switchroom 0.5.0 → 0.7.9

package/telegram-plugin/gateway/ipc-protocol.ts

@@ -139,6 +139,38 @@ export interface UpdatePlaceholderMessage {
   text: string;
 }
 
+/**
+ * Phase 2 cron-fold-in: a privileged client (the in-agent scheduler
+ * sibling, supervised by start.sh under SWITCHROOM_INLINE_SCHEDULER=1)
+ * sends this to the gateway to inject a synthesized turn into the
+ * agent's bridge. The gateway forwards the embedded `inbound` envelope
+ * verbatim via `ipcServer.sendToAgent(agentName, inbound)`.
+ *
+ * Why a separate envelope rather than a direct inbound on the wire:
+ *   1. ClientToGateway and GatewayToClient are distinct directions.
+ *      A client cannot send a `type: "inbound"` message — that's a
+ *      gateway→client envelope. The bridge's validateGatewayMessage
+ *      is its security boundary, and the gateway's validateClientMessage
+ *      is the parallel boundary on this side. Wrapping in
+ *      `inject_inbound` keeps both validators sharp on their own
+ *      direction.
+ *   2. The gateway is *deciding* to forward — a future scope check
+ *      (e.g., reject inbounds whose `meta.source` is not in a known
+ *      set, rate-limit per sender) lives naturally at the gateway.
+ *
+ * Trust model: the gateway socket lives at a per-agent path inside
+ * the agent container; only processes inside that container can
+ * connect. `inject_inbound` is therefore as trusted as any other
+ * process running under that agent's UID.
+ */
+export interface InjectInboundMessage {
+  type: "inject_inbound";
+  /** Target agent name — the gateway routes via sendToAgent. */
+  agentName: string;
+  /** Forwarded verbatim to the bridge as a `type: "inbound"` envelope. */
+  inbound: InboundMessage;
+}
+
 export type ClientToGateway =
   | RegisterMessage
   | ToolCallMessage
@@ -148,4 +180,5 @@ export type ClientToGateway =
   | ScheduleRestartMessage
   | OperatorEventForward
   | PtyPartialForward
-  | UpdatePlaceholderMessage;
+  | UpdatePlaceholderMessage
+  | InjectInboundMessage;

package/telegram-plugin/gateway/ipc-server.ts

@@ -3,6 +3,7 @@ import type {
   ClientToGateway,
   GatewayToClient,
   HeartbeatMessage,
+  InjectInboundMessage,
   OperatorEventForward,
   PermissionRequestForward,
   PtyPartialForward,
@@ -30,6 +31,15 @@ export interface IpcServerOptions {
    * messages will be silently dropped at dispatch.
    */
   onPtyPartial?: (client: IpcClient, msg: PtyPartialForward) => void;
+  /**
+   * Phase 2 cron-fold-in: invoked when a privileged in-container client
+   * (the agent-scheduler sibling) asks the gateway to forward a
+   * synthesized InboundMessage to a registered bridge. The handler is
+   * expected to call `ipcServer.sendToAgent(msg.agentName, msg.inbound)`
+   * (or its own equivalent). Optional: gateways that don't run the
+   * inline scheduler simply ignore inject_inbound messages.
+   */
+  onInjectInbound?: (client: IpcClient, msg: InjectInboundMessage) => void;
   log?: (msg: string) => void;
   /**
    * How long (in ms) to wait without a heartbeat before force-closing the
@@ -161,6 +171,27 @@ export function validateClientMessage(msg: unknown): msg is ClientToGateway {
       // ipc-protocol.ts for context.
       return typeof m.chatId === "string" && (m.chatId as string).length > 0
         && typeof m.text === "string" && (m.text as string).length <= 8192;
+    case "inject_inbound": {
+      // Phase 2 cron-fold-in. The wrapped `inbound` is forwarded
+      // verbatim to the bridge as a `type: "inbound"` envelope, so
+      // we validate the same fields the bridge's
+      // validateGatewayMessage cares about (`chatId`, `text`) plus
+      // the basic structural shape every InboundMessage carries.
+      if (typeof m.agentName !== "string"
+        || !AGENT_NAME_RE.test(m.agentName as string)) return false;
+      if (typeof m.inbound !== "object" || m.inbound === null) return false;
+      const inb = m.inbound as Record<string, unknown>;
+      return inb.type === "inbound"
+        && typeof inb.chatId === "string"
+        && (inb.chatId as string).length > 0
+        && typeof inb.text === "string"
+        && typeof inb.messageId === "number"
+        && typeof inb.user === "string"
+        && typeof inb.userId === "number"
+        && typeof inb.ts === "number"
+        && typeof inb.meta === "object"
+        && inb.meta !== null;
+    }
     default:
       return false;
   }
@@ -178,6 +209,7 @@ export function createIpcServer(options: IpcServerOptions): IpcServer {
     onScheduleRestart,
     onOperatorEvent,
     onPtyPartial,
+    onInjectInbound,
     log = () => {},
     heartbeatTimeoutMs = 30_000,
   } = options;
@@ -263,6 +295,9 @@ export function createIpcServer(options: IpcServerOptions): IpcServer {
       case "pty_partial":
         if (onPtyPartial) onPtyPartial(client, msg as PtyPartialForward);
         break;
+      case "inject_inbound":
+        if (onInjectInbound) onInjectInbound(client, msg as InjectInboundMessage);
+        break;
       case "update_placeholder":
         // Legacy recall.py IPC — placeholder UX was removed in #553 PR 5.
         // Soft-accepted so recall.py keeps working without modifying

package/telegram-plugin/gateway/startup-mutex.ts

@@ -27,6 +27,29 @@
  * Releases happen on shutdown (SIGTERM/SIGINT/uncaught error) by
  * unlinking the canonical path. We log every state transition; do NOT
  * silently swallow filesystem errors.
+ *
+ * Container/PID-namespace correctness (#884):
+ * -------------------------------------------
+ * Under v0.7 docker each agent runs in its own PID namespace. The
+ * gateway PID written to disk inside the previous container instance
+ * is meaningless in the new container — PID 10 in container A and
+ * PID 10 in container B are unrelated processes. `process.kill(pid, 0)`
+ * happily reports "alive" because the PID number is reused by an
+ * unrelated current-container process (tini's child, autoaccept-poll,
+ * etc.), and the new gateway aborts with `another_gateway_is_live`.
+ *
+ * Fix: stamp every record with a `bootId` derived from PID 1's
+ * `starttime` (clock ticks since system boot, field 22 in /proc/1/stat).
+ * Inside a container, PID 1 is tini and its starttime is the container's
+ * start instant — survives PID recycling within the namespace, but
+ * differs from any other container's PID 1 starttime. On bare metal
+ * PID 1 is systemd/init; the field still uniquely identifies the host
+ * boot. The PID-liveness check is now gated on bootId match: same boot
+ * → trust kill(pid,0); different boot → record is stale regardless.
+ *
+ * Records written by older versions have no `bootId`. We treat those as
+ * "unknown boot" and fall back to the legacy kill-based check — same
+ * behavior as before this fix, so the upgrade path is one-way safe.
  */
 import {
   link as linkAsync,
@@ -34,10 +57,48 @@ import {
   writeFile as writeFileAsync,
   readFile as readFileAsync,
 } from "node:fs/promises";
+import { readFileSync } from "node:fs";
 
 export interface MutexRecord {
   pid: number;
   startedAtMs: number;
+  /**
+   * Identifier of the OS/container boot during which this record was
+   * written. See "Container/PID-namespace correctness" in the file
+   * header. Optional for backwards compatibility with records written
+   * by pre-#884 gateway versions.
+   */
+  bootId?: string;
+}
+
+/**
+ * Read PID 1's start-time-in-clock-ticks from /proc/1/stat (field 22).
+ *
+ * Inside a docker container the PID-1 starttime is tied to the
+ * container instance and survives PID recycling but differs across
+ * container recreations. On bare metal it identifies the host boot.
+ * Returns `null` outside Linux or when /proc/1/stat is unreadable —
+ * callers fall back to legacy PID-only checks in that case.
+ *
+ * The 22nd field (`starttime`) appears AFTER the `comm` field which
+ * is wrapped in parentheses and may contain spaces/parens itself, so
+ * we slice past the LAST `)` before splitting on whitespace.
+ */
+export function readCurrentBootId(): string | null {
+  try {
+    const stat = readFileSync("/proc/1/stat", "utf-8");
+    const lastParen = stat.lastIndexOf(")");
+    if (lastParen < 0) return null;
+    const tail = stat.slice(lastParen + 1).trim();
+    const fields = tail.split(/\s+/);
+    // Field index in the post-comm tail: original fields 3..N → tail[0..]
+    // starttime is original field 22, so tail index 22 - 3 = 19.
+    const starttime = fields[19];
+    if (!starttime || !/^\d+$/.test(starttime)) return null;
+    return `pid1:${starttime}`;
+  } catch {
+    return null;
+  }
 }
 
 export type AcquireOutcome =
@@ -63,6 +124,14 @@ export interface AcquireOptions {
    * Injectable so tests can simulate dead/alive PIDs without forking.
    */
   isPidAlive?: (pid: number) => boolean;
+  /**
+   * Override for "what boot are we in right now". Defaults to
+   * `readCurrentBootId()`. Injectable so tests can simulate
+   * container-restart scenarios without recreating containers.
+   * `null` disables the bootId gate (treats all records as
+   * same-boot — the legacy pre-#884 behavior).
+   */
+  currentBootId?: string | null;
   /**
    * Logger. Defaults to process.stderr.write. Lines are pre-formatted
    * with the `telegram gateway:` prefix to match journalctl style.
@@ -114,7 +183,11 @@ async function tryReadRecord(path: string): Promise<MutexRecord | null> {
       Number.isFinite(parsed.pid) &&
       Number.isFinite(parsed.startedAtMs)
     ) {
-      return { pid: parsed.pid, startedAtMs: parsed.startedAtMs };
+      const out: MutexRecord = { pid: parsed.pid, startedAtMs: parsed.startedAtMs };
+      if (typeof parsed.bootId === "string" && parsed.bootId.length > 0) {
+        out.bootId = parsed.bootId;
+      }
+      return out;
     }
     return null;
   } catch {
@@ -139,8 +212,18 @@ export async function acquireStartupLock(
   const { path, record, agentName } = opts;
   const agentTag = fmtAgent(agentName);
 
+  // Resolve the current bootId. `undefined` in opts means "use the
+  // process default"; an explicit `null` opts out (legacy behavior).
+  const currentBootId =
+    opts.currentBootId === undefined ? readCurrentBootId() : opts.currentBootId;
+
+  // Stamp our own record with the bootId so future boots know whether
+  // we belong to the same container/host as them. Don't mutate the
+  // caller's record object.
+  const recordToWrite: MutexRecord =
+    currentBootId != null ? { ...record, bootId: currentBootId } : { ...record };
   const tmp = tmpPath(path, record.pid);
-  const payload = JSON.stringify(record);
+  const payload = JSON.stringify(recordToWrite);
 
   // Write the tmp file first. If this throws, the canonical isn't
   // touched — caller can retry on a fresh boot.
@@ -187,6 +270,31 @@ export async function acquireStartupLock(
         continue;
       }
 
+      // Boot/PID-namespace gate (#884). If the holder record carries a
+      // bootId AND it doesn't match ours, the holder PID is from a
+      // different container/host boot and `kill(pid, 0)` against it is
+      // meaningless — same PID number could be a live unrelated process
+      // in our namespace. Skip the kill check, treat as stale, recover.
+      // If either side has no bootId we fall back to the legacy PID
+      // check (preserves pre-#884 behavior for non-Linux dev/test runs
+      // and for upgrades from records that pre-date the bootId field).
+      const bootMismatch =
+        currentBootId != null && holder.bootId != null && holder.bootId !== currentBootId;
+
+      if (bootMismatch) {
+        log(
+          `telegram gateway: boot.lock_stale_recovered_boot_mismatch prior_pid=${holder.pid} prior_started_at=${new Date(
+            holder.startedAtMs,
+          ).toISOString()} prior_boot=${holder.bootId} current_boot=${currentBootId}${agentTag}`,
+        );
+        await unlinkAsync(path).catch((unlinkErr: unknown) => {
+          const code = (unlinkErr as NodeJS.ErrnoException).code;
+          if (code !== "ENOENT") throw unlinkErr;
+        });
+        recoveredFrom = holder;
+        continue;
+      }
+
       if (isAlive(holder.pid)) {
         // Live holder. Drop tmp and report blocked.
         await unlinkAsync(tmp).catch(() => {});

package/telegram-plugin/hooks/hooks.json

@@ -19,6 +19,15 @@
             "timeout": 10
           }
         ]
+      },
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node \"${CLAUDE_PLUGIN_ROOT}/hooks/tool-label-pretool.mjs\"",
+            "timeout": 5
+          }
+        ]
       }
     ],
     "PostToolUse": [
@@ -52,6 +61,16 @@
             "timeout": 5
           }
         ]
+      },
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node \"${CLAUDE_PLUGIN_ROOT}/hooks/tool-label-stop.mjs\"",
+            "timeout": 5,
+            "async": true
+          }
+        ]
       }
     ]
   }

package/telegram-plugin/hooks/tool-label-pretool.mjs

@@ -0,0 +1,216 @@
+#!/usr/bin/env node
+/**
+ * PreToolUse hook — emits a deterministic human label per tool call.
+ *
+ * Claude Code PreToolUse protocol (v1):
+ *   Input:  JSON on stdin — { session_id, tool_name, tool_input, tool_use_id, cwd, ... }
+ *   Output: exit 0 + empty stdout → allow. We NEVER emit JSON to stdout
+ *           (would risk hookSpecificOutput.updatedInput collisions). We
+ *           NEVER exit non-zero (exit 2 BLOCKS the tool call).
+ *
+ * Side effect: appends one JSON line to
+ *   $TELEGRAM_STATE_DIR/tool-labels-${session_id}.jsonl
+ * with shape { ts, tool_use_id, agent_id, label, tool_name }.
+ *
+ * If $TELEGRAM_STATE_DIR is unset → silent skip (renderer just falls back
+ * to its existing precedence ladder). If session_id or tool_use_id is
+ * missing → skip (the row could never be joined anyway). If the rule
+ * table doesn't produce a label for the tool → skip.
+ *
+ * Tools intentionally NOT labeled here (handled by existing description
+ * / TodoWrite / sub-agent panels in the renderer):
+ *   Bash, Task, Agent, TodoWrite
+ *
+ * Issue #783.
+ */
+
+import { readFileSync, mkdirSync, appendFileSync, existsSync } from 'node:fs'
+import { join, basename } from 'node:path'
+
+function readStdin() {
+  try {
+    return readFileSync(0, 'utf8')
+  } catch {
+    return ''
+  }
+}
+
+/**
+ * One-line, length-bounded escape of a value for inclusion in a label.
+ * Newlines collapsed, very long strings truncated with an ellipsis.
+ */
+function clip(s, max = 80) {
+  if (s == null) return ''
+  let v = String(s).replace(/\s+/g, ' ').trim()
+  if (v.length > max) v = v.slice(0, max - 1) + '…'
+  return v
+}
+
+function safeBasename(p) {
+  if (!p || typeof p !== 'string') return ''
+  try {
+    const b = basename(p)
+    return b || p
+  } catch {
+    return p
+  }
+}
+
+function urlHostPath(u) {
+  if (!u || typeof u !== 'string') return ''
+  try {
+    const x = new URL(u)
+    return x.host + (x.pathname && x.pathname !== '/' ? x.pathname : '')
+  } catch {
+    return u
+  }
+}
+
+/**
+ * Compute a label for a (toolName, input) pair. Returns null when the
+ * tool should NOT be labeled (suppress / fall through to existing
+ * renderer precedence).
+ */
+export function computeLabel(toolName, input) {
+  const i = input ?? {}
+
+  // Tools whose labels are already handled elsewhere — emit nothing so
+  // the existing description / TodoWrite / sub-agent paths win.
+  switch (toolName) {
+    case 'Bash':
+    case 'Task':
+    case 'Agent':
+    case 'TodoWrite':
+    case 'ToolSearch':
+      return null
+  }
+
+  // Built-in rule table.
+  switch (toolName) {
+    case 'Read':
+      return `Reading ${clip(safeBasename(i.file_path))}`.trim()
+    case 'Edit':
+      return `Editing ${clip(safeBasename(i.file_path))}`.trim()
+    case 'Write':
+      return `Writing ${clip(safeBasename(i.file_path))}`.trim()
+    case 'Grep': {
+      const path = i.path ? clip(String(i.path), 40) : '.'
+      const pat = clip(String(i.pattern ?? ''), 40)
+      return `Searching ${path} for ${pat}`
+    }
+    case 'Glob':
+      return `Finding files matching ${clip(String(i.pattern ?? ''), 60)}`
+    case 'WebFetch':
+      return `Fetching ${clip(urlHostPath(i.url), 60)}`
+    case 'WebSearch':
+      return `Searching the web for ${clip(String(i.query ?? ''), 60)}`
+    case 'NotebookEdit':
+      return `Editing notebook ${clip(safeBasename(i.notebook_path))}`
+    case 'BashOutput':
+      return 'Reading background output'
+    case 'KillBash':
+    case 'KillShell':
+      return 'Stopping background process'
+  }
+
+  // MCP allowlist.
+  if (typeof toolName === 'string' && toolName.startsWith('mcp__')) {
+    switch (toolName) {
+      case 'mcp__switchroom-telegram__reply':
+      case 'mcp__switchroom-telegram__stream_reply':
+        return 'Replying'
+      case 'mcp__switchroom-telegram__react': {
+        const emoji = clip(String(i.emoji ?? ''), 8)
+        return emoji ? `Reacting ${emoji}` : 'Reacting'
+      }
+      case 'mcp__switchroom-telegram__get_recent_messages':
+        return 'Reading chat history'
+      case 'mcp__hindsight__recall':
+      case 'mcp__hindsight__reflect':
+        return 'Searching memory'
+      case 'mcp__hindsight__retain':
+        return 'Saving memory'
+      // Explicit suppressions — return null so we don't emit a sidecar
+      // line at all. (Falling through to the default below produces the
+      // same effect, but listing these makes the intent obvious.)
+      case 'mcp__switchroom-telegram__send_typing':
+      case 'mcp__hindsight__sync_retain':
+        return null
+    }
+    // Any other mcp__* tool: not on the allowlist, no label.
+    return null
+  }
+
+  return null
+}
+
+function main() {
+  const raw = readStdin().trim()
+  if (!raw) process.exit(0)
+
+  let event
+  try {
+    event = JSON.parse(raw)
+  } catch {
+    process.exit(0)
+  }
+
+  const stateDir = process.env.TELEGRAM_STATE_DIR
+  if (!stateDir || stateDir.length === 0) process.exit(0)
+
+  const sessionId = event.session_id
+  const toolUseId = event.tool_use_id
+  const toolName = event.tool_name
+  if (!sessionId || !toolUseId || !toolName) process.exit(0)
+
+  let label
+  try {
+    label = computeLabel(toolName, event.tool_input)
+  } catch {
+    process.exit(0)
+  }
+  if (!label) process.exit(0)
+
+  // agent_id: Claude Code does not pass sub-agent agent_id directly to
+  // the hook; fall back to SWITCHROOM_AGENT_NAME or the cwd basename.
+  const agentId =
+    process.env.SWITCHROOM_AGENT_NAME ??
+    (event.cwd ? safeBasename(event.cwd) : null) ??
+    null
+
+  const line = JSON.stringify({
+    ts: Date.now(),
+    tool_use_id: toolUseId,
+    agent_id: agentId,
+    label,
+    tool_name: toolName,
+  }) + '\n'
+
+  try {
+    if (!existsSync(stateDir)) {
+      mkdirSync(stateDir, { recursive: true })
+    }
+    const target = join(stateDir, `tool-labels-${sessionId}.jsonl`)
+    appendFileSync(target, line)
+  } catch (err) {
+    // Never block. Surface to stderr (captured by plugin-logger).
+    try {
+      process.stderr.write(
+        `[tool-label-pretool] write failed: ${err?.message ?? err}\n`,
+      )
+    } catch { /* ignore */ }
+  }
+
+  process.exit(0)
+}
+
+// Skip main() when imported (for unit tests of computeLabel).
+const isMain = (() => {
+  try {
+    const argv1 = process.argv[1] ?? ''
+    return argv1.endsWith('tool-label-pretool.mjs')
+  } catch {
+    return false
+  }
+})()
+if (isMain) main()

package/telegram-plugin/hooks/tool-label-stop.mjs

@@ -0,0 +1,63 @@
+#!/usr/bin/env node
+/**
+ * Stop hook — reaps stale tool-label sidecar files.
+ *
+ * Removes $TELEGRAM_STATE_DIR/tool-labels-*.jsonl files older than 24h.
+ * If more than 50 sidecar files exist, removes the oldest down to 50.
+ * Always exits 0.
+ *
+ * Issue #783.
+ */
+
+import { readdirSync, statSync, unlinkSync } from 'node:fs'
+import { join } from 'node:path'
+
+const TWENTY_FOUR_HOURS_MS = 24 * 60 * 60 * 1000
+const MAX_SIDECARS = 50
+
+function main() {
+  const stateDir = process.env.TELEGRAM_STATE_DIR
+  if (!stateDir || stateDir.length === 0) process.exit(0)
+
+  let entries
+  try {
+    entries = readdirSync(stateDir)
+  } catch {
+    process.exit(0)
+  }
+
+  const now = Date.now()
+  const sidecars = []
+  for (const name of entries) {
+    if (!name.startsWith('tool-labels-') || !name.endsWith('.jsonl')) continue
+    const full = join(stateDir, name)
+    try {
+      const st = statSync(full)
+      sidecars.push({ path: full, mtime: st.mtimeMs })
+    } catch {
+      // ignore
+    }
+  }
+
+  // 1) Age-based reap
+  for (const s of sidecars) {
+    if (now - s.mtime > TWENTY_FOUR_HOURS_MS) {
+      try { unlinkSync(s.path) } catch { /* ignore */ }
+      s._removed = true
+    }
+  }
+
+  // 2) Cap by count — drop oldest beyond MAX_SIDECARS
+  const remaining = sidecars.filter((s) => !s._removed)
+  if (remaining.length > MAX_SIDECARS) {
+    remaining.sort((a, b) => a.mtime - b.mtime)
+    const toDrop = remaining.length - MAX_SIDECARS
+    for (let i = 0; i < toDrop; i++) {
+      try { unlinkSync(remaining[i].path) } catch { /* ignore */ }
+    }
+  }
+
+  process.exit(0)
+}
+
+main()

package/telegram-plugin/package.json

@@ -19,11 +19,14 @@
     "start:source": "bun server.ts",
     "start:dist": "bun dist/server.js",
     "build": "node scripts/build.mjs",
-    "prepublishOnly": "npm run build"
+    "prepublishOnly": "npm run build",
+    "test:uat": "vitest run --config ../vitest.uat.config.ts",
+    "uat:login": "bun uat/login.ts"
   },
   "dependencies": {
     "@grammyjs/runner": "^2.0.3",
     "@modelcontextprotocol/sdk": "^1.0.0",
+    "@mtcute/node": "^0.27.0",
     "@secretlint/core": "^12.2.0",
     "@secretlint/secretlint-rule-preset-recommend": "^12.2.0",
     "@secretlint/types": "^12.2.0",

package/telegram-plugin/plugin-logger.ts

@@ -24,7 +24,13 @@ import { homedir } from 'os'
 import { dirname, join } from 'path'
 
 const DEFAULT_LOG_PATH = join(homedir(), '.switchroom', 'logs', 'telegram-plugin.log')
-const ROTATE_AT_BYTES = 5 * 1024 * 1024 // 5 MB
+// Retention bump (#card-audit-log): the new structured `card-events.jsonl`
+// is the durable audit trail; this file is the freeform freestream. Bump
+// from 5 MB × 1 backup to 50 MB × 5 backups so a multi-day card-render
+// regression is still grep-able from the raw log when the operator goes
+// looking days later.
+const ROTATE_AT_BYTES = 50 * 1024 * 1024 // 50 MB
+const ROTATION_BACKUPS = 5
 
 export interface PluginLoggerHandle {
   /** Stop intercepting and restore the original stderr.write. */
@@ -59,6 +65,18 @@ function rotateIfNeeded(path: string): void {
   try {
     const st = statSync(path)
     if (st.size < ROTATE_AT_BYTES) return
+    // Shift backups: .N-1 → .N, .N-2 → .N-1, ..., .1 → .2, current → .1.
+    // Best-effort: any rename that fails (missing intermediate, permission)
+    // is swallowed so logging never throws.
+    for (let i = ROTATION_BACKUPS - 1; i >= 1; i--) {
+      const src = `${path}.${i}`
+      const dst = `${path}.${i + 1}`
+      try {
+        if (existsSync(src)) renameSync(src, dst)
+      } catch {
+        // ignore
+      }
+    }
     const backup = `${path}.1`
     renameSync(path, backup)
   } catch {
@@ -133,4 +151,5 @@ export function _resetForTests(): void {
 export const _internals = {
   DEFAULT_LOG_PATH,
   ROTATE_AT_BYTES,
+  ROTATION_BACKUPS,
 }