switchroom 0.15.12 → 0.15.14

package/telegram-plugin/dist/gateway/gateway.js

@@ -23802,7 +23802,7 @@ var init_dist = __esm(() => {
 });
 
 // ../src/config/schema.ts
-var CodeRepoEntrySchema, AgentBindMountSchema, HttpDiffPollSchema, TelegramReactionsPollSchema, PollSpecSchema, ScheduleEntrySchema, AgentSoulSchema, AgentToolsSchema, AgentMemorySchema, HookEntrySchema, AgentHooksSchema, SubagentSchema, SessionSchema, SessionContinuitySchema, webhookDispatchRule, TelegramChannelSchema, ChannelsSchema, TIMEZONE_REGEX, ApproverIdSchema, GoogleWorkspaceTierSchema, GoogleWorkspaceConfigSchema, MicrosoftWorkspaceConfigSchema, NotionWorkspaceConfigSchema, AgentGoogleWorkspaceConfigSchema, AgentMicrosoftWorkspaceConfigSchema, AgentNotionWorkspaceConfigSchema, ReactionsSchema, ReactionDispatchSchema, ReleaseBlock, NetworkIsolationSchema, profileFields, ProfileSchema, _omitExtends, defaultsFields, AgentDefaultsSchema, AgentSchema, TelegramConfigSchema, MemoryBackendConfigSchema, VaultConfigSchema, QuotaConfigSchema, AutoReleaseCheckSchema, HostControlConfigSchema, WebServiceConfigSchema, HostdConfigSchema, CronEgressSchema, CronConfigSchema, SwitchroomConfigSchema;
+var CodeRepoEntrySchema, AgentBindMountSchema, HttpDiffPollSchema, TelegramReactionsPollSchema, PollSpecSchema, TelegramMessageActionSchema, WebhookActionSchema, ActionSpecSchema, ScheduleEntrySchema, AgentSoulSchema, AgentToolsSchema, AgentMemorySchema, HookEntrySchema, AgentHooksSchema, SubagentSchema, SessionSchema, SessionContinuitySchema, webhookDispatchRule, TelegramChannelSchema, ChannelsSchema, TIMEZONE_REGEX, ApproverIdSchema, GoogleWorkspaceTierSchema, GoogleWorkspaceConfigSchema, MicrosoftWorkspaceConfigSchema, NotionWorkspaceConfigSchema, AgentGoogleWorkspaceConfigSchema, AgentMicrosoftWorkspaceConfigSchema, AgentNotionWorkspaceConfigSchema, ReactionsSchema, ReactionDispatchSchema, ReleaseBlock, NetworkIsolationSchema, profileFields, ProfileSchema, _omitExtends, defaultsFields, AgentDefaultsSchema, AgentSchema, TelegramConfigSchema, MemoryBackendConfigSchema, VaultConfigSchema, QuotaConfigSchema, AutoReleaseCheckSchema, HostControlConfigSchema, WebServiceConfigSchema, HostdConfigSchema, CronEgressSchema, CronConfigSchema, SwitchroomConfigSchema;
 var init_schema = __esm(() => {
   init_zod();
   CodeRepoEntrySchema = exports_external.object({
@@ -23835,11 +23835,29 @@ var init_schema = __esm(() => {
     HttpDiffPollSchema,
     TelegramReactionsPollSchema
   ]);
+  TelegramMessageActionSchema = exports_external.object({
+    type: exports_external.literal("telegram-message"),
+    text: exports_external.string().min(1).describe("Operator-authored message text. Posts to the AGENT'S OWN chat only " + "(the chat is not configurable \u2014 fenced by construction), into the " + "entry-level `topic` when set. Supports ONLY deterministic placeholders " + "{{date}} / {{time}} (UTC, from the fire clock) and {{agent}}. NO vault " + "secrets (use a webhook action for secret-bearing requests) and NO model " + "output \u2014 the text is fully determined by config."),
+    parse_mode: exports_external.enum(["html", "text"]).default("html").describe("Telegram parse mode for the message body.")
+  });
+  WebhookActionSchema = exports_external.object({
+    type: exports_external.literal("webhook"),
+    url: exports_external.string().url().describe("Webhook target. SAME egress fence as an http-diff poll (\u00a76.1): https " + "only, host on the operator egress allowlist, loopback/private/link-local " + "rejected, resolved IP DNS-rebind-pinned. Not agent-writable without an " + "operator commit."),
+    method: exports_external.enum(["GET", "POST"]).default("POST"),
+    headers: exports_external.record(exports_external.string()).optional().describe("Static headers; {{secret}} substitution applies."),
+    body: exports_external.string().optional().describe("Static request body; {{secret}} substitution applies."),
+    secrets: exports_external.array(exports_external.string().regex(/^[a-zA-Z0-9_\-/]+$/, "Secret key names must contain only alphanumeric characters, underscores, hyphens, and forward slashes")).default([]).describe("Vault keys this webhook may inject into headers/body via {{name}}. Each " + "is HOST-PINNED (\u00a76.1): a secret may only be sent to the host it is bound " + "to in operator config, so an approved action cannot exfil it elsewhere.")
+  });
+  ActionSpecSchema = exports_external.discriminatedUnion("type", [
+    TelegramMessageActionSchema,
+    WebhookActionSchema
+  ]);
   ScheduleEntrySchema = exports_external.object({
     cron: exports_external.string().describe("Cron expression (e.g., '0 8 * * *')"),
-    prompt: exports_external.string().describe("Prompt to send at the scheduled time (the escalation prompt when kind=poll; templated with {{diff}})."),
-    kind: exports_external.enum(["poll", "prompt"]).optional().describe("Tier-0 routing (docs/rfcs/cheap-cron-sessions.md). 'prompt' (default) " + "fires a model turn every tick (Tier 1/2 per `context`). 'poll' runs a " + "model-free deterministic check (requires `poll`) and only escalates to " + "a model fire on a hit. Honoured only when SWITCHROOM_CHEAP_CRON is on."),
+    prompt: exports_external.string().optional().describe("Prompt to send at the scheduled time (the escalation prompt when " + "kind=poll; templated with {{diff}}). Required for kind prompt/poll; " + "absent for kind=action (an action has no model fire, so no prompt)."),
+    kind: exports_external.enum(["poll", "prompt", "action"]).optional().describe("Tier-0 routing (docs/rfcs/cheap-cron-sessions.md). 'prompt' (default) " + "fires a model turn every tick (Tier 1/2 per `context`). 'poll' runs a " + "model-free deterministic check (requires `poll`) and only escalates to " + "a model fire on a hit. 'action' runs a model-free deterministic verb " + "(requires `action`) that COMPLETES the work and never escalates \u2014 zero " + "tokens, no session. poll/prompt are honoured only when " + "SWITCHROOM_CHEAP_CRON is on; an action is model-free regardless (the " + "kill-switch governs model tiering, not deterministic actions)."),
     poll: PollSpecSchema.optional().describe("Required iff kind=poll. The declarative poll spec."),
+    action: ActionSpecSchema.optional().describe("Required iff kind=action. The declarative action spec (telegram-message or webhook)."),
     model: exports_external.string().optional().describe("Cron model hint. Reactivated by SWITCHROOM_CHEAP_CRON (was DEPRECATED/" + "IGNORED in v0.8). A known-cheap id (sonnet/haiku family) routes the " + "fire to a fresh cheap cron session (Tier 1, `context: fresh`); 'opus', " + "a custom id, or unset routes to the agent's live session (Tier 2, " + "`context: agent`) \u2014 the conservative default that preserves pre-v0.8 " + "behaviour. Note: a live session's model is fixed at launch, so on Tier " + "2 this is informational. See docs/scheduling.md."),
     context: exports_external.enum(["fresh", "agent"]).optional().describe("Does this cron need the agent, or just a model? 'fresh' \u2192 a minimal-" + "context cheap cron session (Tier 1). 'agent' \u2192 the agent's live " + "session with full persona/memory (Tier 2). Unset \u2192 inferred from " + "`model` (cheap\u2192fresh, else agent). Honoured only when " + "SWITCHROOM_CHEAP_CRON is on."),
     secrets: exports_external.array(exports_external.string().regex(/^[a-zA-Z0-9_\-/]+$/, "Secret key names must contain only alphanumeric characters, underscores, hyphens, and forward slashes")).default([]).describe("Vault key names this cron task may read via the vault-broker daemon. " + "Empty by default \u2014 broker requests for unlisted keys are denied. " + "Note: this is misconfiguration protection (a typo in cron-A doesn't " + "accidentally read cron-B's keys) rather than a security boundary \u2014 " + "anyone who can edit cron scripts can also edit switchroom.yaml, and " + "anyone with the vault passphrase can read the vault file directly. " + "See docs/configuration.md for the full framing."),
@@ -23856,13 +23874,41 @@ var init_schema = __esm(() => {
         message: "kind: poll requires a `poll` spec (http-diff or telegram-reactions)."
       });
     }
-    if (kind === "prompt" && entry.poll) {
+    if (kind !== "poll" && entry.poll) {
       ctx.addIssue({
         code: exports_external.ZodIssueCode.custom,
         path: ["poll"],
         message: "`poll` is only valid when kind: poll."
       });
     }
+    if (kind === "action" && !entry.action) {
+      ctx.addIssue({
+        code: exports_external.ZodIssueCode.custom,
+        path: ["action"],
+        message: "kind: action requires an `action` spec (telegram-message or webhook)."
+      });
+    }
+    if (kind !== "action" && entry.action) {
+      ctx.addIssue({
+        code: exports_external.ZodIssueCode.custom,
+        path: ["action"],
+        message: "`action` is only valid when kind: action."
+      });
+    }
+    if (kind !== "action" && (entry.prompt === undefined || entry.prompt.trim() === "")) {
+      ctx.addIssue({
+        code: exports_external.ZodIssueCode.custom,
+        path: ["prompt"],
+        message: `kind: ${kind} requires a non-empty \`prompt\`.`
+      });
+    }
+    if (kind === "action" && entry.prompt !== undefined) {
+      ctx.addIssue({
+        code: exports_external.ZodIssueCode.custom,
+        path: ["prompt"],
+        message: "`prompt` is not valid for kind: action (an action never fires a model)."
+      });
+    }
   });
   AgentSoulSchema = exports_external.object({
     name: exports_external.string().describe("Agent persona name (e.g., 'Coach', 'Sage')"),
@@ -23996,7 +24042,8 @@ var init_schema = __esm(() => {
     linear_agent: exports_external.object({
       enabled: exports_external.boolean(),
       token: exports_external.string().describe("vault:<key> reference to the Linear OAuth app token (actor=app). " + "Resolved at runtime via the vault broker (canonically " + "vault:linear/<agent>/token). Never an inline literal."),
-      workspace_id: exports_external.string().optional().describe("Optional Linear workspace (organization) id this agent is " + "installed into. Informational \u2014 used for setup hints and " + "multi-workspace disambiguation; the token already scopes the " + "app to its workspace.")
+      workspace_id: exports_external.string().optional().describe("Optional Linear workspace (organization) id this agent is " + "installed into. Informational \u2014 used for setup hints and " + "multi-workspace disambiguation; the token already scopes the " + "app to its workspace."),
+      default_team_id: exports_external.string().optional().describe("Optional Linear team id new captured issues file into when the " + "agent doesn't pass an explicit team_id. Unnecessary for a " + "single-team workspace (auto-resolved); set it only when the " + "workspace has multiple teams. Manage via " + "`switchroom linear-agent set-team <agent> <team>`.")
     }).optional().describe("Linear first-class agent integration (#2298). When enabled, the " + "agent appears in a Linear workspace as an app actor (own name/" + "avatar, @-mentionable, delegate-assignable). Linear AgentSessionEvent " + "webhooks (mention / delegation) wake the agent instantly via the " + "same gateway inject path as webhook_dispatch, tagged " + 'meta.source="linear" with the agent_session_id, and the agent ' + "responds with structured AgentActivity (thought/message/complete/" + "error) via the linear_agent_activity MCP tool. Builds the " + "session-lifecycle layer on top of the plain webhook_sources:[linear] " + "+ webhook_dispatch support (#2272). The OAuth app token is stored in " + "the vault and referenced here as vault:linear/<agent>/token; run " + "`switchroom linear-agent setup <agent>` to provision it. Off by " + "default \u2014 opt in per agent. Cascades from " + "defaults.channels.telegram.linear_agent."),
     chat_id: exports_external.string().regex(/^-\d+$/, 'supergroup chat_id must be a negative integer as a string (e.g. "-1001234567890")').optional().describe("Per-agent supergroup ID \u2014 overrides fleet `telegram.forum_chat_id`. " + "When set, requires `default_topic_id`. Negative integer as string. " + "Forbidden when `dm_only: true`. See docs/rfcs/supergroup-mode.md."),
     default_topic_id: exports_external.number().int().positive().optional().describe("Forum topic ID this agent's automated outbounds default to when " + "no more-specific alias resolves. Defaults to General (topic 1) when " + "`chat_id` is set and this is omitted \u2014 set it only to pin a different " + "fallback topic. " + "Telegram's General topic is `id=1` at MTProto but sends omit the " + "field \u2014 the outbound wrapper strips `message_thread_id === 1` " + "on send. Forbidden when `dm_only: true`."),
@@ -24880,6 +24927,16 @@ function mergeAgentConfig(defaultsIn, agentIn) {
     }
     merged.reaction_dispatch = combined;
   }
+  const linearEnabled = merged.channels?.telegram?.linear_agent?.enabled === true;
+  if (linearEnabled) {
+    const rd = merged.reaction_dispatch;
+    if (!rd || rd.emojis === undefined) {
+      merged.reaction_dispatch = {
+        enabled: rd?.enabled ?? true,
+        emojis: ["\uD83D\uDC68\u200d\uD83D\uDCBB", "\uD83D\uDCCC"]
+      };
+    }
+  }
   if (defaults.resources || merged.resources) {
     const d = defaults.resources ?? {};
     const a = merged.resources ?? {};
@@ -31455,7 +31512,7 @@ import {
   appendFileSync as appendFileSync5
 } from "fs";
 import { homedir as homedir14 } from "os";
-import { join as join35, extname, sep as sep3, basename as basename7 } from "path";
+import { join as join35, extname, sep as sep3, basename as basename9 } from "path";
 
 // plugin-logger.ts
 import { appendFileSync, mkdirSync, renameSync, statSync, existsSync } from "fs";
@@ -45826,6 +45883,16 @@ function mergeAgentConfig2(defaultsIn, agentIn) {
     }
     merged.reaction_dispatch = combined;
   }
+  const linearEnabled = merged.channels?.telegram?.linear_agent?.enabled === true;
+  if (linearEnabled) {
+    const rd = merged.reaction_dispatch;
+    if (!rd || rd.emojis === undefined) {
+      merged.reaction_dispatch = {
+        enabled: rd?.enabled ?? true,
+        emojis: ["\uD83D\uDC68\u200d\uD83D\uDCBB", "\uD83D\uDCCC"]
+      };
+    }
+  }
   if (defaults.resources || merged.resources) {
     const d = defaults.resources ?? {};
     const a = merged.resources ?? {};
@@ -46731,6 +46798,17 @@ function createInjectIpcClient(options) {
         return false;
       try {
         return socket.write(JSON.stringify(msg) + `
+`);
+      } catch (err) {
+        log(`scheduler ipc: write failed: ${err.message}`);
+        return false;
+      }
+    },
+    sendOutbound(msg) {
+      if (!socket || !connected)
+        return false;
+      try {
+        return socket.write(JSON.stringify(msg) + `
 `);
       } catch (err) {
         log(`scheduler ipc: write failed: ${err.message}`);
@@ -47306,6 +47384,19 @@ function validateClientMessage(msg) {
       const inb = m.inbound;
       return inb.type === "inbound" && typeof inb.chatId === "string" && inb.chatId.length > 0 && typeof inb.text === "string" && typeof inb.messageId === "number" && typeof inb.user === "string" && typeof inb.userId === "number" && typeof inb.ts === "number" && typeof inb.meta === "object" && inb.meta !== null;
     }
+    case "send_outbound": {
+      if (typeof m.agentName !== "string" || !AGENT_NAME_RE3.test(m.agentName))
+        return false;
+      if (typeof m.chatId !== "string" || m.chatId.length === 0)
+        return false;
+      if (typeof m.text !== "string" || m.text.length === 0 || m.text.length > 4096)
+        return false;
+      if (m.threadId !== undefined && (typeof m.threadId !== "number" || !Number.isInteger(m.threadId)))
+        return false;
+      if (m.parseMode !== undefined && m.parseMode !== "html" && m.parseMode !== "text")
+        return false;
+      return true;
+    }
     case "quota_wall_detected": {
       if (typeof m.agentName !== "string" || !AGENT_NAME_RE3.test(m.agentName))
         return false;
@@ -47374,6 +47465,7 @@ function createIpcServer(options) {
     onOperatorEvent,
     onPtyPartial,
     onInjectInbound,
+    onSendOutbound,
     onQuotaWallDetected,
     onRequestDriveApproval,
     onRequestMs365Approval,
@@ -47459,6 +47551,10 @@ function createIpcServer(options) {
         if (onInjectInbound)
           onInjectInbound(client3, msg);
         break;
+      case "send_outbound":
+        if (onSendOutbound)
+          onSendOutbound(client3, msg);
+        break;
       case "quota_wall_detected":
         if (onQuotaWallDetected)
           onQuotaWallDetected(client3, msg);
@@ -52781,9 +52877,10 @@ function defaultReadEvents(stateDir) {
   return readAll(stateDir);
 }
 // permission-title.ts
-import { basename as basename5 } from "node:path";
+import { basename as basename6 } from "node:path";
 
 // permission-rule.ts
+import { basename as basename5 } from "node:path";
 var FILE_TOOLS = new Set([
   "Edit",
   "Write",
@@ -52804,6 +52901,83 @@ var BROAD_ONLY_TOOLS = new Set([
 function prettyMcpServer(server) {
   return server.split(/[-_]/).filter((w) => w.length > 0).map((w) => w.charAt(0).toUpperCase() + w.slice(1)).join(" ");
 }
+function resolveSkillName(input) {
+  return readString(input, "skill") ?? readString(input, "skill_name") ?? readString(input, "skillName") ?? readString(input, "name") ?? skillBasenameFromPath(input);
+}
+function filePathFrom(input) {
+  if (!input)
+    return null;
+  return readString(input, "file_path") ?? readString(input, "notebook_path");
+}
+function bashFirstToken(command) {
+  const m = /^\s*([^\s|&;<>()`$]+)/.exec(command);
+  if (!m)
+    return null;
+  const tok = m[1];
+  if (tok.includes(".."))
+    return null;
+  return /^[A-Za-z0-9._\-\/]+$/.test(tok) ? tok : null;
+}
+function parseInput(raw) {
+  if (!raw || typeof raw !== "string")
+    return null;
+  const trimmed = raw.trim();
+  if (!trimmed.startsWith("{"))
+    return null;
+  try {
+    const parsed = JSON.parse(trimmed);
+    if (parsed && typeof parsed === "object" && !Array.isArray(parsed)) {
+      return parsed;
+    }
+  } catch {}
+  return null;
+}
+function readString(input, key) {
+  const value = input[key];
+  return typeof value === "string" && value.length > 0 ? value : null;
+}
+function skillBasenameFromPath(input) {
+  const path = readString(input, "path") ?? readString(input, "skill_path");
+  if (!path)
+    return null;
+  const trimmed = path.replace(/\/SKILL\.md$/i, "").replace(/\/$/, "");
+  return basename5(trimmed) || null;
+}
+function matchesAllowRule(rule, toolName, inputPreview) {
+  if (!rule || !toolName)
+    return false;
+  if (rule.endsWith("__*") && rule.startsWith("mcp__")) {
+    const prefix = rule.slice(0, -1);
+    return toolName.startsWith(prefix);
+  }
+  const scoped = /^([A-Za-z]+)\((.+)\)$/.exec(rule);
+  if (scoped) {
+    const ruleTool = scoped[1];
+    const arg = scoped[2];
+    if (ruleTool !== toolName)
+      return false;
+    const input = parseInput(inputPreview);
+    if (ruleTool === "Skill") {
+      if (!input)
+        return false;
+      return resolveSkillName(input) === arg;
+    }
+    if (ruleTool === "Bash") {
+      const cmd = input ? readString(input, "command") : null;
+      if (!cmd)
+        return false;
+      const m = /^([^:]+):\*$/.exec(arg);
+      if (!m)
+        return false;
+      return bashFirstToken(cmd) === m[1];
+    }
+    if (FILE_TOOLS.has(ruleTool)) {
+      return filePathFrom(input) === arg;
+    }
+    return false;
+  }
+  return rule === toolName;
+}
 
 // permission-title.ts
 init_redact();
@@ -52862,7 +53036,7 @@ function formatPermissionCardBody(opts) {
 `);
 }
 function naturalAction(toolName, inputPreview) {
-  const input = parseInput(inputPreview);
+  const input = parseInput2(inputPreview);
   if (toolName.startsWith("mcp__"))
     return naturalMcpAction(toolName, input);
   switch (toolName) {
@@ -52881,24 +53055,24 @@ function naturalAction(toolName, inputPreview) {
       return f ? `read: ${f}` : "read files";
     }
     case "Bash": {
-      const c = input ? readString(input, "command") : null;
+      const c = input ? readString2(input, "command") : null;
       return c ? `run: ${truncate6(c, COMMAND_TITLE_MAX)}` : "run shell commands";
     }
     case "Skill": {
-      const s = input ? resolveSkillName(input) : null;
+      const s = input ? resolveSkillName2(input) : null;
       return s ? `use the ${s} skill` : "use a skill";
     }
     case "Glob":
     case "Grep": {
-      const p = input ? readString(input, "pattern") : null;
+      const p = input ? readString2(input, "pattern") : null;
       return p ? `search files for: ${truncate6(p, COMMAND_TITLE_MAX)}` : "search files";
     }
     case "WebSearch": {
-      const q = input ? readString(input, "query") : null;
+      const q = input ? readString2(input, "query") : null;
       return q ? `search the web for: ${truncate6(q, COMMAND_TITLE_MAX)}` : "search the web";
     }
     case "WebFetch": {
-      const u = input ? readString(input, "url") : null;
+      const u = input ? readString2(input, "url") : null;
       return u ? `fetch a web page: ${truncate6(u, COMMAND_TITLE_MAX)}` : "fetch a web page";
     }
     case "Task":
@@ -52936,7 +53110,7 @@ function restResourcePhrase(server, verb, input) {
     return null;
   let path = null;
   for (const key of RESOURCE_KEYS) {
-    path = readString(input, key);
+    path = readString2(input, key);
     if (path)
       break;
   }
@@ -52952,7 +53126,7 @@ function mcpArgSummary(toolName, inputPreview) {
   const server = toolName.split("__")[1] ?? "";
   if (INTERNAL_MCP_SERVERS.has(server))
     return null;
-  const input = parseInput(inputPreview);
+  const input = parseInput2(inputPreview);
   if (!input)
     return null;
   const payload = input.body ?? input.query;
@@ -52996,11 +53170,11 @@ function describeGrant(toolName, inputPreview, option) {
       return m ? `run ${m[1]} commands` : "run that command";
     }
     if (t === "Edit" || t === "MultiEdit" || t === "NotebookEdit")
-      return `edit ${basename5(arg)}`;
+      return `edit ${basename6(arg)}`;
     if (t === "Write")
-      return `write ${basename5(arg)}`;
+      return `write ${basename6(arg)}`;
     if (t === "Read")
-      return `read ${basename5(arg)}`;
+      return `read ${basename6(arg)}`;
     return naturalAction(toolName, inputPreview);
   }
   switch (rule) {
@@ -53032,14 +53206,14 @@ function formatPermissionResumeMessage(opts) {
   }
   return hasAction ? `\uD83D\uDEAB ${who} \u2014 noted, I won't ${escapeTgHtml(lowerFirst(act))}. Continuing without it.` : `\uD83D\uDEAB ${who} \u2014 noted, continuing without it.`;
 }
-function resolveSkillName(input) {
-  return readString(input, "skill") ?? readString(input, "skill_name") ?? readString(input, "skillName") ?? readString(input, "name") ?? skillBasenameFromPath(input);
+function resolveSkillName2(input) {
+  return readString2(input, "skill") ?? readString2(input, "skill_name") ?? readString2(input, "skillName") ?? readString2(input, "name") ?? skillBasenameFromPath2(input);
 }
 function fileBase(input) {
   if (!input)
     return null;
-  const p = readString(input, "file_path") ?? readString(input, "notebook_path");
-  return p ? basename5(p) : null;
+  const p = readString2(input, "file_path") ?? readString2(input, "notebook_path");
+  return p ? basename6(p) : null;
 }
 function lowerFirst(text) {
   return text.length > 0 ? text.charAt(0).toLowerCase() + text.slice(1) : text;
@@ -53050,7 +53224,7 @@ function capFirst(text) {
 function escapeTgHtml(text) {
   return text.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
 }
-function parseInput(raw) {
+function parseInput2(raw) {
   if (!raw || typeof raw !== "string")
     return null;
   const trimmed = raw.trim();
@@ -53064,12 +53238,12 @@ function parseInput(raw) {
   } catch {}
   return null;
 }
-function readString(input, key) {
+function readString2(input, key) {
   const value = input[key];
   return typeof value === "string" && value.length > 0 ? value : null;
 }
-function skillBasenameFromPath(input) {
-  const path = readString(input, "path") ?? readString(input, "skill_path");
+function skillBasenameFromPath2(input) {
+  const path = readString2(input, "path") ?? readString2(input, "skill_path");
   if (!path)
     return null;
   const trimmed = path.replace(/\/SKILL\.md$/i, "").replace(/\/$/, "");
@@ -53085,7 +53259,7 @@ function truncate6(text, max) {
 }
 
 // permission-rule.ts
-import { basename as basename6 } from "node:path";
+import { basename as basename7 } from "node:path";
 var FILE_TOOLS2 = new Set([
   "Edit",
   "Write",
@@ -53106,9 +53280,9 @@ var BROAD_ONLY_TOOLS2 = new Set([
 function resolveScopedAllowChoices(toolName, inputPreview) {
   if (!toolName)
     return null;
-  const input = parseInput2(inputPreview);
+  const input = parseInput3(inputPreview);
   if (toolName === "Skill") {
-    const skill = input ? resolveSkillName2(input) : null;
+    const skill = input ? resolveSkillName3(input) : null;
     if (!skill)
       return null;
     if (!/^[A-Za-z0-9._\-+]+$/.test(skill))
@@ -53119,7 +53293,7 @@ function resolveScopedAllowChoices(toolName, inputPreview) {
     };
   }
   if (FILE_TOOLS2.has(toolName)) {
-    const path = filePathFrom(input);
+    const path = filePathFrom2(input);
     const broad = { rule: toolName, buttonLabel: "Any file", broad: true };
     if (path) {
       return {
@@ -53131,8 +53305,8 @@ function resolveScopedAllowChoices(toolName, inputPreview) {
   }
   if (toolName === "Bash") {
     const broad = { rule: "Bash", buttonLabel: "Any command", broad: true };
-    const cmd = input ? readString2(input, "command") : null;
-    const tok = cmd ? bashFirstToken(cmd) : null;
+    const cmd = input ? readString3(input, "command") : null;
+    const tok = cmd ? bashFirstToken2(cmd) : null;
     if (tok) {
       return {
         specific: { rule: `Bash(${tok}:*)`, buttonLabel: `${tok} commands`, broad: false },
@@ -53160,15 +53334,15 @@ function resolveScopedAllowChoices(toolName, inputPreview) {
 function prettyMcpServer2(server) {
   return server.split(/[-_]/).filter((w) => w.length > 0).map((w) => w.charAt(0).toUpperCase() + w.slice(1)).join(" ");
 }
-function resolveSkillName2(input) {
-  return readString2(input, "skill") ?? readString2(input, "skill_name") ?? readString2(input, "skillName") ?? readString2(input, "name") ?? skillBasenameFromPath2(input);
+function resolveSkillName3(input) {
+  return readString3(input, "skill") ?? readString3(input, "skill_name") ?? readString3(input, "skillName") ?? readString3(input, "name") ?? skillBasenameFromPath3(input);
 }
-function filePathFrom(input) {
+function filePathFrom2(input) {
   if (!input)
     return null;
-  return readString2(input, "file_path") ?? readString2(input, "notebook_path");
+  return readString3(input, "file_path") ?? readString3(input, "notebook_path");
 }
-function bashFirstToken(command) {
+function bashFirstToken2(command) {
   const m = /^\s*([^\s|&;<>()`$]+)/.exec(command);
   if (!m)
     return null;
@@ -53177,7 +53351,7 @@ function bashFirstToken(command) {
     return null;
   return /^[A-Za-z0-9._\-\/]+$/.test(tok) ? tok : null;
 }
-function parseInput2(raw) {
+function parseInput3(raw) {
   if (!raw || typeof raw !== "string")
     return null;
   const trimmed = raw.trim();
@@ -53191,21 +53365,136 @@ function parseInput2(raw) {
   } catch {}
   return null;
 }
-function readString2(input, key) {
+function readString3(input, key) {
   const value = input[key];
   return typeof value === "string" && value.length > 0 ? value : null;
 }
-function skillBasenameFromPath2(input) {
-  const path = readString2(input, "path") ?? readString2(input, "skill_path");
+function skillBasenameFromPath3(input) {
+  const path = readString3(input, "path") ?? readString3(input, "skill_path");
   if (!path)
     return null;
   const trimmed = path.replace(/\/SKILL\.md$/i, "").replace(/\/$/, "");
-  return basename6(trimmed) || null;
+  return basename7(trimmed) || null;
 }
 function isRulePersisted(resolvedAllow, ruleRule) {
   return resolvedAllow.includes(ruleRule);
 }
 
+// scoped-approval.ts
+import { basename as basename8 } from "node:path";
+var SCOPED_APPROVAL_DEFAULT_TTL_MS = 30 * 60 * 1000;
+function scopedApprovalTtlMs(env = process.env) {
+  const raw = env.SWITCHROOM_SCOPED_APPROVAL_TTL_MS;
+  if (raw === undefined || raw.trim() === "")
+    return SCOPED_APPROVAL_DEFAULT_TTL_MS;
+  const n = Number(raw);
+  if (!Number.isFinite(n) || n < 0)
+    return SCOPED_APPROVAL_DEFAULT_TTL_MS;
+  return Math.floor(n);
+}
+var FILE_RULE = /^(Edit|Write|MultiEdit|NotebookEdit|Read)\((.+)\)$/;
+var BASH_FAMILY_RULE = /^Bash\(([^:]+):\*\)$/;
+function resolveTimeBox(toolName, inputPreview, choices) {
+  const specific = choices?.specific;
+  if (!specific || specific.broad)
+    return null;
+  const rule = specific.rule;
+  const fileMatch = FILE_RULE.exec(rule);
+  if (fileMatch) {
+    const verb = fileMatch[1] === "Read" ? "reads of" : "edits to";
+    return { rule, breadth: `${verb} ${basename8(fileMatch[2])}` };
+  }
+  const bashMatch = BASH_FAMILY_RULE.exec(rule);
+  if (bashMatch) {
+    const cmd = readBashCommand(inputPreview);
+    if (!cmd || isDestructiveBashCommand(cmd))
+      return null;
+    return { rule, breadth: `any \`${bashMatch[1]}\` command` };
+  }
+  return null;
+}
+function recordScopedGrant(store2, agent, rule, now, ttlMs) {
+  if (ttlMs <= 0)
+    return;
+  const list2 = store2.get(agent) ?? [];
+  const others = list2.filter((g) => g.rule !== rule);
+  others.push({ rule, expiresAt: now + ttlMs });
+  store2.set(agent, others);
+}
+function lookupScopedGrant(store2, agent, toolName, inputPreview, now) {
+  const list2 = store2.get(agent);
+  if (!list2 || list2.length === 0)
+    return null;
+  for (const g of list2) {
+    if (g.expiresAt <= now)
+      continue;
+    if (!matchesAllowRule(g.rule, toolName, inputPreview))
+      continue;
+    if (toolName === "Bash") {
+      const cmd = readBashCommand(inputPreview);
+      if (!cmd || isDestructiveBashCommand(cmd))
+        return null;
+    }
+    return g.rule;
+  }
+  return null;
+}
+function sweepScopedGrants(store2, now) {
+  for (const [agent, list2] of store2) {
+    const live = list2.filter((g) => g.expiresAt > now);
+    if (live.length === 0)
+      store2.delete(agent);
+    else if (live.length !== list2.length)
+      store2.set(agent, live);
+  }
+}
+function isDestructiveBashCommand(command) {
+  if (!command || !command.trim())
+    return true;
+  const c = command.toLowerCase();
+  if (c.includes("`"))
+    return true;
+  if (/\|\s*(sudo\s+)?(sh|bash|zsh|fish|python\d?|perl|ruby|node)\b/.test(c))
+    return true;
+  if (/(^|\s|;|&&|\|\||\()sudo\b/.test(c))
+    return true;
+  if (/(^|\s|;|&&|\|\||\()(su|doas)\s/.test(c))
+    return true;
+  if (/(^|\s|;|&&|\|\||\()(rm|rmdir|dd|shred|truncate|fdisk|mkfs\S*|wipefs|blkdiscard|fallocate)\b/.test(c))
+    return true;
+  if (/\b(chmod|chown|chgrp)\b[^|;&]*(\s-(-recursive|[a-z]*r[a-z]*)\b)/.test(c))
+    return true;
+  if (/>\s*\/(dev|etc|boot|sys|proc)\b/.test(c))
+    return true;
+  if (/\bgit\b/.test(c) && /(push\b[^|;&]*(--force|-f\b|--force-with-lease)|push\s+[^\s]*\s+\+|reset\s+--hard|clean\s+-[a-z]*[fd]|filter-branch|reflog\s+expire|update-ref\s+-d|branch\s+-d{1,2}\b|checkout\s+--\s|restore\b)/.test(c))
+    return true;
+  if (/(^|\s|;|&&|\|\||\()(shutdown|reboot|halt|poweroff|kill|killall|pkill)\b/.test(c))
+    return true;
+  if (/(^|\s)init\s+0\b/.test(c))
+    return true;
+  if (/\bdocker\b[^|;&]*\b(rm|prune)\b/.test(c))
+    return true;
+  if (/(^|\s)(apt|apt-get|yum|dnf|brew|pacman|npm|pnpm|yarn|pip\d?)\b[^|;&]*\b(remove|uninstall|purge|prune)\b/.test(c))
+    return true;
+  if (/:\s*\(\s*\)\s*\{/.test(c))
+    return true;
+  return false;
+}
+function readBashCommand(inputPreview) {
+  if (!inputPreview || typeof inputPreview !== "string")
+    return null;
+  const trimmed = inputPreview.trim();
+  if (!trimmed.startsWith("{"))
+    return null;
+  try {
+    const parsed = JSON.parse(trimmed);
+    const cmd = parsed?.command;
+    return typeof cmd === "string" && cmd.length > 0 ? cmd : null;
+  } catch {
+    return null;
+  }
+}
+
 // permission-diff.ts
 var TARGET_HEADER_A = "--- a/switchroom.yaml";
 var TARGET_HEADER_B = "+++ b/switchroom.yaml";
@@ -53877,10 +54166,10 @@ function readTurnActiveMarkerAgeMs(stateDir, now) {
 }
 
 // ../src/build-info.ts
-var VERSION = "0.15.12";
-var COMMIT_SHA = "18b7b6e6";
-var COMMIT_DATE = "2026-06-13T04:55:14Z";
-var LATEST_PR = 2311;
+var VERSION = "0.15.14";
+var COMMIT_SHA = "91ae15d3";
+var COMMIT_DATE = "2026-06-13T11:51:08Z";
+var LATEST_PR = 2326;
 var COMMITS_AHEAD_OF_TAG = 0;
 
 // gateway/boot-version.ts
@@ -54274,6 +54563,106 @@ async function emitLinearAgentActivity(args, deps = {}) {
 `);
   return { content: [{ type: "text", text: `Linear ${type} emitted on session ${sessionId}` }] };
 }
+function captureDedupMarker(dedupKey) {
+  return `
+
+<!-- switchroom-capture: ${dedupKey} -->`;
+}
+async function createLinearIssue(args, deps = {}) {
+  const log = deps.log ?? ((s) => process.stderr.write(s));
+  const fetchImpl = deps.fetchImpl ?? fetch;
+  const title = args.title;
+  if (!title || title.trim() === "")
+    throw new Error("linear_create_issue: title is required");
+  const body = args.body ?? "";
+  const teamIdArg = args.team_id ?? (deps.defaultTeamId ?? process.env.SWITCHROOM_LINEAR_DEFAULT_TEAM_ID) ?? undefined;
+  const dedupKey = args.dedup_key ?? undefined;
+  const priority = typeof args.priority === "number" ? args.priority : undefined;
+  const agent = deps.agent ?? process.env.SWITCHROOM_AGENT_NAME ?? "-";
+  const resolveToken = deps.resolveToken ?? defaultResolveLinearToken;
+  const tokenResult = await resolveToken(agent);
+  if (!tokenResult.ok) {
+    const hint = tokenResult.reason === "denied" || tokenResult.reason === "not_found" ? ` Call vault_request_access for key 'linear/${agent}/token' (scope read), then retry.` : "";
+    return {
+      content: [
+        { type: "text", text: `Couldn't file to Linear: no token (vault ${tokenResult.reason}).${hint}` }
+      ]
+    };
+  }
+  const token = tokenResult.token;
+  const gql = async (query2, variables) => {
+    let resp;
+    try {
+      resp = await fetchImpl(LINEAR_GRAPHQL_ENDPOINT, {
+        method: "POST",
+        headers: { "Content-Type": "application/json", Authorization: token },
+        body: JSON.stringify({ query: query2, variables })
+      });
+    } catch (err) {
+      return { ok: false, text: `request error: ${err.message}` };
+    }
+    if (!resp.ok) {
+      const txt = await resp.text().catch(() => "");
+      return { ok: false, text: `Linear API ${resp.status}${txt ? ` \u2014 ${txt.slice(0, 200)}` : ""}` };
+    }
+    let json;
+    try {
+      json = await resp.json();
+    } catch {
+      return { ok: false, text: "malformed Linear API response" };
+    }
+    if (json.errors && json.errors.length > 0) {
+      return { ok: false, text: json.errors.map((e) => e.message ?? "error").join("; ").slice(0, 300) };
+    }
+    return { ok: true, data: json.data };
+  };
+  if (dedupKey) {
+    const search = await gql("query($term: String!) { searchIssues(term: $term) { nodes { id url title } } }", { term: dedupKey });
+    if (search.ok) {
+      const hit = (search.data?.searchIssues?.nodes ?? [])[0];
+      if (hit?.url) {
+        log(`telegram gateway: linear_create_issue: dedup hit key=${dedupKey} agent=${agent}
+`);
+        return { content: [{ type: "text", text: `Already filed: ${hit.url}` }] };
+      }
+    }
+  }
+  let teamId = teamIdArg;
+  if (!teamId) {
+    const teams = await gql("query { teams(first: 50) { nodes { id key name } } }", {});
+    if (!teams.ok) {
+      return { content: [{ type: "text", text: `Couldn't file to Linear: ${teams.text}` }] };
+    }
+    const nodes = teams.data?.teams?.nodes ?? [];
+    if (nodes.length === 0) {
+      return { content: [{ type: "text", text: "Couldn't file to Linear: the workspace has no teams." }] };
+    }
+    if (nodes.length > 1) {
+      const list2 = nodes.map((t) => `${t.key} (${t.name})`).join(", ");
+      return {
+        content: [
+          { type: "text", text: `Couldn't file to Linear: multiple teams (${list2}) \u2014 set a default team (linear_agent.default_team_id) or pass team_id.` }
+        ]
+      };
+    }
+    teamId = nodes[0].id;
+  }
+  const description = dedupKey ? `${body}${captureDedupMarker(dedupKey)}` : body;
+  const input = { teamId, title, description };
+  if (priority !== undefined)
+    input.priority = priority;
+  const create = await gql("mutation($input: IssueCreateInput!) { issueCreate(input: $input) { success issue { id identifier url } } }", { input });
+  if (!create.ok) {
+    return { content: [{ type: "text", text: `Couldn't file to Linear: ${create.text}` }] };
+  }
+  const issue = create.data?.issueCreate?.issue;
+  if (create.data?.issueCreate?.success === false || !issue?.url) {
+    return { content: [{ type: "text", text: "Couldn't file to Linear: issue not created (success=false)." }] };
+  }
+  log(`telegram gateway: linear_create_issue: filed ${issue.identifier} agent=${agent}${dedupKey ? ` dedup=${dedupKey}` : ""}
+`);
+  return { content: [{ type: "text", text: `Filed: ${title} \u2192 ${issue.url}` }] };
+}
 
 // vault-approval-posture.ts
 function resolveVaultApprovalPosture(broker) {
@@ -56049,6 +56438,8 @@ function sweepStaleAlwaysAllowCorrelations(now = Date.now()) {
     }
   }
 }
+var scopedGrants = new Map;
+var selfAgentName = () => process.env.SWITCHROOM_AGENT_NAME ?? "";
 var pendingAskUser = new Map;
 var pendingReauthFlows = new Map;
 var REAUTH_INTERCEPT_TTL_MS = 600000;
@@ -56283,6 +56674,7 @@ var pendingStateReaper = setInterval(() => {
     if (now > v.expiresAt)
       vaultPassphraseCache.delete(k);
   }
+  sweepScopedGrants(scopedGrants, now);
   for (const [k, v] of deferredSecrets) {
     if (now - v.staged_at > DEFERRED_SECRET_TTL_MS)
       deferredSecrets.delete(k);
@@ -56822,8 +57214,10 @@ if (inboundSpool != null) {
   }
 }
 var pendingPermissionBuffer = createPendingPermissionBuffer();
-function buildPermissionActionRow(requestId, showAlways) {
+function buildPermissionActionRow(requestId, showAlways, showTimeBox = false) {
   const kb = new import_grammy9.InlineKeyboard().text("\u274C Deny", `perm:deny:${requestId}`).text("\u2705 Allow once", `perm:allow:${requestId}`);
+  if (showTimeBox)
+    kb.text("\u23F1 30 min", `perm:tmb:${requestId}`);
   if (showAlways)
     kb.text("\uD83D\uDD01 Always\u2026", `perm:always:${requestId}`);
   return kb;
@@ -57062,6 +57456,16 @@ var ipcServer = createIpcServer({
   },
   onPermissionRequest(_client, msg) {
     const { requestId, toolName, description, inputPreview } = msg;
+    const scopedTtl = scopedApprovalTtlMs();
+    if (scopedTtl > 0) {
+      const hit = lookupScopedGrant(scopedGrants, selfAgentName(), toolName, inputPreview, Date.now());
+      if (hit) {
+        dispatchPermissionVerdict({ type: "permission", requestId, behavior: "allow" });
+        process.stderr.write(`telegram gateway: scoped-approval auto-allow tool=${toolName} rule="${hit}" request=${requestId} (time-boxed window)
+`);
+        return;
+      }
+    }
     pendingPermissions.set(requestId, { tool_name: toolName, description, input_preview: inputPreview, startedAt: Date.now() });
     const text = formatPermissionCardBody({
       toolName,
@@ -57069,8 +57473,10 @@ var ipcServer = createIpcServer({
       description,
       agentName: _client.agentName
     });
-    const showAlways = resolveScopedAllowChoices(toolName, inputPreview) != null;
-    const keyboard = buildPermissionActionRow(requestId, showAlways);
+    const scopeChoices = resolveScopedAllowChoices(toolName, inputPreview);
+    const showAlways = scopeChoices != null;
+    const showTimeBox = scopedApprovalTtlMs() > 0 && resolveTimeBox(toolName, inputPreview, scopeChoices) != null;
+    const keyboard = buildPermissionActionRow(requestId, showAlways, showTimeBox);
     const activeTurn = currentTurn;
     const targets = resolvePermissionCardTargets();
     for (const { chatId, threadId } of targets) {
@@ -57359,6 +57765,7 @@ var ipcServer = createIpcServer({
     if (fellBackToMain) {
       process.stderr.write(`telegram gateway: cron fire fell back to main session (no cron bridge) agent=${msg.agentName} prompt_key=${promptKey}
 `);
+      emitRuntimeMetric({ kind: "cron_fell_back_to_main", agent: msg.agentName, prompt_key: promptKey });
     }
     if (delivered && target === msg.agentName)
       markClaudeBusyForInbound(msg.inbound);
@@ -57368,6 +57775,29 @@ var ipcServer = createIpcServer({
       pendingInboundBuffer.push(target, msg.inbound);
     }
   },
+  onSendOutbound(_client, msg) {
+    const self2 = process.env.SWITCHROOM_AGENT_NAME;
+    if (self2 && msg.agentName !== self2) {
+      process.stderr.write(`telegram gateway: send_outbound rejected \u2014 agent mismatch (${msg.agentName} != ${self2})
+`);
+      return;
+    }
+    try {
+      assertAllowedChat(msg.chatId);
+    } catch (err) {
+      process.stderr.write(`telegram gateway: send_outbound rejected \u2014 ${err.message}
+`);
+      return;
+    }
+    const threadId = msg.threadId;
+    const parseMode = msg.parseMode === "text" ? undefined : "HTML";
+    swallowingApiCall(() => bot.api.sendMessage(msg.chatId, msg.text, {
+      ...parseMode ? { parse_mode: parseMode } : {},
+      ...threadId != null && threadId !== 1 ? { message_thread_id: threadId } : {}
+    }), { chat_id: msg.chatId, verb: "cron-action-send", ...threadId != null ? { threadId } : {} });
+    process.stderr.write(`telegram gateway: send_outbound agent=${msg.agentName} chat=${msg.chatId} thread=${threadId ?? "-"} len=${msg.text.length}
+`);
+  },
   onQuotaWallDetected(_client, msg) {
     const untilMs = resolveExhaustUntil(msg.resetAt);
     process.stderr.write(`telegram gateway: quota_wall_detected agent=${msg.agentName} until=${new Date(untilMs).toISOString()}` + (msg.resetAt == null ? " (reset unparsed \u2192 +7d default)" : "") + ` \u2014 triggering fleet auto-fallback
@@ -57483,7 +57913,8 @@ var ALLOWED_TOOLS = new Set([
   "vault_request_save",
   "vault_request_access",
   "request_secret",
-  "linear_agent_activity"
+  "linear_agent_activity",
+  "linear_create_issue"
 ]);
 async function executeToolCall(tool, args) {
   if (!ALLOWED_TOOLS.has(tool)) {
@@ -57530,6 +57961,8 @@ async function executeToolCall(tool, args) {
       return executeRequestSecret(args);
     case "linear_agent_activity":
       return executeLinearAgentActivity(args);
+    case "linear_create_issue":
+      return executeLinearCreateIssue(args);
     default:
       throw new Error(`unknown tool: ${tool}`);
   }
@@ -57563,6 +57996,9 @@ async function executeSendChecklist(args) {
 async function executeLinearAgentActivity(args) {
   return emitLinearAgentActivity(args);
 }
+async function executeLinearCreateIssue(args) {
+  return createLinearIssue(args);
+}
 async function executeUpdateChecklist(args) {
   const chat_id = args.chat_id;
   if (!chat_id)
@@ -60938,7 +61374,7 @@ function getMyAgentName() {
   const fromEnv = process.env.SWITCHROOM_AGENT_NAME;
   if (fromEnv && fromEnv.trim().length > 0)
     return fromEnv.trim();
-  return basename7(process.cwd());
+  return basename9(process.cwd());
 }
 function isSelfTargetingCommand(name) {
   if (name === "all")
@@ -64722,7 +65158,7 @@ ${preBlock(formatSwitchroomOutput(err.message ?? "unknown error"))}`, { html: tr
     }
     return;
   }
-  const m = /^perm:(allow|deny|always|asn|asb|back):([a-km-z]{5})$/.exec(data);
+  const m = /^perm:(allow|deny|always|asn|asb|back|tmb):([a-km-z]{5})$/.exec(data);
   if (!m) {
     await ctx.answerCallbackQuery().catch(() => {});
     return;
@@ -64742,7 +65178,9 @@ ${preBlock(formatSwitchroomOutput(err.message ?? "unknown error"))}`, { html: tr
     }
     let keyboard;
     if (behavior === "back") {
-      keyboard = buildPermissionActionRow(request_id, true);
+      const backChoices = resolveScopedAllowChoices(details.tool_name, details.input_preview);
+      const backTimeBox = scopedApprovalTtlMs() > 0 && resolveTimeBox(details.tool_name, details.input_preview, backChoices) != null;
+      keyboard = buildPermissionActionRow(request_id, true, backTimeBox);
     } else {
       const choices = resolveScopedAllowChoices(details.tool_name, details.input_preview);
       if (choices == null) {
@@ -64883,6 +65321,51 @@ ${preBlock(formatSwitchroomOutput(err.message ?? "unknown error"))}`, { html: tr
       ackText: ackText.slice(0, 200),
       newText: baseText2 ? `${baseText2}
 
+${editLabel}` : editLabel,
+      parseMode: "HTML"
+    });
+    return;
+  }
+  if (behavior === "tmb") {
+    const details = pendingPermissions.get(request_id);
+    if (!details) {
+      await ctx.answerCallbackQuery({ text: "Details no longer available." }).catch(() => {});
+      return;
+    }
+    const ttl = scopedApprovalTtlMs();
+    if (ttl <= 0) {
+      await ctx.answerCallbackQuery({ text: "Time-boxed approvals are disabled." }).catch(() => {});
+      return;
+    }
+    const choices = resolveScopedAllowChoices(details.tool_name, details.input_preview);
+    const tb = resolveTimeBox(details.tool_name, details.input_preview, choices);
+    if (!tb) {
+      await ctx.answerCallbackQuery({ text: "This action can't be time-boxed." }).catch(() => {});
+      return;
+    }
+    const agentName3 = selfAgentName();
+    if (!agentName3) {
+      await ctx.answerCallbackQuery({ text: "Time-box needs SWITCHROOM_AGENT_NAME \u2014 gateway is misconfigured." }).catch(() => {});
+      return;
+    }
+    pendingPermissions.delete(request_id);
+    dispatchPermissionVerdict({ type: "permission", requestId: request_id, behavior: "allow" });
+    recordScopedGrant(scopedGrants, agentName3, tb.rule, Date.now(), ttl);
+    resumeReactionAfterVerdict();
+    postPermissionResumeMessage({
+      behavior: "allow",
+      action: naturalAction(details.tool_name, details.input_preview)
+    });
+    process.stderr.write(`telegram gateway: scoped-approval granted rule="${tb.rule}" agent=${agentName3} ttl_ms=${ttl} (request_id=${request_id})
+`);
+    const mins = Math.max(1, Math.round(ttl / 60000));
+    const sourceMsg = ctx.callbackQuery?.message;
+    const baseText2 = sourceMsg && "text" in sourceMsg && sourceMsg.text ? escapeHtmlForTg(sourceMsg.text) : "";
+    const editLabel = `\u23F1 <b>Allowed for ${mins} min \u2014 ${escapeHtmlForTg(tb.breadth)}</b> \xB7 re-asks after that, and now for anything else`;
+    await finalizeCallback(ctx, {
+      ackText: `\u23F1 Allowed for ${mins} min`.slice(0, 200),
+      newText: baseText2 ? `${baseText2}
+
 ${editLabel}` : editLabel,
       parseMode: "HTML"
     });