switchroom 0.14.11 → 0.14.13

package/telegram-plugin/dist/gateway/gateway.js

@@ -23607,7 +23607,7 @@ var init_dist = __esm(() => {
 });
 
 // ../src/config/schema.ts
-var CodeRepoEntrySchema, AgentBindMountSchema, ScheduleEntrySchema, AgentSoulSchema, AgentToolsSchema, AgentMemorySchema, HookEntrySchema, AgentHooksSchema, SubagentSchema, SessionSchema, SessionContinuitySchema, TelegramChannelSchema, ChannelsSchema, TIMEZONE_REGEX, ApproverIdSchema, GoogleWorkspaceTierSchema, GoogleWorkspaceConfigSchema, MicrosoftWorkspaceConfigSchema, NotionWorkspaceConfigSchema, AgentGoogleWorkspaceConfigSchema, AgentMicrosoftWorkspaceConfigSchema, AgentNotionWorkspaceConfigSchema, ReactionsSchema, ReleaseBlock, NetworkIsolationSchema, profileFields, ProfileSchema, _omitExtends, defaultsFields, AgentDefaultsSchema, AgentSchema, TelegramConfigSchema, MemoryBackendConfigSchema, VaultConfigSchema, QuotaConfigSchema, AutoReleaseCheckSchema, HostControlConfigSchema, HostdConfigSchema, SwitchroomConfigSchema;
+var CodeRepoEntrySchema, AgentBindMountSchema, ScheduleEntrySchema, AgentSoulSchema, AgentToolsSchema, AgentMemorySchema, HookEntrySchema, AgentHooksSchema, SubagentSchema, SessionSchema, SessionContinuitySchema, TelegramChannelSchema, ChannelsSchema, TIMEZONE_REGEX, ApproverIdSchema, GoogleWorkspaceTierSchema, GoogleWorkspaceConfigSchema, MicrosoftWorkspaceConfigSchema, NotionWorkspaceConfigSchema, AgentGoogleWorkspaceConfigSchema, AgentMicrosoftWorkspaceConfigSchema, AgentNotionWorkspaceConfigSchema, ReactionsSchema, ReleaseBlock, NetworkIsolationSchema, profileFields, ProfileSchema, _omitExtends, defaultsFields, AgentDefaultsSchema, AgentSchema, TelegramConfigSchema, MemoryBackendConfigSchema, VaultConfigSchema, QuotaConfigSchema, AutoReleaseCheckSchema, HostControlConfigSchema, WebServiceConfigSchema, HostdConfigSchema, SwitchroomConfigSchema;
 var init_schema = __esm(() => {
   init_zod();
   CodeRepoEntrySchema = exports_external.object({
@@ -24057,6 +24057,9 @@ var init_schema = __esm(() => {
     enabled: exports_external.boolean().default(true).describe("Whether the host-control daemon is in use. Default: true (since " + "RFC C Phase 2 default-flip \u2014 the gateway's /restart, /new, /reset, " + "and /update apply slash-commands all dispatch through hostd, and " + "without it those verbs fail on docker-mode installs because the " + "agent container has no docker binary/socket). " + "When true, the compose generator emits per-agent bind mounts " + "at `~/.switchroom/hostd/<name>/sock` for every admin-flagged " + "agent. Install the daemon with `switchroom hostd install` \u2014 " + "it runs as a docker container in its own compose project " + "(`switchroom-hostd`), separate from the agent fleet's compose " + "project so `up -d --remove-orphans` cycles of the fleet " + "can't recreate the daemon mid-RPC. See RFC C \u00a75.1. " + "Set enabled: false only on legacy systemd-mode installs that " + "still rely on the in-container `spawnSwitchroomDetached` " + "shellout (removal is tracked as RFC C Phase 3)."),
     auto_release_check: AutoReleaseCheckSchema.default({}).describe("Pull-based release-triggered fleet restart (#1743). hostd polls " + "the remote release tag on a fixed interval and applies + " + "restarts the fleet (graceful) when a new release is detected. " + "Opt-in: default enabled=false.")
   });
+  WebServiceConfigSchema = exports_external.object({
+    managed: exports_external.boolean().default(false).describe("Whether `switchroom update` refreshes the web-service container " + "(dashboard + GitHub-webhook receiver) via `switchroom webd " + "install`. Default: false \u2014 existing installs run the web server " + "as the legacy `switchroom-web.service` systemd unit and must not " + "be surprised by a container takeover of host loopback 127.0.0.1:" + "8080 mid-update. Set true ONLY after cutting over to the " + "container (stop+disable the systemd unit, `switchroom webd " + "install`). The container runs in its own compose project " + "(`switchroom-web`), separate from the agent fleet, with " + "network_mode: host so it keeps owning loopback:8080 for the " + "cloudflared tunnel + tailscale serve consumers.")
+  });
   HostdConfigSchema = exports_external.object({
     config_edit_enabled: exports_external.boolean().default(false).describe("Opt-in toggle for the `config_propose_edit` hostd verb (RFC " + "admin-agent-config-edit \u00a73). Default false \u2014 the verb returns " + "`E_CONFIG_EDIT_DISABLED` until the operator explicitly flips " + "this to true. When true (and once PR 1c lands the apply path), " + "admin agents can propose unified-diff patches against " + "`/state/config/switchroom.yaml`, gated by an operator approval " + "card in the primary chat. Same trust posture as `update_apply` " + "and `agent_restart`: the human-in-the-loop tap is the security " + "boundary, not the agent's judgement."),
     config_edit_rate_per_hour: exports_external.number().int().min(1).max(20).default(3).describe("Per-requesting-agent rate cap for `config_propose_edit` cards " + "(RFC admin-agent-config-edit \u00a75). Default 3 cards/hour; min 1, " + "max 20. Implemented as a sqlite token bucket in PR 1c; the " + "field is wired here in PR 1a so operators can pin it before the " + "limiter is live. Above the cap, the verb returns " + "`E_RATE_LIMITED` without raising a card.")
@@ -24090,6 +24093,7 @@ var init_schema = __esm(() => {
     quota: QuotaConfigSchema.optional().describe("Optional weekly/monthly USD spend budgets rendered in the session " + "greeting. Usage is read from ccusage at runtime; no network calls."),
     host_control: HostControlConfigSchema.default({}).describe("Host-control daemon configuration. Defaults to enabled=true since " + "RFC C Phase 2 (docs/rfcs/host-control-daemon.md). Omit the block " + "to accept defaults; set `enabled: false` only on legacy systemd-" + "mode installs (removal tracked as RFC C Phase 3)."),
     hostd: HostdConfigSchema.default({}).describe("hostd verb-level knobs (RFC admin-agent-config-edit). Distinct " + "from `host_control:` which governs whether the daemon runs at " + "all. Currently scopes the opt-in flag and rate cap for the new " + "`config_propose_edit` verb (PR 1a \u2014 disabled by default)."),
+    web_service: WebServiceConfigSchema.default({}).describe("Web-service container (dashboard + GitHub-webhook receiver) config. " + "Defaults to managed=false so existing systemd-mode installs are " + "untouched. Set managed: true after cutting over to the " + "`switchroom-web` container \u2014 then `switchroom update` keeps it " + "refreshed. See `switchroom webd install`."),
     google_accounts: exports_external.record(exports_external.string().regex(/^[^@\s:]+@[^@\s:]+\.[^@\s:]+$/, {
       message: "Account key must be a Google account email like 'alice@example.com' (colons not allowed)"
     }).transform((v) => v.trim().toLowerCase()), exports_external.object({
@@ -50000,10 +50004,32 @@ function defaultReadEvents(stateDir) {
 }
 // permission-title.ts
 import { basename as basename5 } from "node:path";
-var COMMAND_TITLE_MAX = 40;
-var PATH_TITLE_MAX = 40;
+
+// permission-rule.ts
+var FILE_TOOLS = new Set([
+  "Edit",
+  "Write",
+  "MultiEdit",
+  "NotebookEdit",
+  "Read"
+]);
+var BROAD_ONLY_TOOLS = new Set([
+  "Glob",
+  "Grep",
+  "WebFetch",
+  "WebSearch",
+  "Task",
+  "Agent",
+  "TodoWrite",
+  "ExitPlanMode"
+]);
+function prettyMcpServer(server) {
+  return server.split(/[-_]/).filter((w) => w.length > 0).map((w) => w.charAt(0).toUpperCase() + w.slice(1)).join(" ");
+}
+
+// permission-title.ts
+var COMMAND_TITLE_MAX = 48;
 var DESCRIPTION_LINE_MAX = 240;
-var INPUT_VALUE_MAX = 60;
 var MCP_TOOL_DESCRIPTIONS = {
   "mcp__agent-config__config_get": "Read its own merged config",
   "mcp__agent-config__cron_list": "List its own scheduled tasks",
@@ -50023,103 +50049,153 @@ var MCP_TOOL_DESCRIPTIONS = {
   mcp__hostd__update_apply: "Apply a fleet-wide update (pull + recreate)",
   mcp__hindsight__recall: "Recall relevant memories",
   mcp__hindsight__retain: "Retain a memory",
-  mcp__hindsight__reflect: "Reflect across its memory bank"
+  mcp__hindsight__reflect: "Reflect across its memory bank",
+  mcp__perplexity__search: "Search the web",
+  mcp__perplexity__ask: "Ask the web"
 };
-function summarizeToolForTitle(toolName, inputPreview) {
-  if (toolName.startsWith("mcp__")) {
-    const curated = MCP_TOOL_DESCRIPTIONS[toolName];
-    const base = curated ? curated : (() => {
-      const parts = toolName.split("__");
-      if (parts.length >= 3) {
-        const server = parts[1];
-        const verb = parts.slice(2).join("__").replace(/_/g, " ");
-        return `${server}: ${verb}`;
-      }
-      return toolName;
-    })();
-    const argHint = firstScalarArgHint(parseInput(inputPreview));
-    return argHint ? `${base} (${argHint})` : base;
+var INTERNAL_MCP_SERVERS = new Set([
+  "agent-config",
+  "hostd",
+  "hindsight",
+  "switchroom-telegram"
+]);
+function formatPermissionCardBody(opts) {
+  const action = naturalAction(opts.toolName, opts.inputPreview);
+  const lines = [];
+  if (opts.agentName && opts.agentName.length > 0) {
+    lines.push(`\uD83D\uDD10 <b>${escapeTgHtml(capFirst(opts.agentName))}</b> wants to ${escapeTgHtml(action)}`);
+  } else {
+    lines.push(`\uD83D\uDD10 ${escapeTgHtml(capFirst(action))}`);
   }
+  const rawWhy = (opts.description ?? "").replace(/\s+/g, " ").trim();
+  const truncatedWhy = rawWhy.length > DESCRIPTION_LINE_MAX ? rawWhy.slice(0, DESCRIPTION_LINE_MAX - 1) + "\u2026" : rawWhy;
+  lines.push(truncatedWhy.length > 0 ? `why: <i>${escapeTgHtml(truncatedWhy)}</i>` : `why: <i>not provided</i>`);
+  return lines.join(`
+`);
+}
+function naturalAction(toolName, inputPreview) {
   const input = parseInput(inputPreview);
-  if (!input)
-    return toolName;
+  if (toolName.startsWith("mcp__"))
+    return naturalMcpAction(toolName, input);
   switch (toolName) {
-    case "Skill": {
-      const skill = readString(input, "skill") ?? readString(input, "skill_name") ?? readString(input, "skillName") ?? readString(input, "name") ?? skillBasenameFromPath(input);
-      if (skill)
-        return `${toolName} (${skill})`;
-      const command = readString(input, "command");
-      if (command)
-        return `${toolName}: ${truncate6(command, COMMAND_TITLE_MAX)}`;
-      const argHint = firstScalarArgHint(input);
-      return argHint ? `${toolName} (${argHint})` : toolName;
-    }
-    case "Bash": {
-      const command = readString(input, "command");
-      return command ? `${toolName}: ${truncate6(command, COMMAND_TITLE_MAX)}` : toolName;
-    }
-    case "Read":
     case "Edit":
-    case "Write":
     case "MultiEdit":
     case "NotebookEdit": {
-      const filePath = readString(input, "file_path") ?? readString(input, "notebook_path");
-      return filePath ? `${toolName}: ${truncate6(basename5(filePath), PATH_TITLE_MAX)}` : toolName;
+      const f = fileBase(input);
+      return f ? `edit: ${f}` : "edit files";
+    }
+    case "Write": {
+      const f = fileBase(input);
+      return f ? `write: ${f}` : "write files";
+    }
+    case "Read": {
+      const f = fileBase(input);
+      return f ? `read: ${f}` : "read files";
+    }
+    case "Bash": {
+      const c = input ? readString(input, "command") : null;
+      return c ? `run: ${truncate6(c, COMMAND_TITLE_MAX)}` : "run shell commands";
+    }
+    case "Skill": {
+      const s = input ? resolveSkillName(input) : null;
+      return s ? `use the ${s} skill` : "use a skill";
     }
     case "Glob":
     case "Grep": {
-      const pattern = readString(input, "pattern");
-      return pattern ? `${toolName}: ${truncate6(pattern, COMMAND_TITLE_MAX)}` : toolName;
+      const p = input ? readString(input, "pattern") : null;
+      return p ? `search files for: ${truncate6(p, COMMAND_TITLE_MAX)}` : "search files";
     }
-    case "WebFetch":
     case "WebSearch": {
-      const query2 = readString(input, "url") ?? readString(input, "query");
-      return query2 ? `${toolName}: ${truncate6(query2, COMMAND_TITLE_MAX)}` : toolName;
+      const q = input ? readString(input, "query") : null;
+      return q ? `search the web for: ${truncate6(q, COMMAND_TITLE_MAX)}` : "search the web";
+    }
+    case "WebFetch": {
+      const u = input ? readString(input, "url") : null;
+      return u ? `fetch a web page: ${truncate6(u, COMMAND_TITLE_MAX)}` : "fetch a web page";
     }
+    case "Task":
+    case "Agent":
+      return "dispatch a sub-agent";
+    case "TodoWrite":
+      return "update its task list";
+    case "ExitPlanMode":
+      return "exit plan mode";
     default:
-      return toolName;
-  }
-}
-function formatPermissionCardBody(opts) {
-  const summary = summarizeToolForTitle(opts.toolName, opts.inputPreview);
-  const lines = [];
-  const agentBit = opts.agentName && opts.agentName.length > 0 ? `<b>${escapeTgHtml(opts.agentName)}</b> \u00b7 ` : "";
-  lines.push(`\uD83D\uDD10 ${agentBit}${escapeTgHtml(summary)}`);
-  const rawWhy = (opts.description ?? "").replace(/\s+/g, " ").trim();
-  const truncatedWhy = rawWhy.length > DESCRIPTION_LINE_MAX ? rawWhy.slice(0, DESCRIPTION_LINE_MAX - 1) + "\u2026" : rawWhy;
-  if (truncatedWhy.length > 0) {
-    lines.push(`why: <i>${escapeTgHtml(truncatedWhy)}</i>`);
-  } else {
-    lines.push(`why: <i>not provided</i>`);
+      return `use ${toolName}`;
+  }
+}
+function naturalMcpAction(toolName, input) {
+  const parts = toolName.split("__");
+  const server = parts.length >= 2 ? parts[1] : "";
+  const curated = MCP_TOOL_DESCRIPTIONS[toolName];
+  if (curated) {
+    const phrase = lowerFirst(curated);
+    return INTERNAL_MCP_SERVERS.has(server) ? phrase : `${phrase} (${prettyMcpServer(server)})`;
+  }
+  if (parts.length >= 3) {
+    const verb = parts.slice(2).join("__").replace(/_/g, " ");
+    return INTERNAL_MCP_SERVERS.has(server) ? verb : `${verb} (${prettyMcpServer(server)})`;
+  }
+  return `use ${toolName}`;
+}
+function describeGrant(toolName, inputPreview, option) {
+  const rule = option.rule;
+  if (rule.endsWith("__*") && rule.startsWith("mcp__")) {
+    const server = rule.split("__")[1] ?? "";
+    return `use any ${prettyMcpServer(server)} tool`;
+  }
+  const scoped = /^([A-Za-z]+)\((.+)\)$/.exec(rule);
+  if (scoped) {
+    const t = scoped[1];
+    const arg = scoped[2];
+    if (t === "Skill")
+      return `use the ${arg} skill`;
+    if (t === "Bash") {
+      const m = /^([^:]+):\*$/.exec(arg);
+      return m ? `run ${m[1]} commands` : "run that command";
+    }
+    if (t === "Edit" || t === "MultiEdit" || t === "NotebookEdit")
+      return `edit ${basename5(arg)}`;
+    if (t === "Write")
+      return `write ${basename5(arg)}`;
+    if (t === "Read")
+      return `read ${basename5(arg)}`;
+    return naturalAction(toolName, inputPreview);
+  }
+  switch (rule) {
+    case "Edit":
+    case "MultiEdit":
+    case "NotebookEdit":
+      return "edit any file";
+    case "Write":
+      return "write any file";
+    case "Read":
+      return "read any file";
+    case "Bash":
+      return "run any command";
+    case "Skill":
+      return "use any skill";
+    default:
+      return naturalAction(toolName, inputPreview);
   }
-  return lines.join(`
-`);
 }
-function escapeTgHtml(text) {
-  return text.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
+function resolveSkillName(input) {
+  return readString(input, "skill") ?? readString(input, "skill_name") ?? readString(input, "skillName") ?? readString(input, "name") ?? skillBasenameFromPath(input);
 }
-function firstScalarArgHint(input) {
+function fileBase(input) {
   if (!input)
     return null;
-  const SKIP = new Set([
-    "chat_id",
-    "chatId",
-    "message_thread_id",
-    "messageThreadId",
-    "request_id",
-    "requestId"
-  ]);
-  for (const [key, value] of Object.entries(input)) {
-    if (SKIP.has(key))
-      continue;
-    if (typeof value === "string" && value.length > 0) {
-      return `${key}: ${truncate6(value, INPUT_VALUE_MAX)}`;
-    }
-    if (typeof value === "number" || typeof value === "boolean") {
-      return `${key}: ${String(value)}`;
-    }
-  }
-  return null;
+  const p = readString(input, "file_path") ?? readString(input, "notebook_path");
+  return p ? basename5(p) : null;
+}
+function lowerFirst(text) {
+  return text.length > 0 ? text.charAt(0).toLowerCase() + text.slice(1) : text;
+}
+function capFirst(text) {
+  return text.length > 0 ? text.charAt(0).toUpperCase() + text.slice(1) : text;
+}
+function escapeTgHtml(text) {
+  return text.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
 }
 function parseInput(raw) {
   if (!raw || typeof raw !== "string")
@@ -50145,8 +50221,8 @@ function skillBasenameFromPath(input) {
     return null;
   const trimmed = path.replace(/\/SKILL\.md$/i, "").replace(/\/$/, "");
   const lastSlash = trimmed.lastIndexOf("/");
-  const basename6 = lastSlash >= 0 ? trimmed.slice(lastSlash + 1) : trimmed;
-  return basename6.length > 0 ? basename6 : null;
+  const base = lastSlash >= 0 ? trimmed.slice(lastSlash + 1) : trimmed;
+  return base.length > 0 ? base : null;
 }
 function truncate6(text, max) {
   const collapsed = text.replace(/\s+/g, " ").trim();
@@ -50157,47 +50233,96 @@ function truncate6(text, max) {
 
 // permission-rule.ts
 import { basename as basename6 } from "node:path";
-function resolveAlwaysAllowRule(toolName, inputPreview) {
+var FILE_TOOLS2 = new Set([
+  "Edit",
+  "Write",
+  "MultiEdit",
+  "NotebookEdit",
+  "Read"
+]);
+var BROAD_ONLY_TOOLS2 = new Set([
+  "Glob",
+  "Grep",
+  "WebFetch",
+  "WebSearch",
+  "Task",
+  "Agent",
+  "TodoWrite",
+  "ExitPlanMode"
+]);
+function resolveScopedAllowChoices(toolName, inputPreview) {
   if (!toolName)
     return null;
   const input = parseInput2(inputPreview);
-  switch (toolName) {
-    case "Skill": {
-      if (!input)
-        return null;
-      const skill = readString2(input, "skill") ?? readString2(input, "skill_name") ?? readString2(input, "skillName") ?? readString2(input, "name") ?? skillBasenameFromPath2(input);
-      if (!skill)
-        return null;
-      if (!/^[A-Za-z0-9._\-+]+$/.test(skill))
-        return null;
+  if (toolName === "Skill") {
+    const skill = input ? resolveSkillName2(input) : null;
+    if (!skill)
+      return null;
+    if (!/^[A-Za-z0-9._\-+]+$/.test(skill))
+      return null;
+    return {
+      specific: { rule: `Skill(${skill})`, buttonLabel: "This skill", broad: false },
+      broad: { rule: "Skill", buttonLabel: "Any skill", broad: true }
+    };
+  }
+  if (FILE_TOOLS2.has(toolName)) {
+    const path = filePathFrom(input);
+    const broad = { rule: toolName, buttonLabel: "Any file", broad: true };
+    if (path) {
       return {
-        rule: `Skill(${skill})`,
-        label: `Skill(${skill})`
+        specific: { rule: `${toolName}(${path})`, buttonLabel: "This file", broad: false },
+        broad
       };
     }
-    case "Bash":
-    case "Read":
-    case "Write":
-    case "Edit":
-    case "MultiEdit":
-    case "NotebookEdit":
-    case "Glob":
-    case "Grep":
-    case "WebFetch":
-    case "WebSearch":
-    case "Task":
-    case "Agent":
-    case "TodoWrite":
-    case "ExitPlanMode": {
-      return { rule: toolName, label: toolName };
-    }
-    default: {
-      if (/^mcp__[A-Za-z0-9_\-]+(__[A-Za-z0-9_\-]+)?$/.test(toolName)) {
-        return { rule: toolName, label: toolName };
-      }
-      return null;
+    return { broad };
+  }
+  if (toolName === "Bash") {
+    const broad = { rule: "Bash", buttonLabel: "Any command", broad: true };
+    const cmd = input ? readString2(input, "command") : null;
+    const tok = cmd ? bashFirstToken(cmd) : null;
+    if (tok) {
+      return {
+        specific: { rule: `Bash(${tok}:*)`, buttonLabel: `${tok} commands`, broad: false },
+        broad
+      };
     }
+    return { broad };
+  }
+  if (BROAD_ONLY_TOOLS2.has(toolName)) {
+    return { broad: { rule: toolName, buttonLabel: "Always allow", broad: true } };
   }
+  const mcp = /^mcp__([A-Za-z0-9_-]+)__([A-Za-z0-9_-]+)$/.exec(toolName);
+  if (mcp) {
+    const server = mcp[1];
+    return {
+      specific: { rule: toolName, buttonLabel: "This action", broad: false },
+      broad: { rule: `mcp__${server}__*`, buttonLabel: `All ${prettyMcpServer2(server)}`, broad: true }
+    };
+  }
+  if (/^mcp__[A-Za-z0-9_-]+$/.test(toolName)) {
+    return { broad: { rule: toolName, buttonLabel: "Always allow", broad: true } };
+  }
+  return null;
+}
+function prettyMcpServer2(server) {
+  return server.split(/[-_]/).filter((w) => w.length > 0).map((w) => w.charAt(0).toUpperCase() + w.slice(1)).join(" ");
+}
+function resolveSkillName2(input) {
+  return readString2(input, "skill") ?? readString2(input, "skill_name") ?? readString2(input, "skillName") ?? readString2(input, "name") ?? skillBasenameFromPath2(input);
+}
+function filePathFrom(input) {
+  if (!input)
+    return null;
+  return readString2(input, "file_path") ?? readString2(input, "notebook_path");
+}
+function bashFirstToken(command) {
+  const m = /^\s*([^\s|&;<>()`$]+)/.exec(command);
+  if (!m)
+    return null;
+  const tok = m[1];
+  if (tok.includes(".."))
+    return null;
+  return /^[A-Za-z0-9._\-\/]+$/.test(tok) ? tok : null;
 }
 function parseInput2(raw) {
   if (!raw || typeof raw !== "string")
@@ -50788,10 +50913,10 @@ function sweepStaleTurnActiveMarker(stateDir, opts) {
 }
 
 // ../src/build-info.ts
-var VERSION = "0.14.11";
-var COMMIT_SHA = "89d93911";
-var COMMIT_DATE = "2026-05-29T09:38:43Z";
-var LATEST_PR = 1991;
+var VERSION = "0.14.13";
+var COMMIT_SHA = "240594e9";
+var COMMIT_DATE = "2026-05-29T12:19:57Z";
+var LATEST_PR = 1996;
 var COMMITS_AHEAD_OF_TAG = 0;
 
 // gateway/boot-version.ts
@@ -52791,6 +52916,12 @@ if (inboundSpool != null) {
   }
 }
 var pendingPermissionBuffer = createPendingPermissionBuffer();
+function buildPermissionActionRow(requestId, showAlways) {
+  const kb = new import_grammy9.InlineKeyboard().text("\u274C Deny", `perm:deny:${requestId}`).text("\u2705 Allow once", `perm:allow:${requestId}`);
+  if (showAlways)
+    kb.text("\uD83D\uDD01 Always\u2026", `perm:always:${requestId}`);
+  return kb;
+}
 function dispatchPermissionVerdict(ev) {
   const selfAgent = process.env.SWITCHROOM_AGENT_NAME ?? "";
   const delivered = ipcServer.sendToAgent(selfAgent, ev);
@@ -53009,11 +53140,8 @@ var ipcServer = createIpcServer({
       description,
       agentName: _client.agentName
     });
-    const alwaysRule = resolveAlwaysAllowRule(toolName, inputPreview);
-    const keyboard = new import_grammy9.InlineKeyboard().text("See more", `perm:more:${requestId}`).text("\u2705 Allow", `perm:allow:${requestId}`).text("\u274C Deny", `perm:deny:${requestId}`);
-    if (alwaysRule != null) {
-      keyboard.row().text(`\uD83D\uDD01 Always allow ${alwaysRule.label}`, `perm:always:${requestId}`);
-    }
+    const showAlways = resolveScopedAllowChoices(toolName, inputPreview) != null;
+    const keyboard = buildPermissionActionRow(requestId, showAlways);
     const activeTurn = currentTurn;
     const permTopic = resolveAgentOutboundTopic({
       kind: "permission",
@@ -59711,7 +59839,7 @@ ${preBlock(formatSwitchroomOutput(err.message ?? "unknown error"))}`, { html: tr
     }
     return;
   }
-  const m = /^perm:(allow|deny|more|always):([a-km-z]{5})$/.exec(data);
+  const m = /^perm:(allow|deny|always|asn|asb|back):([a-km-z]{5})$/.exec(data);
   if (!m) {
     await ctx.answerCallbackQuery().catch(() => {});
     return;
@@ -59723,45 +59851,43 @@ ${preBlock(formatSwitchroomOutput(err.message ?? "unknown error"))}`, { html: tr
     return;
   }
   const [, behavior, request_id] = m;
-  if (behavior === "more") {
+  if (behavior === "always" || behavior === "back") {
     const details = pendingPermissions.get(request_id);
     if (!details) {
       await ctx.answerCallbackQuery({ text: "Details no longer available." }).catch(() => {});
       return;
     }
-    const { tool_name, description, input_preview } = details;
-    let prettyInput;
-    try {
-      prettyInput = JSON.stringify(JSON.parse(input_preview), null, 2);
-    } catch {
-      prettyInput = input_preview;
-    }
-    const expanded = `\uD83D\uDD10 Permission: ${tool_name}
-
-tool_name: ${tool_name}
-description: ${description}
-input_preview:
-${prettyInput}`;
-    const expandedRule = resolveAlwaysAllowRule(tool_name, input_preview);
-    const expandedKeyboard = new import_grammy9.InlineKeyboard().text("\u2705 Allow", `perm:allow:${request_id}`).text("\u274C Deny", `perm:deny:${request_id}`);
-    if (expandedRule != null) {
-      expandedKeyboard.row().text(`\uD83D\uDD01 Always allow ${expandedRule.label}`, `perm:always:${request_id}`);
+    let keyboard;
+    if (behavior === "back") {
+      keyboard = buildPermissionActionRow(request_id, true);
+    } else {
+      const choices = resolveScopedAllowChoices(details.tool_name, details.input_preview);
+      if (choices == null) {
+        await ctx.answerCallbackQuery({ text: "No always-allow rule for this tool." }).catch(() => {});
+        return;
+      }
+      keyboard = new import_grammy9.InlineKeyboard().text("\u2190 Back", `perm:back:${request_id}`);
+      if (choices.specific)
+        keyboard.text(choices.specific.buttonLabel, `perm:asn:${request_id}`);
+      keyboard.text(`${choices.broad.buttonLabel} \u26A0\uFE0F`, `perm:asb:${request_id}`);
     }
-    await ctx.editMessageText(expanded, { reply_markup: expandedKeyboard }).catch(() => {});
+    await ctx.editMessageReplyMarkup({ reply_markup: keyboard }).catch(() => {});
     await ctx.answerCallbackQuery().catch(() => {});
     return;
   }
-  if (behavior === "always") {
+  if (behavior === "asn" || behavior === "asb") {
     const details = pendingPermissions.get(request_id);
     if (!details) {
       await ctx.answerCallbackQuery({ text: "Details no longer available." }).catch(() => {});
       return;
     }
-    const rule = resolveAlwaysAllowRule(details.tool_name, details.input_preview);
-    if (rule == null) {
+    const choices = resolveScopedAllowChoices(details.tool_name, details.input_preview);
+    if (choices == null) {
       await ctx.answerCallbackQuery({ text: "Cannot synthesize an always-allow rule for this tool." }).catch(() => {});
       return;
     }
+    const chosen = behavior === "asn" ? choices.specific ?? choices.broad : choices.broad;
+    const grantPhrase = describeGrant(details.tool_name, details.input_preview, chosen);
     const agentName3 = process.env.SWITCHROOM_AGENT_NAME;
     if (!agentName3) {
       await ctx.answerCallbackQuery({ text: "Always-allow needs SWITCHROOM_AGENT_NAME \u2014 gateway is misconfigured." }).catch(() => {});
@@ -59772,7 +59898,7 @@ ${prettyInput}`;
       type: "permission",
       requestId: request_id,
       behavior: "allow",
-      rule: rule.rule
+      rule: chosen.rule
     });
     let durable = false;
     let legacy = false;
@@ -59783,26 +59909,26 @@ ${prettyInput}`;
       try {
         const cfgPath = process.env.SWITCHROOM_CONFIG ?? SWITCHROOM_CONFIG ?? findConfigFile2();
         const raw = readFileSync36(cfgPath, "utf8");
-        return synthesizeAllowRuleDiff({ agentName: agentName3, rule: rule.rule, configText: raw });
+        return synthesizeAllowRuleDiff({ agentName: agentName3, rule: chosen.rule, configText: raw });
       } catch (err) {
         process.stderr.write(`telegram gateway: always-allow diff synth failed: ${err.message}
 `);
         return null;
       }
     })();
-    const correlationKey = `${agentName3}::${rule.rule}`;
+    const correlationKey = `${agentName3}::${chosen.rule}`;
     try {
       if (unifiedDiff == null) {
         legacy = true;
       } else {
-        pendingAlwaysAllowCorrelations.set(correlationKey, { agentName: agentName3, rule: rule.rule, unifiedDiff, createdAt: Date.now() });
+        pendingAlwaysAllowCorrelations.set(correlationKey, { agentName: agentName3, rule: chosen.rule, unifiedDiff, createdAt: Date.now() });
         const req = {
           v: 1,
           op: "config_propose_edit",
           request_id: hostdRequestId("gw-always-allow"),
           args: {
             unified_diff: unifiedDiff,
-            reason: `Operator 'always allow' for ${rule.label}`,
+            reason: `Operator 'always allow': ${agentName3} can ${grantPhrase}`,
             target_path: "/state/config/switchroom.yaml"
           }
         };
@@ -59812,7 +59938,7 @@ ${prettyInput}`;
           legacy = true;
         } else if (resp.result === "completed") {
           durable = true;
-          process.stderr.write(`telegram gateway: always-allow durable via hostd rule="${rule.rule}" agent=${agentName3} (request_id=${request_id})
+          process.stderr.write(`telegram gateway: always-allow durable via hostd rule="${chosen.rule}" agent=${agentName3} (request_id=${request_id})
 `);
         } else {
           failReason = resp.error ?? `hostd ${resp.result}`;
@@ -59824,19 +59950,19 @@ ${prettyInput}`;
       }
       if (legacy) {
         try {
-          switchroomExec(["agent", "grant", agentName3, rule.rule, "--no-restart"]);
+          switchroomExec(["agent", "grant", agentName3, chosen.rule, "--no-restart"]);
           try {
             const cfg = loadConfig2();
             const rawAgent = cfg.agents?.[agentName3];
             if (rawAgent) {
               const resolved = resolveAgentConfig2(cfg.defaults, cfg.profiles, rawAgent);
               const allowList = resolved.tools?.allow ?? [];
-              if (isRulePersisted(allowList, rule.rule)) {
+              if (isRulePersisted(allowList, chosen.rule)) {
                 durable = true;
-                process.stderr.write(`telegram gateway: always-allow added rule="${rule.rule}" agent=${agentName3} via legacy grant (request_id=${request_id})
+                process.stderr.write(`telegram gateway: always-allow added rule="${chosen.rule}" agent=${agentName3} via legacy grant (request_id=${request_id})
 `);
               } else {
-                failReason = `rule "${rule.rule}" not found in resolved tools.allow after write \u2014 config location may have drifted`;
+                failReason = `rule "${chosen.rule}" not found in resolved tools.allow after write \u2014 config location may have drifted`;
                 process.stderr.write(`telegram gateway: always-allow VERIFY FAILED: ${failReason} (request_id=${request_id})
 `);
               }
@@ -59861,10 +59987,10 @@ ${prettyInput}`;
     }
     const ok = durable;
     const legacyNote = legacy && durable;
-    const ackText = ok ? legacyNote ? `\uD83D\uDD01 Always allow ${rule.label} for ${agentName3} (legacy path)` : `\uD83D\uDD01 Always allow ${rule.label} for ${agentName3}` : editLockHint ? `\u26A0\uFE0F Allowed for now \u2014 config edits are locked. Enable hostd.config_edit_enabled.` : `\u26A0\uFE0F Allowed for now, but "always" did NOT save \u2014 it will ask again after restart. Check gateway log.`;
+    const ackText = ok ? legacyNote ? `\u2705 Saved. ${agentName3} can now ${grantPhrase} without asking (legacy path).` : `\u2705 Saved. ${agentName3} can now ${grantPhrase} without asking.` : editLockHint ? `\u26A0\uFE0F Allowed for now \u2014 config edits are locked. Enable hostd.config_edit_enabled.` : `\u26A0\uFE0F Allowed for now, but "always" did NOT save \u2014 it will ask again after restart. Check gateway log.`;
     const sourceMsg = ctx.callbackQuery?.message;
     const baseText2 = sourceMsg && "text" in sourceMsg && sourceMsg.text ? escapeHtmlForTg(sourceMsg.text) : "";
-    const editLabel = ok ? legacyNote ? `\uD83D\uDD01 <b>Always allow ${escapeHtmlForTg(rule.label)}</b> for ${escapeHtmlForTg(agentName3)} \u2014 saved (legacy path); restart agent for full effect` : `\uD83D\uDD01 <b>Always allow ${escapeHtmlForTg(rule.label)}</b> for ${escapeHtmlForTg(agentName3)} \u2014 saved; restart agent for full effect` : editLockHint ? `\u26A0\uFE0F <b>Allowed for now \u2014 "always" did NOT save.</b> Config edits are locked; enable <code>hostd.config_edit_enabled</code>.` : `\u26A0\uFE0F <b>Allowed for now \u2014 "always" did NOT save.</b> It will ask again after restart. Check gateway log.`;
+    const editLabel = ok ? legacyNote ? `\u2705 <b>${escapeHtmlForTg(agentName3)} can now ${escapeHtmlForTg(grantPhrase)}</b> without asking (legacy path); restart agent for full effect` : `\u2705 <b>${escapeHtmlForTg(agentName3)} can now ${escapeHtmlForTg(grantPhrase)}</b> without asking; restart agent for full effect` : editLockHint ? `\u26A0\uFE0F <b>Allowed for now \u2014 "always" did NOT save.</b> Config edits are locked; enable <code>hostd.config_edit_enabled</code>.` : `\u26A0\uFE0F <b>Allowed for now \u2014 "always" did NOT save.</b> It will ask again after restart. Check gateway log.`;
     await finalizeCallback(ctx, {
       ackText: ackText.slice(0, 200),
       newText: baseText2 ? `${baseText2}