switchroom 0.14.90 → 0.14.92

package/dist/vault/approvals/kernel-server.js

@@ -11277,7 +11277,7 @@ var init_dist = __esm(() => {
 });
 
 // src/config/schema.ts
-var CodeRepoEntrySchema, AgentBindMountSchema, ScheduleEntrySchema, AgentSoulSchema, AgentToolsSchema, AgentMemorySchema, HookEntrySchema, AgentHooksSchema, SubagentSchema, SessionSchema, SessionContinuitySchema, TelegramChannelSchema, ChannelsSchema, TIMEZONE_REGEX, ApproverIdSchema, GoogleWorkspaceTierSchema, GoogleWorkspaceConfigSchema, MicrosoftWorkspaceConfigSchema, NotionWorkspaceConfigSchema, AgentGoogleWorkspaceConfigSchema, AgentMicrosoftWorkspaceConfigSchema, AgentNotionWorkspaceConfigSchema, ReactionsSchema, ReleaseBlock, NetworkIsolationSchema, profileFields, ProfileSchema, _omitExtends, defaultsFields, AgentDefaultsSchema, AgentSchema, TelegramConfigSchema, MemoryBackendConfigSchema, VaultConfigSchema, QuotaConfigSchema, AutoReleaseCheckSchema, HostControlConfigSchema, WebServiceConfigSchema, HostdConfigSchema, SwitchroomConfigSchema;
+var CodeRepoEntrySchema, AgentBindMountSchema, HttpDiffPollSchema, TelegramReactionsPollSchema, PollSpecSchema, ScheduleEntrySchema, AgentSoulSchema, AgentToolsSchema, AgentMemorySchema, HookEntrySchema, AgentHooksSchema, SubagentSchema, SessionSchema, SessionContinuitySchema, TelegramChannelSchema, ChannelsSchema, TIMEZONE_REGEX, ApproverIdSchema, GoogleWorkspaceTierSchema, GoogleWorkspaceConfigSchema, MicrosoftWorkspaceConfigSchema, NotionWorkspaceConfigSchema, AgentGoogleWorkspaceConfigSchema, AgentMicrosoftWorkspaceConfigSchema, AgentNotionWorkspaceConfigSchema, ReactionsSchema, ReleaseBlock, NetworkIsolationSchema, profileFields, ProfileSchema, _omitExtends, defaultsFields, AgentDefaultsSchema, AgentSchema, TelegramConfigSchema, MemoryBackendConfigSchema, VaultConfigSchema, QuotaConfigSchema, AutoReleaseCheckSchema, HostControlConfigSchema, WebServiceConfigSchema, HostdConfigSchema, CronEgressSchema, CronConfigSchema, SwitchroomConfigSchema;
 var init_schema = __esm(() => {
   init_zod();
   CodeRepoEntrySchema = exports_external.object({
@@ -11290,15 +11290,54 @@ var init_schema = __esm(() => {
     target: exports_external.string().optional().describe("Container path the source mounts to. Must be absolute. Defaults to " + "the same path as `source` (matches switchroom's existing dual-mount " + "convention so absolute paths in scaffolded scripts Just Work)."),
     mode: exports_external.enum(["ro", "rw"]).optional().describe("Read-only (default) or read-write. Use `rw` only when the agent " + "must mutate the host path (e.g. editing switchroom source). " + "Default: 'ro'.")
   });
+  HttpDiffPollSchema = exports_external.object({
+    type: exports_external.literal("http-diff"),
+    url: exports_external.string().url().describe("Poll target. Host MUST match the operator egress allowlist (§6.1) — " + "loopback/private/link-local/non-https are rejected; the IP is " + "resolve-then-pinned against DNS-rebind. Not agent-writable without " + "operator commit."),
+    method: exports_external.enum(["GET", "POST"]).default("GET"),
+    headers: exports_external.record(exports_external.string()).optional(),
+    secrets: exports_external.array(exports_external.string().regex(/^[a-zA-Z0-9_\-/]+$/, "Secret key names must contain only alphanumeric characters, underscores, hyphens, and forward slashes")).default([]).describe("Vault keys this poll may inject into request headers. Each is " + "HOST-PINNED (§6.1): a secret may only be sent to the host it is bound " + "to in operator config, so an approved poll cannot exfil it elsewhere."),
+    diff_jsonpath: exports_external.string().describe("JSONPath into the response; the extracted value is compared to state_key."),
+    state_key: exports_external.string().describe("Key under /state/agent/poll-state.json holding the last-seen value.")
+  });
+  TelegramReactionsPollSchema = exports_external.object({
+    type: exports_external.literal("telegram-reactions"),
+    chat_id: exports_external.union([exports_external.string().min(1), exports_external.number().int()]).describe("Chat to scan for reactions (model-free internal gateway query)."),
+    emoji: exports_external.string().min(1).describe("Reaction emoji that marks a message for capture (e.g. \uD83D\uDC68‍\uD83D\uDCBB)."),
+    lookback: exports_external.number().int().positive().max(200).default(40),
+    state_key: exports_external.string().describe("Key under poll-state.json holding the last-processed message id.")
+  });
+  PollSpecSchema = exports_external.discriminatedUnion("type", [
+    HttpDiffPollSchema,
+    TelegramReactionsPollSchema
+  ]);
   ScheduleEntrySchema = exports_external.object({
     cron: exports_external.string().describe("Cron expression (e.g., '0 8 * * *')"),
-    prompt: exports_external.string().describe("Prompt to send at the scheduled time"),
-    model: exports_external.string().optional().describe("DEPRECATED / IGNORED. Pre-v0.8 the singleton scheduler ran each " + "task as an isolated headless invocation and could set --model per " + "task. Post cron-fold-in (v0.8) the fire is injected into the agent's " + "running session, so it always uses the agent's configured model " + "— this field has no effect. Accepted (optional) only so existing " + "configs keep validating; set the model at the agent level instead. " + "See docs/scheduling.md."),
+    prompt: exports_external.string().describe("Prompt to send at the scheduled time (the escalation prompt when kind=poll; templated with {{diff}})."),
+    kind: exports_external.enum(["poll", "prompt"]).optional().describe("Tier-0 routing (docs/rfcs/cheap-cron-sessions.md). 'prompt' (default) " + "fires a model turn every tick (Tier 1/2 per `context`). 'poll' runs a " + "model-free deterministic check (requires `poll`) and only escalates to " + "a model fire on a hit. Honoured only when SWITCHROOM_CHEAP_CRON is on."),
+    poll: PollSpecSchema.optional().describe("Required iff kind=poll. The declarative poll spec."),
+    model: exports_external.string().optional().describe("Cron model hint. Reactivated by SWITCHROOM_CHEAP_CRON (was DEPRECATED/" + "IGNORED in v0.8). A known-cheap id (sonnet/haiku family) routes the " + "fire to a fresh cheap cron session (Tier 1, `context: fresh`); 'opus', " + "a custom id, or unset routes to the agent's live session (Tier 2, " + "`context: agent`) — the conservative default that preserves pre-v0.8 " + "behaviour. Note: a live session's model is fixed at launch, so on Tier " + "2 this is informational. See docs/scheduling.md."),
+    context: exports_external.enum(["fresh", "agent"]).optional().describe("Does this cron need the agent, or just a model? 'fresh' → a minimal-" + "context cheap cron session (Tier 1). 'agent' → the agent's live " + "session with full persona/memory (Tier 2). Unset → inferred from " + "`model` (cheap→fresh, else agent). Honoured only when " + "SWITCHROOM_CHEAP_CRON is on."),
     secrets: exports_external.array(exports_external.string().regex(/^[a-zA-Z0-9_\-/]+$/, "Secret key names must contain only alphanumeric characters, underscores, hyphens, and forward slashes")).default([]).describe("Vault key names this cron task may read via the vault-broker daemon. " + "Empty by default — broker requests for unlisted keys are denied. " + "Note: this is misconfiguration protection (a typo in cron-A doesn't " + "accidentally read cron-B's keys) rather than a security boundary — " + "anyone who can edit cron scripts can also edit switchroom.yaml, and " + "anyone with the vault passphrase can read the vault file directly. " + "See docs/configuration.md for the full framing."),
     topic: exports_external.union([
       exports_external.string().min(1, "topic alias must be non-empty"),
       exports_external.number().int().positive("topic ID must be a positive integer")
     ]).optional().describe("Forum topic this cron fires into when the owning agent is in " + "supergroup-owned mode (channels.telegram.chat_id set). Either a " + 'string alias resolved against `topic_aliases` (e.g. "planning") ' + "or a numeric topic ID. Falls back to the agent's `default_topic_id` " + "when unset. Ignored for agents in fleet-shared or dm_only mode. " + "Alias-resolution happens at config-load — typos surface immediately. " + "See docs/rfcs/supergroup-mode.md.")
+  }).superRefine((entry, ctx) => {
+    const kind = entry.kind ?? "prompt";
+    if (kind === "poll" && !entry.poll) {
+      ctx.addIssue({
+        code: exports_external.ZodIssueCode.custom,
+        path: ["poll"],
+        message: "kind: poll requires a `poll` spec (http-diff or telegram-reactions)."
+      });
+    }
+    if (kind === "prompt" && entry.poll) {
+      ctx.addIssue({
+        code: exports_external.ZodIssueCode.custom,
+        path: ["poll"],
+        message: "`poll` is only valid when kind: poll."
+      });
+    }
   });
   AgentSoulSchema = exports_external.object({
     name: exports_external.string().describe("Agent persona name (e.g., 'Coach', 'Sage')"),
@@ -11745,6 +11784,13 @@ var init_schema = __esm(() => {
     config_edit_enabled: exports_external.boolean().default(false).describe("Opt-in toggle for the `config_propose_edit` hostd verb (RFC " + "admin-agent-config-edit §3). Default false — the verb returns " + "`E_CONFIG_EDIT_DISABLED` until the operator explicitly flips " + "this to true. When true (and once PR 1c lands the apply path), " + "admin agents can propose unified-diff patches against " + "`/state/config/switchroom.yaml`, gated by an operator approval " + "card in the primary chat. Same trust posture as `update_apply` " + "and `agent_restart`: the human-in-the-loop tap is the security " + "boundary, not the agent's judgement."),
     config_edit_rate_per_hour: exports_external.number().int().min(1).max(20).default(3).describe("Per-requesting-agent rate cap for `config_propose_edit` cards " + "(RFC admin-agent-config-edit §5). Default 3 cards/hour; min 1, " + "max 20. Implemented as a sqlite token bucket in PR 1c; the " + "field is wired here in PR 1a so operators can pin it before the " + "limiter is live. Above the cap, the verb returns " + "`E_RATE_LIMITED` without raising a card.")
   });
+  CronEgressSchema = exports_external.object({
+    allowed_hosts: exports_external.array(exports_external.string().min(1)).default([]).describe("Hosts a poll may reach (exact, https-only). loopback/private/IP-literal are always rejected."),
+    secret_bindings: exports_external.record(exports_external.string(), exports_external.string().min(1)).default({}).describe("secretName → the single host it may be sent to. A poll carrying a secret to any other host is rejected.")
+  });
+  CronConfigSchema = exports_external.object({
+    egress: CronEgressSchema.optional().describe("SSRF/exfil fence for http-diff polls.")
+  });
   SwitchroomConfigSchema = exports_external.object({
     switchroom: exports_external.object({
       version: exports_external.literal(1).describe("Config schema version"),
@@ -11793,7 +11839,8 @@ var init_schema = __esm(() => {
     profiles: exports_external.record(exports_external.string(), ProfileSchema).optional().describe("Named profile definitions. Agents reference via `extends: <name>`. " + "Inline profiles declared here take priority over filesystem " + "profiles/<name>/ directories when both exist."),
     agents: exports_external.record(exports_external.string().regex(/^[a-z0-9][a-z0-9_-]{0,50}$/, {
       message: "Agent name must start with a letter/digit, contain only lowercase letters/digits/hyphens/underscores, and be at most 51 characters (Telegram callback_data byte limit)"
-    }), AgentSchema).describe("Map of agent name to agent configuration")
+    }), AgentSchema).describe("Map of agent name to agent configuration"),
+    cron: CronConfigSchema.optional().describe("Cheap-cron settings (docs/rfcs/cheap-cron-sessions.md). Operator-owned " + "egress allowlist + host-pinned secret bindings for Tier-0 http-diff " + "polls (§6.1). Required to enable any http-diff poll; not agent-writable.")
   });
 });
 

package/dist/vault/broker/server.js

@@ -11277,7 +11277,7 @@ var init_zod = __esm(() => {
 });
 
 // src/config/schema.ts
-var CodeRepoEntrySchema, AgentBindMountSchema, ScheduleEntrySchema, AgentSoulSchema, AgentToolsSchema, AgentMemorySchema, HookEntrySchema, AgentHooksSchema, SubagentSchema, SessionSchema, SessionContinuitySchema, TelegramChannelSchema, ChannelsSchema, TIMEZONE_REGEX, ApproverIdSchema, GoogleWorkspaceTierSchema, GoogleWorkspaceConfigSchema, MicrosoftWorkspaceConfigSchema, NotionWorkspaceConfigSchema, AgentGoogleWorkspaceConfigSchema, AgentMicrosoftWorkspaceConfigSchema, AgentNotionWorkspaceConfigSchema, ReactionsSchema, ReleaseBlock, NetworkIsolationSchema, profileFields, ProfileSchema, _omitExtends, defaultsFields, AgentDefaultsSchema, AgentSchema, TelegramConfigSchema, MemoryBackendConfigSchema, VaultConfigSchema, QuotaConfigSchema, AutoReleaseCheckSchema, HostControlConfigSchema, WebServiceConfigSchema, HostdConfigSchema, SwitchroomConfigSchema;
+var CodeRepoEntrySchema, AgentBindMountSchema, HttpDiffPollSchema, TelegramReactionsPollSchema, PollSpecSchema, ScheduleEntrySchema, AgentSoulSchema, AgentToolsSchema, AgentMemorySchema, HookEntrySchema, AgentHooksSchema, SubagentSchema, SessionSchema, SessionContinuitySchema, TelegramChannelSchema, ChannelsSchema, TIMEZONE_REGEX, ApproverIdSchema, GoogleWorkspaceTierSchema, GoogleWorkspaceConfigSchema, MicrosoftWorkspaceConfigSchema, NotionWorkspaceConfigSchema, AgentGoogleWorkspaceConfigSchema, AgentMicrosoftWorkspaceConfigSchema, AgentNotionWorkspaceConfigSchema, ReactionsSchema, ReleaseBlock, NetworkIsolationSchema, profileFields, ProfileSchema, _omitExtends, defaultsFields, AgentDefaultsSchema, AgentSchema, TelegramConfigSchema, MemoryBackendConfigSchema, VaultConfigSchema, QuotaConfigSchema, AutoReleaseCheckSchema, HostControlConfigSchema, WebServiceConfigSchema, HostdConfigSchema, CronEgressSchema, CronConfigSchema, SwitchroomConfigSchema;
 var init_schema = __esm(() => {
   init_zod();
   CodeRepoEntrySchema = exports_external.object({
@@ -11290,15 +11290,54 @@ var init_schema = __esm(() => {
     target: exports_external.string().optional().describe("Container path the source mounts to. Must be absolute. Defaults to " + "the same path as `source` (matches switchroom's existing dual-mount " + "convention so absolute paths in scaffolded scripts Just Work)."),
     mode: exports_external.enum(["ro", "rw"]).optional().describe("Read-only (default) or read-write. Use `rw` only when the agent " + "must mutate the host path (e.g. editing switchroom source). " + "Default: 'ro'.")
   });
+  HttpDiffPollSchema = exports_external.object({
+    type: exports_external.literal("http-diff"),
+    url: exports_external.string().url().describe("Poll target. Host MUST match the operator egress allowlist (§6.1) — " + "loopback/private/link-local/non-https are rejected; the IP is " + "resolve-then-pinned against DNS-rebind. Not agent-writable without " + "operator commit."),
+    method: exports_external.enum(["GET", "POST"]).default("GET"),
+    headers: exports_external.record(exports_external.string()).optional(),
+    secrets: exports_external.array(exports_external.string().regex(/^[a-zA-Z0-9_\-/]+$/, "Secret key names must contain only alphanumeric characters, underscores, hyphens, and forward slashes")).default([]).describe("Vault keys this poll may inject into request headers. Each is " + "HOST-PINNED (§6.1): a secret may only be sent to the host it is bound " + "to in operator config, so an approved poll cannot exfil it elsewhere."),
+    diff_jsonpath: exports_external.string().describe("JSONPath into the response; the extracted value is compared to state_key."),
+    state_key: exports_external.string().describe("Key under /state/agent/poll-state.json holding the last-seen value.")
+  });
+  TelegramReactionsPollSchema = exports_external.object({
+    type: exports_external.literal("telegram-reactions"),
+    chat_id: exports_external.union([exports_external.string().min(1), exports_external.number().int()]).describe("Chat to scan for reactions (model-free internal gateway query)."),
+    emoji: exports_external.string().min(1).describe("Reaction emoji that marks a message for capture (e.g. \uD83D\uDC68‍\uD83D\uDCBB)."),
+    lookback: exports_external.number().int().positive().max(200).default(40),
+    state_key: exports_external.string().describe("Key under poll-state.json holding the last-processed message id.")
+  });
+  PollSpecSchema = exports_external.discriminatedUnion("type", [
+    HttpDiffPollSchema,
+    TelegramReactionsPollSchema
+  ]);
   ScheduleEntrySchema = exports_external.object({
     cron: exports_external.string().describe("Cron expression (e.g., '0 8 * * *')"),
-    prompt: exports_external.string().describe("Prompt to send at the scheduled time"),
-    model: exports_external.string().optional().describe("DEPRECATED / IGNORED. Pre-v0.8 the singleton scheduler ran each " + "task as an isolated headless invocation and could set --model per " + "task. Post cron-fold-in (v0.8) the fire is injected into the agent's " + "running session, so it always uses the agent's configured model " + "— this field has no effect. Accepted (optional) only so existing " + "configs keep validating; set the model at the agent level instead. " + "See docs/scheduling.md."),
+    prompt: exports_external.string().describe("Prompt to send at the scheduled time (the escalation prompt when kind=poll; templated with {{diff}})."),
+    kind: exports_external.enum(["poll", "prompt"]).optional().describe("Tier-0 routing (docs/rfcs/cheap-cron-sessions.md). 'prompt' (default) " + "fires a model turn every tick (Tier 1/2 per `context`). 'poll' runs a " + "model-free deterministic check (requires `poll`) and only escalates to " + "a model fire on a hit. Honoured only when SWITCHROOM_CHEAP_CRON is on."),
+    poll: PollSpecSchema.optional().describe("Required iff kind=poll. The declarative poll spec."),
+    model: exports_external.string().optional().describe("Cron model hint. Reactivated by SWITCHROOM_CHEAP_CRON (was DEPRECATED/" + "IGNORED in v0.8). A known-cheap id (sonnet/haiku family) routes the " + "fire to a fresh cheap cron session (Tier 1, `context: fresh`); 'opus', " + "a custom id, or unset routes to the agent's live session (Tier 2, " + "`context: agent`) — the conservative default that preserves pre-v0.8 " + "behaviour. Note: a live session's model is fixed at launch, so on Tier " + "2 this is informational. See docs/scheduling.md."),
+    context: exports_external.enum(["fresh", "agent"]).optional().describe("Does this cron need the agent, or just a model? 'fresh' → a minimal-" + "context cheap cron session (Tier 1). 'agent' → the agent's live " + "session with full persona/memory (Tier 2). Unset → inferred from " + "`model` (cheap→fresh, else agent). Honoured only when " + "SWITCHROOM_CHEAP_CRON is on."),
     secrets: exports_external.array(exports_external.string().regex(/^[a-zA-Z0-9_\-/]+$/, "Secret key names must contain only alphanumeric characters, underscores, hyphens, and forward slashes")).default([]).describe("Vault key names this cron task may read via the vault-broker daemon. " + "Empty by default — broker requests for unlisted keys are denied. " + "Note: this is misconfiguration protection (a typo in cron-A doesn't " + "accidentally read cron-B's keys) rather than a security boundary — " + "anyone who can edit cron scripts can also edit switchroom.yaml, and " + "anyone with the vault passphrase can read the vault file directly. " + "See docs/configuration.md for the full framing."),
     topic: exports_external.union([
       exports_external.string().min(1, "topic alias must be non-empty"),
       exports_external.number().int().positive("topic ID must be a positive integer")
     ]).optional().describe("Forum topic this cron fires into when the owning agent is in " + "supergroup-owned mode (channels.telegram.chat_id set). Either a " + 'string alias resolved against `topic_aliases` (e.g. "planning") ' + "or a numeric topic ID. Falls back to the agent's `default_topic_id` " + "when unset. Ignored for agents in fleet-shared or dm_only mode. " + "Alias-resolution happens at config-load — typos surface immediately. " + "See docs/rfcs/supergroup-mode.md.")
+  }).superRefine((entry, ctx) => {
+    const kind = entry.kind ?? "prompt";
+    if (kind === "poll" && !entry.poll) {
+      ctx.addIssue({
+        code: exports_external.ZodIssueCode.custom,
+        path: ["poll"],
+        message: "kind: poll requires a `poll` spec (http-diff or telegram-reactions)."
+      });
+    }
+    if (kind === "prompt" && entry.poll) {
+      ctx.addIssue({
+        code: exports_external.ZodIssueCode.custom,
+        path: ["poll"],
+        message: "`poll` is only valid when kind: poll."
+      });
+    }
   });
   AgentSoulSchema = exports_external.object({
     name: exports_external.string().describe("Agent persona name (e.g., 'Coach', 'Sage')"),
@@ -11745,6 +11784,13 @@ var init_schema = __esm(() => {
     config_edit_enabled: exports_external.boolean().default(false).describe("Opt-in toggle for the `config_propose_edit` hostd verb (RFC " + "admin-agent-config-edit §3). Default false — the verb returns " + "`E_CONFIG_EDIT_DISABLED` until the operator explicitly flips " + "this to true. When true (and once PR 1c lands the apply path), " + "admin agents can propose unified-diff patches against " + "`/state/config/switchroom.yaml`, gated by an operator approval " + "card in the primary chat. Same trust posture as `update_apply` " + "and `agent_restart`: the human-in-the-loop tap is the security " + "boundary, not the agent's judgement."),
     config_edit_rate_per_hour: exports_external.number().int().min(1).max(20).default(3).describe("Per-requesting-agent rate cap for `config_propose_edit` cards " + "(RFC admin-agent-config-edit §5). Default 3 cards/hour; min 1, " + "max 20. Implemented as a sqlite token bucket in PR 1c; the " + "field is wired here in PR 1a so operators can pin it before the " + "limiter is live. Above the cap, the verb returns " + "`E_RATE_LIMITED` without raising a card.")
   });
+  CronEgressSchema = exports_external.object({
+    allowed_hosts: exports_external.array(exports_external.string().min(1)).default([]).describe("Hosts a poll may reach (exact, https-only). loopback/private/IP-literal are always rejected."),
+    secret_bindings: exports_external.record(exports_external.string(), exports_external.string().min(1)).default({}).describe("secretName → the single host it may be sent to. A poll carrying a secret to any other host is rejected.")
+  });
+  CronConfigSchema = exports_external.object({
+    egress: CronEgressSchema.optional().describe("SSRF/exfil fence for http-diff polls.")
+  });
   SwitchroomConfigSchema = exports_external.object({
     switchroom: exports_external.object({
       version: exports_external.literal(1).describe("Config schema version"),
@@ -11793,7 +11839,8 @@ var init_schema = __esm(() => {
     profiles: exports_external.record(exports_external.string(), ProfileSchema).optional().describe("Named profile definitions. Agents reference via `extends: <name>`. " + "Inline profiles declared here take priority over filesystem " + "profiles/<name>/ directories when both exist."),
     agents: exports_external.record(exports_external.string().regex(/^[a-z0-9][a-z0-9_-]{0,50}$/, {
       message: "Agent name must start with a letter/digit, contain only lowercase letters/digits/hyphens/underscores, and be at most 51 characters (Telegram callback_data byte limit)"
-    }), AgentSchema).describe("Map of agent name to agent configuration")
+    }), AgentSchema).describe("Map of agent name to agent configuration"),
+    cron: CronConfigSchema.optional().describe("Cheap-cron settings (docs/rfcs/cheap-cron-sessions.md). Operator-owned " + "egress allowlist + host-pinned secret bindings for Tier-0 http-diff " + "polls (§6.1). Required to enable any http-diff poll; not agent-writable.")
   });
 });
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "switchroom",
-  "version": "0.14.90",
+  "version": "0.14.92",
   "description": "Run Claude Code 24/7 on your Claude Pro/Max subscription over Telegram. Open-source alternative to OpenClaw and NanoClaw — no API keys.",
   "type": "module",
   "bin": {

package/profiles/_base/cron-session.sh.hbs

@@ -0,0 +1,77 @@
+#!/usr/bin/env bash
+# Tier-1 cheap cron SESSION launcher — docs/rfcs/cheap-cron-sessions.md §2.2.
+#
+# A SECOND interactive `claude` (no -p — compliance pillar 3) in the agent
+# container, dedicated to cheap cron fires. It registers to the SAME gateway
+# as a DISTINCT bridge identity `<name>-cron` (start.sh's gateway sidecar
+# routes meta.session=cron fires here and gates all status surfaces off this
+# identity — see telegram-plugin/gateway/cron-session.ts). Minimal context:
+# its own CLAUDE_CONFIG_DIR (separate transcript) + a TRIMMED .mcp.json (only
+# switchroom-telegram) → it pays a fraction of the main session's schema +
+# cache-read tax, at the cheap cron model.
+#
+# Forked as a supervised sidecar by start.sh ONLY when {{name}} actually has a
+# Tier-1 (context: fresh) cron entry AND SWITCHROOM_CHEAP_CRON is on — so the
+# whole feature is inert for the rest of the fleet (the start.sh fork block
+# renders empty). This script is a no-op artifact on disk until then.
+set -u
+
+# Runtime kill-switch. The fork is baked into start.sh whenever {{name}} has a
+# context:fresh cron entry (a config property), but the session only actually
+# runs when SWITCHROOM_CHEAP_CRON is on at runtime. Exit 78 (EX_CONFIG) so the
+# supervisor does NOT respawn-loop when the feature is off — a clean idle.
+case "${SWITCHROOM_CHEAP_CRON:-}" in
+  1 | true | on | ON) : ;;
+  *)
+    echo "cron-session: SWITCHROOM_CHEAP_CRON off — not starting (exit 78, no respawn)" >&2
+    exit 78
+    ;;
+esac
+
+CRON_NAME="{{name}}-cron"
+CRON_CONFIG_DIR="{{agentDir}}/.claude-cron"
+MAIN_CONFIG_DIR="{{agentDir}}/.claude"
+# TRIMMED MCP config (scaffold writes .claude-cron/.mcp.json with ONLY
+# switchroom-telegram) → the cron session pays a fraction of the main session's
+# ~31k-token MCP schema tax. The switchroom-telegram BRIDGE reads
+# SWITCHROOM_AGENT_NAME from the process env (exported below), NOT its .mcp.json
+# env block, so it registers as the cron identity. Fall back to the full
+# .mcp.json if the trimmed file is missing (older scaffold) so it still boots.
+CRON_MCP_CONFIG="{{agentDir}}/.claude-cron/.mcp.json"
+[ -f "$CRON_MCP_CONFIG" ] || CRON_MCP_CONFIG="{{agentDir}}/.mcp.json"
+CRON_SOCKET="switchroom-${CRON_NAME}"
+
+mkdir -p "$CRON_CONFIG_DIR"
+
+# Share the broker-managed OAuth creds (same subscription) without sharing the
+# main session's transcript/settings. The broker is the sole writer of
+# .credentials.json into the MAIN config dir; symlink it so the cron session
+# authenticates with the same account and re-reads on refresh. Transcript
+# (projects/) stays separate → minimal, /clear-friendly context.
+if [ -e "$MAIN_CONFIG_DIR/.credentials.json" ]; then
+  ln -sfn "$MAIN_CONFIG_DIR/.credentials.json" "$CRON_CONFIG_DIR/.credentials.json"
+fi
+if [ -e "$MAIN_CONFIG_DIR/settings.json" ]; then
+  ln -sfn "$MAIN_CONFIG_DIR/settings.json" "$CRON_CONFIG_DIR/settings.json"
+fi
+
+# Distinct identity + config dir for the bridge that runs inside claude.
+export SWITCHROOM_AGENT_NAME="$CRON_NAME"
+export CLAUDE_CONFIG_DIR="$CRON_CONFIG_DIR"
+
+CRON_APPEND_PROMPT="You are the cheap background cron worker for {{name}}. You handle scheduled tasks only. Do the task, reply once with the result, and keep it brief. You do not have {{name}}'s full memory or persona — if a task needs them, say so rather than guessing."
+
+# Launch the cron claude in its OWN tmux session/socket so it never contends
+# with the main session's pane. Interactive (no -p). --strict-mcp-config pins
+# it to the trimmed config (switchroom-telegram only). Fresh each boot (no
+# --continue) — minimal context by construction.
+exec tmux -L "$CRON_SOCKET" \
+  new-session -A -s "$CRON_NAME" -x 400 -y 50 \
+  claude \
+    --dangerously-load-development-channels server:switchroom-telegram \
+    --plugin-dir "{{securityPluginDir}}" \
+    --mcp-config "$CRON_MCP_CONFIG" \
+    --strict-mcp-config \
+    --model {{{cronModelQ}}} \
+    --append-system-prompt "$CRON_APPEND_PROMPT"{{#if dangerousMode}} \
+    --dangerously-skip-permissions{{/if}}

package/profiles/_base/start.sh.hbs

@@ -163,6 +163,19 @@ if [ "$SWITCHROOM_RUNTIME" = "docker" ] && [ -z "$SWITCHROOM_DOCKER_TMUX_INNER"
       bun /opt/switchroom/agent-scheduler/index.js &
   fi
 
+{{#if cronSessionEnabled}}
+  # 4) cheap cron SESSION (Tier 1, docs/rfcs/cheap-cron-sessions.md §2.2).
+  #    A SECOND interactive claude (no -p) dedicated to context:fresh cron
+  #    fires, registering to the gateway as the cron-suffixed bridge. This
+  #    block is rendered ONLY for an agent that has a Tier-1 cron entry; for
+  #    every other agent the cronSessionEnabled guard is false so the whole
+  #    block is absent and their start.sh is byte-identical to before.
+  if command -v claude >/dev/null 2>&1 && [ -f "$(dirname "$0")/cron-session.sh" ]; then
+    _switchroom_supervise cron-session /var/log/switchroom/cron-session.log \
+      bash "$(dirname "$0")/cron-session.sh" &
+  fi
+{{/if}}
+
   export SWITCHROOM_DOCKER_TMUX_INNER=1
   exec tmux -L "switchroom-{{name}}" \
     new-session -A -s "{{name}}" -x 400 -y 50 \

package/telegram-plugin/dist/gateway/gateway.js

@@ -23781,7 +23781,7 @@ var init_dist = __esm(() => {
 });
 
 // ../src/config/schema.ts
-var CodeRepoEntrySchema, AgentBindMountSchema, ScheduleEntrySchema, AgentSoulSchema, AgentToolsSchema, AgentMemorySchema, HookEntrySchema, AgentHooksSchema, SubagentSchema, SessionSchema, SessionContinuitySchema, TelegramChannelSchema, ChannelsSchema, TIMEZONE_REGEX, ApproverIdSchema, GoogleWorkspaceTierSchema, GoogleWorkspaceConfigSchema, MicrosoftWorkspaceConfigSchema, NotionWorkspaceConfigSchema, AgentGoogleWorkspaceConfigSchema, AgentMicrosoftWorkspaceConfigSchema, AgentNotionWorkspaceConfigSchema, ReactionsSchema, ReleaseBlock, NetworkIsolationSchema, profileFields, ProfileSchema, _omitExtends, defaultsFields, AgentDefaultsSchema, AgentSchema, TelegramConfigSchema, MemoryBackendConfigSchema, VaultConfigSchema, QuotaConfigSchema, AutoReleaseCheckSchema, HostControlConfigSchema, WebServiceConfigSchema, HostdConfigSchema, SwitchroomConfigSchema;
+var CodeRepoEntrySchema, AgentBindMountSchema, HttpDiffPollSchema, TelegramReactionsPollSchema, PollSpecSchema, ScheduleEntrySchema, AgentSoulSchema, AgentToolsSchema, AgentMemorySchema, HookEntrySchema, AgentHooksSchema, SubagentSchema, SessionSchema, SessionContinuitySchema, TelegramChannelSchema, ChannelsSchema, TIMEZONE_REGEX, ApproverIdSchema, GoogleWorkspaceTierSchema, GoogleWorkspaceConfigSchema, MicrosoftWorkspaceConfigSchema, NotionWorkspaceConfigSchema, AgentGoogleWorkspaceConfigSchema, AgentMicrosoftWorkspaceConfigSchema, AgentNotionWorkspaceConfigSchema, ReactionsSchema, ReleaseBlock, NetworkIsolationSchema, profileFields, ProfileSchema, _omitExtends, defaultsFields, AgentDefaultsSchema, AgentSchema, TelegramConfigSchema, MemoryBackendConfigSchema, VaultConfigSchema, QuotaConfigSchema, AutoReleaseCheckSchema, HostControlConfigSchema, WebServiceConfigSchema, HostdConfigSchema, CronEgressSchema, CronConfigSchema, SwitchroomConfigSchema;
 var init_schema = __esm(() => {
   init_zod();
   CodeRepoEntrySchema = exports_external.object({
@@ -23794,15 +23794,54 @@ var init_schema = __esm(() => {
     target: exports_external.string().optional().describe("Container path the source mounts to. Must be absolute. Defaults to " + "the same path as `source` (matches switchroom's existing dual-mount " + "convention so absolute paths in scaffolded scripts Just Work)."),
     mode: exports_external.enum(["ro", "rw"]).optional().describe("Read-only (default) or read-write. Use `rw` only when the agent " + "must mutate the host path (e.g. editing switchroom source). " + "Default: 'ro'.")
   });
+  HttpDiffPollSchema = exports_external.object({
+    type: exports_external.literal("http-diff"),
+    url: exports_external.string().url().describe("Poll target. Host MUST match the operator egress allowlist (\u00a76.1) \u2014 " + "loopback/private/link-local/non-https are rejected; the IP is " + "resolve-then-pinned against DNS-rebind. Not agent-writable without " + "operator commit."),
+    method: exports_external.enum(["GET", "POST"]).default("GET"),
+    headers: exports_external.record(exports_external.string()).optional(),
+    secrets: exports_external.array(exports_external.string().regex(/^[a-zA-Z0-9_\-/]+$/, "Secret key names must contain only alphanumeric characters, underscores, hyphens, and forward slashes")).default([]).describe("Vault keys this poll may inject into request headers. Each is " + "HOST-PINNED (\u00a76.1): a secret may only be sent to the host it is bound " + "to in operator config, so an approved poll cannot exfil it elsewhere."),
+    diff_jsonpath: exports_external.string().describe("JSONPath into the response; the extracted value is compared to state_key."),
+    state_key: exports_external.string().describe("Key under /state/agent/poll-state.json holding the last-seen value.")
+  });
+  TelegramReactionsPollSchema = exports_external.object({
+    type: exports_external.literal("telegram-reactions"),
+    chat_id: exports_external.union([exports_external.string().min(1), exports_external.number().int()]).describe("Chat to scan for reactions (model-free internal gateway query)."),
+    emoji: exports_external.string().min(1).describe("Reaction emoji that marks a message for capture (e.g. \uD83D\uDC68\u200d\uD83D\uDCBB)."),
+    lookback: exports_external.number().int().positive().max(200).default(40),
+    state_key: exports_external.string().describe("Key under poll-state.json holding the last-processed message id.")
+  });
+  PollSpecSchema = exports_external.discriminatedUnion("type", [
+    HttpDiffPollSchema,
+    TelegramReactionsPollSchema
+  ]);
   ScheduleEntrySchema = exports_external.object({
     cron: exports_external.string().describe("Cron expression (e.g., '0 8 * * *')"),
-    prompt: exports_external.string().describe("Prompt to send at the scheduled time"),
-    model: exports_external.string().optional().describe("DEPRECATED / IGNORED. Pre-v0.8 the singleton scheduler ran each " + "task as an isolated headless invocation and could set --model per " + "task. Post cron-fold-in (v0.8) the fire is injected into the agent's " + "running session, so it always uses the agent's configured model " + "\u2014 this field has no effect. Accepted (optional) only so existing " + "configs keep validating; set the model at the agent level instead. " + "See docs/scheduling.md."),
+    prompt: exports_external.string().describe("Prompt to send at the scheduled time (the escalation prompt when kind=poll; templated with {{diff}})."),
+    kind: exports_external.enum(["poll", "prompt"]).optional().describe("Tier-0 routing (docs/rfcs/cheap-cron-sessions.md). 'prompt' (default) " + "fires a model turn every tick (Tier 1/2 per `context`). 'poll' runs a " + "model-free deterministic check (requires `poll`) and only escalates to " + "a model fire on a hit. Honoured only when SWITCHROOM_CHEAP_CRON is on."),
+    poll: PollSpecSchema.optional().describe("Required iff kind=poll. The declarative poll spec."),
+    model: exports_external.string().optional().describe("Cron model hint. Reactivated by SWITCHROOM_CHEAP_CRON (was DEPRECATED/" + "IGNORED in v0.8). A known-cheap id (sonnet/haiku family) routes the " + "fire to a fresh cheap cron session (Tier 1, `context: fresh`); 'opus', " + "a custom id, or unset routes to the agent's live session (Tier 2, " + "`context: agent`) \u2014 the conservative default that preserves pre-v0.8 " + "behaviour. Note: a live session's model is fixed at launch, so on Tier " + "2 this is informational. See docs/scheduling.md."),
+    context: exports_external.enum(["fresh", "agent"]).optional().describe("Does this cron need the agent, or just a model? 'fresh' \u2192 a minimal-" + "context cheap cron session (Tier 1). 'agent' \u2192 the agent's live " + "session with full persona/memory (Tier 2). Unset \u2192 inferred from " + "`model` (cheap\u2192fresh, else agent). Honoured only when " + "SWITCHROOM_CHEAP_CRON is on."),
     secrets: exports_external.array(exports_external.string().regex(/^[a-zA-Z0-9_\-/]+$/, "Secret key names must contain only alphanumeric characters, underscores, hyphens, and forward slashes")).default([]).describe("Vault key names this cron task may read via the vault-broker daemon. " + "Empty by default \u2014 broker requests for unlisted keys are denied. " + "Note: this is misconfiguration protection (a typo in cron-A doesn't " + "accidentally read cron-B's keys) rather than a security boundary \u2014 " + "anyone who can edit cron scripts can also edit switchroom.yaml, and " + "anyone with the vault passphrase can read the vault file directly. " + "See docs/configuration.md for the full framing."),
     topic: exports_external.union([
       exports_external.string().min(1, "topic alias must be non-empty"),
       exports_external.number().int().positive("topic ID must be a positive integer")
     ]).optional().describe("Forum topic this cron fires into when the owning agent is in " + "supergroup-owned mode (channels.telegram.chat_id set). Either a " + 'string alias resolved against `topic_aliases` (e.g. "planning") ' + "or a numeric topic ID. Falls back to the agent's `default_topic_id` " + "when unset. Ignored for agents in fleet-shared or dm_only mode. " + "Alias-resolution happens at config-load \u2014 typos surface immediately. " + "See docs/rfcs/supergroup-mode.md.")
+  }).superRefine((entry, ctx) => {
+    const kind = entry.kind ?? "prompt";
+    if (kind === "poll" && !entry.poll) {
+      ctx.addIssue({
+        code: exports_external.ZodIssueCode.custom,
+        path: ["poll"],
+        message: "kind: poll requires a `poll` spec (http-diff or telegram-reactions)."
+      });
+    }
+    if (kind === "prompt" && entry.poll) {
+      ctx.addIssue({
+        code: exports_external.ZodIssueCode.custom,
+        path: ["poll"],
+        message: "`poll` is only valid when kind: poll."
+      });
+    }
   });
   AgentSoulSchema = exports_external.object({
     name: exports_external.string().describe("Agent persona name (e.g., 'Coach', 'Sage')"),
@@ -24249,6 +24288,13 @@ var init_schema = __esm(() => {
     config_edit_enabled: exports_external.boolean().default(false).describe("Opt-in toggle for the `config_propose_edit` hostd verb (RFC " + "admin-agent-config-edit \u00a73). Default false \u2014 the verb returns " + "`E_CONFIG_EDIT_DISABLED` until the operator explicitly flips " + "this to true. When true (and once PR 1c lands the apply path), " + "admin agents can propose unified-diff patches against " + "`/state/config/switchroom.yaml`, gated by an operator approval " + "card in the primary chat. Same trust posture as `update_apply` " + "and `agent_restart`: the human-in-the-loop tap is the security " + "boundary, not the agent's judgement."),
     config_edit_rate_per_hour: exports_external.number().int().min(1).max(20).default(3).describe("Per-requesting-agent rate cap for `config_propose_edit` cards " + "(RFC admin-agent-config-edit \u00a75). Default 3 cards/hour; min 1, " + "max 20. Implemented as a sqlite token bucket in PR 1c; the " + "field is wired here in PR 1a so operators can pin it before the " + "limiter is live. Above the cap, the verb returns " + "`E_RATE_LIMITED` without raising a card.")
   });
+  CronEgressSchema = exports_external.object({
+    allowed_hosts: exports_external.array(exports_external.string().min(1)).default([]).describe("Hosts a poll may reach (exact, https-only). loopback/private/IP-literal are always rejected."),
+    secret_bindings: exports_external.record(exports_external.string(), exports_external.string().min(1)).default({}).describe("secretName \u2192 the single host it may be sent to. A poll carrying a secret to any other host is rejected.")
+  });
+  CronConfigSchema = exports_external.object({
+    egress: CronEgressSchema.optional().describe("SSRF/exfil fence for http-diff polls.")
+  });
   SwitchroomConfigSchema = exports_external.object({
     switchroom: exports_external.object({
       version: exports_external.literal(1).describe("Config schema version"),
@@ -24297,7 +24343,8 @@ var init_schema = __esm(() => {
     profiles: exports_external.record(exports_external.string(), ProfileSchema).optional().describe("Named profile definitions. Agents reference via `extends: <name>`. " + "Inline profiles declared here take priority over filesystem " + "profiles/<name>/ directories when both exist."),
     agents: exports_external.record(exports_external.string().regex(/^[a-z0-9][a-z0-9_-]{0,50}$/, {
       message: "Agent name must start with a letter/digit, contain only lowercase letters/digits/hyphens/underscores, and be at most 51 characters (Telegram callback_data byte limit)"
-    }), AgentSchema).describe("Map of agent name to agent configuration")
+    }), AgentSchema).describe("Map of agent name to agent configuration"),
+    cron: CronConfigSchema.optional().describe("Cheap-cron settings (docs/rfcs/cheap-cron-sessions.md). Operator-owned " + "egress allowlist + host-pinned secret bindings for Tier-0 http-diff " + "polls (\u00a76.1). Required to enable any http-diff poll; not agent-writable.")
   });
 });
 
@@ -47522,6 +47569,18 @@ function createPendingInboundBuffer(opts = {}) {
   };
 }
 
+// gateway/cron-session.ts
+var CRON_IDENTITY_SUFFIX = "-cron";
+function cronIdentity(agent) {
+  return `${agent}${CRON_IDENTITY_SUFFIX}`;
+}
+function isCronIdentity(name) {
+  return typeof name === "string" && name.endsWith(CRON_IDENTITY_SUFFIX);
+}
+function resolveInjectTarget(agentName3, meta) {
+  return meta?.session === "cron" ? cronIdentity(agentName3) : agentName3;
+}
+
 // gateway/obligation-ledger.ts
 class ObligationLedger {
   maxRepresents;
@@ -52900,11 +52959,11 @@ function sweepStaleTurnActiveMarker(stateDir, opts) {
 }
 
 // ../src/build-info.ts
-var VERSION = "0.14.90";
-var COMMIT_SHA = "6386ff19";
-var COMMIT_DATE = "2026-06-08T00:05:33Z";
-var LATEST_PR = 2235;
-var COMMITS_AHEAD_OF_TAG = 0;
+var VERSION = "0.14.92";
+var COMMIT_SHA = "cd0b9973";
+var COMMIT_DATE = "2026-06-10T06:33:22+10:00";
+var LATEST_PR = null;
+var COMMITS_AHEAD_OF_TAG = 6;
 
 // gateway/boot-version.ts
 function formatRelativeAgo(iso) {
@@ -53545,6 +53604,21 @@ function resolveWorkerFeedDispatch(sub, watcherDescription) {
   };
 }
 
+// gateway/subagent-status-surface.ts
+function resolveSubagentStatusSurface(input) {
+  if (!input.isBackground) {
+    if (input.liveTurnPresent)
+      return "nest";
+    if (!input.orphanStatusEnabled)
+      return "skip";
+    return input.workerFeedEnabled ? "worker-feed" : "skip";
+  }
+  return input.workerFeedEnabled ? "worker-feed" : "legacy-relay";
+}
+function isOrphanSubagentStatusEnabled(envVal) {
+  return envVal !== "0";
+}
+
 // gateway/resolve-calling-subagent.ts
 function resolveCallingSubagent(opts) {
   if (opts.db == null)
@@ -55703,6 +55777,16 @@ var ipcServer = createIpcServer({
   onClientRegistered(client3) {
     process.stderr.write(`telegram gateway: bridge registered \u2014 agent=${client3.agentName}
 `);
+    if (isCronIdentity(client3.agentName)) {
+      client3.send({ type: "status", status: "agent_connected" });
+      const pending2 = pendingInboundBuffer.drain(client3.agentName ?? "");
+      for (const m of pending2) {
+        try {
+          client3.send(m);
+        } catch {}
+      }
+      return;
+    }
     const bridgeUpEffects = client3.agentName != null ? shadowEmit({ kind: "bridgeUp", at: Date.now() }) : [];
     client3.send({ type: "status", status: "agent_connected" });
     if (client3.agentName != null) {
@@ -55825,6 +55909,11 @@ var ipcServer = createIpcServer({
     }
   },
   onClientDisconnected(client3) {
+    if (isCronIdentity(client3.agentName)) {
+      process.stderr.write(`telegram gateway: cron-session bridge disconnected \u2014 agent=${client3.agentName}
+`);
+      return;
+    }
     if (client3.agentName != null) {
       process.stderr.write(`telegram gateway: bridge disconnected \u2014 agent=${client3.agentName}
 `);
@@ -55872,7 +55961,9 @@ var ipcServer = createIpcServer({
       };
     }
   },
-  onSessionEvent(_client, msg) {
+  onSessionEvent(client3, msg) {
+    if (isCronIdentity(client3.agentName))
+      return;
     if (msg.activeFile)
       lastSessionActiveFile = msg.activeFile;
     const ev = msg.event;
@@ -55972,7 +56063,9 @@ var ipcServer = createIpcServer({
       firstSeenAt: new Date
     });
   },
-  onPtyPartial(_client, msg) {
+  onPtyPartial(client3, msg) {
+    if (isCronIdentity(client3.agentName))
+      return;
     handlePtyPartial(msg.text);
   },
   async onRequestDriveApproval(client3, msg) {
@@ -56197,13 +56290,15 @@ var ipcServer = createIpcServer({
   onInjectInbound(_client, msg) {
     const promptKey = typeof msg.inbound.meta?.prompt_key === "string" ? msg.inbound.meta.prompt_key : "unknown";
     const source = typeof msg.inbound.meta?.source === "string" ? msg.inbound.meta.source : "unknown";
-    const delivered = ipcServer.sendToAgent(msg.agentName, msg.inbound);
-    if (delivered)
+    const target = resolveInjectTarget(msg.agentName, msg.inbound.meta);
+    const toCron = target !== msg.agentName;
+    const delivered = ipcServer.sendToAgent(target, msg.inbound);
+    if (delivered && !toCron)
       markClaudeBusyForInbound(msg.inbound);
-    process.stderr.write(`telegram gateway: inject_inbound agent=${msg.agentName} source=${source} prompt_key=${promptKey} delivered=${delivered}
+    process.stderr.write(`telegram gateway: inject_inbound agent=${msg.agentName} target=${target} source=${source} prompt_key=${promptKey} delivered=${delivered}
 `);
     if (!delivered) {
-      pendingInboundBuffer.push(msg.agentName, msg.inbound);
+      pendingInboundBuffer.push(target, msg.inbound);
     }
   },
   onQuotaWallDetected(_client, msg) {
@@ -64569,6 +64664,7 @@ var didOneTimeSetup = false;
           if (watcherAgentDir != null) {
             const workerFeedEnabled = isWorkerActivityFeedEnabled(process.env.SWITCHROOM_WORKER_ACTIVITY_FEED);
             const foregroundNestingEnabled = process.env.SWITCHROOM_FOREGROUND_SUBAGENT_NESTING !== "0";
+            const orphanStatusEnabled = isOrphanSubagentStatusEnabled(process.env.SWITCHROOM_ORPHAN_SUBAGENT_STATUS);
             const workerActivityFeed = createWorkerActivityFeed({
               bot: {
                 sendMessage: async (cid, text, sendOpts) => {
@@ -64650,6 +64746,22 @@ var didOneTimeSetup = false;
                         }
                       }
                     }
+                    return;
+                  }
+                  if (resolveSubagentStatusSurface({
+                    isBackground: false,
+                    liveTurnPresent: false,
+                    workerFeedEnabled,
+                    orphanStatusEnabled
+                  }) === "worker-feed") {
+                    workerActivityFeed.finish(agentId, {
+                      description: dispatch.feedDescription,
+                      lastTool: null,
+                      toolCount,
+                      latestSummary: resultText,
+                      elapsedMs: durationMs,
+                      state: outcome === "failed" ? "failed" : "done"
+                    });
                   }
                   return;
                 }
@@ -64716,6 +64828,26 @@ var didOneTimeSetup = false;
                 }
                 const isBackground = dispatch.isBackground;
                 if (!isBackground) {
+                  const surface = resolveSubagentStatusSurface({
+                    isBackground: false,
+                    liveTurnPresent: currentTurn != null,
+                    workerFeedEnabled,
+                    orphanStatusEnabled
+                  });
+                  if (surface === "worker-feed") {
+                    const origin = resolveSubagentOriginChat(agentId);
+                    workerActivityFeed.update(agentId, origin?.chatId || fleetChatId || (loadAccess().allowFrom[0] ?? ""), {
+                      description: dispatch.feedDescription,
+                      lastTool,
+                      toolCount,
+                      latestSummary,
+                      elapsedMs,
+                      state: "running"
+                    }, origin?.threadId);
+                    return;
+                  }
+                  if (surface !== "nest")
+                    return;
                   const turn = currentTurn;
                   if (turn == null)
                     return;