switchroom 0.13.25 → 0.13.26

package/dist/cli/switchroom.js

@@ -29405,6 +29405,7 @@ __export(exports_doctor, {
   tryReadHostFile: () => tryReadHostFile,
   telegramGetMe: () => telegramGetMe,
   registerDoctorCommand: () => registerDoctorCommand,
+  probeVaultBrokerSocketPair: () => probeVaultBrokerSocketPair,
   printSection: () => printSection,
   parseSimpleEnv: () => parseSimpleEnv,
   parsePythonVersion: () => parsePythonVersion,
@@ -29417,6 +29418,7 @@ __export(exports_doctor, {
   findChromium: () => findChromium,
   deriveEd25519PublicKeyBytes: () => deriveEd25519PublicKeyBytes,
   classifyReadError: () => classifyReadError,
+  checkVaultBrokerSocketPairs: () => checkVaultBrokerSocketPairs,
   checkTelegram: () => checkTelegram,
   checkStartShStale: () => checkStartShStale,
   checkSkillsPrerequisites: () => checkSkillsPrerequisites,
@@ -29742,6 +29744,93 @@ function checkLegacyState() {
   }
   return results;
 }
+function probeVaultBrokerSocketPair(agentName) {
+  const dataPath = `/run/switchroom/broker/${agentName}/sock`;
+  const unlockPath = `/run/switchroom/broker/${agentName}/unlock`;
+  const script = `D=0; U=0; ` + `test -S '${dataPath}' && D=1; ` + `test -S '${unlockPath}' && U=1; ` + `echo "D=$D U=$U"`;
+  const r = spawnSync7("docker", ["exec", "switchroom-vault-broker", "sh", "-c", script], { stdio: "pipe", timeout: 3000 });
+  if (r.error || r.status === null)
+    return "unreachable";
+  if (r.status !== 0) {
+    if (r.status >= 125)
+      return "unreachable";
+    return "unreachable";
+  }
+  const out = r.stdout.toString();
+  const dOk = /D=1/.test(out);
+  const uOk = /U=1/.test(out);
+  if (dOk && uOk)
+    return "ok";
+  if (dOk && !uOk)
+    return "missing-unlock";
+  if (!dOk && uOk)
+    return "missing-data";
+  return "missing-both";
+}
+function checkVaultBrokerSocketPairs(config, opts) {
+  const agentNames = Object.keys(config.agents ?? {}).sort();
+  if (agentNames.length === 0) {
+    return {
+      name: "vault-broker per-agent socket pairs",
+      status: "ok",
+      detail: "no agents configured"
+    };
+  }
+  const probe2 = opts?.probe ?? probeVaultBrokerSocketPair;
+  const states = new Map;
+  for (const name of agentNames) {
+    states.set(name, probe2(name));
+  }
+  const allUnreachable = [...states.values()].every((s) => s === "unreachable");
+  if (allUnreachable) {
+    return {
+      name: "vault-broker per-agent socket pairs",
+      status: "skip",
+      detail: "vault-broker container unreachable \u2014 couldn't probe per-agent socket pairs",
+      fix: "Check the vault-broker service health row above; `switchroom update` brings it back"
+    };
+  }
+  const groups = {
+    "missing-unlock": [],
+    "missing-data": [],
+    "missing-both": [],
+    unreachable: []
+  };
+  let okCount = 0;
+  for (const [name, state] of states) {
+    if (state === "ok") {
+      okCount++;
+    } else {
+      groups[state].push(name);
+    }
+  }
+  if (okCount === agentNames.length) {
+    return {
+      name: "vault-broker per-agent socket pairs",
+      status: "ok",
+      detail: `${okCount}/${agentNames.length} agents: data + unlock sockets bound`
+    };
+  }
+  const parts = [];
+  if (groups["missing-unlock"].length > 0) {
+    parts.push(`unlock missing: ${groups["missing-unlock"].join(", ")} ` + `(the documented Telegram /vault unlock flow fails ENOENT for these)`);
+  }
+  if (groups["missing-data"].length > 0) {
+    parts.push(`data missing: ${groups["missing-data"].join(", ")}`);
+  }
+  if (groups["missing-both"].length > 0) {
+    parts.push(`both missing: ${groups["missing-both"].join(", ")}`);
+  }
+  if (groups["unreachable"].length > 0) {
+    parts.push(`unreachable: ${groups["unreachable"].join(", ")}`);
+  }
+  return {
+    name: "vault-broker per-agent socket pairs",
+    status: "fail",
+    detail: `${okCount}/${agentNames.length} ok \u2014 ${parts.join("; ")}`,
+    fix: "Run `switchroom update` (or `switchroom apply` then recreate the " + "vault-broker container). If only the unlock half is missing, the " + "broker image predates PR #1721 \u2014 pull the latest image."
+  };
+}
 function checkVault(config) {
   const vaultPath = config.vault?.path ? config.vault.path.replace(/^~/, process.env.HOME ?? "") : resolveStatePath("vault.enc");
   const broker = config.vault?.broker;
@@ -29760,6 +29849,7 @@ function checkVault(config) {
     status: "ok",
     detail: "Approval auth: passphrase (two-factor)"
   };
+  const pairsResult = checkVaultBrokerSocketPairs(config);
   if (!existsSync50(vaultPath)) {
     return [
       postureResult,
@@ -29768,7 +29858,8 @@ function checkVault(config) {
         status: "warn",
         detail: `${vaultPath} not found`,
         fix: "Run `switchroom vault init` if you plan to store secrets in the vault"
-      }
+      },
+      pairsResult
     ];
   }
   const passphrase = process.env.SWITCHROOM_VAULT_PASSPHRASE;
@@ -29785,7 +29876,8 @@ function checkVault(config) {
         status: "skip",
         detail: "SWITCHROOM_VAULT_PASSPHRASE not set; cannot verify decrypt",
         fix: "Export SWITCHROOM_VAULT_PASSPHRASE to verify the vault unlocks"
-      }
+      },
+      pairsResult
     ];
   }
   try {
@@ -29796,7 +29888,8 @@ function checkVault(config) {
         name: "vault unlock",
         status: "ok",
         detail: `${keys.length} secret(s)`
-      }
+      },
+      pairsResult
     ];
   } catch (err) {
     return [
@@ -29806,7 +29899,8 @@ function checkVault(config) {
         status: "fail",
         detail: err.message,
         fix: "SWITCHROOM_VAULT_PASSPHRASE is wrong, or the vault file is corrupted"
-      }
+      },
+      pairsResult
     ];
   }
 }
@@ -47342,8 +47436,8 @@ var {
 } = import__.default;
 
 // src/build-info.ts
-var VERSION = "0.13.25";
-var COMMIT_SHA = "e927d05d";
+var VERSION = "0.13.26";
+var COMMIT_SHA = "b2767bb7";
 
 // src/cli/agent.ts
 init_source();
@@ -58657,20 +58751,48 @@ class VaultBroker {
         try {
           chmodSync7(abs, 432);
         } catch {}
+        let agentUid = null;
         try {
-          const uid = allocateAgentUid(agentName);
+          agentUid = allocateAgentUid(agentName);
           try {
-            chownSync2(abs, uid, uid);
+            chownSync2(abs, agentUid, agentUid);
           } catch {}
           if (abs.endsWith("/sock")) {
             const dir = abs.slice(0, -"/sock".length);
             try {
-              chownSync2(dir, uid, uid);
+              chownSync2(dir, agentUid, agentUid);
             } catch {}
           }
         } catch {}
         this.agentServers.set(abs, { server, agentName });
-        resolveP(agentName);
+        const unlockAbs = unlockSocketFor(abs);
+        if (existsSync33(unlockAbs)) {
+          try {
+            unlinkSync8(unlockAbs);
+          } catch {}
+        }
+        const unlockServer = net3.createServer((sock) => {
+          this._handleUnlockConnection(sock, false);
+        });
+        unlockServer.on("error", (err) => {
+          try {
+            server.close();
+          } catch {}
+          this.agentServers.delete(abs);
+          rejectP(err);
+        });
+        unlockServer.listen(unlockAbs, () => {
+          try {
+            chmodSync7(unlockAbs, 432);
+          } catch {}
+          if (agentUid !== null) {
+            try {
+              chownSync2(unlockAbs, agentUid, agentUid);
+            } catch {}
+          }
+          this.agentServers.set(unlockAbs, { server: unlockServer, agentName });
+          resolveP(agentName);
+        });
       });
     });
   }

package/dist/vault/broker/server.js

@@ -16009,20 +16009,48 @@ class VaultBroker {
         try {
           chmodSync4(abs, 432);
         } catch {}
+        let agentUid = null;
         try {
-          const uid = allocateAgentUid(agentName);
+          agentUid = allocateAgentUid(agentName);
           try {
-            chownSync(abs, uid, uid);
+            chownSync(abs, agentUid, agentUid);
           } catch {}
           if (abs.endsWith("/sock")) {
             const dir = abs.slice(0, -"/sock".length);
             try {
-              chownSync(dir, uid, uid);
+              chownSync(dir, agentUid, agentUid);
             } catch {}
           }
         } catch {}
         this.agentServers.set(abs, { server, agentName });
-        resolveP(agentName);
+        const unlockAbs = unlockSocketFor(abs);
+        if (existsSync8(unlockAbs)) {
+          try {
+            unlinkSync4(unlockAbs);
+          } catch {}
+        }
+        const unlockServer = net.createServer((sock) => {
+          this._handleUnlockConnection(sock, false);
+        });
+        unlockServer.on("error", (err) => {
+          try {
+            server.close();
+          } catch {}
+          this.agentServers.delete(abs);
+          rejectP(err);
+        });
+        unlockServer.listen(unlockAbs, () => {
+          try {
+            chmodSync4(unlockAbs, 432);
+          } catch {}
+          if (agentUid !== null) {
+            try {
+              chownSync(unlockAbs, agentUid, agentUid);
+            } catch {}
+          }
+          this.agentServers.set(unlockAbs, { server: unlockServer, agentName });
+          resolveP(agentName);
+        });
       });
     });
   }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "switchroom",
-  "version": "0.13.25",
+  "version": "0.13.26",
   "description": "Run Claude Code 24/7 on your Claude Pro/Max subscription over Telegram. Open-source alternative to OpenClaw and NanoClaw — no API keys.",
   "type": "module",
   "bin": {

package/telegram-plugin/dist/gateway/gateway.js

@@ -48328,10 +48328,10 @@ function sweepStaleTurnActiveMarker(stateDir, opts) {
 }
 
 // ../src/build-info.ts
-var VERSION = "0.13.25";
-var COMMIT_SHA = "e927d05d";
-var COMMIT_DATE = "2026-05-24T05:14:52Z";
-var LATEST_PR = 1717;
+var VERSION = "0.13.26";
+var COMMIT_SHA = "b2767bb7";
+var COMMIT_DATE = "2026-05-24T07:35:41Z";
+var LATEST_PR = 1723;
 var COMMITS_AHEAD_OF_TAG = 0;
 
 // gateway/boot-version.ts