switchroom 0.13.24 → 0.13.25

package/dist/cli/switchroom.js

@@ -13598,7 +13598,6 @@ var init_schema = __esm(() => {
   SessionContinuitySchema = exports_external.object({
     enabled: exports_external.boolean().optional().describe("Master switch for the session-handoff briefing (default true)."),
     show_handoff_line: exports_external.boolean().optional().describe("Whether the telegram plugin prepends a visible '\u21a9\ufe0f Picked up\u2026' " + "line to the first assistant reply after a restart (default true)."),
-    summarizer_model: exports_external.string().regex(/^[a-zA-Z0-9][a-zA-Z0-9._\-/\[\]:]*$/, "Model name must be alphanumeric with ._-/[]: only").optional().describe("Anthropic model used to produce the handoff briefing."),
     max_turns_in_briefing: exports_external.number().int().positive().optional().describe("Cap on recent user/assistant turn pairs fed to the summarizer."),
     resume_mode: exports_external.enum(["auto", "continue", "handoff", "none"]).optional().describe("How to resume the next session. 'handoff' (default as of #362) " + "never passes --continue; a fresh Claude starts each restart and " + "reads a briefing assembled from recent Telegram messages, Hindsight " + "recall, and today's daily memory file. 'auto' uses --continue when " + "the latest JSONL is smaller than resume_max_bytes, else falls back " + "to the handoff briefing. 'continue' always passes --continue. " + "'none' starts completely fresh every time."),
     resume_max_bytes: exports_external.number().int().positive().optional().describe("Byte threshold above which 'auto' mode falls back to handoff " + "instead of --continue. Default 2_000_000 (~2MB). Large transcripts " + "can blow out the context window even with prefix caching, and " + "--continue replay is known-fragile at scale.")
@@ -13645,10 +13644,9 @@ var init_schema = __esm(() => {
           start: exports_external.number().int().min(0).max(23),
           end: exports_external.number().int().min(0).max(23),
           tz: exports_external.string().optional()
-        }).optional(),
-        model: exports_external.string().optional()
+        }).optional()
       })).optional()
-    }).optional().describe("Auto-dispatch rules: when a verified webhook event matches a rule, " + "spawn a one-shot `claude -p` turn for the agent with the rendered " + "prompt. Supports cooldowns, quiet hours, and label/action matchers. " + "Off by default \u2014 opt in per agent. See src/web/webhook-dispatch.ts."),
+    }).optional().describe("Auto-dispatch rules: when a verified webhook event matches a rule, " + "inject the rendered prompt into the agent's live session (#1625). " + "Supports cooldowns, quiet hours, and label/action matchers. " + "Off by default \u2014 opt in per agent. See src/web/webhook-dispatch.ts."),
     webhook_rate_limit: exports_external.object({
       rpm: exports_external.number().int().positive()
     }).optional().describe("Per-source rate limit for the webhook ingest path (#714). " + "Off by default \u2014 when this key is absent the handler skips " + "rate-limit checks entirely. Opt in by setting `rpm` to an " + "integer requests-per-minute (token bucket per (agent, source); " + "burst equal to rpm). When enabled, exceeding the limit returns " + "429 with Retry-After header; first throttle event per " + "(agent, source) per 60s window is written to " + "<agent>/telegram/issues.jsonl. " + "Cascades from defaults.channels.telegram.webhook_rate_limit.")
@@ -21049,6 +21047,7 @@ __export(exports_vault, {
   setStringSecret: () => setStringSecret,
   setSecret: () => setSecret,
   setFilesSecret: () => setFilesSecret,
+  setBinarySecret: () => setBinarySecret,
   saveVault: () => saveVault,
   removeSecret: () => removeSecret,
   openVault: () => openVault,
@@ -21312,6 +21311,13 @@ function setStringSecret(passphrase, vaultPath, key, value, format, scope) {
   }
   setSecret(passphrase, vaultPath, key, entry);
 }
+function setBinarySecret(passphrase, vaultPath, key, value, format, scope) {
+  const entry = format ? { kind: "binary", value, format } : { kind: "binary", value };
+  if (scope !== undefined) {
+    entry.scope = scope;
+  }
+  setSecret(passphrase, vaultPath, key, entry);
+}
 function getStringSecret(passphrase, vaultPath, key) {
   const entry = getSecret(passphrase, vaultPath, key);
   if (entry === null)
@@ -21369,6 +21375,315 @@ var init_vault = __esm(() => {
   ];
 });
 
+// src/vault/broker/peercred-ffi.ts
+function getPeerCred(fd) {
+  if (process.platform !== "linux")
+    return null;
+  try {
+    const ffi = __require("bun:ffi");
+    const { dlopen, FFIType, ptr } = ffi;
+    const SOL_SOCKET = 1;
+    const SO_PEERCRED = 17;
+    const UCRED_SIZE = 12;
+    const cache = getPeerCred;
+    const lib = cache._lib ?? (() => {
+      const candidates = ["libc.so.6", "libc.so"];
+      const symbolSpec = {
+        getsockopt: {
+          args: [FFIType.i32, FFIType.i32, FFIType.i32, FFIType.ptr, FFIType.ptr],
+          returns: FFIType.i32
+        }
+      };
+      const errors2 = [];
+      for (const name of candidates) {
+        try {
+          const opened = dlopen(name, symbolSpec);
+          cache._lib = opened;
+          return opened;
+        } catch (e) {
+          errors2.push(`${name}: ${e instanceof Error ? e.message : String(e)}`);
+        }
+      }
+      process.stderr.write(`[vault-broker] peercred-ffi: dlopen failed for all libc candidates ` + `(${errors2.join("; ")}); falling back to ss-parsing.
+`);
+      throw new Error("no libc candidate could be opened");
+    })();
+    const credBuf = new ArrayBuffer(UCRED_SIZE);
+    const lenBuf = new Uint32Array(1);
+    lenBuf[0] = UCRED_SIZE;
+    const rc = lib.symbols.getsockopt(fd, SOL_SOCKET, SO_PEERCRED, ptr(credBuf), ptr(lenBuf.buffer));
+    if (rc !== 0)
+      return null;
+    if (lenBuf[0] !== UCRED_SIZE)
+      return null;
+    const view = new DataView(credBuf);
+    return {
+      pid: view.getInt32(0, true),
+      uid: view.getInt32(4, true),
+      gid: view.getInt32(8, true)
+    };
+  } catch {
+    return null;
+  }
+}
+
+// src/vault/broker/peercred.ts
+import { execFileSync } from "node:child_process";
+import { readFileSync as readFileSync8, readlinkSync as readlinkSync3, fstatSync } from "node:fs";
+function socketPathToIdentity(socketPath) {
+  if (typeof socketPath !== "string" || socketPath.length === 0)
+    return null;
+  const m = socketPath.match(SOCKET_PATH_AGENT_RE) ?? socketPath.match(SOCKET_PATH_AGENT_SUBDIR_RE);
+  if (!m)
+    return null;
+  const name = m[1];
+  if (name === "operator")
+    return { kind: "operator" };
+  if (RESERVED_AGENT_NAMES.has(name))
+    return null;
+  return { kind: "agent", name };
+}
+function socketPathToAgent(socketPath) {
+  const identity = socketPathToIdentity(socketPath);
+  return identity?.kind === "agent" ? identity.name : null;
+}
+function isReservedAgentName(name) {
+  return RESERVED_AGENT_NAMES.has(name);
+}
+function unlockSocketFor(dataSocketPath) {
+  if (dataSocketPath.endsWith("/sock")) {
+    return dataSocketPath.slice(0, -"/sock".length) + "/unlock";
+  }
+  return dataSocketPath.replace(/\.sock$/, ".unlock.sock");
+}
+function parseSsRows(output) {
+  const rows = [];
+  const lines = output.split(`
+`);
+  for (const line of lines) {
+    if (!line.trim() || line.startsWith("Netid"))
+      continue;
+    const tokens = line.split(/\s+/).filter((t) => t.length > 0);
+    if (tokens.length < 8)
+      continue;
+    const localAddr = tokens[4];
+    const localInode = tokens[5];
+    const peerAddr = tokens[6];
+    const peerInode = tokens[7];
+    const usersToken = tokens.slice(8).join(" ");
+    const m = usersToken.match(/users:\(\(".*?",pid=(\d+),fd=\d+\)\)/);
+    const pid = m ? parseInt(m[1], 10) : null;
+    rows.push({ localAddr, localInode, peerAddr, peerInode, pid });
+  }
+  return rows;
+}
+function findClientPids(rows, socketPath) {
+  const pids = [];
+  for (const serverRow of rows) {
+    if (serverRow.localAddr !== socketPath)
+      continue;
+    for (const clientRow of rows) {
+      if (clientRow.localAddr !== "*")
+        continue;
+      if (clientRow.localInode !== serverRow.peerInode)
+        continue;
+      if (clientRow.pid === null)
+        continue;
+      pids.push(clientRow.pid);
+      break;
+    }
+  }
+  return pids;
+}
+function findClientPidByServerInode(rows, socketPath, serverInode) {
+  const serverInodeStr = String(serverInode);
+  for (const serverRow of rows) {
+    if (serverRow.localAddr !== socketPath)
+      continue;
+    if (serverRow.localInode !== serverInodeStr)
+      continue;
+    for (const clientRow of rows) {
+      if (clientRow.localAddr !== "*")
+        continue;
+      if (clientRow.localInode !== serverRow.peerInode)
+        continue;
+      if (clientRow.pid === null)
+        continue;
+      return clientRow.pid;
+    }
+    return null;
+  }
+  return null;
+}
+function readUid(pid) {
+  try {
+    const status = readFileSync8(`/proc/${pid}/status`, "utf8");
+    const m = status.match(/^Uid:\s+(\d+)/m);
+    if (!m)
+      return null;
+    return parseInt(m[1], 10);
+  } catch {
+    return null;
+  }
+}
+function readExe(pid) {
+  try {
+    return readlinkSync3(`/proc/${pid}/exe`);
+  } catch {
+    return null;
+  }
+}
+function readSystemdUnit(pid) {
+  try {
+    const content = readFileSync8(`/proc/${pid}/cgroup`, "utf8");
+    const lines = content.split(`
+`);
+    for (const line of lines) {
+      if (!line.trim())
+        continue;
+      const parts = line.split(":");
+      if (parts.length < 3)
+        continue;
+      const controller = parts[1];
+      const isV2 = parts[0] === "0" && controller === "";
+      const isV1Systemd = controller === "name=systemd";
+      if (!isV2 && !isV1Systemd)
+        continue;
+      const cgroupPath = parts.slice(2).join(":");
+      const segments = cgroupPath.split("/");
+      const lastSegment = segments[segments.length - 1];
+      if (!lastSegment)
+        continue;
+      if (/^switchroom-[a-zA-Z0-9_-]+(-cron-\d+)?\.service$/.test(lastSegment)) {
+        return lastSegment;
+      }
+    }
+    return null;
+  } catch {
+    return null;
+  }
+}
+function verifySystemdUnit(unitName, runner) {
+  let raw;
+  try {
+    const out = runner("systemctl", [
+      "--user",
+      "show",
+      unitName,
+      "--property=LoadState,ActiveState"
+    ], { timeout: 500, encoding: "utf8" });
+    raw = typeof out === "string" ? out : out.toString("utf8");
+  } catch {
+    return false;
+  }
+  const props = {};
+  for (const line of raw.split(`
+`)) {
+    const m = line.match(/^([A-Za-z]+)=(.*)$/);
+    if (m)
+      props[m[1]] = m[2];
+  }
+  if (props.LoadState !== "loaded")
+    return false;
+  if (props.ActiveState !== "active" && props.ActiveState !== "activating") {
+    return false;
+  }
+  return true;
+}
+function readFdInode(fd) {
+  try {
+    const stat = fstatSync(fd);
+    return stat.ino;
+  } catch {
+    return null;
+  }
+}
+function fdFromSocket(socket) {
+  const handle = socket._handle;
+  if (!handle || typeof handle.fd !== "number" || handle.fd < 0)
+    return null;
+  return handle.fd;
+}
+function identify(socketPath, socket, execFileSyncOverride) {
+  if (process.platform !== "linux") {
+    return null;
+  }
+  const runner = execFileSyncOverride ?? execFileSync;
+  let pid = null;
+  if (socket !== undefined) {
+    const fd = fdFromSocket(socket);
+    if (fd !== null) {
+      const cred = getPeerCred(fd);
+      if (cred !== null)
+        pid = cred.pid;
+    }
+  }
+  if (pid === null) {
+    let ssOutput;
+    try {
+      const raw = runner("ss", ["-xpn"], {
+        timeout: 200,
+        encoding: "utf8"
+      });
+      ssOutput = typeof raw === "string" ? raw : raw.toString("utf8");
+    } catch {
+      return null;
+    }
+    const rows = parseSsRows(ssOutput);
+    let serverInode = null;
+    if (socket !== undefined) {
+      const fd = fdFromSocket(socket);
+      if (fd !== null)
+        serverInode = readFdInode(fd);
+    }
+    if (serverInode !== null) {
+      pid = findClientPidByServerInode(rows, socketPath, serverInode);
+    } else {
+      const clientPids = findClientPids(rows, socketPath);
+      if (clientPids.length === 0)
+        return null;
+      if (clientPids.length > 1) {
+        process.stderr.write(`[vault-broker] peercred: ${clientPids.length} connected peers found for ${socketPath}; ` + `using pid=${clientPids[0]}. ` + `Multiple simultaneous connections reduce identification accuracy. ` + `(This warning means identify() was called without a socket arg \u2014 likely a stale call site.)
+`);
+      }
+      pid = clientPids[0];
+    }
+  }
+  if (pid === null)
+    return null;
+  const uid = readUid(pid);
+  if (uid === null) {
+    return null;
+  }
+  const brokerUid = typeof process.getuid === "function" ? process.getuid() : null;
+  if (brokerUid !== null && uid !== brokerUid) {
+    process.stderr.write(`[vault-broker] peercred: UID mismatch \u2014 caller uid=${uid}, broker uid=${brokerUid}; denying
+`);
+    return null;
+  }
+  const exe = readExe(pid);
+  if (exe === null) {
+    return null;
+  }
+  const cgroupClaim = readSystemdUnit(pid);
+  let systemdUnit = null;
+  if (cgroupClaim !== null) {
+    if (verifySystemdUnit(cgroupClaim, runner)) {
+      systemdUnit = cgroupClaim;
+    } else {
+      process.stderr.write(`[vault-broker] peercred: cgroup claims unit=${cgroupClaim} but systemd-user does not report it as loaded+running; treating caller as unidentified
+`);
+    }
+  }
+  return { uid, pid, exe, systemdUnit };
+}
+var SOCKET_PATH_AGENT_RE, SOCKET_PATH_AGENT_SUBDIR_RE, RESERVED_AGENT_NAMES;
+var init_peercred = __esm(() => {
+  SOCKET_PATH_AGENT_RE = /^\/run\/switchroom\/broker\/([a-zA-Z0-9][a-zA-Z0-9_-]*)\.sock$/;
+  SOCKET_PATH_AGENT_SUBDIR_RE = /^\/run\/switchroom\/broker\/([a-zA-Z0-9][a-zA-Z0-9_-]*)\/sock$/;
+  RESERVED_AGENT_NAMES = new Set(["operator", "hostd"]);
+});
+
 // src/vault/broker/protocol.ts
 function encodeRequest(req) {
   const json = JSON.stringify(req);
@@ -21420,10 +21735,14 @@ function stripWireFields(entry) {
     files: entry.files
   };
 }
-var MAX_FRAME_BYTES, GetRequestSchema, PutRequestSchema, ListRequestSchema, MintGrantRequestSchema, ListGrantsRequestSchema, RevokeGrantRequestSchema, StatusRequestSchema, LockRequestSchema, PreflightAccessRequestSchema, OkPreflightAccessResponseSchema, ApprovalRequestRequestSchema, ApprovalLookupRequestSchema, ApprovalConsumeRequestSchema, ApprovalRevokeRequestSchema, ApprovalListRequestSchema, ApprovalDecisionModeSchema, ApprovalRecordRequestSchema, ApprovalConsumeRecordRequestSchema, RequestSchema, VaultEntrySchema, ErrorCode, OkEntryResponseSchema, OkKeysResponseSchema, BrokerStatus, OkStatusResponseSchema, OkLockResponseSchema, OkPutResponseSchema, OkMintGrantResponseSchema, GrantMetaSchema, OkListGrantsResponseSchema, OkRevokeGrantResponseSchema, OkApprovalRequestResponseSchema, ApprovalDecisionMetaSchema, OkApprovalLookupResponseSchema, OkApprovalConsumeResponseSchema, OkApprovalRevokeResponseSchema, OkApprovalListResponseSchema, OkApprovalRecordResponseSchema, OkApprovalConsumeRecordResponseSchema, ErrorResponseSchema, ResponseSchema;
+var MAX_FRAME_BYTES, AgentNameSchema, GetRequestSchema, PutRequestSchema, ListRequestSchema, MintGrantRequestSchema, ListGrantsRequestSchema, RevokeGrantRequestSchema, StatusRequestSchema, LockRequestSchema, PreflightAccessRequestSchema, OkPreflightAccessResponseSchema, ApprovalRequestRequestSchema, ApprovalLookupRequestSchema, ApprovalConsumeRequestSchema, ApprovalRevokeRequestSchema, ApprovalListRequestSchema, ApprovalDecisionModeSchema, ApprovalRecordRequestSchema, ApprovalConsumeRecordRequestSchema, RequestSchema, VaultEntrySchema, ErrorCode, OkEntryResponseSchema, OkKeysResponseSchema, BrokerStatus, OkStatusResponseSchema, OkLockResponseSchema, OkPutResponseSchema, OkMintGrantResponseSchema, GrantMetaSchema, OkListGrantsResponseSchema, OkRevokeGrantResponseSchema, OkApprovalRequestResponseSchema, ApprovalDecisionMetaSchema, OkApprovalLookupResponseSchema, OkApprovalConsumeResponseSchema, OkApprovalRevokeResponseSchema, OkApprovalListResponseSchema, OkApprovalRecordResponseSchema, OkApprovalConsumeRecordResponseSchema, ErrorResponseSchema, ResponseSchema;
 var init_protocol = __esm(() => {
   init_zod();
+  init_peercred();
   MAX_FRAME_BYTES = 64 * 1024;
+  AgentNameSchema = exports_external.string().min(1).max(64, "agent name max 64 chars").regex(/^[a-zA-Z0-9][a-zA-Z0-9_-]*$/, "agent name must be kebab-case ASCII (alnum + _- only, first char alnum)").refine((s) => !isReservedAgentName(s), {
+    message: "agent name is reserved"
+  });
   GetRequestSchema = exports_external.object({
     v: exports_external.literal(1),
     op: exports_external.literal("get"),
@@ -21451,7 +21770,7 @@ var init_protocol = __esm(() => {
   MintGrantRequestSchema = exports_external.object({
     v: exports_external.literal(1),
     op: exports_external.literal("mint_grant"),
-    agent: exports_external.string().min(1),
+    agent: AgentNameSchema,
     keys: exports_external.array(exports_external.string().min(1)),
     ttl_seconds: exports_external.number().int().positive().nullable(),
     description: exports_external.string().optional(),
@@ -21462,7 +21781,7 @@ var init_protocol = __esm(() => {
   ListGrantsRequestSchema = exports_external.object({
     v: exports_external.literal(1),
     op: exports_external.literal("list_grants"),
-    agent: exports_external.string().optional(),
+    agent: AgentNameSchema.optional(),
     passphrase: exports_external.string().optional(),
     attest_via_posture: exports_external.boolean().optional()
   });
@@ -21482,7 +21801,7 @@ var init_protocol = __esm(() => {
   PreflightAccessRequestSchema = exports_external.object({
     v: exports_external.literal(1),
     op: exports_external.literal("preflight_access"),
-    agent: exports_external.string().min(1),
+    agent: AgentNameSchema,
     keys: exports_external.array(exports_external.string().min(1)).min(1).max(128)
   });
   OkPreflightAccessResponseSchema = exports_external.object({
@@ -21730,315 +22049,6 @@ var init_protocol = __esm(() => {
   ]);
 });
 
-// src/vault/broker/peercred-ffi.ts
-function getPeerCred(fd) {
-  if (process.platform !== "linux")
-    return null;
-  try {
-    const ffi = __require("bun:ffi");
-    const { dlopen, FFIType, ptr } = ffi;
-    const SOL_SOCKET = 1;
-    const SO_PEERCRED = 17;
-    const UCRED_SIZE = 12;
-    const cache = getPeerCred;
-    const lib = cache._lib ?? (() => {
-      const candidates = ["libc.so.6", "libc.so"];
-      const symbolSpec = {
-        getsockopt: {
-          args: [FFIType.i32, FFIType.i32, FFIType.i32, FFIType.ptr, FFIType.ptr],
-          returns: FFIType.i32
-        }
-      };
-      const errors2 = [];
-      for (const name of candidates) {
-        try {
-          const opened = dlopen(name, symbolSpec);
-          cache._lib = opened;
-          return opened;
-        } catch (e) {
-          errors2.push(`${name}: ${e instanceof Error ? e.message : String(e)}`);
-        }
-      }
-      process.stderr.write(`[vault-broker] peercred-ffi: dlopen failed for all libc candidates ` + `(${errors2.join("; ")}); falling back to ss-parsing.
-`);
-      throw new Error("no libc candidate could be opened");
-    })();
-    const credBuf = new ArrayBuffer(UCRED_SIZE);
-    const lenBuf = new Uint32Array(1);
-    lenBuf[0] = UCRED_SIZE;
-    const rc = lib.symbols.getsockopt(fd, SOL_SOCKET, SO_PEERCRED, ptr(credBuf), ptr(lenBuf.buffer));
-    if (rc !== 0)
-      return null;
-    if (lenBuf[0] !== UCRED_SIZE)
-      return null;
-    const view = new DataView(credBuf);
-    return {
-      pid: view.getInt32(0, true),
-      uid: view.getInt32(4, true),
-      gid: view.getInt32(8, true)
-    };
-  } catch {
-    return null;
-  }
-}
-
-// src/vault/broker/peercred.ts
-import { execFileSync } from "node:child_process";
-import { readFileSync as readFileSync8, readlinkSync as readlinkSync3, fstatSync } from "node:fs";
-function socketPathToIdentity(socketPath) {
-  if (typeof socketPath !== "string" || socketPath.length === 0)
-    return null;
-  const m = socketPath.match(SOCKET_PATH_AGENT_RE) ?? socketPath.match(SOCKET_PATH_AGENT_SUBDIR_RE);
-  if (!m)
-    return null;
-  const name = m[1];
-  if (name === "operator")
-    return { kind: "operator" };
-  if (RESERVED_AGENT_NAMES.has(name))
-    return null;
-  return { kind: "agent", name };
-}
-function socketPathToAgent(socketPath) {
-  const identity = socketPathToIdentity(socketPath);
-  return identity?.kind === "agent" ? identity.name : null;
-}
-function isReservedAgentName(name) {
-  return RESERVED_AGENT_NAMES.has(name);
-}
-function unlockSocketFor(dataSocketPath) {
-  if (dataSocketPath.endsWith("/sock")) {
-    return dataSocketPath.slice(0, -"/sock".length) + "/unlock";
-  }
-  return dataSocketPath.replace(/\.sock$/, ".unlock.sock");
-}
-function parseSsRows(output) {
-  const rows = [];
-  const lines = output.split(`
-`);
-  for (const line of lines) {
-    if (!line.trim() || line.startsWith("Netid"))
-      continue;
-    const tokens = line.split(/\s+/).filter((t) => t.length > 0);
-    if (tokens.length < 8)
-      continue;
-    const localAddr = tokens[4];
-    const localInode = tokens[5];
-    const peerAddr = tokens[6];
-    const peerInode = tokens[7];
-    const usersToken = tokens.slice(8).join(" ");
-    const m = usersToken.match(/users:\(\(".*?",pid=(\d+),fd=\d+\)\)/);
-    const pid = m ? parseInt(m[1], 10) : null;
-    rows.push({ localAddr, localInode, peerAddr, peerInode, pid });
-  }
-  return rows;
-}
-function findClientPids(rows, socketPath) {
-  const pids = [];
-  for (const serverRow of rows) {
-    if (serverRow.localAddr !== socketPath)
-      continue;
-    for (const clientRow of rows) {
-      if (clientRow.localAddr !== "*")
-        continue;
-      if (clientRow.localInode !== serverRow.peerInode)
-        continue;
-      if (clientRow.pid === null)
-        continue;
-      pids.push(clientRow.pid);
-      break;
-    }
-  }
-  return pids;
-}
-function findClientPidByServerInode(rows, socketPath, serverInode) {
-  const serverInodeStr = String(serverInode);
-  for (const serverRow of rows) {
-    if (serverRow.localAddr !== socketPath)
-      continue;
-    if (serverRow.localInode !== serverInodeStr)
-      continue;
-    for (const clientRow of rows) {
-      if (clientRow.localAddr !== "*")
-        continue;
-      if (clientRow.localInode !== serverRow.peerInode)
-        continue;
-      if (clientRow.pid === null)
-        continue;
-      return clientRow.pid;
-    }
-    return null;
-  }
-  return null;
-}
-function readUid(pid) {
-  try {
-    const status = readFileSync8(`/proc/${pid}/status`, "utf8");
-    const m = status.match(/^Uid:\s+(\d+)/m);
-    if (!m)
-      return null;
-    return parseInt(m[1], 10);
-  } catch {
-    return null;
-  }
-}
-function readExe(pid) {
-  try {
-    return readlinkSync3(`/proc/${pid}/exe`);
-  } catch {
-    return null;
-  }
-}
-function readSystemdUnit(pid) {
-  try {
-    const content = readFileSync8(`/proc/${pid}/cgroup`, "utf8");
-    const lines = content.split(`
-`);
-    for (const line of lines) {
-      if (!line.trim())
-        continue;
-      const parts = line.split(":");
-      if (parts.length < 3)
-        continue;
-      const controller = parts[1];
-      const isV2 = parts[0] === "0" && controller === "";
-      const isV1Systemd = controller === "name=systemd";
-      if (!isV2 && !isV1Systemd)
-        continue;
-      const cgroupPath = parts.slice(2).join(":");
-      const segments = cgroupPath.split("/");
-      const lastSegment = segments[segments.length - 1];
-      if (!lastSegment)
-        continue;
-      if (/^switchroom-[a-zA-Z0-9_-]+(-cron-\d+)?\.service$/.test(lastSegment)) {
-        return lastSegment;
-      }
-    }
-    return null;
-  } catch {
-    return null;
-  }
-}
-function verifySystemdUnit(unitName, runner) {
-  let raw;
-  try {
-    const out = runner("systemctl", [
-      "--user",
-      "show",
-      unitName,
-      "--property=LoadState,ActiveState"
-    ], { timeout: 500, encoding: "utf8" });
-    raw = typeof out === "string" ? out : out.toString("utf8");
-  } catch {
-    return false;
-  }
-  const props = {};
-  for (const line of raw.split(`
-`)) {
-    const m = line.match(/^([A-Za-z]+)=(.*)$/);
-    if (m)
-      props[m[1]] = m[2];
-  }
-  if (props.LoadState !== "loaded")
-    return false;
-  if (props.ActiveState !== "active" && props.ActiveState !== "activating") {
-    return false;
-  }
-  return true;
-}
-function readFdInode(fd) {
-  try {
-    const stat = fstatSync(fd);
-    return stat.ino;
-  } catch {
-    return null;
-  }
-}
-function fdFromSocket(socket) {
-  const handle = socket._handle;
-  if (!handle || typeof handle.fd !== "number" || handle.fd < 0)
-    return null;
-  return handle.fd;
-}
-function identify(socketPath, socket, execFileSyncOverride) {
-  if (process.platform !== "linux") {
-    return null;
-  }
-  const runner = execFileSyncOverride ?? execFileSync;
-  let pid = null;
-  if (socket !== undefined) {
-    const fd = fdFromSocket(socket);
-    if (fd !== null) {
-      const cred = getPeerCred(fd);
-      if (cred !== null)
-        pid = cred.pid;
-    }
-  }
-  if (pid === null) {
-    let ssOutput;
-    try {
-      const raw = runner("ss", ["-xpn"], {
-        timeout: 200,
-        encoding: "utf8"
-      });
-      ssOutput = typeof raw === "string" ? raw : raw.toString("utf8");
-    } catch {
-      return null;
-    }
-    const rows = parseSsRows(ssOutput);
-    let serverInode = null;
-    if (socket !== undefined) {
-      const fd = fdFromSocket(socket);
-      if (fd !== null)
-        serverInode = readFdInode(fd);
-    }
-    if (serverInode !== null) {
-      pid = findClientPidByServerInode(rows, socketPath, serverInode);
-    } else {
-      const clientPids = findClientPids(rows, socketPath);
-      if (clientPids.length === 0)
-        return null;
-      if (clientPids.length > 1) {
-        process.stderr.write(`[vault-broker] peercred: ${clientPids.length} connected peers found for ${socketPath}; ` + `using pid=${clientPids[0]}. ` + `Multiple simultaneous connections reduce identification accuracy. ` + `(This warning means identify() was called without a socket arg \u2014 likely a stale call site.)
-`);
-      }
-      pid = clientPids[0];
-    }
-  }
-  if (pid === null)
-    return null;
-  const uid = readUid(pid);
-  if (uid === null) {
-    return null;
-  }
-  const brokerUid = typeof process.getuid === "function" ? process.getuid() : null;
-  if (brokerUid !== null && uid !== brokerUid) {
-    process.stderr.write(`[vault-broker] peercred: UID mismatch \u2014 caller uid=${uid}, broker uid=${brokerUid}; denying
-`);
-    return null;
-  }
-  const exe = readExe(pid);
-  if (exe === null) {
-    return null;
-  }
-  const cgroupClaim = readSystemdUnit(pid);
-  let systemdUnit = null;
-  if (cgroupClaim !== null) {
-    if (verifySystemdUnit(cgroupClaim, runner)) {
-      systemdUnit = cgroupClaim;
-    } else {
-      process.stderr.write(`[vault-broker] peercred: cgroup claims unit=${cgroupClaim} but systemd-user does not report it as loaded+running; treating caller as unidentified
-`);
-    }
-  }
-  return { uid, pid, exe, systemdUnit };
-}
-var SOCKET_PATH_AGENT_RE, SOCKET_PATH_AGENT_SUBDIR_RE, RESERVED_AGENT_NAMES;
-var init_peercred = __esm(() => {
-  SOCKET_PATH_AGENT_RE = /^\/run\/switchroom\/broker\/([a-zA-Z0-9][a-zA-Z0-9_-]*)\.sock$/;
-  SOCKET_PATH_AGENT_SUBDIR_RE = /^\/run\/switchroom\/broker\/([a-zA-Z0-9][a-zA-Z0-9_-]*)\/sock$/;
-  RESERVED_AGENT_NAMES = new Set(["operator", "hostd"]);
-});
-
 // src/runtime-mode.ts
 function isDockerRuntime() {
   return process.env.SWITCHROOM_RUNTIME === "docker";
@@ -25539,6 +25549,7 @@ var init_broker_call = __esm(() => {
 
 // src/auth/account-store.ts
 import {
+  chownSync,
   existsSync as existsSync26,
   mkdirSync as mkdirSync15,
   readFileSync as readFileSync22,
@@ -29089,7 +29100,7 @@ function decodeResponse3(line) {
   const obj = JSON.parse(line);
   return ResponseSchema3.parse(obj);
 }
-var MAX_FRAME_BYTES3, RequestEnvelope, AgentRestartRequestSchema, UpgradeStatusRequestSchema, GetStatusRequestSchema, AgentNameSchema, UpdateCheckRequestSchema, UpdateApplyRequestSchema, ApplyRequestSchema, AgentStartRequestSchema, AgentStopRequestSchema, AgentLogsRequestSchema, AgentExecRequestSchema, DoctorRequestSchema, AgentSmokeRequestSchema, ConfigProposeEditRequestSchema, RequestSchema3, ResultSchema, ResponseEnvelope, ResponseSchema3;
+var MAX_FRAME_BYTES3, RequestEnvelope, AgentRestartRequestSchema, UpgradeStatusRequestSchema, GetStatusRequestSchema, AgentNameSchema2, UpdateCheckRequestSchema, UpdateApplyRequestSchema, ApplyRequestSchema, AgentStartRequestSchema, AgentStopRequestSchema, AgentLogsRequestSchema, AgentExecRequestSchema, DoctorRequestSchema, AgentSmokeRequestSchema, ConfigProposeEditRequestSchema, RequestSchema3, ResultSchema, ResponseEnvelope, ResponseSchema3;
 var init_protocol3 = __esm(() => {
   init_zod();
   MAX_FRAME_BYTES3 = 64 * 1024;
@@ -29119,7 +29130,7 @@ var init_protocol3 = __esm(() => {
       target_request_id: exports_external.string().min(1).max(128)
     })
   });
-  AgentNameSchema = exports_external.string().regex(/^[a-zA-Z0-9][a-zA-Z0-9_-]*$/, "agent name must be kebab-case ASCII");
+  AgentNameSchema2 = exports_external.string().regex(/^[a-zA-Z0-9][a-zA-Z0-9_-]*$/, "agent name must be kebab-case ASCII");
   UpdateCheckRequestSchema = exports_external.object({
     ...RequestEnvelope,
     op: exports_external.literal("update_check"),
@@ -29144,21 +29155,21 @@ var init_protocol3 = __esm(() => {
     ...RequestEnvelope,
     op: exports_external.literal("agent_start"),
     args: exports_external.object({
-      name: AgentNameSchema
+      name: AgentNameSchema2
     })
   });
   AgentStopRequestSchema = exports_external.object({
     ...RequestEnvelope,
     op: exports_external.literal("agent_stop"),
     args: exports_external.object({
-      name: AgentNameSchema
+      name: AgentNameSchema2
     })
   });
   AgentLogsRequestSchema = exports_external.object({
     ...RequestEnvelope,
     op: exports_external.literal("agent_logs"),
     args: exports_external.object({
-      name: AgentNameSchema,
+      name: AgentNameSchema2,
       tail: exports_external.number().int().positive().max(2000).optional()
     })
   });
@@ -29166,7 +29177,7 @@ var init_protocol3 = __esm(() => {
     ...RequestEnvelope,
     op: exports_external.literal("agent_exec"),
     args: exports_external.object({
-      name: AgentNameSchema,
+      name: AgentNameSchema2,
       argv: exports_external.array(exports_external.string().min(1)).min(1).max(32)
     })
   });
@@ -29179,7 +29190,7 @@ var init_protocol3 = __esm(() => {
     ...RequestEnvelope,
     op: exports_external.literal("agent_smoke"),
     args: exports_external.object({
-      name: AgentNameSchema,
+      name: AgentNameSchema2,
       deep: exports_external.boolean().optional()
     })
   });
@@ -47331,8 +47342,8 @@ var {
 } = import__.default;
 
 // src/build-info.ts
-var VERSION = "0.13.24";
-var COMMIT_SHA = "9bfca233";
+var VERSION = "0.13.25";
+var COMMIT_SHA = "e927d05d";
 
 // src/cli/agent.ts
 init_source();
@@ -55825,7 +55836,7 @@ import { spawn as spawn3 } from "node:child_process";
 init_compose();
 init_vault();
 import * as net3 from "node:net";
-import { mkdirSync as mkdirSync20, chmodSync as chmodSync7, chownSync, existsSync as existsSync33, readFileSync as readFileSync29, readdirSync as readdirSync15, statSync as statSync19, unlinkSync as unlinkSync8, writeFileSync as writeFileSync18, renameSync as renameSync9 } from "node:fs";
+import { mkdirSync as mkdirSync20, chmodSync as chmodSync7, chownSync as chownSync2, existsSync as existsSync33, readFileSync as readFileSync29, readdirSync as readdirSync15, statSync as statSync19, unlinkSync as unlinkSync8, writeFileSync as writeFileSync18, renameSync as renameSync9 } from "node:fs";
 import { dirname as dirname6, resolve as resolve25, basename as basename5 } from "node:path";
 import * as os4 from "node:os";
 import * as path3 from "node:path";
@@ -58622,7 +58633,7 @@ class VaultBroker {
         const dir = abs.slice(0, -"/sock".length);
         if (existsSync33(dir)) {
           try {
-            chownSync(dir, 0, 0);
+            chownSync2(dir, 0, 0);
           } catch {}
           try {
             chmodSync7(dir, 448);
@@ -58649,12 +58660,12 @@ class VaultBroker {
         try {
           const uid = allocateAgentUid(agentName);
           try {
-            chownSync(abs, uid, uid);
+            chownSync2(abs, uid, uid);
           } catch {}
           if (abs.endsWith("/sock")) {
             const dir = abs.slice(0, -"/sock".length);
             try {
-              chownSync(dir, uid, uid);
+              chownSync2(dir, uid, uid);
             } catch {}
           }
         } catch {}
@@ -58689,7 +58700,7 @@ class VaultBroker {
       return;
     try {
       if (existsSync33(this.vaultPath))
-        chownSync(this.vaultPath, uid, uid);
+        chownSync2(this.vaultPath, uid, uid);
     } catch {}
   }
   bindOperatorListener(socketPath, operatorUid) {
@@ -58703,7 +58714,7 @@ class VaultBroker {
       const dir = abs.slice(0, -"/sock".length);
       if (existsSync33(dir)) {
         try {
-          chownSync(dir, 0, 0);
+          chownSync2(dir, 0, 0);
         } catch {}
         try {
           chmodSync7(dir, 448);
@@ -58727,7 +58738,7 @@ class VaultBroker {
           chmodSync7(abs, 384);
         } catch {}
         try {
-          chownSync(abs, operatorUid, operatorUid);
+          chownSync2(abs, operatorUid, operatorUid);
         } catch {}
         const unlockServer = net3.createServer((sock) => {
           this._handleUnlockConnection(sock, true);
@@ -58738,12 +58749,12 @@ class VaultBroker {
             chmodSync7(unlockAbs, 384);
           } catch {}
           try {
-            chownSync(unlockAbs, operatorUid, operatorUid);
+            chownSync2(unlockAbs, operatorUid, operatorUid);
           } catch {}
           if (abs.endsWith("/sock")) {
             const dir = abs.slice(0, -"/sock".length);
             try {
-              chownSync(dir, operatorUid, operatorUid);
+              chownSync2(dir, operatorUid, operatorUid);
             } catch {}
             try {
               chmodSync7(dir, 448);
@@ -59586,7 +59597,7 @@ class VaultBroker {
       const revoked = revokeGrant(this.grantsDb, id);
       try {
         const row = this.grantsDb.query("SELECT agent_slug FROM vault_grants WHERE id = ?").get(id);
-        if (row) {
+        if (row && AgentNameSchema.safeParse(row.agent_slug).success) {
           const tokenPath = path3.join(os4.homedir(), ".switchroom", "agents", row.agent_slug, ".vault-token");
           if (existsSync33(tokenPath)) {
             try {
@@ -61405,9 +61416,18 @@ function registerVaultCommand(program3) {
       }
       const passphrase = await getPassphrase();
       let value;
+      let isBinaryFile = false;
       if (opts.file) {
         try {
-          value = readFileSync34(resolvePath(opts.file), "utf8");
+          const buf = readFileSync34(resolvePath(opts.file));
+          const asUtf8 = buf.toString("utf8");
+          if (Buffer.compare(buf, Buffer.from(asUtf8, "utf8")) === 0) {
+            value = asUtf8;
+          } else {
+            value = buf.toString("base64");
+            isBinaryFile = true;
+            console.error(source_default.yellow(`note: file contains non-UTF-8 bytes; storing as kind="binary" ` + `(base64-encoded). Retrieve with: switchroom vault get ${key} | base64 -d`));
+          }
         } catch (err) {
           const msg = err instanceof Error ? err.message : String(err);
           console.error(source_default.red(`Error reading file: ${msg}`));
@@ -61422,7 +61442,7 @@ function registerVaultCommand(program3) {
         console.error(source_default.red("Error: Value cannot be empty"));
         process.exit(1);
       }
-      if (formatHint) {
+      if (formatHint && !isBinaryFile) {
         const validationError = validateFormatHint(value, formatHint);
         if (validationError) {
           console.error(source_default.red(`Error: format validation failed for --format ${formatHint}: ${validationError}`));
@@ -61451,7 +61471,11 @@ function registerVaultCommand(program3) {
           }
         } catch {}
       }
-      setStringSecret(passphrase, vaultPath, key, value, formatHint, scope);
+      if (isBinaryFile) {
+        setBinarySecret(passphrase, vaultPath, key, value, formatHint, scope);
+      } else {
+        setStringSecret(passphrase, vaultPath, key, value, formatHint, scope);
+      }
       if (formatHint && scope) {
         const scopeDesc = [
           scope.allow?.length ? `allow: ${scope.allow.join(", ")}` : "",
@@ -62193,13 +62217,12 @@ function registerDispatchVerb(tg, _program) {
 `)) {
         console.log(`    ${line}`);
       }
-      console.log(`  model: ${rule.model ?? "claude-sonnet-4-6"}`);
     }
     console.log();
     if (matchCount === 0) {
       console.log(source_default.yellow("No rules matched \u2014 no dispatch would fire."));
     } else {
-      console.log(source_default.green(`${matchCount} rule(s) matched. ` + `Run without --dry-run in production to spawn claude -p.`));
+      console.log(source_default.green(`${matchCount} rule(s) matched. ` + `The webhook turn injects into the agent's live session \u2014 ` + `agent's configured model wins.`));
     }
   }));
 }
@@ -74040,7 +74063,7 @@ function detectInstallType() {
 
 // src/cli/operator-uid.ts
 import {
-  chownSync as chownSync2,
+  chownSync as chownSync3,
   existsSync as existsSync66,
   lstatSync as lstatSync7,
   readdirSync as readdirSync24,
@@ -74074,7 +74097,7 @@ function operatorOwnedPaths(home2) {
   ];
 }
 function restoreOperatorOwnership(home2, operatorUid, deps = {}) {
-  const chown = deps.chown ?? ((p, u, g) => chownSync2(p, u, g));
+  const chown = deps.chown ?? ((p, u, g) => chownSync3(p, u, g));
   const exists = deps.exists ?? ((p) => existsSync66(p));
   const isSymlink = deps.isSymlink ?? ((p) => {
     try {