switchroom 0.14.91 → 0.14.93

package/dist/agent-scheduler/index.js

@@ -6932,7 +6932,7 @@ var require_public_api = __commonJS((exports) => {
 });
 
 // src/agent-scheduler/index.ts
-import { resolve as resolve4, join as join2 } from "node:path";
+import { resolve as resolve4, join as join3 } from "node:path";
 
 // src/config/loader.ts
 import { readFileSync as readFileSync2, existsSync as existsSync3 } from "node:fs";
@@ -10969,15 +10969,54 @@ var AgentBindMountSchema = exports_external.object({
   target: exports_external.string().optional().describe("Container path the source mounts to. Must be absolute. Defaults to " + "the same path as `source` (matches switchroom's existing dual-mount " + "convention so absolute paths in scaffolded scripts Just Work)."),
   mode: exports_external.enum(["ro", "rw"]).optional().describe("Read-only (default) or read-write. Use `rw` only when the agent " + "must mutate the host path (e.g. editing switchroom source). " + "Default: 'ro'.")
 });
+var HttpDiffPollSchema = exports_external.object({
+  type: exports_external.literal("http-diff"),
+  url: exports_external.string().url().describe("Poll target. Host MUST match the operator egress allowlist (§6.1) — " + "loopback/private/link-local/non-https are rejected; the IP is " + "resolve-then-pinned against DNS-rebind. Not agent-writable without " + "operator commit."),
+  method: exports_external.enum(["GET", "POST"]).default("GET"),
+  headers: exports_external.record(exports_external.string()).optional(),
+  secrets: exports_external.array(exports_external.string().regex(/^[a-zA-Z0-9_\-/]+$/, "Secret key names must contain only alphanumeric characters, underscores, hyphens, and forward slashes")).default([]).describe("Vault keys this poll may inject into request headers. Each is " + "HOST-PINNED (§6.1): a secret may only be sent to the host it is bound " + "to in operator config, so an approved poll cannot exfil it elsewhere."),
+  diff_jsonpath: exports_external.string().describe("JSONPath into the response; the extracted value is compared to state_key."),
+  state_key: exports_external.string().describe("Key under /state/agent/poll-state.json holding the last-seen value.")
+});
+var TelegramReactionsPollSchema = exports_external.object({
+  type: exports_external.literal("telegram-reactions"),
+  chat_id: exports_external.union([exports_external.string().min(1), exports_external.number().int()]).describe("Chat to scan for reactions (model-free internal gateway query)."),
+  emoji: exports_external.string().min(1).describe("Reaction emoji that marks a message for capture (e.g. \uD83D\uDC68‍\uD83D\uDCBB)."),
+  lookback: exports_external.number().int().positive().max(200).default(40),
+  state_key: exports_external.string().describe("Key under poll-state.json holding the last-processed message id.")
+});
+var PollSpecSchema = exports_external.discriminatedUnion("type", [
+  HttpDiffPollSchema,
+  TelegramReactionsPollSchema
+]);
 var ScheduleEntrySchema = exports_external.object({
   cron: exports_external.string().describe("Cron expression (e.g., '0 8 * * *')"),
-  prompt: exports_external.string().describe("Prompt to send at the scheduled time"),
-  model: exports_external.string().optional().describe("DEPRECATED / IGNORED. Pre-v0.8 the singleton scheduler ran each " + "task as an isolated headless invocation and could set --model per " + "task. Post cron-fold-in (v0.8) the fire is injected into the agent's " + "running session, so it always uses the agent's configured model " + "— this field has no effect. Accepted (optional) only so existing " + "configs keep validating; set the model at the agent level instead. " + "See docs/scheduling.md."),
+  prompt: exports_external.string().describe("Prompt to send at the scheduled time (the escalation prompt when kind=poll; templated with {{diff}})."),
+  kind: exports_external.enum(["poll", "prompt"]).optional().describe("Tier-0 routing (docs/rfcs/cheap-cron-sessions.md). 'prompt' (default) " + "fires a model turn every tick (Tier 1/2 per `context`). 'poll' runs a " + "model-free deterministic check (requires `poll`) and only escalates to " + "a model fire on a hit. Honoured only when SWITCHROOM_CHEAP_CRON is on."),
+  poll: PollSpecSchema.optional().describe("Required iff kind=poll. The declarative poll spec."),
+  model: exports_external.string().optional().describe("Cron model hint. Reactivated by SWITCHROOM_CHEAP_CRON (was DEPRECATED/" + "IGNORED in v0.8). A known-cheap id (sonnet/haiku family) routes the " + "fire to a fresh cheap cron session (Tier 1, `context: fresh`); 'opus', " + "a custom id, or unset routes to the agent's live session (Tier 2, " + "`context: agent`) — the conservative default that preserves pre-v0.8 " + "behaviour. Note: a live session's model is fixed at launch, so on Tier " + "2 this is informational. See docs/scheduling.md."),
+  context: exports_external.enum(["fresh", "agent"]).optional().describe("Does this cron need the agent, or just a model? 'fresh' → a minimal-" + "context cheap cron session (Tier 1). 'agent' → the agent's live " + "session with full persona/memory (Tier 2). Unset → inferred from " + "`model` (cheap→fresh, else agent). Honoured only when " + "SWITCHROOM_CHEAP_CRON is on."),
   secrets: exports_external.array(exports_external.string().regex(/^[a-zA-Z0-9_\-/]+$/, "Secret key names must contain only alphanumeric characters, underscores, hyphens, and forward slashes")).default([]).describe("Vault key names this cron task may read via the vault-broker daemon. " + "Empty by default — broker requests for unlisted keys are denied. " + "Note: this is misconfiguration protection (a typo in cron-A doesn't " + "accidentally read cron-B's keys) rather than a security boundary — " + "anyone who can edit cron scripts can also edit switchroom.yaml, and " + "anyone with the vault passphrase can read the vault file directly. " + "See docs/configuration.md for the full framing."),
   topic: exports_external.union([
     exports_external.string().min(1, "topic alias must be non-empty"),
     exports_external.number().int().positive("topic ID must be a positive integer")
   ]).optional().describe("Forum topic this cron fires into when the owning agent is in " + "supergroup-owned mode (channels.telegram.chat_id set). Either a " + 'string alias resolved against `topic_aliases` (e.g. "planning") ' + "or a numeric topic ID. Falls back to the agent's `default_topic_id` " + "when unset. Ignored for agents in fleet-shared or dm_only mode. " + "Alias-resolution happens at config-load — typos surface immediately. " + "See docs/rfcs/supergroup-mode.md.")
+}).superRefine((entry, ctx) => {
+  const kind = entry.kind ?? "prompt";
+  if (kind === "poll" && !entry.poll) {
+    ctx.addIssue({
+      code: exports_external.ZodIssueCode.custom,
+      path: ["poll"],
+      message: "kind: poll requires a `poll` spec (http-diff or telegram-reactions)."
+    });
+  }
+  if (kind === "prompt" && entry.poll) {
+    ctx.addIssue({
+      code: exports_external.ZodIssueCode.custom,
+      path: ["poll"],
+      message: "`poll` is only valid when kind: poll."
+    });
+  }
 });
 var AgentSoulSchema = exports_external.object({
   name: exports_external.string().describe("Agent persona name (e.g., 'Coach', 'Sage')"),
@@ -11424,6 +11463,13 @@ var HostdConfigSchema = exports_external.object({
   config_edit_enabled: exports_external.boolean().default(false).describe("Opt-in toggle for the `config_propose_edit` hostd verb (RFC " + "admin-agent-config-edit §3). Default false — the verb returns " + "`E_CONFIG_EDIT_DISABLED` until the operator explicitly flips " + "this to true. When true (and once PR 1c lands the apply path), " + "admin agents can propose unified-diff patches against " + "`/state/config/switchroom.yaml`, gated by an operator approval " + "card in the primary chat. Same trust posture as `update_apply` " + "and `agent_restart`: the human-in-the-loop tap is the security " + "boundary, not the agent's judgement."),
   config_edit_rate_per_hour: exports_external.number().int().min(1).max(20).default(3).describe("Per-requesting-agent rate cap for `config_propose_edit` cards " + "(RFC admin-agent-config-edit §5). Default 3 cards/hour; min 1, " + "max 20. Implemented as a sqlite token bucket in PR 1c; the " + "field is wired here in PR 1a so operators can pin it before the " + "limiter is live. Above the cap, the verb returns " + "`E_RATE_LIMITED` without raising a card.")
 });
+var CronEgressSchema = exports_external.object({
+  allowed_hosts: exports_external.array(exports_external.string().min(1)).default([]).describe("Hosts a poll may reach (exact, https-only). loopback/private/IP-literal are always rejected."),
+  secret_bindings: exports_external.record(exports_external.string(), exports_external.string().min(1)).default({}).describe("secretName → the single host it may be sent to. A poll carrying a secret to any other host is rejected.")
+});
+var CronConfigSchema = exports_external.object({
+  egress: CronEgressSchema.optional().describe("SSRF/exfil fence for http-diff polls.")
+});
 var SwitchroomConfigSchema = exports_external.object({
   switchroom: exports_external.object({
     version: exports_external.literal(1).describe("Config schema version"),
@@ -11472,7 +11518,8 @@ var SwitchroomConfigSchema = exports_external.object({
   profiles: exports_external.record(exports_external.string(), ProfileSchema).optional().describe("Named profile definitions. Agents reference via `extends: <name>`. " + "Inline profiles declared here take priority over filesystem " + "profiles/<name>/ directories when both exist."),
   agents: exports_external.record(exports_external.string().regex(/^[a-z0-9][a-z0-9_-]{0,50}$/, {
     message: "Agent name must start with a letter/digit, contain only lowercase letters/digits/hyphens/underscores, and be at most 51 characters (Telegram callback_data byte limit)"
-  }), AgentSchema).describe("Map of agent name to agent configuration")
+  }), AgentSchema).describe("Map of agent name to agent configuration"),
+  cron: CronConfigSchema.optional().describe("Cheap-cron settings (docs/rfcs/cheap-cron-sessions.md). Operator-owned " + "egress allowlist + host-pinned secret bindings for Tier-0 http-diff " + "polls (§6.1). Required to enable any http-diff poll; not agent-writable.")
 });
 
 // src/config/paths.ts
@@ -12162,7 +12209,11 @@ function collectScheduleEntries(config) {
         cron: entry.cron,
         prompt: entry.prompt,
         promptKey: createHash("sha256").update(entry.prompt).digest("hex").slice(0, 12),
-        ...entry.topic !== undefined ? { topic: entry.topic } : {}
+        ...entry.topic !== undefined ? { topic: entry.topic } : {},
+        ...entry.kind !== undefined ? { kind: entry.kind } : {},
+        ...entry.model !== undefined ? { model: entry.model } : {},
+        ...entry.context !== undefined ? { context: entry.context } : {},
+        ...entry.poll !== undefined ? { poll: entry.poll } : {}
       });
     }
   }
@@ -12182,13 +12233,813 @@ function dispatchAsInbound(entry, options, dispatcher) {
     meta: {
       source: "cron",
       schedule_index: String(entry.scheduleIndex),
-      prompt_key: entry.promptKey
+      prompt_key: entry.promptKey,
+      ...options.session === "cron" ? { session: "cron" } : {},
+      ...options.session === "cron" && options.model ? { model: options.model } : {}
     }
   };
   const delivered = dispatcher.sendToAgent(entry.agent, message);
   return { delivered, message };
 }
 
+// src/scheduler/cron-routing.ts
+var DEFAULT_CRON_MODEL = "claude-sonnet-4-6";
+var CHEAP_MODEL_RE = /(^|[^a-z])(sonnet|haiku)([^a-z]|$)/i;
+var OPUS_MODEL_RE = /opus/i;
+function isKnownCheapModel(model) {
+  return model !== undefined && CHEAP_MODEL_RE.test(model);
+}
+function isCheapCronEnabled(env = process.env) {
+  const v = (env.SWITCHROOM_CHEAP_CRON ?? "").toLowerCase();
+  return v === "1" || v === "true" || v === "on";
+}
+function resolveCronModel(model) {
+  return isKnownCheapModel(model) ? model : DEFAULT_CRON_MODEL;
+}
+function resolveCronRouting(input, opts) {
+  if (!opts.cheapCronEnabled) {
+    return { tier: "main", session: "main", customModelDowngrade: false };
+  }
+  const kind = input.kind ?? "prompt";
+  let context;
+  let customModelDowngrade = false;
+  if (input.context) {
+    context = input.context;
+  } else if (isKnownCheapModel(input.model)) {
+    context = "fresh";
+  } else {
+    context = "agent";
+    customModelDowngrade = input.model !== undefined && !isKnownCheapModel(input.model) && !OPUS_MODEL_RE.test(input.model);
+  }
+  if (kind === "poll") {
+    return { tier: "poll", session: null, customModelDowngrade };
+  }
+  if (context === "fresh") {
+    return {
+      tier: "cheap",
+      session: "cron",
+      cronModel: resolveCronModel(input.model),
+      customModelDowngrade
+    };
+  }
+  return { tier: "main", session: "main", customModelDowngrade };
+}
+function resolveEscalationRouting(input, opts) {
+  return resolveCronRouting({ ...input, kind: "prompt" }, opts);
+}
+
+// src/agent-scheduler/cheap-cron-wiring.ts
+import { lookup as dnsLookup } from "node:dns/promises";
+
+// src/scheduler/poll-egress.ts
+import { isIP } from "node:net";
+var ok = { ok: true };
+var deny = (reason) => ({ ok: false, reason });
+function normalizeHost(host) {
+  return host.toLowerCase().replace(/\.$/, "").replace(/^\[|\]$/g, "");
+}
+function isBlockedAddress(addr) {
+  const v = isIP(addr);
+  if (v === 4)
+    return isBlockedV4(addr);
+  if (v === 6)
+    return isBlockedV6(addr);
+  return false;
+}
+function isBlockedV4(addr) {
+  const o = addr.split(".").map((n) => Number(n));
+  if (o.length !== 4 || o.some((n) => !Number.isInteger(n) || n < 0 || n > 255))
+    return true;
+  const [a, b] = o;
+  if (a === 0)
+    return true;
+  if (a === 10)
+    return true;
+  if (a === 127)
+    return true;
+  if (a === 169 && b === 254)
+    return true;
+  if (a === 172 && b >= 16 && b <= 31)
+    return true;
+  if (a === 192 && b === 168)
+    return true;
+  if (a === 100 && b >= 64 && b <= 127)
+    return true;
+  if (a >= 224)
+    return true;
+  return false;
+}
+function isBlockedV6(addr) {
+  const a = addr.toLowerCase();
+  if (a === "::" || a === "::1")
+    return true;
+  if (a.startsWith("fe80"))
+    return true;
+  if (a.startsWith("fc") || a.startsWith("fd"))
+    return true;
+  if (a.startsWith("ff"))
+    return true;
+  const mapped = a.match(/::ffff:(\d+\.\d+\.\d+\.\d+)$/);
+  if (mapped)
+    return isBlockedV4(mapped[1]);
+  const hexMapped = a.match(/::ffff:([0-9a-f]{1,4}):([0-9a-f]{1,4})$/);
+  if (hexMapped) {
+    const hi = parseInt(hexMapped[1], 16);
+    const lo = parseInt(hexMapped[2], 16);
+    const v4 = `${hi >> 8 & 255}.${hi & 255}.${lo >> 8 & 255}.${lo & 255}`;
+    return isBlockedV4(v4);
+  }
+  return false;
+}
+function checkEgressUrl(rawUrl, allow) {
+  let u;
+  try {
+    u = new URL(rawUrl);
+  } catch {
+    return deny(`unparseable url`);
+  }
+  if (u.protocol !== "https:")
+    return deny(`scheme ${u.protocol} not allowed (https only)`);
+  if (u.username || u.password)
+    return deny(`userinfo in url not allowed`);
+  const host = normalizeHost(u.hostname);
+  if (!host)
+    return deny(`empty host`);
+  if (isIP(host) && isBlockedAddress(host))
+    return deny(`blocked ip literal ${host}`);
+  const allowed = allow.hosts.map(normalizeHost);
+  if (!allowed.includes(host))
+    return deny(`host ${host} not on egress allowlist`);
+  return ok;
+}
+function checkSecretBinding(secretName, host, allow) {
+  const bound = allow.secretBindings[secretName];
+  if (!bound)
+    return deny(`secret ${secretName} has no host binding`);
+  if (normalizeHost(bound) !== normalizeHost(host)) {
+    return deny(`secret ${secretName} bound to ${bound}, not ${host}`);
+  }
+  return ok;
+}
+function checkHttpDiffEgress(rawUrl, secrets, allow) {
+  const urlCheck = checkEgressUrl(rawUrl, allow);
+  if (!urlCheck.ok)
+    return urlCheck;
+  const host = normalizeHost(new URL(rawUrl).hostname);
+  for (const s of secrets) {
+    const sc = checkSecretBinding(s, host, allow);
+    if (!sc.ok)
+      return sc;
+  }
+  return ok;
+}
+
+// src/scheduler/poll-engine.ts
+var TOKEN_RE = /\.([a-zA-Z0-9_]+)|\[(\*|\d+)\]/g;
+function extractLeaves(root, jsonpath) {
+  const path = jsonpath.startsWith("$") ? jsonpath.slice(1) : jsonpath;
+  let nodes = [root];
+  let m;
+  TOKEN_RE.lastIndex = 0;
+  while ((m = TOKEN_RE.exec(path)) !== null) {
+    const key = m[1];
+    const idx = m[2];
+    const next = [];
+    for (const node of nodes) {
+      if (node == null)
+        continue;
+      if (key !== undefined) {
+        if (typeof node === "object")
+          next.push(node[key]);
+      } else if (idx === "*") {
+        if (Array.isArray(node))
+          next.push(...node);
+      } else if (idx !== undefined) {
+        if (Array.isArray(node))
+          next.push(node[Number(idx)]);
+      }
+    }
+    nodes = next;
+  }
+  return nodes.filter((n) => n !== undefined);
+}
+function cursorOf(leaves) {
+  const nums = leaves.map((l) => Number(l)).filter((n) => Number.isFinite(n));
+  if (nums.length === leaves.length && nums.length > 0) {
+    return { cursor: String(Math.max(...nums)), numeric: true, count: leaves.length };
+  }
+  return { cursor: `n:${leaves.length}`, numeric: false, count: leaves.length };
+}
+function cursorAdvanced(prev, next, numeric) {
+  if (prev === undefined)
+    return false;
+  if (numeric)
+    return Number(next) > Number(prev);
+  return next !== prev;
+}
+function substituteSecrets(headers, secretValues) {
+  const out = {};
+  for (const [k, v] of Object.entries(headers)) {
+    out[k] = v.replace(/\{\{([a-zA-Z0-9_\-/]+)\}\}/g, (_, name) => secretValues[name] ?? "");
+  }
+  return out;
+}
+async function runHttpDiffPoll(spec, prevCursor, deps) {
+  const gate = checkHttpDiffEgress(spec.url, spec.secrets, deps.allow);
+  if (!gate.ok)
+    return { hit: false, baseline: false, error: `egress denied: ${gate.reason}` };
+  const host = normalizeHost(new URL(spec.url).hostname);
+  try {
+    const ip = await deps.lookup(host);
+    if (ip && isBlockedAddress(ip))
+      return { hit: false, baseline: false, error: `resolved ip ${ip} blocked` };
+  } catch (e) {
+    return { hit: false, baseline: false, error: `dns lookup failed: ${e.message}` };
+  }
+  const secretValues = {};
+  for (const name of spec.secrets) {
+    try {
+      secretValues[name] = await deps.resolveSecret(name);
+    } catch (e) {
+      return { hit: false, baseline: false, error: `secret ${name}: ${e.message}` };
+    }
+  }
+  const headers = substituteSecrets(spec.headers ?? {}, secretValues);
+  const controller = new AbortController;
+  const timer = setTimeout(() => controller.abort(), deps.timeoutMs ?? 5000);
+  let json;
+  try {
+    const res = await deps.fetchImpl(spec.url, {
+      method: spec.method,
+      headers,
+      redirect: "error",
+      signal: controller.signal
+    });
+    if (!res.ok)
+      return { hit: false, baseline: false, error: `http ${res.status}` };
+    const text = await readCapped(res, deps.maxBytes ?? 1024 * 1024);
+    json = JSON.parse(text);
+  } catch (e) {
+    return { hit: false, baseline: false, error: `fetch failed: ${e.message}` };
+  } finally {
+    clearTimeout(timer);
+  }
+  const leaves = extractLeaves(json, spec.diff_jsonpath);
+  const { cursor, numeric, count } = cursorOf(leaves);
+  if (prevCursor === undefined) {
+    return { hit: false, baseline: true, cursor };
+  }
+  if (cursorAdvanced(prevCursor, cursor, numeric)) {
+    const diff = numeric ? `cursor ${cursor} > ${prevCursor} (${count} item(s))` : `${count} item(s), cursor ${prevCursor} → ${cursor}`;
+    return { hit: true, baseline: false, cursor, diff };
+  }
+  return { hit: false, baseline: false, cursor };
+}
+async function readCapped(res, maxBytes) {
+  const buf = await res.arrayBuffer();
+  if (buf.byteLength > maxBytes)
+    throw new Error(`response ${buf.byteLength}B exceeds cap ${maxBytes}B`);
+  return new TextDecoder().decode(buf);
+}
+
+// src/scheduler/poll-state.ts
+import { mkdirSync, readFileSync as readFileSync3, renameSync, writeFileSync } from "node:fs";
+import { dirname } from "node:path";
+function createFilePollStateStore(path) {
+  function read() {
+    try {
+      return JSON.parse(readFileSync3(path, "utf8"));
+    } catch {
+      return {};
+    }
+  }
+  function write(state) {
+    mkdirSync(dirname(path), { recursive: true });
+    const tmp = `${path}.tmp`;
+    writeFileSync(tmp, JSON.stringify(state, null, 2), "utf8");
+    renameSync(tmp, path);
+  }
+  return {
+    get(key) {
+      return read()[key];
+    },
+    writeAhead(key, value, fireTs, diff) {
+      const state = read();
+      state[key] = { value, escalatedAt: fireTs, pendingEscalation: diff };
+      write(state);
+    },
+    setBaseline(key, value) {
+      const state = read();
+      const prev = state[key];
+      state[key] = { value, escalatedAt: prev?.escalatedAt };
+      write(state);
+    },
+    clearPending(key) {
+      const state = read();
+      const e = state[key];
+      if (e?.pendingEscalation !== undefined) {
+        delete e.pendingEscalation;
+        write(state);
+      }
+    }
+  };
+}
+
+// src/vault/broker/client.ts
+import * as net from "node:net";
+import * as fs from "node:fs";
+import { homedir as homedir2 } from "node:os";
+import { join } from "node:path";
+
+// src/vault/broker/peercred.ts
+var RESERVED_AGENT_NAMES = new Set(["operator", "hostd"]);
+function isReservedAgentName(name) {
+  return RESERVED_AGENT_NAMES.has(name);
+}
+
+// src/vault/broker/protocol.ts
+var MAX_FRAME_BYTES = 64 * 1024;
+var AgentNameSchema = exports_external.string().min(1).max(64, "agent name max 64 chars").regex(/^[a-zA-Z0-9][a-zA-Z0-9_-]*$/, "agent name must be kebab-case ASCII (alnum + _- only, first char alnum)").refine((s) => !isReservedAgentName(s), {
+  message: "agent name is reserved"
+});
+var GetRequestSchema = exports_external.object({
+  v: exports_external.literal(1),
+  op: exports_external.literal("get"),
+  key: exports_external.string().min(1),
+  filename: exports_external.string().optional(),
+  token: exports_external.string().optional()
+});
+var PutRequestSchema = exports_external.object({
+  v: exports_external.literal(1),
+  op: exports_external.literal("put"),
+  key: exports_external.string().min(1),
+  entry: exports_external.union([
+    exports_external.object({ kind: exports_external.literal("string"), value: exports_external.string() }),
+    exports_external.object({ kind: exports_external.literal("binary"), value: exports_external.string() })
+  ]),
+  token: exports_external.string().optional(),
+  passphrase: exports_external.string().optional(),
+  attest_via_posture: exports_external.boolean().optional()
+});
+var ListRequestSchema = exports_external.object({
+  v: exports_external.literal(1),
+  op: exports_external.literal("list"),
+  token: exports_external.string().optional()
+});
+var MintGrantRequestSchema = exports_external.object({
+  v: exports_external.literal(1),
+  op: exports_external.literal("mint_grant"),
+  agent: AgentNameSchema,
+  keys: exports_external.array(exports_external.string().min(1)),
+  ttl_seconds: exports_external.number().int().positive().nullable(),
+  description: exports_external.string().optional(),
+  write_keys: exports_external.array(exports_external.string().min(1)).optional(),
+  passphrase: exports_external.string().optional(),
+  attest_via_posture: exports_external.boolean().optional(),
+  decision_id: exports_external.string().optional()
+});
+var ListGrantsRequestSchema = exports_external.object({
+  v: exports_external.literal(1),
+  op: exports_external.literal("list_grants"),
+  agent: AgentNameSchema.optional(),
+  passphrase: exports_external.string().optional(),
+  attest_via_posture: exports_external.boolean().optional()
+});
+var RevokeGrantRequestSchema = exports_external.object({
+  v: exports_external.literal(1),
+  op: exports_external.literal("revoke_grant"),
+  id: exports_external.string().min(1)
+});
+var StatusRequestSchema = exports_external.object({
+  v: exports_external.literal(1),
+  op: exports_external.literal("status")
+});
+var LockRequestSchema = exports_external.object({
+  v: exports_external.literal(1),
+  op: exports_external.literal("lock")
+});
+var PreflightAccessRequestSchema = exports_external.object({
+  v: exports_external.literal(1),
+  op: exports_external.literal("preflight_access"),
+  agent: AgentNameSchema,
+  keys: exports_external.array(exports_external.string().min(1)).min(1).max(128)
+});
+var OkPreflightAccessResponseSchema = exports_external.object({
+  ok: exports_external.literal(true),
+  op: exports_external.literal("preflight_access"),
+  results: exports_external.array(exports_external.object({
+    key: exports_external.string(),
+    exists: exports_external.boolean(),
+    acl_ok: exports_external.boolean(),
+    acl_reason: exports_external.string().optional(),
+    scope_ok: exports_external.boolean(),
+    scope_reason: exports_external.string().optional()
+  }))
+});
+var ApprovalRequestRequestSchema = exports_external.object({
+  v: exports_external.literal(1),
+  op: exports_external.literal("approval_request"),
+  agent_unit: exports_external.string().min(1),
+  scope: exports_external.string().min(1),
+  action: exports_external.string().min(1),
+  approver_set: exports_external.array(exports_external.string()),
+  why: exports_external.string().optional(),
+  ttl_ms: exports_external.number().int().positive().optional()
+});
+var ApprovalLookupRequestSchema = exports_external.object({
+  v: exports_external.literal(1),
+  op: exports_external.literal("approval_lookup"),
+  agent_unit: exports_external.string().min(1),
+  scope: exports_external.string().min(1),
+  action: exports_external.string().min(1),
+  current_approver_set: exports_external.array(exports_external.string())
+});
+var ApprovalConsumeRequestSchema = exports_external.object({
+  v: exports_external.literal(1),
+  op: exports_external.literal("approval_consume"),
+  request_id: exports_external.string().regex(/^[0-9a-f]{32}$/)
+});
+var ApprovalRevokeRequestSchema = exports_external.object({
+  v: exports_external.literal(1),
+  op: exports_external.literal("approval_revoke"),
+  decision_id: exports_external.string().min(1),
+  actor: exports_external.string().min(1),
+  reason: exports_external.string().optional()
+});
+var ApprovalListRequestSchema = exports_external.object({
+  v: exports_external.literal(1),
+  op: exports_external.literal("approval_list"),
+  agent_unit: exports_external.string().optional()
+});
+var ApprovalDecisionModeSchema = exports_external.enum([
+  "allow_once",
+  "allow_always",
+  "allow_ttl",
+  "deny",
+  "deny_perm"
+]);
+var ApprovalRecordRequestSchema = exports_external.object({
+  v: exports_external.literal(1),
+  op: exports_external.literal("approval_record"),
+  request_id: exports_external.string().regex(/^[0-9a-f]{32}$/),
+  decision: ApprovalDecisionModeSchema,
+  approver_set: exports_external.array(exports_external.string()),
+  granted_by_user_id: exports_external.number().int(),
+  ttl_ms: exports_external.number().int().positive().nullable().optional()
+});
+var ApprovalConsumeRecordRequestSchema = exports_external.object({
+  v: exports_external.literal(1),
+  op: exports_external.literal("approval_consume_record"),
+  request_id: exports_external.string().regex(/^[0-9a-f]{32}$/),
+  decision: ApprovalDecisionModeSchema,
+  approver_set: exports_external.array(exports_external.string()),
+  granted_by_user_id: exports_external.number().int(),
+  ttl_ms: exports_external.number().int().positive().nullable().optional()
+});
+var RequestSchema = exports_external.discriminatedUnion("op", [
+  GetRequestSchema,
+  PutRequestSchema,
+  ListRequestSchema,
+  StatusRequestSchema,
+  LockRequestSchema,
+  PreflightAccessRequestSchema,
+  MintGrantRequestSchema,
+  ListGrantsRequestSchema,
+  RevokeGrantRequestSchema,
+  ApprovalRequestRequestSchema,
+  ApprovalLookupRequestSchema,
+  ApprovalConsumeRequestSchema,
+  ApprovalRevokeRequestSchema,
+  ApprovalListRequestSchema,
+  ApprovalRecordRequestSchema,
+  ApprovalConsumeRecordRequestSchema
+]);
+var VaultEntrySchema = exports_external.union([
+  exports_external.object({ kind: exports_external.literal("string"), value: exports_external.string() }),
+  exports_external.object({ kind: exports_external.literal("binary"), value: exports_external.string() }),
+  exports_external.object({
+    kind: exports_external.literal("files"),
+    files: exports_external.record(exports_external.string(), exports_external.object({
+      encoding: exports_external.enum(["utf8", "base64"]),
+      value: exports_external.string()
+    }))
+  })
+]);
+var ErrorCode = exports_external.enum([
+  "LOCKED",
+  "DENIED",
+  "UNKNOWN_KEY",
+  "BAD_REQUEST",
+  "INTERNAL"
+]);
+var OkEntryResponseSchema = exports_external.object({
+  ok: exports_external.literal(true),
+  entry: VaultEntrySchema
+});
+var OkKeysResponseSchema = exports_external.object({
+  ok: exports_external.literal(true),
+  keys: exports_external.array(exports_external.string())
+});
+var BrokerStatus = exports_external.object({
+  unlocked: exports_external.boolean(),
+  keyCount: exports_external.number().int().nonnegative(),
+  uptimeSec: exports_external.number().nonnegative()
+});
+var OkStatusResponseSchema = exports_external.object({
+  ok: exports_external.literal(true),
+  status: BrokerStatus
+});
+var OkLockResponseSchema = exports_external.object({
+  ok: exports_external.literal(true),
+  locked: exports_external.literal(true)
+});
+var OkPutResponseSchema = exports_external.object({
+  ok: exports_external.literal(true),
+  put: exports_external.literal(true),
+  key: exports_external.string()
+});
+var OkMintGrantResponseSchema = exports_external.object({
+  ok: exports_external.literal(true),
+  token: exports_external.string(),
+  id: exports_external.string(),
+  expires_at: exports_external.number().nullable()
+});
+var GrantMetaSchema = exports_external.object({
+  id: exports_external.string(),
+  agent_slug: exports_external.string(),
+  key_allow: exports_external.array(exports_external.string()),
+  write_allow: exports_external.array(exports_external.string()).default([]),
+  expires_at: exports_external.number().nullable(),
+  created_at: exports_external.number(),
+  description: exports_external.string().nullable()
+});
+var OkListGrantsResponseSchema = exports_external.object({
+  ok: exports_external.literal(true),
+  grants: exports_external.array(GrantMetaSchema)
+});
+var OkRevokeGrantResponseSchema = exports_external.object({
+  ok: exports_external.literal(true),
+  revoked: exports_external.boolean()
+});
+var OkApprovalRequestResponseSchema = exports_external.discriminatedUnion("state", [
+  exports_external.object({
+    ok: exports_external.literal(true),
+    kind: exports_external.literal("approval_request"),
+    state: exports_external.literal("pending"),
+    request_id: exports_external.string(),
+    expires_at: exports_external.number()
+  }),
+  exports_external.object({
+    ok: exports_external.literal(true),
+    kind: exports_external.literal("approval_request"),
+    state: exports_external.literal("rate_limited"),
+    retry_after_ms: exports_external.number()
+  })
+]);
+var ApprovalDecisionMetaSchema = exports_external.object({
+  id: exports_external.string(),
+  agent_unit: exports_external.string(),
+  scope: exports_external.string(),
+  action: exports_external.string(),
+  decision: ApprovalDecisionModeSchema,
+  granted_at: exports_external.number(),
+  granted_by_user_id: exports_external.number(),
+  ttl_expires_at: exports_external.number().nullable(),
+  last_used_at: exports_external.number().nullable(),
+  revoked_at: exports_external.number().nullable(),
+  revoke_reason: exports_external.string().nullable()
+});
+var OkApprovalLookupResponseSchema = exports_external.object({
+  ok: exports_external.literal(true),
+  state: exports_external.enum(["granted", "denied", "pending", "expired", "drift_revoked", "no_decision"]),
+  decision: ApprovalDecisionMetaSchema.nullable().optional()
+});
+var OkApprovalConsumeResponseSchema = exports_external.object({
+  ok: exports_external.literal(true),
+  consumed: exports_external.boolean(),
+  agent_unit: exports_external.string().optional(),
+  scope: exports_external.string().optional(),
+  action: exports_external.string().optional(),
+  why: exports_external.string().nullable().optional()
+});
+var OkApprovalRevokeResponseSchema = exports_external.object({
+  ok: exports_external.literal(true),
+  revoked: exports_external.boolean()
+});
+var OkApprovalListResponseSchema = exports_external.object({
+  ok: exports_external.literal(true),
+  decisions: exports_external.array(ApprovalDecisionMetaSchema)
+});
+var OkApprovalRecordResponseSchema = exports_external.object({
+  ok: exports_external.literal(true),
+  decision_id: exports_external.string()
+});
+var OkApprovalConsumeRecordResponseSchema = exports_external.object({
+  ok: exports_external.literal(true),
+  consumed: exports_external.boolean(),
+  decision_id: exports_external.string().optional(),
+  agent_unit: exports_external.string().optional(),
+  scope: exports_external.string().optional(),
+  action: exports_external.string().optional(),
+  why: exports_external.string().nullable().optional()
+});
+var ErrorResponseSchema = exports_external.object({
+  ok: exports_external.literal(false),
+  code: ErrorCode,
+  msg: exports_external.string()
+});
+var ResponseSchema = exports_external.union([
+  OkEntryResponseSchema,
+  OkKeysResponseSchema,
+  OkStatusResponseSchema,
+  OkLockResponseSchema,
+  OkPreflightAccessResponseSchema,
+  OkPutResponseSchema,
+  OkMintGrantResponseSchema,
+  OkListGrantsResponseSchema,
+  OkRevokeGrantResponseSchema,
+  OkApprovalRequestResponseSchema,
+  OkApprovalLookupResponseSchema,
+  OkApprovalConsumeResponseSchema,
+  OkApprovalRevokeResponseSchema,
+  OkApprovalListResponseSchema,
+  OkApprovalRecordResponseSchema,
+  OkApprovalConsumeRecordResponseSchema,
+  ErrorResponseSchema
+]);
+function encodeRequest(req) {
+  const json = JSON.stringify(req);
+  if (Buffer.byteLength(json, "utf8") > MAX_FRAME_BYTES) {
+    throw new Error(`Request frame too large (${Buffer.byteLength(json, "utf8")} bytes; max ${MAX_FRAME_BYTES})`);
+  }
+  return json + `
+`;
+}
+function decodeResponse(line) {
+  if (Buffer.byteLength(line, "utf8") > MAX_FRAME_BYTES) {
+    throw new RangeError(`Response frame too large (${Buffer.byteLength(line, "utf8")} bytes; max ${MAX_FRAME_BYTES})`);
+  }
+  const obj = JSON.parse(line);
+  return ResponseSchema.parse(obj);
+}
+
+// src/runtime-mode.ts
+function isDockerRuntime() {
+  return process.env.SWITCHROOM_RUNTIME === "docker";
+}
+
+// src/vault/broker/client.ts
+var DEFAULT_TIMEOUT_MS = 2000;
+var LEGACY_SOCKET_PATH = join(homedir2(), ".switchroom", "vault-broker.sock");
+var OPERATOR_SOCKET_PATH = join(homedir2(), ".switchroom", "broker-operator", "sock");
+function defaultBrokerSocketPath() {
+  if (fs.existsSync(OPERATOR_SOCKET_PATH))
+    return OPERATOR_SOCKET_PATH;
+  if (isDockerRuntime())
+    return OPERATOR_SOCKET_PATH;
+  return LEGACY_SOCKET_PATH;
+}
+function resolveBrokerSocketPath(opts) {
+  if (opts?.socket)
+    return opts.socket;
+  const env = process.env.SWITCHROOM_VAULT_BROKER_SOCK;
+  if (env)
+    return env;
+  if (opts?.vaultBrokerSocket)
+    return opts.vaultBrokerSocket;
+  return defaultBrokerSocketPath();
+}
+async function rpc(req, opts) {
+  const socketPath = resolveBrokerSocketPath(opts);
+  const timeoutMs = opts?.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+  return new Promise((resolve4) => {
+    let settled = false;
+    const settle = (val) => {
+      if (settled)
+        return;
+      settled = true;
+      resolve4(val);
+    };
+    const client = new net.Socket;
+    const timer = setTimeout(() => {
+      client.destroy();
+      settle({ kind: "unreachable", msg: `broker did not respond within ${timeoutMs}ms` });
+    }, timeoutMs);
+    client.on("error", (err) => {
+      clearTimeout(timer);
+      const code = err.code ?? "ERR";
+      let msg;
+      if (code === "ENOENT")
+        msg = "broker socket not found (is the daemon running?)";
+      else if (code === "ECONNREFUSED")
+        msg = "broker socket exists but refused connection";
+      else if (code === "EACCES")
+        msg = "broker socket access denied (wrong UID?)";
+      else
+        msg = `broker connection failed: ${err.message}`;
+      settle({ kind: "unreachable", msg });
+    });
+    let buffer = "";
+    client.on("data", (chunk) => {
+      buffer += chunk.toString("utf8");
+      const newlineIdx = buffer.indexOf(`
+`);
+      if (newlineIdx !== -1) {
+        const line = buffer.slice(0, newlineIdx).trimEnd();
+        clearTimeout(timer);
+        client.destroy();
+        try {
+          const resp = decodeResponse(line);
+          settle({ kind: "response", resp });
+        } catch (err) {
+          settle({
+            kind: "unreachable",
+            msg: `unparseable broker response: ${err instanceof Error ? err.message : String(err)}`
+          });
+        }
+      }
+    });
+    client.on("connect", () => {
+      try {
+        client.write(encodeRequest(req));
+      } catch (err) {
+        clearTimeout(timer);
+        client.destroy();
+        settle({
+          kind: "unreachable",
+          msg: `failed to send request: ${err instanceof Error ? err.message : String(err)}`
+        });
+      }
+    });
+    client.connect({ path: socketPath });
+  });
+}
+async function getViaBrokerStructured(key, opts) {
+  const token = opts?.token;
+  const result = await rpc({ v: 1, op: "get", key, ...token ? { token } : {} }, opts);
+  if (result.kind === "unreachable") {
+    return { kind: "unreachable", msg: result.msg };
+  }
+  const resp = result.resp;
+  if (resp.ok && "entry" in resp) {
+    return { kind: "ok", entry: resp.entry };
+  }
+  if (!resp.ok) {
+    if (resp.code === "UNKNOWN_KEY") {
+      return { kind: "not_found", code: resp.code, msg: resp.msg };
+    }
+    return { kind: "denied", code: resp.code, msg: resp.msg };
+  }
+  return { kind: "unreachable", msg: "unexpected broker response shape" };
+}
+async function getViaBroker(key, opts) {
+  const result = await getViaBrokerStructured(key, opts);
+  return result.kind === "ok" ? result.entry : null;
+}
+
+// src/agent-scheduler/cheap-cron-wiring.ts
+var defaultResolveSecret = async (name) => {
+  const entry = await getViaBroker(name);
+  if (!entry)
+    throw new Error(`secret '${name}' unavailable from vault broker`);
+  if (entry.kind !== "string")
+    throw new Error(`secret '${name}' is not a string secret`);
+  return entry.value;
+};
+var defaultLookup = async (host) => {
+  try {
+    return (await dnsLookup(host)).address;
+  } catch {
+    return null;
+  }
+};
+function buildCheapCronHooks(config, env, deps = {}) {
+  if (!isCheapCronEnabled(env))
+    return;
+  const egress = {
+    hosts: config.cron?.egress?.allowed_hosts ?? [],
+    secretBindings: config.cron?.egress?.secret_bindings ?? {}
+  };
+  const pollState = deps.pollState ?? createFilePollStateStore(env.SWITCHROOM_AGENT_POLL_STATE ?? "/state/agent/poll-state.json");
+  const resolveSecret = deps.resolveSecret ?? defaultResolveSecret;
+  const fetchImpl = deps.fetchImpl ?? fetch;
+  const lookup = deps.lookup ?? defaultLookup;
+  const now = deps.now ?? Date.now;
+  const runPoll = async (spec, prevCursor) => {
+    if (spec.type === "http-diff") {
+      return runHttpDiffPoll(spec, prevCursor, {
+        fetchImpl,
+        resolveSecret,
+        lookup,
+        allow: egress,
+        now
+      });
+    }
+    return { hit: false, baseline: false, error: `poll type '${spec.type}' not yet wired (staged)` };
+  };
+  return { enabled: true, pollState, runPoll };
+}
+
 // src/telegram/topic-router.ts
 var ALERTS_ALIAS = "alerts";
 var ADMIN_ALIAS = "admin";
@@ -12280,13 +13131,13 @@ function resolveEntryThreadId(entry, channel) {
 }
 
 // src/scheduler/audit.ts
-import { appendFileSync, mkdirSync } from "node:fs";
-import { dirname } from "node:path";
+import { appendFileSync, mkdirSync as mkdirSync2 } from "node:fs";
+import { dirname as dirname2 } from "node:path";
 class JsonlAuditSink {
   path;
   constructor(path) {
     this.path = path;
-    mkdirSync(dirname(path), { recursive: true, mode: 448 });
+    mkdirSync2(dirname2(path), { recursive: true, mode: 448 });
   }
   recordFire(r) {
     appendFileSync(this.path, JSON.stringify(r) + `
@@ -12312,13 +13163,13 @@ function decideQuotaPreflight(state) {
 }
 
 // src/auth/broker/client.ts
-import * as net from "node:net";
-import { homedir as homedir2 } from "node:os";
+import * as net2 from "node:net";
+import { homedir as homedir3 } from "node:os";
 import { randomUUID } from "node:crypto";
-import { join } from "node:path";
+import { join as join2 } from "node:path";
 
 // src/auth/broker/protocol.ts
-var MAX_FRAME_BYTES = 64 * 1024;
+var MAX_FRAME_BYTES2 = 64 * 1024;
 var PROTOCOL_VERSION = 1;
 var ProviderNameSchema = exports_external.enum(["anthropic", "google", "microsoft"]);
 var GetCredentialsRequestSchema = exports_external.object({
@@ -12432,7 +13283,7 @@ var ProbeQuotaRequestSchema = exports_external.object({
   accounts: exports_external.array(exports_external.string().min(1)).min(1).max(32),
   timeoutMs: exports_external.number().int().positive().max(60000).optional()
 });
-var RequestSchema = exports_external.discriminatedUnion("op", [
+var RequestSchema2 = exports_external.discriminatedUnion("op", [
   GetCredentialsRequestSchema,
   ListStateRequestSchema,
   SetActiveRequestSchema,
@@ -12539,25 +13390,25 @@ var SuccessResponseSchema = exports_external.object({
   ok: exports_external.literal(true),
   data: exports_external.unknown()
 });
-var ErrorResponseSchema = exports_external.object({
+var ErrorResponseSchema2 = exports_external.object({
   v: exports_external.literal(PROTOCOL_VERSION),
   id: exports_external.string(),
   ok: exports_external.literal(false),
   error: ErrorBodySchema
 });
-var ResponseSchema = exports_external.discriminatedUnion("ok", [
+var ResponseSchema2 = exports_external.discriminatedUnion("ok", [
   SuccessResponseSchema,
-  ErrorResponseSchema
+  ErrorResponseSchema2
 ]);
-function encodeRequest(req) {
-  const line = JSON.stringify(RequestSchema.parse(req)) + `
+function encodeRequest2(req) {
+  const line = JSON.stringify(RequestSchema2.parse(req)) + `
 `;
-  if (Buffer.byteLength(line, "utf-8") > MAX_FRAME_BYTES) {
-    throw new Error(`auth-broker request exceeds MAX_FRAME_BYTES (${MAX_FRAME_BYTES})`);
+  if (Buffer.byteLength(line, "utf-8") > MAX_FRAME_BYTES2) {
+    throw new Error(`auth-broker request exceeds MAX_FRAME_BYTES (${MAX_FRAME_BYTES2})`);
   }
   return line;
 }
-function decodeResponse(line) {
+function decodeResponse2(line) {
   const trimmed = line.endsWith(`
 `) ? line.slice(0, -1) : line;
   let parsed;
@@ -12566,11 +13417,11 @@ function decodeResponse(line) {
   } catch {
     throw new Error("auth-broker response is not valid JSON");
   }
-  return ResponseSchema.parse(parsed);
+  return ResponseSchema2.parse(parsed);
 }
 
 // src/auth/broker/client.ts
-var DEFAULT_TIMEOUT_MS = 5000;
+var DEFAULT_TIMEOUT_MS2 = 5000;
 function reviveDate(v) {
   if (v == null)
     return null;
@@ -12579,8 +13430,8 @@ function reviveDate(v) {
   const d = new Date(v);
   return Number.isNaN(d.getTime()) ? null : d;
 }
-function operatorSocketPath(home2 = homedir2()) {
-  return join(home2, ".switchroom", "state", "auth-broker-operator", "sock");
+function operatorSocketPath(home2 = homedir3()) {
+  return join2(home2, ".switchroom", "state", "auth-broker-operator", "sock");
 }
 function resolveAuthBrokerSocketPath(opts) {
   if (opts?.socket)
@@ -12621,7 +13472,7 @@ class AuthBrokerClient {
   closed = false;
   constructor(opts = {}) {
     this.socketPath = resolveAuthBrokerSocketPath(opts);
-    this.timeoutMs = opts.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+    this.timeoutMs = opts.timeoutMs ?? DEFAULT_TIMEOUT_MS2;
   }
   getSocketPath() {
     return this.socketPath;
@@ -12757,7 +13608,7 @@ class AuthBrokerClient {
     if (this.connecting)
       return this.connecting;
     this.connecting = new Promise((resolve4, reject) => {
-      const sock = new net.Socket;
+      const sock = new net2.Socket;
       const onError = (err) => {
         sock.removeAllListeners();
         sock.destroy();
@@ -12801,7 +13652,7 @@ class AuthBrokerClient {
         continue;
       let resp;
       try {
-        resp = decodeResponse(line);
+        resp = decodeResponse2(line);
       } catch (err) {
         const msg = `unparseable auth-broker response: ${err instanceof Error ? err.message : String(err)}`;
         this.failAll(new AuthBrokerUnreachableError(msg, this.socketPath));
@@ -12839,7 +13690,7 @@ class AuthBrokerClient {
   async send(req) {
     const sock = await this.ensureConnected();
     const id = req.id;
-    const frame = encodeRequest(req);
+    const frame = encodeRequest2(req);
     return new Promise((resolve4, reject) => {
       const timer = setTimeout(() => {
         this.pending.delete(id);
@@ -12871,7 +13722,7 @@ class AuthBrokerClient {
 }
 
 // src/agent-scheduler/ipc-client.ts
-import { createConnection } from "node:net";
+import { createConnection as createConnection2 } from "node:net";
 function createInjectIpcClient(options) {
   const {
     socketPath,
@@ -12879,7 +13730,7 @@ function createInjectIpcClient(options) {
     maxReconnectDelayMs = 30000,
     connectTimeoutMs = 5000,
     log = () => {},
-    _connect = (path) => createConnection(path)
+    _connect = (path) => createConnection2(path)
   } = options;
   let socket = null;
   let connected = false;
@@ -13008,16 +13859,16 @@ function createInjectIpcClient(options) {
 import {
   closeSync,
   openSync,
-  readFileSync as readFileSync3,
-  statSync as statSync2,
+  readFileSync as readFileSync5,
+  statSync as statSync3,
   unlinkSync,
   writeSync,
-  mkdirSync as mkdirSync2
+  mkdirSync as mkdirSync3
 } from "node:fs";
-import { dirname as dirname2 } from "node:path";
+import { dirname as dirname3 } from "node:path";
 function readContainerBootTimeMs() {
   try {
-    const stat1 = readFileSync3("/proc/1/stat", "utf8");
+    const stat1 = readFileSync5("/proc/1/stat", "utf8");
     const lastParen = stat1.lastIndexOf(")");
     if (lastParen < 0)
       return null;
@@ -13025,7 +13876,7 @@ function readContainerBootTimeMs() {
     const starttimeTicks = Number(after[19]);
     if (!Number.isFinite(starttimeTicks))
       return null;
-    const procStat = readFileSync3("/proc/stat", "utf8");
+    const procStat = readFileSync5("/proc/stat", "utf8");
     const btimeLine = procStat.split(`
 `).find((l) => l.startsWith("btime "));
     if (!btimeLine)
@@ -13043,7 +13894,7 @@ var FRESHNESS_MARGIN_MS = 2000;
 function acquireLock(path, pid = process.pid, options = {}) {
   const bootTimeMs = "containerBootTimeMs" in options ? options.containerBootTimeMs : readContainerBootTimeMs();
   try {
-    mkdirSync2(dirname2(path), { recursive: true, mode: 448 });
+    mkdirSync3(dirname3(path), { recursive: true, mode: 448 });
   } catch {}
   for (let attempt = 0;attempt < 2; attempt++) {
     try {
@@ -13060,7 +13911,7 @@ function acquireLock(path, pid = process.pid, options = {}) {
     }
     if (bootTimeMs != null) {
       try {
-        const lockMtime = statSync2(path).mtimeMs;
+        const lockMtime = statSync3(path).mtimeMs;
         if (lockMtime < bootTimeMs - FRESHNESS_MARGIN_MS) {
           try {
             unlinkSync(path);
@@ -13071,7 +13922,7 @@ function acquireLock(path, pid = process.pid, options = {}) {
     }
     let holderPid;
     try {
-      const raw = readFileSync3(path, "utf8").trim();
+      const raw = readFileSync5(path, "utf8").trim();
       const parsed = Number.parseInt(raw, 10);
       if (Number.isInteger(parsed) && parsed > 0)
         holderPid = parsed;
@@ -13286,12 +14137,12 @@ function findStaleSkippedFires(opts) {
   return out;
 }
 function readRecentFires(jsonlPath) {
-  const fs = __require("node:fs");
-  if (!fs.existsSync(jsonlPath))
+  const fs2 = __require("node:fs");
+  if (!fs2.existsSync(jsonlPath))
     return [];
   let raw;
   try {
-    raw = fs.readFileSync(jsonlPath, "utf8");
+    raw = fs2.readFileSync(jsonlPath, "utf8");
   } catch {
     return [];
   }
@@ -13309,6 +14160,46 @@ function readRecentFires(jsonlPath) {
 }
 
 // src/agent-scheduler/index.ts
+function templateEscalationPrompt(prompt, diff) {
+  return prompt.replace(/\{\{\s*diff\s*\}\}/g, diff);
+}
+function recoverPendingEscalations(opts) {
+  let recovered = 0;
+  for (const entry of opts.entries) {
+    if (entry.kind !== "poll" || !entry.poll)
+      continue;
+    const st = opts.pollState.get(entry.poll.state_key);
+    if (!st?.pendingEscalation)
+      continue;
+    const esc = resolveEscalationRouting(entry, { cheapCronEnabled: opts.cheapCronEnabled });
+    const threadId = resolveEntryThreadId(entry, opts.channel);
+    const startedAt = opts.now();
+    try {
+      const r = dispatchAsInbound({ ...entry, prompt: templateEscalationPrompt(entry.prompt, st.pendingEscalation) }, { chatId: opts.channel.chatId, threadId, now: opts.now, session: esc.session ?? "main", model: esc.cronModel }, opts.dispatcher);
+      if (r.delivered) {
+        opts.pollState.clearPending(entry.poll.state_key);
+        recovered += 1;
+        opts.log(`recovered pending escalation for poll '${entry.poll.state_key}'`);
+      } else {
+        opts.log(`pending escalation for '${entry.poll.state_key}' not delivered — will retry next boot`);
+      }
+      opts.sink?.recordFire({
+        agent: entry.agent,
+        scheduleIndex: entry.scheduleIndex,
+        promptKey: entry.promptKey,
+        exitCode: r.delivered ? 0 : -1,
+        outputSummary: r.delivered ? "recovered pending escalation (boot)" : "pending escalation not delivered (boot)",
+        startedAt,
+        finishedAt: opts.now(),
+        tier: esc.tier === "cheap" ? "cheap" : "main",
+        ...esc.cronModel ? { modelUsed: esc.cronModel } : {}
+      });
+    } catch (e) {
+      opts.log(`pending-escalation recovery failed for '${entry.poll.state_key}': ${e.message}`);
+    }
+  }
+  return recovered;
+}
 var DEFAULT_MAX_QUOTA_DEFER_ATTEMPTS = 3;
 function defaultQuotaDeferBackoffMs(attempt) {
   return [60000, 180000, 300000][attempt] ?? 300000;
@@ -13358,25 +14249,76 @@ function registerAgentSchedule(opts) {
           return;
         }
       }
+      const cheapEnabled = opts.cheapCron?.enabled ?? false;
+      const routing = resolveCronRouting(entry, { cheapCronEnabled: cheapEnabled });
+      const threadId = resolveEntryThreadId(entry, opts.channel);
+      const record = (fields) => opts.sink.recordFire({
+        agent: entry.agent,
+        scheduleIndex: entry.scheduleIndex,
+        promptKey: entry.promptKey,
+        exitCode: fields.exitCode,
+        outputSummary: fields.summary.slice(0, 200),
+        startedAt,
+        finishedAt: now(),
+        tier: fields.tier,
+        ...fields.modelUsed ? { modelUsed: fields.modelUsed } : {}
+      });
+      if (routing.tier === "poll" && opts.cheapCron && entry.poll) {
+        const stateKey = entry.poll.state_key;
+        const prev = opts.cheapCron.pollState.get(stateKey)?.value;
+        let outcome;
+        try {
+          outcome = await opts.cheapCron.runPoll(entry.poll, prev);
+        } catch (err) {
+          outcome = { hit: false, baseline: false, error: err.message };
+        }
+        if (outcome.error) {
+          record({ exitCode: -3, summary: `poll error: ${outcome.error}`, tier: "poll" });
+          return;
+        }
+        if (outcome.baseline) {
+          opts.cheapCron.pollState.setBaseline(stateKey, outcome.cursor);
+          record({ exitCode: 0, summary: "poll baseline recorded — first run, no escalate", tier: "poll" });
+          return;
+        }
+        if (!outcome.hit) {
+          record({ exitCode: 0, summary: "HEARTBEAT_OK — no change (model-free)", tier: "poll" });
+          return;
+        }
+        opts.cheapCron.pollState.writeAhead(stateKey, outcome.cursor, startedAt, outcome.diff ?? "");
+        const esc = resolveEscalationRouting(entry, { cheapCronEnabled: cheapEnabled });
+        let delivered2 = false;
+        try {
+          const r = dispatchAsInbound({ ...entry, prompt: templateEscalationPrompt(entry.prompt, outcome.diff ?? "") }, { chatId: opts.channel.chatId, threadId, now, session: esc.session ?? "main", model: esc.cronModel }, opts.dispatcher);
+          delivered2 = r.delivered;
+        } catch (err) {
+          record({ exitCode: -1, summary: `escalation dispatch error: ${err.message}`, tier: esc.tier === "cheap" ? "cheap" : "main", modelUsed: esc.cronModel });
+          return;
+        }
+        if (delivered2)
+          opts.cheapCron.pollState.clearPending(stateKey);
+        record({
+          exitCode: delivered2 ? 0 : -1,
+          summary: delivered2 ? `poll hit → escalated (${outcome.diff})` : "poll hit → escalation not delivered",
+          tier: esc.tier === "cheap" ? "cheap" : "main",
+          modelUsed: esc.cronModel
+        });
+        return;
+      }
       let delivered = false;
       let summary = "";
       try {
-        const threadId = resolveEntryThreadId(entry, opts.channel);
-        const result = dispatchAsInbound(entry, { chatId: opts.channel.chatId, threadId, now }, opts.dispatcher);
+        const result = dispatchAsInbound(entry, { chatId: opts.channel.chatId, threadId, now, session: routing.session ?? "main", model: routing.cronModel }, opts.dispatcher);
         delivered = result.delivered;
         summary = delivered ? "delivered to bridge via gateway" : "no agent client connected — fire dropped";
       } catch (err) {
         summary = `dispatch error: ${err.message}`.slice(0, 200);
       }
-      const finishedAt = now();
-      opts.sink.recordFire({
-        agent: entry.agent,
-        scheduleIndex: entry.scheduleIndex,
-        promptKey: entry.promptKey,
+      record({
         exitCode: delivered ? 0 : -1,
-        outputSummary: summary,
-        startedAt,
-        finishedAt
+        summary,
+        tier: routing.tier === "cheap" ? "cheap" : "main",
+        modelUsed: routing.cronModel
       });
     };
     const task = opts.cronLib.schedule(entry.cron, () => attemptFire(0));
@@ -13414,7 +14356,7 @@ async function main() {
   }
   const configPath = process.env.SWITCHROOM_CONFIG ?? "/state/config/switchroom.yaml";
   const stateDir = process.env.TELEGRAM_STATE_DIR ?? "/state/agent/telegram";
-  const socketPath = process.env.SWITCHROOM_GATEWAY_SOCKET ?? join2(stateDir, "gateway.sock");
+  const socketPath = process.env.SWITCHROOM_GATEWAY_SOCKET ?? join3(stateDir, "gateway.sock");
   const jsonlPath = process.env.SWITCHROOM_AGENT_SCHEDULER_JSONL ?? "/state/agent/scheduler.jsonl";
   const lockPath = process.env.SWITCHROOM_AGENT_SCHEDULER_LOCK ?? "/state/agent/scheduler.lock";
   const lock = acquireLock(lockPath);
@@ -13476,8 +14418,22 @@ async function main() {
       if (missed.length > 0) {
         process.stdout.write(`agent-scheduler: replaying ${missed.length} missed fire(s) ` + `from past ${windowMinutes}min — ` + missed.map((m) => `[idx=${m.entry.scheduleIndex} key=${m.entry.promptKey}]`).join(" ") + `
 `);
+        const cheapEnabledForReplay = isCheapCronEnabled(process.env);
         for (const m of missed) {
           const startedAt = Date.now();
+          if (cheapEnabledForReplay && m.entry.kind === "poll") {
+            sink.recordFire({
+              agent: m.entry.agent,
+              scheduleIndex: m.entry.scheduleIndex,
+              promptKey: m.entry.promptKey,
+              exitCode: 0,
+              outputSummary: "poll replay skipped — re-polls on next tick (stateful cursor)",
+              startedAt,
+              finishedAt: Date.now(),
+              tier: "poll"
+            });
+            continue;
+          }
           const threadId = resolveEntryThreadId(m.entry, channel);
           const result = dispatchAsInbound(m.entry, { chatId: channel.chatId, threadId }, dispatcher);
           sink.recordFire({
@@ -13551,13 +14507,30 @@ Briefly and plainly tell the user these scheduled runs did not ` + "happen so th
       await client.close().catch(() => {});
     }
   } : undefined;
+  const cheapCron = buildCheapCronHooks(config, process.env);
+  if (cheapCron) {
+    const recovered = recoverPendingEscalations({
+      entries,
+      pollState: cheapCron.pollState,
+      dispatcher,
+      channel,
+      cheapCronEnabled: true,
+      now: Date.now,
+      log: (m) => process.stderr.write(`agent-scheduler: ${m}
+`),
+      sink
+    });
+    process.stdout.write(`agent-scheduler: ${agentName} cheap-cron ENABLED` + (recovered > 0 ? ` (recovered ${recovered} pending escalation(s))` : "") + `
+`);
+  }
   const tasks = registerAgentSchedule({
     entries,
     channel,
     sink,
     cronLib,
     dispatcher,
-    ...quotaGate ? { quotaGate } : {}
+    ...quotaGate ? { quotaGate } : {},
+    ...cheapCron ? { cheapCron } : {}
   });
   process.stdout.write(`agent-scheduler: ${agentName} registered ${tasks.length} task(s); ` + `chat=${channel.chatId} thread=${channel.threadId ?? "(none)"} ` + `socket=${socketPath} jsonl=${jsonlPath}
 `);
@@ -13583,6 +14556,7 @@ export {
   resolveEntryThreadId,
   resolveChannelTarget,
   registerAgentSchedule,
+  recoverPendingEscalations,
   main,
   ipcDispatcher
 };