switchroom 0.15.19 → 0.15.20

package/dist/cli/switchroom.js

@@ -15644,6 +15644,240 @@ function classifyTimezoneSource(config, resolvedAgent) {
 }
 var init_timezone = () => {};
 
+// src/config/google-workspace-acl.ts
+function shouldEmitGdriveMcp(agentName, agentGoogleAccount, googleAccounts) {
+  if (!agentGoogleAccount)
+    return false;
+  const account = agentGoogleAccount.trim().toLowerCase();
+  if (account.length === 0)
+    return false;
+  const acctEntry = googleAccounts?.[account];
+  if (!acctEntry)
+    return false;
+  const enabledFor = acctEntry.enabled_for ?? [];
+  return enabledFor.includes(agentName);
+}
+function vaultRefKey(value) {
+  if (typeof value !== "string" || !value.startsWith("vault:"))
+    return null;
+  const key = value.slice("vault:".length).split("#")[0];
+  return key.length > 0 ? key : null;
+}
+function isGoogleClientCredentialKeyForAgent(config, agentName, key) {
+  if (!agentName || !key)
+    return false;
+  const agentConfig = config.agents?.[agentName];
+  if (!agentConfig)
+    return false;
+  if (agentConfig.mcp_servers?.["gdrive"] === false) {
+    return false;
+  }
+  const account = agentConfig.google_workspace?.account;
+  if (!shouldEmitGdriveMcp(agentName, account, config.google_accounts)) {
+    return false;
+  }
+  const gw = config.google_workspace;
+  if (!gw)
+    return false;
+  for (const ref of [gw.google_client_id, gw.google_client_secret]) {
+    if (vaultRefKey(ref) === key)
+      return true;
+  }
+  return false;
+}
+
+// src/vault/broker/acl.ts
+function isWebkiteCredentialKeyForAgent(agentConfig, key) {
+  if (!WEBKITE_VAULT_KEYS.has(key))
+    return false;
+  if ((agentConfig?.mcp_servers ?? {})["webkite"] === false)
+    return false;
+  return true;
+}
+function parseCronUnit(unitName) {
+  const m = unitName.match(/^switchroom-([a-zA-Z0-9_-]+)-cron-(\d+)\.service$/);
+  if (!m)
+    return null;
+  const agentName = m[1];
+  const index = parseInt(m[2], 10);
+  if (!agentName)
+    return null;
+  return { agentName, index };
+}
+function agentSlugFromPeer(peer) {
+  if (peer.systemdUnit === null)
+    return null;
+  const parsed = parseCronUnit(peer.systemdUnit);
+  return parsed?.agentName ?? null;
+}
+function checkEntryScope(scope, agentSlug) {
+  if (scope === undefined || scope === null) {
+    return { allow: true };
+  }
+  const deny = scope.deny ?? [];
+  const allow = scope.allow ?? [];
+  if (agentSlug !== null && deny.includes(agentSlug)) {
+    return {
+      allow: false,
+      reason: `agent '${agentSlug}' is in the entry's deny list (scope-deny)`
+    };
+  }
+  if (allow.length > 0) {
+    if (agentSlug === null || !allow.includes(agentSlug)) {
+      return {
+        allow: false,
+        reason: agentSlug === null ? "caller agent slug could not be determined; entry has a non-empty allow list (scope-allow)" : `agent '${agentSlug}' is not in the entry's allow list (scope-allow)`
+      };
+    }
+  }
+  return { allow: true };
+}
+function checkAcl(peer, config, key) {
+  if (peer.systemdUnit !== null) {
+    const parsed = parseCronUnit(peer.systemdUnit);
+    if (parsed === null) {
+      return {
+        allow: false,
+        reason: `systemd unit '${peer.systemdUnit}' does not match switchroom cron unit naming convention`
+      };
+    }
+    const { agentName, index } = parsed;
+    const agentConfig = config.agents?.[agentName];
+    if (!agentConfig) {
+      return { allow: false, reason: `agent '${agentName}' not found in config` };
+    }
+    const schedule = agentConfig.schedule ?? [];
+    if (index >= schedule.length || index < 0) {
+      return {
+        allow: false,
+        reason: `schedule index ${index} out of range for agent '${agentName}' (${schedule.length} entries)`
+      };
+    }
+    const entry = schedule[index];
+    const allowedKeys = entry.secrets ?? [];
+    if (!allowedKeys.includes(key)) {
+      return {
+        allow: false,
+        reason: `key '${key}' not in ACL for ${agentName}/schedule[${index}]`
+      };
+    }
+    return { allow: true };
+  }
+  return {
+    allow: false,
+    reason: "caller is not a switchroom cron unit; use 'switchroom vault get --no-broker' for interactive access"
+  };
+}
+function checkAclByAgent(config, agentName, key) {
+  if (!agentName) {
+    return { allow: false, reason: "agent name unresolved" };
+  }
+  const agentConfig = config.agents?.[agentName];
+  if (!agentConfig) {
+    return { allow: false, reason: `agent '${agentName}' not found in config` };
+  }
+  const googleSlot = parseGoogleAccountSlotKey(key);
+  if (googleSlot !== null) {
+    return checkGoogleAccountAcl(config, agentName, googleSlot.account, key);
+  }
+  if (isGoogleClientCredentialKeyForAgent(config, agentName, key)) {
+    return { allow: true };
+  }
+  if (isWebkiteCredentialKeyForAgent(agentConfig, key)) {
+    return { allow: true };
+  }
+  const agentBot = agentConfig.bot_token;
+  const botRef = agentBot && agentBot.length > 0 ? agentBot : config.telegram?.bot_token;
+  if (typeof botRef === "string" && botRef.startsWith("vault:")) {
+    const botKey = botRef.slice("vault:".length).split("#")[0];
+    if (botKey.length > 0 && botKey === key) {
+      return { allow: true };
+    }
+  }
+  const cfgWithProfiles = config;
+  const profileName = agentConfig.extends;
+  const profileMcp = profileName != null && profileName.length > 0 ? cfgWithProfiles.profiles?.[profileName]?.mcp_servers ?? {} : {};
+  const effectiveMcp = {
+    ...cfgWithProfiles.defaults?.mcp_servers ?? {},
+    ...profileMcp,
+    ...agentConfig.mcp_servers ?? {}
+  };
+  for (const mcpEntry of Object.values(effectiveMcp)) {
+    if (!mcpEntry || typeof mcpEntry !== "object")
+      continue;
+    const declared = mcpEntry.secrets;
+    if (Array.isArray(declared) && declared.includes(key)) {
+      return { allow: true };
+    }
+  }
+  const cfgSecrets = config;
+  const profileSecrets = profileName != null && profileName.length > 0 ? cfgSecrets.profiles?.[profileName]?.secrets : undefined;
+  const standingSecrets = [
+    ...Array.isArray(cfgSecrets.defaults?.secrets) ? cfgSecrets.defaults.secrets : [],
+    ...Array.isArray(profileSecrets) ? profileSecrets : [],
+    ...Array.isArray(agentConfig.secrets) ? agentConfig.secrets : []
+  ];
+  if (standingSecrets.includes(key)) {
+    return { allow: true };
+  }
+  const schedule = agentConfig.schedule ?? [];
+  if (schedule.length === 0) {
+    return {
+      allow: false,
+      reason: `agent '${agentName}' has no schedule entries declaring 'secrets', no mcp_servers.*.secrets[], and no agents.${agentName}.secrets[] standing grant declaring '${key}'; nothing is broker-accessible`
+    };
+  }
+  for (const entry of schedule) {
+    const allowed = entry?.secrets ?? [];
+    if (allowed.includes(key)) {
+      return { allow: true };
+    }
+  }
+  return {
+    allow: false,
+    reason: `key '${key}' not in ACL for agent '${agentName}'`
+  };
+}
+function parseGoogleAccountSlotKey(key) {
+  const match = key.match(/^google:([^:]+):([a-z_]+)$/);
+  if (!match)
+    return null;
+  return { account: match[1], field: match[2] };
+}
+function checkGoogleAccountAcl(config, agentName, account, key) {
+  const accounts = config.google_accounts ?? {};
+  const accountKey = account.toLowerCase();
+  const accountEntry = accounts[accountKey] ?? accounts[account];
+  if (!accountEntry) {
+    return {
+      allow: false,
+      reason: `google_accounts['${account}'] not configured (key '${key}')`
+    };
+  }
+  const enabled = accountEntry.enabled_for ?? [];
+  if (enabled.length === 0) {
+    return {
+      allow: false,
+      reason: `google_accounts['${account}'].enabled_for is empty (key '${key}')`
+    };
+  }
+  if (!enabled.includes(agentName)) {
+    return {
+      allow: false,
+      reason: `agent '${agentName}' not in google_accounts['${account}'].enabled_for (key '${key}')`
+    };
+  }
+  return { allow: true };
+}
+var WEBKITE_VAULT_KEYS;
+var init_acl = __esm(() => {
+  WEBKITE_VAULT_KEYS = new Set([
+    "webkite/cloudflare-account-id",
+    "webkite/cloudflare-api-token",
+    "webkite/firecrawl-api-key"
+  ]);
+});
+
 // node_modules/.bun/handlebars@4.7.9/node_modules/handlebars/dist/cjs/handlebars/utils.js
 var require_utils = __commonJS((exports) => {
   exports.__esModule = true;
@@ -21292,48 +21526,6 @@ var init_scaffold_integration = __esm(() => {
   init_hindsight();
 });
 
-// src/config/google-workspace-acl.ts
-function shouldEmitGdriveMcp(agentName, agentGoogleAccount, googleAccounts) {
-  if (!agentGoogleAccount)
-    return false;
-  const account = agentGoogleAccount.trim().toLowerCase();
-  if (account.length === 0)
-    return false;
-  const acctEntry = googleAccounts?.[account];
-  if (!acctEntry)
-    return false;
-  const enabledFor = acctEntry.enabled_for ?? [];
-  return enabledFor.includes(agentName);
-}
-function vaultRefKey(value) {
-  if (typeof value !== "string" || !value.startsWith("vault:"))
-    return null;
-  const key = value.slice("vault:".length).split("#")[0];
-  return key.length > 0 ? key : null;
-}
-function isGoogleClientCredentialKeyForAgent(config, agentName, key) {
-  if (!agentName || !key)
-    return false;
-  const agentConfig = config.agents?.[agentName];
-  if (!agentConfig)
-    return false;
-  if (agentConfig.mcp_servers?.["gdrive"] === false) {
-    return false;
-  }
-  const account = agentConfig.google_workspace?.account;
-  if (!shouldEmitGdriveMcp(agentName, account, config.google_accounts)) {
-    return false;
-  }
-  const gw = config.google_workspace;
-  if (!gw)
-    return false;
-  for (const ref of [gw.google_client_id, gw.google_client_secret]) {
-    if (vaultRefKey(ref) === key)
-      return true;
-  }
-  return false;
-}
-
 // src/agents/reconcile-default-skills.ts
 import { existsSync as existsSync6, lstatSync, mkdirSync as mkdirSync3, readdirSync as readdirSync3, readlinkSync as readlinkSync2, rmSync, symlinkSync } from "node:fs";
 import { homedir as homedir3 } from "node:os";
@@ -28406,198 +28598,6 @@ var init_via_claude = __esm(() => {
   ];
 });
 
-// src/vault/broker/acl.ts
-function isWebkiteCredentialKeyForAgent(agentConfig, key) {
-  if (!WEBKITE_VAULT_KEYS.has(key))
-    return false;
-  if ((agentConfig?.mcp_servers ?? {})["webkite"] === false)
-    return false;
-  return true;
-}
-function parseCronUnit(unitName) {
-  const m = unitName.match(/^switchroom-([a-zA-Z0-9_-]+)-cron-(\d+)\.service$/);
-  if (!m)
-    return null;
-  const agentName = m[1];
-  const index = parseInt(m[2], 10);
-  if (!agentName)
-    return null;
-  return { agentName, index };
-}
-function agentSlugFromPeer(peer) {
-  if (peer.systemdUnit === null)
-    return null;
-  const parsed = parseCronUnit(peer.systemdUnit);
-  return parsed?.agentName ?? null;
-}
-function checkEntryScope(scope, agentSlug) {
-  if (scope === undefined || scope === null) {
-    return { allow: true };
-  }
-  const deny = scope.deny ?? [];
-  const allow = scope.allow ?? [];
-  if (agentSlug !== null && deny.includes(agentSlug)) {
-    return {
-      allow: false,
-      reason: `agent '${agentSlug}' is in the entry's deny list (scope-deny)`
-    };
-  }
-  if (allow.length > 0) {
-    if (agentSlug === null || !allow.includes(agentSlug)) {
-      return {
-        allow: false,
-        reason: agentSlug === null ? "caller agent slug could not be determined; entry has a non-empty allow list (scope-allow)" : `agent '${agentSlug}' is not in the entry's allow list (scope-allow)`
-      };
-    }
-  }
-  return { allow: true };
-}
-function checkAcl(peer, config, key) {
-  if (peer.systemdUnit !== null) {
-    const parsed = parseCronUnit(peer.systemdUnit);
-    if (parsed === null) {
-      return {
-        allow: false,
-        reason: `systemd unit '${peer.systemdUnit}' does not match switchroom cron unit naming convention`
-      };
-    }
-    const { agentName, index } = parsed;
-    const agentConfig = config.agents?.[agentName];
-    if (!agentConfig) {
-      return { allow: false, reason: `agent '${agentName}' not found in config` };
-    }
-    const schedule = agentConfig.schedule ?? [];
-    if (index >= schedule.length || index < 0) {
-      return {
-        allow: false,
-        reason: `schedule index ${index} out of range for agent '${agentName}' (${schedule.length} entries)`
-      };
-    }
-    const entry = schedule[index];
-    const allowedKeys = entry.secrets ?? [];
-    if (!allowedKeys.includes(key)) {
-      return {
-        allow: false,
-        reason: `key '${key}' not in ACL for ${agentName}/schedule[${index}]`
-      };
-    }
-    return { allow: true };
-  }
-  return {
-    allow: false,
-    reason: "caller is not a switchroom cron unit; use 'switchroom vault get --no-broker' for interactive access"
-  };
-}
-function checkAclByAgent(config, agentName, key) {
-  if (!agentName) {
-    return { allow: false, reason: "agent name unresolved" };
-  }
-  const agentConfig = config.agents?.[agentName];
-  if (!agentConfig) {
-    return { allow: false, reason: `agent '${agentName}' not found in config` };
-  }
-  const googleSlot = parseGoogleAccountSlotKey(key);
-  if (googleSlot !== null) {
-    return checkGoogleAccountAcl(config, agentName, googleSlot.account, key);
-  }
-  if (isGoogleClientCredentialKeyForAgent(config, agentName, key)) {
-    return { allow: true };
-  }
-  if (isWebkiteCredentialKeyForAgent(agentConfig, key)) {
-    return { allow: true };
-  }
-  const agentBot = agentConfig.bot_token;
-  const botRef = agentBot && agentBot.length > 0 ? agentBot : config.telegram?.bot_token;
-  if (typeof botRef === "string" && botRef.startsWith("vault:")) {
-    const botKey = botRef.slice("vault:".length).split("#")[0];
-    if (botKey.length > 0 && botKey === key) {
-      return { allow: true };
-    }
-  }
-  const cfgWithProfiles = config;
-  const profileName = agentConfig.extends;
-  const profileMcp = profileName != null && profileName.length > 0 ? cfgWithProfiles.profiles?.[profileName]?.mcp_servers ?? {} : {};
-  const effectiveMcp = {
-    ...cfgWithProfiles.defaults?.mcp_servers ?? {},
-    ...profileMcp,
-    ...agentConfig.mcp_servers ?? {}
-  };
-  for (const mcpEntry of Object.values(effectiveMcp)) {
-    if (!mcpEntry || typeof mcpEntry !== "object")
-      continue;
-    const declared = mcpEntry.secrets;
-    if (Array.isArray(declared) && declared.includes(key)) {
-      return { allow: true };
-    }
-  }
-  const cfgSecrets = config;
-  const profileSecrets = profileName != null && profileName.length > 0 ? cfgSecrets.profiles?.[profileName]?.secrets : undefined;
-  const standingSecrets = [
-    ...Array.isArray(cfgSecrets.defaults?.secrets) ? cfgSecrets.defaults.secrets : [],
-    ...Array.isArray(profileSecrets) ? profileSecrets : [],
-    ...Array.isArray(agentConfig.secrets) ? agentConfig.secrets : []
-  ];
-  if (standingSecrets.includes(key)) {
-    return { allow: true };
-  }
-  const schedule = agentConfig.schedule ?? [];
-  if (schedule.length === 0) {
-    return {
-      allow: false,
-      reason: `agent '${agentName}' has no schedule entries declaring 'secrets', no mcp_servers.*.secrets[], and no agents.${agentName}.secrets[] standing grant declaring '${key}'; nothing is broker-accessible`
-    };
-  }
-  for (const entry of schedule) {
-    const allowed = entry?.secrets ?? [];
-    if (allowed.includes(key)) {
-      return { allow: true };
-    }
-  }
-  return {
-    allow: false,
-    reason: `key '${key}' not in ACL for agent '${agentName}'`
-  };
-}
-function parseGoogleAccountSlotKey(key) {
-  const match = key.match(/^google:([^:]+):([a-z_]+)$/);
-  if (!match)
-    return null;
-  return { account: match[1], field: match[2] };
-}
-function checkGoogleAccountAcl(config, agentName, account, key) {
-  const accounts = config.google_accounts ?? {};
-  const accountKey = account.toLowerCase();
-  const accountEntry = accounts[accountKey] ?? accounts[account];
-  if (!accountEntry) {
-    return {
-      allow: false,
-      reason: `google_accounts['${account}'] not configured (key '${key}')`
-    };
-  }
-  const enabled = accountEntry.enabled_for ?? [];
-  if (enabled.length === 0) {
-    return {
-      allow: false,
-      reason: `google_accounts['${account}'].enabled_for is empty (key '${key}')`
-    };
-  }
-  if (!enabled.includes(agentName)) {
-    return {
-      allow: false,
-      reason: `agent '${agentName}' not in google_accounts['${account}'].enabled_for (key '${key}')`
-    };
-  }
-  return { allow: true };
-}
-var WEBKITE_VAULT_KEYS;
-var init_acl = __esm(() => {
-  WEBKITE_VAULT_KEYS = new Set([
-    "webkite/cloudflare-account-id",
-    "webkite/cloudflare-api-token",
-    "webkite/firecrawl-api-key"
-  ]);
-});
-
 // src/util/audit-hashchain.ts
 import { createHash as createHash7 } from "node:crypto";
 import { openSync as openSync7, readSync as readSync2, fstatSync as fstatSync2, closeSync as closeSync7 } from "node:fs";
@@ -49612,6 +49612,10 @@ function dispatchTool(name, args) {
       cliArgs = buildArgs(["config", "get"], args);
       parseMode = "json";
       break;
+    case "whoami":
+      cliArgs = buildArgs(["config", "whoami"], args);
+      parseMode = "json";
+      break;
     case "cron_list":
       cliArgs = buildArgs(["cron", "list"], args);
       parseMode = "json";
@@ -49818,6 +49822,19 @@ var init_server3 = __esm(() => {
         }
       }
     },
+    {
+      name: "whoami",
+      description: "See your own sandbox: the tools, MCP servers, vault key-NAMES (never " + "values), skills, schedule and privileges (admin/root/config-edit) you " + "actually have, as JSON \u2014 computed from live enforcement. Call this " + "FIRST when you hit a permission wall, instead of guessing or asking. " + "Read-only; defaults to your own identity.",
+      inputSchema: {
+        type: "object",
+        properties: {
+          agent: {
+            type: "string",
+            description: "Target agent name. Optional \u2014 defaults to the env-pinned agent identity."
+          }
+        }
+      }
+    },
     {
       name: "cron_list",
       description: "List the agent's scheduled cron entries (schedule array) as JSON.",
@@ -49840,7 +49857,7 @@ var init_server3 = __esm(() => {
     },
     {
       name: "schedule_add",
-      description: "Append a cron schedule entry to your overlay. Takes effect within ~30s \u2014 " + "the scheduler hot-reloads, no restart needed. Overlay entries with " + "non-empty `secrets:` are REJECTED (E_OVERLAY_SECRETS_REQUIRES_APPROVAL). " + "COST: by default each fire runs as a full turn in your live session " + "(your model, your whole context) \u2014 fine for work that needs your memory/" + "persona, but costly for routine checks. For a lighter recurring task, set " + '`model: "sonnet"` to run that fire in a cheap, minimal-context cron ' + "session instead (saves tokens; needs cheap-cron enabled by the operator). " + "For 'only do something when X changes' (e.g. a webpage, or a reaction), " + "ask the operator to set up a poll or reaction-dispatch instead of a " + "frequent prompt cron \u2014 far cheaper than polling with a full turn.",
+      description: "Append a cron schedule entry to your overlay. Takes effect within ~30s \u2014 " + "the scheduler hot-reloads, no restart needed. Overlay entries with " + "non-empty `secrets:` are REJECTED (E_OVERLAY_SECRETS_REQUIRES_APPROVAL). " + "COST: a FREQUENT cron (every <=60min) is already auto-routed to a cheap, " + "minimal-context cron session (Tier 1) by default; a DAILY/WEEKLY cron runs " + 'as a full turn in your live session (Tier 2). Set `model: "sonnet"` / ' + '`context: "fresh"` to force the cheap session for a self-contained ' + 'daily/weekly job, or `context: "agent"` to keep a fire on your full ' + "session when it needs your accumulated context. CHEAPER STILL (request " + "from the operator \u2014 you can't self-author these): a `kind: action` runs a " + "FIXED post/webhook MODEL-FREE (zero tokens, no session) for a set " + "reminder/ping; a `kind: poll` or reaction-dispatch handles 'only act when " + "X changes' without a wasted turn each tick.",
       inputSchema: {
         type: "object",
         required: ["cron_expr", "prompt"],
@@ -49851,7 +49868,7 @@ var init_server3 = __esm(() => {
           name: { type: "string", pattern: "^[a-z0-9-]{1,40}$" },
           model: {
             type: "string",
-            description: "Optional cheap-cron tier hint. A known-cheap model ('sonnet'/'haiku') " + "routes this fire to a fresh, minimal-context cron session (Tier 1) " + "instead of your full live session (Tier 2) \u2014 cheaper per fire. Omit " + "for context-heavy work that needs your memory/persona. Inert unless " + "the operator has enabled cheap-cron."
+            description: "Optional cheap-cron tier hint. A known-cheap model ('sonnet'/'haiku') " + "routes this fire to a fresh, minimal-context cron session (Tier 1) " + "instead of your full live session (Tier 2) \u2014 cheaper per fire. Omit " + "for context-heavy work that needs your accumulated conversation " + "context (a frequent cron is already Tier-1 by default; this is mainly " + "to make a daily/weekly self-contained job cheap too)."
           },
           context: {
             type: "string",
@@ -50049,7 +50066,7 @@ __export(exports_server2, {
   TOOLS: () => TOOLS2
 });
 import { randomBytes as randomBytes15 } from "node:crypto";
-import { existsSync as existsSync83, readFileSync as readFileSync70 } from "node:fs";
+import { existsSync as existsSync83, readFileSync as readFileSync71 } from "node:fs";
 function selfSocketPath() {
   return `/run/switchroom/hostd/${SELF_AGENT}/sock`;
 }
@@ -50227,7 +50244,7 @@ function getLastUpdateApplyStatus() {
   }
   let raw;
   try {
-    raw = readFileSync70(path8, "utf-8");
+    raw = readFileSync71(path8, "utf-8");
   } catch (err2) {
     return errorText2(`get_status: failed to read audit log at ${path8}: ${err2.message}`);
   }
@@ -50460,8 +50477,8 @@ var {
 } = import__.default;
 
 // src/build-info.ts
-var VERSION = "0.15.19";
-var COMMIT_SHA = "3f40c6f9";
+var VERSION = "0.15.20";
+var COMMIT_SHA = "0b63ab9e";
 
 // src/cli/agent.ts
 init_source();
@@ -50578,6 +50595,8 @@ init_timezone();
 
 // src/cli/agent-config.ts
 init_helpers();
+init_merge();
+init_acl();
 import { join as join2 } from "node:path";
 import { homedir as homedir2 } from "node:os";
 import {
@@ -50673,6 +50692,66 @@ function scheduleLiveNote(agent) {
   const hotReload = (process.env.SWITCHROOM_SCHEDULER_HOT_RELOAD ?? "") !== "0";
   return hotReload ? `Live within ~30s \u2014 the in-agent scheduler hot-reloads the overlay; no restart needed.` : `Not live yet \u2014 hot-reload is disabled (SWITCHROOM_SCHEDULER_HOT_RELOAD=0). ` + `Run \`switchroom agent restart ${agent}\` for this to take effect.`;
 }
+function collectVaultKeys(value, out) {
+  if (typeof value === "string") {
+    if (value.startsWith("vault:"))
+      out.add(value.slice("vault:".length));
+    return;
+  }
+  if (Array.isArray(value)) {
+    for (const v of value)
+      collectVaultKeys(v, out);
+    return;
+  }
+  if (value && typeof value === "object") {
+    for (const [k, v] of Object.entries(value)) {
+      if (k === "secrets" && Array.isArray(v)) {
+        for (const s of v)
+          if (typeof s === "string")
+            out.add(s);
+      } else {
+        collectVaultKeys(v, out);
+      }
+    }
+  }
+}
+function buildWhoami(config, agentName) {
+  const slice = config.agents?.[agentName];
+  if (!slice)
+    throw new Error(`agent "${agentName}" not defined in switchroom.yaml`);
+  const resolved = resolveAgentConfig(config.defaults, config.profiles, slice);
+  const admin = resolved.admin === true || resolved.root === true;
+  const root = resolved.root === true;
+  const toolsBlock = resolved.tools ?? {};
+  const allow = [
+    ...toolsBlock.allow ?? [],
+    ...resolved.allowed_tools ?? []
+  ];
+  const deny = [
+    ...toolsBlock.deny ?? [],
+    ...resolved.disallowed_tools ?? []
+  ];
+  const mcpServers = Object.keys(resolved.mcp_servers ?? {});
+  const skills = (resolved.skills ?? []).slice();
+  const vaultKeys = new Set;
+  collectVaultKeys(resolved, vaultKeys);
+  const vault = [...vaultKeys].sort().map((key) => ({ key, readable: checkAclByAgent(config, agentName, key).allow }));
+  const configEdit = config.hostd?.config_edit_enabled === true;
+  const schedule = resolved.schedule ?? [];
+  return {
+    name: agentName,
+    persona: resolved.description ?? resolved.persona ?? null,
+    model: resolved.model ?? null,
+    tier: root ? "root" : admin ? "admin" : "standard",
+    tools: { allow, deny },
+    mcpServers,
+    skills,
+    vault,
+    powers: { admin, root, configEdit, crossAgentHostVerbs: admin },
+    scheduleCount: schedule.length,
+    memoryBackend: config.memory?.backend ?? null
+  };
+}
 function getAgentSlice(config, agent) {
   const slice = config.agents?.[agent];
   if (!slice) {
@@ -50729,6 +50808,29 @@ function registerAgentConfigCommands(program2) {
       process.exit(1);
     }
   }));
+  config.command("whoami").description("Emit what this agent is allowed to do (tools, MCP, vault key-names, powers) as JSON \u2014 its own sandbox, computed from live enforcement").option("--agent <name>", "Target agent (defaults to $SWITCHROOM_AGENT_NAME)").action(withConfigError(async (opts) => {
+    let agent;
+    try {
+      agent = resolveTargetAgent(opts.agent);
+    } catch (err) {
+      process.stderr.write(`${err.message}
+`);
+      appendAudit(opts.agent ?? "<unknown>", "config.whoami", { ...opts }, 7);
+      process.exit(7);
+    }
+    const cfg = getConfig(program2);
+    try {
+      const view = buildWhoami(cfg, agent);
+      process.stdout.write(JSON.stringify(view) + `
+`);
+      appendAudit(agent, "config.whoami", { ...opts }, 0);
+    } catch (err) {
+      process.stderr.write(`${err.message}
+`);
+      appendAudit(agent, "config.whoami", { ...opts }, 1);
+      process.exit(1);
+    }
+  }));
   const cron = program2.command("cron").description("Read-only access to an agent's cron schedule");
   cron.command("list").description("List the agent's scheduled cron entries as JSON").option("--agent <name>", "Target agent (defaults to $SWITCHROOM_AGENT_NAME)").action(withConfigError(async (opts) => {
     let agent;
@@ -76329,10 +76431,48 @@ init_doctor();
 init_source();
 init_loader();
 init_lifecycle();
-import { cpSync as cpSync2, existsSync as existsSync58, mkdirSync as mkdirSync32, readFileSync as readFileSync52, realpathSync as realpathSync6, rmSync as rmSync12, statSync as statSync26 } from "node:fs";
+import { cpSync as cpSync2, existsSync as existsSync58, mkdirSync as mkdirSync32, readFileSync as readFileSync52, realpathSync as realpathSync6, rmSync as rmSync12, statSync as statSync26, chownSync as chownSync5 } from "node:fs";
 import { spawnSync as spawnSync9 } from "node:child_process";
 import { join as join60, dirname as dirname14, resolve as resolve34 } from "node:path";
 import { homedir as homedir36 } from "node:os";
+
+// src/cli/release-yaml.ts
+var import_yaml18 = __toESM(require_dist(), 1);
+function setReleasePinInConfig(yamlText, pin, now = new Date().toISOString().slice(0, 10)) {
+  const doc = import_yaml18.parseDocument(yamlText);
+  const currentPin = doc.getIn(["release", "pin"]);
+  const hasChannel = doc.hasIn(["release", "channel"]);
+  if (currentPin === pin && !hasChannel)
+    return yamlText;
+  if (hasChannel)
+    doc.deleteIn(["release", "channel"]);
+  doc.setIn(["release", "pin"], pin);
+  const node = doc.getIn(["release", "pin"], true);
+  if (import_yaml18.isScalar(node)) {
+    node.comment = ` ${now}: rolled by switchroom rollout`;
+  }
+  return String(doc);
+}
+
+// src/cli/update.ts
+init_atomic();
+function defaultPersistPin(configPath) {
+  return (pin) => {
+    const path4 = configPath ?? findConfigFile();
+    const before = readFileSync52(path4, "utf8");
+    const after = setReleasePinInConfig(before, pin);
+    if (after === before)
+      return;
+    atomicWriteFileSync2(path4, after, statSync26(path4).mode & 511);
+    try {
+      if (typeof process.geteuid === "function" && process.geteuid() === 0) {
+        const uid = resolveOperatorUid();
+        if (uid !== undefined)
+          chownSync5(path4, uid, uid);
+      }
+    } catch {}
+  };
+}
 var DEFAULT_COMPOSE_PATH = join60(homedir36(), ".switchroom", "compose", "docker-compose.yml");
 function runningFromSwitchroomCheckout(scriptPath) {
   let dir = dirname14(scriptPath);
@@ -76365,6 +76505,15 @@ function planUpdate(opts) {
   const runner = opts.runner ?? defaultRunner;
   const scriptPath = opts.scriptPath ?? process.argv[1] ?? "";
   const steps = [];
+  if (opts.pin) {
+    const pin = opts.pin;
+    const persist = opts.persistPinFn ?? defaultPersistPin(opts.configPath);
+    steps.push({
+      name: "persist-release-pin",
+      description: `Persist release.pin=${pin} to switchroom.yaml (durable)`,
+      run: () => persist(pin)
+    });
+  }
   const releaseOverrideArgs = [];
   if (opts.channel)
     releaseOverrideArgs.push("--channel", opts.channel);
@@ -76814,6 +76963,8 @@ function registerUpdateCommand(program3) {
 // src/cli/rollout.ts
 init_helpers();
 import { spawnSync as spawnSync10 } from "node:child_process";
+import { readFileSync as readFileSync53, chownSync as chownSync6, statSync as statSync27 } from "node:fs";
+init_atomic();
 function normalizeVersion(v) {
   return v.trim().replace(/^v/, "");
 }
@@ -76826,7 +76977,10 @@ function orderAgentsCanaryFirst(agents) {
   return [...canary, ...rest];
 }
 function planRollout(agents, opts = {}) {
-  const steps = [{ kind: "apply" }];
+  const steps = [];
+  if (opts.pinToPersist)
+    steps.push({ kind: "persist-pin", pin: opts.pinToPersist });
+  steps.push({ kind: "apply" });
   for (const agent of orderAgentsCanaryFirst(agents)) {
     steps.push({ kind: "restart-agent", agent });
   }
@@ -76843,6 +76997,9 @@ function formatRolloutPlan(steps, target) {
   for (const s of steps) {
     n += 1;
     switch (s.kind) {
+      case "persist-pin":
+        lines.push(`  ${n}. persist release.pin=${s.pin} to switchroom.yaml (durable)`);
+        break;
       case "apply":
         lines.push(`  ${n}. apply \u2014 regenerate compose with ${target} image refs`);
         break;
@@ -76865,16 +77022,24 @@ function formatRolloutPlan(steps, target) {
   return lines.join(`
 `);
 }
-function executeRollout(steps, target, deps, pinOnApply) {
+function executeRollout(steps, target, deps) {
   const targetNorm = normalizeVersion(target);
   const rolled = [];
   const warnings = [];
   for (const step of steps) {
     switch (step.kind) {
+      case "persist-pin": {
+        deps.log(`\u2192 persist release.pin=${step.pin} to switchroom.yaml`);
+        if (deps.persistPin) {
+          deps.persistPin(step.pin);
+        } else {
+          warnings.push(`persist-pin requested but no persist hook wired; pin NOT durable`);
+        }
+        break;
+      }
       case "apply": {
         deps.log(`\u2192 apply \u2014 regenerating compose for ${target}`);
-        const args = pinOnApply ? ["apply", "--pin", target] : ["apply"];
-        const r = deps.run(args);
+        const r = deps.run(["apply"]);
         if (r.status !== 0) {
           return { ok: false, rolled, failedStep: "apply", warnings };
         }
@@ -76956,12 +77121,16 @@ function registerRolloutCommand(program3) {
       process.exitCode = 2;
       return;
     }
-    const steps = planRollout(requested, { skipWeb: opts.skipWeb });
+    const steps = planRollout(requested, {
+      skipWeb: opts.skipWeb,
+      pinToPersist: opts.pin ?? undefined
+    });
     if (opts.dryRun) {
       process.stdout.write(formatRolloutPlan(steps, target) + `
 `);
       return;
     }
+    const configPath = getConfigPath(program3);
     const scriptPath = process.argv[1] ?? "switchroom";
     const deps = {
       run: (args) => {
@@ -76976,11 +77145,25 @@ function registerRolloutCommand(program3) {
 `).pop()?.trim() ?? null;
       },
       log: (line) => process.stdout.write(line + `
-`)
+`),
+      persistPin: (pin) => {
+        const before = readFileSync53(configPath, "utf8");
+        const after = setReleasePinInConfig(before, pin);
+        if (after === before)
+          return;
+        atomicWriteFileSync2(configPath, after, statSync27(configPath).mode & 511);
+        try {
+          if (typeof process.geteuid === "function" && process.geteuid() === 0) {
+            const uid = resolveOperatorUid();
+            if (uid !== undefined)
+              chownSync6(configPath, uid, uid);
+          }
+        } catch {}
+      }
     };
     process.stdout.write(`Rolling ${requested.length} agent(s) to ${target}\u2026
 `);
-    const result = executeRollout(steps, target, deps, opts.pin != null);
+    const result = executeRollout(steps, target, deps);
     for (const w of result.warnings)
       process.stderr.write(`\u26a0\ufe0f  ${w}
 `);
@@ -77011,7 +77194,7 @@ init_source();
 init_helpers();
 init_lifecycle();
 import { execSync as execSync4 } from "node:child_process";
-import { existsSync as existsSync59, readFileSync as readFileSync53 } from "node:fs";
+import { existsSync as existsSync59, readFileSync as readFileSync54 } from "node:fs";
 import { dirname as dirname15, join as join61 } from "node:path";
 function getClaudeCodeVersion() {
   try {
@@ -77065,7 +77248,7 @@ function locateSwitchroomInstallDir() {
     const pkgPath = join61(dir, "package.json");
     if (existsSync59(pkgPath)) {
       try {
-        const pkg = JSON.parse(readFileSync53(pkgPath, "utf-8"));
+        const pkg = JSON.parse(readFileSync54(pkgPath, "utf-8"));
         if (pkg.name === "switchroom" && existsSync59(join61(dir, ".git"))) {
           return dir;
         }
@@ -77296,9 +77479,9 @@ import {
   mkdirSync as mkdirSync33,
   openSync as openSync11,
   readdirSync as readdirSync22,
-  readFileSync as readFileSync54,
+  readFileSync as readFileSync55,
   renameSync as renameSync12,
-  statSync as statSync27,
+  statSync as statSync28,
   unlinkSync as unlinkSync11,
   writeFileSync as writeFileSync28,
   writeSync as writeSync7
@@ -77706,7 +77889,7 @@ function readAll(stateDir) {
     return [];
   let raw;
   try {
-    raw = readFileSync54(path4, "utf-8");
+    raw = readFileSync55(path4, "utf-8");
   } catch {
     return [];
   }
@@ -77872,7 +78055,7 @@ function sweepOrphanTmpFiles(stateDir) {
       continue;
     const tmpPath = join62(stateDir, entry);
     try {
-      const stat = statSync27(tmpPath);
+      const stat = statSync28(tmpPath);
       if (stat.mtimeMs < cutoff) {
         unlinkSync11(tmpPath);
       }
@@ -77917,7 +78100,7 @@ function withLock(stateDir, fn) {
 function tryStealStaleLock(lockPath) {
   let pidStr;
   try {
-    pidStr = readFileSync54(lockPath, "utf-8").trim();
+    pidStr = readFileSync55(lockPath, "utf-8").trim();
   } catch {
     return true;
   }
@@ -78174,7 +78357,7 @@ import { createHash as createHash11 } from "node:crypto";
 import {
   existsSync as existsSync61,
   mkdirSync as mkdirSync34,
-  readFileSync as readFileSync55,
+  readFileSync as readFileSync56,
   rmSync as rmSync13,
   writeFileSync as writeFileSync29
 } from "node:fs";
@@ -78194,7 +78377,7 @@ function defaultPythonCacheRoot() {
   return join63(homedir37(), ".switchroom", "deps", "python");
 }
 function hashFile(path4) {
-  return createHash11("sha256").update(readFileSync55(path4)).digest("hex");
+  return createHash11("sha256").update(readFileSync56(path4)).digest("hex");
 }
 function ensurePythonEnv(opts) {
   const { skillName, requirementsPath, force = false } = opts;
@@ -78210,7 +78393,7 @@ function ensurePythonEnv(opts) {
   const pipBin = join63(binDir, "pip");
   const targetHash = hashFile(requirementsPath);
   if (!force && existsSync61(stampPath) && existsSync61(pythonBin)) {
-    const existingHash = readFileSync55(stampPath, "utf8").trim();
+    const existingHash = readFileSync56(stampPath, "utf8").trim();
     if (existingHash === targetHash) {
       return {
         skillName,
@@ -78262,7 +78445,7 @@ import {
   copyFileSync as copyFileSync9,
   existsSync as existsSync62,
   mkdirSync as mkdirSync35,
-  readFileSync as readFileSync56,
+  readFileSync as readFileSync57,
   rmSync as rmSync14,
   writeFileSync as writeFileSync30
 } from "node:fs";
@@ -78297,7 +78480,7 @@ function hashDepInputs(packageJsonPath) {
   const hasher = createHash12("sha256");
   hasher.update(`package.json
 `);
-  hasher.update(readFileSync56(packageJsonPath));
+  hasher.update(readFileSync57(packageJsonPath));
   for (const lockName of ALL_LOCKFILES) {
     const lockPath = join64(sourceDir, lockName);
     if (existsSync62(lockPath)) {
@@ -78306,7 +78489,7 @@ function hashDepInputs(packageJsonPath) {
       hasher.update(lockName);
       hasher.update(`
 `);
-      hasher.update(readFileSync56(lockPath));
+      hasher.update(readFileSync57(lockPath));
     }
   }
   return hasher.digest("hex");
@@ -78325,7 +78508,7 @@ function ensureNodeEnv(opts) {
   const binDir = join64(nodeModulesDir, ".bin");
   const targetHash = hashDepInputs(packageJsonPath);
   if (!force && existsSync62(stampPath) && existsSync62(nodeModulesDir)) {
-    const existingHash = readFileSync56(stampPath, "utf8").trim();
+    const existingHash = readFileSync57(stampPath, "utf8").trim();
     if (existingHash === targetHash) {
       return {
         skillName,
@@ -79344,7 +79527,7 @@ function safeParseInt(value, fallback) {
 init_helpers();
 init_loader();
 init_merge();
-import { copyFileSync as copyFileSync10, existsSync as existsSync65, readFileSync as readFileSync57, writeFileSync as writeFileSync31 } from "node:fs";
+import { copyFileSync as copyFileSync10, existsSync as existsSync65, readFileSync as readFileSync58, writeFileSync as writeFileSync31 } from "node:fs";
 import { join as join66, resolve as resolve40 } from "node:path";
 init_schema();
 function resolveSoulTargetOrExit(program3, agentName) {
@@ -79390,7 +79573,7 @@ function registerSoulCommand(program3) {
       console.error(`soul: ${t.soulPath} does not exist yet \u2014 run ` + `\`switchroom soul reset ${agentName}\` to seed it.`);
       process.exit(1);
     }
-    process.stdout.write(readFileSync57(t.soulPath, "utf-8"));
+    process.stdout.write(readFileSync58(t.soulPath, "utf-8"));
   }));
   cmd.command("reset <agent>").description("Re-seed SOUL.md from the agent's current profile " + "(backs the existing file up to SOUL.md.bak first)").option("-y, --yes", "Skip the confirmation prompt").action(withConfigError(async (agentName, opts) => {
     const t = resolveSoulTargetOrExit(program3, agentName);
@@ -79435,7 +79618,7 @@ function registerSoulCommand(program3) {
 // src/cli/debug.ts
 init_helpers();
 init_loader();
-import { existsSync as existsSync66, readFileSync as readFileSync58, readdirSync as readdirSync23, statSync as statSync28 } from "node:fs";
+import { existsSync as existsSync66, readFileSync as readFileSync59, readdirSync as readdirSync23, statSync as statSync29 } from "node:fs";
 import { resolve as resolve41, join as join67 } from "node:path";
 import { createHash as createHash13 } from "node:crypto";
 init_merge();
@@ -79451,7 +79634,7 @@ function readMcpServerNames(agentDir) {
   if (!existsSync66(mcpPath))
     return [];
   try {
-    const parsed = JSON.parse(readFileSync58(mcpPath, "utf-8"));
+    const parsed = JSON.parse(readFileSync59(mcpPath, "utf-8"));
     return Object.keys(parsed.mcpServers ?? {});
   } catch {
     return null;
@@ -79474,7 +79657,7 @@ function findLatestTranscriptJsonl(claudeConfigDir) {
       const transcriptPath = join67(projectPath, "transcript.jsonl");
       if (!existsSync66(transcriptPath))
         continue;
-      const stat3 = statSync28(transcriptPath);
+      const stat3 = statSync29(transcriptPath);
       if (!latest || stat3.mtimeMs > latest.mtime) {
         latest = { path: transcriptPath, mtime: stat3.mtimeMs };
       }
@@ -79486,7 +79669,7 @@ function findLatestTranscriptJsonl(claudeConfigDir) {
 }
 function extractLatestUserMessage(transcriptPath) {
   try {
-    const content = readFileSync58(transcriptPath, "utf-8");
+    const content = readFileSync59(transcriptPath, "utf-8");
     const lines = content.trim().split(`
 `).filter(Boolean);
     for (let i = lines.length - 1;i >= 0; i--) {
@@ -79590,7 +79773,7 @@ function registerDebugCommand(program3) {
     }
     console.log(`=== Append System Prompt (per-session) ===
 `);
-    const handoffContent = existsSync66(handoffPath) ? readFileSync58(handoffPath, "utf-8") : "";
+    const handoffContent = existsSync66(handoffPath) ? readFileSync59(handoffPath, "utf-8") : "";
     if (handoffContent.trim().length > 0) {
       console.log(`-- Handoff Briefing (${formatBytes(handoffContent.length)}) --`);
       console.log(handoffContent);
@@ -79601,7 +79784,7 @@ function registerDebugCommand(program3) {
     }
     console.log(`=== CLAUDE.md (auto-loaded by Claude Code) ===
 `);
-    const claudeMdContent = existsSync66(claudeMdPath) ? readFileSync58(claudeMdPath, "utf-8") : "";
+    const claudeMdContent = existsSync66(claudeMdPath) ? readFileSync59(claudeMdPath, "utf-8") : "";
     if (claudeMdContent.trim().length > 0) {
       console.log(`(${formatBytes(claudeMdContent.length)})`);
       console.log(claudeMdContent);
@@ -79612,7 +79795,7 @@ function registerDebugCommand(program3) {
     }
     console.log(`=== Persona (SOUL.md) ===
 `);
-    const soulMdContent = existsSync66(soulMdPath) ? readFileSync58(soulMdPath, "utf-8") : existsSync66(workspaceSoulMdPath) ? readFileSync58(workspaceSoulMdPath, "utf-8") : "";
+    const soulMdContent = existsSync66(soulMdPath) ? readFileSync59(soulMdPath, "utf-8") : existsSync66(workspaceSoulMdPath) ? readFileSync59(workspaceSoulMdPath, "utf-8") : "";
     if (soulMdContent.trim().length > 0) {
       console.log(`(${formatBytes(soulMdContent.length)})`);
       console.log(soulMdContent);
@@ -79676,8 +79859,8 @@ function registerDebugCommand(program3) {
     const fleetDir = join67(agentsDir, "..", "fleet");
     const fleetInvPath = join67(fleetDir, "switchroom-invariants.md");
     const fleetClaudePath = join67(fleetDir, "CLAUDE.md");
-    const fleetInvBytes = existsSync66(fleetInvPath) ? readFileSync58(fleetInvPath, "utf-8").length : 0;
-    const fleetClaudeBytes = existsSync66(fleetClaudePath) ? readFileSync58(fleetClaudePath, "utf-8").length : 0;
+    const fleetInvBytes = existsSync66(fleetInvPath) ? readFileSync59(fleetInvPath, "utf-8").length : 0;
+    const fleetClaudeBytes = existsSync66(fleetClaudePath) ? readFileSync59(fleetClaudePath, "utf-8").length : 0;
     const fleetBytes = fleetInvBytes + fleetClaudeBytes;
     const totalBytes = stableBytes + perSessionBytes + claudeMdBytes + fleetBytes + perTurnBytes + userBytes;
     console.log(`Stable prefix:     ${formatBytes(stableBytes).padEnd(20)} (cache-hot; includes SOUL.md ${soulMdBytes.toLocaleString()}B)`);
@@ -79719,7 +79902,7 @@ import { randomBytes as randomBytes13 } from "node:crypto";
 import {
   mkdirSync as mkdirSync36,
   writeFileSync as writeFileSync32,
-  readFileSync as readFileSync59,
+  readFileSync as readFileSync60,
   readdirSync as readdirSync24,
   unlinkSync as unlinkSync12,
   existsSync as existsSync67,
@@ -79747,7 +79930,7 @@ function writeRecord(record2) {
 function readRecord(id) {
   const path7 = recordPath(id);
   try {
-    const raw = readFileSync59(path7, "utf8");
+    const raw = readFileSync60(path7, "utf8");
     return JSON.parse(raw);
   } catch {
     return null;
@@ -80814,7 +80997,7 @@ function registerNotionMcpLauncherCommand(program3) {
 
 // src/cli/deliver-file.ts
 init_client2();
-import { readFileSync as readFileSync60, statSync as statSync29 } from "node:fs";
+import { readFileSync as readFileSync61, statSync as statSync30 } from "node:fs";
 import { basename as basename8 } from "node:path";
 
 // src/delivery/onedrive.ts
@@ -81153,8 +81336,8 @@ async function defaultResolveProvider() {
 }
 async function runDeliverFile(localPath, deps = {}) {
   const agentName = safeAgentName(deps.agentName ?? process.env.SWITCHROOM_AGENT_NAME);
-  const sizeOf = deps.fileSize ?? ((p) => statSync29(p).size);
-  const read = deps.readFile ?? ((p) => new Uint8Array(readFileSync60(p)));
+  const sizeOf = deps.fileSize ?? ((p) => statSync30(p).size);
+  const read = deps.readFile ?? ((p) => new Uint8Array(readFileSync61(p)));
   const resolveProvider = deps.resolveProvider ?? defaultResolveProvider;
   let size;
   try {
@@ -81444,7 +81627,7 @@ async function fetchToken(vaultKey) {
 
 // src/cli/apply.ts
 init_source();
-import { accessSync as accessSync3, chownSync as chownSync5, constants as fsConstants6, copyFileSync as copyFileSync11, existsSync as existsSync74, mkdirSync as mkdirSync42, readFileSync as readFileSync62, readdirSync as readdirSync26, renameSync as renameSync14, writeFileSync as writeFileSync37 } from "node:fs";
+import { accessSync as accessSync3, chownSync as chownSync7, constants as fsConstants6, copyFileSync as copyFileSync11, existsSync as existsSync74, mkdirSync as mkdirSync42, readFileSync as readFileSync63, readdirSync as readdirSync26, renameSync as renameSync14, writeFileSync as writeFileSync37 } from "node:fs";
 import { mkdir as mkdir2 } from "node:fs/promises";
 import { spawnSync as childSpawnSync } from "node:child_process";
 import readline from "node:readline";
@@ -81841,7 +82024,7 @@ init_loader();
 init_loader();
 
 // src/cli/update-prompt-hook.ts
-import { existsSync as existsSync72, readFileSync as readFileSync61, writeFileSync as writeFileSync36, chmodSync as chmodSync10, mkdirSync as mkdirSync41 } from "node:fs";
+import { existsSync as existsSync72, readFileSync as readFileSync62, writeFileSync as writeFileSync36, chmodSync as chmodSync10, mkdirSync as mkdirSync41 } from "node:fs";
 import { join as join72 } from "node:path";
 var HOOK_FILENAME = "update-card-on-prompt.sh";
 function updatePromptHookScript() {
@@ -81913,7 +82096,7 @@ function installUpdatePromptHook(agentDir) {
   const scriptPath = join72(hooksDir, HOOK_FILENAME);
   const desired = updatePromptHookScript();
   let installed = false;
-  const existing = existsSync72(scriptPath) ? readFileSync61(scriptPath, "utf-8") : "";
+  const existing = existsSync72(scriptPath) ? readFileSync62(scriptPath, "utf-8") : "";
   if (existing !== desired) {
     writeFileSync36(scriptPath, desired, { mode: 493 });
     chmodSync10(scriptPath, 493);
@@ -81927,7 +82110,7 @@ function installUpdatePromptHook(agentDir) {
   if (!existsSync72(settingsPath)) {
     return { scriptPath, settingsPath, installed };
   }
-  const raw = readFileSync61(settingsPath, "utf-8");
+  const raw = readFileSync62(settingsPath, "utf-8");
   let parsed;
   try {
     parsed = JSON.parse(raw);
@@ -82104,14 +82287,14 @@ async function ensureHostMountSources(config) {
     }
     try {
       const uid = allocateAgentUid(name);
-      chownSync5(tokenPath, uid, uid);
+      chownSync7(tokenPath, uid, uid);
     } catch {}
   }
   const fleetDir = join74(home2, ".switchroom", "fleet");
   await mkdir2(fleetDir, { recursive: true });
   const invariantsPath = join74(fleetDir, "switchroom-invariants.md");
   const invariantsCanonical = renderFleetInvariants();
-  const invariantsCurrent = existsSync74(invariantsPath) ? readFileSync62(invariantsPath, "utf-8") : null;
+  const invariantsCurrent = existsSync74(invariantsPath) ? readFileSync63(invariantsPath, "utf-8") : null;
   if (invariantsCurrent !== invariantsCanonical) {
     writeFileSync37(invariantsPath, invariantsCanonical, { mode: 420 });
   }
@@ -82636,7 +82819,7 @@ function runRedactStdin() {
 }
 
 // src/cli/status-ask.ts
-import { readFileSync as readFileSync63, existsSync as existsSync75, readdirSync as readdirSync27 } from "node:fs";
+import { readFileSync as readFileSync64, existsSync as existsSync75, readdirSync as readdirSync27 } from "node:fs";
 import { join as join75 } from "node:path";
 import { homedir as homedir44 } from "node:os";
 
@@ -82912,7 +83095,7 @@ function runReport(opts) {
   for (const src of sources) {
     let content;
     try {
-      content = readFileSync63(src.path, "utf-8");
+      content = readFileSync64(src.path, "utf-8");
     } catch (err) {
       process.stderr.write(`status-ask report: cannot read ${src.path}: ${err instanceof Error ? err.message : String(err)}
 `);
@@ -83006,7 +83189,7 @@ function inferAgentFromPath(p) {
 }
 
 // src/cli/agent-config-write.ts
-var import_yaml19 = __toESM(require_dist(), 1);
+var import_yaml20 = __toESM(require_dist(), 1);
 
 // src/config/overlay-writer.ts
 init_paths();
@@ -83017,9 +83200,9 @@ import {
   mkdirSync as mkdirSync43,
   openSync as openSync13,
   readdirSync as readdirSync28,
-  readFileSync as readFileSync64,
+  readFileSync as readFileSync65,
   renameSync as renameSync15,
-  statSync as statSync30,
+  statSync as statSync31,
   unlinkSync as unlinkSync14,
   writeSync as writeSync8
 } from "node:fs";
@@ -83063,7 +83246,7 @@ function withAgentLock(paths, fn) {
       if (e.code !== "EEXIST")
         throw err;
       try {
-        const age = Date.now() - statSync30(paths.lockPath).mtimeMs;
+        const age = Date.now() - statSync31(paths.lockPath).mtimeMs;
         if (age > 30000) {
           unlinkSync14(paths.lockPath);
           continue;
@@ -83141,7 +83324,7 @@ function listSkillsOverlayEntries(agent, opts = {}) {
       continue;
     const full = join76(paths.skillsDir, name);
     try {
-      const raw = readFileSync64(full, "utf-8");
+      const raw = readFileSync65(full, "utf-8");
       const slug = name.replace(/\.ya?ml$/i, "");
       out.push({ slug, path: full, raw });
     } catch {}
@@ -83168,7 +83351,7 @@ function listOverlayEntries(agent, opts = {}) {
       continue;
     const full = join76(paths.scheduleDir, name);
     try {
-      const raw = readFileSync64(full, "utf-8");
+      const raw = readFileSync65(full, "utf-8");
       const slug = name.replace(/\.ya?ml$/i, "");
       out.push({ slug, path: full, raw });
     } catch {}
@@ -83199,7 +83382,7 @@ function filterOverlaySecrets(doc, source) {
 // src/agents/reconcile-dry-run.ts
 init_overlay_schema();
 init_schema();
-var import_yaml18 = __toESM(require_dist(), 1);
+var import_yaml19 = __toESM(require_dist(), 1);
 init_lifecycle();
 var MIN_CRON_INTERVAL_SECS = 5 * 60;
 function violatesMinInterval(cron) {
@@ -83221,7 +83404,7 @@ function violatesMinInterval(cron) {
 function dryRunReconcile(input) {
   let parsed;
   try {
-    parsed = import_yaml18.parse(input.yamlText);
+    parsed = import_yaml19.parse(input.yamlText);
   } catch (err) {
     return {
       ok: false,
@@ -83316,7 +83499,7 @@ import {
   mkdirSync as mkdirSync44,
   openSync as openSync14,
   readdirSync as readdirSync29,
-  readFileSync as readFileSync65,
+  readFileSync as readFileSync66,
   renameSync as renameSync16,
   unlinkSync as unlinkSync15,
   writeFileSync as writeFileSync38,
@@ -83380,7 +83563,7 @@ function listPendingScheduleEntries(agent, opts = {}) {
     if (!existsSync77(yamlPath))
       continue;
     try {
-      const meta = JSON.parse(readFileSync65(metaPath, "utf-8"));
+      const meta = JSON.parse(readFileSync66(metaPath, "utf-8"));
       if (meta?.v !== 1 || typeof meta.stage_id !== "string")
         continue;
       out.push({ stageId: meta.stage_id, agent: meta.agent, yamlPath, metaPath, meta });
@@ -83418,7 +83601,7 @@ function denyPendingScheduleEntry(opts) {
 }
 
 // src/cli/agent-config-write.ts
-import { existsSync as existsSync78, readFileSync as readFileSync66 } from "node:fs";
+import { existsSync as existsSync78, readFileSync as readFileSync67 } from "node:fs";
 import { execFileSync as execFileSync25 } from "node:child_process";
 
 // src/scheduler/schedule-report.ts
@@ -83607,7 +83790,7 @@ function scheduleAdd(opts) {
     ]
   };
   const yamlText = (() => {
-    const body = import_yaml19.stringify(doc);
+    const body = import_yaml20.stringify(doc);
     const header = opts.name ? `# name: ${opts.name}
 ` : "";
     return header + body;
@@ -83721,7 +83904,7 @@ function scheduleAddOrStage(opts) {
     ]
   };
   const yamlText = (opts.name ? `# name: ${opts.name}
-` : "") + import_yaml19.stringify(doc);
+` : "") + import_yaml20.stringify(doc);
   const summary = (() => {
     const parts = [`cron=${opts.cronExpr}`];
     if (opts.secrets?.length)
@@ -83771,7 +83954,7 @@ function scheduleRemove(opts) {
         break;
       }
       try {
-        const parsed = import_yaml19.parse(e.raw);
+        const parsed = import_yaml20.parse(e.raw);
         if (parsed && parsed.name === opts.name) {
           match = e;
           break;
@@ -83790,7 +83973,7 @@ function scheduleRemove(opts) {
   let priorContent = null;
   try {
     if (existsSync78(match.path))
-      priorContent = readFileSync66(match.path, "utf-8");
+      priorContent = readFileSync67(match.path, "utf-8");
   } catch {}
   deleteOverlayEntry(agent, match.slug, { root: opts.root });
   const reconcileFn = opts.reconcile === undefined ? opts.root ? null : reconcileAgentCronOnly : opts.reconcile;
@@ -83993,7 +84176,7 @@ function registerAgentConfigWriteCommands(program3) {
     }
     let blob;
     if (opts.jsonl) {
-      blob = existsSync78(opts.jsonl) ? readFileSync66(opts.jsonl, "utf-8") : "";
+      blob = existsSync78(opts.jsonl) ? readFileSync67(opts.jsonl, "utf-8") : "";
     } else {
       try {
         blob = execFileSync25("docker", ["exec", `switchroom-${agent}`, "cat", "/state/agent/scheduler.jsonl"], {
@@ -84024,10 +84207,10 @@ function registerAgentConfigWriteCommands(program3) {
 }
 
 // src/cli/agent-config-skill-write.ts
-var import_yaml20 = __toESM(require_dist(), 1);
+var import_yaml21 = __toESM(require_dist(), 1);
 import { existsSync as existsSync79 } from "node:fs";
 init_reconcile_default_skills();
-var import_yaml21 = __toESM(require_dist(), 1);
+var import_yaml22 = __toESM(require_dist(), 1);
 import { join as join78 } from "node:path";
 var MAX_SKILLS_PER_AGENT = 20;
 var V1_ALLOWED_SOURCE_PREFIX = "bundled:";
@@ -84077,7 +84260,7 @@ function countCurrentSkills(agent, opts) {
   let total = 0;
   for (const e of entries) {
     try {
-      const doc = import_yaml21.parse(e.raw);
+      const doc = import_yaml22.parse(e.raw);
       total += (doc?.skills ?? []).length;
     } catch {}
   }
@@ -84107,7 +84290,7 @@ function skillInstall(opts) {
   if (!existsSync79(skillPath)) {
     return err("E_SKILL_NOT_FOUND", `bundled skill not found at ${skillPath}. The operator needs to ` + `place the skill at this path before the agent can opt in.`);
   }
-  const yamlText = import_yaml20.stringify({ skills: [skillName] });
+  const yamlText = import_yaml21.stringify({ skills: [skillName] });
   let path8;
   try {
     path8 = writeSkillsOverlayEntry(agent, slug, yamlText, { root: opts.root });
@@ -84273,12 +84456,12 @@ import {
   mkdirSync as mkdirSync45,
   mkdtempSync as mkdtempSync5,
   openSync as openSync15,
-  readFileSync as readFileSync67,
+  readFileSync as readFileSync68,
   readdirSync as readdirSync30,
   realpathSync as realpathSync7,
   renameSync as renameSync17,
   rmSync as rmSync16,
-  statSync as statSync31,
+  statSync as statSync32,
   writeFileSync as writeFileSync39
 } from "node:fs";
 import { tmpdir as tmpdir5, homedir as homedir45 } from "node:os";
@@ -84286,7 +84469,7 @@ import { dirname as dirname23, join as join79, relative as relative2, resolve as
 import { spawnSync as spawnSync12 } from "node:child_process";
 
 // src/cli/skill-common.ts
-var import_yaml22 = __toESM(require_dist(), 1);
+var import_yaml23 = __toESM(require_dist(), 1);
 var MAX_FILE_BYTES = 256 * 1024;
 var MAX_SKILL_BYTES = 2 * 1024 * 1024;
 var MAX_FILES_PER_SKILL = 50;
@@ -84390,7 +84573,7 @@ function validateSkillMd(content, expectedName) {
   }
   let parsed;
   try {
-    parsed = import_yaml22.parse(fmText);
+    parsed = import_yaml23.parse(fmText);
   } catch (e) {
     return authorErr("E_SKILL_INVALID_FRONTMATTER", `frontmatter is not valid YAML: ${e.message}`);
   }
@@ -84508,7 +84691,7 @@ function isTarballPath(p) {
 }
 function loadFromDir(dir) {
   const abs = realpathSync7(dir);
-  if (!statSync31(abs).isDirectory()) {
+  if (!statSync32(abs).isDirectory()) {
     fail3(`--from path is not a directory: ${dir}`);
   }
   const files = {};
@@ -84525,7 +84708,7 @@ function loadFromDir(dir) {
         continue;
       }
       if (ent.isFile()) {
-        const buf = readFileSync67(full);
+        const buf = readFileSync68(full);
         files[rel.replace(/\\/g, "/")] = buf.toString("utf-8");
       }
     }
@@ -84574,7 +84757,7 @@ function loadFromTarball(tarPath) {
   }
 }
 function loadSingleFile(filePath) {
-  const content = readFileSync67(filePath, "utf-8");
+  const content = readFileSync68(filePath, "utf-8");
   return { "SKILL.md": content };
 }
 function loadFromStdin() {
@@ -84665,7 +84848,7 @@ function diffSummary(currentDir, files) {
         if (ent.isDirectory()) {
           walk2(full);
         } else if (ent.isFile()) {
-          currentFiles[rel.replace(/\\/g, "/")] = readFileSync67(full, "utf-8");
+          currentFiles[rel.replace(/\\/g, "/")] = readFileSync68(full, "utf-8");
         }
       }
     };
@@ -84768,7 +84951,7 @@ function registerSkillCommand(program3) {
       if (!existsSync80(fromPath)) {
         fail3(`--from path does not exist: ${opts.from}`);
       }
-      const st = statSync31(fromPath);
+      const st = statSync32(fromPath);
       if (st.isDirectory()) {
         files = loadFromDir(fromPath);
       } else if (isTarballPath(fromPath)) {
@@ -84825,11 +85008,11 @@ import {
   mkdirSync as mkdirSync46,
   mkdtempSync as mkdtempSync6,
   openSync as openSync16,
-  readFileSync as readFileSync68,
+  readFileSync as readFileSync69,
   readdirSync as readdirSync31,
   renameSync as renameSync18,
   rmSync as rmSync17,
-  statSync as statSync32,
+  statSync as statSync33,
   utimesSync,
   writeFileSync as writeFileSync40
 } from "node:fs";
@@ -84907,7 +85090,7 @@ function mirrorToConfigRepo(agent, name, liveSkillDir) {
         if (ent.isDirectory())
           walk2(s, d);
         else if (ent.isFile()) {
-          writeFileSync40(d, readFileSync68(s));
+          writeFileSync40(d, readFileSync69(s));
         }
       }
     };
@@ -84970,7 +85153,7 @@ function readStdinSync2() {
 }
 function loadFromDir2(dir) {
   const abs = resolve48(dir);
-  if (!statSync32(abs).isDirectory()) {
+  if (!statSync33(abs).isDirectory()) {
     fail4(`--from path is not a directory: ${dir}`);
   }
   const files = {};
@@ -84986,7 +85169,7 @@ function loadFromDir2(dir) {
       }
       if (ent.isFile()) {
         const rel = relative3(abs, full).replace(/\\/g, "/");
-        files[rel] = readFileSync68(full, "utf-8");
+        files[rel] = readFileSync69(full, "utf-8");
       }
     }
   };
@@ -85056,7 +85239,7 @@ function sweepTrash(agentsRoot, agent) {
       continue;
     const entPath = join80(trash, ent.name);
     try {
-      const st = statSync32(entPath);
+      const st = statSync33(entPath);
       if (now - st.mtimeMs > TRASH_TTL_MS) {
         rmSync17(entPath, { recursive: true, force: true });
       }
@@ -85167,12 +85350,12 @@ function loadFiles(opts) {
   if (!existsSync81(p)) {
     fail4(`--from path does not exist: ${opts.from}`);
   }
-  const st = statSync32(p);
+  const st = statSync33(p);
   if (st.isDirectory()) {
     return loadFromDir2(p);
   }
   if (p.endsWith(".md")) {
-    return { "SKILL.md": readFileSync68(p, "utf-8") };
+    return { "SKILL.md": readFileSync69(p, "utf-8") };
   }
   fail4(`--from must be a directory or a .md file. Got: ${opts.from}`);
 }
@@ -85261,7 +85444,7 @@ function readSourceFiles(dir) {
             fail4(`clone source has oversized file ${rel} (${st.size} bytes > ${CLONE_MAX_FILE_BYTES}); ` + `refuse to read`, 3);
           }
         } catch {}
-        files[rel] = readFileSync68(full, "utf-8");
+        files[rel] = readFileSync69(full, "utf-8");
       }
     }
   };
@@ -85388,7 +85571,7 @@ function listPersonalAction(opts) {
           if (e.isFile()) {
             fileCount += 1;
             try {
-              totalBytes += statSync32(join80(sub, e.name)).size;
+              totalBytes += statSync33(join80(sub, e.name)).size;
             } catch {}
           } else if (e.isDirectory()) {
             walk2(join80(sub, e.name));
@@ -85429,8 +85612,8 @@ function registerSkillPersonalCommands(program3) {
 
 // src/cli/skill-search.ts
 init_helpers();
-var import_yaml23 = __toESM(require_dist(), 1);
-import { existsSync as existsSync82, readdirSync as readdirSync32, readFileSync as readFileSync69, statSync as statSync33 } from "node:fs";
+var import_yaml24 = __toESM(require_dist(), 1);
+import { existsSync as existsSync82, readdirSync as readdirSync32, readFileSync as readFileSync70, statSync as statSync34 } from "node:fs";
 import { homedir as homedir47 } from "node:os";
 import { join as join81, resolve as resolve49 } from "node:path";
 var PERSONAL_PREFIX2 = "personal-";
@@ -85451,7 +85634,7 @@ function readSkillFrontmatter(skillDir) {
     return null;
   let content;
   try {
-    content = readFileSync69(mdPath, "utf-8");
+    content = readFileSync70(mdPath, "utf-8");
   } catch {
     return null;
   }
@@ -85469,7 +85652,7 @@ function readSkillFrontmatter(skillDir) {
   const fmText = rest.slice(0, endIdx);
   let parsed;
   try {
-    parsed = import_yaml23.parse(fmText);
+    parsed = import_yaml24.parse(fmText);
   } catch (e) {
     return { error: `yaml parse: ${e.message}` };
   }
@@ -85481,7 +85664,7 @@ function readSkillFrontmatter(skillDir) {
 function statSkillMd(skillDir) {
   const mdPath = join81(skillDir, "SKILL.md");
   try {
-    const st = statSync33(mdPath);
+    const st = statSync34(mdPath);
     return { size: st.size, mtime: st.mtime.toISOString() };
   } catch {
     return null;
@@ -85505,7 +85688,7 @@ function listPersonalSkills(agent, agentsRoot = defaultAgentsRoot()) {
       continue;
     const dirPath = join81(skillsDir, ent);
     try {
-      if (!statSync33(dirPath).isDirectory())
+      if (!statSync34(dirPath).isDirectory())
         continue;
     } catch {
       continue;
@@ -85545,7 +85728,7 @@ function listSharedSkills(sharedRoot = defaultSharedRoot2()) {
       continue;
     const dirPath = join81(sharedRoot, ent);
     try {
-      if (!statSync33(dirPath).isDirectory())
+      if (!statSync34(dirPath).isDirectory())
         continue;
     } catch {
       continue;
@@ -85581,7 +85764,7 @@ function listBundledSkills(bundledRoot = defaultBundledRoot2()) {
       continue;
     const dirPath = join81(bundledRoot, ent);
     try {
-      if (!statSync33(dirPath).isDirectory())
+      if (!statSync34(dirPath).isDirectory())
         continue;
     } catch {
       continue;
@@ -85723,7 +85906,7 @@ function registerHostdMcpCommand(program3) {
 // src/cli/hostd.ts
 init_source();
 init_helpers();
-import { existsSync as existsSync84, mkdirSync as mkdirSync47, readdirSync as readdirSync33, readFileSync as readFileSync71, writeFileSync as writeFileSync41, statSync as statSync34, copyFileSync as copyFileSync12 } from "node:fs";
+import { existsSync as existsSync84, mkdirSync as mkdirSync47, readdirSync as readdirSync33, readFileSync as readFileSync72, writeFileSync as writeFileSync41, statSync as statSync35, copyFileSync as copyFileSync12 } from "node:fs";
 import { homedir as homedir48 } from "node:os";
 import { join as join82 } from "node:path";
 import { spawnSync as spawnSync15 } from "node:child_process";
@@ -85959,7 +86142,7 @@ function doStatus() {
           continue;
         const sockPath = join82(dir, name, "sock");
         if (existsSync84(sockPath)) {
-          const st = statSync34(sockPath);
+          const st = statSync35(sockPath);
           if ((st.mode & 61440) === 49152) {
             entries.push(`${name} \u2192 ${sockPath}`);
           }
@@ -86006,7 +86189,7 @@ function registerHostdCommand(program3) {
 The log is created when hostd handles its first privileged-verb request.`));
       return;
     }
-    const raw = readFileSync71(logPath, "utf-8");
+    const raw = readFileSync72(logPath, "utf-8");
     const limit = Math.max(1, parseInt(opts.tail ?? "50", 10) || 50);
     const filters = {
       agent: opts.agent,