switchroom 0.12.13 → 0.12.15

package/telegram-plugin/dist/gateway/gateway.js

@@ -24664,7 +24664,7 @@ function decodeResponse2(line) {
   const obj = JSON.parse(line);
   return ResponseSchema2.parse(obj);
 }
-var MAX_FRAME_BYTES2, GetRequestSchema, PutRequestSchema, ListRequestSchema, MintGrantRequestSchema, ListGrantsRequestSchema, RevokeGrantRequestSchema, StatusRequestSchema, LockRequestSchema, ApprovalRequestRequestSchema, ApprovalLookupRequestSchema, ApprovalConsumeRequestSchema, ApprovalRevokeRequestSchema, ApprovalListRequestSchema, ApprovalDecisionModeSchema, ApprovalRecordRequestSchema, RequestSchema2, VaultEntrySchema, ErrorCode, OkEntryResponseSchema, OkKeysResponseSchema, BrokerStatus, OkStatusResponseSchema, OkLockResponseSchema, OkPutResponseSchema, OkMintGrantResponseSchema, GrantMetaSchema, OkListGrantsResponseSchema, OkRevokeGrantResponseSchema, OkApprovalRequestResponseSchema, ApprovalDecisionMetaSchema, OkApprovalLookupResponseSchema, OkApprovalConsumeResponseSchema, OkApprovalRevokeResponseSchema, OkApprovalListResponseSchema, OkApprovalRecordResponseSchema, ErrorResponseSchema2, ResponseSchema2;
+var MAX_FRAME_BYTES2, GetRequestSchema, PutRequestSchema, ListRequestSchema, MintGrantRequestSchema, ListGrantsRequestSchema, RevokeGrantRequestSchema, StatusRequestSchema, LockRequestSchema, PreflightAccessRequestSchema, OkPreflightAccessResponseSchema, ApprovalRequestRequestSchema, ApprovalLookupRequestSchema, ApprovalConsumeRequestSchema, ApprovalRevokeRequestSchema, ApprovalListRequestSchema, ApprovalDecisionModeSchema, ApprovalRecordRequestSchema, ApprovalConsumeRecordRequestSchema, RequestSchema2, VaultEntrySchema, ErrorCode, OkEntryResponseSchema, OkKeysResponseSchema, BrokerStatus, OkStatusResponseSchema, OkLockResponseSchema, OkPutResponseSchema, OkMintGrantResponseSchema, GrantMetaSchema, OkListGrantsResponseSchema, OkRevokeGrantResponseSchema, OkApprovalRequestResponseSchema, ApprovalDecisionMetaSchema, OkApprovalLookupResponseSchema, OkApprovalConsumeResponseSchema, OkApprovalRevokeResponseSchema, OkApprovalListResponseSchema, OkApprovalRecordResponseSchema, OkApprovalConsumeRecordResponseSchema, ErrorResponseSchema2, ResponseSchema2;
 var init_protocol2 = __esm(() => {
   init_zod();
   MAX_FRAME_BYTES2 = 64 * 1024;
@@ -24723,6 +24723,24 @@ var init_protocol2 = __esm(() => {
     v: exports_external.literal(1),
     op: exports_external.literal("lock")
   });
+  PreflightAccessRequestSchema = exports_external.object({
+    v: exports_external.literal(1),
+    op: exports_external.literal("preflight_access"),
+    agent: exports_external.string().min(1),
+    keys: exports_external.array(exports_external.string().min(1)).min(1).max(128)
+  });
+  OkPreflightAccessResponseSchema = exports_external.object({
+    ok: exports_external.literal(true),
+    op: exports_external.literal("preflight_access"),
+    results: exports_external.array(exports_external.object({
+      key: exports_external.string(),
+      exists: exports_external.boolean(),
+      acl_ok: exports_external.boolean(),
+      acl_reason: exports_external.string().optional(),
+      scope_ok: exports_external.boolean(),
+      scope_reason: exports_external.string().optional()
+    }))
+  });
   ApprovalRequestRequestSchema = exports_external.object({
     v: exports_external.literal(1),
     op: exports_external.literal("approval_request"),
@@ -24774,12 +24792,22 @@ var init_protocol2 = __esm(() => {
     granted_by_user_id: exports_external.number().int(),
     ttl_ms: exports_external.number().int().positive().nullable().optional()
   });
+  ApprovalConsumeRecordRequestSchema = exports_external.object({
+    v: exports_external.literal(1),
+    op: exports_external.literal("approval_consume_record"),
+    request_id: exports_external.string().regex(/^[0-9a-f]{32}$/),
+    decision: ApprovalDecisionModeSchema,
+    approver_set: exports_external.array(exports_external.string()),
+    granted_by_user_id: exports_external.number().int(),
+    ttl_ms: exports_external.number().int().positive().nullable().optional()
+  });
   RequestSchema2 = exports_external.discriminatedUnion("op", [
     GetRequestSchema,
     PutRequestSchema,
     ListRequestSchema,
     StatusRequestSchema,
     LockRequestSchema,
+    PreflightAccessRequestSchema,
     MintGrantRequestSchema,
     ListGrantsRequestSchema,
     RevokeGrantRequestSchema,
@@ -24788,7 +24816,8 @@ var init_protocol2 = __esm(() => {
     ApprovalConsumeRequestSchema,
     ApprovalRevokeRequestSchema,
     ApprovalListRequestSchema,
-    ApprovalRecordRequestSchema
+    ApprovalRecordRequestSchema,
+    ApprovalConsumeRecordRequestSchema
   ]);
   VaultEntrySchema = exports_external.union([
     exports_external.object({ kind: exports_external.literal("string"), value: exports_external.string() }),
@@ -24910,6 +24939,15 @@ var init_protocol2 = __esm(() => {
     ok: exports_external.literal(true),
     decision_id: exports_external.string()
   });
+  OkApprovalConsumeRecordResponseSchema = exports_external.object({
+    ok: exports_external.literal(true),
+    consumed: exports_external.boolean(),
+    decision_id: exports_external.string().optional(),
+    agent_unit: exports_external.string().optional(),
+    scope: exports_external.string().optional(),
+    action: exports_external.string().optional(),
+    why: exports_external.string().nullable().optional()
+  });
   ErrorResponseSchema2 = exports_external.object({
     ok: exports_external.literal(false),
     code: ErrorCode,
@@ -24920,6 +24958,7 @@ var init_protocol2 = __esm(() => {
     OkKeysResponseSchema,
     OkStatusResponseSchema,
     OkLockResponseSchema,
+    OkPreflightAccessResponseSchema,
     OkPutResponseSchema,
     OkMintGrantResponseSchema,
     OkListGrantsResponseSchema,
@@ -24930,6 +24969,7 @@ var init_protocol2 = __esm(() => {
     OkApprovalRevokeResponseSchema,
     OkApprovalListResponseSchema,
     OkApprovalRecordResponseSchema,
+    OkApprovalConsumeRecordResponseSchema,
     ErrorResponseSchema2
   ]);
 });
@@ -29112,20 +29152,6 @@ function withKernelOpts2(opts) {
     return opts;
   return { ...opts ?? {}, socket: sock };
 }
-async function approvalConsume2(request_id, opts) {
-  const r = await rpcRaw({ v: 1, op: "approval_consume", request_id }, withKernelOpts2(opts));
-  if (r.kind !== "response" || !r.resp.ok)
-    return null;
-  if (!("consumed" in r.resp))
-    return null;
-  return {
-    consumed: r.resp.consumed,
-    agent_unit: r.resp.agent_unit,
-    scope: r.resp.scope,
-    action: r.resp.action,
-    why: r.resp.why ?? null
-  };
-}
 async function approvalRevoke(decision_id, actor, reason, opts) {
   const r = await rpcRaw({ v: 1, op: "approval_revoke", decision_id, actor, reason }, withKernelOpts2(opts));
   if (r.kind !== "response" || !r.resp.ok)
@@ -29134,10 +29160,10 @@ async function approvalRevoke(decision_id, actor, reason, opts) {
     return null;
   return r.resp.revoked;
 }
-async function approvalRecord2(args, opts) {
+async function approvalConsumeRecord(args, opts) {
   const r = await rpcRaw({
     v: 1,
-    op: "approval_record",
+    op: "approval_consume_record",
     request_id: args.request_id,
     decision: args.decision,
     approver_set: args.approver_set,
@@ -29146,9 +29172,17 @@ async function approvalRecord2(args, opts) {
   }, withKernelOpts2(opts));
   if (r.kind !== "response" || !r.resp.ok)
     return null;
-  if (!("decision_id" in r.resp))
+  if (!("consumed" in r.resp))
     return null;
-  return r.resp.decision_id;
+  const resp = r.resp;
+  return {
+    consumed: resp.consumed,
+    decision_id: resp.decision_id,
+    agent_unit: resp.agent_unit,
+    scope: resp.scope,
+    action: resp.action,
+    why: resp.why ?? null
+  };
 }
 async function approvalList(agent_unit, opts) {
   const r = await rpcRaw({ v: 1, op: "approval_list", agent_unit }, withKernelOpts2(opts));
@@ -29595,9 +29629,26 @@ var init_approval_card = __esm(() => {
 // gateway/approval-callback.ts
 var exports_approval_callback = {};
 __export(exports_approval_callback, {
+  resolveApprovalDecision: () => resolveApprovalDecision,
   handleApprovalCallback: () => handleApprovalCallback,
   buildGrantedKeyboard: () => buildGrantedKeyboard
 });
+function resolveApprovalDecision(choice) {
+  switch (choice.kind) {
+    case "deny":
+      return { ok: true, decision: "deny", granted: false, ttl_ms: null, displayMode: "denied" };
+    case "once":
+      return { ok: true, decision: "allow_once", granted: true, ttl_ms: null, displayMode: "granted once" };
+    case "always":
+      return { ok: true, decision: "allow_always", granted: true, ttl_ms: null, displayMode: "granted always" };
+    case "ttl": {
+      const ms = ttlMsFromToken(choice.param);
+      if (ms === null)
+        return { ok: false, error: "bad ttl token" };
+      return { ok: true, decision: "allow_ttl", granted: true, ttl_ms: ms, displayMode: `granted for ${choice.param}` };
+    }
+  }
+}
 function buildGrantedKeyboard(scope) {
   const btn = scopeToOpenInDriveButton(scope);
   if (btn === null)
@@ -29610,64 +29661,37 @@ async function handleApprovalCallback(ctx, data) {
     await ctx.answerCallbackQuery({ text: "malformed approval callback" });
     return;
   }
-  const consumed = await approvalConsume2(parsed.request_id);
-  if (consumed === null) {
-    await ctx.answerCallbackQuery({ text: "approval kernel unreachable" });
-    return;
-  }
-  if (!consumed.consumed) {
-    await ctx.answerCallbackQuery({ text: "this prompt expired" });
+  const resolved = resolveApprovalDecision(parsed.choice);
+  if (!resolved.ok) {
+    await ctx.answerCallbackQuery({ text: resolved.error });
     return;
   }
-  let decision;
-  let granted;
-  let ttl_ms = null;
-  let displayMode;
-  switch (parsed.choice.kind) {
-    case "deny":
-      decision = "deny";
-      granted = false;
-      displayMode = "denied";
-      break;
-    case "once":
-      decision = "allow_once";
-      granted = true;
-      displayMode = "granted once";
-      break;
-    case "always":
-      decision = "allow_always";
-      granted = true;
-      displayMode = "granted always";
-      break;
-    case "ttl": {
-      decision = "allow_ttl";
-      granted = true;
-      const ms = ttlMsFromToken(parsed.choice.param);
-      if (ms === null) {
-        await ctx.answerCallbackQuery({ text: "bad ttl token" });
-        return;
-      }
-      ttl_ms = ms;
-      displayMode = `granted for ${parsed.choice.param}`;
-      break;
-    }
-  }
+  const { decision, granted, ttl_ms, displayMode } = resolved;
   const granted_by_user_id = ctx.from?.id ?? 0;
   const approver_set = [String(granted_by_user_id)];
-  const decision_id = await approvalRecord2({
+  const result = await approvalConsumeRecord({
     request_id: parsed.request_id,
     decision,
     approver_set,
     granted_by_user_id,
     ttl_ms
   });
-  if (decision_id === null) {
+  if (result === null) {
+    await ctx.answerCallbackQuery({ text: "approval kernel unreachable" });
+    return;
+  }
+  if (!result.consumed) {
+    await ctx.answerCallbackQuery({ text: "this prompt expired" });
+    return;
+  }
+  if (!result.decision_id) {
     await ctx.answerCallbackQuery({ text: "kernel record failed" });
     return;
   }
+  const decision_id = result.decision_id;
   const icon = granted ? "\u2705" : "\uD83D\uDEAB";
   const newBody = `${icon} ${displayMode}` + (granted ? ` \u00b7 /approvals revoke <code>${decision_id}</code>` : "");
-  const postTapKeyboard = granted && consumed.scope ? buildGrantedKeyboard(consumed.scope) : undefined;
+  const postTapKeyboard = granted && result.scope ? buildGrantedKeyboard(result.scope) : undefined;
   try {
     await ctx.editMessageText(newBody, {
       parse_mode: "HTML",
@@ -41280,7 +41304,7 @@ async function approvalRecord(args, opts) {
     return null;
   if (!("decision_id" in r.resp))
     return null;
-  return r.resp.decision_id;
+  return r.resp.decision_id ?? null;
 }
 
 // quota-check.ts
@@ -43322,6 +43346,26 @@ function escapeHtml7(s) {
 
 // gateway/pending-inbound-buffer.ts
 var DEFAULT_PENDING_INBOUND_CAP = 32;
+function redeliverBufferedInbound(buffer, agent, send) {
+  const pending = buffer.drain(agent);
+  let redelivered = 0;
+  let rebuffered = 0;
+  for (const msg of pending) {
+    let delivered = false;
+    try {
+      delivered = send(msg);
+    } catch {
+      delivered = false;
+    }
+    if (delivered) {
+      redelivered++;
+    } else {
+      buffer.push(agent, msg);
+      rebuffered++;
+    }
+  }
+  return { drained: pending.length, redelivered, rebuffered };
+}
 function createPendingInboundBuffer(opts = {}) {
   const cap = opts.capPerAgent ?? DEFAULT_PENDING_INBOUND_CAP;
   const log = opts.log ?? ((line) => process.stderr.write(line));
@@ -43366,6 +43410,52 @@ function createPendingInboundBuffer(opts = {}) {
   };
 }
 
+// gateway/pending-permission-decisions.ts
+var DEFAULT_PENDING_PERMISSION_CAP = 32;
+function createPendingPermissionBuffer(opts = {}) {
+  const cap = opts.capPerAgent ?? DEFAULT_PENDING_PERMISSION_CAP;
+  const log = opts.log ?? ((line) => process.stderr.write(line));
+  const queues = new Map;
+  return {
+    push(agent, ev) {
+      let q = queues.get(agent);
+      if (q == null) {
+        q = [];
+        queues.set(agent, q);
+      }
+      let evicted = false;
+      if (q.length >= cap) {
+        const dropped = q.shift();
+        evicted = true;
+        log(`pending-permission-buffer: agent=${agent} cap=${cap} reached \u2014 ` + `dropped oldest verdict request=${dropped?.requestId ?? "-"} ` + `behavior=${dropped?.behavior ?? "-"}
+`);
+      }
+      q.push(ev);
+      log(`pending-permission-buffer: agent=${agent} buffered request=${ev.requestId} ` + `behavior=${ev.behavior} depth_after=${q.length} evicted=${evicted}
+`);
+      return !evicted;
+    },
+    drain(agent) {
+      const q = queues.get(agent);
+      if (q == null || q.length === 0)
+        return [];
+      queues.delete(agent);
+      log(`pending-permission-buffer: drained agent=${agent} count=${q.length} ` + `requests=[${q.map((e) => e.requestId).join(",")}]
+`);
+      return q;
+    },
+    depth(agent) {
+      return queues.get(agent)?.length ?? 0;
+    },
+    totalDepth() {
+      let n = 0;
+      for (const q of queues.values())
+        n += q.length;
+      return n;
+    }
+  };
+}
+
 // gateway/vault-grant-inbound-builders.ts
 function buildVaultGrantApprovedInbound(opts) {
   const ts = opts.nowMs ?? Date.now();
@@ -43409,6 +43499,63 @@ function buildVaultGrantDeniedInbound(opts) {
     }
   };
 }
+function buildVaultSaveCompletedInbound(opts) {
+  const ts = opts.nowMs ?? Date.now();
+  return {
+    type: "inbound",
+    chatId: opts.ctx.chat_id,
+    messageId: ts,
+    user: "vault-broker",
+    userId: 0,
+    ts,
+    text: `\u2705 Operator saved your secret as \`vault:${opts.ctx.key}\`. ` + `Please resume the task that was waiting on it \u2014 reference the ` + `value via the usual \`vault:${opts.ctx.key}\` path.`,
+    meta: {
+      source: "vault_save_completed",
+      agent: opts.ctx.agent,
+      key: opts.ctx.key,
+      stage_id: opts.stageId,
+      operator_id: opts.operatorId
+    }
+  };
+}
+function buildVaultSaveFailedInbound(opts) {
+  const ts = opts.nowMs ?? Date.now();
+  return {
+    type: "inbound",
+    chatId: opts.ctx.chat_id,
+    messageId: ts,
+    user: "vault-broker",
+    userId: 0,
+    ts,
+    text: `\u26a0\ufe0f The operator tapped Save but the vault write for ` + `\`vault:${opts.ctx.key}\` FAILED (${opts.reason}). The secret was ` + `NOT stored \u2014 do NOT assume \`vault:${opts.ctx.key}\` resolves. ` + `Either retry the save (the operator may need to fix the underlying ` + `issue first) or pick a fallback for the original task.`,
+    meta: {
+      source: "vault_save_failed",
+      agent: opts.ctx.agent,
+      key: opts.ctx.key,
+      stage_id: opts.stageId,
+      operator_id: opts.operatorId
+    }
+  };
+}
+function buildVaultSaveDiscardedInbound(opts) {
+  const ts = opts.nowMs ?? Date.now();
+  return {
+    type: "inbound",
+    chatId: opts.ctx.chat_id,
+    messageId: ts,
+    user: "vault-broker",
+    userId: 0,
+    ts,
+    text: `\uD83D\uDEAB Operator discarded your \`vault_request_save\` for ` + `\`${opts.ctx.key}\` \u2014 the secret was NOT stored and ` + `\`vault:${opts.ctx.key}\` will not resolve. Pick a fallback for ` + `the original task (ask the user, try another approach, or skip ` + `the feature). Do NOT re-request the save without asking the user.`,
+    meta: {
+      source: "vault_save_discarded",
+      agent: opts.ctx.agent,
+      key: opts.ctx.key,
+      stage_id: opts.stageId,
+      operator_id: opts.operatorId
+    }
+  };
+}
 
 // gateway/poll-health.ts
 var DEFAULT_LOG = (msg) => {
@@ -46621,11 +46768,11 @@ function sweepStaleTurnActiveMarker(stateDir, opts) {
 }
 
 // ../src/build-info.ts
-var VERSION = "0.12.13";
-var COMMIT_SHA = "fc96015d";
-var COMMIT_DATE = "2026-05-19T02:10:56Z";
-var LATEST_PR = 1532;
-var COMMITS_AHEAD_OF_TAG = 8;
+var VERSION = "0.12.15";
+var COMMIT_SHA = "dc508a92";
+var COMMIT_DATE = "2026-05-19T07:24:41Z";
+var LATEST_PR = 1547;
+var COMMITS_AHEAD_OF_TAG = 22;
 
 // gateway/boot-version.ts
 function formatRelativeAgo(iso) {
@@ -47995,8 +48142,12 @@ var pendingStateReaper = setInterval(() => {
       pendingVaultOps.delete(k);
   }
   for (const [k, v] of pendingPermissions) {
-    if (now - v.startedAt > PERMISSION_TTL_MS)
+    if (now - v.startedAt > PERMISSION_TTL_MS) {
+      dispatchPermissionVerdict({ type: "permission", requestId: k, behavior: "deny" });
+      process.stderr.write(`telegram gateway: permission TTL expired \u2014 auto-deny request=${k} tool=${v.tool_name} (no operator response in ${Math.round(PERMISSION_TTL_MS / 60000)}m)
+`);
       pendingPermissions.delete(k);
+    }
   }
   for (const [k, v] of vaultPassphraseCache) {
     if (now > v.expiresAt)
@@ -48311,11 +48462,23 @@ startTimer({
     try {
       clearSilentEndState(fbKey);
     } catch {}
-    process.stderr.write(`telegram gateway: silence-poke framework-fallback ended wedged turn chat=${fbChatId} thread=${ctx.threadId ?? "-"} silence_ms=${ctx.silenceMs} currentTurn_nulled=${turnMatchesFallback}
+    const fbSelfAgent = process.env.SWITCHROOM_AGENT_NAME ?? "";
+    const fbRedeliver = redeliverBufferedInbound(pendingInboundBuffer, fbSelfAgent, (m) => ipcServer.sendToAgent(fbSelfAgent, m));
+    process.stderr.write(`telegram gateway: silence-poke framework-fallback ended wedged turn chat=${fbChatId} thread=${ctx.threadId ?? "-"} silence_ms=${ctx.silenceMs} currentTurn_nulled=${turnMatchesFallback} drained_buffered=${fbRedeliver.redelivered}/${fbRedeliver.drained}${fbRedeliver.rebuffered > 0 ? ` rebuffered=${fbRedeliver.rebuffered}` : ""}
 `);
   }
 });
 var pendingInboundBuffer = createPendingInboundBuffer();
+var pendingPermissionBuffer = createPendingPermissionBuffer();
+function dispatchPermissionVerdict(ev) {
+  const selfAgent = process.env.SWITCHROOM_AGENT_NAME ?? "";
+  const delivered = ipcServer.sendToAgent(selfAgent, ev);
+  if (!delivered) {
+    pendingPermissionBuffer.push(selfAgent, ev);
+    process.stderr.write(`telegram gateway: permission verdict buffered (bridge offline) request=${ev.requestId} behavior=${ev.behavior}
+`);
+  }
+}
 var ipcServer = createIpcServer({
   socketPath: SOCKET_PATH,
   onClientRegistered(client3) {
@@ -48329,6 +48492,15 @@ var ipcServer = createIpcServer({
           client3.send(msg);
         } catch (err) {
           process.stderr.write(`telegram gateway: pending-inbound drain failed agent=${client3.agentName} source=${msg.meta?.source ?? "-"}: ${err.message}
+`);
+        }
+      }
+      const pendingVerdicts = pendingPermissionBuffer.drain(client3.agentName);
+      for (const ev of pendingVerdicts) {
+        try {
+          client3.send(ev);
+        } catch (err) {
+          process.stderr.write(`telegram gateway: pending-permission drain failed agent=${client3.agentName} request=${ev.requestId} behavior=${ev.behavior}: ${err.message}
 `);
         }
       }
@@ -50646,7 +50818,7 @@ async function handleInbound(ctx, text, downloadImage, attachment) {
   if (permMatch) {
     const behavior = permMatch[1].toLowerCase().startsWith("y") ? "allow" : "deny";
     const request_id = permMatch[2].toLowerCase();
-    ipcServer.broadcast({
+    dispatchPermissionVerdict({
       type: "permission",
       requestId: request_id,
       behavior
@@ -51121,11 +51293,12 @@ ${preBlock(write.output)}`;
       } : {}
     }
   };
-  ipcServer.broadcast(inboundMsg);
-  const delivered = ipcServer.clientCount() > 0;
+  const selfAgent = process.env.SWITCHROOM_AGENT_NAME ?? "";
+  const delivered = ipcServer.sendToAgent(selfAgent, inboundMsg);
   if (!delivered) {
+    pendingInboundBuffer.push(selfAgent, inboundMsg);
     const threadOpts = messageThreadId != null ? { message_thread_id: messageThreadId } : {};
-    swallowingApiCall(() => bot.api.sendMessage(chat_id, "\u23F3 Agent is restarting, please wait\u2026", { ...threadOpts }), {
+    swallowingApiCall(() => bot.api.sendMessage(chat_id, "\u23F3 Agent is restarting \u2014 your message is queued and will be processed when it reconnects.", { ...threadOpts }), {
       chat_id,
       verb: "agent-restarting-notice",
       ...messageThreadId != null ? { threadId: messageThreadId } : {}
@@ -52298,7 +52471,7 @@ async function handlePermissionSlash(ctx, behavior) {
     await switchroomReply(ctx, `No pending permission for id <code>${escapeHtmlForTg(request_id)}</code>. It may have already been answered or timed out.`, { html: true });
     return;
   }
-  ipcServer.broadcast({ type: "permission", requestId: request_id, behavior });
+  dispatchPermissionVerdict({ type: "permission", requestId: request_id, behavior });
   pendingPermissions.delete(request_id);
   process.stderr.write(`[telegram gateway] slash-${behavior} request_id=${request_id} tool=${details.tool_name} by=${senderId}
 `);
@@ -52893,6 +53066,16 @@ async function handleVaultRequestSaveCallback(ctx, data) {
     if (pending.card_message_id != null) {
       await ctx.api.editMessageText(pending.chat_id, pending.card_message_id, `\uD83D\uDEAB <i>Discarded. The secret was not written to the vault.</i>`, { parse_mode: "HTML", reply_markup: { inline_keyboard: [] } }).catch(() => {});
     }
+    const discardInbound = buildVaultSaveDiscardedInbound({
+      ctx: { agent: pending.agent, key: pending.key, chat_id: pending.chat_id },
+      stageId,
+      operatorId: senderId
+    });
+    const dDelivered = ipcServer.sendToAgent(pending.agent, discardInbound);
+    process.stderr.write(`telegram gateway: vault_save_discarded injection agent=${pending.agent} key=${pending.key} stage=${stageId} delivered=${dDelivered}
+`);
+    if (!dDelivered)
+      pendingInboundBuffer.push(pending.agent, discardInbound);
     return;
   }
   if (action === "rename") {
@@ -52935,6 +53118,19 @@ async function handleVaultRequestSaveCallback(ctx, data) {
 <i>Tap a fresh card after fixing the underlying issue.</i>`, { parse_mode: "HTML", reply_markup: { inline_keyboard: [] } }).catch(() => {});
       }
       pendingVaultRequestSaves.delete(stageId);
+      const failReason = (write.output || "vault write error").split(`
+`)[0].slice(0, 200);
+      const failInbound = buildVaultSaveFailedInbound({
+        ctx: { agent: pending.agent, key: pending.key, chat_id: pending.chat_id },
+        stageId,
+        operatorId: senderId,
+        reason: failReason
+      });
+      const fDelivered = ipcServer.sendToAgent(pending.agent, failInbound);
+      process.stderr.write(`telegram gateway: vault_save_failed injection agent=${pending.agent} key=${pending.key} stage=${stageId} delivered=${fDelivered}
+`);
+      if (!fDelivered)
+        pendingInboundBuffer.push(pending.agent, failInbound);
       return;
     }
     pendingVaultRequestSaves.delete(stageId);
@@ -52942,6 +53138,16 @@ async function handleVaultRequestSaveCallback(ctx, data) {
       await ctx.api.editMessageText(pending.chat_id, pending.card_message_id, `\u2705 saved as <code>vault:${escapeHtmlForTg(pending.key)}</code> (masked: <code>${escapeHtmlForTg(maskToken2(pending.value))}</code>)
 <i>The agent can now reference this as <code>vault:${escapeHtmlForTg(pending.key)}</code>.</i>`, { parse_mode: "HTML", reply_markup: { inline_keyboard: [] } }).catch(() => {});
     }
+    const okInbound = buildVaultSaveCompletedInbound({
+      ctx: { agent: pending.agent, key: pending.key, chat_id: pending.chat_id },
+      stageId,
+      operatorId: senderId
+    });
+    const okDelivered = ipcServer.sendToAgent(pending.agent, okInbound);
+    process.stderr.write(`telegram gateway: vault_save_completed injection agent=${pending.agent} key=${pending.key} stage=${stageId} delivered=${okDelivered}
+`);
+    if (!okDelivered)
+      pendingInboundBuffer.push(pending.agent, okInbound);
     return;
   }
   await ctx.answerCallbackQuery({ text: "Unknown action" }).catch(() => {});
@@ -54348,9 +54554,11 @@ ${preBlock(formatSwitchroomOutput(err.message ?? "unknown error"))}`, { html: tr
     };
     process.stderr.write(`telegram gateway: button_callback chatId=${cbChatId} user=${ctx.from.id} data=${JSON.stringify(agentCb.raw)} btnText=${JSON.stringify(buttonText ?? null)}
 `);
-    ipcServer.broadcast(inboundMsg);
-    if (ipcServer.clientCount() === 0) {
-      swallowingApiCall(() => bot.api.sendMessage(cbChatId, "\u23F3 Agent is restarting \u2014 your button tap was queued but won't be processed until it comes back.", cbThreadId != null ? { message_thread_id: cbThreadId } : {}), {
+    const selfAgentBtn = process.env.SWITCHROOM_AGENT_NAME ?? "";
+    const btnDelivered = ipcServer.sendToAgent(selfAgentBtn, inboundMsg);
+    if (!btnDelivered) {
+      pendingInboundBuffer.push(selfAgentBtn, inboundMsg);
+      swallowingApiCall(() => bot.api.sendMessage(cbChatId, "\u23F3 Agent is restarting \u2014 your button tap is queued and will be processed when it comes back.", cbThreadId != null ? { message_thread_id: cbThreadId } : {}), {
         chat_id: cbChatId,
         verb: "button-tap-restarting-notice",
         ...cbThreadId != null ? { threadId: cbThreadId } : {}
@@ -54445,7 +54653,7 @@ ${prettyInput}`;
 ${editLabel}` : editLabel,
       parseMode: "HTML",
       synthInbound: () => {
-        ipcServer.broadcast({
+        dispatchPermissionVerdict({
           type: "permission",
           requestId: request_id,
           behavior: "allow",
@@ -54466,7 +54674,7 @@ ${editLabel}` : editLabel,
 ${label}` : label,
     parseMode: "HTML",
     synthInbound: () => {
-      ipcServer.broadcast({
+      dispatchPermissionVerdict({
         type: "permission",
         requestId: request_id,
         behavior

package/telegram-plugin/gateway/approval-callback.test.ts

@@ -12,7 +12,10 @@
 
 import { describe, expect, it } from "vitest";
 import { InlineKeyboard } from "grammy";
-import { buildGrantedKeyboard } from "./approval-callback.js";
+import {
+  buildGrantedKeyboard,
+  resolveApprovalDecision,
+} from "./approval-callback.js";
 
 /**
  * Helper — pull the `[{text, url}]` rows out of a grammy InlineKeyboard
@@ -102,3 +105,48 @@ describe("buildGrantedKeyboard — no button cases", () => {
     expect(buildGrantedKeyboard("doc:gdrive:write:abc?evil=1")).toBeUndefined();
   });
 });
+
+describe("resolveApprovalDecision — pure decision resolution (PR-5)", () => {
+  it("deny → deny / not granted", () => {
+    expect(resolveApprovalDecision({ kind: "deny" })).toEqual({
+      ok: true, decision: "deny", granted: false, ttl_ms: null, displayMode: "denied",
+    });
+  });
+
+  it("once → allow_once, no ttl", () => {
+    expect(resolveApprovalDecision({ kind: "once" })).toEqual({
+      ok: true, decision: "allow_once", granted: true, ttl_ms: null, displayMode: "granted once",
+    });
+  });
+
+  it("always → allow_always, no ttl", () => {
+    expect(resolveApprovalDecision({ kind: "always" })).toEqual({
+      ok: true, decision: "allow_always", granted: true, ttl_ms: null, displayMode: "granted always",
+    });
+  });
+
+  it("ttl with a valid token → allow_ttl with computed ms", () => {
+    expect(resolveApprovalDecision({ kind: "ttl", param: "24h" })).toEqual({
+      ok: true,
+      decision: "allow_ttl",
+      granted: true,
+      ttl_ms: 24 * 60 * 60 * 1000,
+      displayMode: "granted for 24h",
+    });
+    expect(resolveApprovalDecision({ kind: "ttl", param: "7d" })).toMatchObject({
+      ok: true, decision: "allow_ttl", ttl_ms: 7 * 24 * 60 * 60 * 1000,
+    });
+  });
+
+  it("ttl with a bad token → { ok: false } so the caller does NOT consume the nonce", () => {
+    // This is the load-bearing case: pre-PR-4 this branch ran after
+    // approvalConsume() burned the single-use nonce, wedging the agent.
+    // It must report failure WITHOUT side effects (pure fn → caller
+    // returns before approvalConsume).
+    for (const param of ["bogus", "0h", "1w", "", "h", "12"]) {
+      expect(resolveApprovalDecision({ kind: "ttl", param })).toEqual({
+        ok: false, error: "bad ttl token",
+      });
+    }
+  });
+});