switchroom 0.15.10 → 0.15.12

package/dist/host-control/main.js

@@ -13882,6 +13882,11 @@ var TelegramChannelSchema = exports_external.object({
   }).optional().describe("Per-source rate limit for the webhook ingest path (#714). " + "Off by default — when this key is absent the handler skips " + "rate-limit checks entirely. Opt in by setting `rpm` to an " + "integer requests-per-minute (token bucket per (agent, source); " + "burst equal to rpm). When enabled, exceeding the limit returns " + "429 with Retry-After header; first throttle event per " + "(agent, source) per 60s window is written to " + "<agent>/telegram/issues.jsonl. " + "Cascades from defaults.channels.telegram.webhook_rate_limit."),
   webhook_via_gateway: exports_external.boolean().optional().describe("Route verified webhook events to the agent's in-container gateway " + "over a peercred-gated UDS (<agent>/telegram/webhook.sock) instead " + "of having the host-side web receiver write the agent dir directly. " + "Required under the Docker runtime: the receiver runs as the host " + "operator UID and cannot write the per-agent-UID-owned agent dir " + "(EACCES 500) nor connect the gateway socket. When true the gateway " + "(running as the agent UID) becomes the sole writer of " + "webhook-events.jsonl + dedup/cooldown state and also fires " + "webhook_dispatch. Off by default for back-compat with host-runtime " + "installs. See docs/rfcs/webhook-via-gateway-socket.md."),
   webhook_require_edge: exports_external.boolean().optional().describe("Cloudflare-only edge lock: require the X-Switchroom-Edge header " + "(injected by a Cloudflare Transform Rule on hooks.switchroom.ai) to " + "match the operator's edge secret at ~/.switchroom/webhook-edge-secret " + "before any HMAC verification; reject 403 otherwise. Proves the " + "request entered through our Cloudflare edge — the per-agent HMAC " + "alone can't (it proves body provenance, not network path). Stacks " + "on the GitHub-IP WAF + per-agent HMAC. Fail-closed: when required " + "but the secret file is missing/empty every request is rejected. Off " + "by default. See docs/rfcs/webhook-cloudflare-edge-lock.md."),
+  linear_agent: exports_external.object({
+    enabled: exports_external.boolean(),
+    token: exports_external.string().describe("vault:<key> reference to the Linear OAuth app token (actor=app). " + "Resolved at runtime via the vault broker (canonically " + "vault:linear/<agent>/token). Never an inline literal."),
+    workspace_id: exports_external.string().optional().describe("Optional Linear workspace (organization) id this agent is " + "installed into. Informational — used for setup hints and " + "multi-workspace disambiguation; the token already scopes the " + "app to its workspace.")
+  }).optional().describe("Linear first-class agent integration (#2298). When enabled, the " + "agent appears in a Linear workspace as an app actor (own name/" + "avatar, @-mentionable, delegate-assignable). Linear AgentSessionEvent " + "webhooks (mention / delegation) wake the agent instantly via the " + "same gateway inject path as webhook_dispatch, tagged " + 'meta.source="linear" with the agent_session_id, and the agent ' + "responds with structured AgentActivity (thought/message/complete/" + "error) via the linear_agent_activity MCP tool. Builds the " + "session-lifecycle layer on top of the plain webhook_sources:[linear] " + "+ webhook_dispatch support (#2272). The OAuth app token is stored in " + "the vault and referenced here as vault:linear/<agent>/token; run " + "`switchroom linear-agent setup <agent>` to provision it. Off by " + "default — opt in per agent. Cascades from " + "defaults.channels.telegram.linear_agent."),
   chat_id: exports_external.string().regex(/^-\d+$/, 'supergroup chat_id must be a negative integer as a string (e.g. "-1001234567890")').optional().describe("Per-agent supergroup ID — overrides fleet `telegram.forum_chat_id`. " + "When set, requires `default_topic_id`. Negative integer as string. " + "Forbidden when `dm_only: true`. See docs/rfcs/supergroup-mode.md."),
   default_topic_id: exports_external.number().int().positive().optional().describe("Forum topic ID this agent's automated outbounds default to when " + "no more-specific alias resolves. Defaults to General (topic 1) when " + "`chat_id` is set and this is omitted — set it only to pin a different " + "fallback topic. " + "Telegram's General topic is `id=1` at MTProto but sends omit the " + "field — the outbound wrapper strips `message_thread_id === 1` " + "on send. Forbidden when `dm_only: true`."),
   topic_aliases: exports_external.record(exports_external.string(), exports_external.number().int().positive()).optional().describe("Operator-friendly names for forum topic IDs (e.g. " + "`{ general: 1, planning: 17, cron: 23, admin: 31, alerts: 41 }`). " + "Referenced from per-cron `topic:` fields and the outbound router " + "for autonomous events (boot → alerts, hostd → admin, etc.). " + "Cascades per-key through defaults → profile → agent.")

package/dist/vault/approvals/kernel-server.js

@@ -11480,6 +11480,11 @@ var init_schema = __esm(() => {
     }).optional().describe("Per-source rate limit for the webhook ingest path (#714). " + "Off by default — when this key is absent the handler skips " + "rate-limit checks entirely. Opt in by setting `rpm` to an " + "integer requests-per-minute (token bucket per (agent, source); " + "burst equal to rpm). When enabled, exceeding the limit returns " + "429 with Retry-After header; first throttle event per " + "(agent, source) per 60s window is written to " + "<agent>/telegram/issues.jsonl. " + "Cascades from defaults.channels.telegram.webhook_rate_limit."),
     webhook_via_gateway: exports_external.boolean().optional().describe("Route verified webhook events to the agent's in-container gateway " + "over a peercred-gated UDS (<agent>/telegram/webhook.sock) instead " + "of having the host-side web receiver write the agent dir directly. " + "Required under the Docker runtime: the receiver runs as the host " + "operator UID and cannot write the per-agent-UID-owned agent dir " + "(EACCES 500) nor connect the gateway socket. When true the gateway " + "(running as the agent UID) becomes the sole writer of " + "webhook-events.jsonl + dedup/cooldown state and also fires " + "webhook_dispatch. Off by default for back-compat with host-runtime " + "installs. See docs/rfcs/webhook-via-gateway-socket.md."),
     webhook_require_edge: exports_external.boolean().optional().describe("Cloudflare-only edge lock: require the X-Switchroom-Edge header " + "(injected by a Cloudflare Transform Rule on hooks.switchroom.ai) to " + "match the operator's edge secret at ~/.switchroom/webhook-edge-secret " + "before any HMAC verification; reject 403 otherwise. Proves the " + "request entered through our Cloudflare edge — the per-agent HMAC " + "alone can't (it proves body provenance, not network path). Stacks " + "on the GitHub-IP WAF + per-agent HMAC. Fail-closed: when required " + "but the secret file is missing/empty every request is rejected. Off " + "by default. See docs/rfcs/webhook-cloudflare-edge-lock.md."),
+    linear_agent: exports_external.object({
+      enabled: exports_external.boolean(),
+      token: exports_external.string().describe("vault:<key> reference to the Linear OAuth app token (actor=app). " + "Resolved at runtime via the vault broker (canonically " + "vault:linear/<agent>/token). Never an inline literal."),
+      workspace_id: exports_external.string().optional().describe("Optional Linear workspace (organization) id this agent is " + "installed into. Informational — used for setup hints and " + "multi-workspace disambiguation; the token already scopes the " + "app to its workspace.")
+    }).optional().describe("Linear first-class agent integration (#2298). When enabled, the " + "agent appears in a Linear workspace as an app actor (own name/" + "avatar, @-mentionable, delegate-assignable). Linear AgentSessionEvent " + "webhooks (mention / delegation) wake the agent instantly via the " + "same gateway inject path as webhook_dispatch, tagged " + 'meta.source="linear" with the agent_session_id, and the agent ' + "responds with structured AgentActivity (thought/message/complete/" + "error) via the linear_agent_activity MCP tool. Builds the " + "session-lifecycle layer on top of the plain webhook_sources:[linear] " + "+ webhook_dispatch support (#2272). The OAuth app token is stored in " + "the vault and referenced here as vault:linear/<agent>/token; run " + "`switchroom linear-agent setup <agent>` to provision it. Off by " + "default — opt in per agent. Cascades from " + "defaults.channels.telegram.linear_agent."),
     chat_id: exports_external.string().regex(/^-\d+$/, 'supergroup chat_id must be a negative integer as a string (e.g. "-1001234567890")').optional().describe("Per-agent supergroup ID — overrides fleet `telegram.forum_chat_id`. " + "When set, requires `default_topic_id`. Negative integer as string. " + "Forbidden when `dm_only: true`. See docs/rfcs/supergroup-mode.md."),
     default_topic_id: exports_external.number().int().positive().optional().describe("Forum topic ID this agent's automated outbounds default to when " + "no more-specific alias resolves. Defaults to General (topic 1) when " + "`chat_id` is set and this is omitted — set it only to pin a different " + "fallback topic. " + "Telegram's General topic is `id=1` at MTProto but sends omit the " + "field — the outbound wrapper strips `message_thread_id === 1` " + "on send. Forbidden when `dm_only: true`."),
     topic_aliases: exports_external.record(exports_external.string(), exports_external.number().int().positive()).optional().describe("Operator-friendly names for forum topic IDs (e.g. " + "`{ general: 1, planning: 17, cron: 23, admin: 31, alerts: 41 }`). " + "Referenced from per-cron `topic:` fields and the outbound router " + "for autonomous events (boot → alerts, hostd → admin, etc.). " + "Cascades per-key through defaults → profile → agent.")

package/dist/vault/broker/server.js

@@ -11480,6 +11480,11 @@ var init_schema = __esm(() => {
     }).optional().describe("Per-source rate limit for the webhook ingest path (#714). " + "Off by default — when this key is absent the handler skips " + "rate-limit checks entirely. Opt in by setting `rpm` to an " + "integer requests-per-minute (token bucket per (agent, source); " + "burst equal to rpm). When enabled, exceeding the limit returns " + "429 with Retry-After header; first throttle event per " + "(agent, source) per 60s window is written to " + "<agent>/telegram/issues.jsonl. " + "Cascades from defaults.channels.telegram.webhook_rate_limit."),
     webhook_via_gateway: exports_external.boolean().optional().describe("Route verified webhook events to the agent's in-container gateway " + "over a peercred-gated UDS (<agent>/telegram/webhook.sock) instead " + "of having the host-side web receiver write the agent dir directly. " + "Required under the Docker runtime: the receiver runs as the host " + "operator UID and cannot write the per-agent-UID-owned agent dir " + "(EACCES 500) nor connect the gateway socket. When true the gateway " + "(running as the agent UID) becomes the sole writer of " + "webhook-events.jsonl + dedup/cooldown state and also fires " + "webhook_dispatch. Off by default for back-compat with host-runtime " + "installs. See docs/rfcs/webhook-via-gateway-socket.md."),
     webhook_require_edge: exports_external.boolean().optional().describe("Cloudflare-only edge lock: require the X-Switchroom-Edge header " + "(injected by a Cloudflare Transform Rule on hooks.switchroom.ai) to " + "match the operator's edge secret at ~/.switchroom/webhook-edge-secret " + "before any HMAC verification; reject 403 otherwise. Proves the " + "request entered through our Cloudflare edge — the per-agent HMAC " + "alone can't (it proves body provenance, not network path). Stacks " + "on the GitHub-IP WAF + per-agent HMAC. Fail-closed: when required " + "but the secret file is missing/empty every request is rejected. Off " + "by default. See docs/rfcs/webhook-cloudflare-edge-lock.md."),
+    linear_agent: exports_external.object({
+      enabled: exports_external.boolean(),
+      token: exports_external.string().describe("vault:<key> reference to the Linear OAuth app token (actor=app). " + "Resolved at runtime via the vault broker (canonically " + "vault:linear/<agent>/token). Never an inline literal."),
+      workspace_id: exports_external.string().optional().describe("Optional Linear workspace (organization) id this agent is " + "installed into. Informational — used for setup hints and " + "multi-workspace disambiguation; the token already scopes the " + "app to its workspace.")
+    }).optional().describe("Linear first-class agent integration (#2298). When enabled, the " + "agent appears in a Linear workspace as an app actor (own name/" + "avatar, @-mentionable, delegate-assignable). Linear AgentSessionEvent " + "webhooks (mention / delegation) wake the agent instantly via the " + "same gateway inject path as webhook_dispatch, tagged " + 'meta.source="linear" with the agent_session_id, and the agent ' + "responds with structured AgentActivity (thought/message/complete/" + "error) via the linear_agent_activity MCP tool. Builds the " + "session-lifecycle layer on top of the plain webhook_sources:[linear] " + "+ webhook_dispatch support (#2272). The OAuth app token is stored in " + "the vault and referenced here as vault:linear/<agent>/token; run " + "`switchroom linear-agent setup <agent>` to provision it. Off by " + "default — opt in per agent. Cascades from " + "defaults.channels.telegram.linear_agent."),
     chat_id: exports_external.string().regex(/^-\d+$/, 'supergroup chat_id must be a negative integer as a string (e.g. "-1001234567890")').optional().describe("Per-agent supergroup ID — overrides fleet `telegram.forum_chat_id`. " + "When set, requires `default_topic_id`. Negative integer as string. " + "Forbidden when `dm_only: true`. See docs/rfcs/supergroup-mode.md."),
     default_topic_id: exports_external.number().int().positive().optional().describe("Forum topic ID this agent's automated outbounds default to when " + "no more-specific alias resolves. Defaults to General (topic 1) when " + "`chat_id` is set and this is omitted — set it only to pin a different " + "fallback topic. " + "Telegram's General topic is `id=1` at MTProto but sends omit the " + "field — the outbound wrapper strips `message_thread_id === 1` " + "on send. Forbidden when `dm_only: true`."),
     topic_aliases: exports_external.record(exports_external.string(), exports_external.number().int().positive()).optional().describe("Operator-friendly names for forum topic IDs (e.g. " + "`{ general: 1, planning: 17, cron: 23, admin: 31, alerts: 41 }`). " + "Referenced from per-cron `topic:` fields and the outbound router " + "for autonomous events (boot → alerts, hostd → admin, etc.). " + "Cascades per-key through defaults → profile → agent.")

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "switchroom",
-  "version": "0.15.10",
+  "version": "0.15.12",
   "description": "Run Claude Code 24/7 on your Claude Pro/Max subscription over Telegram. Open-source alternative to OpenClaw and NanoClaw — no API keys.",
   "type": "module",
   "bin": {

package/profiles/_base/cron-session.sh.hbs

@@ -17,15 +17,19 @@
 set -u
 
 # Runtime kill-switch. The fork is baked into start.sh whenever {{name}} has a
-# context:fresh cron entry (a config property), but the session only actually
-# runs when SWITCHROOM_CHEAP_CRON is on at runtime. Exit 78 (EX_CONFIG) so the
-# supervisor does NOT respawn-loop when the feature is off — a clean idle.
+# cron entry the value-gate routes to a cheap session, but the session only
+# actually runs when cheap-cron is enabled at runtime. Cheap-cron is ON by
+# DEFAULT (matches isCheapCronEnabled in src/scheduler/cron-routing.ts — only
+# SWITCHROOM_CHEAP_CRON=0/false/off disables it); the old "off unless =1" gate
+# here meant the cron session quarantined itself even with cheap-by-default on,
+# so every Tier-1 fire fell back to the main session and saved nothing. Exit 78
+# (EX_CONFIG) on the explicit kill-switch so the supervisor cleanly idles.
 case "${SWITCHROOM_CHEAP_CRON:-}" in
-  1 | true | on | ON) : ;;
-  *)
-    echo "cron-session: SWITCHROOM_CHEAP_CRON off — not starting (exit 78, no respawn)" >&2
+  0 | false | off | OFF | False | FALSE)
+    echo "cron-session: SWITCHROOM_CHEAP_CRON disabled (=0) — not starting (exit 78, no respawn)" >&2
     exit 78
     ;;
+  *) : ;;
 esac
 
 CRON_NAME="{{name}}-cron"

package/telegram-plugin/bridge/bridge.ts

@@ -455,6 +455,30 @@ const TOOL_SCHEMAS = [
       required: ['chat_id', 'key'],
     },
   },
+  {
+    name: 'linear_agent_activity',
+    description:
+      'Emit a structured Linear AgentActivity against an agent session (#2298). Use this ONLY inside a turn that was woken by a Linear agent session (the inbound carries meta.source="linear" and meta.agent_session_id) — pass that agent_session_id back here. Linear renders activities as status chips + a timeline on the issue, so the human sees acknowledge → work → result. Emit a `thought` within ~10s of being woken so the session does not look dead, then `message`(s) as you make progress, and finally exactly one terminal `complete` (work done) or `error` (you could not proceed). body is required for thought/message/error and optional for complete. Resolves the agent\'s Linear app token from the vault; on VAULT-BROKER-DENIED it returns an error instructing you to vault_request_access for `linear/<agent>/token`.',
+    inputSchema: {
+      type: 'object',
+      properties: {
+        agent_session_id: {
+          type: 'string',
+          description: 'The Linear AgentSession id — copy it verbatim from the woken turn\'s meta.agent_session_id.',
+        },
+        type: {
+          type: 'string',
+          enum: ['thought', 'message', 'complete', 'error'],
+          description: 'Activity kind. thought = visible reasoning ack (emit within ~10s); message = progress update; complete = terminal success; error = terminal failure.',
+        },
+        body: {
+          type: 'string',
+          description: 'Activity text (Markdown). Required for thought/message/error; optional for complete (a closing summary).',
+        },
+      },
+      required: ['agent_session_id', 'type'],
+    },
+  },
 ]
 
 mcp.setRequestHandler(ListToolsRequestSchema, async () => ({ tools: TOOL_SCHEMAS }))

package/telegram-plugin/dist/bridge/bridge.js

@@ -24934,6 +24934,29 @@ var TOOL_SCHEMAS = [
       },
       required: ["chat_id", "key"]
     }
+  },
+  {
+    name: "linear_agent_activity",
+    description: 'Emit a structured Linear AgentActivity against an agent session (#2298). Use this ONLY inside a turn that was woken by a Linear agent session (the inbound carries meta.source="linear" and meta.agent_session_id) \u2014 pass that agent_session_id back here. Linear renders activities as status chips + a timeline on the issue, so the human sees acknowledge \u2192 work \u2192 result. Emit a `thought` within ~10s of being woken so the session does not look dead, then `message`(s) as you make progress, and finally exactly one terminal `complete` (work done) or `error` (you could not proceed). body is required for thought/message/error and optional for complete. Resolves the agent\'s Linear app token from the vault; on VAULT-BROKER-DENIED it returns an error instructing you to vault_request_access for `linear/<agent>/token`.',
+    inputSchema: {
+      type: "object",
+      properties: {
+        agent_session_id: {
+          type: "string",
+          description: "The Linear AgentSession id \u2014 copy it verbatim from the woken turn's meta.agent_session_id."
+        },
+        type: {
+          type: "string",
+          enum: ["thought", "message", "complete", "error"],
+          description: "Activity kind. thought = visible reasoning ack (emit within ~10s); message = progress update; complete = terminal success; error = terminal failure."
+        },
+        body: {
+          type: "string",
+          description: "Activity text (Markdown). Required for thought/message/error; optional for complete (a closing summary)."
+        }
+      },
+      required: ["agent_session_id", "type"]
+    }
   }
 ];
 mcp.setRequestHandler(ListToolsRequestSchema2, async () => ({ tools: TOOL_SCHEMAS }));

package/telegram-plugin/dist/gateway/gateway.js

@@ -23993,6 +23993,11 @@ var init_schema = __esm(() => {
     }).optional().describe("Per-source rate limit for the webhook ingest path (#714). " + "Off by default \u2014 when this key is absent the handler skips " + "rate-limit checks entirely. Opt in by setting `rpm` to an " + "integer requests-per-minute (token bucket per (agent, source); " + "burst equal to rpm). When enabled, exceeding the limit returns " + "429 with Retry-After header; first throttle event per " + "(agent, source) per 60s window is written to " + "<agent>/telegram/issues.jsonl. " + "Cascades from defaults.channels.telegram.webhook_rate_limit."),
     webhook_via_gateway: exports_external.boolean().optional().describe("Route verified webhook events to the agent's in-container gateway " + "over a peercred-gated UDS (<agent>/telegram/webhook.sock) instead " + "of having the host-side web receiver write the agent dir directly. " + "Required under the Docker runtime: the receiver runs as the host " + "operator UID and cannot write the per-agent-UID-owned agent dir " + "(EACCES 500) nor connect the gateway socket. When true the gateway " + "(running as the agent UID) becomes the sole writer of " + "webhook-events.jsonl + dedup/cooldown state and also fires " + "webhook_dispatch. Off by default for back-compat with host-runtime " + "installs. See docs/rfcs/webhook-via-gateway-socket.md."),
     webhook_require_edge: exports_external.boolean().optional().describe("Cloudflare-only edge lock: require the X-Switchroom-Edge header " + "(injected by a Cloudflare Transform Rule on hooks.switchroom.ai) to " + "match the operator's edge secret at ~/.switchroom/webhook-edge-secret " + "before any HMAC verification; reject 403 otherwise. Proves the " + "request entered through our Cloudflare edge \u2014 the per-agent HMAC " + "alone can't (it proves body provenance, not network path). Stacks " + "on the GitHub-IP WAF + per-agent HMAC. Fail-closed: when required " + "but the secret file is missing/empty every request is rejected. Off " + "by default. See docs/rfcs/webhook-cloudflare-edge-lock.md."),
+    linear_agent: exports_external.object({
+      enabled: exports_external.boolean(),
+      token: exports_external.string().describe("vault:<key> reference to the Linear OAuth app token (actor=app). " + "Resolved at runtime via the vault broker (canonically " + "vault:linear/<agent>/token). Never an inline literal."),
+      workspace_id: exports_external.string().optional().describe("Optional Linear workspace (organization) id this agent is " + "installed into. Informational \u2014 used for setup hints and " + "multi-workspace disambiguation; the token already scopes the " + "app to its workspace.")
+    }).optional().describe("Linear first-class agent integration (#2298). When enabled, the " + "agent appears in a Linear workspace as an app actor (own name/" + "avatar, @-mentionable, delegate-assignable). Linear AgentSessionEvent " + "webhooks (mention / delegation) wake the agent instantly via the " + "same gateway inject path as webhook_dispatch, tagged " + 'meta.source="linear" with the agent_session_id, and the agent ' + "responds with structured AgentActivity (thought/message/complete/" + "error) via the linear_agent_activity MCP tool. Builds the " + "session-lifecycle layer on top of the plain webhook_sources:[linear] " + "+ webhook_dispatch support (#2272). The OAuth app token is stored in " + "the vault and referenced here as vault:linear/<agent>/token; run " + "`switchroom linear-agent setup <agent>` to provision it. Off by " + "default \u2014 opt in per agent. Cascades from " + "defaults.channels.telegram.linear_agent."),
     chat_id: exports_external.string().regex(/^-\d+$/, 'supergroup chat_id must be a negative integer as a string (e.g. "-1001234567890")').optional().describe("Per-agent supergroup ID \u2014 overrides fleet `telegram.forum_chat_id`. " + "When set, requires `default_topic_id`. Negative integer as string. " + "Forbidden when `dm_only: true`. See docs/rfcs/supergroup-mode.md."),
     default_topic_id: exports_external.number().int().positive().optional().describe("Forum topic ID this agent's automated outbounds default to when " + "no more-specific alias resolves. Defaults to General (topic 1) when " + "`chat_id` is set and this is omitted \u2014 set it only to pin a different " + "fallback topic. " + "Telegram's General topic is `id=1` at MTProto but sends omit the " + "field \u2014 the outbound wrapper strips `message_thread_id === 1` " + "on send. Forbidden when `dm_only: true`."),
     topic_aliases: exports_external.record(exports_external.string(), exports_external.number().int().positive()).optional().describe("Operator-friendly names for forum topic IDs (e.g. " + "`{ general: 1, planning: 17, cron: 23, admin: 31, alerts: 41 }`). " + "Referenced from per-cron `topic:` fields and the outbound router " + "for autonomous events (boot \u2192 alerts, hostd \u2192 admin, etc.). " + "Cascades per-key through defaults \u2192 profile \u2192 agent.")
@@ -28268,6 +28273,7 @@ __export(exports_history, {
   pruneMessagesOlderThanDays: () => pruneMessagesOlderThanDays,
   lookupMessageRoleAndText: () => lookupMessageRoleAndText,
   initHistory: () => initHistory,
+  hasOutboundDeliveredSince: () => hasOutboundDeliveredSince,
   getRecentOutboundCount: () => getRecentOutboundCount,
   getLatestInboundMessageId: () => getLatestInboundMessageId,
   deleteFromHistory: () => deleteFromHistory,
@@ -28462,6 +28468,26 @@ function getRecentOutboundCount(chatId, withinSeconds) {
   const row = requireDb().prepare("SELECT COUNT(*) as cnt FROM messages WHERE chat_id = ? AND role = ? AND ts >= ?").get(chatId, "assistant", cutoff);
   return row?.cnt ?? 0;
 }
+function hasOutboundDeliveredSince(chatId, sinceMs, threadId) {
+  try {
+    const cutoffSec = Math.floor(sinceMs / 1000);
+    const params = [chatId, cutoffSec];
+    let sql = "SELECT 1 FROM messages WHERE chat_id = ? AND role = 'assistant' AND ts >= ? AND LENGTH(text) >= 200";
+    if (threadId !== undefined) {
+      if (threadId === null) {
+        sql += " AND thread_id IS NULL";
+      } else {
+        sql += " AND thread_id = ?";
+        params.push(threadId);
+      }
+    }
+    sql += " LIMIT 1";
+    const row = requireDb().prepare(sql).get(...params);
+    return row != null;
+  } catch {
+    return false;
+  }
+}
 function query(opts) {
   const limit = Math.min(MAX_LIMIT, Math.max(1, opts.limit ?? DEFAULT_LIMIT));
   const params = [opts.chat_id];
@@ -44899,7 +44925,7 @@ function labelTag(label) {
 }
 
 // gateway/model-command.ts
-var MODEL_ALIASES = ["opus", "sonnet", "haiku", "default"];
+var MODEL_ALIASES = ["opus", "sonnet", "haiku", "fable", "default"];
 var MODEL_ARG_RE = /^[A-Za-z0-9][A-Za-z0-9._\[\]-]{0,99}$/;
 function isValidModelArg(arg) {
   return MODEL_ARG_RE.test(arg);
@@ -47005,6 +47031,53 @@ function injectWebhookInbound(agent, prompt, ctx, deps = {}) {
 `)).catch((err) => log(`webhook-dispatch: agent='${agent}' inject failed: ${String(err)}
 `));
 }
+function parseLinearAgentSession(payload) {
+  const type = String(payload.type ?? "").toLowerCase();
+  if (type !== "agentsessionevent")
+    return null;
+  const action = String(payload.action ?? "").toLowerCase();
+  const session = payload.agentSession ?? payload.agent_session ?? {};
+  const sessionId = String(session.id ?? payload.agentSessionId ?? payload.agent_session_id ?? "");
+  if (!sessionId)
+    return null;
+  const explicitTrigger = String(session.trigger ?? payload.trigger ?? "").toLowerCase();
+  const comment = session.comment;
+  const trigger = explicitTrigger === "mention" || explicitTrigger === "delegation" ? explicitTrigger : comment ? "mention" : "delegation";
+  const promptContext = typeof payload.promptContext === "string" ? payload.promptContext : typeof session.promptContext === "string" ? session.promptContext : undefined;
+  const issue = session.issue ?? {};
+  const issueId = String(issue.identifier ?? "");
+  const issueTitle = String(issue.title ?? "");
+  const commentBody = typeof comment?.body === "string" ? comment.body : "";
+  const summaryParts = [];
+  summaryParts.push(trigger === "mention" ? `You were @mentioned in Linear` : `An issue was delegated to you in Linear`);
+  if (issueId || issueTitle) {
+    summaryParts.push(`Issue ${issueId}${issueTitle ? `: ${issueTitle}` : ""}`.trim());
+  }
+  if (commentBody)
+    summaryParts.push(commentBody);
+  const summary = summaryParts.join(`
+`);
+  return { sessionId, trigger, action, promptContext, summary };
+}
+function buildLinearInbound(session, ctx, now) {
+  const content = session.promptContext && session.promptContext.trim().length > 0 ? session.promptContext : session.summary;
+  return {
+    type: "inbound",
+    chatId: ctx.chatId,
+    ...ctx.threadId !== undefined ? { threadId: ctx.threadId } : {},
+    messageId: now,
+    user: "linear",
+    userId: 0,
+    ts: now,
+    text: content,
+    meta: {
+      source: "linear",
+      agent_session_id: session.sessionId,
+      linear_trigger: session.trigger,
+      linear_event: `agent_session.${session.action || "event"}`
+    }
+  };
+}
 function evaluateDispatch(args, deps = {}) {
   const log = deps.log ?? ((s) => process.stderr.write(s));
   const now = (deps.now ?? Date.now)();
@@ -47116,6 +47189,38 @@ function recordWebhookEvent(rec, deps = {}) {
   }
   log(`webhook-gateway: agent='${agent}' source='${rec.source}' event='${rec.event_type}' recorded ts=${now}
 `);
+  if (rec.source === "linear") {
+    try {
+      const session = parseLinearAgentSession(rec.payload);
+      if (session) {
+        const config = (deps.loadConfig ?? loadConfig)();
+        const rawAgent = config.agents?.[agent];
+        const linearAgent = rawAgent ? resolveAgentConfig(config.defaults, config.profiles, rawAgent).channels?.telegram?.linear_agent : undefined;
+        if (!linearAgent?.enabled) {
+          log(`linear-agent: agent='${agent}' session='${session.sessionId}' ignored \u2014 linear_agent not enabled
+`);
+        } else {
+          const target = resolveChannelTarget(config, agent);
+          if (!target) {
+            log(`linear-agent: agent='${agent}' session='${session.sessionId}' skipped \u2014 no chat target (forum_chat_id / chat_id unset)
+`);
+          } else {
+            const inbound = buildLinearInbound(session, {
+              chatId: target.chatId,
+              ...target.threadId !== undefined ? { threadId: target.threadId } : {}
+            }, now);
+            const ok = deps.inject ? deps.inject(agent, inbound) : false;
+            log(`linear-agent: agent='${agent}' session='${session.sessionId}' trigger='${session.trigger}' ` + `${ok ? "injected" : "NOT injected (no inject sink)"}
+`);
+            return { status: "ok", ts: now, dispatched: ok ? 1 : 0 };
+          }
+        }
+      }
+    } catch (err) {
+      log(`linear-agent: agent='${agent}' session inject error (event recorded): ${err.message}
+`);
+    }
+  }
   let dispatched = 0;
   try {
     const config = (deps.loadConfig ?? loadConfig)();
@@ -48305,21 +48410,23 @@ class ObligationLedger {
     return best;
   }
   decideAtIdle(opts) {
-    const useEligible = opts != null && (opts.graceMs > 0 || opts.backgroundWorkActive === true);
-    const o = useEligible ? this.oldestEligible(opts.now, opts.graceMs, opts.backgroundWorkActive === true, opts.backgroundGraceMs ?? 0) : this.oldest();
+    const useEligible = opts != null && (opts.graceMs > 0 || opts.backgroundWorkActive === true || (opts.representGraceMs ?? 0) > 0);
+    const o = useEligible ? this.oldestEligible(opts.now, opts.graceMs, opts.backgroundWorkActive === true, opts.backgroundGraceMs ?? 0, opts.representGraceMs ?? 0) : this.oldest();
     if (o === undefined)
       return { action: "none" };
     if (o.representCount >= this.maxRepresents)
       return { action: "escalate", obligation: o };
     return { action: "represent", obligation: o };
   }
-  oldestEligible(now, graceMs, backgroundWorkActive, backgroundGraceMs) {
+  oldestEligible(now, graceMs, backgroundWorkActive, backgroundGraceMs, representGraceMs) {
     let best;
     for (const o of this.open.values()) {
       if (o.lastTurnEndedAt != null && now - o.lastTurnEndedAt < graceMs)
         continue;
       if (backgroundWorkActive && backgroundGraceMs > 0 && now - o.openedAt < backgroundGraceMs)
         continue;
+      if (representGraceMs > 0 && o.lastRepresentedAt != null && now - o.lastRepresentedAt < representGraceMs)
+        continue;
       if (best === undefined || o.openedAt < best.openedAt)
         best = o;
     }
@@ -48332,18 +48439,21 @@ class ObligationLedger {
     o.lastTurnEndedAt = ts;
     this.persist();
   }
-  resolveCloseTarget(echoedTurnId, liveTurnId) {
+  resolveCloseTarget(echoedTurnId, liveTurnId, routedOriginId) {
     if (echoedTurnId != null)
       return echoedTurnId;
-    if (liveTurnId != null && this.open.size === 1 && this.open.has(liveTurnId))
+    if (routedOriginId != null)
+      return routedOriginId;
+    if (liveTurnId != null && this.open.has(liveTurnId))
       return liveTurnId;
     return null;
   }
-  markRepresented(originTurnId) {
+  markRepresented(originTurnId, now = Date.now()) {
     const o = this.open.get(originTurnId);
     if (o === undefined)
       return 0;
     o.representCount += 1;
+    o.lastRepresentedAt = now;
     this.persist();
     return o.representCount;
   }
@@ -53767,10 +53877,10 @@ function readTurnActiveMarkerAgeMs(stateDir, now) {
 }
 
 // ../src/build-info.ts
-var VERSION = "0.15.10";
-var COMMIT_SHA = "bb9182e1";
-var COMMIT_DATE = "2026-06-13T01:33:32Z";
-var LATEST_PR = 2302;
+var VERSION = "0.15.12";
+var COMMIT_SHA = "18b7b6e6";
+var COMMIT_DATE = "2026-06-13T04:55:14Z";
+var LATEST_PR = 2311;
 var COMMITS_AHEAD_OF_TAG = 0;
 
 // gateway/boot-version.ts
@@ -54061,6 +54171,110 @@ async function revokeGrantViaBroker(id, opts) {
   return { kind: "error", msg: "unexpected broker response" };
 }
 
+// gateway/linear-activity.ts
+init_client2();
+var LINEAR_GRAPHQL_ENDPOINT = "https://api.linear.app/graphql";
+async function defaultResolveLinearToken(agent) {
+  const key = `linear/${agent}/token`;
+  const token = readVaultTokenFile(agent) ?? undefined;
+  const result = await getViaBrokerStructured(key, token ? { token } : {});
+  if (result.kind === "ok" && result.entry.kind === "string") {
+    return { ok: true, token: result.entry.value };
+  }
+  if (result.kind === "unreachable")
+    return { ok: false, reason: "unreachable" };
+  if (result.kind === "not_found")
+    return { ok: false, reason: "not_found" };
+  if (result.kind === "denied")
+    return { ok: false, reason: "denied" };
+  return { ok: false, reason: "unknown" };
+}
+async function emitLinearAgentActivity(args, deps = {}) {
+  const log = deps.log ?? ((s) => process.stderr.write(s));
+  const sessionId = args.agent_session_id;
+  if (!sessionId)
+    throw new Error("linear_agent_activity: agent_session_id is required");
+  const type = args.type;
+  if (!type || !["thought", "message", "complete", "error"].includes(type)) {
+    throw new Error("linear_agent_activity: type must be one of thought|message|complete|error");
+  }
+  const body = args.body;
+  if (type !== "complete" && (body == null || body === "")) {
+    throw new Error(`linear_agent_activity: body is required for type='${type}'`);
+  }
+  const agent = deps.agent ?? process.env.SWITCHROOM_AGENT_NAME ?? "-";
+  const resolveToken = deps.resolveToken ?? defaultResolveLinearToken;
+  const tokenResult = await resolveToken(agent);
+  if (!tokenResult.ok) {
+    if (tokenResult.reason === "denied" || tokenResult.reason === "not_found") {
+      return {
+        content: [
+          {
+            type: "text",
+            text: `linear_agent_activity failed: no Linear token (vault ${tokenResult.reason}). ` + `Call vault_request_access for key 'linear/${agent}/token' (scope read), then retry.`
+          }
+        ]
+      };
+    }
+    return {
+      content: [
+        {
+          type: "text",
+          text: `linear_agent_activity failed: vault broker ${tokenResult.reason} resolving 'linear/${agent}/token'.`
+        }
+      ]
+    };
+  }
+  const content = { type };
+  if (body != null && body !== "")
+    content.body = body;
+  const mutation = "mutation AgentActivityCreate($input: AgentActivityCreateInput!) { " + "agentActivityCreate(input: $input) { success agentActivity { id } } }";
+  const variables = { input: { agentSessionId: sessionId, content } };
+  const fetchImpl = deps.fetchImpl ?? fetch;
+  let resp;
+  try {
+    resp = await fetchImpl(LINEAR_GRAPHQL_ENDPOINT, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: tokenResult.token
+      },
+      body: JSON.stringify({ query: mutation, variables })
+    });
+  } catch (err) {
+    return {
+      content: [{ type: "text", text: `linear_agent_activity failed: request error: ${err.message}` }]
+    };
+  }
+  if (!resp.ok) {
+    const txt = await resp.text().catch(() => "");
+    return {
+      content: [
+        { type: "text", text: `linear_agent_activity failed: Linear API ${resp.status}${txt ? ` \u2014 ${txt.slice(0, 200)}` : ""}` }
+      ]
+    };
+  }
+  let json;
+  try {
+    json = await resp.json();
+  } catch {
+    return { content: [{ type: "text", text: "linear_agent_activity failed: malformed Linear API response" }] };
+  }
+  if (json.errors && json.errors.length > 0) {
+    return {
+      content: [
+        { type: "text", text: `linear_agent_activity failed: ${json.errors.map((e) => e.message ?? "error").join("; ").slice(0, 300)}` }
+      ]
+    };
+  }
+  if (json.data?.agentActivityCreate?.success === false) {
+    return { content: [{ type: "text", text: "linear_agent_activity failed: Linear reported success=false" }] };
+  }
+  log(`telegram gateway: linear_agent_activity: emitted type=${type} session=${sessionId} agent=${agent}
+`);
+  return { content: [{ type: "text", text: `Linear ${type} emitted on session ${sessionId}` }] };
+}
+
 // vault-approval-posture.ts
 function resolveVaultApprovalPosture(broker) {
   if (broker?.approvalAuth === "telegram-id") {
@@ -55003,6 +55217,13 @@ var OBLIGATION_BACKGROUND_WORK_GRACE_MS = (() => {
   const n = Number(raw);
   return Number.isFinite(n) && n >= 0 ? n : 1200000;
 })();
+var OBLIGATION_REPRESENT_GRACE_MS = (() => {
+  const raw = process.env.SWITCHROOM_OBLIGATION_REPRESENT_GRACE_MS;
+  if (raw == null || raw === "")
+    return 120000;
+  const n = Number(raw);
+  return Number.isFinite(n) && n >= 0 ? n : 120000;
+})();
 var TURN_ACTIVE_MARKER_FRESH_MS = 90000;
 var AUTOCLASSIFY_MIDTURN_SHADOW = process.env.SWITCHROOM_AUTOCLASSIFY_MIDTURN_SHADOW !== "0";
 var lastAgentOutputAt = new Map;
@@ -55158,11 +55379,12 @@ function hasDifferentThreadedRecentTurn(chatId, liveThreadId) {
   }
   return false;
 }
-function closeObligationOnSubstantiveReply(args, liveTurn) {
+function closeObligationOnSubstantiveReply(args, liveTurn, routedOriginTurn) {
   if (!OBLIGATION_LEDGER_ENABLED)
     return;
   const echoed = findTurnByOriginId(args.origin_turn_id);
-  const target = obligationLedger.resolveCloseTarget(echoed?.turnId, liveTurn?.turnId);
+  const routedOriginId = routedOriginTurn != null && echoed == null ? routedOriginTurn.turnId : null;
+  const target = obligationLedger.resolveCloseTarget(echoed?.turnId, liveTurn?.turnId, routedOriginId);
   if (target != null)
     obligationLedger.close(target);
 }
@@ -56538,11 +56760,12 @@ function obligationSweep() {
   const agent = process.env.SWITCHROOM_AGENT_NAME ?? "";
   const now = Date.now();
   const backgroundWorkActive = OBLIGATION_BACKGROUND_WORK_GRACE_MS > 0 && agentHasInFlightBackgroundWork(now);
-  const decision = obligationLedger.decideAtIdle(OBLIGATION_ESCALATE_GRACE_MS > 0 || backgroundWorkActive ? {
+  const decision = obligationLedger.decideAtIdle(OBLIGATION_ESCALATE_GRACE_MS > 0 || backgroundWorkActive || OBLIGATION_REPRESENT_GRACE_MS > 0 ? {
     now,
     graceMs: OBLIGATION_ESCALATE_GRACE_MS,
     backgroundWorkActive,
-    backgroundGraceMs: OBLIGATION_BACKGROUND_WORK_GRACE_MS
+    backgroundGraceMs: OBLIGATION_BACKGROUND_WORK_GRACE_MS,
+    representGraceMs: OBLIGATION_REPRESENT_GRACE_MS
   } : undefined);
   const o = decision.obligation;
   if (decision.action === "none" || o == null) {
@@ -56562,6 +56785,12 @@ function obligationSweep() {
 `);
     return;
   }
+  if (HISTORY_ENABLED && hasOutboundDeliveredSince(o.chatId, o.openedAt, o.threadId)) {
+    process.stderr.write(`telegram gateway: obligation closed silently \u2014 outbound delivered since open origin=${o.originTurnId}
+`);
+    obligationLedger.close(o.originTurnId);
+    return;
+  }
   driveEscalation({
     escId: o.originTurnId,
     inFlight: obligationEscalateInFlight,
@@ -57253,7 +57482,8 @@ var ALLOWED_TOOLS = new Set([
   "send_gif",
   "vault_request_save",
   "vault_request_access",
-  "request_secret"
+  "request_secret",
+  "linear_agent_activity"
 ]);
 async function executeToolCall(tool, args) {
   if (!ALLOWED_TOOLS.has(tool)) {
@@ -57298,6 +57528,8 @@ async function executeToolCall(tool, args) {
       return executeVaultRequestAccess(args);
     case "request_secret":
       return executeRequestSecret(args);
+    case "linear_agent_activity":
+      return executeLinearAgentActivity(args);
     default:
       throw new Error(`unknown tool: ${tool}`);
   }
@@ -57328,6 +57560,9 @@ async function executeSendChecklist(args) {
 `);
   return { content: [{ type: "text", text: `checklist sent (id: ${sent.message_id})` }] };
 }
+async function executeLinearAgentActivity(args) {
+  return emitLinearAgentActivity(args);
+}
 async function executeUpdateChecklist(args) {
   const chat_id = args.chat_id;
   if (!chat_id)
@@ -57444,12 +57679,14 @@ ${url}`;
     effectiveText = text;
   }
   assertAllowedChat(chat_id);
+  let replyRoutedOriginTurn = null;
   let threadId;
   if (TURN_ORIGIN_ROUTING_ENABLED) {
     const explicit = args.message_thread_id != null ? Number(args.message_thread_id) : undefined;
     const echoedTurn = findTurnByOriginId(args.origin_turn_id);
     const quotedTurn = echoedTurn == null ? findTurnByQuotedMessageId(chat_id, args.reply_to) : null;
     const originTurn = echoedTurn ?? quotedTurn;
+    replyRoutedOriginTurn = originTurn ?? null;
     threadId = resolveAnswerThreadWithLog(chat_id, Number.isFinite(explicit) ? explicit : undefined, originTurn, originTurn == null ? null : echoedTurn != null ? "echo" : "quoted", turn, "reply");
   } else {
     threadId = resolveThreadId(chat_id, args.message_thread_id ?? (turn?.sessionThreadId != null ? turn.sessionThreadId : undefined));
@@ -57583,7 +57820,7 @@ ${url}`;
               disableNotification
             });
             if (turn2.finalAnswerSubstantive)
-              closeObligationOnSubstantiveReply(args, turn2);
+              closeObligationOnSubstantiveReply(args, turn2, replyRoutedOriginTurn);
           }
           outboundDedup.record(chat_id, threadId, decision.mergedText, Date.now(), turn2?.registryKey ?? null);
           silentAnchorEditDone = true;
@@ -57786,7 +58023,7 @@ ${url}`;
       turn.finalAnswerSubstantive = isSubstantiveFinalReply({ text: rawText, disableNotification });
       finalizeStatusReaction(chat_id, threadId, "done");
       if (turn.finalAnswerSubstantive)
-        closeObligationOnSubstantiveReply(args, turn);
+        closeObligationOnSubstantiveReply(args, turn, replyRoutedOriginTurn);
     }
     releaseTurnBufferGate(statusKey(chat_id, threadId), turn ?? undefined);
     if (turn?.finalAnswerDelivered === true) {
@@ -57806,13 +58043,19 @@ async function executeStreamReply(args) {
     throw new Error("stream_reply: chat_id is required");
   if (args.text == null || args.text === "")
     throw new Error("stream_reply: text is required and cannot be empty");
+  let streamRoutedOriginTurn = null;
+  let streamOriginVia = null;
+  if (TURN_ORIGIN_ROUTING_ENABLED) {
+    const echoedTurn = findTurnByOriginId(args.origin_turn_id);
+    const quotedTurn = echoedTurn == null ? findTurnByQuotedMessageId(String(args.chat_id), args.reply_to) : null;
+    const originTurn = echoedTurn ?? quotedTurn;
+    streamRoutedOriginTurn = originTurn ?? null;
+    streamOriginVia = originTurn == null ? null : echoedTurn != null ? "echo" : "quoted";
+  }
   if (args.message_thread_id == null) {
     let injected;
     if (TURN_ORIGIN_ROUTING_ENABLED) {
-      const echoedTurn = findTurnByOriginId(args.origin_turn_id);
-      const quotedTurn = echoedTurn == null ? findTurnByQuotedMessageId(String(args.chat_id), args.reply_to) : null;
-      const originTurn = echoedTurn ?? quotedTurn;
-      injected = resolveAnswerThreadWithLog(String(args.chat_id), undefined, originTurn, originTurn == null ? null : echoedTurn != null ? "echo" : "quoted", turn, "stream_reply");
+      injected = resolveAnswerThreadWithLog(String(args.chat_id), undefined, streamRoutedOriginTurn, streamOriginVia, turn, "stream_reply");
     } else {
       injected = turn?.sessionThreadId;
     }
@@ -57955,7 +58198,7 @@ async function executeStreamReply(args) {
       done: args.done === true
     });
     if (turn.finalAnswerSubstantive)
-      closeObligationOnSubstantiveReply(args, turn);
+      closeObligationOnSubstantiveReply(args, turn, streamRoutedOriginTurn);
     const streamThreadIdForClear = args.message_thread_id != null ? Number(args.message_thread_id) : undefined;
     clearSilentEndState(statusKey(streamChatId, streamThreadIdForClear));
   }