switchroom 0.15.7 → 0.15.9

package/dist/cli/switchroom.js

@@ -13520,7 +13520,7 @@ var init_zod = __esm(() => {
 });
 
 // src/config/schema.ts
-var CodeRepoEntrySchema, AgentBindMountSchema, HttpDiffPollSchema, TelegramReactionsPollSchema, PollSpecSchema, ScheduleEntrySchema, AgentSoulSchema, AgentToolsSchema, AgentMemorySchema, HookEntrySchema, AgentHooksSchema, SubagentSchema, SessionSchema, SessionContinuitySchema, webhookDispatchRule, TelegramChannelSchema, ChannelsSchema, TIMEZONE_REGEX, ApproverIdSchema, GoogleWorkspaceTierSchema, GoogleWorkspaceConfigSchema, MicrosoftWorkspaceConfigSchema, NotionWorkspaceConfigSchema, AgentGoogleWorkspaceConfigSchema, AgentMicrosoftWorkspaceConfigSchema, AgentNotionWorkspaceConfigSchema, ReactionsSchema, ReleaseBlock, NetworkIsolationSchema, profileFields, ProfileSchema, _omitExtends, defaultsFields, AgentDefaultsSchema, DEFAULT_PROFILE = "default", AgentSchema, TelegramConfigSchema, MemoryBackendConfigSchema, VaultConfigSchema, QuotaConfigSchema, AutoReleaseCheckSchema, HostControlConfigSchema, WebServiceConfigSchema, HostdConfigSchema, CronEgressSchema, CronConfigSchema, SwitchroomConfigSchema;
+var CodeRepoEntrySchema, AgentBindMountSchema, HttpDiffPollSchema, TelegramReactionsPollSchema, PollSpecSchema, ScheduleEntrySchema, AgentSoulSchema, AgentToolsSchema, AgentMemorySchema, HookEntrySchema, AgentHooksSchema, SubagentSchema, SessionSchema, SessionContinuitySchema, webhookDispatchRule, TelegramChannelSchema, ChannelsSchema, TIMEZONE_REGEX, ApproverIdSchema, GoogleWorkspaceTierSchema, GoogleWorkspaceConfigSchema, MicrosoftWorkspaceConfigSchema, NotionWorkspaceConfigSchema, AgentGoogleWorkspaceConfigSchema, AgentMicrosoftWorkspaceConfigSchema, AgentNotionWorkspaceConfigSchema, ReactionsSchema, ReactionDispatchSchema, ReleaseBlock, NetworkIsolationSchema, profileFields, ProfileSchema, _omitExtends, defaultsFields, AgentDefaultsSchema, DEFAULT_PROFILE = "default", AgentSchema, TelegramConfigSchema, MemoryBackendConfigSchema, VaultConfigSchema, QuotaConfigSchema, AutoReleaseCheckSchema, HostControlConfigSchema, WebServiceConfigSchema, HostdConfigSchema, CronEgressSchema, CronConfigSchema, SwitchroomConfigSchema;
 var init_schema = __esm(() => {
   init_zod();
   CodeRepoEntrySchema = exports_external.object({
@@ -13796,6 +13796,10 @@ var init_schema = __esm(() => {
     per_hour_cap: exports_external.number().int().nonnegative().optional().describe("Max reaction-triggered synthetic turns per chat per rolling hour. " + "Refusals are stderr-logged but not surfaced to the agent. " + "Default 10. Set to 0 to disable triggering via the cap path."),
     group_admin_only: exports_external.boolean().optional().describe("In groups/supergroups (negative chat_id), only trigger a synthetic " + "turn when the reacter is a chat admin (creator or administrator). " + "Failing the lookup is treated as non-admin (fail-closed). " + "DMs are never affected by this flag \u2014 the reacter IS the user. " + "Default true.")
   }).optional();
+  ReactionDispatchSchema = exports_external.object({
+    enabled: exports_external.boolean().optional().describe("Master switch for the reaction-dispatch path. Default false \u2014 " + "with no reaction_dispatch block, reactions are persisted (and may " + "feed the `reactions` feedback path) but are NEVER dispatched as " + "event-driven inbound turns."),
+    emojis: exports_external.array(exports_external.string()).optional().describe('Emoji allowlist that triggers a `<channel event="reaction">` ' + "inbound turn when reacted to any message. Default [] (nothing " + "fires). Cascade mode: REPLACE (not union) \u2014 a layer's list " + "replaces lower layers entirely so an operator can narrow per-agent.")
+  }).optional();
   ReleaseBlock = exports_external.object({
     channel: exports_external.enum(["dev", "rc", "latest"]).optional(),
     pin: exports_external.string().regex(/^(sha-[0-9a-f]{7,40}|v\d+\.\d+\.\d+)$/).optional()
@@ -13831,6 +13835,7 @@ var init_schema = __esm(() => {
     schedule: exports_external.array(ScheduleEntrySchema).optional(),
     secrets: exports_external.array(exports_external.string().regex(/^[a-zA-Z0-9_\-/]+$/, "Secret key names must contain only alphanumeric characters, underscores, hyphens, and forward slashes")).optional().describe("Operator-granted STANDING vault keys this agent may read via the " + "broker \u2014 independent of any cron or MCP server. Use when an agent " + "needs a credential both interactively and in its own (agent-managed) " + "schedules, so the grant lives with the agent rather than welded to a " + "specific cron's `secrets[]`. OPERATOR-SET ONLY: agents cannot edit " + "switchroom.yaml or self-grant (reference/vision.md outcome 2 \u2014 'you " + "hold the leash; only your tap grants it'). Exact key names. Cascades " + "UNION across defaults -> profile -> agent (see docs/configuration.md)."),
     reactions: ReactionsSchema,
+    reaction_dispatch: ReactionDispatchSchema,
     model: exports_external.string().regex(/^[a-zA-Z0-9][a-zA-Z0-9._\-/\[\]:]*$/, "Model name must be alphanumeric with ._-/[]: only").optional(),
     thinking_effort: exports_external.enum(["low", "medium", "high", "xhigh", "max"]).optional().describe("Adaptive-thinking effort level passed as --effort to the claude CLI. " + "lower = faster/cheaper, higher = more reasoning. Omit to use Claude's default."),
     permission_mode: exports_external.enum(["acceptEdits", "auto", "bypassPermissions", "default", "dontAsk", "plan"]).optional().describe("Permission mode passed as --permission-mode to the claude CLI. " + "Omit to use Claude's default (acceptEdits for switchroom agents). " + "Warning: bypassPermissions and dontAsk skip all safety checks \u2014 use only in trusted sandboxes."),
@@ -13900,6 +13905,7 @@ var init_schema = __esm(() => {
     schedule: exports_external.array(ScheduleEntrySchema).default([]),
     secrets: exports_external.array(exports_external.string().regex(/^[a-zA-Z0-9_\-/]+$/, "Secret key names must contain only alphanumeric characters, underscores, hyphens, and forward slashes")).optional(),
     reactions: ReactionsSchema,
+    reaction_dispatch: ReactionDispatchSchema,
     model: exports_external.string().regex(/^[a-zA-Z0-9][a-zA-Z0-9._\-/\[\]:]*$/, "Model name must be alphanumeric with ._-/[]: only (no spaces or shell specials)").optional().describe("Claude model override (e.g., 'claude-sonnet-4-6')"),
     thinking_effort: exports_external.enum(["low", "medium", "high", "xhigh", "max"]).optional().describe("Adaptive-thinking effort level passed as --effort to the claude CLI. " + "Per-agent override wins over defaults.thinking_effort. " + "lower = faster/cheaper, higher = more reasoning. Omit to use Claude's default."),
     permission_mode: exports_external.enum(["acceptEdits", "auto", "bypassPermissions", "default", "dontAsk", "plan"]).optional().describe("Permission mode passed as --permission-mode to the claude CLI. " + "Per-agent override wins over defaults.permission_mode. " + "Warning: bypassPermissions and dontAsk skip all safety checks \u2014 use only in trusted sandboxes."),
@@ -14617,6 +14623,18 @@ function mergeAgentConfig(defaultsIn, agentIn) {
     }
     merged.reactions = combined;
   }
+  const dReactionDispatch = defaults.reaction_dispatch;
+  const mReactionDispatch = merged.reaction_dispatch;
+  if (dReactionDispatch || mReactionDispatch) {
+    const base = dReactionDispatch ?? {};
+    const override = mReactionDispatch ?? {};
+    const combined = { ...base };
+    for (const [k, v] of Object.entries(override)) {
+      if (v !== undefined)
+        combined[k] = v;
+    }
+    merged.reaction_dispatch = combined;
+  }
   if (defaults.resources || merged.resources) {
     const d = defaults.resources ?? {};
     const a = merged.resources ?? {};
@@ -15417,6 +15435,93 @@ var init_cron_routing = __esm(() => {
   OPUS_MODEL_RE = /opus/i;
 });
 
+// src/scheduler/cron-cadence.ts
+function csvSmallestGap(field) {
+  if (!field.includes(","))
+    return null;
+  const parts = field.split(",").map((s) => Number(s)).filter((n) => Number.isInteger(n) && n >= 0);
+  if (parts.length < 2)
+    return null;
+  const sorted = [...parts].sort((a, b) => a - b);
+  let smallest = Infinity;
+  for (let i = 1;i < sorted.length; i++) {
+    const gap = sorted[i] - sorted[i - 1];
+    if (gap > 0 && gap < smallest)
+      smallest = gap;
+  }
+  return Number.isFinite(smallest) ? smallest : null;
+}
+function estimateCronGapMin(expr) {
+  const fields = expr.trim().split(/\s+/);
+  if (fields.length < 5)
+    return Infinity;
+  const [min, hour] = fields;
+  if (min === "*")
+    return 1;
+  const minStep = min.match(/^\*\/(\d+)$/);
+  if (minStep) {
+    const n = Number(minStep[1]);
+    return n > 0 ? n : Infinity;
+  }
+  const minCsv = csvSmallestGap(min);
+  if (minCsv !== null)
+    return minCsv;
+  if (!/^\d+$/.test(min))
+    return Infinity;
+  if (hour === "*")
+    return 60;
+  const hourStep = hour.match(/^\*\/(\d+)$/);
+  if (hourStep) {
+    const n = Number(hourStep[1]);
+    return n > 0 ? n * 60 : Infinity;
+  }
+  const hourCsv = csvSmallestGap(hour);
+  if (hourCsv !== null)
+    return hourCsv * 60;
+  if (/^\d+$/.test(hour))
+    return 1440;
+  return Infinity;
+}
+
+// src/scheduler/tier-selector.ts
+function recommendCronTier(input, frequentGapMin = DEFAULT_FREQUENT_GAP_MIN) {
+  if (input.kind === "poll") {
+    return { tier: "poll", source: "explicit", reason: "declared kind: poll (model-free check)" };
+  }
+  if (input.context === "fresh") {
+    return { tier: "cheap", source: "explicit", reason: "declared context: fresh (cheap cron session)" };
+  }
+  if (input.context === "agent") {
+    return { tier: "main", source: "explicit", reason: "declared context: agent (full live session)" };
+  }
+  if (input.model !== undefined) {
+    return isKnownCheapModel(input.model) ? { tier: "cheap", source: "explicit", reason: `cheap model '${input.model}' \u2192 cheap cron session` } : { tier: "main", source: "explicit", reason: `model '${input.model}' is not a known-cheap id \u2192 full live session` };
+  }
+  if (input.smallestGapMin <= frequentGapMin) {
+    return {
+      tier: "cheap",
+      source: "cadence-default",
+      reason: `fires every ~${input.smallestGapMin}min (\u2264 ${frequentGapMin}min) \u2014 defaulting to a cheap ` + `session; set context: agent (or an Opus/custom model) if this needs the agent's full context`
+    };
+  }
+  return {
+    tier: "main",
+    source: "cadence-default",
+    reason: `fires every ~${input.smallestGapMin}min (> ${frequentGapMin}min) \u2014 defaulting to the agent's ` + `full session; set model: sonnet (or context: fresh) to run it cheaply`
+  };
+}
+function applyDefaultTier(entry, frequentGapMin = DEFAULT_FREQUENT_GAP_MIN) {
+  if (entry.kind === "poll" || entry.context !== undefined || entry.model !== undefined) {
+    return entry;
+  }
+  const rec = recommendCronTier({ smallestGapMin: estimateCronGapMin(entry.cron) }, frequentGapMin);
+  return rec.tier === "cheap" ? { ...entry, context: "fresh" } : entry;
+}
+var DEFAULT_FREQUENT_GAP_MIN = 60;
+var init_tier_selector = __esm(() => {
+  init_cron_routing();
+});
+
 // src/config/timezone.ts
 import { readFileSync as readFileSync3, readlinkSync } from "node:fs";
 function defaultReadEtcTimezone() {
@@ -23244,7 +23349,7 @@ function describeAgents(config) {
     const resolved = resolveAgentConfig(config.defaults, config.profiles, agent);
     const profile = agent.extends ?? "default";
     const uid = allocateAgentUid(name);
-    const cronSession = scheduleNeedsCronSession((resolved.schedule ?? []).map((e) => ({ kind: e.kind, model: e.model, context: e.context })), { cheapCronEnabled: true });
+    const cronSession = scheduleNeedsCronSession((resolved.schedule ?? []).map((e) => applyDefaultTier({ cron: e.cron, kind: e.kind, model: e.model, context: e.context })), { cheapCronEnabled: true });
     const resources = resolveResourceDefaults(name, profile, resolved.resources, { cronSession });
     const strippedCaps = readStrippedCaps(agent);
     out.push({
@@ -23742,6 +23847,7 @@ function emitAgentService(lines, a, imageTag, buildMode, buildContext, homePrefi
 var AGENT_UID_MIN = 10001, AGENT_UID_MAX = 10999, RESOURCE_BY_PROFILE, CRON_SESSION_MEM_BUMP_MIB = 512, CRON_SESSION_PIDS_BUMP = 128, BIND_MOUNT_SOURCE_DENYLIST, BIND_MOUNT_TARGET_DENYLIST, BIND_MOUNT_EXACT_SOURCE_DENY, CONTAINER_CONFIG_PATH = "/state/config/switchroom.yaml";
 var init_compose = __esm(() => {
   init_cron_routing();
+  init_tier_selector();
   init_merge();
   init_timezone();
   init_peercred();
@@ -49409,6 +49515,10 @@ function dispatchTool(name, args) {
         base.push("--name", a.name);
       if (a.secrets && a.secrets.length > 0)
         base.push("--secrets", a.secrets.join(","));
+      if (a.model)
+        base.push("--model", a.model);
+      if (a.context)
+        base.push("--context", a.context);
       cliArgs = base;
       parseMode = "json";
       break;
@@ -49593,7 +49703,7 @@ var init_server3 = __esm(() => {
     },
     {
       name: "schedule_add",
-      description: "Append a cron schedule entry to the agent's overlay dir. " + "Overlay-sourced entries with non-empty `secrets:` are REJECTED " + "(E_OVERLAY_SECRETS_REQUIRES_APPROVAL); operator-authored entries " + "in switchroom.yaml are unaffected.",
+      description: "Append a cron schedule entry to your overlay. Takes effect within ~30s \u2014 " + "the scheduler hot-reloads, no restart needed. Overlay entries with " + "non-empty `secrets:` are REJECTED (E_OVERLAY_SECRETS_REQUIRES_APPROVAL). " + "COST: by default each fire runs as a full turn in your live session " + "(your model, your whole context) \u2014 fine for work that needs your memory/" + "persona, but costly for routine checks. For a lighter recurring task, set " + '`model: "sonnet"` to run that fire in a cheap, minimal-context cron ' + "session instead (saves tokens; needs cheap-cron enabled by the operator). " + "For 'only do something when X changes' (e.g. a webpage, or a reaction), " + "ask the operator to set up a poll or reaction-dispatch instead of a " + "frequent prompt cron \u2014 far cheaper than polling with a full turn.",
       inputSchema: {
         type: "object",
         required: ["cron_expr", "prompt"],
@@ -49601,7 +49711,16 @@ var init_server3 = __esm(() => {
           cron_expr: { type: "string" },
           prompt: { type: "string", minLength: 1, maxLength: 4000 },
           secrets: { type: "array", items: { type: "string" } },
-          name: { type: "string", pattern: "^[a-z0-9-]{1,40}$" }
+          name: { type: "string", pattern: "^[a-z0-9-]{1,40}$" },
+          model: {
+            type: "string",
+            description: "Optional cheap-cron tier hint. A known-cheap model ('sonnet'/'haiku') " + "routes this fire to a fresh, minimal-context cron session (Tier 1) " + "instead of your full live session (Tier 2) \u2014 cheaper per fire. Omit " + "for context-heavy work that needs your memory/persona. Inert unless " + "the operator has enabled cheap-cron."
+          },
+          context: {
+            type: "string",
+            enum: ["fresh", "agent"],
+            description: "Tier hint: 'fresh' = minimal-context cheap session (Tier 1); 'agent' " + "= your full live session (Tier 2). Usually inferred from `model`."
+          }
         }
       }
     },
@@ -50204,8 +50323,8 @@ var {
 } = import__.default;
 
 // src/build-info.ts
-var VERSION = "0.15.7";
-var COMMIT_SHA = "c0a8b988";
+var VERSION = "0.15.9";
+var COMMIT_SHA = "6ed776e2";
 
 // src/cli/agent.ts
 init_source();
@@ -50316,6 +50435,7 @@ var LEGACY_CRON_SCRIPT_BASENAME_RE = /^cron-(\d+)\.sh$/;
 // src/agents/scaffold.ts
 init_schema();
 init_cron_routing();
+init_tier_selector();
 init_merge();
 init_timezone();
 
@@ -50409,6 +50529,13 @@ function stripSecretValues(value) {
 function restartRequiredNote(agent) {
   return `Not live yet \u2014 claude loads skills, MCP servers and scheduled ` + `tasks at process start. Run \`switchroom agent restart ${agent}\` ` + `for this to take effect.`;
 }
+function scheduleRestartRequired() {
+  return (process.env.SWITCHROOM_SCHEDULER_HOT_RELOAD ?? "") === "0";
+}
+function scheduleLiveNote(agent) {
+  const hotReload = (process.env.SWITCHROOM_SCHEDULER_HOT_RELOAD ?? "") !== "0";
+  return hotReload ? `Live within ~30s \u2014 the in-agent scheduler hot-reloads the overlay; no restart needed.` : `Not live yet \u2014 hot-reload is disabled (SWITCHROOM_SCHEDULER_HOT_RELOAD=0). ` + `Run \`switchroom agent restart ${agent}\` for this to take effect.`;
+}
 function getAgentSlice(config, agent) {
   const slice = config.agents?.[agent];
   if (!slice) {
@@ -51451,11 +51578,7 @@ function renderFleetInvariants() {
 `);
 }
 function buildCronSessionContext(agentConfig) {
-  const entries = (agentConfig.schedule ?? []).map((e) => ({
-    kind: e.kind,
-    model: e.model,
-    context: e.context
-  }));
+  const entries = (agentConfig.schedule ?? []).map((e) => applyDefaultTier({ cron: e.cron, kind: e.kind, model: e.model, context: e.context }));
   return {
     cronSessionEnabled: scheduleNeedsCronSession(entries, { cheapCronEnabled: true }),
     cronModelQ: shellSingleQuote(DEFAULT_CRON_MODEL)
@@ -68118,6 +68241,7 @@ init_source();
 // src/web/server.ts
 init_merge();
 init_loader();
+init_client();
 init_lifecycle();
 import {
   readFileSync as readFileSync45,
@@ -74490,12 +74614,37 @@ function loadWebhookSecrets() {
     return {};
   }
 }
+async function resolveWebhookSecretFromVault(agent, source, config) {
+  const key = `webhook/${agent}/${source}`;
+  try {
+    const socket = resolveBrokerSocketPath({
+      vaultBrokerSocket: config.vault?.broker?.socket ? resolvePath(config.vault.broker.socket) : undefined
+    });
+    const result = await getViaBrokerStructured(key, { socket });
+    if (result.kind === "ok" && result.entry.kind === "string") {
+      return result.entry.value;
+    }
+    if (result.kind === "denied" || result.kind === "unreachable") {
+      process.stderr.write(`webhook-ingest: vault resolve for ${key} \u2192 ${result.kind}` + `${"code" in result && result.code ? ` (${result.code})` : ""}` + `; webhook will 401 until the secret is operator-readable
+`);
+    }
+  } catch (err) {
+    process.stderr.write(`webhook-ingest: vault resolve for ${key} threw: ${err.message}
+`);
+  }
+  return null;
+}
 async function handleWebhookRoute(req, agent, source, config) {
   const agentConfigRaw = config.agents[agent];
   const agentConfig = agentConfigRaw ? resolveAgentConfig(config.defaults, config.profiles, agentConfigRaw) : undefined;
   const allowedSources = agentConfig?.channels?.telegram?.webhook_sources ?? [];
   const allSecrets = loadWebhookSecrets();
-  const agentSecrets = allSecrets[agent] ?? {};
+  const agentSecrets = { ...allSecrets[agent] ?? {} };
+  if (!agentSecrets[source]) {
+    const fromVault = await resolveWebhookSecretFromVault(agent, source, config);
+    if (fromVault)
+      agentSecrets[source] = fromVault;
+  }
   const requireEdge = agentConfig?.channels?.telegram?.webhook_require_edge === true;
   const edgeSecret = requireEdge ? loadEdgeSecret() : null;
   let bodyBuf;
@@ -82933,6 +83082,10 @@ function scheduleAdd(opts) {
     entry.secrets = opts.secrets;
   if (opts.name)
     entry.name = opts.name;
+  if (opts.model)
+    entry.model = opts.model;
+  if (opts.context)
+    entry.context = opts.context;
   const doc = {
     schedule: [
       Object.fromEntries(Object.entries(entry).filter(([k]) => k !== "name"))
@@ -83017,8 +83170,8 @@ function scheduleAdd(opts) {
     path: path8,
     cron_hash: hash2,
     would_recreate: false,
-    restart_required: true,
-    restart_hint: restartRequiredNote(agent)
+    restart_required: scheduleRestartRequired(),
+    restart_hint: scheduleLiveNote(agent)
   };
 }
 function scheduleAddOrStage(opts) {
@@ -83043,6 +83196,10 @@ function scheduleAddOrStage(opts) {
     entry.secrets = opts.secrets;
   if (opts.name)
     entry.name = opts.name;
+  if (opts.model)
+    entry.model = opts.model;
+  if (opts.context)
+    entry.context = opts.context;
   const doc = {
     schedule: [
       Object.fromEntries(Object.entries(entry).filter(([k]) => k !== "name"))
@@ -83142,13 +83299,17 @@ function scheduleRemove(opts) {
     ok: true,
     slug: match.slug,
     path: match.path,
-    restart_required: true,
-    restart_hint: restartRequiredNote(agent)
+    restart_required: scheduleRestartRequired(),
+    restart_hint: scheduleLiveNote(agent)
   };
 }
 function registerAgentConfigWriteCommands(program3) {
   const schedule = program3.command("schedule").description("Add / remove an agent's scheduled cron entries (overlay-backed)");
-  schedule.command("add").description("Append a schedule entry to the agent's overlay dir").requiredOption("--cron <expr>", "Cron expression").requiredOption("--prompt <text>", "Prompt to fire at the scheduled time").option("--agent <name>", "Target agent (defaults to $SWITCHROOM_AGENT_NAME)").option("--secrets <list>", "Comma-separated vault keys (REJECTED for agent-authored overlays)").option("--name <slug>", "Optional human-readable name (a-z 0-9 -)").option("--stage-on-reject", "When a security gate trips (secrets/quota/min-interval), stage the entry under .pending/ for operator approval instead of rejecting with exit 9. Used by the MCP path; operator CLI defaults to off.").action(async (opts) => {
+  schedule.command("add").description("Append a schedule entry to the agent's overlay dir").requiredOption("--cron <expr>", "Cron expression").requiredOption("--prompt <text>", "Prompt to fire at the scheduled time").option("--agent <name>", "Target agent (defaults to $SWITCHROOM_AGENT_NAME)").option("--secrets <list>", "Comma-separated vault keys (REJECTED for agent-authored overlays)").option("--name <slug>", "Optional human-readable name (a-z 0-9 -)").option("--model <id>", "Cheap-cron tier hint: a known-cheap model (sonnet/haiku) routes this fire to a fresh, minimal-context cron session (Tier 1) instead of the agent's full live session (Tier 2), cutting token cost. Inert unless SWITCHROOM_CHEAP_CRON is on.").option("--context <mode>", "Tier hint: 'fresh' (minimal-context cheap session) or 'agent' (full live session). Unset \u2192 inferred from --model.").option("--stage-on-reject", "When a security gate trips (secrets/quota/min-interval), stage the entry under .pending/ for operator approval instead of rejecting with exit 9. Used by the MCP path; operator CLI defaults to off.").action(async (opts) => {
+    if (opts.context && opts.context !== "fresh" && opts.context !== "agent") {
+      emitError("E_INVALID_PROMPT", "--context must be 'fresh' or 'agent'");
+      process.exit(1);
+    }
     const secrets = opts.secrets ? opts.secrets.split(",").map((s) => s.trim()).filter(Boolean) : undefined;
     if (opts.name && !/^[a-z0-9-]{1,40}$/.test(opts.name)) {
       emitError("E_INVALID_PROMPT", "name must match [a-z0-9-]{1,40}");
@@ -83166,7 +83327,9 @@ function registerAgentConfigWriteCommands(program3) {
         cronExpr: opts.cron,
         prompt: opts.prompt,
         secrets,
-        name: opts.name
+        name: opts.name,
+        model: opts.model,
+        context: opts.context
       });
     } catch (err) {
       process.stderr.write(`${err.message}
@@ -85050,7 +85213,11 @@ import { homedir as homedir48 } from "node:os";
 import { join as join82 } from "node:path";
 import { spawnSync as spawnSync14 } from "node:child_process";
 init_audit_reader();
-var DEFAULT_IMAGE_TAG = "latest";
+function resolveHostdImageTag(explicitTag, release) {
+  if (explicitTag)
+    return explicitTag;
+  return resolveImageTag(resolveRelease({ root: release }));
+}
 var HOSTD_COMPOSE_PROJECT = "switchroom-hostd";
 function renderHostdComposeFile(opts) {
   const { hostHome, imageTag, operatorUid } = opts;
@@ -85202,9 +85369,10 @@ async function doInstall(opts, program3) {
   const dir = hostdDir();
   const composePath = hostdComposePath();
   mkdirSync47(dir, { recursive: true });
+  const imageTag = resolveHostdImageTag(opts.tag, cfg.release);
   const yaml = renderHostdComposeFile({
     hostHome: resolveHostdHostHome(),
-    imageTag: opts.tag ?? DEFAULT_IMAGE_TAG,
+    imageTag,
     operatorUid: resolveOperatorUid()
   });
   if (opts.dryRun) {
@@ -85221,12 +85389,12 @@ async function doInstall(opts, program3) {
   const adminAgents = Object.entries(cfg.agents ?? {}).filter(([, a]) => a?.admin === true).map(([name]) => name);
   console.log(source_default.dim(`    agents served (one socket each): ${allAgents.length === 0 ? "(none)" : allAgents.join(", ")}`));
   console.log(source_default.dim(`    admin agents (full config-edit verbs): ${adminAgents.length === 0 ? "(none)" : adminAgents.join(", ")}`));
-  console.log(source_default.dim(`    Pulling ghcr.io/switchroom/switchroom-hostd:${opts.tag ?? DEFAULT_IMAGE_TAG}\u2026`));
+  console.log(source_default.dim(`    Pulling ghcr.io/switchroom/switchroom-hostd:${imageTag}\u2026`));
   const pull = runDocker(["compose", "-p", HOSTD_COMPOSE_PROJECT, "-f", composePath, "pull"]);
   if (!pull.ok) {
     console.error(source_default.red(`  pull failed:
 ${pull.stderr}`));
-    console.error(source_default.yellow(`  Hint: \`ghcr.io/switchroom/switchroom-hostd:${opts.tag ?? DEFAULT_IMAGE_TAG}\` may not be published yet.
+    console.error(source_default.yellow(`  Hint: \`ghcr.io/switchroom/switchroom-hostd:${imageTag}\` may not be published yet.
 ` + `  Check the docker-images workflow run and verify the tag at:
 ` + `      https://github.com/switchroom/switchroom/pkgs/container/switchroom-hostd`));
     process.exit(1);
@@ -85311,7 +85479,7 @@ ${down.stderr}`));
 }
 function registerHostdCommand(program3) {
   const hostd = program3.command("hostd").description("Manage switchroom-hostd, the host-control daemon for admin agents (RFC C)");
-  hostd.command("install").description("Install or refresh the hostd container (writes ~/.switchroom/hostd/docker-compose.yml + docker compose up -d)").option("--tag <tag>", "Image tag (default: latest)", DEFAULT_IMAGE_TAG).option("--dry-run", "Print the compose file and the docker commands without writing or running anything").action(withConfigError(async (opts) => {
+  hostd.command("install").description("Install or refresh the hostd container (writes ~/.switchroom/hostd/docker-compose.yml + docker compose up -d)").option("--tag <tag>", "Image tag override (default: resolved from release.pin in switchroom.yaml, else latest)").option("--dry-run", "Print the compose file and the docker commands without writing or running anything").action(withConfigError(async (opts) => {
     await doInstall(opts, program3);
   }));
   hostd.command("status").description("Show daemon state and bound sockets").action(() => doStatus());
@@ -85369,7 +85537,11 @@ import { existsSync as existsSync85, mkdirSync as mkdirSync48, writeFileSync as
 import { homedir as homedir49 } from "node:os";
 import { join as join83 } from "node:path";
 import { spawnSync as spawnSync15 } from "node:child_process";
-var DEFAULT_IMAGE_TAG2 = "latest";
+function resolveWebImageTag(explicitTag, release) {
+  if (explicitTag)
+    return explicitTag;
+  return resolveImageTag(resolveRelease({ root: release }));
+}
 var WEB_COMPOSE_PROJECT = "switchroom-web";
 function renderWebComposeFile(opts) {
   const { hostHome, imageTag, operatorUid } = opts;
@@ -85470,7 +85642,7 @@ function runDocker2(args) {
     stderr: r.stderr ?? ""
   };
 }
-async function doInstall2(opts) {
+async function doInstall2(opts, program3) {
   const operatorUid = resolveOperatorUid();
   if (operatorUid === undefined) {
     console.error(source_default.red(`Could not resolve the operator uid (no SUDO_UID and getuid() is 0 or unavailable).
@@ -85481,9 +85653,11 @@ async function doInstall2(opts) {
   const dir = webdDir();
   const composePath = webdComposePath();
   mkdirSync48(dir, { recursive: true });
+  const cfg = getConfig(program3);
+  const imageTag = resolveWebImageTag(opts.tag, cfg.release);
   const yaml = renderWebComposeFile({
     hostHome: homedir49(),
-    imageTag: opts.tag ?? DEFAULT_IMAGE_TAG2,
+    imageTag,
     operatorUid
   });
   if (opts.dryRun) {
@@ -85498,12 +85672,12 @@ async function doInstall2(opts) {
   writeFileSync41(composePath, yaml, "utf8");
   console.log(source_default.green(`  \u2713 Wrote ${composePath}`));
   console.log(source_default.dim(`    running as uid ${operatorUid} (operator), network_mode: host`));
-  console.log(source_default.dim(`    Pulling ghcr.io/switchroom/switchroom-web:${opts.tag ?? DEFAULT_IMAGE_TAG2}\u2026`));
+  console.log(source_default.dim(`    Pulling ghcr.io/switchroom/switchroom-web:${imageTag}\u2026`));
   const pull = runDocker2(["compose", "-p", WEB_COMPOSE_PROJECT, "-f", composePath, "pull"]);
   if (!pull.ok) {
     console.error(source_default.red(`  pull failed:
 ${pull.stderr}`));
-    console.error(source_default.yellow(`  Hint: \`ghcr.io/switchroom/switchroom-web:${opts.tag ?? DEFAULT_IMAGE_TAG2}\` may not be published yet.
+    console.error(source_default.yellow(`  Hint: \`ghcr.io/switchroom/switchroom-web:${imageTag}\` may not be published yet.
 ` + `  Check the docker-images workflow run and verify the tag at:
 ` + `      https://github.com/switchroom/switchroom/pkgs/container/switchroom-web`));
     process.exit(1);
@@ -85571,8 +85745,8 @@ ${down.stderr}`));
 }
 function registerWebdCommand(program3) {
   const webd = program3.command("webd").description("Manage switchroom-web, the dashboard + GitHub-webhook receiver container");
-  webd.command("install").description("Install or refresh the web container (writes ~/.switchroom/web/docker-compose.yml + docker compose up -d)").option("--tag <tag>", "Image tag (default: latest)", DEFAULT_IMAGE_TAG2).option("--dry-run", "Print the compose file and the docker commands without writing or running anything").action(withConfigError(async (opts) => {
-    await doInstall2(opts);
+  webd.command("install").description("Install or refresh the web container (writes ~/.switchroom/web/docker-compose.yml + docker compose up -d)").option("--tag <tag>", "Image tag override (default: resolved from release.pin in switchroom.yaml, else latest)").option("--dry-run", "Print the compose file and the docker commands without writing or running anything").action(withConfigError(async (opts) => {
+    await doInstall2(opts, program3);
   }));
   webd.command("status").description("Show web-service container state").action(() => doStatus2());
   webd.command("uninstall").description("Stop the web container. Leaves the compose file in place for re-install.").action(() => doUninstall2());

package/dist/host-control/main.js

@@ -13967,6 +13967,10 @@ var ReactionsSchema = exports_external.object({
   per_hour_cap: exports_external.number().int().nonnegative().optional().describe("Max reaction-triggered synthetic turns per chat per rolling hour. " + "Refusals are stderr-logged but not surfaced to the agent. " + "Default 10. Set to 0 to disable triggering via the cap path."),
   group_admin_only: exports_external.boolean().optional().describe("In groups/supergroups (negative chat_id), only trigger a synthetic " + "turn when the reacter is a chat admin (creator or administrator). " + "Failing the lookup is treated as non-admin (fail-closed). " + "DMs are never affected by this flag — the reacter IS the user. " + "Default true.")
 }).optional();
+var ReactionDispatchSchema = exports_external.object({
+  enabled: exports_external.boolean().optional().describe("Master switch for the reaction-dispatch path. Default false — " + "with no reaction_dispatch block, reactions are persisted (and may " + "feed the `reactions` feedback path) but are NEVER dispatched as " + "event-driven inbound turns."),
+  emojis: exports_external.array(exports_external.string()).optional().describe('Emoji allowlist that triggers a `<channel event="reaction">` ' + "inbound turn when reacted to any message. Default [] (nothing " + "fires). Cascade mode: REPLACE (not union) — a layer's list " + "replaces lower layers entirely so an operator can narrow per-agent.")
+}).optional();
 var ReleaseBlock = exports_external.object({
   channel: exports_external.enum(["dev", "rc", "latest"]).optional(),
   pin: exports_external.string().regex(/^(sha-[0-9a-f]{7,40}|v\d+\.\d+\.\d+)$/).optional()
@@ -14002,6 +14006,7 @@ var profileFields = {
   schedule: exports_external.array(ScheduleEntrySchema).optional(),
   secrets: exports_external.array(exports_external.string().regex(/^[a-zA-Z0-9_\-/]+$/, "Secret key names must contain only alphanumeric characters, underscores, hyphens, and forward slashes")).optional().describe("Operator-granted STANDING vault keys this agent may read via the " + "broker — independent of any cron or MCP server. Use when an agent " + "needs a credential both interactively and in its own (agent-managed) " + "schedules, so the grant lives with the agent rather than welded to a " + "specific cron's `secrets[]`. OPERATOR-SET ONLY: agents cannot edit " + "switchroom.yaml or self-grant (reference/vision.md outcome 2 — 'you " + "hold the leash; only your tap grants it'). Exact key names. Cascades " + "UNION across defaults -> profile -> agent (see docs/configuration.md)."),
   reactions: ReactionsSchema,
+  reaction_dispatch: ReactionDispatchSchema,
   model: exports_external.string().regex(/^[a-zA-Z0-9][a-zA-Z0-9._\-/\[\]:]*$/, "Model name must be alphanumeric with ._-/[]: only").optional(),
   thinking_effort: exports_external.enum(["low", "medium", "high", "xhigh", "max"]).optional().describe("Adaptive-thinking effort level passed as --effort to the claude CLI. " + "lower = faster/cheaper, higher = more reasoning. Omit to use Claude's default."),
   permission_mode: exports_external.enum(["acceptEdits", "auto", "bypassPermissions", "default", "dontAsk", "plan"]).optional().describe("Permission mode passed as --permission-mode to the claude CLI. " + "Omit to use Claude's default (acceptEdits for switchroom agents). " + "Warning: bypassPermissions and dontAsk skip all safety checks — use only in trusted sandboxes."),
@@ -14071,6 +14076,7 @@ var AgentSchema = exports_external.object({
   schedule: exports_external.array(ScheduleEntrySchema).default([]),
   secrets: exports_external.array(exports_external.string().regex(/^[a-zA-Z0-9_\-/]+$/, "Secret key names must contain only alphanumeric characters, underscores, hyphens, and forward slashes")).optional(),
   reactions: ReactionsSchema,
+  reaction_dispatch: ReactionDispatchSchema,
   model: exports_external.string().regex(/^[a-zA-Z0-9][a-zA-Z0-9._\-/\[\]:]*$/, "Model name must be alphanumeric with ._-/[]: only (no spaces or shell specials)").optional().describe("Claude model override (e.g., 'claude-sonnet-4-6')"),
   thinking_effort: exports_external.enum(["low", "medium", "high", "xhigh", "max"]).optional().describe("Adaptive-thinking effort level passed as --effort to the claude CLI. " + "Per-agent override wins over defaults.thinking_effort. " + "lower = faster/cheaper, higher = more reasoning. Omit to use Claude's default."),
   permission_mode: exports_external.enum(["acceptEdits", "auto", "bypassPermissions", "default", "dontAsk", "plan"]).optional().describe("Permission mode passed as --permission-mode to the claude CLI. " + "Per-agent override wins over defaults.permission_mode. " + "Warning: bypassPermissions and dontAsk skip all safety checks — use only in trusted sandboxes."),
@@ -14746,6 +14752,18 @@ function mergeAgentConfig(defaultsIn, agentIn) {
     }
     merged.reactions = combined;
   }
+  const dReactionDispatch = defaults.reaction_dispatch;
+  const mReactionDispatch = merged.reaction_dispatch;
+  if (dReactionDispatch || mReactionDispatch) {
+    const base = dReactionDispatch ?? {};
+    const override = mReactionDispatch ?? {};
+    const combined = { ...base };
+    for (const [k, v] of Object.entries(override)) {
+      if (v !== undefined)
+        combined[k] = v;
+    }
+    merged.reaction_dispatch = combined;
+  }
   if (defaults.resources || merged.resources) {
     const d = defaults.resources ?? {};
     const a = merged.resources ?? {};

package/dist/vault/approvals/kernel-server.js

@@ -4293,6 +4293,18 @@ function mergeAgentConfig(defaultsIn, agentIn) {
     }
     merged.reactions = combined;
   }
+  const dReactionDispatch = defaults.reaction_dispatch;
+  const mReactionDispatch = merged.reaction_dispatch;
+  if (dReactionDispatch || mReactionDispatch) {
+    const base = dReactionDispatch ?? {};
+    const override = mReactionDispatch ?? {};
+    const combined = { ...base };
+    for (const [k, v] of Object.entries(override)) {
+      if (v !== undefined)
+        combined[k] = v;
+    }
+    merged.reaction_dispatch = combined;
+  }
   if (defaults.resources || merged.resources) {
     const d = defaults.resources ?? {};
     const a = merged.resources ?? {};
@@ -11277,7 +11289,7 @@ var init_dist = __esm(() => {
 });
 
 // src/config/schema.ts
-var CodeRepoEntrySchema, AgentBindMountSchema, HttpDiffPollSchema, TelegramReactionsPollSchema, PollSpecSchema, ScheduleEntrySchema, AgentSoulSchema, AgentToolsSchema, AgentMemorySchema, HookEntrySchema, AgentHooksSchema, SubagentSchema, SessionSchema, SessionContinuitySchema, webhookDispatchRule, TelegramChannelSchema, ChannelsSchema, TIMEZONE_REGEX, ApproverIdSchema, GoogleWorkspaceTierSchema, GoogleWorkspaceConfigSchema, MicrosoftWorkspaceConfigSchema, NotionWorkspaceConfigSchema, AgentGoogleWorkspaceConfigSchema, AgentMicrosoftWorkspaceConfigSchema, AgentNotionWorkspaceConfigSchema, ReactionsSchema, ReleaseBlock, NetworkIsolationSchema, profileFields, ProfileSchema, _omitExtends, defaultsFields, AgentDefaultsSchema, AgentSchema, TelegramConfigSchema, MemoryBackendConfigSchema, VaultConfigSchema, QuotaConfigSchema, AutoReleaseCheckSchema, HostControlConfigSchema, WebServiceConfigSchema, HostdConfigSchema, CronEgressSchema, CronConfigSchema, SwitchroomConfigSchema;
+var CodeRepoEntrySchema, AgentBindMountSchema, HttpDiffPollSchema, TelegramReactionsPollSchema, PollSpecSchema, ScheduleEntrySchema, AgentSoulSchema, AgentToolsSchema, AgentMemorySchema, HookEntrySchema, AgentHooksSchema, SubagentSchema, SessionSchema, SessionContinuitySchema, webhookDispatchRule, TelegramChannelSchema, ChannelsSchema, TIMEZONE_REGEX, ApproverIdSchema, GoogleWorkspaceTierSchema, GoogleWorkspaceConfigSchema, MicrosoftWorkspaceConfigSchema, NotionWorkspaceConfigSchema, AgentGoogleWorkspaceConfigSchema, AgentMicrosoftWorkspaceConfigSchema, AgentNotionWorkspaceConfigSchema, ReactionsSchema, ReactionDispatchSchema, ReleaseBlock, NetworkIsolationSchema, profileFields, ProfileSchema, _omitExtends, defaultsFields, AgentDefaultsSchema, AgentSchema, TelegramConfigSchema, MemoryBackendConfigSchema, VaultConfigSchema, QuotaConfigSchema, AutoReleaseCheckSchema, HostControlConfigSchema, WebServiceConfigSchema, HostdConfigSchema, CronEgressSchema, CronConfigSchema, SwitchroomConfigSchema;
 var init_schema = __esm(() => {
   init_zod();
   CodeRepoEntrySchema = exports_external.object({
@@ -11553,6 +11565,10 @@ var init_schema = __esm(() => {
     per_hour_cap: exports_external.number().int().nonnegative().optional().describe("Max reaction-triggered synthetic turns per chat per rolling hour. " + "Refusals are stderr-logged but not surfaced to the agent. " + "Default 10. Set to 0 to disable triggering via the cap path."),
     group_admin_only: exports_external.boolean().optional().describe("In groups/supergroups (negative chat_id), only trigger a synthetic " + "turn when the reacter is a chat admin (creator or administrator). " + "Failing the lookup is treated as non-admin (fail-closed). " + "DMs are never affected by this flag — the reacter IS the user. " + "Default true.")
   }).optional();
+  ReactionDispatchSchema = exports_external.object({
+    enabled: exports_external.boolean().optional().describe("Master switch for the reaction-dispatch path. Default false — " + "with no reaction_dispatch block, reactions are persisted (and may " + "feed the `reactions` feedback path) but are NEVER dispatched as " + "event-driven inbound turns."),
+    emojis: exports_external.array(exports_external.string()).optional().describe('Emoji allowlist that triggers a `<channel event="reaction">` ' + "inbound turn when reacted to any message. Default [] (nothing " + "fires). Cascade mode: REPLACE (not union) — a layer's list " + "replaces lower layers entirely so an operator can narrow per-agent.")
+  }).optional();
   ReleaseBlock = exports_external.object({
     channel: exports_external.enum(["dev", "rc", "latest"]).optional(),
     pin: exports_external.string().regex(/^(sha-[0-9a-f]{7,40}|v\d+\.\d+\.\d+)$/).optional()
@@ -11588,6 +11604,7 @@ var init_schema = __esm(() => {
     schedule: exports_external.array(ScheduleEntrySchema).optional(),
     secrets: exports_external.array(exports_external.string().regex(/^[a-zA-Z0-9_\-/]+$/, "Secret key names must contain only alphanumeric characters, underscores, hyphens, and forward slashes")).optional().describe("Operator-granted STANDING vault keys this agent may read via the " + "broker — independent of any cron or MCP server. Use when an agent " + "needs a credential both interactively and in its own (agent-managed) " + "schedules, so the grant lives with the agent rather than welded to a " + "specific cron's `secrets[]`. OPERATOR-SET ONLY: agents cannot edit " + "switchroom.yaml or self-grant (reference/vision.md outcome 2 — 'you " + "hold the leash; only your tap grants it'). Exact key names. Cascades " + "UNION across defaults -> profile -> agent (see docs/configuration.md)."),
     reactions: ReactionsSchema,
+    reaction_dispatch: ReactionDispatchSchema,
     model: exports_external.string().regex(/^[a-zA-Z0-9][a-zA-Z0-9._\-/\[\]:]*$/, "Model name must be alphanumeric with ._-/[]: only").optional(),
     thinking_effort: exports_external.enum(["low", "medium", "high", "xhigh", "max"]).optional().describe("Adaptive-thinking effort level passed as --effort to the claude CLI. " + "lower = faster/cheaper, higher = more reasoning. Omit to use Claude's default."),
     permission_mode: exports_external.enum(["acceptEdits", "auto", "bypassPermissions", "default", "dontAsk", "plan"]).optional().describe("Permission mode passed as --permission-mode to the claude CLI. " + "Omit to use Claude's default (acceptEdits for switchroom agents). " + "Warning: bypassPermissions and dontAsk skip all safety checks — use only in trusted sandboxes."),
@@ -11657,6 +11674,7 @@ var init_schema = __esm(() => {
     schedule: exports_external.array(ScheduleEntrySchema).default([]),
     secrets: exports_external.array(exports_external.string().regex(/^[a-zA-Z0-9_\-/]+$/, "Secret key names must contain only alphanumeric characters, underscores, hyphens, and forward slashes")).optional(),
     reactions: ReactionsSchema,
+    reaction_dispatch: ReactionDispatchSchema,
     model: exports_external.string().regex(/^[a-zA-Z0-9][a-zA-Z0-9._\-/\[\]:]*$/, "Model name must be alphanumeric with ._-/[]: only (no spaces or shell specials)").optional().describe("Claude model override (e.g., 'claude-sonnet-4-6')"),
     thinking_effort: exports_external.enum(["low", "medium", "high", "xhigh", "max"]).optional().describe("Adaptive-thinking effort level passed as --effort to the claude CLI. " + "Per-agent override wins over defaults.thinking_effort. " + "lower = faster/cheaper, higher = more reasoning. Omit to use Claude's default."),
     permission_mode: exports_external.enum(["acceptEdits", "auto", "bypassPermissions", "default", "dontAsk", "plan"]).optional().describe("Permission mode passed as --permission-mode to the claude CLI. " + "Per-agent override wins over defaults.permission_mode. " + "Warning: bypassPermissions and dontAsk skip all safety checks — use only in trusted sandboxes."),