switchroom 0.15.45 → 0.16.5

package/telegram-plugin/tests/over-ping-final-answer-decoupling.test.ts

@@ -0,0 +1,194 @@
+/**
+ * Regression contract for #2533: the over-ping anti-spam downgrade MUST NOT
+ * pollute final-answer classification.
+ *
+ * The bug (surfaced by the `midturn-silent-dm` UAT against v0.15.57): in
+ * `executeReply`, the #1675 over-ping safety net reassigns the local
+ * `disableNotification` to `true` to silence a 2nd+ ping in a turn, and the
+ * final-answer classifier was then read with that *downgraded* value. So a
+ * final answer the model INTENDED to ping but the anti-spam net silenced was
+ * misclassified as not-final → `finalAnswerDelivered` stayed false → a
+ * spurious silent-end re-prompt (#1664) AND a false 'undelivered' 😐 (#2530).
+ *
+ * The contract this pins (what `executeStreamReply` already did, and what
+ * #2533 made `executeReply` do): final-answer classification keys on the
+ * MODEL'S ORIGINAL INTENT (`args.disable_notification`), not the
+ * over-ping-downgraded send value. The actual SEND still honours the
+ * downgrade — only the classification is decoupled.
+ *
+ * `executeReply` itself isn't unit-callable (it lives in the 22k-line
+ * gateway), so this ties the two real pure modules together to reproduce the
+ * exact failing sequence and assert the invariant.
+ */
+
+import { describe, it, expect } from 'vitest'
+import { decideOverPing } from '../over-ping-safety-net.js'
+import { isFinalAnswerReply, isSubstantiveFinalReply } from '../final-answer-detect.js'
+
+describe('#2533 — over-ping downgrade must not pollute final-answer classification', () => {
+  // The midturn-silent-dm failing sequence: an interim ack pings, then a
+  // SHORT final answer the model also intended to ping.
+  const ACK = { text: 'On it.', modelWantsPing: true }
+  const FINAL = { text: 'Hostname is example-host.', modelWantsPing: true } // <200 chars
+
+  it('reproduces the sequence: ack claims the ping slot, the short final gets over-ping-suppressed', () => {
+    // Beat 1 — the ack pings; first ping of the turn claims the slot (not suppressed).
+    const ackDecision = decideOverPing({ modelRequestedPing: ACK.modelWantsPing, firstPingAt: null, nowMs: 1_000 })
+    expect(ackDecision.suppress).toBe(false)
+    expect(ackDecision.claimSlot).toBe(true)
+    const firstPingAt = 1_000
+
+    // Beat 2 — the real final answer also wants to ping, but the slot is taken → SUPPRESS.
+    const finalDecision = decideOverPing({ modelRequestedPing: FINAL.modelWantsPing, firstPingAt, nowMs: 2_000 })
+    expect(finalDecision.suppress).toBe(true) // the gateway would downgrade disable_notification:false → true
+  })
+
+  it('classifying on the MODEL INTENT marks the suppressed short final as final (correct)', () => {
+    // This is what the gateway MUST do (#2533): use args.disable_notification,
+    // NOT the over-ping-downgraded value.
+    const modelDisableNotification = !FINAL.modelWantsPing // model wanted to ping → false
+    expect(
+      isFinalAnswerReply({ text: FINAL.text, disableNotification: modelDisableNotification }),
+    ).toBe(true) // delivered final → finalAnswerDelivered=true → no spurious re-prompt, no false 😐
+  })
+
+  it('classifying on the DOWNGRADED value misclassifies it as not-final (the bug #2533 fixed)', () => {
+    // The over-ping net forced disable_notification → true. If classification
+    // reads THAT (the pre-#2533 bug), the short non-done final is seen as an
+    // interim ack → finalAnswerDelivered stays false → spurious re-prompt + 😐.
+    const downgradedDisableNotification = true
+    expect(
+      isFinalAnswerReply({ text: FINAL.text, disableNotification: downgradedDisableNotification }),
+    ).toBe(false) // <-- this WRONG classification is exactly what the gateway must NOT produce
+  })
+
+  it('a genuinely-silent interim ack (model set disable_notification:true) is still NOT final — fix does not over-correct', () => {
+    // The decoupling must not turn EVERY reply final: a short reply the MODEL
+    // marked silent (a real interim ack) still classifies non-final on model intent.
+    const modelSilentAck = true
+    expect(
+      isFinalAnswerReply({ text: 'looking into that…', disableNotification: modelSilentAck }),
+    ).toBe(false)
+  })
+
+  it('a long over-ping-suppressed answer was already final regardless (length backstop) — fix matters for SHORT finals', () => {
+    const long = 'x'.repeat(250)
+    // Even classifying on the downgraded value, length ≥200 makes it final — so
+    // the bug only ever bit SHORT over-ping-suppressed finals (the #2533 case).
+    expect(isFinalAnswerReply({ text: long, disableNotification: true })).toBe(true)
+    expect(isFinalAnswerReply({ text: long, disableNotification: false })).toBe(true)
+  })
+})
+
+/**
+ * Notification ownership (R8 / PR-2 — design `docs/message-emission-
+ * determinism.md` §over-ping). The substantive final answer must OWN the
+ * turn's single device ping. The residual the bare "first ping wins" rule
+ * left: an interim ack pings first and claims the slot, so the later
+ * substantive answer is downgraded to silent — "the reply is last but the
+ * phone never buzzed for the answer." `decideOverPing` is now aware of WHO
+ * holds the slot (`firstPingWasSubstantive`) and WHO is asking
+ * (`substantive`) and UPGRADES a substantive answer over an ack's slot,
+ * while still suppressing every double-ping the #1674 guard exists for.
+ *
+ * The 2×2 ownership matrix (model wants to ping, slot already held):
+ *
+ *   incoming \ slot held by │ ACK (non-substantive) │ SUBSTANTIVE
+ *   ────────────────────────┼───────────────────────┼─────────────
+ *   SUBSTANTIVE answer       │ UPGRADE (ping, claim)  │ suppress (#1674)
+ *   ACK                      │ suppress (orig)        │ suppress
+ */
+describe('R8 / PR-2 — substantive final answer OWNS the turn ping (upgrade matrix)', () => {
+  const SUBSTANTIVE = 'x'.repeat(300) // ≥200 → isSubstantiveFinalReply true
+  const ACK = 'On it.' // <200, non-done → ack
+
+  it('row 1 — substantive answer pinging over an ACK-held slot ⇒ UPGRADE (not suppressed)', () => {
+    // The ack pinged first (claimed the slot, non-substantive).
+    const ack = decideOverPing({
+      modelRequestedPing: true,
+      firstPingAt: null,
+      substantive: isSubstantiveFinalReply({ text: ACK, disableNotification: false }),
+      nowMs: 1_000,
+    })
+    expect(ack.claimSlot).toBe(true)
+    expect(ack.upgrade).toBe(false)
+    // Now the substantive answer wants to ping; the slot is ack-held.
+    const answer = decideOverPing({
+      modelRequestedPing: true,
+      firstPingAt: 1_000,
+      substantive: isSubstantiveFinalReply({ text: SUBSTANTIVE, disableNotification: false }),
+      firstPingWasSubstantive: false, // the ack
+      nowMs: 2_000,
+    })
+    expect(answer.suppress).toBe(false) // the ANSWER pings — phone buzzes for the answer
+    expect(answer.claimSlot).toBe(true) // slot upgraded to substantive
+    expect(answer.upgrade).toBe(true)
+  })
+
+  it('row 2 — ACK pinging over a SUBSTANTIVE-held slot ⇒ suppress (no double-ping after the answer)', () => {
+    const d = decideOverPing({
+      modelRequestedPing: true,
+      firstPingAt: 1_000,
+      substantive: isSubstantiveFinalReply({ text: ACK, disableNotification: false }),
+      firstPingWasSubstantive: true, // the real answer already owned the slot
+      nowMs: 2_000,
+    })
+    expect(d.suppress).toBe(true)
+    expect(d.claimSlot).toBe(false)
+    expect(d.upgrade).toBe(false)
+  })
+
+  it('row 3 — SUBSTANTIVE over a SUBSTANTIVE-held slot ⇒ suppress (preserves the #1674 model-double-ping guard)', () => {
+    // The reproducer #1674 targeted: a substantive answer pinged, then a
+    // substantive wrap-up also wants to ping. One beep, not two.
+    const d = decideOverPing({
+      modelRequestedPing: true,
+      firstPingAt: 30_000,
+      substantive: isSubstantiveFinalReply({ text: SUBSTANTIVE, disableNotification: false }),
+      firstPingWasSubstantive: true,
+      nowMs: 36_000,
+    })
+    expect(d.suppress).toBe(true)
+    expect(d.upgrade).toBe(false)
+    expect(d.sinceFirstPingMs).toBe(6_000)
+  })
+
+  it('row 4 — ACK over an ACK-held slot ⇒ suppress (original one-ping-per-turn behaviour, unchanged)', () => {
+    const d = decideOverPing({
+      modelRequestedPing: true,
+      firstPingAt: 1_000,
+      substantive: isSubstantiveFinalReply({ text: ACK, disableNotification: false }),
+      firstPingWasSubstantive: false,
+      nowMs: 2_000,
+    })
+    expect(d.suppress).toBe(true)
+    expect(d.claimSlot).toBe(false)
+    expect(d.upgrade).toBe(false)
+  })
+
+  it('the upgrade fires AT MOST once: after an upgrade, a further ack does NOT re-upgrade', () => {
+    // ack pings (slot=ack) → answer upgrades (slot=substantive) → a trailing
+    // ack must now suppress, not ping a third time.
+    const trailingAck = decideOverPing({
+      modelRequestedPing: true,
+      firstPingAt: 2_000, // upgraded slot timestamp
+      substantive: false,
+      firstPingWasSubstantive: true, // slot now substantive after the upgrade
+      nowMs: 3_000,
+    })
+    expect(trailingAck.suppress).toBe(true)
+    expect(trailingAck.upgrade).toBe(false)
+  })
+
+  it('a substantive FIRST ping still claims (no upgrade flag) — upgrade is strictly the second-ping case', () => {
+    const d = decideOverPing({
+      modelRequestedPing: true,
+      firstPingAt: null, // no prior ping this turn
+      substantive: true,
+      nowMs: 1_000,
+    })
+    expect(d.claimSlot).toBe(true)
+    expect(d.upgrade).toBe(false) // first ping is a claim, not an upgrade
+    expect(d.suppress).toBe(false)
+  })
+})

package/telegram-plugin/tests/over-ping-safety-net.test.ts

@@ -38,7 +38,7 @@ describe('decideOverPing — at-most-one-ping-per-turn safety net', () => {
       firstPingAt: null,
       nowMs: 1_000,
     })
-    expect(d1).toEqual({ suppress: false, claimSlot: false, sinceFirstPingMs: null })
+    expect(d1).toEqual({ suppress: false, claimSlot: false, upgrade: false, sinceFirstPingMs: null })
 
     // Prior ping already landed — silent reply still no-op, NOT claimed
     const d2 = decideOverPing({
@@ -46,7 +46,7 @@ describe('decideOverPing — at-most-one-ping-per-turn safety net', () => {
       firstPingAt: 1_000,
       nowMs: 5_000,
     })
-    expect(d2).toEqual({ suppress: false, claimSlot: false, sinceFirstPingMs: null })
+    expect(d2).toEqual({ suppress: false, claimSlot: false, upgrade: false, sinceFirstPingMs: null })
   })
 
   it('handles the edge case where firstPingAt equals nowMs (instant double-call)', () => {

package/telegram-plugin/tests/per-topic-current-turn.test.ts

@@ -0,0 +1,373 @@
+/**
+ * PR-4e — per-topic `currentTurn` map behind the emission-authority kill-switch.
+ *
+ * The single ambient/global `currentTurn` singleton (one foreground turn at a
+ * time) is replaced by a per-topic `currentTurnByKey` map keyed on chat+thread,
+ * behind `SWITCHROOM_EMISSION_AUTHORITY` (default OFF).
+ *
+ * KEY FRAMING: the `claude` CLI is genuinely SEQUENTIAL — never two turns
+ * executing CPU-simultaneously. 4e is NOT about concurrent execution. It is
+ * about the ISOLATION of per-topic emission STATE so a LATE async event for
+ * topic A (a deferred drain, the orphaned-reply backstop, a ping decision, the
+ * answer-stream suppressor) that fires AFTER the live turn flipped to topic B
+ * resolves A's authority instead of contaminating B's card / ping / single-flight
+ * state.
+ *
+ * DEFINING PROPERTY: flag-OFF ≡ flag-ON ≡ base — machine-proven by the parity
+ * test below.
+ *
+ * This file has two halves:
+ *  (a) a SOURCE-READ structural oracle over gateway.ts (the IIFE can't be
+ *      instantiated in-process — same pattern as silence-liveness-wiring.test),
+ *  (b) a BEHAVIOURAL in-process harness driving current-turn-map.ts via the
+ *      re-import-per-flag seam (mirrors emission-authority-card-drain-gate.test's
+ *      `loadFacade`).
+ */
+
+import { describe, it, expect, afterEach } from 'vitest'
+import { readFileSync } from 'node:fs'
+import { resolve } from 'node:path'
+
+const gatewaySrc = readFileSync(resolve(__dirname, '..', 'gateway', 'gateway.ts'), 'utf-8')
+
+// ---------------------------------------------------------------------------
+// (a) SOURCE-READ STRUCTURAL ORACLE
+// ---------------------------------------------------------------------------
+
+describe('PR-4e source-read oracle — the wiring the per-topic map depends on', () => {
+  it('exactly ONE per-topic CurrentTurnMap is constructed in the gateway', () => {
+    const decls = gatewaySrc.match(/new CurrentTurnMap<CurrentTurn>\(\)/g) ?? []
+    expect(decls.length).toBe(1)
+    // And it is imported from the dedicated module (not inlined).
+    expect(gatewaySrc).toMatch(/import \{ CurrentTurnMap \} from '\.\/current-turn-map\.js'/)
+  })
+
+  it('all 4 write sites route through the keyed accessors — zero RAW `currentTurn = ` outside the accessor bodies', () => {
+    // The ONLY permitted `currentTurn = ` assignments are: the initial `let`
+    // null, and the three lines inside setCurrentTurn / endCurrentTurnForKey /
+    // clearAllCurrentTurns that keep the module-scope mirror in lock-step with
+    // the map. Every behavioural write site (turn ctor, endCurrentTurnAtomic,
+    // silence-poke fallback, disconnect-flush) goes through an accessor.
+    const rawAssigns = gatewaySrc.match(/^[^/\n]*\bcurrentTurn = (?!currentTurnMap\.get\(\)|null$)/gm) ?? []
+    expect(rawAssigns, `unexpected raw currentTurn assignment(s): ${JSON.stringify(rawAssigns)}`).toEqual([])
+
+    // The turn ctor SET routes through setCurrentTurn with the statusKey.
+    expect(gatewaySrc).toMatch(/setCurrentTurn\(next, statusKey\(ev\.chatId, enqThreadIdNum\)\)/)
+    // The disconnect-flush clears the WHOLE map (every entry is a ghost).
+    expect(gatewaySrc).toMatch(/clearAllCurrentTurns\(\)/)
+    // The silence-poke fallback does a keyed delete for the wedged turn's key.
+    expect(gatewaySrc).toMatch(/endCurrentTurnForKey\(wedgedTurn, fbKey\)/)
+  })
+
+  it('endCurrentTurnAtomic closes the leak AT ORIGIN — keyed liveness guard + keyed delete', () => {
+    const body = gatewaySrc
+      .split('function endCurrentTurnAtomic(turn: CurrentTurn): void {')[1]
+      ?.split('\n}')[0] ?? ''
+    expect(body.length).toBeGreaterThan(50)
+    // Guard is the keyed liveness check (NOT a bare singleton ===).
+    expect(body).toMatch(/turnLiveForItsTopic\(turn\)/)
+    // The clear is the keyed delete (leak-close-at-origin).
+    expect(body).toMatch(/endCurrentTurnForKey\(turn, key\)/)
+  })
+
+  it('the keyed accessor flag-branches in EXACTLY one place each (in current-turn-map.ts, not the gateway)', () => {
+    const mapSrc = readFileSync(
+      resolve(__dirname, '..', 'gateway', 'current-turn-map.ts'),
+      'utf-8',
+    )
+    // The map is the single home of the per-topic store + flag read-once.
+    expect(mapSrc).toMatch(/process\.env\.SWITCHROOM_EMISSION_AUTHORITY === '1'/)
+    expect(mapSrc).toMatch(/readonly byKey = new Map<string, T>\(\)/)
+  })
+
+  it('the 3 liveness-comparison reads are keyed under the flag (NOT a bare singleton === under flag-ON)', () => {
+    // Each of the three behaviourally load-bearing comparison sites must, under
+    // the flag, resolve THIS turn by ITS OWN topic key. We assert the keyed
+    // form appears the expected number of times AND the literal flag-OFF form is
+    // retained (the silence-liveness-wiring oracle requires `currentTurn === turn`).
+    const keyedLiveness = gatewaySrc.match(
+      /EMISSION_AUTHORITY_ENABLED \? turnLiveForItsTopic\(turn\) : currentTurn === turn/g,
+    ) ?? []
+    expect(keyedLiveness.length).toBe(3)
+  })
+
+  it('findTurnByOriginId resolves the LIVE turn by its OWN key under the flag (O(1) byKey.get)', () => {
+    const body = gatewaySrc
+      .split('function findTurnByOriginId(')[1]
+      ?.split('\n}')[0] ?? ''
+    expect(body).toMatch(/EMISSION_AUTHORITY_ENABLED/)
+    expect(body).toMatch(/currentTurnMap\.get\(originTurnId\.slice\(0, hashIdx\)\)/)
+    // recentTurnsById registry fallback UNCHANGED.
+    expect(body).toMatch(/recentTurnsById\.get\(originTurnId\)/)
+  })
+
+  it('the self-heal backstop drops per-topic entries for the swept chat (purgeChatStale)', () => {
+    expect(gatewaySrc).toMatch(/currentTurnMap\.purgeChatStale\(fbChatId,/)
+  })
+})
+
+// ---------------------------------------------------------------------------
+// (b) BEHAVIOURAL IN-PROCESS HARNESS (re-import-per-flag seam)
+// ---------------------------------------------------------------------------
+
+afterEach(() => {
+  delete process.env.SWITCHROOM_EMISSION_AUTHORITY
+})
+
+let reimportSeq = 0
+/**
+ * Re-import current-turn-map.ts with the flag set as requested. The flag is read
+ * ONCE at module top; bun re-evaluates a module imported under a fresh query
+ * string, so the read-once const is recomputed against the env we set here — a
+ * test-only seam that leaves the production read-once path untouched.
+ */
+async function loadMap(enabled: boolean): Promise<typeof import('../gateway/current-turn-map.js')> {
+  if (enabled) process.env.SWITCHROOM_EMISSION_AUTHORITY = '1'
+  else delete process.env.SWITCHROOM_EMISSION_AUTHORITY
+  return import(`../gateway/current-turn-map.js?ptctcase=${reimportSeq++}`)
+}
+
+/** A minimal stand-in for the gateway's CurrentTurn — identity is all we need. */
+interface FakeTurn {
+  id: string
+  sessionChatId: string
+}
+
+const KEY_A = 'chatA:_'
+const KEY_B = 'chatA:42'
+
+describe('per-topic current-turn — MULTI-TOPIC NON-CONTAMINATION (the most important property)', () => {
+  it('two topics under the same chat hold distinct live turns SIMULTANEOUSLY', async () => {
+    const { CurrentTurnMap } = await loadMap(true)
+    const map = new CurrentTurnMap<FakeTurn>()
+    const A: FakeTurn = { id: 'A', sessionChatId: 'chatA' }
+    const B: FakeTurn = { id: 'B', sessionChatId: 'chatA' }
+
+    map.set(A, KEY_A)
+    map.set(B, KEY_B) // the live turn flips A → B
+
+    // BOTH are live for their own topic AT THE SAME TIME — the isolation 4e buys.
+    expect(map.get(KEY_A)).toBe(A)
+    expect(map.get(KEY_B)).toBe(B)
+    // The global "is anything live" mirror points at the most-recent (B).
+    expect(map.get()).toBe(B)
+  })
+
+  it('a DEFERRED A-captured callback firing AFTER B flipped resolves A — not B', async () => {
+    const { CurrentTurnMap } = await loadMap(true)
+    const map = new CurrentTurnMap<FakeTurn>()
+    const A: FakeTurn = { id: 'A', sessionChatId: 'chatA' }
+    const B: FakeTurn = { id: 'B', sessionChatId: 'chatA' }
+
+    map.set(A, KEY_A)
+    map.set(B, KEY_B) // live turn flipped to B
+
+    // Simulate the late A-captured callback (a deferred drain / ping / silence
+    // reset) firing now, AFTER the flip. It carries A and A's key.
+    const lateCallbackTurn = A
+    const lateCallbackKey = KEY_A
+    // The keyed liveness read resolves A's OWN topic — TRUE — even though the
+    // ambient mirror has moved on to B.
+    expect(map.isLiveForKey(lateCallbackTurn, lateCallbackKey)).toBe(true)
+    // A bare singleton check would have read B and FALSIFIED A's liveness; the
+    // keyed read does not contaminate.
+    expect(map.isLiveForKey(B, KEY_A)).toBe(false)
+  })
+
+  it("ending A deletes ONLY A — B stays live through A's teardown", async () => {
+    const { CurrentTurnMap } = await loadMap(true)
+    const map = new CurrentTurnMap<FakeTurn>()
+    const A: FakeTurn = { id: 'A', sessionChatId: 'chatA' }
+    const B: FakeTurn = { id: 'B', sessionChatId: 'chatA' }
+
+    map.set(A, KEY_A)
+    map.set(B, KEY_B)
+
+    // A B liveness check stays TRUE before, during, and after A's teardown.
+    expect(map.isLiveForKey(B, KEY_B)).toBe(true)
+    const ended = map.endTurnForKey(A, KEY_A)
+    expect(ended).toBe(true)
+    // A is gone; B is untouched.
+    expect(map.get(KEY_A)).toBeNull()
+    expect(map.get(KEY_B)).toBe(B)
+    expect(map.isLiveForKey(B, KEY_B)).toBe(true)
+    // The mirror was pointing at B (most-recent) the whole time — A's teardown
+    // did NOT clear it (A was not the mirror target).
+    expect(map.get()).toBe(B)
+  })
+
+  it('endTurnForKey is a no-op when the key has already flipped to a successor (idempotent / no cross-topic clobber)', async () => {
+    const { CurrentTurnMap } = await loadMap(true)
+    const map = new CurrentTurnMap<FakeTurn>()
+    const A1: FakeTurn = { id: 'A1', sessionChatId: 'chatA' }
+    const A2: FakeTurn = { id: 'A2', sessionChatId: 'chatA' }
+    map.set(A1, KEY_A)
+    map.set(A2, KEY_A) // same topic, new turn
+
+    // A late teardown for the OLD A1 must NOT delete the live A2.
+    expect(map.endTurnForKey(A1, KEY_A)).toBe(false)
+    expect(map.get(KEY_A)).toBe(A2)
+  })
+})
+
+describe('per-topic current-turn — PARITY (flag-OFF ≡ flag-ON ≡ base)', () => {
+  /**
+   * The single-topic sequence set A → set B → end B → end A produces an
+   * IDENTICAL observable liveness trace under both flag states (and that trace
+   * IS the base singleton behaviour). This is the machine proof of the defining
+   * property for the single-topic case the old singleton governed.
+   */
+  async function liveTrace(enabled: boolean): Promise<string[]> {
+    const { CurrentTurnMap } = await loadMap(enabled)
+    const map = new CurrentTurnMap<FakeTurn>()
+    const A: FakeTurn = { id: 'A', sessionChatId: 'c' }
+    const B: FakeTurn = { id: 'B', sessionChatId: 'c' }
+    const KA = 'c:_'
+    const KB = 'c:_' // SAME topic — the single-topic case the singleton modeled
+    const trace: string[] = []
+    const snap = (label: string) =>
+      trace.push(
+        `${label}: global=${map.get()?.id ?? 'null'} Alive=${map.isLiveForKey(A, KA)} Blive=${map.isLiveForKey(B, KB)}`,
+      )
+
+    snap('init')
+    map.set(A, KA)
+    snap('setA')
+    map.set(B, KB) // same topic: B supersedes A
+    snap('setB')
+    map.endTurnForKey(B, KB)
+    snap('endB')
+    map.endTurnForKey(A, KA) // already superseded — no-op
+    snap('endA')
+    return trace
+  }
+
+  it('the single-topic liveness trace is identical under flag OFF and flag ON', async () => {
+    const off = await liveTrace(false)
+    const on = await liveTrace(true)
+    expect(on).toEqual(off)
+    // And it matches the base singleton semantics: B supersedes A in the same
+    // topic, so after setB only B is live; ending B clears it; ending the
+    // already-superseded A is a no-op.
+    expect(off).toEqual([
+      'init: global=null Alive=false Blive=false',
+      'setA: global=A Alive=true Blive=false',
+      'setB: global=B Alive=false Blive=true',
+      'endB: global=null Alive=false Blive=false',
+      'endA: global=null Alive=false Blive=false',
+    ])
+  })
+
+  it('flag OFF never writes the per-topic map (zero alloc, stays empty)', async () => {
+    const { CurrentTurnMap } = await loadMap(false)
+    const map = new CurrentTurnMap<FakeTurn>()
+    map.set({ id: 'A', sessionChatId: 'c' }, 'c:_')
+    map.set({ id: 'B', sessionChatId: 'c' }, 'c:42')
+    // The byKey map is never touched under the flag OFF — the singleton is all.
+    expect(map.byKey.size).toBe(0)
+  })
+
+  it('flag OFF keyed reads degenerate to the singleton (key is ignored)', async () => {
+    const { CurrentTurnMap } = await loadMap(false)
+    const map = new CurrentTurnMap<FakeTurn>()
+    const A: FakeTurn = { id: 'A', sessionChatId: 'c' }
+    map.set(A, 'c:_')
+    // Under OFF, get(anyKey) === get() === the singleton.
+    expect(map.get('c:_')).toBe(A)
+    expect(map.get('c:999')).toBe(A) // key ignored — singleton semantics
+    expect(map.get()).toBe(A)
+    expect(map.isLiveForKey(A, 'whatever')).toBe(true)
+  })
+})
+
+describe('per-topic current-turn — LEAK FENCE', () => {
+  it('after BOTH topics end, the per-topic map is empty (size 0)', async () => {
+    const { CurrentTurnMap } = await loadMap(true)
+    const map = new CurrentTurnMap<FakeTurn>()
+    const A: FakeTurn = { id: 'A', sessionChatId: 'chatA' }
+    const B: FakeTurn = { id: 'B', sessionChatId: 'chatA' }
+    map.set(A, KEY_A)
+    map.set(B, KEY_B)
+    map.endTurnForKey(A, KEY_A)
+    map.endTurnForKey(B, KEY_B)
+    expect(map.byKey.size).toBe(0)
+    expect(map.get()).toBeNull()
+  })
+
+  it('bounded leak-by-supersession: a different-key set with NO A teardown leaves A until the self-heal sweep reclaims it', async () => {
+    // The REAL bounded-leak path the design relies on (distinct from the
+    // explicit-double-teardown case above): topic A is set, then topic B is set
+    // under a DIFFERENT key with NO intervening endTurnForKey(A). The mirror
+    // flips to B, but A's byKey entry is NOT torn down at that moment — it
+    // dangles until the periodic purgeChatStale self-heal sweeps it. This proves
+    // the leak is BOUNDED (the sweep reclaims it), not unbounded.
+    const { CurrentTurnMap } = await loadMap(true)
+    const map = new CurrentTurnMap<FakeTurn>()
+    const A: FakeTurn = { id: 'A', sessionChatId: 'chatA' }
+    const B: FakeTurn = { id: 'B', sessionChatId: 'chatA' }
+
+    map.set(A, KEY_A) // chatA:_
+    map.set(B, KEY_B) // chatA:42 — different key, NO endTurnForKey(A)
+
+    // The leak: BOTH entries are present — A was never explicitly torn down, it
+    // is just no longer the mirror target.
+    expect(map.byKey.size).toBe(2)
+    expect(map.get(KEY_A)).toBe(A)
+    expect(map.get(KEY_B)).toBe(B)
+    expect(map.get()).toBe(B) // mirror moved on to the most-recent set
+
+    // The self-heal sweep for chatA, with B's topic (KEY_B) marked LIVE (not
+    // stale) and A's topic (KEY_A) stale, reclaims ONLY A's dangling entry.
+    const swept = map.purgeChatStale('chatA', (k) => k !== KEY_B)
+    expect(swept).toEqual([KEY_A])
+
+    // Leak reclaimed: A is gone, the map is bounded back to just B, and the
+    // mirror is untouched (it pointed at B, not a swept victim).
+    expect(map.get(KEY_A)).toBeNull()
+    expect(map.byKey.size).toBe(1)
+    expect(map.get(KEY_B)).toBe(B)
+    expect(map.get()).toBe(B)
+  })
+
+  it('the disconnect-flush sim clears the WHOLE map + mirror (every entry is a ghost)', async () => {
+    const { CurrentTurnMap } = await loadMap(true)
+    const map = new CurrentTurnMap<FakeTurn>()
+    map.set({ id: 'A', sessionChatId: 'chatA' }, KEY_A)
+    map.set({ id: 'B', sessionChatId: 'chatA' }, KEY_B)
+    map.set({ id: 'C', sessionChatId: 'chatC' }, 'chatC:_')
+    expect(map.byKey.size).toBe(3)
+    map.clearAll() // bridge died — every entry is a ghost
+    expect(map.byKey.size).toBe(0)
+    expect(map.get()).toBeNull()
+  })
+
+  it('purgeChatStale self-heal drops only the firing chat\'s STALE entries — live siblings survive', async () => {
+    const { CurrentTurnMap } = await loadMap(true)
+    const map = new CurrentTurnMap<FakeTurn>()
+    const a = { id: 'a', sessionChatId: 'chatA' }
+    const aSibling = { id: 'aSib', sessionChatId: 'chatA' }
+    const other = { id: 'o', sessionChatId: 'chatB' }
+    map.set(a, 'chatA:_')
+    map.set(aSibling, 'chatA:42')
+    map.set(other, 'chatB:_')
+
+    // Sweep chatA but mark the sibling topic chatA:42 as LIVE (not stale) — it
+    // must survive (the one-agent-owns-supergroup safety).
+    const swept = map.purgeChatStale('chatA', (k) => k !== 'chatA:42')
+    expect(swept).toEqual(['chatA:_'])
+    expect(map.get('chatA:_')).toBeNull()
+    expect(map.get('chatA:42')).toBe(aSibling) // live sibling spared
+    expect(map.get('chatB:_')).toBe(other) // other chat untouched
+  })
+
+  it('purgeChatStale defaults to always-stale (DM / single-topic) and clears the mirror iff it pointed at a victim', async () => {
+    const { CurrentTurnMap } = await loadMap(true)
+    const map = new CurrentTurnMap<FakeTurn>()
+    const a = { id: 'a', sessionChatId: 'chatA' }
+    map.set(a, 'chatA:_') // a is also the mirror (most-recent)
+    const swept = map.purgeChatStale('chatA')
+    expect(swept).toEqual(['chatA:_'])
+    expect(map.byKey.size).toBe(0)
+    expect(map.get()).toBeNull() // mirror cleared (it pointed at the victim)
+  })
+})

package/telegram-plugin/tests/permission-card-origin-kill-switch.test.ts

@@ -0,0 +1,42 @@
+/**
+ * M-1: SWITCHROOM_PERMISSION_CARD_ORIGIN_RECOVERY kill-switch — structural assertion.
+ *
+ * The permission-card origin-recovery feature (fixes the "marko Rentals-budget"
+ * incident: permission cards fanning out to operator DMs instead of the forum
+ * topic the operator is working in) must be gated by a kill switch so operators
+ * can opt out of the recovery behaviour if it causes issues.
+ *
+ * Load-bearing constraint: the kill switch must use `!== '0'` semantics (default
+ * ON — recovery is active unless explicitly disabled). This is a structural
+ * assertion — pattern matches silence-liveness-wiring.test.ts.
+ */
+import { describe, it, expect } from 'vitest'
+import { readFileSync } from 'node:fs'
+import { resolve } from 'node:path'
+
+const gatewaySrc = readFileSync(
+  resolve(__dirname, '..', 'gateway', 'gateway.ts'),
+  'utf-8',
+)
+
+describe('M-1: SWITCHROOM_PERMISSION_CARD_ORIGIN_RECOVERY kill-switch', () => {
+  it('kill-switch env var name is SWITCHROOM_PERMISSION_CARD_ORIGIN_RECOVERY', () => {
+    expect(gatewaySrc).toContain('SWITCHROOM_PERMISSION_CARD_ORIGIN_RECOVERY')
+  })
+
+  it('kill-switch constant is defined with !== "0" semantic (default ON)', () => {
+    expect(gatewaySrc).toMatch(
+      /PERMISSION_CARD_ORIGIN_RECOVERY_ENABLED[\s\S]{0,10}=[\s\S]{0,10}process\.env\.SWITCHROOM_PERMISSION_CARD_ORIGIN_RECOVERY\s*!==\s*'0'/,
+    )
+  })
+
+  it('kill-switch gates the origin-recovery call site in gateway.ts', () => {
+    // There must be at least two occurrences: the const definition and the gate site.
+    const matches = [...gatewaySrc.matchAll(/PERMISSION_CARD_ORIGIN_RECOVERY_ENABLED/g)]
+    expect(matches.length).toBeGreaterThanOrEqual(2)
+  })
+
+  it('kill-switch is checked with if (PERMISSION_CARD_ORIGIN_RECOVERY_ENABLED)', () => {
+    expect(gatewaySrc).toMatch(/if\s*\(\s*PERMISSION_CARD_ORIGIN_RECOVERY_ENABLED\s*\)/)
+  })
+})

package/telegram-plugin/tests/permission-rule.test.ts

@@ -203,6 +203,23 @@ describe('matchesAllowRule — scoped file/Bash/Skill rules', () => {
   it('does not match a different tool with the same arg', () => {
     expect(matchesAllowRule('Skill(mail)', 'Bash', JSON.stringify({ skill: 'mail' }))).toBe(false)
   })
+
+  it('matches a scoped Edit rule when the inputPreview is truncated (enforcement-half fix)', () => {
+    // Simulate Claude Code's 200-char truncation of inputPreview for Edit calls
+    // where old_string/new_string push the JSON past 200 chars.
+    const filePath = '/path/to/module.ts'
+    const truncatedPreview = JSON.stringify({
+      file_path: filePath,
+      old_string: 'function oldFn() {\n  // many lines of old code that push JSON well past 200 chars\n  const x = doSomething();\n  return x;\n}',
+      new_string: 'function newFn() { return doSomethingElse(); }',
+    }).slice(0, 200)
+
+    // Precondition: the preview must be invalid JSON (proving truncation occurred).
+    expect(() => JSON.parse(truncatedPreview)).toThrow()
+
+    // The scoped rule must still match — file_path is the first key and intact.
+    expect(matchesAllowRule(`Edit(${filePath})`, 'Edit', truncatedPreview)).toBe(true)
+  })
 })
 
 describe('matchesAllowRule — MCP', () => {