switchroom 0.7.15 → 0.10.0

package/telegram-plugin/hooks/wedge-detect-posttool.mjs

@@ -0,0 +1,303 @@
+#!/usr/bin/env node
+/**
+ * PostToolUse hook — detect a wedged persistent-bash session.
+ *
+ * Claude Code's Bash tool uses a persistent `bash` subprocess for state
+ * continuity (so `cd /foo` in one call survives to the next). When that
+ * subprocess's IO state desyncs — typically after a long-running or
+ * interrupted command leaves stdin in mid-heredoc, or after sentinel
+ * parsing breaks — every subsequent Bash call returns exit-1 with empty
+ * stdout and empty stderr. Even `true` returns exit 1. The wedge is
+ * sticky for the session; `switchroom agent restart <self>` is the only
+ * reliable recovery (it spawns a fresh `claude` → fresh persistent bash).
+ *
+ * This hook watches PostToolUse events for the wedge signature and,
+ * after N consecutive matches, writes a sentinel + logs to stderr so
+ * the operator (via `docker logs`) or the gateway (via a future card)
+ * can prompt for restart. The hook itself can NEVER fix the wedge —
+ * PostToolUse fires after the tool already ran. It's a detection +
+ * surfacing surface, not a recovery surface.
+ *
+ * Claude Code PostToolUse protocol:
+ *   stdin:  JSON { tool_name, tool_use_id, tool_input, tool_response, ... }
+ *   stdout: optional JSON (hookSpecificOutput.additionalContext for next
+ *           turn). We use this to nudge the model toward KillBash +
+ *           self-restart guidance once the wedge is detected.
+ *   exit:   0 always. Hook failures must never block the tool flow.
+ *
+ * State:
+ *   $TELEGRAM_STATE_DIR/wedge-counter.txt — integer, consecutive empty Bash
+ *     results. Reset to 0 on any non-Bash event or any non-empty Bash
+ *     result. Incremented on each empty Bash result.
+ *   $TELEGRAM_STATE_DIR/wedge-detected.json — JSON sentinel written when
+ *     counter reaches THRESHOLD. Contains { ts, session_id, agent,
+ *     consecutive }. Gateway can poll for this and surface a card; for
+ *     now its presence is informational only.
+ *
+ * Threshold: 3. Picked to balance false positives (some real commands
+ * legitimately produce no output and exit non-zero, e.g. `test -f
+ * /nonexistent`) against latency-to-detect. Three in a row is rare
+ * outside genuine wedge.
+ *
+ * Detection is shape-based not exit-code-based because the tool_response
+ * shape varies by Claude Code version. We match on:
+ *   - tool_name === "Bash"
+ *   - stringified response contains BOTH empty stdout marker AND empty
+ *     stderr marker. Marker patterns covered: <bash-stdout></bash-stdout>,
+ *     "stdout":"" + "stderr":"", and the bare "(no output)" string some
+ *     versions emit.
+ *
+ * If detection markers change in a future Claude Code release, this hook
+ * silently misses the wedge — that's the right failure mode (better than
+ * false-firing).
+ */
+
+import { readFileSync, writeFileSync, existsSync, mkdirSync, rmSync } from 'node:fs'
+import { join, dirname } from 'node:path'
+
+// Higher than the original 3 to avoid false-firing on legitimate
+// empty-output command sequences (a sed, then two greps with no matches,
+// is a normal refactor pattern and shouldn't trigger). PR #1188 review
+// found 3 was guaranteed-FP. 5 + the noOutputExpected /
+// returnCodeInterpretation skip below should keep real wedges detectable
+// while staying quiet during normal grep/find/sed chains.
+const THRESHOLD = 5
+
+// node:fs operations on the counter / sentinel files are read-modify-write
+// without explicit locking. Safe because Claude Code serializes tool calls
+// per session — there is at most one PostToolUse fire in flight per agent
+// at any time. Documented so a future caller doesn't introduce parallelism
+// and silently lose counts.
+
+function readStdin() {
+  try {
+    return readFileSync(0, 'utf8')
+  } catch {
+    return ''
+  }
+}
+
+function stateDir() {
+  return process.env.TELEGRAM_STATE_DIR || null
+}
+
+function counterPath() {
+  const dir = stateDir()
+  return dir ? join(dir, 'wedge-counter.txt') : null
+}
+
+function sentinelPath() {
+  const dir = stateDir()
+  return dir ? join(dir, 'wedge-detected.json') : null
+}
+
+function readCounter() {
+  const p = counterPath()
+  if (!p || !existsSync(p)) return 0
+  try {
+    const raw = readFileSync(p, 'utf8').trim()
+    const n = Number.parseInt(raw, 10)
+    return Number.isFinite(n) && n >= 0 ? n : 0
+  } catch {
+    return 0
+  }
+}
+
+function writeCounter(n) {
+  const p = counterPath()
+  if (!p) return
+  try {
+    mkdirSync(dirname(p), { recursive: true })
+    writeFileSync(p, String(n), 'utf8')
+  } catch {
+    // fail-silent; counter loss just delays detection by a couple of cycles
+  }
+}
+
+function writeSentinel(payload) {
+  const p = sentinelPath()
+  if (!p) return
+  try {
+    mkdirSync(dirname(p), { recursive: true })
+    writeFileSync(p, JSON.stringify(payload, null, 2), 'utf8')
+  } catch {
+    // fail-silent
+  }
+}
+
+function clearSentinel() {
+  const p = sentinelPath()
+  if (!p) return
+  try {
+    rmSync(p, { force: true })
+  } catch {
+    // fail-silent
+  }
+}
+
+function resetCounter() {
+  // Counter reset means we're back in healthy territory — clear the
+  // sentinel too so a future operator-side surface that polls for
+  // `wedge-detected.json` doesn't see stale state from a long-cleared
+  // wedge. Per PR #1188 review B2.
+  writeCounter(0)
+  clearSentinel()
+}
+
+/**
+ * Test whether a Bash tool_response matches the wedge signature.
+ *
+ * The wedge produces: empty stdout AND empty stderr AND no
+ * Claude-Code-supplied "no output is expected here" annotation AND not
+ * interrupted by the user.
+ *
+ * The benign empty-output cases that PR #1188 review B1 called out
+ * (grep/find/sed/test with no matches or in-place mutation) are
+ * disambiguated by:
+ *   - `noOutputExpected: true` — Claude Code annotates Bash calls whose
+ *     command pattern legitimately produces no output.
+ *   - `returnCodeInterpretation: "..."` — present when Claude Code has
+ *     a human-readable explanation for the exit code (e.g. "No matches
+ *     found" for grep). Its presence means "this empty result is
+ *     understood, not a desync."
+ *   - `interrupted: true` — user pressed `!` mid-command. Not a wedge.
+ *
+ * Defensive: response shape varies across Claude Code versions and
+ * across plain-string vs structured-object representations. We check
+ * each known marker and fail-no-match on anything else.
+ */
+function isEmptyBashResponse(toolResponse) {
+  if (toolResponse == null) return false
+
+  // Structured-object path. Most reliable — read the fields directly
+  // and consult the annotations.
+  if (typeof toolResponse === 'object') {
+    const r = toolResponse
+    // Interruption is user-initiated, not a desync. Don't count.
+    if (r.interrupted === true) return false
+    // Claude Code already knows this command's empty output is expected.
+    if (r.noOutputExpected === true) return false
+    // Claude Code has a human-readable explanation — the empty result is
+    // accounted for, not a parse failure.
+    if (typeof r.returnCodeInterpretation === 'string' && r.returnCodeInterpretation.length > 0) {
+      return false
+    }
+    // Real empty-result check. Both streams empty (or missing).
+    const stdout = typeof r.stdout === 'string' ? r.stdout : ''
+    const stderr = typeof r.stderr === 'string' ? r.stderr : ''
+    if (stdout === '' && stderr === '') return true
+    return false
+  }
+
+  // String path — older Claude Code versions, or when the response was
+  // wrapped before reaching the hook. We can't read structured fields,
+  // so we rely on substring shape and accept slightly higher FP risk on
+  // this path (covered by THRESHOLD raise + skill-side recovery being
+  // cheap).
+  let body
+  try {
+    body = String(toolResponse)
+  } catch {
+    return false
+  }
+  if (body.length > 4096) return false
+
+  // If the string form contains noOutputExpected:true or a
+  // returnCodeInterpretation, treat as accounted-for.
+  if (/"noOutputExpected"\s*:\s*true/.test(body)) return false
+  if (/"interrupted"\s*:\s*true/.test(body)) return false
+  if (/"returnCodeInterpretation"\s*:\s*"[^"]+"/.test(body)) return false
+
+  // XML-style tags: <bash-stdout></bash-stdout><bash-stderr></bash-stderr>
+  const hasEmptyStdoutTag = /<bash-stdout>\s*<\/bash-stdout>/i.test(body)
+  const hasEmptyStderrTag = /<bash-stderr>\s*<\/bash-stderr>/i.test(body)
+  if (hasEmptyStdoutTag && hasEmptyStderrTag) return true
+
+  // JSON-stringified shape from older serializers.
+  const hasEmptyStdoutJson = /"stdout"\s*:\s*""/.test(body)
+  const hasEmptyStderrJson = /"stderr"\s*:\s*""/.test(body)
+  if (hasEmptyStdoutJson && hasEmptyStderrJson) return true
+
+  // Literal zero-info bodies.
+  if (body === '{}' || body === '""' || body === '') return true
+
+  return false
+}
+
+function emitWedgeContext(consecutive) {
+  // PostToolUse can prepend additionalContext to the model's next turn.
+  // Use it to surface a single-line nudge once the wedge is suspected
+  // so the agent knows to try recovery rather than retrying the same
+  // command in a loop.
+  const text =
+    `[wedge-detect] ${consecutive} consecutive empty-result Bash calls — ` +
+    `your persistent shell is likely wedged. Try \`KillBash\` to drop ` +
+    `the wedged session, OR ask the user for \`switchroom agent restart ${process.env.SWITCHROOM_AGENT_NAME || '<self>'}\` ` +
+    `if KillBash doesn't recover. Don't retry the same command.`
+  const payload = {
+    hookSpecificOutput: {
+      hookEventName: 'PostToolUse',
+      additionalContext: text,
+    },
+  }
+  try {
+    process.stdout.write(JSON.stringify(payload) + '\n')
+  } catch {
+    // fail-silent
+  }
+}
+
+function main() {
+  const raw = readStdin()
+  if (!raw) return
+  let evt
+  try {
+    evt = JSON.parse(raw)
+  } catch {
+    return
+  }
+
+  // Non-Bash events reset the counter (the wedge is specific to the
+  // persistent shell; other tools succeeding doesn't tell us anything
+  // about Bash, but a different tool firing means we're at least not in
+  // a tight loop of Bash retries — safe to reset).
+  if (evt.tool_name !== 'Bash') {
+    resetCounter()
+    return
+  }
+
+  if (!isEmptyBashResponse(evt.tool_response)) {
+    // Bash call returned real output → not wedged → reset.
+    resetCounter()
+    return
+  }
+
+  // Empty Bash result. Increment.
+  const next = readCounter() + 1
+  writeCounter(next)
+
+  if (next >= THRESHOLD) {
+    const sentinel = {
+      ts: new Date().toISOString(),
+      session_id: evt.session_id || null,
+      agent: process.env.SWITCHROOM_AGENT_NAME || null,
+      consecutive: next,
+      // Capture the last tool_use_id so an operator-side investigator
+      // can pin which tool calls triggered the threshold.
+      last_tool_use_id: evt.tool_use_id || null,
+    }
+    writeSentinel(sentinel)
+    process.stderr.write(
+      `wedge-detect: ${next} consecutive empty-result Bash calls; ` +
+      `sentinel at ${sentinelPath()}; recommend KillBash or ` +
+      `switchroom agent restart\n`,
+    )
+    emitWedgeContext(next)
+  }
+}
+
+try {
+  main()
+} catch {
+  // PostToolUse must never block the tool flow.
+}

package/telegram-plugin/inbound-classifier.ts

@@ -0,0 +1,50 @@
+/**
+ * inbound-classifier.ts — cheap regex classifier for inbound user text.
+ *
+ * Today the only signal we emit is `status_query` — short user messages
+ * asking "are you still working / are you there / status?" — because that's
+ * the primary KPI for the conversational turn UX redesign (see issue #1122):
+ * if the user has to ask, the design has failed.
+ *
+ * Strictly read-only: the classifier never alters routing. Inbound text
+ * still reaches the agent unchanged.
+ */
+
+/**
+ * Patterns that mean "are you still working / do you remember me." Kept
+ * conservative on purpose — false positives are worse than misses, because
+ * a wrong-positive would noise up the very KPI we're trying to measure.
+ *
+ * All patterns match the entire trimmed message body (anchored), so longer
+ * messages that happen to contain "status" don't trip them.
+ */
+const STATUS_QUERY_PATTERNS: readonly RegExp[] = [
+  /^\?+$/,
+  /^status\s*\??$/i,
+  /^update\s*\??$/i,
+  /^any\s+update\s*\??$/i,
+  /^still\s+there\s*\??$/i,
+  /^still\s+working\s*\??$/i,
+  /^are\s+you\s+there\s*\??$/i,
+  /^you\s+there\s*\??$/i,
+  /^hello\s*\?+$/i,
+  /^hey\s*\?+$/i,
+]
+
+export interface InboundClassification {
+  isStatusQuery: boolean
+}
+
+export function classifyInbound(text: string | null | undefined): InboundClassification {
+  if (text == null) return { isStatusQuery: false }
+  const trimmed = text.trim()
+  if (trimmed === '') return { isStatusQuery: false }
+  // Cap length — a long message that starts with "status?" isn't a status
+  // query; the user's appending real content. Keep the classifier focused
+  // on standalone "ping" messages.
+  if (trimmed.length > 40) return { isStatusQuery: false }
+  for (const pat of STATUS_QUERY_PATTERNS) {
+    if (pat.test(trimmed)) return { isStatusQuery: true }
+  }
+  return { isStatusQuery: false }
+}

package/telegram-plugin/inline-keyboard-callbacks.ts

@@ -164,3 +164,139 @@ export function validateAndWrapAgentKeyboard(
   const wrapped = wrapAgentCallbacks(keyboard)
   return { ok: true, wrapped }
 }
+
+// ─── finalizeCallback (#1150 + audit follow-up) ──────────────────────────
+//
+// Centralized "the user tapped a terminal button" helper. Every callback
+// handler that resolves a decision (Approve / Deny / Pick option / Confirm
+// revoke / Always-allow / Dismiss / etc.) MUST route through this helper
+// so the three button-UX invariants are uniformly enforced:
+//
+//   1. Visible press feedback — `answerCallbackQuery` with `text:` so
+//      Telegram shows a toast. Operators who tap and see nothing within
+//      ~200ms double-tap; the toast IS the press-feedback affordance.
+//   2. Keyboard collapses with clarity — the message is edited in place
+//      to strip `reply_markup` AND append a status line that describes
+//      what the operator selected. One atomic edit, not two: the user
+//      must be able to scroll back later and see the resolved decision
+//      next to the original prompt.
+//   3. Side effect (typically: synthesize an inbound back to the model
+//      so the agent's turn continues) — runs AFTER the message edit
+//      lands so the model never sees "I'm being woken up" before the
+//      operator sees the visual confirmation.
+//
+// Multi-step wizards (vault grant wizard, etc.) should NOT use this
+// helper for intermediate-step transitions — those swap one keyboard
+// for the next via `editMessageText` + new `reply_markup`. Use this
+// helper for the WIZARD-FINAL step (Generate, Cancel) so the success
+// card collapses correctly and isn't re-tappable.
+
+/**
+ * Minimal callback-context shape the helper needs. Real grammy
+ * `Context` satisfies this; tests can implement a lightweight fake
+ * without dragging the grammy types in.
+ */
+export interface FinalizeCallbackContext {
+  answerCallbackQuery: (
+    opts?: { text?: string; show_alert?: boolean },
+  ) => Promise<unknown>
+  editMessageText: (text: string, opts?: Record<string, unknown>) => Promise<unknown>
+}
+
+export interface FinalizeCallbackOptions {
+  /**
+   * Toast text shown to the operator via `answerCallbackQuery`. Telegram
+   * caps this at 200 chars; pass a short verb-phrase ("Approved",
+   * "Saved", "Switching to slot 2"). Required — the toast IS invariant 1.
+   */
+  ackText: string
+  /**
+   * When true, the toast renders as a full modal alert instead of the
+   * bottom-bar toast. Default false. Use for destructive or one-way
+   * decisions (e.g. "Vault grant revoked") where the operator needs
+   * stronger acknowledgement.
+   */
+  alert?: boolean
+  /**
+   * The new body text for the message AFTER the keyboard is stripped.
+   * Build this yourself from `<original prompt>\n\n<status line>` so the
+   * scrollback preserves the question alongside the answer. The keyboard
+   * is stripped unconditionally regardless of `newText`.
+   */
+  newText: string
+  /**
+   * Parse mode for `newText`. Match the original message's parse mode —
+   * mixing modes mid-edit silently breaks formatting. Optional; omitted
+   * means plain text.
+   */
+  parseMode?: 'HTML' | 'Markdown' | 'MarkdownV2'
+  /**
+   * Side effect invoked AFTER `editMessageText` resolves. Use for
+   * synthesizing the `<channel source="...">` inbound that wakes the
+   * agent's session. Errors are caught + logged via the `log` seam;
+   * they do NOT propagate (a failed inbound synthesis must not regress
+   * to "operator's tap visually un-applied"). The model-visible flow
+   * is allowed to fail loudly via separate mechanisms (the supervisor
+   * watchdog, the silence-poke ladder); this helper's job is to keep
+   * invariants 1+2 strict and best-effort the rest.
+   *
+   * Skip for surfaces with no model in the loop (auth dashboard
+   * actions that shell to the host CLI, operator-event dismiss, etc).
+   */
+  synthInbound?: () => void | Promise<void>
+  /** Logger seam for tests. Defaults to stderr. */
+  log?: (line: string) => void
+}
+
+/**
+ * Apply the three-invariant finalize pattern. See module docstring
+ * above for design rationale.
+ *
+ * Order: ack → edit → synth. The ack is fired-and-forgotten (so a slow
+ * Telegram API doesn't delay the visible state change), but the edit
+ * is awaited so `synthInbound` doesn't race ahead of the operator's
+ * visual confirmation. Each step's error is logged + swallowed —
+ * partial success is preferred to "tap looked dead AND the model
+ * stayed stuck" full failure.
+ */
+export async function finalizeCallback(
+  ctx: FinalizeCallbackContext,
+  opts: FinalizeCallbackOptions,
+): Promise<void> {
+  const log = opts.log ?? ((line: string) => process.stderr.write(line))
+  // Invariant 1 — toast. Fire-and-forget; we don't want a slow
+  // answerCallbackQuery round-trip to delay the message edit.
+  void ctx.answerCallbackQuery({
+    text: opts.ackText,
+    ...(opts.alert ? { show_alert: true } : {}),
+  }).catch((err: unknown) => {
+    log(`finalizeCallback: answerCallbackQuery failed: ${(err as Error).message}\n`)
+  })
+  // Invariant 2 — strip keyboard + append status line, atomic edit.
+  try {
+    await ctx.editMessageText(opts.newText, {
+      reply_markup: { inline_keyboard: [] },
+      ...(opts.parseMode ? { parse_mode: opts.parseMode } : {}),
+      // Default link_preview_options off — most finalized cards don't
+      // benefit from preview cards, and a stale preview survives the
+      // edit otherwise.
+      link_preview_options: { is_disabled: true },
+    })
+  } catch (err) {
+    // MESSAGE_NOT_MODIFIED (text didn't change) and MESSAGE_TO_EDIT_NOT_FOUND
+    // (operator already deleted the card) are both benign. Other failures
+    // log + continue — we still want synthInbound to run.
+    log(`finalizeCallback: editMessageText failed: ${(err as Error).message}\n`)
+  }
+  // Invariant 3 — model wake-up (when applicable).
+  if (opts.synthInbound != null) {
+    try {
+      const r = opts.synthInbound()
+      if (r != null && typeof (r as Promise<unknown>).then === 'function') {
+        await (r as Promise<unknown>)
+      }
+    } catch (err) {
+      log(`finalizeCallback: synthInbound threw: ${(err as Error).message}\n`)
+    }
+  }
+}

package/telegram-plugin/node_modules/.vite/vitest/da39a3ee5e6b4b0d3255bfef95601890afd80709/results.json

@@ -0,0 +1 @@
+{"version":"3.2.4","results":[[":tests/progress-card-driver.test.ts",{"duration":82.55005700000004,"failed":false}],[":tests/progress-card.test.ts",{"duration":50.04072000000002,"failed":false}],[":tests/telegram-format.test.ts",{"duration":0,"failed":false}],[":tests/stream-reply-handler.test.ts",{"duration":0,"failed":false}],[":tests/progress-card-harness.test.ts",{"duration":4955.245276000001,"failed":false}],[":tests/streaming-orchestration.test.ts",{"duration":0,"failed":false}],[":tests/races.test.ts",{"duration":0,"failed":false}],[":tests/subagent-watcher.test.ts",{"duration":0,"failed":false}],[":tests/gateway-bridge.test.ts",{"duration":0,"failed":true}],[":tests/answer-stream.test.ts",{"duration":0,"failed":false}],[":tests/progress-card-pin-manager.test.ts",{"duration":25.365711999999974,"failed":false}],[":tests/pty-tail.test.ts",{"duration":0,"failed":false}],[":tests/turn-end-regressions.test.ts",{"duration":0,"failed":false}],[":tests/session-tail.test.ts",{"duration":0,"failed":false}],[":tests/gateway-clean-shutdown-marker.test.ts",{"duration":0,"failed":true}],[":tests/e2e.test.ts",{"duration":0,"failed":false}],[":tests/setup-flow.test.ts",{"duration":0,"failed":false}],[":tests/tool-labels.test.ts",{"duration":0,"failed":false}],[":tests/registry-turns.test.ts",{"duration":0,"failed":true}],[":tests/welcome-text.test.ts",{"duration":0,"failed":false}],[":tests/secret-detect-oauth-code.test.ts",{"duration":0,"failed":false}],[":tests/draft-stream.test.ts",{"duration":0,"failed":false}],[":tests/progress-card-stuck-warning.test.ts",{"duration":21.23773799999998,"failed":false}],[":tests/history.test.ts",{"duration":0,"failed":false}],[":tests/streaming-e2e.test.ts",{"duration":0,"failed":false}],[":tests/foreman-handlers.test.ts",{"duration":0,"failed":false}],[":tests/foreman-create-flow.test.ts",{"duration":0,"failed":false}],[":tests/operator-events.test.ts",{"duration":0,"failed":false}],[":tests/vault-grants-revoke.test.ts",{"duration":0,"failed":false}],[":tests/boot-probes.test.ts",{"duration":0,"failed":true}],[":tests/pty-partial-handler.test.ts",{"duration":0,"failed":false}],[":tests/auth-slot-commands.test.ts",{"duration":0,"failed":false}],[":tests/vault-subcommands.test.ts",{"duration":0,"failed":false}],[":tests/auth-dashboard.test.ts",{"duration":0,"failed":false}],[":tests/active-pins-sweep.test.ts",{"duration":0,"failed":false}],[":tests/turns-writer.test.ts",{"duration":0,"failed":true}],[":tests/retry-api-call.test.ts",{"duration":0,"failed":false}],[":tests/steering.test.ts",{"duration":0,"failed":false}],[":tests/outbound-ordering.test.ts",{"duration":0,"failed":false}],[":tests/ipc-server-client.test.ts",{"duration":0,"failed":false}],[":tests/gateway-startup-mutex.test.ts",{"duration":0,"failed":true}],[":tests/auth-dashboard-edge-cases.test.ts",{"duration":0,"failed":false}],[":tests/status-reactions.test.ts",{"duration":0,"failed":false}],[":tests/auto-fallback.test.ts",{"duration":0,"failed":false}],[":tests/secret-detect.test.ts",{"duration":0,"failed":false}],[":tests/foreman-write-ops.test.ts",{"duration":0,"failed":false}],[":tests/boot-card-render.test.ts",{"duration":0,"failed":false}],[":tests/handoff-continuity.test.ts",{"duration":0,"failed":false}],[":tests/false-restart-banner.test.ts",{"duration":0,"failed":false}],[":tests/answer-stream-silent-markers.test.ts",{"duration":0,"failed":false}],[":tests/ipc-validator.test.ts",{"duration":0,"failed":false}],[":tests/stream-controller.test.ts",{"duration":0,"failed":false}],[":tests/gateway-409-retry-banner.test.ts",{"duration":0,"failed":false}],[":tests/stream-reply-error-paths.test.ts",{"duration":0,"failed":false}],[":tests/ipc-server-race.test.ts",{"duration":0,"failed":false}],[":tests/progress-update.test.ts",{"duration":0,"failed":true}],[":tests/restart-watchdog.test.ts",{"duration":0,"failed":false}],[":tests/progress-card-cross-turn.test.ts",{"duration":0,"failed":false}],[":tests/boot-card-probe-target.test.ts",{"duration":0,"failed":false}],[":tests/active-reactions.test.ts",{"duration":0,"failed":false}],[":tests/quota-cache.test.ts",{"duration":0,"failed":true}],[":tests/streaming-metrics.test.ts",{"duration":0,"failed":false}],[":tests/operator-events-session-tail.test.ts",{"duration":0,"failed":false}],[":tests/foreman-state.test.ts",{"duration":0,"failed":true}],[":tests/ipc-protocol.test.ts",{"duration":0,"failed":false}],[":tests/progress-card-pin-watchdog.test.ts",{"duration":0,"failed":false}],[":tests/telegram-button-constraints.test.ts",{"duration":0,"failed":false}],[":tests/bot-runtime.test.ts",{"duration":0,"failed":false}],[":tests/gateway-startup-network-retry.test.ts",{"duration":0,"failed":false}],[":tests/attachment-path.test.ts",{"duration":0,"failed":false}],[":tests/active-pins.test.ts",{"duration":0,"failed":false}],[":tests/subagent-tracker-hooks.test.ts",{"duration":0,"failed":true}],[":tests/fake-bot-api.test.ts",{"duration":0,"failed":false}],[":tests/quota-check.test.ts",{"duration":0,"failed":false}],[":tests/parse-mode-rotation.test.ts",{"duration":0,"failed":false}],[":tests/gateway-secret-detect.test.ts",{"duration":0,"failed":false}],[":tests/turn-flush-safety.test.ts",{"duration":0,"failed":false}],[":tests/multi-turn-continuity.test.ts",{"duration":0,"failed":false}],[":tests/status-accent.test.ts",{"duration":0,"failed":false}],[":tests/auth-code-auto-capture.test.ts",{"duration":0,"failed":false}],[":tests/auth-login-url-button.test.ts",{"duration":0,"failed":false}],[":tests/auth-dashboard-restart-flow.test.ts",{"duration":0,"failed":false}],[":tests/setup-state.test.ts",{"duration":0,"failed":true}],[":tests/progress-card-golden.test.ts",{"duration":6.658348999999987,"failed":false}],[":tests/unhandled-rejection-policy.test.ts",{"duration":0,"failed":true}],[":tests/typing-wrap.test.ts",{"duration":0,"failed":false}],[":tests/auth-account-identity-surface.test.ts",{"duration":0,"failed":false}],[":tests/secret-detect-secretlint.test.ts",{"duration":0,"failed":false}],[":tests/secret-detect-pipeline.test.ts",{"duration":0,"failed":false}],[":tests/operator-events-history.test.ts",{"duration":0,"failed":false}],[":tests/gateway-message-validator.test.ts",{"duration":0,"failed":false}],[":tests/silent-reply-guard.test.ts",{"duration":0,"failed":false}],[":tests/active-reactions-sweep.test.ts",{"duration":0,"failed":false}],[":tests/pin-event-log.test.ts",{"duration":0,"failed":false}],[":tests/secret-detect-fail-closed.test.ts",{"duration":0,"failed":false}],[":tests/ipc-server-validate-operator.test.ts",{"duration":0,"failed":false}],[":tests/idle-footer-wiring.test.ts",{"duration":0,"failed":true}],[":tests/boot-card-reason.test.ts",{"duration":0,"failed":true}],[":tests/plugin-logger.test.ts",{"duration":0,"failed":false}],[":tests/vault-grant-wizard.test.ts",{"duration":0,"failed":false}],[":tests/turn-signal-tracker.test.ts",{"duration":0,"failed":false}],[":tests/context-exhaustion.test.ts",{"duration":0,"failed":false}],[":tests/gateway-startup-reset.test.ts",{"duration":0,"failed":false}],[":tests/idle-footer.test.ts",{"duration":0,"failed":false}],[":tests/poll-health.test.ts",{"duration":0,"failed":false}],[":tests/turn-flush-prose-recovery.test.ts",{"duration":0,"failed":false}],[":tests/secret-detect-suppressor-no-silent-allow.test.ts",{"duration":0,"failed":false}],[":tests/boot-card-dedupe.test.ts",{"duration":0,"failed":true}],[":tests/protocol-fixtures.test.ts",{"duration":0,"failed":false}],[":tests/secret-detect-staging.test.ts",{"duration":0,"failed":false}],[":tests/secret-detect-audit.test.ts",{"duration":0,"failed":false}],[":tests/secret-detect-gitleaks.test.ts",{"duration":0,"failed":false}],[":tests/subagent-registry-bugs.test.ts",{"duration":0,"failed":false}],[":tests/progress-card-driver-eviction.test.ts",{"duration":22.822707999999977,"failed":false}],[":tests/progress-card-driver-fleet-shadow.test.ts",{"duration":7.463677000000018,"failed":false}],[":tests/two-zone-card-lifecycle.test.ts",{"duration":0,"failed":false}],[":tests/two-zone-concurrent-turns-isolation.test.ts",{"duration":0,"failed":false}],[":tests/two-zone-bg-survives-next-turn.test.ts",{"duration":0,"failed":false}],[":tests/two-zone-card-snapshot.test.ts",{"duration":0,"failed":false}],[":tests/two-zone-stuck-edit-throttle.test.ts",{"duration":0,"failed":false}],[":tests/two-zone-bg-done-when-all-terminal.test.ts",{"duration":0,"failed":false}],[":tests/two-zone-card-html-balance.test.ts",{"duration":0,"failed":false}],[":tests/two-zone-bg-detection.test.ts",{"duration":0,"failed":false}],[":tests/progress-card-draft-flag.test.ts",{"duration":0,"failed":false}],[":tests/two-zone-stuck-per-member.test.ts",{"duration":0,"failed":false}],[":tests/two-zone-card-header-phases.test.ts",{"duration":0,"failed":false}],[":tests/two-zone-stuck-recovery.test.ts",{"duration":0,"failed":false}],[":tests/two-zone-stuck-header-escalation.test.ts",{"duration":0,"failed":false}],[":tests/two-zone-card-fleet-row.test.ts",{"duration":0,"failed":false}],[":tests/two-zone-card-cap.test.ts",{"duration":0,"failed":false}],[":tests/two-zone-card-sanitise.test.ts",{"duration":0,"failed":false}],[":tests/progress-card-close-paths-converge.test.ts",{"duration":10.167681000000016,"failed":false}],[":registry/subagents.test.ts",{"duration":0,"failed":true}],[":tests/issues-card.test.ts",{"duration":0,"failed":false}],[":registry/subagents-bugs.test.ts",{"duration":0,"failed":true}],[":tests/answer-stream-dedup.test.ts",{"duration":0,"failed":false}],[":tests/model-unavailable.test.ts",{"duration":0,"failed":false}],[":tests/preamble-suppressor.test.ts",{"duration":0,"failed":false}],[":tests/harness-ordering-invariants.test.ts",{"duration":0,"failed":false}],[":tests/real-gateway-spec.test.ts",{"duration":0,"failed":false}],[":tests/real-gateway-ipc-lifecycle.test.ts",{"duration":0,"failed":false}],[":tests/real-gateway-i6-turn-flush-replay-dedup.test.ts",{"duration":0,"failed":false}],[":tests/slot-banner-driver.e2e.test.ts",{"duration":0,"failed":false}],[":tests/waiting-ux.e2e.test.ts",{"duration":0,"failed":false}],[":tests/subagent-watcher-parent-marker.test.ts",{"duration":0,"failed":false}],[":tests/auth-code-redact.test.ts",{"duration":0,"failed":false}],[":tests/subagent-watcher-stall-notification.test.ts",{"duration":0,"failed":false}],[":tests/telegraph.test.ts",{"duration":0,"failed":true}],[":tests/recent-outbound-dedup.test.ts",{"duration":0,"failed":true}],[":tests/turn-flush-card-takeover.test.ts",{"duration":0,"failed":false}],[":tests/resolve-calling-subagent.test.ts",{"duration":0,"failed":true}],[":tests/secret-guard-pretool.test.ts",{"duration":0,"failed":true}],[":tests/first-paint.test.ts",{"duration":0,"failed":false}],[":tests/ask-user.test.ts",{"duration":0,"failed":true}],[":registry/api-registry.test.ts",{"duration":0,"failed":true}],[":tests/credits-watch.test.ts",{"duration":0,"failed":false}],[":admin-commands/dispatch.test.ts",{"duration":0,"failed":false}],[":tests/fleet-state.test.ts",{"duration":0,"failed":false}],[":tests/voice-transcribe.test.ts",{"duration":0,"failed":true}],[":tests/turn-active-marker.test.ts",{"duration":0,"failed":false}],[":tests/inline-keyboard-callbacks.test.ts",{"duration":0,"failed":false}],[":tests/issues-watcher.test.ts",{"duration":0,"failed":false}],[":tests/real-gateway-f1-ladder-integrity.test.ts",{"duration":0,"failed":false}],[":tests/gateway-disconnect-flush.test.ts",{"duration":0,"failed":false}],[":tests/reply-terminal-reaction.test.ts",{"duration":0,"failed":false}],[":tests/turn-flush-dedup-controller.test.ts",{"duration":0,"failed":false}],[":tests/real-gateway-f3-late-card.test.ts",{"duration":0,"failed":false}],[":tests/status-reactions-allowed-filter.test.ts",{"duration":0,"failed":false}],[":tests/pty-tail-real-fixture.test.ts",{"duration":0,"failed":false}],[":tests/real-gateway.smoke.test.ts",{"duration":0,"failed":false}],[":tests/harness-parse-mode-validation.test.ts",{"duration":0,"failed":false}],[":tests/inbound-coalesce.test.ts",{"duration":0,"failed":false}],[":tests/gateway-update-placeholder-dispatch.test.ts",{"duration":0,"failed":true}],[":tests/interrupt-marker.test.ts",{"duration":0,"failed":true}],[":tests/dm-command-gate.test.ts",{"duration":0,"failed":false}],[":tests/auto-fallback-dispatcher.e2e.test.ts",{"duration":0,"failed":false}],[":tests/sync-chat-running-subagents.test.ts",{"duration":0,"failed":false}],[":tests/subagents-schema-init-order.test.ts",{"duration":0,"failed":true}],[":tests/draft-transport.test.ts",{"duration":0,"failed":false}],[":gateway/access-validator.test.ts",{"duration":0,"failed":false}],[":registry/turns-schema.test.ts",{"duration":0,"failed":true}],[":tests/update-factory-edited-and-reactions.test.ts",{"duration":0,"failed":false}],[":tests/gateway-no-reply-single-emit.test.ts",{"duration":0,"failed":false}],[":tests/real-gateway-f2-instant-draft.test.ts",{"duration":0,"failed":false}],[":tests/gateway-boot-marker-clear.test.ts",{"duration":0,"failed":false}],[":tests/fleet-state-watcher.test.ts",{"duration":0,"failed":false}],[":tests/ipc-server-validate-update-placeholder.test.ts",{"duration":0,"failed":false}],[":tests/permission-title.test.ts",{"duration":0,"failed":false}],[":tests/slot-banner.test.ts",{"duration":0,"failed":false}],[":tests/sticker-aliases.test.ts",{"duration":0,"failed":true}],[":tests/ipc-server-anonymous-refuse.test.ts",{"duration":0,"failed":false}],[":tests/ipc-server-validate-pty-partial.test.ts",{"duration":0,"failed":false}],[":channel-envelope-safety.test.ts",{"duration":0,"failed":false}],[":tests/bridge-anonymous-refuse.test.ts",{"duration":0,"failed":false}],[":tests/send-typing-action-validation.test.ts",{"duration":0,"failed":false}],[":tests/spawn-detached-cgroup-escape.test.ts",{"duration":0,"failed":false}],[":gateway/boot-sweep-filter.test.ts",{"duration":0,"failed":false}],[":tests/finalize-callback.test.ts",{"duration":17.317307,"failed":false}]]}

package/telegram-plugin/package.json

@@ -21,7 +21,8 @@
     "build": "node scripts/build.mjs",
     "prepublishOnly": "npm run build",
     "test:uat": "vitest run --config ../vitest.uat.config.ts",
-    "uat:login": "bun uat/login.ts"
+    "uat:login": "bun uat/login.ts",
+    "uat:driver-info": "bun uat/driver-info.ts"
   },
   "dependencies": {
     "@grammyjs/runner": "^2.0.3",
@@ -31,7 +32,8 @@
     "@secretlint/secretlint-rule-preset-recommend": "^12.2.0",
     "@secretlint/types": "^12.2.0",
     "@xterm/headless": "^6.0.0",
-    "grammy": "^1.21.0"
+    "grammy": "^1.21.0",
+    "posthog-node": "^5.29.2"
   },
   "engines": {
     "node": ">=20.11.0"

package/telegram-plugin/permission-rule.ts

@@ -131,3 +131,54 @@ function skillBasenameFromPath(input: Record<string, unknown>): string | null {
   const trimmed = path.replace(/\/SKILL\.md$/i, "").replace(/\/$/, "");
   return basename(trimmed) || null;
 }
+
+/**
+ * Inverse of `resolveAlwaysAllowRule` — does a stored allow-rule cover a
+ * fresh `permission_request`? Used by the bridge's session-scoped
+ * always-allow cache (issue #1138) to short-circuit prompts when the
+ * operator has already tapped "🔁 Always allow" for an equivalent tool
+ * call earlier in the same session.
+ *
+ * Matching rules (mirrors what `resolveAlwaysAllowRule` produces):
+ *
+ *   - Bare tool name (`Edit`, `Bash`, `Write`, …) ⇒ matches any
+ *     invocation of that tool. This is consistent with how
+ *     `tools.allow: [Edit]` works in `.claude/settings.json` — there's
+ *     no arg matching at this layer.
+ *   - `Skill(<name>)` ⇒ matches only `Skill` invocations whose resolved
+ *     skill name (via the same field-fallback chain as the resolver)
+ *     equals `<name>`.
+ *   - `mcp__<server>__<tool>` ⇒ matches the exact namespaced MCP tool
+ *     name.
+ *
+ * Returns `false` for any malformed rule rather than throwing — the
+ * caller (bridge) is on the hot permission path and should fall through
+ * to the gateway prompt on bad input.
+ */
+export function matchesAllowRule(
+  rule: string,
+  toolName: string,
+  inputPreview: string | undefined,
+): boolean {
+  if (!rule || !toolName) return false;
+
+  // Skill(name) — extract the parenthesized argument and compare against
+  // the resolved skill identifier from the request.
+  const skillMatch = /^Skill\(([^)]+)\)$/.exec(rule);
+  if (skillMatch) {
+    if (toolName !== "Skill") return false;
+    const ruleSkill = skillMatch[1];
+    const input = parseInput(inputPreview);
+    if (!input) return false;
+    const reqSkill =
+      readString(input, "skill") ??
+      readString(input, "skill_name") ??
+      readString(input, "skillName") ??
+      readString(input, "name") ??
+      skillBasenameFromPath(input);
+    return reqSkill === ruleSkill;
+  }
+
+  // Bare tool name or namespaced MCP tool — exact string compare.
+  return rule === toolName;
+}