switchroom 0.15.1 → 0.15.2

package/dist/agent-scheduler/index.js

@@ -11348,6 +11348,7 @@ var AgentSchema = exports_external.object({
   dangerous_mode: exports_external.boolean().optional().describe("If true, include --dangerously-skip-permissions in start.sh"),
   network_isolation: NetworkIsolationSchema,
   admin: exports_external.boolean().optional().describe("If true, the agent's Telegram gateway intercepts admin slash commands " + "(/agents, /logs, /restart, /delete, /update, /auth, /reconcile, etc.) " + "locally before forwarding to Claude. Commands are handled silently — " + "Claude never sees them. Requires the agent to use the switchroom-telegram " + "plugin. When false or absent, all messages pass through to Claude unchanged."),
+  root: exports_external.boolean().optional().describe("If true, this is a ROOT-tier debugging agent: a root-privileged " + "container (runs as uid 0, mounts /var/run/docker.sock, the whole " + "~/.switchroom tree, and the host root filesystem at /host) so you " + "can DM it to debug the whole fleet — read any agent's logs, " + "docker exec into peers, edit host files — instead of SSHing into " + "the host as root. Implies admin: true (all admin slash commands). " + "Standing root power, audited via the agent's own session transcript " + "and shell history; there is no per-action approval tap. Per-agent " + "only (never set at defaults/profile layers). Grant to exactly one " + "trusted operator-private agent — it ingests other agents' output, " + "which is attacker-influenced text. See docs/root-agent.md."),
   settings_raw: exports_external.record(exports_external.string(), exports_external.unknown()).optional().describe("Escape hatch: raw object deep-merged into the generated " + "settings.json as the final step. Use for Claude Code settings " + "keys switchroom doesn't wrap directly (e.g. effort, apiKeyHelper). " + "Power-user-only — prefer the typed fields when they exist."),
   claude_md_raw: exports_external.string().optional().describe("Escape hatch: markdown text appended verbatim to CLAUDE.md on " + "initial scaffold. Not re-applied on reconcile (CLAUDE.md is " + "user-protected). Use for one-off persona tuning that isn't " + "worth a template."),
   cli_args: exports_external.array(exports_external.string()).optional().describe("Escape hatch: extra arguments appended to the `exec claude` " + "invocation in start.sh. Use for Claude Code CLI flags switchroom " + "doesn't expose directly (e.g. --effort high, " + "--exclude-dynamic-system-prompt-sections)."),

package/dist/auth-broker/index.js

@@ -11348,6 +11348,7 @@ var AgentSchema = exports_external.object({
   dangerous_mode: exports_external.boolean().optional().describe("If true, include --dangerously-skip-permissions in start.sh"),
   network_isolation: NetworkIsolationSchema,
   admin: exports_external.boolean().optional().describe("If true, the agent's Telegram gateway intercepts admin slash commands " + "(/agents, /logs, /restart, /delete, /update, /auth, /reconcile, etc.) " + "locally before forwarding to Claude. Commands are handled silently — " + "Claude never sees them. Requires the agent to use the switchroom-telegram " + "plugin. When false or absent, all messages pass through to Claude unchanged."),
+  root: exports_external.boolean().optional().describe("If true, this is a ROOT-tier debugging agent: a root-privileged " + "container (runs as uid 0, mounts /var/run/docker.sock, the whole " + "~/.switchroom tree, and the host root filesystem at /host) so you " + "can DM it to debug the whole fleet — read any agent's logs, " + "docker exec into peers, edit host files — instead of SSHing into " + "the host as root. Implies admin: true (all admin slash commands). " + "Standing root power, audited via the agent's own session transcript " + "and shell history; there is no per-action approval tap. Per-agent " + "only (never set at defaults/profile layers). Grant to exactly one " + "trusted operator-private agent — it ingests other agents' output, " + "which is attacker-influenced text. See docs/root-agent.md."),
   settings_raw: exports_external.record(exports_external.string(), exports_external.unknown()).optional().describe("Escape hatch: raw object deep-merged into the generated " + "settings.json as the final step. Use for Claude Code settings " + "keys switchroom doesn't wrap directly (e.g. effort, apiKeyHelper). " + "Power-user-only — prefer the typed fields when they exist."),
   claude_md_raw: exports_external.string().optional().describe("Escape hatch: markdown text appended verbatim to CLAUDE.md on " + "initial scaffold. Not re-applied on reconcile (CLAUDE.md is " + "user-protected). Use for one-off persona tuning that isn't " + "worth a template."),
   cli_args: exports_external.array(exports_external.string()).optional().describe("Escape hatch: extra arguments appended to the `exec claude` " + "invocation in start.sh. Use for Claude Code CLI flags switchroom " + "doesn't expose directly (e.g. --effort high, " + "--exclude-dynamic-system-prompt-sections)."),
@@ -13558,7 +13559,10 @@ function enrichMirrorContent(sourceJson) {
 function configToShape(cfg) {
   const auth = cfg.auth ?? {};
   const agentsMap = cfg.agents ?? {};
-  const adminAgents = Object.entries(agentsMap).filter(([, a]) => a.admin === true).map(([name]) => name);
+  const adminAgents = Object.entries(agentsMap).filter(([, a]) => {
+    const cfg2 = a;
+    return cfg2.admin === true || cfg2.root === true;
+  }).map(([name]) => name);
   return {
     agents: Object.keys(agentsMap),
     consumers: (auth.consumers ?? []).map((c) => c.name),
@@ -13774,7 +13778,8 @@ class AuthBroker {
     }
     const sockPath = this.agentSocketPath(agentName);
     const uid = allocateAgentUid(agentName);
-    const adminFlag = this.config.agents?.[agentName]?.admin === true;
+    const agentCfg = this.config.agents?.[agentName];
+    const adminFlag = agentCfg?.admin === true || agentCfg?.root === true;
     await this.bindListener(sockPath, uid, 432, {
       kind: "agent",
       name: agentName,

package/dist/cli/notion-write-pretool.mjs

@@ -12096,6 +12096,7 @@ var AgentSchema = exports_external.object({
   dangerous_mode: exports_external.boolean().optional().describe("If true, include --dangerously-skip-permissions in start.sh"),
   network_isolation: NetworkIsolationSchema,
   admin: exports_external.boolean().optional().describe("If true, the agent's Telegram gateway intercepts admin slash commands " + "(/agents, /logs, /restart, /delete, /update, /auth, /reconcile, etc.) " + "locally before forwarding to Claude. Commands are handled silently \u2014 " + "Claude never sees them. Requires the agent to use the switchroom-telegram " + "plugin. When false or absent, all messages pass through to Claude unchanged."),
+  root: exports_external.boolean().optional().describe("If true, this is a ROOT-tier debugging agent: a root-privileged " + "container (runs as uid 0, mounts /var/run/docker.sock, the whole " + "~/.switchroom tree, and the host root filesystem at /host) so you " + "can DM it to debug the whole fleet \u2014 read any agent's logs, " + "docker exec into peers, edit host files \u2014 instead of SSHing into " + "the host as root. Implies admin: true (all admin slash commands). " + "Standing root power, audited via the agent's own session transcript " + "and shell history; there is no per-action approval tap. Per-agent " + "only (never set at defaults/profile layers). Grant to exactly one " + "trusted operator-private agent \u2014 it ingests other agents' output, " + "which is attacker-influenced text. See docs/root-agent.md."),
   settings_raw: exports_external.record(exports_external.string(), exports_external.unknown()).optional().describe("Escape hatch: raw object deep-merged into the generated " + "settings.json as the final step. Use for Claude Code settings " + "keys switchroom doesn't wrap directly (e.g. effort, apiKeyHelper). " + "Power-user-only \u2014 prefer the typed fields when they exist."),
   claude_md_raw: exports_external.string().optional().describe("Escape hatch: markdown text appended verbatim to CLAUDE.md on " + "initial scaffold. Not re-applied on reconcile (CLAUDE.md is " + "user-protected). Use for one-off persona tuning that isn't " + "worth a template."),
   cli_args: exports_external.array(exports_external.string()).optional().describe("Escape hatch: extra arguments appended to the `exec claude` " + "invocation in start.sh. Use for Claude Code CLI flags switchroom " + "doesn't expose directly (e.g. --effort high, " + "--exclude-dynamic-system-prompt-sections)."),

package/dist/cli/switchroom.js

@@ -13912,6 +13912,7 @@ var init_schema = __esm(() => {
     dangerous_mode: exports_external.boolean().optional().describe("If true, include --dangerously-skip-permissions in start.sh"),
     network_isolation: NetworkIsolationSchema,
     admin: exports_external.boolean().optional().describe("If true, the agent's Telegram gateway intercepts admin slash commands " + "(/agents, /logs, /restart, /delete, /update, /auth, /reconcile, etc.) " + "locally before forwarding to Claude. Commands are handled silently \u2014 " + "Claude never sees them. Requires the agent to use the switchroom-telegram " + "plugin. When false or absent, all messages pass through to Claude unchanged."),
+    root: exports_external.boolean().optional().describe("If true, this is a ROOT-tier debugging agent: a root-privileged " + "container (runs as uid 0, mounts /var/run/docker.sock, the whole " + "~/.switchroom tree, and the host root filesystem at /host) so you " + "can DM it to debug the whole fleet \u2014 read any agent's logs, " + "docker exec into peers, edit host files \u2014 instead of SSHing into " + "the host as root. Implies admin: true (all admin slash commands). " + "Standing root power, audited via the agent's own session transcript " + "and shell history; there is no per-action approval tap. Per-agent " + "only (never set at defaults/profile layers). Grant to exactly one " + "trusted operator-private agent \u2014 it ingests other agents' output, " + "which is attacker-influenced text. See docs/root-agent.md."),
     settings_raw: exports_external.record(exports_external.string(), exports_external.unknown()).optional().describe("Escape hatch: raw object deep-merged into the generated " + "settings.json as the final step. Use for Claude Code settings " + "keys switchroom doesn't wrap directly (e.g. effort, apiKeyHelper). " + "Power-user-only \u2014 prefer the typed fields when they exist."),
     claude_md_raw: exports_external.string().optional().describe("Escape hatch: markdown text appended verbatim to CLAUDE.md on " + "initial scaffold. Not re-applied on reconcile (CLAUDE.md is " + "user-protected). Use for one-off persona tuning that isn't " + "worth a template."),
     cli_args: exports_external.array(exports_external.string()).optional().describe("Escape hatch: extra arguments appended to the `exec claude` " + "invocation in start.sh. Use for Claude Code CLI flags switchroom " + "doesn't expose directly (e.g. --effort high, " + "--exclude-dynamic-system-prompt-sections)."),
@@ -23247,7 +23248,8 @@ function describeAgents(config) {
       resources,
       strippedCaps,
       networkIsolation: resolved.network_isolation === "strict" ? "strict" : "host",
-      admin: agent.admin === true,
+      admin: agent.admin === true || agent.root === true,
+      root: agent.root === true,
       bindMounts: agent.bind_mounts ? [...agent.bind_mounts] : [],
       userEnv: { ...resolved.env ?? {} },
       timezone: resolveTimezone(config, resolved)
@@ -23559,7 +23561,11 @@ function emitAgentService(lines, a, imageTag, buildMode, buildContext, homePrefi
   lines.push(`    tty: true`);
   lines.push(`    stdin_open: true`);
   lines.push(`    stop_grace_period: 45s`);
-  lines.push(`    user: "${a.uid}:${a.uid}"`);
+  if (a.root) {
+    lines.push(`    user: "0:0"`);
+  } else {
+    lines.push(`    user: "${a.uid}:${a.uid}"`);
+  }
   lines.push(`    mem_limit: ${a.resources.memLimit}`);
   if (a.resources.memReservation !== undefined) {
     lines.push(`    mem_reservation: ${a.resources.memReservation}`);
@@ -23568,11 +23574,13 @@ function emitAgentService(lines, a, imageTag, buildMode, buildContext, homePrefi
     lines.push(`    pids_limit: ${a.resources.pidsLimit}`);
   }
   lines.push(`    cpus: ${a.resources.cpus.toFixed(1)}`);
-  lines.push(`    security_opt:`);
-  lines.push(`      - "no-new-privileges:true"`);
-  lines.push(`    cap_drop:`);
-  lines.push(`      - "ALL"`);
-  lines.push(`    read_only: true`);
+  if (!a.root) {
+    lines.push(`    security_opt:`);
+    lines.push(`      - "no-new-privileges:true"`);
+    lines.push(`    cap_drop:`);
+    lines.push(`      - "ALL"`);
+    lines.push(`    read_only: true`);
+  }
   lines.push(`    tmpfs:`);
   lines.push(`      - /tmp:size=1g,mode=1777`);
   lines.push(`    depends_on:`);
@@ -23615,6 +23623,9 @@ function emitAgentService(lines, a, imageTag, buildMode, buildContext, homePrefi
   if (switchroomConfigPath) {
     env2.SWITCHROOM_CONFIG = "/state/config/switchroom.yaml";
   }
+  if (a.root === true) {
+    env2.SWITCHROOM_AGENT_ROOT = "true";
+  }
   if (a.admin === true) {
     env2.SWITCHROOM_AGENT_ADMIN = "true";
   }
@@ -23632,6 +23643,11 @@ function emitAgentService(lines, a, imageTag, buildMode, buildContext, homePrefi
   lines.push(`      - broker-${a.name}-sock:/run/switchroom/broker`);
   lines.push(`      - kernel-${a.name}-sock:/run/switchroom/kernel`);
   lines.push(`      - auth-broker-${a.name}-sock:/run/switchroom/auth-broker`);
+  if (a.root === true) {
+    lines.push(`      - /var/run/docker.sock:/var/run/docker.sock:rw`);
+    lines.push(`      - ${homePrefix}/.switchroom:/host-home/.switchroom:rw`);
+    lines.push(`      - /:/host:rw`);
+  }
   if (a.admin === true) {
     if (existsSync14(`${hostHomeForChecks}/.switchroom/vault-audit.log`)) {
       lines.push(`      - ${homePrefix}/.switchroom/vault-audit.log:/state/agent/home/.switchroom/vault-audit.log:ro`);
@@ -28704,6 +28720,118 @@ var init_protocol3 = __esm(() => {
   ResponseSchema3 = exports_external.object(ResponseEnvelope);
 });
 
+// src/memory/bank-health.ts
+function hindsightRestBase(mcpUrl) {
+  return mcpUrl.replace(/\/mcp\/?$/, "").replace(/\/$/, "");
+}
+async function getJson(url, opts) {
+  const fetchImpl = opts?.fetchImpl ?? fetch;
+  const timeoutMs = opts?.timeoutMs ?? 15000;
+  const controller = new AbortController;
+  const timeout = setTimeout(() => controller.abort(), timeoutMs);
+  try {
+    const resp = await fetchImpl(url, { signal: controller.signal });
+    clearTimeout(timeout);
+    if (!resp.ok)
+      return { ok: false, reason: `HTTP ${resp.status}` };
+    return { ok: true, data: await resp.json() };
+  } catch (err) {
+    clearTimeout(timeout);
+    if (err.name === "AbortError")
+      return { ok: false, reason: "Timeout" };
+    return { ok: false, reason: String(err.message ?? err) };
+  }
+}
+async function inspectBankHealth(mcpUrl, bankId, opts) {
+  const base = hindsightRestBase(mcpUrl);
+  const bank = encodeURIComponent(bankId);
+  const empty = {
+    bankId,
+    ok: false,
+    totalDocuments: 0,
+    totalFacts: 0,
+    pendingOperations: 0,
+    newestDocumentAt: null,
+    unextractedDocuments: [],
+    mentalModels: []
+  };
+  const stats = await getJson(`${base}/v1/default/banks/${bank}/stats`, opts);
+  if (!stats.ok)
+    return { ...empty, reason: stats.reason };
+  const docs = await getJson(`${base}/v1/default/banks/${bank}/documents?limit=${DOCUMENTS_PAGE_LIMIT}`, opts);
+  if (!docs.ok)
+    return { ...empty, reason: docs.reason };
+  const models = await getJson(`${base}/v1/default/banks/${bank}/mental-models`, opts);
+  if (!models.ok)
+    return { ...empty, reason: models.reason };
+  const docItems = docs.data.items ?? [];
+  let newestDocumentAt = null;
+  const unextracted = [];
+  for (const d of docItems) {
+    const createdAt = d.created_at ?? "";
+    if (createdAt && (!newestDocumentAt || createdAt > newestDocumentAt)) {
+      newestDocumentAt = createdAt;
+    }
+    if ((d.memory_unit_count ?? 0) === 0 && d.id) {
+      unextracted.push({
+        id: d.id,
+        createdAt,
+        textLength: d.text_length ?? 0,
+        memoryUnitCount: 0
+      });
+    }
+  }
+  unextracted.sort((a, b) => a.createdAt.localeCompare(b.createdAt));
+  return {
+    bankId,
+    ok: true,
+    totalDocuments: stats.data.total_documents ?? docItems.length,
+    totalFacts: stats.data.total_nodes ?? 0,
+    pendingOperations: stats.data.pending_operations ?? 0,
+    newestDocumentAt,
+    unextractedDocuments: unextracted,
+    mentalModels: (models.data.items ?? []).filter((m) => typeof m?.id === "string" && typeof m?.name === "string").map((m) => ({
+      id: m.id,
+      name: m.name,
+      lastRefreshedAt: m.last_refreshed_at ?? null,
+      createdAt: m.created_at ?? null,
+      contentLength: (m.content ?? "").length,
+      contentHead: (m.content ?? "").slice(0, 200)
+    }))
+  };
+}
+function ageDays(iso, now = new Date) {
+  if (!iso)
+    return null;
+  const t = Date.parse(iso);
+  if (Number.isNaN(t))
+    return null;
+  return Math.max(0, (now.getTime() - t) / 86400000);
+}
+function corruptedMentalModels(models) {
+  const failurePhrase = /out of (extra )?usage|hit your (usage |session )?limit|resets \d|quota exceeded|rate.?limit/i;
+  return models.filter((m) => {
+    if (m.contentLength === 0)
+      return m.lastRefreshedAt !== null;
+    return m.contentLength < 300 && failurePhrase.test(m.contentHead);
+  });
+}
+function staleMentalModels(models, staleDays = 7, now = new Date) {
+  return models.filter((m) => {
+    const age = ageDays(m.lastRefreshedAt ?? m.createdAt, now);
+    return age !== null && age > staleDays;
+  });
+}
+function recentUnextracted(docs, withinDays = 30, now = new Date, minTextLength = 1000) {
+  return docs.filter((d) => {
+    if (d.textLength < minTextLength)
+      return false;
+    const age = ageDays(d.createdAt, now);
+    return age !== null && age <= withinDays;
+  });
+}
+var DOCUMENTS_PAGE_LIMIT = 500;
+
 // src/host-control/audit-reader.ts
 import { homedir as homedir20 } from "node:os";
 import { join as join38 } from "node:path";
@@ -31694,6 +31822,7 @@ __export(exports_doctor, {
   checkHindsightConsumer: () => checkHindsightConsumer,
   checkDepsCacheWritable: () => checkDepsCacheWritable,
   checkConfig: () => checkConfig,
+  checkBankIngestHealth: () => checkBankIngestHealth,
   checkAgents: () => checkAgents,
   MFF_VAULT_KEY: () => MFF_VAULT_KEY
 });
@@ -32253,6 +32382,82 @@ function probeAuthBrokerSocket(consumerName) {
     return "unreachable";
   return "missing";
 }
+async function checkBankIngestHealth(config, url, opts) {
+  const results = [];
+  const now = opts?.now ?? new Date;
+  const banks = new Map;
+  for (const [agentName, agentConfig] of Object.entries(config.agents)) {
+    const bankId = agentConfig.memory?.collection ?? agentName;
+    banks.set(bankId, [...banks.get(bankId) ?? [], agentName]);
+  }
+  const inspected = await Promise.all([...banks].map(async ([bankId, agents]) => [bankId, agents, await inspectBankHealth(url, bankId, { fetchImpl: opts?.fetchImpl })]));
+  for (const [bankId, agents, h] of inspected) {
+    const label = `bank ${bankId}` + (agents[0] !== bankId ? ` (${agents.join(", ")})` : "");
+    if (!h.ok) {
+      results.push({
+        name: label,
+        status: "warn",
+        detail: `inspection failed: ${h.reason}`
+      });
+      continue;
+    }
+    if (h.totalDocuments === 0) {
+      results.push({
+        name: label,
+        status: "warn",
+        detail: "bank is empty (no documents retained yet)"
+      });
+      continue;
+    }
+    const gaps = recentUnextracted(h.unextractedDocuments, 30, now);
+    const stale = staleMentalModels(h.mentalModels, 7, now);
+    const corrupted = corruptedMentalModels(h.mentalModels);
+    const newestAge = ageDays(h.newestDocumentAt, now);
+    const summary = `${h.totalDocuments} docs \u00b7 ${h.totalFacts} facts \u00b7 ` + `newest ${h.newestDocumentAt?.slice(0, 10) ?? "?"} \u00b7 ` + `${h.mentalModels.length} mental models`;
+    if (corrupted.length > 0) {
+      results.push({
+        name: label,
+        status: "fail",
+        detail: `${corrupted.length} mental model(s) hold a persisted LLM-failure message instead of real content (${corrupted.map((m) => m.name).join(", ")}) \u2014 that garbage is injected into every agent turn`,
+        fix: "A refresh ran while the LLM was quota-walled and the error string was stored as content. " + "Once quota recovers: POST /v1/default/banks/<bank>/mental-models/<id>/refresh and verify the content regenerated."
+      });
+      continue;
+    }
+    if (gaps.length > 0) {
+      const oldest = gaps[0];
+      results.push({
+        name: label,
+        status: "fail",
+        detail: `${gaps.length} document(s) in the last 30d retained with ZERO extracted facts (oldest ${oldest.createdAt.slice(0, 10)}) \u2014 conversations from those turns are invisible to recall`,
+        fix: "Extraction silently failed (check hindsight logs for quota/429/shm). Re-extract each: " + `curl -X POST '${hindsightDocReprocessUrl(url, bankId, oldest.id)}' (repeat per doc id)`
+      });
+      continue;
+    }
+    if (h.pendingOperations > 0 && newestAge !== null && newestAge > 1) {
+      results.push({
+        name: label,
+        status: "warn",
+        detail: `${h.pendingOperations} pending operation(s) with no new documents for ${Math.round(newestAge)}d \u2014 pipeline may be stuck`
+      });
+      continue;
+    }
+    if (stale.length > 0) {
+      results.push({
+        name: label,
+        status: "warn",
+        detail: `${summary} \u00b7 ${stale.length} stale (>7d): ${stale.map((m) => m.name).join(", ")}`,
+        fix: "POST /v1/default/banks/<bank>/mental-models/<id>/refresh to regenerate"
+      });
+      continue;
+    }
+    results.push({ name: label, status: "ok", detail: summary });
+  }
+  return results;
+}
+function hindsightDocReprocessUrl(mcpUrl, bankId, docId) {
+  const base = mcpUrl.replace(/\/mcp\/?$/, "").replace(/\/$/, "");
+  return `${base}/v1/default/banks/${encodeURIComponent(bankId)}/documents/${encodeURIComponent(docId)}/reprocess`;
+}
 async function checkHindsight(config) {
   if (!isHindsightEnabled(config)) {
     return [];
@@ -32303,6 +32508,7 @@ async function checkHindsight(config) {
   }
   results.push(checkHindsightConsumer(config));
   results.push(...checkHindsightContainerHealth());
+  results.push(...await checkBankIngestHealth(config, url));
   for (const [agentName, agentConfig] of Object.entries(config.agents)) {
     const bankId = agentConfig.memory?.collection ?? agentName;
     const hasBankMission = !!agentConfig.memory?.bank_mission;
@@ -49958,8 +50164,8 @@ var {
 } = import__.default;
 
 // src/build-info.ts
-var VERSION = "0.15.1";
-var COMMIT_SHA = "a93177c8";
+var VERSION = "0.15.2";
+var COMMIT_SHA = "95461524";
 
 // src/cli/agent.ts
 init_source();
@@ -51772,7 +51978,8 @@ function buildWorkspaceContext(args) {
     botToken: resolvedBotToken ?? rawBotToken,
     forumChatId: telegramConfig.forum_chat_id,
     dangerousMode: agentConfig.dangerous_mode === true,
-    admin: agentConfig.admin === true,
+    admin: agentConfig.admin === true || agentConfig.root === true,
+    root: agentConfig.root === true,
     useSwitchroomPlugin: usesSwitchroomTelegramPlugin(agentConfig),
     useHotReloadStable: agentConfig.channels?.telegram?.hotReloadStable === true,
     telegramEnabledFlag: agentConfig.channels?.telegram?.enabled === false ? "false" : "true",
@@ -52124,7 +52331,7 @@ function scaffoldAgent(name, agentConfigRaw, agentsDir, telegramConfig, switchro
         alwaysLoad: true
       }
     };
-    if (agentConfig.admin === true) {
+    if (agentConfig.admin === true || agentConfig.root === true) {
       mcpServers["hostd"] = {
         command: switchroomCliPath,
         args: ["mcp", "hostd"],
@@ -52945,7 +53152,8 @@ function reconcileAgent(name, agentConfigRaw, agentsDir, telegramConfig, switchr
         model: agentConfig.model,
         schedule: agentConfig.schedule,
         useSwitchroomPlugin: usesSwitchroomTelegramPlugin(agentConfig),
-        admin: agentConfig.admin === true
+        admin: agentConfig.admin === true || agentConfig.root === true,
+        root: agentConfig.root === true
       };
       let rendered = renderTemplate(claudeMdSrc, claudeContext);
       const vaultProtocol = renderVaultProtocolFragment(claudeContext);
@@ -53174,7 +53382,7 @@ ${body}
         alwaysLoad: true
       }
     };
-    if (agentConfig.admin === true) {
+    if (agentConfig.admin === true || agentConfig.root === true) {
       mcpServers["hostd"] = {
         command: switchroomCliPath,
         args: ["mcp", "hostd"],
@@ -56220,10 +56428,12 @@ function registerAgentCommand(program3) {
         const agentConfig = config.agents[name];
         const status = statuses[name];
         const sched = schedulerStates[name];
+        const resolved = resolveAgentConfig(config.defaults, config.profiles, agentConfig);
         return {
           name,
           status: status?.active ?? "unknown",
           uptime: formatUptime2(status?.uptime ?? null),
+          model: resolved.model ?? SWITCHROOM_DEFAULT_MAIN_MODEL,
           extends: agentConfig.extends ?? "default",
           topic_name: agentConfig.topic_name,
           topic_emoji: agentConfig.topic_emoji,
@@ -63747,7 +63957,7 @@ class VaultBroker {
     const isGrantMgmtOp = req.op === "mint_grant" || req.op === "list_grants" || req.op === "revoke_grant";
     let mintPassphraseAttested = false;
     if (isGrantMgmtOp) {
-      const isAdminAgent = agentName !== null && this.config?.agents?.[agentName]?.admin === true;
+      const isAdminAgent = agentName !== null && (this.config?.agents?.[agentName]?.admin === true || this.config?.agents?.[agentName]?.root === true);
       if ((req.op === "mint_grant" || req.op === "list_grants") && req.passphrase !== undefined && req.passphrase !== "") {
         if (req.attest_via_posture === true) {
           writeAudit({
@@ -73178,6 +73388,66 @@ async function handleGetApprovals() {
   const sorted = [...decisions].sort((a, b) => b.granted_at - a.granted_at);
   return { reachable: true, decisions: sorted };
 }
+async function handleGetMemoryHealth(config, opts) {
+  const url = config.memory?.config?.url ?? "http://127.0.0.1:18888/mcp/";
+  const now = opts?.now ?? new Date;
+  let reachable = false;
+  try {
+    reachable = (await probeHindsight(url, { fetchImpl: opts?.fetchImpl })).ok;
+  } catch {
+    reachable = false;
+  }
+  if (!reachable)
+    return { reachable, url, banks: [] };
+  const banks = new Map;
+  for (const agentName of Object.keys(config.agents)) {
+    const bank = getCollectionForAgent(agentName, config);
+    banks.set(bank, [...banks.get(bank) ?? [], agentName]);
+  }
+  const rows = await Promise.all([...banks].map(async ([bank, agents]) => {
+    const h = await inspectBankHealth(url, bank, { fetchImpl: opts?.fetchImpl });
+    const gaps = recentUnextracted(h.unextractedDocuments, 30, now);
+    const stale = staleMentalModels(h.mentalModels, 7, now);
+    const corrupted = corruptedMentalModels(h.mentalModels);
+    let status = "ok";
+    let statusDetail = "facts flowing";
+    if (!h.ok) {
+      status = "warn";
+      statusDetail = `inspection failed: ${h.reason ?? "unknown"}`;
+    } else if (corrupted.length > 0) {
+      status = "fail";
+      statusDetail = `${corrupted.length} mental model(s) corrupted by an LLM failure message \u2014 injected into every turn until refreshed`;
+    } else if (gaps.length > 0) {
+      status = "fail";
+      statusDetail = `${gaps.length} recent conversation(s) stored with zero extracted facts \u2014 invisible to recall`;
+    } else if (stale.length > 0) {
+      status = "warn";
+      statusDetail = `${stale.length} mental model(s) not refreshed in >7d`;
+    } else if (h.totalDocuments === 0) {
+      status = "warn";
+      statusDetail = "bank is empty";
+    }
+    return {
+      bank,
+      agents,
+      ok: h.ok,
+      reason: h.reason,
+      totalDocuments: h.totalDocuments,
+      totalFacts: h.totalFacts,
+      pendingOperations: h.pendingOperations,
+      newestDocumentAt: h.newestDocumentAt,
+      recentUnextractedCount: gaps.length,
+      oldestUnextractedAt: gaps[0]?.createdAt ?? null,
+      mentalModels: h.mentalModels,
+      staleMentalModelCount: stale.length,
+      corruptedMentalModelNames: corrupted.map((m) => m.name),
+      status,
+      statusDetail
+    };
+  }));
+  rows.sort((a, b) => a.bank.localeCompare(b.bank));
+  return { reachable, url, banks: rows };
+}
 
 // src/web/webhook-handler.ts
 import { appendFileSync as appendFileSync3, existsSync as existsSync48, mkdirSync as mkdirSync27, readFileSync as readFileSync43, writeFileSync as writeFileSync25 } from "fs";
@@ -73820,6 +74090,9 @@ function parseRoute(pathname, method) {
   if (method === "GET" && pathname === "/api/system-health") {
     return { handler: "getSystemHealth", params: {} };
   }
+  if (method === "GET" && pathname === "/api/memory-health") {
+    return { handler: "getMemoryHealth", params: {} };
+  }
   if (method === "GET" && pathname === "/api/google-accounts") {
     return { handler: "getGoogleAccounts", params: {} };
   }
@@ -73981,6 +74254,8 @@ function startWebServer(config, port, hostname = "127.0.0.1", configPath) {
           }
           case "getSystemHealth":
             return (async () => jsonResponse(await handleGetSystemHealth(config)))();
+          case "getMemoryHealth":
+            return (async () => jsonResponse(await handleGetMemoryHealth(freshConfig())))();
           case "getGoogleAccounts":
             return (async () => jsonResponse(await handleGetGoogleAccounts(freshConfig())))();
           case "getMicrosoftAccounts":
@@ -79590,7 +79865,14 @@ async function ensureSwitchroomFolder2(deps, agentName) {
   const top = await ensureFolder2(deps, "Switchroom", "root");
   return ensureFolder2(deps, agentName, top.id);
 }
+var GDRIVE_MULTIPART_MAX_BYTES = 5 * 1024 * 1024;
 async function uploadFile2(deps, parentId, filename, bytes, mimeType = "application/octet-stream") {
+  if (bytes.byteLength <= GDRIVE_MULTIPART_MAX_BYTES) {
+    return uploadMultipart(deps, parentId, filename, bytes, mimeType);
+  }
+  return uploadResumable(deps, parentId, filename, bytes, mimeType);
+}
+async function uploadMultipart(deps, parentId, filename, bytes, mimeType = "application/octet-stream") {
   const f = deps.fetchImpl ?? fetch;
   const boundary = "switchroom-deliver-boundary";
   const metadata = JSON.stringify({ name: filename, parents: [parentId] });
@@ -79622,6 +79904,48 @@ Content-Type: ${mimeType}\r
   }
   return await resp.json();
 }
+async function uploadResumable(deps, parentId, filename, bytes, mimeType = "application/octet-stream") {
+  const f = deps.fetchImpl ?? fetch;
+  const init = await f(`${UPLOAD}/files?uploadType=resumable&fields=id,name,webViewLink`, {
+    method: "POST",
+    headers: {
+      Authorization: `Bearer ${deps.accessToken}`,
+      "Content-Type": "application/json; charset=UTF-8",
+      "X-Upload-Content-Type": mimeType
+    },
+    body: JSON.stringify({ name: filename, parents: [parentId] })
+  });
+  if (!init.ok) {
+    throw new Error(`Drive resumable init failed: HTTP ${init.status} \u2014 ${await readBody2(init)}`);
+  }
+  const sessionUrl = init.headers.get("location") ?? init.headers.get("Location");
+  if (!sessionUrl) {
+    throw new Error("Drive resumable init returned no session URL (Location header)");
+  }
+  const CHUNK = 8 * 1024 * 1024;
+  const total = bytes.byteLength;
+  let lastFile = null;
+  for (let start = 0;start < total; start += CHUNK) {
+    const end = Math.min(start + CHUNK, total);
+    const chunk2 = bytes.subarray(start, end);
+    const put = await f(sessionUrl, {
+      method: "PUT",
+      headers: {
+        "Content-Length": String(chunk2.byteLength),
+        "Content-Range": `bytes ${start}-${end - 1}/${total}`
+      },
+      body: chunk2
+    });
+    if (put.status === 200 || put.status === 201) {
+      lastFile = await put.json();
+    } else if (put.status !== 308) {
+      throw new Error(`Drive resumable chunk failed: HTTP ${put.status} \u2014 ${await readBody2(put)}`);
+    }
+  }
+  if (!lastFile)
+    throw new Error("Drive resumable upload completed without a final file resource");
+  return lastFile;
+}
 async function createShareLink2(deps, file, scopes = ["anyone"]) {
   const f = deps.fetchImpl ?? fetch;
   for (const type of scopes) {