switchroom 0.13.39 → 0.13.41

package/dist/agent-scheduler/index.js

@@ -10972,7 +10972,7 @@ var AgentBindMountSchema = exports_external.object({
 var ScheduleEntrySchema = exports_external.object({
   cron: exports_external.string().describe("Cron expression (e.g., '0 8 * * *')"),
   prompt: exports_external.string().describe("Prompt to send at the scheduled time"),
-  model: exports_external.string().optional().describe("DEPRECATED / IGNORED. Pre-v0.8 the singleton scheduler ran each " + "task as an isolated `claude -p` and could set --model per task. " + "Post cron-fold-in (v0.8) the fire is injected into the agent's " + "running session, so it always uses the agent's configured model " + "— this field has no effect. Accepted (optional) only so existing " + "configs keep validating; set the model at the agent level instead. " + "See docs/scheduling.md."),
+  model: exports_external.string().optional().describe("DEPRECATED / IGNORED. Pre-v0.8 the singleton scheduler ran each " + "task as an isolated headless invocation and could set --model per " + "task. Post cron-fold-in (v0.8) the fire is injected into the agent's " + "running session, so it always uses the agent's configured model " + "— this field has no effect. Accepted (optional) only so existing " + "configs keep validating; set the model at the agent level instead. " + "See docs/scheduling.md."),
   secrets: exports_external.array(exports_external.string().regex(/^[a-zA-Z0-9_\-/]+$/, "Secret key names must contain only alphanumeric characters, underscores, hyphens, and forward slashes")).default([]).describe("Vault key names this cron task may read via the vault-broker daemon. " + "Empty by default — broker requests for unlisted keys are denied. " + "Note: this is misconfiguration protection (a typo in cron-A doesn't " + "accidentally read cron-B's keys) rather than a security boundary — " + "anyone who can edit cron scripts can also edit switchroom.yaml, and " + "anyone with the vault passphrase can read the vault file directly. " + "See docs/configuration.md for the full framing.")
 });
 var AgentSoulSchema = exports_external.object({

package/dist/auth-broker/index.js

@@ -10972,7 +10972,7 @@ var AgentBindMountSchema = exports_external.object({
 var ScheduleEntrySchema = exports_external.object({
   cron: exports_external.string().describe("Cron expression (e.g., '0 8 * * *')"),
   prompt: exports_external.string().describe("Prompt to send at the scheduled time"),
-  model: exports_external.string().optional().describe("DEPRECATED / IGNORED. Pre-v0.8 the singleton scheduler ran each " + "task as an isolated `claude -p` and could set --model per task. " + "Post cron-fold-in (v0.8) the fire is injected into the agent's " + "running session, so it always uses the agent's configured model " + "— this field has no effect. Accepted (optional) only so existing " + "configs keep validating; set the model at the agent level instead. " + "See docs/scheduling.md."),
+  model: exports_external.string().optional().describe("DEPRECATED / IGNORED. Pre-v0.8 the singleton scheduler ran each " + "task as an isolated headless invocation and could set --model per " + "task. Post cron-fold-in (v0.8) the fire is injected into the agent's " + "running session, so it always uses the agent's configured model " + "— this field has no effect. Accepted (optional) only so existing " + "configs keep validating; set the model at the agent level instead. " + "See docs/scheduling.md."),
   secrets: exports_external.array(exports_external.string().regex(/^[a-zA-Z0-9_\-/]+$/, "Secret key names must contain only alphanumeric characters, underscores, hyphens, and forward slashes")).default([]).describe("Vault key names this cron task may read via the vault-broker daemon. " + "Empty by default — broker requests for unlisted keys are denied. " + "Note: this is misconfiguration protection (a typo in cron-A doesn't " + "accidentally read cron-B's keys) rather than a security boundary — " + "anyone who can edit cron scripts can also edit switchroom.yaml, and " + "anyone with the vault passphrase can read the vault file directly. " + "See docs/configuration.md for the full framing.")
 });
 var AgentSoulSchema = exports_external.object({

package/dist/cli/switchroom.js

@@ -13536,7 +13536,7 @@ var init_schema = __esm(() => {
   ScheduleEntrySchema = exports_external.object({
     cron: exports_external.string().describe("Cron expression (e.g., '0 8 * * *')"),
     prompt: exports_external.string().describe("Prompt to send at the scheduled time"),
-    model: exports_external.string().optional().describe("DEPRECATED / IGNORED. Pre-v0.8 the singleton scheduler ran each " + "task as an isolated `claude -p` and could set --model per task. " + "Post cron-fold-in (v0.8) the fire is injected into the agent's " + "running session, so it always uses the agent's configured model " + "\u2014 this field has no effect. Accepted (optional) only so existing " + "configs keep validating; set the model at the agent level instead. " + "See docs/scheduling.md."),
+    model: exports_external.string().optional().describe("DEPRECATED / IGNORED. Pre-v0.8 the singleton scheduler ran each " + "task as an isolated headless invocation and could set --model per " + "task. Post cron-fold-in (v0.8) the fire is injected into the agent's " + "running session, so it always uses the agent's configured model " + "\u2014 this field has no effect. Accepted (optional) only so existing " + "configs keep validating; set the model at the agent level instead. " + "See docs/scheduling.md."),
     secrets: exports_external.array(exports_external.string().regex(/^[a-zA-Z0-9_\-/]+$/, "Secret key names must contain only alphanumeric characters, underscores, hyphens, and forward slashes")).default([]).describe("Vault key names this cron task may read via the vault-broker daemon. " + "Empty by default \u2014 broker requests for unlisted keys are denied. " + "Note: this is misconfiguration protection (a typo in cron-A doesn't " + "accidentally read cron-B's keys) rather than a security boundary \u2014 " + "anyone who can edit cron scripts can also edit switchroom.yaml, and " + "anyone with the vault passphrase can read the vault file directly. " + "See docs/configuration.md for the full framing.")
   });
   AgentSoulSchema = exports_external.object({
@@ -22991,6 +22991,9 @@ function generateCompose(opts) {
   lines.push(`      - ${homePrefix}/.switchroom/vault-auto-unlock:/state/vault-auto-unlock:ro`);
   lines.push(`      - ${homePrefix}/.switchroom/vault-audit.log:/root/.switchroom/vault-audit.log`);
   lines.push(`      - ${homePrefix}/.switchroom/vault-grants.db:/root/.switchroom/vault-grants.db`);
+  for (const a of describeAgents(config)) {
+    lines.push(`      - ${homePrefix}/.switchroom/agents/${a.name}/.vault-token:/root/.switchroom/agents/${a.name}/.vault-token`);
+  }
   lines.push(`      - /etc/machine-id:/etc/machine-id:ro`);
   lines.push(``);
   lines.push(`  approval-kernel:`);
@@ -47744,8 +47747,8 @@ var {
 } = import__.default;
 
 // src/build-info.ts
-var VERSION = "0.13.39";
-var COMMIT_SHA = "8681f423";
+var VERSION = "0.13.41";
+var COMMIT_SHA = "c5897e47";
 
 // src/cli/agent.ts
 init_source();
@@ -47838,7 +47841,7 @@ import {
 } from "node:fs";
 import { homedir as homedir4 } from "node:os";
 import { execSync, execFileSync as execFileSync2 } from "node:child_process";
-import { basename as basename3, join as join8, resolve as resolve10 } from "node:path";
+import { join as join8, resolve as resolve10 } from "node:path";
 import { createHash as createHash2 } from "node:crypto";
 
 // src/agents/cron-unit-name.ts
@@ -47849,14 +47852,10 @@ function cronUnitHash(cron, prompt) {
 function cronUnitName(cron, prompt) {
   return `cron-${cronUnitHash(cron, prompt)}`;
 }
-function cronScriptFilename(cron, prompt) {
-  return `${cronUnitName(cron, prompt)}.sh`;
-}
 var CRON_SCRIPT_BASENAME_RE = /^cron-[0-9a-f]{12}\.sh$/;
 var LEGACY_CRON_SCRIPT_BASENAME_RE = /^cron-(\d+)\.sh$/;
 
 // src/agents/scaffold.ts
-init_overlay_loader();
 init_schema();
 init_merge();
 init_timezone();
@@ -48029,52 +48028,6 @@ function applyTelegramProgressGuidance(body, args) {
     return body;
   return body + buildTelegramProgressGuidance({ defaultChatId: args.defaultChatId });
 }
-function buildCronTelegramGuidance(args) {
-  const issuesBlock = args.jobSlug ? `
-
-## If you need to record a transient issue
-
-If something half-broken happens during this run (e.g. an upstream API timed out, a vault key was missing, a non-fatal data gap), record it via:
-
-\`\`\`
-switchroom issues record --severity warn --source "cron:${args.jobSlug}" --code <stable-code> --summary "<one-line>" --detail "Fix: <one-line remediation, e.g. exact command the user can run>"
-\`\`\`
-
-The \`--detail\` field is rendered as a "\u2192 Fix: ..." line under the issue on the user's Telegram card. Make it actionable \u2014 a copy-pastable command or a one-line action, not a description of the problem. Examples:
-
-- \`--detail "Fix: switchroom vault unlock"\` (when the vault broker is locked)
-- \`--detail "Fix: re-run \`claude setup-token\` for ken@example.com"\` (when an account is unauthenticated)
-- \`--detail "Fix: \\\`switchroom auth heal --account=<name>\\\`"\` (when an OAuth token expired)
-
-Skip \`--detail\` if there's no clean one-line fix \u2014 leaving it empty means the card shows just the summary, which is fine.
-
-Use the EXACT \`--source "cron:${args.jobSlug}"\` shown above \u2014 the cron wrapper auto-resolves issues with that source on a clean run. Picking a different source means the issue persists across recoveries.
-` : "";
-  return `
-
-## Delivery instructions (cron context)
-
-This task runs as a one-shot \`claude -p\` invocation \u2014 there is no live Telegram session. Your stdout is discarded; the user will NOT see anything you print.
-
-To deliver your response to the user, you MUST call:
-
-\`\`\`
-mcp__switchroom-telegram__reply(chat_id="${args.chatId}", text="<your message>")
-\`\`\`
-
-The \`reply\` tool handles markdown\u2192HTML conversion, chunking, and all formatting automatically \u2014 write normal markdown and it will render correctly on the user's phone.
-
-After calling \`reply\`, print \`HEARTBEAT_OK\` as your final stdout line and nothing else. This confirms successful execution to the cron watchdog.
-
-If you have nothing useful to say (data is dull, all signals are nominal), print \`HEARTBEAT_OK\` without calling \`reply\` \u2014 a silent heartbeat is correct behaviour, not an error.
-${issuesBlock}`;
-}
-function applyCronTelegramGuidance(body, args) {
-  if (!args.chatId)
-    return body;
-  const trimmed = body.replace(/\s+$/, "");
-  return trimmed + buildCronTelegramGuidance({ chatId: args.chatId, jobSlug: args.jobSlug });
-}
 
 // src/agents/scaffold.ts
 init_hindsight();
@@ -48584,70 +48537,6 @@ function parseDurationToSeconds(d) {
       return;
   }
 }
-function buildCronScript(agentDir, prompt, model, chatId, userId, secrets = [], brokerSocket, jobSlug) {
-  const slug = jobSlug ?? "unknown";
-  const wrappedPrompt = applyCronTelegramGuidance(prompt, { chatId, jobSlug: slug });
-  const secretsComment = secrets.length > 0 ? `# Allowed vault keys for this cron (broker ACL): ${secrets.join(", ")}
-` : "";
-  const brokerSocketExport = brokerSocket ? `export SWITCHROOM_VAULT_BROKER_SOCK=${shellSingleQuote(brokerSocket)}
-` : "";
-  return `#!/bin/bash
-# Auto-generated by switchroom scaffold/reconcile.
-# One-shot scheduled task \u2014 runs claude -p, delivers output via MCP reply tool.
-${secretsComment}${brokerSocketExport}
-export NVM_DIR="$HOME/.nvm"
-[ -s "$NVM_DIR/nvm.sh" ] && . "$NVM_DIR/nvm.sh"
-export PATH="$HOME/.bun/bin:$PATH"
-
-cd ${shellSingleQuote(agentDir)}
-
-# Auth: always OAuth, never API key.
-# Defensively unset ANTHROPIC_API_KEY so any ambient env or systemd
-# Environment= mapping cannot silently shift cron auth from OAuth
-# subscription quota to API billing.
-unset ANTHROPIC_API_KEY
-export CLAUDE_CONFIG_DIR=${shellSingleQuote(agentDir + "/.claude")}
-# SWITCHROOM_AGENT_NAME mirrors the gateway's container/unit environment.
-# Required so in-prompt \`switchroom issues
-# record\` calls without an explicit --agent flag attribute correctly,
-# and so the vault broker client can resolve a default agent.
-export SWITCHROOM_AGENT_NAME=${shellSingleQuote(basename3(agentDir))}
-
-# CLAUDE_CODE_OAUTH_TOKEN injection was removed with RFC H (auth-broker).
-# Claude reads .credentials.json directly; the auth-broker writes it
-# atomically and refreshes ahead of claude's own window.
-unset CLAUDE_CODE_OAUTH_TOKEN
-
-# MCP-only delivery path (issue #269, closes #251): the prompt instructs
-# the model to call mcp__switchroom-telegram__reply directly, then print
-# HEARTBEAT_OK as its sole stdout line. Stdout is discarded here so the
-# trailing model summary doesn't arrive as a second Telegram message.
-# Stderr remains open so systemd captures auth/network/bad-prompt errors
-# via journalctl \u2014 silently swallowing those would make a broken cron job
-# invisible to operators.
-#
-# We deliberately do NOT use \`exec\` here \u2014 the success-trailer below must
-# run after \`claude -p\` returns. Same reasoning as PR #565: when a cron
-# completes cleanly, any unresolved issues filed against this job's source
-# get auto-closed. Failure (non-zero exit) leaves issues open for the
-# Telegram surface to render, exactly as before.
-export TELEGRAM_STATE_DIR=${shellSingleQuote(join8(agentDir, "telegram"))}
-claude -p ${shellSingleQuote(wrappedPrompt)} \\
-  --model ${shellSingleQuote(model)} \\
-  --no-session-persistence \\
-  > /dev/null
-rc=$?
-if [ $rc -eq 0 ]; then
-  # Best-effort auto-resolve. Failure here (e.g. switchroom not on PATH in a
-  # weird environment) must NOT mask the cron's own success \u2014 hence the
-  # trailing \`|| true\`. PR #565 added bulk-close-by-source; we use the same
-  # source string the agent's own \`issues record\` calls should use.
-  switchroom issues resolve --source "cron:${slug}" --quiet \\
-    --state-dir "$TELEGRAM_STATE_DIR" >/dev/null 2>&1 || true
-fi
-exit $rc
-`;
-}
 function resolveSkillsPoolDir(override) {
   return resolveDualPath(override ?? "~/.switchroom/skills");
 }
@@ -49663,20 +49552,18 @@ ${body}
       writeFileSync5(mdPath, content, "utf-8");
     }
   }
-  if ((agentConfig.schedule?.length ?? 0) > 0) {
-    const cronChatId = userId ?? telegramConfig.forum_chat_id;
-    const brokerSocket = switchroomConfig?.vault?.broker?.socket ? resolveDualPath(switchroomConfig.vault.broker.socket) : resolveDualPath("~/.switchroom/vault-broker.sock");
-    for (let i = 0;i < agentConfig.schedule.length; i++) {
-      const entry = agentConfig.schedule[i];
-      const model = entry.model ?? "claude-sonnet-4-6";
-      const filename = cronScriptFilename(entry.cron, entry.prompt);
-      const stem = filename.replace(/\.sh$/, "");
-      const script = buildCronScript(agentDir, entry.prompt, model, cronChatId, userId, entry.secrets ?? [], brokerSocket, stem);
-      const scriptPath = join8(agentDir, "telegram", filename);
-      writeFileSync5(scriptPath, script, { encoding: "utf-8", mode: 448 });
-      const source = entry[OVERLAY_SOURCE] ? "overlay" : "main";
-      writeFileSync5(join8(agentDir, "telegram", `${stem}.source`), `${source}
-`, { encoding: "utf-8", mode: 384 });
+  {
+    const telegramDir = join8(agentDir, "telegram");
+    if (existsSync11(telegramDir)) {
+      for (const file of readdirSync5(telegramDir)) {
+        const isCronScript = CRON_SCRIPT_BASENAME_RE.test(file) || LEGACY_CRON_SCRIPT_BASENAME_RE.test(file);
+        if (isCronScript) {
+          unlinkSync4(join8(telegramDir, file));
+          const sidecar = join8(telegramDir, file.replace(/\.sh$/, ".source"));
+          if (existsSync11(sidecar))
+            unlinkSync4(sidecar);
+        }
+      }
     }
   }
   copyProfileSkills(profilePath, join8(agentDir, ".claude", "skills"));
@@ -50439,55 +50326,19 @@ ${body}
       changes.push(settingsPath);
     }
   }
-  if ((agentConfig.schedule?.length ?? 0) > 0) {
-    let cronUserId;
-    const cronAccessPath = join8(agentDir, "telegram", "access.json");
-    if (existsSync11(cronAccessPath)) {
-      try {
-        const cronAccess = JSON.parse(readFileSync11(cronAccessPath, "utf-8"));
-        cronUserId = cronAccess.allowFrom?.[0];
-      } catch {}
-    }
-    const reconBrokerSocket = switchroomConfig?.vault?.broker?.socket ? resolveDualPath(switchroomConfig.vault.broker.socket) : resolveDualPath("~/.switchroom/vault-broker.sock");
-    const reconCronChatId = cronUserId ?? telegramConfig.forum_chat_id;
-    const canonicalFilenames = new Set;
-    for (let i = 0;i < agentConfig.schedule.length; i++) {
-      const entry = agentConfig.schedule[i];
-      const model = entry.model ?? "claude-sonnet-4-6";
-      const filename = cronScriptFilename(entry.cron, entry.prompt);
-      canonicalFilenames.add(filename);
-      const script = buildCronScript(agentDir, entry.prompt, model, reconCronChatId, cronUserId, entry.secrets ?? [], reconBrokerSocket, filename.replace(/\.sh$/, ""));
-      const scriptPath = join8(agentDir, "telegram", filename);
-      const before = existsSync11(scriptPath) ? readFileSync11(scriptPath, "utf-8") : "";
-      if (script !== before) {
-        writeFileSync5(scriptPath, script, { encoding: "utf-8", mode: 448 });
-        changes.push(scriptPath);
-      }
-      const source = entry[OVERLAY_SOURCE] ? "overlay" : "main";
-      const stem = filename.replace(/\.sh$/, "");
-      const sidecarPath = join8(agentDir, "telegram", `${stem}.source`);
-      const sidecarBody = `${source}
-`;
-      const sidecarBefore = existsSync11(sidecarPath) ? readFileSync11(sidecarPath, "utf-8") : "";
-      if (sidecarBody !== sidecarBefore) {
-        writeFileSync5(sidecarPath, sidecarBody, { encoding: "utf-8", mode: 384 });
-        changes.push(sidecarPath);
-      }
-    }
-    const telegramDir = join8(agentDir, "telegram");
-    if (existsSync11(telegramDir)) {
-      const files = readdirSync5(telegramDir);
-      for (const file of files) {
-        const isCron = CRON_SCRIPT_BASENAME_RE.test(file) || LEGACY_CRON_SCRIPT_BASENAME_RE.test(file);
-        if (isCron && !canonicalFilenames.has(file)) {
-          const staleScript = join8(telegramDir, file);
-          unlinkSync4(staleScript);
-          changes.push(staleScript);
-          const sourceSidecar = staleScript.replace(/\.sh$/, ".source");
-          if (existsSync11(sourceSidecar)) {
-            unlinkSync4(sourceSidecar);
-            changes.push(sourceSidecar);
-          }
+  const telegramDir = join8(agentDir, "telegram");
+  if (existsSync11(telegramDir)) {
+    const files = readdirSync5(telegramDir);
+    for (const file of files) {
+      const isCronScript = CRON_SCRIPT_BASENAME_RE.test(file) || LEGACY_CRON_SCRIPT_BASENAME_RE.test(file);
+      if (isCronScript) {
+        const staleScript = join8(telegramDir, file);
+        unlinkSync4(staleScript);
+        changes.push(staleScript);
+        const sourceSidecar = staleScript.replace(/\.sh$/, ".source");
+        if (existsSync11(sourceSidecar)) {
+          unlinkSync4(sourceSidecar);
+          changes.push(sourceSidecar);
         }
       }
     }
@@ -56254,7 +56105,7 @@ init_compose();
 init_vault();
 import * as net3 from "node:net";
 import { mkdirSync as mkdirSync20, chmodSync as chmodSync7, chownSync as chownSync2, existsSync as existsSync33, readFileSync as readFileSync29, readdirSync as readdirSync15, statSync as statSync19, unlinkSync as unlinkSync8, writeFileSync as writeFileSync18, renameSync as renameSync9 } from "node:fs";
-import { dirname as dirname6, resolve as resolve25, basename as basename5 } from "node:path";
+import { dirname as dirname6, resolve as resolve25, basename as basename4 } from "node:path";
 import * as os4 from "node:os";
 import * as path3 from "node:path";
 
@@ -56276,7 +56127,7 @@ import {
   unlinkSync as unlinkSync7
 } from "node:fs";
 import { createHash as createHash4 } from "node:crypto";
-import { basename as basename4, dirname as dirname3, join as join24 } from "node:path";
+import { basename as basename3, dirname as dirname3, join as join24 } from "node:path";
 function vaultLayoutPaths(home2) {
   const switchroomRoot = join24(home2, ".switchroom");
   return {
@@ -56429,7 +56280,7 @@ function sha256File(path) {
   return createHash4("sha256").update(data).digest("hex");
 }
 function atomicReplaceWithSymlink(target, linkTarget) {
-  const tmp = join24(dirname3(target), `.${basename4(target)}.symlink-tmp`);
+  const tmp = join24(dirname3(target), `.${basename3(target)}.symlink-tmp`);
   if (existsSync31(tmp)) {
     try {
       unlinkSync7(tmp);
@@ -59992,6 +59843,13 @@ class VaultBroker {
         const tmpPath = `${tokenPath}.tmp.${process.pid}`;
         writeFileSync18(tmpPath, mintResult.token, { mode: 384 });
         renameSync9(tmpPath, tokenPath);
+        try {
+          const uid = allocateAgentUid(agent);
+          chownSync2(tokenPath, uid, uid);
+        } catch (chownErr) {
+          process.stderr.write(`[vault-broker] mint_grant: token written but chown failed for agent ${agent}: ${chownErr.message} (CAP_CHOWN missing?)
+`);
+        }
       } catch (err) {
         process.stderr.write(`[vault-broker] mint_grant: failed to write token file for agent ${agent}: ${err.message}
 `);
@@ -60364,12 +60222,12 @@ class VaultBroker {
 }
 function detectVaultLayoutDrift(vaultPath) {
   const dir = dirname6(vaultPath);
-  if (basename5(dir) !== "vault")
+  if (basename4(dir) !== "vault")
     return;
-  if (basename5(vaultPath) !== "vault.enc")
+  if (basename4(vaultPath) !== "vault.enc")
     return;
   const switchroomDir = dirname6(dir);
-  if (basename5(switchroomDir) !== ".switchroom")
+  if (basename4(switchroomDir) !== ".switchroom")
     return;
   const home2 = dirname6(switchroomDir);
   const result = inspectVaultLayout(home2);
@@ -62646,7 +62504,7 @@ async function getVaultPassphrase() {
 }
 function registerDispatchVerb(tg, _program) {
   const dispatch = tg.command("dispatch").description("Webhook dispatch utilities.");
-  dispatch.command("test").description("Dry-run dispatch rule matching against a captured payload file. " + "Prints which rules would match and the rendered prompt, without " + "spawning a claude -p process.").requiredOption("--agent <name>", "Agent name (must exist in switchroom.yaml)").requiredOption("--payload <file>", "Path to a JSON payload file").requiredOption("--event <type>", "GitHub event type (e.g. 'pull_request', 'push')").option("--source <name>", "Webhook source (default: github)", "github").action(withConfigError(async (opts) => {
+  dispatch.command("test").description("Dry-run dispatch rule matching against a captured payload file. " + "Prints which rules would match and the rendered prompt, without " + "actually injecting an inbound into the agent's live session.").requiredOption("--agent <name>", "Agent name (must exist in switchroom.yaml)").requiredOption("--payload <file>", "Path to a JSON payload file").requiredOption("--event <type>", "GitHub event type (e.g. 'pull_request', 'push')").option("--source <name>", "Webhook source (default: github)", "github").action(withConfigError(async (opts) => {
     const config = getConfig(_program);
     const agentRaw = config.agents[opts.agent];
     if (!agentRaw) {
@@ -73980,7 +73838,7 @@ function registerDriveMcpLauncherCommand(program3) {
 
 // src/cli/apply.ts
 init_source();
-import { accessSync as accessSync3, constants as fsConstants6, copyFileSync as copyFileSync11, existsSync as existsSync68, mkdirSync as mkdirSync36, readdirSync as readdirSync25, renameSync as renameSync13, writeFileSync as writeFileSync32 } from "node:fs";
+import { accessSync as accessSync3, chownSync as chownSync4, constants as fsConstants6, copyFileSync as copyFileSync11, existsSync as existsSync68, mkdirSync as mkdirSync36, readdirSync as readdirSync25, renameSync as renameSync13, writeFileSync as writeFileSync32 } from "node:fs";
 import { mkdir, writeFile } from "node:fs/promises";
 import { spawnSync as childSpawnSync } from "node:child_process";
 import readline from "node:readline";
@@ -74713,6 +74571,16 @@ async function ensureHostMountSources(config) {
   if (!existsSync68(hostdAuditLogPath)) {
     writeFileSync32(hostdAuditLogPath, "", { mode: 420 });
   }
+  for (const name of Object.keys(config.agents)) {
+    const tokenPath = join62(home2, ".switchroom", "agents", name, ".vault-token");
+    if (!existsSync68(tokenPath)) {
+      writeFileSync32(tokenPath, "", { mode: 384 });
+    }
+    try {
+      const uid = allocateAgentUid(name);
+      chownSync4(tokenPath, uid, uid);
+    } catch {}
+  }
 }
 function detectComposeV2() {
   try {
@@ -77016,189 +76884,12 @@ function registerHostdMcpCommand(program3) {
   });
 }
 
-// src/cli/migrate.ts
-init_source();
-init_helpers();
-init_loader();
-import {
-  existsSync as existsSync76,
-  readdirSync as readdirSync29,
-  readFileSync as readFileSync61,
-  renameSync as renameSync16,
-  statSync as statSync29,
-  unlinkSync as unlinkSync16
-} from "node:fs";
-import { createHash as createHash13 } from "node:crypto";
-import { join as join68 } from "node:path";
-function planCronUnitRenames(agentsDir, agents) {
-  const plans = [];
-  for (const [agentName, agentConfig] of Object.entries(agents)) {
-    const schedule = agentConfig.schedule ?? [];
-    if (schedule.length === 0)
-      continue;
-    const telegramDir = join68(agentsDir, agentName, "telegram");
-    if (!existsSync76(telegramDir))
-      continue;
-    let entries;
-    try {
-      entries = readdirSync29(telegramDir);
-    } catch {
-      continue;
-    }
-    for (const file of entries) {
-      const m = file.match(LEGACY_CRON_SCRIPT_BASENAME_RE);
-      if (!m)
-        continue;
-      const idx = Number.parseInt(m[1], 10);
-      const entry = schedule[idx];
-      if (!entry)
-        continue;
-      const canonical = cronScriptFilename(entry.cron, entry.prompt);
-      if (canonical === file)
-        continue;
-      plans.push({
-        agent: agentName,
-        from: join68(telegramDir, file),
-        to: join68(telegramDir, canonical),
-        scheduleIdx: idx,
-        entry
-      });
-    }
-  }
-  return plans;
-}
-function sha256File2(path8) {
-  return createHash13("sha256").update(readFileSync61(path8)).digest("hex");
-}
-function renamePair(from, to, opts = {}) {
-  if (existsSync76(to)) {
-    let identical = false;
-    try {
-      identical = sha256File2(from) === sha256File2(to);
-    } catch {
-      identical = false;
-    }
-    if (identical) {
-      if (!opts.dryRun) {
-        try {
-          unlinkSync16(from);
-        } catch {}
-      }
-      return { kind: "deduped", legacy: from };
-    }
-    return { kind: "skipped", reason: "target exists, legacy preserved", legacy: from };
-  }
-  if (!opts.dryRun)
-    renameSync16(from, to);
-  return { kind: "renamed" };
-}
-function extractPromptFromLegacyScript(path8) {
-  let body;
-  try {
-    body = readFileSync61(path8, "utf-8");
-  } catch {
-    return null;
-  }
-  const idx = body.indexOf(`
-claude -p '`);
-  if (idx < 0)
-    return null;
-  let i = idx + `
-claude -p '`.length;
-  let out = "";
-  while (i < body.length) {
-    const ch = body[i];
-    if (ch === "'") {
-      if (body.startsWith(`'"'"'`, i)) {
-        out += "'";
-        i += 5;
-        continue;
-      }
-      return out;
-    }
-    out += ch;
-    i++;
-  }
-  return null;
-}
-function detectPromptDrift(legacyPath, entry, ctx) {
-  const embedded = extractPromptFromLegacyScript(legacyPath);
-  const expected = applyCronTelegramGuidance(entry.prompt, ctx);
-  return {
-    drifted: embedded !== null && embedded !== expected,
-    embedded,
-    expected
-  };
-}
-function registerMigrateCommand(program3) {
-  const cmd = program3.command("migrate").description("One-shot config/state migrations.");
-  cmd.command("cron-unit-names").description("Rename legacy cron-<index>.sh scripts to the Phase D content-hash " + "form (cron-<sha12>.sh). Idempotent.").option("--dry-run", "Print the renames without performing them", false).option("--strict", "Treat drift (legacy script content disagrees with current schedule entry) as a hard error", false).action(withConfigError(async (opts) => {
-    const config2 = getConfig(program3);
-    const agentsDir = resolveAgentsDir(config2);
-    const plans = planCronUnitRenames(agentsDir, config2.agents);
-    if (plans.length === 0) {
-      console.log(source_default.green("Nothing to migrate \u2014 all cron scripts already use the content-hash scheme."));
-      return;
-    }
-    let driftErrors = 0;
-    for (const p of plans) {
-      const drift = detectPromptDrift(p.from, p.entry, {
-        chatId: "-",
-        jobSlug: p.to.split("/").pop().replace(/\.sh$/, "")
-      });
-      if (drift.drifted) {
-        const msg = `DRIFT: ${p.from} was scaffolded with a prompt that differs from the current schedule[${p.scheduleIdx}] entry (cron=${JSON.stringify(p.entry.cron)}); renaming to ${p.to} \u2014 verify intent`;
-        if (opts.strict) {
-          console.error(source_default.red(`error: ${msg}`));
-          driftErrors++;
-          continue;
-        }
-        console.error(source_default.yellow(msg));
-      }
-      if (opts.dryRun) {
-        console.log(source_default.cyan(`[dry-run] ${p.agent}: ${p.from} \u2192 ${p.to}`));
-        continue;
-      }
-      try {
-        const status = renamePair(p.from, p.to);
-        const fromSidecar = p.from.replace(/\.sh$/, ".source");
-        const toSidecar = p.to.replace(/\.sh$/, ".source");
-        let sidecarStatus = null;
-        if (existsSync76(fromSidecar) && statSync29(fromSidecar).isFile()) {
-          sidecarStatus = renamePair(fromSidecar, toSidecar);
-        }
-        switch (status.kind) {
-          case "renamed":
-            console.log(source_default.green(`renamed: ${p.agent}: ${p.from} \u2192 ${p.to}`));
-            break;
-          case "deduped":
-            console.log(source_default.green(`deduped: ${p.agent}: target already present with identical contents, legacy ${p.from} removed`));
-            break;
-          case "skipped":
-            console.log(source_default.yellow(`skipped: target exists, legacy preserved at ${p.from}`));
-            break;
-        }
-        if (sidecarStatus && sidecarStatus.kind === "skipped") {
-          console.log(source_default.yellow(`skipped: target exists, legacy preserved at ${fromSidecar}`));
-        } else if (sidecarStatus && sidecarStatus.kind === "deduped") {
-          console.log(source_default.green(`deduped: sidecar ${fromSidecar} removed (identical to target)`));
-        }
-      } catch (err2) {
-        console.error(source_default.red(`failed: ${p.agent}: ${p.from} \u2192 ${p.to}: ${err2.message}`));
-      }
-    }
-    if (opts.strict && driftErrors > 0) {
-      process.exitCode = 1;
-    }
-  }));
-}
-
 // src/cli/hostd.ts
 init_source();
 init_helpers();
-import { existsSync as existsSync77, mkdirSync as mkdirSync40, readdirSync as readdirSync30, readFileSync as readFileSync62, writeFileSync as writeFileSync34, statSync as statSync30, copyFileSync as copyFileSync12 } from "node:fs";
+import { existsSync as existsSync76, mkdirSync as mkdirSync40, readdirSync as readdirSync29, readFileSync as readFileSync61, writeFileSync as writeFileSync34, statSync as statSync29, copyFileSync as copyFileSync12 } from "node:fs";
 import { homedir as homedir38 } from "node:os";
-import { join as join69 } from "node:path";
+import { join as join68 } from "node:path";
 import { spawnSync as spawnSync11 } from "node:child_process";
 init_audit_reader();
 var DEFAULT_IMAGE_TAG = "latest";
@@ -77289,14 +76980,14 @@ networks:
 `;
 }
 function hostdDir() {
-  return join69(homedir38(), ".switchroom", "hostd");
+  return join68(homedir38(), ".switchroom", "hostd");
 }
 function hostdComposePath() {
-  return join69(hostdDir(), "docker-compose.yml");
+  return join68(hostdDir(), "docker-compose.yml");
 }
 function backupExistingCompose() {
   const p = hostdComposePath();
-  if (!existsSync77(p))
+  if (!existsSync76(p))
     return null;
   const ts = new Date().toISOString().replace(/[:.]/g, "-");
   const bak = `${p}.bak-${ts}`;
@@ -77373,7 +77064,7 @@ function doStatus() {
   const composeYml = hostdComposePath();
   console.log(source_default.bold("switchroom-hostd"));
   console.log("");
-  if (!existsSync77(composeYml)) {
+  if (!existsSync76(composeYml)) {
     console.log(source_default.yellow("  compose:    not installed"));
     console.log(source_default.dim("              run `switchroom hostd install` to set up."));
     return;
@@ -77394,15 +77085,15 @@ function doStatus() {
   } else {
     console.log(source_default.green(`  container:  ${ps.stdout.trim()}`));
   }
-  if (existsSync77(dir)) {
+  if (existsSync76(dir)) {
     const entries = [];
     try {
-      for (const name of readdirSync30(dir)) {
+      for (const name of readdirSync29(dir)) {
         if (name === "docker-compose.yml" || name.startsWith("docker-compose.yml."))
           continue;
-        const sockPath = join69(dir, name, "sock");
-        if (existsSync77(sockPath)) {
-          const st = statSync30(sockPath);
+        const sockPath = join68(dir, name, "sock");
+        if (existsSync76(sockPath)) {
+          const st = statSync29(sockPath);
           if ((st.mode & 61440) === 49152) {
             entries.push(`${name} \u2192 ${sockPath}`);
           }
@@ -77420,7 +77111,7 @@ function doStatus() {
 }
 function doUninstall() {
   const composeYml = hostdComposePath();
-  if (!existsSync77(composeYml)) {
+  if (!existsSync76(composeYml)) {
     console.log(source_default.yellow("  No hostd install detected (no compose file at this path)."));
     return;
   }
@@ -77444,12 +77135,12 @@ function registerHostdCommand(program3) {
   hostd.command("uninstall").description("Stop the hostd container. Leaves the compose file in place for re-install.").action(() => doUninstall());
   hostd.command("audit").description("Tail and filter the hostd audit log (privileged-verb call history)").option("--tail <n>", "Number of matching entries to show (default: 50)", "50").option("--agent <name>", "Filter to a specific caller agent").option("--op <verb>", "Filter to a specific hostd verb (e.g. update_apply, agent_restart)").option("--error", "Show only failed (error/denied) entries").option("--verbose", "Show the captured stderr / error tail under each failed row").option("--path <file>", "Override audit log path (for debugging)").action((opts) => {
     const logPath = opts.path ?? defaultAuditLogPath2();
-    if (!existsSync77(logPath)) {
+    if (!existsSync76(logPath)) {
       console.error(source_default.yellow(`Audit log not found at ${logPath}.`) + source_default.gray(`
 The log is created when hostd handles its first privileged-verb request.`));
       return;
     }
-    const raw = readFileSync62(logPath, "utf-8");
+    const raw = readFileSync61(logPath, "utf-8");
     const limit = Math.max(1, parseInt(opts.tail ?? "50", 10) || 50);
     const filters = {
       agent: opts.agent,
@@ -77528,7 +77219,6 @@ registerAgentConfigWriteCommands(program3);
 registerAgentConfigSkillWriteCommands(program3);
 registerAgentConfigMcpCommand(program3);
 registerHostdMcpCommand(program3);
-registerMigrateCommand(program3);
 registerHostdCommand(program3);
 
 // bin/switchroom.ts

package/dist/cli/ui/index.html

@@ -774,16 +774,24 @@
       // usage % cell: live 5h/7d utilization from the last cached
       // probe (cost-gated — see refreshQuota). null → "—" + a per-
       // account ↻ that force-probes. quotaStale → value shown muted
-      // with ↻ to refresh.
-      const pctCell = (pct, label, stale) => {
+      // with ↻ to refresh. When `resetAt` is provided we append a
+      // muted "resets in Xh" line so the operator can see WHEN the
+      // window rolls over without hovering for a tooltip — matches
+      // anthropic-ratelimit-unified-{5h,7d}-reset headers exposed by
+      // the broker probe (src/auth/quota.ts:97-98).
+      const pctCell = (pct, label, stale, resetAt) => {
         if (pct == null) return '<span style="color:var(--text-dim)">—</span>';
         let cls = 'quota-pct';
         if (pct >= 90) cls += ' high';
         else if (pct >= 70) cls += ' mid';
         const v = `${Math.round(pct)}%`;
-        return stale
+        const reset = resetAt
+          ? `<div style="font-size:.72rem;color:var(--text-dim);font-weight:normal;margin-top:.1rem">resets ${formatTimestamp(resetAt)}</div>`
+          : '';
+        const pctSpan = stale
           ? `<span class="${cls}" title="stale — click ↻" style="opacity:.55">${v}</span>`
           : `<span class="${cls}">${v}</span>`;
+        return reset ? `<div>${pctSpan}${reset}</div>` : pctSpan;
       };
       const enriched = accounts.map(a => {
         const q = a.quota || null;
@@ -792,9 +800,8 @@
         return {
           a,
           usedBy: a.usedBy || [],
-          fiveH: pctCell(u ? u.fiveHourPct : null, '5h', a.quotaStale),
-          sevenD: pctCell(u ? u.sevenDayPct : null, '7d', a.quotaStale),
-          fiveReset: u && u.fiveHourResetAt ? formatTimestamp(u.fiveHourResetAt) : '<span style="color:var(--text-dim)">—</span>',
+          fiveH: pctCell(u ? u.fiveHourPct : null, '5h', a.quotaStale, u ? u.fiveHourResetAt : null),
+          sevenD: pctCell(u ? u.sevenDayPct : null, '7d', a.quotaStale, u ? u.sevenDayResetAt : null),
           captured: u && u.capturedAt
             ? formatTimestamp(u.capturedAt)
             : '<span style="color:var(--text-dim)">never</span>',

package/dist/host-control/main.js

@@ -13707,7 +13707,7 @@ var AgentBindMountSchema = exports_external.object({
 var ScheduleEntrySchema = exports_external.object({
   cron: exports_external.string().describe("Cron expression (e.g., '0 8 * * *')"),
   prompt: exports_external.string().describe("Prompt to send at the scheduled time"),
-  model: exports_external.string().optional().describe("DEPRECATED / IGNORED. Pre-v0.8 the singleton scheduler ran each " + "task as an isolated `claude -p` and could set --model per task. " + "Post cron-fold-in (v0.8) the fire is injected into the agent's " + "running session, so it always uses the agent's configured model " + "— this field has no effect. Accepted (optional) only so existing " + "configs keep validating; set the model at the agent level instead. " + "See docs/scheduling.md."),
+  model: exports_external.string().optional().describe("DEPRECATED / IGNORED. Pre-v0.8 the singleton scheduler ran each " + "task as an isolated headless invocation and could set --model per " + "task. Post cron-fold-in (v0.8) the fire is injected into the agent's " + "running session, so it always uses the agent's configured model " + "— this field has no effect. Accepted (optional) only so existing " + "configs keep validating; set the model at the agent level instead. " + "See docs/scheduling.md."),
   secrets: exports_external.array(exports_external.string().regex(/^[a-zA-Z0-9_\-/]+$/, "Secret key names must contain only alphanumeric characters, underscores, hyphens, and forward slashes")).default([]).describe("Vault key names this cron task may read via the vault-broker daemon. " + "Empty by default — broker requests for unlisted keys are denied. " + "Note: this is misconfiguration protection (a typo in cron-A doesn't " + "accidentally read cron-B's keys) rather than a security boundary — " + "anyone who can edit cron scripts can also edit switchroom.yaml, and " + "anyone with the vault passphrase can read the vault file directly. " + "See docs/configuration.md for the full framing.")
 });
 var AgentSoulSchema = exports_external.object({

package/dist/vault/approvals/kernel-server.js

@@ -10964,7 +10964,7 @@ var init_schema = __esm(() => {
   ScheduleEntrySchema = exports_external.object({
     cron: exports_external.string().describe("Cron expression (e.g., '0 8 * * *')"),
     prompt: exports_external.string().describe("Prompt to send at the scheduled time"),
-    model: exports_external.string().optional().describe("DEPRECATED / IGNORED. Pre-v0.8 the singleton scheduler ran each " + "task as an isolated `claude -p` and could set --model per task. " + "Post cron-fold-in (v0.8) the fire is injected into the agent's " + "running session, so it always uses the agent's configured model " + "— this field has no effect. Accepted (optional) only so existing " + "configs keep validating; set the model at the agent level instead. " + "See docs/scheduling.md."),
+    model: exports_external.string().optional().describe("DEPRECATED / IGNORED. Pre-v0.8 the singleton scheduler ran each " + "task as an isolated headless invocation and could set --model per " + "task. Post cron-fold-in (v0.8) the fire is injected into the agent's " + "running session, so it always uses the agent's configured model " + "— this field has no effect. Accepted (optional) only so existing " + "configs keep validating; set the model at the agent level instead. " + "See docs/scheduling.md."),
     secrets: exports_external.array(exports_external.string().regex(/^[a-zA-Z0-9_\-/]+$/, "Secret key names must contain only alphanumeric characters, underscores, hyphens, and forward slashes")).default([]).describe("Vault key names this cron task may read via the vault-broker daemon. " + "Empty by default — broker requests for unlisted keys are denied. " + "Note: this is misconfiguration protection (a typo in cron-A doesn't " + "accidentally read cron-B's keys) rather than a security boundary — " + "anyone who can edit cron scripts can also edit switchroom.yaml, and " + "anyone with the vault passphrase can read the vault file directly. " + "See docs/configuration.md for the full framing.")
   });
   AgentSoulSchema = exports_external.object({

package/dist/vault/broker/server.js

@@ -10964,7 +10964,7 @@ var init_schema = __esm(() => {
   ScheduleEntrySchema = exports_external.object({
     cron: exports_external.string().describe("Cron expression (e.g., '0 8 * * *')"),
     prompt: exports_external.string().describe("Prompt to send at the scheduled time"),
-    model: exports_external.string().optional().describe("DEPRECATED / IGNORED. Pre-v0.8 the singleton scheduler ran each " + "task as an isolated `claude -p` and could set --model per task. " + "Post cron-fold-in (v0.8) the fire is injected into the agent's " + "running session, so it always uses the agent's configured model " + "— this field has no effect. Accepted (optional) only so existing " + "configs keep validating; set the model at the agent level instead. " + "See docs/scheduling.md."),
+    model: exports_external.string().optional().describe("DEPRECATED / IGNORED. Pre-v0.8 the singleton scheduler ran each " + "task as an isolated headless invocation and could set --model per " + "task. Post cron-fold-in (v0.8) the fire is injected into the agent's " + "running session, so it always uses the agent's configured model " + "— this field has no effect. Accepted (optional) only so existing " + "configs keep validating; set the model at the agent level instead. " + "See docs/scheduling.md."),
     secrets: exports_external.array(exports_external.string().regex(/^[a-zA-Z0-9_\-/]+$/, "Secret key names must contain only alphanumeric characters, underscores, hyphens, and forward slashes")).default([]).describe("Vault key names this cron task may read via the vault-broker daemon. " + "Empty by default — broker requests for unlisted keys are denied. " + "Note: this is misconfiguration protection (a typo in cron-A doesn't " + "accidentally read cron-B's keys) rather than a security boundary — " + "anyone who can edit cron scripts can also edit switchroom.yaml, and " + "anyone with the vault passphrase can read the vault file directly. " + "See docs/configuration.md for the full framing.")
   });
   AgentSoulSchema = exports_external.object({
@@ -16934,6 +16934,13 @@ class VaultBroker {
         const tmpPath = `${tokenPath}.tmp.${process.pid}`;
         writeFileSync3(tmpPath, mintResult.token, { mode: 384 });
         renameSync3(tmpPath, tokenPath);
+        try {
+          const uid = allocateAgentUid(agent);
+          chownSync(tokenPath, uid, uid);
+        } catch (chownErr) {
+          process.stderr.write(`[vault-broker] mint_grant: token written but chown failed for agent ${agent}: ${chownErr.message} (CAP_CHOWN missing?)
+`);
+        }
       } catch (err) {
         process.stderr.write(`[vault-broker] mint_grant: failed to write token file for agent ${agent}: ${err.message}
 `);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "switchroom",
-  "version": "0.13.39",
+  "version": "0.13.41",
   "description": "Run Claude Code 24/7 on your Claude Pro/Max subscription over Telegram. Open-source alternative to OpenClaw and NanoClaw — no API keys.",
   "type": "module",
   "bin": {

package/telegram-plugin/dist/gateway/gateway.js

@@ -23608,7 +23608,7 @@ var init_schema = __esm(() => {
   ScheduleEntrySchema = exports_external.object({
     cron: exports_external.string().describe("Cron expression (e.g., '0 8 * * *')"),
     prompt: exports_external.string().describe("Prompt to send at the scheduled time"),
-    model: exports_external.string().optional().describe("DEPRECATED / IGNORED. Pre-v0.8 the singleton scheduler ran each " + "task as an isolated `claude -p` and could set --model per task. " + "Post cron-fold-in (v0.8) the fire is injected into the agent's " + "running session, so it always uses the agent's configured model " + "\u2014 this field has no effect. Accepted (optional) only so existing " + "configs keep validating; set the model at the agent level instead. " + "See docs/scheduling.md."),
+    model: exports_external.string().optional().describe("DEPRECATED / IGNORED. Pre-v0.8 the singleton scheduler ran each " + "task as an isolated headless invocation and could set --model per " + "task. Post cron-fold-in (v0.8) the fire is injected into the agent's " + "running session, so it always uses the agent's configured model " + "\u2014 this field has no effect. Accepted (optional) only so existing " + "configs keep validating; set the model at the agent level instead. " + "See docs/scheduling.md."),
     secrets: exports_external.array(exports_external.string().regex(/^[a-zA-Z0-9_\-/]+$/, "Secret key names must contain only alphanumeric characters, underscores, hyphens, and forward slashes")).default([]).describe("Vault key names this cron task may read via the vault-broker daemon. " + "Empty by default \u2014 broker requests for unlisted keys are denied. " + "Note: this is misconfiguration protection (a typo in cron-A doesn't " + "accidentally read cron-B's keys) rather than a security boundary \u2014 " + "anyone who can edit cron scripts can also edit switchroom.yaml, and " + "anyone with the vault passphrase can read the vault file directly. " + "See docs/configuration.md for the full framing.")
   });
   AgentSoulSchema = exports_external.object({
@@ -48730,10 +48730,10 @@ function sweepStaleTurnActiveMarker(stateDir, opts) {
 }
 
 // ../src/build-info.ts
-var VERSION = "0.13.39";
-var COMMIT_SHA = "8681f423";
-var COMMIT_DATE = "2026-05-25T07:06:31Z";
-var LATEST_PR = 1797;
+var VERSION = "0.13.41";
+var COMMIT_SHA = "c5897e47";
+var COMMIT_DATE = "2026-05-25T07:56:53Z";
+var LATEST_PR = 1803;
 var COMMITS_AHEAD_OF_TAG = 0;
 
 // gateway/boot-version.ts