npm - switchroom - Versions diffs - 0.15.1 → 0.15.3 - Mend

switchroom 0.15.1 → 0.15.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/dist/agent-scheduler/index.js +1 -0
package/dist/auth-broker/index.js +80 -13
package/dist/cli/notion-write-pretool.mjs +1 -0
package/dist/cli/switchroom.js +1784 -1427
package/dist/cli/ui/index.html +67 -1
package/dist/host-control/main.js +5 -1
package/dist/vault/approvals/kernel-server.js +1 -0
package/dist/vault/broker/server.js +2 -1
package/package.json +1 -1
package/profiles/_base/start.sh.hbs +33 -0
package/profiles/default/CLAUDE.md.hbs +27 -0
package/telegram-plugin/dist/gateway/gateway.js +576 -16
package/telegram-plugin/gateway/gateway.ts +135 -4
package/telegram-plugin/gateway/model-command.ts +368 -0
package/telegram-plugin/tests/model-command.test.ts +349 -0
package/telegram-plugin/uat/scenarios/jtbd-model-command-dm.test.ts +93 -0
package/telegram-plugin/welcome-text.ts +7 -1

package/dist/agent-scheduler/index.js CHANGED Viewed

@@ -11348,6 +11348,7 @@ var AgentSchema = exports_external.object({
   dangerous_mode: exports_external.boolean().optional().describe("If true, include --dangerously-skip-permissions in start.sh"),
   network_isolation: NetworkIsolationSchema,
   admin: exports_external.boolean().optional().describe("If true, the agent's Telegram gateway intercepts admin slash commands " + "(/agents, /logs, /restart, /delete, /update, /auth, /reconcile, etc.) " + "locally before forwarding to Claude. Commands are handled silently — " + "Claude never sees them. Requires the agent to use the switchroom-telegram " + "plugin. When false or absent, all messages pass through to Claude unchanged."),
+  root: exports_external.boolean().optional().describe("If true, this is a ROOT-tier debugging agent: a root-privileged " + "container (runs as uid 0, mounts /var/run/docker.sock, the whole " + "~/.switchroom tree, and the host root filesystem at /host) so you " + "can DM it to debug the whole fleet — read any agent's logs, " + "docker exec into peers, edit host files — instead of SSHing into " + "the host as root. Implies admin: true (all admin slash commands). " + "Standing root power, audited via the agent's own session transcript " + "and shell history; there is no per-action approval tap. Per-agent " + "only (never set at defaults/profile layers). Grant to exactly one " + "trusted operator-private agent — it ingests other agents' output, " + "which is attacker-influenced text. See docs/root-agent.md."),
   settings_raw: exports_external.record(exports_external.string(), exports_external.unknown()).optional().describe("Escape hatch: raw object deep-merged into the generated " + "settings.json as the final step. Use for Claude Code settings " + "keys switchroom doesn't wrap directly (e.g. effort, apiKeyHelper). " + "Power-user-only — prefer the typed fields when they exist."),
   claude_md_raw: exports_external.string().optional().describe("Escape hatch: markdown text appended verbatim to CLAUDE.md on " + "initial scaffold. Not re-applied on reconcile (CLAUDE.md is " + "user-protected). Use for one-off persona tuning that isn't " + "worth a template."),
   cli_args: exports_external.array(exports_external.string()).optional().describe("Escape hatch: extra arguments appended to the `exec claude` " + "invocation in start.sh. Use for Claude Code CLI flags switchroom " + "doesn't expose directly (e.g. --effort high, " + "--exclude-dynamic-system-prompt-sections)."),

package/dist/auth-broker/index.js CHANGED Viewed

@@ -11348,6 +11348,7 @@ var AgentSchema = exports_external.object({
   dangerous_mode: exports_external.boolean().optional().describe("If true, include --dangerously-skip-permissions in start.sh"),
   network_isolation: NetworkIsolationSchema,
   admin: exports_external.boolean().optional().describe("If true, the agent's Telegram gateway intercepts admin slash commands " + "(/agents, /logs, /restart, /delete, /update, /auth, /reconcile, etc.) " + "locally before forwarding to Claude. Commands are handled silently — " + "Claude never sees them. Requires the agent to use the switchroom-telegram " + "plugin. When false or absent, all messages pass through to Claude unchanged."),
+  root: exports_external.boolean().optional().describe("If true, this is a ROOT-tier debugging agent: a root-privileged " + "container (runs as uid 0, mounts /var/run/docker.sock, the whole " + "~/.switchroom tree, and the host root filesystem at /host) so you " + "can DM it to debug the whole fleet — read any agent's logs, " + "docker exec into peers, edit host files — instead of SSHing into " + "the host as root. Implies admin: true (all admin slash commands). " + "Standing root power, audited via the agent's own session transcript " + "and shell history; there is no per-action approval tap. Per-agent " + "only (never set at defaults/profile layers). Grant to exactly one " + "trusted operator-private agent — it ingests other agents' output, " + "which is attacker-influenced text. See docs/root-agent.md."),
   settings_raw: exports_external.record(exports_external.string(), exports_external.unknown()).optional().describe("Escape hatch: raw object deep-merged into the generated " + "settings.json as the final step. Use for Claude Code settings " + "keys switchroom doesn't wrap directly (e.g. effort, apiKeyHelper). " + "Power-user-only — prefer the typed fields when they exist."),
   claude_md_raw: exports_external.string().optional().describe("Escape hatch: markdown text appended verbatim to CLAUDE.md on " + "initial scaffold. Not re-applied on reconcile (CLAUDE.md is " + "user-protected). Use for one-off persona tuning that isn't " + "worth a template."),
   cli_args: exports_external.array(exports_external.string()).optional().describe("Escape hatch: extra arguments appended to the `exec claude` " + "invocation in start.sh. Use for Claude Code CLI flags switchroom " + "doesn't expose directly (e.g. --effort high, " + "--exclude-dynamic-system-prompt-sections)."),
@@ -12362,6 +12363,47 @@ function resolveConsumerProbeIntervalMs(env) {
   return DEFAULT_CONSUMER_PROBE_INTERVAL_MS;
 }
+// src/auth/broker/account-eligibility.ts
+var WALL_PCT = 99.5;
+var HEALTHY_CLEAR_PCT = 80;
+var SNAPSHOT_STALE_AGE_MS = 24 * 60 * 60 * 1000;
+function snapshotFresh(s, now, maxAgeMs = SNAPSHOT_STALE_AGE_MS) {
+  return !!s && now - s.capturedAt <= maxAgeMs && s.capturedAt <= now + 60000;
+}
+function snapshotWalled(s) {
+  return s.fiveHourUtilizationPct >= WALL_PCT || s.sevenDayUtilizationPct >= WALL_PCT;
+}
+function snapshotClearlyHealthy(s) {
+  return s.fiveHourUtilizationPct < HEALTHY_CLEAR_PCT && s.sevenDayUtilizationPct < HEALTHY_CLEAR_PCT;
+}
+function isAccountBlocked(opts) {
+  const { mark, snapshot, now } = opts;
+  if (snapshotFresh(snapshot, now)) {
+    const markedAt = mark?.marked_at ?? 0;
+    if (snapshot.capturedAt >= markedAt) {
+      return snapshotWalled(snapshot);
+    }
+  }
+  return mark !== undefined && mark.exhausted_until > now;
+}
+function snapshotShouldClearMark(snapshot, mark, now) {
+  if (!mark)
+    return false;
+  if (!snapshotFresh(snapshot, now))
+    return false;
+  if (snapshot.capturedAt < (mark.marked_at ?? 0))
+    return false;
+  return snapshotClearlyHealthy(snapshot);
+}
+function clampMarkExpiry(opts) {
+  const { proposedUntil, now, shortMs, snapshot } = opts;
+  const shortCeil = now + shortMs;
+  if (proposedUntil <= shortCeil)
+    return proposedUntil;
+  const liveContradictsWeeklyWall = snapshotFresh(snapshot, now) && snapshot.sevenDayUtilizationPct < WALL_PCT;
+  return liveContradictsWeeklyWall ? shortCeil : proposedUntil;
+}
 // src/util/atomic.ts
 import { randomBytes } from "node:crypto";
 import { closeSync, constants, fsyncSync, openSync, renameSync, rmSync, writeSync } from "node:fs";
@@ -13558,7 +13600,10 @@ function enrichMirrorContent(sourceJson) {
 function configToShape(cfg) {
   const auth = cfg.auth ?? {};
   const agentsMap = cfg.agents ?? {};
-  const adminAgents = Object.entries(agentsMap).filter(([, a]) => a.admin === true).map(([name]) => name);
+  const adminAgents = Object.entries(agentsMap).filter(([, a]) => {
+    const cfg2 = a;
+    return cfg2.admin === true || cfg2.root === true;
+  }).map(([name]) => name);
   return {
     agents: Object.keys(agentsMap),
     consumers: (auth.consumers ?? []).map((c) => c.name),
@@ -13774,7 +13819,8 @@ class AuthBroker {
     }
     const sockPath = this.agentSocketPath(agentName);
     const uid = allocateAgentUid(agentName);
-    const adminFlag = this.config.agents?.[agentName]?.admin === true;
+    const agentCfg = this.config.agents?.[agentName];
+    const adminFlag = agentCfg?.admin === true || agentCfg?.root === true;
     await this.bindListener(sockPath, uid, 432, {
       kind: "agent",
       name: agentName,
@@ -14025,8 +14071,11 @@ class AuthBroker {
     return this.accountWithFailover(account);
   }
   isAccountExhausted(account) {
-    const q = this.quota[account];
-    return q !== undefined && q.exhausted_until > this.now();
+    return isAccountBlocked({
+      mark: this.quota[account],
+      snapshot: this.lastQuotaCache[account],
+      now: this.now()
+    });
   }
   accountWithFailover(account) {
     if (!account || !this.isAccountExhausted(account))
@@ -14062,7 +14111,7 @@ class AuthBroker {
       const creds = readAccountCredentials(label, this.home);
       const meta = readAccountMeta(label, this.home);
       const q = this.quota[label];
-      const exhausted = q !== undefined && q.exhausted_until > this.now();
+      const exhausted = this.isAccountExhausted(label);
       const lq = this.lastQuotaCache[label];
       return {
         label,
@@ -14137,7 +14186,7 @@ class AuthBroker {
   cacheQuotaSnapshot(label, result) {
     if (!result.ok)
       return;
-    this.lastQuotaCache[label] = {
+    const snapshot = {
       fiveHourUtilizationPct: result.data.fiveHourUtilizationPct,
       sevenDayUtilizationPct: result.data.sevenDayUtilizationPct,
       fiveHourResetAt: result.data.fiveHourResetAt?.toISOString() ?? null,
@@ -14147,6 +14196,13 @@ class AuthBroker {
       overageDisabledReason: result.data.overageDisabledReason,
       capturedAt: this.now()
     };
+    this.lastQuotaCache[label] = snapshot;
+    if (snapshotShouldClearMark(snapshot, this.quota[label], this.now())) {
+      delete this.quota[label];
+      this.persistQuota();
+      process.stdout.write(`auth-broker: live probe shows ${label} healthy (5h=${snapshot.fiveHourUtilizationPct}% 7d=${snapshot.sevenDayUtilizationPct}%) — cleared stale exhaustion mark
+`);
+    }
   }
   async fleetQuotaProbeTick() {
     for (const label of listAccounts(this.home)) {
@@ -14178,14 +14234,21 @@ class AuthBroker {
         this.logErr(`consumer-quota-probe ${label}: ${err.message}`);
         continue;
       }
+      this.cacheQuotaSnapshot(label, result);
       const decision = quotaIndicatesExhaustion(result);
       if (!decision.exhausted)
         continue;
-      const exhaustedUntil = decision.until ?? this.now() + MARK_EXHAUSTED_DEFAULT_MS;
+      const now = this.now();
+      const exhaustedUntil = clampMarkExpiry({
+        proposedUntil: decision.until ?? now + MARK_EXHAUSTED_DEFAULT_MS,
+        now,
+        shortMs: MARK_EXHAUSTED_DEFAULT_MS,
+        snapshot: this.lastQuotaCache[label]
+      });
       const existing = this.quota[label]?.exhausted_until;
       if (existing !== undefined && existing >= exhaustedUntil)
         continue;
-      this.quota[label] = { exhausted_until: exhaustedUntil };
+      this.quota[label] = { exhausted_until: exhaustedUntil, marked_at: now };
       this.persistQuota();
       this.audit({ op: "mark-exhausted", identity: { kind: "operator" }, account: label, ok: true });
       process.stdout.write(`auth-broker: consumer-quota-sensor marked ${label} exhausted until ${new Date(exhaustedUntil).toISOString()} — consumer(s) fail over
@@ -14219,8 +14282,14 @@ class AuthBroker {
       socket.write(encodeError(id, "ACCOUNT_NOT_FOUND", "no active account configured"));
       return;
     }
-    const exhaustedUntil = until ?? this.now() + MARK_EXHAUSTED_DEFAULT_MS;
-    this.quota[account] = { exhausted_until: exhaustedUntil };
+    const now = this.now();
+    const exhaustedUntil = clampMarkExpiry({
+      proposedUntil: until ?? now + MARK_EXHAUSTED_DEFAULT_MS,
+      now,
+      shortMs: MARK_EXHAUSTED_DEFAULT_MS,
+      snapshot: this.lastQuotaCache[account]
+    });
+    this.quota[account] = { exhausted_until: exhaustedUntil, marked_at: now };
     this.persistQuota();
     const rolled = this.fanoutFailoverFor(account);
     const rolledTo = this.nextHealthyAccount(account, this.config.auth?.fallback_order ?? []);
@@ -14747,9 +14816,7 @@ class AuthBroker {
       const cand = order[(start + i) % order.length];
       if (!cand)
         continue;
-      const q = this.quota[cand];
-      const exhausted = q !== undefined && q.exhausted_until > this.now();
-      if (!exhausted && accountExists(cand, this.home))
+      if (!this.isAccountExhausted(cand) && accountExists(cand, this.home))
         return cand;
     }
     return null;

package/dist/cli/notion-write-pretool.mjs CHANGED Viewed

@@ -12096,6 +12096,7 @@ var AgentSchema = exports_external.object({
   dangerous_mode: exports_external.boolean().optional().describe("If true, include --dangerously-skip-permissions in start.sh"),
   network_isolation: NetworkIsolationSchema,
   admin: exports_external.boolean().optional().describe("If true, the agent's Telegram gateway intercepts admin slash commands " + "(/agents, /logs, /restart, /delete, /update, /auth, /reconcile, etc.) " + "locally before forwarding to Claude. Commands are handled silently \u2014 " + "Claude never sees them. Requires the agent to use the switchroom-telegram " + "plugin. When false or absent, all messages pass through to Claude unchanged."),
+  root: exports_external.boolean().optional().describe("If true, this is a ROOT-tier debugging agent: a root-privileged " + "container (runs as uid 0, mounts /var/run/docker.sock, the whole " + "~/.switchroom tree, and the host root filesystem at /host) so you " + "can DM it to debug the whole fleet \u2014 read any agent's logs, " + "docker exec into peers, edit host files \u2014 instead of SSHing into " + "the host as root. Implies admin: true (all admin slash commands). " + "Standing root power, audited via the agent's own session transcript " + "and shell history; there is no per-action approval tap. Per-agent " + "only (never set at defaults/profile layers). Grant to exactly one " + "trusted operator-private agent \u2014 it ingests other agents' output, " + "which is attacker-influenced text. See docs/root-agent.md."),
   settings_raw: exports_external.record(exports_external.string(), exports_external.unknown()).optional().describe("Escape hatch: raw object deep-merged into the generated " + "settings.json as the final step. Use for Claude Code settings " + "keys switchroom doesn't wrap directly (e.g. effort, apiKeyHelper). " + "Power-user-only \u2014 prefer the typed fields when they exist."),
   claude_md_raw: exports_external.string().optional().describe("Escape hatch: markdown text appended verbatim to CLAUDE.md on " + "initial scaffold. Not re-applied on reconcile (CLAUDE.md is " + "user-protected). Use for one-off persona tuning that isn't " + "worth a template."),
   cli_args: exports_external.array(exports_external.string()).optional().describe("Escape hatch: extra arguments appended to the `exec claude` " + "invocation in start.sh. Use for Claude Code CLI flags switchroom " + "doesn't expose directly (e.g. --effort high, " + "--exclude-dynamic-system-prompt-sections)."),