switchroom 0.15.13 → 0.15.15

package/dist/agent-scheduler/index.js

@@ -10989,11 +10989,29 @@ var PollSpecSchema = exports_external.discriminatedUnion("type", [
   HttpDiffPollSchema,
   TelegramReactionsPollSchema
 ]);
+var TelegramMessageActionSchema = exports_external.object({
+  type: exports_external.literal("telegram-message"),
+  text: exports_external.string().min(1).describe("Operator-authored message text. Posts to the AGENT'S OWN chat only " + "(the chat is not configurable — fenced by construction), into the " + "entry-level `topic` when set. Supports ONLY deterministic placeholders " + "{{date}} / {{time}} (UTC, from the fire clock) and {{agent}}. NO vault " + "secrets (use a webhook action for secret-bearing requests) and NO model " + "output — the text is fully determined by config."),
+  parse_mode: exports_external.enum(["html", "text"]).default("html").describe("Telegram parse mode for the message body.")
+});
+var WebhookActionSchema = exports_external.object({
+  type: exports_external.literal("webhook"),
+  url: exports_external.string().url().describe("Webhook target. SAME egress fence as an http-diff poll (§6.1): https " + "only, host on the operator egress allowlist, loopback/private/link-local " + "rejected, resolved IP DNS-rebind-pinned. Not agent-writable without an " + "operator commit."),
+  method: exports_external.enum(["GET", "POST"]).default("POST"),
+  headers: exports_external.record(exports_external.string()).optional().describe("Static headers; {{secret}} substitution applies."),
+  body: exports_external.string().optional().describe("Static request body; {{secret}} substitution applies."),
+  secrets: exports_external.array(exports_external.string().regex(/^[a-zA-Z0-9_\-/]+$/, "Secret key names must contain only alphanumeric characters, underscores, hyphens, and forward slashes")).default([]).describe("Vault keys this webhook may inject into headers/body via {{name}}. Each " + "is HOST-PINNED (§6.1): a secret may only be sent to the host it is bound " + "to in operator config, so an approved action cannot exfil it elsewhere.")
+});
+var ActionSpecSchema = exports_external.discriminatedUnion("type", [
+  TelegramMessageActionSchema,
+  WebhookActionSchema
+]);
 var ScheduleEntrySchema = exports_external.object({
   cron: exports_external.string().describe("Cron expression (e.g., '0 8 * * *')"),
-  prompt: exports_external.string().describe("Prompt to send at the scheduled time (the escalation prompt when kind=poll; templated with {{diff}})."),
-  kind: exports_external.enum(["poll", "prompt"]).optional().describe("Tier-0 routing (docs/rfcs/cheap-cron-sessions.md). 'prompt' (default) " + "fires a model turn every tick (Tier 1/2 per `context`). 'poll' runs a " + "model-free deterministic check (requires `poll`) and only escalates to " + "a model fire on a hit. Honoured only when SWITCHROOM_CHEAP_CRON is on."),
+  prompt: exports_external.string().optional().describe("Prompt to send at the scheduled time (the escalation prompt when " + "kind=poll; templated with {{diff}}). Required for kind prompt/poll; " + "absent for kind=action (an action has no model fire, so no prompt)."),
+  kind: exports_external.enum(["poll", "prompt", "action"]).optional().describe("Tier-0 routing (docs/rfcs/cheap-cron-sessions.md). 'prompt' (default) " + "fires a model turn every tick (Tier 1/2 per `context`). 'poll' runs a " + "model-free deterministic check (requires `poll`) and only escalates to " + "a model fire on a hit. 'action' runs a model-free deterministic verb " + "(requires `action`) that COMPLETES the work and never escalates — zero " + "tokens, no session. poll/prompt are honoured only when " + "SWITCHROOM_CHEAP_CRON is on; an action is model-free regardless (the " + "kill-switch governs model tiering, not deterministic actions)."),
   poll: PollSpecSchema.optional().describe("Required iff kind=poll. The declarative poll spec."),
+  action: ActionSpecSchema.optional().describe("Required iff kind=action. The declarative action spec (telegram-message or webhook)."),
   model: exports_external.string().optional().describe("Cron model hint. Reactivated by SWITCHROOM_CHEAP_CRON (was DEPRECATED/" + "IGNORED in v0.8). A known-cheap id (sonnet/haiku family) routes the " + "fire to a fresh cheap cron session (Tier 1, `context: fresh`); 'opus', " + "a custom id, or unset routes to the agent's live session (Tier 2, " + "`context: agent`) — the conservative default that preserves pre-v0.8 " + "behaviour. Note: a live session's model is fixed at launch, so on Tier " + "2 this is informational. See docs/scheduling.md."),
   context: exports_external.enum(["fresh", "agent"]).optional().describe("Does this cron need the agent, or just a model? 'fresh' → a minimal-" + "context cheap cron session (Tier 1). 'agent' → the agent's live " + "session with full persona/memory (Tier 2). Unset → inferred from " + "`model` (cheap→fresh, else agent). Honoured only when " + "SWITCHROOM_CHEAP_CRON is on."),
   secrets: exports_external.array(exports_external.string().regex(/^[a-zA-Z0-9_\-/]+$/, "Secret key names must contain only alphanumeric characters, underscores, hyphens, and forward slashes")).default([]).describe("Vault key names this cron task may read via the vault-broker daemon. " + "Empty by default — broker requests for unlisted keys are denied. " + "Note: this is misconfiguration protection (a typo in cron-A doesn't " + "accidentally read cron-B's keys) rather than a security boundary — " + "anyone who can edit cron scripts can also edit switchroom.yaml, and " + "anyone with the vault passphrase can read the vault file directly. " + "See docs/configuration.md for the full framing."),
@@ -11010,13 +11028,41 @@ var ScheduleEntrySchema = exports_external.object({
       message: "kind: poll requires a `poll` spec (http-diff or telegram-reactions)."
     });
   }
-  if (kind === "prompt" && entry.poll) {
+  if (kind !== "poll" && entry.poll) {
     ctx.addIssue({
       code: exports_external.ZodIssueCode.custom,
       path: ["poll"],
       message: "`poll` is only valid when kind: poll."
     });
   }
+  if (kind === "action" && !entry.action) {
+    ctx.addIssue({
+      code: exports_external.ZodIssueCode.custom,
+      path: ["action"],
+      message: "kind: action requires an `action` spec (telegram-message or webhook)."
+    });
+  }
+  if (kind !== "action" && entry.action) {
+    ctx.addIssue({
+      code: exports_external.ZodIssueCode.custom,
+      path: ["action"],
+      message: "`action` is only valid when kind: action."
+    });
+  }
+  if (kind !== "action" && (entry.prompt === undefined || entry.prompt.trim() === "")) {
+    ctx.addIssue({
+      code: exports_external.ZodIssueCode.custom,
+      path: ["prompt"],
+      message: `kind: ${kind} requires a non-empty \`prompt\`.`
+    });
+  }
+  if (kind === "action" && entry.prompt !== undefined) {
+    ctx.addIssue({
+      code: exports_external.ZodIssueCode.custom,
+      path: ["prompt"],
+      message: "`prompt` is not valid for kind: action (an action never fires a model)."
+    });
+  }
 });
 var AgentSoulSchema = exports_external.object({
   name: exports_external.string().describe("Agent persona name (e.g., 'Coach', 'Sage')"),
@@ -12244,17 +12290,19 @@ function collectScheduleEntries(config) {
     const schedule = resolved.schedule ?? [];
     for (let i = 0;i < schedule.length; i++) {
       const entry = schedule[i];
+      const auditMaterial = entry.prompt ?? `action:${JSON.stringify(entry.action ?? {})}`;
       out.push({
         agent,
         scheduleIndex: i,
         cron: entry.cron,
-        prompt: entry.prompt,
-        promptKey: createHash("sha256").update(entry.prompt).digest("hex").slice(0, 12),
+        ...entry.prompt !== undefined ? { prompt: entry.prompt } : {},
+        promptKey: createHash("sha256").update(auditMaterial).digest("hex").slice(0, 12),
         ...entry.topic !== undefined ? { topic: entry.topic } : {},
         ...entry.kind !== undefined ? { kind: entry.kind } : {},
         ...entry.model !== undefined ? { model: entry.model } : {},
         ...entry.context !== undefined ? { context: entry.context } : {},
-        ...entry.poll !== undefined ? { poll: entry.poll } : {}
+        ...entry.poll !== undefined ? { poll: entry.poll } : {},
+        ...entry.action !== undefined ? { action: entry.action } : {}
       });
     }
   }
@@ -12270,7 +12318,7 @@ function dispatchAsInbound(entry, options, dispatcher) {
     user: "cron",
     userId: 0,
     ts,
-    text: entry.prompt,
+    text: entry.prompt ?? "",
     meta: {
       source: "cron",
       schedule_index: String(entry.scheduleIndex),
@@ -12298,6 +12346,9 @@ function resolveCronModel(model) {
   return isKnownCheapModel(model) ? model : DEFAULT_CRON_MODEL;
 }
 function resolveCronRouting(input, opts) {
+  if ((input.kind ?? "prompt") === "action") {
+    return { tier: "action", session: null, customModelDowngrade: false };
+  }
   if (!opts.cheapCronEnabled) {
     return { tier: "main", session: "main", customModelDowngrade: false };
   }
@@ -12329,10 +12380,97 @@ function resolveEscalationRouting(input, opts) {
   return resolveCronRouting({ ...input, kind: "prompt" }, opts);
 }
 
+// src/scheduler/cron-cadence.ts
+function csvSmallestGap(field) {
+  if (!field.includes(","))
+    return null;
+  const parts = field.split(",").map((s) => Number(s)).filter((n) => Number.isInteger(n) && n >= 0);
+  if (parts.length < 2)
+    return null;
+  const sorted = [...parts].sort((a, b) => a - b);
+  let smallest = Infinity;
+  for (let i = 1;i < sorted.length; i++) {
+    const gap = sorted[i] - sorted[i - 1];
+    if (gap > 0 && gap < smallest)
+      smallest = gap;
+  }
+  return Number.isFinite(smallest) ? smallest : null;
+}
+function estimateCronGapMin(expr) {
+  const fields = expr.trim().split(/\s+/);
+  if (fields.length < 5)
+    return Infinity;
+  const [min, hour] = fields;
+  if (min === "*")
+    return 1;
+  const minStep = min.match(/^\*\/(\d+)$/);
+  if (minStep) {
+    const n = Number(minStep[1]);
+    return n > 0 ? n : Infinity;
+  }
+  const minCsv = csvSmallestGap(min);
+  if (minCsv !== null)
+    return minCsv;
+  if (!/^\d+$/.test(min))
+    return Infinity;
+  if (hour === "*")
+    return 60;
+  const hourStep = hour.match(/^\*\/(\d+)$/);
+  if (hourStep) {
+    const n = Number(hourStep[1]);
+    return n > 0 ? n * 60 : Infinity;
+  }
+  const hourCsv = csvSmallestGap(hour);
+  if (hourCsv !== null)
+    return hourCsv * 60;
+  if (/^\d+$/.test(hour))
+    return 1440;
+  return Infinity;
+}
+
 // src/scheduler/tier-selector.ts
 var DEFAULT_FREQUENT_GAP_MIN = 60;
-function applyDefaultTier(entry, _frequentGapMin = DEFAULT_FREQUENT_GAP_MIN) {
-  return entry;
+function resolveCronAutoTier(env = process.env) {
+  const v = (env.SWITCHROOM_CRON_AUTO_TIER ?? "").toLowerCase();
+  return v === "1" || v === "true" || v === "on";
+}
+function recommendCronTier(input, frequentGapMin = DEFAULT_FREQUENT_GAP_MIN) {
+  if (input.kind === "action") {
+    return { tier: "action", source: "explicit", reason: "declared kind: action (model-free verb)" };
+  }
+  if (input.kind === "poll") {
+    return { tier: "poll", source: "explicit", reason: "declared kind: poll (model-free check)" };
+  }
+  if (input.context === "fresh") {
+    return { tier: "cheap", source: "explicit", reason: "declared context: fresh (cheap cron session)" };
+  }
+  if (input.context === "agent") {
+    return { tier: "main", source: "explicit", reason: "declared context: agent (full live session)" };
+  }
+  if (input.model !== undefined) {
+    return isKnownCheapModel(input.model) ? { tier: "cheap", source: "explicit", reason: `cheap model '${input.model}' → cheap cron session` } : { tier: "main", source: "explicit", reason: `model '${input.model}' is not a known-cheap id → full live session` };
+  }
+  if (input.smallestGapMin <= frequentGapMin) {
+    return {
+      tier: "cheap",
+      source: "cadence-default",
+      reason: `fires every ~${input.smallestGapMin}min (≤ ${frequentGapMin}min) — defaulting to a cheap ` + `session; set context: agent (or an Opus/custom model) if this needs the agent's full context`
+    };
+  }
+  return {
+    tier: "main",
+    source: "cadence-default",
+    reason: `fires every ~${input.smallestGapMin}min (> ${frequentGapMin}min) — defaulting to the agent's ` + `full session; set model: sonnet (or context: fresh) to run it cheaply`
+  };
+}
+function applyDefaultTier(entry, frequentGapMin = DEFAULT_FREQUENT_GAP_MIN, autoTierEnabled = resolveCronAutoTier()) {
+  if (!autoTierEnabled)
+    return entry;
+  if (entry.kind !== undefined || entry.context !== undefined || entry.model !== undefined) {
+    return entry;
+  }
+  const rec = recommendCronTier({ smallestGapMin: estimateCronGapMin(entry.cron) }, frequentGapMin);
+  return rec.tier === "cheap" ? { ...entry, context: "fresh" } : entry;
 }
 
 // src/agent-scheduler/cheap-cron-wiring.ts
@@ -12549,6 +12687,99 @@ async function readCapped(res, maxBytes) {
   return new TextDecoder().decode(buf);
 }
 
+// src/scheduler/action-engine.ts
+var PLACEHOLDER_RE = /\{\{\s*(date|time|agent)\s*\}\}/g;
+function substituteDeterministic(text, ctx) {
+  const d = new Date(ctx.now);
+  const date = d.toISOString().slice(0, 10);
+  const time = d.toISOString().slice(11, 16);
+  return text.replace(PLACEHOLDER_RE, (_, name) => {
+    if (name === "date")
+      return date;
+    if (name === "time")
+      return time;
+    return ctx.agent;
+  });
+}
+function substituteSecrets2(s, secretValues) {
+  return s.replace(/\{\{([a-zA-Z0-9_\-/]+)\}\}/g, (_, name) => secretValues[name] ?? "");
+}
+async function runTelegramMessage(spec, deps) {
+  const text = substituteDeterministic(spec.text, { now: deps.now(), agent: deps.agent });
+  let delivered;
+  try {
+    delivered = await deps.sendMessage(text, { parseMode: spec.parse_mode });
+  } catch (e) {
+    return { ok: false, summary: "", error: `send failed: ${e.message}` };
+  }
+  return delivered ? { ok: true, summary: `message sent (${text.length} chars)` } : { ok: false, summary: "", error: "message not delivered (no gateway / send rejected)" };
+}
+async function runWebhook(spec, deps) {
+  const gate = checkEgressUrl(spec.url, deps.allow);
+  if (!gate.ok)
+    return { ok: false, summary: "", error: `egress denied: ${gate.reason}` };
+  const host = normalizeHost(new URL(spec.url).hostname);
+  for (const s of spec.secrets) {
+    const sc = checkSecretBinding(s, host, deps.allow);
+    if (!sc.ok)
+      return { ok: false, summary: "", error: `egress denied: ${sc.reason}` };
+  }
+  try {
+    const ip = await deps.lookup(host);
+    if (ip && isBlockedAddress(ip))
+      return { ok: false, summary: "", error: `resolved ip ${ip} blocked` };
+  } catch (e) {
+    return { ok: false, summary: "", error: `dns lookup failed: ${e.message}` };
+  }
+  const secretValues = {};
+  for (const name of spec.secrets) {
+    try {
+      secretValues[name] = await deps.resolveSecret(name);
+    } catch (e) {
+      return { ok: false, summary: "", error: `secret ${name}: ${e.message}` };
+    }
+  }
+  const headers = {};
+  for (const [k, v] of Object.entries(spec.headers ?? {})) {
+    headers[k] = substituteSecrets2(v, secretValues);
+  }
+  const body = spec.body !== undefined ? substituteSecrets2(spec.body, secretValues) : undefined;
+  const controller = new AbortController;
+  const timer = setTimeout(() => controller.abort(), deps.timeoutMs ?? 5000);
+  try {
+    const res = await deps.fetchImpl(spec.url, {
+      method: spec.method,
+      headers,
+      ...body !== undefined ? { body } : {},
+      redirect: "error",
+      signal: controller.signal
+    });
+    const buf = await res.arrayBuffer();
+    if (buf.byteLength > (deps.maxBytes ?? 1024 * 1024)) {
+      return { ok: false, summary: "", error: `response ${buf.byteLength}B exceeds cap` };
+    }
+    if (!res.ok)
+      return { ok: false, summary: "", error: `http ${res.status}` };
+    return { ok: true, summary: `webhook ${spec.method} ${host} → ${res.status}` };
+  } catch (e) {
+    return { ok: false, summary: "", error: `fetch failed: ${e.message}` };
+  } finally {
+    clearTimeout(timer);
+  }
+}
+async function runAction(spec, deps) {
+  switch (spec.type) {
+    case "telegram-message":
+      return runTelegramMessage(spec, deps);
+    case "webhook":
+      return runWebhook(spec, deps);
+    default: {
+      const _never = spec;
+      return { ok: false, summary: "", error: `unknown action type: ${JSON.stringify(_never)}` };
+    }
+  }
+}
+
 // src/scheduler/poll-state.ts
 import { mkdirSync, readFileSync as readFileSync3, renameSync, writeFileSync } from "node:fs";
 import { dirname } from "node:path";
@@ -13072,6 +13303,8 @@ function buildCheapCronHooks(config, env, deps = {}) {
   const fetchImpl = deps.fetchImpl ?? fetch;
   const lookup = deps.lookup ?? defaultLookup;
   const now = deps.now ?? Date.now;
+  const agentName = deps.agentName ?? env.SWITCHROOM_AGENT_NAME ?? "-";
+  const postOutbound = deps.postOutbound;
   const runPoll = async (spec, prevCursor) => {
     if (spec.type === "http-diff") {
       return runHttpDiffPoll(spec, prevCursor, {
@@ -13084,7 +13317,18 @@ function buildCheapCronHooks(config, env, deps = {}) {
     }
     return { hit: false, baseline: false, error: `poll type '${spec.type}' not yet wired (staged)` };
   };
-  return { enabled: true, pollState, runPoll };
+  const runAction2 = async (spec, ctx) => {
+    return runAction(spec, {
+      fetchImpl,
+      resolveSecret,
+      lookup,
+      allow: egress,
+      now,
+      agent: agentName,
+      sendMessage: async (text, opts) => postOutbound ? postOutbound({ threadId: ctx.threadId, text, parseMode: opts.parseMode }) : false
+    });
+  };
+  return { enabled: true, pollState, runPoll, runAction: runAction2 };
 }
 
 // src/telegram/topic-router.ts
@@ -13876,6 +14120,17 @@ function createInjectIpcClient(options) {
         return false;
       try {
         return socket.write(JSON.stringify(msg) + `
+`);
+      } catch (err) {
+        log(`scheduler ipc: write failed: ${err.message}`);
+        return false;
+      }
+    },
+    sendOutbound(msg) {
+      if (!socket || !connected)
+        return false;
+      try {
+        return socket.write(JSON.stringify(msg) + `
 `);
       } catch (err) {
         log(`scheduler ipc: write failed: ${err.message}`);
@@ -14229,7 +14484,7 @@ function readRecentFires(jsonlPath) {
 
 // src/agent-scheduler/index.ts
 function templateEscalationPrompt(prompt, diff) {
-  return prompt.replace(/\{\{\s*diff\s*\}\}/g, diff);
+  return (prompt ?? "").replace(/\{\{\s*diff\s*\}\}/g, diff);
 }
 function recoverPendingEscalations(opts) {
   let recovered = 0;
@@ -14374,6 +14629,28 @@ function registerAgentSchedule(opts) {
         });
         return;
       }
+      if (routing.tier === "action") {
+        if (!opts.cheapCron?.runAction || !entry.action) {
+          record({
+            exitCode: -4,
+            summary: !entry.action ? "action skipped — no action spec on entry" : "action skipped — action transport unavailable",
+            tier: "action"
+          });
+          return;
+        }
+        let outcome;
+        try {
+          outcome = await opts.cheapCron.runAction(entry.action, { threadId });
+        } catch (err) {
+          outcome = { ok: false, summary: "", error: err.message };
+        }
+        record({
+          exitCode: outcome.ok ? 0 : -4,
+          summary: outcome.ok ? `action ok: ${outcome.summary}` : `action error: ${outcome.error}`,
+          tier: "action"
+        });
+        return;
+      }
       let delivered = false;
       let summary = "";
       try {
@@ -14547,6 +14824,19 @@ async function main() {
         const cheapEnabledForReplay = isCheapCronEnabled(process.env);
         for (const m of missed) {
           const startedAt = Date.now();
+          if (m.entry.kind === "action") {
+            sink.recordFire({
+              agent: m.entry.agent,
+              scheduleIndex: m.entry.scheduleIndex,
+              promptKey: m.entry.promptKey,
+              exitCode: 0,
+              outputSummary: "action replay skipped — runs on next tick (never double-fired)",
+              startedAt,
+              finishedAt: Date.now(),
+              tier: "action"
+            });
+            continue;
+          }
           if (cheapEnabledForReplay && m.entry.kind === "poll") {
             sink.recordFire({
               agent: m.entry.agent,
@@ -14577,7 +14867,8 @@ async function main() {
         process.stdout.write(`agent-scheduler: ${staleSkipped.length} scheduled run(s) ` + `skipped (older than ${windowMinutes}min window) — notifying user
 `);
         const lines = staleSkipped.map((s) => {
-          const oneLine = s.entry.prompt.replace(/\s+/g, " ").trim().slice(0, 80);
+          const label = s.entry.prompt ?? `action: ${s.entry.action?.type ?? "?"}`;
+          const oneLine = label.replace(/\s+/g, " ").trim().slice(0, 80);
           return `- "${oneLine}" — cron \`${s.entry.cron}\`, ` + `most recent missed run ~${new Date(s.expectedFireMs).toISOString()}`;
         });
         const noticeText = "[switchroom scheduler notice] While this agent was offline, the " + "following scheduled task(s) had at least one run skipped. They were " + `older than the ${windowMinutes}-minute catch-up window, so they ` + `will NOT be re-run:
@@ -14633,7 +14924,15 @@ Briefly and plainly tell the user these scheduled runs did not ` + "happen so th
       await client.close().catch(() => {});
     }
   } : undefined;
-  const cheapCron = buildCheapCronHooks(config, process.env);
+  const postOutbound = (args) => ipcClient.sendOutbound({
+    type: "send_outbound",
+    agentName,
+    chatId: channel.chatId,
+    ...args.threadId != null ? { threadId: args.threadId } : {},
+    text: args.text,
+    parseMode: args.parseMode
+  });
+  const cheapCron = buildCheapCronHooks(config, process.env, { agentName, postOutbound });
   if (cheapCron) {
     const recovered = recoverPendingEscalations({
       entries,

package/dist/auth-broker/index.js

@@ -10989,11 +10989,29 @@ var PollSpecSchema = exports_external.discriminatedUnion("type", [
   HttpDiffPollSchema,
   TelegramReactionsPollSchema
 ]);
+var TelegramMessageActionSchema = exports_external.object({
+  type: exports_external.literal("telegram-message"),
+  text: exports_external.string().min(1).describe("Operator-authored message text. Posts to the AGENT'S OWN chat only " + "(the chat is not configurable — fenced by construction), into the " + "entry-level `topic` when set. Supports ONLY deterministic placeholders " + "{{date}} / {{time}} (UTC, from the fire clock) and {{agent}}. NO vault " + "secrets (use a webhook action for secret-bearing requests) and NO model " + "output — the text is fully determined by config."),
+  parse_mode: exports_external.enum(["html", "text"]).default("html").describe("Telegram parse mode for the message body.")
+});
+var WebhookActionSchema = exports_external.object({
+  type: exports_external.literal("webhook"),
+  url: exports_external.string().url().describe("Webhook target. SAME egress fence as an http-diff poll (§6.1): https " + "only, host on the operator egress allowlist, loopback/private/link-local " + "rejected, resolved IP DNS-rebind-pinned. Not agent-writable without an " + "operator commit."),
+  method: exports_external.enum(["GET", "POST"]).default("POST"),
+  headers: exports_external.record(exports_external.string()).optional().describe("Static headers; {{secret}} substitution applies."),
+  body: exports_external.string().optional().describe("Static request body; {{secret}} substitution applies."),
+  secrets: exports_external.array(exports_external.string().regex(/^[a-zA-Z0-9_\-/]+$/, "Secret key names must contain only alphanumeric characters, underscores, hyphens, and forward slashes")).default([]).describe("Vault keys this webhook may inject into headers/body via {{name}}. Each " + "is HOST-PINNED (§6.1): a secret may only be sent to the host it is bound " + "to in operator config, so an approved action cannot exfil it elsewhere.")
+});
+var ActionSpecSchema = exports_external.discriminatedUnion("type", [
+  TelegramMessageActionSchema,
+  WebhookActionSchema
+]);
 var ScheduleEntrySchema = exports_external.object({
   cron: exports_external.string().describe("Cron expression (e.g., '0 8 * * *')"),
-  prompt: exports_external.string().describe("Prompt to send at the scheduled time (the escalation prompt when kind=poll; templated with {{diff}})."),
-  kind: exports_external.enum(["poll", "prompt"]).optional().describe("Tier-0 routing (docs/rfcs/cheap-cron-sessions.md). 'prompt' (default) " + "fires a model turn every tick (Tier 1/2 per `context`). 'poll' runs a " + "model-free deterministic check (requires `poll`) and only escalates to " + "a model fire on a hit. Honoured only when SWITCHROOM_CHEAP_CRON is on."),
+  prompt: exports_external.string().optional().describe("Prompt to send at the scheduled time (the escalation prompt when " + "kind=poll; templated with {{diff}}). Required for kind prompt/poll; " + "absent for kind=action (an action has no model fire, so no prompt)."),
+  kind: exports_external.enum(["poll", "prompt", "action"]).optional().describe("Tier-0 routing (docs/rfcs/cheap-cron-sessions.md). 'prompt' (default) " + "fires a model turn every tick (Tier 1/2 per `context`). 'poll' runs a " + "model-free deterministic check (requires `poll`) and only escalates to " + "a model fire on a hit. 'action' runs a model-free deterministic verb " + "(requires `action`) that COMPLETES the work and never escalates — zero " + "tokens, no session. poll/prompt are honoured only when " + "SWITCHROOM_CHEAP_CRON is on; an action is model-free regardless (the " + "kill-switch governs model tiering, not deterministic actions)."),
   poll: PollSpecSchema.optional().describe("Required iff kind=poll. The declarative poll spec."),
+  action: ActionSpecSchema.optional().describe("Required iff kind=action. The declarative action spec (telegram-message or webhook)."),
   model: exports_external.string().optional().describe("Cron model hint. Reactivated by SWITCHROOM_CHEAP_CRON (was DEPRECATED/" + "IGNORED in v0.8). A known-cheap id (sonnet/haiku family) routes the " + "fire to a fresh cheap cron session (Tier 1, `context: fresh`); 'opus', " + "a custom id, or unset routes to the agent's live session (Tier 2, " + "`context: agent`) — the conservative default that preserves pre-v0.8 " + "behaviour. Note: a live session's model is fixed at launch, so on Tier " + "2 this is informational. See docs/scheduling.md."),
   context: exports_external.enum(["fresh", "agent"]).optional().describe("Does this cron need the agent, or just a model? 'fresh' → a minimal-" + "context cheap cron session (Tier 1). 'agent' → the agent's live " + "session with full persona/memory (Tier 2). Unset → inferred from " + "`model` (cheap→fresh, else agent). Honoured only when " + "SWITCHROOM_CHEAP_CRON is on."),
   secrets: exports_external.array(exports_external.string().regex(/^[a-zA-Z0-9_\-/]+$/, "Secret key names must contain only alphanumeric characters, underscores, hyphens, and forward slashes")).default([]).describe("Vault key names this cron task may read via the vault-broker daemon. " + "Empty by default — broker requests for unlisted keys are denied. " + "Note: this is misconfiguration protection (a typo in cron-A doesn't " + "accidentally read cron-B's keys) rather than a security boundary — " + "anyone who can edit cron scripts can also edit switchroom.yaml, and " + "anyone with the vault passphrase can read the vault file directly. " + "See docs/configuration.md for the full framing."),
@@ -11010,13 +11028,41 @@ var ScheduleEntrySchema = exports_external.object({
       message: "kind: poll requires a `poll` spec (http-diff or telegram-reactions)."
     });
   }
-  if (kind === "prompt" && entry.poll) {
+  if (kind !== "poll" && entry.poll) {
     ctx.addIssue({
       code: exports_external.ZodIssueCode.custom,
       path: ["poll"],
       message: "`poll` is only valid when kind: poll."
     });
   }
+  if (kind === "action" && !entry.action) {
+    ctx.addIssue({
+      code: exports_external.ZodIssueCode.custom,
+      path: ["action"],
+      message: "kind: action requires an `action` spec (telegram-message or webhook)."
+    });
+  }
+  if (kind !== "action" && entry.action) {
+    ctx.addIssue({
+      code: exports_external.ZodIssueCode.custom,
+      path: ["action"],
+      message: "`action` is only valid when kind: action."
+    });
+  }
+  if (kind !== "action" && (entry.prompt === undefined || entry.prompt.trim() === "")) {
+    ctx.addIssue({
+      code: exports_external.ZodIssueCode.custom,
+      path: ["prompt"],
+      message: `kind: ${kind} requires a non-empty \`prompt\`.`
+    });
+  }
+  if (kind === "action" && entry.prompt !== undefined) {
+    ctx.addIssue({
+      code: exports_external.ZodIssueCode.custom,
+      path: ["prompt"],
+      message: "`prompt` is not valid for kind: action (an action never fires a model)."
+    });
+  }
 });
 var AgentSoulSchema = exports_external.object({
   name: exports_external.string().describe("Agent persona name (e.g., 'Coach', 'Sage')"),

package/dist/cli/notion-write-pretool.mjs

@@ -11737,11 +11737,29 @@ var PollSpecSchema = exports_external.discriminatedUnion("type", [
   HttpDiffPollSchema,
   TelegramReactionsPollSchema
 ]);
+var TelegramMessageActionSchema = exports_external.object({
+  type: exports_external.literal("telegram-message"),
+  text: exports_external.string().min(1).describe("Operator-authored message text. Posts to the AGENT'S OWN chat only " + "(the chat is not configurable \u2014 fenced by construction), into the " + "entry-level `topic` when set. Supports ONLY deterministic placeholders " + "{{date}} / {{time}} (UTC, from the fire clock) and {{agent}}. NO vault " + "secrets (use a webhook action for secret-bearing requests) and NO model " + "output \u2014 the text is fully determined by config."),
+  parse_mode: exports_external.enum(["html", "text"]).default("html").describe("Telegram parse mode for the message body.")
+});
+var WebhookActionSchema = exports_external.object({
+  type: exports_external.literal("webhook"),
+  url: exports_external.string().url().describe("Webhook target. SAME egress fence as an http-diff poll (\u00a76.1): https " + "only, host on the operator egress allowlist, loopback/private/link-local " + "rejected, resolved IP DNS-rebind-pinned. Not agent-writable without an " + "operator commit."),
+  method: exports_external.enum(["GET", "POST"]).default("POST"),
+  headers: exports_external.record(exports_external.string()).optional().describe("Static headers; {{secret}} substitution applies."),
+  body: exports_external.string().optional().describe("Static request body; {{secret}} substitution applies."),
+  secrets: exports_external.array(exports_external.string().regex(/^[a-zA-Z0-9_\-/]+$/, "Secret key names must contain only alphanumeric characters, underscores, hyphens, and forward slashes")).default([]).describe("Vault keys this webhook may inject into headers/body via {{name}}. Each " + "is HOST-PINNED (\u00a76.1): a secret may only be sent to the host it is bound " + "to in operator config, so an approved action cannot exfil it elsewhere.")
+});
+var ActionSpecSchema = exports_external.discriminatedUnion("type", [
+  TelegramMessageActionSchema,
+  WebhookActionSchema
+]);
 var ScheduleEntrySchema = exports_external.object({
   cron: exports_external.string().describe("Cron expression (e.g., '0 8 * * *')"),
-  prompt: exports_external.string().describe("Prompt to send at the scheduled time (the escalation prompt when kind=poll; templated with {{diff}})."),
-  kind: exports_external.enum(["poll", "prompt"]).optional().describe("Tier-0 routing (docs/rfcs/cheap-cron-sessions.md). 'prompt' (default) " + "fires a model turn every tick (Tier 1/2 per `context`). 'poll' runs a " + "model-free deterministic check (requires `poll`) and only escalates to " + "a model fire on a hit. Honoured only when SWITCHROOM_CHEAP_CRON is on."),
+  prompt: exports_external.string().optional().describe("Prompt to send at the scheduled time (the escalation prompt when " + "kind=poll; templated with {{diff}}). Required for kind prompt/poll; " + "absent for kind=action (an action has no model fire, so no prompt)."),
+  kind: exports_external.enum(["poll", "prompt", "action"]).optional().describe("Tier-0 routing (docs/rfcs/cheap-cron-sessions.md). 'prompt' (default) " + "fires a model turn every tick (Tier 1/2 per `context`). 'poll' runs a " + "model-free deterministic check (requires `poll`) and only escalates to " + "a model fire on a hit. 'action' runs a model-free deterministic verb " + "(requires `action`) that COMPLETES the work and never escalates \u2014 zero " + "tokens, no session. poll/prompt are honoured only when " + "SWITCHROOM_CHEAP_CRON is on; an action is model-free regardless (the " + "kill-switch governs model tiering, not deterministic actions)."),
   poll: PollSpecSchema.optional().describe("Required iff kind=poll. The declarative poll spec."),
+  action: ActionSpecSchema.optional().describe("Required iff kind=action. The declarative action spec (telegram-message or webhook)."),
   model: exports_external.string().optional().describe("Cron model hint. Reactivated by SWITCHROOM_CHEAP_CRON (was DEPRECATED/" + "IGNORED in v0.8). A known-cheap id (sonnet/haiku family) routes the " + "fire to a fresh cheap cron session (Tier 1, `context: fresh`); 'opus', " + "a custom id, or unset routes to the agent's live session (Tier 2, " + "`context: agent`) \u2014 the conservative default that preserves pre-v0.8 " + "behaviour. Note: a live session's model is fixed at launch, so on Tier " + "2 this is informational. See docs/scheduling.md."),
   context: exports_external.enum(["fresh", "agent"]).optional().describe("Does this cron need the agent, or just a model? 'fresh' \u2192 a minimal-" + "context cheap cron session (Tier 1). 'agent' \u2192 the agent's live " + "session with full persona/memory (Tier 2). Unset \u2192 inferred from " + "`model` (cheap\u2192fresh, else agent). Honoured only when " + "SWITCHROOM_CHEAP_CRON is on."),
   secrets: exports_external.array(exports_external.string().regex(/^[a-zA-Z0-9_\-/]+$/, "Secret key names must contain only alphanumeric characters, underscores, hyphens, and forward slashes")).default([]).describe("Vault key names this cron task may read via the vault-broker daemon. " + "Empty by default \u2014 broker requests for unlisted keys are denied. " + "Note: this is misconfiguration protection (a typo in cron-A doesn't " + "accidentally read cron-B's keys) rather than a security boundary \u2014 " + "anyone who can edit cron scripts can also edit switchroom.yaml, and " + "anyone with the vault passphrase can read the vault file directly. " + "See docs/configuration.md for the full framing."),
@@ -11758,13 +11776,41 @@ var ScheduleEntrySchema = exports_external.object({
       message: "kind: poll requires a `poll` spec (http-diff or telegram-reactions)."
     });
   }
-  if (kind === "prompt" && entry.poll) {
+  if (kind !== "poll" && entry.poll) {
     ctx.addIssue({
       code: exports_external.ZodIssueCode.custom,
       path: ["poll"],
       message: "`poll` is only valid when kind: poll."
     });
   }
+  if (kind === "action" && !entry.action) {
+    ctx.addIssue({
+      code: exports_external.ZodIssueCode.custom,
+      path: ["action"],
+      message: "kind: action requires an `action` spec (telegram-message or webhook)."
+    });
+  }
+  if (kind !== "action" && entry.action) {
+    ctx.addIssue({
+      code: exports_external.ZodIssueCode.custom,
+      path: ["action"],
+      message: "`action` is only valid when kind: action."
+    });
+  }
+  if (kind !== "action" && (entry.prompt === undefined || entry.prompt.trim() === "")) {
+    ctx.addIssue({
+      code: exports_external.ZodIssueCode.custom,
+      path: ["prompt"],
+      message: `kind: ${kind} requires a non-empty \`prompt\`.`
+    });
+  }
+  if (kind === "action" && entry.prompt !== undefined) {
+    ctx.addIssue({
+      code: exports_external.ZodIssueCode.custom,
+      path: ["prompt"],
+      message: "`prompt` is not valid for kind: action (an action never fires a model)."
+    });
+  }
 });
 var AgentSoulSchema = exports_external.object({
   name: exports_external.string().describe("Agent persona name (e.g., 'Coach', 'Sage')"),