switchroom 0.15.13 → 0.15.15

package/dist/host-control/main.js

@@ -13724,11 +13724,29 @@ var PollSpecSchema = exports_external.discriminatedUnion("type", [
   HttpDiffPollSchema,
   TelegramReactionsPollSchema
 ]);
+var TelegramMessageActionSchema = exports_external.object({
+  type: exports_external.literal("telegram-message"),
+  text: exports_external.string().min(1).describe("Operator-authored message text. Posts to the AGENT'S OWN chat only " + "(the chat is not configurable — fenced by construction), into the " + "entry-level `topic` when set. Supports ONLY deterministic placeholders " + "{{date}} / {{time}} (UTC, from the fire clock) and {{agent}}. NO vault " + "secrets (use a webhook action for secret-bearing requests) and NO model " + "output — the text is fully determined by config."),
+  parse_mode: exports_external.enum(["html", "text"]).default("html").describe("Telegram parse mode for the message body.")
+});
+var WebhookActionSchema = exports_external.object({
+  type: exports_external.literal("webhook"),
+  url: exports_external.string().url().describe("Webhook target. SAME egress fence as an http-diff poll (§6.1): https " + "only, host on the operator egress allowlist, loopback/private/link-local " + "rejected, resolved IP DNS-rebind-pinned. Not agent-writable without an " + "operator commit."),
+  method: exports_external.enum(["GET", "POST"]).default("POST"),
+  headers: exports_external.record(exports_external.string()).optional().describe("Static headers; {{secret}} substitution applies."),
+  body: exports_external.string().optional().describe("Static request body; {{secret}} substitution applies."),
+  secrets: exports_external.array(exports_external.string().regex(/^[a-zA-Z0-9_\-/]+$/, "Secret key names must contain only alphanumeric characters, underscores, hyphens, and forward slashes")).default([]).describe("Vault keys this webhook may inject into headers/body via {{name}}. Each " + "is HOST-PINNED (§6.1): a secret may only be sent to the host it is bound " + "to in operator config, so an approved action cannot exfil it elsewhere.")
+});
+var ActionSpecSchema = exports_external.discriminatedUnion("type", [
+  TelegramMessageActionSchema,
+  WebhookActionSchema
+]);
 var ScheduleEntrySchema = exports_external.object({
   cron: exports_external.string().describe("Cron expression (e.g., '0 8 * * *')"),
-  prompt: exports_external.string().describe("Prompt to send at the scheduled time (the escalation prompt when kind=poll; templated with {{diff}})."),
-  kind: exports_external.enum(["poll", "prompt"]).optional().describe("Tier-0 routing (docs/rfcs/cheap-cron-sessions.md). 'prompt' (default) " + "fires a model turn every tick (Tier 1/2 per `context`). 'poll' runs a " + "model-free deterministic check (requires `poll`) and only escalates to " + "a model fire on a hit. Honoured only when SWITCHROOM_CHEAP_CRON is on."),
+  prompt: exports_external.string().optional().describe("Prompt to send at the scheduled time (the escalation prompt when " + "kind=poll; templated with {{diff}}). Required for kind prompt/poll; " + "absent for kind=action (an action has no model fire, so no prompt)."),
+  kind: exports_external.enum(["poll", "prompt", "action"]).optional().describe("Tier-0 routing (docs/rfcs/cheap-cron-sessions.md). 'prompt' (default) " + "fires a model turn every tick (Tier 1/2 per `context`). 'poll' runs a " + "model-free deterministic check (requires `poll`) and only escalates to " + "a model fire on a hit. 'action' runs a model-free deterministic verb " + "(requires `action`) that COMPLETES the work and never escalates — zero " + "tokens, no session. poll/prompt are honoured only when " + "SWITCHROOM_CHEAP_CRON is on; an action is model-free regardless (the " + "kill-switch governs model tiering, not deterministic actions)."),
   poll: PollSpecSchema.optional().describe("Required iff kind=poll. The declarative poll spec."),
+  action: ActionSpecSchema.optional().describe("Required iff kind=action. The declarative action spec (telegram-message or webhook)."),
   model: exports_external.string().optional().describe("Cron model hint. Reactivated by SWITCHROOM_CHEAP_CRON (was DEPRECATED/" + "IGNORED in v0.8). A known-cheap id (sonnet/haiku family) routes the " + "fire to a fresh cheap cron session (Tier 1, `context: fresh`); 'opus', " + "a custom id, or unset routes to the agent's live session (Tier 2, " + "`context: agent`) — the conservative default that preserves pre-v0.8 " + "behaviour. Note: a live session's model is fixed at launch, so on Tier " + "2 this is informational. See docs/scheduling.md."),
   context: exports_external.enum(["fresh", "agent"]).optional().describe("Does this cron need the agent, or just a model? 'fresh' → a minimal-" + "context cheap cron session (Tier 1). 'agent' → the agent's live " + "session with full persona/memory (Tier 2). Unset → inferred from " + "`model` (cheap→fresh, else agent). Honoured only when " + "SWITCHROOM_CHEAP_CRON is on."),
   secrets: exports_external.array(exports_external.string().regex(/^[a-zA-Z0-9_\-/]+$/, "Secret key names must contain only alphanumeric characters, underscores, hyphens, and forward slashes")).default([]).describe("Vault key names this cron task may read via the vault-broker daemon. " + "Empty by default — broker requests for unlisted keys are denied. " + "Note: this is misconfiguration protection (a typo in cron-A doesn't " + "accidentally read cron-B's keys) rather than a security boundary — " + "anyone who can edit cron scripts can also edit switchroom.yaml, and " + "anyone with the vault passphrase can read the vault file directly. " + "See docs/configuration.md for the full framing."),
@@ -13745,13 +13763,41 @@ var ScheduleEntrySchema = exports_external.object({
       message: "kind: poll requires a `poll` spec (http-diff or telegram-reactions)."
     });
   }
-  if (kind === "prompt" && entry.poll) {
+  if (kind !== "poll" && entry.poll) {
     ctx.addIssue({
       code: exports_external.ZodIssueCode.custom,
       path: ["poll"],
       message: "`poll` is only valid when kind: poll."
     });
   }
+  if (kind === "action" && !entry.action) {
+    ctx.addIssue({
+      code: exports_external.ZodIssueCode.custom,
+      path: ["action"],
+      message: "kind: action requires an `action` spec (telegram-message or webhook)."
+    });
+  }
+  if (kind !== "action" && entry.action) {
+    ctx.addIssue({
+      code: exports_external.ZodIssueCode.custom,
+      path: ["action"],
+      message: "`action` is only valid when kind: action."
+    });
+  }
+  if (kind !== "action" && (entry.prompt === undefined || entry.prompt.trim() === "")) {
+    ctx.addIssue({
+      code: exports_external.ZodIssueCode.custom,
+      path: ["prompt"],
+      message: `kind: ${kind} requires a non-empty \`prompt\`.`
+    });
+  }
+  if (kind === "action" && entry.prompt !== undefined) {
+    ctx.addIssue({
+      code: exports_external.ZodIssueCode.custom,
+      path: ["prompt"],
+      message: "`prompt` is not valid for kind: action (an action never fires a model)."
+    });
+  }
 });
 var AgentSoulSchema = exports_external.object({
   name: exports_external.string().describe("Agent persona name (e.g., 'Coach', 'Sage')"),

package/dist/vault/approvals/kernel-server.js

@@ -11299,7 +11299,7 @@ var init_dist = __esm(() => {
 });
 
 // src/config/schema.ts
-var CodeRepoEntrySchema, AgentBindMountSchema, HttpDiffPollSchema, TelegramReactionsPollSchema, PollSpecSchema, ScheduleEntrySchema, AgentSoulSchema, AgentToolsSchema, AgentMemorySchema, HookEntrySchema, AgentHooksSchema, SubagentSchema, SessionSchema, SessionContinuitySchema, webhookDispatchRule, TelegramChannelSchema, ChannelsSchema, TIMEZONE_REGEX, ApproverIdSchema, GoogleWorkspaceTierSchema, GoogleWorkspaceConfigSchema, MicrosoftWorkspaceConfigSchema, NotionWorkspaceConfigSchema, AgentGoogleWorkspaceConfigSchema, AgentMicrosoftWorkspaceConfigSchema, AgentNotionWorkspaceConfigSchema, ReactionsSchema, ReactionDispatchSchema, ReleaseBlock, NetworkIsolationSchema, profileFields, ProfileSchema, _omitExtends, defaultsFields, AgentDefaultsSchema, AgentSchema, TelegramConfigSchema, MemoryBackendConfigSchema, VaultConfigSchema, QuotaConfigSchema, AutoReleaseCheckSchema, HostControlConfigSchema, WebServiceConfigSchema, HostdConfigSchema, CronEgressSchema, CronConfigSchema, SwitchroomConfigSchema;
+var CodeRepoEntrySchema, AgentBindMountSchema, HttpDiffPollSchema, TelegramReactionsPollSchema, PollSpecSchema, TelegramMessageActionSchema, WebhookActionSchema, ActionSpecSchema, ScheduleEntrySchema, AgentSoulSchema, AgentToolsSchema, AgentMemorySchema, HookEntrySchema, AgentHooksSchema, SubagentSchema, SessionSchema, SessionContinuitySchema, webhookDispatchRule, TelegramChannelSchema, ChannelsSchema, TIMEZONE_REGEX, ApproverIdSchema, GoogleWorkspaceTierSchema, GoogleWorkspaceConfigSchema, MicrosoftWorkspaceConfigSchema, NotionWorkspaceConfigSchema, AgentGoogleWorkspaceConfigSchema, AgentMicrosoftWorkspaceConfigSchema, AgentNotionWorkspaceConfigSchema, ReactionsSchema, ReactionDispatchSchema, ReleaseBlock, NetworkIsolationSchema, profileFields, ProfileSchema, _omitExtends, defaultsFields, AgentDefaultsSchema, AgentSchema, TelegramConfigSchema, MemoryBackendConfigSchema, VaultConfigSchema, QuotaConfigSchema, AutoReleaseCheckSchema, HostControlConfigSchema, WebServiceConfigSchema, HostdConfigSchema, CronEgressSchema, CronConfigSchema, SwitchroomConfigSchema;
 var init_schema = __esm(() => {
   init_zod();
   CodeRepoEntrySchema = exports_external.object({
@@ -11332,11 +11332,29 @@ var init_schema = __esm(() => {
     HttpDiffPollSchema,
     TelegramReactionsPollSchema
   ]);
+  TelegramMessageActionSchema = exports_external.object({
+    type: exports_external.literal("telegram-message"),
+    text: exports_external.string().min(1).describe("Operator-authored message text. Posts to the AGENT'S OWN chat only " + "(the chat is not configurable — fenced by construction), into the " + "entry-level `topic` when set. Supports ONLY deterministic placeholders " + "{{date}} / {{time}} (UTC, from the fire clock) and {{agent}}. NO vault " + "secrets (use a webhook action for secret-bearing requests) and NO model " + "output — the text is fully determined by config."),
+    parse_mode: exports_external.enum(["html", "text"]).default("html").describe("Telegram parse mode for the message body.")
+  });
+  WebhookActionSchema = exports_external.object({
+    type: exports_external.literal("webhook"),
+    url: exports_external.string().url().describe("Webhook target. SAME egress fence as an http-diff poll (§6.1): https " + "only, host on the operator egress allowlist, loopback/private/link-local " + "rejected, resolved IP DNS-rebind-pinned. Not agent-writable without an " + "operator commit."),
+    method: exports_external.enum(["GET", "POST"]).default("POST"),
+    headers: exports_external.record(exports_external.string()).optional().describe("Static headers; {{secret}} substitution applies."),
+    body: exports_external.string().optional().describe("Static request body; {{secret}} substitution applies."),
+    secrets: exports_external.array(exports_external.string().regex(/^[a-zA-Z0-9_\-/]+$/, "Secret key names must contain only alphanumeric characters, underscores, hyphens, and forward slashes")).default([]).describe("Vault keys this webhook may inject into headers/body via {{name}}. Each " + "is HOST-PINNED (§6.1): a secret may only be sent to the host it is bound " + "to in operator config, so an approved action cannot exfil it elsewhere.")
+  });
+  ActionSpecSchema = exports_external.discriminatedUnion("type", [
+    TelegramMessageActionSchema,
+    WebhookActionSchema
+  ]);
   ScheduleEntrySchema = exports_external.object({
     cron: exports_external.string().describe("Cron expression (e.g., '0 8 * * *')"),
-    prompt: exports_external.string().describe("Prompt to send at the scheduled time (the escalation prompt when kind=poll; templated with {{diff}})."),
-    kind: exports_external.enum(["poll", "prompt"]).optional().describe("Tier-0 routing (docs/rfcs/cheap-cron-sessions.md). 'prompt' (default) " + "fires a model turn every tick (Tier 1/2 per `context`). 'poll' runs a " + "model-free deterministic check (requires `poll`) and only escalates to " + "a model fire on a hit. Honoured only when SWITCHROOM_CHEAP_CRON is on."),
+    prompt: exports_external.string().optional().describe("Prompt to send at the scheduled time (the escalation prompt when " + "kind=poll; templated with {{diff}}). Required for kind prompt/poll; " + "absent for kind=action (an action has no model fire, so no prompt)."),
+    kind: exports_external.enum(["poll", "prompt", "action"]).optional().describe("Tier-0 routing (docs/rfcs/cheap-cron-sessions.md). 'prompt' (default) " + "fires a model turn every tick (Tier 1/2 per `context`). 'poll' runs a " + "model-free deterministic check (requires `poll`) and only escalates to " + "a model fire on a hit. 'action' runs a model-free deterministic verb " + "(requires `action`) that COMPLETES the work and never escalates — zero " + "tokens, no session. poll/prompt are honoured only when " + "SWITCHROOM_CHEAP_CRON is on; an action is model-free regardless (the " + "kill-switch governs model tiering, not deterministic actions)."),
     poll: PollSpecSchema.optional().describe("Required iff kind=poll. The declarative poll spec."),
+    action: ActionSpecSchema.optional().describe("Required iff kind=action. The declarative action spec (telegram-message or webhook)."),
     model: exports_external.string().optional().describe("Cron model hint. Reactivated by SWITCHROOM_CHEAP_CRON (was DEPRECATED/" + "IGNORED in v0.8). A known-cheap id (sonnet/haiku family) routes the " + "fire to a fresh cheap cron session (Tier 1, `context: fresh`); 'opus', " + "a custom id, or unset routes to the agent's live session (Tier 2, " + "`context: agent`) — the conservative default that preserves pre-v0.8 " + "behaviour. Note: a live session's model is fixed at launch, so on Tier " + "2 this is informational. See docs/scheduling.md."),
     context: exports_external.enum(["fresh", "agent"]).optional().describe("Does this cron need the agent, or just a model? 'fresh' → a minimal-" + "context cheap cron session (Tier 1). 'agent' → the agent's live " + "session with full persona/memory (Tier 2). Unset → inferred from " + "`model` (cheap→fresh, else agent). Honoured only when " + "SWITCHROOM_CHEAP_CRON is on."),
     secrets: exports_external.array(exports_external.string().regex(/^[a-zA-Z0-9_\-/]+$/, "Secret key names must contain only alphanumeric characters, underscores, hyphens, and forward slashes")).default([]).describe("Vault key names this cron task may read via the vault-broker daemon. " + "Empty by default — broker requests for unlisted keys are denied. " + "Note: this is misconfiguration protection (a typo in cron-A doesn't " + "accidentally read cron-B's keys) rather than a security boundary — " + "anyone who can edit cron scripts can also edit switchroom.yaml, and " + "anyone with the vault passphrase can read the vault file directly. " + "See docs/configuration.md for the full framing."),
@@ -11353,13 +11371,41 @@ var init_schema = __esm(() => {
         message: "kind: poll requires a `poll` spec (http-diff or telegram-reactions)."
       });
     }
-    if (kind === "prompt" && entry.poll) {
+    if (kind !== "poll" && entry.poll) {
       ctx.addIssue({
         code: exports_external.ZodIssueCode.custom,
         path: ["poll"],
         message: "`poll` is only valid when kind: poll."
       });
     }
+    if (kind === "action" && !entry.action) {
+      ctx.addIssue({
+        code: exports_external.ZodIssueCode.custom,
+        path: ["action"],
+        message: "kind: action requires an `action` spec (telegram-message or webhook)."
+      });
+    }
+    if (kind !== "action" && entry.action) {
+      ctx.addIssue({
+        code: exports_external.ZodIssueCode.custom,
+        path: ["action"],
+        message: "`action` is only valid when kind: action."
+      });
+    }
+    if (kind !== "action" && (entry.prompt === undefined || entry.prompt.trim() === "")) {
+      ctx.addIssue({
+        code: exports_external.ZodIssueCode.custom,
+        path: ["prompt"],
+        message: `kind: ${kind} requires a non-empty \`prompt\`.`
+      });
+    }
+    if (kind === "action" && entry.prompt !== undefined) {
+      ctx.addIssue({
+        code: exports_external.ZodIssueCode.custom,
+        path: ["prompt"],
+        message: "`prompt` is not valid for kind: action (an action never fires a model)."
+      });
+    }
   });
   AgentSoulSchema = exports_external.object({
     name: exports_external.string().describe("Agent persona name (e.g., 'Coach', 'Sage')"),

package/dist/vault/broker/server.js

@@ -11299,7 +11299,7 @@ var init_zod = __esm(() => {
 });
 
 // src/config/schema.ts
-var CodeRepoEntrySchema, AgentBindMountSchema, HttpDiffPollSchema, TelegramReactionsPollSchema, PollSpecSchema, ScheduleEntrySchema, AgentSoulSchema, AgentToolsSchema, AgentMemorySchema, HookEntrySchema, AgentHooksSchema, SubagentSchema, SessionSchema, SessionContinuitySchema, webhookDispatchRule, TelegramChannelSchema, ChannelsSchema, TIMEZONE_REGEX, ApproverIdSchema, GoogleWorkspaceTierSchema, GoogleWorkspaceConfigSchema, MicrosoftWorkspaceConfigSchema, NotionWorkspaceConfigSchema, AgentGoogleWorkspaceConfigSchema, AgentMicrosoftWorkspaceConfigSchema, AgentNotionWorkspaceConfigSchema, ReactionsSchema, ReactionDispatchSchema, ReleaseBlock, NetworkIsolationSchema, profileFields, ProfileSchema, _omitExtends, defaultsFields, AgentDefaultsSchema, AgentSchema, TelegramConfigSchema, MemoryBackendConfigSchema, VaultConfigSchema, QuotaConfigSchema, AutoReleaseCheckSchema, HostControlConfigSchema, WebServiceConfigSchema, HostdConfigSchema, CronEgressSchema, CronConfigSchema, SwitchroomConfigSchema;
+var CodeRepoEntrySchema, AgentBindMountSchema, HttpDiffPollSchema, TelegramReactionsPollSchema, PollSpecSchema, TelegramMessageActionSchema, WebhookActionSchema, ActionSpecSchema, ScheduleEntrySchema, AgentSoulSchema, AgentToolsSchema, AgentMemorySchema, HookEntrySchema, AgentHooksSchema, SubagentSchema, SessionSchema, SessionContinuitySchema, webhookDispatchRule, TelegramChannelSchema, ChannelsSchema, TIMEZONE_REGEX, ApproverIdSchema, GoogleWorkspaceTierSchema, GoogleWorkspaceConfigSchema, MicrosoftWorkspaceConfigSchema, NotionWorkspaceConfigSchema, AgentGoogleWorkspaceConfigSchema, AgentMicrosoftWorkspaceConfigSchema, AgentNotionWorkspaceConfigSchema, ReactionsSchema, ReactionDispatchSchema, ReleaseBlock, NetworkIsolationSchema, profileFields, ProfileSchema, _omitExtends, defaultsFields, AgentDefaultsSchema, AgentSchema, TelegramConfigSchema, MemoryBackendConfigSchema, VaultConfigSchema, QuotaConfigSchema, AutoReleaseCheckSchema, HostControlConfigSchema, WebServiceConfigSchema, HostdConfigSchema, CronEgressSchema, CronConfigSchema, SwitchroomConfigSchema;
 var init_schema = __esm(() => {
   init_zod();
   CodeRepoEntrySchema = exports_external.object({
@@ -11332,11 +11332,29 @@ var init_schema = __esm(() => {
     HttpDiffPollSchema,
     TelegramReactionsPollSchema
   ]);
+  TelegramMessageActionSchema = exports_external.object({
+    type: exports_external.literal("telegram-message"),
+    text: exports_external.string().min(1).describe("Operator-authored message text. Posts to the AGENT'S OWN chat only " + "(the chat is not configurable — fenced by construction), into the " + "entry-level `topic` when set. Supports ONLY deterministic placeholders " + "{{date}} / {{time}} (UTC, from the fire clock) and {{agent}}. NO vault " + "secrets (use a webhook action for secret-bearing requests) and NO model " + "output — the text is fully determined by config."),
+    parse_mode: exports_external.enum(["html", "text"]).default("html").describe("Telegram parse mode for the message body.")
+  });
+  WebhookActionSchema = exports_external.object({
+    type: exports_external.literal("webhook"),
+    url: exports_external.string().url().describe("Webhook target. SAME egress fence as an http-diff poll (§6.1): https " + "only, host on the operator egress allowlist, loopback/private/link-local " + "rejected, resolved IP DNS-rebind-pinned. Not agent-writable without an " + "operator commit."),
+    method: exports_external.enum(["GET", "POST"]).default("POST"),
+    headers: exports_external.record(exports_external.string()).optional().describe("Static headers; {{secret}} substitution applies."),
+    body: exports_external.string().optional().describe("Static request body; {{secret}} substitution applies."),
+    secrets: exports_external.array(exports_external.string().regex(/^[a-zA-Z0-9_\-/]+$/, "Secret key names must contain only alphanumeric characters, underscores, hyphens, and forward slashes")).default([]).describe("Vault keys this webhook may inject into headers/body via {{name}}. Each " + "is HOST-PINNED (§6.1): a secret may only be sent to the host it is bound " + "to in operator config, so an approved action cannot exfil it elsewhere.")
+  });
+  ActionSpecSchema = exports_external.discriminatedUnion("type", [
+    TelegramMessageActionSchema,
+    WebhookActionSchema
+  ]);
   ScheduleEntrySchema = exports_external.object({
     cron: exports_external.string().describe("Cron expression (e.g., '0 8 * * *')"),
-    prompt: exports_external.string().describe("Prompt to send at the scheduled time (the escalation prompt when kind=poll; templated with {{diff}})."),
-    kind: exports_external.enum(["poll", "prompt"]).optional().describe("Tier-0 routing (docs/rfcs/cheap-cron-sessions.md). 'prompt' (default) " + "fires a model turn every tick (Tier 1/2 per `context`). 'poll' runs a " + "model-free deterministic check (requires `poll`) and only escalates to " + "a model fire on a hit. Honoured only when SWITCHROOM_CHEAP_CRON is on."),
+    prompt: exports_external.string().optional().describe("Prompt to send at the scheduled time (the escalation prompt when " + "kind=poll; templated with {{diff}}). Required for kind prompt/poll; " + "absent for kind=action (an action has no model fire, so no prompt)."),
+    kind: exports_external.enum(["poll", "prompt", "action"]).optional().describe("Tier-0 routing (docs/rfcs/cheap-cron-sessions.md). 'prompt' (default) " + "fires a model turn every tick (Tier 1/2 per `context`). 'poll' runs a " + "model-free deterministic check (requires `poll`) and only escalates to " + "a model fire on a hit. 'action' runs a model-free deterministic verb " + "(requires `action`) that COMPLETES the work and never escalates — zero " + "tokens, no session. poll/prompt are honoured only when " + "SWITCHROOM_CHEAP_CRON is on; an action is model-free regardless (the " + "kill-switch governs model tiering, not deterministic actions)."),
     poll: PollSpecSchema.optional().describe("Required iff kind=poll. The declarative poll spec."),
+    action: ActionSpecSchema.optional().describe("Required iff kind=action. The declarative action spec (telegram-message or webhook)."),
     model: exports_external.string().optional().describe("Cron model hint. Reactivated by SWITCHROOM_CHEAP_CRON (was DEPRECATED/" + "IGNORED in v0.8). A known-cheap id (sonnet/haiku family) routes the " + "fire to a fresh cheap cron session (Tier 1, `context: fresh`); 'opus', " + "a custom id, or unset routes to the agent's live session (Tier 2, " + "`context: agent`) — the conservative default that preserves pre-v0.8 " + "behaviour. Note: a live session's model is fixed at launch, so on Tier " + "2 this is informational. See docs/scheduling.md."),
     context: exports_external.enum(["fresh", "agent"]).optional().describe("Does this cron need the agent, or just a model? 'fresh' → a minimal-" + "context cheap cron session (Tier 1). 'agent' → the agent's live " + "session with full persona/memory (Tier 2). Unset → inferred from " + "`model` (cheap→fresh, else agent). Honoured only when " + "SWITCHROOM_CHEAP_CRON is on."),
     secrets: exports_external.array(exports_external.string().regex(/^[a-zA-Z0-9_\-/]+$/, "Secret key names must contain only alphanumeric characters, underscores, hyphens, and forward slashes")).default([]).describe("Vault key names this cron task may read via the vault-broker daemon. " + "Empty by default — broker requests for unlisted keys are denied. " + "Note: this is misconfiguration protection (a typo in cron-A doesn't " + "accidentally read cron-B's keys) rather than a security boundary — " + "anyone who can edit cron scripts can also edit switchroom.yaml, and " + "anyone with the vault passphrase can read the vault file directly. " + "See docs/configuration.md for the full framing."),
@@ -11353,13 +11371,41 @@ var init_schema = __esm(() => {
         message: "kind: poll requires a `poll` spec (http-diff or telegram-reactions)."
       });
     }
-    if (kind === "prompt" && entry.poll) {
+    if (kind !== "poll" && entry.poll) {
       ctx.addIssue({
         code: exports_external.ZodIssueCode.custom,
         path: ["poll"],
         message: "`poll` is only valid when kind: poll."
       });
     }
+    if (kind === "action" && !entry.action) {
+      ctx.addIssue({
+        code: exports_external.ZodIssueCode.custom,
+        path: ["action"],
+        message: "kind: action requires an `action` spec (telegram-message or webhook)."
+      });
+    }
+    if (kind !== "action" && entry.action) {
+      ctx.addIssue({
+        code: exports_external.ZodIssueCode.custom,
+        path: ["action"],
+        message: "`action` is only valid when kind: action."
+      });
+    }
+    if (kind !== "action" && (entry.prompt === undefined || entry.prompt.trim() === "")) {
+      ctx.addIssue({
+        code: exports_external.ZodIssueCode.custom,
+        path: ["prompt"],
+        message: `kind: ${kind} requires a non-empty \`prompt\`.`
+      });
+    }
+    if (kind === "action" && entry.prompt !== undefined) {
+      ctx.addIssue({
+        code: exports_external.ZodIssueCode.custom,
+        path: ["prompt"],
+        message: "`prompt` is not valid for kind: action (an action never fires a model)."
+      });
+    }
   });
   AgentSoulSchema = exports_external.object({
     name: exports_external.string().describe("Agent persona name (e.g., 'Coach', 'Sage')"),

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "switchroom",
-  "version": "0.15.13",
+  "version": "0.15.15",
   "description": "Run Claude Code 24/7 on your Claude Pro/Max subscription over Telegram. Open-source alternative to OpenClaw and NanoClaw — no API keys.",
   "type": "module",
   "bin": {

package/profiles/_base/cron-session.sh.hbs

@@ -5,10 +5,15 @@
 # container, dedicated to cheap cron fires. It registers to the SAME gateway
 # as a DISTINCT bridge identity `<name>-cron` (start.sh's gateway sidecar
 # routes meta.session=cron fires here and gates all status surfaces off this
-# identity — see telegram-plugin/gateway/cron-session.ts). Minimal context:
-# its own CLAUDE_CONFIG_DIR (separate transcript) + a TRIMMED .mcp.json (only
-# switchroom-telegram) → it pays a fraction of the main session's schema +
-# cache-read tax, at the cheap cron model.
+# identity — see telegram-plugin/gateway/cron-session.ts).
+#
+# Tier-1 (#2307) is "a fresh conversation that STILL has the agent's memory +
+# tools, on a cheaper model." It loads the agent's FULL .mcp.json (its own
+# .claude-cron/.mcp.json — same hindsight bank baked from the BASE name, same
+# tools) with ENABLE_TOOL_SEARCH so the schema set DEFERS (low context cost).
+# The saving is dropping the accumulated main-session conversation context +
+# the cheaper model — NOT lobotomising the session. Its CLAUDE_CONFIG_DIR is
+# separate (own transcript) so each fire starts fresh and /clear-friendly.
 #
 # Forked as a supervised sidecar by start.sh ONLY when {{name}} actually has a
 # Tier-1 (context: fresh) cron entry AND SWITCHROOM_CHEAP_CRON is on — so the
@@ -35,12 +40,13 @@ esac
 CRON_NAME="{{name}}-cron"
 CRON_CONFIG_DIR="{{agentDir}}/.claude-cron"
 MAIN_CONFIG_DIR="{{agentDir}}/.claude"
-# TRIMMED MCP config (scaffold writes .claude-cron/.mcp.json with ONLY
-# switchroom-telegram) → the cron session pays a fraction of the main session's
-# ~31k-token MCP schema tax. The switchroom-telegram BRIDGE reads
-# SWITCHROOM_AGENT_NAME from the process env (exported below), NOT its .mcp.json
-# env block, so it registers as the cron identity. Fall back to the full
-# .mcp.json if the trimmed file is missing (older scaffold) so it still boots.
+# Cron .mcp.json (scaffold writes .claude-cron/.mcp.json with the agent's FULL
+# filtered MCP set — same hindsight bank, same tools — but the switchroom-
+# telegram entry carries a DISTINCT SWITCHROOM_BRIDGE_ALIVE_PATH so its liveness
+# file can't mask the main bridge). The bridge reads SWITCHROOM_AGENT_NAME from
+# the process env (exported below), NOT its .mcp.json env block, so it registers
+# as the cron identity. Fall back to the main .mcp.json if the cron file is
+# missing (older scaffold) so it still boots.
 CRON_MCP_CONFIG="{{agentDir}}/.claude-cron/.mcp.json"
 [ -f "$CRON_MCP_CONFIG" ] || CRON_MCP_CONFIG="{{agentDir}}/.mcp.json"
 CRON_SOCKET="switchroom-${CRON_NAME}"
@@ -63,14 +69,33 @@ fi
 export SWITCHROOM_AGENT_NAME="$CRON_NAME"
 export CLAUDE_CONFIG_DIR="$CRON_CONFIG_DIR"
 
-CRON_APPEND_PROMPT="You are the cheap background cron worker for {{name}}. You handle scheduled tasks only. Do the task, reply once with the result, and keep it brief. You do not have {{name}}'s full memory or persona — if a task needs them, say so rather than guessing."
+# Defer the (now full) MCP schema set via tool-search so the cron session keeps
+# its low-context cost — the heavy servers load on demand; switchroom-telegram
+# + hindsight stay alwaysLoad. Normally inherited from start.sh's env; set here
+# as a belt-and-braces default, honouring the operator kill-switch + any value
+# already in the env.
+if [ "${SWITCHROOM_DISABLE_TOOL_SEARCH:-}" != "1" ]; then
+  export ENABLE_TOOL_SEARCH="${ENABLE_TOOL_SEARCH:-auto}"
+fi
+
+CRON_APPEND_PROMPT="You are the cheap background cron worker for {{name}}. You run scheduled tasks in a fresh, low-context conversation on a cheaper model — but you SHARE {{name}}'s memory (hindsight) and tools, so use them: recall what you need, look things up, reply with real substance. Do the scheduled task, reply once with the result, and keep it tight."
 
 # Launch the cron claude in its OWN tmux session/socket so it never contends
 # with the main session's pane. Interactive (no -p). --strict-mcp-config pins
-# it to the trimmed config (switchroom-telegram only). Fresh each boot (no
-# --continue) — minimal context by construction.
-exec tmux -L "$CRON_SOCKET" \
-  new-session -A -s "$CRON_NAME" -x 400 -y 50 \
+# it to the cron .mcp.json (full set, tool-search-deferred). Fresh each boot
+# (no --continue) — low context by construction. cd into the workspace so
+# claude's project key matches the pre-seeded trust state (.claude-cron).
+cd "{{agentDir}}" || exit 1
+# Create the cron tmux session DETACHED (-d), not in attach mode. This is a
+# SUPERVISED BACKGROUND sidecar (start.sh forks it with `&`) with no controlling
+# TTY — the MAIN session owns the container's foreground TTY. The attach flag
+# needs a TTY, so it dies "open terminal failed: not a terminal" and the cron
+# bridge never registers (every Tier-1 fire then falls back to main). `-d` runs
+# claude in a detached pane that registers fine; a human can still
+# `tmux -L "$CRON_SOCKET" attach -t "$CRON_NAME"` later. The `-x/-y` give the
+# pane a size since there's no TTY to derive one from.
+tmux -L "$CRON_SOCKET" \
+  new-session -d -s "$CRON_NAME" -x 400 -y 50 \
   claude \
     --dangerously-load-development-channels server:switchroom-telegram \
     --plugin-dir "{{securityPluginDir}}" \
@@ -79,3 +104,12 @@ exec tmux -L "$CRON_SOCKET" \
     --model {{{cronModelQ}}} \
     --append-system-prompt "$CRON_APPEND_PROMPT"{{#if dangerousMode}} \
     --dangerously-skip-permissions{{/if}}
+
+# `new-session -d` returns immediately (tmux daemonizes the session), so block
+# here while the session lives — this keeps cron-session.sh as the supervisor's
+# long-running child. When the cron claude exits (crash / kill), the session
+# ends, the loop exits, and the supervisor respawns us cleanly (with backoff).
+while tmux -L "$CRON_SOCKET" has-session -t "$CRON_NAME" 2>/dev/null; do
+  sleep 5
+done
+echo "cron-session: ${CRON_NAME} tmux session ended — exiting for supervisor respawn" >&2

package/telegram-plugin/bridge/bridge.ts

@@ -827,7 +827,13 @@ async function main(): Promise<void> {
     onPermission,
     onStatus,
     log: (msg) => process.stderr.write(`telegram bridge: ipc: ${msg}\n`),
-    livenessFilePath: join(STATE_DIR, ".bridge-alive"),
+    // #2307 Tier-1: the cron-session bridge shares the agent's STATE_DIR
+    // (access.json / history / gateway.sock) but writes its liveness file to a
+    // DISTINCT path (SWITCHROOM_BRIDGE_ALIVE_PATH, set in the cron .mcp.json) so
+    // a live <agent>-cron bridge can't mask a dead MAIN bridge in the
+    // dashboard/doctor liveness probe (RISK #2). Unset ⟹ the main bridge's
+    // canonical STATE_DIR/.bridge-alive, exactly as before.
+    livenessFilePath: process.env.SWITCHROOM_BRIDGE_ALIVE_PATH ?? join(STATE_DIR, ".bridge-alive"),
   })
   if (ipc.isConnected()) {
     process.stderr.write(`telegram bridge: connected to gateway at ${SOCKET_PATH}\n`)

package/telegram-plugin/dist/bridge/bridge.js

@@ -25206,7 +25206,7 @@ async function main() {
     onStatus,
     log: (msg) => process.stderr.write(`telegram bridge: ipc: ${msg}
 `),
-    livenessFilePath: join4(STATE_DIR, ".bridge-alive")
+    livenessFilePath: process.env.SWITCHROOM_BRIDGE_ALIVE_PATH ?? join4(STATE_DIR, ".bridge-alive")
   });
   if (ipc.isConnected()) {
     process.stderr.write(`telegram bridge: connected to gateway at ${SOCKET_PATH}

package/telegram-plugin/dist/gateway/gateway.js

@@ -23802,7 +23802,7 @@ var init_dist = __esm(() => {
 });
 
 // ../src/config/schema.ts
-var CodeRepoEntrySchema, AgentBindMountSchema, HttpDiffPollSchema, TelegramReactionsPollSchema, PollSpecSchema, ScheduleEntrySchema, AgentSoulSchema, AgentToolsSchema, AgentMemorySchema, HookEntrySchema, AgentHooksSchema, SubagentSchema, SessionSchema, SessionContinuitySchema, webhookDispatchRule, TelegramChannelSchema, ChannelsSchema, TIMEZONE_REGEX, ApproverIdSchema, GoogleWorkspaceTierSchema, GoogleWorkspaceConfigSchema, MicrosoftWorkspaceConfigSchema, NotionWorkspaceConfigSchema, AgentGoogleWorkspaceConfigSchema, AgentMicrosoftWorkspaceConfigSchema, AgentNotionWorkspaceConfigSchema, ReactionsSchema, ReactionDispatchSchema, ReleaseBlock, NetworkIsolationSchema, profileFields, ProfileSchema, _omitExtends, defaultsFields, AgentDefaultsSchema, AgentSchema, TelegramConfigSchema, MemoryBackendConfigSchema, VaultConfigSchema, QuotaConfigSchema, AutoReleaseCheckSchema, HostControlConfigSchema, WebServiceConfigSchema, HostdConfigSchema, CronEgressSchema, CronConfigSchema, SwitchroomConfigSchema;
+var CodeRepoEntrySchema, AgentBindMountSchema, HttpDiffPollSchema, TelegramReactionsPollSchema, PollSpecSchema, TelegramMessageActionSchema, WebhookActionSchema, ActionSpecSchema, ScheduleEntrySchema, AgentSoulSchema, AgentToolsSchema, AgentMemorySchema, HookEntrySchema, AgentHooksSchema, SubagentSchema, SessionSchema, SessionContinuitySchema, webhookDispatchRule, TelegramChannelSchema, ChannelsSchema, TIMEZONE_REGEX, ApproverIdSchema, GoogleWorkspaceTierSchema, GoogleWorkspaceConfigSchema, MicrosoftWorkspaceConfigSchema, NotionWorkspaceConfigSchema, AgentGoogleWorkspaceConfigSchema, AgentMicrosoftWorkspaceConfigSchema, AgentNotionWorkspaceConfigSchema, ReactionsSchema, ReactionDispatchSchema, ReleaseBlock, NetworkIsolationSchema, profileFields, ProfileSchema, _omitExtends, defaultsFields, AgentDefaultsSchema, AgentSchema, TelegramConfigSchema, MemoryBackendConfigSchema, VaultConfigSchema, QuotaConfigSchema, AutoReleaseCheckSchema, HostControlConfigSchema, WebServiceConfigSchema, HostdConfigSchema, CronEgressSchema, CronConfigSchema, SwitchroomConfigSchema;
 var init_schema = __esm(() => {
   init_zod();
   CodeRepoEntrySchema = exports_external.object({
@@ -23835,11 +23835,29 @@ var init_schema = __esm(() => {
     HttpDiffPollSchema,
     TelegramReactionsPollSchema
   ]);
+  TelegramMessageActionSchema = exports_external.object({
+    type: exports_external.literal("telegram-message"),
+    text: exports_external.string().min(1).describe("Operator-authored message text. Posts to the AGENT'S OWN chat only " + "(the chat is not configurable \u2014 fenced by construction), into the " + "entry-level `topic` when set. Supports ONLY deterministic placeholders " + "{{date}} / {{time}} (UTC, from the fire clock) and {{agent}}. NO vault " + "secrets (use a webhook action for secret-bearing requests) and NO model " + "output \u2014 the text is fully determined by config."),
+    parse_mode: exports_external.enum(["html", "text"]).default("html").describe("Telegram parse mode for the message body.")
+  });
+  WebhookActionSchema = exports_external.object({
+    type: exports_external.literal("webhook"),
+    url: exports_external.string().url().describe("Webhook target. SAME egress fence as an http-diff poll (\u00a76.1): https " + "only, host on the operator egress allowlist, loopback/private/link-local " + "rejected, resolved IP DNS-rebind-pinned. Not agent-writable without an " + "operator commit."),
+    method: exports_external.enum(["GET", "POST"]).default("POST"),
+    headers: exports_external.record(exports_external.string()).optional().describe("Static headers; {{secret}} substitution applies."),
+    body: exports_external.string().optional().describe("Static request body; {{secret}} substitution applies."),
+    secrets: exports_external.array(exports_external.string().regex(/^[a-zA-Z0-9_\-/]+$/, "Secret key names must contain only alphanumeric characters, underscores, hyphens, and forward slashes")).default([]).describe("Vault keys this webhook may inject into headers/body via {{name}}. Each " + "is HOST-PINNED (\u00a76.1): a secret may only be sent to the host it is bound " + "to in operator config, so an approved action cannot exfil it elsewhere.")
+  });
+  ActionSpecSchema = exports_external.discriminatedUnion("type", [
+    TelegramMessageActionSchema,
+    WebhookActionSchema
+  ]);
   ScheduleEntrySchema = exports_external.object({
     cron: exports_external.string().describe("Cron expression (e.g., '0 8 * * *')"),
-    prompt: exports_external.string().describe("Prompt to send at the scheduled time (the escalation prompt when kind=poll; templated with {{diff}})."),
-    kind: exports_external.enum(["poll", "prompt"]).optional().describe("Tier-0 routing (docs/rfcs/cheap-cron-sessions.md). 'prompt' (default) " + "fires a model turn every tick (Tier 1/2 per `context`). 'poll' runs a " + "model-free deterministic check (requires `poll`) and only escalates to " + "a model fire on a hit. Honoured only when SWITCHROOM_CHEAP_CRON is on."),
+    prompt: exports_external.string().optional().describe("Prompt to send at the scheduled time (the escalation prompt when " + "kind=poll; templated with {{diff}}). Required for kind prompt/poll; " + "absent for kind=action (an action has no model fire, so no prompt)."),
+    kind: exports_external.enum(["poll", "prompt", "action"]).optional().describe("Tier-0 routing (docs/rfcs/cheap-cron-sessions.md). 'prompt' (default) " + "fires a model turn every tick (Tier 1/2 per `context`). 'poll' runs a " + "model-free deterministic check (requires `poll`) and only escalates to " + "a model fire on a hit. 'action' runs a model-free deterministic verb " + "(requires `action`) that COMPLETES the work and never escalates \u2014 zero " + "tokens, no session. poll/prompt are honoured only when " + "SWITCHROOM_CHEAP_CRON is on; an action is model-free regardless (the " + "kill-switch governs model tiering, not deterministic actions)."),
     poll: PollSpecSchema.optional().describe("Required iff kind=poll. The declarative poll spec."),
+    action: ActionSpecSchema.optional().describe("Required iff kind=action. The declarative action spec (telegram-message or webhook)."),
     model: exports_external.string().optional().describe("Cron model hint. Reactivated by SWITCHROOM_CHEAP_CRON (was DEPRECATED/" + "IGNORED in v0.8). A known-cheap id (sonnet/haiku family) routes the " + "fire to a fresh cheap cron session (Tier 1, `context: fresh`); 'opus', " + "a custom id, or unset routes to the agent's live session (Tier 2, " + "`context: agent`) \u2014 the conservative default that preserves pre-v0.8 " + "behaviour. Note: a live session's model is fixed at launch, so on Tier " + "2 this is informational. See docs/scheduling.md."),
     context: exports_external.enum(["fresh", "agent"]).optional().describe("Does this cron need the agent, or just a model? 'fresh' \u2192 a minimal-" + "context cheap cron session (Tier 1). 'agent' \u2192 the agent's live " + "session with full persona/memory (Tier 2). Unset \u2192 inferred from " + "`model` (cheap\u2192fresh, else agent). Honoured only when " + "SWITCHROOM_CHEAP_CRON is on."),
     secrets: exports_external.array(exports_external.string().regex(/^[a-zA-Z0-9_\-/]+$/, "Secret key names must contain only alphanumeric characters, underscores, hyphens, and forward slashes")).default([]).describe("Vault key names this cron task may read via the vault-broker daemon. " + "Empty by default \u2014 broker requests for unlisted keys are denied. " + "Note: this is misconfiguration protection (a typo in cron-A doesn't " + "accidentally read cron-B's keys) rather than a security boundary \u2014 " + "anyone who can edit cron scripts can also edit switchroom.yaml, and " + "anyone with the vault passphrase can read the vault file directly. " + "See docs/configuration.md for the full framing."),
@@ -23856,13 +23874,41 @@ var init_schema = __esm(() => {
         message: "kind: poll requires a `poll` spec (http-diff or telegram-reactions)."
       });
     }
-    if (kind === "prompt" && entry.poll) {
+    if (kind !== "poll" && entry.poll) {
       ctx.addIssue({
         code: exports_external.ZodIssueCode.custom,
         path: ["poll"],
         message: "`poll` is only valid when kind: poll."
       });
     }
+    if (kind === "action" && !entry.action) {
+      ctx.addIssue({
+        code: exports_external.ZodIssueCode.custom,
+        path: ["action"],
+        message: "kind: action requires an `action` spec (telegram-message or webhook)."
+      });
+    }
+    if (kind !== "action" && entry.action) {
+      ctx.addIssue({
+        code: exports_external.ZodIssueCode.custom,
+        path: ["action"],
+        message: "`action` is only valid when kind: action."
+      });
+    }
+    if (kind !== "action" && (entry.prompt === undefined || entry.prompt.trim() === "")) {
+      ctx.addIssue({
+        code: exports_external.ZodIssueCode.custom,
+        path: ["prompt"],
+        message: `kind: ${kind} requires a non-empty \`prompt\`.`
+      });
+    }
+    if (kind === "action" && entry.prompt !== undefined) {
+      ctx.addIssue({
+        code: exports_external.ZodIssueCode.custom,
+        path: ["prompt"],
+        message: "`prompt` is not valid for kind: action (an action never fires a model)."
+      });
+    }
   });
   AgentSoulSchema = exports_external.object({
     name: exports_external.string().describe("Agent persona name (e.g., 'Coach', 'Sage')"),
@@ -46752,6 +46798,17 @@ function createInjectIpcClient(options) {
         return false;
       try {
         return socket.write(JSON.stringify(msg) + `
+`);
+      } catch (err) {
+        log(`scheduler ipc: write failed: ${err.message}`);
+        return false;
+      }
+    },
+    sendOutbound(msg) {
+      if (!socket || !connected)
+        return false;
+      try {
+        return socket.write(JSON.stringify(msg) + `
 `);
       } catch (err) {
         log(`scheduler ipc: write failed: ${err.message}`);
@@ -47327,6 +47384,19 @@ function validateClientMessage(msg) {
       const inb = m.inbound;
       return inb.type === "inbound" && typeof inb.chatId === "string" && inb.chatId.length > 0 && typeof inb.text === "string" && typeof inb.messageId === "number" && typeof inb.user === "string" && typeof inb.userId === "number" && typeof inb.ts === "number" && typeof inb.meta === "object" && inb.meta !== null;
     }
+    case "send_outbound": {
+      if (typeof m.agentName !== "string" || !AGENT_NAME_RE3.test(m.agentName))
+        return false;
+      if (typeof m.chatId !== "string" || m.chatId.length === 0)
+        return false;
+      if (typeof m.text !== "string" || m.text.length === 0 || m.text.length > 4096)
+        return false;
+      if (m.threadId !== undefined && (typeof m.threadId !== "number" || !Number.isInteger(m.threadId)))
+        return false;
+      if (m.parseMode !== undefined && m.parseMode !== "html" && m.parseMode !== "text")
+        return false;
+      return true;
+    }
     case "quota_wall_detected": {
       if (typeof m.agentName !== "string" || !AGENT_NAME_RE3.test(m.agentName))
         return false;
@@ -47395,6 +47465,7 @@ function createIpcServer(options) {
     onOperatorEvent,
     onPtyPartial,
     onInjectInbound,
+    onSendOutbound,
     onQuotaWallDetected,
     onRequestDriveApproval,
     onRequestMs365Approval,
@@ -47480,6 +47551,10 @@ function createIpcServer(options) {
         if (onInjectInbound)
           onInjectInbound(client3, msg);
         break;
+      case "send_outbound":
+        if (onSendOutbound)
+          onSendOutbound(client3, msg);
+        break;
       case "quota_wall_detected":
         if (onQuotaWallDetected)
           onQuotaWallDetected(client3, msg);
@@ -54091,11 +54166,11 @@ function readTurnActiveMarkerAgeMs(stateDir, now) {
 }
 
 // ../src/build-info.ts
-var VERSION = "0.15.13";
-var COMMIT_SHA = "36ba2682";
-var COMMIT_DATE = "2026-06-13T16:49:14+10:00";
-var LATEST_PR = null;
-var COMMITS_AHEAD_OF_TAG = 6;
+var VERSION = "0.15.15";
+var COMMIT_SHA = "815adf85";
+var COMMIT_DATE = "2026-06-13T12:14:07Z";
+var LATEST_PR = 2328;
+var COMMITS_AHEAD_OF_TAG = 0;
 
 // gateway/boot-version.ts
 function formatRelativeAgo(iso) {
@@ -57690,6 +57765,7 @@ var ipcServer = createIpcServer({
     if (fellBackToMain) {
       process.stderr.write(`telegram gateway: cron fire fell back to main session (no cron bridge) agent=${msg.agentName} prompt_key=${promptKey}
 `);
+      emitRuntimeMetric({ kind: "cron_fell_back_to_main", agent: msg.agentName, prompt_key: promptKey });
     }
     if (delivered && target === msg.agentName)
       markClaudeBusyForInbound(msg.inbound);
@@ -57699,6 +57775,29 @@ var ipcServer = createIpcServer({
       pendingInboundBuffer.push(target, msg.inbound);
     }
   },
+  onSendOutbound(_client, msg) {
+    const self2 = process.env.SWITCHROOM_AGENT_NAME;
+    if (self2 && msg.agentName !== self2) {
+      process.stderr.write(`telegram gateway: send_outbound rejected \u2014 agent mismatch (${msg.agentName} != ${self2})
+`);
+      return;
+    }
+    try {
+      assertAllowedChat(msg.chatId);
+    } catch (err) {
+      process.stderr.write(`telegram gateway: send_outbound rejected \u2014 ${err.message}
+`);
+      return;
+    }
+    const threadId = msg.threadId;
+    const parseMode = msg.parseMode === "text" ? undefined : "HTML";
+    swallowingApiCall(() => bot.api.sendMessage(msg.chatId, msg.text, {
+      ...parseMode ? { parse_mode: parseMode } : {},
+      ...threadId != null && threadId !== 1 ? { message_thread_id: threadId } : {}
+    }), { chat_id: msg.chatId, verb: "cron-action-send", ...threadId != null ? { threadId } : {} });
+    process.stderr.write(`telegram gateway: send_outbound agent=${msg.agentName} chat=${msg.chatId} thread=${threadId ?? "-"} len=${msg.text.length}
+`);
+  },
   onQuotaWallDetected(_client, msg) {
     const untilMs = resolveExhaustUntil(msg.resetAt);
     process.stderr.write(`telegram gateway: quota_wall_detected agent=${msg.agentName} until=${new Date(untilMs).toISOString()}` + (msg.resetAt == null ? " (reset unparsed \u2192 +7d default)" : "") + ` \u2014 triggering fleet auto-fallback

package/telegram-plugin/dist/server.js

@@ -24221,7 +24221,7 @@ async function main() {
     onStatus,
     log: (msg) => process.stderr.write(`telegram bridge: ipc: ${msg}
 `),
-    livenessFilePath: join5(STATE_DIR, ".bridge-alive")
+    livenessFilePath: process.env.SWITCHROOM_BRIDGE_ALIVE_PATH ?? join5(STATE_DIR, ".bridge-alive")
   });
   if (ipc.isConnected()) {
     process.stderr.write(`telegram bridge: connected to gateway at ${SOCKET_PATH}