switchroom 0.12.19 → 0.12.21

package/dist/host-control/main.js

@@ -14026,7 +14026,11 @@ var VaultConfigSchema = exports_external.object({
         path: ["approvalAuth"]
       });
     }
-  }).describe("Vault-broker daemon configuration. The broker holds the decrypted vault " + "in memory and serves secrets to cron scripts via a Unix socket, so the " + "vault passphrase is entered once at startup rather than per-cron invocation.")
+  }).describe("Vault-broker daemon configuration. The broker holds the decrypted vault " + "in memory and serves secrets to cron scripts via a Unix socket, so the " + "vault passphrase is entered once at startup rather than per-cron invocation."),
+  backup: exports_external.object({
+    destination: exports_external.string().optional().describe("Destination directory for `switchroom vault backup`. " + "When unset, the CLI defaults to " + "`~/.switchroom-config/vault-backups/` if that operator config " + "repo exists, else `~/.switchroom/vault-backups/`. " + "Path is tilde-expanded at read time. " + "MUST NOT be `~/.switchroom/vault/` (the broker bind-mount dir, " + "validated by `switchroom apply` against an artifact allowlist)."),
+    retain: exports_external.number().int().nonnegative().default(30).describe("How many of the most-recent backups to keep in the destination dir. " + "Older ones are pruned after each new backup is written. Default 30 " + "= roughly a month at daily cadence.")
+  }).optional().describe("Configuration for `switchroom vault backup`. Optional — the CLI works " + "with built-in defaults if this block is absent. The backed-up file is " + "the AES-256-GCM-encrypted vault envelope; the operator passphrase " + "remains the gate, so committing backups to a private git repo extends " + "durability without weakening encryption (provided the auto-unlock " + "blob is NEVER co-located — `vault backup` refuses to write into a " + "directory that contains an auto-unlock-shaped sibling).")
 });
 var QuotaConfigSchema = exports_external.object({
   weekly_budget_usd: exports_external.number().positive().optional().describe("Weekly USD spend budget. If unset, the greeting shows raw usage only."),

package/dist/vault/approvals/kernel-server.js

@@ -11285,7 +11285,11 @@ var init_schema = __esm(() => {
           path: ["approvalAuth"]
         });
       }
-    }).describe("Vault-broker daemon configuration. The broker holds the decrypted vault " + "in memory and serves secrets to cron scripts via a Unix socket, so the " + "vault passphrase is entered once at startup rather than per-cron invocation.")
+    }).describe("Vault-broker daemon configuration. The broker holds the decrypted vault " + "in memory and serves secrets to cron scripts via a Unix socket, so the " + "vault passphrase is entered once at startup rather than per-cron invocation."),
+    backup: exports_external.object({
+      destination: exports_external.string().optional().describe("Destination directory for `switchroom vault backup`. " + "When unset, the CLI defaults to " + "`~/.switchroom-config/vault-backups/` if that operator config " + "repo exists, else `~/.switchroom/vault-backups/`. " + "Path is tilde-expanded at read time. " + "MUST NOT be `~/.switchroom/vault/` (the broker bind-mount dir, " + "validated by `switchroom apply` against an artifact allowlist)."),
+      retain: exports_external.number().int().nonnegative().default(30).describe("How many of the most-recent backups to keep in the destination dir. " + "Older ones are pruned after each new backup is written. Default 30 " + "= roughly a month at daily cadence.")
+    }).optional().describe("Configuration for `switchroom vault backup`. Optional — the CLI works " + "with built-in defaults if this block is absent. The backed-up file is " + "the AES-256-GCM-encrypted vault envelope; the operator passphrase " + "remains the gate, so committing backups to a private git repo extends " + "durability without weakening encryption (provided the auto-unlock " + "blob is NEVER co-located — `vault backup` refuses to write into a " + "directory that contains an auto-unlock-shaped sibling).")
   });
   QuotaConfigSchema = exports_external.object({
     weekly_budget_usd: exports_external.number().positive().optional().describe("Weekly USD spend budget. If unset, the greeting shows raw usage only."),

package/dist/vault/broker/server.js

@@ -11285,7 +11285,11 @@ var init_schema = __esm(() => {
           path: ["approvalAuth"]
         });
       }
-    }).describe("Vault-broker daemon configuration. The broker holds the decrypted vault " + "in memory and serves secrets to cron scripts via a Unix socket, so the " + "vault passphrase is entered once at startup rather than per-cron invocation.")
+    }).describe("Vault-broker daemon configuration. The broker holds the decrypted vault " + "in memory and serves secrets to cron scripts via a Unix socket, so the " + "vault passphrase is entered once at startup rather than per-cron invocation."),
+    backup: exports_external.object({
+      destination: exports_external.string().optional().describe("Destination directory for `switchroom vault backup`. " + "When unset, the CLI defaults to " + "`~/.switchroom-config/vault-backups/` if that operator config " + "repo exists, else `~/.switchroom/vault-backups/`. " + "Path is tilde-expanded at read time. " + "MUST NOT be `~/.switchroom/vault/` (the broker bind-mount dir, " + "validated by `switchroom apply` against an artifact allowlist)."),
+      retain: exports_external.number().int().nonnegative().default(30).describe("How many of the most-recent backups to keep in the destination dir. " + "Older ones are pruned after each new backup is written. Default 30 " + "= roughly a month at daily cadence.")
+    }).optional().describe("Configuration for `switchroom vault backup`. Optional — the CLI works " + "with built-in defaults if this block is absent. The backed-up file is " + "the AES-256-GCM-encrypted vault envelope; the operator passphrase " + "remains the gate, so committing backups to a private git repo extends " + "durability without weakening encryption (provided the auto-unlock " + "blob is NEVER co-located — `vault backup` refuses to write into a " + "directory that contains an auto-unlock-shaped sibling).")
   });
   QuotaConfigSchema = exports_external.object({
     weekly_budget_usd: exports_external.number().positive().optional().describe("Weekly USD spend budget. If unset, the greeting shows raw usage only."),
@@ -16031,7 +16035,7 @@ class VaultBroker {
           chownSync(abs, operatorUid, operatorUid);
         } catch {}
         const unlockServer = net.createServer((sock) => {
-          this._handleUnlockConnection(sock);
+          this._handleUnlockConnection(sock, true);
         });
         unlockServer.on("error", (err) => rejectP(err));
         unlockServer.listen(unlockAbs, () => {
@@ -17031,9 +17035,9 @@ class VaultBroker {
       socket.write(encodeResponse(errorResponse("INTERNAL", msg)));
     }
   }
-  _handleUnlockConnection(socket) {
+  _handleUnlockConnection(socket, isOperator = false) {
     let unlockPeer = null;
-    if (process.platform === "linux") {
+    if (!isOperator && process.platform === "linux") {
       unlockPeer = this.testOpts._testIdentify ? this.testOpts._testIdentify(this.unlockSocketPath, socket) : identify(this.unlockSocketPath, socket);
       if (unlockPeer === null) {
         this.auditLogger.write({
@@ -17048,9 +17052,9 @@ class VaultBroker {
         return;
       }
     }
-    const auditPid = unlockPeer?.pid ?? process.pid;
-    const auditCaller = unlockPeer !== null ? callerFromPeer(unlockPeer) : `pid:${process.pid}`;
-    const auditCgroup = unlockPeer?.systemdUnit ?? undefined;
+    const auditPid = isOperator ? process.pid : unlockPeer?.pid ?? process.pid;
+    const auditCaller = isOperator ? "operator" : unlockPeer !== null ? callerFromPeer(unlockPeer) : `pid:${process.pid}`;
+    const auditCgroup = isOperator ? undefined : unlockPeer?.systemdUnit ?? undefined;
     let buffer = "";
     socket.on("data", (chunk) => {
       buffer += chunk.toString("utf8");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "switchroom",
-  "version": "0.12.19",
+  "version": "0.12.21",
   "description": "Run Claude Code 24/7 on your Claude Pro/Max subscription over Telegram. Open-source alternative to OpenClaw and NanoClaw — no API keys.",
   "type": "module",
   "bin": {
@@ -26,12 +26,13 @@
     "test:vitest": "vitest run",
     "test:bun": "bun test src/watchdog/state.test.ts src/watchdog/policy.test.ts src/vault/grants.test.ts src/vault/write-grants.test.ts src/vault/broker/server-grants.test.ts src/vault/broker/server-write-grants.test.ts src/vault/broker/server-mint-grant-passphrase-attest.test.ts src/vault/broker/server-passphrase-attest.test.ts src/vault/broker/server-mint-grant-posture-attest.test.ts src/vault/broker/client-token.test.ts src/vault/broker/server-unlock.test.ts src/vault/broker/auto-unlock.test.ts src/vault/broker/drift-detection.test.ts tests/vault-broker-passphrase.test.ts src/cli/vault-get-broker.test.ts src/vault/resolver-via-broker.test.ts src/vault/broker/scope.test.ts src/vault/broker/server.test.ts src/drive/disconnect.test.ts src/drive/grants.test.ts src/drive/oauth.test.ts src/drive/onboarding.test.ts src/drive/reconciler.test.ts src/drive/vault-slots.test.ts src/drive/wrapper.test.ts src/vault/approvals/kernel.test.ts src/vault/approvals/schema-idempotent.test.ts src/vault/broker/server-approvals.test.ts telegram-plugin/tests/boot-probes.test.ts telegram-plugin/tests/boot-version-string.test.ts telegram-plugin/tests/history.test.ts telegram-plugin/tests/history-reaper.test.ts telegram-plugin/tests/ipc-server-client.test.ts telegram-plugin/tests/ipc-server-race.test.ts telegram-plugin/tests/gateway-bridge.test.ts telegram-plugin/tests/gateway-startup-mutex.test.ts telegram-plugin/tests/gateway-clean-shutdown-marker.test.ts telegram-plugin/tests/boot-card-dedupe.test.ts telegram-plugin/tests/boot-card-reason.test.ts telegram-plugin/tests/progress-update.test.ts telegram-plugin/tests/quota-cache.test.ts telegram-plugin/tests/silent-reply-guard.test.ts telegram-plugin/tests/unhandled-rejection-policy.test.ts telegram-plugin/tests/registry-turns.test.ts telegram-plugin/registry/subagents.test.ts telegram-plugin/tests/turns-writer.test.ts telegram-plugin/tests/resolve-calling-subagent.test.ts telegram-plugin/tests/gateway-update-placeholder-dispatch.test.ts telegram-plugin/tests/reaction-trigger.test.ts telegram-plugin/tests/reaction-trigger-flow.test.ts telegram-plugin/uat/load-env.test.ts",
     "test:watch": "vitest",
-    "lint": "tsc --noEmit && node scripts/check-plugin-references.mjs && bash scripts/check-bot-api-wrapping.sh && node scripts/check-bun-test-imports.mjs && node scripts/check-no-pii-secrets.mjs",
+    "lint": "tsc --noEmit && node scripts/check-plugin-references.mjs && bash scripts/check-bot-api-wrapping.sh && node scripts/check-bun-test-imports.mjs && node scripts/check-no-pii-secrets.mjs && node scripts/check-vault-test-hermeticity.mjs && node scripts/check-no-broadcast-delivery.mjs",
     "lint:tsc": "tsc --noEmit",
     "lint:plugin-references": "node scripts/check-plugin-references.mjs",
     "lint:bot-api-wrapping": "bash scripts/check-bot-api-wrapping.sh",
     "lint:bun-test-imports": "node scripts/check-bun-test-imports.mjs",
     "lint:no-pii": "node scripts/check-no-pii-secrets.mjs",
+    "lint:no-broadcast-delivery": "node scripts/check-no-broadcast-delivery.mjs",
     "prepublishOnly": "npm run build && npm run lint && npm test"
   },
   "dependencies": {

package/telegram-plugin/dist/gateway/gateway.js

@@ -23929,7 +23929,11 @@ var init_schema = __esm(() => {
           path: ["approvalAuth"]
         });
       }
-    }).describe("Vault-broker daemon configuration. The broker holds the decrypted vault " + "in memory and serves secrets to cron scripts via a Unix socket, so the " + "vault passphrase is entered once at startup rather than per-cron invocation.")
+    }).describe("Vault-broker daemon configuration. The broker holds the decrypted vault " + "in memory and serves secrets to cron scripts via a Unix socket, so the " + "vault passphrase is entered once at startup rather than per-cron invocation."),
+    backup: exports_external.object({
+      destination: exports_external.string().optional().describe("Destination directory for `switchroom vault backup`. " + "When unset, the CLI defaults to " + "`~/.switchroom-config/vault-backups/` if that operator config " + "repo exists, else `~/.switchroom/vault-backups/`. " + "Path is tilde-expanded at read time. " + "MUST NOT be `~/.switchroom/vault/` (the broker bind-mount dir, " + "validated by `switchroom apply` against an artifact allowlist)."),
+      retain: exports_external.number().int().nonnegative().default(30).describe("How many of the most-recent backups to keep in the destination dir. " + "Older ones are pruned after each new backup is written. Default 30 " + "= roughly a month at daily cadence.")
+    }).optional().describe("Configuration for `switchroom vault backup`. Optional \u2014 the CLI works " + "with built-in defaults if this block is absent. The backed-up file is " + "the AES-256-GCM-encrypted vault envelope; the operator passphrase " + "remains the gate, so committing backups to a private git repo extends " + "durability without weakening encryption (provided the auto-unlock " + "blob is NEVER co-located \u2014 `vault backup` refuses to write into a " + "directory that contains an auto-unlock-shaped sibling).")
   });
   QuotaConfigSchema = exports_external.object({
     weekly_budget_usd: exports_external.number().positive().optional().describe("Weekly USD spend budget. If unset, the greeting shows raw usage only."),
@@ -31457,7 +31461,8 @@ function createStreamController(cfg) {
 
 // pty-partial-handler.ts
 function streamKey(chatId, threadId) {
-  return `${chatId}:${threadId ?? "_"}`;
+  const t = threadId == null || threadId === 0 ? "_" : String(threadId);
+  return `${chatId}:${t}`;
 }
 function handlePtyPartialPure(text, state, deps) {
   if (state.currentSessionChatId == null) {
@@ -31543,7 +31548,8 @@ function buildAccentHeader(accent) {
   }
 }
 function streamKey2(chatId, threadId, lane, turnKey) {
-  const base = `${chatId}:${threadId ?? "_"}`;
+  const t = threadId == null || threadId === 0 ? "_" : String(threadId);
+  const base = `${chatId}:${t}`;
   const withLane = lane != null && lane.length > 0 ? `${base}:${lane}` : base;
   return turnKey != null && turnKey.length > 0 ? `${withLane}:${turnKey}` : withLane;
 }
@@ -43725,6 +43731,27 @@ function createInboundSpool(opts) {
   };
 }
 
+// gateway/turn-state-purge.ts
+function purgeStaleTurnsForChat(chatId, keys, purger) {
+  if (!chatId)
+    return { purged: [] };
+  const purged = [];
+  const snapshot = [];
+  for (const k of keys)
+    snapshot.push(k);
+  for (const key of snapshot) {
+    const sep3 = key.indexOf(":");
+    if (sep3 < 0)
+      continue;
+    const keyChat = key.slice(0, sep3);
+    if (keyChat !== chatId)
+      continue;
+    purger(key);
+    purged.push(key);
+  }
+  return { purged };
+}
+
 // gateway/inbound-delivery-gate.ts
 function decideInboundDelivery(input) {
   if (input.turnInFlight && !input.isSteering)
@@ -43778,6 +43805,15 @@ function createPendingPermissionBuffer(opts = {}) {
   };
 }
 
+// gateway/chat-key.ts
+function chatKey(chatId, threadId) {
+  const t = threadId == null || threadId === 0 ? "_" : String(threadId);
+  return `${chatId}:${t}`;
+}
+function chatKeyWithSuffix(chatId, threadId, suffix) {
+  return `${chatKey(chatId, threadId)}:${suffix}`;
+}
+
 // gateway/vault-grant-inbound-builders.ts
 function buildVaultGrantApprovedInbound(opts) {
   const ts = opts.nowMs ?? Date.now();
@@ -47090,11 +47126,11 @@ function sweepStaleTurnActiveMarker(stateDir, opts) {
 }
 
 // ../src/build-info.ts
-var VERSION = "0.12.19";
-var COMMIT_SHA = "5f6810ed";
-var COMMIT_DATE = "2026-05-19T13:30:31Z";
-var LATEST_PR = 1559;
-var COMMITS_AHEAD_OF_TAG = 4;
+var VERSION = "0.12.21";
+var COMMIT_SHA = "e32c064";
+var COMMIT_DATE = "2026-05-20T02:05:49Z";
+var LATEST_PR = 1572;
+var COMMITS_AHEAD_OF_TAG = null;
 
 // gateway/boot-version.ts
 function formatRelativeAgo(iso) {
@@ -48037,10 +48073,10 @@ var CONTEXT_EXHAUSTION_COOLDOWN_MS = 600000;
 var lastContextExhaustionWarningAt = 0;
 var pendingPtyPartial = null;
 function statusKey(chatId, threadId) {
-  return `${chatId}:${threadId ?? "_"}`;
+  return chatKey(chatId, threadId);
 }
 function streamKey3(chatId, threadId) {
-  return `${chatId}:${threadId ?? "_"}`;
+  return chatKey(chatId, threadId);
 }
 function purgeReactionTracking(key) {
   const msgInfo = activeReactionMsgIds.get(key);
@@ -48071,6 +48107,12 @@ function purgeReactionTracking(key) {
     }
   }
 }
+function endCurrentTurnAtomic(turn) {
+  if (currentTurn !== turn)
+    return;
+  currentTurn = null;
+  purgeReactionTracking(statusKey(turn.sessionChatId, turn.sessionThreadId));
+}
 function maybeProactiveCompact() {
   if (compactDispatching)
     return;
@@ -48912,6 +48954,7 @@ startTimer({
     preambleSuppressor.dropNow();
     endTurn(fbKey);
     purgeReactionTracking(fbKey);
+    const fbExtraPurge = purgeStaleTurnsForChat(fbChatId, activeTurnStartedAt.keys(), purgeReactionTracking);
     if (turnMatchesFallback && currentTurn === wedgedTurn)
       currentTurn = null;
     try {
@@ -48919,7 +48962,7 @@ startTimer({
     } catch {}
     const fbSelfAgent = process.env.SWITCHROOM_AGENT_NAME ?? "";
     const fbRedeliver = redeliverBufferedInbound(pendingInboundBuffer, fbSelfAgent, (m) => ipcServer.sendToAgent(fbSelfAgent, m), inboundSpool);
-    process.stderr.write(`telegram gateway: silence-poke framework-fallback ended wedged turn chat=${fbChatId} thread=${ctx.threadId ?? "-"} silence_ms=${ctx.silenceMs} currentTurn_nulled=${turnMatchesFallback} drained_buffered=${fbRedeliver.redelivered}/${fbRedeliver.drained}${fbRedeliver.rebuffered > 0 ? ` rebuffered=${fbRedeliver.rebuffered}` : ""}
+    process.stderr.write(`telegram gateway: silence-poke framework-fallback ended wedged turn chat=${fbChatId} thread=${ctx.threadId ?? "-"} silence_ms=${ctx.silenceMs} currentTurn_nulled=${turnMatchesFallback} drained_buffered=${fbRedeliver.redelivered}/${fbRedeliver.drained}${fbRedeliver.rebuffered > 0 ? ` rebuffered=${fbRedeliver.rebuffered}` : ""}${fbExtraPurge.purged.length > 0 ? ` extra_keys_purged=${fbExtraPurge.purged.length}` : ""}
 `);
   }
 });
@@ -50494,7 +50537,7 @@ function resetOrphanedReplyTimeout() {
   }
 }
 function closeActivityLane(chatId, threadId) {
-  const key = `${chatId}:${threadId ?? "_"}:activity`;
+  const key = chatKeyWithSuffix(chatId, threadId, "activity");
   const stream = activeDraftStreams.get(key);
   if (stream == null)
     return;
@@ -50503,7 +50546,7 @@ function closeActivityLane(chatId, threadId) {
   stream.finalize().catch(() => {});
 }
 function closeProgressLane(chatId, threadId) {
-  const prefix = `${chatId}:${threadId ?? "_"}:progress`;
+  const prefix = chatKeyWithSuffix(chatId, threadId, "progress");
   for (const [key, stream] of activeDraftStreams) {
     if (key.startsWith(prefix)) {
       activeDraftStreams.delete(key);
@@ -50543,7 +50586,8 @@ function handleSessionEvent(ev) {
         currentTurn = next;
         preambleSuppressor.reset();
         if (turnsDb != null) {
-          const turnKey = `${ev.chatId}:${ev.threadId ?? "_"}:${startedAt}`;
+          const evThreadIdNum = ev.threadId != null ? Number(ev.threadId) : null;
+          const turnKey = chatKeyWithSuffix(ev.chatId, evThreadIdNum, String(startedAt));
           next.registryKey = turnKey;
           const userPromptPreview = extractUserPromptPreview(ev.rawContent);
           try {
@@ -50709,8 +50753,7 @@ function handleSessionEvent(ev) {
           turn.answerStream.stop();
           turn.answerStream = null;
         }
-        if (currentTurn === turn)
-          currentTurn = null;
+        endCurrentTurnAtomic(turn);
         preambleSuppressor.reset();
       }
       return;
@@ -50777,7 +50820,7 @@ function handleSessionEvent(ev) {
       if (flushDecision.kind === "skip" && flushDecision.reason === "silent-marker") {
         process.stderr.write(`telegram gateway: silent-turn-suppression: chat=${chatId} turnKey=${turn.startedAt} reason=silent-marker
 `);
-        const suppressPrefix = `${chatId}:${threadId ?? "_"}:progress`;
+        const suppressPrefix = chatKeyWithSuffix(chatId, threadId, "progress");
         for (const [key] of activeDraftStreams) {
           if (key.startsWith(suppressPrefix)) {
             activeDraftStreams.delete(key);
@@ -50827,8 +50870,7 @@ function handleSessionEvent(ev) {
         lastPtyPreviewByChat.delete(statusKey(chatId, threadId));
         pendingPtyPartial = null;
         closeActivityLane(chatId, threadId);
-        if (currentTurn === turn)
-          currentTurn = null;
+        endCurrentTurnAtomic(turn);
         preambleSuppressor.dropNow();
         return;
       }
@@ -50843,8 +50885,7 @@ function handleSessionEvent(ev) {
         }) ?? { wasEmitted: false, turnKey: null };
         const backstopCardMessageId = cardTakeover.wasEmitted && cardTakeover.turnKey != null ? getPinnedProgressCardMessageId?.(cardTakeover.turnKey) ?? null : null;
         const backstopCardTurnKey = cardTakeover.turnKey;
-        if (currentTurn === turn)
-          currentTurn = null;
+        endCurrentTurnAtomic(turn);
         preambleSuppressor.dropNow();
         {
           const tKey = statusKey(chatId, threadId);
@@ -51009,8 +51050,7 @@ function handleSessionEvent(ev) {
         }
       }
       removeTurnActiveMarker(STATE_DIR);
-      if (currentTurn === turn)
-        currentTurn = null;
+      endCurrentTurnAtomic(turn);
       return;
     }
   }

package/telegram-plugin/gateway/chat-key.ts

@@ -0,0 +1,67 @@
+/**
+ * Canonical chat-key construction with branded type.
+ *
+ * The gateway tracks per-chat state (active turn, draft stream, status
+ * reactions, progress throttle, etc.) in `Map<string, ...>` instances
+ * keyed by a string derived from `(chatId, threadId | null)`. Multiple
+ * callsites historically constructed those keys inline as
+ * `` `${chatId}:${threadId ?? '_'}` ``. That worked until PR #1564 hit
+ * the silence-poke wedge: an `activeTurnStartedAt` entry survived a
+ * turn-end because the entry was set under one rendering of the key
+ * (`null` thread → `_`) and the cleanup ran against another
+ * (`undefined` thread → `_`, but also `0` thread → `0`, which doesn't
+ * coalesce). The fallback's `purgeReactionTracking` cleared one
+ * statusKey at a time; sibling keys for the same chat persisted, so
+ * `activeTurnStartedAt.size > 0` stayed true forever and every
+ * subsequent inbound was held mid-turn.
+ *
+ * This module makes the bug class hard to reintroduce:
+ *
+ *   1. `chatKey()` is the canonical constructor for "this chat+thread"
+ *      keys. It collapses `null`, `undefined`, and `0` thread IDs
+ *      into the same token (`_`). All sites in `gateway.ts`,
+ *      `stream-reply-handler.ts`, and `pty-partial-handler.ts` route
+ *      through it (or mirror its expression inline).
+ *   2. The returned `ChatKey` is a branded string — a documentation
+ *      marker for human readers. `telegram-plugin/` is bun-bundled
+ *      and NOT in `tsconfig.json`'s `include`; `lint:plugin-references`
+ *      filters tsc output to reference-class errors only (TS2304/2552/
+ *      2722/2561). A future opt-in `Map<ChatKey, T>` migration could
+ *      provide enforcement teeth, but that requires either bringing
+ *      `telegram-plugin/` into the strict tsc check or rewriting the
+ *      lint to fail on TS2345 type-mismatch. Today the brand is a
+ *      nudge, not a fence.
+ *
+ * `chatKeyWithSuffix()` extends a ChatKey with a lane suffix
+ * (`activity`, `progress`, etc.) — same documentation brand.
+ *
+ * Non-ChatKey keyspaces (chat:message, chat:user, chat:sender:reason)
+ * are deliberately NOT branded — they have different shape and
+ * different invariants, see `deferredKey` / `inboundCoalesceKey` /
+ * the gate-dedup helper in `gateway.ts`.
+ */
+
+export type ChatKey = string & { readonly __brand: 'ChatKey' }
+
+export function chatKey(chatId: string, threadId?: number | null): ChatKey {
+  const t = threadId == null || threadId === 0 ? '_' : String(threadId)
+  return `${chatId}:${t}` as ChatKey
+}
+
+export function chatKeyWithSuffix(
+  chatId: string,
+  threadId: number | null | undefined,
+  suffix: string,
+): ChatKey {
+  return `${chatKey(chatId, threadId)}:${suffix}` as ChatKey
+}
+
+/**
+ * Extract the chatId portion of a ChatKey. Used by sibling-key sweeps
+ * (PR #1564's `purgeStaleTurnsForChat`) that need to enumerate every
+ * thread under a single chat.
+ */
+export function chatIdOfChatKey(key: ChatKey): string {
+  const idx = key.indexOf(':')
+  return idx === -1 ? key : key.slice(0, idx)
+}

package/telegram-plugin/gateway/gateway.ts

@@ -250,8 +250,10 @@ import { handleRequestDriveApproval } from './drive-write-approval.js'
 import { buildDiffPreviewCard } from './diff-preview-card.js'
 import { createPendingInboundBuffer, redeliverBufferedInbound, idleDrainTick } from './pending-inbound-buffer.js'
 import { createInboundSpool } from './inbound-spool.js'
+import { purgeStaleTurnsForChat } from './turn-state-purge.js'
 import { decideInboundDelivery } from './inbound-delivery-gate.js'
 import { createPendingPermissionBuffer } from './pending-permission-decisions.js'
+import { chatKey, chatKeyWithSuffix } from './chat-key.js'
 import {
   buildVaultGrantApprovedInbound,
   buildVaultGrantDeniedInbound,
@@ -1025,6 +1027,7 @@ function checkApprovals(): void {
   try { files = readdirSync(APPROVED_DIR) } catch { return }
   for (const senderId of files) {
     const file = join(APPROVED_DIR, senderId)
+    // allow-raw-bot-api: Paired! sendMessage to DM senderId; no thread_id, cannot trigger THREAD_NOT_FOUND
     void bot.api.sendMessage(senderId, "Paired! Say hi to Claude.").then(
       () => rmSync(file, { force: true }),
       err => {
@@ -1247,12 +1250,18 @@ let lastContextExhaustionWarningAt = 0
 
 let pendingPtyPartial: string | null = null
 
-function statusKey(chatId: string, threadId?: number): string {
-  return `${chatId}:${threadId ?? '_'}`
+// statusKey + streamKey are thin re-exports of the canonical chatKey()
+// constructor (see telegram-plugin/gateway/chat-key.ts). chatKey()
+// collapses 0/null/undefined thread IDs to the same token (`_`),
+// closing the sibling-key class behind #1564 (where one site set the
+// entry under `null → _` and another cleared under `0 → 0`, leaving
+// activeTurnStartedAt non-empty forever).
+function statusKey(chatId: string, threadId?: number | null): string {
+  return chatKey(chatId, threadId)
 }
 
-function streamKey(chatId: string, threadId?: number): string {
-  return `${chatId}:${threadId ?? '_'}`
+function streamKey(chatId: string, threadId?: number | null): string {
+  return chatKey(chatId, threadId)
 }
 
 function purgeReactionTracking(key: string): void {
@@ -1318,6 +1327,32 @@ function purgeReactionTracking(key: string): void {
   }
 }
 
+/**
+ * Atomic null-and-purge for a wedged turn. Every site that ends a
+ * turn by nulling `currentTurn` MUST also clear the turn's statusKey
+ * from `activeTurnStartedAt` — else a dangling entry survives and
+ * `#1556`'s turn-gate holds every new inbound mid-turn forever
+ * (gymbro / klanker held-mid-turn symptom, 2026-05-20).
+ *
+ * Pre-this, three turn-end paths (silent-marker / turn-flush /
+ * `turn_end`) nulled `currentTurn` on code-paths whose
+ * `purgeReactionTracking` calls weren't reached on every branch,
+ * leaving sibling entries under the turn's statusKey that the
+ * silence-poke framework-fallback's `purgeReactionTracking(fbKey)`
+ * couldn't catch (different key shape). The fallback now also sweeps
+ * siblings for `fbChatId` (`turn-state-purge.ts`) as defense-in-depth,
+ * but THIS helper closes the leak at origin: null and purge are
+ * inseparable at every call site.
+ *
+ * Idempotent: a second purge is a no-op `.delete()` on a key already
+ * gone — handlers that already purge elsewhere are unharmed.
+ */
+function endCurrentTurnAtomic(turn: CurrentTurn): void {
+  if (currentTurn !== turn) return
+  currentTurn = null
+  purgeReactionTracking(statusKey(turn.sessionChatId, turn.sessionThreadId))
+}
+
 /**
  * Model-idle proactive-compaction check. Called ONLY from the
  * activeTurnStartedAt.size === 0 gate above (never mid-turn). Opt-in via
@@ -2648,6 +2683,7 @@ function emitGatewayOperatorEvent(event: OperatorEvent): void {
       parse_mode: 'HTML' as const,
       ...(renderedKeyboard ? { reply_markup: renderedKeyboard } : {}),
     }
+    // allow-raw-bot-api: operator-event broadcast loop; opts has no message_thread_id
     void bot.api.sendMessage(chat_id, renderedText, opts as never).catch(e => {
       process.stderr.write(
         `telegram gateway: operator-event send to ${chat_id} failed agent=${agent} kind=${kind}: ${e}\n`,
@@ -3011,6 +3047,23 @@ silencePoke.startTimer({
     // for this chat starts a fresh turn instead of queueing forever.
     silencePoke.endTurn(fbKey)
     purgeReactionTracking(fbKey)
+    // Defense-in-depth: the fallback's purgeReactionTracking above
+    // clears the canonical statusKey(chatId, threadId) for fbKey
+    // only. activeTurnStartedAt can hold sibling entries for the
+    // SAME chat (different threads, or a `null` vs `undefined`-thread
+    // variant left over from a normal turn-end path that nulled
+    // currentTurn without invoking purgeReactionTracking — the
+    // gymbro/klanker held-mid-turn symptom, 2026-05-20). Any sibling
+    // for fbChatId is by definition stale when THIS fallback fires
+    // (the chat has been silent ≥5 min); sweep them via the same
+    // purger. Multi-chat-safe — only touches keys for fbChatId, so
+    // #1546's intentional cross-chat safety guard is preserved.
+    // See turn-state-purge.ts.
+    const fbExtraPurge = purgeStaleTurnsForChat(
+      fbChatId,
+      activeTurnStartedAt.keys(),
+      purgeReactionTracking,
+    )
     // Null `currentTurn` if it's still pointing at the wedged turn —
     // when claude eventually fires a late `turn_end` for this session
     // (or never does), the handler's `const turn = currentTurn` snapshot
@@ -3044,7 +3097,8 @@ silencePoke.startTimer({
       `chat=${fbChatId} thread=${ctx.threadId ?? '-'} silence_ms=${ctx.silenceMs} ` +
       `currentTurn_nulled=${turnMatchesFallback} ` +
       `drained_buffered=${fbRedeliver.redelivered}/${fbRedeliver.drained}` +
-      `${fbRedeliver.rebuffered > 0 ? ` rebuffered=${fbRedeliver.rebuffered}` : ''}\n`,
+      `${fbRedeliver.rebuffered > 0 ? ` rebuffered=${fbRedeliver.rebuffered}` : ''}` +
+      `${fbExtraPurge.purged.length > 0 ? ` extra_keys_purged=${fbExtraPurge.purged.length}` : ''}\n`,
     )
   },
 })
@@ -3408,6 +3462,7 @@ const ipcServer: IpcServer = createIpcServer({
         .text(`🔁 Always allow ${alwaysRule.label}`, `perm:always:${requestId}`)
     }
     for (const chat_id of access.allowFrom) {
+      // allow-raw-bot-api: permission-request keyboard fan-out; reply_markup-only opts, no thread_id
       void bot.api.sendMessage(chat_id, text, { reply_markup: keyboard }).catch(e => {
         process.stderr.write(`telegram gateway: permission_request send to ${chat_id} failed: ${e}\n`)
       })
@@ -4024,6 +4079,7 @@ async function executeReply(args: Record<string, unknown>): Promise<{ content: A
           stripped.length > 0
             ? stripped
             : '⚠️ (a formatted fragment could not be rendered for Telegram)'
+        // allow-raw-bot-api: plaintext last-resort fallback; wrapping would re-enter the parse-mode policy that just rejected the payload
         const sent = await lockedBot.api.sendMessage(chat_id, plain, plainOpts as never)
         sentIds.push(sent.message_id)
         logOutbound('reply', chat_id, sent.message_id, plain.length, `chunk=${i + 1}/${chunks.length} plaintext-fallback`)
@@ -4045,6 +4101,7 @@ async function executeReply(args: Record<string, unknown>): Promise<{ content: A
           const retryOpts = { ...sendOpts }
           delete (retryOpts as any).message_thread_id
           try {
+            // allow-raw-bot-api: chunk-loop THREAD_NOT_FOUND fallback; thread already dropped, wrapping would re-enter the throw
             const sent = await lockedBot.api.sendMessage(chat_id, chunks[i], retryOpts as never)
             sentIds.push(sent.message_id)
           } catch (retryErr) {
@@ -5347,7 +5404,7 @@ function resetOrphanedReplyTimeout(): void {
 }
 
 function closeActivityLane(chatId: string, threadId: number | undefined): void {
-  const key = `${chatId}:${threadId ?? '_'}:activity`
+  const key = chatKeyWithSuffix(chatId, threadId, 'activity')
   const stream = activeDraftStreams.get(key)
   if (stream == null) return
   activeDraftStreams.delete(key)
@@ -5359,7 +5416,7 @@ function closeProgressLane(chatId: string, threadId: number | undefined): void {
   // Progress-card streams include a turnKey suffix in their key
   // (e.g. "chatId:_:progress:chatId:1"). Iterate and match by prefix
   // so the backstop actually finds the stream.
-  const prefix = `${chatId}:${threadId ?? '_'}:progress`
+  const prefix = chatKeyWithSuffix(chatId, threadId, 'progress')
   for (const [key, stream] of activeDraftStreams) {
     if (key.startsWith(prefix)) {
       activeDraftStreams.delete(key)
@@ -5415,7 +5472,11 @@ function handleSessionEvent(ev: SessionEvent): void {
         // progress-card-driver's per-chat sequence number (these are two
         // independent identifier schemes and don't need to align).
         if (turnsDb != null) {
-          const turnKey = `${ev.chatId}:${ev.threadId ?? '_'}:${startedAt}`
+          // ev.threadId is `string | null` (Telegram emits as string); convert
+          // to number for chatKeyWithSuffix. Number(null) = 0 which canonicalizes
+          // to '_' — same as the explicit `null` branch below.
+          const evThreadIdNum = ev.threadId != null ? Number(ev.threadId) : null
+          const turnKey = chatKeyWithSuffix(ev.chatId, evThreadIdNum, String(startedAt))
           next.registryKey = turnKey
           // Phase 1 of #332: capture first ~200 chars of the user's message.
           const userPromptPreview = extractUserPromptPreview(ev.rawContent)
@@ -5686,7 +5747,7 @@ function handleSessionEvent(ev: SessionEvent): void {
           turn.answerStream = null
         }
         // Null the atom — this turn is being abandoned.
-        if (currentTurn === turn) currentTurn = null
+        endCurrentTurnAtomic(turn)
         // #549 fix — context-exhaustion teardown also resets preamble state.
         preambleSuppressor.reset()
       }
@@ -5812,7 +5873,7 @@ function handleSessionEvent(ev: SessionEvent): void {
         // Drop progress-card streams without finalising — the normal
         // closeProgressLane call below would call stream.finalize() which
         // sends a final "Done" edit to Telegram. Skip that for silent turns.
-        const suppressPrefix = `${chatId}:${threadId ?? '_'}:progress`
+        const suppressPrefix = chatKeyWithSuffix(chatId, threadId, 'progress')
         for (const [key] of activeDraftStreams) {
           if (key.startsWith(suppressPrefix)) {
             activeDraftStreams.delete(key)
@@ -5884,7 +5945,7 @@ function handleSessionEvent(ev: SessionEvent): void {
         // returns early at handler entry. A new `enqueue` swaps in a
         // fresh atom; the silent-turn teardown doesn't need to preserve
         // any of the prior turn's state.
-        if (currentTurn === turn) currentTurn = null
+        endCurrentTurnAtomic(turn)
         // #549 fix — silent-marker teardown drops any pending preamble.
         preambleSuppressor.dropNow()
         return
@@ -5918,7 +5979,7 @@ function handleSessionEvent(ev: SessionEvent): void {
         // sendMessage await for this turn will see currentTurn == null
         // and bail; a new enqueue will swap in a fresh atom. The
         // `backstop*` locals above hold everything the IIFE needs.
-        if (currentTurn === turn) currentTurn = null
+        endCurrentTurnAtomic(turn)
         // #549 fix — turn-flush takes ownership of the captured-text
         // backup; reset the preamble buffer (its content is already in
         // the captured `capturedText`, which turn-flush is about to send).
@@ -6190,7 +6251,7 @@ function handleSessionEvent(ev: SessionEvent): void {
       // #1067: null the atom in one assignment, replacing the seven
       // field clears the pre-refactor version did. Any late-arriving
       // event for this turn will see currentTurn == null and bail.
-      if (currentTurn === turn) currentTurn = null
+      endCurrentTurnAtomic(turn)
       // #549 fix — preamble flush already happened at the TOP of this
       // turn_end handler (before turn.answerStream is nulled). See
       // comment near line 3431.
@@ -10933,6 +10994,7 @@ async function grantWizardStep2(ctx: Context, chatId: string, agent: string, wiz
   const kb = buildGrantKeysKeyboard(keys, selected)
   const text = `<b>Grant capability token — Step 2/3</b>\n\nWhich keys for <code>${escapeHtmlForTg(agent)}</code>?\n<i>Tap to toggle; tap Continue when done.</i>`
   if (wizardMsgId != null) {
+    // allow-raw-bot-api: vault grant wizard step 2/3; already .catch-swallows, tap-driven UI re-renders on retry
     await ctx.api.editMessageText(chatId, wizardMsgId, text, { parse_mode: 'HTML', reply_markup: kb }).catch(() => {})
   } else {
     const sent = await switchroomReply(ctx, text, { html: true, reply_markup: kb })
@@ -10956,6 +11018,7 @@ async function grantWizardStep3(ctx: Context, chatId: string, state: Extract<Pen
   const text = `<b>Grant capability token — Step 3/3</b>\n\nKeys for <code>${escapeHtmlForTg(state.agent!)}</code>:\n${keyList}\n\nHow long should this grant be valid?`
   const msgId = state.wizardMsgId
   if (msgId != null) {
+    // allow-raw-bot-api: vault grant wizard step 3/3 (TTL select); already .catch-swallows, tap-driven UI re-renders on retry
     await ctx.api.editMessageText(chatId, msgId, text, { parse_mode: 'HTML', reply_markup: kb }).catch(() => {})
   } else {
     const sent = await switchroomReply(ctx, text, { html: true, reply_markup: kb })
@@ -10980,6 +11043,7 @@ async function grantWizardConfirm(ctx: Context, chatId: string, state: Extract<P
   ].join('\n')
   const msgId = state.wizardMsgId
   if (msgId != null) {
+    // allow-raw-bot-api: vault grant wizard confirm step; already .catch-swallows, tap-driven UI re-renders on retry
     await ctx.api.editMessageText(chatId, msgId, text, { parse_mode: 'HTML', reply_markup: kb }).catch(() => {})
   } else {
     const sent = await switchroomReply(ctx, text, { html: true, reply_markup: kb })
@@ -13417,6 +13481,7 @@ function handleChecklistUpdate(
           ts: new Date(ts * 1000).toISOString(),
         },
       }
+      // allow-broadcast: informational checklist task notification, not turn-driving
       ipcServer.broadcast(inboundMsg)
       process.stderr.write(
         `telegram gateway: checklist ${kind}: chat_id=${chat_id} message_id=${message_id} task_id=${taskId} state=${state} user=${userName}\n`,
@@ -13868,7 +13933,7 @@ async function shutdown(signal: string): Promise<void> {
   // gateway no longer pre-allocates drafts on inbound, so there is
   // nothing to clear at SIGTERM time.
 
-  // Notify bridges so they can mark themselves disconnected.
+  // allow-broadcast: informational shutdown notify — bridges mark themselves disconnected
   ipcServer.broadcast({ type: 'status', status: 'gateway_shutting_down' })
 
   // Hard force-exit safety net at budget + 5s. systemd's TimeoutStopSec