switchroom 0.15.11 → 0.15.13

package/telegram-plugin/dist/gateway/gateway.js

@@ -23993,6 +23993,12 @@ var init_schema = __esm(() => {
     }).optional().describe("Per-source rate limit for the webhook ingest path (#714). " + "Off by default \u2014 when this key is absent the handler skips " + "rate-limit checks entirely. Opt in by setting `rpm` to an " + "integer requests-per-minute (token bucket per (agent, source); " + "burst equal to rpm). When enabled, exceeding the limit returns " + "429 with Retry-After header; first throttle event per " + "(agent, source) per 60s window is written to " + "<agent>/telegram/issues.jsonl. " + "Cascades from defaults.channels.telegram.webhook_rate_limit."),
     webhook_via_gateway: exports_external.boolean().optional().describe("Route verified webhook events to the agent's in-container gateway " + "over a peercred-gated UDS (<agent>/telegram/webhook.sock) instead " + "of having the host-side web receiver write the agent dir directly. " + "Required under the Docker runtime: the receiver runs as the host " + "operator UID and cannot write the per-agent-UID-owned agent dir " + "(EACCES 500) nor connect the gateway socket. When true the gateway " + "(running as the agent UID) becomes the sole writer of " + "webhook-events.jsonl + dedup/cooldown state and also fires " + "webhook_dispatch. Off by default for back-compat with host-runtime " + "installs. See docs/rfcs/webhook-via-gateway-socket.md."),
     webhook_require_edge: exports_external.boolean().optional().describe("Cloudflare-only edge lock: require the X-Switchroom-Edge header " + "(injected by a Cloudflare Transform Rule on hooks.switchroom.ai) to " + "match the operator's edge secret at ~/.switchroom/webhook-edge-secret " + "before any HMAC verification; reject 403 otherwise. Proves the " + "request entered through our Cloudflare edge \u2014 the per-agent HMAC " + "alone can't (it proves body provenance, not network path). Stacks " + "on the GitHub-IP WAF + per-agent HMAC. Fail-closed: when required " + "but the secret file is missing/empty every request is rejected. Off " + "by default. See docs/rfcs/webhook-cloudflare-edge-lock.md."),
+    linear_agent: exports_external.object({
+      enabled: exports_external.boolean(),
+      token: exports_external.string().describe("vault:<key> reference to the Linear OAuth app token (actor=app). " + "Resolved at runtime via the vault broker (canonically " + "vault:linear/<agent>/token). Never an inline literal."),
+      workspace_id: exports_external.string().optional().describe("Optional Linear workspace (organization) id this agent is " + "installed into. Informational \u2014 used for setup hints and " + "multi-workspace disambiguation; the token already scopes the " + "app to its workspace."),
+      default_team_id: exports_external.string().optional().describe("Optional Linear team id new captured issues file into when the " + "agent doesn't pass an explicit team_id. Unnecessary for a " + "single-team workspace (auto-resolved); set it only when the " + "workspace has multiple teams. Manage via " + "`switchroom linear-agent set-team <agent> <team>`.")
+    }).optional().describe("Linear first-class agent integration (#2298). When enabled, the " + "agent appears in a Linear workspace as an app actor (own name/" + "avatar, @-mentionable, delegate-assignable). Linear AgentSessionEvent " + "webhooks (mention / delegation) wake the agent instantly via the " + "same gateway inject path as webhook_dispatch, tagged " + 'meta.source="linear" with the agent_session_id, and the agent ' + "responds with structured AgentActivity (thought/message/complete/" + "error) via the linear_agent_activity MCP tool. Builds the " + "session-lifecycle layer on top of the plain webhook_sources:[linear] " + "+ webhook_dispatch support (#2272). The OAuth app token is stored in " + "the vault and referenced here as vault:linear/<agent>/token; run " + "`switchroom linear-agent setup <agent>` to provision it. Off by " + "default \u2014 opt in per agent. Cascades from " + "defaults.channels.telegram.linear_agent."),
     chat_id: exports_external.string().regex(/^-\d+$/, 'supergroup chat_id must be a negative integer as a string (e.g. "-1001234567890")').optional().describe("Per-agent supergroup ID \u2014 overrides fleet `telegram.forum_chat_id`. " + "When set, requires `default_topic_id`. Negative integer as string. " + "Forbidden when `dm_only: true`. See docs/rfcs/supergroup-mode.md."),
     default_topic_id: exports_external.number().int().positive().optional().describe("Forum topic ID this agent's automated outbounds default to when " + "no more-specific alias resolves. Defaults to General (topic 1) when " + "`chat_id` is set and this is omitted \u2014 set it only to pin a different " + "fallback topic. " + "Telegram's General topic is `id=1` at MTProto but sends omit the " + "field \u2014 the outbound wrapper strips `message_thread_id === 1` " + "on send. Forbidden when `dm_only: true`."),
     topic_aliases: exports_external.record(exports_external.string(), exports_external.number().int().positive()).optional().describe("Operator-friendly names for forum topic IDs (e.g. " + "`{ general: 1, planning: 17, cron: 23, admin: 31, alerts: 41 }`). " + "Referenced from per-cron `topic:` fields and the outbound router " + "for autonomous events (boot \u2192 alerts, hostd \u2192 admin, etc.). " + "Cascades per-key through defaults \u2192 profile \u2192 agent.")
@@ -24875,6 +24881,16 @@ function mergeAgentConfig(defaultsIn, agentIn) {
     }
     merged.reaction_dispatch = combined;
   }
+  const linearEnabled = merged.channels?.telegram?.linear_agent?.enabled === true;
+  if (linearEnabled) {
+    const rd = merged.reaction_dispatch;
+    if (!rd || rd.emojis === undefined) {
+      merged.reaction_dispatch = {
+        enabled: rd?.enabled ?? true,
+        emojis: ["\uD83D\uDC68\u200d\uD83D\uDCBB", "\uD83D\uDCCC"]
+      };
+    }
+  }
   if (defaults.resources || merged.resources) {
     const d = defaults.resources ?? {};
     const a = merged.resources ?? {};
@@ -31450,7 +31466,7 @@ import {
   appendFileSync as appendFileSync5
 } from "fs";
 import { homedir as homedir14 } from "os";
-import { join as join35, extname, sep as sep3, basename as basename7 } from "path";
+import { join as join35, extname, sep as sep3, basename as basename9 } from "path";
 
 // plugin-logger.ts
 import { appendFileSync, mkdirSync, renameSync, statSync, existsSync } from "fs";
@@ -44920,7 +44936,7 @@ function labelTag(label) {
 }
 
 // gateway/model-command.ts
-var MODEL_ALIASES = ["opus", "sonnet", "haiku", "default"];
+var MODEL_ALIASES = ["opus", "sonnet", "haiku", "fable", "default"];
 var MODEL_ARG_RE = /^[A-Za-z0-9][A-Za-z0-9._\[\]-]{0,99}$/;
 function isValidModelArg(arg) {
   return MODEL_ARG_RE.test(arg);
@@ -45821,6 +45837,16 @@ function mergeAgentConfig2(defaultsIn, agentIn) {
     }
     merged.reaction_dispatch = combined;
   }
+  const linearEnabled = merged.channels?.telegram?.linear_agent?.enabled === true;
+  if (linearEnabled) {
+    const rd = merged.reaction_dispatch;
+    if (!rd || rd.emojis === undefined) {
+      merged.reaction_dispatch = {
+        enabled: rd?.enabled ?? true,
+        emojis: ["\uD83D\uDC68\u200d\uD83D\uDCBB", "\uD83D\uDCCC"]
+      };
+    }
+  }
   if (defaults.resources || merged.resources) {
     const d = defaults.resources ?? {};
     const a = merged.resources ?? {};
@@ -47026,6 +47052,53 @@ function injectWebhookInbound(agent, prompt, ctx, deps = {}) {
 `)).catch((err) => log(`webhook-dispatch: agent='${agent}' inject failed: ${String(err)}
 `));
 }
+function parseLinearAgentSession(payload) {
+  const type = String(payload.type ?? "").toLowerCase();
+  if (type !== "agentsessionevent")
+    return null;
+  const action = String(payload.action ?? "").toLowerCase();
+  const session = payload.agentSession ?? payload.agent_session ?? {};
+  const sessionId = String(session.id ?? payload.agentSessionId ?? payload.agent_session_id ?? "");
+  if (!sessionId)
+    return null;
+  const explicitTrigger = String(session.trigger ?? payload.trigger ?? "").toLowerCase();
+  const comment = session.comment;
+  const trigger = explicitTrigger === "mention" || explicitTrigger === "delegation" ? explicitTrigger : comment ? "mention" : "delegation";
+  const promptContext = typeof payload.promptContext === "string" ? payload.promptContext : typeof session.promptContext === "string" ? session.promptContext : undefined;
+  const issue = session.issue ?? {};
+  const issueId = String(issue.identifier ?? "");
+  const issueTitle = String(issue.title ?? "");
+  const commentBody = typeof comment?.body === "string" ? comment.body : "";
+  const summaryParts = [];
+  summaryParts.push(trigger === "mention" ? `You were @mentioned in Linear` : `An issue was delegated to you in Linear`);
+  if (issueId || issueTitle) {
+    summaryParts.push(`Issue ${issueId}${issueTitle ? `: ${issueTitle}` : ""}`.trim());
+  }
+  if (commentBody)
+    summaryParts.push(commentBody);
+  const summary = summaryParts.join(`
+`);
+  return { sessionId, trigger, action, promptContext, summary };
+}
+function buildLinearInbound(session, ctx, now) {
+  const content = session.promptContext && session.promptContext.trim().length > 0 ? session.promptContext : session.summary;
+  return {
+    type: "inbound",
+    chatId: ctx.chatId,
+    ...ctx.threadId !== undefined ? { threadId: ctx.threadId } : {},
+    messageId: now,
+    user: "linear",
+    userId: 0,
+    ts: now,
+    text: content,
+    meta: {
+      source: "linear",
+      agent_session_id: session.sessionId,
+      linear_trigger: session.trigger,
+      linear_event: `agent_session.${session.action || "event"}`
+    }
+  };
+}
 function evaluateDispatch(args, deps = {}) {
   const log = deps.log ?? ((s) => process.stderr.write(s));
   const now = (deps.now ?? Date.now)();
@@ -47137,6 +47210,38 @@ function recordWebhookEvent(rec, deps = {}) {
   }
   log(`webhook-gateway: agent='${agent}' source='${rec.source}' event='${rec.event_type}' recorded ts=${now}
 `);
+  if (rec.source === "linear") {
+    try {
+      const session = parseLinearAgentSession(rec.payload);
+      if (session) {
+        const config = (deps.loadConfig ?? loadConfig)();
+        const rawAgent = config.agents?.[agent];
+        const linearAgent = rawAgent ? resolveAgentConfig(config.defaults, config.profiles, rawAgent).channels?.telegram?.linear_agent : undefined;
+        if (!linearAgent?.enabled) {
+          log(`linear-agent: agent='${agent}' session='${session.sessionId}' ignored \u2014 linear_agent not enabled
+`);
+        } else {
+          const target = resolveChannelTarget(config, agent);
+          if (!target) {
+            log(`linear-agent: agent='${agent}' session='${session.sessionId}' skipped \u2014 no chat target (forum_chat_id / chat_id unset)
+`);
+          } else {
+            const inbound = buildLinearInbound(session, {
+              chatId: target.chatId,
+              ...target.threadId !== undefined ? { threadId: target.threadId } : {}
+            }, now);
+            const ok = deps.inject ? deps.inject(agent, inbound) : false;
+            log(`linear-agent: agent='${agent}' session='${session.sessionId}' trigger='${session.trigger}' ` + `${ok ? "injected" : "NOT injected (no inject sink)"}
+`);
+            return { status: "ok", ts: now, dispatched: ok ? 1 : 0 };
+          }
+        }
+      }
+    } catch (err) {
+      log(`linear-agent: agent='${agent}' session inject error (event recorded): ${err.message}
+`);
+    }
+  }
   let dispatched = 0;
   try {
     const config = (deps.loadConfig ?? loadConfig)();
@@ -52697,9 +52802,10 @@ function defaultReadEvents(stateDir) {
   return readAll(stateDir);
 }
 // permission-title.ts
-import { basename as basename5 } from "node:path";
+import { basename as basename6 } from "node:path";
 
 // permission-rule.ts
+import { basename as basename5 } from "node:path";
 var FILE_TOOLS = new Set([
   "Edit",
   "Write",
@@ -52720,6 +52826,83 @@ var BROAD_ONLY_TOOLS = new Set([
 function prettyMcpServer(server) {
   return server.split(/[-_]/).filter((w) => w.length > 0).map((w) => w.charAt(0).toUpperCase() + w.slice(1)).join(" ");
 }
+function resolveSkillName(input) {
+  return readString(input, "skill") ?? readString(input, "skill_name") ?? readString(input, "skillName") ?? readString(input, "name") ?? skillBasenameFromPath(input);
+}
+function filePathFrom(input) {
+  if (!input)
+    return null;
+  return readString(input, "file_path") ?? readString(input, "notebook_path");
+}
+function bashFirstToken(command) {
+  const m = /^\s*([^\s|&;<>()`$]+)/.exec(command);
+  if (!m)
+    return null;
+  const tok = m[1];
+  if (tok.includes(".."))
+    return null;
+  return /^[A-Za-z0-9._\-\/]+$/.test(tok) ? tok : null;
+}
+function parseInput(raw) {
+  if (!raw || typeof raw !== "string")
+    return null;
+  const trimmed = raw.trim();
+  if (!trimmed.startsWith("{"))
+    return null;
+  try {
+    const parsed = JSON.parse(trimmed);
+    if (parsed && typeof parsed === "object" && !Array.isArray(parsed)) {
+      return parsed;
+    }
+  } catch {}
+  return null;
+}
+function readString(input, key) {
+  const value = input[key];
+  return typeof value === "string" && value.length > 0 ? value : null;
+}
+function skillBasenameFromPath(input) {
+  const path = readString(input, "path") ?? readString(input, "skill_path");
+  if (!path)
+    return null;
+  const trimmed = path.replace(/\/SKILL\.md$/i, "").replace(/\/$/, "");
+  return basename5(trimmed) || null;
+}
+function matchesAllowRule(rule, toolName, inputPreview) {
+  if (!rule || !toolName)
+    return false;
+  if (rule.endsWith("__*") && rule.startsWith("mcp__")) {
+    const prefix = rule.slice(0, -1);
+    return toolName.startsWith(prefix);
+  }
+  const scoped = /^([A-Za-z]+)\((.+)\)$/.exec(rule);
+  if (scoped) {
+    const ruleTool = scoped[1];
+    const arg = scoped[2];
+    if (ruleTool !== toolName)
+      return false;
+    const input = parseInput(inputPreview);
+    if (ruleTool === "Skill") {
+      if (!input)
+        return false;
+      return resolveSkillName(input) === arg;
+    }
+    if (ruleTool === "Bash") {
+      const cmd = input ? readString(input, "command") : null;
+      if (!cmd)
+        return false;
+      const m = /^([^:]+):\*$/.exec(arg);
+      if (!m)
+        return false;
+      return bashFirstToken(cmd) === m[1];
+    }
+    if (FILE_TOOLS.has(ruleTool)) {
+      return filePathFrom(input) === arg;
+    }
+    return false;
+  }
+  return rule === toolName;
+}
 
 // permission-title.ts
 init_redact();
@@ -52778,7 +52961,7 @@ function formatPermissionCardBody(opts) {
 `);
 }
 function naturalAction(toolName, inputPreview) {
-  const input = parseInput(inputPreview);
+  const input = parseInput2(inputPreview);
   if (toolName.startsWith("mcp__"))
     return naturalMcpAction(toolName, input);
   switch (toolName) {
@@ -52797,24 +52980,24 @@ function naturalAction(toolName, inputPreview) {
       return f ? `read: ${f}` : "read files";
     }
     case "Bash": {
-      const c = input ? readString(input, "command") : null;
+      const c = input ? readString2(input, "command") : null;
       return c ? `run: ${truncate6(c, COMMAND_TITLE_MAX)}` : "run shell commands";
     }
     case "Skill": {
-      const s = input ? resolveSkillName(input) : null;
+      const s = input ? resolveSkillName2(input) : null;
       return s ? `use the ${s} skill` : "use a skill";
     }
     case "Glob":
     case "Grep": {
-      const p = input ? readString(input, "pattern") : null;
+      const p = input ? readString2(input, "pattern") : null;
       return p ? `search files for: ${truncate6(p, COMMAND_TITLE_MAX)}` : "search files";
     }
     case "WebSearch": {
-      const q = input ? readString(input, "query") : null;
+      const q = input ? readString2(input, "query") : null;
       return q ? `search the web for: ${truncate6(q, COMMAND_TITLE_MAX)}` : "search the web";
     }
     case "WebFetch": {
-      const u = input ? readString(input, "url") : null;
+      const u = input ? readString2(input, "url") : null;
       return u ? `fetch a web page: ${truncate6(u, COMMAND_TITLE_MAX)}` : "fetch a web page";
     }
     case "Task":
@@ -52852,7 +53035,7 @@ function restResourcePhrase(server, verb, input) {
     return null;
   let path = null;
   for (const key of RESOURCE_KEYS) {
-    path = readString(input, key);
+    path = readString2(input, key);
     if (path)
       break;
   }
@@ -52868,7 +53051,7 @@ function mcpArgSummary(toolName, inputPreview) {
   const server = toolName.split("__")[1] ?? "";
   if (INTERNAL_MCP_SERVERS.has(server))
     return null;
-  const input = parseInput(inputPreview);
+  const input = parseInput2(inputPreview);
   if (!input)
     return null;
   const payload = input.body ?? input.query;
@@ -52912,11 +53095,11 @@ function describeGrant(toolName, inputPreview, option) {
       return m ? `run ${m[1]} commands` : "run that command";
     }
     if (t === "Edit" || t === "MultiEdit" || t === "NotebookEdit")
-      return `edit ${basename5(arg)}`;
+      return `edit ${basename6(arg)}`;
     if (t === "Write")
-      return `write ${basename5(arg)}`;
+      return `write ${basename6(arg)}`;
     if (t === "Read")
-      return `read ${basename5(arg)}`;
+      return `read ${basename6(arg)}`;
     return naturalAction(toolName, inputPreview);
   }
   switch (rule) {
@@ -52948,14 +53131,14 @@ function formatPermissionResumeMessage(opts) {
   }
   return hasAction ? `\uD83D\uDEAB ${who} \u2014 noted, I won't ${escapeTgHtml(lowerFirst(act))}. Continuing without it.` : `\uD83D\uDEAB ${who} \u2014 noted, continuing without it.`;
 }
-function resolveSkillName(input) {
-  return readString(input, "skill") ?? readString(input, "skill_name") ?? readString(input, "skillName") ?? readString(input, "name") ?? skillBasenameFromPath(input);
+function resolveSkillName2(input) {
+  return readString2(input, "skill") ?? readString2(input, "skill_name") ?? readString2(input, "skillName") ?? readString2(input, "name") ?? skillBasenameFromPath2(input);
 }
 function fileBase(input) {
   if (!input)
     return null;
-  const p = readString(input, "file_path") ?? readString(input, "notebook_path");
-  return p ? basename5(p) : null;
+  const p = readString2(input, "file_path") ?? readString2(input, "notebook_path");
+  return p ? basename6(p) : null;
 }
 function lowerFirst(text) {
   return text.length > 0 ? text.charAt(0).toLowerCase() + text.slice(1) : text;
@@ -52966,7 +53149,7 @@ function capFirst(text) {
 function escapeTgHtml(text) {
   return text.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
 }
-function parseInput(raw) {
+function parseInput2(raw) {
   if (!raw || typeof raw !== "string")
     return null;
   const trimmed = raw.trim();
@@ -52980,12 +53163,12 @@ function parseInput(raw) {
   } catch {}
   return null;
 }
-function readString(input, key) {
+function readString2(input, key) {
   const value = input[key];
   return typeof value === "string" && value.length > 0 ? value : null;
 }
-function skillBasenameFromPath(input) {
-  const path = readString(input, "path") ?? readString(input, "skill_path");
+function skillBasenameFromPath2(input) {
+  const path = readString2(input, "path") ?? readString2(input, "skill_path");
   if (!path)
     return null;
   const trimmed = path.replace(/\/SKILL\.md$/i, "").replace(/\/$/, "");
@@ -53001,7 +53184,7 @@ function truncate6(text, max) {
 }
 
 // permission-rule.ts
-import { basename as basename6 } from "node:path";
+import { basename as basename7 } from "node:path";
 var FILE_TOOLS2 = new Set([
   "Edit",
   "Write",
@@ -53022,9 +53205,9 @@ var BROAD_ONLY_TOOLS2 = new Set([
 function resolveScopedAllowChoices(toolName, inputPreview) {
   if (!toolName)
     return null;
-  const input = parseInput2(inputPreview);
+  const input = parseInput3(inputPreview);
   if (toolName === "Skill") {
-    const skill = input ? resolveSkillName2(input) : null;
+    const skill = input ? resolveSkillName3(input) : null;
     if (!skill)
       return null;
     if (!/^[A-Za-z0-9._\-+]+$/.test(skill))
@@ -53035,7 +53218,7 @@ function resolveScopedAllowChoices(toolName, inputPreview) {
     };
   }
   if (FILE_TOOLS2.has(toolName)) {
-    const path = filePathFrom(input);
+    const path = filePathFrom2(input);
     const broad = { rule: toolName, buttonLabel: "Any file", broad: true };
     if (path) {
       return {
@@ -53047,8 +53230,8 @@ function resolveScopedAllowChoices(toolName, inputPreview) {
   }
   if (toolName === "Bash") {
     const broad = { rule: "Bash", buttonLabel: "Any command", broad: true };
-    const cmd = input ? readString2(input, "command") : null;
-    const tok = cmd ? bashFirstToken(cmd) : null;
+    const cmd = input ? readString3(input, "command") : null;
+    const tok = cmd ? bashFirstToken2(cmd) : null;
     if (tok) {
       return {
         specific: { rule: `Bash(${tok}:*)`, buttonLabel: `${tok} commands`, broad: false },
@@ -53076,15 +53259,15 @@ function resolveScopedAllowChoices(toolName, inputPreview) {
 function prettyMcpServer2(server) {
   return server.split(/[-_]/).filter((w) => w.length > 0).map((w) => w.charAt(0).toUpperCase() + w.slice(1)).join(" ");
 }
-function resolveSkillName2(input) {
-  return readString2(input, "skill") ?? readString2(input, "skill_name") ?? readString2(input, "skillName") ?? readString2(input, "name") ?? skillBasenameFromPath2(input);
+function resolveSkillName3(input) {
+  return readString3(input, "skill") ?? readString3(input, "skill_name") ?? readString3(input, "skillName") ?? readString3(input, "name") ?? skillBasenameFromPath3(input);
 }
-function filePathFrom(input) {
+function filePathFrom2(input) {
   if (!input)
     return null;
-  return readString2(input, "file_path") ?? readString2(input, "notebook_path");
+  return readString3(input, "file_path") ?? readString3(input, "notebook_path");
 }
-function bashFirstToken(command) {
+function bashFirstToken2(command) {
   const m = /^\s*([^\s|&;<>()`$]+)/.exec(command);
   if (!m)
     return null;
@@ -53093,7 +53276,7 @@ function bashFirstToken(command) {
     return null;
   return /^[A-Za-z0-9._\-\/]+$/.test(tok) ? tok : null;
 }
-function parseInput2(raw) {
+function parseInput3(raw) {
   if (!raw || typeof raw !== "string")
     return null;
   const trimmed = raw.trim();
@@ -53107,21 +53290,136 @@ function parseInput2(raw) {
   } catch {}
   return null;
 }
-function readString2(input, key) {
+function readString3(input, key) {
   const value = input[key];
   return typeof value === "string" && value.length > 0 ? value : null;
 }
-function skillBasenameFromPath2(input) {
-  const path = readString2(input, "path") ?? readString2(input, "skill_path");
+function skillBasenameFromPath3(input) {
+  const path = readString3(input, "path") ?? readString3(input, "skill_path");
   if (!path)
     return null;
   const trimmed = path.replace(/\/SKILL\.md$/i, "").replace(/\/$/, "");
-  return basename6(trimmed) || null;
+  return basename7(trimmed) || null;
 }
 function isRulePersisted(resolvedAllow, ruleRule) {
   return resolvedAllow.includes(ruleRule);
 }
 
+// scoped-approval.ts
+import { basename as basename8 } from "node:path";
+var SCOPED_APPROVAL_DEFAULT_TTL_MS = 30 * 60 * 1000;
+function scopedApprovalTtlMs(env = process.env) {
+  const raw = env.SWITCHROOM_SCOPED_APPROVAL_TTL_MS;
+  if (raw === undefined || raw.trim() === "")
+    return SCOPED_APPROVAL_DEFAULT_TTL_MS;
+  const n = Number(raw);
+  if (!Number.isFinite(n) || n < 0)
+    return SCOPED_APPROVAL_DEFAULT_TTL_MS;
+  return Math.floor(n);
+}
+var FILE_RULE = /^(Edit|Write|MultiEdit|NotebookEdit|Read)\((.+)\)$/;
+var BASH_FAMILY_RULE = /^Bash\(([^:]+):\*\)$/;
+function resolveTimeBox(toolName, inputPreview, choices) {
+  const specific = choices?.specific;
+  if (!specific || specific.broad)
+    return null;
+  const rule = specific.rule;
+  const fileMatch = FILE_RULE.exec(rule);
+  if (fileMatch) {
+    const verb = fileMatch[1] === "Read" ? "reads of" : "edits to";
+    return { rule, breadth: `${verb} ${basename8(fileMatch[2])}` };
+  }
+  const bashMatch = BASH_FAMILY_RULE.exec(rule);
+  if (bashMatch) {
+    const cmd = readBashCommand(inputPreview);
+    if (!cmd || isDestructiveBashCommand(cmd))
+      return null;
+    return { rule, breadth: `any \`${bashMatch[1]}\` command` };
+  }
+  return null;
+}
+function recordScopedGrant(store2, agent, rule, now, ttlMs) {
+  if (ttlMs <= 0)
+    return;
+  const list2 = store2.get(agent) ?? [];
+  const others = list2.filter((g) => g.rule !== rule);
+  others.push({ rule, expiresAt: now + ttlMs });
+  store2.set(agent, others);
+}
+function lookupScopedGrant(store2, agent, toolName, inputPreview, now) {
+  const list2 = store2.get(agent);
+  if (!list2 || list2.length === 0)
+    return null;
+  for (const g of list2) {
+    if (g.expiresAt <= now)
+      continue;
+    if (!matchesAllowRule(g.rule, toolName, inputPreview))
+      continue;
+    if (toolName === "Bash") {
+      const cmd = readBashCommand(inputPreview);
+      if (!cmd || isDestructiveBashCommand(cmd))
+        return null;
+    }
+    return g.rule;
+  }
+  return null;
+}
+function sweepScopedGrants(store2, now) {
+  for (const [agent, list2] of store2) {
+    const live = list2.filter((g) => g.expiresAt > now);
+    if (live.length === 0)
+      store2.delete(agent);
+    else if (live.length !== list2.length)
+      store2.set(agent, live);
+  }
+}
+function isDestructiveBashCommand(command) {
+  if (!command || !command.trim())
+    return true;
+  const c = command.toLowerCase();
+  if (c.includes("`"))
+    return true;
+  if (/\|\s*(sudo\s+)?(sh|bash|zsh|fish|python\d?|perl|ruby|node)\b/.test(c))
+    return true;
+  if (/(^|\s|;|&&|\|\||\()sudo\b/.test(c))
+    return true;
+  if (/(^|\s|;|&&|\|\||\()(su|doas)\s/.test(c))
+    return true;
+  if (/(^|\s|;|&&|\|\||\()(rm|rmdir|dd|shred|truncate|fdisk|mkfs\S*|wipefs|blkdiscard|fallocate)\b/.test(c))
+    return true;
+  if (/\b(chmod|chown|chgrp)\b[^|;&]*(\s-(-recursive|[a-z]*r[a-z]*)\b)/.test(c))
+    return true;
+  if (/>\s*\/(dev|etc|boot|sys|proc)\b/.test(c))
+    return true;
+  if (/\bgit\b/.test(c) && /(push\b[^|;&]*(--force|-f\b|--force-with-lease)|push\s+[^\s]*\s+\+|reset\s+--hard|clean\s+-[a-z]*[fd]|filter-branch|reflog\s+expire|update-ref\s+-d|branch\s+-d{1,2}\b|checkout\s+--\s|restore\b)/.test(c))
+    return true;
+  if (/(^|\s|;|&&|\|\||\()(shutdown|reboot|halt|poweroff|kill|killall|pkill)\b/.test(c))
+    return true;
+  if (/(^|\s)init\s+0\b/.test(c))
+    return true;
+  if (/\bdocker\b[^|;&]*\b(rm|prune)\b/.test(c))
+    return true;
+  if (/(^|\s)(apt|apt-get|yum|dnf|brew|pacman|npm|pnpm|yarn|pip\d?)\b[^|;&]*\b(remove|uninstall|purge|prune)\b/.test(c))
+    return true;
+  if (/:\s*\(\s*\)\s*\{/.test(c))
+    return true;
+  return false;
+}
+function readBashCommand(inputPreview) {
+  if (!inputPreview || typeof inputPreview !== "string")
+    return null;
+  const trimmed = inputPreview.trim();
+  if (!trimmed.startsWith("{"))
+    return null;
+  try {
+    const parsed = JSON.parse(trimmed);
+    const cmd = parsed?.command;
+    return typeof cmd === "string" && cmd.length > 0 ? cmd : null;
+  } catch {
+    return null;
+  }
+}
+
 // permission-diff.ts
 var TARGET_HEADER_A = "--- a/switchroom.yaml";
 var TARGET_HEADER_B = "+++ b/switchroom.yaml";
@@ -53793,11 +54091,11 @@ function readTurnActiveMarkerAgeMs(stateDir, now) {
 }
 
 // ../src/build-info.ts
-var VERSION = "0.15.11";
-var COMMIT_SHA = "43331954";
-var COMMIT_DATE = "2026-06-13T03:24:01Z";
-var LATEST_PR = 2308;
-var COMMITS_AHEAD_OF_TAG = 0;
+var VERSION = "0.15.13";
+var COMMIT_SHA = "36ba2682";
+var COMMIT_DATE = "2026-06-13T16:49:14+10:00";
+var LATEST_PR = null;
+var COMMITS_AHEAD_OF_TAG = 6;
 
 // gateway/boot-version.ts
 function formatRelativeAgo(iso) {
@@ -54087,6 +54385,210 @@ async function revokeGrantViaBroker(id, opts) {
   return { kind: "error", msg: "unexpected broker response" };
 }
 
+// gateway/linear-activity.ts
+init_client2();
+var LINEAR_GRAPHQL_ENDPOINT = "https://api.linear.app/graphql";
+async function defaultResolveLinearToken(agent) {
+  const key = `linear/${agent}/token`;
+  const token = readVaultTokenFile(agent) ?? undefined;
+  const result = await getViaBrokerStructured(key, token ? { token } : {});
+  if (result.kind === "ok" && result.entry.kind === "string") {
+    return { ok: true, token: result.entry.value };
+  }
+  if (result.kind === "unreachable")
+    return { ok: false, reason: "unreachable" };
+  if (result.kind === "not_found")
+    return { ok: false, reason: "not_found" };
+  if (result.kind === "denied")
+    return { ok: false, reason: "denied" };
+  return { ok: false, reason: "unknown" };
+}
+async function emitLinearAgentActivity(args, deps = {}) {
+  const log = deps.log ?? ((s) => process.stderr.write(s));
+  const sessionId = args.agent_session_id;
+  if (!sessionId)
+    throw new Error("linear_agent_activity: agent_session_id is required");
+  const type = args.type;
+  if (!type || !["thought", "message", "complete", "error"].includes(type)) {
+    throw new Error("linear_agent_activity: type must be one of thought|message|complete|error");
+  }
+  const body = args.body;
+  if (type !== "complete" && (body == null || body === "")) {
+    throw new Error(`linear_agent_activity: body is required for type='${type}'`);
+  }
+  const agent = deps.agent ?? process.env.SWITCHROOM_AGENT_NAME ?? "-";
+  const resolveToken = deps.resolveToken ?? defaultResolveLinearToken;
+  const tokenResult = await resolveToken(agent);
+  if (!tokenResult.ok) {
+    if (tokenResult.reason === "denied" || tokenResult.reason === "not_found") {
+      return {
+        content: [
+          {
+            type: "text",
+            text: `linear_agent_activity failed: no Linear token (vault ${tokenResult.reason}). ` + `Call vault_request_access for key 'linear/${agent}/token' (scope read), then retry.`
+          }
+        ]
+      };
+    }
+    return {
+      content: [
+        {
+          type: "text",
+          text: `linear_agent_activity failed: vault broker ${tokenResult.reason} resolving 'linear/${agent}/token'.`
+        }
+      ]
+    };
+  }
+  const content = { type };
+  if (body != null && body !== "")
+    content.body = body;
+  const mutation = "mutation AgentActivityCreate($input: AgentActivityCreateInput!) { " + "agentActivityCreate(input: $input) { success agentActivity { id } } }";
+  const variables = { input: { agentSessionId: sessionId, content } };
+  const fetchImpl = deps.fetchImpl ?? fetch;
+  let resp;
+  try {
+    resp = await fetchImpl(LINEAR_GRAPHQL_ENDPOINT, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: tokenResult.token
+      },
+      body: JSON.stringify({ query: mutation, variables })
+    });
+  } catch (err) {
+    return {
+      content: [{ type: "text", text: `linear_agent_activity failed: request error: ${err.message}` }]
+    };
+  }
+  if (!resp.ok) {
+    const txt = await resp.text().catch(() => "");
+    return {
+      content: [
+        { type: "text", text: `linear_agent_activity failed: Linear API ${resp.status}${txt ? ` \u2014 ${txt.slice(0, 200)}` : ""}` }
+      ]
+    };
+  }
+  let json;
+  try {
+    json = await resp.json();
+  } catch {
+    return { content: [{ type: "text", text: "linear_agent_activity failed: malformed Linear API response" }] };
+  }
+  if (json.errors && json.errors.length > 0) {
+    return {
+      content: [
+        { type: "text", text: `linear_agent_activity failed: ${json.errors.map((e) => e.message ?? "error").join("; ").slice(0, 300)}` }
+      ]
+    };
+  }
+  if (json.data?.agentActivityCreate?.success === false) {
+    return { content: [{ type: "text", text: "linear_agent_activity failed: Linear reported success=false" }] };
+  }
+  log(`telegram gateway: linear_agent_activity: emitted type=${type} session=${sessionId} agent=${agent}
+`);
+  return { content: [{ type: "text", text: `Linear ${type} emitted on session ${sessionId}` }] };
+}
+function captureDedupMarker(dedupKey) {
+  return `
+
+<!-- switchroom-capture: ${dedupKey} -->`;
+}
+async function createLinearIssue(args, deps = {}) {
+  const log = deps.log ?? ((s) => process.stderr.write(s));
+  const fetchImpl = deps.fetchImpl ?? fetch;
+  const title = args.title;
+  if (!title || title.trim() === "")
+    throw new Error("linear_create_issue: title is required");
+  const body = args.body ?? "";
+  const teamIdArg = args.team_id ?? (deps.defaultTeamId ?? process.env.SWITCHROOM_LINEAR_DEFAULT_TEAM_ID) ?? undefined;
+  const dedupKey = args.dedup_key ?? undefined;
+  const priority = typeof args.priority === "number" ? args.priority : undefined;
+  const agent = deps.agent ?? process.env.SWITCHROOM_AGENT_NAME ?? "-";
+  const resolveToken = deps.resolveToken ?? defaultResolveLinearToken;
+  const tokenResult = await resolveToken(agent);
+  if (!tokenResult.ok) {
+    const hint = tokenResult.reason === "denied" || tokenResult.reason === "not_found" ? ` Call vault_request_access for key 'linear/${agent}/token' (scope read), then retry.` : "";
+    return {
+      content: [
+        { type: "text", text: `Couldn't file to Linear: no token (vault ${tokenResult.reason}).${hint}` }
+      ]
+    };
+  }
+  const token = tokenResult.token;
+  const gql = async (query2, variables) => {
+    let resp;
+    try {
+      resp = await fetchImpl(LINEAR_GRAPHQL_ENDPOINT, {
+        method: "POST",
+        headers: { "Content-Type": "application/json", Authorization: token },
+        body: JSON.stringify({ query: query2, variables })
+      });
+    } catch (err) {
+      return { ok: false, text: `request error: ${err.message}` };
+    }
+    if (!resp.ok) {
+      const txt = await resp.text().catch(() => "");
+      return { ok: false, text: `Linear API ${resp.status}${txt ? ` \u2014 ${txt.slice(0, 200)}` : ""}` };
+    }
+    let json;
+    try {
+      json = await resp.json();
+    } catch {
+      return { ok: false, text: "malformed Linear API response" };
+    }
+    if (json.errors && json.errors.length > 0) {
+      return { ok: false, text: json.errors.map((e) => e.message ?? "error").join("; ").slice(0, 300) };
+    }
+    return { ok: true, data: json.data };
+  };
+  if (dedupKey) {
+    const search = await gql("query($term: String!) { searchIssues(term: $term) { nodes { id url title } } }", { term: dedupKey });
+    if (search.ok) {
+      const hit = (search.data?.searchIssues?.nodes ?? [])[0];
+      if (hit?.url) {
+        log(`telegram gateway: linear_create_issue: dedup hit key=${dedupKey} agent=${agent}
+`);
+        return { content: [{ type: "text", text: `Already filed: ${hit.url}` }] };
+      }
+    }
+  }
+  let teamId = teamIdArg;
+  if (!teamId) {
+    const teams = await gql("query { teams(first: 50) { nodes { id key name } } }", {});
+    if (!teams.ok) {
+      return { content: [{ type: "text", text: `Couldn't file to Linear: ${teams.text}` }] };
+    }
+    const nodes = teams.data?.teams?.nodes ?? [];
+    if (nodes.length === 0) {
+      return { content: [{ type: "text", text: "Couldn't file to Linear: the workspace has no teams." }] };
+    }
+    if (nodes.length > 1) {
+      const list2 = nodes.map((t) => `${t.key} (${t.name})`).join(", ");
+      return {
+        content: [
+          { type: "text", text: `Couldn't file to Linear: multiple teams (${list2}) \u2014 set a default team (linear_agent.default_team_id) or pass team_id.` }
+        ]
+      };
+    }
+    teamId = nodes[0].id;
+  }
+  const description = dedupKey ? `${body}${captureDedupMarker(dedupKey)}` : body;
+  const input = { teamId, title, description };
+  if (priority !== undefined)
+    input.priority = priority;
+  const create = await gql("mutation($input: IssueCreateInput!) { issueCreate(input: $input) { success issue { id identifier url } } }", { input });
+  if (!create.ok) {
+    return { content: [{ type: "text", text: `Couldn't file to Linear: ${create.text}` }] };
+  }
+  const issue = create.data?.issueCreate?.issue;
+  if (create.data?.issueCreate?.success === false || !issue?.url) {
+    return { content: [{ type: "text", text: "Couldn't file to Linear: issue not created (success=false)." }] };
+  }
+  log(`telegram gateway: linear_create_issue: filed ${issue.identifier} agent=${agent}${dedupKey ? ` dedup=${dedupKey}` : ""}
+`);
+  return { content: [{ type: "text", text: `Filed: ${title} \u2192 ${issue.url}` }] };
+}
+
 // vault-approval-posture.ts
 function resolveVaultApprovalPosture(broker) {
   if (broker?.approvalAuth === "telegram-id") {
@@ -55861,6 +56363,8 @@ function sweepStaleAlwaysAllowCorrelations(now = Date.now()) {
     }
   }
 }
+var scopedGrants = new Map;
+var selfAgentName = () => process.env.SWITCHROOM_AGENT_NAME ?? "";
 var pendingAskUser = new Map;
 var pendingReauthFlows = new Map;
 var REAUTH_INTERCEPT_TTL_MS = 600000;
@@ -56095,6 +56599,7 @@ var pendingStateReaper = setInterval(() => {
     if (now > v.expiresAt)
       vaultPassphraseCache.delete(k);
   }
+  sweepScopedGrants(scopedGrants, now);
   for (const [k, v] of deferredSecrets) {
     if (now - v.staged_at > DEFERRED_SECRET_TTL_MS)
       deferredSecrets.delete(k);
@@ -56634,8 +57139,10 @@ if (inboundSpool != null) {
   }
 }
 var pendingPermissionBuffer = createPendingPermissionBuffer();
-function buildPermissionActionRow(requestId, showAlways) {
+function buildPermissionActionRow(requestId, showAlways, showTimeBox = false) {
   const kb = new import_grammy9.InlineKeyboard().text("\u274C Deny", `perm:deny:${requestId}`).text("\u2705 Allow once", `perm:allow:${requestId}`);
+  if (showTimeBox)
+    kb.text("\u23F1 30 min", `perm:tmb:${requestId}`);
   if (showAlways)
     kb.text("\uD83D\uDD01 Always\u2026", `perm:always:${requestId}`);
   return kb;
@@ -56874,6 +57381,16 @@ var ipcServer = createIpcServer({
   },
   onPermissionRequest(_client, msg) {
     const { requestId, toolName, description, inputPreview } = msg;
+    const scopedTtl = scopedApprovalTtlMs();
+    if (scopedTtl > 0) {
+      const hit = lookupScopedGrant(scopedGrants, selfAgentName(), toolName, inputPreview, Date.now());
+      if (hit) {
+        dispatchPermissionVerdict({ type: "permission", requestId, behavior: "allow" });
+        process.stderr.write(`telegram gateway: scoped-approval auto-allow tool=${toolName} rule="${hit}" request=${requestId} (time-boxed window)
+`);
+        return;
+      }
+    }
     pendingPermissions.set(requestId, { tool_name: toolName, description, input_preview: inputPreview, startedAt: Date.now() });
     const text = formatPermissionCardBody({
       toolName,
@@ -56881,8 +57398,10 @@ var ipcServer = createIpcServer({
       description,
       agentName: _client.agentName
     });
-    const showAlways = resolveScopedAllowChoices(toolName, inputPreview) != null;
-    const keyboard = buildPermissionActionRow(requestId, showAlways);
+    const scopeChoices = resolveScopedAllowChoices(toolName, inputPreview);
+    const showAlways = scopeChoices != null;
+    const showTimeBox = scopedApprovalTtlMs() > 0 && resolveTimeBox(toolName, inputPreview, scopeChoices) != null;
+    const keyboard = buildPermissionActionRow(requestId, showAlways, showTimeBox);
     const activeTurn = currentTurn;
     const targets = resolvePermissionCardTargets();
     for (const { chatId, threadId } of targets) {
@@ -57294,7 +57813,9 @@ var ALLOWED_TOOLS = new Set([
   "send_gif",
   "vault_request_save",
   "vault_request_access",
-  "request_secret"
+  "request_secret",
+  "linear_agent_activity",
+  "linear_create_issue"
 ]);
 async function executeToolCall(tool, args) {
   if (!ALLOWED_TOOLS.has(tool)) {
@@ -57339,6 +57860,10 @@ async function executeToolCall(tool, args) {
       return executeVaultRequestAccess(args);
     case "request_secret":
       return executeRequestSecret(args);
+    case "linear_agent_activity":
+      return executeLinearAgentActivity(args);
+    case "linear_create_issue":
+      return executeLinearCreateIssue(args);
     default:
       throw new Error(`unknown tool: ${tool}`);
   }
@@ -57369,6 +57894,12 @@ async function executeSendChecklist(args) {
 `);
   return { content: [{ type: "text", text: `checklist sent (id: ${sent.message_id})` }] };
 }
+async function executeLinearAgentActivity(args) {
+  return emitLinearAgentActivity(args);
+}
+async function executeLinearCreateIssue(args) {
+  return createLinearIssue(args);
+}
 async function executeUpdateChecklist(args) {
   const chat_id = args.chat_id;
   if (!chat_id)
@@ -60744,7 +61275,7 @@ function getMyAgentName() {
   const fromEnv = process.env.SWITCHROOM_AGENT_NAME;
   if (fromEnv && fromEnv.trim().length > 0)
     return fromEnv.trim();
-  return basename7(process.cwd());
+  return basename9(process.cwd());
 }
 function isSelfTargetingCommand(name) {
   if (name === "all")
@@ -64528,7 +65059,7 @@ ${preBlock(formatSwitchroomOutput(err.message ?? "unknown error"))}`, { html: tr
     }
     return;
   }
-  const m = /^perm:(allow|deny|always|asn|asb|back):([a-km-z]{5})$/.exec(data);
+  const m = /^perm:(allow|deny|always|asn|asb|back|tmb):([a-km-z]{5})$/.exec(data);
   if (!m) {
     await ctx.answerCallbackQuery().catch(() => {});
     return;
@@ -64548,7 +65079,9 @@ ${preBlock(formatSwitchroomOutput(err.message ?? "unknown error"))}`, { html: tr
     }
     let keyboard;
     if (behavior === "back") {
-      keyboard = buildPermissionActionRow(request_id, true);
+      const backChoices = resolveScopedAllowChoices(details.tool_name, details.input_preview);
+      const backTimeBox = scopedApprovalTtlMs() > 0 && resolveTimeBox(details.tool_name, details.input_preview, backChoices) != null;
+      keyboard = buildPermissionActionRow(request_id, true, backTimeBox);
     } else {
       const choices = resolveScopedAllowChoices(details.tool_name, details.input_preview);
       if (choices == null) {
@@ -64689,6 +65222,51 @@ ${preBlock(formatSwitchroomOutput(err.message ?? "unknown error"))}`, { html: tr
       ackText: ackText.slice(0, 200),
       newText: baseText2 ? `${baseText2}
 
+${editLabel}` : editLabel,
+      parseMode: "HTML"
+    });
+    return;
+  }
+  if (behavior === "tmb") {
+    const details = pendingPermissions.get(request_id);
+    if (!details) {
+      await ctx.answerCallbackQuery({ text: "Details no longer available." }).catch(() => {});
+      return;
+    }
+    const ttl = scopedApprovalTtlMs();
+    if (ttl <= 0) {
+      await ctx.answerCallbackQuery({ text: "Time-boxed approvals are disabled." }).catch(() => {});
+      return;
+    }
+    const choices = resolveScopedAllowChoices(details.tool_name, details.input_preview);
+    const tb = resolveTimeBox(details.tool_name, details.input_preview, choices);
+    if (!tb) {
+      await ctx.answerCallbackQuery({ text: "This action can't be time-boxed." }).catch(() => {});
+      return;
+    }
+    const agentName3 = selfAgentName();
+    if (!agentName3) {
+      await ctx.answerCallbackQuery({ text: "Time-box needs SWITCHROOM_AGENT_NAME \u2014 gateway is misconfigured." }).catch(() => {});
+      return;
+    }
+    pendingPermissions.delete(request_id);
+    dispatchPermissionVerdict({ type: "permission", requestId: request_id, behavior: "allow" });
+    recordScopedGrant(scopedGrants, agentName3, tb.rule, Date.now(), ttl);
+    resumeReactionAfterVerdict();
+    postPermissionResumeMessage({
+      behavior: "allow",
+      action: naturalAction(details.tool_name, details.input_preview)
+    });
+    process.stderr.write(`telegram gateway: scoped-approval granted rule="${tb.rule}" agent=${agentName3} ttl_ms=${ttl} (request_id=${request_id})
+`);
+    const mins = Math.max(1, Math.round(ttl / 60000));
+    const sourceMsg = ctx.callbackQuery?.message;
+    const baseText2 = sourceMsg && "text" in sourceMsg && sourceMsg.text ? escapeHtmlForTg(sourceMsg.text) : "";
+    const editLabel = `\u23F1 <b>Allowed for ${mins} min \u2014 ${escapeHtmlForTg(tb.breadth)}</b> \xB7 re-asks after that, and now for anything else`;
+    await finalizeCallback(ctx, {
+      ackText: `\u23F1 Allowed for ${mins} min`.slice(0, 200),
+      newText: baseText2 ? `${baseText2}
+
 ${editLabel}` : editLabel,
       parseMode: "HTML"
     });