switchroom 0.7.15 → 0.10.0

package/dist/vault/broker/server.js

@@ -17,7 +17,7 @@ var __export = (target, all) => {
 var __esm = (fn, res) => () => (fn && (res = fn(fn = 0)), res);
 var __require = /* @__PURE__ */ createRequire(import.meta.url);
 
-// node_modules/yaml/dist/nodes/identity.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/nodes/identity.js
 var require_identity = __commonJS((exports) => {
   var ALIAS = Symbol.for("yaml.alias");
   var DOC = Symbol.for("yaml.document");
@@ -71,7 +71,7 @@ var require_identity = __commonJS((exports) => {
   exports.isSeq = isSeq;
 });
 
-// node_modules/yaml/dist/visit.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/visit.js
 var require_visit = __commonJS((exports) => {
   var identity = require_identity();
   var BREAK = Symbol("break visit");
@@ -226,7 +226,7 @@ var require_visit = __commonJS((exports) => {
   exports.visitAsync = visitAsync;
 });
 
-// node_modules/yaml/dist/doc/directives.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/doc/directives.js
 var require_directives = __commonJS((exports) => {
   var identity = require_identity();
   var visit = require_visit();
@@ -378,7 +378,7 @@ var require_directives = __commonJS((exports) => {
   exports.Directives = Directives;
 });
 
-// node_modules/yaml/dist/doc/anchors.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/doc/anchors.js
 var require_anchors = __commonJS((exports) => {
   var identity = require_identity();
   var visit = require_visit();
@@ -440,7 +440,7 @@ var require_anchors = __commonJS((exports) => {
   exports.findNewAnchor = findNewAnchor;
 });
 
-// node_modules/yaml/dist/doc/applyReviver.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/doc/applyReviver.js
 var require_applyReviver = __commonJS((exports) => {
   function applyReviver(reviver, obj, key, val) {
     if (val && typeof val === "object") {
@@ -487,7 +487,7 @@ var require_applyReviver = __commonJS((exports) => {
   exports.applyReviver = applyReviver;
 });
 
-// node_modules/yaml/dist/nodes/toJS.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/nodes/toJS.js
 var require_toJS = __commonJS((exports) => {
   var identity = require_identity();
   function toJS(value, arg, ctx) {
@@ -514,7 +514,7 @@ var require_toJS = __commonJS((exports) => {
   exports.toJS = toJS;
 });
 
-// node_modules/yaml/dist/nodes/Node.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/nodes/Node.js
 var require_Node = __commonJS((exports) => {
   var applyReviver = require_applyReviver();
   var identity = require_identity();
@@ -551,7 +551,7 @@ var require_Node = __commonJS((exports) => {
   exports.NodeBase = NodeBase;
 });
 
-// node_modules/yaml/dist/nodes/Alias.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/nodes/Alias.js
 var require_Alias = __commonJS((exports) => {
   var anchors = require_anchors();
   var visit = require_visit();
@@ -659,7 +659,7 @@ var require_Alias = __commonJS((exports) => {
   exports.Alias = Alias;
 });
 
-// node_modules/yaml/dist/nodes/Scalar.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/nodes/Scalar.js
 var require_Scalar = __commonJS((exports) => {
   var identity = require_identity();
   var Node = require_Node();
@@ -687,7 +687,7 @@ var require_Scalar = __commonJS((exports) => {
   exports.isScalarValue = isScalarValue;
 });
 
-// node_modules/yaml/dist/doc/createNode.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/doc/createNode.js
 var require_createNode = __commonJS((exports) => {
   var Alias = require_Alias();
   var identity = require_identity();
@@ -759,7 +759,7 @@ var require_createNode = __commonJS((exports) => {
   exports.createNode = createNode;
 });
 
-// node_modules/yaml/dist/nodes/Collection.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/nodes/Collection.js
 var require_Collection = __commonJS((exports) => {
   var createNode = require_createNode();
   var identity = require_identity();
@@ -874,7 +874,7 @@ var require_Collection = __commonJS((exports) => {
   exports.isEmptyPath = isEmptyPath;
 });
 
-// node_modules/yaml/dist/stringify/stringifyComment.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/stringify/stringifyComment.js
 var require_stringifyComment = __commonJS((exports) => {
   var stringifyComment = (str) => str.replace(/^(?!$)(?: $)?/gm, "#");
   function indentComment(comment, indent) {
@@ -891,7 +891,7 @@ var require_stringifyComment = __commonJS((exports) => {
   exports.stringifyComment = stringifyComment;
 });
 
-// node_modules/yaml/dist/stringify/foldFlowLines.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/stringify/foldFlowLines.js
 var require_foldFlowLines = __commonJS((exports) => {
   var FOLD_FLOW = "flow";
   var FOLD_BLOCK = "block";
@@ -1028,7 +1028,7 @@ ${indent}${text.slice(fold + 1, end2)}`;
   exports.foldFlowLines = foldFlowLines;
 });
 
-// node_modules/yaml/dist/stringify/stringifyString.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/stringify/stringifyString.js
 var require_stringifyString = __commonJS((exports) => {
   var Scalar = require_Scalar();
   var foldFlowLines = require_foldFlowLines();
@@ -1326,7 +1326,7 @@ ${indent}`);
   exports.stringifyString = stringifyString;
 });
 
-// node_modules/yaml/dist/stringify/stringify.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/stringify/stringify.js
 var require_stringify = __commonJS((exports) => {
   var anchors = require_anchors();
   var identity = require_identity();
@@ -1447,7 +1447,7 @@ ${ctx.indent}${str}`;
   exports.stringify = stringify;
 });
 
-// node_modules/yaml/dist/stringify/stringifyPair.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/stringify/stringifyPair.js
 var require_stringifyPair = __commonJS((exports) => {
   var identity = require_identity();
   var Scalar = require_Scalar();
@@ -1583,7 +1583,7 @@ ${ctx.indent}`;
   exports.stringifyPair = stringifyPair;
 });
 
-// node_modules/yaml/dist/log.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/log.js
 var require_log = __commonJS((exports) => {
   var node_process = __require("process");
   function debug(logLevel, ...messages) {
@@ -1602,7 +1602,7 @@ var require_log = __commonJS((exports) => {
   exports.warn = warn;
 });
 
-// node_modules/yaml/dist/schema/yaml-1.1/merge.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/schema/yaml-1.1/merge.js
 var require_merge = __commonJS((exports) => {
   var identity = require_identity();
   var Scalar = require_Scalar();
@@ -1656,7 +1656,7 @@ var require_merge = __commonJS((exports) => {
   exports.merge = merge;
 });
 
-// node_modules/yaml/dist/nodes/addPairToJSMap.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/nodes/addPairToJSMap.js
 var require_addPairToJSMap = __commonJS((exports) => {
   var log = require_log();
   var merge = require_merge();
@@ -1717,7 +1717,7 @@ var require_addPairToJSMap = __commonJS((exports) => {
   exports.addPairToJSMap = addPairToJSMap;
 });
 
-// node_modules/yaml/dist/nodes/Pair.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/nodes/Pair.js
 var require_Pair = __commonJS((exports) => {
   var createNode = require_createNode();
   var stringifyPair = require_stringifyPair();
@@ -1755,7 +1755,7 @@ var require_Pair = __commonJS((exports) => {
   exports.createPair = createPair;
 });
 
-// node_modules/yaml/dist/stringify/stringifyCollection.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/stringify/stringifyCollection.js
 var require_stringifyCollection = __commonJS((exports) => {
   var identity = require_identity();
   var stringify = require_stringify();
@@ -1907,7 +1907,7 @@ ${indent}${end}`;
   exports.stringifyCollection = stringifyCollection;
 });
 
-// node_modules/yaml/dist/nodes/YAMLMap.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/nodes/YAMLMap.js
 var require_YAMLMap = __commonJS((exports) => {
   var stringifyCollection = require_stringifyCollection();
   var addPairToJSMap = require_addPairToJSMap();
@@ -2034,7 +2034,7 @@ var require_YAMLMap = __commonJS((exports) => {
   exports.findPair = findPair;
 });
 
-// node_modules/yaml/dist/schema/common/map.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/schema/common/map.js
 var require_map = __commonJS((exports) => {
   var identity = require_identity();
   var YAMLMap = require_YAMLMap();
@@ -2053,7 +2053,7 @@ var require_map = __commonJS((exports) => {
   exports.map = map;
 });
 
-// node_modules/yaml/dist/nodes/YAMLSeq.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/nodes/YAMLSeq.js
 var require_YAMLSeq = __commonJS((exports) => {
   var createNode = require_createNode();
   var stringifyCollection = require_stringifyCollection();
@@ -2146,7 +2146,7 @@ var require_YAMLSeq = __commonJS((exports) => {
   exports.YAMLSeq = YAMLSeq;
 });
 
-// node_modules/yaml/dist/schema/common/seq.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/schema/common/seq.js
 var require_seq = __commonJS((exports) => {
   var identity = require_identity();
   var YAMLSeq = require_YAMLSeq();
@@ -2165,7 +2165,7 @@ var require_seq = __commonJS((exports) => {
   exports.seq = seq;
 });
 
-// node_modules/yaml/dist/schema/common/string.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/schema/common/string.js
 var require_string = __commonJS((exports) => {
   var stringifyString = require_stringifyString();
   var string = {
@@ -2181,7 +2181,7 @@ var require_string = __commonJS((exports) => {
   exports.string = string;
 });
 
-// node_modules/yaml/dist/schema/common/null.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/schema/common/null.js
 var require_null = __commonJS((exports) => {
   var Scalar = require_Scalar();
   var nullTag = {
@@ -2196,7 +2196,7 @@ var require_null = __commonJS((exports) => {
   exports.nullTag = nullTag;
 });
 
-// node_modules/yaml/dist/schema/core/bool.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/schema/core/bool.js
 var require_bool = __commonJS((exports) => {
   var Scalar = require_Scalar();
   var boolTag = {
@@ -2217,7 +2217,7 @@ var require_bool = __commonJS((exports) => {
   exports.boolTag = boolTag;
 });
 
-// node_modules/yaml/dist/stringify/stringifyNumber.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/stringify/stringifyNumber.js
 var require_stringifyNumber = __commonJS((exports) => {
   function stringifyNumber({ format, minFractionDigits, tag, value }) {
     if (typeof value === "bigint")
@@ -2241,7 +2241,7 @@ var require_stringifyNumber = __commonJS((exports) => {
   exports.stringifyNumber = stringifyNumber;
 });
 
-// node_modules/yaml/dist/schema/core/float.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/schema/core/float.js
 var require_float = __commonJS((exports) => {
   var Scalar = require_Scalar();
   var stringifyNumber = require_stringifyNumber();
@@ -2284,7 +2284,7 @@ var require_float = __commonJS((exports) => {
   exports.floatNaN = floatNaN;
 });
 
-// node_modules/yaml/dist/schema/core/int.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/schema/core/int.js
 var require_int = __commonJS((exports) => {
   var stringifyNumber = require_stringifyNumber();
   var intIdentify = (value) => typeof value === "bigint" || Number.isInteger(value);
@@ -2326,7 +2326,7 @@ var require_int = __commonJS((exports) => {
   exports.intOct = intOct;
 });
 
-// node_modules/yaml/dist/schema/core/schema.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/schema/core/schema.js
 var require_schema = __commonJS((exports) => {
   var map = require_map();
   var _null = require_null();
@@ -2351,7 +2351,7 @@ var require_schema = __commonJS((exports) => {
   exports.schema = schema;
 });
 
-// node_modules/yaml/dist/schema/json/schema.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/schema/json/schema.js
 var require_schema2 = __commonJS((exports) => {
   var Scalar = require_Scalar();
   var map = require_map();
@@ -2415,7 +2415,7 @@ var require_schema2 = __commonJS((exports) => {
   exports.schema = schema;
 });
 
-// node_modules/yaml/dist/schema/yaml-1.1/binary.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/schema/yaml-1.1/binary.js
 var require_binary = __commonJS((exports) => {
   var node_buffer = __require("buffer");
   var Scalar = require_Scalar();
@@ -2470,7 +2470,7 @@ var require_binary = __commonJS((exports) => {
   exports.binary = binary;
 });
 
-// node_modules/yaml/dist/schema/yaml-1.1/pairs.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/schema/yaml-1.1/pairs.js
 var require_pairs = __commonJS((exports) => {
   var identity = require_identity();
   var Pair = require_Pair();
@@ -2545,7 +2545,7 @@ ${cn.comment}` : item.comment;
   exports.resolvePairs = resolvePairs;
 });
 
-// node_modules/yaml/dist/schema/yaml-1.1/omap.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/schema/yaml-1.1/omap.js
 var require_omap = __commonJS((exports) => {
   var identity = require_identity();
   var toJS = require_toJS();
@@ -2617,7 +2617,7 @@ var require_omap = __commonJS((exports) => {
   exports.omap = omap;
 });
 
-// node_modules/yaml/dist/schema/yaml-1.1/bool.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/schema/yaml-1.1/bool.js
 var require_bool2 = __commonJS((exports) => {
   var Scalar = require_Scalar();
   function boolStringify({ value, source }, ctx) {
@@ -2646,7 +2646,7 @@ var require_bool2 = __commonJS((exports) => {
   exports.trueTag = trueTag;
 });
 
-// node_modules/yaml/dist/schema/yaml-1.1/float.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/schema/yaml-1.1/float.js
 var require_float2 = __commonJS((exports) => {
   var Scalar = require_Scalar();
   var stringifyNumber = require_stringifyNumber();
@@ -2692,7 +2692,7 @@ var require_float2 = __commonJS((exports) => {
   exports.floatNaN = floatNaN;
 });
 
-// node_modules/yaml/dist/schema/yaml-1.1/int.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/schema/yaml-1.1/int.js
 var require_int2 = __commonJS((exports) => {
   var stringifyNumber = require_stringifyNumber();
   var intIdentify = (value) => typeof value === "bigint" || Number.isInteger(value);
@@ -2768,7 +2768,7 @@ var require_int2 = __commonJS((exports) => {
   exports.intOct = intOct;
 });
 
-// node_modules/yaml/dist/schema/yaml-1.1/set.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/schema/yaml-1.1/set.js
 var require_set = __commonJS((exports) => {
   var identity = require_identity();
   var Pair = require_Pair();
@@ -2851,7 +2851,7 @@ var require_set = __commonJS((exports) => {
   exports.set = set;
 });
 
-// node_modules/yaml/dist/schema/yaml-1.1/timestamp.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/schema/yaml-1.1/timestamp.js
 var require_timestamp = __commonJS((exports) => {
   var stringifyNumber = require_stringifyNumber();
   function parseSexagesimal(str, asBigInt) {
@@ -2933,7 +2933,7 @@ var require_timestamp = __commonJS((exports) => {
   exports.timestamp = timestamp;
 });
 
-// node_modules/yaml/dist/schema/yaml-1.1/schema.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/schema/yaml-1.1/schema.js
 var require_schema3 = __commonJS((exports) => {
   var map = require_map();
   var _null = require_null();
@@ -2974,7 +2974,7 @@ var require_schema3 = __commonJS((exports) => {
   exports.schema = schema;
 });
 
-// node_modules/yaml/dist/schema/tags.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/schema/tags.js
 var require_tags = __commonJS((exports) => {
   var map = require_map();
   var _null = require_null();
@@ -3065,7 +3065,7 @@ var require_tags = __commonJS((exports) => {
   exports.getTags = getTags;
 });
 
-// node_modules/yaml/dist/schema/Schema.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/schema/Schema.js
 var require_Schema = __commonJS((exports) => {
   var identity = require_identity();
   var map = require_map();
@@ -3095,7 +3095,7 @@ var require_Schema = __commonJS((exports) => {
   exports.Schema = Schema;
 });
 
-// node_modules/yaml/dist/stringify/stringifyDocument.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/stringify/stringifyDocument.js
 var require_stringifyDocument = __commonJS((exports) => {
   var identity = require_identity();
   var stringify = require_stringify();
@@ -3175,7 +3175,7 @@ var require_stringifyDocument = __commonJS((exports) => {
   exports.stringifyDocument = stringifyDocument;
 });
 
-// node_modules/yaml/dist/doc/Document.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/doc/Document.js
 var require_Document = __commonJS((exports) => {
   var Alias = require_Alias();
   var Collection = require_Collection();
@@ -3410,7 +3410,7 @@ var require_Document = __commonJS((exports) => {
   exports.Document = Document;
 });
 
-// node_modules/yaml/dist/errors.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/errors.js
 var require_errors = __commonJS((exports) => {
   class YAMLError extends Error {
     constructor(name, pos, code, message) {
@@ -3475,7 +3475,7 @@ ${pointer}
   exports.prettifyError = prettifyError;
 });
 
-// node_modules/yaml/dist/compose/resolve-props.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/compose/resolve-props.js
 var require_resolve_props = __commonJS((exports) => {
   function resolveProps(tokens, { flow, indicator, next, offset, onError, parentIndent, startOnNewline }) {
     let spaceBefore = false;
@@ -3605,7 +3605,7 @@ var require_resolve_props = __commonJS((exports) => {
   exports.resolveProps = resolveProps;
 });
 
-// node_modules/yaml/dist/compose/util-contains-newline.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/compose/util-contains-newline.js
 var require_util_contains_newline = __commonJS((exports) => {
   function containsNewline(key) {
     if (!key)
@@ -3645,7 +3645,7 @@ var require_util_contains_newline = __commonJS((exports) => {
   exports.containsNewline = containsNewline;
 });
 
-// node_modules/yaml/dist/compose/util-flow-indent-check.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/compose/util-flow-indent-check.js
 var require_util_flow_indent_check = __commonJS((exports) => {
   var utilContainsNewline = require_util_contains_newline();
   function flowIndentCheck(indent, fc, onError) {
@@ -3660,7 +3660,7 @@ var require_util_flow_indent_check = __commonJS((exports) => {
   exports.flowIndentCheck = flowIndentCheck;
 });
 
-// node_modules/yaml/dist/compose/util-map-includes.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/compose/util-map-includes.js
 var require_util_map_includes = __commonJS((exports) => {
   var identity = require_identity();
   function mapIncludes(ctx, items, search) {
@@ -3673,7 +3673,7 @@ var require_util_map_includes = __commonJS((exports) => {
   exports.mapIncludes = mapIncludes;
 });
 
-// node_modules/yaml/dist/compose/resolve-block-map.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/compose/resolve-block-map.js
 var require_resolve_block_map = __commonJS((exports) => {
   var Pair = require_Pair();
   var YAMLMap = require_YAMLMap();
@@ -3780,7 +3780,7 @@ var require_resolve_block_map = __commonJS((exports) => {
   exports.resolveBlockMap = resolveBlockMap;
 });
 
-// node_modules/yaml/dist/compose/resolve-block-seq.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/compose/resolve-block-seq.js
 var require_resolve_block_seq = __commonJS((exports) => {
   var YAMLSeq = require_YAMLSeq();
   var resolveProps = require_resolve_props();
@@ -3828,7 +3828,7 @@ var require_resolve_block_seq = __commonJS((exports) => {
   exports.resolveBlockSeq = resolveBlockSeq;
 });
 
-// node_modules/yaml/dist/compose/resolve-end.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/compose/resolve-end.js
 var require_resolve_end = __commonJS((exports) => {
   function resolveEnd(end, offset, reqSpace, onError) {
     let comment = "";
@@ -3868,7 +3868,7 @@ var require_resolve_end = __commonJS((exports) => {
   exports.resolveEnd = resolveEnd;
 });
 
-// node_modules/yaml/dist/compose/resolve-flow-collection.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/compose/resolve-flow-collection.js
 var require_resolve_flow_collection = __commonJS((exports) => {
   var identity = require_identity();
   var Pair = require_Pair();
@@ -4059,7 +4059,7 @@ var require_resolve_flow_collection = __commonJS((exports) => {
   exports.resolveFlowCollection = resolveFlowCollection;
 });
 
-// node_modules/yaml/dist/compose/compose-collection.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/compose/compose-collection.js
 var require_compose_collection = __commonJS((exports) => {
   var identity = require_identity();
   var Scalar = require_Scalar();
@@ -4121,7 +4121,7 @@ var require_compose_collection = __commonJS((exports) => {
   exports.composeCollection = composeCollection;
 });
 
-// node_modules/yaml/dist/compose/resolve-block-scalar.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/compose/resolve-block-scalar.js
 var require_resolve_block_scalar = __commonJS((exports) => {
   var Scalar = require_Scalar();
   function resolveBlockScalar(ctx, scalar, onError) {
@@ -4314,7 +4314,7 @@ var require_resolve_block_scalar = __commonJS((exports) => {
   exports.resolveBlockScalar = resolveBlockScalar;
 });
 
-// node_modules/yaml/dist/compose/resolve-flow-scalar.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/compose/resolve-flow-scalar.js
 var require_resolve_flow_scalar = __commonJS((exports) => {
   var Scalar = require_Scalar();
   var resolveEnd = require_resolve_end();
@@ -4530,7 +4530,7 @@ var require_resolve_flow_scalar = __commonJS((exports) => {
   exports.resolveFlowScalar = resolveFlowScalar;
 });
 
-// node_modules/yaml/dist/compose/compose-scalar.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/compose/compose-scalar.js
 var require_compose_scalar = __commonJS((exports) => {
   var identity = require_identity();
   var Scalar = require_Scalar();
@@ -4608,7 +4608,7 @@ var require_compose_scalar = __commonJS((exports) => {
   exports.composeScalar = composeScalar;
 });
 
-// node_modules/yaml/dist/compose/util-empty-scalar-position.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/compose/util-empty-scalar-position.js
 var require_util_empty_scalar_position = __commonJS((exports) => {
   function emptyScalarPosition(offset, before, pos) {
     if (before) {
@@ -4635,7 +4635,7 @@ var require_util_empty_scalar_position = __commonJS((exports) => {
   exports.emptyScalarPosition = emptyScalarPosition;
 });
 
-// node_modules/yaml/dist/compose/compose-node.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/compose/compose-node.js
 var require_compose_node = __commonJS((exports) => {
   var Alias = require_Alias();
   var identity = require_identity();
@@ -4738,7 +4738,7 @@ var require_compose_node = __commonJS((exports) => {
   exports.composeNode = composeNode;
 });
 
-// node_modules/yaml/dist/compose/compose-doc.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/compose/compose-doc.js
 var require_compose_doc = __commonJS((exports) => {
   var Document = require_Document();
   var composeNode = require_compose_node();
@@ -4778,7 +4778,7 @@ var require_compose_doc = __commonJS((exports) => {
   exports.composeDoc = composeDoc;
 });
 
-// node_modules/yaml/dist/compose/composer.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/compose/composer.js
 var require_composer = __commonJS((exports) => {
   var node_process = __require("process");
   var directives = require_directives();
@@ -4967,7 +4967,7 @@ ${end.comment}` : end.comment;
   exports.Composer = Composer;
 });
 
-// node_modules/yaml/dist/parse/cst-scalar.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/parse/cst-scalar.js
 var require_cst_scalar = __commonJS((exports) => {
   var resolveBlockScalar = require_resolve_block_scalar();
   var resolveFlowScalar = require_resolve_flow_scalar();
@@ -5157,7 +5157,7 @@ var require_cst_scalar = __commonJS((exports) => {
   exports.setScalarValue = setScalarValue;
 });
 
-// node_modules/yaml/dist/parse/cst-stringify.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/parse/cst-stringify.js
 var require_cst_stringify = __commonJS((exports) => {
   var stringify = (cst) => ("type" in cst) ? stringifyToken(cst) : stringifyItem(cst);
   function stringifyToken(token) {
@@ -5215,7 +5215,7 @@ var require_cst_stringify = __commonJS((exports) => {
   exports.stringify = stringify;
 });
 
-// node_modules/yaml/dist/parse/cst-visit.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/parse/cst-visit.js
 var require_cst_visit = __commonJS((exports) => {
   var BREAK = Symbol("break visit");
   var SKIP = Symbol("skip children");
@@ -5274,7 +5274,7 @@ var require_cst_visit = __commonJS((exports) => {
   exports.visit = visit;
 });
 
-// node_modules/yaml/dist/parse/cst.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/parse/cst.js
 var require_cst = __commonJS((exports) => {
   var cstScalar = require_cst_scalar();
   var cstStringify = require_cst_stringify();
@@ -5375,7 +5375,7 @@ var require_cst = __commonJS((exports) => {
   exports.tokenType = tokenType;
 });
 
-// node_modules/yaml/dist/parse/lexer.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/parse/lexer.js
 var require_lexer = __commonJS((exports) => {
   var cst = require_cst();
   function isEmpty(ch) {
@@ -5961,7 +5961,7 @@ var require_lexer = __commonJS((exports) => {
   exports.Lexer = Lexer;
 });
 
-// node_modules/yaml/dist/parse/line-counter.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/parse/line-counter.js
 var require_line_counter = __commonJS((exports) => {
   class LineCounter {
     constructor() {
@@ -5989,7 +5989,7 @@ var require_line_counter = __commonJS((exports) => {
   exports.LineCounter = LineCounter;
 });
 
-// node_modules/yaml/dist/parse/parser.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/parse/parser.js
 var require_parser = __commonJS((exports) => {
   var node_process = __require("process");
   var cst = require_cst();
@@ -6838,7 +6838,7 @@ var require_parser = __commonJS((exports) => {
   exports.Parser = Parser;
 });
 
-// node_modules/yaml/dist/public-api.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/public-api.js
 var require_public_api = __commonJS((exports) => {
   var composer = require_composer();
   var Document = require_Document();
@@ -6932,7 +6932,7 @@ var require_public_api = __commonJS((exports) => {
   exports.stringify = stringify;
 });
 
-// node_modules/yaml/dist/index.js
+// node_modules/.bun/yaml@2.8.3/node_modules/yaml/dist/index.js
 var composer, Document, Schema, errors, Alias, identity, Pair, Scalar, YAMLMap, YAMLSeq, cst, lexer, lineCounter, parser, publicApi, visit, $Composer, $Document, $Schema, $YAMLError, $YAMLParseError, $YAMLWarning, $Alias, $isAlias, $isCollection, $isDocument, $isMap, $isNode, $isPair, $isScalar, $isSeq, $Pair, $Scalar, $YAMLMap, $YAMLSeq, $Lexer, $LineCounter, $Parser, $parse, $parseAllDocuments, $parseDocument, $stringify, $visit, $visitAsync;
 var init_dist = __esm(() => {
   composer = require_composer();
@@ -6981,7 +6981,7 @@ var init_dist = __esm(() => {
   $visitAsync = visit.visitAsync;
 });
 
-// node_modules/zod/v3/helpers/util.js
+// node_modules/.bun/zod@3.25.76/node_modules/zod/v3/helpers/util.js
 var util, objectUtil, ZodParsedType, getParsedType = (data) => {
   const t = typeof data;
   switch (t) {
@@ -7112,7 +7112,7 @@ var init_util = __esm(() => {
   ]);
 });
 
-// node_modules/zod/v3/ZodError.js
+// node_modules/.bun/zod@3.25.76/node_modules/zod/v3/ZodError.js
 var ZodIssueCode, quotelessJson = (obj) => {
   const json = JSON.stringify(obj, null, 2);
   return json.replace(/"([^"]+)":/g, "$1:");
@@ -7233,7 +7233,7 @@ var init_ZodError = __esm(() => {
   };
 });
 
-// node_modules/zod/v3/locales/en.js
+// node_modules/.bun/zod@3.25.76/node_modules/zod/v3/locales/en.js
 var errorMap = (issue, _ctx) => {
   let message;
   switch (issue.code) {
@@ -7340,7 +7340,7 @@ var init_en = __esm(() => {
   en_default = errorMap;
 });
 
-// node_modules/zod/v3/errors.js
+// node_modules/.bun/zod@3.25.76/node_modules/zod/v3/errors.js
 function setErrorMap(map) {
   overrideErrorMap = map;
 }
@@ -7353,7 +7353,7 @@ var init_errors = __esm(() => {
   overrideErrorMap = en_default;
 });
 
-// node_modules/zod/v3/helpers/parseUtil.js
+// node_modules/.bun/zod@3.25.76/node_modules/zod/v3/helpers/parseUtil.js
 function addIssueToContext(ctx, issueData) {
   const overrideMap = getErrorMap();
   const issue = makeIssue({
@@ -7458,10 +7458,10 @@ var init_parseUtil = __esm(() => {
   });
 });
 
-// node_modules/zod/v3/helpers/typeAliases.js
+// node_modules/.bun/zod@3.25.76/node_modules/zod/v3/helpers/typeAliases.js
 var init_typeAliases = () => {};
 
-// node_modules/zod/v3/helpers/errorUtil.js
+// node_modules/.bun/zod@3.25.76/node_modules/zod/v3/helpers/errorUtil.js
 var errorUtil;
 var init_errorUtil = __esm(() => {
   (function(errorUtil2) {
@@ -7470,7 +7470,7 @@ var init_errorUtil = __esm(() => {
   })(errorUtil || (errorUtil = {}));
 });
 
-// node_modules/zod/v3/types.js
+// node_modules/.bun/zod@3.25.76/node_modules/zod/v3/types.js
 class ParseInputLazyPath {
   constructor(parent, value, path, key) {
     this._cachedPath = [];
@@ -10821,7 +10821,7 @@ var init_types = __esm(() => {
   NEVER = INVALID;
 });
 
-// node_modules/zod/v3/external.js
+// node_modules/.bun/zod@3.25.76/node_modules/zod/v3/external.js
 var exports_external = {};
 __export(exports_external, {
   void: () => voidType,
@@ -10941,14 +10941,14 @@ var init_external = __esm(() => {
   init_ZodError();
 });
 
-// node_modules/zod/index.js
+// node_modules/.bun/zod@3.25.76/node_modules/zod/index.js
 var init_zod = __esm(() => {
   init_external();
   init_external();
 });
 
 // src/config/schema.ts
-var CodeRepoEntrySchema, ScheduleEntrySchema, AgentSoulSchema, AgentToolsSchema, AgentMemorySchema, HookEntrySchema, AgentHooksSchema, SubagentSchema, SessionSchema, SessionContinuitySchema, TelegramChannelSchema, ChannelsSchema, TIMEZONE_REGEX, ApproverIdSchema, DriveConfigSchema, AgentDriveConfigSchema, profileFields, ProfileSchema, _omitExtends, defaultsFields, AgentDefaultsSchema, AgentSchema, TelegramConfigSchema, MemoryBackendConfigSchema, VaultConfigSchema, QuotaConfigSchema, SwitchroomConfigSchema;
+var CodeRepoEntrySchema, AgentBindMountSchema, ScheduleEntrySchema, AgentSoulSchema, AgentToolsSchema, AgentMemorySchema, HookEntrySchema, AgentHooksSchema, SubagentSchema, SessionSchema, SessionContinuitySchema, TelegramChannelSchema, ChannelsSchema, TIMEZONE_REGEX, ApproverIdSchema, GoogleWorkspaceTierSchema, GoogleWorkspaceConfigSchema, AgentGoogleWorkspaceConfigSchema, ReactionsSchema, profileFields, ProfileSchema, _omitExtends, defaultsFields, AgentDefaultsSchema, AgentSchema, TelegramConfigSchema, MemoryBackendConfigSchema, VaultConfigSchema, QuotaConfigSchema, HostControlConfigSchema, SwitchroomConfigSchema;
 var init_schema = __esm(() => {
   init_zod();
   CodeRepoEntrySchema = exports_external.object({
@@ -10956,10 +10956,15 @@ var init_schema = __esm(() => {
     source: exports_external.string().describe("Absolute or home-relative path to the repo (e.g. ~/code/switchroom)"),
     concurrency: exports_external.number().int().positive().optional().describe("Max simultaneous worktrees for this repo (default 5)")
   });
+  AgentBindMountSchema = exports_external.object({
+    source: exports_external.string().describe("Absolute host path to bind-mount into the container. Tilde-expansion " + "is not performed — use the literal absolute path (e.g. " + "'/home/me/code/switchroom'). The compose generator refuses sources " + "under system paths (/, /etc, /proc, /sys, /dev, /run, /var/run, " + "/boot, /var/lib/docker) and the docker socket."),
+    target: exports_external.string().optional().describe("Container path the source mounts to. Must be absolute. Defaults to " + "the same path as `source` (matches switchroom's existing dual-mount " + "convention so absolute paths in scaffolded scripts Just Work)."),
+    mode: exports_external.enum(["ro", "rw"]).optional().describe("Read-only (default) or read-write. Use `rw` only when the agent " + "must mutate the host path (e.g. editing switchroom source). " + "Default: 'ro'.")
+  });
   ScheduleEntrySchema = exports_external.object({
     cron: exports_external.string().describe("Cron expression (e.g., '0 8 * * *')"),
     prompt: exports_external.string().describe("Prompt to send at the scheduled time"),
-    model: exports_external.string().optional().describe("Model for this task. Defaults to claude-sonnet-4-6 (cheap, fast). " + "Use claude-opus-4-6 for tasks needing complex reasoning."),
+    model: exports_external.string().optional().describe("Model for this task. Defaults to claude-sonnet-4-6 (cheap, fast). " + "Use claude-opus-4-7 for tasks needing complex reasoning."),
     secrets: exports_external.array(exports_external.string().regex(/^[a-zA-Z0-9_\-/]+$/, "Secret key names must contain only alphanumeric characters, underscores, hyphens, and forward slashes")).default([]).describe("Vault key names this cron task may read via the vault-broker daemon. " + "Empty by default — broker requests for unlisted keys are denied. " + "Note: this is misconfiguration protection (a typo in cron-A doesn't " + "accidentally read cron-B's keys) rather than a security boundary — " + "anyone who can edit cron scripts can also edit switchroom.yaml, and " + "anyone with the vault passphrase can read the vault file directly. " + "See docs/configuration.md for the full framing.")
   });
   AgentSoulSchema = exports_external.object({
@@ -10999,7 +11004,7 @@ var init_schema = __esm(() => {
     SessionEnd: exports_external.array(HookEntrySchema).optional()
   }).catchall(exports_external.array(HookEntrySchema)).optional();
   SubagentSchema = exports_external.object({
-    description: exports_external.string().describe("When the main agent should delegate to this sub-agent"),
+    description: exports_external.string().optional().describe("When the main agent should delegate to this sub-agent"),
     model: exports_external.string().optional().describe("Model: 'sonnet', 'opus', 'haiku', full ID, or 'inherit' (default)"),
     background: exports_external.boolean().optional().describe("Run in background by default (non-blocking). Default false"),
     isolation: exports_external.enum(["worktree"]).optional().describe("'worktree' gives the sub-agent its own git branch"),
@@ -11036,10 +11041,6 @@ var init_schema = __esm(() => {
     deferred_completion_timeout_ms: exports_external.number().int().nonnegative().optional().describe("Force-close timeout (ms) for deferred sub-agent completion. After " + "the parent turn_end arrives while sub-agents are still running, the " + "card is force-closed after this many ms even if sub-agents never " + "finish. Watcher-disconnect safety net. Default 180000 (3 min)."),
     sub_agent_tick_interval_ms: exports_external.number().int().nonnegative().optional().describe("Heartbeat tick interval (ms) for sub-agent rendering. Forces a " + "re-render of the elapsed-time counter while sub-agents are running, " + "even during silent stretches between tool calls. Default 10000 (10 s). " + "Set to 0 to disable the elapsed-ticker path."),
     edit_budget_threshold: exports_external.number().int().nonnegative().optional().describe("Telegram API edit budget per minute before the progress-card driver " + "falls back to a slower coalesce window. When a chat accumulates more " + "than this many card edits in the trailing 60 s, the driver switches " + "to a wider coalesce interval until the rate drops back. Default 18. " + "Increase if your gateway frequently bumps the Telegram edit-rate ceiling " + "with many parallel sub-agents; decrease for a more conservative buffer."),
-    progress_card: exports_external.object({
-      delay_ms: exports_external.number().int().nonnegative().optional().describe("First-render delay (ms) for the pinned progress card (#842). The " + "driver buffers SessionEvents for this long after the turn starts; " + "if the turn ends before the threshold trips, no card is ever " + "posted. When the threshold trips, the card renders the full " + "buffered event stream and the live-update loop takes over. " + "Default 45000 (45 s). Set to 0 for the legacy immediate-render " + "behaviour."),
-      delay_ms_background: exports_external.number().int().nonnegative().optional().describe("First-render delay (ms) override for explicit background " + "sub-agent dispatches (#842). When the agent calls " + "`Agent({ run_in_background: true })`, the card is promoted out " + "of the suppression window using this delay instead of " + "`delay_ms`. Default 0 (immediate render — backgrounded work " + "should be visible right away).")
-    }).optional().describe("Progress-card first-render gating (#842). Defers the card until the " + "turn looks meaningful — short turns never flash a card at all."),
     stickers: exports_external.record(exports_external.string(), exports_external.string()).optional().describe("Sticker aliases for the `send_sticker` MCP tool (#576). Maps a " + "short alias name (e.g. 'happy', 'thinking') to a Telegram file_id. " + "Operator-curated — capture file_ids from inbound stickers the user " + "sends and add them here. The agent calls send_sticker(chat_id, " + "alias='happy') and the gateway resolves to the file_id at send " + "time. Aliases enable persona-flavored expressiveness without " + "exposing raw file_ids in the agent prompt. Personal-assistant / " + "health-coach personas benefit; coding agents typically don't " + "configure any."),
     voice_in: exports_external.object({
       enabled: exports_external.boolean().optional().describe("Master switch for voice-message transcription."),
@@ -11082,13 +11083,27 @@ var init_schema = __esm(() => {
   }).optional();
   TIMEZONE_REGEX = /^UTC$|^[A-Z][A-Za-z0-9_+-]+(\/[A-Z][A-Za-z0-9_+-]+){1,2}$/;
   ApproverIdSchema = exports_external.union([exports_external.number(), exports_external.string().regex(/^\d+$/)]);
-  DriveConfigSchema = exports_external.object({
+  GoogleWorkspaceTierSchema = exports_external.enum([
+    "core",
+    "extended",
+    "complete"
+  ]);
+  GoogleWorkspaceConfigSchema = exports_external.object({
     google_client_id: exports_external.string().min(1).describe("Google OAuth client ID (literal string or vault reference e.g. 'vault:google-oauth-client-id')"),
     google_client_secret: exports_external.string().min(1).describe("Google OAuth client secret (literal string or vault reference e.g. 'vault:google-oauth-client-secret')"),
-    approvers: exports_external.array(ApproverIdSchema).min(1).describe("Array of numeric Telegram user IDs authorized to approve drive onboarding. " + "At least one must be specified.")
+    approvers: exports_external.array(ApproverIdSchema).min(1).describe("Array of numeric Telegram user IDs authorized to approve drive onboarding. " + "At least one must be specified."),
+    tier: GoogleWorkspaceTierSchema.optional().describe("RFC G Phase 1: which upstream MCP tier to expose. " + "core (default) = ~16 tools (Drive+Docs+Sheets+Calendar). " + "extended = ~40 tools (+Slides, Forms, Tasks, Chat). " + "complete = ~60+ tools (+Gmail; not recommended yet — see RFC G §5).")
   }).optional();
-  AgentDriveConfigSchema = exports_external.object({
-    approvers: exports_external.array(ApproverIdSchema).min(1).optional().describe("Per-agent approver override. When set, replaces (does not extend) " + "the top-level drive.approvers list for this agent's onboarding card.")
+  AgentGoogleWorkspaceConfigSchema = exports_external.object({
+    approvers: exports_external.array(ApproverIdSchema).min(1).optional().describe("Per-agent approver override. When set, replaces (does not extend) " + "the top-level drive.approvers list for this agent's onboarding card."),
+    tier: GoogleWorkspaceTierSchema.optional().describe("Per-agent tier override (RFC G Phase 1). When set, replaces the " + "top-level google_workspace.tier for this agent. Common case: most " + "agents on `core`, one specialist on `extended` for Slides access.")
+  }).optional();
+  ReactionsSchema = exports_external.object({
+    enabled: exports_external.boolean().optional().describe("Master switch for the reaction-trigger path. When false, " + "reactions are still persisted via recordReaction but never " + "dispatched to the agent as synthetic inbound turns. Default true."),
+    trigger_emojis: exports_external.array(exports_external.string()).optional().describe("Emoji allowlist that triggers a synthetic inbound when reacted " + "to a bot message. Default ['\uD83D\uDC4E', '❌', '\uD83D\uDC4D', '✅']. Cascade " + "mode: REPLACE (not union) — setting this at a layer replaces " + "lower layers entirely, so an operator can narrow to [] to " + "disable triggering without flipping `enabled`."),
+    debounce_ms: exports_external.number().int().nonnegative().optional().describe("Per-chat debounce window in ms. A qualifying reaction holds for " + "this long; a second qualifying reaction within the window " + "collapses both into a single batched synthetic turn. Default 30000."),
+    per_hour_cap: exports_external.number().int().nonnegative().optional().describe("Max reaction-triggered synthetic turns per chat per rolling hour. " + "Refusals are stderr-logged but not surfaced to the agent. " + "Default 10. Set to 0 to disable triggering via the cap path."),
+    group_admin_only: exports_external.boolean().optional().describe("In groups/supergroups (negative chat_id), only trigger a synthetic " + "turn when the reacter is a chat admin (creator or administrator). " + "Failing the lookup is treated as non-admin (fail-closed). " + "DMs are never affected by this flag — the reacter IS the user. " + "Default true.")
   }).optional();
   profileFields = {
     extends: exports_external.string().optional(),
@@ -11114,6 +11129,7 @@ var init_schema = __esm(() => {
       }).optional()
     }).optional(),
     schedule: exports_external.array(ScheduleEntrySchema).optional(),
+    reactions: ReactionsSchema,
     model: exports_external.string().regex(/^[a-zA-Z0-9][a-zA-Z0-9._\-/\[\]:]*$/, "Model name must be alphanumeric with ._-/[]: only").optional(),
     thinking_effort: exports_external.enum(["low", "medium", "high", "xhigh", "max"]).optional().describe("Adaptive-thinking effort level passed as --effort to the claude CLI. " + "lower = faster/cheaper, higher = more reasoning. Omit to use Claude's default."),
     permission_mode: exports_external.enum(["acceptEdits", "auto", "bypassPermissions", "default", "dontAsk", "plan"]).optional().describe("Permission mode passed as --permission-mode to the claude CLI. " + "Omit to use Claude's default (acceptEdits for switchroom agents). " + "Warning: bypassPermissions and dontAsk skip all safety checks — use only in trusted sandboxes."),
@@ -11134,6 +11150,12 @@ var init_schema = __esm(() => {
     claude_md_raw: exports_external.string().optional(),
     cli_args: exports_external.array(exports_external.string()).optional(),
     extra_stable_files: exports_external.array(exports_external.string()).optional().describe("Extra filenames (relative to the agent's workspace directory) to append " + "to the stable bootstrap render. Loaded once at session start via " + "`--append-system-prompt`. Missing files are silently skipped. " + "Example: ['BRIEF.md', 'CONTEXT.md']."),
+    resources: exports_external.object({
+      memory: exports_external.string().regex(/^\d+(\.\d+)?[kmgKMG]?$/, "memory must be a Docker size string like '6g', '512m', '1.5g'").optional().describe("Hard memory cap (Docker `mem_limit` → cgroup memory.max). When the " + "container exceeds this, the kernel OOM-kills processes in the cgroup. " + "Format: '6g', '1.5g', '512m'. When unset at every cascade layer the " + "compose generator falls back to the hard-coded per-profile defaults " + "in src/agents/compose.ts (klanker 6g, coding 2g, conversational 1.5g, " + "lightweight 1g, default 1.5g)."),
+      memory_reservation: exports_external.string().regex(/^\d+(\.\d+)?[kmgKMG]?$/, "memory_reservation must be a Docker size string like '4g', '256m'").optional().describe("Soft memory floor (Docker `mem_reservation` → cgroup memory.low). " + "Under host-wide memory pressure, the kernel protects at least this " + "much from being reclaimed from the cgroup. Must be ≤ memory. Use to " + "keep an agent RAM-resident when the host has other tenants that " + "might push the box (Coolify apps, build jobs). Default: unset."),
+      pids_limit: exports_external.number().int().positive().optional().describe("Max processes the cgroup can spawn (cgroup pids.max). Prevents " + "fork bombs and runaway test runners. Counts every process in the " + "cgroup including bash subprocesses, claude itself, sidecars, and " + "any test/build worker. A typical agent at idle uses ~30 PIDs; " + "`npm test`-style workloads can spike to 200+. Set generously " + "(2000 is a comfortable cap for test-running agents). Default: " + "unset (no cgroup pid cap)."),
+      cpus: exports_external.number().positive().optional().describe("CPU quota (Docker `cpus`). Fractional values OK (e.g. 0.5, 2.0). " + "When unset at every cascade layer the compose generator falls " + "back to the per-profile default (klanker/coding 2.0, default 1.0, " + "lightweight 0.5).")
+    }).optional().describe("Per-agent resource limits. Cascades through defaults → profile → " + "per-agent with per-field merge (agent wins on each field independently). " + "Any field left unset at every layer falls back to the hard-coded " + "per-profile defaults in src/agents/compose.ts."),
     experimental: exports_external.object({
       legacy_pty: exports_external.boolean().optional().describe("Opt out of the default tmux supervisor (#725) and run the agent under " + "the legacy PTY supervisor instead. Default: false (tmux is the default)."),
       legacy_autoaccept_expect: exports_external.boolean().optional().describe("Opt the autoaccept gateway back into the legacy expect-script behaviour " + "instead of the tmux send-keys path. Default: false.")
@@ -11147,13 +11169,13 @@ var init_schema = __esm(() => {
     bot_token: exports_external.string().optional().describe("Per-agent Telegram bot token or vault reference (overrides global telegram.bot_token)"),
     bot_username: exports_external.string().optional().describe("Per-agent Telegram bot username (without leading @) when it doesn't " + "contain the agent slug. Replaces the default 'username includes slug' " + "preflight check with an exact (case-insensitive) match. Use when an " + "agent and its bot have intentionally divergent names (e.g. agent " + "'lawgpt' paired with bot '@meken_law_bot')."),
     timezone: exports_external.string().regex(TIMEZONE_REGEX, "timezone must be an IANA zone name like 'Australia/Melbourne' or 'UTC' " + "(three-letter aliases like EST/PST and bare offsets like UTC+10 are not accepted)").optional().describe("Per-agent IANA timezone override. Wins over any profile/defaults " + "value and over the top-level switchroom.timezone global. Controls " + "the UserPromptSubmit timezone hook's emitted local time and the " + "systemd unit's TZ= env."),
-    auth_label: exports_external.string().optional().describe("Human-readable identity for the session-start greeting (e.g. 'user@example.com'). " + "Anthropic does not expose a public user-profile endpoint for OAuth tokens, so the " + "email/account cannot be read locally; the user declares it here. Appears in the Auth " + "row as '✓ max · <label> · expires ...'."),
     auth: exports_external.object({
-      accounts: exports_external.array(exports_external.string()).optional().describe("Ordered list of Anthropic account labels (from `~/.switchroom/accounts/`) " + "this agent can use. The first non-quota-exhausted account is the active one; " + "subsequent entries are auto-fallback targets. switchroom-auth-broker keeps " + "`<agentDir>/.claude/credentials.json` in sync with the active account on " + "every refresh and on every quota event. When unset, the agent falls back to " + "a single 'default' account; if no `default` account exists, the boot self-test " + "surfaces a one-line nudge to run `switchroom auth account add`.")
-    }).optional().describe("Account routing for switchroom-auth-broker. See " + "reference/share-auth-across-the-fleet.md for the unit-of-authentication model."),
+      override: exports_external.string().min(1).optional().describe("Per-agent override of the fleet-wide `auth.active`. Edge-case use only — " + "this agent talks to the named account regardless of fleet active. See RFC H §4.5.")
+    }).optional().describe("Account routing for switchroom-auth-broker. RFC H schema uses " + "fleet-wide `auth.active` plus per-agent `override:` for edge cases. " + "Pre-RFC-H `auth.accounts: [..]` and `auth_label:` are migrated in-place " + "on first apply (see src/auth/migrate-schema.ts)."),
     dm_only: exports_external.boolean().optional().describe("Mark this agent as a DM-only bot — has its own bot_token and lives " + "exclusively in a private chat with the operator. Suppresses " + "scaffolding's default behavior of inheriting the global " + "telegram.forum_chat_id into the agent's access.json `groups` entry " + "(the forum chat the bot isn't a member of, which would otherwise " + "trigger a 'boot-probe-failed: 400 chat not found' warning every " + "restart). topic_name is still schema-required but unused — set it " + "to a display label like 'DM' for /switchroom status output."),
     topic_name: exports_external.string().describe("Telegram forum topic display name"),
     topic_emoji: exports_external.string().optional().describe("Emoji for the topic (e.g., '\uD83C\uDFCB️')"),
+    purpose: exports_external.string().max(140).optional().describe("One-line description of what this agent does (≤140 chars). Shown to " + "peer agents when they call the agent-config MCP `peers_list` tool, so " + "every agent on the instance can answer 'is there an agent that does X' " + "without baking the fleet into prompts. Sourced live from " + "switchroom.yaml — never memorized into Hindsight. Falls back to " + "`topic_name` when absent."),
     role: exports_external.enum(["assistant", "foreman"]).optional().describe("Agent role. Default (omitted) is `assistant` — a fleet agent doing " + "user-facing tasks. `foreman` opts the agent in to switchroom's bundled " + "operator skills (switchroom-architecture / cli / health / install / manage " + "/ status), auto-symlinked into the agent's .claude/skills/ on scaffold and " + "reconcile. Fleet agents (assistant role) get no operator skills; reconcile " + "actively retracts them if the role flips back. See docs/skills.md for the model."),
     topic_id: exports_external.number().optional().describe("Telegram topic thread ID (auto-populated by switchroom topics sync)"),
     webhook_sources: exports_external.array(exports_external.enum(["github", "generic"])).optional().describe("[DEPRECATED — moved to channels.telegram.webhook_sources in #596] " + "Old per-agent location. Still read but logs a deprecation warning. " + "See channels.telegram.webhook_sources for the canonical spot."),
@@ -11172,6 +11194,7 @@ var init_schema = __esm(() => {
     tools: AgentToolsSchema,
     memory: AgentMemorySchema,
     schedule: exports_external.array(ScheduleEntrySchema).default([]),
+    reactions: ReactionsSchema,
     model: exports_external.string().regex(/^[a-zA-Z0-9][a-zA-Z0-9._\-/\[\]:]*$/, "Model name must be alphanumeric with ._-/[]: only (no spaces or shell specials)").optional().describe("Claude model override (e.g., 'claude-sonnet-4-6')"),
     thinking_effort: exports_external.enum(["low", "medium", "high", "xhigh", "max"]).optional().describe("Adaptive-thinking effort level passed as --effort to the claude CLI. " + "Per-agent override wins over defaults.thinking_effort. " + "lower = faster/cheaper, higher = more reasoning. Omit to use Claude's default."),
     permission_mode: exports_external.enum(["acceptEdits", "auto", "bypassPermissions", "default", "dontAsk", "plan"]).optional().describe("Permission mode passed as --permission-mode to the claude CLI. " + "Per-agent override wins over defaults.permission_mode. " + "Warning: bypassPermissions and dontAsk skip all safety checks — use only in trusted sandboxes."),
@@ -11188,17 +11211,19 @@ var init_schema = __esm(() => {
     session_continuity: SessionContinuitySchema.describe("Handoff-briefing settings. When enabled (default), a Stop hook " + "summarizes each session at shutdown and start.sh injects that " + "briefing into the next session via --append-system-prompt."),
     channels: ChannelsSchema.describe("Per-channel configuration. Today only `telegram` is defined; the " + "shape is designed to expand to other channels (Slack, Discord, " + "Matrix, Email) as they're added."),
     dangerous_mode: exports_external.boolean().optional().describe("If true, include --dangerously-skip-permissions in start.sh"),
-    skip_permission_prompt: exports_external.boolean().optional().describe("If true, add skipDangerousModePermissionPrompt to settings.json"),
+    skip_permission_prompt: exports_external.boolean().optional().describe("DEPRECATED no-op (accepted for backwards compatibility). Claude Code " + "ignores skipDangerousModePermissionPrompt at project scope; autoaccept " + "(src/agents/autoaccept.ts) handles the bypass-mode prompt instead. " + "Safe to remove from switchroom.yaml."),
     admin: exports_external.boolean().optional().describe("If true, the agent's Telegram gateway intercepts admin slash commands " + "(/agents, /logs, /restart, /delete, /update, /auth, /reconcile, etc.) " + "locally before forwarding to Claude. Commands are handled silently — " + "Claude never sees them. Requires the agent to use the switchroom-telegram " + "plugin. When false or absent, all messages pass through to Claude unchanged."),
     settings_raw: exports_external.record(exports_external.string(), exports_external.unknown()).optional().describe("Escape hatch: raw object deep-merged into the generated " + "settings.json as the final step. Use for Claude Code settings " + "keys switchroom doesn't wrap directly (e.g. effort, apiKeyHelper). " + "Power-user-only — prefer the typed fields when they exist."),
     claude_md_raw: exports_external.string().optional().describe("Escape hatch: markdown text appended verbatim to CLAUDE.md on " + "initial scaffold. Not re-applied on reconcile (CLAUDE.md is " + "user-protected). Use for one-off persona tuning that isn't " + "worth a template."),
     cli_args: exports_external.array(exports_external.string()).optional().describe("Escape hatch: extra arguments appended to the `exec claude` " + "invocation in start.sh. Use for Claude Code CLI flags switchroom " + "doesn't expose directly (e.g. --effort high, " + "--exclude-dynamic-system-prompt-sections)."),
-    add_dirs: exports_external.array(exports_external.string()).optional().describe("Additional filesystem paths the agent's tools can access. Passed " + "as repeated --add-dir <path> on the claude invocation. Use to grant " + "an agent reach into shared dirs (e.g. '/share/collab') without " + "scaffold hacks. Per-agent only — paths are persona-specific. See #199."),
+    add_dirs: exports_external.array(exports_external.string()).optional().describe("Additional filesystem paths the agent's tools can access. Passed " + "as repeated --add-dir <path> on the claude invocation. Use to grant " + "an agent reach into shared dirs (e.g. '/share/collab') without " + "scaffold hacks. Per-agent only — paths are persona-specific. See #199. " + "Note: this only adjusts the claude CLI's --add-dir tool-reach allowlist. " + "If the path is not already inside the agent's container, also declare " + "it in `bind_mounts:` (admin agents only) — otherwise the path doesn't " + "exist inside the sandbox and --add-dir is a no-op."),
+    bind_mounts: exports_external.array(AgentBindMountSchema).optional().describe("Extra host paths bind-mounted into this agent's container, on top of " + "the standard dual-mount baseline. ADMIN-ONLY: the compose generator " + "refuses to emit bind_mounts unless `admin: true` is also set on the " + "same agent. Use to dogfood / self-modify switchroom or another repo " + "(see issue #1164). Pair with `add_dirs:` so claude's tool-reach " + "allowlist also covers the mounted path. System paths (/, /etc, " + "/proc, /sys, /dev, /run, /var/run, /boot, /var/lib/docker, " + "/var/run/docker.sock) are denylisted regardless of mode."),
     allowed_tools: exports_external.array(exports_external.string()).optional().describe("Granular tool allowlist passed verbatim to Claude Code's --allowedTools " + "flag. Supports patterns like 'Bash(git *)' or 'Edit(*.md)' that the " + "coarse `tools.allow` field can't express. When set, Claude Code OR-merges " + "with `tools.allow` (granular only when present, otherwise coarse — chosen " + "via #199 to keep blast radius minimal for existing operators on tools.allow). " + "See #199."),
     disallowed_tools: exports_external.array(exports_external.string()).optional().describe("Granular tool denylist passed verbatim to Claude Code's --disallowedTools " + "flag. Same pattern syntax as allowed_tools (e.g. 'Bash(rm *)'). See #199."),
     extra_stable_files: exports_external.array(exports_external.string()).optional().describe("Extra filenames (relative to the agent's workspace directory) to append " + "to the stable bootstrap render. Loaded once at session start via " + "`--append-system-prompt`. Missing files are silently skipped. " + "Example: ['BRIEF.md', 'CONTEXT.md']."),
     code_repos: exports_external.array(CodeRepoEntrySchema).optional().describe("Git repositories this agent is allowed to claim worktrees from. " + "Each entry provides a short name alias, a source path, and an " + "optional concurrency cap (default 5). When code_repos is set, " + "claim_worktree accepts the alias as the repo argument. " + "Absolute paths may always be passed regardless of this list."),
-    drive: AgentDriveConfigSchema.describe("Per-agent drive onboarding overrides (currently just approvers). " + "When set, replaces the top-level drive.approvers list for this agent. " + "google_client_id/secret are not per-agent — they live at the top level."),
+    drive: AgentGoogleWorkspaceConfigSchema.describe("RFC D legacy key — use `google_workspace:` instead. Per-agent " + "google_workspace overrides (currently approvers + tier). When set, " + "replaces the top-level approvers list for this agent. " + "google_client_id/secret are not per-agent — they live at the top level."),
+    google_workspace: AgentGoogleWorkspaceConfigSchema.describe("RFC G canonical key. Per-agent Google Workspace overrides — currently " + "approvers (replaces, does not extend the top-level list) and tier " + "(`core` | `extended` | `complete`, replaces top-level default). " + "google_client_id/secret are not per-agent — they live at the top level. " + "Mutually exclusive with `drive:` on the same agent (loader fails fast " + "if both are set)."),
     repos: exports_external.record(exports_external.string().regex(/^[a-z0-9][a-z0-9-]*$/, "Repo slug must be kebab-case ASCII: start with a lowercase letter or digit, contain only lowercase letters, digits, and hyphens"), exports_external.object({
       url: exports_external.string().min(1).describe("Git remote URL for the repo (e.g. 'git@github.com:org/repo.git' or " + "'https://github.com/org/repo.git'). Used verbatim for git clone."),
       branch_default: exports_external.string().optional().describe("Default branch to track (defaults to the remote's HEAD, typically 'main'). " + "The per-agent branch 'agent/<agentName>/main' fast-forwards to this branch " + "when the worktree is clean on session start.")
@@ -11206,7 +11231,13 @@ var init_schema = __esm(() => {
     experimental: exports_external.object({
       legacy_pty: exports_external.boolean().optional().describe("Opt out of the default tmux supervisor (#725) and run the agent " + "under the legacy PTY supervisor instead. Default: false."),
       legacy_autoaccept_expect: exports_external.boolean().optional().describe("Opt the autoaccept gateway back into the legacy expect-script " + "behaviour instead of the tmux send-keys path. Default: false.")
-    }).optional().describe("Opt-in flags for experimental / legacy behaviours. Cascades through " + "defaults → profile → per-agent.")
+    }).optional().describe("Opt-in flags for experimental / legacy behaviours. Cascades through " + "defaults → profile → per-agent."),
+    resources: exports_external.object({
+      memory: exports_external.string().regex(/^\d+(\.\d+)?[kmgKMG]?$/).optional(),
+      memory_reservation: exports_external.string().regex(/^\d+(\.\d+)?[kmgKMG]?$/).optional(),
+      pids_limit: exports_external.number().int().positive().optional(),
+      cpus: exports_external.number().positive().optional()
+    }).optional()
   });
   TelegramConfigSchema = exports_external.object({
     bot_token: exports_external.string().describe("Telegram bot token or vault reference (e.g., 'vault:telegram-bot-token')"),
@@ -11229,13 +11260,26 @@ var init_schema = __esm(() => {
       socket: exports_external.string().default("~/.switchroom/vault-broker.sock").describe("Unix domain socket path for the vault-broker daemon"),
       enabled: exports_external.boolean().default(true).describe("Whether to start the vault-broker daemon on agent launch"),
       autoUnlock: exports_external.boolean().default(false).describe("Auto-unlock the vault at broker start using a machine-bound " + "encrypted blob. Off by default. When enabled, the broker reads " + "the configured blob path, derives the AES key from /etc/machine-id, " + "decrypts the passphrase, and unlocks the vault — no sudo, no " + "systemd-creds, no TPM. Run `switchroom vault broker " + "enable-auto-unlock` once to write the blob."),
-      autoUnlockCredentialPath: exports_external.string().default("~/.switchroom/vault-auto-unlock").describe("Path to the machine-bound auto-unlock blob (see " + "src/vault/auto-unlock.ts for the format). Default lives under " + "~/.switchroom so it can be bind-mounted into the vault-broker " + "container by docker compose. Tilde-expansion happens " + "at read time.")
-    }).default({}).describe("Vault-broker daemon configuration. The broker holds the decrypted vault " + "in memory and serves secrets to cron scripts via a Unix socket, so the " + "vault passphrase is entered once at startup rather than per-cron invocation.")
+      autoUnlockCredentialPath: exports_external.string().default("~/.switchroom/vault-auto-unlock").describe("Path to the machine-bound auto-unlock blob (see " + "src/vault/auto-unlock.ts for the format). Default lives under " + "~/.switchroom so it can be bind-mounted into the vault-broker " + "container by docker compose. Tilde-expansion happens " + "at read time."),
+      approvalAuth: exports_external.enum(["passphrase", "telegram-id"]).default("passphrase").describe("Posture for tap-to-Approve on vault grant cards. `passphrase` " + "(default) prompts the operator to type the vault passphrase on " + "every Approve — two-factor (Telegram ID + passphrase). " + "`telegram-id` mints immediately on Approve with no passphrase " + "prompt — single-factor (Telegram ID only); REQUIRES " + "`autoUnlock: true` so the broker already holds the passphrase. " + "Trades a factor of security for smoother UX; opt-in only."),
+      postureMintAgents: exports_external.array(exports_external.string().min(1)).default([]).describe("Per-agent opt-in for posture-attested broker calls (`mint_grant` / " + "`list_grants` / `put` with `attest_via_posture: true`). Only agents " + "whose names are in this list can use the silent-mint path under " + "`approvalAuth: telegram-id`. Default `[]` — no agent can self-mint " + "until the operator explicitly opts it in. The request's `agent` " + "field must also equal the calling peer's resolved agent name " + "(broker rejects cross-agent posture mints). When `approvalAuth` is " + "`passphrase` this list is ignored — passphrase attestation still " + "works as before. Each entry is an agent slug exactly as it appears " + "under `agents:` in this config.")
+    }).default({}).superRefine((broker, ctx) => {
+      if (broker.approvalAuth === "telegram-id" && broker.autoUnlock !== true) {
+        ctx.addIssue({
+          code: exports_external.ZodIssueCode.custom,
+          message: "`vault.broker.approvalAuth: telegram-id` requires `autoUnlock: true` — single-factor approval needs the broker already unlocked at startup.",
+          path: ["approvalAuth"]
+        });
+      }
+    }).describe("Vault-broker daemon configuration. The broker holds the decrypted vault " + "in memory and serves secrets to cron scripts via a Unix socket, so the " + "vault passphrase is entered once at startup rather than per-cron invocation.")
   });
   QuotaConfigSchema = exports_external.object({
     weekly_budget_usd: exports_external.number().positive().optional().describe("Weekly USD spend budget. If unset, the greeting shows raw usage only."),
     monthly_budget_usd: exports_external.number().positive().optional().describe("Monthly USD spend budget. If unset, the greeting shows raw usage only.")
   });
+  HostControlConfigSchema = exports_external.object({
+    enabled: exports_external.boolean().optional().describe("Opt-in to the host-control daemon. Default: false. " + "When true, the compose generator emits per-agent bind mounts " + "at `~/.switchroom/hostd/<name>/sock` for every admin-flagged " + "agent. Install the daemon with `switchroom hostd install` — " + "it runs as a docker container in its own compose project " + "(`switchroom-hostd`), separate from the agent fleet's compose " + "project so `up -d --remove-orphans` cycles of the fleet " + "can't recreate the daemon mid-RPC. See RFC C §5.1. " + "Since Phase 2 (#1175 PR γ) the gateway's /restart, /new, /reset, " + "and /update apply slash-commands automatically dispatch through " + "hostd when enabled — replacing the in-container " + "`spawnSwitchroomDetached` shellout that requires docker access. " + "Set enabled: true on docker-mode installs to make those verbs work " + "(they otherwise fail because the agent container has no docker " + "binary/socket).")
+  });
   SwitchroomConfigSchema = exports_external.object({
     switchroom: exports_external.object({
       version: exports_external.literal(1).describe("Config schema version"),
@@ -11246,8 +11290,28 @@ var init_schema = __esm(() => {
     telegram: TelegramConfigSchema,
     memory: MemoryBackendConfigSchema.optional(),
     vault: VaultConfigSchema.optional(),
-    drive: DriveConfigSchema.describe("Optional drive onboarding configuration. When set, supplies Google " + "OAuth client credentials and the approver allowlist for `switchroom " + "drive connect`. Env vars (SWITCHROOM_GOOGLE_CLIENT_ID, " + "SWITCHROOM_GOOGLE_CLIENT_SECRET, SWITCHROOM_APPROVER_USER_ID) take " + "precedence over this block when set, preserving back-compat with " + "the env-only flow shipped in #766."),
+    auth: exports_external.object({
+      active: exports_external.string().min(1).optional().describe("Fleet-wide active Anthropic account label. Every agent without " + "an explicit `agent.auth.override` uses this account. See " + "docs/auth.md for the full model. Set by `switchroom auth use <label>`."),
+      fallback_order: exports_external.array(exports_external.string().min(1)).optional().describe("Ordered list of account labels for `switchroom auth rotate` to cycle " + "through when the active account hits a quota event. First entry is " + "normally the same as `auth.active`. When unset, `rotate` is a no-op."),
+      consumers: exports_external.array(exports_external.object({
+        name: exports_external.string().regex(/^[a-zA-Z0-9][a-zA-Z0-9_-]*$/, {
+          message: "Consumer name must be a path-safe slug (letters, digits, underscore, hyphen)"
+        }).describe("Socket-path identity; binds at /run/switchroom/auth-broker/<name>/sock"),
+        account: exports_external.string().min(1).describe("Pinned account label for this consumer. `get-credentials` returns " + "this account's credentials; `mark-exhausted` from this consumer " + "only affects this account."),
+        uid: exports_external.number().int().nonnegative().optional().describe("Optional UID to chown the consumer socket to (defaults to 0 = root, " + "suitable for sibling containers running as root).")
+      })).optional().describe("Non-agent peers that hold a broker socket (RFC H §4.8). Each gets " + "its own `/run/switchroom/auth-broker/<name>/sock` chowned to its UID. " + "Consumers cannot be admins; a consumer name that collides with an " + "agent (whether that agent has `admin: true` or not) is a config " + "error caught at schema validation.")
+    }).optional().describe("Switchroom-auth-broker configuration (RFC H). Fleet-wide active account, " + "fallback order, admin-agent ACL, and ephemeral-consumer surface. " + "Required from the v0.8+ schema onwards; pre-v0.8 fleets are migrated " + "in-place by `switchroom apply` (see src/auth/migrate-schema.ts)."),
+    drive: GoogleWorkspaceConfigSchema.describe("RFC D legacy key — use `google_workspace:` instead. Optional Google " + "Workspace onboarding configuration. When set, supplies Google OAuth " + "client credentials, the approver allowlist for `switchroom drive " + "connect`, and the optional tier knob. Env vars " + "(SWITCHROOM_GOOGLE_CLIENT_ID, SWITCHROOM_GOOGLE_CLIENT_SECRET, " + "SWITCHROOM_APPROVER_USER_ID) take precedence over this block when " + "set, preserving back-compat with the env-only flow shipped in #766."),
+    google_workspace: GoogleWorkspaceConfigSchema.describe("RFC G canonical key. Top-level Google Workspace configuration — " + "OAuth client credentials, approver allowlist, and tier knob (`core` " + "| `extended` | `complete`, default `core`). Mutually exclusive with " + "`drive:` at the top level (loader fails fast if both are set)."),
     quota: QuotaConfigSchema.optional().describe("Optional weekly/monthly USD spend budgets rendered in the session " + "greeting. Usage is read from ccusage at runtime; no network calls."),
+    host_control: HostControlConfigSchema.optional().describe("Optional host-control daemon configuration. See RFC C " + "(docs/rfcs/host-control-daemon.md) and the field-level help on " + "`enabled` for the Phase 1 scope."),
+    google_accounts: exports_external.record(exports_external.string().regex(/^[^@\s:]+@[^@\s:]+\.[^@\s:]+$/, {
+      message: "Account key must be a Google account email like 'alice@example.com' (colons not allowed)"
+    }).transform((v) => v.trim().toLowerCase()), exports_external.object({
+      enabled_for: exports_external.array(exports_external.string().regex(/^[a-z0-9][a-z0-9_-]{0,50}$/, {
+        message: "Agent name must match the standard agent-name pattern"
+      })).describe("Agent slugs that may read this account's vault slots " + "(`google:<account>:refresh_token` etc). Per-agent ACL is " + "enforced at the broker, not at the agent identity layer — " + "the agent still authenticates via socket-path-as-identity " + "per RFC D §4.1, broker just gates the cross-agent token share.")
+    })).optional().describe("RFC G Phase 2: per-Google-account ACL for vault slots holding " + "OAuth refresh tokens. Maps account email → list of agents " + "permitted to read that account's slots. Written by `switchroom " + "auth google enable|disable` (Phase 3); read by the broker on " + "every Google slot access. Replaces RFC D's per-agent vault slot " + "scope (which can't express 'two agents share one Google account')."),
     defaults: AgentDefaultsSchema.describe("Implicit bottom-of-cascade profile applied to every agent before " + "per-agent config and `extends:` resolution. Tools, mcp_servers, and " + "schedule are unioned/concatenated; scalars and nested objects are " + "shallow-merged with per-agent values winning."),
     profiles: exports_external.record(exports_external.string(), ProfileSchema).optional().describe("Named profile definitions. Agents reference via `extends: <name>`. " + "Inline profiles declared here take priority over filesystem " + "profiles/<name>/ directories when both exist."),
     agents: exports_external.record(exports_external.string().regex(/^[a-z0-9][a-z0-9_-]{0,50}$/, {
@@ -11282,6 +11346,142 @@ function resolveDualPath(pathStr) {
 var DEFAULT_STATE_DIR = ".switchroom", LEGACY_STATE_DIR = ".clerk";
 var init_paths = () => {};
 
+// src/config/overlay-schema.ts
+var OverlayDocSchema;
+var init_overlay_schema = __esm(() => {
+  init_zod();
+  init_schema();
+  OverlayDocSchema = exports_external.object({
+    schedule: exports_external.array(ScheduleEntrySchema).optional(),
+    skills: exports_external.array(exports_external.string()).optional()
+  }).strict();
+});
+
+// src/config/overlay-loader.ts
+import { existsSync as existsSync5, readFileSync as readFileSync5, readdirSync as readdirSync2, statSync as statSync3 } from "node:fs";
+import { resolve as resolve3 } from "node:path";
+function overlayDirFor(agentName, subdir) {
+  const base = resolveDualPath(`~/.switchroom/agents/${agentName}/${subdir}`);
+  return resolve3(base);
+}
+function listYamlFiles(dir) {
+  if (!existsSync5(dir))
+    return [];
+  let entries;
+  try {
+    entries = readdirSync2(dir);
+  } catch {
+    return [];
+  }
+  const out = [];
+  for (const name of entries) {
+    if (!/\.ya?ml$/i.test(name))
+      continue;
+    const full = resolve3(dir, name);
+    try {
+      if (statSync3(full).isFile())
+        out.push(full);
+    } catch {}
+  }
+  return out.sort();
+}
+function stampOverlay(entry) {
+  Object.defineProperty(entry, OVERLAY_SOURCE, {
+    value: true,
+    enumerable: false,
+    configurable: false,
+    writable: false
+  });
+  return entry;
+}
+function applyAgentOverlays(config) {
+  const warnings = [];
+  const agents = config.agents ?? {};
+  for (const [agentName, agentCfg] of Object.entries(agents)) {
+    try {
+      const scheduleDir = overlayDirFor(agentName, "schedule.d");
+      const files = listYamlFiles(scheduleDir);
+      if (files.length > 0) {
+        const merged = [...agentCfg.schedule ?? []];
+        for (const file of files) {
+          try {
+            const raw = readFileSync5(file, "utf-8");
+            const parsed = $parse(raw);
+            const doc = OverlayDocSchema.parse(parsed);
+            for (const entry of doc.schedule ?? []) {
+              if (entry.secrets && entry.secrets.length > 0) {
+                const w = {
+                  agent: agentName,
+                  file,
+                  reason: "Overlay schedule entry declares secrets — dropped pending Phase E operator approval"
+                };
+                warnings.push(w);
+                console.warn(`[switchroom] overlay-loader: agent='${agentName}' file='${file}': ${w.reason}`);
+                continue;
+              }
+              merged.push(stampOverlay(entry));
+            }
+          } catch (err) {
+            const reason = err instanceof ZodError ? `schema rejection: ${err.errors.map((e) => `${e.path.join(".")}: ${e.message}`).join("; ")}` : `parse error: ${err.message}`;
+            warnings.push({ agent: agentName, file, reason });
+            console.warn(`[switchroom] overlay-loader: agent='${agentName}' file='${file}': ${reason}`);
+          }
+        }
+        agentCfg.schedule = merged;
+      }
+    } catch (err) {
+      warnings.push({
+        agent: agentName,
+        file: "(agent schedule overlay scan)",
+        reason: `unexpected error: ${err.message}`
+      });
+      console.warn(`[switchroom] overlay-loader: agent='${agentName}' schedule.d: unexpected error: ${err.message}`);
+    }
+    try {
+      const skillsDir = overlayDirFor(agentName, "skills.d");
+      const skillFiles = listYamlFiles(skillsDir);
+      if (skillFiles.length === 0) {} else {
+        const merged = [...agentCfg.skills ?? []];
+        const seen = new Set(merged);
+        for (const file of skillFiles) {
+          try {
+            const raw = readFileSync5(file, "utf-8");
+            const parsed = $parse(raw);
+            const doc = OverlayDocSchema.parse(parsed);
+            for (const skillName of doc.skills ?? []) {
+              if (seen.has(skillName))
+                continue;
+              seen.add(skillName);
+              merged.push(skillName);
+            }
+          } catch (err) {
+            const reason = err instanceof ZodError ? `schema rejection: ${err.errors.map((e) => `${e.path.join(".")}: ${e.message}`).join("; ")}` : `parse error: ${err.message}`;
+            warnings.push({ agent: agentName, file, reason });
+            console.warn(`[switchroom] overlay-loader: agent='${agentName}' file='${file}': ${reason}`);
+          }
+        }
+        agentCfg.skills = merged;
+      }
+    } catch (err) {
+      warnings.push({
+        agent: agentName,
+        file: "(agent skills overlay scan)",
+        reason: `unexpected error: ${err.message}`
+      });
+      console.warn(`[switchroom] overlay-loader: agent='${agentName}' skills.d: unexpected error: ${err.message}`);
+    }
+  }
+  return { config, warnings };
+}
+var OVERLAY_SOURCE;
+var init_overlay_loader = __esm(() => {
+  init_dist();
+  init_zod();
+  init_overlay_schema();
+  init_paths();
+  OVERLAY_SOURCE = Symbol.for("switchroom.config.overlay-source");
+});
+
 // src/config/loader.ts
 var exports_loader = {};
 __export(exports_loader, {
@@ -11291,36 +11491,74 @@ __export(exports_loader, {
   findConfigFile: () => findConfigFile,
   ConfigError: () => ConfigError
 });
-import { readFileSync as readFileSync4, existsSync as existsSync5 } from "node:fs";
+import { readFileSync as readFileSync6, existsSync as existsSync6 } from "node:fs";
 import { homedir } from "node:os";
-import { resolve as resolve3 } from "node:path";
+import { resolve as resolve4 } from "node:path";
 function formatZodErrors(error) {
   return error.errors.map((e) => {
     const path = e.path.join(".");
     return `  ${path}: ${e.message}`;
   });
 }
+function coerceLegacyGoogleWorkspaceKeys(parsed, filePath) {
+  const stableStringify = (v) => {
+    if (v === null || typeof v !== "object")
+      return JSON.stringify(v);
+    if (Array.isArray(v))
+      return `[${v.map(stableStringify).join(",")}]`;
+    const obj = v;
+    const keys = Object.keys(obj).sort();
+    return `{${keys.map((k) => `${JSON.stringify(k)}:${stableStringify(obj[k])}`).join(",")}}`;
+  };
+  const aliasInPlace = (obj, where) => {
+    const a = obj.drive;
+    const b = obj.google_workspace;
+    if (a !== undefined && b !== undefined) {
+      if (stableStringify(a) !== stableStringify(b)) {
+        throw new ConfigError(`Both \`drive:\` and \`google_workspace:\` are set on ${where} in ${filePath} with different values.`, [
+          "  These are aliases — pick one and remove the other.",
+          "  `google_workspace:` is the RFC G canonical key; `drive:` is the legacy alias.",
+          "  Allowed during transition: setting both with identical values."
+        ]);
+      }
+      return;
+    }
+    if (a !== undefined && b === undefined)
+      obj.google_workspace = a;
+    if (b !== undefined && a === undefined)
+      obj.drive = b;
+  };
+  aliasInPlace(parsed, "the top level");
+  const agents = parsed.agents;
+  if (agents && typeof agents === "object" && !Array.isArray(agents)) {
+    for (const [name, agent] of Object.entries(agents)) {
+      if (agent && typeof agent === "object" && !Array.isArray(agent)) {
+        aliasInPlace(agent, `agent \`${name}\``);
+      }
+    }
+  }
+}
 function findConfigFile(startDir) {
   const envPath = process.env.SWITCHROOM_CONFIG;
   const home2 = homedir();
-  const userDir = resolve3(home2, ".switchroom");
+  const userDir = resolve4(home2, ".switchroom");
   const searchPaths = [
-    envPath ? resolve3(envPath) : null,
-    startDir ? resolve3(startDir, "switchroom.yaml") : null,
-    startDir ? resolve3(startDir, "switchroom.yml") : null,
-    startDir ? resolve3(startDir, "clerk.yaml") : null,
-    startDir ? resolve3(startDir, "clerk.yml") : null,
-    resolve3(process.cwd(), "switchroom.yaml"),
-    resolve3(process.cwd(), "switchroom.yml"),
-    resolve3(process.cwd(), "clerk.yaml"),
-    resolve3(process.cwd(), "clerk.yml"),
-    resolve3(userDir, "switchroom.yaml"),
-    resolve3(userDir, "switchroom.yml"),
-    resolve3(userDir, "clerk.yaml"),
-    resolve3(userDir, "clerk.yml")
+    envPath ? resolve4(envPath) : null,
+    startDir ? resolve4(startDir, "switchroom.yaml") : null,
+    startDir ? resolve4(startDir, "switchroom.yml") : null,
+    startDir ? resolve4(startDir, "clerk.yaml") : null,
+    startDir ? resolve4(startDir, "clerk.yml") : null,
+    resolve4(process.cwd(), "switchroom.yaml"),
+    resolve4(process.cwd(), "switchroom.yml"),
+    resolve4(process.cwd(), "clerk.yaml"),
+    resolve4(process.cwd(), "clerk.yml"),
+    resolve4(userDir, "switchroom.yaml"),
+    resolve4(userDir, "switchroom.yml"),
+    resolve4(userDir, "clerk.yaml"),
+    resolve4(userDir, "clerk.yml")
   ].filter(Boolean);
   for (const path of searchPaths) {
-    if (existsSync5(path)) {
+    if (existsSync6(path)) {
       return path;
     }
   }
@@ -11328,12 +11566,12 @@ function findConfigFile(startDir) {
 }
 function loadConfig(configPath) {
   const filePath = configPath ?? findConfigFile();
-  if (!existsSync5(filePath)) {
+  if (!existsSync6(filePath)) {
     throw new ConfigError(`Config file not found: ${filePath}`);
   }
   let raw;
   try {
-    raw = readFileSync4(filePath, "utf-8");
+    raw = readFileSync6(filePath, "utf-8");
   } catch (err) {
     throw new ConfigError(`Failed to read config file: ${filePath}`, [
       `  ${err.message}`
@@ -11352,16 +11590,26 @@ function loadConfig(configPath) {
     obj.switchroom = obj.clerk;
     delete obj.clerk;
   }
+  if (parsed && typeof parsed === "object" && !Array.isArray(parsed)) {
+    coerceLegacyGoogleWorkspaceKeys(parsed, filePath);
+  }
+  let config;
   try {
-    return SwitchroomConfigSchema.parse(parsed);
+    config = SwitchroomConfigSchema.parse(parsed);
   } catch (err) {
     if (err instanceof ZodError) {
       throw new ConfigError("Invalid switchroom.yaml configuration", formatZodErrors(err));
     }
     throw err;
   }
+  applyAgentOverlays(config);
+  return config;
 }
 function resolveAgentsDir(config) {
+  const override = process.env.SWITCHROOM_AGENTS_DIR;
+  if (override && override.length > 0 && override.startsWith("/")) {
+    return override;
+  }
   return resolveDualPath(config.switchroom.agents_dir);
 }
 function resolvePath(pathStr) {
@@ -11373,6 +11621,7 @@ var init_loader = __esm(() => {
   init_zod();
   init_schema();
   init_paths();
+  init_overlay_loader();
   ConfigError = class ConfigError extends Error {
     details;
     constructor(message, details) {
@@ -11385,7 +11634,7 @@ var init_loader = __esm(() => {
 
 // src/vault/broker/server.ts
 import * as net from "node:net";
-import { mkdirSync as mkdirSync5, chmodSync as chmodSync4, chownSync, existsSync as existsSync7, readFileSync as readFileSync7, readdirSync as readdirSync2, unlinkSync as unlinkSync4, writeFileSync as writeFileSync3, renameSync as renameSync3 } from "node:fs";
+import { mkdirSync as mkdirSync5, chmodSync as chmodSync4, chownSync, existsSync as existsSync8, readFileSync as readFileSync8, readdirSync as readdirSync3, unlinkSync as unlinkSync4, writeFileSync as writeFileSync3, renameSync as renameSync3 } from "node:fs";
 
 // src/agents/compose.ts
 import { createHash } from "node:crypto";
@@ -11653,6 +11902,23 @@ function mergeAgentConfig(defaultsIn, agentIn) {
     const a = merged.extra_stable_files ?? [];
     merged.extra_stable_files = dedupe([...d, ...a]);
   }
+  const dReactions = defaults.reactions;
+  const mReactions = merged.reactions;
+  if (dReactions || mReactions) {
+    const base = dReactions ?? {};
+    const override = mReactions ?? {};
+    const combined = { ...base };
+    for (const [k, v] of Object.entries(override)) {
+      if (v !== undefined)
+        combined[k] = v;
+    }
+    merged.reactions = combined;
+  }
+  if (defaults.resources || merged.resources) {
+    const d = defaults.resources ?? {};
+    const a = merged.resources ?? {};
+    merged.resources = { ...d, ...a };
+  }
   if (defaults.experimental || merged.experimental) {
     const d = defaults.experimental ?? {};
     const a = merged.experimental ?? {};
@@ -11665,118 +11931,501 @@ function mergeAgentConfig(defaultsIn, agentIn) {
   mergeAgentConfig.notifiedWorkerIsolationMove = false;
 })(mergeAgentConfig ||= {});
 
-// src/agents/compose.ts
-var AGENT_UID_MIN = 10001;
-var AGENT_UID_MAX = 10999;
-function allocateAgentUid(name) {
-  const hash = createHash("sha256").update(name).digest();
-  const u32 = hash.readUInt32BE(0);
-  const range = AGENT_UID_MAX - AGENT_UID_MIN + 1;
-  return AGENT_UID_MIN + u32 % range;
-}
-
-// src/vault/broker/server.ts
-import { dirname as dirname4, resolve as resolve4, basename as basename3 } from "node:path";
-import * as os3 from "node:os";
-import * as path3 from "node:path";
-
-// src/vault/vault.ts
-import { randomBytes, scryptSync, createCipheriv, createDecipheriv } from "node:crypto";
-import {
-  readFileSync as readFileSync2,
-  writeFileSync,
-  existsSync as existsSync2,
-  renameSync,
-  mkdirSync,
-  unlinkSync as unlinkSync2
-} from "node:fs";
-import { dirname, basename, resolve } from "node:path";
+// src/vault/broker/peercred.ts
+import { execFileSync } from "node:child_process";
+import { readFileSync, readlinkSync, fstatSync } from "node:fs";
 
-// src/vault/flock.ts
-import {
-  existsSync,
-  openSync,
-  closeSync,
-  writeSync,
-  fsyncSync,
-  unlinkSync,
-  readFileSync,
-  readdirSync,
-  rmdirSync,
-  statSync,
-  constants as fsConstants
-} from "node:fs";
-var DEFAULT_LOCK_RETRY_MS = 5000;
-function lockPathFor(vaultPath) {
-  return `${vaultPath}.lock`;
-}
-function readLockHolder(lockPath) {
+// src/vault/broker/peercred-ffi.ts
+function getPeerCred(fd) {
+  if (process.platform !== "linux")
+    return null;
   try {
-    const raw = readFileSync(lockPath, "utf8");
-    const lines = raw.split(`
+    const ffi = __require("bun:ffi");
+    const { dlopen, FFIType, ptr } = ffi;
+    const SOL_SOCKET = 1;
+    const SO_PEERCRED = 17;
+    const UCRED_SIZE = 12;
+    const cache = getPeerCred;
+    const lib = cache._lib ?? (() => {
+      const candidates = ["libc.so.6", "libc.so"];
+      const symbolSpec = {
+        getsockopt: {
+          args: [FFIType.i32, FFIType.i32, FFIType.i32, FFIType.ptr, FFIType.ptr],
+          returns: FFIType.i32
+        }
+      };
+      const errors = [];
+      for (const name of candidates) {
+        try {
+          const opened = dlopen(name, symbolSpec);
+          cache._lib = opened;
+          return opened;
+        } catch (e) {
+          errors.push(`${name}: ${e instanceof Error ? e.message : String(e)}`);
+        }
+      }
+      process.stderr.write(`[vault-broker] peercred-ffi: dlopen failed for all libc candidates ` + `(${errors.join("; ")}); falling back to ss-parsing.
 `);
-    const pid = Number.parseInt(lines[0] ?? "", 10);
-    const acquiredAtMs = Number.parseInt(lines[1] ?? "", 10);
-    if (!Number.isFinite(pid) || pid <= 0)
+      throw new Error("no libc candidate could be opened");
+    })();
+    const credBuf = new ArrayBuffer(UCRED_SIZE);
+    const lenBuf = new Uint32Array(1);
+    lenBuf[0] = UCRED_SIZE;
+    const rc = lib.symbols.getsockopt(fd, SOL_SOCKET, SO_PEERCRED, ptr(credBuf), ptr(lenBuf.buffer));
+    if (rc !== 0)
       return null;
-    if (!Number.isFinite(acquiredAtMs) || acquiredAtMs <= 0)
+    if (lenBuf[0] !== UCRED_SIZE)
       return null;
-    return { pid, acquiredAtMs, argv0: lines[2] ?? "" };
+    const view = new DataView(credBuf);
+    return {
+      pid: view.getInt32(0, true),
+      uid: view.getInt32(4, true),
+      gid: view.getInt32(8, true)
+    };
   } catch {
     return null;
   }
 }
-function pidIsLive(pid) {
-  if (process.platform === "linux") {
-    return existsSync(`/proc/${pid}`);
+
+// src/vault/broker/peercred.ts
+var SOCKET_PATH_AGENT_RE = /^\/run\/switchroom\/broker\/([a-zA-Z0-9][a-zA-Z0-9_-]*)\.sock$/;
+var SOCKET_PATH_AGENT_SUBDIR_RE = /^\/run\/switchroom\/broker\/([a-zA-Z0-9][a-zA-Z0-9_-]*)\/sock$/;
+var RESERVED_AGENT_NAMES = new Set(["operator", "hostd"]);
+function socketPathToIdentity(socketPath) {
+  if (typeof socketPath !== "string" || socketPath.length === 0)
+    return null;
+  const m = socketPath.match(SOCKET_PATH_AGENT_RE) ?? socketPath.match(SOCKET_PATH_AGENT_SUBDIR_RE);
+  if (!m)
+    return null;
+  const name = m[1];
+  if (name === "operator")
+    return { kind: "operator" };
+  if (RESERVED_AGENT_NAMES.has(name))
+    return null;
+  return { kind: "agent", name };
+}
+function socketPathToAgent(socketPath) {
+  const identity = socketPathToIdentity(socketPath);
+  return identity?.kind === "agent" ? identity.name : null;
+}
+function isReservedAgentName(name) {
+  return RESERVED_AGENT_NAMES.has(name);
+}
+function unlockSocketFor(dataSocketPath) {
+  if (dataSocketPath.endsWith("/sock")) {
+    return dataSocketPath.slice(0, -"/sock".length) + "/unlock";
   }
-  try {
-    process.kill(pid, 0);
-    return true;
-  } catch {
-    return false;
+  return dataSocketPath.replace(/\.sock$/, ".unlock.sock");
+}
+function parseSsRows(output) {
+  const rows = [];
+  const lines = output.split(`
+`);
+  for (const line of lines) {
+    if (!line.trim() || line.startsWith("Netid"))
+      continue;
+    const tokens = line.split(/\s+/).filter((t) => t.length > 0);
+    if (tokens.length < 8)
+      continue;
+    const localAddr = tokens[4];
+    const localInode = tokens[5];
+    const peerAddr = tokens[6];
+    const peerInode = tokens[7];
+    const usersToken = tokens.slice(8).join(" ");
+    const m = usersToken.match(/users:\(\(".*?",pid=(\d+),fd=\d+\)\)/);
+    const pid = m ? parseInt(m[1], 10) : null;
+    rows.push({ localAddr, localInode, peerAddr, peerInode, pid });
   }
+  return rows;
 }
-function clearStaleSentinelDir(lockPath) {
-  try {
-    if (!existsSync(lockPath))
-      return true;
-    const s = statSync(lockPath);
-    if (!s.isDirectory())
-      return true;
-    for (const entry of readdirSync(lockPath)) {
-      try {
-        unlinkSync(`${lockPath}/${entry}`);
-      } catch {}
+function findClientPids(rows, socketPath) {
+  const pids = [];
+  for (const serverRow of rows) {
+    if (serverRow.localAddr !== socketPath)
+      continue;
+    for (const clientRow of rows) {
+      if (clientRow.localAddr !== "*")
+        continue;
+      if (clientRow.localInode !== serverRow.peerInode)
+        continue;
+      if (clientRow.pid === null)
+        continue;
+      pids.push(clientRow.pid);
+      break;
     }
-    rmdirSync(lockPath);
-    return true;
-  } catch {
-    return false;
   }
+  return pids;
 }
-function acquireLock(vaultPath, options = {}) {
-  const budgetMs = options.budgetMs ?? DEFAULT_LOCK_RETRY_MS;
-  const lockPath = lockPathFor(vaultPath);
-  const deadline = Date.now() + budgetMs;
-  const sleepBuf = new Int32Array(new SharedArrayBuffer(4));
-  while (true) {
-    let fd = null;
-    try {
-      fd = openSync(lockPath, fsConstants.O_WRONLY | fsConstants.O_CREAT | fsConstants.O_EXCL, 384);
-    } catch (err) {
-      const code = err?.code ?? "";
-      if (code === "EEXIST") {
-        let isDir = false;
-        try {
-          isDir = statSync(lockPath).isDirectory();
-        } catch {}
-        if (isDir) {
-          if (clearStaleSentinelDir(lockPath))
+function findClientPidByServerInode(rows, socketPath, serverInode) {
+  const serverInodeStr = String(serverInode);
+  for (const serverRow of rows) {
+    if (serverRow.localAddr !== socketPath)
+      continue;
+    if (serverRow.localInode !== serverInodeStr)
+      continue;
+    for (const clientRow of rows) {
+      if (clientRow.localAddr !== "*")
+        continue;
+      if (clientRow.localInode !== serverRow.peerInode)
+        continue;
+      if (clientRow.pid === null)
+        continue;
+      return clientRow.pid;
+    }
+    return null;
+  }
+  return null;
+}
+function readUid(pid) {
+  try {
+    const status = readFileSync(`/proc/${pid}/status`, "utf8");
+    const m = status.match(/^Uid:\s+(\d+)/m);
+    if (!m)
+      return null;
+    return parseInt(m[1], 10);
+  } catch {
+    return null;
+  }
+}
+function readExe(pid) {
+  try {
+    return readlinkSync(`/proc/${pid}/exe`);
+  } catch {
+    return null;
+  }
+}
+function readSystemdUnit(pid) {
+  try {
+    const content = readFileSync(`/proc/${pid}/cgroup`, "utf8");
+    const lines = content.split(`
+`);
+    for (const line of lines) {
+      if (!line.trim())
+        continue;
+      const parts = line.split(":");
+      if (parts.length < 3)
+        continue;
+      const controller = parts[1];
+      const isV2 = parts[0] === "0" && controller === "";
+      const isV1Systemd = controller === "name=systemd";
+      if (!isV2 && !isV1Systemd)
+        continue;
+      const cgroupPath = parts.slice(2).join(":");
+      const segments = cgroupPath.split("/");
+      const lastSegment = segments[segments.length - 1];
+      if (!lastSegment)
+        continue;
+      if (/^switchroom-[a-zA-Z0-9_-]+(-cron-\d+)?\.service$/.test(lastSegment)) {
+        return lastSegment;
+      }
+    }
+    return null;
+  } catch {
+    return null;
+  }
+}
+function verifySystemdUnit(unitName, runner) {
+  let raw;
+  try {
+    const out = runner("systemctl", [
+      "--user",
+      "show",
+      unitName,
+      "--property=LoadState,ActiveState"
+    ], { timeout: 500, encoding: "utf8" });
+    raw = typeof out === "string" ? out : out.toString("utf8");
+  } catch {
+    return false;
+  }
+  const props = {};
+  for (const line of raw.split(`
+`)) {
+    const m = line.match(/^([A-Za-z]+)=(.*)$/);
+    if (m)
+      props[m[1]] = m[2];
+  }
+  if (props.LoadState !== "loaded")
+    return false;
+  if (props.ActiveState !== "active" && props.ActiveState !== "activating") {
+    return false;
+  }
+  return true;
+}
+function readFdInode(fd) {
+  try {
+    const stat = fstatSync(fd);
+    return stat.ino;
+  } catch {
+    return null;
+  }
+}
+function fdFromSocket(socket) {
+  const handle = socket._handle;
+  if (!handle || typeof handle.fd !== "number" || handle.fd < 0)
+    return null;
+  return handle.fd;
+}
+function identify(socketPath, socket, execFileSyncOverride) {
+  if (process.platform !== "linux") {
+    return null;
+  }
+  const runner = execFileSyncOverride ?? execFileSync;
+  let pid = null;
+  if (socket !== undefined) {
+    const fd = fdFromSocket(socket);
+    if (fd !== null) {
+      const cred = getPeerCred(fd);
+      if (cred !== null)
+        pid = cred.pid;
+    }
+  }
+  if (pid === null) {
+    let ssOutput;
+    try {
+      const raw = runner("ss", ["-xpn"], {
+        timeout: 200,
+        encoding: "utf8"
+      });
+      ssOutput = typeof raw === "string" ? raw : raw.toString("utf8");
+    } catch {
+      return null;
+    }
+    const rows = parseSsRows(ssOutput);
+    let serverInode = null;
+    if (socket !== undefined) {
+      const fd = fdFromSocket(socket);
+      if (fd !== null)
+        serverInode = readFdInode(fd);
+    }
+    if (serverInode !== null) {
+      pid = findClientPidByServerInode(rows, socketPath, serverInode);
+    } else {
+      const clientPids = findClientPids(rows, socketPath);
+      if (clientPids.length === 0)
+        return null;
+      if (clientPids.length > 1) {
+        process.stderr.write(`[vault-broker] peercred: ${clientPids.length} connected peers found for ${socketPath}; ` + `using pid=${clientPids[0]}. ` + `Multiple simultaneous connections reduce identification accuracy. ` + `(This warning means identify() was called without a socket arg — likely a stale call site.)
+`);
+      }
+      pid = clientPids[0];
+    }
+  }
+  if (pid === null)
+    return null;
+  const uid = readUid(pid);
+  if (uid === null) {
+    return null;
+  }
+  const brokerUid = typeof process.getuid === "function" ? process.getuid() : null;
+  if (brokerUid !== null && uid !== brokerUid) {
+    process.stderr.write(`[vault-broker] peercred: UID mismatch — caller uid=${uid}, broker uid=${brokerUid}; denying
+`);
+    return null;
+  }
+  const exe = readExe(pid);
+  if (exe === null) {
+    return null;
+  }
+  const cgroupClaim = readSystemdUnit(pid);
+  let systemdUnit = null;
+  if (cgroupClaim !== null) {
+    if (verifySystemdUnit(cgroupClaim, runner)) {
+      systemdUnit = cgroupClaim;
+    } else {
+      process.stderr.write(`[vault-broker] peercred: cgroup claims unit=${cgroupClaim} but systemd-user does not report it as loaded+running; treating caller as unidentified
+`);
+    }
+  }
+  return { uid, pid, exe, systemdUnit };
+}
+
+// src/memory/hindsight.ts
+var DEFAULT_RETAIN_MISSION = "Extract user preferences, ongoing projects, recurring commitments, " + "important context, and durable facts that should help across future " + "conversations. Skip one-off chatter and temporary task noise.";
+
+// src/agents/reconcile-default-skills.ts
+var warnedMissingPool = new Set;
+
+// src/agents/compose.ts
+var AGENT_UID_MIN = 10001;
+var AGENT_UID_MAX = 10999;
+function allocateAgentUid(name) {
+  if (isReservedAgentName(name)) {
+    throw new Error(`agent name '${name}' is reserved by switchroom for another identity kind ` + `(see vault/broker/peercred.ts:RESERVED_AGENT_NAMES). Pick a different name.`);
+  }
+  const hash = createHash("sha256").update(name).digest();
+  const u32 = hash.readUInt32BE(0);
+  const range = AGENT_UID_MAX - AGENT_UID_MIN + 1;
+  return AGENT_UID_MIN + u32 % range;
+}
+var BIND_MOUNT_EXACT_SOURCE_DENY = new Set(["/var/run/docker.sock"]);
+
+// src/vault/broker/server.ts
+import { dirname as dirname4, resolve as resolve5, basename as basename3 } from "node:path";
+import * as os3 from "node:os";
+import * as path3 from "node:path";
+
+// src/vault/vault.ts
+import { randomBytes, scryptSync, createCipheriv, createDecipheriv } from "node:crypto";
+import {
+  readFileSync as readFileSync3,
+  writeFileSync,
+  existsSync as existsSync2,
+  renameSync,
+  mkdirSync,
+  unlinkSync as unlinkSync2,
+  lstatSync,
+  realpathSync
+} from "node:fs";
+import { dirname, basename, resolve } from "node:path";
+
+// src/vault/flock.ts
+import {
+  existsSync,
+  openSync,
+  closeSync,
+  writeSync,
+  fsyncSync,
+  unlinkSync,
+  readFileSync as readFileSync2,
+  readdirSync,
+  rmdirSync,
+  statSync,
+  constants as fsConstants
+} from "node:fs";
+var DEFAULT_LOCK_RETRY_MS = 5000;
+function lockPathFor(vaultPath) {
+  return `${vaultPath}.lock`;
+}
+function readLockHolder(lockPath) {
+  try {
+    const raw = readFileSync2(lockPath, "utf8");
+    const lines = raw.split(`
+`);
+    const pid = Number.parseInt(lines[0] ?? "", 10);
+    const acquiredAtMs = Number.parseInt(lines[1] ?? "", 10);
+    if (!Number.isFinite(pid) || pid <= 0)
+      return null;
+    if (!Number.isFinite(acquiredAtMs) || acquiredAtMs <= 0)
+      return null;
+    return { pid, acquiredAtMs, argv0: lines[2] ?? "" };
+  } catch {
+    return null;
+  }
+}
+function pidIsLive(pid) {
+  if (process.platform === "linux") {
+    return existsSync(`/proc/${pid}`);
+  }
+  try {
+    process.kill(pid, 0);
+    return true;
+  } catch {
+    return false;
+  }
+}
+function parseProcStartTimeMs(statLine, procStat, now) {
+  const tailStart = statLine.lastIndexOf(")");
+  if (tailStart < 0)
+    return null;
+  const tokens = statLine.slice(tailStart + 1).trim().split(/\s+/);
+  const starttimeTicks = Number.parseInt(tokens[19] ?? "", 10);
+  if (!Number.isFinite(starttimeTicks))
+    return null;
+  const btimeMatch = procStat.match(/^btime\s+(\d+)/m);
+  if (!btimeMatch)
+    return null;
+  const bootEpochSec = Number.parseInt(btimeMatch[1], 10);
+  if (!Number.isFinite(bootEpochSec))
+    return null;
+  const USER_HZ = 100;
+  const startEpochMs = bootEpochSec * 1000 + starttimeTicks / USER_HZ * 1000;
+  const bootEpochMs = bootEpochSec * 1000;
+  const SLOP_MS = 5000;
+  if (startEpochMs < bootEpochMs - SLOP_MS || startEpochMs > now + SLOP_MS) {
+    return null;
+  }
+  return Math.floor(startEpochMs);
+}
+function pidStartTimeMs(pid) {
+  if (process.platform !== "linux")
+    return null;
+  try {
+    const statLine = readFileSync2(`/proc/${pid}/stat`, "utf8");
+    const procStat = readFileSync2("/proc/stat", "utf8");
+    return parseProcStartTimeMs(statLine, procStat, Date.now());
+  } catch {
+    return null;
+  }
+}
+function pidIsOriginalHolder(holder) {
+  const startMs = pidStartTimeMs(holder.pid);
+  if (startMs === null)
+    return true;
+  return startMs <= holder.acquiredAtMs + 100;
+}
+var STALE_MTIME_FLOOR_MS = 1e4;
+function lockFileMtimeIsOlderThan(lockPath, budgetMs) {
+  try {
+    const s = statSync(lockPath);
+    const threshold = Math.max(STALE_MTIME_FLOOR_MS, budgetMs * 2);
+    return Date.now() - s.mtimeMs > threshold;
+  } catch {
+    return false;
+  }
+}
+var SENTINEL_DIR_RECENT_WRITE_MS = 60000;
+function clearStaleSentinelDir(lockPath) {
+  try {
+    if (!existsSync(lockPath))
+      return true;
+    const s = statSync(lockPath);
+    if (!s.isDirectory())
+      return true;
+    const now = Date.now();
+    for (const entry of readdirSync(lockPath)) {
+      try {
+        const childStat = statSync(`${lockPath}/${entry}`);
+        if (now - childStat.mtimeMs < SENTINEL_DIR_RECENT_WRITE_MS) {
+          return false;
+        }
+      } catch {}
+    }
+    for (const entry of readdirSync(lockPath)) {
+      try {
+        unlinkSync(`${lockPath}/${entry}`);
+      } catch {}
+    }
+    rmdirSync(lockPath);
+    return true;
+  } catch {
+    return false;
+  }
+}
+function acquireLock(vaultPath, options = {}) {
+  const budgetMs = options.budgetMs ?? DEFAULT_LOCK_RETRY_MS;
+  const lockPath = lockPathFor(vaultPath);
+  const deadline = Date.now() + budgetMs;
+  const sleepBuf = new Int32Array(new SharedArrayBuffer(4));
+  while (true) {
+    let fd = null;
+    try {
+      fd = openSync(lockPath, fsConstants.O_WRONLY | fsConstants.O_CREAT | fsConstants.O_EXCL, 384);
+    } catch (err) {
+      const code = err?.code ?? "";
+      if (code === "EEXIST") {
+        let isDir = false;
+        try {
+          isDir = statSync(lockPath).isDirectory();
+        } catch {}
+        if (isDir) {
+          if (clearStaleSentinelDir(lockPath))
             continue;
         }
         const holder = readLockHolder(lockPath);
-        if (holder && !pidIsLive(holder.pid)) {
+        const isDeadPid = holder !== null && !pidIsLive(holder.pid);
+        const isReusedPid = holder !== null && pidIsLive(holder.pid) && !pidIsOriginalHolder(holder);
+        const isUnparseableAndOld = holder === null && lockFileMtimeIsOlderThan(lockPath, budgetMs);
+        if (isDeadPid || isReusedPid || isUnparseableAndOld) {
           try {
             unlinkSync(lockPath);
           } catch {}
@@ -11858,11 +12507,17 @@ var SCRYPT_R = 8;
 var SCRYPT_P = 1;
 var SCRYPT_MAXMEM = 128 * 1024 * 1024;
 function atomicWriteFileSync(path, data, mode) {
-  const dir = dirname(resolve(path));
-  const tmp = resolve(dir, `.${basename(path)}.${process.pid}.${Date.now()}.tmp`);
+  let effectivePath = path;
+  try {
+    if (existsSync2(path) && lstatSync(path).isSymbolicLink()) {
+      effectivePath = realpathSync(path);
+    }
+  } catch {}
+  const dir = dirname(resolve(effectivePath));
+  const tmp = resolve(dir, `.${basename(effectivePath)}.${process.pid}.${Date.now()}.tmp`);
   try {
     writeFileSync(tmp, data, { encoding: "utf8", mode });
-    renameSync(tmp, path);
+    renameSync(tmp, effectivePath);
   } catch (err) {
     try {
       if (existsSync2(tmp))
@@ -11929,7 +12584,7 @@ function openVault(passphrase, vaultPath) {
   }
   let vaultFile;
   try {
-    vaultFile = JSON.parse(readFileSync2(vaultPath, "utf8"));
+    vaultFile = JSON.parse(readFileSync3(vaultPath, "utf8"));
   } catch {
     throw new VaultError(`Failed to read vault file: ${vaultPath}`);
   }
@@ -11966,7 +12621,7 @@ function saveVault(passphrase, vaultPath, secrets) {
   try {
     let vaultFile;
     try {
-      vaultFile = JSON.parse(readFileSync2(vaultPath, "utf8"));
+      vaultFile = JSON.parse(readFileSync3(vaultPath, "utf8"));
     } catch {
       throw new VaultError(`Failed to read vault file: ${vaultPath}`);
     }
@@ -12004,11 +12659,11 @@ import {
   chmodSync,
   existsSync as existsSync3,
   fsyncSync as fsyncSync3,
-  lstatSync,
+  lstatSync as lstatSync2,
   mkdirSync as mkdirSync2,
   openSync as openSync3,
   closeSync as closeSync3,
-  readFileSync as readFileSync3,
+  readFileSync as readFileSync4,
   renameSync as renameSync2,
   statSync as statSync2,
   symlinkSync,
@@ -12054,451 +12709,162 @@ function runMigration(home, opts) {
       const oldRealStat = statSync2(oldPath);
       const newRealStat = statSync2(newPath);
       return {
-        kind: "divergent",
-        details: {
-          oldPath,
-          newPath,
-          oldHash,
-          newHash,
-          oldSize: oldRealStat.size,
-          newSize: newRealStat.size,
-          oldMtime: oldRealStat.mtime.toISOString(),
-          newMtime: newRealStat.mtime.toISOString()
-        }
-      };
-    }
-    if (oldStat?.isFile() && !newExists) {
-      if (opts.dryRun)
-        return { kind: "migrated" };
-      mkdirSync2(parent, { recursive: true, mode: 448 });
-      const tempNew = `${newPath}.tmp`;
-      copyFileSync(oldPath, tempNew);
-      chmodSync(tempNew, 384);
-      fsyncFile(tempNew);
-      renameSync2(tempNew, newPath);
-      fsyncDir(parent);
-      atomicReplaceWithSymlink(oldPath, "vault/vault.enc");
-      fsyncDir(switchroomRoot);
-      return { kind: "migrated" };
-    }
-    return { kind: "no-vault" };
-  } finally {
-    if (release !== null) {
-      try {
-        release();
-      } catch {}
-    }
-  }
-}
-function lstatSyncOrNull(path) {
-  try {
-    return lstatSync(path);
-  } catch {
-    return null;
-  }
-}
-function sha256File(path) {
-  const data = readFileSync3(path);
-  return createHash2("sha256").update(data).digest("hex");
-}
-function atomicReplaceWithSymlink(target, linkTarget) {
-  const tmp = join(dirname2(target), `.${basename2(target)}.symlink-tmp`);
-  if (existsSync3(tmp)) {
-    try {
-      unlinkSync3(tmp);
-    } catch {}
-  }
-  symlinkSync(linkTarget, tmp);
-  renameSync2(tmp, target);
-}
-function fsyncFile(path) {
-  const fd = openSync3(path, "r+");
-  try {
-    fsyncSync3(fd);
-  } finally {
-    closeSync3(fd);
-  }
-}
-function fsyncDir(path) {
-  const fd = openSync3(path, "r");
-  try {
-    fsyncSync3(fd);
-  } finally {
-    closeSync3(fd);
-  }
-}
-
-// src/vault/broker/server.ts
-init_loader();
-
-// src/vault/auto-unlock.ts
-import { createHmac, randomBytes as randomBytes2, createCipheriv as createCipheriv2, createDecipheriv as createDecipheriv2 } from "node:crypto";
-import { chmodSync as chmodSync2, existsSync as existsSync6, mkdirSync as mkdirSync3, readFileSync as readFileSync5, writeFileSync as writeFileSync2 } from "node:fs";
-var FORMAT_VERSION = 1;
-var SALT_LEN = 16;
-var NONCE_LEN = 12;
-var TAG_LEN = 16;
-var KEY_LEN = 32;
-var HKDF_INFO = "switchroom-vault-auto-unlock-v1";
-var MACHINE_ID_PRIMARY = "/etc/machine-id";
-var MACHINE_ID_FALLBACK = "/var/lib/dbus/machine-id";
-
-class MachineIdUnavailableError extends Error {
-  constructor() {
-    super(`Cannot derive machine-bound key: neither ${MACHINE_ID_PRIMARY} nor ` + `${MACHINE_ID_FALLBACK} is readable. Auto-unlock requires a stable ` + `machine identifier. On a fresh install, run \`systemd-machine-id-setup\` ` + `or boot once to populate it.`);
-    this.name = "MachineIdUnavailableError";
-  }
-}
-
-class AutoUnlockDecryptError extends Error {
-  reason;
-  constructor(reason) {
-    super(reason === "tag-mismatch" ? "Auto-unlock blob failed to decrypt — likely bound to a different " + "machine-id. Re-run `switchroom vault broker enable-auto-unlock` to refresh." : reason === "format" ? "Auto-unlock blob is malformed (wrong length or version)." : "Auto-unlock blob could not be read.");
-    this.reason = reason;
-    this.name = "AutoUnlockDecryptError";
-  }
-}
-function readMachineId() {
-  for (const path of [MACHINE_ID_PRIMARY, MACHINE_ID_FALLBACK]) {
-    try {
-      const id = readFileSync5(path, "utf8").trim();
-      if (id.length > 0)
-        return id;
-    } catch {}
-  }
-  throw new MachineIdUnavailableError;
-}
-function deriveKey2(machineId, salt) {
-  const ikm = Buffer.from(machineId, "utf8");
-  const prk = createHmac("sha256", salt).update(ikm).digest();
-  const okm = createHmac("sha256", prk).update(Buffer.concat([Buffer.from(HKDF_INFO, "utf8"), Buffer.from([1])])).digest();
-  return okm.subarray(0, KEY_LEN);
-}
-function decryptAutoUnlock(blob, machineId) {
-  if (blob.length < 1 + SALT_LEN + NONCE_LEN + TAG_LEN) {
-    throw new AutoUnlockDecryptError("format");
-  }
-  if (blob[0] !== FORMAT_VERSION) {
-    throw new AutoUnlockDecryptError("format");
-  }
-  const salt = blob.subarray(1, 1 + SALT_LEN);
-  const nonce = blob.subarray(1 + SALT_LEN, 1 + SALT_LEN + NONCE_LEN);
-  const ctAndTag = blob.subarray(1 + SALT_LEN + NONCE_LEN);
-  const ciphertext = ctAndTag.subarray(0, ctAndTag.length - TAG_LEN);
-  const tag = ctAndTag.subarray(ctAndTag.length - TAG_LEN);
-  const id = machineId ?? readMachineId();
-  const key = deriveKey2(id, salt);
-  const decipher = createDecipheriv2("aes-256-gcm", key, nonce);
-  decipher.setAuthTag(tag);
-  try {
-    const plaintext = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
-    return plaintext.toString("utf8");
-  } catch {
-    throw new AutoUnlockDecryptError("tag-mismatch");
-  }
-}
-function readAutoUnlockFile(filePath) {
-  if (!existsSync6(filePath)) {
-    throw new AutoUnlockDecryptError("io");
-  }
-  let blob;
-  try {
-    blob = readFileSync5(filePath);
-  } catch {
-    throw new AutoUnlockDecryptError("io");
-  }
-  return decryptAutoUnlock(blob);
-}
-var DEFAULT_AUTO_UNLOCK_PATH = "~/.switchroom/vault-auto-unlock";
-
-// src/vault/broker/peercred.ts
-import { execFileSync } from "node:child_process";
-import { readFileSync as readFileSync6, readlinkSync, fstatSync } from "node:fs";
-
-// src/vault/broker/peercred-ffi.ts
-function getPeerCred(fd) {
-  if (process.platform !== "linux")
-    return null;
-  try {
-    const ffi = __require("bun:ffi");
-    const { dlopen, FFIType, ptr } = ffi;
-    const SOL_SOCKET = 1;
-    const SO_PEERCRED = 17;
-    const UCRED_SIZE = 12;
-    const cache = getPeerCred;
-    const lib = cache._lib ?? (() => {
-      const candidates = ["libc.so.6", "libc.so"];
-      const symbolSpec = {
-        getsockopt: {
-          args: [FFIType.i32, FFIType.i32, FFIType.i32, FFIType.ptr, FFIType.ptr],
-          returns: FFIType.i32
-        }
-      };
-      const errors3 = [];
-      for (const name of candidates) {
-        try {
-          const opened = dlopen(name, symbolSpec);
-          cache._lib = opened;
-          return opened;
-        } catch (e) {
-          errors3.push(`${name}: ${e instanceof Error ? e.message : String(e)}`);
-        }
-      }
-      process.stderr.write(`[vault-broker] peercred-ffi: dlopen failed for all libc candidates ` + `(${errors3.join("; ")}); falling back to ss-parsing.
-`);
-      throw new Error("no libc candidate could be opened");
-    })();
-    const credBuf = new ArrayBuffer(UCRED_SIZE);
-    const lenBuf = new Uint32Array(1);
-    lenBuf[0] = UCRED_SIZE;
-    const rc = lib.symbols.getsockopt(fd, SOL_SOCKET, SO_PEERCRED, ptr(credBuf), ptr(lenBuf.buffer));
-    if (rc !== 0)
-      return null;
-    if (lenBuf[0] !== UCRED_SIZE)
-      return null;
-    const view = new DataView(credBuf);
-    return {
-      pid: view.getInt32(0, true),
-      uid: view.getInt32(4, true),
-      gid: view.getInt32(8, true)
-    };
-  } catch {
-    return null;
-  }
-}
-
-// src/vault/broker/peercred.ts
-var SOCKET_PATH_AGENT_RE = /^\/run\/switchroom\/broker\/([a-zA-Z0-9][a-zA-Z0-9_-]*)\.sock$/;
-var SOCKET_PATH_AGENT_SUBDIR_RE = /^\/run\/switchroom\/broker\/([a-zA-Z0-9][a-zA-Z0-9_-]*)\/sock$/;
-function socketPathToAgent(socketPath) {
-  if (typeof socketPath !== "string" || socketPath.length === 0)
-    return null;
-  const m = socketPath.match(SOCKET_PATH_AGENT_RE) ?? socketPath.match(SOCKET_PATH_AGENT_SUBDIR_RE);
-  if (!m)
-    return null;
-  return m[1];
-}
-function parseSsRows(output) {
-  const rows = [];
-  const lines = output.split(`
-`);
-  for (const line of lines) {
-    if (!line.trim() || line.startsWith("Netid"))
-      continue;
-    const tokens = line.split(/\s+/).filter((t) => t.length > 0);
-    if (tokens.length < 8)
-      continue;
-    const localAddr = tokens[4];
-    const localInode = tokens[5];
-    const peerAddr = tokens[6];
-    const peerInode = tokens[7];
-    const usersToken = tokens.slice(8).join(" ");
-    const m = usersToken.match(/users:\(\(".*?",pid=(\d+),fd=\d+\)\)/);
-    const pid = m ? parseInt(m[1], 10) : null;
-    rows.push({ localAddr, localInode, peerAddr, peerInode, pid });
-  }
-  return rows;
-}
-function findClientPids(rows, socketPath) {
-  const pids = [];
-  for (const serverRow of rows) {
-    if (serverRow.localAddr !== socketPath)
-      continue;
-    for (const clientRow of rows) {
-      if (clientRow.localAddr !== "*")
-        continue;
-      if (clientRow.localInode !== serverRow.peerInode)
-        continue;
-      if (clientRow.pid === null)
-        continue;
-      pids.push(clientRow.pid);
-      break;
+        kind: "divergent",
+        details: {
+          oldPath,
+          newPath,
+          oldHash,
+          newHash,
+          oldSize: oldRealStat.size,
+          newSize: newRealStat.size,
+          oldMtime: oldRealStat.mtime.toISOString(),
+          newMtime: newRealStat.mtime.toISOString()
+        }
+      };
     }
-  }
-  return pids;
-}
-function findClientPidByServerInode(rows, socketPath, serverInode) {
-  const serverInodeStr = String(serverInode);
-  for (const serverRow of rows) {
-    if (serverRow.localAddr !== socketPath)
-      continue;
-    if (serverRow.localInode !== serverInodeStr)
-      continue;
-    for (const clientRow of rows) {
-      if (clientRow.localAddr !== "*")
-        continue;
-      if (clientRow.localInode !== serverRow.peerInode)
-        continue;
-      if (clientRow.pid === null)
-        continue;
-      return clientRow.pid;
+    if (oldStat?.isFile() && !newExists) {
+      if (opts.dryRun)
+        return { kind: "migrated" };
+      mkdirSync2(parent, { recursive: true, mode: 448 });
+      const tempNew = `${newPath}.tmp`;
+      copyFileSync(oldPath, tempNew);
+      chmodSync(tempNew, 384);
+      fsyncFile(tempNew);
+      renameSync2(tempNew, newPath);
+      fsyncDir(parent);
+      atomicReplaceWithSymlink(oldPath, "vault/vault.enc");
+      fsyncDir(switchroomRoot);
+      return { kind: "migrated" };
+    }
+    return { kind: "no-vault" };
+  } finally {
+    if (release !== null) {
+      try {
+        release();
+      } catch {}
     }
-    return null;
   }
-  return null;
 }
-function readUid(pid) {
+function lstatSyncOrNull(path) {
   try {
-    const status = readFileSync6(`/proc/${pid}/status`, "utf8");
-    const m = status.match(/^Uid:\s+(\d+)/m);
-    if (!m)
-      return null;
-    return parseInt(m[1], 10);
+    return lstatSync2(path);
   } catch {
     return null;
   }
 }
-function readExe(pid) {
-  try {
-    return readlinkSync(`/proc/${pid}/exe`);
-  } catch {
-    return null;
+function sha256File(path) {
+  const data = readFileSync4(path);
+  return createHash2("sha256").update(data).digest("hex");
+}
+function atomicReplaceWithSymlink(target, linkTarget) {
+  const tmp = join(dirname2(target), `.${basename2(target)}.symlink-tmp`);
+  if (existsSync3(tmp)) {
+    try {
+      unlinkSync3(tmp);
+    } catch {}
   }
+  symlinkSync(linkTarget, tmp);
+  renameSync2(tmp, target);
 }
-function readSystemdUnit(pid) {
+function fsyncFile(path) {
+  const fd = openSync3(path, "r+");
   try {
-    const content = readFileSync6(`/proc/${pid}/cgroup`, "utf8");
-    const lines = content.split(`
-`);
-    for (const line of lines) {
-      if (!line.trim())
-        continue;
-      const parts = line.split(":");
-      if (parts.length < 3)
-        continue;
-      const controller = parts[1];
-      const isV2 = parts[0] === "0" && controller === "";
-      const isV1Systemd = controller === "name=systemd";
-      if (!isV2 && !isV1Systemd)
-        continue;
-      const cgroupPath = parts.slice(2).join(":");
-      const segments = cgroupPath.split("/");
-      const lastSegment = segments[segments.length - 1];
-      if (!lastSegment)
-        continue;
-      if (/^switchroom-[a-zA-Z0-9_-]+(-cron-\d+)?\.service$/.test(lastSegment)) {
-        return lastSegment;
-      }
-    }
-    return null;
-  } catch {
-    return null;
+    fsyncSync3(fd);
+  } finally {
+    closeSync3(fd);
   }
 }
-function verifySystemdUnit(unitName, runner) {
-  let raw;
+function fsyncDir(path) {
+  const fd = openSync3(path, "r");
   try {
-    const out = runner("systemctl", [
-      "--user",
-      "show",
-      unitName,
-      "--property=LoadState,ActiveState"
-    ], { timeout: 500, encoding: "utf8" });
-    raw = typeof out === "string" ? out : out.toString("utf8");
-  } catch {
-    return false;
+    fsyncSync3(fd);
+  } finally {
+    closeSync3(fd);
   }
-  const props = {};
-  for (const line of raw.split(`
-`)) {
-    const m = line.match(/^([A-Za-z]+)=(.*)$/);
-    if (m)
-      props[m[1]] = m[2];
+}
+
+// src/vault/broker/server.ts
+init_loader();
+
+// src/vault/auto-unlock.ts
+import { createHmac, randomBytes as randomBytes2, createCipheriv as createCipheriv2, createDecipheriv as createDecipheriv2 } from "node:crypto";
+import { chmodSync as chmodSync2, existsSync as existsSync7, mkdirSync as mkdirSync3, readFileSync as readFileSync7, writeFileSync as writeFileSync2 } from "node:fs";
+var FORMAT_VERSION = 1;
+var SALT_LEN = 16;
+var NONCE_LEN = 12;
+var TAG_LEN = 16;
+var KEY_LEN = 32;
+var HKDF_INFO = "switchroom-vault-auto-unlock-v1";
+var MACHINE_ID_PRIMARY = "/etc/machine-id";
+var MACHINE_ID_FALLBACK = "/var/lib/dbus/machine-id";
+
+class MachineIdUnavailableError extends Error {
+  constructor() {
+    super(`Cannot derive machine-bound key: neither ${MACHINE_ID_PRIMARY} nor ` + `${MACHINE_ID_FALLBACK} is readable. Auto-unlock requires a stable ` + `machine identifier. On a fresh install, run \`systemd-machine-id-setup\` ` + `or boot once to populate it.`);
+    this.name = "MachineIdUnavailableError";
   }
-  if (props.LoadState !== "loaded")
-    return false;
-  if (props.ActiveState !== "active" && props.ActiveState !== "activating") {
-    return false;
+}
+
+class AutoUnlockDecryptError extends Error {
+  reason;
+  constructor(reason) {
+    super(reason === "tag-mismatch" ? "Auto-unlock blob failed to decrypt — likely bound to a different " + "machine-id. Re-run `switchroom vault broker enable-auto-unlock` to refresh." : reason === "format" ? "Auto-unlock blob is malformed (wrong length or version)." : "Auto-unlock blob could not be read.");
+    this.reason = reason;
+    this.name = "AutoUnlockDecryptError";
   }
-  return true;
 }
-function readFdInode(fd) {
-  try {
-    const stat = fstatSync(fd);
-    return stat.ino;
-  } catch {
-    return null;
+function readMachineId() {
+  for (const path of [MACHINE_ID_PRIMARY, MACHINE_ID_FALLBACK]) {
+    try {
+      const id = readFileSync7(path, "utf8").trim();
+      if (id.length > 0)
+        return id;
+    } catch {}
   }
+  throw new MachineIdUnavailableError;
 }
-function fdFromSocket(socket) {
-  const handle = socket._handle;
-  if (!handle || typeof handle.fd !== "number" || handle.fd < 0)
-    return null;
-  return handle.fd;
+function deriveKey2(machineId, salt) {
+  const ikm = Buffer.from(machineId, "utf8");
+  const prk = createHmac("sha256", salt).update(ikm).digest();
+  const okm = createHmac("sha256", prk).update(Buffer.concat([Buffer.from(HKDF_INFO, "utf8"), Buffer.from([1])])).digest();
+  return okm.subarray(0, KEY_LEN);
 }
-function identify(socketPath, socket, execFileSyncOverride) {
-  if (process.platform !== "linux") {
-    return null;
-  }
-  const runner = execFileSyncOverride ?? execFileSync;
-  let pid = null;
-  if (socket !== undefined) {
-    const fd = fdFromSocket(socket);
-    if (fd !== null) {
-      const cred = getPeerCred(fd);
-      if (cred !== null)
-        pid = cred.pid;
-    }
-  }
-  if (pid === null) {
-    let ssOutput;
-    try {
-      const raw = runner("ss", ["-xpn"], {
-        timeout: 200,
-        encoding: "utf8"
-      });
-      ssOutput = typeof raw === "string" ? raw : raw.toString("utf8");
-    } catch {
-      return null;
-    }
-    const rows = parseSsRows(ssOutput);
-    let serverInode = null;
-    if (socket !== undefined) {
-      const fd = fdFromSocket(socket);
-      if (fd !== null)
-        serverInode = readFdInode(fd);
-    }
-    if (serverInode !== null) {
-      pid = findClientPidByServerInode(rows, socketPath, serverInode);
-    } else {
-      const clientPids = findClientPids(rows, socketPath);
-      if (clientPids.length === 0)
-        return null;
-      if (clientPids.length > 1) {
-        process.stderr.write(`[vault-broker] peercred: ${clientPids.length} connected peers found for ${socketPath}; ` + `using pid=${clientPids[0]}. ` + `Multiple simultaneous connections reduce identification accuracy. ` + `(This warning means identify() was called without a socket arg — likely a stale call site.)
-`);
-      }
-      pid = clientPids[0];
-    }
+function decryptAutoUnlock(blob, machineId) {
+  if (blob.length < 1 + SALT_LEN + NONCE_LEN + TAG_LEN) {
+    throw new AutoUnlockDecryptError("format");
   }
-  if (pid === null)
-    return null;
-  const uid = readUid(pid);
-  if (uid === null) {
-    return null;
+  if (blob[0] !== FORMAT_VERSION) {
+    throw new AutoUnlockDecryptError("format");
   }
-  const brokerUid = typeof process.getuid === "function" ? process.getuid() : null;
-  if (brokerUid !== null && uid !== brokerUid) {
-    process.stderr.write(`[vault-broker] peercred: UID mismatch — caller uid=${uid}, broker uid=${brokerUid}; denying
-`);
-    return null;
+  const salt = blob.subarray(1, 1 + SALT_LEN);
+  const nonce = blob.subarray(1 + SALT_LEN, 1 + SALT_LEN + NONCE_LEN);
+  const ctAndTag = blob.subarray(1 + SALT_LEN + NONCE_LEN);
+  const ciphertext = ctAndTag.subarray(0, ctAndTag.length - TAG_LEN);
+  const tag = ctAndTag.subarray(ctAndTag.length - TAG_LEN);
+  const id = machineId ?? readMachineId();
+  const key = deriveKey2(id, salt);
+  const decipher = createDecipheriv2("aes-256-gcm", key, nonce);
+  decipher.setAuthTag(tag);
+  try {
+    const plaintext = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+    return plaintext.toString("utf8");
+  } catch {
+    throw new AutoUnlockDecryptError("tag-mismatch");
   }
-  const exe = readExe(pid);
-  if (exe === null) {
-    return null;
+}
+function readAutoUnlockFile(filePath) {
+  if (!existsSync7(filePath)) {
+    throw new AutoUnlockDecryptError("io");
   }
-  const cgroupClaim = readSystemdUnit(pid);
-  let systemdUnit = null;
-  if (cgroupClaim !== null) {
-    if (verifySystemdUnit(cgroupClaim, runner)) {
-      systemdUnit = cgroupClaim;
-    } else {
-      process.stderr.write(`[vault-broker] peercred: cgroup claims unit=${cgroupClaim} but systemd-user does not report it as loaded+running; treating caller as unidentified
-`);
-    }
+  let blob;
+  try {
+    blob = readFileSync7(filePath);
+  } catch {
+    throw new AutoUnlockDecryptError("io");
   }
-  return { uid, pid, exe, systemdUnit };
+  return decryptAutoUnlock(blob);
 }
+var DEFAULT_AUTO_UNLOCK_PATH = "~/.switchroom/vault-auto-unlock";
 
 // src/vault/broker/acl.ts
 function parseCronUnit(unitName) {
@@ -12583,6 +12949,10 @@ function checkAclByAgent(config, agentName, key) {
   if (!agentConfig) {
     return { allow: false, reason: `agent '${agentName}' not found in config` };
   }
+  const googleSlot = parseGoogleAccountSlotKey(key);
+  if (googleSlot !== null) {
+    return checkGoogleAccountAcl(config, agentName, googleSlot.account, key);
+  }
   const schedule = agentConfig.schedule ?? [];
   if (schedule.length === 0) {
     return {
@@ -12601,6 +12971,37 @@ function checkAclByAgent(config, agentName, key) {
     reason: `key '${key}' not in ACL for agent '${agentName}'`
   };
 }
+function parseGoogleAccountSlotKey(key) {
+  const match = key.match(/^google:([^:]+):([a-z_]+)$/);
+  if (!match)
+    return null;
+  return { account: match[1], field: match[2] };
+}
+function checkGoogleAccountAcl(config, agentName, account, key) {
+  const accounts = config.google_accounts ?? {};
+  const accountKey = account.toLowerCase();
+  const accountEntry = accounts[accountKey] ?? accounts[account];
+  if (!accountEntry) {
+    return {
+      allow: false,
+      reason: `google_accounts['${account}'] not configured (key '${key}')`
+    };
+  }
+  const enabled = accountEntry.enabled_for ?? [];
+  if (enabled.length === 0) {
+    return {
+      allow: false,
+      reason: `google_accounts['${account}'].enabled_for is empty (key '${key}')`
+    };
+  }
+  if (!enabled.includes(agentName)) {
+    return {
+      allow: false,
+      reason: `agent '${agentName}' not in google_accounts['${account}'].enabled_for (key '${key}')`
+    };
+  }
+  return { allow: true };
+}
 
 // src/vault/broker/protocol.ts
 init_zod();
@@ -12621,7 +13022,8 @@ var PutRequestSchema = exports_external.object({
     exports_external.object({ kind: exports_external.literal("binary"), value: exports_external.string() })
   ]),
   token: exports_external.string().optional(),
-  passphrase: exports_external.string().optional()
+  passphrase: exports_external.string().optional(),
+  attest_via_posture: exports_external.boolean().optional()
 });
 var ListRequestSchema = exports_external.object({
   v: exports_external.literal(1),
@@ -12635,12 +13037,16 @@ var MintGrantRequestSchema = exports_external.object({
   keys: exports_external.array(exports_external.string().min(1)),
   ttl_seconds: exports_external.number().int().positive().nullable(),
   description: exports_external.string().optional(),
-  write_keys: exports_external.array(exports_external.string().min(1)).optional()
+  write_keys: exports_external.array(exports_external.string().min(1)).optional(),
+  passphrase: exports_external.string().optional(),
+  attest_via_posture: exports_external.boolean().optional()
 });
 var ListGrantsRequestSchema = exports_external.object({
   v: exports_external.literal(1),
   op: exports_external.literal("list_grants"),
-  agent: exports_external.string().optional()
+  agent: exports_external.string().optional(),
+  passphrase: exports_external.string().optional(),
+  attest_via_posture: exports_external.boolean().optional()
 });
 var RevokeGrantRequestSchema = exports_external.object({
   v: exports_external.literal(1),
@@ -12947,7 +13353,7 @@ function createAuditLogger(opts = {}) {
 // src/vault/grants.ts
 import { randomBytes as randomBytes4 } from "node:crypto";
 
-// node_modules/bcryptjs/index.js
+// node_modules/.bun/bcryptjs@3.0.3/node_modules/bcryptjs/index.js
 import nodeCrypto from "crypto";
 var randomFallback = null;
 function randomBytes3(len) {
@@ -13002,13 +13408,13 @@ function genSalt(rounds, seed_length, callback) {
       throw Error("Illegal callback: " + typeof callback);
     _async(callback);
   } else
-    return new Promise(function(resolve4, reject) {
+    return new Promise(function(resolve5, reject) {
       _async(function(err, res) {
         if (err) {
           reject(err);
           return;
         }
-        resolve4(res);
+        resolve5(res);
       });
     });
 }
@@ -13028,13 +13434,13 @@ function hash(password, salt, callback, progressCallback) {
       throw Error("Illegal callback: " + typeof callback);
     _async(callback);
   } else
-    return new Promise(function(resolve4, reject) {
+    return new Promise(function(resolve5, reject) {
       _async(function(err, res) {
         if (err) {
           reject(err);
           return;
         }
-        resolve4(res);
+        resolve5(res);
       });
     });
 }
@@ -13067,13 +13473,13 @@ function compare(password, hashValue, callback, progressCallback) {
       throw Error("Illegal callback: " + typeof callback);
     _async(callback);
   } else
-    return new Promise(function(resolve4, reject) {
+    return new Promise(function(resolve5, reject) {
       _async(function(err, res) {
         if (err) {
           reject(err);
           return;
         }
-        resolve4(res);
+        resolve5(res);
       });
     });
 }
@@ -14799,11 +15205,8 @@ import { Database } from "bun:sqlite";
 
 // src/vault/approvals/schema.ts
 function migrateApprovalSchema(db) {
-  db.run(`DROP TABLE IF EXISTS approval_audit`);
-  db.run(`DROP TABLE IF EXISTS approval_nonces`);
-  db.run(`DROP TABLE IF EXISTS approval_decisions`);
   db.run(`
-    CREATE TABLE approval_decisions (
+    CREATE TABLE IF NOT EXISTS approval_decisions (
       id                       TEXT PRIMARY KEY,
       agent_unit               TEXT NOT NULL,
       scope                    TEXT NOT NULL,
@@ -14819,12 +15222,12 @@ function migrateApprovalSchema(db) {
     )
   `);
   db.run(`
-    CREATE INDEX approval_decisions_lookup
+    CREATE INDEX IF NOT EXISTS approval_decisions_lookup
     ON approval_decisions(agent_unit, scope, action)
     WHERE revoked_at IS NULL
   `);
   db.run(`
-    CREATE TABLE approval_nonces (
+    CREATE TABLE IF NOT EXISTS approval_nonces (
       request_id   TEXT PRIMARY KEY,
       decision_id  TEXT,
       agent_unit   TEXT NOT NULL,
@@ -14839,12 +15242,12 @@ function migrateApprovalSchema(db) {
     )
   `);
   db.run(`
-    CREATE INDEX approval_nonces_pending
+    CREATE INDEX IF NOT EXISTS approval_nonces_pending
     ON approval_nonces(agent_unit, expires_at)
     WHERE consumed_at IS NULL
   `);
   db.run(`
-    CREATE TABLE approval_audit (
+    CREATE TABLE IF NOT EXISTS approval_audit (
       seq         INTEGER PRIMARY KEY AUTOINCREMENT,
       ts          INTEGER NOT NULL,
       agent_unit  TEXT NOT NULL,
@@ -14857,7 +15260,7 @@ function migrateApprovalSchema(db) {
     )
   `);
   db.run(`
-    CREATE INDEX approval_audit_by_scope
+    CREATE INDEX IF NOT EXISTS approval_audit_by_scope
     ON approval_audit(scope, ts)
   `);
 }
@@ -15173,7 +15576,7 @@ class VaultBroker {
   grantsDb;
   constructor(testOpts = {}) {
     this.testOpts = testOpts;
-    const usingTestOpt = testOpts._testSecrets !== undefined || testOpts._testConfig !== undefined || testOpts._testIdentify !== undefined || testOpts._testAuditLogger !== undefined || testOpts._testGrantsDb !== undefined || testOpts._testVaultPath !== undefined;
+    const usingTestOpt = testOpts._testSecrets !== undefined || testOpts._testConfig !== undefined || testOpts._testIdentify !== undefined || testOpts._testAuditLogger !== undefined || testOpts._testGrantsDb !== undefined || testOpts._testVaultPath !== undefined || testOpts._testPassphrase !== undefined || testOpts._testAgentName !== undefined;
     if (usingTestOpt && true) {
       throw new Error("VaultBroker: BrokerTestOpts (_testSecrets/_testConfig/_testIdentify/_testAuditLogger/_testGrantsDb/_testVaultPath) " + "must not be set outside tests. Set NODE_ENV=test if you really mean it.");
     }
@@ -15191,8 +15594,8 @@ class VaultBroker {
     if (process.platform !== "linux" && process.env.SWITCHROOM_BROKER_ALLOW_NON_LINUX !== "1") {
       throw new Error(`vault-broker is Linux-only (running on ${process.platform}). ` + `The broker's ACL relies on cgroup-based systemd unit identification, ` + `which is not available on this platform. ` + `Use 'switchroom vault get --no-broker' for direct vault access. ` + `If you need to run the broker for development on this platform, ` + `set SWITCHROOM_BROKER_ALLOW_NON_LINUX=1 — but understand that the ` + `broker will accept any same-user caller without per-cron ACL enforcement.`);
     }
-    this.socketPath = resolve4(socketPath);
-    this.unlockSocketPath = this.socketPath.replace(/\.sock$/, ".unlock.sock");
+    this.socketPath = resolve5(socketPath);
+    this.unlockSocketPath = unlockSocketFor(this.socketPath);
     this.startedAt = Date.now();
     if (this.testOpts._testConfig) {
       this.config = this.testOpts._testConfig;
@@ -15201,13 +15604,16 @@ class VaultBroker {
       this.config = loadConfig2(configPath);
     }
     if (vaultPath) {
-      this.vaultPath = resolve4(vaultPath);
+      this.vaultPath = resolve5(vaultPath);
     } else {
       this.vaultPath = resolvePath(this.config.vault?.path ?? "~/.switchroom/vault.enc");
     }
     if (this.testOpts._testSecrets !== undefined) {
       this.secrets = { ...this.testOpts._testSecrets };
     }
+    if (this.testOpts._testPassphrase !== undefined) {
+      this.passphrase = this.testOpts._testPassphrase;
+    }
     process.umask(63);
     const parentDir = dirname4(this.socketPath);
     mkdirSync5(parentDir, { recursive: true, mode: 448 });
@@ -15215,7 +15621,7 @@ class VaultBroker {
       chmodSync4(parentDir, 448);
     } catch {}
     for (const p of [this.socketPath, this.unlockSocketPath]) {
-      if (existsSync7(p)) {
+      if (existsSync8(p)) {
         try {
           unlinkSync4(p);
         } catch {}
@@ -15265,7 +15671,7 @@ class VaultBroker {
       try {
         entry.server.close();
       } catch {}
-      if (existsSync7(sockPath)) {
+      if (existsSync8(sockPath)) {
         try {
           unlinkSync4(sockPath);
         } catch {}
@@ -15273,7 +15679,7 @@ class VaultBroker {
     }
     this.agentServers.clear();
     for (const p of [this.socketPath, this.unlockSocketPath]) {
-      if (p && existsSync7(p)) {
+      if (p && existsSync8(p)) {
         try {
           unlinkSync4(p);
         } catch {}
@@ -15281,7 +15687,7 @@ class VaultBroker {
     }
     try {
       const pidPath = resolvePath(PID_FILE_DEFAULT);
-      if (existsSync7(pidPath))
+      if (existsSync8(pidPath))
         unlinkSync4(pidPath);
     } catch {}
   }
@@ -15296,7 +15702,7 @@ class VaultBroker {
     return this.secrets;
   }
   bindAgentSocket(socketPath) {
-    const abs = resolve4(socketPath);
+    const abs = resolve5(socketPath);
     const agentName = socketPathToAgent(abs);
     if (agentName === null) {
       return Promise.reject(new Error(`bindAgentSocket: socket path '${abs}' does not match the canonical ` + `/run/switchroom/broker/<agent>.sock shape — refusing to bind without ` + `a verifiable agent identity`));
@@ -15304,7 +15710,7 @@ class VaultBroker {
     return new Promise((resolveP, rejectP) => {
       if (abs.endsWith("/sock")) {
         const dir = abs.slice(0, -"/sock".length);
-        if (existsSync7(dir)) {
+        if (existsSync8(dir)) {
           try {
             chownSync(dir, 0, 0);
           } catch {}
@@ -15313,7 +15719,7 @@ class VaultBroker {
           } catch {}
         }
       }
-      if (existsSync7(abs)) {
+      if (existsSync8(abs)) {
         try {
           unlinkSync4(abs);
         } catch (err) {
@@ -15348,7 +15754,7 @@ class VaultBroker {
     });
   }
   _bindDataSocket() {
-    return new Promise((resolve5, reject) => {
+    return new Promise((resolve6, reject) => {
       const server = net.createServer((socket) => {
         this._handleDataConnection(socket);
       });
@@ -15360,12 +15766,76 @@ class VaultBroker {
           chmodSync4(this.socketPath, 384);
         } catch {}
         this.server = server;
-        resolve5();
+        resolve6();
+      });
+    });
+  }
+  bindOperatorListener(socketPath, operatorUid) {
+    const abs = resolve5(socketPath);
+    const identity2 = socketPathToIdentity(abs);
+    if (identity2?.kind !== "operator") {
+      return Promise.reject(new Error(`bindOperatorListener: socket path '${abs}' does not match the canonical ` + `/run/switchroom/broker/operator/sock shape — refusing to bind`));
+    }
+    const unlockAbs = unlockSocketFor(abs);
+    if (abs.endsWith("/sock")) {
+      const dir = abs.slice(0, -"/sock".length);
+      if (existsSync8(dir)) {
+        try {
+          chownSync(dir, 0, 0);
+        } catch {}
+        try {
+          chmodSync4(dir, 448);
+        } catch {}
+      }
+    }
+    for (const p of [abs, unlockAbs]) {
+      if (existsSync8(p)) {
+        try {
+          unlinkSync4(p);
+        } catch {}
+      }
+    }
+    return new Promise((resolveP, rejectP) => {
+      const dataServer = net.createServer((sock) => {
+        this._handleDataConnection(sock, abs, null, true);
+      });
+      dataServer.on("error", (err) => rejectP(err));
+      dataServer.listen(abs, () => {
+        try {
+          chmodSync4(abs, 384);
+        } catch {}
+        try {
+          chownSync(abs, operatorUid, operatorUid);
+        } catch {}
+        const unlockServer = net.createServer((sock) => {
+          this._handleUnlockConnection(sock);
+        });
+        unlockServer.on("error", (err) => rejectP(err));
+        unlockServer.listen(unlockAbs, () => {
+          try {
+            chmodSync4(unlockAbs, 384);
+          } catch {}
+          try {
+            chownSync(unlockAbs, operatorUid, operatorUid);
+          } catch {}
+          if (abs.endsWith("/sock")) {
+            const dir = abs.slice(0, -"/sock".length);
+            try {
+              chownSync(dir, operatorUid, operatorUid);
+            } catch {}
+            try {
+              chmodSync4(dir, 448);
+            } catch {}
+          }
+          this.agentServers.set(abs, { server: dataServer, agentName: "__operator__" });
+          this.agentServers.set(unlockAbs, { server: unlockServer, agentName: "__operator_unlock__" });
+          resolveP();
+        });
       });
     });
   }
   _bindUnlockSocket() {
-    return new Promise((resolve5, reject) => {
+    return new Promise((resolve6, reject) => {
       const server = net.createServer((socket) => {
         this._handleUnlockConnection(socket);
       });
@@ -15377,11 +15847,11 @@ class VaultBroker {
           chmodSync4(this.unlockSocketPath, 384);
         } catch {}
         this.unlockServer = server;
-        resolve5();
+        resolve6();
       });
     });
   }
-  _handleDataConnection(socket, listenerSocketPath = this.socketPath, agentName = null) {
+  _handleDataConnection(socket, listenerSocketPath = this.socketPath, agentName = this.testOpts._testAgentName ?? null, isOperator = false) {
     let peer = null;
     if (process.platform === "linux") {
       peer = this.testOpts._testIdentify ? this.testOpts._testIdentify(listenerSocketPath, socket) : identify(listenerSocketPath, socket);
@@ -15391,8 +15861,7 @@ class VaultBroker {
       buffer += chunk.toString("utf8");
       if (Buffer.byteLength(buffer, "utf8") > MAX_FRAME_BYTES) {
         const resp = encodeResponse(errorResponse("BAD_REQUEST", "Frame exceeds 64 KiB limit"));
-        socket.write(resp);
-        socket.destroy();
+        socket.end(resp);
         return;
       }
       let newlineIdx;
@@ -15402,14 +15871,14 @@ class VaultBroker {
         buffer = buffer.slice(newlineIdx + 1);
         if (!line)
           continue;
-        this._handleRequest(socket, peer, line, agentName);
+        this._handleRequest(socket, peer, line, agentName, isOperator);
       }
     });
     socket.on("error", () => {
       socket.destroy();
     });
   }
-  async _handleRequest(socket, peer, line, agentName = null) {
+  async _handleRequest(socket, peer, line, agentName = null, isOperator = false) {
     let req;
     try {
       req = decodeRequest(line);
@@ -15419,7 +15888,7 @@ class VaultBroker {
       return;
     }
     const auditPid = peer?.pid ?? process.pid;
-    const auditCaller = agentName !== null ? `agent:${agentName}` : peer !== null ? callerFromPeer(peer) : `pid:${process.pid}`;
+    const auditCaller = isOperator ? "operator" : agentName !== null ? `agent:${agentName}` : peer !== null ? callerFromPeer(peer) : `pid:${process.pid}`;
     const auditCgroup = peer?.systemdUnit ?? undefined;
     const auditPeerUid = peer?.uid;
     const auditAgentName = agentName ?? undefined;
@@ -15488,7 +15957,7 @@ class VaultBroker {
         socket.write(encodeResponse({ ok: true, keys: visibleKeys2 }));
         return;
       }
-      if (agentName === null && process.platform === "linux" && peer === null) {
+      if (!isOperator && agentName === null && process.platform === "linux" && peer === null) {
         const reason = "Unable to identify caller (peercred unavailable); denying on Linux";
         this.auditLogger.write({
           ts: new Date().toISOString(),
@@ -15503,7 +15972,9 @@ class VaultBroker {
       }
       const listAgentSlug = agentName ?? (peer !== null ? agentSlugFromPeer(peer) : null);
       let visibleKeys;
-      if (agentName !== null && this.config !== null) {
+      if (isOperator) {
+        visibleKeys = Object.entries(this.secrets).filter(([, entry]) => checkEntryScope(entry.scope, "operator").allow).map(([k]) => k);
+      } else if (agentName !== null && this.config !== null) {
         visibleKeys = Object.entries(this.secrets).filter(([key, entry]) => checkAclByAgent(this.config, agentName, key).allow && checkEntryScope(entry.scope, agentName).allow).map(([k]) => k);
       } else if (peer !== null && this.config !== null) {
         visibleKeys = Object.entries(this.secrets).filter(([key, entry]) => checkAcl(peer, this.config, key).allow && checkEntryScope(entry.scope, listAgentSlug).allow).map(([k]) => k);
@@ -15578,7 +16049,25 @@ class VaultBroker {
           return;
         }
       }
-      if (agentName !== null && this.config !== null) {
+      if (isOperator) {
+        const entry2 = this.secrets[req.key];
+        if (entry2 !== undefined) {
+          const scopeResult2 = checkEntryScope(entry2.scope, "operator");
+          if (!scopeResult2.allow) {
+            writeAudit({
+              ts: new Date().toISOString(),
+              op: "get",
+              key: req.key,
+              caller: auditCaller,
+              pid: auditPid,
+              cgroup: auditCgroup,
+              result: `denied:${scopeResult2.reason}`
+            });
+            socket.write(encodeResponse(errorResponse("DENIED", scopeResult2.reason)));
+            return;
+          }
+        }
+      } else if (agentName !== null && this.config !== null) {
         const aclResult = checkAclByAgent(this.config, agentName, req.key);
         if (!aclResult.allow) {
           writeAudit({
@@ -15669,6 +16158,74 @@ class VaultBroker {
         return;
       }
       let passphraseAttested = false;
+      const requestedPostureAttest = req.attest_via_posture === true;
+      if (requestedPostureAttest && req.passphrase !== undefined && req.passphrase !== "") {
+        writeAudit({
+          ts: new Date().toISOString(),
+          op: "put",
+          key: req.key,
+          caller: auditCaller,
+          pid: auditPid,
+          cgroup: auditCgroup,
+          result: "denied:bad-request-both-attestations"
+        });
+        socket.write(encodeResponse(errorResponse("BAD_REQUEST", "put: passphrase and attest_via_posture are mutually exclusive")));
+        return;
+      }
+      if (requestedPostureAttest) {
+        if (agentName === null) {
+          writeAudit({
+            ts: new Date().toISOString(),
+            op: "put",
+            key: req.key,
+            caller: auditCaller,
+            pid: auditPid,
+            cgroup: auditCgroup,
+            result: "denied:posture-attest-needs-per-agent-peer"
+          });
+          socket.write(encodeResponse(errorResponse("DENIED", "put attest_via_posture is per-agent only")));
+          return;
+        }
+        const postureMode = this.config?.vault?.broker?.approvalAuth ?? "passphrase";
+        if (postureMode !== "telegram-id") {
+          writeAudit({
+            ts: new Date().toISOString(),
+            op: "put",
+            key: req.key,
+            caller: auditCaller,
+            pid: auditPid,
+            cgroup: auditCgroup,
+            result: "denied:telegram-id-not-enabled"
+          });
+          socket.write(encodeResponse(errorResponse("DENIED", "put attest_via_posture requires vault.broker.approvalAuth: telegram-id in broker config")));
+          return;
+        }
+        const postureAllowlist = this.config?.vault?.broker?.postureMintAgents ?? [];
+        if (!postureAllowlist.includes(agentName)) {
+          writeAudit({
+            ts: new Date().toISOString(),
+            op: "put",
+            key: req.key,
+            caller: auditCaller,
+            pid: auditPid,
+            cgroup: auditCgroup,
+            result: "denied:posture-agent-not-allowlisted"
+          });
+          socket.write(encodeResponse(errorResponse("DENIED", `agent '${agentName}' is not on vault.broker.postureMintAgents — operator must opt this agent into posture-attested put`)));
+          return;
+        }
+        passphraseAttested = true;
+        writeAudit({
+          ts: new Date().toISOString(),
+          op: "put",
+          key: req.key,
+          caller: auditCaller,
+          pid: auditPid,
+          cgroup: auditCgroup,
+          result: "allowed:posture-attested",
+          method: "posture"
+        });
+      }
       if (req.passphrase !== undefined && req.passphrase !== "") {
         if (req.passphrase === this.passphrase) {
           passphraseAttested = true;
@@ -15799,46 +16356,180 @@ class VaultBroker {
       return;
     }
     const isGrantMgmtOp = req.op === "mint_grant" || req.op === "list_grants" || req.op === "revoke_grant";
+    let mintPassphraseAttested = false;
     if (isGrantMgmtOp) {
-      if (agentName !== null) {
+      const isAdminAgent = agentName !== null && this.config?.agents?.[agentName]?.admin === true;
+      if ((req.op === "mint_grant" || req.op === "list_grants") && req.passphrase !== undefined && req.passphrase !== "") {
+        if (req.attest_via_posture === true) {
+          writeAudit({
+            ts: new Date().toISOString(),
+            op: req.op,
+            caller: auditCaller,
+            pid: auditPid,
+            cgroup: auditCgroup,
+            result: "denied:bad-request-both-attestations"
+          });
+          socket.write(encodeResponse(errorResponse("BAD_REQUEST", "mint_grant: passphrase and attest_via_posture are mutually exclusive")));
+          return;
+        }
+        if (req.passphrase === this.passphrase) {
+          mintPassphraseAttested = true;
+        } else {
+          writeAudit({
+            ts: new Date().toISOString(),
+            op: req.op,
+            caller: auditCaller,
+            pid: auditPid,
+            cgroup: auditCgroup,
+            result: "denied:passphrase-mismatch",
+            method: "passphrase"
+          });
+          socket.write(encodeResponse(errorResponse("DENIED", "supplied passphrase does not match the broker's unlocked passphrase")));
+          return;
+        }
+      }
+      let mintPostureAttested = false;
+      if ((req.op === "mint_grant" || req.op === "list_grants") && req.attest_via_posture === true) {
+        if (agentName === null) {
+          writeAudit({
+            ts: new Date().toISOString(),
+            op: req.op,
+            caller: auditCaller,
+            pid: auditPid,
+            cgroup: auditCgroup,
+            result: "denied:posture-attest-needs-per-agent-peer"
+          });
+          socket.write(encodeResponse(errorResponse("DENIED", "mint_grant attest_via_posture is per-agent only")));
+          return;
+        }
+        const postureMode = this.config?.vault?.broker?.approvalAuth ?? "passphrase";
+        if (postureMode !== "telegram-id") {
+          writeAudit({
+            ts: new Date().toISOString(),
+            op: req.op,
+            caller: auditCaller,
+            pid: auditPid,
+            cgroup: auditCgroup,
+            result: "denied:telegram-id-not-enabled"
+          });
+          socket.write(encodeResponse(errorResponse("DENIED", "mint_grant attest_via_posture requires vault.broker.approvalAuth: telegram-id in broker config")));
+          return;
+        }
+        const postureAllowlist = this.config?.vault?.broker?.postureMintAgents ?? [];
+        if (!postureAllowlist.includes(agentName)) {
+          writeAudit({
+            ts: new Date().toISOString(),
+            op: req.op,
+            caller: auditCaller,
+            pid: auditPid,
+            cgroup: auditCgroup,
+            result: "denied:posture-agent-not-allowlisted"
+          });
+          socket.write(encodeResponse(errorResponse("DENIED", `agent '${agentName}' is not on vault.broker.postureMintAgents — operator must opt this agent into posture-attested mint`)));
+          return;
+        }
+        const reqAgent = req.agent;
+        if (req.op === "mint_grant" && reqAgent !== agentName) {
+          writeAudit({
+            ts: new Date().toISOString(),
+            op: req.op,
+            caller: auditCaller,
+            pid: auditPid,
+            cgroup: auditCgroup,
+            result: "denied:posture-cross-agent-mint-refused"
+          });
+          socket.write(encodeResponse(errorResponse("DENIED", `posture-attested mint refused: request.agent=${reqAgent ?? "<unset>"} but calling peer is ${agentName}`)));
+          return;
+        }
+        if (req.op === "list_grants" && reqAgent !== undefined && reqAgent !== agentName) {
+          writeAudit({
+            ts: new Date().toISOString(),
+            op: req.op,
+            caller: auditCaller,
+            pid: auditPid,
+            cgroup: auditCgroup,
+            result: "denied:posture-cross-agent-list-refused"
+          });
+          socket.write(encodeResponse(errorResponse("DENIED", `posture-attested list refused: request.agent=${reqAgent} but calling peer is ${agentName}`)));
+          return;
+        }
+        if (this.passphrase === null) {
+          writeAudit({
+            ts: new Date().toISOString(),
+            op: req.op,
+            caller: auditCaller,
+            pid: auditPid,
+            cgroup: auditCgroup,
+            result: "denied:broker-locked"
+          });
+          socket.write(encodeResponse(errorResponse("LOCKED", "Broker is locked")));
+          return;
+        }
+        mintPostureAttested = true;
         writeAudit({
           ts: new Date().toISOString(),
           op: req.op,
           caller: auditCaller,
           pid: auditPid,
           cgroup: auditCgroup,
-          result: "denied:agent-cannot-manage-grants"
+          result: "allowed:posture-attested",
+          method: "posture"
         });
-        socket.write(encodeResponse(errorResponse("DENIED", "Grant management ops are operator-only; agent-bound listeners cannot mint, list, or revoke grants")));
-        return;
       }
-      const allowNonLinux = process.env.SWITCHROOM_BROKER_ALLOW_NON_LINUX === "1";
-      if (peer === null && !allowNonLinux) {
-        this.auditLogger.write({
-          ts: new Date().toISOString(),
-          op: req.op,
-          caller: auditCaller,
-          pid: auditPid,
-          cgroup: auditCgroup,
-          result: "denied:peercred-unavailable"
-        });
-        socket.write(encodeResponse(errorResponse("DENIED", "peercred unavailable; cannot verify operator identity")));
-        return;
+      const trustedForGrantMgmt = isOperator || isAdminAgent || mintPassphraseAttested || mintPostureAttested;
+      if (isOperator) {} else if (agentName !== null) {
+        if (isAdminAgent) {} else if (mintPassphraseAttested) {
+          writeAudit({
+            ts: new Date().toISOString(),
+            op: req.op,
+            caller: auditCaller,
+            pid: auditPid,
+            cgroup: auditCgroup,
+            result: "allowed:passphrase-attested",
+            method: "passphrase"
+          });
+        } else if (mintPostureAttested) {} else {
+          writeAudit({
+            ts: new Date().toISOString(),
+            op: req.op,
+            caller: auditCaller,
+            pid: auditPid,
+            cgroup: auditCgroup,
+            result: "denied:agent-cannot-manage-grants"
+          });
+          socket.write(encodeResponse(errorResponse("DENIED", "Grant management ops are operator-only; agent-bound listeners cannot mint, list, or revoke grants (set `admin: true` on this agent in switchroom.yaml + restart broker, OR forward operator-passphrase attestation if intended — see vault_request_access flow)")));
+          return;
+        }
       }
-      if (peer !== null && peer.systemdUnit !== null) {
-        const parsed = parseCronUnit(peer.systemdUnit);
-        if (parsed !== null) {
+      if (!trustedForGrantMgmt) {
+        const allowNonLinux = process.env.SWITCHROOM_BROKER_ALLOW_NON_LINUX === "1";
+        if (peer === null && !allowNonLinux) {
           this.auditLogger.write({
             ts: new Date().toISOString(),
             op: req.op,
             caller: auditCaller,
             pid: auditPid,
             cgroup: auditCgroup,
-            result: "denied:cron-cannot-manage-grants"
+            result: "denied:peercred-unavailable"
           });
-          socket.write(encodeResponse(errorResponse("DENIED", "Grant management ops are operator-only; cron units cannot mint, list, or revoke grants")));
+          socket.write(encodeResponse(errorResponse("DENIED", "peercred unavailable; cannot verify operator identity")));
           return;
         }
+        if (peer !== null && peer.systemdUnit !== null) {
+          const parsed = parseCronUnit(peer.systemdUnit);
+          if (parsed !== null) {
+            this.auditLogger.write({
+              ts: new Date().toISOString(),
+              op: req.op,
+              caller: auditCaller,
+              pid: auditPid,
+              cgroup: auditCgroup,
+              result: "denied:cron-cannot-manage-grants"
+            });
+            socket.write(encodeResponse(errorResponse("DENIED", "Grant management ops are operator-only; cron units cannot mint, list, or revoke grants")));
+            return;
+          }
+        }
       }
     }
     if (req.op === "mint_grant") {
@@ -15908,7 +16599,8 @@ class VaultBroker {
         caller: auditCaller,
         pid: auditPid,
         cgroup: auditCgroup,
-        result: `allowed:${grants.length}`
+        result: `allowed:${grants.length}`,
+        ...mintPassphraseAttested ? { method: "passphrase" } : {}
       });
       const grantMetas = grants.map(({ id, agent_slug, key_allow, write_allow, expires_at, created_at, description }) => ({
         id,
@@ -15929,7 +16621,7 @@ class VaultBroker {
         const row = this.grantsDb.query("SELECT agent_slug FROM vault_grants WHERE id = ?").get(id);
         if (row) {
           const tokenPath = path3.join(os3.homedir(), ".switchroom", "agents", row.agent_slug, ".vault-token");
-          if (existsSync7(tokenPath)) {
+          if (existsSync8(tokenPath)) {
             try {
               unlinkSync4(tokenPath);
             } catch {}
@@ -16083,9 +16775,8 @@ class VaultBroker {
           pid: process.pid,
           result: "denied:unable to verify caller identity"
         });
-        socket.write(`ERR unable to verify caller identity
+        socket.end(`ERR unable to verify caller identity
 `);
-        socket.destroy();
         return;
       }
     }
@@ -16099,9 +16790,8 @@ class VaultBroker {
 `);
       if (newlineIdx === -1) {
         if (Buffer.byteLength(buffer, "utf8") > 4096) {
-          socket.write(`ERR passphrase too long
+          socket.end(`ERR passphrase too long
 `);
-          socket.destroy();
           buffer = "";
         }
         return;
@@ -16117,9 +16807,8 @@ class VaultBroker {
           cgroup: auditCgroup,
           result: "denied:passphrase cannot be empty"
         });
-        socket.write(`ERR passphrase cannot be empty
+        socket.end(`ERR passphrase cannot be empty
 `);
-        socket.destroy();
         return;
       }
       try {
@@ -16132,7 +16821,7 @@ class VaultBroker {
           cgroup: auditCgroup,
           result: "allowed"
         });
-        socket.write(`OK
+        socket.end(`OK
 `);
       } catch (err) {
         const msg = err instanceof Error ? err.message : String(err);
@@ -16146,10 +16835,8 @@ class VaultBroker {
           cgroup: auditCgroup,
           result: "error:decryption failed"
         });
-        socket.write(`ERR decryption failed
+        socket.end(`ERR decryption failed
 `);
-      } finally {
-        socket.destroy();
       }
     });
     socket.on("error", () => {
@@ -16172,7 +16859,7 @@ class VaultBroker {
     const envPath = process.env.SWITCHROOM_VAULT_BROKER_AUTO_UNLOCK_PATH;
     const configuredPath = (envPath && envPath.length > 0 ? envPath : undefined) ?? this.config?.vault?.broker?.autoUnlockCredentialPath ?? DEFAULT_AUTO_UNLOCK_PATH;
     const filePath = resolvePath(configuredPath);
-    if (!existsSync7(filePath))
+    if (!existsSync8(filePath))
       return false;
     let passphrase;
     try {
@@ -16209,7 +16896,7 @@ class VaultBroker {
     const credPath = `${dir}/vault-passphrase`;
     let passphrase;
     try {
-      passphrase = readFileSync7(credPath, "utf8").replace(/\n+$/, "");
+      passphrase = readFileSync8(credPath, "utf8").replace(/\n+$/, "");
     } catch (err) {
       const code = err.code;
       if (code === "ENOENT") {
@@ -16281,19 +16968,19 @@ async function main() {
   const vaultPath = process.env.SWITCHROOM_VAULT_PATH;
   let perAgentTargets = [];
   try {
-    if (existsSync7(perAgentDir)) {
-      const entries = readdirSync2(perAgentDir, { withFileTypes: true });
+    if (existsSync8(perAgentDir)) {
+      const entries = readdirSync3(perAgentDir, { withFileTypes: true });
       const flat = [];
       const subdirs = [];
       for (const e of entries) {
         if (e.name.startsWith("."))
           continue;
         if ((e.isFile() || e.isSocket()) && e.name.endsWith(".sock")) {
-          flat.push(resolve4(perAgentDir, e.name));
+          flat.push(resolve5(perAgentDir, e.name));
           continue;
         }
         if (e.isDirectory()) {
-          const candidate = resolve4(perAgentDir, e.name, "sock");
+          const candidate = resolve5(perAgentDir, e.name, "sock");
           if (socketPathToAgent(candidate) !== null) {
             subdirs.push(candidate);
           }
@@ -16321,6 +17008,25 @@ async function main() {
 `);
       }
     }
+    const operatorUidStr = process.env.SWITCHROOM_BROKER_OPERATOR_UID;
+    const operatorDir = "/run/switchroom/broker/operator";
+    if (operatorUidStr !== undefined && existsSync8(operatorDir)) {
+      const operatorUid = parseInt(operatorUidStr, 10);
+      if (!Number.isFinite(operatorUid) || operatorUid <= 0) {
+        process.stderr.write(`[vault-broker] SWITCHROOM_BROKER_OPERATOR_UID='${operatorUidStr}' is not a positive integer; skipping operator listener
+`);
+      } else {
+        const operatorSock = `${operatorDir}/sock`;
+        try {
+          await broker.bindOperatorListener(operatorSock, operatorUid);
+          process.stdout.write(`vault-broker: operator socket listening sock=${operatorSock} uid=${operatorUid}
+`);
+        } catch (err) {
+          process.stderr.write(`[vault-broker] failed to bind operator listener at ${operatorSock}: ${err.message}
+`);
+        }
+      }
+    }
     return;
   }
   await broker.start(legacySocketPath, configPath, vaultPath);