switchroom 0.15.45 → 0.16.5

package/telegram-plugin/gateway/inject-handler.test.ts

@@ -152,12 +152,13 @@ describe('handleInjectCommand — outcome=ok_no_output', () => {
     expect(replies[0].text).toContain('empty capture')
   })
 
-  it('bare ack with accent=done when expectsOutput=false and no silentNote (/clear)', async () => {
+  it('uses silentNote for /clear (context cleared — fresh slate)', async () => {
     const inject = vi.fn().mockResolvedValue(noOutputResult('/clear'))
     const { deps, replies } = makeDeps({ getArgs: () => '/clear', inject })
     await handleInjectCommand(fakeCtx(), deps)
     expect(replies[0].opts?.accent).toBe('done')
     expect(replies[0].text).toContain('<code>/clear</code>')
+    expect(replies[0].text).toContain('context cleared')
     expect(replies[0].text).not.toContain('empty capture')
     expect(replies[0].text).not.toContain('<pre>')
   })

package/telegram-plugin/gateway/model-command.ts

@@ -233,6 +233,53 @@ export interface ModelMenuReply {
 export const MODEL_CALLBACK_PREFIX = 'mdl:'
 const MODEL_CALLBACK_SELECT = 'mdl:s:'
 export const MODEL_CALLBACK_REFRESH = 'mdl:r'
+/** Callback prefix for sr-* (LiteLLM non-Anthropic) model selection. */
+export const MODEL_CALLBACK_SR = 'mdl:sr:'
+
+/**
+ * Friendly display names for sr-* synthetic model names. An sr-* model in
+ * LiteLLM has no entry in `model_group_settings.*.forward_client_headers_to_llm_api`
+ * so the Anthropic OAuth credential is NEVER forwarded — safe to route to
+ * OpenRouter. Names here are display-only; the raw `sr-*` id is what gets
+ * injected into the agent's session. See reference/rfcs/litellm-max-subscription-invariants.md § I6.
+ */
+export const SR_MODEL_LABELS: Record<string, string> = {
+  'sr-gemini-2.5-pro': 'Gemini 2.5 Pro',
+  'sr-gemini-2.5-flash': 'Gemini 2.5 Flash',
+  'sr-deepseek-r1': 'DeepSeek R1',
+  'sr-deepseek-v3': 'DeepSeek V3',
+  'sr-glm-5': 'GLM-5',
+}
+
+function srFriendlyLabel(srName: string): string {
+  return SR_MODEL_LABELS[srName] ?? srName.replace(/^sr-/, '').replace(/-/g, ' ')
+}
+
+/**
+ * Split picker-discovered options into native Claude options and sr-*
+ * (LiteLLM non-Anthropic) options. Options with "/" in the label or
+ * other non-native prefixes (e.g., "openrouter/...", "gpt-4") are
+ * silently dropped — they're internal LiteLLM routing paths, not
+ * user-facing switching targets.
+ */
+export function classifyDiscoveredOptions(options: ModelPickerOption[]): {
+  claude: ModelPickerOption[]
+  sr: ModelPickerOption[]
+} {
+  return {
+    // Native Claude picker labels start with an uppercase letter (e.g.
+    // "Default (recommended)", "Opus", "Sonnet") or with "claude-" for full
+    // model IDs. This excludes sr-* names, internal routing paths
+    // ("openrouter/..."), and non-Claude models exposed by GATEWAY_MODEL_DISCOVERY
+    // ("gpt-4", "gpt-4o", "voyage-law-2", etc.) — those are LiteLLM internals
+    // not meant as user-facing switching targets.
+    claude: options.filter(
+      (o) => !o.label.startsWith('sr-') && !o.label.includes('/') &&
+        (/^[A-Z]/.test(o.label) || o.label.startsWith('claude-')),
+    ),
+    sr: options.filter((o) => o.label.startsWith('sr-')),
+  }
+}
 
 export function modelSelectCallbackData(label: string): string {
   // Identity is the label's hash, not its index — a tap re-discovers
@@ -249,15 +296,29 @@ function busyReply(deps: Pick<ModelMenuDeps, 'escapeHtml'>): ModelMenuReply {
   }
 }
 
-function menuKeyboard(options: ModelPickerOption[]): ModelMenuKeyboardButton[][] {
+function menuKeyboard(
+  claudeOptions: ModelPickerOption[],
+  srOptions: ModelPickerOption[],
+): ModelMenuKeyboardButton[][] {
   // One option per row (labels + ✔ render cleanly at full width on
   // mobile), refresh on a trailing row.
-  const rows: ModelMenuKeyboardButton[][] = options.map((o) => [
+  const rows: ModelMenuKeyboardButton[][] = claudeOptions.map((o) => [
     {
       text: o.current ? `✅ ${o.label}` : o.label,
       callback_data: modelSelectCallbackData(o.label),
     },
   ])
+  // sr-* models are non-Anthropic (routed via LiteLLM → OpenRouter).
+  // Selection uses text-inject rather than cursor-nav — more reliable
+  // when the picker has many models (GATEWAY_MODEL_DISCOVERY=1).
+  for (const o of srOptions) {
+    rows.push([
+      {
+        text: `🌐 ${srFriendlyLabel(o.label)}`,
+        callback_data: `${MODEL_CALLBACK_SR}${o.label}`,
+      },
+    ])
+  }
   rows.push([{ text: '🔄 Refresh', callback_data: MODEL_CALLBACK_REFRESH }])
   return rows
 }
@@ -292,7 +353,8 @@ export async function buildModelMenu(
   // or a prior session switch). Labelling the ✔ row "Now:" was misleading —
   // it could read "Opus 4.8" while the live session is on Fable. Call it what
   // it is, and tell the operator a switch applies to the live session.
-  const current = discovered.options.find((o) => o.current)
+  const { claude: claudeOptions, sr: srOptions } = classifyDiscoveredOptions(discovered.options)
+  const current = claudeOptions.find((o) => o.current)
   const lines: string[] = [`<b>Model — ${deps.escapeHtml(deps.getAgentName())}</b>`]
   if (discovered.dismissFailed) {
     lines.push('⚠️ <i>The picker may still be open on the agent pane — check it before switching.</i>')
@@ -305,9 +367,10 @@ export async function buildModelMenu(
   }
   if (quota) lines.push(`Quota: ${deps.escapeHtml(quota)}`)
   lines.push('', 'Tap a model to switch the <b>live session</b>:')
+  if (srOptions.length > 0) lines.push('🌐 = non-Anthropic via LiteLLM (session only)')
   lines.push(PERSIST_NOTE)
 
-  return { text: lines.join('\n'), html: true, keyboard: menuKeyboard(discovered.options) }
+  return { text: lines.join('\n'), html: true, keyboard: menuKeyboard(claudeOptions, srOptions) }
 }
 
 export interface ModelCallbackOutcome {
@@ -346,6 +409,54 @@ export async function handleModelMenuCallback(
   if (data === MODEL_CALLBACK_REFRESH) {
     return { answer: 'Refreshed', reply: await buildModelMenu(deps) }
   }
+
+  // sr-* model tap: text-inject `/model sr-<name>` rather than cursor-nav.
+  // Text-inject is more reliable when the picker has many models; sr-* names
+  // are safe (no entry in model_group_settings → no OAuth forwarding). See I6.
+  if (data.startsWith(MODEL_CALLBACK_SR)) {
+    const srName = data.slice(MODEL_CALLBACK_SR.length)
+    if (!isValidModelArg(srName)) {
+      return { answer: 'Invalid model name', reply: await buildModelMenu(deps) }
+    }
+    if (deps.isBusy()) {
+      return {
+        answer: '⏳ Agent is mid-turn — tap again when it’s idle',
+        reply: busyReply(deps),
+        toastOnly: true,
+      }
+    }
+    let srResult: InjectResult
+    try {
+      srResult = await deps.inject(deps.getAgentName(), `/model ${srName}`)
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err)
+      return {
+        answer: 'Switch failed',
+        reply: await menuWithBanner(deps, `❌ Switch to <b>${deps.escapeHtml(srName)}</b> failed: ${deps.escapeHtml(msg)}`),
+      }
+    }
+    if (srResult.outcome === 'ok') {
+      const friendlyName = srFriendlyLabel(srName)
+      const confirmation =
+        srResult.output
+          .split('\n')
+          .map((l) => l.trim())
+          .find((l) => /set model|switched/i.test(l)) ?? `Switched to ${friendlyName} (session)`
+      return {
+        answer: confirmation,
+        reply: await menuWithBanner(deps, `✅ ${deps.escapeHtml(confirmation)}`),
+        selectedModel: srName,
+      }
+    }
+    return {
+      answer: 'Switch failed',
+      reply: await menuWithBanner(
+        deps,
+        `❌ Switch to <b>${deps.escapeHtml(srFriendlyLabel(srName))}</b> failed — agent may be mid-turn`,
+      ),
+    }
+  }
+
   if (!data.startsWith(MODEL_CALLBACK_SELECT)) {
     return { answer: 'Unknown action', reply: await buildModelMenu(deps) }
   }

package/telegram-plugin/gateway/ms365-write-approval.test.ts

@@ -26,7 +26,7 @@ describe("validateMs365Preview", () => {
     toolName: "mcp__ms-365__upload-file-content",
     itemId: "01ABCDEFG",
     itemDisplayName: "Q3-Strategy.docx",
-    accountEmail: "ken@outlook.com",
+    accountEmail: "bob@example.com",
   };
 
   it("accepts a minimal valid preview", () => {
@@ -93,7 +93,7 @@ describe("buildMs365CardText", () => {
     toolName: "mcp__ms-365__upload-file-content",
     itemId: "01ABCDEFG",
     itemDisplayName: "Q3-Strategy.docx",
-    accountEmail: "ken@outlook.com",
+    accountEmail: "bob@example.com",
   };
 
   it("includes agent, tool, item, account", () => {
@@ -102,7 +102,7 @@ describe("buildMs365CardText", () => {
     expect(text).toContain("ms-365__upload-file-content");
     expect(text).toContain("Q3-Strategy.docx");
     expect(text).toContain("01ABCDEFG");
-    expect(text).toContain("ken@outlook.com");
+    expect(text).toContain("bob@example.com");
   });
 
   it("omits ID line for new files", () => {
@@ -183,7 +183,7 @@ function makeMsg(overrides: Partial<RequestMs365ApprovalMessage> = {}): RequestM
       toolName: "mcp__ms-365__upload-file-content",
       itemId: "01ABC",
       itemDisplayName: "Strategy.docx",
-      accountEmail: "ken@outlook.com",
+      accountEmail: "bob@example.com",
     },
     ttlMs: 5 * 60 * 1000,
     ...overrides,

package/telegram-plugin/gateway/represent-guard.ts

@@ -0,0 +1,72 @@
+/**
+ * represent-guard.ts — the duplicate-represent guard for the obligation sweep,
+ * extracted from obligationSweep so the "satisfied-but-misdetected obligation
+ * must NOT re-fire" decision (#2472) is EXECUTABLE in a pure unit test.
+ *
+ * The bug (#2472): obligation_represent re-fired for the same origin_turn_id even
+ * after the agent had already answered represent_count=1 with a reply tool call,
+ * producing a second near-identical message. The reply landed but its routing did
+ * not resolve back to the origin, so the ledger's normal close path missed it —
+ * and the represent branch (unlike the escalate branch) had no belt-and-braces
+ * outbound-history check before re-firing.
+ *
+ * This helper is the decision the sweep's represent branch now consults. PURE —
+ * no Telegram, no SQLite; the gateway injects `hasOutboundDeliveredSince` as a
+ * predicate. The single load-bearing subtlety lives here in one testable place:
+ *
+ *   The cutoff is `lastRepresentedAt` (the time of the PREVIOUS represent), NOT
+ *   `openedAt`. On the FIRST represent (`lastRepresentedAt` undefined) the guard
+ *   is a no-op, so the genuine "agent wrote a plain-text answer and never called
+ *   the reply tool" case still re-presents ONCE. Only the SECOND-and-later
+ *   represent is gated — exactly where a reply that landed BETWEEN fires must
+ *   suppress the re-ask. A reply that predates the last represent (e.g. the
+ *   original plain-text answer) does not count, because it is not evidence the
+ *   most recent represent was answered.
+ */
+
+/** The obligation fields the represent guard inspects. */
+export interface RepresentGuardObligation {
+  readonly originTurnId: string
+  readonly chatId: string
+  readonly threadId?: number
+  /** Wall-clock ms this obligation was most recently re-presented, if ever. */
+  readonly lastRepresentedAt?: number
+}
+
+export interface RepresentGuardDeps {
+  /** True when history is available to query (else the guard never suppresses). */
+  historyEnabled: boolean
+  /**
+   * Has a genuine assistant reply been delivered to this chat (optionally scoped
+   * to thread) at or after `sinceMs`? Wraps history.hasOutboundDeliveredSince.
+   *
+   * For the represent guard the gateway binds this with a LOW minChars (#2474
+   * follow-up): ANY real reply to the turn — even a terse "Yes — done." — means
+   * the user was answered and the duplicate represent must be suppressed. The
+   * 200-char "substantive" proxy is the ESCALATE branch's concern, not this one;
+   * applying it here left short-but-real replies failing to suppress the duplicate
+   * (the #2472 gap). The underlying query only counts recordOutbound rows, so
+   * typing indicators / progress-card edits are never miscounted as a reply.
+   */
+  hasOutboundDeliveredSince: (chatId: string, sinceMs: number, threadId?: number) => boolean
+}
+
+/**
+ * Decide whether a represent for `o` should be SUPPRESSED because the agent has
+ * already delivered a reply since the obligation was last re-presented.
+ *
+ * Returns true ⇒ the obligation is satisfied-but-misdetected; the caller closes
+ * it silently and does NOT re-fire. Returns false ⇒ proceed with the represent
+ * (first represent always proceeds; a represent with no reply since the last one
+ * proceeds; an unavailable history proceeds — never suppress on doubt).
+ */
+export function shouldSuppressRepresent(
+  o: RepresentGuardObligation,
+  deps: RepresentGuardDeps,
+): boolean {
+  if (!deps.historyEnabled) return false
+  // First represent: nothing to compare against — let the single re-ask fire so
+  // the genuine plain-text-no-reply case is preserved.
+  if (o.lastRepresentedAt == null) return false
+  return deps.hasOutboundDeliveredSince(o.chatId, o.lastRepresentedAt, o.threadId)
+}

package/telegram-plugin/gateway/status-surface-log.test.ts

@@ -12,6 +12,7 @@ function turn(overrides: Partial<StatusSurfaceTurnView> = {}): StatusSurfaceTurn
     sessionThreadId: undefined,
     startedAt: 1_780_000_000_000,
     toolCallCount: 0,
+    labeledToolCount: 0,
     activityMessageId: null,
     activityEverOpened: false,
     activityDrainFailures: 0,
@@ -35,7 +36,7 @@ describe('formatTurnLifecycle', () => {
     const line = formatTurnLifecycle(
       'clear',
       'turn_end',
-      turn({ sessionThreadId: 3, toolCallCount: 5, activityMessageId: 42, activityEverOpened: true, replyCalled: true, finalAnswerDelivered: true }),
+      turn({ sessionThreadId: 3, toolCallCount: 5, labeledToolCount: 5, activityMessageId: 42, activityEverOpened: true, replyCalled: true, finalAnswerDelivered: true }),
       1_780_000_300_000, // +300s
     )
     expect(line).toContain('turn-lifecycle clear reason=turn_end')
@@ -63,7 +64,7 @@ describe('formatTurnLifecycle', () => {
 describe('detectStatusSurfaceDegraded', () => {
   it('flags a turn that did tool work but never opened the feed due to send failures (the resume-400 signature)', () => {
     const d = detectStatusSurfaceDegraded(
-      turn({ toolCallCount: 3, activityEverOpened: false, activityDrainFailures: 10 }),
+      turn({ toolCallCount: 3, labeledToolCount: 3, activityEverOpened: false, activityDrainFailures: 10 }),
     )
     expect(d).not.toBeNull()
     expect(d!.reason).toBe('feed-never-opened')
@@ -75,7 +76,7 @@ describe('detectStatusSurfaceDegraded', () => {
     // the sticky activityEverOpened keeps this from false-positiving.
     expect(
       detectStatusSurfaceDegraded(
-        turn({ toolCallCount: 4, activityMessageId: null, activityEverOpened: true, activityDrainFailures: 0 }),
+        turn({ toolCallCount: 4, labeledToolCount: 4, activityMessageId: null, activityEverOpened: true, activityDrainFailures: 0 }),
       ),
     ).toBeNull()
   })
@@ -83,7 +84,7 @@ describe('detectStatusSurfaceDegraded', () => {
   it('does NOT flag a turn that never attempted a feed send (e.g. ack-first suppression)', () => {
     expect(
       detectStatusSurfaceDegraded(
-        turn({ toolCallCount: 2, activityEverOpened: false, activityDrainFailures: 0 }),
+        turn({ toolCallCount: 2, labeledToolCount: 2, activityEverOpened: false, activityDrainFailures: 0 }),
       ),
     ).toBeNull()
   })

package/telegram-plugin/gateway/status-surface-log.ts

@@ -30,6 +30,17 @@ export interface StatusSurfaceTurnView {
   sessionThreadId: number | undefined
   startedAt: number
   toolCallCount: number
+  /**
+   * Count of tool_label events that passed the surface-tool guard this turn —
+   * i.e. the number of surfaced (non-surface, non-suppressed) tool steps. This
+   * is the deterministic single source of truth for the `tools=` lifecycle
+   * field and the `✓ N steps` activity-feed total. Incremented in
+   * `case 'tool_label':` AFTER the `isTelegramSurfaceTool` guard so that
+   * reply/stream_reply/edit_message/react are never counted. send_typing and
+   * sync_retain are suppressed at the hook level (computeLabel returns null)
+   * and never arrive as tool_label events, so they are excluded automatically.
+   */
+  labeledToolCount: number
   /** Live activity-feed message id; null until the first send captures it. */
   activityMessageId: number | null
   /**
@@ -67,7 +78,7 @@ export function formatTurnLifecycle(
   return (
     `turn-lifecycle ${action} reason=${reason} turnId=${t.turnId} ` +
     `chat=${t.sessionChatId} thread=${t.sessionThreadId ?? '-'} ` +
-    `tools=${t.toolCallCount} activityMsgId=${t.activityMessageId ?? 'none'} ` +
+    `tools=${t.labeledToolCount} activityMsgId=${t.activityMessageId ?? 'none'} ` +
     `feedOpened=${t.activityEverOpened} drainFailures=${t.activityDrainFailures} ` +
     `replyCalled=${t.replyCalled} finalAnswer=${t.finalAnswerDelivered} age_ms=${ageMs}`
   )
@@ -89,13 +100,13 @@ export function formatTurnLifecycle(
 export function detectStatusSurfaceDegraded(
   t: StatusSurfaceTurnView,
 ): { reason: string; detail: string } | null {
-  if (t.toolCallCount === 0) return null
+  if (t.labeledToolCount === 0) return null
   if (t.activityEverOpened) return null
   if (t.activityDrainFailures === 0) return null
   return {
     reason: 'feed-never-opened',
     detail:
-      `tools=${t.toolCallCount} drainFailures=${t.activityDrainFailures} ` +
+      `tools=${t.labeledToolCount} drainFailures=${t.activityDrainFailures} ` +
       `activityMsgId=none — the live activity feed failed every send this turn ` +
       `(card was dark despite tool work)`,
   }

package/telegram-plugin/history.ts

@@ -557,11 +557,26 @@ export function getRecentOutboundCount(
  * SUBSTANTIVE: we never suppress escalation on a bare ack ("on it", "give me a
  * sec") — an agent that acks then ghosts must still escalate. The history schema
  * does not store a done/substantive flag, so we approximate: a row counts only
- * when LENGTH(text) >= 200 (the FINAL_ANSWER_MIN_CHARS constant from
- * final-answer-detect.ts). This is false-negative-safe: a genuine substantive
- * answer that happens to be < 200 chars will still fire an escalation, which is
- * the conservative (safe) outcome. A schema column would be more precise but is
- * disproportionate for this predicate; the reviewer accepted this approach.
+ * when LENGTH(text) >= `minChars` (default 200, the FINAL_ANSWER_MIN_CHARS
+ * constant from final-answer-detect.ts). This is false-negative-safe for the
+ * escalate branch: a genuine substantive answer that happens to be < 200 chars
+ * will still fire an escalation, which is the conservative (safe) outcome. A
+ * schema column would be more precise but is disproportionate for this predicate;
+ * the reviewer accepted this approach.
+ *
+ * `minChars` semantics (decoupled per caller, #2474 follow-up):
+ *   - The ESCALATE branch (Fix 4) keeps the 200 default: it must not stand down an
+ *     escalation on a mere ack, so it still demands a substantive-LENGTH outbound.
+ *   - The duplicate-represent GUARD (#2472) passes a LOW value (1): for that path
+ *     ANY genuine assistant reply to the turn — even a terse "Yes — done." or
+ *     "Merged, all three landed." — means the user was answered, so the duplicate
+ *     represent must be suppressed. The 200-char proxy was borrowed from the
+ *     escalate branch and is WRONG there: a short-but-real reply left the
+ *     duplicate-represent bug (#2472) alive. This is safe because the rows this
+ *     query counts (role='assistant') are ONLY ever written by recordOutbound —
+ *     i.e. real bot→user messages (reply / stream_reply / silent-anchor content /
+ *     command acks). Typing indicators and progress-card edits NEVER call
+ *     recordOutbound, so they cannot be miscounted as "the user was answered".
  *
  * `threadId` semantics:
  *   - undefined → any message in the chat regardless of thread (DMs + supergroups)
@@ -575,16 +590,23 @@ export function hasOutboundDeliveredSince(
   chatId: string,
   sinceMs: number,
   threadId?: number | null,
+  minChars = 200,
 ): boolean {
   try {
     const cutoffSec = Math.floor(sinceMs / 1000)
-    const params: unknown[] = [chatId, cutoffSec]
-    // LENGTH(text) >= 200 scopes to substantive replies only — never suppress
-    // escalation on a mere ack. Mirrors FINAL_ANSWER_MIN_CHARS (200) from
-    // final-answer-detect.ts; the `done` flag is not stored in the history
-    // schema, so length is the closest available proxy.
+    // Clamp to >= 1 so the predicate never counts an empty/whitespace-only row
+    // (a degenerate outbound) as a delivered reply, even if a caller passes 0.
+    const minLen = Math.max(1, Math.floor(minChars))
+    const params: unknown[] = [chatId, cutoffSec, minLen]
+    // LENGTH(text) >= minChars scopes to replies of at least the caller's
+    // threshold. ESCALATE passes the default 200 (substantive-only — never stand
+    // down on a mere ack). The duplicate-represent GUARD passes a low value so a
+    // terse-but-real reply counts (#2472/#2474). The `done` flag is not stored in
+    // the history schema, so length is the closest available proxy; rows here are
+    // only ever recordOutbound writes (real bot→user sends), so progress-card
+    // edits / typing indicators are structurally excluded.
     let sql =
-      "SELECT 1 FROM messages WHERE chat_id = ? AND role = 'assistant' AND ts >= ? AND LENGTH(text) >= 200"
+      "SELECT 1 FROM messages WHERE chat_id = ? AND role = 'assistant' AND ts >= ? AND LENGTH(text) >= ?"
     if (threadId !== undefined) {
       if (threadId === null) {
         sql += ' AND thread_id IS NULL'

package/telegram-plugin/hooks/repo-context-pretool.mjs

@@ -297,6 +297,32 @@ async function main() {
   const markerPath = findNearestMarker(targetDir)
   if (markerPath == null) process.exit(0)
 
+  // Own-agent marker guard: suppress the agent's own CLAUDE.md / AGENTS.md /
+  // AGENT.md so it is never injected as additionalContext. The agent's own
+  // marker is already in the system prompt (baked by start.sh via
+  // --append-system-prompt); re-injecting it wastes ~30KB per session.
+  //
+  // The existing isUnderAgentWorkspace guard only blocks paths under the
+  // agent's workspace/ subdirectory. It misses the agent's start cwd
+  // (/home/.../.switchroom/agents/<name>) because that guard computes against
+  // workspace/, not agentDir itself. This marker-path check closes that gap.
+  //
+  // We do NOT add a "targetDir under startCwd" directory guard because that
+  // would wrongly suppress a legitimate worktree repo the operator has checked
+  // out inside the agent dir (e.g. agentDir/workspace/ repos) — the directory
+  // guard would catch those too. The marker-path equality check is surgical:
+  // only the exact CLAUDE.md / AGENTS.md / AGENT.md at agentDir root is blocked;
+  // any nested repo's marker injects normally.
+  if (agentName) {
+    const startCwd = normalize(
+      process.env.SWITCHROOM_AGENT_START_CWD ??
+        join(home, '.switchroom', 'agents', agentName),
+    )
+    for (const m of MARKER_FILES) {
+      if (markerPath === join(startCwd, m)) process.exit(0)
+    }
+  }
+
   const state = readSessionState(sessionId)
 
   // Already-loaded dedup — the load-once-per-repo-per-session invariant.

package/telegram-plugin/hooks/subagent-tracker-posttool.mjs

@@ -313,6 +313,11 @@ function updateRow(dbPath, { id, status, resultSummary, now, asyncLaunch }, done
     setImmediate(() => {
       try {
         const db = new SnapDatabaseSync(snapDbPath)
+        // Concurrency: per-connection busy_timeout so this hook's writes
+        // wait-and-retry instead of failing with SQLITE_BUSY under concurrent
+        // sub-agent dispatch. Set on the real open so BOTH the node:sqlite
+        // (production) and bun:sqlite branches are armed (#2535 review).
+        try { db.exec('PRAGMA busy_timeout = 5000') } catch { /* best-effort */ }
         const row = db.prepare(SELECT_SQL).get(snapId)
         const isBackground = row != null && row.background === 1
         if (isBackground) {

package/telegram-plugin/hooks/subagent-tracker-pretool.mjs

@@ -184,6 +184,14 @@ function writeRow(dbPath, { id, parentSessionId, parentTurnKey, agentType, descr
     setImmediate(() => {
       try {
         const db = new SnapDatabaseSync(snapDbPath)
+        // Concurrency: this hook writes registry.db from a separate process
+        // that contends with the gateway's subagent-watcher + the PostToolUse
+        // hook. Without a busy_timeout, the contending write fails IMMEDIATELY
+        // with SQLITE_BUSY ("database is locked") when several sub-agents
+        // dispatch at once, dropping the row → NULL jsonl_agent_id/parent_turn_key.
+        // Per-connection PRAGMA, set on the real open so BOTH the node:sqlite
+        // (production) and bun:sqlite branches are armed.
+        try { db.exec('PRAGMA busy_timeout = 5000') } catch { /* best-effort */ }
         db.exec(snapSchemaSql)
         // Migrate older DBs that pre-date jsonl_agent_id.
         const hasJsonlCol = db.prepare(snapMigrateSql).get()

package/telegram-plugin/hooks/tool-label-pretool.mjs

@@ -149,30 +149,42 @@ export function computeLabel(toolName, input) {
       // the progress card path that used to surface this was retired
       // when `progressDriver` was nulled out in #1122 PR3.
       const slug = clip(asText(i.skill), 64)
+      // Empty-slug Skill stays suppressed (degenerate/malformed call): the
+      // liveness feed-open backstops visibility for a tool-less turn, so this
+      // does not need a label. Keeps the #2111 sidecar contract.
       return slug ? `Running skill ${slug}` : null
     }
   }
 
   // MCP tools.
   if (typeof toolName === 'string' && toolName.startsWith('mcp__')) {
-    // Explicit labels / suppressions for the built-in servers.
+    // Telegram-plugin tools: matched by the key-agnostic regex so renames/forks work.
+    // Strip the `mcp__<server>__` prefix to get just the tool suffix.
+    const TELEGRAM_PREFIX_RE = /^mcp__[^_].*?telegram__/
+    const telegramMatch = TELEGRAM_PREFIX_RE.exec(toolName)
+    if (telegramMatch) {
+      const suffix = toolName.slice(telegramMatch[0].length)
+      // Surface tools (reply, stream_reply, edit_message, react) are the
+      // conversation itself — suppress them from the activity feed entirely.
+      // Mirrors isTelegramSurfaceTool in tool-names.ts.
+      if (
+        suffix === 'reply' ||
+        suffix === 'stream_reply' ||
+        suffix === 'edit_message' ||
+        suffix === 'react'
+      ) return null
+      if (suffix === 'get_recent_messages') return 'Reading chat history'
+      // send_typing and all other surface/control tools: suppress.
+      return null
+    }
+    // Explicit labels / suppressions for the hindsight server.
     switch (toolName) {
-      case 'mcp__switchroom-telegram__reply':
-      case 'mcp__switchroom-telegram__stream_reply':
-        return 'Replying'
-      case 'mcp__switchroom-telegram__react': {
-        const emoji = clip(asText(i.emoji), 8)
-        return emoji ? `Reacting ${emoji}` : 'Reacting'
-      }
-      case 'mcp__switchroom-telegram__get_recent_messages':
-        return 'Reading chat history'
       case 'mcp__hindsight__recall':
       case 'mcp__hindsight__reflect':
         return 'Searching memory'
       case 'mcp__hindsight__retain':
         return 'Saving memory'
       // Explicit suppressions — return null so we don't emit a sidecar line.
-      case 'mcp__switchroom-telegram__send_typing':
       case 'mcp__hindsight__sync_retain':
         return null
     }
@@ -182,13 +194,17 @@ export function computeLabel(toolName, input) {
     // entirely by MCP tools read as pure silence (only a typing dot + the
     // 👀 reaction) — the "I can't see what it's doing" report. Mirror the
     // gateway's describeToolUse: friendly per-server labels, else a
-    // model-authored field, else a humanized tool name. NEVER label
-    // switchroom-telegram surface/control tools (they ARE the conversation).
+    // model-authored field, else a humanized tool name. NEVER label any
+    // Telegram surface/control tools (they ARE the conversation). Use the
+    // same regex predicate as isTelegramSurfaceTool in tool-names.ts so
+    // this works regardless of the plugin's registration key (clerk-telegram,
+    // switchroom-telegram, custom fork, …).
+    const TELEGRAM_SURFACE_RE = /^mcp__[^_].*?telegram__/
+    if (TELEGRAM_SURFACE_RE.test(toolName)) return null
     const m = /^mcp__(.+?)__(.+)$/.exec(toolName)
     if (!m) return null
     const server = m[1].toLowerCase()
     const tool = m[2].toLowerCase()
-    if (server === 'switchroom-telegram') return null
     if (server === 'hindsight') return 'Working with memory'
     if (server === 'google-workspace' || server === 'claude_ai_google_calendar')
       return 'Checking your calendar'
@@ -213,7 +229,15 @@ export function computeLabel(toolName, input) {
     return `Using ${tool.replace(/[-_]+/g, ' ')}`
   }
 
-  return null
+  // Never-null fallthrough: any unrecognized BUILT-IN tool (no mcp__ prefix,
+  // not matched above) gets a generic label rather than dropping its sidecar
+  // line. A null here was the dark-turn mechanism — if such a tool was a
+  // turn's first/only tool, no tool_label event fired, the activity feed
+  // never opened, and a working turn read as pure silence. Surface tools
+  // (reply/react/send_typing/sync_retain) return earlier and are also
+  // suppressed at the gateway's isTelegramSurfaceTool guard, so this does
+  // not resurface them.
+  return 'Working…'
 }
 
 function main() {

package/telegram-plugin/issues-card.ts

@@ -328,6 +328,10 @@ export function createIssuesCardHandle(
       const sendOpts: Record<string, unknown> = {
         parse_mode: "HTML",
         disable_web_page_preview: true,
+        // Status card, not the user's answer — silence the open ping.
+        // (editMessageText ignores disable_notification, so the shared
+        // edit path below is unaffected.)
+        disable_notification: true,
         ...(opts.threadId != null ? { message_thread_id: opts.threadId } : {}),
       };