switchroom 0.12.7 → 0.12.8

package/dist/cli/switchroom.js

@@ -27272,41 +27272,77 @@ function seedChain(path) {
     lastHash: "CORRUPT-TAIL-" + createHash6("sha256").update(tail).digest("hex").slice(0, 16)
   };
 }
-function verifyAuditChain(fullText, expectedFirstPrev = CHAIN_GENESIS) {
+function verifyAuditLog(fullText) {
   const rawLines = fullText.split(`
 `);
-  let prev = expectedFirstPrev;
-  let expectedSeq = 1;
-  let rows = 0;
+  let legacyRows = 0;
+  let chainedRows = 0;
+  let segments = 0;
+  let seenChained = false;
+  let prevSeq = 0;
+  let prevHash = "";
   for (let i = 0;i < rawLines.length; i++) {
     const raw = rawLines[i];
     if (raw.length === 0)
       continue;
-    rows++;
     let obj;
     try {
       obj = JSON.parse(raw);
     } catch {
-      return { ok: false, rows, brokenAtLine: i + 1, reason: "row is not valid JSON" };
+      if (!seenChained) {
+        legacyRows++;
+        continue;
+      }
+      return {
+        state: "tampered",
+        legacyRows,
+        chainedRows,
+        segments,
+        brokenAtLine: i + 1,
+        reason: "a non-JSON row appears inside the hash-chained region (row replaced/corrupted)"
+      };
     }
     const { _seq, _prev, _hash, ...entry } = obj;
-    if (typeof _seq !== "number" || typeof _prev !== "string" || typeof _hash !== "string") {
-      return { ok: false, rows, brokenAtLine: i + 1, reason: "row missing chain fields (unchained / stripped)" };
-    }
-    if (_seq !== expectedSeq) {
-      return { ok: false, rows, brokenAtLine: i + 1, reason: `seq gap: expected ${expectedSeq}, got ${_seq} (row deleted or reordered)` };
-    }
-    if (_prev !== prev) {
-      return { ok: false, rows, brokenAtLine: i + 1, reason: "prev-hash mismatch (a prior row was altered or removed)" };
+    const isChained = typeof _seq === "number" && typeof _prev === "string" && typeof _hash === "string";
+    if (!isChained) {
+      if (!seenChained) {
+        legacyRows++;
+        continue;
+      }
+      return {
+        state: "tampered",
+        legacyRows,
+        chainedRows,
+        segments,
+        brokenAtLine: i + 1,
+        reason: "a chained row had its chain fields stripped (unchained row inside the chained region)"
+      };
     }
     const recomputed = rowHash(_prev, _seq, JSON.stringify(entry));
     if (recomputed !== _hash) {
-      return { ok: false, rows, brokenAtLine: i + 1, reason: "hash mismatch (this row's body was edited)" };
+      return {
+        state: "tampered",
+        legacyRows,
+        chainedRows,
+        segments,
+        brokenAtLine: i + 1,
+        reason: "hash mismatch \u2014 this row's body/_seq/_prev was edited without recomputing its _hash"
+      };
+    }
+    if (!seenChained) {
+      seenChained = true;
+      segments = 1;
+    } else if (_seq !== prevSeq + 1 || _prev !== prevHash) {
+      segments++;
     }
-    prev = _hash;
-    expectedSeq++;
+    chainedRows++;
+    prevSeq = _seq;
+    prevHash = _hash;
   }
-  return { ok: true, rows };
+  if (!seenChained) {
+    return { state: "legacy", legacyRows, chainedRows: 0, segments: 0 };
+  }
+  return { state: "ok", legacyRows, chainedRows, segments };
 }
 var CHAIN_GENESIS = "GENESIS", SEP = "\x00";
 var init_audit_hashchain = () => {};
@@ -28729,20 +28765,6 @@ function rootWrittenLogs(home2) {
     }
   ];
 }
-function looksChained(text) {
-  for (const raw of text.split(`
-`)) {
-    if (raw.length === 0)
-      continue;
-    try {
-      const o = JSON.parse(raw);
-      return typeof o._seq === "number";
-    } catch {
-      return false;
-    }
-  }
-  return false;
-}
 function runAuditIntegrityChecks(deps = {}) {
   const home2 = deps.homeDir ?? homedir21();
   const read = deps.readFileSync ?? ((p) => fsReadFileSync2(p, "utf8"));
@@ -28769,28 +28791,28 @@ function runAuditIntegrityChecks(deps = {}) {
       });
       continue;
     }
-    if (!looksChained(text)) {
+    const v = verifyAuditLog(text);
+    const preamble = v.legacyRows > 0 ? `${v.legacyRows} pre-#1433 legacy preamble row(s) + ` : ``;
+    const restarts = v.segments > 1 ? ` across ${v.segments} segment(s) (${v.segments - 1} broker restart re-anchor(s))` : ``;
+    if (v.state === "legacy") {
       results.push({
         name: `${label} audit tamper-evidence`,
         status: "warn",
-        detail: `${path4} is present but its rows are NOT hash-chained \u2014 this is a pre-#1433 legacy log; tamper-evidence is inactive until the post-#1433 ${label} image is deployed`,
+        detail: `${path4} is present but NO rows are hash-chained \u2014 this is a pre-#1433 legacy log; tamper-evidence is inactive until the post-#1433 ${label} image is deployed`,
         fix: `Run \`switchroom update\` to roll the ${label} image forward (#1433 added the chain). Expected during the rollout window; not itself a tamper signal.`
       });
-      continue;
-    }
-    const v = verifyAuditChain(text, CHAIN_GENESIS);
-    if (v.ok) {
+    } else if (v.state === "ok") {
       results.push({
         name: `${label} audit chain valid`,
         status: "ok",
-        detail: `${v.rows} rows, hash chain intact from genesis`
+        detail: `${preamble}${v.chainedRows} hash-chained row(s)${restarts}, every row self-consistent (tamper-evidence active)`
       });
     } else {
       results.push({
         name: `${label} audit chain BROKEN`,
         status: "fail",
-        detail: `${path4}: chain breaks at row ${v.brokenAtLine} \u2014 ${v.reason}. A row was edited, deleted, reordered, or the head was truncated (WS10-F2 tamper signal).`,
-        fix: `Treat the ${label} audit trail as compromised from row ${v.brokenAtLine} onward. Preserve the file for forensics; investigate host/broker compromise before trusting subsequent rows.`
+        detail: `${path4}: tamper detected at file line ${v.brokenAtLine} \u2014 ${v.reason} (WS10-F2: a row was forensically rewritten). ${preamble}${v.chainedRows} prior chained row(s) verified.`,
+        fix: `Treat the ${label} audit trail as compromised at/after file line ${v.brokenAtLine}. Preserve the file for forensics; investigate host/broker compromise before trusting subsequent rows.`
       });
     }
   }
@@ -46336,7 +46358,7 @@ function decodeResponse3(line) {
   const obj = JSON.parse(line);
   return ResponseSchema3.parse(obj);
 }
-var MAX_FRAME_BYTES3, RequestEnvelope, AgentRestartRequestSchema, UpgradeStatusRequestSchema, GetStatusRequestSchema, AgentNameSchema, UpdateCheckRequestSchema, UpdateApplyRequestSchema, ApplyRequestSchema, AgentStartRequestSchema, AgentStopRequestSchema, AgentLogsRequestSchema, AgentExecRequestSchema, RequestSchema4, ResultSchema2, ResponseEnvelope, ResponseSchema3;
+var MAX_FRAME_BYTES3, RequestEnvelope, AgentRestartRequestSchema, UpgradeStatusRequestSchema, GetStatusRequestSchema, AgentNameSchema, UpdateCheckRequestSchema, UpdateApplyRequestSchema, ApplyRequestSchema, AgentStartRequestSchema, AgentStopRequestSchema, AgentLogsRequestSchema, AgentExecRequestSchema, DoctorRequestSchema, RequestSchema4, ResultSchema2, ResponseEnvelope, ResponseSchema3;
 var init_protocol4 = __esm(() => {
   init_zod();
   MAX_FRAME_BYTES3 = 64 * 1024;
@@ -46417,6 +46439,11 @@ var init_protocol4 = __esm(() => {
       argv: exports_external.array(exports_external.string().min(1)).min(1).max(32)
     })
   });
+  DoctorRequestSchema = exports_external.object({
+    ...RequestEnvelope,
+    op: exports_external.literal("doctor"),
+    args: exports_external.object({}).optional()
+  });
   RequestSchema4 = exports_external.discriminatedUnion("op", [
     AgentRestartRequestSchema,
     UpgradeStatusRequestSchema,
@@ -46427,7 +46454,8 @@ var init_protocol4 = __esm(() => {
     AgentStartRequestSchema,
     AgentStopRequestSchema,
     AgentLogsRequestSchema,
-    AgentExecRequestSchema
+    AgentExecRequestSchema,
+    DoctorRequestSchema
   ]);
   ResultSchema2 = exports_external.enum(["started", "completed", "denied", "error"]);
   ResponseEnvelope = {
@@ -46886,8 +46914,8 @@ var {
 } = import__.default;
 
 // src/build-info.ts
-var VERSION = "0.12.7";
-var COMMIT_SHA = "0e4c146b";
+var VERSION = "0.12.8";
+var COMMIT_SHA = "e77841fe";
 
 // src/cli/agent.ts
 init_source();
@@ -58152,6 +58180,18 @@ class VaultBroker {
       });
     });
   }
+  chownVaultToOperator() {
+    const uidStr = process.env.SWITCHROOM_BROKER_OPERATOR_UID;
+    if (uidStr === undefined)
+      return;
+    const uid = parseInt(uidStr, 10);
+    if (!Number.isFinite(uid) || uid <= 0)
+      return;
+    try {
+      if (existsSync33(this.vaultPath))
+        chownSync(this.vaultPath, uid, uid);
+    } catch {}
+  }
   bindOperatorListener(socketPath, operatorUid) {
     const abs = resolve24(socketPath);
     const identity = socketPathToIdentity(abs);
@@ -58721,6 +58761,7 @@ class VaultBroker {
         socket.write(encodeResponse(errorResponse("INTERNAL", `Failed to persist: ${err?.message ?? "unknown"}`)));
         return;
       }
+      this.chownVaultToOperator();
       this.auditLogger.write({
         ts: new Date().toISOString(),
         op: "put",

package/dist/host-control/main.js

@@ -14775,6 +14775,11 @@ var AgentExecRequestSchema = exports_external.object({
     argv: exports_external.array(exports_external.string().min(1)).min(1).max(32)
   })
 });
+var DoctorRequestSchema = exports_external.object({
+  ...RequestEnvelope,
+  op: exports_external.literal("doctor"),
+  args: exports_external.object({}).optional()
+});
 var RequestSchema = exports_external.discriminatedUnion("op", [
   AgentRestartRequestSchema,
   UpgradeStatusRequestSchema,
@@ -14785,7 +14790,8 @@ var RequestSchema = exports_external.discriminatedUnion("op", [
   AgentStartRequestSchema,
   AgentStopRequestSchema,
   AgentLogsRequestSchema,
-  AgentExecRequestSchema
+  AgentExecRequestSchema,
+  DoctorRequestSchema
 ]);
 var ResultSchema = exports_external.enum(["started", "completed", "denied", "error"]);
 var ResponseEnvelope = {
@@ -15496,6 +15502,9 @@ class HostdServer {
         case "agent_exec":
           resp = await this.handleAgentExec(req, started);
           break;
+        case "doctor":
+          resp = await this.handleDoctor(req, started);
+          break;
       }
     } catch (err) {
       resp = errorResponse(req.request_id, `hostd dispatch failed: ${err.message}`, Date.now() - started);
@@ -15540,6 +15549,8 @@ class HostdServer {
         if (req.args.name === caller.name)
           return null;
         return callerAdmin ? null : `${req.op} cross-agent requires admin: true on caller "${caller.name}"`;
+      case "doctor":
+        return callerAdmin ? null : `doctor requires admin: true on caller "${caller.name}"`;
     }
   }
   async handleAgentRestart(req, caller, started) {
@@ -15604,6 +15615,18 @@ class HostdServer {
       stderr_tail: tail(res.stderr)
     };
   }
+  async handleDoctor(req, started) {
+    const res = await this.runSwitchroom(["doctor"]);
+    return {
+      v: 1,
+      request_id: req.request_id,
+      result: "completed",
+      exit_code: res.exit_code,
+      duration_ms: Date.now() - started,
+      stdout_tail: tail(res.stdout),
+      stderr_tail: tail(res.stderr)
+    };
+  }
   missingApplyAssets() {
     const root = this.opts.applyAssetsRoot ?? resolve5(import.meta.dirname, "../..");
     return [

package/dist/vault/broker/server.js

@@ -15893,6 +15893,18 @@ class VaultBroker {
       });
     });
   }
+  chownVaultToOperator() {
+    const uidStr = process.env.SWITCHROOM_BROKER_OPERATOR_UID;
+    if (uidStr === undefined)
+      return;
+    const uid = parseInt(uidStr, 10);
+    if (!Number.isFinite(uid) || uid <= 0)
+      return;
+    try {
+      if (existsSync8(this.vaultPath))
+        chownSync(this.vaultPath, uid, uid);
+    } catch {}
+  }
   bindOperatorListener(socketPath, operatorUid) {
     const abs = resolve5(socketPath);
     const identity2 = socketPathToIdentity(abs);
@@ -16462,6 +16474,7 @@ class VaultBroker {
         socket.write(encodeResponse(errorResponse("INTERNAL", `Failed to persist: ${err?.message ?? "unknown"}`)));
         return;
       }
+      this.chownVaultToOperator();
       this.auditLogger.write({
         ts: new Date().toISOString(),
         op: "put",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "switchroom",
-  "version": "0.12.7",
+  "version": "0.12.8",
   "description": "Run Claude Code 24/7 on your Claude Pro/Max subscription over Telegram. Open-source alternative to OpenClaw and NanoClaw — no API keys.",
   "type": "module",
   "bin": {

package/telegram-plugin/dist/gateway/gateway.js

@@ -42409,6 +42409,11 @@ var AgentExecRequestSchema = exports_external.object({
     argv: exports_external.array(exports_external.string().min(1)).min(1).max(32)
   })
 });
+var DoctorRequestSchema = exports_external.object({
+  ...RequestEnvelope,
+  op: exports_external.literal("doctor"),
+  args: exports_external.object({}).optional()
+});
 var RequestSchema3 = exports_external.discriminatedUnion("op", [
   AgentRestartRequestSchema,
   UpgradeStatusRequestSchema,
@@ -42419,7 +42424,8 @@ var RequestSchema3 = exports_external.discriminatedUnion("op", [
   AgentStartRequestSchema,
   AgentStopRequestSchema,
   AgentLogsRequestSchema,
-  AgentExecRequestSchema
+  AgentExecRequestSchema,
+  DoctorRequestSchema
 ]);
 var ResultSchema = exports_external.enum(["started", "completed", "denied", "error"]);
 var ResponseEnvelope = {
@@ -46606,11 +46612,11 @@ function sweepStaleTurnActiveMarker(stateDir, opts) {
 }
 
 // ../src/build-info.ts
-var VERSION = "0.12.7";
-var COMMIT_SHA = "0e4c146b";
-var COMMIT_DATE = "2026-05-18T21:50:29Z";
-var LATEST_PR = 1517;
-var COMMITS_AHEAD_OF_TAG = 3;
+var VERSION = "0.12.8";
+var COMMIT_SHA = "e77841fe";
+var COMMIT_DATE = "2026-05-18T23:13:43Z";
+var LATEST_PR = 1521;
+var COMMITS_AHEAD_OF_TAG = 7;
 
 // gateway/boot-version.ts
 function formatRelativeAgo(iso) {
@@ -54022,23 +54028,56 @@ bot.command("usage", async (ctx) => {
   }
   await switchroomReply(ctx, formatQuotaBlock(result.data), { html: true });
 });
+function buildDoctorScopeKeyboard() {
+  return new import_grammy9.InlineKeyboard().text("\uD83E\uDE7A Whole fleet", "dr:fleet").text("\uD83E\uDE7A This agent", "dr:self");
+}
+function formatDoctorReport(raw) {
+  const trimmed = stripAnsi2(raw).trim();
+  if (!trimmed)
+    return "doctor: no output";
+  const pretty = trimmed.replace(/^( *)\u2713 /gm, "$1\uD83D\uDFE2 ").replace(/^( *)\u2717 /gm, "$1\uD83D\uDD34 ").replace(/^( *)! /gm, "$1\uD83D\uDFE1 ");
+  return preBlock(formatSwitchroomOutput(pretty));
+}
+async function renderSelfDoctor(ctx) {
+  let output;
+  try {
+    output = switchroomExecCombined(["doctor"], 30000);
+  } catch (err) {
+    output = err.stdout ?? err.message ?? "doctor failed";
+  }
+  await switchroomReply(ctx, formatDoctorReport(output), { html: true });
+}
+async function renderFleetDoctor(ctx) {
+  const resp = await tryHostdDispatch(getMyAgentName(), {
+    v: 1,
+    op: "doctor",
+    request_id: hostdRequestId("gw-doctor")
+  });
+  if (resp === "not-configured") {
+    await switchroomReply(ctx, "\uD83E\uDE7A Whole-fleet doctor needs hostd, which isn\u2019t configured here \u2014 showing this agent instead.", { html: true });
+    await renderSelfDoctor(ctx);
+    return;
+  }
+  if (resp.result === "denied") {
+    await switchroomReply(ctx, `\uD83E\uDE7A <b>Whole-fleet doctor denied by hostd:</b>
+${preBlock(formatSwitchroomOutput(resp.error ?? "admin required"))}`, { html: true });
+    return;
+  }
+  const body = resp.stdout_tail?.trim() || resp.error || "(no output from hostd doctor)";
+  await switchroomReply(ctx, formatDoctorReport(body), { html: true });
+}
 bot.command("doctor", async (ctx) => {
   if (!isAuthorizedSender(ctx))
     return;
   try {
-    let output;
-    try {
-      output = switchroomExecCombined(["doctor"], 30000);
-    } catch (err) {
-      output = err.stdout ?? err.message ?? "doctor failed";
-    }
-    const trimmed = stripAnsi2(output).trim();
-    if (!trimmed) {
-      await switchroomReply(ctx, "doctor: no output");
+    if (AGENT_ADMIN && hostdWillBeUsed(getMyAgentName())) {
+      await switchroomReply(ctx, "\uD83E\uDE7A <b>Doctor</b> \u2014 which scope?", {
+        html: true,
+        reply_markup: buildDoctorScopeKeyboard()
+      });
       return;
     }
-    const pretty = trimmed.replace(/^( *)\u2713 /gm, "$1\uD83D\uDFE2 ").replace(/^( *)\u2717 /gm, "$1\uD83D\uDD34 ").replace(/^( *)! /gm, "$1\uD83D\uDFE1 ");
-    await switchroomReply(ctx, preBlock(formatSwitchroomOutput(pretty)), { html: true });
+    await renderSelfDoctor(ctx);
   } catch (err) {
     await switchroomReply(ctx, `<b>doctor failed:</b>
 ${preBlock(formatSwitchroomOutput(err.message ?? "unknown error"))}`, { html: true });
@@ -54173,6 +54212,26 @@ bot.on("callback_query:data", async (ctx) => {
     await handleVaultDeferCallback(ctx, data);
     return;
   }
+  if (data.startsWith("dr:")) {
+    if (!isAuthorizedSender(ctx)) {
+      await ctx.answerCallbackQuery({ text: "Not authorized." }).catch(() => {});
+      return;
+    }
+    const scope = data.slice(3);
+    await ctx.answerCallbackQuery({
+      text: scope === "fleet" ? "\uD83E\uDE7A Running fleet doctor\u2026" : "\uD83E\uDE7A Running doctor\u2026"
+    }).catch(() => {});
+    try {
+      if (scope === "fleet")
+        await renderFleetDoctor(ctx);
+      else
+        await renderSelfDoctor(ctx);
+    } catch (err) {
+      await switchroomReply(ctx, `<b>doctor failed:</b>
+${preBlock(formatSwitchroomOutput(err.message ?? "unknown error"))}`, { html: true });
+    }
+    return;
+  }
   if (data.startsWith("vg:")) {
     await handleVaultGrantCallback(ctx, data);
     return;

package/telegram-plugin/gateway/gateway.ts

@@ -11652,16 +11652,81 @@ bot.command('usage', async ctx => {
   await switchroomReply(ctx, formatQuotaBlock(result.data), { html: true })
 })
 
+// Two-button scope picker shown to admin agents (when hostd is
+// reachable) so the operator can run doctor for the WHOLE FLEET
+// (host-side via hostd — has the docker socket) or just THIS agent
+// (in-container, degraded). callback_data is tiny (`dr:fleet` /
+// `dr:self`) — well within Telegram's 64-byte limit.
+function buildDoctorScopeKeyboard(): InlineKeyboard {
+  return new InlineKeyboard()
+    .text('🩺 Whole fleet', 'dr:fleet')
+    .text('🩺 This agent', 'dr:self')
+}
+
+// Shared report prettifier: ANSI-strip + status-glyph swap + pre block.
+// Identical rendering for the in-container and the hostd fleet report.
+function formatDoctorReport(raw: string): string {
+  const trimmed = stripAnsi(raw).trim()
+  if (!trimmed) return 'doctor: no output'
+  const pretty = trimmed
+    .replace(/^( *)✓ /gm, '$1🟢 ')
+    .replace(/^( *)✗ /gm, '$1🔴 ')
+    .replace(/^( *)! /gm, '$1🟡 ')
+  return preBlock(formatSwitchroomOutput(pretty))
+}
+
+// In-container `switchroom doctor` — this agent's own (degraded: no
+// docker socket) view. The original /doctor behaviour, unchanged.
+async function renderSelfDoctor(ctx: Context): Promise<void> {
+  let output: string
+  try { output = switchroomExecCombined(['doctor'], 30000) }
+  catch (err: unknown) { output = (err as any).stdout ?? (err as any).message ?? 'doctor failed' }
+  await switchroomReply(ctx, formatDoctorReport(output), { html: true })
+}
+
+// Whole-fleet `switchroom doctor` via hostd: it runs host-side where
+// the docker socket exists, so it sees every container + singleton
+// instead of the degraded in-container reading. Read-only verb; the
+// daemon independently enforces the admin gate (path-as-identity), so
+// this is the audited boundary even though the gateway only offers
+// the button to admin agents.
+async function renderFleetDoctor(ctx: Context): Promise<void> {
+  const resp = await tryHostdDispatch(getMyAgentName(), {
+    v: 1,
+    op: 'doctor',
+    request_id: hostdRequestId('gw-doctor'),
+  })
+  if (resp === 'not-configured') {
+    await switchroomReply(ctx, '🩺 Whole-fleet doctor needs hostd, which isn’t configured here — showing this agent instead.', { html: true })
+    await renderSelfDoctor(ctx)
+    return
+  }
+  if (resp.result === 'denied') {
+    await switchroomReply(ctx, `🩺 <b>Whole-fleet doctor denied by hostd:</b>\n${preBlock(formatSwitchroomOutput(resp.error ?? 'admin required'))}`, { html: true })
+    return
+  }
+  // `completed` (including `switchroom doctor` exit 1 = "found
+  // problems", which the handler classifies as completed) or `error`:
+  // the report on stdout (or the error text) is exactly what the
+  // operator wants surfaced.
+  const body = resp.stdout_tail?.trim() || resp.error || '(no output from hostd doctor)'
+  await switchroomReply(ctx, formatDoctorReport(body), { html: true })
+}
+
 bot.command('doctor', async ctx => {
   if (!isAuthorizedSender(ctx)) return
   try {
-    let output: string
-    try { output = switchroomExecCombined(['doctor'], 30000) }
-    catch (err: unknown) { output = (err as any).stdout ?? (err as any).message ?? 'doctor failed' }
-    const trimmed = stripAnsi(output).trim()
-    if (!trimmed) { await switchroomReply(ctx, 'doctor: no output'); return }
-    const pretty = trimmed.replace(/^( *)✓ /gm, '$1🟢 ').replace(/^( *)✗ /gm, '$1🔴 ').replace(/^( *)! /gm, '$1🟡 ')
-    await switchroomReply(ctx, preBlock(formatSwitchroomOutput(pretty)), { html: true })
+    // Admin agents with hostd reachable choose scope (one tap, no
+    // approval card — doctor is read-only). Everyone else keeps the
+    // original zero-extra-tap in-container behaviour.
+    if (AGENT_ADMIN && hostdWillBeUsed(getMyAgentName())) {
+      await switchroomReply(ctx, '🩺 <b>Doctor</b> — which scope?', {
+        html: true,
+        reply_markup: buildDoctorScopeKeyboard(),
+      })
+      return
+    }
+    await renderSelfDoctor(ctx)
   } catch (err: unknown) {
     await switchroomReply(ctx, `<b>doctor failed:</b>\n${preBlock(formatSwitchroomOutput((err as any).message ?? 'unknown error'))}`, { html: true })
   }
@@ -11820,6 +11885,30 @@ bot.on('callback_query:data', async ctx => {
     return
   }
 
+  // dr:<scope> — /doctor scope picker (only shown to admin agents
+  // with hostd reachable). `dr:fleet` → host-side hostd `doctor`
+  // (full fleet); `dr:self` → in-container doctor. Read-only, no
+  // approval card. Same sender-auth as the /doctor command itself —
+  // every callback family must re-auth (the absence of this check
+  // was a past vulnerability class; see apv:/drvpick: notes above).
+  if (data.startsWith('dr:')) {
+    if (!isAuthorizedSender(ctx)) {
+      await ctx.answerCallbackQuery({ text: 'Not authorized.' }).catch(() => {})
+      return
+    }
+    const scope = data.slice(3)
+    await ctx.answerCallbackQuery({
+      text: scope === 'fleet' ? '🩺 Running fleet doctor…' : '🩺 Running doctor…',
+    }).catch(() => {})
+    try {
+      if (scope === 'fleet') await renderFleetDoctor(ctx)
+      else await renderSelfDoctor(ctx)
+    } catch (err: unknown) {
+      await switchroomReply(ctx, `<b>doctor failed:</b>\n${preBlock(formatSwitchroomOutput((err as any).message ?? 'unknown error'))}`, { html: true })
+    }
+    return
+  }
+
   // Issue #228: vault grant management callbacks.
   // vg:revoke:<id> — show confirmation card
   // vg:confirm:<id> — execute revoke