switchroom 0.15.9 → 0.15.11

package/telegram-plugin/gateway/gateway.ts

@@ -139,6 +139,7 @@ import {
   recordReaction, lookupMessageRoleAndText,
   checkpointWal as checkpointHistoryWal,
   pruneMessagesOlderThanDays,
+  hasOutboundDeliveredSince,
 } from '../history.js'
 import {
   runRegistryReaper,
@@ -299,7 +300,7 @@ import { handleRequestDriveApproval } from './drive-write-approval.js'
 import { handleRequestMs365Approval } from './ms365-write-approval.js'
 import { buildDiffPreviewCard } from './diff-preview-card.js'
 import { createPendingInboundBuffer, redeliverBufferedInbound, idleDrainTick } from './pending-inbound-buffer.js'
-import { isCronIdentity, resolveInjectTarget } from './cron-session.js'
+import { isCronIdentity, deliverInjectWithFallback } from './cron-session.js'
 import {
   ObligationLedger,
   buildObligationRepresentInbound,
@@ -1506,6 +1507,20 @@ const OBLIGATION_BACKGROUND_WORK_GRACE_MS = (() => {
   const n = Number(raw)
   return Number.isFinite(n) && n >= 0 ? n : 20 * 60_000
 })()
+// Per-represent grace window. After a re-present fires, the obligation is
+// ineligible for the next represent/escalate until at least this many ms have
+// elapsed since markRepresented. Without this the 5s sweep can fire again
+// before the re-presented turn even reaches the agent, burning the represent
+// budget and producing back-to-back re-presents or a premature escalation.
+// Default 120s — generous enough for a turn to start + deliver an answer;
+// small enough not to delay genuine unanswered re-presents.
+// Kill switch: SWITCHROOM_OBLIGATION_REPRESENT_GRACE_MS=0 → no per-represent grace.
+const OBLIGATION_REPRESENT_GRACE_MS = (() => {
+  const raw = process.env.SWITCHROOM_OBLIGATION_REPRESENT_GRACE_MS
+  if (raw == null || raw === '') return 120_000
+  const n = Number(raw)
+  return Number.isFinite(n) && n >= 0 ? n : 120_000
+})()
 // Marker-freshness window for the orphaned-foreground signal. The turn-active
 // marker is touched on every foreground tool_use and on foreground sub-agent
 // JSONL growth, so an mtime younger than this means a sub-agent is touching it
@@ -2175,23 +2190,38 @@ function hasDifferentThreadedRecentTurn(
  * PR2 obligation-ledger CLOSE. Called when a SUBSTANTIVE final answer lands
  * (not a bare interim ack — using finalAnswerSubstantive, the #2141 signal): the
  * obligation discharged is the one for the SAME origin the answer routes to
- * (origin_turn_id the model echoed, else the live turn). So 713's reply closes
- * 713's obligation even after currentTurn flipped to 715, and 715 stays open
- * until ITS own substantive answer. An ack does NOT close (so ack-then-ghost is
- * re-presented, not re-dropped). turn.turnId === the obligation's origin id
- * (both deriveTurnId(chat,thread,messageId) of the same inbound). No-op unless
- * the flag is on. NOTE residual: a genuinely SHORT answer (<200 chars, not a
- * stream-done) reads as non-substantive and won't close → a bounded re-ask
- * (≤2) then one operator-visible nudge — the accepted double-ask tradeoff,
- * measured in the canary.
+ * (origin_turn_id the model echoed, else the routed origin the gateway resolved,
+ * else the live turn). So 713's reply closes 713's obligation even after
+ * currentTurn flipped to 715, and 715 stays open until ITS own substantive
+ * answer. Answers to re-presented obligations (via=quoted, no model echo) close
+ * via the gateway-resolved routedOriginTurn. An ack does NOT close (so
+ * ack-then-ghost is re-presented, not re-dropped). The live-turn fallback fires
+ * only for the live turn's OWN obligation (it was the turn delivering this
+ * reply), preserving the 713/715 invariant. No-op unless the flag is on.
+ *
+ * @param routedOriginTurn — the origin the reply router already resolved
+ *   (echoedTurn ?? quotedTurn); pass whenever the TURN_ORIGIN_ROUTING path ran.
+ *   Skipped when null/undefined (pre-routing paths, or DM with no quote).
  */
 function closeObligationOnSubstantiveReply(
   args: Record<string, unknown>,
   liveTurn: CurrentTurn | null | undefined,
+  routedOriginTurn?: CurrentTurn | null,
 ): void {
   if (!OBLIGATION_LEDGER_ENABLED) return
   const echoed = findTurnByOriginId(args.origin_turn_id as string | undefined)
-  const target = obligationLedger.resolveCloseTarget(echoed?.turnId, liveTurn?.turnId)
+  // routedOriginTurn is the gateway-resolved origin (echoedTurn ?? quotedTurn).
+  // Only pass it as routedOriginId when it DIFFERS from the echoed turn (if
+  // echoed is present, resolveCloseTarget's first branch already handles it),
+  // and only when it is NOT the live turn (live-turn is the fallback, not the
+  // routed origin — passing live turn here would bypass the live-turn fallback
+  // logic and still close correctly, but naming matters for the 713/715 case:
+  // the routed origin on a via=quoted reply IS the origin, not "live fallback").
+  const routedOriginId =
+    routedOriginTurn != null && echoed == null
+      ? routedOriginTurn.turnId
+      : null
+  const target = obligationLedger.resolveCloseTarget(echoed?.turnId, liveTurn?.turnId, routedOriginId)
   if (target != null) obligationLedger.close(target)
 }
 
@@ -5414,13 +5444,16 @@ function obligationSweep(): void {
     OBLIGATION_BACKGROUND_WORK_GRACE_MS > 0 && agentHasInFlightBackgroundWork(now)
   // Grace window: skip an obligation whose handling turn ended < grace ago — its
   // trailing slow/worker answer may still be landing (over-escalation fix).
+  // Per-represent grace: skip an obligation re-presented < grace ago — prevents
+  // the 5s sweep from immediately firing again before the re-present even lands.
   const decision = obligationLedger.decideAtIdle(
-    OBLIGATION_ESCALATE_GRACE_MS > 0 || backgroundWorkActive
+    OBLIGATION_ESCALATE_GRACE_MS > 0 || backgroundWorkActive || OBLIGATION_REPRESENT_GRACE_MS > 0
       ? {
           now,
           graceMs: OBLIGATION_ESCALATE_GRACE_MS,
           backgroundWorkActive,
           backgroundGraceMs: OBLIGATION_BACKGROUND_WORK_GRACE_MS,
+          representGraceMs: OBLIGATION_REPRESENT_GRACE_MS,
         }
       : undefined,
   )
@@ -5449,8 +5482,22 @@ function obligationSweep(): void {
     )
     return
   }
-  // escalate — re-present ladder exhausted. Send ONE operator-visible nudge and
-  // close the obligation ONLY AFTER it actually lands. This inverts the old
+  // escalate — re-present ladder exhausted. Before sending the user-visible
+  // apology, check whether the agent has ALREADY delivered an outbound reply
+  // to this chat since the obligation was opened. If yes, the obligation is
+  // stale (the agent did answer, just without closing the obligation via the
+  // normal close path) — close silently instead of alarming the user with a
+  // false "I may have missed this". This is Fix 4: escalate only on knowledge,
+  // not doubt. Fall back to false (safe: never suppresses) if history unavailable.
+  if (HISTORY_ENABLED && hasOutboundDeliveredSince(o.chatId, o.openedAt, o.threadId)) {
+    process.stderr.write(
+      `telegram gateway: obligation closed silently — outbound delivered since open origin=${o.originTurnId}\n`,
+    )
+    obligationLedger.close(o.originTurnId)
+    return
+  }
+  // Proceed with escalation: send ONE operator-visible nudge and close the
+  // obligation ONLY AFTER it actually lands. This inverts the old
   // close-before-send (which silently dropped the terminal whenever the send
   // failed): the close is now itself an observable terminal. A transient send
   // failure leaves the obligation OPEN → retried next sweep; a PERMANENT one
@@ -6425,19 +6472,34 @@ const ipcServer: IpcServer = createIpcServer({
     // unchanged. Route+buffer share the same target so a fire that lands
     // mid cron-session-spawn buffers under the cron identity and drains to
     // it on register.
-    const target = resolveInjectTarget(msg.agentName, msg.inbound.meta)
-    const toCron = target !== msg.agentName
-    const delivered = ipcServer.sendToAgent(target, msg.inbound)
-    // Status-silent (§2.4): a cron fire must NOT set the MAIN agent's
-    // currentTurn (progress card / silence-poke). The cron session is
-    // fire-and-forget; its reply is its only Telegram surface.
-    if (delivered && !toCron) markClaudeBusyForInbound(msg.inbound)
+    // Graceful Tier-1 fallback (cheap-crons JTBD: a cron must NEVER be
+    // dropped because of tier routing). A cron-routed fire whose `<agent>-cron`
+    // bridge isn't connected (boot-forked session not up yet for a hot-added
+    // frequent cron, or a crashed cron session) falls back to the MAIN agent
+    // bridge so the fire lands now; it routes cheap again once the session is
+    // up. See deliverInjectWithFallback.
+    const { target, delivered, fellBackToMain } = deliverInjectWithFallback(
+      msg.agentName,
+      msg.inbound.meta,
+      (t) => ipcServer.sendToAgent(t, msg.inbound),
+    )
+    if (fellBackToMain) {
+      process.stderr.write(
+        `telegram gateway: cron fire fell back to main session (no cron bridge) agent=${msg.agentName} prompt_key=${promptKey}\n`,
+      )
+    }
+    // Status-silent (§2.4): a cron fire delivered to the CRON session must NOT
+    // set the MAIN agent's currentTurn. But a fire that LANDED on the main
+    // bridge (a non-cron fire, or one that fell back) IS a main-session turn —
+    // surface it on the progress card, or the session looks dark.
+    if (delivered && target === msg.agentName) markClaudeBusyForInbound(msg.inbound)
     process.stderr.write(
-      `telegram gateway: inject_inbound agent=${msg.agentName} target=${target} source=${source} prompt_key=${promptKey} delivered=${delivered}\n`,
+      `telegram gateway: inject_inbound agent=${msg.agentName} target=${target}${fellBackToMain ? " (fellback)" : ""} source=${source} prompt_key=${promptKey} delivered=${delivered}\n`,
     )
     // #1150: same buffer-on-failure pattern as vault_grant_approved.
-    // Cron fires use this path too — if a cron-driven wake-up lands
-    // mid bridge-reconnect, buffer it for the next register.
+    // Only reached if BOTH the cron bridge and the main bridge are down
+    // (e.g. mid-restart) — buffer under the bridge we tried last so it
+    // drains on the next register.
     if (!delivered) {
       pendingInboundBuffer.push(target, msg.inbound)
     }
@@ -6955,6 +7017,10 @@ async function executeReply(args: Record<string, unknown>): Promise<{ content: A
   // heuristic is what mis-routed a late reply to whichever topic most
   // recently received a message. DM: every tier is undefined → unchanged.
   // Kill switch off → exact legacy resolveThreadId precedence.
+  // Hoist the resolved origin turn so the obligation-close path (below) can
+  // pass it into resolveCloseTarget as routedOriginId, closing re-presented
+  // obligations even when the model omitted origin_turn_id (Fix 1/2).
+  let replyRoutedOriginTurn: CurrentTurn | null = null
   let threadId: number | undefined
   if (TURN_ORIGIN_ROUTING_ENABLED) {
     const explicit = args.message_thread_id != null ? Number(args.message_thread_id) : undefined
@@ -6964,6 +7030,7 @@ async function executeReply(args: Record<string, unknown>): Promise<{ content: A
     const echoedTurn = findTurnByOriginId(args.origin_turn_id as string | undefined)
     const quotedTurn = echoedTurn == null ? findTurnByQuotedMessageId(chat_id, args.reply_to) : null
     const originTurn = echoedTurn ?? quotedTurn
+    replyRoutedOriginTurn = originTurn ?? null
     threadId = resolveAnswerThreadWithLog(
       chat_id,
       Number.isFinite(explicit as number) ? (explicit as number) : undefined,
@@ -7205,7 +7272,7 @@ async function executeReply(args: Record<string, unknown>): Promise<{ content: A
               text: decision.mergedText,
               disableNotification,
             })
-            if (turn.finalAnswerSubstantive) closeObligationOnSubstantiveReply(args, turn)
+            if (turn.finalAnswerSubstantive) closeObligationOnSubstantiveReply(args, turn, replyRoutedOriginTurn)
           }
           outboundDedup.record(
             chat_id,
@@ -7558,7 +7625,7 @@ async function executeReply(args: Record<string, unknown>): Promise<{ content: A
       finalizeStatusReaction(chat_id, threadId, 'done')
       // PR2: close this origin's obligation on a SUBSTANTIVE final answer
       // (after finalize so the reaction guard test's anchor window is stable).
-      if (turn.finalAnswerSubstantive) closeObligationOnSubstantiveReply(args, turn)
+      if (turn.finalAnswerSubstantive) closeObligationOnSubstantiveReply(args, turn, replyRoutedOriginTurn)
     }
     // v0.13.30 follow-up — release the buffer gate on EVERY reply
     // finalize, not just on `isFinalAnswerReply`. The narrow
@@ -7618,20 +7685,36 @@ async function executeStreamReply(args: Record<string, unknown>): Promise<unknow
   // topic and a late stream-reply can't be stolen by a successor turn. DM:
   // every tier undefined → unchanged. Kill switch off → legacy live-turn
   // injection only.
+  // Origin resolution is hoisted UNCONDITIONALLY (outside the
+  // message_thread_id==null guard below) so the obligation-close path has
+  // the correct routedOriginTurn even when the model explicitly passes
+  // message_thread_id (forum-topic streams). Without this hoist, Fix 1
+  // is a no-op for forum-topic streams — the origin is never resolved and
+  // closeObligationOnSubstantiveReply falls through to the live-turn
+  // fallback. Matches executeReply's unconditional resolution. Thread
+  // injection still stays scoped to the message_thread_id==null branch —
+  // only the obligation-close input changes.
+  let streamRoutedOriginTurn: CurrentTurn | null = null
+  // Track whether the origin was found via echo (for the routing log below).
+  let streamOriginVia: 'echo' | 'quoted' | null = null
+  if (TURN_ORIGIN_ROUTING_ENABLED) {
+    // Origin precedence: model echo first, then the framework-owned quoted
+    // message_id as a deterministic fallback (mirrors executeReply).
+    const echoedTurn = findTurnByOriginId(args.origin_turn_id as string | undefined)
+    const quotedTurn =
+      echoedTurn == null ? findTurnByQuotedMessageId(String(args.chat_id), args.reply_to) : null
+    const originTurn = echoedTurn ?? quotedTurn
+    streamRoutedOriginTurn = originTurn ?? null
+    streamOriginVia = originTurn == null ? null : echoedTurn != null ? 'echo' : 'quoted'
+  }
   if (args.message_thread_id == null) {
     let injected: number | undefined
     if (TURN_ORIGIN_ROUTING_ENABLED) {
-      // Origin precedence: model echo first, then the framework-owned quoted
-      // message_id as a deterministic fallback (mirrors executeReply).
-      const echoedTurn = findTurnByOriginId(args.origin_turn_id as string | undefined)
-      const quotedTurn =
-        echoedTurn == null ? findTurnByQuotedMessageId(String(args.chat_id), args.reply_to) : null
-      const originTurn = echoedTurn ?? quotedTurn
       injected = resolveAnswerThreadWithLog(
         String(args.chat_id),
         undefined,
-        originTurn,
-        originTurn == null ? null : echoedTurn != null ? 'echo' : 'quoted',
+        streamRoutedOriginTurn,
+        streamOriginVia,
         turn,
         'stream_reply',
       )
@@ -7910,7 +7993,7 @@ async function executeStreamReply(args: Record<string, unknown>): Promise<unknow
       disableNotification: args.disable_notification === true,
       done: args.done === true,
     })
-    if (turn.finalAnswerSubstantive) closeObligationOnSubstantiveReply(args, turn)
+    if (turn.finalAnswerSubstantive) closeObligationOnSubstantiveReply(args, turn, streamRoutedOriginTurn)
     // #1744 follow-up — stream_reply edge case. The first-emit gate at
     // L5178 only clears silent-end state on the FIRST emit of a stream.
     // If a stream's first emit was ack-shaped (disable_notification:true,

package/telegram-plugin/gateway/obligation-ledger.ts

@@ -55,6 +55,12 @@ export interface Obligation {
    *  that re-stamps this once, and representCount is capped, so the ladder still
    *  terminates. Durable (part of the snapshot) so the grace survives restart. */
   lastTurnEndedAt?: number
+  /** Wall-clock ms this obligation was most recently re-presented. Drives the
+   *  per-represent grace: a freshly re-presented obligation is skipped until
+   *  at least `representGraceMs` has elapsed, preventing immediate second
+   *  re-present/escalate when the sweep fires < 5s later. Durable (part of the
+   *  snapshot) so the grace window survives a restart. */
+  lastRepresentedAt?: number
 }
 
 /** What the gateway should do for the oldest open obligation at an idle boundary. */
@@ -202,20 +208,30 @@ export class ObligationLedger {
    * pathologically-stuck/leaked worker cannot suppress the escalation forever —
    * once openedAt+backgroundGraceMs passes, the obligation is acted on regardless
    * of work state, and the FSM still terminates.
+   *
+   * PER-REPRESENT GRACE (opts.representGraceMs > 0): an obligation that was just
+   * re-presented is ineligible until at least `representGraceMs` ms have elapsed
+   * since `lastRepresentedAt`. Without this, the 5s sweep can fire again before
+   * the re-presented turn even reaches the agent, burning the represent budget
+   * immediately and producing back-to-back escalations on the same message.
    */
   decideAtIdle(opts?: {
     now: number
     graceMs: number
     backgroundWorkActive?: boolean
     backgroundGraceMs?: number
+    representGraceMs?: number
   }): LedgerDecision {
-    const useEligible = opts != null && (opts.graceMs > 0 || opts.backgroundWorkActive === true)
+    const useEligible =
+      opts != null &&
+      (opts.graceMs > 0 || opts.backgroundWorkActive === true || (opts.representGraceMs ?? 0) > 0)
     const o = useEligible
       ? this.oldestEligible(
           opts!.now,
           opts!.graceMs,
           opts!.backgroundWorkActive === true,
           opts!.backgroundGraceMs ?? 0,
+          opts!.representGraceMs ?? 0,
         )
       : this.oldest()
     if (o === undefined) return { action: 'none' }
@@ -224,24 +240,30 @@ export class ObligationLedger {
   }
 
   /** The oldest open obligation that is currently ELIGIBLE to act on — i.e. NOT
-   *  within either grace window:
+   *  within any grace window:
    *   - trailing-answer grace: its handling turn ended < `graceMs` ago (a queued
    *     obligation with no lastTurnEndedAt can't have a trailing answer, so it is
-   *     always eligible on this axis); AND
+   *     always eligible on this axis);
    *   - background-work grace: when `backgroundWorkActive`, it was opened <
    *     `backgroundGraceMs` ago (genuine in-flight autonomous work — bounded by
-   *     the ceiling so a stale/leaked worker can't suppress escalation forever). */
+   *     the ceiling so a stale/leaked worker can't suppress escalation forever);
+   *   - per-represent grace: it was re-presented < `representGraceMs` ago (prevents
+   *     a 5s sweep tick from immediately firing again on the same obligation before
+   *     the re-presented turn even reaches the agent). */
   private oldestEligible(
     now: number,
     graceMs: number,
     backgroundWorkActive: boolean,
     backgroundGraceMs: number,
+    representGraceMs: number,
   ): Obligation | undefined {
     let best: Obligation | undefined
     for (const o of this.open.values()) {
       if (o.lastTurnEndedAt != null && now - o.lastTurnEndedAt < graceMs) continue // trailing-answer grace
       if (backgroundWorkActive && backgroundGraceMs > 0 && now - o.openedAt < backgroundGraceMs)
         continue // in-flight autonomous work, bounded by the ceiling
+      if (representGraceMs > 0 && o.lastRepresentedAt != null && now - o.lastRepresentedAt < representGraceMs)
+        continue // per-represent grace: sweep fired before re-presented turn landed
       if (best === undefined || o.openedAt < best.openedAt) best = o
     }
     return best
@@ -259,29 +281,48 @@ export class ObligationLedger {
   /**
    * Decide which obligation a substantive reply discharges — DETERMINISTICALLY,
    * holding for any model behavior:
-   *  - `echoedTurnId` (the model echoed origin_turn_id back) → authoritative;
-   *    close exactly that (a no-op via close() if it isn't actually open).
-   *  - else, close the live turn's obligation ONLY when UNAMBIGUOUS — exactly
-   *    one obligation open. With >1 open and no echo we cannot tell which one
-   *    the reply answered; closing the live turn's would silently drop the other
-   *    (713's un-echoed reply landing while currentTurn=715 must NOT close 715).
-   *    So we close nothing → the real target stays open and is re-presented (a
-   *    bounded double-ask), never wrong-closed. Returns the id to close, or null.
+   *
+   *  1. `echoedTurnId` (model echoed origin_turn_id back) → authoritative; close
+   *     exactly that (a no-op via close() if it isn't actually open).
+   *  2. `routedOriginId` (gateway-resolved origin from quote/via=quoted or
+   *     via=live routing) → treat as the definitive target when present; this
+   *     makes answers to re-presented messages close their obligation even when
+   *     no model echo was provided and even with >1 open obligation (the routed
+   *     origin IS the answer's origin — this is deterministic, not a guess).
+   *     The 713/715 invariant still holds: the gateway only passes a routedOriginId
+   *     that it has positively resolved as the reply's origin (quote resolution,
+   *     via=quoted); it never passes the LIVE turn id here when a different
+   *     obligation is the resolved origin.
+   *  3. else, close the live turn's own obligation when that turn itself is open —
+   *     this is unambiguous (the reply happened IN that turn, so the turn's own
+   *     obligation IS the right target). The 713/715 wrong-close protection is
+   *     preserved by ordering: routed/echoed origin (steps 1/2) wins first;
+   *     live-turn fallback (step 3) only fires when no routed origin resolved, AND
+   *     only for the live turn's OWN obligation (not another open obligation). A
+   *     reply answering message A landing while currentTurn=B must STILL not close B
+   *     — only steps 1/2 can close A in that case. With multiple open obligations
+   *     and no routed origin, the LIVE turn's own obligation is the safe default
+   *     (relaxed from size==1 which wrongly blocked it when a second message arrived
+   *     meanwhile). Returns the id to close, or null.
    */
   resolveCloseTarget(
     echoedTurnId: string | null | undefined,
     liveTurnId: string | null | undefined,
+    routedOriginId?: string | null,
   ): string | null {
     if (echoedTurnId != null) return echoedTurnId
-    if (liveTurnId != null && this.open.size === 1 && this.open.has(liveTurnId)) return liveTurnId
+    if (routedOriginId != null) return routedOriginId
+    if (liveTurnId != null && this.open.has(liveTurnId)) return liveTurnId
     return null
   }
 
-  /** Record that an obligation was just re-presented (bumps representCount). */
-  markRepresented(originTurnId: string): number {
+  /** Record that an obligation was just re-presented (bumps representCount, stamps
+   *  lastRepresentedAt for the per-represent grace window). */
+  markRepresented(originTurnId: string, now = Date.now()): number {
     const o = this.open.get(originTurnId)
     if (o === undefined) return 0
     o.representCount += 1
+    o.lastRepresentedAt = now
     this.persist()
     return o.representCount
   }

package/telegram-plugin/history.ts

@@ -546,6 +546,63 @@ export function getRecentOutboundCount(
   return row?.cnt ?? 0
 }
 
+/**
+ * Returns true if at least one SUBSTANTIVE outbound (bot → user, role='assistant')
+ * message was delivered to `chatId` (and optionally `threadId`) AFTER `sinceMs`
+ * (wall-clock epoch milliseconds). Used by the obligation sweep to suppress a false
+ * "I may have missed this" escalation when the agent visibly answered: if a
+ * substantive outbound landed since the obligation was opened, the obligation is
+ * stale — close it silently rather than alarming the user.
+ *
+ * SUBSTANTIVE: we never suppress escalation on a bare ack ("on it", "give me a
+ * sec") — an agent that acks then ghosts must still escalate. The history schema
+ * does not store a done/substantive flag, so we approximate: a row counts only
+ * when LENGTH(text) >= 200 (the FINAL_ANSWER_MIN_CHARS constant from
+ * final-answer-detect.ts). This is false-negative-safe: a genuine substantive
+ * answer that happens to be < 200 chars will still fire an escalation, which is
+ * the conservative (safe) outcome. A schema column would be more precise but is
+ * disproportionate for this predicate; the reviewer accepted this approach.
+ *
+ * `threadId` semantics:
+ *   - undefined → any message in the chat regardless of thread (DMs + supergroups)
+ *   - explicit number → only that thread (precise for supergroups with topics)
+ *   - explicit null → only chat-root (non-thread) messages
+ *
+ * Falls back to false (safe: never suppresses escalation) if history is not yet
+ * initialised or the query fails.
+ */
+export function hasOutboundDeliveredSince(
+  chatId: string,
+  sinceMs: number,
+  threadId?: number | null,
+): boolean {
+  try {
+    const cutoffSec = Math.floor(sinceMs / 1000)
+    const params: unknown[] = [chatId, cutoffSec]
+    // LENGTH(text) >= 200 scopes to substantive replies only — never suppress
+    // escalation on a mere ack. Mirrors FINAL_ANSWER_MIN_CHARS (200) from
+    // final-answer-detect.ts; the `done` flag is not stored in the history
+    // schema, so length is the closest available proxy.
+    let sql =
+      "SELECT 1 FROM messages WHERE chat_id = ? AND role = 'assistant' AND ts >= ? AND LENGTH(text) >= 200"
+    if (threadId !== undefined) {
+      if (threadId === null) {
+        sql += ' AND thread_id IS NULL'
+      } else {
+        sql += ' AND thread_id = ?'
+        params.push(threadId)
+      }
+    }
+    sql += ' LIMIT 1'
+    const row = requireDb()
+      .prepare(sql)
+      .get(...(params as [unknown, ...unknown[]])) as Record<string, unknown> | undefined
+    return row != null
+  } catch {
+    return false
+  }
+}
+
 export function query(opts: QueryOptions): RecordedMessage[] {
   const limit = Math.min(MAX_LIMIT, Math.max(1, opts.limit ?? DEFAULT_LIMIT))
   const params: unknown[] = [opts.chat_id]

package/telegram-plugin/tests/cron-session.test.ts

@@ -5,6 +5,7 @@ import {
   cronIdentity,
   isCronIdentity,
   resolveInjectTarget,
+  deliverInjectWithFallback,
 } from '../gateway/cron-session.js'
 
 describe('cron-session identity helpers', () => {
@@ -30,3 +31,38 @@ describe('cron-session identity helpers', () => {
     expect(resolveInjectTarget('clerk', { source: 'telegram' })).toBe('clerk')
   })
 })
+
+describe('deliverInjectWithFallback — a cron fire is never dropped by tier routing', () => {
+  it('delivers to the cron bridge when it is connected', () => {
+    const sent: string[] = []
+    const r = deliverInjectWithFallback('clerk', { session: 'cron' }, (t) => (sent.push(t), true))
+    expect(r).toEqual({ target: 'clerk-cron', delivered: true, fellBackToMain: false })
+    expect(sent).toEqual(['clerk-cron']) // tried cron only; it delivered
+  })
+
+  it('falls back to the MAIN bridge when the cron bridge is not connected', () => {
+    // The exact gap: a hot-added / agent-authored frequent cron whose
+    // boot-forked cron session isn't up. Must land on main, not vanish.
+    const sent: string[] = []
+    const r = deliverInjectWithFallback('clerk', { session: 'cron' }, (t) => {
+      sent.push(t)
+      return t === 'clerk' // cron bridge down, main up
+    })
+    expect(r).toEqual({ target: 'clerk', delivered: true, fellBackToMain: true })
+    expect(sent).toEqual(['clerk-cron', 'clerk']) // tried cron, then fell back to main
+  })
+
+  it('reports not-delivered only when BOTH cron and main are down (then it buffers)', () => {
+    const sent: string[] = []
+    const r = deliverInjectWithFallback('clerk', { session: 'cron' }, (t) => (sent.push(t), false))
+    expect(r).toEqual({ target: 'clerk-cron', delivered: false, fellBackToMain: false })
+    expect(sent).toEqual(['clerk-cron', 'clerk']) // tried both, both down
+  })
+
+  it('a non-cron (main) fire never tries a fallback', () => {
+    const sent: string[] = []
+    const r = deliverInjectWithFallback('clerk', { session: 'main' }, (t) => (sent.push(t), false))
+    expect(r).toEqual({ target: 'clerk', delivered: false, fellBackToMain: false })
+    expect(sent).toEqual(['clerk']) // only the main bridge, no cron fallback attempted
+  })
+})

package/telegram-plugin/tests/history.test.ts

@@ -10,6 +10,7 @@ import {
   query,
   getRecentOutboundCount,
   getLatestInboundMessageId,
+  hasOutboundDeliveredSince,
   _resetForTests,
 } from '../history.js'
 
@@ -363,6 +364,88 @@ describe('getRecentOutboundCount (backstop dedup helper)', () => {
   })
 })
 
+// A substantive reply: 200+ chars (the FINAL_ANSWER_MIN_CHARS threshold).
+const SUBSTANTIVE = 'A'.repeat(200)
+// A non-substantive ack: short (<200 chars).
+const ACK = 'On it.'
+
+describe('hasOutboundDeliveredSince', () => {
+  beforeEach(() => initHistory(stateDir, 30))
+
+  it('returns true when a substantive outbound exists after openedAt', () => {
+    const openedAt = 1_000_000 * 1000 // ms
+    recordOutbound({
+      chat_id: '-100',
+      thread_id: null,
+      message_ids: [10],
+      texts: [SUBSTANTIVE],
+      ts: 1_000_001, // sec — 1s after openedAt
+    })
+    expect(hasOutboundDeliveredSince('-100', openedAt)).toBe(true)
+  })
+
+  it('returns false when the only outbound is BEFORE openedAt', () => {
+    const openedAt = 1_000_002 * 1000 // ms — after the message
+    recordOutbound({
+      chat_id: '-100',
+      thread_id: null,
+      message_ids: [10],
+      texts: [SUBSTANTIVE],
+      ts: 1_000_001, // sec — before openedAt
+    })
+    expect(hasOutboundDeliveredSince('-100', openedAt)).toBe(false)
+  })
+
+  it('returns false for a non-substantive ack after openedAt (blocker regression)', () => {
+    // An agent that sends a short ack ("on it") then ghosts must NOT have
+    // its escalation suppressed. The predicate must never match a bare ack.
+    const openedAt = 1_000_000 * 1000
+    recordOutbound({
+      chat_id: '-100',
+      thread_id: null,
+      message_ids: [10],
+      texts: [ACK],          // < 200 chars — non-substantive
+      ts: 1_000_001,
+    })
+    expect(hasOutboundDeliveredSince('-100', openedAt)).toBe(false)
+  })
+
+  it('thread_id=undefined matches any thread (DM semantics)', () => {
+    const openedAt = 1_000_000 * 1000
+    recordOutbound({
+      chat_id: '-100',
+      thread_id: 5,
+      message_ids: [10],
+      texts: [SUBSTANTIVE],
+      ts: 1_000_001,
+    })
+    // No thread filter → should find it
+    expect(hasOutboundDeliveredSince('-100', openedAt, undefined)).toBe(true)
+  })
+
+  it('thread_id=number scopes to that thread only', () => {
+    const openedAt = 1_000_000 * 1000
+    recordOutbound({ chat_id: '-100', thread_id: 5, message_ids: [10], texts: [SUBSTANTIVE], ts: 1_000_001 })
+    expect(hasOutboundDeliveredSince('-100', openedAt, 5)).toBe(true)
+    expect(hasOutboundDeliveredSince('-100', openedAt, 6)).toBe(false)
+  })
+
+  it('thread_id=null matches only chat-root (non-thread) messages', () => {
+    const openedAt = 1_000_000 * 1000
+    recordOutbound({ chat_id: '-100', thread_id: null, message_ids: [10], texts: [SUBSTANTIVE], ts: 1_000_001 })
+    expect(hasOutboundDeliveredSince('-100', openedAt, null)).toBe(true)
+    // A thread-scoped message should NOT match the root filter
+    recordOutbound({ chat_id: '-100', thread_id: 3, message_ids: [11], texts: [SUBSTANTIVE], ts: 1_000_002 })
+    expect(hasOutboundDeliveredSince('-100', openedAt, null)).toBe(true) // root still there
+    expect(hasOutboundDeliveredSince('-100', openedAt, 3)).toBe(true)    // thread 3 also there
+    expect(hasOutboundDeliveredSince('-100', openedAt, 9)).toBe(false)   // thread 9 not there
+  })
+
+  it('returns false when no history is present for the chat', () => {
+    expect(hasOutboundDeliveredSince('-999', 0)).toBe(false)
+  })
+})
+
 describe('secret redaction at persistence (both directions)', () => {
   beforeEach(() => initHistory(stateDir, 30))