as fsConstants5,
+  existsSync as existsSync47,
   lstatSync as lstatSync5,
   mkdirSync as mkdirSync26,
   readFileSync as readFileSync44,
   readdirSync as readdirSync17,
-  statSync as statSync20
+  statSync as statSync21
 } from "node:fs";
-import { join as join41, resolve as resolve29 } from "node:path";
+import { dirname as dirname12, join as join41, resolve as resolve29 } from "node:path";
 import { createPublicKey, createPrivateKey } from "node:crypto";
 function statusGlyph(status) {
   switch (status) {
@@ -28445,14 +28872,14 @@ function statusGlyph(status) {
 }
 function findInNvm(bin) {
   const nvmRoot = join41(process.env.HOME ?? "", ".nvm", "versions", "node");
-  if (!existsSync46(nvmRoot))
+  if (!existsSync47(nvmRoot))
     return null;
   try {
     const versions = readdirSync17(nvmRoot).sort().reverse();
     for (const v of versions) {
       const candidate = join41(nvmRoot, v, "bin", bin);
       try {
-        const s = statSync20(candidate);
+        const s = statSync21(candidate);
         if (s.isFile() || s.isSymbolicLink()) {
           return candidate;
         }
@@ -28617,7 +29044,7 @@ function findChromium(homeDir = process.env.HOME ?? "", envBrowsersPath = proces
   }
   cacheLocations.push(join41(homeDir, ".cache", "ms-playwright"));
   for (const cacheDir of cacheLocations) {
-    if (!existsSync46(cacheDir))
+    if (!existsSync47(cacheDir))
       continue;
     try {
       const entries = readdirSync17(cacheDir).filter((e) => e.startsWith("chromium"));
@@ -28629,7 +29056,7 @@ function findChromium(homeDir = process.env.HOME ?? "", envBrowsersPath = proces
           join41(cacheDir, entry, "chrome-linux", "headless_shell")
         ];
         for (const path4 of candidates2) {
-          if (existsSync46(path4))
+          if (existsSync47(path4))
             return path4;
         }
       }
@@ -28652,7 +29079,7 @@ function checkChromium() {
 function checkDepsCacheWritable(depsRoot = resolvePath("~/.switchroom/deps")) {
   try {
     mkdirSync26(depsRoot, { recursive: true });
-    accessSync(depsRoot, fsConstants4.W_OK);
+    accessSync2(depsRoot, fsConstants5.W_OK);
     return {
       name: "~/.switchroom/deps writable",
       status: "ok",
@@ -28710,7 +29137,7 @@ function checkLegacyState() {
   const results = [];
   const h = process.env.HOME ?? "/root";
   const clerkDir = join41(h, LEGACY_STATE_DIR);
-  const clerkPresent = existsSync46(clerkDir);
+  const clerkPresent = existsSync47(clerkDir);
   results.push({
     name: "legacy ~/.clerk state",
     status: clerkPresent ? "warn" : "ok",
@@ -28752,7 +29179,7 @@ function checkVault(config) {
     status: "ok",
     detail: "Approval auth: passphrase (two-factor)"
   };
-  if (!existsSync46(vaultPath)) {
+  if (!existsSync47(vaultPath)) {
     return [
       postureResult,
       {
@@ -28845,7 +29272,7 @@ function checkHindsightConsumer(config, opts) {
 }
 function probeAuthBrokerSocket(consumerName) {
   const containerPath = `/run/switchroom/auth-broker/${consumerName}/sock`;
-  const r = spawnSync6("docker", ["exec", "switchroom-auth-broker", "test", "-S", containerPath], { stdio: "pipe", timeout: 3000 });
+  const r = spawnSync7("docker", ["exec", "switchroom-auth-broker", "test", "-S", containerPath], { stdio: "pipe", timeout: 3000 });
   if (r.error || r.status === null)
     return "unreachable";
   if (r.status === 0)
@@ -28924,7 +29351,7 @@ async function checkHindsight(config) {
 function checkPendingRetainsQueue(dir) {
   const home2 = process.env.HOME ?? "";
   const pendingDir = dir ?? process.env.HINDSIGHT_PENDING_DIR ?? join41(home2, ".hindsight", "pending-retains");
-  if (!existsSync46(pendingDir)) {
+  if (!existsSync47(pendingDir)) {
     return {
       name: "pending-retains queue",
       status: "ok",
@@ -28995,7 +29422,7 @@ function tryReadHostFile(path4) {
   }
 }
 function parseEnvFile(path4) {
-  if (!existsSync46(path4))
+  if (!existsSync47(path4))
     return {};
   let content;
   try {
@@ -29105,7 +29532,7 @@ async function checkTelegram(config) {
 }
 function checkStartShStale(agentName, startShPath) {
   const label = `${agentName}: start.sh scheduler block`;
-  if (!existsSync46(startShPath)) {
+  if (!existsSync47(startShPath)) {
     return {
       name: label,
       status: "warn",
@@ -29173,7 +29600,7 @@ function checkLeakedHomeSwitchroom(agentName, agentDir) {
 function checkRepoHygiene(repoRoot) {
   const results = [];
   const exportDir = join41(repoRoot, "clerk-export");
-  if (existsSync46(exportDir)) {
+  if (existsSync47(exportDir)) {
     results.push({
       name: "repo hygiene: clerk-export/ on disk (#1072)",
       status: "warn",
@@ -29182,7 +29609,7 @@ function checkRepoHygiene(repoRoot) {
     });
   }
   const knownTarball = join41(repoRoot, "clerk-export-with-secrets.tar.gz");
-  if (existsSync46(knownTarball)) {
+  if (existsSync47(knownTarball)) {
     results.push({
       name: "repo hygiene: clerk-export-with-secrets.tar.gz on disk (#1072)",
       status: "warn",
@@ -29222,10 +29649,10 @@ function checkRepoHygiene(repoRoot) {
 }
 function isSwitchroomCheckout(dir) {
   try {
-    if (!existsSync46(join41(dir, ".git")))
+    if (!existsSync47(join41(dir, ".git")))
       return false;
     const pkgPath = join41(dir, "package.json");
-    if (!existsSync46(pkgPath))
+    if (!existsSync47(pkgPath))
       return false;
     const pkg = JSON.parse(readFileSync44(pkgPath, "utf-8"));
     return pkg.name === "switchroom";
@@ -29240,7 +29667,7 @@ function checkAgents(config, configPath) {
   const authStatuses = getAllAuthStatuses(config);
   for (const [name, agentConfig] of Object.entries(config.agents)) {
     const agentDir = resolve29(agentsDir, name);
-    if (!existsSync46(agentDir)) {
+    if (!existsSync47(agentDir)) {
       results.push({
         name: `${name}: scaffold`,
         status: "fail",
@@ -29292,7 +29719,7 @@ function checkAgents(config, configPath) {
           name: `${name}: auth`,
           status: "fail",
           detail: auth?.pendingAuth ? "pending (auth flow in progress)" : "not authenticated",
-          fix: `Run \`switchroom auth add <label> --from-oauth\` then \`switchroom auth use <label>\` (RFC H \u2014 see docs/auth.md)`
+          fix: `Run \`switchroom auth add <label> --via-claude\` then \`switchroom auth use <label>\` (RFC H \u2014 see docs/auth.md)`
         });
       }
     } else {
@@ -29332,13 +29759,13 @@ function checkAgents(config, configPath) {
           name: `${name}: auth slots`,
           status: status2,
           detail,
-          fix: quotaOut > 0 ? `Quota-exhausted account(s) will auto-recover when the window resets; broker auto-rotates per \`auth.fallback_order\` (see \`switchroom auth show\`).` : expired > 0 ? `Expired account(s) \u2014 add a fresh one via \`switchroom auth add <label> --from-oauth\` and \`switchroom auth use <label>\` (RFC H).` : undefined
+          fix: quotaOut > 0 ? `Quota-exhausted account(s) will auto-recover when the window resets; broker auto-rotates per \`auth.fallback_order\` (see \`switchroom auth show\`).` : expired > 0 ? `Expired account(s) \u2014 add a fresh one via \`switchroom auth add <label> --via-claude\` and \`switchroom auth use <label>\` (RFC H).` : undefined
         });
       }
     }
     if (agentConfig.channels?.telegram?.plugin === "switchroom") {
       const mcpJsonPath = join41(agentDir, ".mcp.json");
-      if (!existsSync46(mcpJsonPath)) {
+      if (!existsSync47(mcpJsonPath)) {
         results.push({
           name: `${name}: .mcp.json`,
           status: "fail",
@@ -29406,8 +29833,28 @@ ${title}`));
   }
   return { oks, warns, fails };
 }
-function mffEnvPath() {
-  return resolve29(process.env.HOME ?? "/root", ".switchroom/credentials/my-family-finance/.env");
+function mffAgentName(config) {
+  for (const [name, ac] of Object.entries(config?.agents ?? {})) {
+    if ((ac?.skills ?? []).includes("my-family-finance")) {
+      return name;
+    }
+  }
+  return;
+}
+function mffEnvPath(config) {
+  const home2 = process.env.HOME ?? "/root";
+  const agent = mffAgentName(config);
+  return agent ? resolve29(home2, ".switchroom/credentials", agent, "my-family-finance/.env") : resolve29(home2, ".switchroom/credentials/my-family-finance/.env");
+}
+function mffEnvState(envPath) {
+  if (!existsSync47(envPath))
+    return "absent";
+  try {
+    accessSync2(envPath, fsConstants5.R_OK);
+    return "readable";
+  } catch {
+    return "agent-private";
+  }
 }
 function checkMffVaultKeyPresent(passphrase, vaultPath) {
   if (!passphrase) {
@@ -29418,7 +29865,7 @@ function checkMffVaultKeyPresent(passphrase, vaultPath) {
       fix: "Export SWITCHROOM_VAULT_PASSPHRASE to enable MFF vault probes"
     };
   }
-  if (!existsSync46(vaultPath)) {
+  if (!existsSync47(vaultPath)) {
     return {
       name: "mff: vault key present",
       status: "fail",
@@ -29471,7 +29918,7 @@ function deriveEd25519PublicKeyBytes(keyMaterial) {
   }
 }
 function checkMffVaultKeyFormat(passphrase, vaultPath) {
-  if (!passphrase || !existsSync46(vaultPath)) {
+  if (!passphrase || !existsSync47(vaultPath)) {
     return {
       name: "mff: vault key format",
       status: "warn",
@@ -29513,12 +29960,20 @@ function checkMffVaultKeyFormat(passphrase, vaultPath) {
   }
 }
 function checkMffEnvFile(envPath = mffEnvPath()) {
-  if (!existsSync46(envPath)) {
+  const state = mffEnvState(envPath);
+  if (state === "absent") {
     return {
       name: "mff: .env present",
       status: "fail",
       detail: `${envPath} not found`,
-      fix: "Create ~/.switchroom/credentials/my-family-finance/.env with MFF_API_URL=https://..."
+      fix: "Place the MFF skill's .env in the per-agent credentials dir, e.g. `~/.switchroom/credentials/<agent>/my-family-finance/.env` (MFF_API_URL=https://...), then `switchroom update`"
+    };
+  }
+  if (state === "agent-private") {
+    return {
+      name: "mff: .env present",
+      status: "ok",
+      detail: `present, agent-private (${envPath}) \u2014 per-agent since WS6-F2; the operator-run doctor cannot read it by design`
     };
   }
   const env2 = parseEnvFile(envPath);
@@ -29537,6 +29992,14 @@ function checkMffEnvFile(envPath = mffEnvPath()) {
   };
 }
 async function checkMffApiReachable(envPath = mffEnvPath(), timeoutMs = 5000) {
+  const state = mffEnvState(envPath);
+  if (state !== "readable") {
+    return {
+      name: "mff: API reachable",
+      status: "warn",
+      detail: state === "agent-private" ? "skipped \u2014 MFF creds are per-agent/agent-private since WS6-F2; deep probe must run in-agent" : "skipped (MFF .env not found \u2014 see 'mff: .env present')"
+    };
+  }
   const env2 = parseEnvFile(envPath);
   const apiUrl = env2.MFF_API_URL?.trim();
   if (!apiUrl) {
@@ -29581,6 +30044,14 @@ async function checkMffApiReachable(envPath = mffEnvPath(), timeoutMs = 5000) {
   }
 }
 async function checkMffAuthFlow(envPath = mffEnvPath(), timeoutMs = 8000) {
+  const state = mffEnvState(envPath);
+  if (state !== "readable") {
+    return {
+      name: "mff: auth flow",
+      status: "warn",
+      detail: state === "agent-private" ? "skipped \u2014 MFF creds are per-agent/agent-private since WS6-F2; deep probe must run in-agent" : "skipped (MFF .env not found \u2014 see 'mff: .env present')"
+    };
+  }
   const env2 = parseEnvFile(envPath);
   const apiUrl = env2.MFF_API_URL?.trim();
   if (!apiUrl) {
@@ -29590,9 +30061,9 @@ async function checkMffAuthFlow(envPath = mffEnvPath(), timeoutMs = 8000) {
       detail: "skipped (MFF_API_URL not set)"
     };
   }
-  const credDir = resolve29(process.env.HOME ?? "/root", ".switchroom/credentials/my-family-finance");
+  const credDir = dirname12(envPath);
   const authScript = join41(credDir, "claude-auth.py");
-  if (!existsSync46(authScript)) {
+  if (!existsSync47(authScript)) {
     return {
       name: "mff: auth flow",
       status: "warn",
@@ -29603,7 +30074,7 @@ async function checkMffAuthFlow(envPath = mffEnvPath(), timeoutMs = 8000) {
   const python3 = which("python3") ?? "python3";
   let token;
   try {
-    const result = spawnSync6(python3, [authScript, "--quiet"], {
+    const result = spawnSync7(python3, [authScript, "--quiet"], {
       timeout: timeoutMs,
       encoding: "utf-8",
       env: { ...process.env, ...env2 }
@@ -29671,6 +30142,14 @@ async function checkMffAuthFlow(envPath = mffEnvPath(), timeoutMs = 8000) {
   }
 }
 async function checkMffCloudflareUa(envPath = mffEnvPath(), timeoutMs = 5000) {
+  const state = mffEnvState(envPath);
+  if (state !== "readable") {
+    return {
+      name: "mff: Cloudflare UA bypass",
+      status: "warn",
+      detail: state === "agent-private" ? "skipped \u2014 MFF creds are per-agent/agent-private since WS6-F2; deep probe must run in-agent" : "skipped (MFF .env not found \u2014 see 'mff: .env present')"
+    };
+  }
   const env2 = parseEnvFile(envPath);
   const apiUrl = env2.MFF_API_URL?.trim();
   if (!apiUrl) {
@@ -29732,7 +30211,7 @@ async function checkMffCloudflareUa(envPath = mffEnvPath(), timeoutMs = 5000) {
     fix: "Check MFF_API_URL and whether the /api/health endpoint is publicly accessible"
   };
 }
-async function checkMff(passphrase, vaultPath, envPath = mffEnvPath()) {
+async function checkMff(passphrase, vaultPath, config, envPath = mffEnvPath(config)) {
   const results = [];
   results.push(checkMffVaultKeyPresent(passphrase, vaultPath));
   results.push(checkMffVaultKeyFormat(passphrase, vaultPath));
@@ -29835,7 +30314,7 @@ function registerDoctorCommand(program3) {
     const passphrase = process.env.SWITCHROOM_VAULT_PASSPHRASE;
     const vaultPath = config.vault?.path ? config.vault.path.replace(/^~/, process.env.HOME ?? "") : resolveStatePath("vault.enc");
     if (opts.skill === "mff") {
-      const mffResults = await checkMff(passphrase, vaultPath);
+      const mffResults = await checkMff(passphrase, vaultPath, config);
       if (opts.json) {
         console.log(JSON.stringify({ sections: [{ title: "MFF Skill", results: mffResults }] }, null, 2));
       } else {
@@ -29862,6 +30341,7 @@ function registerDoctorCommand(program3) {
       },
       { title: "Legacy State", results: checkLegacyState() },
       { title: "Vault", results: checkVault(config) },
+      { title: "Vault access", results: runSecretAccessChecks(config) },
       { title: "Memory (Hindsight)", results: await checkHindsight(config) },
       { title: "Telegram", results: await checkTelegram(config) },
       { title: "Agents", results: checkAgents(config, configPath) },
@@ -29869,8 +30349,9 @@ function registerDoctorCommand(program3) {
       { title: "Audit integrity (WS10-F4)", results: runAuditIntegrityChecks() },
       { title: "Docker (Phase 1a)", results: runDockerSection(config) },
       { title: "Auth Broker", results: runAuthBrokerChecks(config) },
+      { title: "Host control (hostd)", results: runHostdChecks(config) },
       { title: "Google Drive", results: runDriveChecks(config) },
-      { title: "MFF Skill", results: await checkMff(passphrase, vaultPath) }
+      { title: "MFF Skill", results: await checkMff(passphrase, vaultPath, config) }
     ];
     const cwd = process.cwd();
     if (isSwitchroomCheckout(cwd)) {
@@ -29923,8 +30404,10 @@ var init_doctor = __esm(() => {
   init_hindsight();
   init_doctor_docker();
   init_doctor_auth_broker();
+  init_doctor_hostd();
   init_doctor_drive();
   init_doctor_credentials_migration();
+  init_doctor_secret_access();
   init_doctor_inlined_secrets();
   init_doctor_audit_integrity();
   MANIFEST_WARN_ONLY = new Set([
@@ -45564,9 +46047,9 @@ __export(exports_server, {
   dispatchTool: () => dispatchTool,
   TOOLS: () => TOOLS
 });
-import { spawnSync as spawnSync9 } from "node:child_process";
+import { spawnSync as spawnSync10 } from "node:child_process";
 function execCli(args) {
-  const r = spawnSync9(CLI_BIN, args, {
+  const r = spawnSync10(CLI_BIN, args, {
     encoding: "utf-8",
     env: process.env,
     timeout: 15000
@@ -46059,7 +46542,7 @@ __export(exports_server2, {
   TOOLS: () => TOOLS2
 });
 import { randomBytes as randomBytes13 } from "node:crypto";
-import { existsSync as existsSync69, readFileSync as readFileSync59 } from "node:fs";
+import { existsSync as existsSync71, readFileSync as readFileSync59 } from "node:fs";
 function selfSocketPath() {
   return `/run/switchroom/hostd/${SELF_AGENT}/sock`;
 }
@@ -46074,7 +46557,7 @@ async function dispatchTool2(name, args) {
     return errorText2("hostd MCP: SWITCHROOM_AGENT_NAME env var is not set \u2014 cannot " + "determine which per-agent socket to talk to.");
   }
   const sockPath = selfSocketPath();
-  if (!existsSync69(sockPath)) {
+  if (!existsSync71(sockPath)) {
     return errorText2(`hostd MCP: socket not bound at ${sockPath}. The host-control ` + `daemon is either not installed (run \`switchroom hostd install\`) ` + `or this agent isn't admin-flagged in switchroom.yaml. RFC C ` + `bind-mounts the per-agent socket only when host_control.enabled ` + `is true AND the agent has admin: true.`);
   }
   let req;
@@ -46193,13 +46676,13 @@ function resolveAuditLogPath() {
   if (process.env.HOSTD_AUDIT_LOG_PATH)
     return process.env.HOSTD_AUDIT_LOG_PATH;
   const bindMounted = "/host-home/.switchroom/host-control-audit.log";
-  if (existsSync69(bindMounted))
+  if (existsSync71(bindMounted))
     return bindMounted;
   return defaultAuditLogPath2();
 }
 function getLastUpdateApplyStatus() {
   const path8 = resolveAuditLogPath();
-  if (!existsSync69(path8)) {
+  if (!existsSync71(path8)) {
     return errorText2(`get_status: audit log not found at ${path8}. No update_apply has run yet?`);
   }
   let raw;
@@ -46411,8 +46894,8 @@ var {
 } = import__.default;
 
 // src/build-info.ts
-var VERSION = "0.12.0";
-var COMMIT_SHA = "2870fb03";
+var VERSION = "0.12.2";
+var COMMIT_SHA = "1eeb64be";
 
 // src/cli/agent.ts
 init_source();
@@ -48496,6 +48979,16 @@ function buildSettingsHooksBlock(p) {
         }
       ]
     },
+    {
+      matcher: "^(Write|Edit|MultiEdit)$",
+      hooks: [
+        {
+          type: "command",
+          command: wrap("hook:skill-validate-pretool", `node "${join8(DOCKER_BUNDLED_HOOKS_PATH, "skill-validate-pretool.mjs")}"`),
+          timeout: 10
+        }
+      ]
+    },
     {
       hooks: [
         {
@@ -55184,145 +55677,6 @@ var DEFAULT_AUTO_UNLOCK_PATH = "~/.switchroom/vault-auto-unlock";
 
 // src/vault/broker/server.ts
 init_peercred();
-
-// src/vault/broker/acl.ts
-function parseCronUnit(unitName) {
-  const m = unitName.match(/^switchroom-([a-zA-Z0-9_-]+)-cron-(\d+)\.service$/);
-  if (!m)
-    return null;
-  const agentName = m[1];
-  const index = parseInt(m[2], 10);
-  if (!agentName)
-    return null;
-  return { agentName, index };
-}
-function agentSlugFromPeer(peer) {
-  if (peer.systemdUnit === null)
-    return null;
-  const parsed = parseCronUnit(peer.systemdUnit);
-  return parsed?.agentName ?? null;
-}
-function checkEntryScope(scope, agentSlug) {
-  if (scope === undefined || scope === null) {
-    return { allow: true };
-  }
-  const deny = scope.deny ?? [];
-  const allow = scope.allow ?? [];
-  if (agentSlug !== null && deny.includes(agentSlug)) {
-    return {
-      allow: false,
-      reason: `agent '${agentSlug}' is in the entry's deny list (scope-deny)`
-    };
-  }
-  if (allow.length > 0) {
-    if (agentSlug === null || !allow.includes(agentSlug)) {
-      return {
-        allow: false,
-        reason: agentSlug === null ? "caller agent slug could not be determined; entry has a non-empty allow list (scope-allow)" : `agent '${agentSlug}' is not in the entry's allow list (scope-allow)`
-      };
-    }
-  }
-  return { allow: true };
-}
-function checkAcl(peer, config, key) {
-  if (peer.systemdUnit !== null) {
-    const parsed = parseCronUnit(peer.systemdUnit);
-    if (parsed === null) {
-      return {
-        allow: false,
-        reason: `systemd unit '${peer.systemdUnit}' does not match switchroom cron unit naming convention`
-      };
-    }
-    const { agentName, index } = parsed;
-    const agentConfig = config.agents?.[agentName];
-    if (!agentConfig) {
-      return { allow: false, reason: `agent '${agentName}' not found in config` };
-    }
-    const schedule = agentConfig.schedule ?? [];
-    if (index >= schedule.length || index < 0) {
-      return {
-        allow: false,
-        reason: `schedule index ${index} out of range for agent '${agentName}' (${schedule.length} entries)`
-      };
-    }
-    const entry = schedule[index];
-    const allowedKeys = entry.secrets ?? [];
-    if (!allowedKeys.includes(key)) {
-      return {
-        allow: false,
-        reason: `key '${key}' not in ACL for ${agentName}/schedule[${index}]`
-      };
-    }
-    return { allow: true };
-  }
-  return {
-    allow: false,
-    reason: "caller is not a switchroom cron unit; use 'switchroom vault get --no-broker' for interactive access"
-  };
-}
-function checkAclByAgent(config, agentName, key) {
-  if (!agentName) {
-    return { allow: false, reason: "agent name unresolved" };
-  }
-  const agentConfig = config.agents?.[agentName];
-  if (!agentConfig) {
-    return { allow: false, reason: `agent '${agentName}' not found in config` };
-  }
-  const googleSlot = parseGoogleAccountSlotKey(key);
-  if (googleSlot !== null) {
-    return checkGoogleAccountAcl(config, agentName, googleSlot.account, key);
-  }
-  const schedule = agentConfig.schedule ?? [];
-  if (schedule.length === 0) {
-    return {
-      allow: false,
-      reason: `agent '${agentName}' has no schedule entries declaring 'secrets'; nothing is broker-accessible`
-    };
-  }
-  for (const entry of schedule) {
-    const allowed = entry?.secrets ?? [];
-    if (allowed.includes(key)) {
-      return { allow: true };
-    }
-  }
-  return {
-    allow: false,
-    reason: `key '${key}' not in ACL for agent '${agentName}'`
-  };
-}
-function parseGoogleAccountSlotKey(key) {
-  const match = key.match(/^google:([^:]+):([a-z_]+)$/);
-  if (!match)
-    return null;
-  return { account: match[1], field: match[2] };
-}
-function checkGoogleAccountAcl(config, agentName, account, key) {
-  const accounts = config.google_accounts ?? {};
-  const accountKey = account.toLowerCase();
-  const accountEntry = accounts[accountKey] ?? accounts[account];
-  if (!accountEntry) {
-    return {
-      allow: false,
-      reason: `google_accounts['${account}'] not configured (key '${key}')`
-    };
-  }
-  const enabled = accountEntry.enabled_for ?? [];
-  if (enabled.length === 0) {
-    return {
-      allow: false,
-      reason: `google_accounts['${account}'].enabled_for is empty (key '${key}')`
-    };
-  }
-  if (!enabled.includes(agentName)) {
-    return {
-      allow: false,
-      reason: `agent '${agentName}' not in google_accounts['${account}'].enabled_for (key '${key}')`
-    };
-  }
-  return { allow: true };
-}
-
-// src/vault/broker/server.ts
 init_protocol();
 
 // src/vault/broker/audit-log.ts
@@ -57962,35 +58316,37 @@ class VaultBroker {
         const grantId = dotIdx !== -1 ? req.token.slice(0, dotIdx) : undefined;
         const sentinelKey = Object.keys(this.secrets)[0] ?? "__list_check__";
         const tokenCheck = await validateGrant(this.grantsDb, req.token, sentinelKey);
-        if (!tokenCheck.ok && tokenCheck.reason !== "grant-key-not-allowed") {
+        if (!tokenCheck.ok && tokenCheck.reason === "grant-revoked") {
           this.auditLogger.write({
             ts: new Date().toISOString(),
             op: "list",
             caller: auditCaller,
             pid: auditPid,
             cgroup: auditCgroup,
-            result: `denied:${tokenCheck.reason}`,
+            result: `denied:grant-revoked`,
             method: "grant",
             grant_id: grantId
           });
-          socket.write(encodeResponse(errorResponse("DENIED", tokenCheck.reason)));
+          socket.write(encodeResponse(errorResponse("DENIED", "grant-revoked")));
+          return;
+        }
+        if (tokenCheck.ok || tokenCheck.reason === "grant-key-not-allowed") {
+          const grantRow = tokenCheck.ok ? tokenCheck.grant : this.grantsDb.query("SELECT key_allow FROM vault_grants WHERE id = ?").get(grantId ?? "");
+          const allowedKeys = grantRow ? typeof grantRow.key_allow === "string" ? JSON.parse(grantRow.key_allow) : grantRow.key_allow : [];
+          const visibleKeys2 = allowedKeys.filter((k) => (k in this.secrets));
+          this.auditLogger.write({
+            ts: new Date().toISOString(),
+            op: "list",
+            caller: auditCaller,
+            pid: auditPid,
+            cgroup: auditCgroup,
+            result: `allowed:${visibleKeys2.length}`,
+            method: "grant",
+            grant_id: grantId
+          });
+          socket.write(encodeResponse({ ok: true, keys: visibleKeys2 }));
           return;
         }
-        const grantRow = tokenCheck.ok ? tokenCheck.grant : this.grantsDb.query("SELECT key_allow FROM vault_grants WHERE id = ?").get(grantId ?? "");
-        const allowedKeys = grantRow ? typeof grantRow.key_allow === "string" ? JSON.parse(grantRow.key_allow) : grantRow.key_allow : [];
-        const visibleKeys2 = allowedKeys.filter((k) => (k in this.secrets));
-        this.auditLogger.write({
-          ts: new Date().toISOString(),
-          op: "list",
-          caller: auditCaller,
-          pid: auditPid,
-          cgroup: auditCgroup,
-          result: `allowed:${visibleKeys2.length}`,
-          method: "grant",
-          grant_id: grantId
-        });
-        socket.write(encodeResponse({ ok: true, keys: visibleKeys2 }));
-        return;
       }
       if (!isOperator && agentName === null && process.platform === "linux" && peer === null) {
         const reason = "Unable to identify caller (peercred unavailable); denying on Linux";
@@ -58065,10 +58421,9 @@ class VaultBroker {
           });
           socket.write(encodeResponse(entryResponse(entry2)));
           return;
-        } else {
+        } else if (grantResult.reason === "grant-revoked") {
           const dotIdx = req.token.indexOf(".");
           const grantId = dotIdx !== -1 ? req.token.slice(0, dotIdx) : undefined;
-          const denyReason = grantResult.reason;
           this.auditLogger.write({
             ts: new Date().toISOString(),
             op: "get",
@@ -58076,11 +58431,11 @@ class VaultBroker {
             caller: auditCaller,
             pid: auditPid,
             cgroup: auditCgroup,
-            result: `denied:${denyReason}`,
+            result: `denied:grant-revoked`,
             method: "grant",
             grant_id: grantId
           });
-          socket.write(encodeResponse(errorResponse("DENIED", denyReason)));
+          socket.write(encodeResponse(errorResponse("DENIED", "grant-revoked")));
           return;
         }
       }
@@ -68131,7 +68486,7 @@ async function stepScaffoldAgents(config, agentBots, userId, nonInteractive, swi
   if (switchroomConfigPath && !config.auth?.active) {
     try {
       await ensureAuthActiveDefault(switchroomConfigPath);
-      console.log(source_default.gray("  Set auth.active: default \u2014 run `switchroom auth add default --from-oauth` to log in"));
+      console.log(source_default.gray("  Set auth.active: default \u2014 run `switchroom auth add default --via-claude` to log in"));
     } catch (err) {
       console.log(source_default.yellow(`  \u26a0 Could not set auth.active default: ${err.message}`));
     }
@@ -68410,27 +68765,36 @@ init_doctor();
 init_source();
 init_loader();
 init_lifecycle();
-import { cpSync as cpSync2, existsSync as existsSync47, mkdirSync as mkdirSync27, readFileSync as readFileSync45, realpathSync as realpathSync4, rmSync as rmSync12, statSync as statSync21 } from "node:fs";
-import { spawnSync as spawnSync7 } from "node:child_process";
-import { join as join42, dirname as dirname12, resolve as resolve30 } from "node:path";
+import { cpSync as cpSync2, existsSync as existsSync48, mkdirSync as mkdirSync27, readFileSync as readFileSync45, realpathSync as realpathSync5, rmSync as rmSync12, statSync as statSync22 } from "node:fs";
+import { spawnSync as spawnSync8 } from "node:child_process";
+import { join as join42, dirname as dirname13, resolve as resolve30 } from "node:path";
 import { homedir as homedir22 } from "node:os";
 var DEFAULT_COMPOSE_PATH = join42(homedir22(), ".switchroom", "compose", "docker-compose.yml");
 function isGitCheckout(scriptPath) {
-  let dir = dirname12(scriptPath);
+  let dir = dirname13(scriptPath);
   for (let i = 0;i < 10; i++) {
-    if (existsSync47(join42(dir, ".git")))
+    if (existsSync48(join42(dir, ".git")))
       return true;
-    const parent = dirname12(dir);
+    const parent = dirname13(dir);
     if (parent === dir)
       return false;
     dir = parent;
   }
   return false;
 }
+function rebuildRefusalMessage(scriptPath) {
+  if (isGitCheckout(scriptPath))
+    return null;
+  return `--rebuild builds the CLI from a git checkout, but switchroom is ` + `running from "${scriptPath}" \u2014 a published install (no .git ` + `ancestor). Rebuilding from source here would drift this host off ` + `the reviewed, CI-published release. Use the published path:
+` + `
+` + `  npm i -g switchroom@latest && switchroom update
+` + `
+` + `(\`--rebuild\` is for switchroom maintainers iterating on a source ` + `checkout \u2014 not for published installs.)`;
+}
 function planUpdate(opts) {
   const composePath = opts.composePath ?? DEFAULT_COMPOSE_PATH;
   const runner = opts.runner ?? defaultRunner;
-  const scriptPath = process.argv[1] ?? "";
+  const scriptPath = opts.scriptPath ?? process.argv[1] ?? "";
   const steps = [];
   const releaseOverrideArgs = [];
   if (opts.channel)
@@ -68458,7 +68822,7 @@ function planUpdate(opts) {
   steps.push({
     name: "pull-images",
     description: "Pull broker / kernel / agent images from GHCR",
-    skipReason: opts.skipImages ? "--skip-images flag set" : !existsSync47(composePath) ? `compose file not found at ${composePath} (run \`switchroom apply --compose-only\` first)` : undefined,
+    skipReason: opts.skipImages ? "--skip-images flag set" : !existsSync48(composePath) ? `compose file not found at ${composePath} (run \`switchroom apply --compose-only\` first)` : undefined,
     run: () => {
       const r = runner("docker", [
         "compose",
@@ -68477,8 +68841,9 @@ function planUpdate(opts) {
       name: "rebuild-source",
       description: "git pull upstream main + bun install + npm run build",
       run: () => {
-        if (!isGitCheckout(scriptPath)) {
-          throw new Error(`--rebuild requires a git checkout, but the CLI is running ` + `from ${scriptPath} which has no .git ancestor (looks like ` + `an installed binary). Drop --rebuild or invoke from a ` + `source checkout.`);
+        const refusal = rebuildRefusalMessage(scriptPath);
+        if (refusal) {
+          throw new Error(refusal);
         }
         const pull = runner("git", ["pull", "--ff-only", "upstream", "main"]);
         if (pull.status !== 0)
@@ -68537,16 +68902,16 @@ function planUpdate(opts) {
       }
       const source = resolve30(import.meta.dirname, "../../skills");
       const dest = join42(homedir22(), ".switchroom", "skills", "_bundled");
-      if (!existsSync47(source)) {
+      if (!existsSync48(source)) {
         process.stderr.write(`switchroom update: sync-bundled-skills \u2014 CLI bundle has no adjacent skills/ at ${source}; skipping.
 `);
         return;
       }
       try {
-        if (existsSync47(dest)) {
+        if (existsSync48(dest)) {
           rmSync12(dest, { recursive: true, force: true });
         }
-        mkdirSync27(dirname12(dest), { recursive: true });
+        mkdirSync27(dirname13(dest), { recursive: true });
         cpSync2(source, dest, { recursive: true, dereference: false });
       } catch (err) {
         throw new Error(`sync-bundled-skills failed: ${err.message}`);
@@ -68605,7 +68970,7 @@ function planUpdate(opts) {
   return steps;
 }
 function defaultRunner(cmd, args) {
-  const r = spawnSync7(cmd, args, { stdio: "inherit" });
+  const r = spawnSync8(cmd, args, { stdio: "inherit" });
   return { status: r.status ?? 1 };
 }
 function writeMarkerInPreferredLocation(agent, reason, runner) {
@@ -68642,16 +69007,16 @@ function defaultStatusProbe(composePath) {
     let scriptPath = rawScriptPath;
     try {
       if (rawScriptPath)
-        scriptPath = realpathSync4(rawScriptPath);
+        scriptPath = realpathSync5(rawScriptPath);
     } catch {}
     if (scriptPath) {
       try {
-        cliBuiltAt = new Date(statSync21(scriptPath).mtimeMs).toISOString();
+        cliBuiltAt = new Date(statSync22(scriptPath).mtimeMs).toISOString();
       } catch {}
-      let dir = dirname12(scriptPath);
+      let dir = dirname13(scriptPath);
       for (let i = 0;i < 8; i++) {
         const pkgPath = join42(dir, "package.json");
-        if (existsSync47(pkgPath)) {
+        if (existsSync48(pkgPath)) {
           try {
             const pkg = JSON.parse(readFileSync45(pkgPath, "utf-8"));
             if (typeof pkg.version === "string")
@@ -68661,7 +69026,7 @@ function defaultStatusProbe(composePath) {
           }
           break;
         }
-        const parent = dirname12(dir);
+        const parent = dirname13(dir);
         if (parent === dir)
           break;
         dir = parent;
@@ -68674,13 +69039,13 @@ function defaultStatusProbe(composePath) {
     warnings.push("could not resolve CLI version (no package.json found above the resolved script path)");
   }
   const services = [];
-  if (!existsSync47(composePath)) {
+  if (!existsSync48(composePath)) {
     warnings.push(`compose file not found at ${composePath}; service status unknown`);
     return { cliVersion, cliBuiltAt, services, warnings };
   }
   let serviceList = [];
   try {
-    const r = spawnSync7("docker", ["compose", "-p", "switchroom", "-f", composePath, "config", "--services"], { encoding: "utf-8", timeout: 1e4 });
+    const r = spawnSync8("docker", ["compose", "-p", "switchroom", "-f", composePath, "config", "--services"], { encoding: "utf-8", timeout: 1e4 });
     if (r.status !== 0) {
       warnings.push(`docker compose config --services failed: ${r.stderr?.trim() ?? r.error?.message ?? "unknown"}`);
       return { cliVersion, cliBuiltAt, services, warnings };
@@ -68697,7 +69062,7 @@ function defaultStatusProbe(composePath) {
     let containerCreatedAt = null;
     let status = "<unknown>";
     try {
-      const r = spawnSync7("docker", ["inspect", "-f", "{{.Config.Image}}|{{.Created}}|{{.State.Status}}", containerName2], { encoding: "utf-8", timeout: 5000 });
+      const r = spawnSync8("docker", ["inspect", "-f", "{{.Config.Image}}|{{.Created}}|{{.State.Status}}", containerName2], { encoding: "utf-8", timeout: 5000 });
       if (r.status === 0) {
         const [img, created, st] = r.stdout.trim().split("|");
         image = img ?? null;
@@ -68713,7 +69078,7 @@ function defaultStatusProbe(composePath) {
     let imagePulledAt = null;
     if (image) {
       try {
-        const r = spawnSync7("docker", ["image", "inspect", "-f", "{{.Id}}|{{.Created}}|{{.Metadata.LastTagTime}}", image], { encoding: "utf-8", timeout: 5000 });
+        const r = spawnSync8("docker", ["image", "inspect", "-f", "{{.Id}}|{{.Created}}|{{.Metadata.LastTagTime}}", image], { encoding: "utf-8", timeout: 5000 });
         if (r.status === 0) {
           const [id, created, lastTag] = r.stdout.trim().split("|");
           imageDigestShort = id?.replace(/^sha256:/, "").slice(0, 12) ?? null;
@@ -68798,6 +69163,14 @@ async function runUpdate(opts) {
 `));
     return 2;
   }
+  if (opts.rebuild) {
+    const refusal = rebuildRefusalMessage(opts.scriptPath ?? process.argv[1] ?? "");
+    if (refusal) {
+      stderr(source_default.red(refusal + `
+`));
+      return 2;
+    }
+  }
   const steps = planUpdate(opts);
   if (opts.check) {
     stdout(source_default.bold(`switchroom update --check (dry-run)
@@ -68835,7 +69208,7 @@ Dry-run only; nothing was changed. Re-run without --check to apply.
   return 0;
 }
 function registerUpdateCommand(program3) {
-  program3.command("update").description("Update switchroom on this host: pull images, refresh scaffolds, recreate containers. Wraps the full `pull && apply && up -d` flow.").option("--check", "Dry-run: print the steps that would execute, exit 0.").option("--skip-images", "Skip the docker image pull (offline mode).").option("--rebuild", "Source-checkout users: also git pull + bun install + npm run build before applying. Auto-skipped when the CLI is an installed binary.").option("--status", "Read-only snapshot: report local CLI version, image digest + pull time, container creation time per service. Does NOT invoke any update steps. Wired by Telegram /upgrade-status (#927).").option("--json", "Output as JSON (currently only honored under --status; other modes ignore).").addOption(new Option("--channel <c>", "Override the resolved release block for this update run: follow the named channel (dev|rc|latest). Mutually exclusive with --pin.").choices(["dev", "rc", "latest"]).conflicts("pin")).addOption(new Option("--pin <p>", "Override the resolved release block for this update run: pin to a specific build (sha-<7-40 hex> or v<semver>). Mutually exclusive with --channel.").conflicts("channel")).option("--force", "[legacy v0.6 no-op]").option("--no-restart", "[legacy v0.6 no-op]").option("--resume <file>", "[legacy v0.6 no-op]").option("--phase <phase>", "[legacy v0.6 no-op]").action(async (opts) => {
+  program3.command("update").description("Update switchroom on this host: pull images, refresh scaffolds, recreate containers. Wraps the full `pull && apply && up -d` flow.").option("--check", "Dry-run: print the steps that would execute, exit 0.").option("--skip-images", "Skip the docker image pull (offline mode).").option("--rebuild", "Source-checkout / maintainer only: git pull + bun install + npm run build before applying. REFUSED on a published install \u2014 use `npm i -g switchroom@latest && switchroom update` there.").option("--status", "Read-only snapshot: report local CLI version, image digest + pull time, container creation time per service. Does NOT invoke any update steps. Wired by Telegram /upgrade-status (#927).").option("--json", "Output as JSON (currently only honored under --status; other modes ignore).").addOption(new Option("--channel <c>", "Override the resolved release block for this update run: follow the named channel (dev|rc|latest). Mutually exclusive with --pin.").choices(["dev", "rc", "latest"]).conflicts("pin")).addOption(new Option("--pin <p>", "Override the resolved release block for this update run: pin to a specific build (sha-<7-40 hex> or v<semver>). Mutually exclusive with --channel.").conflicts("channel")).option("--force", "[legacy v0.6 no-op]").option("--no-restart", "[legacy v0.6 no-op]").option("--resume <file>", "[legacy v0.6 no-op]").option("--phase <phase>", "[legacy v0.6 no-op]").action(async (opts) => {
     if (opts.pin && !/^(sha-[0-9a-f]{7,40}|v\d+\.\d+\.\d+)$/.test(opts.pin)) {
       console.error(source_default.red(`--pin "${opts.pin}" is invalid. Expected sha-<7-40 hex> or v<semver>.`));
       process.exit(2);
@@ -68861,8 +69234,8 @@ init_source();
 init_helpers();
 init_lifecycle();
 import { execSync as execSync4 } from "node:child_process";
-import { existsSync as existsSync48, readFileSync as readFileSync46 } from "node:fs";
-import { dirname as dirname13, join as join43 } from "node:path";
+import { existsSync as existsSync49, readFileSync as readFileSync46 } from "node:fs";
+import { dirname as dirname14, join as join43 } from "node:path";
 function getClaudeCodeVersion() {
   try {
     const out = execSync4("claude --version 2>/dev/null", {
@@ -68913,15 +69286,15 @@ function locateSwitchroomInstallDir() {
   let dir = import.meta.dirname;
   for (let i = 0;i < 10 && dir && dir !== "/"; i++) {
     const pkgPath = join43(dir, "package.json");
-    if (existsSync48(pkgPath)) {
+    if (existsSync49(pkgPath)) {
       try {
         const pkg = JSON.parse(readFileSync46(pkgPath, "utf-8"));
-        if (pkg.name === "switchroom" && existsSync48(join43(dir, ".git"))) {
+        if (pkg.name === "switchroom" && existsSync49(join43(dir, ".git"))) {
           return dir;
         }
       } catch {}
     }
-    dir = dirname13(dir);
+    dir = dirname14(dir);
   }
   return null;
 }
@@ -69135,13 +69508,13 @@ function registerHandoffCommand(program3) {
 // src/issues/store.ts
 import {
   closeSync as closeSync10,
-  existsSync as existsSync49,
+  existsSync as existsSync50,
   mkdirSync as mkdirSync28,
   openSync as openSync10,
   readdirSync as readdirSync18,
   readFileSync as readFileSync47,
   renameSync as renameSync10,
-  statSync as statSync22,
+  statSync as statSync23,
   unlinkSync as unlinkSync10,
   writeFileSync as writeFileSync25,
   writeSync as writeSync6
@@ -69467,7 +69840,7 @@ var ISSUES_FILE = "issues.jsonl";
 var ISSUES_LOCK = "issues.lock";
 function readAll(stateDir) {
   const path4 = join44(stateDir, ISSUES_FILE);
-  if (!existsSync49(path4))
+  if (!existsSync50(path4))
     return [];
   let raw;
   try {
@@ -69544,7 +69917,7 @@ function record(stateDir, input, nowFn = Date.now) {
   });
 }
 function resolve33(stateDir, fingerprint, nowFn = Date.now) {
-  if (!existsSync49(join44(stateDir, ISSUES_FILE)))
+  if (!existsSync50(join44(stateDir, ISSUES_FILE)))
     return 0;
   return withLock(stateDir, () => {
     const all = readAll(stateDir);
@@ -69562,7 +69935,7 @@ function resolve33(stateDir, fingerprint, nowFn = Date.now) {
   });
 }
 function resolveAllBySource(stateDir, source, nowFn = Date.now) {
-  if (!existsSync49(join44(stateDir, ISSUES_FILE)))
+  if (!existsSync50(join44(stateDir, ISSUES_FILE)))
     return 0;
   return withLock(stateDir, () => {
     const all = readAll(stateDir);
@@ -69580,7 +69953,7 @@ function resolveAllBySource(stateDir, source, nowFn = Date.now) {
   });
 }
 function prune(stateDir, opts = {}) {
-  if (!existsSync49(join44(stateDir, ISSUES_FILE)))
+  if (!existsSync50(join44(stateDir, ISSUES_FILE)))
     return 0;
   return withLock(stateDir, () => {
     const all = readAll(stateDir);
@@ -69637,7 +70010,7 @@ function sweepOrphanTmpFiles(stateDir) {
       continue;
     const tmpPath = join44(stateDir, entry);
     try {
-      const stat = statSync22(tmpPath);
+      const stat = statSync23(tmpPath);
       if (stat.mtimeMs < cutoff) {
         unlinkSync10(tmpPath);
       }
@@ -69930,20 +70303,20 @@ function relTime(deltaMs) {
 
 // src/cli/deps.ts
 init_source();
-import { existsSync as existsSync52 } from "node:fs";
+import { existsSync as existsSync53 } from "node:fs";
 import { homedir as homedir25 } from "node:os";
 import { join as join47, resolve as resolve34 } from "node:path";
 
 // src/deps/python.ts
 import { createHash as createHash9 } from "node:crypto";
 import {
-  existsSync as existsSync50,
+  existsSync as existsSync51,
   mkdirSync as mkdirSync29,
   readFileSync as readFileSync48,
   rmSync as rmSync13,
   writeFileSync as writeFileSync26
 } from "node:fs";
-import { dirname as dirname14, join as join45 } from "node:path";
+import { dirname as dirname15, join as join45 } from "node:path";
 import { homedir as homedir23 } from "node:os";
 import { execFileSync as execFileSync14 } from "node:child_process";
 
@@ -69965,7 +70338,7 @@ function ensurePythonEnv(opts) {
   const { skillName, requirementsPath, force = false } = opts;
   const cacheRoot = opts.cacheRoot ?? defaultPythonCacheRoot();
   const hostPython = opts.pythonBin ?? "python3";
-  if (!existsSync50(requirementsPath)) {
+  if (!existsSync51(requirementsPath)) {
     throw new PythonEnvError(`requirements file not found: ${requirementsPath}`);
   }
   const venvDir = join45(cacheRoot, skillName);
@@ -69974,7 +70347,7 @@ function ensurePythonEnv(opts) {
   const pythonBin = join45(binDir, "python");
   const pipBin = join45(binDir, "pip");
   const targetHash = hashFile(requirementsPath);
-  if (!force && existsSync50(stampPath) && existsSync50(pythonBin)) {
+  if (!force && existsSync51(stampPath) && existsSync51(pythonBin)) {
     const existingHash = readFileSync48(stampPath, "utf8").trim();
     if (existingHash === targetHash) {
       return {
@@ -69987,10 +70360,10 @@ function ensurePythonEnv(opts) {
       };
     }
   }
-  if (existsSync50(venvDir)) {
+  if (existsSync51(venvDir)) {
     rmSync13(venvDir, { recursive: true, force: true });
   }
-  mkdirSync29(dirname14(venvDir), { recursive: true });
+  mkdirSync29(dirname15(venvDir), { recursive: true });
   try {
     execFileSync14(hostPython, ["-m", "venv", venvDir], { stdio: "pipe" });
   } catch (err) {
@@ -70025,13 +70398,13 @@ function ensurePythonEnv(opts) {
 import { createHash as createHash10 } from "node:crypto";
 import {
   copyFileSync as copyFileSync9,
-  existsSync as existsSync51,
+  existsSync as existsSync52,
   mkdirSync as mkdirSync30,
   readFileSync as readFileSync49,
   rmSync as rmSync14,
   writeFileSync as writeFileSync27
 } from "node:fs";
-import { dirname as dirname15, join as join46 } from "node:path";
+import { dirname as dirname16, join as join46 } from "node:path";
 import { homedir as homedir24 } from "node:os";
 import { execFileSync as execFileSync15 } from "node:child_process";
 
@@ -70058,14 +70431,14 @@ function defaultNodeCacheRoot() {
   return join46(homedir24(), ".switchroom", "deps", "node");
 }
 function hashDepInputs(packageJsonPath) {
-  const sourceDir = dirname15(packageJsonPath);
+  const sourceDir = dirname16(packageJsonPath);
   const hasher = createHash10("sha256");
   hasher.update(`package.json
 `);
   hasher.update(readFileSync49(packageJsonPath));
   for (const lockName of ALL_LOCKFILES) {
     const lockPath = join46(sourceDir, lockName);
-    if (existsSync51(lockPath)) {
+    if (existsSync52(lockPath)) {
       hasher.update(`
 `);
       hasher.update(lockName);
@@ -70080,16 +70453,16 @@ function ensureNodeEnv(opts) {
   const { skillName, packageJsonPath, force = false } = opts;
   const cacheRoot = opts.cacheRoot ?? defaultNodeCacheRoot();
   const installer = opts.installer ?? "bun";
-  if (!existsSync51(packageJsonPath)) {
+  if (!existsSync52(packageJsonPath)) {
     throw new NodeEnvError(`package.json not found: ${packageJsonPath}`);
   }
-  const sourceDir = dirname15(packageJsonPath);
+  const sourceDir = dirname16(packageJsonPath);
   const envDir = join46(cacheRoot, skillName);
   const stampPath = join46(envDir, ".package.sha256");
   const nodeModulesDir = join46(envDir, "node_modules");
   const binDir = join46(nodeModulesDir, ".bin");
   const targetHash = hashDepInputs(packageJsonPath);
-  if (!force && existsSync51(stampPath) && existsSync51(nodeModulesDir)) {
+  if (!force && existsSync52(stampPath) && existsSync52(nodeModulesDir)) {
     const existingHash = readFileSync49(stampPath, "utf8").trim();
     if (existingHash === targetHash) {
       return {
@@ -70101,7 +70474,7 @@ function ensureNodeEnv(opts) {
       };
     }
   }
-  if (existsSync51(envDir)) {
+  if (existsSync52(envDir)) {
     rmSync14(envDir, { recursive: true, force: true });
   }
   mkdirSync30(envDir, { recursive: true });
@@ -70109,7 +70482,7 @@ function ensureNodeEnv(opts) {
   let copiedLockfile = false;
   for (const lockName of LOCKFILES_FOR[installer]) {
     const lockPath = join46(sourceDir, lockName);
-    if (existsSync51(lockPath)) {
+    if (existsSync52(lockPath)) {
       copyFileSync9(lockPath, join46(envDir, lockName));
       copiedLockfile = true;
     }
@@ -70145,22 +70518,22 @@ function registerDepsCommand(program3) {
   const deps = program3.command("deps").description("Manage cached per-skill dependency environments");
   deps.command("rebuild <skill>").description("Rebuild the Python venv and/or Node node_modules cache for a skill").option("-p, --python", "Rebuild only the Python env").option("-n, --node", "Rebuild only the Node env").action(async (skill, opts) => {
     const skillsRoot = builtinSkillsRoot();
-    if (!existsSync52(skillsRoot)) {
+    if (!existsSync53(skillsRoot)) {
       console.error(source_default.red(`Bundled skills pool dir not found at ${skillsRoot} \u2014 run \`switchroom update\` to install it.`));
       process.exit(1);
     }
     const skillDir = join47(skillsRoot, skill);
-    if (!existsSync52(skillDir)) {
+    if (!existsSync53(skillDir)) {
       console.error(source_default.red(`Unknown skill: ${skill} (no dir at ${skillDir})`));
       process.exit(1);
     }
     const requirementsPath = join47(skillDir, "requirements.txt");
     const packageJsonPath = join47(skillDir, "package.json");
-    const wantPython = opts.python ?? (!opts.python && !opts.node && existsSync52(requirementsPath));
-    const wantNode = opts.node ?? (!opts.python && !opts.node && existsSync52(packageJsonPath));
+    const wantPython = opts.python ?? (!opts.python && !opts.node && existsSync53(requirementsPath));
+    const wantNode = opts.node ?? (!opts.python && !opts.node && existsSync53(packageJsonPath));
     let did = 0;
     if (wantPython) {
-      if (!existsSync52(requirementsPath)) {
+      if (!existsSync53(requirementsPath)) {
         console.error(source_default.red(`Skill "${skill}" has no requirements.txt at ${requirementsPath}`));
         process.exit(1);
       }
@@ -70184,7 +70557,7 @@ function registerDepsCommand(program3) {
       }
     }
     if (wantNode) {
-      if (!existsSync52(packageJsonPath)) {
+      if (!existsSync53(packageJsonPath)) {
         console.error(source_default.red(`Skill "${skill}" has no package.json at ${packageJsonPath}`));
         process.exit(1);
       }
@@ -70217,9 +70590,9 @@ function registerDepsCommand(program3) {
 // src/cli/workspace.ts
 init_helpers();
 init_loader();
-import { existsSync as existsSync53 } from "node:fs";
+import { existsSync as existsSync54 } from "node:fs";
 import { resolve as resolve35, sep as sep2 } from "node:path";
-import { spawnSync as spawnSync8 } from "node:child_process";
+import { spawnSync as spawnSync9 } from "node:child_process";
 
 // src/agents/workspace.ts
 import { readFile, stat } from "node:fs/promises";
@@ -70932,7 +71305,7 @@ function registerWorkspaceCommand(program3) {
       process.exit(1);
     }
     const editor = process.env["EDITOR"] ?? process.env["VISUAL"] ?? "vi";
-    const child = spawnSync8(editor, [target], { stdio: "inherit" });
+    const child = spawnSync9(editor, [target], { stdio: "inherit" });
     if (child.status !== 0 && child.status !== null) {
       process.exit(child.status);
     }
@@ -70994,12 +71367,12 @@ function registerWorkspaceCommand(program3) {
     if (!dir)
       return;
     const gitDir = resolve35(dir, ".git");
-    if (!existsSync53(gitDir)) {
+    if (!existsSync54(gitDir)) {
       process.stdout.write(`Workspace is not a git repository. Re-run \`switchroom agent create ${agentName}\` ` + `or manually \`git init\` in ${dir} to enable versioning.
 `);
       return;
     }
-    const statusResult = spawnSync8("git", ["status", "--short"], {
+    const statusResult = spawnSync9("git", ["status", "--short"], {
       cwd: dir,
       encoding: "utf-8"
     });
@@ -71014,7 +71387,7 @@ function registerWorkspaceCommand(program3) {
       return;
     }
     const message = opts.message || `checkpoint: ${new Date().toISOString()}`;
-    const addResult = spawnSync8("git", ["add", "-A"], {
+    const addResult = spawnSync9("git", ["add", "-A"], {
       cwd: dir,
       encoding: "utf-8"
     });
@@ -71023,7 +71396,7 @@ function registerWorkspaceCommand(program3) {
 `);
       process.exit(1);
     }
-    const commitResult = spawnSync8("git", ["commit", "-m", message], {
+    const commitResult = spawnSync9("git", ["commit", "-m", message], {
       cwd: dir,
       encoding: "utf-8"
     });
@@ -71032,7 +71405,7 @@ function registerWorkspaceCommand(program3) {
 `);
       process.exit(1);
     }
-    const shaResult = spawnSync8("git", ["rev-parse", "--short", "HEAD"], {
+    const shaResult = spawnSync9("git", ["rev-parse", "--short", "HEAD"], {
       cwd: dir,
       encoding: "utf-8"
     });
@@ -71048,12 +71421,12 @@ function registerWorkspaceCommand(program3) {
     if (!dir)
       return;
     const gitDir = resolve35(dir, ".git");
-    if (!existsSync53(gitDir)) {
+    if (!existsSync54(gitDir)) {
       process.stdout.write(`Workspace is not a git repository.
 `);
       return;
     }
-    const child = spawnSync8("git", ["status", "--short"], {
+    const child = spawnSync9("git", ["status", "--short"], {
       cwd: dir,
       stdio: "inherit"
     });
@@ -71073,7 +71446,7 @@ function resolveAgentWorkspaceDirOrExit(program3, agentName) {
   const agentsDir = resolveAgentsDir(config);
   const agentDir = resolve35(agentsDir, agentName);
   const dir = resolveAgentWorkspaceDir(agentDir);
-  if (!existsSync53(dir)) {
+  if (!existsSync54(dir)) {
     process.stderr.write(`workspace: ${dir} does not exist yet. Run \`switchroom setup\` or \`switchroom agent scaffold ${agentName}\` to seed it.
 `);
     return;
@@ -71109,7 +71482,7 @@ function safeParseInt(value, fallback) {
 init_helpers();
 init_loader();
 init_merge();
-import { copyFileSync as copyFileSync10, existsSync as existsSync54, readFileSync as readFileSync50, writeFileSync as writeFileSync28 } from "node:fs";
+import { copyFileSync as copyFileSync10, existsSync as existsSync55, readFileSync as readFileSync50, writeFileSync as writeFileSync28 } from "node:fs";
 import { join as join48, resolve as resolve36 } from "node:path";
 init_schema();
 function resolveSoulTargetOrExit(program3, agentName) {
@@ -71125,7 +71498,7 @@ function resolveSoulTargetOrExit(program3, agentName) {
   const agentsDir = resolveAgentsDir(config);
   const agentDir = resolve36(agentsDir, agentName);
   const workspaceDir = resolveAgentWorkspaceDir(agentDir);
-  if (!existsSync54(workspaceDir)) {
+  if (!existsSync55(workspaceDir)) {
     console.error(`soul: ${workspaceDir} does not exist yet. Run \`switchroom setup\` ` + `or \`switchroom agent scaffold ${agentName}\` to seed it.`);
     process.exit(1);
   }
@@ -71151,7 +71524,7 @@ function registerSoulCommand(program3) {
     const t = resolveSoulTargetOrExit(program3, agentName);
     if (!t)
       return;
-    if (!existsSync54(t.soulPath)) {
+    if (!existsSync55(t.soulPath)) {
       console.error(`soul: ${t.soulPath} does not exist yet \u2014 run ` + `\`switchroom soul reset ${agentName}\` to seed it.`);
       process.exit(1);
     }
@@ -71166,7 +71539,7 @@ function registerSoulCommand(program3) {
       console.error(`soul: profile "${t.profileName}" ships no SOUL.md.hbs \u2014 ` + `nothing to re-seed from.`);
       process.exit(1);
     }
-    const exists = existsSync54(t.soulPath);
+    const exists = existsSync55(t.soulPath);
     if (exists && !opts.yes) {
       if (!isInteractive()) {
         console.error(`soul: ${t.soulPath} already exists. Re-run with --yes to ` + `replace it (the current file is backed up to SOUL.md.bak).`);
@@ -71181,7 +71554,7 @@ function registerSoulCommand(program3) {
     let backupPath;
     if (exists) {
       backupPath = `${t.soulPath}.bak`;
-      if (existsSync54(backupPath)) {
+      if (existsSync55(backupPath)) {
         backupPath = `${t.soulPath}.bak.${Date.now()}`;
       }
       copyFileSync10(t.soulPath, backupPath);
@@ -71200,7 +71573,7 @@ function registerSoulCommand(program3) {
 // src/cli/debug.ts
 init_helpers();
 init_loader();
-import { existsSync as existsSync55, readFileSync as readFileSync51, readdirSync as readdirSync19, statSync as statSync23 } from "node:fs";
+import { existsSync as existsSync56, readFileSync as readFileSync51, readdirSync as readdirSync19, statSync as statSync24 } from "node:fs";
 import { resolve as resolve37, join as join49 } from "node:path";
 import { createHash as createHash11 } from "node:crypto";
 init_merge();
@@ -71216,7 +71589,7 @@ function sha256(content) {
 }
 function findLatestTranscriptJsonl(claudeConfigDir) {
   const projectsDir = join49(claudeConfigDir, "projects");
-  if (!existsSync55(projectsDir))
+  if (!existsSync56(projectsDir))
     return;
   try {
     const entries = readdirSync19(projectsDir, { withFileTypes: true });
@@ -71226,9 +71599,9 @@ function findLatestTranscriptJsonl(claudeConfigDir) {
         continue;
       const projectPath = join49(projectsDir, entry.name);
       const transcriptPath = join49(projectPath, "transcript.jsonl");
-      if (!existsSync55(transcriptPath))
+      if (!existsSync56(transcriptPath))
         continue;
-      const stat3 = statSync23(transcriptPath);
+      const stat3 = statSync24(transcriptPath);
       if (!latest || stat3.mtimeMs > latest.mtime) {
         latest = { path: transcriptPath, mtime: stat3.mtimeMs };
       }
@@ -71289,7 +71662,7 @@ function registerDebugCommand(program3) {
     }
     const agentsDir = resolveAgentsDir(config);
     const agentDir = resolve37(agentsDir, agentName);
-    if (!existsSync55(agentDir)) {
+    if (!existsSync56(agentDir)) {
       console.error(`Agent directory not found: ${agentDir}`);
       process.exit(1);
     }
@@ -71344,7 +71717,7 @@ function registerDebugCommand(program3) {
     }
     console.log(`=== Append System Prompt (per-session) ===
 `);
-    const handoffContent = existsSync55(handoffPath) ? readFileSync51(handoffPath, "utf-8") : "";
+    const handoffContent = existsSync56(handoffPath) ? readFileSync51(handoffPath, "utf-8") : "";
     if (handoffContent.trim().length > 0) {
       console.log(`-- Handoff Briefing (${formatBytes(handoffContent.length)}) --`);
       console.log(handoffContent);
@@ -71355,7 +71728,7 @@ function registerDebugCommand(program3) {
     }
     console.log(`=== CLAUDE.md (auto-loaded by Claude Code) ===
 `);
-    const claudeMdContent = existsSync55(claudeMdPath) ? readFileSync51(claudeMdPath, "utf-8") : "";
+    const claudeMdContent = existsSync56(claudeMdPath) ? readFileSync51(claudeMdPath, "utf-8") : "";
     if (claudeMdContent.trim().length > 0) {
       console.log(`(${formatBytes(claudeMdContent.length)})`);
       console.log(claudeMdContent);
@@ -71366,7 +71739,7 @@ function registerDebugCommand(program3) {
     }
     console.log(`=== Persona (SOUL.md) ===
 `);
-    const soulMdContent = existsSync55(soulMdPath) ? readFileSync51(soulMdPath, "utf-8") : existsSync55(workspaceSoulMdPath) ? readFileSync51(workspaceSoulMdPath, "utf-8") : "";
+    const soulMdContent = existsSync56(soulMdPath) ? readFileSync51(soulMdPath, "utf-8") : existsSync56(workspaceSoulMdPath) ? readFileSync51(workspaceSoulMdPath, "utf-8") : "";
     if (soulMdContent.trim().length > 0) {
       console.log(`(${formatBytes(soulMdContent.length)})`);
       console.log(soulMdContent);
@@ -71447,7 +71820,7 @@ init_source();
 
 // src/worktree/claim.ts
 import { execFileSync as execFileSync16 } from "node:child_process";
-import { closeSync as closeSync11, mkdirSync as mkdirSync32, openSync as openSync11, existsSync as existsSync57, unlinkSync as unlinkSync12 } from "node:fs";
+import { closeSync as closeSync11, mkdirSync as mkdirSync32, openSync as openSync11, existsSync as existsSync58, unlinkSync as unlinkSync12 } from "node:fs";
 import { join as join51, resolve as resolve39 } from "node:path";
 import { homedir as homedir27 } from "node:os";
 import { randomBytes as randomBytes11 } from "node:crypto";
@@ -71459,7 +71832,7 @@ import {
   readFileSync as readFileSync52,
   readdirSync as readdirSync20,
   unlinkSync as unlinkSync11,
-  existsSync as existsSync56,
+  existsSync as existsSync57,
   renameSync as renameSync11
 } from "node:fs";
 import { join as join50, resolve as resolve38 } from "node:path";
@@ -71573,7 +71946,7 @@ function expandHome(p) {
 }
 async function claimWorktree(input, codeRepos) {
   const repoPath = resolveRepoPath(input.repo, codeRepos);
-  if (!existsSync57(repoPath)) {
+  if (!existsSync58(repoPath)) {
     throw new Error(`Repository path does not exist: ${repoPath}`);
   }
   let concurrencyCap = DEFAULT_CONCURRENCY;
@@ -71627,7 +72000,7 @@ async function claimWorktree(input, codeRepos) {
 
 // src/worktree/release.ts
 import { execFileSync as execFileSync17 } from "node:child_process";
-import { existsSync as existsSync58 } from "node:fs";
+import { existsSync as existsSync59 } from "node:fs";
 function releaseWorktree(input) {
   const { id } = input;
   const record2 = readRecord(id);
@@ -71635,7 +72008,7 @@ function releaseWorktree(input) {
     return { released: true };
   }
   let gitSuccess = true;
-  if (existsSync58(record2.path)) {
+  if (existsSync59(record2.path)) {
     try {
       execFileSync17("git", ["worktree", "remove", "--force", record2.path], {
         cwd: record2.repo,
@@ -71674,7 +72047,7 @@ function listWorktrees() {
 
 // src/worktree/reaper.ts
 import { execFileSync as execFileSync18 } from "node:child_process";
-import { existsSync as existsSync59 } from "node:fs";
+import { existsSync as existsSync60 } from "node:fs";
 var STALE_THRESHOLD_MS = 10 * 60 * 1000;
 function isPathInUse(path7) {
   try {
@@ -71701,7 +72074,7 @@ function hasUncommittedChanges(repoPath, worktreePath) {
 function reapRecord(record2) {
   const { id, path: path7, repo, branch, ownerAgent } = record2;
   let warning = null;
-  if (existsSync59(path7)) {
+  if (existsSync60(path7)) {
     if (hasUncommittedChanges(repo, path7)) {
       warning = `[worktree-reaper] Reaped worktree with uncommitted changes: ` + `id=${id} branch=${branch} agent=${ownerAgent ?? "unknown"} path=${path7}`;
     }
@@ -71722,7 +72095,7 @@ function runReaper(nowMs) {
   const warnings = [];
   for (const record2 of records) {
     const heartbeatAge = now - new Date(record2.heartbeatAt).getTime();
-    const worktreeExists = existsSync59(record2.path);
+    const worktreeExists = existsSync60(record2.path);
     if (!worktreeExists) {
       deleteRecord(record2.id);
       reaped.push(record2.id);
@@ -72177,7 +72550,7 @@ function registerDriveMcpLauncherCommand(program3) {
 
 // src/cli/apply.ts
 init_source();
-import { accessSync as accessSync2, constants as fsConstants5, copyFileSync as copyFileSync11, existsSync as existsSync62, mkdirSync as mkdirSync35, readdirSync as readdirSync22, renameSync as renameSync12, writeFileSync as writeFileSync32 } from "node:fs";
+import { accessSync as accessSync3, constants as fsConstants6, copyFileSync as copyFileSync11, existsSync as existsSync64, mkdirSync as mkdirSync35, readdirSync as readdirSync23, renameSync as renameSync12, writeFileSync as writeFileSync32 } from "node:fs";
 import { mkdir, writeFile } from "node:fs/promises";
 import { spawnSync as childSpawnSync } from "node:child_process";
 import readline from "node:readline";
@@ -72522,7 +72895,7 @@ agents:
 
 // src/cli/apply.ts
 init_resolver();
-import { dirname as dirname18, join as join55, resolve as resolve41 } from "node:path";
+import { dirname as dirname19, join as join56, resolve as resolve41 } from "node:path";
 import { homedir as homedir29 } from "node:os";
 import { execFileSync as execFileSync19 } from "node:child_process";
 init_vault();
@@ -72530,7 +72903,7 @@ init_loader();
 init_loader();
 
 // src/cli/update-prompt-hook.ts
-import { existsSync as existsSync60, readFileSync as readFileSync53, writeFileSync as writeFileSync31, chmodSync as chmodSync10, mkdirSync as mkdirSync34 } from "node:fs";
+import { existsSync as existsSync61, readFileSync as readFileSync53, writeFileSync as writeFileSync31, chmodSync as chmodSync10, mkdirSync as mkdirSync34 } from "node:fs";
 import { join as join53 } from "node:path";
 var HOOK_FILENAME = "update-card-on-prompt.sh";
 function updatePromptHookScript() {
@@ -72602,7 +72975,7 @@ function installUpdatePromptHook(agentDir) {
   const scriptPath = join53(hooksDir, HOOK_FILENAME);
   const desired = updatePromptHookScript();
   let installed = false;
-  const existing = existsSync60(scriptPath) ? readFileSync53(scriptPath, "utf-8") : "";
+  const existing = existsSync61(scriptPath) ? readFileSync53(scriptPath, "utf-8") : "";
   if (existing !== desired) {
     writeFileSync31(scriptPath, desired, { mode: 493 });
     chmodSync10(scriptPath, 493);
@@ -72613,7 +72986,7 @@ function installUpdatePromptHook(agentDir) {
     } catch {}
   }
   const settingsPath = join53(agentDir, ".claude", "settings.json");
-  if (!existsSync60(settingsPath)) {
+  if (!existsSync61(settingsPath)) {
     return { scriptPath, settingsPath, installed };
   }
   const raw = readFileSync53(settingsPath, "utf-8");
@@ -72729,24 +73102,114 @@ function detectInstallType() {
   }
 }
 
+// src/cli/operator-uid.ts
+import {
+  chownSync as chownSync2,
+  existsSync as existsSync63,
+  lstatSync as lstatSync7,
+  readdirSync as readdirSync22,
+  realpathSync as realpathSync6,
+  statSync as statSync25
+} from "node:fs";
+import { join as join55 } from "node:path";
+function resolveOperatorUid() {
+  const sudoUid = process.env.SUDO_UID;
+  if (sudoUid !== undefined) {
+    const parsed = parseInt(sudoUid, 10);
+    if (Number.isFinite(parsed) && parsed > 0)
+      return parsed;
+  }
+  if (typeof process.getuid === "function") {
+    const uid = process.getuid();
+    if (uid > 0)
+      return uid;
+  }
+  return;
+}
+function operatorOwnedPaths(home2) {
+  const root = join55(home2, ".switchroom");
+  return [
+    join55(root, "vault"),
+    join55(root, "vault-auto-unlock"),
+    join55(root, "vault-audit.log"),
+    join55(root, "host-control-audit.log"),
+    join55(root, "accounts"),
+    join55(root, "compose")
+  ];
+}
+function restoreOperatorOwnership(home2, operatorUid, deps = {}) {
+  const chown = deps.chown ?? ((p, u, g) => chownSync2(p, u, g));
+  const exists = deps.exists ?? ((p) => existsSync63(p));
+  const isSymlink = deps.isSymlink ?? ((p) => {
+    try {
+      return lstatSync7(p).isSymbolicLink();
+    } catch {
+      return false;
+    }
+  });
+  const isDir = deps.isDir ?? ((p) => {
+    try {
+      return statSync25(p).isDirectory();
+    } catch {
+      return false;
+    }
+  });
+  const realpath2 = deps.realpath ?? ((p) => {
+    try {
+      return realpathSync6(p);
+    } catch {
+      return p;
+    }
+  });
+  const readdir2 = deps.readdir ?? ((p) => {
+    try {
+      return readdirSync22(p);
+    } catch {
+      return [];
+    }
+  });
+  const chowned = [];
+  const seen = new Set;
+  const visit = (path8) => {
+    if (!exists(path8))
+      return;
+    const target = isSymlink(path8) ? realpath2(path8) : path8;
+    if (seen.has(target))
+      return;
+    seen.add(target);
+    try {
+      chown(target, operatorUid, operatorUid);
+      chowned.push(target);
+    } catch {}
+    if (isDir(target)) {
+      for (const entry of readdir2(target)) {
+        visit(join55(target, entry));
+      }
+    }
+  };
+  for (const p of operatorOwnedPaths(home2))
+    visit(p);
+  return chowned;
+}
+
 // src/cli/apply.ts
 var EMBEDDED_EXAMPLES = {
   switchroom: switchroom_default,
   minimal: minimal_default
 };
-var DEFAULT_COMPOSE_PATH2 = join55(homedir29(), ".switchroom", "compose", "docker-compose.yml");
+var DEFAULT_COMPOSE_PATH2 = join56(homedir29(), ".switchroom", "compose", "docker-compose.yml");
 var COMPOSE_PROJECT2 = "switchroom";
 function resolveVaultBindMountDir(homeDir, ctx) {
   const isCustomPath = ctx.migrationKind === "custom-path-skipped";
   if (isCustomPath && ctx.customVaultPath) {
-    return dirname18(ctx.customVaultPath);
+    return dirname19(ctx.customVaultPath);
   }
-  return join55(homeDir, ".switchroom", "vault");
+  return join56(homeDir, ".switchroom", "vault");
 }
 function inspectVaultBindMountDir(vaultDir) {
-  if (!existsSync62(vaultDir))
+  if (!existsSync64(vaultDir))
     return { kind: "missing" };
-  const entries = readdirSync22(vaultDir);
+  const entries = readdirSync23(vaultDir);
   const unknown = [];
   for (const name of entries) {
     if (KNOWN_VAULT_ARTIFACT_NAMES.has(name))
@@ -72772,30 +73235,30 @@ function hasVaultRefs(value) {
 async function ensureHostMountSources(config) {
   const home2 = homedir29();
   const dirs = [
-    join55(home2, ".switchroom", "approvals"),
-    join55(home2, ".switchroom", "scheduler"),
-    join55(home2, ".switchroom", "logs"),
-    join55(home2, ".switchroom", "compose"),
-    join55(home2, ".switchroom", "broker-operator")
+    join56(home2, ".switchroom", "approvals"),
+    join56(home2, ".switchroom", "scheduler"),
+    join56(home2, ".switchroom", "logs"),
+    join56(home2, ".switchroom", "compose"),
+    join56(home2, ".switchroom", "broker-operator")
   ];
   for (const name of Object.keys(config.agents)) {
-    dirs.push(join55(home2, ".switchroom", "agents", name));
-    dirs.push(join55(home2, ".switchroom", "logs", name));
-    dirs.push(join55(home2, ".claude", "projects", name));
+    dirs.push(join56(home2, ".switchroom", "agents", name));
+    dirs.push(join56(home2, ".switchroom", "logs", name));
+    dirs.push(join56(home2, ".claude", "projects", name));
   }
   for (const dir of dirs) {
     await mkdir(dir, { recursive: true });
   }
-  const autoUnlockPath = join55(home2, ".switchroom", "vault-auto-unlock");
-  if (!existsSync62(autoUnlockPath)) {
+  const autoUnlockPath = join56(home2, ".switchroom", "vault-auto-unlock");
+  if (!existsSync64(autoUnlockPath)) {
     writeFileSync32(autoUnlockPath, "", { mode: 384 });
   }
-  const auditLogPath = join55(home2, ".switchroom", "vault-audit.log");
-  if (!existsSync62(auditLogPath)) {
+  const auditLogPath = join56(home2, ".switchroom", "vault-audit.log");
+  if (!existsSync64(auditLogPath)) {
     writeFileSync32(auditLogPath, "", { mode: 420 });
   }
-  const hostdAuditLogPath = join55(home2, ".switchroom", "host-control-audit.log");
-  if (!existsSync62(hostdAuditLogPath)) {
+  const hostdAuditLogPath = join56(home2, ".switchroom", "host-control-audit.log");
+  if (!existsSync64(hostdAuditLogPath)) {
     writeFileSync32(hostdAuditLogPath, "", { mode: 420 });
   }
 }
@@ -72816,7 +73279,7 @@ ${out.trim()}`;
 }
 function runApplyPreflight(config, opts = {}) {
   const vaultPath = resolvePath(config.vault?.path ?? "~/.switchroom/vault.enc");
-  if (hasVaultRefs(config) && !existsSync62(vaultPath)) {
+  if (hasVaultRefs(config) && !existsSync64(vaultPath)) {
     throw new Error(`Config references vault keys (vault:<name>) but ${vaultPath} is missing. ` + `Run \`switchroom setup\` first to initialise the vault.`);
   }
   const detect = opts.detectComposeV2 ?? detectComposeV2;
@@ -72827,7 +73290,7 @@ function runApplyPreflight(config, opts = {}) {
   detectAndReportLegacyGdriveSlots(vaultPath);
 }
 function detectAndReportLegacyGdriveSlots(vaultPath) {
-  if (!existsSync62(vaultPath))
+  if (!existsSync64(vaultPath))
     return;
   const passphrase = process.env.SWITCHROOM_VAULT_PASSPHRASE;
   if (!passphrase)
@@ -72868,8 +73331,8 @@ function detectAndReportLegacyGdriveSlots(vaultPath) {
 }
 function writeInstallTypeCache(homeDir = homedir29()) {
   const ctx = detectInstallType();
-  const dir = join55(homeDir, ".switchroom");
-  const out = join55(dir, "install-type.json");
+  const dir = join56(homeDir, ".switchroom");
+  const out = join56(dir, "install-type.json");
   const tmp = `${out}.tmp`;
   mkdirSync35(dir, { recursive: true });
   const payload = {
@@ -72918,14 +73381,14 @@ Applying switchroom config...
       writeOut(source_default.green(`  + ${name}`) + source_default.gray(` (${agentConfig.extends ?? "default"}) \u2014 ${detail}
 `));
       try {
-        installUpdatePromptHook(join55(agentsDir, name));
+        installUpdatePromptHook(join56(agentsDir, name));
       } catch (hookErr) {
         writeOut(source_default.gray(`    (update-prompt hook install failed for ${name}: ${hookErr.message})
 `));
       }
       try {
         const uid = allocateAgentUid(name);
-        alignAgentUid(name, join55(agentsDir, name), uid, {
+        alignAgentUid(name, join56(agentsDir, name), uid, {
           confirm: !options.nonInteractive,
           writeOut
         });
@@ -72962,7 +73425,7 @@ Applying switchroom config...
     for (const name of agentNames) {
       try {
         const uid = allocateAgentUid(name);
-        alignAgentUid(name, join55(agentsDir, name), uid, {
+        alignAgentUid(name, join56(agentsDir, name), uid, {
           confirm: !options.nonInteractive,
           writeOut
         });
@@ -73036,20 +73499,7 @@ Applying switchroom config...
     process.exit(6);
   }
   const composePath = options.outPath ?? DEFAULT_COMPOSE_PATH2;
-  const operatorUid = (() => {
-    const sudoUid = process.env.SUDO_UID;
-    if (sudoUid !== undefined) {
-      const parsed = parseInt(sudoUid, 10);
-      if (Number.isFinite(parsed) && parsed > 0)
-        return parsed;
-    }
-    if (typeof process.getuid === "function") {
-      const uid = process.getuid();
-      if (uid > 0)
-        return uid;
-    }
-    return;
-  })();
+  const operatorUid = resolveOperatorUid();
   const composeRelease = resolveRelease({
     override: options.releaseOverride,
     root: config.release
@@ -73064,7 +73514,7 @@ Applying switchroom config...
     switchroomConfigPath,
     operatorUid
   });
-  await mkdir(dirname18(composePath), { recursive: true });
+  await mkdir(dirname19(composePath), { recursive: true });
   await writeFile(composePath, composeContent, {
     encoding: "utf8",
     mode: 384
@@ -73079,6 +73529,13 @@ Wrote `) + composePath + source_default.gray(` (${composeBytes} bytes)
 `);
   writeOut(source_default.gray(`  (If pull returns 401, login to ghcr.io first: see docs/operators/install.md#ghcr-auth)
 `));
+  if (process.geteuid?.() === 0 && operatorUid !== undefined) {
+    const restored = restoreOperatorOwnership(homedir29(), operatorUid);
+    if (restored.length > 0) {
+      writeOut(source_default.gray(`  Restored operator ownership of ${restored.length} ~/.switchroom path(s)
+`));
+    }
+  }
   writeOut(source_default.bold(`
 Done. Scaffolded ${scaffolded}/${allAgentNames.length} agents.
 `));
@@ -73121,7 +73578,7 @@ function copyExampleConfig2(name) {
     throw new Error(`Invalid example name: ${name} (must match /^[a-z0-9_-]+$/)`);
   }
   const dest = resolve41(process.cwd(), "switchroom.yaml");
-  if (existsSync62(dest)) {
+  if (existsSync64(dest)) {
     console.error(source_default.yellow("switchroom.yaml already exists \u2014 skipping example copy"));
     return;
   }
@@ -73132,7 +73589,7 @@ function copyExampleConfig2(name) {
     return;
   }
   const exampleFile = resolve41(import.meta.dirname, `../../examples/${name}.yaml`);
-  if (!existsSync62(exampleFile)) {
+  if (!existsSync64(exampleFile)) {
     throw new Error(`Example config not found: ${name}.yaml (available: ${Object.keys(EMBEDDED_EXAMPLES).join(", ")})`);
   }
   copyFileSync11(exampleFile, dest);
@@ -73143,11 +73600,11 @@ function findUnwritableAgentDirs(config, opts) {
   const targets = opts.only ? [opts.only] : Object.keys(config.agents ?? {});
   const unwritable = [];
   for (const name of targets) {
-    const startSh = join55(agentsDir, name, "start.sh");
-    if (!existsSync62(startSh))
+    const startSh = join56(agentsDir, name, "start.sh");
+    if (!existsSync64(startSh))
       continue;
     try {
-      accessSync2(startSh, fsConstants5.W_OK);
+      accessSync3(startSh, fsConstants6.W_OK);
     } catch {
       unwritable.push(name);
     }
@@ -73322,8 +73779,8 @@ function runRedactStdin() {
 }
 
 // src/cli/status-ask.ts
-import { readFileSync as readFileSync54, existsSync as existsSync63, readdirSync as readdirSync23 } from "node:fs";
-import { join as join56 } from "node:path";
+import { readFileSync as readFileSync54, existsSync as existsSync65, readdirSync as readdirSync24 } from "node:fs";
+import { join as join57 } from "node:path";
 import { homedir as homedir30 } from "node:os";
 
 // src/status-ask/report.ts
@@ -73645,7 +74102,7 @@ function runReport(opts) {
 function resolveSources(explicitPath) {
   if (explicitPath != null && explicitPath.trim() !== "") {
     const trimmed = explicitPath.trim();
-    if (!existsSync63(trimmed)) {
+    if (!existsSync65(trimmed)) {
       process.stderr.write(`status-ask report: ${trimmed}: file not found
 `);
       process.exit(1);
@@ -73659,20 +74116,20 @@ function resolveSources(explicitPath) {
     const config = loadConfig();
     agentsDir = resolveAgentsDir(config);
   } catch {
-    agentsDir = join56(homedir30(), ".switchroom", "agents");
+    agentsDir = join57(homedir30(), ".switchroom", "agents");
   }
-  if (!existsSync63(agentsDir))
+  if (!existsSync65(agentsDir))
     return [];
   const sources = [];
   let entries;
   try {
-    entries = readdirSync23(agentsDir);
+    entries = readdirSync24(agentsDir);
   } catch {
     return [];
   }
   for (const name of entries) {
-    const path8 = join56(agentsDir, name, "runtime-metrics.jsonl");
-    if (existsSync63(path8)) {
+    const path8 = join57(agentsDir, name, "runtime-metrics.jsonl");
+    if (existsSync65(path8)) {
       sources.push({ path: path8, agent: name });
     }
   }
@@ -73693,17 +74150,17 @@ function inferAgentFromPath(p) {
 
 // src/cli/agent-config.ts
 init_helpers();
-import { join as join57 } from "node:path";
+import { join as join58 } from "node:path";
 import { homedir as homedir31 } from "node:os";
 import {
-  existsSync as existsSync64,
+  existsSync as existsSync66,
   mkdirSync as mkdirSync36,
   appendFileSync as appendFileSync3,
   readFileSync as readFileSync55
 } from "node:fs";
-var AUDIT_ROOT = join57(homedir31(), ".switchroom", "audit");
+var AUDIT_ROOT = join58(homedir31(), ".switchroom", "audit");
 function auditPathFor(agent) {
-  return join57(AUDIT_ROOT, agent, "agent-config.jsonl");
+  return join58(AUDIT_ROOT, agent, "agent-config.jsonl");
 }
 function appendAudit(agent, cmd, args, exit, opts = {}) {
   const row = {
@@ -73717,7 +74174,7 @@ function appendAudit(agent, cmd, args, exit, opts = {}) {
   const path8 = opts.auditPath ?? auditPathFor(agent);
   const dir = path8.slice(0, path8.lastIndexOf("/"));
   try {
-    if (!existsSync64(dir)) {
+    if (!existsSync66(dir)) {
       mkdirSync36(dir, { recursive: true });
     }
     appendFileSync3(path8, JSON.stringify(row) + `
@@ -73729,7 +74186,7 @@ function isContainerContext(env2 = process.env, opts = {}) {
     return true;
   const probe2 = opts.dockerEnvPath ?? "/.dockerenv";
   try {
-    if (existsSync64(probe2))
+    if (existsSync66(probe2))
       return true;
   } catch {}
   return false;
@@ -73790,7 +74247,7 @@ function getAgentSlice(config, agent) {
 }
 function readAuditTail(agent, limit, opts = {}) {
   const path8 = opts.auditPath ?? auditPathFor(agent);
-  if (!existsSync64(path8))
+  if (!existsSync66(path8))
     return [];
   let raw;
   try {
@@ -73950,32 +74407,32 @@ var import_yaml14 = __toESM(require_dist(), 1);
 init_paths();
 import {
   closeSync as closeSync12,
-  existsSync as existsSync65,
+  existsSync as existsSync67,
   fsyncSync as fsyncSync5,
   mkdirSync as mkdirSync37,
   openSync as openSync12,
-  readdirSync as readdirSync24,
+  readdirSync as readdirSync25,
   readFileSync as readFileSync56,
   renameSync as renameSync13,
-  statSync as statSync24,
+  statSync as statSync26,
   unlinkSync as unlinkSync13,
   writeSync as writeSync7
 } from "node:fs";
-import { join as join58, resolve as resolve42 } from "node:path";
+import { join as join59, resolve as resolve42 } from "node:path";
 var STAGING_SUBDIR = ".staging";
 function overlayPathsFor(agent, opts = {}) {
   const base = opts.root ? resolve42(opts.root, agent) : resolve42(resolveDualPath(`~/.switchroom/agents/${agent}`));
-  const scheduleDir = join58(base, "schedule.d");
-  const scheduleStagingDir = join58(scheduleDir, STAGING_SUBDIR);
-  const skillsDir = join58(base, "skills.d");
-  const skillsStagingDir = join58(skillsDir, STAGING_SUBDIR);
+  const scheduleDir = join59(base, "schedule.d");
+  const scheduleStagingDir = join59(scheduleDir, STAGING_SUBDIR);
+  const skillsDir = join59(base, "skills.d");
+  const skillsStagingDir = join59(skillsDir, STAGING_SUBDIR);
   return {
     agentRoot: base,
     scheduleDir,
     scheduleStagingDir,
     skillsDir,
     skillsStagingDir,
-    lockPath: join58(base, ".lock"),
+    lockPath: join59(base, ".lock"),
     stagingDir: scheduleStagingDir
   };
 }
@@ -74001,7 +74458,7 @@ function withAgentLock(paths, fn) {
       if (e.code !== "EEXIST")
         throw err;
       try {
-        const age = Date.now() - statSync24(paths.lockPath).mtimeMs;
+        const age = Date.now() - statSync26(paths.lockPath).mtimeMs;
         if (age > 30000) {
           unlinkSync13(paths.lockPath);
           continue;
@@ -74029,8 +74486,8 @@ function writeOverlayEntry(agent, slug, yamlText, opts = {}) {
   const paths = overlayPathsFor(agent, opts);
   return withAgentLock(paths, () => {
     ensureDirs(paths);
-    const stagingPath = join58(paths.scheduleStagingDir, `${slug}.yaml`);
-    const finalPath = join58(paths.scheduleDir, `${slug}.yaml`);
+    const stagingPath = join59(paths.scheduleStagingDir, `${slug}.yaml`);
+    const finalPath = join59(paths.scheduleDir, `${slug}.yaml`);
     const fd = openSync12(stagingPath, "w", 384);
     try {
       writeSync7(fd, yamlText);
@@ -74046,8 +74503,8 @@ function writeSkillsOverlayEntry(agent, slug, yamlText, opts = {}) {
   const paths = overlayPathsFor(agent, opts);
   return withAgentLock(paths, () => {
     ensureSkillsDirs(paths);
-    const stagingPath = join58(paths.skillsStagingDir, `${slug}.yaml`);
-    const finalPath = join58(paths.skillsDir, `${slug}.yaml`);
+    const stagingPath = join59(paths.skillsStagingDir, `${slug}.yaml`);
+    const finalPath = join59(paths.skillsDir, `${slug}.yaml`);
     const fd = openSync12(stagingPath, "w", 384);
     try {
       writeSync7(fd, yamlText);
@@ -74062,8 +74519,8 @@ function writeSkillsOverlayEntry(agent, slug, yamlText, opts = {}) {
 function deleteSkillsOverlayEntry(agent, slug, opts = {}) {
   const paths = overlayPathsFor(agent, opts);
   return withAgentLock(paths, () => {
-    const finalPath = join58(paths.skillsDir, `${slug}.yaml`);
-    if (!existsSync65(finalPath))
+    const finalPath = join59(paths.skillsDir, `${slug}.yaml`);
+    if (!existsSync67(finalPath))
       return false;
     unlinkSync13(finalPath);
     return true;
@@ -74071,13 +74528,13 @@ function deleteSkillsOverlayEntry(agent, slug, opts = {}) {
 }
 function listSkillsOverlayEntries(agent, opts = {}) {
   const paths = overlayPathsFor(agent, opts);
-  if (!existsSync65(paths.skillsDir))
+  if (!existsSync67(paths.skillsDir))
     return [];
   const out = [];
-  for (const name of readdirSync24(paths.skillsDir)) {
+  for (const name of readdirSync25(paths.skillsDir)) {
     if (!/\.ya?ml$/i.test(name))
       continue;
-    const full = join58(paths.skillsDir, name);
+    const full = join59(paths.skillsDir, name);
     try {
       const raw = readFileSync56(full, "utf-8");
       const slug = name.replace(/\.ya?ml$/i, "");
@@ -74089,8 +74546,8 @@ function listSkillsOverlayEntries(agent, opts = {}) {
 function deleteOverlayEntry(agent, slug, opts = {}) {
   const paths = overlayPathsFor(agent, opts);
   return withAgentLock(paths, () => {
-    const finalPath = join58(paths.scheduleDir, `${slug}.yaml`);
-    if (!existsSync65(finalPath))
+    const finalPath = join59(paths.scheduleDir, `${slug}.yaml`);
+    if (!existsSync67(finalPath))
       return false;
     unlinkSync13(finalPath);
     return true;
@@ -74098,13 +74555,13 @@ function deleteOverlayEntry(agent, slug, opts = {}) {
 }
 function listOverlayEntries(agent, opts = {}) {
   const paths = overlayPathsFor(agent, opts);
-  if (!existsSync65(paths.scheduleDir))
+  if (!existsSync67(paths.scheduleDir))
     return [];
   const out = [];
-  for (const name of readdirSync24(paths.scheduleDir)) {
+  for (const name of readdirSync25(paths.scheduleDir)) {
     if (!/\.ya?ml$/i.test(name))
       continue;
-    const full = join58(paths.scheduleDir, name);
+    const full = join59(paths.scheduleDir, name);
     try {
       const raw = readFileSync56(full, "utf-8");
       const slug = name.replace(/\.ya?ml$/i, "");
@@ -74249,23 +74706,23 @@ function reconcileAgentCronOnly(agent) {
 // src/cli/agent-config-pending.ts
 import {
   closeSync as closeSync13,
-  existsSync as existsSync66,
+  existsSync as existsSync68,
   fsyncSync as fsyncSync6,
   mkdirSync as mkdirSync38,
   openSync as openSync13,
-  readdirSync as readdirSync25,
+  readdirSync as readdirSync26,
   readFileSync as readFileSync57,
   renameSync as renameSync14,
   unlinkSync as unlinkSync14,
   writeFileSync as writeFileSync33,
   writeSync as writeSync8
 } from "node:fs";
-import { join as join59 } from "node:path";
+import { join as join60 } from "node:path";
 import { randomBytes as randomBytes12 } from "node:crypto";
 var STAGE_ID_PREFIX = "cap_";
 function pendingDir(agent, opts = {}) {
   const paths = overlayPathsFor(agent, opts);
-  return join59(paths.scheduleDir, ".pending");
+  return join60(paths.scheduleDir, ".pending");
 }
 function ensurePendingDir(agent, opts = {}) {
   const dir = pendingDir(agent, opts);
@@ -74278,8 +74735,8 @@ function newStageId() {
 function stagePendingScheduleEntry(opts) {
   const dir = ensurePendingDir(opts.agent, { root: opts.root });
   const stageId = opts.stageId ?? newStageId();
-  const yamlPath = join59(dir, `${stageId}.yaml`);
-  const metaPath = join59(dir, `${stageId}.meta.json`);
+  const yamlPath = join60(dir, `${stageId}.yaml`);
+  const metaPath = join60(dir, `${stageId}.meta.json`);
   const meta = {
     v: 1,
     stage_id: stageId,
@@ -74306,16 +74763,16 @@ function stagePendingScheduleEntry(opts) {
 }
 function listPendingScheduleEntries(agent, opts = {}) {
   const dir = pendingDir(agent, opts);
-  if (!existsSync66(dir))
+  if (!existsSync68(dir))
     return [];
   const out = [];
-  for (const name of readdirSync25(dir).sort()) {
+  for (const name of readdirSync26(dir).sort()) {
     if (!name.endsWith(".meta.json"))
       continue;
     const stageId = name.slice(0, -".meta.json".length);
-    const metaPath = join59(dir, name);
-    const yamlPath = join59(dir, `${stageId}.yaml`);
-    if (!existsSync66(yamlPath))
+    const metaPath = join60(dir, name);
+    const yamlPath = join60(dir, `${stageId}.yaml`);
+    if (!existsSync68(yamlPath))
       continue;
     try {
       const meta = JSON.parse(readFileSync57(metaPath, "utf-8"));
@@ -74333,8 +74790,8 @@ function commitPendingScheduleEntry(opts) {
     return { committed: false, reason: "not_found" };
   const slug = match.meta.entry.name ?? match.stageId;
   const paths = overlayPathsFor(opts.agent, { root: opts.root });
-  const finalPath = join59(paths.scheduleDir, `${slug}.yaml`);
-  if (existsSync66(finalPath)) {
+  const finalPath = join60(paths.scheduleDir, `${slug}.yaml`);
+  if (existsSync68(finalPath)) {
     return { committed: false, reason: "slug_collision" };
   }
   renameSync14(match.yamlPath, finalPath);
@@ -74356,7 +74813,7 @@ function denyPendingScheduleEntry(opts) {
 }
 
 // src/cli/agent-config-write.ts
-import { existsSync as existsSync67, readFileSync as readFileSync58 } from "node:fs";
+import { existsSync as existsSync69, readFileSync as readFileSync58 } from "node:fs";
 var MAX_ENTRIES_PER_AGENT = 20;
 function checkOperatorContext(verb, env2 = process.env) {
   if (env2.SWITCHROOM_OPERATOR === "1")
@@ -74590,7 +75047,7 @@ function scheduleRemove(opts) {
   }
   let priorContent = null;
   try {
-    if (existsSync67(match.path))
+    if (existsSync69(match.path))
       priorContent = readFileSync58(match.path, "utf-8");
   } catch {}
   deleteOverlayEntry(agent, match.slug, { root: opts.root });
@@ -74783,10 +75240,10 @@ function registerAgentConfigWriteCommands(program3) {
 
 // src/cli/agent-config-skill-write.ts
 var import_yaml15 = __toESM(require_dist(), 1);
-import { existsSync as existsSync68 } from "node:fs";
+import { existsSync as existsSync70 } from "node:fs";
 init_reconcile_default_skills();
 var import_yaml16 = __toESM(require_dist(), 1);
-import { join as join60 } from "node:path";
+import { join as join61 } from "node:path";
 var MAX_SKILLS_PER_AGENT = 20;
 var V1_ALLOWED_SOURCE_PREFIX = "bundled:";
 function exitCodeFor2(code) {
@@ -74861,8 +75318,8 @@ function skillInstall(opts) {
     return err("E_SKILL_QUOTA_EXCEEDED", `agent ${agent} already has ${used} overlay-installed skills (cap ${MAX_SKILLS_PER_AGENT})`);
   }
   const poolDir = opts.bundledSkillsPoolDir ?? getBundledSkillsPoolDir();
-  const skillPath = join60(poolDir, skillName);
-  if (!existsSync68(skillPath)) {
+  const skillPath = join61(poolDir, skillName);
+  if (!existsSync70(skillPath)) {
     return err("E_SKILL_NOT_FOUND", `bundled skill not found at ${skillPath}. The operator needs to ` + `place the skill at this path before the agent can opt in.`);
   }
   const yamlText = import_yaml15.stringify({ skills: [skillName] });
@@ -75046,27 +75503,27 @@ init_source();
 init_helpers();
 init_loader();
 import {
-  existsSync as existsSync70,
-  readdirSync as readdirSync26,
+  existsSync as existsSync72,
+  readdirSync as readdirSync27,
   readFileSync as readFileSync60,
   renameSync as renameSync15,
-  statSync as statSync25,
+  statSync as statSync27,
   unlinkSync as unlinkSync15
 } from "node:fs";
 import { createHash as createHash12 } from "node:crypto";
-import { join as join61 } from "node:path";
+import { join as join62 } from "node:path";
 function planCronUnitRenames(agentsDir, agents) {
   const plans = [];
   for (const [agentName, agentConfig] of Object.entries(agents)) {
     const schedule = agentConfig.schedule ?? [];
     if (schedule.length === 0)
       continue;
-    const telegramDir = join61(agentsDir, agentName, "telegram");
-    if (!existsSync70(telegramDir))
+    const telegramDir = join62(agentsDir, agentName, "telegram");
+    if (!existsSync72(telegramDir))
       continue;
     let entries;
     try {
-      entries = readdirSync26(telegramDir);
+      entries = readdirSync27(telegramDir);
     } catch {
       continue;
     }
@@ -75083,8 +75540,8 @@ function planCronUnitRenames(agentsDir, agents) {
         continue;
       plans.push({
         agent: agentName,
-        from: join61(telegramDir, file),
-        to: join61(telegramDir, canonical),
+        from: join62(telegramDir, file),
+        to: join62(telegramDir, canonical),
         scheduleIdx: idx,
         entry
       });
@@ -75096,7 +75553,7 @@ function sha256File2(path8) {
   return createHash12("sha256").update(readFileSync60(path8)).digest("hex");
 }
 function renamePair(from, to, opts = {}) {
-  if (existsSync70(to)) {
+  if (existsSync72(to)) {
     let identical = false;
     try {
       identical = sha256File2(from) === sha256File2(to);
@@ -75189,7 +75646,7 @@ function registerMigrateCommand(program3) {
         const fromSidecar = p.from.replace(/\.sh$/, ".source");
         const toSidecar = p.to.replace(/\.sh$/, ".source");
         let sidecarStatus = null;
-        if (existsSync70(fromSidecar) && statSync25(fromSidecar).isFile()) {
+        if (existsSync72(fromSidecar) && statSync27(fromSidecar).isFile()) {
           sidecarStatus = renamePair(fromSidecar, toSidecar);
         }
         switch (status.kind) {
@@ -75222,10 +75679,10 @@ function registerMigrateCommand(program3) {
 init_source();
 init_helpers();
 init_audit_reader();
-import { existsSync as existsSync71, mkdirSync as mkdirSync39, readdirSync as readdirSync27, readFileSync as readFileSync61, writeFileSync as writeFileSync34, statSync as statSync26, copyFileSync as copyFileSync12 } from "node:fs";
+import { existsSync as existsSync73, mkdirSync as mkdirSync39, readdirSync as readdirSync28, readFileSync as readFileSync61, writeFileSync as writeFileSync34, statSync as statSync28, copyFileSync as copyFileSync12 } from "node:fs";
 import { homedir as homedir32 } from "node:os";
-import { join as join62 } from "node:path";
-import { spawnSync as spawnSync10 } from "node:child_process";
+import { join as join63 } from "node:path";
+import { spawnSync as spawnSync11 } from "node:child_process";
 var DEFAULT_IMAGE_TAG = "latest";
 var HOSTD_COMPOSE_PROJECT = "switchroom-hostd";
 function renderHostdComposeFile(opts) {
@@ -75308,14 +75765,14 @@ networks:
 `;
 }
 function hostdDir() {
-  return join62(homedir32(), ".switchroom", "hostd");
+  return join63(homedir32(), ".switchroom", "hostd");
 }
 function hostdComposePath() {
-  return join62(hostdDir(), "docker-compose.yml");
+  return join63(hostdDir(), "docker-compose.yml");
 }
 function backupExistingCompose() {
   const p = hostdComposePath();
-  if (!existsSync71(p))
+  if (!existsSync73(p))
     return null;
   const ts = new Date().toISOString().replace(/[:.]/g, "-");
   const bak = `${p}.bak-${ts}`;
@@ -75323,7 +75780,7 @@ function backupExistingCompose() {
   return bak;
 }
 function runDocker(args) {
-  const r = spawnSync10("docker", args, { encoding: "utf8" });
+  const r = spawnSync11("docker", args, { encoding: "utf8" });
   return {
     ok: r.status === 0,
     stdout: r.stdout ?? "",
@@ -75391,7 +75848,7 @@ function doStatus() {
   const composeYml = hostdComposePath();
   console.log(source_default.bold("switchroom-hostd"));
   console.log("");
-  if (!existsSync71(composeYml)) {
+  if (!existsSync73(composeYml)) {
     console.log(source_default.yellow("  compose:    not installed"));
     console.log(source_default.dim("              run `switchroom hostd install` to set up."));
     return;
@@ -75412,15 +75869,15 @@ function doStatus() {
   } else {
     console.log(source_default.green(`  container:  ${ps.stdout.trim()}`));
   }
-  if (existsSync71(dir)) {
+  if (existsSync73(dir)) {
     const entries = [];
     try {
-      for (const name of readdirSync27(dir)) {
+      for (const name of readdirSync28(dir)) {
         if (name === "docker-compose.yml" || name.startsWith("docker-compose.yml."))
           continue;
-        const sockPath = join62(dir, name, "sock");
-        if (existsSync71(sockPath)) {
-          const st = statSync26(sockPath);
+        const sockPath = join63(dir, name, "sock");
+        if (existsSync73(sockPath)) {
+          const st = statSync28(sockPath);
           if ((st.mode & 61440) === 49152) {
             entries.push(`${name} \u2192 ${sockPath}`);
           }
@@ -75438,7 +75895,7 @@ function doStatus() {
 }
 function doUninstall() {
   const composeYml = hostdComposePath();
-  if (!existsSync71(composeYml)) {
+  if (!existsSync73(composeYml)) {
     console.log(source_default.yellow("  No hostd install detected (no compose file at this path)."));
     return;
   }
@@ -75462,7 +75919,7 @@ function registerHostdCommand(program3) {
   hostd.command("uninstall").description("Stop the hostd container. Leaves the compose file in place for re-install.").action(() => doUninstall());
   hostd.command("audit").description("Tail and filter the hostd audit log (privileged-verb call history)").option("--tail <n>", "Number of matching entries to show (default: 50)", "50").option("--agent <name>", "Filter to a specific caller agent").option("--op <verb>", "Filter to a specific hostd verb (e.g. update_apply, agent_restart)").option("--error", "Show only failed (error/denied) entries").option("--verbose", "Show the captured stderr / error tail under each failed row").option("--path <file>", "Override audit log path (for debugging)").action((opts) => {
     const logPath = opts.path ?? defaultAuditLogPath2();
-    if (!existsSync71(logPath)) {
+    if (!existsSync73(logPath)) {
       console.error(source_default.yellow(`Audit log not found at ${logPath}.`) + source_default.gray(`
 The log is created when hostd handles its first privileged-verb request.`));
       return;