switchroom 0.12.13 → 0.12.15

package/dist/cli/switchroom.js

@@ -20645,18 +20645,6 @@ function getGdriveMcpSettingsEntry(switchroomCliPath, options = {}) {
     }
   };
 }
-function shouldEmitGdriveMcp(agentName, agentGoogleAccount, googleAccounts) {
-  if (!agentGoogleAccount)
-    return false;
-  const account = agentGoogleAccount.trim().toLowerCase();
-  if (account.length === 0)
-    return false;
-  const acctEntry = googleAccounts?.[account];
-  if (!acctEntry)
-    return false;
-  const enabledFor = acctEntry.enabled_for ?? [];
-  return enabledFor.includes(agentName);
-}
 function getBuiltinDefaultMcpEntries() {
   const playwright = getPlaywrightMcpSettingsEntry();
   return [
@@ -20689,6 +20677,48 @@ var init_scaffold_integration = __esm(() => {
   init_hindsight();
 });
 
+// src/config/google-workspace-acl.ts
+function shouldEmitGdriveMcp(agentName, agentGoogleAccount, googleAccounts) {
+  if (!agentGoogleAccount)
+    return false;
+  const account = agentGoogleAccount.trim().toLowerCase();
+  if (account.length === 0)
+    return false;
+  const acctEntry = googleAccounts?.[account];
+  if (!acctEntry)
+    return false;
+  const enabledFor = acctEntry.enabled_for ?? [];
+  return enabledFor.includes(agentName);
+}
+function vaultRefKey(value) {
+  if (typeof value !== "string" || !value.startsWith("vault:"))
+    return null;
+  const key = value.slice("vault:".length).split("#")[0];
+  return key.length > 0 ? key : null;
+}
+function isGoogleClientCredentialKeyForAgent(config, agentName, key) {
+  if (!agentName || !key)
+    return false;
+  const agentConfig = config.agents?.[agentName];
+  if (!agentConfig)
+    return false;
+  if (agentConfig.mcp_servers?.["gdrive"] === false) {
+    return false;
+  }
+  const account = agentConfig.google_workspace?.account;
+  if (!shouldEmitGdriveMcp(agentName, account, config.google_accounts)) {
+    return false;
+  }
+  const gw = config.google_workspace;
+  if (!gw)
+    return false;
+  for (const ref of [gw.google_client_id, gw.google_client_secret]) {
+    if (vaultRefKey(ref) === key)
+      return true;
+  }
+  return false;
+}
+
 // src/agents/reconcile-default-skills.ts
 import { existsSync as existsSync5, lstatSync, mkdirSync as mkdirSync2, readdirSync as readdirSync3, readlinkSync as readlinkSync2, rmSync, symlinkSync } from "node:fs";
 import { homedir as homedir2 } from "node:os";
@@ -21379,7 +21409,7 @@ function stripWireFields(entry) {
     files: entry.files
   };
 }
-var MAX_FRAME_BYTES, GetRequestSchema, PutRequestSchema, ListRequestSchema, MintGrantRequestSchema, ListGrantsRequestSchema, RevokeGrantRequestSchema, StatusRequestSchema, LockRequestSchema, ApprovalRequestRequestSchema, ApprovalLookupRequestSchema, ApprovalConsumeRequestSchema, ApprovalRevokeRequestSchema, ApprovalListRequestSchema, ApprovalDecisionModeSchema, ApprovalRecordRequestSchema, RequestSchema, VaultEntrySchema, ErrorCode, OkEntryResponseSchema, OkKeysResponseSchema, BrokerStatus, OkStatusResponseSchema, OkLockResponseSchema, OkPutResponseSchema, OkMintGrantResponseSchema, GrantMetaSchema, OkListGrantsResponseSchema, OkRevokeGrantResponseSchema, OkApprovalRequestResponseSchema, ApprovalDecisionMetaSchema, OkApprovalLookupResponseSchema, OkApprovalConsumeResponseSchema, OkApprovalRevokeResponseSchema, OkApprovalListResponseSchema, OkApprovalRecordResponseSchema, ErrorResponseSchema, ResponseSchema;
+var MAX_FRAME_BYTES, GetRequestSchema, PutRequestSchema, ListRequestSchema, MintGrantRequestSchema, ListGrantsRequestSchema, RevokeGrantRequestSchema, StatusRequestSchema, LockRequestSchema, PreflightAccessRequestSchema, OkPreflightAccessResponseSchema, ApprovalRequestRequestSchema, ApprovalLookupRequestSchema, ApprovalConsumeRequestSchema, ApprovalRevokeRequestSchema, ApprovalListRequestSchema, ApprovalDecisionModeSchema, ApprovalRecordRequestSchema, ApprovalConsumeRecordRequestSchema, RequestSchema, VaultEntrySchema, ErrorCode, OkEntryResponseSchema, OkKeysResponseSchema, BrokerStatus, OkStatusResponseSchema, OkLockResponseSchema, OkPutResponseSchema, OkMintGrantResponseSchema, GrantMetaSchema, OkListGrantsResponseSchema, OkRevokeGrantResponseSchema, OkApprovalRequestResponseSchema, ApprovalDecisionMetaSchema, OkApprovalLookupResponseSchema, OkApprovalConsumeResponseSchema, OkApprovalRevokeResponseSchema, OkApprovalListResponseSchema, OkApprovalRecordResponseSchema, OkApprovalConsumeRecordResponseSchema, ErrorResponseSchema, ResponseSchema;
 var init_protocol = __esm(() => {
   init_zod();
   MAX_FRAME_BYTES = 64 * 1024;
@@ -21438,6 +21468,24 @@ var init_protocol = __esm(() => {
     v: exports_external.literal(1),
     op: exports_external.literal("lock")
   });
+  PreflightAccessRequestSchema = exports_external.object({
+    v: exports_external.literal(1),
+    op: exports_external.literal("preflight_access"),
+    agent: exports_external.string().min(1),
+    keys: exports_external.array(exports_external.string().min(1)).min(1).max(128)
+  });
+  OkPreflightAccessResponseSchema = exports_external.object({
+    ok: exports_external.literal(true),
+    op: exports_external.literal("preflight_access"),
+    results: exports_external.array(exports_external.object({
+      key: exports_external.string(),
+      exists: exports_external.boolean(),
+      acl_ok: exports_external.boolean(),
+      acl_reason: exports_external.string().optional(),
+      scope_ok: exports_external.boolean(),
+      scope_reason: exports_external.string().optional()
+    }))
+  });
   ApprovalRequestRequestSchema = exports_external.object({
     v: exports_external.literal(1),
     op: exports_external.literal("approval_request"),
@@ -21489,12 +21537,22 @@ var init_protocol = __esm(() => {
     granted_by_user_id: exports_external.number().int(),
     ttl_ms: exports_external.number().int().positive().nullable().optional()
   });
+  ApprovalConsumeRecordRequestSchema = exports_external.object({
+    v: exports_external.literal(1),
+    op: exports_external.literal("approval_consume_record"),
+    request_id: exports_external.string().regex(/^[0-9a-f]{32}$/),
+    decision: ApprovalDecisionModeSchema,
+    approver_set: exports_external.array(exports_external.string()),
+    granted_by_user_id: exports_external.number().int(),
+    ttl_ms: exports_external.number().int().positive().nullable().optional()
+  });
   RequestSchema = exports_external.discriminatedUnion("op", [
     GetRequestSchema,
     PutRequestSchema,
     ListRequestSchema,
     StatusRequestSchema,
     LockRequestSchema,
+    PreflightAccessRequestSchema,
     MintGrantRequestSchema,
     ListGrantsRequestSchema,
     RevokeGrantRequestSchema,
@@ -21503,7 +21561,8 @@ var init_protocol = __esm(() => {
     ApprovalConsumeRequestSchema,
     ApprovalRevokeRequestSchema,
     ApprovalListRequestSchema,
-    ApprovalRecordRequestSchema
+    ApprovalRecordRequestSchema,
+    ApprovalConsumeRecordRequestSchema
   ]);
   VaultEntrySchema = exports_external.union([
     exports_external.object({ kind: exports_external.literal("string"), value: exports_external.string() }),
@@ -21625,6 +21684,15 @@ var init_protocol = __esm(() => {
     ok: exports_external.literal(true),
     decision_id: exports_external.string()
   });
+  OkApprovalConsumeRecordResponseSchema = exports_external.object({
+    ok: exports_external.literal(true),
+    consumed: exports_external.boolean(),
+    decision_id: exports_external.string().optional(),
+    agent_unit: exports_external.string().optional(),
+    scope: exports_external.string().optional(),
+    action: exports_external.string().optional(),
+    why: exports_external.string().nullable().optional()
+  });
   ErrorResponseSchema = exports_external.object({
     ok: exports_external.literal(false),
     code: ErrorCode,
@@ -21635,6 +21703,7 @@ var init_protocol = __esm(() => {
     OkKeysResponseSchema,
     OkStatusResponseSchema,
     OkLockResponseSchema,
+    OkPreflightAccessResponseSchema,
     OkPutResponseSchema,
     OkMintGrantResponseSchema,
     OkListGrantsResponseSchema,
@@ -21645,6 +21714,7 @@ var init_protocol = __esm(() => {
     OkApprovalRevokeResponseSchema,
     OkApprovalListResponseSchema,
     OkApprovalRecordResponseSchema,
+    OkApprovalConsumeRecordResponseSchema,
     ErrorResponseSchema
   ]);
 });
@@ -27169,6 +27239,9 @@ function checkAclByAgent(config, agentName, key) {
   if (googleSlot !== null) {
     return checkGoogleAccountAcl(config, agentName, googleSlot.account, key);
   }
+  if (isGoogleClientCredentialKeyForAgent(config, agentName, key)) {
+    return { allow: true };
+  }
   const agentBot = agentConfig.bot_token;
   const botRef = agentBot && agentBot.length > 0 ? agentBot : config.telegram?.bot_token;
   if (typeof botRef === "string" && botRef.startsWith("vault:")) {
@@ -27226,6 +27299,7 @@ function checkGoogleAccountAcl(config, agentName, account, key) {
   }
   return { allow: true };
 }
+var init_acl = () => {};
 
 // src/util/audit-hashchain.ts
 import { createHash as createHash6 } from "node:crypto";
@@ -28228,12 +28302,240 @@ function runHostdChecks(config, deps = {}) {
 var HOSTD_CONTAINER = "switchroom-hostd", HOSTD_DRIFT_HOURS = 2;
 var init_doctor_hostd = () => {};
 
+// src/cli/doctor-secret-access.ts
+import {
+  accessSync,
+  constants as fsConstants4,
+  existsSync as existsSync46,
+  realpathSync as realpathSync4,
+  statSync as statSync20
+} from "node:fs";
+import { userInfo, homedir as homedir20 } from "node:os";
+import { join as join38 } from "node:path";
+function resolveVaultPath2(config) {
+  return config.vault?.path ? config.vault.path.replace(/^~/, process.env.HOME ?? "") : resolveStatePath("vault.enc");
+}
+function defaultStatVault(path4) {
+  if (!existsSync46(path4)) {
+    return { exists: false, readable: false, uid: -1, mode: 0, realPath: path4 };
+  }
+  let real = path4;
+  try {
+    real = realpathSync4(path4);
+  } catch {}
+  let uid = -1;
+  let mode = 0;
+  try {
+    const s = statSync20(real);
+    uid = s.uid;
+    mode = s.mode & 511;
+  } catch {
+    return { exists: true, readable: false, uid, mode, realPath: real };
+  }
+  let readable = false;
+  try {
+    accessSync(real, fsConstants4.R_OK);
+    readable = true;
+  } catch {
+    readable = false;
+  }
+  return { exists: true, readable, uid, mode, realPath: real };
+}
+function collectVaultRefs2(value, out) {
+  if (typeof value === "string") {
+    if (value.startsWith("vault:")) {
+      const key = value.slice("vault:".length).split("#")[0].trim();
+      if (key)
+        out.add(key);
+    }
+    return;
+  }
+  if (Array.isArray(value)) {
+    for (const v of value)
+      collectVaultRefs2(v, out);
+    return;
+  }
+  if (value && typeof value === "object") {
+    for (const v of Object.values(value)) {
+      collectVaultRefs2(v, out);
+    }
+  }
+}
+function collectNeeds(resolved) {
+  const cronKeys = new Set;
+  for (const entry of resolved.schedule ?? []) {
+    for (const s of entry.secrets ?? [])
+      cronKeys.add(s);
+  }
+  const refKeys = new Set;
+  collectVaultRefs2(resolved, refKeys);
+  return { needed: new Set([...cronKeys, ...refKeys]), cronKeys };
+}
+function keyGap(key, isCron, exists, acl, scope) {
+  const isGoogleSlot = key.startsWith("google:");
+  if (!isGoogleSlot && !exists)
+    return `'${key}' missing from the vault`;
+  if (isCron && !acl.allow) {
+    return `'${key}' (cron) \u2014 no static ACL grants read (${acl.reason})`;
+  }
+  if (!scope.allow) {
+    return `'${key}' \u2014 per-key scope denies read (${scope.reason})`;
+  }
+  return null;
+}
+async function defaultPreflight(socketPath, agent, keys) {
+  const r = await rpcRaw({ v: 1, op: "preflight_access", agent, keys }, { socket: socketPath, timeoutMs: 5000 });
+  if (r.kind === "unreachable")
+    return { kind: "unreachable", msg: r.msg };
+  const resp = r.resp;
+  if (resp.ok === true && resp.op === "preflight_access") {
+    return {
+      kind: "ok",
+      results: resp.results
+    };
+  }
+  if (resp.ok === false && resp.code === "LOCKED")
+    return { kind: "locked" };
+  return {
+    kind: "unreachable",
+    msg: resp.ok === false ? `broker error ${resp.code}: ${resp.msg}` : "unexpected broker response"
+  };
+}
+async function runSecretAccessChecks(config, deps = {}) {
+  const results = [];
+  const vaultPath = deps.vaultPath ?? resolveVaultPath2(config);
+  const statVault = deps.statVault ?? defaultStatVault;
+  const selfUid = deps.selfUid ?? (typeof process.getuid === "function" ? process.getuid() : -1);
+  let selfUser = deps.selfUser;
+  if (selfUser === undefined) {
+    try {
+      selfUser = userInfo().username;
+    } catch {
+      selfUser = "<you>";
+    }
+  }
+  const vf = statVault(vaultPath);
+  if (!vf.exists) {
+    results.push({
+      name: "vault: operator readable",
+      status: "ok",
+      detail: `vault file not present at ${vaultPath} \u2014 see the Vault section`
+    });
+  } else if (!vf.readable) {
+    results.push({
+      name: "vault: operator readable",
+      status: "fail",
+      detail: `${vf.realPath} is owned by uid ${vf.uid} (mode 0${vf.mode.toString(8)}) \u2014 ` + `the operator (uid ${selfUid} ${selfUser}) cannot read it, so every ` + `\`switchroom vault \u2026\` fails. The broker still works (CAP_DAC_READ_SEARCH), ` + `which masks this until you touch the vault directly.`,
+      fix: `sudo chown ${selfUser}:${selfUser} ${vf.realPath}`
+    });
+  } else {
+    results.push({
+      name: "vault: operator readable",
+      status: "ok",
+      detail: `operator can read ${vf.realPath}`
+    });
+  }
+  const pushAgentResult = (name, total, gaps) => {
+    results.push(gaps.length === 0 ? {
+      name: `secret access: ${name}`,
+      status: "ok",
+      detail: `${total} secret(s): all present + ACL ok`
+    } : {
+      name: `secret access: ${name}`,
+      status: "fail",
+      detail: `${gaps.length}/${total} unreachable \u2014 ${gaps.join("; ")}`,
+      fix: "`switchroom vault set <key>` for missing keys; " + "`switchroom vault set <key> --allow " + name + "` to grant this agent read access"
+    });
+  };
+  const passphrase = deps.passphrase ?? process.env.SWITCHROOM_VAULT_PASSPHRASE;
+  if (!passphrase) {
+    const sock = deps.brokerOperatorSocket ?? join38(homedir20(), ".switchroom", "broker-operator", "sock");
+    const preflight = deps.preflight ?? ((a, k) => defaultPreflight(sock, a, k));
+    for (const name of Object.keys(config.agents ?? {})) {
+      const resolved = resolveAgentConfig(config.defaults, config.profiles, config.agents[name]);
+      const { needed, cronKeys } = collectNeeds(resolved);
+      if (needed.size === 0) {
+        results.push({
+          name: `secret access: ${name}`,
+          status: "ok",
+          detail: "no declared vault secrets"
+        });
+        continue;
+      }
+      const out = await preflight(name, [...needed].sort());
+      if (out.kind === "unreachable" || out.kind === "locked") {
+        results.push({
+          name: "agent secret access",
+          status: "skip",
+          detail: out.kind === "locked" ? "vault-broker is locked \u2014 cron-secret existence/ACL unverified (re-run after it unlocks; it auto-unlocks on boot)" : `vault-broker operator socket unreachable (${out.msg}) and SWITCHROOM_VAULT_PASSPHRASE unset \u2014 cron-secret existence/ACL unverified`,
+          fix: "Ensure the broker operator socket (~/.switchroom/broker-operator/sock) is bound, or export SWITCHROOM_VAULT_PASSPHRASE and re-run `switchroom doctor`"
+        });
+        return results;
+      }
+      const byKey = new Map(out.results.map((r) => [r.key, r]));
+      const gaps = [];
+      for (const key of [...needed].sort()) {
+        const r = byKey.get(key);
+        if (r === undefined) {
+          gaps.push(`'${key}' \u2014 broker returned no result`);
+          continue;
+        }
+        const g = keyGap(key, cronKeys.has(key), r.exists, { allow: r.acl_ok, reason: r.acl_reason }, { allow: r.scope_ok, reason: r.scope_reason });
+        if (g)
+          gaps.push(g);
+      }
+      pushAgentResult(name, needed.size, gaps);
+    }
+    return results;
+  }
+  let entries;
+  try {
+    entries = (deps.openVault ?? openVault)(passphrase, vaultPath);
+  } catch (err) {
+    results.push({
+      name: "agent secret access",
+      status: vf.readable ? "fail" : "warn",
+      detail: `cannot open the vault: ${err.message}`,
+      fix: vf.readable ? "SWITCHROOM_VAULT_PASSPHRASE may be wrong, or the vault is corrupt" : "fix the vault file ownership above first (operator cannot read it)"
+    });
+    return results;
+  }
+  for (const name of Object.keys(config.agents ?? {})) {
+    const resolved = resolveAgentConfig(config.defaults, config.profiles, config.agents[name]);
+    const { needed, cronKeys } = collectNeeds(resolved);
+    if (needed.size === 0) {
+      results.push({
+        name: `secret access: ${name}`,
+        status: "ok",
+        detail: "no declared vault secrets"
+      });
+      continue;
+    }
+    const gaps = [];
+    for (const key of [...needed].sort()) {
+      const g = keyGap(key, cronKeys.has(key), key in entries, checkAclByAgent(config, name, key), checkEntryScope(entries[key]?.scope, name));
+      if (g)
+        gaps.push(g);
+    }
+    pushAgentResult(name, needed.size, gaps);
+  }
+  return results;
+}
+var init_doctor_secret_access = __esm(() => {
+  init_paths();
+  init_merge();
+  init_vault();
+  init_acl();
+  init_client();
+});
+
 // src/cli/doctor-drive.ts
 import {
   existsSync as realExistsSync,
   readFileSync as realReadFileSync
 } from "node:fs";
-import { join as join38, resolve as resolve28 } from "node:path";
+import { join as join39, resolve as resolve28 } from "node:path";
+import { homedir as homedir21 } from "node:os";
 function resolveDeps(config, deps) {
   let agentsDir = deps.agentsDir;
   if (agentsDir === undefined) {
@@ -28356,8 +28658,8 @@ function checkScaffoldWiring(config, driveAgents, d) {
       });
       continue;
     }
-    const mcpPath = join38(agentDir, ".mcp.json");
-    const claudeJsonPath = join38(agentDir, ".claude", ".claude.json");
+    const mcpPath = join39(agentDir, ".mcp.json");
+    const claudeJsonPath = join39(agentDir, ".claude", ".claude.json");
     const mcpRead = readJson(d, mcpPath);
     const trustRead = readJson(d, claudeJsonPath);
     if (mcpRead.kind === "unreadable" || trustRead.kind === "unreadable") {
@@ -28441,16 +28743,78 @@ function runDriveChecks(config, deps = {}) {
   const results = [];
   const matrix = checkConfigMatrix(config);
   results.push(...matrix);
-  const driveAgents = Object.keys(config.agents ?? {}).filter((name) => {
+  const driveAgents = computeDriveAgents(config);
+  results.push(...checkOAuthClient(config, driveAgents.length > 0));
+  results.push(...checkScaffoldWiring(config, driveAgents, d));
+  return results;
+}
+function computeDriveAgents(config) {
+  const accounts = config.google_accounts;
+  return Object.keys(config.agents ?? {}).filter((name) => {
     const acct = agentAccount(config, name);
     return !!acct && !!accounts?.[acct] && (accounts[acct].enabled_for ?? []).includes(name);
   });
-  results.push(...checkOAuthClient(config, driveAgents.length > 0));
-  results.push(...checkScaffoldWiring(config, driveAgents, d));
+}
+async function runDriveBrokerReachabilityChecks(config, deps = {}) {
+  const driveAgents = computeDriveAgents(config);
+  if (driveAgents.length === 0)
+    return [];
+  const gw = config.google_workspace;
+  const idKey = vaultRefKey(gw?.google_client_id);
+  const secretKey = vaultRefKey(gw?.google_client_secret);
+  const vaultKeys = [idKey, secretKey].filter((k) => k !== null);
+  if (vaultKeys.length === 0) {
+    return [
+      {
+        name: "drive: OAuth client broker-reachable",
+        status: "ok",
+        detail: "client credential is a literal (not a vault: ref) \u2014 the launcher reads it from config; no broker grant needed"
+      }
+    ];
+  }
+  const sock = deps.brokerOperatorSocket ?? join39(homedir21(), ".switchroom", "broker-operator", "sock");
+  const preflight = deps.preflight ?? ((a, k) => defaultPreflight(sock, a, k));
+  const results = [];
+  for (const agent of driveAgents) {
+    const outcome = await preflight(agent, vaultKeys);
+    if (outcome.kind === "locked") {
+      results.push({
+        name: `drive: ${agent} client-cred broker-reachable`,
+        status: "skip",
+        detail: "vault-broker is locked \u2014 cannot verify; the fleet's launchers/crons are dead while locked anyway (not a Drive-specific fault)"
+      });
+      continue;
+    }
+    if (outcome.kind === "unreachable") {
+      results.push({
+        name: `drive: ${agent} client-cred broker-reachable`,
+        status: "skip",
+        detail: `broker operator socket unreachable (${outcome.msg}) \u2014 cannot verify; not a false fail`
+      });
+      continue;
+    }
+    const denied = outcome.results.filter((r) => !r.acl_ok);
+    if (denied.length === 0) {
+      results.push({
+        name: `drive: ${agent} client-cred broker-reachable`,
+        status: "ok",
+        detail: `vault-broker will serve the OAuth client credential (${vaultKeys.join(", ")}) to '${agent}'`
+      });
+      continue;
+    }
+    const d0 = denied[0];
+    results.push({
+      name: `drive: ${agent} client-cred broker-reachable`,
+      status: "fail",
+      detail: `vault-broker DENIES '${agent}' the OAuth client key '${d0.key}' (${d0.acl_reason ?? "no ACL grant"}) \u2014 the gdrive MCP launcher exits before spawning and Drive silently never works for this agent`,
+      fix: `confirm '${agent}' is in google_accounts[<account>].enabled_for[] and has agents.${agent}.google_workspace.account set (v0.12.14+ broker grants the client credential off that gate automatically); then ensure the broker is running the v0.12.14+ image`
+    });
+  }
   return results;
 }
 var init_doctor_drive = __esm(() => {
   init_loader();
+  init_doctor_secret_access();
 });
 
 // src/cli/doctor-credentials-migration.ts
@@ -28459,11 +28823,11 @@ import {
   readdirSync as realReaddirSync,
   statSync as realStatSync
 } from "node:fs";
-import { homedir as homedir20 } from "node:os";
-import { join as join39 } from "node:path";
+import { homedir as homedir22 } from "node:os";
+import { join as join40 } from "node:path";
 function runCredentialsMigrationChecks(config, deps = {}) {
-  const credDir = deps.credentialsDir ?? join39(homedir20(), ".switchroom", "credentials");
-  const existsSync46 = deps.existsSync ?? ((p) => realExistsSync2(p));
+  const credDir = deps.credentialsDir ?? join40(homedir22(), ".switchroom", "credentials");
+  const existsSync47 = deps.existsSync ?? ((p) => realExistsSync2(p));
   const readdirSync17 = deps.readdirSync ?? ((p) => realReaddirSync(p));
   const isDirectory = deps.isDirectory ?? ((p) => {
     try {
@@ -28472,7 +28836,7 @@ function runCredentialsMigrationChecks(config, deps = {}) {
       return false;
     }
   });
-  if (!existsSync46(credDir))
+  if (!existsSync47(credDir))
     return [];
   const agentNames = new Set(Object.keys(config.agents ?? {}));
   let entries;
@@ -28490,7 +28854,7 @@ function runCredentialsMigrationChecks(config, deps = {}) {
   const flat = [];
   const perAgentDirs = [];
   for (const e of entries) {
-    const full = join39(credDir, e);
+    const full = join40(credDir, e);
     if (isDirectory(full) && agentNames.has(e)) {
       perAgentDirs.push(e);
     } else {
@@ -28517,181 +28881,6 @@ function runCredentialsMigrationChecks(config, deps = {}) {
 }
 var init_doctor_credentials_migration = () => {};
 
-// src/cli/doctor-secret-access.ts
-import {
-  accessSync,
-  constants as fsConstants4,
-  existsSync as existsSync46,
-  realpathSync as realpathSync4,
-  statSync as statSync20
-} from "node:fs";
-import { userInfo } from "node:os";
-function resolveVaultPath2(config) {
-  return config.vault?.path ? config.vault.path.replace(/^~/, process.env.HOME ?? "") : resolveStatePath("vault.enc");
-}
-function defaultStatVault(path4) {
-  if (!existsSync46(path4)) {
-    return { exists: false, readable: false, uid: -1, mode: 0, realPath: path4 };
-  }
-  let real = path4;
-  try {
-    real = realpathSync4(path4);
-  } catch {}
-  let uid = -1;
-  let mode = 0;
-  try {
-    const s = statSync20(real);
-    uid = s.uid;
-    mode = s.mode & 511;
-  } catch {
-    return { exists: true, readable: false, uid, mode, realPath: real };
-  }
-  let readable = false;
-  try {
-    accessSync(real, fsConstants4.R_OK);
-    readable = true;
-  } catch {
-    readable = false;
-  }
-  return { exists: true, readable, uid, mode, realPath: real };
-}
-function collectVaultRefs2(value, out) {
-  if (typeof value === "string") {
-    if (value.startsWith("vault:")) {
-      const key = value.slice("vault:".length).split("#")[0].trim();
-      if (key)
-        out.add(key);
-    }
-    return;
-  }
-  if (Array.isArray(value)) {
-    for (const v of value)
-      collectVaultRefs2(v, out);
-    return;
-  }
-  if (value && typeof value === "object") {
-    for (const v of Object.values(value)) {
-      collectVaultRefs2(v, out);
-    }
-  }
-}
-function runSecretAccessChecks(config, deps = {}) {
-  const results = [];
-  const vaultPath = deps.vaultPath ?? resolveVaultPath2(config);
-  const statVault = deps.statVault ?? defaultStatVault;
-  const selfUid = deps.selfUid ?? (typeof process.getuid === "function" ? process.getuid() : -1);
-  let selfUser = deps.selfUser;
-  if (selfUser === undefined) {
-    try {
-      selfUser = userInfo().username;
-    } catch {
-      selfUser = "<you>";
-    }
-  }
-  const vf = statVault(vaultPath);
-  if (!vf.exists) {
-    results.push({
-      name: "vault: operator readable",
-      status: "ok",
-      detail: `vault file not present at ${vaultPath} \u2014 see the Vault section`
-    });
-  } else if (!vf.readable) {
-    results.push({
-      name: "vault: operator readable",
-      status: "fail",
-      detail: `${vf.realPath} is owned by uid ${vf.uid} (mode 0${vf.mode.toString(8)}) \u2014 ` + `the operator (uid ${selfUid} ${selfUser}) cannot read it, so every ` + `\`switchroom vault \u2026\` fails. The broker still works (CAP_DAC_READ_SEARCH), ` + `which masks this until you touch the vault directly.`,
-      fix: `sudo chown ${selfUser}:${selfUser} ${vf.realPath}`
-    });
-  } else {
-    results.push({
-      name: "vault: operator readable",
-      status: "ok",
-      detail: `operator can read ${vf.realPath}`
-    });
-  }
-  const passphrase = deps.passphrase ?? process.env.SWITCHROOM_VAULT_PASSPHRASE;
-  if (!passphrase) {
-    results.push({
-      name: "agent secret access",
-      status: "skip",
-      detail: "SWITCHROOM_VAULT_PASSPHRASE not set \u2014 cannot enumerate vault keys/ACLs " + "to verify per-agent secret access",
-      fix: "Export SWITCHROOM_VAULT_PASSPHRASE and re-run `switchroom doctor`"
-    });
-    return results;
-  }
-  let entries;
-  try {
-    entries = (deps.openVault ?? openVault)(passphrase, vaultPath);
-  } catch (err) {
-    results.push({
-      name: "agent secret access",
-      status: vf.readable ? "fail" : "warn",
-      detail: `cannot open the vault: ${err.message}`,
-      fix: vf.readable ? "SWITCHROOM_VAULT_PASSPHRASE may be wrong, or the vault is corrupt" : "fix the vault file ownership above first (operator cannot read it)"
-    });
-    return results;
-  }
-  const agents = Object.keys(config.agents ?? {});
-  for (const name of agents) {
-    const resolved = resolveAgentConfig(config.defaults, config.profiles, config.agents[name]);
-    const cronKeys = new Set;
-    for (const entry of resolved.schedule ?? []) {
-      for (const s of entry.secrets ?? [])
-        cronKeys.add(s);
-    }
-    const refKeys = new Set;
-    collectVaultRefs2(resolved, refKeys);
-    const needed = new Set([...cronKeys, ...refKeys]);
-    if (needed.size === 0) {
-      results.push({
-        name: `secret access: ${name}`,
-        status: "ok",
-        detail: "no declared vault secrets"
-      });
-      continue;
-    }
-    const gaps = [];
-    for (const key of [...needed].sort()) {
-      const isGoogleSlot = key.startsWith("google:");
-      if (!isGoogleSlot && !(key in entries)) {
-        gaps.push(`'${key}' missing from the vault`);
-        continue;
-      }
-      const byScope = checkEntryScope(entries[key]?.scope, name);
-      if (cronKeys.has(key)) {
-        const byAgent = checkAclByAgent(config, name, key);
-        if (!byAgent.allow) {
-          gaps.push(`'${key}' (cron) \u2014 no static ACL grants read (${byAgent.reason})`);
-          continue;
-        }
-      }
-      if (!byScope.allow) {
-        gaps.push(`'${key}' \u2014 per-key scope denies read (${byScope.reason})`);
-      }
-    }
-    if (gaps.length === 0) {
-      results.push({
-        name: `secret access: ${name}`,
-        status: "ok",
-        detail: `${needed.size} secret(s): all present + ACL ok`
-      });
-    } else {
-      results.push({
-        name: `secret access: ${name}`,
-        status: "fail",
-        detail: `${gaps.length}/${needed.size} unreachable \u2014 ${gaps.join("; ")}`,
-        fix: "`switchroom vault set <key>` for missing keys; " + "`switchroom vault set <key> --allow " + name + "` to grant this agent read access"
-      });
-    }
-  }
-  return results;
-}
-var init_doctor_secret_access = __esm(() => {
-  init_paths();
-  init_merge();
-  init_vault();
-});
-
 // src/cli/doctor-inlined-secrets.ts
 import { readFileSync as fsReadFileSync } from "node:fs";
 function isSecretShapedKey(key) {
@@ -28788,19 +28977,19 @@ var init_doctor_inlined_secrets = __esm(() => {
 
 // src/cli/doctor-audit-integrity.ts
 import { readFileSync as fsReadFileSync2 } from "node:fs";
-import { homedir as homedir21 } from "node:os";
-import { join as join40 } from "node:path";
+import { homedir as homedir23 } from "node:os";
+import { join as join41 } from "node:path";
 function rootWrittenLogs(home2) {
   return [
-    { label: "vault-broker", path: join40(home2, ".switchroom", "vault-audit.log") },
+    { label: "vault-broker", path: join41(home2, ".switchroom", "vault-audit.log") },
     {
       label: "hostd",
-      path: join40(home2, ".switchroom", "host-control-audit.log")
+      path: join41(home2, ".switchroom", "host-control-audit.log")
     }
   ];
 }
 function runAuditIntegrityChecks(deps = {}) {
-  const home2 = deps.homeDir ?? homedir21();
+  const home2 = deps.homeDir ?? homedir23();
   const read = deps.readFileSync ?? ((p) => fsReadFileSync2(p, "utf8"));
   const results = [];
   for (const { label, path: path4 } of rootWrittenLogs(home2)) {
@@ -29077,14 +29266,14 @@ var init_client4 = __esm(() => {
 
 // src/cli/doctor-agent-smoke.ts
 import { existsSync as existsSync47 } from "node:fs";
-import { homedir as homedir22 } from "node:os";
-import { join as join41 } from "node:path";
+import { homedir as homedir24 } from "node:os";
+import { join as join42 } from "node:path";
 import { randomUUID as randomUUID4 } from "node:crypto";
 async function runAgentSmokeChecks(config, deps = {}) {
   if (deps.fast)
     return [];
-  const home2 = deps.homeDir ?? homedir22();
-  const sock = deps.operatorSockPath ?? join41(home2, ".switchroom", "hostd", "operator", "sock");
+  const home2 = deps.homeDir ?? homedir24();
+  const sock = deps.operatorSockPath ?? join42(home2, ".switchroom", "hostd", "operator", "sock");
   if (!deps.hostdRequestImpl && !existsSync47(sock)) {
     return [
       {
@@ -29211,16 +29400,16 @@ import {
   readdirSync as readdirSync17,
   statSync as statSync21
 } from "node:fs";
-import { dirname as dirname12, join as join42, resolve as resolve29 } from "node:path";
+import { dirname as dirname12, join as join43, resolve as resolve29 } from "node:path";
 import { createPublicKey, createPrivateKey } from "node:crypto";
 function findInNvm(bin) {
-  const nvmRoot = join42(process.env.HOME ?? "", ".nvm", "versions", "node");
+  const nvmRoot = join43(process.env.HOME ?? "", ".nvm", "versions", "node");
   if (!existsSync48(nvmRoot))
     return null;
   try {
     const versions = readdirSync17(nvmRoot).sort().reverse();
     for (const v of versions) {
-      const candidate = join42(nvmRoot, v, "bin", bin);
+      const candidate = join43(nvmRoot, v, "bin", bin);
       try {
         const s = statSync21(candidate);
         if (s.isFile() || s.isSymbolicLink()) {
@@ -29385,7 +29574,7 @@ function findChromium(homeDir = process.env.HOME ?? "", envBrowsersPath = proces
   if (envBrowsersPath && envBrowsersPath.length > 0) {
     cacheLocations.push(envBrowsersPath);
   }
-  cacheLocations.push(join42(homeDir, ".cache", "ms-playwright"));
+  cacheLocations.push(join43(homeDir, ".cache", "ms-playwright"));
   for (const cacheDir of cacheLocations) {
     if (!existsSync48(cacheDir))
       continue;
@@ -29393,10 +29582,10 @@ function findChromium(homeDir = process.env.HOME ?? "", envBrowsersPath = proces
       const entries = readdirSync17(cacheDir).filter((e) => e.startsWith("chromium"));
       for (const entry of entries) {
         const candidates2 = [
-          join42(cacheDir, entry, "chrome-linux64", "chrome"),
-          join42(cacheDir, entry, "chrome-linux", "chrome"),
-          join42(cacheDir, entry, "chrome-linux64", "headless_shell"),
-          join42(cacheDir, entry, "chrome-linux", "headless_shell")
+          join43(cacheDir, entry, "chrome-linux64", "chrome"),
+          join43(cacheDir, entry, "chrome-linux", "chrome"),
+          join43(cacheDir, entry, "chrome-linux64", "headless_shell"),
+          join43(cacheDir, entry, "chrome-linux", "headless_shell")
         ];
         for (const path4 of candidates2) {
           if (existsSync48(path4))
@@ -29479,7 +29668,7 @@ function checkConfig(config, configPath) {
 function checkLegacyState() {
   const results = [];
   const h = process.env.HOME ?? "/root";
-  const clerkDir = join42(h, LEGACY_STATE_DIR);
+  const clerkDir = join43(h, LEGACY_STATE_DIR);
   const clerkPresent = existsSync48(clerkDir);
   results.push({
     name: "legacy ~/.clerk state",
@@ -29489,7 +29678,7 @@ function checkLegacyState() {
       fix: "Legacy state detected. Run `mv ~/.clerk ~/.switchroom` and rename " + "any top-level `clerk:` key in switchroom.yaml to `switchroom:`. " + "This back-compat shim is REMOVED in v0.13.0 \u2014 no automatic " + "migration exists."
     } : {}
   });
-  const legacySock = join42(h, ".switchroom", "vault-broker.sock");
+  const legacySock = join43(h, ".switchroom", "vault-broker.sock");
   let sockStat = null;
   try {
     sockStat = lstatSync5(legacySock);
@@ -29693,7 +29882,7 @@ async function checkHindsight(config) {
 }
 function checkPendingRetainsQueue(dir) {
   const home2 = process.env.HOME ?? "";
-  const pendingDir = dir ?? process.env.HINDSIGHT_PENDING_DIR ?? join42(home2, ".hindsight", "pending-retains");
+  const pendingDir = dir ?? process.env.HINDSIGHT_PENDING_DIR ?? join43(home2, ".hindsight", "pending-retains");
   if (!existsSync48(pendingDir)) {
     return {
       name: "pending-retains queue",
@@ -29824,7 +30013,7 @@ async function checkTelegram(config) {
     const plugin = agentConfig.channels?.telegram?.plugin ?? "switchroom";
     if (plugin !== "switchroom")
       continue;
-    const envPath = join42(agentsDir, name, "telegram", ".env");
+    const envPath = join43(agentsDir, name, "telegram", ".env");
     const read = tryReadHostFile(envPath);
     if (read.kind === "eacces") {
       results.push({
@@ -29907,7 +30096,7 @@ function checkStartShStale(agentName, startShPath) {
 }
 function checkLeakedHomeSwitchroom(agentName, agentDir) {
   const label = `${agentName}: $HOME/.switchroom symlink (#910)`;
-  const path4 = join42(agentDir, "home", ".switchroom");
+  const path4 = join43(agentDir, "home", ".switchroom");
   let stats;
   try {
     stats = lstatSync5(path4);
@@ -29944,7 +30133,7 @@ function checkLeakedHomeSwitchroom(agentName, agentDir) {
 }
 function checkRepoHygiene(repoRoot) {
   const results = [];
-  const exportDir = join42(repoRoot, "clerk-export");
+  const exportDir = join43(repoRoot, "clerk-export");
   if (existsSync48(exportDir)) {
     results.push({
       name: "repo hygiene: clerk-export/ on disk (#1072)",
@@ -29953,7 +30142,7 @@ function checkRepoHygiene(repoRoot) {
       fix: `Run scripts/migrate-clerk-export-to-vault.sh to move the bundle ` + `into the vault, then delete the on-disk copy.`
     });
   }
-  const knownTarball = join42(repoRoot, "clerk-export-with-secrets.tar.gz");
+  const knownTarball = join43(repoRoot, "clerk-export-with-secrets.tar.gz");
   if (existsSync48(knownTarball)) {
     results.push({
       name: "repo hygiene: clerk-export-with-secrets.tar.gz on disk (#1072)",
@@ -29971,7 +30160,7 @@ function checkRepoHygiene(repoRoot) {
         results.push({
           name: `repo hygiene: ${name} on disk (#1072)`,
           status: "warn",
-          detail: `${join42(repoRoot, name)} matches the *-with-secrets*.tar.gz ` + `pattern. Likely contains real credentials.`,
+          detail: `${join43(repoRoot, name)} matches the *-with-secrets*.tar.gz ` + `pattern. Likely contains real credentials.`,
           fix: `Inspect, migrate any secrets into the vault, then delete the ` + `archive.`
         });
       }
@@ -29994,9 +30183,9 @@ function checkRepoHygiene(repoRoot) {
 }
 function isSwitchroomCheckout(dir) {
   try {
-    if (!existsSync48(join42(dir, ".git")))
+    if (!existsSync48(join43(dir, ".git")))
       return false;
-    const pkgPath = join42(dir, "package.json");
+    const pkgPath = join43(dir, "package.json");
     if (!existsSync48(pkgPath))
       return false;
     const pkg = JSON.parse(readFileSync44(pkgPath, "utf-8"));
@@ -30033,7 +30222,7 @@ function checkAgents(config, configPath) {
         fix: `Rotate the bot token (e.g. via \`switchroom vault\`), then run ` + `\`switchroom agent unquarantine ${name}\` and \`switchroom agent restart ${name}\``
       });
     }
-    results.push(checkStartShStale(name, join42(agentDir, "start.sh")));
+    results.push(checkStartShStale(name, join43(agentDir, "start.sh")));
     results.push(checkLeakedHomeSwitchroom(name, agentDir));
     const status = statuses[name];
     const active = status?.active ?? "unknown";
@@ -30110,7 +30299,7 @@ function checkAgents(config, configPath) {
       }
     }
     if (agentConfig.channels?.telegram?.plugin === "switchroom") {
-      const mcpJsonPath = join42(agentDir, ".mcp.json");
+      const mcpJsonPath = join43(agentDir, ".mcp.json");
       if (!existsSync48(mcpJsonPath)) {
         results.push({
           name: `${name}: .mcp.json`,
@@ -30411,7 +30600,7 @@ async function checkMffAuthFlow(envPath = mffEnvPath(), timeoutMs = 8000) {
     };
   }
   const credDir = dirname12(envPath);
-  const authScript = join42(credDir, "claude-auth.py");
+  const authScript = join43(credDir, "claude-auth.py");
   if (!existsSync48(authScript)) {
     return {
       name: "mff: auth flow",
@@ -30690,7 +30879,7 @@ function registerDoctorCommand(program3) {
       },
       { title: "Legacy State", results: checkLegacyState() },
       { title: "Vault", results: checkVault(config) },
-      { title: "Vault access", results: runSecretAccessChecks(config) },
+      { title: "Vault access", results: await runSecretAccessChecks(config) },
       { title: "Memory (Hindsight)", results: await checkHindsight(config) },
       { title: "Telegram", results: await checkTelegram(config) },
       { title: "Agents", results: checkAgents(config, configPath) },
@@ -30703,7 +30892,13 @@ function registerDoctorCommand(program3) {
         title: "Agent liveness (in-agent via hostd)",
         results: await runAgentSmokeChecks(config, { fast: opts.fast })
       },
-      { title: "Google Drive", results: runDriveChecks(config) },
+      {
+        title: "Google Drive",
+        results: [
+          ...runDriveChecks(config),
+          ...await runDriveBrokerReachabilityChecks(config)
+        ]
+      },
       { title: "MFF Skill", results: await checkMff(passphrase, vaultPath, config) }
     ];
     const cwd = process.cwd();
@@ -47047,8 +47242,8 @@ var {
 } = import__.default;
 
 // src/build-info.ts
-var VERSION = "0.12.13";
-var COMMIT_SHA = "fc96015d";
+var VERSION = "0.12.15";
+var COMMIT_SHA = "dc508a92";
 
 // src/cli/agent.ts
 init_source();
@@ -55869,6 +56064,7 @@ var DEFAULT_AUTO_UNLOCK_PATH = "~/.switchroom/vault-auto-unlock";
 
 // src/vault/broker/server.ts
 init_peercred();
+init_acl();
 init_protocol();
 
 // src/vault/broker/audit-log.ts
@@ -58199,7 +58395,9 @@ class VaultBroker {
     this._writePidFile();
     this._sdNotify(`READY=1
 `);
-    this._tryAutoUnlock();
+    if (this.testOpts._testSecrets === undefined) {
+      this._tryAutoUnlock();
+    }
     if (process.platform !== "linux") {
       process.stderr.write(`[vault-broker] WARNING: running on ${process.platform} with ` + `SWITCHROOM_BROKER_ALLOW_NON_LINUX=1 \u2014 peercred ACL is disabled. ` + `Access control is socket file mode 0600 ONLY. Do not use this configuration for production secrets.
 `);
@@ -58510,6 +58708,49 @@ class VaultBroker {
       socket.write(encodeResponse({ ok: true, locked: true }));
       return;
     }
+    if (req.op === "preflight_access") {
+      if (!isOperator) {
+        writeAudit({
+          ts: new Date().toISOString(),
+          op: "preflight_access",
+          caller: auditCaller,
+          pid: auditPid,
+          cgroup: auditCgroup,
+          result: "denied:operator-only"
+        });
+        socket.write(encodeResponse(errorResponse("DENIED", "preflight_access is operator-only")));
+        return;
+      }
+      if (this.secrets === null) {
+        socket.write(encodeResponse(errorResponse("LOCKED", "Vault is locked")));
+        return;
+      }
+      const pfSecrets = this.secrets;
+      const pfConfig = this.config;
+      const results = req.keys.map((key) => {
+        const exists = Object.prototype.hasOwnProperty.call(pfSecrets, key);
+        const acl = pfConfig !== null ? checkAclByAgent(pfConfig, req.agent, key) : { allow: false, reason: "broker has no config loaded" };
+        const scope = checkEntryScope(pfSecrets[key]?.scope, req.agent);
+        return {
+          key,
+          exists,
+          acl_ok: acl.allow,
+          ...acl.allow ? {} : { acl_reason: acl.reason },
+          scope_ok: scope.allow,
+          ...scope.allow ? {} : { scope_reason: scope.reason }
+        };
+      });
+      writeAudit({
+        ts: new Date().toISOString(),
+        op: "preflight_access",
+        caller: auditCaller,
+        pid: auditPid,
+        cgroup: auditCgroup,
+        result: `allowed:agent=${req.agent},keys=${req.keys.length}`
+      });
+      socket.write(encodeResponse({ ok: true, op: "preflight_access", results }));
+      return;
+    }
     if (req.op === "list") {
       if (this.secrets === null) {
         socket.write(encodeResponse(errorResponse("LOCKED", "Vault is locked")));
@@ -68972,15 +69213,15 @@ init_loader();
 init_lifecycle();
 import { cpSync as cpSync2, existsSync as existsSync49, mkdirSync as mkdirSync27, readFileSync as readFileSync45, realpathSync as realpathSync5, rmSync as rmSync12, statSync as statSync22 } from "node:fs";
 import { spawnSync as spawnSync8 } from "node:child_process";
-import { join as join43, dirname as dirname13, resolve as resolve30 } from "node:path";
-import { homedir as homedir23 } from "node:os";
-var DEFAULT_COMPOSE_PATH = join43(homedir23(), ".switchroom", "compose", "docker-compose.yml");
+import { join as join44, dirname as dirname13, resolve as resolve30 } from "node:path";
+import { homedir as homedir25 } from "node:os";
+var DEFAULT_COMPOSE_PATH = join44(homedir25(), ".switchroom", "compose", "docker-compose.yml");
 function runningFromSwitchroomCheckout(scriptPath) {
   let dir = dirname13(scriptPath);
   for (let i = 0;i < 12; i++) {
-    if (existsSync49(join43(dir, ".git"))) {
+    if (existsSync49(join44(dir, ".git"))) {
       try {
-        const pkg = JSON.parse(readFileSync45(join43(dir, "package.json"), "utf-8"));
+        const pkg = JSON.parse(readFileSync45(join44(dir, "package.json"), "utf-8"));
         if (pkg.name === "switchroom")
           return true;
       } catch {}
@@ -69111,7 +69352,7 @@ function planUpdate(opts) {
         return;
       }
       const source = resolve30(import.meta.dirname, "../../skills");
-      const dest = join43(homedir23(), ".switchroom", "skills", "_bundled");
+      const dest = join44(homedir25(), ".switchroom", "skills", "_bundled");
       if (!existsSync49(source)) {
         process.stderr.write(`switchroom update: sync-bundled-skills \u2014 CLI bundle has no adjacent skills/ at ${source}; skipping.
 `);
@@ -69225,7 +69466,7 @@ function defaultStatusProbe(composePath) {
       } catch {}
       let dir = dirname13(scriptPath);
       for (let i = 0;i < 8; i++) {
-        const pkgPath = join43(dir, "package.json");
+        const pkgPath = join44(dir, "package.json");
         if (existsSync49(pkgPath)) {
           try {
             const pkg = JSON.parse(readFileSync45(pkgPath, "utf-8"));
@@ -69445,7 +69686,7 @@ init_helpers();
 init_lifecycle();
 import { execSync as execSync4 } from "node:child_process";
 import { existsSync as existsSync50, readFileSync as readFileSync46 } from "node:fs";
-import { dirname as dirname14, join as join44 } from "node:path";
+import { dirname as dirname14, join as join45 } from "node:path";
 function getClaudeCodeVersion() {
   try {
     const out = execSync4("claude --version 2>/dev/null", {
@@ -69495,11 +69736,11 @@ function formatUptime3(timestamp) {
 function locateSwitchroomInstallDir() {
   let dir = import.meta.dirname;
   for (let i = 0;i < 10 && dir && dir !== "/"; i++) {
-    const pkgPath = join44(dir, "package.json");
+    const pkgPath = join45(dir, "package.json");
     if (existsSync50(pkgPath)) {
       try {
         const pkg = JSON.parse(readFileSync46(pkgPath, "utf-8"));
-        if (pkg.name === "switchroom" && existsSync50(join44(dir, ".git"))) {
+        if (pkg.name === "switchroom" && existsSync50(join45(dir, ".git"))) {
           return dir;
         }
       } catch {}
@@ -69729,7 +69970,7 @@ import {
   writeFileSync as writeFileSync25,
   writeSync as writeSync6
 } from "node:fs";
-import { join as join45 } from "node:path";
+import { join as join46 } from "node:path";
 import { randomBytes as randomBytes10 } from "node:crypto";
 import { execSync as execSync5 } from "node:child_process";
 
@@ -70049,7 +70290,7 @@ function redactedMarker(ruleId) {
 var ISSUES_FILE = "issues.jsonl";
 var ISSUES_LOCK = "issues.lock";
 function readAll(stateDir) {
-  const path4 = join45(stateDir, ISSUES_FILE);
+  const path4 = join46(stateDir, ISSUES_FILE);
   if (!existsSync51(path4))
     return [];
   let raw;
@@ -70127,7 +70368,7 @@ function record(stateDir, input, nowFn = Date.now) {
   });
 }
 function resolve33(stateDir, fingerprint, nowFn = Date.now) {
-  if (!existsSync51(join45(stateDir, ISSUES_FILE)))
+  if (!existsSync51(join46(stateDir, ISSUES_FILE)))
     return 0;
   return withLock(stateDir, () => {
     const all = readAll(stateDir);
@@ -70145,7 +70386,7 @@ function resolve33(stateDir, fingerprint, nowFn = Date.now) {
   });
 }
 function resolveAllBySource(stateDir, source, nowFn = Date.now) {
-  if (!existsSync51(join45(stateDir, ISSUES_FILE)))
+  if (!existsSync51(join46(stateDir, ISSUES_FILE)))
     return 0;
   return withLock(stateDir, () => {
     const all = readAll(stateDir);
@@ -70163,7 +70404,7 @@ function resolveAllBySource(stateDir, source, nowFn = Date.now) {
   });
 }
 function prune(stateDir, opts = {}) {
-  if (!existsSync51(join45(stateDir, ISSUES_FILE)))
+  if (!existsSync51(join46(stateDir, ISSUES_FILE)))
     return 0;
   return withLock(stateDir, () => {
     const all = readAll(stateDir);
@@ -70196,7 +70437,7 @@ function ensureDir(stateDir) {
   mkdirSync28(stateDir, { recursive: true });
 }
 function writeAll(stateDir, events) {
-  const path4 = join45(stateDir, ISSUES_FILE);
+  const path4 = join46(stateDir, ISSUES_FILE);
   sweepOrphanTmpFiles(stateDir);
   const tmp = `${path4}.tmp-${process.pid}-${randomBytes10(4).toString("hex")}`;
   const body = events.length === 0 ? "" : events.map((e) => JSON.stringify(e)).join(`
@@ -70218,7 +70459,7 @@ function sweepOrphanTmpFiles(stateDir) {
   for (const entry of entries) {
     if (!entry.startsWith(TMP_PREFIX))
       continue;
-    const tmpPath = join45(stateDir, entry);
+    const tmpPath = join46(stateDir, entry);
     try {
       const stat = statSync23(tmpPath);
       if (stat.mtimeMs < cutoff) {
@@ -70230,7 +70471,7 @@ function sweepOrphanTmpFiles(stateDir) {
 var LOCK_RETRY_MS = 25;
 var LOCK_TIMEOUT_MS = 1e4;
 function withLock(stateDir, fn) {
-  const lockPath = join45(stateDir, ISSUES_LOCK);
+  const lockPath = join46(stateDir, ISSUES_LOCK);
   const startedAt = Date.now();
   let fd = null;
   while (fd === null) {
@@ -70514,8 +70755,8 @@ function relTime(deltaMs) {
 // src/cli/deps.ts
 init_source();
 import { existsSync as existsSync54 } from "node:fs";
-import { homedir as homedir26 } from "node:os";
-import { join as join48, resolve as resolve34 } from "node:path";
+import { homedir as homedir28 } from "node:os";
+import { join as join49, resolve as resolve34 } from "node:path";
 
 // src/deps/python.ts
 import { createHash as createHash9 } from "node:crypto";
@@ -70526,8 +70767,8 @@ import {
   rmSync as rmSync13,
   writeFileSync as writeFileSync26
 } from "node:fs";
-import { dirname as dirname15, join as join46 } from "node:path";
-import { homedir as homedir24 } from "node:os";
+import { dirname as dirname15, join as join47 } from "node:path";
+import { homedir as homedir26 } from "node:os";
 import { execFileSync as execFileSync14 } from "node:child_process";
 
 class PythonEnvError extends Error {
@@ -70539,7 +70780,7 @@ class PythonEnvError extends Error {
   }
 }
 function defaultPythonCacheRoot() {
-  return join46(homedir24(), ".switchroom", "deps", "python");
+  return join47(homedir26(), ".switchroom", "deps", "python");
 }
 function hashFile(path4) {
   return createHash9("sha256").update(readFileSync48(path4)).digest("hex");
@@ -70551,11 +70792,11 @@ function ensurePythonEnv(opts) {
   if (!existsSync52(requirementsPath)) {
     throw new PythonEnvError(`requirements file not found: ${requirementsPath}`);
   }
-  const venvDir = join46(cacheRoot, skillName);
-  const stampPath = join46(venvDir, ".requirements.sha256");
-  const binDir = join46(venvDir, "bin");
-  const pythonBin = join46(binDir, "python");
-  const pipBin = join46(binDir, "pip");
+  const venvDir = join47(cacheRoot, skillName);
+  const stampPath = join47(venvDir, ".requirements.sha256");
+  const binDir = join47(venvDir, "bin");
+  const pythonBin = join47(binDir, "python");
+  const pipBin = join47(binDir, "pip");
   const targetHash = hashFile(requirementsPath);
   if (!force && existsSync52(stampPath) && existsSync52(pythonBin)) {
     const existingHash = readFileSync48(stampPath, "utf8").trim();
@@ -70614,8 +70855,8 @@ import {
   rmSync as rmSync14,
   writeFileSync as writeFileSync27
 } from "node:fs";
-import { dirname as dirname16, join as join47 } from "node:path";
-import { homedir as homedir25 } from "node:os";
+import { dirname as dirname16, join as join48 } from "node:path";
+import { homedir as homedir27 } from "node:os";
 import { execFileSync as execFileSync15 } from "node:child_process";
 
 class NodeEnvError extends Error {
@@ -70638,7 +70879,7 @@ var LOCKFILES_FOR = {
   npm: ["package-lock.json"]
 };
 function defaultNodeCacheRoot() {
-  return join47(homedir25(), ".switchroom", "deps", "node");
+  return join48(homedir27(), ".switchroom", "deps", "node");
 }
 function hashDepInputs(packageJsonPath) {
   const sourceDir = dirname16(packageJsonPath);
@@ -70647,7 +70888,7 @@ function hashDepInputs(packageJsonPath) {
 `);
   hasher.update(readFileSync49(packageJsonPath));
   for (const lockName of ALL_LOCKFILES) {
-    const lockPath = join47(sourceDir, lockName);
+    const lockPath = join48(sourceDir, lockName);
     if (existsSync53(lockPath)) {
       hasher.update(`
 `);
@@ -70667,10 +70908,10 @@ function ensureNodeEnv(opts) {
     throw new NodeEnvError(`package.json not found: ${packageJsonPath}`);
   }
   const sourceDir = dirname16(packageJsonPath);
-  const envDir = join47(cacheRoot, skillName);
-  const stampPath = join47(envDir, ".package.sha256");
-  const nodeModulesDir = join47(envDir, "node_modules");
-  const binDir = join47(nodeModulesDir, ".bin");
+  const envDir = join48(cacheRoot, skillName);
+  const stampPath = join48(envDir, ".package.sha256");
+  const nodeModulesDir = join48(envDir, "node_modules");
+  const binDir = join48(nodeModulesDir, ".bin");
   const targetHash = hashDepInputs(packageJsonPath);
   if (!force && existsSync53(stampPath) && existsSync53(nodeModulesDir)) {
     const existingHash = readFileSync49(stampPath, "utf8").trim();
@@ -70688,12 +70929,12 @@ function ensureNodeEnv(opts) {
     rmSync14(envDir, { recursive: true, force: true });
   }
   mkdirSync30(envDir, { recursive: true });
-  copyFileSync9(packageJsonPath, join47(envDir, "package.json"));
+  copyFileSync9(packageJsonPath, join48(envDir, "package.json"));
   let copiedLockfile = false;
   for (const lockName of LOCKFILES_FOR[installer]) {
-    const lockPath = join47(sourceDir, lockName);
+    const lockPath = join48(sourceDir, lockName);
     if (existsSync53(lockPath)) {
-      copyFileSync9(lockPath, join47(envDir, lockName));
+      copyFileSync9(lockPath, join48(envDir, lockName));
       copiedLockfile = true;
     }
   }
@@ -70722,7 +70963,7 @@ function ensureNodeEnv(opts) {
 
 // src/cli/deps.ts
 function builtinSkillsRoot() {
-  return resolve34(homedir26(), ".switchroom/skills/_bundled");
+  return resolve34(homedir28(), ".switchroom/skills/_bundled");
 }
 function registerDepsCommand(program3) {
   const deps = program3.command("deps").description("Manage cached per-skill dependency environments");
@@ -70732,13 +70973,13 @@ function registerDepsCommand(program3) {
       console.error(source_default.red(`Bundled skills pool dir not found at ${skillsRoot} \u2014 run \`switchroom update\` to install it.`));
       process.exit(1);
     }
-    const skillDir = join48(skillsRoot, skill);
+    const skillDir = join49(skillsRoot, skill);
     if (!existsSync54(skillDir)) {
       console.error(source_default.red(`Unknown skill: ${skill} (no dir at ${skillDir})`));
       process.exit(1);
     }
-    const requirementsPath = join48(skillDir, "requirements.txt");
-    const packageJsonPath = join48(skillDir, "package.json");
+    const requirementsPath = join49(skillDir, "requirements.txt");
+    const packageJsonPath = join49(skillDir, "package.json");
     const wantPython = opts.python ?? (!opts.python && !opts.node && existsSync54(requirementsPath));
     const wantNode = opts.node ?? (!opts.python && !opts.node && existsSync54(packageJsonPath));
     let did = 0;
@@ -71693,7 +71934,7 @@ init_helpers();
 init_loader();
 init_merge();
 import { copyFileSync as copyFileSync10, existsSync as existsSync56, readFileSync as readFileSync50, writeFileSync as writeFileSync28 } from "node:fs";
-import { join as join49, resolve as resolve36 } from "node:path";
+import { join as join50, resolve as resolve36 } from "node:path";
 init_schema();
 function resolveSoulTargetOrExit(program3, agentName) {
   const config = getConfig(program3);
@@ -71717,7 +71958,7 @@ function resolveSoulTargetOrExit(program3, agentName) {
     profileName,
     profilePath,
     workspaceDir,
-    soulPath: join49(workspaceDir, "SOUL.md"),
+    soulPath: join50(workspaceDir, "SOUL.md"),
     soul: merged.soul
   };
 }
@@ -71784,7 +72025,7 @@ function registerSoulCommand(program3) {
 init_helpers();
 init_loader();
 import { existsSync as existsSync57, readFileSync as readFileSync51, readdirSync as readdirSync19, statSync as statSync24 } from "node:fs";
-import { resolve as resolve37, join as join50 } from "node:path";
+import { resolve as resolve37, join as join51 } from "node:path";
 import { createHash as createHash11 } from "node:crypto";
 init_merge();
 init_hindsight();
@@ -71798,7 +72039,7 @@ function sha256(content) {
   return createHash11("sha256").update(content).digest("hex").slice(0, 16);
 }
 function findLatestTranscriptJsonl(claudeConfigDir) {
-  const projectsDir = join50(claudeConfigDir, "projects");
+  const projectsDir = join51(claudeConfigDir, "projects");
   if (!existsSync57(projectsDir))
     return;
   try {
@@ -71807,8 +72048,8 @@ function findLatestTranscriptJsonl(claudeConfigDir) {
     for (const entry of entries) {
       if (!entry.isDirectory())
         continue;
-      const projectPath = join50(projectsDir, entry.name);
-      const transcriptPath = join50(projectPath, "transcript.jsonl");
+      const projectPath = join51(projectsDir, entry.name);
+      const transcriptPath = join51(projectPath, "transcript.jsonl");
       if (!existsSync57(transcriptPath))
         continue;
       const stat3 = statSync24(transcriptPath);
@@ -71877,11 +72118,11 @@ function registerDebugCommand(program3) {
       process.exit(1);
     }
     const workspaceDir = resolveAgentWorkspaceDir(agentDir);
-    const claudeConfigDir = join50(agentDir, ".claude");
-    const claudeMdPath = join50(agentDir, "CLAUDE.md");
-    const soulMdPath = join50(agentDir, "SOUL.md");
-    const workspaceSoulMdPath = join50(workspaceDir, "SOUL.md");
-    const handoffPath = join50(agentDir, ".handoff.md");
+    const claudeConfigDir = join51(agentDir, ".claude");
+    const claudeMdPath = join51(agentDir, "CLAUDE.md");
+    const soulMdPath = join51(agentDir, "SOUL.md");
+    const workspaceSoulMdPath = join51(workspaceDir, "SOUL.md");
+    const handoffPath = join51(agentDir, ".handoff.md");
     const lastN = parseInt(opts.last, 10);
     if (isNaN(lastN) || lastN < 1) {
       console.error("--last must be a positive integer");
@@ -72031,8 +72272,8 @@ init_source();
 // src/worktree/claim.ts
 import { execFileSync as execFileSync16 } from "node:child_process";
 import { closeSync as closeSync11, mkdirSync as mkdirSync32, openSync as openSync11, existsSync as existsSync59, unlinkSync as unlinkSync12 } from "node:fs";
-import { join as join52, resolve as resolve39 } from "node:path";
-import { homedir as homedir28 } from "node:os";
+import { join as join53, resolve as resolve39 } from "node:path";
+import { homedir as homedir30 } from "node:os";
 import { randomBytes as randomBytes11 } from "node:crypto";
 
 // src/worktree/registry.ts
@@ -72045,13 +72286,13 @@ import {
   existsSync as existsSync58,
   renameSync as renameSync11
 } from "node:fs";
-import { join as join51, resolve as resolve38 } from "node:path";
-import { homedir as homedir27 } from "node:os";
+import { join as join52, resolve as resolve38 } from "node:path";
+import { homedir as homedir29 } from "node:os";
 function registryDir() {
-  return resolve38(process.env.SWITCHROOM_WORKTREE_DIR ?? join51(homedir27(), ".switchroom", "worktrees"));
+  return resolve38(process.env.SWITCHROOM_WORKTREE_DIR ?? join52(homedir29(), ".switchroom", "worktrees"));
 }
 function recordPath(id) {
-  return join51(registryDir(), `${id}.json`);
+  return join52(registryDir(), `${id}.json`);
 }
 function ensureDir2() {
   mkdirSync31(registryDir(), { recursive: true });
@@ -72102,7 +72343,7 @@ function acquireRepoLock(repoPath) {
   const lockDir = registryDir();
   mkdirSync32(lockDir, { recursive: true });
   const lockName = repoPath.replace(/[^A-Za-z0-9]/g, "_");
-  const lockPath = join52(lockDir, `.lock-${lockName}`);
+  const lockPath = join53(lockDir, `.lock-${lockName}`);
   const deadline = Date.now() + 5000;
   let fd = null;
   while (fd === null) {
@@ -72129,7 +72370,7 @@ function acquireRepoLock(repoPath) {
 }
 var DEFAULT_CONCURRENCY = 5;
 function worktreesBaseDir() {
-  return resolve39(process.env.SWITCHROOM_WORKTREE_BASE ?? join52(homedir28(), ".switchroom", "worktree-checkouts"));
+  return resolve39(process.env.SWITCHROOM_WORKTREE_BASE ?? join53(homedir30(), ".switchroom", "worktree-checkouts"));
 }
 function shortId() {
   return randomBytes11(4).toString("hex");
@@ -72151,7 +72392,7 @@ function resolveRepoPath(repo, codeRepos) {
 }
 function expandHome(p) {
   if (p.startsWith("~/"))
-    return join52(homedir28(), p.slice(2));
+    return join53(homedir30(), p.slice(2));
   return p;
 }
 async function claimWorktree(input, codeRepos) {
@@ -72179,7 +72420,7 @@ async function claimWorktree(input, codeRepos) {
     branch = `task/${taskSuffix}-${id}`;
     const baseDir = worktreesBaseDir();
     mkdirSync32(baseDir, { recursive: true });
-    worktreePath = join52(baseDir, `${id}-${taskSuffix}`);
+    worktreePath = join53(baseDir, `${id}-${taskSuffix}`);
     const now = new Date().toISOString();
     const record2 = {
       id,
@@ -72434,7 +72675,7 @@ import {
   rmSync as rmSync15,
   writeFileSync as writeFileSync30
 } from "node:fs";
-import { join as join53 } from "node:path";
+import { join as join54 } from "node:path";
 function encodeCredentialsFilename(email) {
   const SAFE = new Set([
     ..."ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
@@ -72598,16 +72839,16 @@ function resolveCredentialsDir(env2) {
   if (explicit && explicit.length > 0)
     return explicit;
   const stateBase = env2.SWITCHROOM_CONTAINER === "1" ? "/state/agent" : env2.HOME ?? ".";
-  return join53(stateBase, "google-workspace-mcp", "credentials");
+  return join54(stateBase, "google-workspace-mcp", "credentials");
 }
 function writeSeedFile(dir, email, seed) {
   mkdirSync33(dir, { recursive: true, mode: 448 });
   chmodSync9(dir, 448);
   for (const name of readdirSync21(dir)) {
-    rmSync15(join53(dir, name), { force: true, recursive: true });
+    rmSync15(join54(dir, name), { force: true, recursive: true });
   }
   const filename = encodeCredentialsFilename(email);
-  const filePath = join53(dir, filename);
+  const filePath = join54(dir, filename);
   writeFileSync30(filePath, JSON.stringify(seed), { mode: 384 });
   chmodSync9(filePath, 384);
   return filePath;
@@ -73105,8 +73346,8 @@ agents:
 
 // src/cli/apply.ts
 init_resolver();
-import { dirname as dirname19, join as join57, resolve as resolve41 } from "node:path";
-import { homedir as homedir30 } from "node:os";
+import { dirname as dirname19, join as join58, resolve as resolve41 } from "node:path";
+import { homedir as homedir32 } from "node:os";
 import { execFileSync as execFileSync19 } from "node:child_process";
 init_vault();
 init_loader();
@@ -73114,7 +73355,7 @@ init_loader();
 
 // src/cli/update-prompt-hook.ts
 import { existsSync as existsSync62, readFileSync as readFileSync53, writeFileSync as writeFileSync31, chmodSync as chmodSync10, mkdirSync as mkdirSync34 } from "node:fs";
-import { join as join54 } from "node:path";
+import { join as join55 } from "node:path";
 var HOOK_FILENAME = "update-card-on-prompt.sh";
 function updatePromptHookScript() {
   return `#!/bin/bash
@@ -73180,9 +73421,9 @@ exit 0
 `;
 }
 function installUpdatePromptHook(agentDir) {
-  const hooksDir = join54(agentDir, ".claude", "hooks");
+  const hooksDir = join55(agentDir, ".claude", "hooks");
   mkdirSync34(hooksDir, { recursive: true });
-  const scriptPath = join54(hooksDir, HOOK_FILENAME);
+  const scriptPath = join55(hooksDir, HOOK_FILENAME);
   const desired = updatePromptHookScript();
   let installed = false;
   const existing = existsSync62(scriptPath) ? readFileSync53(scriptPath, "utf-8") : "";
@@ -73195,7 +73436,7 @@ function installUpdatePromptHook(agentDir) {
       chmodSync10(scriptPath, 493);
     } catch {}
   }
-  const settingsPath = join54(agentDir, ".claude", "settings.json");
+  const settingsPath = join55(agentDir, ".claude", "settings.json");
   if (!existsSync62(settingsPath)) {
     return { scriptPath, settingsPath, installed };
   }
@@ -73321,7 +73562,7 @@ import {
   realpathSync as realpathSync6,
   statSync as statSync25
 } from "node:fs";
-import { join as join56 } from "node:path";
+import { join as join57 } from "node:path";
 function resolveOperatorUid() {
   const sudoUid = process.env.SUDO_UID;
   if (sudoUid !== undefined) {
@@ -73337,14 +73578,14 @@ function resolveOperatorUid() {
   return;
 }
 function operatorOwnedPaths(home2) {
-  const root = join56(home2, ".switchroom");
+  const root = join57(home2, ".switchroom");
   return [
-    join56(root, "vault"),
-    join56(root, "vault-auto-unlock"),
-    join56(root, "vault-audit.log"),
-    join56(root, "host-control-audit.log"),
-    join56(root, "accounts"),
-    join56(root, "compose")
+    join57(root, "vault"),
+    join57(root, "vault-auto-unlock"),
+    join57(root, "vault-audit.log"),
+    join57(root, "host-control-audit.log"),
+    join57(root, "accounts"),
+    join57(root, "compose")
   ];
 }
 function restoreOperatorOwnership(home2, operatorUid, deps = {}) {
@@ -73393,7 +73634,7 @@ function restoreOperatorOwnership(home2, operatorUid, deps = {}) {
     } catch {}
     if (isDir(target)) {
       for (const entry of readdir2(target)) {
-        visit(join56(target, entry));
+        visit(join57(target, entry));
       }
     }
   };
@@ -73407,14 +73648,14 @@ var EMBEDDED_EXAMPLES = {
   switchroom: switchroom_default,
   minimal: minimal_default
 };
-var DEFAULT_COMPOSE_PATH2 = join57(homedir30(), ".switchroom", "compose", "docker-compose.yml");
+var DEFAULT_COMPOSE_PATH2 = join58(homedir32(), ".switchroom", "compose", "docker-compose.yml");
 var COMPOSE_PROJECT2 = "switchroom";
 function resolveVaultBindMountDir(homeDir, ctx) {
   const isCustomPath = ctx.migrationKind === "custom-path-skipped";
   if (isCustomPath && ctx.customVaultPath) {
     return dirname19(ctx.customVaultPath);
   }
-  return join57(homeDir, ".switchroom", "vault");
+  return join58(homeDir, ".switchroom", "vault");
 }
 function inspectVaultBindMountDir(vaultDir) {
   if (!existsSync65(vaultDir))
@@ -73443,31 +73684,31 @@ function hasVaultRefs(value) {
   return false;
 }
 async function ensureHostMountSources(config) {
-  const home2 = homedir30();
+  const home2 = homedir32();
   const dirs = [
-    join57(home2, ".switchroom", "approvals"),
-    join57(home2, ".switchroom", "scheduler"),
-    join57(home2, ".switchroom", "logs"),
-    join57(home2, ".switchroom", "compose"),
-    join57(home2, ".switchroom", "broker-operator")
+    join58(home2, ".switchroom", "approvals"),
+    join58(home2, ".switchroom", "scheduler"),
+    join58(home2, ".switchroom", "logs"),
+    join58(home2, ".switchroom", "compose"),
+    join58(home2, ".switchroom", "broker-operator")
   ];
   for (const name of Object.keys(config.agents)) {
-    dirs.push(join57(home2, ".switchroom", "agents", name));
-    dirs.push(join57(home2, ".switchroom", "logs", name));
-    dirs.push(join57(home2, ".claude", "projects", name));
+    dirs.push(join58(home2, ".switchroom", "agents", name));
+    dirs.push(join58(home2, ".switchroom", "logs", name));
+    dirs.push(join58(home2, ".claude", "projects", name));
   }
   for (const dir of dirs) {
     await mkdir(dir, { recursive: true });
   }
-  const autoUnlockPath = join57(home2, ".switchroom", "vault-auto-unlock");
+  const autoUnlockPath = join58(home2, ".switchroom", "vault-auto-unlock");
   if (!existsSync65(autoUnlockPath)) {
     writeFileSync32(autoUnlockPath, "", { mode: 384 });
   }
-  const auditLogPath = join57(home2, ".switchroom", "vault-audit.log");
+  const auditLogPath = join58(home2, ".switchroom", "vault-audit.log");
   if (!existsSync65(auditLogPath)) {
     writeFileSync32(auditLogPath, "", { mode: 420 });
   }
-  const hostdAuditLogPath = join57(home2, ".switchroom", "host-control-audit.log");
+  const hostdAuditLogPath = join58(home2, ".switchroom", "host-control-audit.log");
   if (!existsSync65(hostdAuditLogPath)) {
     writeFileSync32(hostdAuditLogPath, "", { mode: 420 });
   }
@@ -73539,10 +73780,10 @@ function detectAndReportLegacyGdriveSlots(vaultPath) {
 `));
   }
 }
-function writeInstallTypeCache(homeDir = homedir30()) {
+function writeInstallTypeCache(homeDir = homedir32()) {
   const ctx = detectInstallType();
-  const dir = join57(homeDir, ".switchroom");
-  const out = join57(dir, "install-type.json");
+  const dir = join58(homeDir, ".switchroom");
+  const out = join58(dir, "install-type.json");
   const tmp = `${out}.tmp`;
   mkdirSync35(dir, { recursive: true });
   const payload = {
@@ -73591,14 +73832,14 @@ Applying switchroom config...
       writeOut(source_default.green(`  + ${name}`) + source_default.gray(` (${agentConfig.extends ?? "default"}) \u2014 ${detail}
 `));
       try {
-        installUpdatePromptHook(join57(agentsDir, name));
+        installUpdatePromptHook(join58(agentsDir, name));
       } catch (hookErr) {
         writeOut(source_default.gray(`    (update-prompt hook install failed for ${name}: ${hookErr.message})
 `));
       }
       try {
         const uid = allocateAgentUid(name);
-        alignAgentUid(name, join57(agentsDir, name), uid, {
+        alignAgentUid(name, join58(agentsDir, name), uid, {
           confirm: !options.nonInteractive,
           writeOut
         });
@@ -73635,7 +73876,7 @@ Applying switchroom config...
     for (const name of agentNames) {
       try {
         const uid = allocateAgentUid(name);
-        alignAgentUid(name, join57(agentsDir, name), uid, {
+        alignAgentUid(name, join58(agentsDir, name), uid, {
           confirm: !options.nonInteractive,
           writeOut
         });
@@ -73649,7 +73890,7 @@ Applying switchroom config...
   }
   const vaultPathConfigured = config.vault?.path;
   const customVaultPath = vaultPathConfigured ? resolvePath(vaultPathConfigured) : undefined;
-  const migrationResult = migrateVaultLayout(homedir30(), {
+  const migrationResult = migrateVaultLayout(homedir32(), {
     customVaultPath
   });
   switch (migrationResult.kind) {
@@ -73675,7 +73916,7 @@ Applying switchroom config...
       writeErr(formatDivergentRecoveryMessage(migrationResult.details));
       process.exit(4);
   }
-  const postMigrationInspect = inspectVaultLayout(homedir30());
+  const postMigrationInspect = inspectVaultLayout(homedir32());
   const acceptable = [
     "no-vault",
     "already-migrated",
@@ -73690,7 +73931,7 @@ Applying switchroom config...
 `));
     process.exit(5);
   }
-  const vaultDir = resolveVaultBindMountDir(homedir30(), {
+  const vaultDir = resolveVaultBindMountDir(homedir32(), {
     migrationKind: migrationResult.kind,
     customVaultPath
   });
@@ -73720,7 +73961,7 @@ Applying switchroom config...
     imageTag: composeImageTag,
     buildMode: options.buildLocal ? "local" : "pull",
     buildContext: options.buildContext,
-    homeDir: homedir30(),
+    homeDir: homedir32(),
     switchroomConfigPath,
     operatorUid
   });
@@ -73740,7 +73981,7 @@ Wrote `) + composePath + source_default.gray(` (${composeBytes} bytes)
   writeOut(source_default.gray(`  (If pull returns 401, login to ghcr.io first: see docs/operators/install.md#ghcr-auth)
 `));
   if (process.geteuid?.() === 0 && operatorUid !== undefined) {
-    const restored = restoreOperatorOwnership(homedir30(), operatorUid);
+    const restored = restoreOperatorOwnership(homedir32(), operatorUid);
     if (restored.length > 0) {
       writeOut(source_default.gray(`  Restored operator ownership of ${restored.length} ~/.switchroom path(s)
 `));
@@ -73810,7 +74051,7 @@ function findUnwritableAgentDirs(config, opts) {
   const targets = opts.only ? [opts.only] : Object.keys(config.agents ?? {});
   const unwritable = [];
   for (const name of targets) {
-    const startSh = join57(agentsDir, name, "start.sh");
+    const startSh = join58(agentsDir, name, "start.sh");
     if (!existsSync65(startSh))
       continue;
     try {
@@ -73990,8 +74231,8 @@ function runRedactStdin() {
 
 // src/cli/status-ask.ts
 import { readFileSync as readFileSync54, existsSync as existsSync66, readdirSync as readdirSync24 } from "node:fs";
-import { join as join58 } from "node:path";
-import { homedir as homedir31 } from "node:os";
+import { join as join59 } from "node:path";
+import { homedir as homedir33 } from "node:os";
 
 // src/status-ask/report.ts
 function parseJsonl(content) {
@@ -74326,7 +74567,7 @@ function resolveSources(explicitPath) {
     const config = loadConfig();
     agentsDir = resolveAgentsDir(config);
   } catch {
-    agentsDir = join58(homedir31(), ".switchroom", "agents");
+    agentsDir = join59(homedir33(), ".switchroom", "agents");
   }
   if (!existsSync66(agentsDir))
     return [];
@@ -74338,7 +74579,7 @@ function resolveSources(explicitPath) {
     return [];
   }
   for (const name of entries) {
-    const path8 = join58(agentsDir, name, "runtime-metrics.jsonl");
+    const path8 = join59(agentsDir, name, "runtime-metrics.jsonl");
     if (existsSync66(path8)) {
       sources.push({ path: path8, agent: name });
     }
@@ -74360,17 +74601,17 @@ function inferAgentFromPath(p) {
 
 // src/cli/agent-config.ts
 init_helpers();
-import { join as join59 } from "node:path";
-import { homedir as homedir32 } from "node:os";
+import { join as join60 } from "node:path";
+import { homedir as homedir34 } from "node:os";
 import {
   existsSync as existsSync67,
   mkdirSync as mkdirSync36,
   appendFileSync as appendFileSync3,
   readFileSync as readFileSync55
 } from "node:fs";
-var AUDIT_ROOT = join59(homedir32(), ".switchroom", "audit");
+var AUDIT_ROOT = join60(homedir34(), ".switchroom", "audit");
 function auditPathFor(agent) {
-  return join59(AUDIT_ROOT, agent, "agent-config.jsonl");
+  return join60(AUDIT_ROOT, agent, "agent-config.jsonl");
 }
 function appendAudit(agent, cmd, args, exit, opts = {}) {
   const row = {
@@ -74628,21 +74869,21 @@ import {
   unlinkSync as unlinkSync13,
   writeSync as writeSync7
 } from "node:fs";
-import { join as join60, resolve as resolve42 } from "node:path";
+import { join as join61, resolve as resolve42 } from "node:path";
 var STAGING_SUBDIR = ".staging";
 function overlayPathsFor(agent, opts = {}) {
   const base = opts.root ? resolve42(opts.root, agent) : resolve42(resolveDualPath(`~/.switchroom/agents/${agent}`));
-  const scheduleDir = join60(base, "schedule.d");
-  const scheduleStagingDir = join60(scheduleDir, STAGING_SUBDIR);
-  const skillsDir = join60(base, "skills.d");
-  const skillsStagingDir = join60(skillsDir, STAGING_SUBDIR);
+  const scheduleDir = join61(base, "schedule.d");
+  const scheduleStagingDir = join61(scheduleDir, STAGING_SUBDIR);
+  const skillsDir = join61(base, "skills.d");
+  const skillsStagingDir = join61(skillsDir, STAGING_SUBDIR);
   return {
     agentRoot: base,
     scheduleDir,
     scheduleStagingDir,
     skillsDir,
     skillsStagingDir,
-    lockPath: join60(base, ".lock"),
+    lockPath: join61(base, ".lock"),
     stagingDir: scheduleStagingDir
   };
 }
@@ -74696,8 +74937,8 @@ function writeOverlayEntry(agent, slug, yamlText, opts = {}) {
   const paths = overlayPathsFor(agent, opts);
   return withAgentLock(paths, () => {
     ensureDirs(paths);
-    const stagingPath = join60(paths.scheduleStagingDir, `${slug}.yaml`);
-    const finalPath = join60(paths.scheduleDir, `${slug}.yaml`);
+    const stagingPath = join61(paths.scheduleStagingDir, `${slug}.yaml`);
+    const finalPath = join61(paths.scheduleDir, `${slug}.yaml`);
     const fd = openSync12(stagingPath, "w", 384);
     try {
       writeSync7(fd, yamlText);
@@ -74713,8 +74954,8 @@ function writeSkillsOverlayEntry(agent, slug, yamlText, opts = {}) {
   const paths = overlayPathsFor(agent, opts);
   return withAgentLock(paths, () => {
     ensureSkillsDirs(paths);
-    const stagingPath = join60(paths.skillsStagingDir, `${slug}.yaml`);
-    const finalPath = join60(paths.skillsDir, `${slug}.yaml`);
+    const stagingPath = join61(paths.skillsStagingDir, `${slug}.yaml`);
+    const finalPath = join61(paths.skillsDir, `${slug}.yaml`);
     const fd = openSync12(stagingPath, "w", 384);
     try {
       writeSync7(fd, yamlText);
@@ -74729,7 +74970,7 @@ function writeSkillsOverlayEntry(agent, slug, yamlText, opts = {}) {
 function deleteSkillsOverlayEntry(agent, slug, opts = {}) {
   const paths = overlayPathsFor(agent, opts);
   return withAgentLock(paths, () => {
-    const finalPath = join60(paths.skillsDir, `${slug}.yaml`);
+    const finalPath = join61(paths.skillsDir, `${slug}.yaml`);
     if (!existsSync68(finalPath))
       return false;
     unlinkSync13(finalPath);
@@ -74744,7 +74985,7 @@ function listSkillsOverlayEntries(agent, opts = {}) {
   for (const name of readdirSync25(paths.skillsDir)) {
     if (!/\.ya?ml$/i.test(name))
       continue;
-    const full = join60(paths.skillsDir, name);
+    const full = join61(paths.skillsDir, name);
     try {
       const raw = readFileSync56(full, "utf-8");
       const slug = name.replace(/\.ya?ml$/i, "");
@@ -74756,7 +74997,7 @@ function listSkillsOverlayEntries(agent, opts = {}) {
 function deleteOverlayEntry(agent, slug, opts = {}) {
   const paths = overlayPathsFor(agent, opts);
   return withAgentLock(paths, () => {
-    const finalPath = join60(paths.scheduleDir, `${slug}.yaml`);
+    const finalPath = join61(paths.scheduleDir, `${slug}.yaml`);
     if (!existsSync68(finalPath))
       return false;
     unlinkSync13(finalPath);
@@ -74771,7 +75012,7 @@ function listOverlayEntries(agent, opts = {}) {
   for (const name of readdirSync25(paths.scheduleDir)) {
     if (!/\.ya?ml$/i.test(name))
       continue;
-    const full = join60(paths.scheduleDir, name);
+    const full = join61(paths.scheduleDir, name);
     try {
       const raw = readFileSync56(full, "utf-8");
       const slug = name.replace(/\.ya?ml$/i, "");
@@ -74927,12 +75168,12 @@ import {
   writeFileSync as writeFileSync33,
   writeSync as writeSync8
 } from "node:fs";
-import { join as join61 } from "node:path";
+import { join as join62 } from "node:path";
 import { randomBytes as randomBytes12 } from "node:crypto";
 var STAGE_ID_PREFIX = "cap_";
 function pendingDir(agent, opts = {}) {
   const paths = overlayPathsFor(agent, opts);
-  return join61(paths.scheduleDir, ".pending");
+  return join62(paths.scheduleDir, ".pending");
 }
 function ensurePendingDir(agent, opts = {}) {
   const dir = pendingDir(agent, opts);
@@ -74945,8 +75186,8 @@ function newStageId() {
 function stagePendingScheduleEntry(opts) {
   const dir = ensurePendingDir(opts.agent, { root: opts.root });
   const stageId = opts.stageId ?? newStageId();
-  const yamlPath = join61(dir, `${stageId}.yaml`);
-  const metaPath = join61(dir, `${stageId}.meta.json`);
+  const yamlPath = join62(dir, `${stageId}.yaml`);
+  const metaPath = join62(dir, `${stageId}.meta.json`);
   const meta = {
     v: 1,
     stage_id: stageId,
@@ -74980,8 +75221,8 @@ function listPendingScheduleEntries(agent, opts = {}) {
     if (!name.endsWith(".meta.json"))
       continue;
     const stageId = name.slice(0, -".meta.json".length);
-    const metaPath = join61(dir, name);
-    const yamlPath = join61(dir, `${stageId}.yaml`);
+    const metaPath = join62(dir, name);
+    const yamlPath = join62(dir, `${stageId}.yaml`);
     if (!existsSync69(yamlPath))
       continue;
     try {
@@ -75000,7 +75241,7 @@ function commitPendingScheduleEntry(opts) {
     return { committed: false, reason: "not_found" };
   const slug = match.meta.entry.name ?? match.stageId;
   const paths = overlayPathsFor(opts.agent, { root: opts.root });
-  const finalPath = join61(paths.scheduleDir, `${slug}.yaml`);
+  const finalPath = join62(paths.scheduleDir, `${slug}.yaml`);
   if (existsSync69(finalPath)) {
     return { committed: false, reason: "slug_collision" };
   }
@@ -75453,7 +75694,7 @@ var import_yaml15 = __toESM(require_dist(), 1);
 import { existsSync as existsSync71 } from "node:fs";
 init_reconcile_default_skills();
 var import_yaml16 = __toESM(require_dist(), 1);
-import { join as join62 } from "node:path";
+import { join as join63 } from "node:path";
 var MAX_SKILLS_PER_AGENT = 20;
 var V1_ALLOWED_SOURCE_PREFIX = "bundled:";
 function exitCodeFor2(code) {
@@ -75528,7 +75769,7 @@ function skillInstall(opts) {
     return err("E_SKILL_QUOTA_EXCEEDED", `agent ${agent} already has ${used} overlay-installed skills (cap ${MAX_SKILLS_PER_AGENT})`);
   }
   const poolDir = opts.bundledSkillsPoolDir ?? getBundledSkillsPoolDir();
-  const skillPath = join62(poolDir, skillName);
+  const skillPath = join63(poolDir, skillName);
   if (!existsSync71(skillPath)) {
     return err("E_SKILL_NOT_FOUND", `bundled skill not found at ${skillPath}. The operator needs to ` + `place the skill at this path before the agent can opt in.`);
   }
@@ -75721,14 +75962,14 @@ import {
   unlinkSync as unlinkSync15
 } from "node:fs";
 import { createHash as createHash12 } from "node:crypto";
-import { join as join63 } from "node:path";
+import { join as join64 } from "node:path";
 function planCronUnitRenames(agentsDir, agents) {
   const plans = [];
   for (const [agentName, agentConfig] of Object.entries(agents)) {
     const schedule = agentConfig.schedule ?? [];
     if (schedule.length === 0)
       continue;
-    const telegramDir = join63(agentsDir, agentName, "telegram");
+    const telegramDir = join64(agentsDir, agentName, "telegram");
     if (!existsSync73(telegramDir))
       continue;
     let entries;
@@ -75750,8 +75991,8 @@ function planCronUnitRenames(agentsDir, agents) {
         continue;
       plans.push({
         agent: agentName,
-        from: join63(telegramDir, file),
-        to: join63(telegramDir, canonical),
+        from: join64(telegramDir, file),
+        to: join64(telegramDir, canonical),
         scheduleIdx: idx,
         entry
       });
@@ -75889,8 +76130,8 @@ function registerMigrateCommand(program3) {
 init_source();
 init_helpers();
 import { existsSync as existsSync74, mkdirSync as mkdirSync39, readdirSync as readdirSync28, readFileSync as readFileSync61, writeFileSync as writeFileSync34, statSync as statSync28, copyFileSync as copyFileSync12 } from "node:fs";
-import { homedir as homedir33 } from "node:os";
-import { join as join64 } from "node:path";
+import { homedir as homedir35 } from "node:os";
+import { join as join65 } from "node:path";
 import { spawnSync as spawnSync11 } from "node:child_process";
 init_audit_reader();
 var DEFAULT_IMAGE_TAG = "latest";
@@ -75981,10 +76222,10 @@ networks:
 `;
 }
 function hostdDir() {
-  return join64(homedir33(), ".switchroom", "hostd");
+  return join65(homedir35(), ".switchroom", "hostd");
 }
 function hostdComposePath() {
-  return join64(hostdDir(), "docker-compose.yml");
+  return join65(hostdDir(), "docker-compose.yml");
 }
 function backupExistingCompose() {
   const p = hostdComposePath();
@@ -76023,7 +76264,7 @@ async function doInstall(opts, program3) {
   const composePath = hostdComposePath();
   mkdirSync39(dir, { recursive: true });
   const yaml = renderHostdComposeFile({
-    hostHome: homedir33(),
+    hostHome: homedir35(),
     imageTag: opts.tag ?? DEFAULT_IMAGE_TAG,
     operatorUid: resolveOperatorUid()
   });
@@ -76092,7 +76333,7 @@ function doStatus() {
       for (const name of readdirSync28(dir)) {
         if (name === "docker-compose.yml" || name.startsWith("docker-compose.yml."))
           continue;
-        const sockPath = join64(dir, name, "sock");
+        const sockPath = join65(dir, name, "sock");
         if (existsSync74(sockPath)) {
           const st = statSync28(sockPath);
           if ((st.mode & 61440) === 49152) {