switchroom 0.14.9 → 0.14.11

package/telegram-plugin/gateway/boot-card.ts

@@ -625,17 +625,21 @@ export async function startBootCard(
     ...(opts.updateOutcomeLine ? { updateOutcomeLine: opts.updateOutcomeLine } : {}),
   })
 
-  // Silence the notification for operator-initiated redeploys. A
-  // routine `switchroom update` should land in the chat as a record
-  // but not buzz every user's phone — every agent posts a card, so
-  // a fleet update with N agents produces N notifications otherwise.
-  // We key on the reason-text prefix `operator:` (today only
-  // `operator: switchroom update` writes this) so user-initiated
-  // restarts (`user: /restart from chat`, `cli: switchroom restart`)
-  // and unplanned events (crash, fresh, planned-marker) keep their
-  // normal notification behaviour — the user explicitly asked for
-  // those, or they need to know something went wrong.
-  const silentBootCard = opts.restartReasonDetail?.startsWith('operator:') === true
+  // Boot cards are ALWAYS delivered silently (no Telegram
+  // notification). They land in the chat as a record — the operator
+  // can scroll up to see "✅ <agent> back up · vX.Y.Z" — but they
+  // never buzz a phone. Rationale: every agent posts a card on every
+  // restart, so a fleet redeploy of N agents produced N notifications;
+  // even a single user `/restart` or a crash-recovery is a status
+  // record, not something that should pull attention. Operator
+  // decision (2026-05-29): silence them all, unconditionally.
+  //
+  // Previously this was keyed on the `operator:` reason-detail prefix
+  // (only routine `switchroom update` was silent); user `/restart`,
+  // `cli: switchroom restart` rollouts, crashes, and fresh boots all
+  // still notified. That distinction is gone — the card is the record,
+  // the chat is where you look, and nothing here warrants a push.
+  const silentBootCard = true
 
   let messageId: number
   try {

package/telegram-plugin/gateway/gateway.ts

@@ -263,6 +263,8 @@ import { formatUpdateStatusLine } from './update-status-line.js'
 import type { HostdRequest } from '../../src/host-control/protocol.js'
 import type { AgentAudit } from '../welcome-text.js'
 import { shouldSweepChatAtBoot } from './boot-sweep-filter.js'
+import { startWebhookIngestServer } from './webhook-ingest-server.js'
+import { recordWebhookEvent } from '../../src/web/webhook-gateway-record.js'
 
 import { createIpcServer, type IpcClient, type IpcServer } from './ipc-server.js'
 import { handleRequestDriveApproval } from './drive-write-approval.js'
@@ -3405,11 +3407,13 @@ function ensureIssuesCard(chatId: string, threadId: number | undefined): void {
 }
 
 // #1122: framework safety-net for "model is silent to the user for >5min."
-// Starts a single setInterval poll that walks active turns and arms
-// soft/firm poke reminders piggybacked on the next tool result. At 300s
-// the framework itself sends a user-visible "still working… / still
-// thinking…" message. Honours SWITCHROOM_DISABLE_SILENCE_POKE=1 kill
-// switch (no-op if set).
+// Starts a single setInterval poll that walks active turns; at 300s of
+// silence the framework itself sends a user-visible "still working… /
+// still thinking…" message AND unwedges the turn. The model-targeted
+// nudge ladder (ack/soft/firm) and the 60s awareness ping were retired
+// once the live-updating reply/draft took over the pacing job — only
+// this single unwedge fallback remains. Honours
+// SWITCHROOM_DISABLE_SILENCE_POKE=1 kill switch (no-op if set).
 // Set when this gateway dispatches an `update_apply` to hostd that
 // returns `started`; cleared when the dispatch poll resolves (terminal
 // / not-configured / timeout). While set, the framework silence
@@ -3423,43 +3427,6 @@ silencePoke.startTimer({
     // Re-emit through the unified runtime-metrics fan-out (PostHog + JSONL).
     emitRuntimeMetric(event)
   },
-  onAwarenessPing: async (ctx) => {
-    // Early framework-owned awareness signal (~60s) so the user never
-    // faces a silent chat while the model is busy / held / thinking.
-    // Distinct from the 300s onFrameworkFallback: fires earlier, sends
-    // a SILENT message (disable_notification: true — ambient liveness,
-    // not a device buzz), and is bounded to ONE per turn by the silence-
-    // poke module's `awarenessPingFired` flag. Reuses
-    // `formatFrameworkFallbackText` so the wording stays consistent and
-    // in-flight tools are named when known. If the model has been
-    // silent long enough to cross 300s, the heavier framework_fallback
-    // escalates with a notification.
-    //
-    // Late-fire guard mirrors the framework_fallback handler: skip if
-    // the turn ended cleanly between the silence-poke arming and this
-    // timer-fired handler so we don't talk over a clean response.
-    if (activeTurnStartedAt.get(ctx.key) == null && currentTurn == null) {
-      return
-    }
-    const text = silencePoke.formatFrameworkFallbackText(
-      ctx.fallbackKind,
-      ctx.silenceMs,
-      ctx.inFlightTools,
-    )
-    try {
-      await robustApiCall(
-        () => bot.api.sendMessage(ctx.chatId, text, {
-          ...(ctx.threadId != null ? { message_thread_id: ctx.threadId } : {}),
-          disable_notification: true,
-        }),
-        { chat_id: ctx.chatId, ...(ctx.threadId != null ? { threadId: ctx.threadId } : {}) },
-      )
-    } catch (err) {
-      process.stderr.write(
-        `silence-poke awareness-ping sendMessage failed chat=${ctx.chatId} thread=${ctx.threadId}: ${err}\n`,
-      )
-    }
-  },
   onFrameworkFallback: async (ctx) => {
     // Late-fire short-circuit (2026-05-23 audit finding). The fallback
     // can race a clean turn-end: the model's actual reply lands inside
@@ -4050,25 +4017,6 @@ const ipcServer: IpcServer = createIpcServer({
     process.stderr.write(`telegram gateway: ipc: tool_call tool=${msg.tool} agent=${client.agentName ?? '-'} clientId=${client.id ?? '-'} callId=${msg.id}\n`)
     try {
       const result = await executeToolCall(msg.tool, msg.args)
-      // #1122 silence-poke chokepoint: piggyback any armed poke onto the
-      // tool result's content text. The model sees the [silence-poke]
-      // system-reminder block as part of the next conversational turn.
-      // No-op when nothing is armed (the common case) — cost is one
-      // map iteration over <=N active turns (typically 1).
-      const reminder = silencePoke.consumeArmedPoke()
-      if (reminder != null && result != null && typeof result === 'object') {
-        const r = result as { content?: Array<{ type: string; text: string }> }
-        if (Array.isArray(r.content) && r.content.length > 0 && r.content[0]!.type === 'text') {
-          r.content[0]!.text = `${r.content[0]!.text}\n\n<system-reminder>\n${reminder}\n</system-reminder>`
-        } else {
-          // Tool result didn't carry a text block to wrap — re-shape so
-          // the reminder still reaches the model.
-          r.content = [
-            ...(Array.isArray(r.content) ? r.content : []),
-            { type: 'text', text: `<system-reminder>\n${reminder}\n</system-reminder>` },
-          ]
-        }
-      }
       return { type: 'tool_call_result', id: msg.id, success: true, result }
     } catch (err) {
       return {
@@ -4092,17 +4040,13 @@ const ipcServer: IpcServer = createIpcServer({
     progressDriver?.ingest(ev, chatHint, threadHint)
     handleSessionEvent(ev)
     // #1122 silence-poke: surface activity signals from the session
-    // stream so the fallback message wording is honest and so
-    // subagent-dispatch waits don't fire spurious soft pokes.
+    // stream so the 300s framework-fallback message wording is honest
+    // (thinking vs working, plus the longest-running in-flight tool).
     if (currentTurn != null) {
       const key = statusKey(currentTurn.sessionChatId, currentTurn.sessionThreadId)
       if (ev.kind === 'thinking') {
         silencePoke.noteThinking(key, Date.now())
       } else if (ev.kind === 'tool_use') {
-        if (ev.toolName === 'Task' || ev.toolName === 'Agent') {
-          // Built-in claude sub-agent dispatch — extends soft threshold to 5min.
-          silencePoke.noteSubagentDispatch(key)
-        }
         // #1292: track in-flight tool calls so the 300s framework
         // fallback message can name the actual observable (e.g.
         // "running Grep \"foo\" for 4m") instead of the dishonest
@@ -4652,6 +4596,89 @@ const ipcServer: IpcServer = createIpcServer({
   log: (msg) => process.stderr.write(`telegram gateway: ipc — ${msg}\n`),
 })
 
+// ─── Webhook ingest server (RFC webhook-via-gateway-socket) ───────────────
+// Under the Docker runtime the host-side web receiver runs as the operator
+// UID and cannot write this agent's UID-owned dir (EACCES 500) nor connect
+// gateway.sock. When `channels.telegram.webhook_via_gateway` is set, the
+// receiver instead forwards verified+rendered events here over a dedicated
+// peercred-gated UDS; this gateway (agent UID) owns the jsonl append,
+// dedup, and dispatch firing. Wrapped so any failure is best-effort and can
+// NEVER crash gateway boot (which would take the agent down).
+;(() => {
+  try {
+    const selfAgent = process.env.SWITCHROOM_AGENT_NAME ?? ''
+    if (!selfAgent) return
+
+    let viaGateway = false
+    try {
+      const cfg = loadSwitchroomConfig()
+      const raw = cfg.agents?.[selfAgent]
+      viaGateway = raw
+        ? resolveAgentConfig(cfg.defaults, cfg.profiles, raw).channels?.telegram
+            ?.webhook_via_gateway === true
+        : false
+    } catch (err) {
+      process.stderr.write(
+        `telegram gateway: webhook-ingest config probe failed: ${(err as Error).message}\n`,
+      )
+    }
+    if (!viaGateway) return
+
+    // Allowed peer UIDs: the agent's own UID (self-connections) + the
+    // operator/receiver UID emitted into the env by the compose generator
+    // (SWITCHROOM_WEBHOOK_RECEIVER_UID == operatorUid). Fail-closed: if the
+    // receiver UID is unset, only self can connect → receiver gets 503,
+    // surfacing the misconfiguration instead of silently accepting any UID.
+    const allowedUids: number[] = []
+    const ownUid = typeof process.getuid === 'function' ? process.getuid() : null
+    if (ownUid !== null) allowedUids.push(ownUid)
+    const receiverUidRaw = process.env.SWITCHROOM_WEBHOOK_RECEIVER_UID
+    const receiverUid = receiverUidRaw ? Number(receiverUidRaw) : NaN
+    if (Number.isInteger(receiverUid)) allowedUids.push(receiverUid)
+
+    const socketPath = join(STATE_DIR, 'webhook.sock')
+
+    // In-process delivery of a synthesized webhook turn — the same
+    // sendToAgent + buffer-on-failure primitive onInjectInbound uses, so a
+    // webhook fire landing mid bridge-reconnect is buffered, not dropped.
+    const webhookInject = (agentName: string, inbound: unknown): boolean => {
+      // The wire record is a structural mirror of the bridge's
+      // InboundMessage (same cast the scheduler's ipcDispatcher uses).
+      const msg = inbound as InboundMessage
+      const delivered = ipcServer.sendToAgent(agentName, msg)
+      if (delivered) markClaudeBusyForInbound(msg)
+      else pendingInboundBuffer.push(agentName, msg)
+      return delivered
+    }
+
+    startWebhookIngestServer({
+      socketPath,
+      allowedUids,
+      log: (s) => process.stderr.write(`telegram gateway: ${s}`),
+      onRecord: (req) =>
+        recordWebhookEvent(
+          {
+            agent: selfAgent,
+            source: req.source,
+            event_type: req.event_type,
+            ts: req.ts,
+            rendered_text: req.rendered_text,
+            payload: req.payload,
+            ...(req.delivery_id ? { delivery_id: req.delivery_id } : {}),
+          },
+          {
+            inject: webhookInject,
+            log: (s) => process.stderr.write(`telegram gateway: ${s}`),
+          },
+        ),
+    })
+  } catch (err) {
+    process.stderr.write(
+      `telegram gateway: webhook-ingest server start failed (non-fatal): ${(err as Error).message}\n`,
+    )
+  }
+})()
+
 // ─── Opportunistic idle-drain of pendingInboundBuffer ─────────────────────
 // pendingInboundBuffer otherwise drains only on (a) bridge re-register
 // (onClientRegistered) or (b) the silence-poke framework fallback

package/telegram-plugin/gateway/webhook-ingest-server.test.ts

@@ -0,0 +1,125 @@
+/**
+ * Tests for the peercred-gated webhook ingest UDS server
+ * (RFC docs/rfcs/webhook-via-gateway-socket.md).
+ *
+ * MUST run under `bun test`: the peer-credential gate calls
+ * `getPeerCred` (bun:ffi getsockopt SO_PEERCRED), which returns null
+ * under node/vitest — so the allow path is only exercisable under bun.
+ * This file is excluded from the vitest run (see vitest.config.ts) and
+ * listed in the `test:bun` / `test` scripts in package.json.
+ *
+ * Sockets live in an isolated tmpdir — never `~/.switchroom`.
+ */
+
+import { describe, it, expect, afterEach } from 'bun:test'
+import net from 'node:net'
+import { mkdtempSync } from 'node:fs'
+import { tmpdir } from 'node:os'
+import { join } from 'node:path'
+import {
+  startWebhookIngestServer,
+  type WebhookIngestServer,
+  type WebhookIngestRequest,
+} from './webhook-ingest-server.js'
+import { forwardToGateway } from '../../src/web/webhook-ingest-client.js'
+
+const servers: WebhookIngestServer[] = []
+afterEach(() => {
+  for (const s of servers.splice(0)) s.close()
+})
+
+function tmpSocket(): string {
+  const dir = mkdtempSync(join(tmpdir(), 'webhook-ingest-srv-'))
+  return join(dir, 'webhook.sock')
+}
+
+function sampleReq(): WebhookIngestRequest {
+  return {
+    agent: 'reggie',
+    source: 'github',
+    event_type: 'pull_request',
+    ts: 1_700_000_000_000,
+    rendered_text: 'PR opened',
+    payload: { action: 'opened', number: 7 },
+    delivery_id: 'd-7',
+  }
+}
+
+describe('startWebhookIngestServer (peercred-gated)', () => {
+  it('accepts a connection from an allowed uid and round-trips onRecord', async () => {
+    const socketPath = tmpSocket()
+    let received: WebhookIngestRequest | null = null
+    const server = startWebhookIngestServer({
+      socketPath,
+      allowedUids: [process.getuid!()], // our own uid → allowed
+      onRecord: (req) => {
+        received = req
+        return { status: 'ok', ts: req.ts, dispatched: 1 }
+      },
+      log: () => {},
+    })
+    servers.push(server)
+
+    const resp = await forwardToGateway(socketPath, sampleReq())
+
+    expect(resp).not.toBeNull()
+    expect(resp!.status).toBe('ok')
+    expect(resp!.ts).toBe(1_700_000_000_000)
+    expect(resp!.dispatched).toBe(1)
+    expect(received).not.toBeNull()
+    expect(received!.agent).toBe('reggie')
+    expect(received!.event_type).toBe('pull_request')
+    expect(received!.delivery_id).toBe('d-7')
+  })
+
+  it('denies a connection whose uid is not in allowedUids (onRecord never runs)', async () => {
+    const socketPath = tmpSocket()
+    let called = false
+    const server = startWebhookIngestServer({
+      socketPath,
+      allowedUids: [999_999], // definitely not our uid
+      onRecord: () => {
+        called = true
+        return { status: 'ok' }
+      },
+      log: () => {},
+    })
+    servers.push(server)
+
+    // The server destroys the connection in its accept callback BEFORE
+    // reading any bytes, so onRecord must never run. We assert the
+    // security property (no service for an unlisted uid) directly rather
+    // than via the client resolving: bun's net client does not observe a
+    // server-side destroy of a just-accepted UDS connection promptly, so
+    // awaiting forwardToGateway here would hang. Send raw bytes and give
+    // the server ample time to (not) process them.
+    const raw = net.createConnection(socketPath)
+    raw.on('connect', () => raw.write(JSON.stringify(sampleReq()) + '\n'))
+    raw.on('error', () => {})
+    await new Promise((r) => setTimeout(r, 300))
+    raw.destroy()
+
+    expect(called).toBe(false)
+  })
+
+  it('returns null when the socket does not exist (gateway down)', async () => {
+    const socketPath = tmpSocket() // never bound
+    const resp = await forwardToGateway(socketPath, sampleReq(), { timeoutMs: 2000 })
+    expect(resp).toBeNull()
+  })
+
+  it('surfaces a gateway-side error status from onRecord', async () => {
+    const socketPath = tmpSocket()
+    const server = startWebhookIngestServer({
+      socketPath,
+      allowedUids: [process.getuid!()],
+      onRecord: () => ({ status: 'error', error: 'write failed' }),
+      log: () => {},
+    })
+    servers.push(server)
+
+    const resp = await forwardToGateway(socketPath, sampleReq())
+    expect(resp).not.toBeNull()
+    expect(resp!.status).toBe('error')
+  })
+})

package/telegram-plugin/gateway/webhook-ingest-server.ts

@@ -0,0 +1,218 @@
+/**
+ * Webhook ingest UDS server (RFC docs/rfcs/webhook-via-gateway-socket.md).
+ *
+ * A dedicated, peercred-gated Unix socket the host-side web receiver
+ * forwards verified webhook events to. It is deliberately SEPARATE from
+ * the bridge IPC socket (`gateway.sock`):
+ *
+ *   - `gateway.sock` is bound via `Bun.listen`, whose accepted socket does
+ *     NOT expose a file descriptor — so SO_PEERCRED can't be read on it.
+ *     This server uses `node:net` (whose `Socket._handle.fd` IS readable
+ *     under Bun, verified empirically) precisely so the peer-credential
+ *     gate works.
+ *   - Keeping the chat-critical bridge socket untouched avoids any risk to
+ *     the bridge-flap-sensitive reconnect path.
+ *
+ * Auth model — two independent layers:
+ *   1. **Filesystem**: the socket is chmod 0o666 so the host operator UID
+ *      can connect at all (the agent dir itself is 0775/agent-UID, which
+ *      blocks the operator from writing files but not from connecting a
+ *      world-connectable socket).
+ *   2. **Peer credentials**: every connection's SO_PEERCRED UID must be in
+ *      `allowedUids` (the agent's own UID + the operator/receiver UID).
+ *      This is the load-bearing gate: it ensures only the trusted receiver
+ *      (which enforces per-event HMAC) — or the agent itself — can inject a
+ *      webhook turn. Fail-closed: unreadable creds or an unlisted UID is
+ *      denied.
+ *
+ * Wire protocol: one JSON line in (`WebhookIngestRequest`), one JSON line
+ * out (`WebhookIngestResponse`), then the connection closes. No framing
+ * beyond the trailing newline; requests are small (a rendered event +
+ * payload).
+ */
+
+import net from 'node:net'
+import { chmodSync, existsSync, unlinkSync } from 'node:fs'
+import { getPeerCred } from '../../src/vault/broker/peercred-ffi.js'
+
+/** Forwarded by the receiver; structural mirror of WebhookGatewayRecord. */
+export interface WebhookIngestRequest {
+  agent: string
+  source: string
+  event_type: string
+  ts: number
+  rendered_text: string
+  payload: Record<string, unknown>
+  delivery_id?: string
+}
+
+export interface WebhookIngestResponse {
+  status: 'ok' | 'deduped' | 'error'
+  ts?: number
+  error?: string
+  dispatched?: number
+}
+
+export interface WebhookIngestServerOptions {
+  socketPath: string
+  /** SO_PEERCRED UIDs permitted to inject. Connections from any other UID
+   *  (or with unreadable creds) are denied and the socket destroyed. */
+  allowedUids: number[]
+  /** Handle one verified, forwarded event. Synchronous return (the record
+   *  path is file I/O + an in-process inject) wrapped in Promise for the
+   *  server's await. */
+  onRecord: (req: WebhookIngestRequest) => WebhookIngestResponse | Promise<WebhookIngestResponse>
+  log?: (line: string) => void
+}
+
+export interface WebhookIngestServer {
+  close: () => void
+}
+
+const MAX_REQUEST_BYTES = 1024 * 1024 // 1 MiB — github payloads fit easily
+
+/** Read the accepted connection's fd via the undocumented `_handle.fd`.
+ *  Under Bun's node:net polyfill this is present (verified); returns null
+ *  if absent so the caller fails closed. */
+function fdOf(conn: net.Socket): number | null {
+  const handle = (conn as unknown as { _handle?: { fd?: number } })._handle
+  if (!handle || typeof handle.fd !== 'number' || handle.fd < 0) return null
+  return handle.fd
+}
+
+/**
+ * Start the webhook ingest server. Never throws — bind failures are logged
+ * and surfaced via the returned server still being usable as a no-op close.
+ * The CALLER (gateway boot) additionally wraps this so a failure here can
+ * never take the agent down; this function's own try/catch is belt-and-
+ * suspenders.
+ */
+export function startWebhookIngestServer(
+  opts: WebhookIngestServerOptions,
+): WebhookIngestServer {
+  const log = opts.log ?? ((s) => process.stderr.write(s))
+  const allowed = new Set(opts.allowedUids)
+
+  // Clear a stale socket from a previous (crashed) gateway. Safe: only this
+  // agent's gateway binds this path, and we're about to rebind it.
+  try {
+    if (existsSync(opts.socketPath)) unlinkSync(opts.socketPath)
+  } catch (err) {
+    log(`webhook-ingest-server: could not unlink stale socket: ${(err as Error).message}\n`)
+  }
+
+  const server = net.createServer((conn) => {
+    // ── Peer-credential gate (fail-closed) ──────────────────────────────────
+    const fd = fdOf(conn)
+    const cred = fd !== null ? getPeerCred(fd) : null
+    if (cred === null || !allowed.has(cred.uid)) {
+      log(
+        `webhook-ingest-server: DENY connection uid=${cred?.uid ?? 'unknown'} ` +
+          `(allowed=${[...allowed].join(',')})\n`,
+      )
+      conn.destroy()
+      return
+    }
+
+    let buf = ''
+    let handled = false
+    conn.setEncoding('utf8')
+
+    const reply = (resp: WebhookIngestResponse) => {
+      if (handled) return
+      handled = true
+      try {
+        conn.write(JSON.stringify(resp) + '\n')
+      } catch {
+        /* peer may have hung up */
+      }
+      conn.end()
+    }
+
+    conn.on('data', (chunk: string) => {
+      if (handled) return
+      buf += chunk
+      if (buf.length > MAX_REQUEST_BYTES) {
+        reply({ status: 'error', error: 'request too large' })
+        return
+      }
+      const nl = buf.indexOf('\n')
+      if (nl === -1) return // wait for the full line
+      const line = buf.slice(0, nl)
+
+      let req: WebhookIngestRequest
+      try {
+        req = JSON.parse(line) as WebhookIngestRequest
+      } catch {
+        reply({ status: 'error', error: 'malformed request' })
+        return
+      }
+      if (
+        !req ||
+        typeof req.agent !== 'string' ||
+        typeof req.source !== 'string' ||
+        typeof req.event_type !== 'string' ||
+        typeof req.rendered_text !== 'string' ||
+        typeof req.payload !== 'object' ||
+        req.payload === null
+      ) {
+        reply({ status: 'error', error: 'invalid request shape' })
+        return
+      }
+
+      Promise.resolve()
+        .then(() => opts.onRecord(req))
+        .then((resp) => reply(resp))
+        .catch((err: unknown) => {
+          log(`webhook-ingest-server: onRecord threw: ${String(err)}\n`)
+          reply({ status: 'error', error: 'internal error' })
+        })
+    })
+
+    conn.on('error', (err) => {
+      log(`webhook-ingest-server: conn error: ${err.message}\n`)
+    })
+
+    // Drop slow/idle clients so a stuck connection can't pin the socket.
+    conn.setTimeout(10_000, () => {
+      if (!handled) reply({ status: 'error', error: 'timeout' })
+      conn.destroy()
+    })
+  })
+
+  server.on('error', (err) => {
+    log(`webhook-ingest-server: server error: ${err.message}\n`)
+  })
+
+  try {
+    server.listen(opts.socketPath, () => {
+      try {
+        // World-connectable at the FS layer; peercred is the real gate.
+        chmodSync(opts.socketPath, 0o666)
+      } catch (err) {
+        log(`webhook-ingest-server: chmod failed: ${(err as Error).message}\n`)
+      }
+      log(
+        `webhook-ingest-server: listening at ${opts.socketPath} ` +
+          `(allowed uids: ${[...allowed].join(',')})\n`,
+      )
+    })
+  } catch (err) {
+    log(`webhook-ingest-server: listen failed: ${(err as Error).message}\n`)
+  }
+
+  return {
+    close: () => {
+      try {
+        server.close()
+      } catch {
+        /* ignore */
+      }
+      try {
+        if (existsSync(opts.socketPath)) unlinkSync(opts.socketPath)
+      } catch {
+        /* ignore */
+      }
+    },
+  }
+}

package/telegram-plugin/runtime-metrics.ts

@@ -19,7 +19,6 @@
 import { existsSync, mkdirSync, appendFileSync } from 'node:fs'
 import { dirname, join } from 'node:path'
 import { captureEvent } from './analytics-posthog.js'
-import type { PokeLevel } from './silence-poke.js'
 
 export type RuntimeMetricEvent =
   /**
@@ -63,40 +62,14 @@ export type RuntimeMetricEvent =
       ended_via: 'reply' | 'stream_reply_done' | 'silent' | 'forced' | 'framework_fallback'
     }
   /**
-   * Framework safety-net: a silence-poke was armed. `ack` is the early
-   * (~10s) ack-budget poke — the model has sent NOTHING this turn and is
-   * leaving the user on a silent chat. `soft` (75s) / `firm` (180s) are
-   * the silence-since-last-outbound ladder. The system-reminder appended
-   * to the next tool result nudges the model to send an update. Doubles
-   * as a design-health signal — if these fire frequently, the
-   * conversational-pacing prompt isn't doing its job.
-   */
-  | {
-      kind: 'silence_poke_fired'
-      key: string
-      level: PokeLevel
-      silence_ms: number
-      subagent_wait: boolean
-    }
-  /**
-   * The model sent an outbound message within the success window
-   * (default 15s) after a poke fired. Pair with `silence_poke_fired`
-   * to compute success rate — the design target is >80%. (`ack`-level
-   * success is not currently emitted — the ack poke sits outside the
-   * `pokesFired` ladder noteOutbound measures against; the type admits
-   * `ack` only so the silence-poke metric union stays assignable.)
-   */
-  | {
-      kind: 'silence_poke_succeeded'
-      key: string
-      level: PokeLevel
-      latency_ms: number
-    }
-  /**
-   * Last-resort: 5 minutes silent, the framework itself sent a
-   * user-visible "still working… / still thinking…" message. Should
-   * be rare (target <5 per 1000 turns); a high rate means the model
-   * is genuinely stuck or the soft/firm pokes aren't being honoured.
+   * Last-resort safety net: 5 minutes silent, the framework itself sent
+   * a user-visible "still working… / still thinking…" message AND
+   * unwedged the turn (cleared activeTurnStartedAt, nulled currentTurn,
+   * drained buffered inbound). Should be rare (target <5 per 1000 turns);
+   * a high rate means turns are genuinely getting stuck. This is the only
+   * remaining framework safety-net signal — the model-targeted nudge
+   * ladder (ack/soft/firm) and the 60s awareness ping were retired once
+   * the live-updating reply/draft took over the pacing job.
    */
   | {
       kind: 'silence_fallback_sent'
@@ -104,23 +77,6 @@ export type RuntimeMetricEvent =
       fallback_kind: 'working' | 'thinking'
       silence_ms: number
     }
-  /**
-   * Awareness ping (~60s, default): framework-owned user-visible
-   * "still working… / still thinking…" message sent BEFORE the 300s
-   * fallback so the user never faces a silent chat for the full 5
-   * minutes. Silent (no device ping); one-shot per turn; suppressed
-   * by any outbound or sub-agent dispatch. A high rate is the
-   * diagnostic signal that frequent silences exist (held-inbound,
-   * extended-thinking, slow startup), and the rate of the heavier
-   * silence_fallback_sent that still follows tells us how many of
-   * those escalate all the way to 5 min.
-   */
-  | {
-      kind: 'awareness_ping_sent'
-      key: string
-      fallback_kind: 'working' | 'thinking'
-      silence_ms: number
-    }
   /**
    * #1445 cross-turn pending-async ambient lifecycle. `started` fires
    * when a turn ends with a captured anchor AND a pending Agent/Task/