switchroom 0.7.13 → 0.7.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (18) hide show
  1. package/README.md +4 -4
  2. package/dist/agent-scheduler/index.js +80 -80
  3. package/dist/cli/switchroom.js +1881 -2878
  4. package/dist/vault/approvals/kernel-server.js +88 -85
  5. package/dist/vault/broker/server.js +495 -1785
  6. package/package.json +2 -4
  7. package/telegram-plugin/bridge/bridge.ts +17 -0
  8. package/telegram-plugin/dist/bridge/bridge.js +128 -112
  9. package/telegram-plugin/dist/foreman/foreman.js +185 -1696
  10. package/telegram-plugin/dist/gateway/gateway.js +542 -1682
  11. package/telegram-plugin/dist/server.js +176 -160
  12. package/telegram-plugin/gateway/gateway.ts +495 -7
  13. package/telegram-plugin/secret-detect/vault-error.test.ts +134 -0
  14. package/telegram-plugin/secret-detect/vault-error.ts +202 -0
  15. package/skills/docx/scripts/office/validators/__pycache__/__init__.cpython-313.pyc +0 -0
  16. package/skills/docx/scripts/office/validators/__pycache__/base.cpython-313.pyc +0 -0
  17. package/telegram-plugin/node_modules/.vite/vitest/da39a3ee5e6b4b0d3255bfef95601890afd80709/results.json +0 -1
  18. package/telegram-plugin/server.js +0 -41795
package/README.md CHANGED
@@ -254,7 +254,7 @@ See [docs/configuration.md](docs/configuration.md) for the full reference.
254
254
 
255
255
  ## Vault broker (cron secrets)
256
256
 
257
- Scheduled tasks run headless inside the agent container, so they can't prompt for the vault passphrase. The vault broker is a long-running container (`switchroom-broker`) that holds the vault decrypted in memory after a one-time interactive unlock. Cron tasks fetch the specific keys they declare via a host-shared unix socket. The passphrase never sits on disk.
257
+ Scheduled tasks run headless inside the agent container, so they can't prompt for the vault passphrase. The vault broker is a long-running container (`switchroom-vault-broker`) that holds the vault decrypted in memory after a one-time interactive unlock. Cron tasks fetch the specific keys they declare via a per-agent unix socket. The passphrase never sits on disk.
258
258
 
259
259
  **Declare per-cron secrets in `switchroom.yaml`:**
260
260
 
@@ -273,17 +273,17 @@ agents:
273
273
 
274
274
  ```bash
275
275
  switchroom apply # writes broker into docker-compose.yml
276
- docker compose -p switchroom -f ~/.switchroom/compose/docker-compose.yml up -d switchroom-broker
276
+ docker compose -p switchroom -f ~/.switchroom/compose/docker-compose.yml up -d switchroom-vault-broker
277
277
  switchroom vault broker unlock # prompt for passphrase, primes broker
278
278
  ```
279
279
 
280
280
  Or just run `switchroom vault get <key>` from a TTY. The broker offers to take the unlocked state with `[Y/n]` so you don't have to remember a separate unlock command.
281
281
 
282
- **Identity model.** The broker reads `/proc/<pid>/cgroup` on the host to find the connecting cron's container (`switchroom-<agent>-scheduler` or `switchroom-<agent>`), which Docker sets unspoofably from userspace, so a compromised agent cannot pose as another agent's cron and read its keys. macOS (Docker Desktop) degrades to UID-only via the socket file mode 0600. Fine for desktop use, not recommended for production cron.
282
+ **Identity model (v0.7+).** Path-as-identity. The broker binds one socket per agent at `/run/switchroom/broker/<agent>/sock` inside its own container, hosted via a per-agent named volume that's also mounted at `/run/switchroom/broker/` inside `agent-<agent>`. The agent name is parsed unspoofably from the bind path — see `src/vault/broker/peercred.ts:socketPathToAgent()`. A compromised agent cannot pose as another agent's cron because it only ever sees its own socket on its mount. ACL is bind-time, never wire-time.
283
283
 
284
284
  The broker locks on `SIGTERM` (so a container restart zeros the in-memory state) and on demand via `switchroom vault broker lock`. Use `switchroom vault get <key> --no-broker` to bypass and prompt locally.
285
285
 
286
- Broker socket lives at `~/.switchroom/vault-broker.sock` (host-mounted into every agent container).
286
+ Vault file (post-v0.7.12) lives at `~/.switchroom/vault/vault.enc` — a directory, not a single file, so atomic rename can use the parent as the staging dir. See [docs/vault.md](docs/vault.md) for the layout rationale.
287
287
 
288
288
  ### Auto-unlock on boot (opt-in)
289
289