switchroom 0.13.53 → 0.13.55

package/telegram-plugin/dist/gateway/gateway.js

@@ -23607,7 +23607,7 @@ var init_dist = __esm(() => {
 });
 
 // ../src/config/schema.ts
-var CodeRepoEntrySchema, AgentBindMountSchema, ScheduleEntrySchema, AgentSoulSchema, AgentToolsSchema, AgentMemorySchema, HookEntrySchema, AgentHooksSchema, SubagentSchema, SessionSchema, SessionContinuitySchema, TelegramChannelSchema, ChannelsSchema, TIMEZONE_REGEX, ApproverIdSchema, GoogleWorkspaceTierSchema, GoogleWorkspaceConfigSchema, MicrosoftWorkspaceConfigSchema, AgentGoogleWorkspaceConfigSchema, AgentMicrosoftWorkspaceConfigSchema, ReactionsSchema, ReleaseBlock, NetworkIsolationSchema, profileFields, ProfileSchema, _omitExtends, defaultsFields, AgentDefaultsSchema, AgentSchema, TelegramConfigSchema, MemoryBackendConfigSchema, VaultConfigSchema, QuotaConfigSchema, AutoReleaseCheckSchema, HostControlConfigSchema, HostdConfigSchema, SwitchroomConfigSchema;
+var CodeRepoEntrySchema, AgentBindMountSchema, ScheduleEntrySchema, AgentSoulSchema, AgentToolsSchema, AgentMemorySchema, HookEntrySchema, AgentHooksSchema, SubagentSchema, SessionSchema, SessionContinuitySchema, TelegramChannelSchema, ChannelsSchema, TIMEZONE_REGEX, ApproverIdSchema, GoogleWorkspaceTierSchema, GoogleWorkspaceConfigSchema, MicrosoftWorkspaceConfigSchema, NotionWorkspaceConfigSchema, AgentGoogleWorkspaceConfigSchema, AgentMicrosoftWorkspaceConfigSchema, AgentNotionWorkspaceConfigSchema, ReactionsSchema, ReleaseBlock, NetworkIsolationSchema, profileFields, ProfileSchema, _omitExtends, defaultsFields, AgentDefaultsSchema, AgentSchema, TelegramConfigSchema, MemoryBackendConfigSchema, VaultConfigSchema, QuotaConfigSchema, AutoReleaseCheckSchema, HostControlConfigSchema, HostdConfigSchema, SwitchroomConfigSchema;
 var init_schema = __esm(() => {
   init_zod();
   CodeRepoEntrySchema = exports_external.object({
@@ -23648,7 +23648,8 @@ var init_schema = __esm(() => {
     recall: exports_external.object({
       max_memories: exports_external.number().int().min(0).optional().describe("Cap on the number of memories injected into the prompt by " + "auto-recall, regardless of token budget. Plugin default is 12. " + "0 disables the cap (all memories Hindsight returns are injected)."),
       cache_ttl_secs: exports_external.number().int().min(0).optional().describe("Per-session recall cache TTL in seconds. When > 0, identical " + "(prompt, bank) within the same session reuse the cached recall " + "result instead of round-tripping to Hindsight. 0 disables. " + "Default is 600 (10 min) for switchroom-managed agents."),
-      min_overlap: exports_external.number().min(0).max(1).optional().describe("Minimum Jaccard token overlap [0.0\u20131.0] between the user " + "prompt and a memory's text for the memory to be injected. " + "Drops low-relevance matches before the count cap so weak hits " + "don't fill the slot on real queries. 0.0 disables (default \u2014 " + "current behaviour). Try 0.10\u20130.20 to start; observe the " + "`overlap_dropped` field via `switchroom memory recall-log`.")
+      min_overlap: exports_external.number().min(0).max(1).optional().describe("Minimum Jaccard token overlap [0.0\u20131.0] between the user " + "prompt and a memory's text for the memory to be injected. " + "Drops low-relevance matches before the count cap so weak hits " + "don't fill the slot on real queries. 0.0 disables (default \u2014 " + "current behaviour). Try 0.10\u20130.20 to start; observe the " + "`overlap_dropped` field via `switchroom memory recall-log`."),
+      topic_filter_mode: exports_external.enum(["soft-preamble", "hard-filter"]).optional().describe("Supergroup-mode cross-topic memory behaviour. Default " + "(unset) \u2192 soft-preamble: recall returns memories from all " + "topics, and a 'Current topic: \u2026' preamble tells the model " + "to self-scope. hard-filter: drop any recalled memory whose " + "metadata.thread_id differs from the active inbound's topic. " + "Flip to hard-filter when the recall_log shows binding " + "failures (model surfacing the right memory but applying " + "it to the wrong topic).")
     }).optional().describe("Auto-recall tuning knobs")
   }).optional();
   HookEntrySchema = exports_external.object({
@@ -23791,6 +23792,16 @@ var init_schema = __esm(() => {
     authority: exports_external.string().url().optional().describe("Microsoft authority endpoint. Defaults to " + "'https://login.microsoftonline.com/common' which accepts both " + "personal MSA and work/school tenants. Override only for " + "single-tenant deployments."),
     org_mode: exports_external.boolean().optional().describe("Opt-in to Teams + SharePoint surfaces (RFC \u00a76.4). When true, " + "the v1 scope set adds Sites.ReadWrite.All AND the launcher " + "spawns softeria with --org-mode. Defaults to false \u2014 personal " + "MSA + standard work surfaces only. Flipping for an existing " + "consented account requires re-running 'auth microsoft account " + "add --replace' to consent the additional scope.")
   }).optional();
+  NotionWorkspaceConfigSchema = exports_external.object({
+    vault_key: exports_external.string().min(1).default("notion/integration-token").describe("Vault key holding the Notion internal-integration token. Default " + "`notion/integration-token`. Override only for non-standard vault " + "layouts. The broker's --allow ACL on this key is the authoritative " + "list of which agents may receive the token."),
+    databases: exports_external.record(exports_external.string().regex(/^[a-z0-9][a-z0-9_-]{0,62}$/, {
+      message: "notion_workspace.databases friendly names must match " + "/^[a-z0-9][a-z0-9_-]{0,62}$/ \u2014 lowercase letters, digits, " + "hyphens, underscores. Got: '%s'."
+    }), exports_external.string().regex(/^[0-9a-fA-F]{8}-?[0-9a-fA-F]{4}-?[0-9a-fA-F]{4}-?[0-9a-fA-F]{4}-?[0-9a-fA-F]{12}$/, {
+      message: "notion_workspace.databases values must be Notion database " + "UUIDs (32 hex characters, optional dashes)."
+    })).default({}).describe("Friendly-name \u2192 Notion database UUID map. Operator-managed; agents " + "reference databases by friendly name only \u2014 they never see or type " + "UUIDs. Populate via `switchroom notion list-dbs` (PR 4) after " + "vault-putting the integration token and sharing DBs with the " + "integration in Notion's UI."),
+    mcp_version: exports_external.string().min(1).optional().describe("Optional pin for the upstream `@notionhq/notion-mcp-server` npm " + "package version. Default is the build-time `NOTION_MCP_PINNED_VERSION` " + "constant. Override only when reproducing operator-specific bugs."),
+    rate_limit_rps: exports_external.number().int().positive().max(10).optional().describe("Optional global rate-limit budget in requests per second across all " + "switchroom agents sharing this integration token. Defaults to 3 " + "(Notion's documented public-API limit). Lower it if you also use " + "the integration token from outside switchroom and need to share " + "budget. Higher than 10 is rejected \u2014 if you think you need it, " + "your usage probably needs a workspace-tier upgrade with Notion.")
+  }).optional();
   AgentGoogleWorkspaceConfigSchema = exports_external.object({
     account: exports_external.string().regex(/^[^@\s:]+@[^@\s:]+\.[^@\s:]+$/, {
       message: "google_workspace.account must be a Google account email like " + "'alice@example.com' (colons not allowed)"
@@ -23804,6 +23815,13 @@ var init_schema = __esm(() => {
     }).transform((v) => v.trim().toLowerCase()).optional().describe("RFC #1873: the Microsoft account this agent uses for the M365 MCP. " + "Must be a key in top-level `microsoft_accounts:` with this agent " + "listed in its `enabled_for[]`. Read by the auth-broker " + "(get-credentials, provider=microsoft) and by the scaffold to " + "decide whether to emit the `ms-365` MCP entry. Normalized to " + "lowercase so it matches the microsoft_accounts key (which is " + "also normalized)."),
     org_mode: exports_external.boolean().optional().describe("Per-agent org_mode override (RFC #1873 \u00a76.4). When set, replaces " + "the top-level microsoft_workspace.org_mode for this agent. " + "Defaults to top-level value (which defaults to false).")
   }).optional();
+  AgentNotionWorkspaceConfigSchema = exports_external.object({
+    databases: exports_external.array(exports_external.string().regex(/^[a-z0-9][a-z0-9_-]{0,62}$/, {
+      message: "notion_workspace.databases entries must be friendly names " + "matching /^[a-z0-9][a-z0-9_-]{0,62}$/ \u2014 these must appear as " + "keys in top-level notion_workspace.databases."
+    })).min(1, {
+      message: "notion_workspace.databases must list at least one friendly " + "name. An empty list rejects every Notion tool call \u2014 if you " + "want to remove this agent's Notion access, delete the entire " + "notion_workspace block instead."
+    }).optional().describe("Optional per-agent allowlist of database friendly names this " + "agent may read/write. Each name must exist as a key in top-level " + "notion_workspace.databases. Omit the field (or leave it undefined) " + "to grant access to every DB the upstream integration can see \u2014 " + "appropriate for an admin/orchestrator agent. Set the list to " + "narrow access for specialist agents.")
+  }).optional();
   ReactionsSchema = exports_external.object({
     enabled: exports_external.boolean().optional().describe("Master switch for the reaction-trigger path. When false, " + "reactions are still persisted via recordReaction but never " + "dispatched to the agent as synthetic inbound turns. Default true."),
     trigger_emojis: exports_external.array(exports_external.string()).optional().describe("Emoji allowlist that triggers a synthetic inbound when reacted " + "to a bot message. Default ['\uD83D\uDC4E', '\u274c', '\uD83D\uDC4D', '\u2705']. Cascade " + "mode: REPLACE (not union) \u2014 setting this at a layer replaces " + "lower layers entirely, so an operator can narrow to [] to " + "disable triggering without flipping `enabled`."),
@@ -23940,6 +23958,7 @@ var init_schema = __esm(() => {
     drive: AgentGoogleWorkspaceConfigSchema.describe("RFC D legacy key \u2014 use `google_workspace:` instead. Per-agent " + "google_workspace overrides (currently approvers + tier). When set, " + "replaces the top-level approvers list for this agent. " + "google_client_id/secret are not per-agent \u2014 they live at the top level."),
     google_workspace: AgentGoogleWorkspaceConfigSchema.describe("RFC G canonical key. Per-agent Google Workspace overrides \u2014 currently " + "approvers (replaces, does not extend the top-level list) and tier " + "(`core` | `extended` | `complete`, replaces top-level default). " + "google_client_id/secret are not per-agent \u2014 they live at the top level. " + "Mutually exclusive with `drive:` on the same agent (loader fails fast " + "if both are set)."),
     microsoft_workspace: AgentMicrosoftWorkspaceConfigSchema.describe("RFC #1873 (Microsoft 365 integration). Per-agent Microsoft Workspace " + "override \u2014 pins the Microsoft account this agent reads via the " + "auth-broker (must be a key in top-level `microsoft_accounts:` with " + "this agent in its `enabled_for[]`) and optionally overrides org_mode. " + "microsoft_client_id/secret are not per-agent."),
+    notion_workspace: AgentNotionWorkspaceConfigSchema.describe("RFC docs/rfcs/notion-integration.md. Per-agent Notion access. " + "Presence opts the agent IN (launcher scaffolded, MCP entry emitted, " + "broker grants the integration token). Optional `databases:` filter " + "narrows which DBs this agent may read/write \u2014 names must resolve in " + "top-level notion_workspace.databases. Absence opts the agent OUT."),
     repos: exports_external.record(exports_external.string().regex(/^[a-z0-9][a-z0-9-]*$/, "Repo slug must be kebab-case ASCII: start with a lowercase letter or digit, contain only lowercase letters, digits, and hyphens"), exports_external.object({
       url: exports_external.string().min(1).describe("Git remote URL for the repo (e.g. 'git@github.com:org/repo.git' or " + "'https://github.com/org/repo.git'). Used verbatim for git clone."),
       branch_default: exports_external.string().optional().describe("Default branch to track (defaults to the remote's HEAD, typically 'main'). " + "The per-agent branch 'agent/<agentName>/main' fast-forwards to this branch " + "when the worktree is clean on session start.")
@@ -24063,6 +24082,7 @@ var init_schema = __esm(() => {
     drive: GoogleWorkspaceConfigSchema.describe("RFC D legacy key \u2014 use `google_workspace:` instead. Optional Google " + "Workspace onboarding configuration. When set, supplies Google OAuth " + "client credentials, the approver allowlist for `switchroom drive " + "connect`, and the optional tier knob. Env vars " + "(SWITCHROOM_GOOGLE_CLIENT_ID, SWITCHROOM_GOOGLE_CLIENT_SECRET, " + "SWITCHROOM_APPROVER_USER_ID) take precedence over this block when " + "set, preserving back-compat with the env-only flow shipped in #766."),
     google_workspace: GoogleWorkspaceConfigSchema.describe("RFC G canonical key. Top-level Google Workspace configuration \u2014 " + "OAuth client credentials, approver allowlist, and tier knob (`core` " + "| `extended` | `complete`, default `core`). Mutually exclusive with " + "`drive:` at the top level (loader fails fast if both are set)."),
     microsoft_workspace: MicrosoftWorkspaceConfigSchema.describe("RFC #1873 (Microsoft 365 integration). Top-level Microsoft Workspace " + "configuration \u2014 OAuth client credentials (Entra app), authority " + "endpoint (defaults to /common for personal MSA + work), and the " + "org_mode opt-in for Teams/SharePoint surfaces. Block is optional; " + "when omitted the broker does not register the Microsoft provider."),
+    notion_workspace: NotionWorkspaceConfigSchema.describe("RFC docs/rfcs/notion-integration.md. Top-level Notion integration " + "config \u2014 vault key for the integration token, friendly-name \u2192 " + "database UUID map, optional MCP-package version pin, and optional " + "global rate-limit override (default 3 rps, Notion's documented " + "public-API limit). Block is optional; when omitted no agent gets a " + "Notion MCP entry regardless of per-agent config."),
     quota: QuotaConfigSchema.optional().describe("Optional weekly/monthly USD spend budgets rendered in the session " + "greeting. Usage is read from ccusage at runtime; no network calls."),
     host_control: HostControlConfigSchema.default({}).describe("Host-control daemon configuration. Defaults to enabled=true since " + "RFC C Phase 2 (docs/rfcs/host-control-daemon.md). Omit the block " + "to accept defaults; set `enabled: false` only on legacy systemd-" + "mode installs (removal tracked as RFC C Phase 3)."),
     hostd: HostdConfigSchema.default({}).describe("hostd verb-level knobs (RFC admin-agent-config-edit). Distinct " + "from `host_control:` which governs whether the daemon runs at " + "all. Currently scopes the opt-in flag and rate cap for the new " + "`config_propose_edit` verb (PR 1a \u2014 disabled by default)."),
@@ -24570,6 +24590,34 @@ var init_merge = __esm(() => {
   })(mergeAgentConfig ||= {});
 });
 
+// ../src/config/notion-workspace-acl.ts
+function validateNotionWorkspaceConfig(config) {
+  const issues = [];
+  const dbMap = config.notion_workspace?.databases ?? {};
+  const known = new Set(Object.keys(dbMap));
+  for (const [agentName3, agentRaw] of Object.entries(config.agents ?? {})) {
+    if (!agentRaw)
+      continue;
+    const dbFilter = agentRaw.notion_workspace?.databases;
+    if (dbFilter === undefined)
+      continue;
+    if (dbFilter.length === 0) {
+      issues.push(`  agents.${agentName3}.notion_workspace.databases is an empty ` + `list. Delete the entire notion_workspace block to remove Notion ` + `access, or list at least one database friendly name.`);
+      continue;
+    }
+    if (config.notion_workspace === undefined) {
+      issues.push(`  agents.${agentName3}.notion_workspace is set but the top-level ` + `notion_workspace block is missing. Configure the integration ` + `globally first (vault_key + databases map), then grant per-agent ` + `access.`);
+      continue;
+    }
+    for (const name of dbFilter) {
+      if (!known.has(name)) {
+        issues.push(`  agents.${agentName3}.notion_workspace.databases references ` + `unknown database "${name}". Add it to top-level ` + `notion_workspace.databases (run \`switchroom notion list-dbs\` ` + `to see the UUIDs the integration can read), or remove the ` + `reference.`);
+      }
+    }
+  }
+  return issues;
+}
+
 // ../src/config/loader.ts
 import { readFileSync as readFileSync5, existsSync as existsSync9 } from "node:fs";
 import { homedir as homedir5 } from "node:os";
@@ -24684,6 +24732,10 @@ function loadConfig(configPath) {
   }
   applyAgentOverlays(config);
   validateAllCronTopicAliases(config, filePath);
+  const notionIssues = validateNotionWorkspaceConfig(config);
+  if (notionIssues.length > 0) {
+    throw new ConfigError(`Invalid notion_workspace configuration in ${filePath}`, notionIssues);
+  }
   return config;
 }
 function validateAllCronTopicAliases(config, filePath) {
@@ -27730,7 +27782,7 @@ var init_secretlint_source = __esm(() => {
 function escapeHtml8(s) {
   return s.replace(/[&<>]/g, (c) => ({ "&": "&amp;", "<": "&lt;", ">": "&gt;" })[c]);
 }
-function truncate4(s, n) {
+function truncate5(s, n) {
   return s.length > n ? s.slice(0, n - 1) + "\u2026" : s;
 }
 
@@ -27833,7 +27885,7 @@ function writeQuotaCache(result, opts = {}) {
   if (result.status === "fail")
     return;
   const path = opts.path ?? defaultCachePath();
-  const ttlMs = opts.ttlMs ?? (result.rateLimited ? RATE_LIMIT_TTL_MS : DEFAULT_TTL_MS3);
+  const ttlMs = opts.ttlMs ?? (result.rateLimited ? RATE_LIMIT_TTL_MS : DEFAULT_TTL_MS4);
   const now = opts.now ?? Date.now();
   const entry = {
     capturedAt: new Date(now).toISOString(),
@@ -27845,9 +27897,9 @@ function writeQuotaCache(result, opts = {}) {
     writeFileSync13(path, JSON.stringify(entry, null, 2), { mode: 384 });
   } catch {}
 }
-var DEFAULT_TTL_MS3, RATE_LIMIT_TTL_MS;
+var DEFAULT_TTL_MS4, RATE_LIMIT_TTL_MS;
 var init_quota_cache = __esm(() => {
-  DEFAULT_TTL_MS3 = 5 * 60 * 1000;
+  DEFAULT_TTL_MS4 = 5 * 60 * 1000;
   RATE_LIMIT_TTL_MS = 30 * 1000;
 });
 
@@ -43303,6 +43355,10 @@ function loadConfig2(configPath) {
   }
   applyAgentOverlays(config);
   validateAllCronTopicAliases2(config, filePath);
+  const notionIssues = validateNotionWorkspaceConfig(config);
+  if (notionIssues.length > 0) {
+    throw new ConfigError2(`Invalid notion_workspace configuration in ${filePath}`, notionIssues);
+  }
   return config;
 }
 function validateAllCronTopicAliases2(config, filePath) {
@@ -44339,6 +44395,17 @@ function validateClientMessage(msg) {
         return false;
       return true;
     }
+    case "request_ms365_approval": {
+      if (typeof m.correlationId !== "string" || m.correlationId.length === 0 || m.correlationId.length > 64)
+        return false;
+      if (typeof m.agentName !== "string" || !AGENT_NAME_RE3.test(m.agentName))
+        return false;
+      if (typeof m.preview !== "object" || m.preview === null)
+        return false;
+      if (m.ttlMs !== undefined && (typeof m.ttlMs !== "number" || !Number.isFinite(m.ttlMs) || m.ttlMs < 0))
+        return false;
+      return true;
+    }
     default:
       return false;
   }
@@ -44357,6 +44424,7 @@ function createIpcServer(options) {
     onPtyPartial,
     onInjectInbound,
     onRequestDriveApproval,
+    onRequestMs365Approval,
     onRequestConfigApproval,
     onRequestConfigFinalize,
     log = () => {},
@@ -44463,6 +44531,30 @@ function createIpcServer(options) {
           } catch {}
         }
         break;
+      case "request_ms365_approval":
+        if (onRequestMs365Approval) {
+          onRequestMs365Approval(client3, msg).catch((err) => {
+            log(`request_ms365_approval handler threw (client=${client3.id}): ${err.message}`);
+            try {
+              client3.send({
+                type: "ms365_approval_posted",
+                correlationId: msg.correlationId,
+                ok: false,
+                reason: `gateway handler error: ${err.message}`
+              });
+            } catch {}
+          });
+        } else {
+          try {
+            client3.send({
+              type: "ms365_approval_posted",
+              correlationId: msg.correlationId,
+              ok: false,
+              reason: "gateway not configured for MS-365 write approval"
+            });
+          } catch {}
+        }
+        break;
       case "request_config_approval":
         if (onRequestConfigApproval) {
           onRequestConfigApproval(client3, msg).catch((err) => {
@@ -44899,6 +44991,184 @@ function clampTtl(requested, fallback, min, max) {
   return t;
 }
 
+// gateway/ms365-write-approval.ts
+function validateMs365Preview(input) {
+  if (!input || typeof input !== "object")
+    return null;
+  const o = input;
+  if (typeof o.agentName !== "string" || o.agentName.length === 0)
+    return null;
+  if (typeof o.toolName !== "string" || o.toolName.length === 0)
+    return null;
+  if (typeof o.itemId !== "string" || o.itemId.length === 0)
+    return null;
+  if (typeof o.itemDisplayName !== "string")
+    return null;
+  if (typeof o.accountEmail !== "string")
+    return null;
+  const out = {
+    agentName: o.agentName,
+    toolName: o.toolName,
+    itemId: o.itemId,
+    itemDisplayName: o.itemDisplayName,
+    accountEmail: o.accountEmail
+  };
+  if (typeof o.deepLink === "string")
+    out.deepLink = o.deepLink;
+  if (typeof o.sizeBytesBefore === "number")
+    out.sizeBytesBefore = o.sizeBytesBefore;
+  if (typeof o.sizeBytesAfter === "number")
+    out.sizeBytesAfter = o.sizeBytesAfter;
+  if (typeof o.agentRationale === "string")
+    out.agentRationale = o.agentRationale;
+  return out;
+}
+var DEFAULT_TTL_MS2 = 5 * 60 * 1000;
+var MAX_TTL_MS2 = 30 * 60 * 1000;
+var MIN_TTL_MS2 = 30 * 1000;
+function defaultKeyboard(requestId) {
+  return {
+    inline_keyboard: [
+      [
+        { text: "\u2705 Approve", callback_data: `apv:${requestId}:once` },
+        { text: "\uD83D\uDEAB Deny", callback_data: `apv:${requestId}:deny` }
+      ]
+    ]
+  };
+}
+function buildMs365CardText(p) {
+  const lines = [];
+  lines.push(`\uD83D\uDCC4 Microsoft 365 write approval`);
+  lines.push("");
+  lines.push(`Agent: ${truncate2(p.agentName, 64)}`);
+  lines.push(`Tool: ${truncate2(p.toolName.replace(/^mcp__/, ""), 96)}`);
+  lines.push(`Item: ${truncate2(p.itemDisplayName, 256)}`);
+  if (p.itemId !== "(new)") {
+    lines.push(`ID:   ${truncate2(p.itemId, 96)}`);
+  }
+  lines.push(`Account: ${truncate2(p.accountEmail, 96)}`);
+  if (typeof p.sizeBytesBefore === "number" || typeof p.sizeBytesAfter === "number") {
+    const before = p.sizeBytesBefore ?? 0;
+    const after = p.sizeBytesAfter ?? 0;
+    const delta = after - before;
+    const sign = delta >= 0 ? "+" : "";
+    lines.push(`Size: ${humanBytes(before)} \u2192 ${humanBytes(after)} (${sign}${humanBytes(delta)})`);
+  }
+  if (p.deepLink) {
+    lines.push(`Link: ${truncate2(p.deepLink, 256)}`);
+  }
+  if (p.agentRationale) {
+    lines.push("");
+    lines.push(`\uD83D\uDCAC ${truncate2(p.agentRationale, 512)}`);
+  }
+  lines.push("");
+  lines.push("\u26a0\ufe0f Weak attestation (RFC \u00a78 v1): operator should click through to verify the actual change before approving. Structural diff coming v1.5.");
+  return lines.join(`
+`);
+}
+function truncate2(s, n) {
+  if (s.length <= n)
+    return s;
+  return s.slice(0, n - 1) + "\u2026";
+}
+function humanBytes(bytes) {
+  const abs = Math.abs(bytes);
+  if (abs < 1024)
+    return `${bytes}B`;
+  if (abs < 1024 * 1024)
+    return `${(bytes / 1024).toFixed(1)}KB`;
+  if (abs < 1024 * 1024 * 1024)
+    return `${(bytes / 1024 / 1024).toFixed(2)}MB`;
+  return `${(bytes / 1024 / 1024 / 1024).toFixed(2)}GB`;
+}
+function clampTtl2(requested, def, min, max) {
+  if (typeof requested !== "number" || !Number.isFinite(requested))
+    return def;
+  return Math.max(min, Math.min(max, requested));
+}
+async function handleRequestMs365Approval(client3, msg, deps) {
+  const log = deps.log ?? (() => {});
+  const sendResponse = (ok, extra = {}) => {
+    client3.send({
+      type: "ms365_approval_posted",
+      correlationId: msg.correlationId,
+      ok,
+      ...extra
+    });
+  };
+  if (msg.agentName !== deps.agentName) {
+    log(`ms365-approval: cross-agent request rejected (msg=${msg.agentName} vs gateway=${deps.agentName})`);
+    sendResponse(false, { reason: "cross-agent request rejected" });
+    return;
+  }
+  const preview = validateMs365Preview(msg.preview);
+  if (!preview) {
+    log("ms365-approval: invalid preview payload");
+    sendResponse(false, { reason: "invalid preview payload" });
+    return;
+  }
+  const allowFrom = deps.loadAllowFrom();
+  if (allowFrom.length === 0) {
+    log("ms365-approval: no operator allowFrom configured");
+    sendResponse(false, { reason: "no operator allowFrom configured" });
+    return;
+  }
+  const targetChat = deps.loadTargetChat();
+  if (!targetChat) {
+    log("ms365-approval: no target chat resolved");
+    sendResponse(false, { reason: "no target chat resolved" });
+    return;
+  }
+  const ttlMs = clampTtl2(msg.ttlMs, deps.defaultTtlMs ?? DEFAULT_TTL_MS2, deps.minTtlMs ?? MIN_TTL_MS2, deps.maxTtlMs ?? MAX_TTL_MS2);
+  const scope = `ms-365:write:${preview.itemId}`;
+  const why = preview.agentRationale ?? `${preview.toolName} on ${preview.itemDisplayName}`;
+  let registered;
+  try {
+    registered = await deps.registerApproval({
+      agent_unit: preview.agentName,
+      scope,
+      action: "write",
+      approver_set: allowFrom,
+      why,
+      ttl_ms: ttlMs
+    });
+  } catch (err) {
+    const msg2 = err instanceof Error ? err.message : String(err);
+    log(`ms365-approval: kernel register failed \u2014 ${msg2}`);
+    sendResponse(false, { reason: `kernel register failed: ${msg2}` });
+    return;
+  }
+  if (!registered) {
+    sendResponse(false, { reason: "kernel returned no request_id" });
+    return;
+  }
+  const text = buildMs365CardText(preview);
+  const replyMarkup = (deps.buildKeyboard ?? defaultKeyboard)(registered.request_id);
+  let posted;
+  try {
+    posted = await deps.postCard({
+      chatId: targetChat.chatId,
+      threadId: targetChat.threadId,
+      text,
+      replyMarkup
+    });
+  } catch (err) {
+    const m = err instanceof Error ? err.message : String(err);
+    log(`ms365-approval: card post threw \u2014 ${m}`);
+    sendResponse(false, { reason: `card post failed: ${m}` });
+    return;
+  }
+  if (!posted) {
+    sendResponse(false, { reason: "card post returned null" });
+    return;
+  }
+  log(`ms365-approval: posted card msg=${posted.messageId} request=${registered.request_id} expires=${new Date(registered.expires_at_ms).toISOString()}`);
+  sendResponse(true, {
+    requestId: registered.request_id,
+    expiresAtMs: registered.expires_at_ms
+  });
+}
+
 // gateway/diff-preview-card.ts
 var import_grammy5 = __toESM(require_mod2(), 1);
 var REQUEST_ID_RE = /^[0-9a-f]{32}$/;
@@ -45813,14 +46083,14 @@ function buildVaultSaveDiscardedInbound(opts) {
 // gateway/subagent-handback-inbound-builder.ts
 var HANDBACK_RESULT_MAX = 3000;
 var HANDBACK_DESC_MAX = 200;
-function truncate2(s, max) {
+function truncate3(s, max) {
   const t = s.trim();
   return t.length > max ? t.slice(0, max) + "\u2026" : t;
 }
 function buildSubagentHandbackInbound(opts) {
   const ts = opts.nowMs ?? Date.now();
-  const desc = truncate2(opts.ctx.taskDescription, HANDBACK_DESC_MAX) || "(no description)";
-  const result = truncate2(opts.ctx.resultText, HANDBACK_RESULT_MAX);
+  const desc = truncate3(opts.ctx.taskDescription, HANDBACK_DESC_MAX) || "(no description)";
+  const result = truncate3(opts.ctx.resultText, HANDBACK_RESULT_MAX);
   const text = opts.ctx.outcome === "failed" ? `\uD83E\uDD1D A background worker you dispatched has FAILED.
 
 ` + `Task: ${desc}
@@ -45884,7 +46154,7 @@ function decideSubagentHandback(input) {
 var PROGRESS_RESULT_MAX = 800;
 var PROGRESS_DESC_MAX = 200;
 var DEFAULT_PROGRESS_INTERVAL_MS = 5 * 60 * 1000;
-function truncate3(s, max) {
+function truncate4(s, max) {
   const t = s.trim();
   return t.length > max ? t.slice(0, max) + "\u2026" : t;
 }
@@ -45898,8 +46168,8 @@ function formatElapsed(ms) {
 }
 function buildSubagentProgressInbound(opts) {
   const ts = opts.nowMs ?? Date.now();
-  const desc = truncate3(opts.ctx.taskDescription, PROGRESS_DESC_MAX) || "(no description)";
-  const summary = truncate3(opts.ctx.latestSummary, PROGRESS_RESULT_MAX);
+  const desc = truncate4(opts.ctx.taskDescription, PROGRESS_DESC_MAX) || "(no description)";
+  const summary = truncate4(opts.ctx.latestSummary, PROGRESS_RESULT_MAX);
   const elapsed = formatElapsed(opts.ctx.elapsedMs);
   const expiresAt = ts + 2 * opts.ctx.progressIntervalMs;
   const text = `\uD83D\uDD04 A background worker you dispatched is still running.
@@ -46894,12 +47164,12 @@ function runPipeline(inputs) {
 }
 
 // secret-detect/staging.ts
-var DEFAULT_TTL_MS2 = 5 * 60 * 1000;
+var DEFAULT_TTL_MS3 = 5 * 60 * 1000;
 
 class StagingMap {
   ttlMs;
   map = new Map;
-  constructor(ttlMs = DEFAULT_TTL_MS2) {
+  constructor(ttlMs = DEFAULT_TTL_MS3) {
     this.ttlMs = ttlMs;
   }
   key(chat_id, message_id) {
@@ -47942,7 +48212,7 @@ function startSubagentWatcher(config) {
       if (idleMs >= threshold) {
         entry.stallNotified = true;
         entry.stalledAt = n;
-        const desc = escapeHtml8(truncate4(entry.description, 80));
+        const desc = escapeHtml8(truncate5(entry.description, 80));
         const idleSec = Math.floor(idleMs / 1000);
         log?.(`subagent-watcher: stall detected for ${entry.agentId} (idle ${idleSec}s): ${desc}`);
         if (db2 != null) {
@@ -48908,13 +49178,13 @@ function summarizeToolForTitle(toolName, inputPreview) {
         return `${toolName} (${skill})`;
       const command = readString(input, "command");
       if (command)
-        return `${toolName}: ${truncate5(command, COMMAND_TITLE_MAX)}`;
+        return `${toolName}: ${truncate6(command, COMMAND_TITLE_MAX)}`;
       const argHint = firstScalarArgHint(input);
       return argHint ? `${toolName} (${argHint})` : toolName;
     }
     case "Bash": {
       const command = readString(input, "command");
-      return command ? `${toolName}: ${truncate5(command, COMMAND_TITLE_MAX)}` : toolName;
+      return command ? `${toolName}: ${truncate6(command, COMMAND_TITLE_MAX)}` : toolName;
     }
     case "Read":
     case "Edit":
@@ -48922,17 +49192,17 @@ function summarizeToolForTitle(toolName, inputPreview) {
     case "MultiEdit":
     case "NotebookEdit": {
       const filePath = readString(input, "file_path") ?? readString(input, "notebook_path");
-      return filePath ? `${toolName}: ${truncate5(basename5(filePath), PATH_TITLE_MAX)}` : toolName;
+      return filePath ? `${toolName}: ${truncate6(basename5(filePath), PATH_TITLE_MAX)}` : toolName;
     }
     case "Glob":
     case "Grep": {
       const pattern = readString(input, "pattern");
-      return pattern ? `${toolName}: ${truncate5(pattern, COMMAND_TITLE_MAX)}` : toolName;
+      return pattern ? `${toolName}: ${truncate6(pattern, COMMAND_TITLE_MAX)}` : toolName;
     }
     case "WebFetch":
     case "WebSearch": {
       const query2 = readString(input, "url") ?? readString(input, "query");
-      return query2 ? `${toolName}: ${truncate5(query2, COMMAND_TITLE_MAX)}` : toolName;
+      return query2 ? `${toolName}: ${truncate6(query2, COMMAND_TITLE_MAX)}` : toolName;
     }
     default:
       return toolName;
@@ -48971,7 +49241,7 @@ function firstScalarArgHint(input) {
     if (SKIP.has(key))
       continue;
     if (typeof value === "string" && value.length > 0) {
-      return `${key}: ${truncate5(value, INPUT_VALUE_MAX)}`;
+      return `${key}: ${truncate6(value, INPUT_VALUE_MAX)}`;
     }
     if (typeof value === "number" || typeof value === "boolean") {
       return `${key}: ${String(value)}`;
@@ -49006,7 +49276,7 @@ function skillBasenameFromPath(input) {
   const basename6 = lastSlash >= 0 ? trimmed.slice(lastSlash + 1) : trimmed;
   return basename6.length > 0 ? basename6 : null;
 }
-function truncate5(text, max) {
+function truncate6(text, max) {
   const collapsed = text.replace(/\s+/g, " ").trim();
   if (collapsed.length <= max)
     return collapsed;
@@ -49277,11 +49547,11 @@ function sweepStaleTurnActiveMarker(stateDir, opts) {
 }
 
 // ../src/build-info.ts
-var VERSION = "0.13.53";
-var COMMIT_SHA = "08726c33";
-var COMMIT_DATE = "2026-05-27T03:52:37Z";
-var LATEST_PR = 1885;
-var COMMITS_AHEAD_OF_TAG = 18;
+var VERSION = "0.13.55";
+var COMMIT_SHA = "98cf8e68";
+var COMMIT_DATE = "2026-05-27T07:38:21Z";
+var LATEST_PR = 1901;
+var COMMITS_AHEAD_OF_TAG = 0;
 
 // gateway/boot-version.ts
 function formatRelativeAgo(iso) {
@@ -50991,12 +51261,14 @@ function emitGatewayOperatorEvent(event) {
 `);
     return;
   }
-  process.stderr.write(`telegram gateway: operator-event posting agent=${agent} kind=${kind} to ${access.allowFrom.length} chat(s)
+  const opEventTopic = resolveAgentOutboundTopic({ kind: "compact-watchdog" });
+  process.stderr.write(`telegram gateway: operator-event posting agent=${agent} kind=${kind} to ${access.allowFrom.length} chat(s)` + (opEventTopic != null ? ` topic=${opEventTopic}` : "") + `
 `);
   for (const chat_id of access.allowFrom) {
     const opts = {
       parse_mode: "HTML",
-      ...renderedKeyboard ? { reply_markup: renderedKeyboard } : {}
+      ...renderedKeyboard ? { reply_markup: renderedKeyboard } : {},
+      ...opEventTopic != null ? { message_thread_id: opEventTopic } : {}
     };
     bot.api.sendMessage(chat_id, renderedText, opts).catch((e) => {
       process.stderr.write(`telegram gateway: operator-event send to ${chat_id} failed agent=${agent} kind=${kind}: ${e}
@@ -51504,10 +51776,17 @@ ${reminder}
     if (alwaysRule != null) {
       keyboard.row().text(`\uD83D\uDD01 Always allow ${alwaysRule.label}`, `perm:always:${requestId}`);
     }
+    const activeTurn = currentTurn;
+    const permTopic = resolveAgentOutboundTopic({
+      kind: "permission",
+      turnInitiated: activeTurn != null,
+      originThreadId: activeTurn?.sessionThreadId
+    });
     for (const chat_id of access.allowFrom) {
       bot.api.sendMessage(chat_id, text, {
         parse_mode: "HTML",
-        reply_markup: keyboard
+        reply_markup: keyboard,
+        ...permTopic != null ? { message_thread_id: permTopic } : {}
       }).catch((e) => {
         process.stderr.write(`telegram gateway: permission_request send to ${chat_id} failed: ${e}
 `);
@@ -51567,7 +51846,15 @@ ${reminder}
         const operator = access.allowFrom[0];
         if (operator === undefined)
           return null;
-        return { chatId: operator };
+        const activeTurn = currentTurn;
+        const driveTopic = resolveAgentOutboundTopic({
+          kind: "hostd-approval",
+          originThreadId: activeTurn?.sessionThreadId
+        });
+        return {
+          chatId: operator,
+          ...driveTopic != null ? { threadId: driveTopic } : {}
+        };
       },
       registerApproval: async (args) => {
         const r = await approvalRequest({
@@ -51605,6 +51892,62 @@ ${reminder}
       },
       buildCard: ({ preview, suggestRequestId }) => buildDiffPreviewCard({ preview, suggestRequestId }),
       log: (m) => process.stderr.write(`telegram gateway: drive-approval \u2014 ${m}
+`)
+    });
+  },
+  async onRequestMs365Approval(client3, msg) {
+    await handleRequestMs365Approval(client3, msg, {
+      agentName: getMyAgentName(),
+      loadAllowFrom: () => loadAccess().allowFrom,
+      loadTargetChat: () => {
+        const access = loadAccess();
+        const operator = access.allowFrom[0];
+        if (operator === undefined)
+          return null;
+        const activeTurn = currentTurn;
+        const ms365Topic = resolveAgentOutboundTopic({
+          kind: "hostd-approval",
+          originThreadId: activeTurn?.sessionThreadId
+        });
+        return {
+          chatId: operator,
+          ...ms365Topic != null ? { threadId: ms365Topic } : {}
+        };
+      },
+      registerApproval: async (args) => {
+        const r = await approvalRequest({
+          agent_unit: args.agent_unit,
+          scope: args.scope,
+          action: args.action,
+          approver_set: args.approver_set,
+          why: args.why,
+          ttl_ms: args.ttl_ms
+        });
+        if (r === null || r.state === "rate_limited")
+          return null;
+        return {
+          request_id: r.request_id,
+          expires_at_ms: r.expires_at
+        };
+      },
+      postCard: async (args) => {
+        try {
+          const sent = await robustApiCall(() => bot.api.sendMessage(args.chatId, args.text, {
+            ...args.threadId !== undefined ? { message_thread_id: args.threadId } : {},
+            reply_markup: args.replyMarkup
+          }), {
+            chat_id: String(args.chatId),
+            verb: "ms365-approval-card",
+            ...args.threadId !== undefined ? { threadId: args.threadId } : {}
+          });
+          return { messageId: sent.message_id };
+        } catch (err) {
+          process.stderr.write(`telegram gateway: ms365-approval postCard failed: ${err.message}
+`);
+          return null;
+        }
+      },
+      log: (m) => process.stderr.write(`telegram gateway: ms365-approval \u2014 ${m}
 `)
     });
   },
@@ -51618,7 +51961,15 @@ ${reminder}
         const operator = access.allowFrom[0];
         if (operator === undefined)
           return null;
-        return { chatId: operator };
+        const activeTurn = currentTurn;
+        const cfgTopic = resolveAgentOutboundTopic({
+          kind: "hostd-approval",
+          originThreadId: activeTurn?.sessionThreadId
+        });
+        return {
+          chatId: operator,
+          ...cfgTopic != null ? { threadId: cfgTopic } : {}
+        };
       },
       buildKeyboard: (requestId) => new InlineKeyboard6().text("\u2705 Approve", `cfg:${requestId}:approve`).text("\uD83D\uDEAB Deny", `cfg:${requestId}:deny`),
       postCard: async (args) => {
@@ -54558,7 +54909,9 @@ function preBlock(text) {
 }
 async function switchroomReply(ctx, text, options = {}) {
   const chatId = String(ctx.chat.id);
-  const threadId = resolveThreadId(chatId, ctx.message?.message_thread_id);
+  const baseThreadId = resolveThreadId(chatId, ctx.message?.message_thread_id);
+  const routedOpts = options.classification ? slashCommandReplyOpts(ctx, options.classification) : {};
+  const threadId = routedOpts.message_thread_id ?? baseThreadId;
   await ctx.reply(text, {
     ...threadId != null ? { message_thread_id: threadId } : {},
     ...options.html ? { parse_mode: "HTML", link_preview_options: { is_disabled: true } } : {},
@@ -54719,6 +55072,16 @@ function resolveSystemdRunPath() {
   }
   return _systemdRunPath;
 }
+function slashCommandReplyOpts(ctx, classification) {
+  const originThreadId = ctx.message?.message_thread_id;
+  const event = classification === "query" ? { kind: "command-query", originThreadId } : classification === "mutation" ? { kind: "command-mutation" } : { kind: "command-heavy" };
+  const target = resolveAgentOutboundTopic(event);
+  if (target == null)
+    return {};
+  if (target === originThreadId)
+    return {};
+  return { message_thread_id: target };
+}
 var _dockerReachable;
 function isDockerReachable() {
   if (_dockerReachable !== undefined)
@@ -54996,28 +55359,28 @@ async function dispatchShortVerbViaHostd(ctx, req, label, legacyArgs) {
   await switchroomReply(ctx, `\u274C <b>${escapeHtmlForTg(label)} failed via hostd</b> (result=${escapeHtmlForTg(hostdResp.result)}):
 ` + preBlock(stripAnsi2(errBody)), { html: true });
 }
-async function runSwitchroomCommand(ctx, args, label) {
+async function runSwitchroomCommand(ctx, args, label, classification = "query") {
   try {
     const output = stripAnsi2(switchroomExec(args));
     const formatted = formatSwitchroomOutput(output);
     if (formatted) {
-      await switchroomReply(ctx, preBlock(formatted), { html: true });
+      await switchroomReply(ctx, preBlock(formatted), { html: true, classification });
     } else {
-      await switchroomReply(ctx, `${label}: done (no output)`);
+      await switchroomReply(ctx, `${label}: done (no output)`, { classification });
     }
   } catch (err) {
     const error = err;
     if (error.message?.includes("ENOENT")) {
-      await switchroomReply(ctx, "switchroom CLI not found.", { html: true });
+      await switchroomReply(ctx, "switchroom CLI not found.", { html: true, classification });
       return;
     }
     if (error.message?.includes("ETIMEDOUT") || error.message?.includes("timed out")) {
-      await switchroomReply(ctx, `${label}: timed out`);
+      await switchroomReply(ctx, `${label}: timed out`, { classification });
       return;
     }
     const detail = stripAnsi2(error.stderr?.trim() || error.message || "unknown error");
     await switchroomReply(ctx, `<b>${escapeHtmlForTg(label)} failed:</b>
-${preBlock(formatSwitchroomOutput(detail))}`, { html: true });
+${preBlock(formatSwitchroomOutput(detail))}`, { html: true, classification });
   }
 }
 function switchroomExecJson(args) {
@@ -55611,7 +55974,7 @@ The gateway will restart as part of the recreate step; watch for the post-restar
 bot.command("upgradestatus", async (ctx) => {
   if (!isAuthorizedSender(ctx))
     return;
-  await runSwitchroomCommand(ctx, ["update", "--status"], "update --status");
+  await runSwitchroomCommand(ctx, ["update", "--status"], "update --status", "heavy");
 });
 bot.command("upgrade", async (ctx) => {
   if (!isAuthorizedSender(ctx))
@@ -55680,7 +56043,7 @@ bot.command("audit", async (ctx) => {
     await switchroomReply(ctx, `Unknown flag <code>${escapeHtmlForTg(t)}</code>. Allowed: <code>--tail</code>, <code>--agent</code>, <code>--op</code>, <code>--error</code>, <code>--verbose</code>.`, { html: true });
     return;
   }
-  await runSwitchroomCommand(ctx, argv, `hostd audit${argv.length > 2 ? " \u2026" : ""}`);
+  await runSwitchroomCommand(ctx, argv, `hostd audit${argv.length > 2 ? " \u2026" : ""}`, "heavy");
 });
 function isValidPermissionRequestId(id) {
   return /^[a-z0-9-]{1,32}$/.test(id);
@@ -57397,7 +57760,7 @@ bot.command("logs", async (ctx) => {
   }
   const lines = linesArg ? parseInt(linesArg, 10) : 20;
   const lineCount = isNaN(lines) || lines < 1 ? 20 : Math.min(lines, 200);
-  await runSwitchroomCommand(ctx, ["agent", "logs", name, "--lines", String(lineCount)], `logs ${name}`);
+  await runSwitchroomCommand(ctx, ["agent", "logs", name, "--lines", String(lineCount)], `logs ${name}`, "heavy");
 });
 bot.command("memory", async (ctx) => {
   if (!isAuthorizedSender(ctx))
@@ -57407,7 +57770,7 @@ bot.command("memory", async (ctx) => {
     await switchroomReply(ctx, "Usage: /memory <search query>");
     return;
   }
-  await runSwitchroomCommand(ctx, ["memory", "search", query2], "memory search");
+  await runSwitchroomCommand(ctx, ["memory", "search", query2], "memory search", "heavy");
 });
 bot.command("issues", async (ctx) => {
   if (!isAuthorizedSender(ctx))