npm - switchroom - Versions diffs - 0.7.15 → 0.10.0 - Mend

switchroom 0.7.15 → 0.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (301) hide show

package/README.md +51 -59
package/bin/run-hook.sh +27 -11
package/bin/timezone-hook.sh +9 -7
package/dist/agent-scheduler/index.js +410 -133
package/dist/auth-broker/index.js +13932 -0
package/dist/cli/switchroom.js +26937 -5601
package/dist/host-control/main.js +12702 -0
package/dist/vault/approvals/kernel-server.js +467 -184
package/dist/vault/broker/server.js +1430 -724
package/examples/minimal.yaml +63 -0
package/examples/personal-google-workspace-mcp/.env.example +34 -0
package/examples/personal-google-workspace-mcp/README.md +194 -0
package/examples/personal-google-workspace-mcp/compose.yaml +66 -0
package/examples/switchroom.yaml +220 -0
package/package.json +7 -4
package/profiles/_base/settings.json.hbs +20 -5
package/profiles/_base/start.sh.hbs +16 -3
package/profiles/_shared/agent-self-service.md.hbs +126 -0
package/profiles/_shared/telegram-style.md.hbs +20 -90
package/profiles/_shared/vault-protocol.md.hbs +68 -0
package/profiles/default/CLAUDE.md +50 -96
package/profiles/default/CLAUDE.md.hbs +36 -6
package/profiles/default/workspace/SOUL.md.hbs +12 -5
package/skills/buildkite-agent-infrastructure/SKILL.md +30 -11
package/skills/buildkite-agent-runtime/SKILL.md +44 -11
package/skills/buildkite-api/SKILL.md +31 -8
package/skills/buildkite-cli/SKILL.md +27 -9
package/skills/buildkite-migration/SKILL.md +22 -9
package/skills/buildkite-pipelines/SKILL.md +26 -9
package/skills/buildkite-secure-delivery/SKILL.md +23 -9
package/skills/buildkite-test-engine/SKILL.md +25 -8
package/skills/docx/SKILL.md +1 -1
package/skills/docx/scripts/office/validators/__pycache__/__init__.cpython-313.pyc +0 -0
package/skills/docx/scripts/office/validators/__pycache__/base.cpython-313.pyc +0 -0
package/skills/file-bug/SKILL.md +34 -6
package/skills/humanizer/SKILL.md +15 -0
package/skills/humanizer-calibrate/SKILL.md +7 -1
package/skills/mcp-builder/SKILL.md +1 -1
package/skills/pdf/SKILL.md +1 -1
package/skills/pptx/SKILL.md +1 -1
package/skills/skill-creator/SKILL.md +21 -1
package/skills/skill-creator/scripts/__pycache__/__init__.cpython-313.pyc +0 -0
package/skills/skill-creator/scripts/__pycache__/generate_report.cpython-313.pyc +0 -0
package/skills/skill-creator/scripts/__pycache__/improve_description.cpython-313.pyc +0 -0
package/skills/skill-creator/scripts/__pycache__/run_eval.cpython-313.pyc +0 -0
package/skills/skill-creator/scripts/__pycache__/run_loop.cpython-313.pyc +0 -0
package/skills/skill-creator/scripts/__pycache__/utils.cpython-313.pyc +0 -0
package/skills/switchroom-cli/SKILL.md +63 -64
package/skills/switchroom-health/SKILL.md +23 -10
package/skills/switchroom-install/SKILL.md +3 -3
package/skills/switchroom-manage/SKILL.md +26 -19
package/skills/switchroom-runtime/SKILL.md +191 -0
package/skills/switchroom-status/SKILL.md +27 -2
package/skills/telegram-test-harness/SKILL.md +3 -0
package/skills/token-helpers/SKILL.md +24 -1
package/skills/webapp-testing/SKILL.md +31 -1
package/skills/xlsx/SKILL.md +1 -1
package/telegram-plugin/admin-commands/index.ts +7 -5
package/telegram-plugin/analytics-posthog.ts +191 -0
package/telegram-plugin/bridge/bridge.ts +69 -0
package/telegram-plugin/bridge/ipc-client.ts +4 -1
package/telegram-plugin/dist/bridge/bridge.js +194 -119
package/telegram-plugin/dist/gateway/gateway.js +23611 -19671
package/telegram-plugin/dist/server.js +245 -189
package/telegram-plugin/first-paint.ts +3 -24
package/telegram-plugin/gateway/auth-add-flow.ts +326 -0
package/telegram-plugin/gateway/auth-broker-client.ts +75 -0
package/telegram-plugin/gateway/auth-command.ts +794 -0
package/telegram-plugin/gateway/auth-line.ts +123 -0
package/telegram-plugin/gateway/boot-card.ts +169 -40
package/telegram-plugin/gateway/boot-issue-cache.ts +308 -0
package/telegram-plugin/gateway/boot-probes.ts +166 -123
package/telegram-plugin/gateway/boot-reason.ts +41 -7
package/telegram-plugin/gateway/boot-version.ts +66 -0
package/telegram-plugin/gateway/gateway.ts +3499 -1885
package/telegram-plugin/gateway/hostd-dispatch.ts +117 -0
package/telegram-plugin/gateway/ipc-protocol.ts +18 -0
package/telegram-plugin/gateway/pending-inbound-buffer.ts +106 -0
package/telegram-plugin/gateway/quarantine.ts +69 -0
package/telegram-plugin/gateway/quota-cache.ts +9 -4
package/telegram-plugin/gateway/reaction-trigger.ts +401 -0
package/telegram-plugin/gateway/recent-denials.test.ts +103 -0
package/telegram-plugin/gateway/recent-denials.ts +77 -0
package/telegram-plugin/gateway/startup-network-retry.ts +109 -31
package/telegram-plugin/gateway/vault-grant-inbound-builders.ts +125 -0
package/telegram-plugin/history.ts +91 -0
package/telegram-plugin/hooks/hooks.json +10 -0
package/telegram-plugin/hooks/sandbox-hint-posttool.mjs +130 -0
package/telegram-plugin/hooks/subagent-tracker-posttool.mjs +19 -2
package/telegram-plugin/hooks/subagent-tracker-pretool.mjs +22 -2
package/telegram-plugin/hooks/tool-label-pretool.mjs +11 -0
package/telegram-plugin/hooks/wedge-detect-posttool.mjs +303 -0
package/telegram-plugin/inbound-classifier.ts +50 -0
package/telegram-plugin/inline-keyboard-callbacks.ts +136 -0
package/telegram-plugin/node_modules/.vite/vitest/da39a3ee5e6b4b0d3255bfef95601890afd80709/results.json +1 -0
package/telegram-plugin/package.json +4 -2
package/telegram-plugin/permission-rule.ts +51 -0
package/telegram-plugin/permission-title.ts +56 -0
package/telegram-plugin/quota-check.ts +19 -41
package/telegram-plugin/registry/reaper.ts +223 -0
package/telegram-plugin/retry-api-call.ts +80 -0
package/telegram-plugin/runtime-metrics.ts +177 -0
package/telegram-plugin/scripts/build.mjs +0 -1
package/telegram-plugin/secret-detect/index.ts +24 -0
package/telegram-plugin/secret-detect/vault-error.test.ts +64 -12
package/telegram-plugin/secret-detect/vault-error.ts +78 -11
package/telegram-plugin/secret-detect/vault-write.ts +14 -2
package/telegram-plugin/server.js +41795 -0
package/telegram-plugin/session-tail.ts +6 -1
package/telegram-plugin/shared/bot-runtime.ts +5 -4
package/telegram-plugin/silence-poke.ts +420 -0
package/telegram-plugin/silent-end.ts +174 -0
package/telegram-plugin/stream-controller.ts +13 -0
package/telegram-plugin/stream-reply-handler.ts +7 -0
package/telegram-plugin/subagent-watcher.ts +213 -4
package/telegram-plugin/tests/auth-add-flow.test.ts +559 -0
package/telegram-plugin/tests/auth-code-redact.test.ts +8 -4
package/telegram-plugin/tests/auth-command-vernacular.test.ts +531 -0
package/telegram-plugin/tests/boot-card-issue-dedup.test.ts +247 -0
package/telegram-plugin/tests/boot-card-reason-to-render.test.ts +182 -0
package/telegram-plugin/tests/boot-card-reason.test.ts +65 -2
package/telegram-plugin/tests/boot-card-render.test.ts +146 -0
package/telegram-plugin/tests/boot-card-silent-on-operator.test.ts +103 -0
package/telegram-plugin/tests/boot-probes.test.ts +216 -10
package/telegram-plugin/tests/boot-version-string.test.ts +0 -0
package/telegram-plugin/tests/finalize-callback.test.ts +190 -0
package/telegram-plugin/tests/gateway-message-validator.test.ts +26 -0
package/telegram-plugin/tests/gateway-secret-detect.test.ts +12 -3
package/telegram-plugin/tests/gateway-startup-network-retry.test.ts +104 -0
package/telegram-plugin/tests/history-reaper.test.ts +378 -0
package/telegram-plugin/tests/hostd-dispatch.test.ts +129 -0
package/telegram-plugin/tests/inbound-classifier.test.ts +76 -0
package/telegram-plugin/tests/inbound-message-types.test.ts +267 -0
package/telegram-plugin/tests/issues-card.test.ts +49 -0
package/telegram-plugin/tests/pending-inbound-buffer.test.ts +132 -0
package/telegram-plugin/tests/permission-rule.test.ts +80 -1
package/telegram-plugin/tests/permission-title.test.ts +31 -0
package/telegram-plugin/tests/quota-check.test.ts +5 -35
package/telegram-plugin/tests/races.test.ts +179 -0
package/telegram-plugin/tests/reaction-trigger-flow.test.ts +353 -0
package/telegram-plugin/tests/reaction-trigger.test.ts +397 -0
package/telegram-plugin/tests/retry-api-call.test.ts +152 -1
package/telegram-plugin/tests/runtime-metrics.test.ts +145 -0
package/telegram-plugin/tests/sandbox-hint-posttool.test.ts +155 -0
package/telegram-plugin/tests/secret-detect-delete-must-surface-failures.test.ts +133 -0
package/telegram-plugin/tests/secret-detect-false-positives.test.ts +137 -0
package/telegram-plugin/tests/silence-poke.test.ts +493 -0
package/telegram-plugin/tests/silent-end.test.ts +206 -0
package/telegram-plugin/tests/subagent-tracker-hooks.test.ts +107 -0
package/telegram-plugin/tests/subagent-watcher-env-thresholds.test.ts +224 -0
package/telegram-plugin/tests/subagent-watcher-stall-terminal.test.ts +316 -0
package/telegram-plugin/tests/subagent-watcher.test.ts +263 -0
package/telegram-plugin/tests/turn-signal-tracker.test.ts +81 -0
package/telegram-plugin/tests/vault-approval-posture.test.ts +256 -0
package/telegram-plugin/tests/vault-grant-auto-resume.test.ts +73 -0
package/telegram-plugin/tests/vault-grant-inbound-builders.test.ts +226 -0
package/telegram-plugin/tests/vault-grant-union.test.ts +130 -0
package/telegram-plugin/tests/vault-key-regex-allows-slash.test.ts +140 -0
package/telegram-plugin/tests/vault-posture-quarantine.test.ts +104 -0
package/telegram-plugin/tests/vault-request-access-tool.test.ts +114 -0
package/telegram-plugin/tests/vault-request-access-unlock-resume.test.ts +106 -0
package/telegram-plugin/turn-signal-tracker.ts +100 -24
package/telegram-plugin/uat/SETUP.md +210 -35
package/telegram-plugin/uat/assertions.ts +264 -37
package/telegram-plugin/uat/driver-info.ts +57 -0
package/telegram-plugin/uat/driver.ts +590 -51
package/telegram-plugin/uat/harness.ts +140 -94
package/telegram-plugin/uat/load-env.test.ts +72 -0
package/telegram-plugin/uat/load-env.ts +48 -0
package/telegram-plugin/uat/login.ts +96 -53
package/telegram-plugin/uat/runners/agent-self-sufficiency.ts +457 -0
package/telegram-plugin/uat/runners/paraphrases.ts +231 -0
package/telegram-plugin/uat/runners/report.ts +150 -0
package/telegram-plugin/uat/runners/run-agent-self-sufficiency.sh +50 -0
package/telegram-plugin/uat/runners/scorer.test.ts +196 -0
package/telegram-plugin/uat/runners/scorer.ts +106 -0
package/telegram-plugin/uat/runners/skill-coverage.test.ts +100 -0
package/telegram-plugin/uat/runners/skill-coverage.ts +620 -0
package/telegram-plugin/uat/scenarios/ask-user-button-tap-dm.test.ts +141 -0
package/telegram-plugin/uat/scenarios/bg-sub-agent-dispatch-dm.test.ts +191 -0
package/telegram-plugin/uat/scenarios/fuzz-extended-dm.test.ts +255 -0
package/telegram-plugin/uat/scenarios/fuzz-human-style-dm.test.ts +275 -0
package/telegram-plugin/uat/scenarios/fuzz-random-prompts-dm.test.ts +146 -0
package/telegram-plugin/uat/scenarios/fuzz-status-ask-dm.test.ts +486 -0
package/telegram-plugin/uat/scenarios/jtbd-interrupt-marker-dm.test.ts +67 -0
package/telegram-plugin/uat/scenarios/jtbd-rapid-followup-dm.test.ts +100 -0
package/telegram-plugin/uat/scenarios/jtbd-soft-commit-dm.test.ts +67 -0
package/telegram-plugin/uat/scenarios/jtbd-status-query-dm.test.ts +49 -0
package/telegram-plugin/uat/scenarios/location-inbound-dm.test.ts +65 -0
package/telegram-plugin/uat/scenarios/midturn-silent-dm.test.ts +175 -0
package/telegram-plugin/uat/scenarios/reactions-dm.test.ts +142 -0
package/telegram-plugin/uat/scenarios/reactions-trigger-turn-dm.test.ts +96 -0
package/telegram-plugin/uat/scenarios/secret-redaction-deletes-original-dm.test.ts +123 -0
package/telegram-plugin/uat/scenarios/secret-redaction-no-false-positive-dm.test.ts +87 -0
package/telegram-plugin/uat/scenarios/silence-poke-soft-dm.test.ts +155 -0
package/telegram-plugin/uat/scenarios/silent-end-recovery-dm.test.ts +95 -0
package/telegram-plugin/uat/scenarios/smoke-dm-reply.test.ts +57 -0
package/telegram-plugin/uat/scenarios/subagent-watcher-no-rerun-dm.test.ts +135 -0
package/telegram-plugin/uat/scenarios/vault-approval-posture-telegram-id-dm.test.ts +191 -0
package/telegram-plugin/uat/scenarios/vault-audit-allow-dm.test.ts +108 -0
package/telegram-plugin/uat/scenarios/vault-grant-auto-resume-dm.test.ts +121 -0
package/telegram-plugin/uat/scenarios/vault-request-access-concurrent-dm.test.ts +161 -0
package/telegram-plugin/uat/scenarios/vault-request-access-end-to-end-dm.test.ts +158 -0
package/telegram-plugin/uat/scenarios/voice-inbound-dm.test.ts +65 -0
package/telegram-plugin/vault-approval-posture.ts +42 -0
package/telegram-plugin/welcome-text.ts +1 -0
package/telegram-plugin/active-pins-sweep.ts +0 -204
package/telegram-plugin/active-pins.ts +0 -146
package/telegram-plugin/auth-dashboard.ts +0 -1104
package/telegram-plugin/auth-slot-parser.ts +0 -497
package/telegram-plugin/card-event-log.ts +0 -138
package/telegram-plugin/dist/foreman/foreman.js +0 -31106
package/telegram-plugin/docs/multi-agent-card-design.md +0 -847
package/telegram-plugin/docs/pinned-progress-card-reliability.md +0 -144
package/telegram-plugin/foreman/foreman-create-flow.ts +0 -202
package/telegram-plugin/foreman/foreman-handlers.ts +0 -493
package/telegram-plugin/foreman/foreman.ts +0 -1165
package/telegram-plugin/foreman/setup-flow.ts +0 -345
package/telegram-plugin/foreman/setup-state.ts +0 -239
package/telegram-plugin/foreman/state.ts +0 -203
package/telegram-plugin/pin-event-log.ts +0 -76
package/telegram-plugin/progress-card-driver.ts +0 -2886
package/telegram-plugin/progress-card-pin-manager.ts +0 -589
package/telegram-plugin/progress-card-pin-watchdog.ts +0 -98
package/telegram-plugin/progress-card.ts +0 -1409
package/telegram-plugin/tests/HARNESS.md +0 -340
package/telegram-plugin/tests/_progress-card-harness.ts +0 -109
package/telegram-plugin/tests/active-pins-boot-reaper.test.ts +0 -211
package/telegram-plugin/tests/active-pins-sweep.test.ts +0 -309
package/telegram-plugin/tests/active-pins.test.ts +0 -187
package/telegram-plugin/tests/auth-account-identity-surface.test.ts +0 -118
package/telegram-plugin/tests/auth-dashboard-edge-cases.test.ts +0 -260
package/telegram-plugin/tests/auth-dashboard-restart-flow.test.ts +0 -140
package/telegram-plugin/tests/auth-dashboard-v3b.test.ts +0 -559
package/telegram-plugin/tests/auth-dashboard.test.ts +0 -1045
package/telegram-plugin/tests/auth-slot-commands.test.ts +0 -640
package/telegram-plugin/tests/bg-agent-progress-card-757.test.ts +0 -201
package/telegram-plugin/tests/boot-card-account-quota.test.ts +0 -137
package/telegram-plugin/tests/card-event-log.test.ts +0 -145
package/telegram-plugin/tests/first-paint.test.ts +0 -257
package/telegram-plugin/tests/foreman-create-flow.test.ts +0 -359
package/telegram-plugin/tests/foreman-handlers.test.ts +0 -347
package/telegram-plugin/tests/foreman-state.test.ts +0 -164
package/telegram-plugin/tests/foreman-write-ops.test.ts +0 -214
package/telegram-plugin/tests/harness-ordering-invariants.test.ts +0 -243
package/telegram-plugin/tests/pin-event-log.test.ts +0 -124
package/telegram-plugin/tests/progress-card-api-failure-during-deferred.test.ts +0 -73
package/telegram-plugin/tests/progress-card-close-paths-converge.test.ts +0 -272
package/telegram-plugin/tests/progress-card-cross-turn.test.ts +0 -258
package/telegram-plugin/tests/progress-card-delay-842.test.ts +0 -160
package/telegram-plugin/tests/progress-card-dispose-preservepending.test.ts +0 -81
package/telegram-plugin/tests/progress-card-draft-flag.test.ts +0 -80
package/telegram-plugin/tests/progress-card-driver-eviction.test.ts +0 -215
package/telegram-plugin/tests/progress-card-driver-fleet-shadow.test.ts +0 -123
package/telegram-plugin/tests/progress-card-driver-force-complete-parent-done.test.ts +0 -76
package/telegram-plugin/tests/progress-card-edit-timestamps-budget.test.ts +0 -62
package/telegram-plugin/tests/progress-card-memory-bounds.test.ts +0 -84
package/telegram-plugin/tests/progress-card-pin-failure-paths.test.ts +0 -139
package/telegram-plugin/tests/progress-card-pin-manager.test.ts +0 -773
package/telegram-plugin/tests/progress-card-pin-race-fast-turn.test.ts +0 -66
package/telegram-plugin/tests/progress-card-pin-sidecar-partial-write.test.ts +0 -64
package/telegram-plugin/tests/progress-card-pin-watchdog.test.ts +0 -190
package/telegram-plugin/tests/progress-card-sigterm-pin-flush.test.ts +0 -146
package/telegram-plugin/tests/real-gateway-f1-ladder-integrity.test.ts +0 -123
package/telegram-plugin/tests/real-gateway-f2-instant-draft.test.ts +0 -82
package/telegram-plugin/tests/real-gateway-f3-late-card.test.ts +0 -114
package/telegram-plugin/tests/real-gateway-harness.ts +0 -699
package/telegram-plugin/tests/real-gateway-i6-turn-flush-replay-dedup.test.ts +0 -313
package/telegram-plugin/tests/real-gateway-ipc-lifecycle.test.ts +0 -299
package/telegram-plugin/tests/real-gateway-spec.test.ts +0 -487
package/telegram-plugin/tests/real-gateway.smoke.test.ts +0 -101
package/telegram-plugin/tests/setup-flow.test.ts +0 -510
package/telegram-plugin/tests/setup-state.test.ts +0 -146
package/telegram-plugin/tests/sync-chat-running-subagents.test.ts +0 -116
package/telegram-plugin/tests/turn-end-regressions.test.ts +0 -489
package/telegram-plugin/tests/turn-flush-card-takeover.test.ts +0 -218
package/telegram-plugin/tests/turn-flush-prose-recovery.test.ts +0 -78
package/telegram-plugin/tests/two-zone-bg-carry-full-lifecycle.test.ts +0 -131
package/telegram-plugin/tests/two-zone-bg-detection.test.ts +0 -120
package/telegram-plugin/tests/two-zone-bg-done-when-all-terminal.test.ts +0 -116
package/telegram-plugin/tests/two-zone-bg-early-turn-end.test.ts +0 -87
package/telegram-plugin/tests/two-zone-bg-survives-next-turn.test.ts +0 -211
package/telegram-plugin/tests/two-zone-card-cap.test.ts +0 -62
package/telegram-plugin/tests/two-zone-card-fleet-row.test.ts +0 -101
package/telegram-plugin/tests/two-zone-card-header-phases.test.ts +0 -78
package/telegram-plugin/tests/two-zone-card-html-balance.test.ts +0 -110
package/telegram-plugin/tests/two-zone-card-lifecycle.test.ts +0 -128
package/telegram-plugin/tests/two-zone-card-sanitise.test.ts +0 -58
package/telegram-plugin/tests/two-zone-card-snapshot.test.ts +0 -133
package/telegram-plugin/tests/two-zone-concurrent-turns-isolation.test.ts +0 -155
package/telegram-plugin/tests/two-zone-phasefor-precedence.test.ts +0 -117
package/telegram-plugin/tests/two-zone-snapshot-extras.test.ts +0 -187
package/telegram-plugin/tests/two-zone-stuck-edit-throttle.test.ts +0 -149
package/telegram-plugin/tests/two-zone-stuck-header-escalation.test.ts +0 -101
package/telegram-plugin/tests/two-zone-stuck-per-member.test.ts +0 -114
package/telegram-plugin/tests/two-zone-stuck-recovery.test.ts +0 -105
package/telegram-plugin/tests/waiting-ux-harness.ts +0 -381
package/telegram-plugin/tests/waiting-ux.e2e.test.ts +0 -233
package/telegram-plugin/turn-flush-prose-recovery.ts +0 -40
package/telegram-plugin/two-zone-card.ts +0 -269
package/telegram-plugin/uat/scenarios/smoke-clerk-reply.test.ts +0 -61

package/telegram-plugin/tests/auth-slot-commands.test.ts DELETED Viewed

@@ -1,640 +0,0 @@
-import { describe, it, expect } from "vitest";
-import {
-  assertSafeSlotName,
-  parseAuthSubCommand,
-  checkRemoveSafety,
-  formatSlotList,
-  splitFlags,
-  usageText,
-  AUTH_VERBS,
-  type SlotListingFromCli,
-  type AuthIntent,
-} from "../auth-slot-parser";
-describe("assertSafeSlotName", () => {
-  it("accepts valid slot names", () => {
-    for (const name of ["default", "personal-1", "work_acct", "a", "A".repeat(32)]) {
-      expect(() => assertSafeSlotName(name)).not.toThrow();
-    }
-  });
-  it("rejects empty string", () => {
-    expect(() => assertSafeSlotName("")).toThrow(/invalid slot name/);
-  });
-  it("rejects names > 32 chars", () => {
-    expect(() => assertSafeSlotName("a".repeat(33))).toThrow(/invalid slot name/);
-  });
-  it("rejects shell metacharacters and spaces", () => {
-    for (const bad of ["foo bar", "foo;ls", "foo/bar", "foo.bar", "foo$var", "foo|bar"]) {
-      expect(() => assertSafeSlotName(bad)).toThrow(/invalid slot name/);
-    }
-  });
-});
-describe("parseAuthSubCommand — existing verbs pass-through", () => {
-  it("defaults to status with no args", () => {
-    const intent = parseAuthSubCommand([], "clerk");
-    expect(intent.kind).toBe("status");
-    if (intent.kind === "status") expect(intent.cliArgs).toEqual(["auth", "status"]);
-  });
-  it("login with no agent defaults to currentAgent", () => {
-    const intent = parseAuthSubCommand(["login"], "clerk");
-    expect(intent.kind).toBe("login");
-    if (intent.kind === "login") {
-      expect(intent.agent).toBe("clerk");
-      expect(intent.cliArgs).toEqual(["auth", "login", "clerk"]);
-      expect(intent.registerReauth).toBe(true);
-    }
-  });
-  it("login with explicit agent", () => {
-    const intent = parseAuthSubCommand(["login", "klanker"], "clerk");
-    expect(intent.kind).toBe("login");
-    if (intent.kind === "login") expect(intent.agent).toBe("klanker");
-  });
-  it("code requires a browser code", () => {
-    const intent = parseAuthSubCommand(["code"], "clerk");
-    expect(intent.kind).toBe("usage");
-  });
-  it("code treats 2 args as agent-is-current + code", () => {
-    const intent = parseAuthSubCommand(["code", "ABC123"], "clerk");
-    expect(intent.kind).toBe("code");
-    if (intent.kind === "code") {
-      expect(intent.agent).toBe("clerk");
-      expect(intent.code).toBe("ABC123");
-    }
-  });
-  it("code treats 3 args as agent + code", () => {
-    const intent = parseAuthSubCommand(["code", "klanker", "ABC123"], "clerk");
-    expect(intent.kind).toBe("code");
-    if (intent.kind === "code") {
-      expect(intent.agent).toBe("klanker");
-      expect(intent.code).toBe("ABC123");
-    }
-  });
-});
-describe("parseAuthSubCommand — /auth add", () => {
-  it("defaults agent to currentAgent", () => {
-    const intent = parseAuthSubCommand(["add"], "clerk");
-    expect(intent.kind).toBe("add");
-    if (intent.kind === "add") {
-      expect(intent.agent).toBe("clerk");
-      expect(intent.slot).toBeUndefined();
-      expect(intent.cliArgs).toEqual(["auth", "add", "clerk"]);
-    }
-  });
-  it("takes explicit agent", () => {
-    const intent = parseAuthSubCommand(["add", "klanker"], "clerk");
-    expect(intent.kind).toBe("add");
-    if (intent.kind === "add") {
-      expect(intent.agent).toBe("klanker");
-      expect(intent.cliArgs).toEqual(["auth", "add", "klanker"]);
-    }
-  });
-  it("accepts --slot value", () => {
-    const intent = parseAuthSubCommand(["add", "clerk", "--slot", "personal"], "clerk");
-    expect(intent.kind).toBe("add");
-    if (intent.kind === "add") {
-      expect(intent.slot).toBe("personal");
-      expect(intent.cliArgs).toEqual(["auth", "add", "clerk", "--slot", "personal"]);
-    }
-  });
-  it("rejects invalid slot name", () => {
-    const intent = parseAuthSubCommand(["add", "clerk", "--slot", "bad name"], "clerk");
-    expect(intent.kind).toBe("error");
-    if (intent.kind === "error") expect(intent.message).toMatch(/slot name/i);
-  });
-});
-describe("parseAuthSubCommand — /auth use", () => {
-  it("requires a slot arg", () => {
-    const intent = parseAuthSubCommand(["use"], "clerk");
-    expect(intent.kind).toBe("usage");
-  });
-  it("1 positional arg = slot (agent defaults)", () => {
-    const intent = parseAuthSubCommand(["use", "personal"], "clerk");
-    expect(intent.kind).toBe("use");
-    if (intent.kind === "use") {
-      expect(intent.agent).toBe("clerk");
-      expect(intent.slot).toBe("personal");
-      expect(intent.force).toBe(false);
-      expect(intent.cliArgs).toEqual(["auth", "use", "clerk", "personal"]);
-      expect(intent.restartAgentAfter).toBe(true);
-    }
-  });
-  it("2 positional args = agent + slot", () => {
-    const intent = parseAuthSubCommand(["use", "klanker", "personal"], "clerk");
-    expect(intent.kind).toBe("use");
-    if (intent.kind === "use") {
-      expect(intent.agent).toBe("klanker");
-      expect(intent.slot).toBe("personal");
-      expect(intent.force).toBe(false);
-    }
-  });
-  it("--force sets force=true (#421)", () => {
-    const intent = parseAuthSubCommand(["use", "personal", "--force"], "clerk");
-    expect(intent.kind).toBe("use");
-    if (intent.kind === "use") {
-      expect(intent.slot).toBe("personal");
-      expect(intent.force).toBe(true);
-    }
-  });
-  it("--force with explicit agent + slot", () => {
-    const intent = parseAuthSubCommand(["use", "klanker", "personal", "--force"], "clerk");
-    expect(intent.kind).toBe("use");
-    if (intent.kind === "use") {
-      expect(intent.agent).toBe("klanker");
-      expect(intent.slot).toBe("personal");
-      expect(intent.force).toBe(true);
-    }
-  });
-  it("rejects invalid slot name with clear error", () => {
-    const intent = parseAuthSubCommand(["use", "bad slot"], "clerk");
-    expect(intent.kind).toBe("error");
-    if (intent.kind === "error") expect(intent.message).toMatch(/slot name/i);
-  });
-  it("rejects invalid agent name", () => {
-    const intent = parseAuthSubCommand(["use", "bad;agent", "slot"], "clerk");
-    expect(intent.kind).toBe("error");
-    if (intent.kind === "error") expect(intent.message).toMatch(/agent name/i);
-  });
-});
-describe("parseAuthSubCommand — /auth list", () => {
-  it("defaults agent to currentAgent, requests JSON from CLI", () => {
-    const intent = parseAuthSubCommand(["list"], "clerk");
-    expect(intent.kind).toBe("list");
-    if (intent.kind === "list") {
-      expect(intent.agent).toBe("clerk");
-      expect(intent.cliArgs).toEqual(["auth", "list", "clerk", "--json"]);
-    }
-  });
-  it("takes explicit agent", () => {
-    const intent = parseAuthSubCommand(["list", "klanker"], "clerk");
-    expect(intent.kind).toBe("list");
-    if (intent.kind === "list") expect(intent.agent).toBe("klanker");
-  });
-});
-describe("parseAuthSubCommand — /auth rm", () => {
-  it("requires a slot", () => {
-    const intent = parseAuthSubCommand(["rm"], "clerk");
-    expect(intent.kind).toBe("usage");
-  });
-  it("1 positional arg = slot, no --force", () => {
-    const intent = parseAuthSubCommand(["rm", "personal"], "clerk");
-    expect(intent.kind).toBe("rm");
-    if (intent.kind === "rm") {
-      expect(intent.agent).toBe("clerk");
-      expect(intent.slot).toBe("personal");
-      expect(intent.force).toBe(false);
-      expect(intent.cliArgs).toEqual(["auth", "rm", "clerk", "personal"]);
-    }
-  });
-  it("--force sets force=true", () => {
-    const intent = parseAuthSubCommand(["rm", "personal", "--force"], "clerk");
-    expect(intent.kind).toBe("rm");
-    if (intent.kind === "rm") expect(intent.force).toBe(true);
-  });
-  it("2 positional args = agent + slot", () => {
-    const intent = parseAuthSubCommand(["rm", "klanker", "personal"], "clerk");
-    expect(intent.kind).toBe("rm");
-    if (intent.kind === "rm") {
-      expect(intent.agent).toBe("klanker");
-      expect(intent.slot).toBe("personal");
-    }
-  });
-  it("rejects invalid slot name", () => {
-    const intent = parseAuthSubCommand(["rm", "bad slot"], "clerk");
-    expect(intent.kind).toBe("error");
-  });
-});
-describe("parseAuthSubCommand — unknown verb", () => {
-  it("returns usage with full verb list", () => {
-    const intent = parseAuthSubCommand(["foo"], "clerk");
-    expect(intent.kind).toBe("usage");
-    if (intent.kind === "usage") {
-      // Primary verbs should appear in the usage text.
-      // ("link" is an alias of "login" and not listed separately;
-      // "status" is the bare /auth with no args.)
-      const visibleVerbs = AUTH_VERBS.filter(v => v !== "link" && v !== "status");
-      for (const v of visibleVerbs) {
-        expect(intent.message).toContain(`/auth ${v}`);
-      }
-      // sanity: the 4 new verbs definitely appear
-      expect(intent.message).toContain("/auth add");
-      expect(intent.message).toContain("/auth use");
-      expect(intent.message).toContain("/auth list");
-      expect(intent.message).toContain("/auth rm");
-    }
-  });
-});
-describe("checkRemoveSafety", () => {
-  const baseListing: SlotListingFromCli = {
-    agent: "clerk",
-    slots: [
-      { slot: "default", active: true, health: "healthy", expires_at: null, quota_exhausted_until: null },
-      { slot: "personal", active: false, health: "healthy", expires_at: null, quota_exhausted_until: null },
-    ],
-  };
-  it("allows removing inactive slot without force", () => {
-    expect(checkRemoveSafety(baseListing, "personal", false)).toBeNull();
-  });
-  it("blocks removing active slot without force", () => {
-    const err = checkRemoveSafety(baseListing, "default", false);
-    expect(err).toMatch(/active slot/i);
-    expect(err).toMatch(/--force/);
-  });
-  it("blocks removing only slot without force", () => {
-    const only: SlotListingFromCli = {
-      agent: "clerk",
-      slots: [{ slot: "default", active: true, health: "healthy", expires_at: null, quota_exhausted_until: null }],
-    };
-    const err = checkRemoveSafety(only, "default", false);
-    expect(err).toMatch(/only account slot/i);
-  });
-  it("--force bypasses all safety checks", () => {
-    expect(checkRemoveSafety(baseListing, "default", true)).toBeNull();
-  });
-  it("returns null for unknown slot (CLI will produce its own error)", () => {
-    expect(checkRemoveSafety(baseListing, "ghost", false)).toBeNull();
-  });
-});
-describe("formatSlotList", () => {
-  const now = Date.now();
-  it("shows active marker on active slot", () => {
-    const out = formatSlotList({
-      agent: "clerk",
-      slots: [
-        { slot: "default", active: true, health: "healthy", expires_at: null, quota_exhausted_until: null },
-        { slot: "personal", active: false, health: "healthy", expires_at: null, quota_exhausted_until: null },
-      ],
-    });
-    expect(out).toContain("<b>Slots for clerk</b>");
-    expect(out).toContain("●"); // active marker
-    expect(out).toContain("<code>default</code>");
-    expect(out).toContain("<code>personal</code>");
-  });
-  it("shows 'no slots' message when empty", () => {
-    const out = formatSlotList({ agent: "clerk", slots: [] });
-    expect(out).toMatch(/no slots/i);
-    expect(out).toContain("/auth add");
-  });
-  it("surfaces quota-exhausted with resets-in tail", () => {
-    const until = now + 30 * 60_000;
-    const out = formatSlotList({
-      agent: "clerk",
-      slots: [{ slot: "default", active: true, health: "quota-exhausted", expires_at: null, quota_exhausted_until: until }],
-    });
-    expect(out).toMatch(/resets in ~\d+m/);
-    expect(out).toContain("⚠️");
-  });
-  it("surfaces expired with reauth hint", () => {
-    const out = formatSlotList({
-      agent: "clerk",
-      slots: [{ slot: "default", active: true, health: "expired", expires_at: null, quota_exhausted_until: null }],
-    });
-    expect(out).toMatch(/\/auth reauth/);
-    expect(out).toContain("⌛");
-  });
-  it("escapes HTML in agent name", () => {
-    const out = formatSlotList({ agent: "<evil>", slots: [] });
-    expect(out).toContain("&lt;evil&gt;");
-    expect(out).not.toContain("<evil>");
-  });
-});
-describe("splitFlags", () => {
-  it("extracts value flag + leaves positional", () => {
-    const { flags, positional } = splitFlags(["agent", "--slot", "personal"], ["--slot"]);
-    expect(flags).toEqual({ "--slot": "personal" });
-    expect(positional).toEqual(["agent"]);
-  });
-  it("treats value flag with no value as boolean", () => {
-    const { flags, positional } = splitFlags(["--slot"], ["--slot"]);
-    expect(flags["--slot"]).toBe(true);
-    expect(positional).toEqual([]);
-  });
-  it("bare --flag becomes boolean", () => {
-    const { flags, positional } = splitFlags(["slot", "--force"], []);
-    expect(flags["--force"]).toBe(true);
-    expect(positional).toEqual(["slot"]);
-  });
-});
-describe("usageText", () => {
-  it("lists all ten public sub-verbs", () => {
-    const u = usageText();
-    for (const v of ["login", "reauth", "code", "cancel", "add", "use", "list", "rm"]) {
-      expect(u).toContain(`/auth ${v}`);
-    }
-  });
-  it("lists the new account-shaped verbs", () => {
-    const u = usageText();
-    expect(u).toContain("/auth account add");
-    expect(u).toContain("/auth account list");
-    expect(u).toContain("/auth account rm");
-    expect(u).toContain("/auth enable");
-    expect(u).toContain("/auth disable");
-  });
-});
-describe("parseAuthSubCommand — account-shaped verbs", () => {
-  it("/auth account add <label> defaults --from-agent to currentAgent", () => {
-    const intent = parseAuthSubCommand(["account", "add", "work-pro"], "clerk");
-    expect(intent.kind).toBe("account-add");
-    if (intent.kind === "account-add") {
-      expect(intent.account).toBe("work-pro");
-      expect(intent.fromAgent).toBe("clerk");
-      expect(intent.cliArgs).toEqual(["auth", "account", "add", "work-pro", "--from-agent", "clerk"]);
-    }
-  });
-  it("/auth account add <label> --from-agent <name> uses explicit agent", () => {
-    const intent = parseAuthSubCommand(
-      ["account", "add", "work-pro", "--from-agent", "klanker"],
-      "clerk",
-    );
-    expect(intent.kind).toBe("account-add");
-    if (intent.kind === "account-add") {
-      expect(intent.fromAgent).toBe("klanker");
-      expect(intent.cliArgs).toContain("--from-agent");
-      expect(intent.cliArgs).toContain("klanker");
-    }
-  });
-  it("/auth account add without label is a usage error", () => {
-    const intent = parseAuthSubCommand(["account", "add"], "clerk");
-    expect(intent.kind).toBe("usage");
-  });
-  it("/auth account add rejects invalid labels", () => {
-    const intent = parseAuthSubCommand(["account", "add", "../etc"], "clerk");
-    expect(intent.kind).toBe("error");
-  });
-  it("/auth account add accepts dotted account labels (email-style)", () => {
-    const intent = parseAuthSubCommand(
-      ["account", "add", "ken.example.com"],
-      "clerk",
-    );
-    expect(intent.kind).toBe("account-add");
-  });
-  it("/auth account add rejects --from-agent with shell metacharacters", () => {
-    const intent = parseAuthSubCommand(
-      ["account", "add", "work", "--from-agent", "foo;ls"],
-      "clerk",
-    );
-    expect(intent.kind).toBe("error");
-  });
-  it("/auth account list maps to the CLI list verb", () => {
-    const intent = parseAuthSubCommand(["account", "list"], "clerk");
-    expect(intent.kind).toBe("account-list");
-    if (intent.kind === "account-list") {
-      expect(intent.cliArgs).toEqual(["auth", "account", "list"]);
-    }
-  });
-  it("/auth account rm <label>", () => {
-    const intent = parseAuthSubCommand(["account", "rm", "old-account"], "clerk");
-    expect(intent.kind).toBe("account-rm");
-    if (intent.kind === "account-rm") {
-      expect(intent.account).toBe("old-account");
-      expect(intent.cliArgs).toEqual(["auth", "account", "rm", "old-account"]);
-    }
-  });
-  it("/auth account rm without label is a usage error", () => {
-    const intent = parseAuthSubCommand(["account", "rm"], "clerk");
-    expect(intent.kind).toBe("usage");
-  });
-  it("/auth account with no subverb defaults to list", () => {
-    const intent = parseAuthSubCommand(["account"], "clerk");
-    expect(intent.kind).toBe("account-list");
-  });
-  it("/auth account rename <old> <new> produces account-rename intent with both labels", () => {
-    const intent = parseAuthSubCommand(
-      ["account", "rename", "ken-pro", "work-pro"],
-      "clerk",
-    );
-    expect(intent.kind).toBe("account-rename");
-    if (intent.kind === "account-rename") {
-      expect(intent.oldAccount).toBe("ken-pro");
-      expect(intent.newAccount).toBe("work-pro");
-      expect(intent.cliArgs).toEqual([
-        "auth",
-        "account",
-        "rename",
-        "ken-pro",
-        "work-pro",
-      ]);
-    }
-  });
-  it("/auth account rename without both labels is a usage error", () => {
-    expect(parseAuthSubCommand(["account", "rename"], "clerk").kind).toBe("usage");
-    expect(parseAuthSubCommand(["account", "rename", "only-one"], "clerk").kind).toBe(
-      "usage",
-    );
-  });
-  it("/auth account rename rejects same-name no-op as an error (not silent)", () => {
-    const intent = parseAuthSubCommand(
-      ["account", "rename", "same", "same"],
-      "clerk",
-    );
-    expect(intent.kind).toBe("error");
-  });
-  it("/auth account rename rejects invalid labels", () => {
-    expect(
-      parseAuthSubCommand(["account", "rename", "../etc", "ok"], "clerk").kind,
-    ).toBe("error");
-    expect(
-      parseAuthSubCommand(["account", "rename", "ok", "foo bar"], "clerk").kind,
-    ).toBe("error");
-  });
-});
-describe("parseAuthSubCommand — enable / disable", () => {
-  it("/auth enable <label> defaults agents to currentAgent", () => {
-    const intent = parseAuthSubCommand(["enable", "work-pro"], "clerk");
-    expect(intent.kind).toBe("enable");
-    if (intent.kind === "enable") {
-      expect(intent.account).toBe("work-pro");
-      expect(intent.agents).toEqual(["clerk"]);
-      expect(intent.cliArgs).toEqual(["auth", "enable", "work-pro", "clerk"]);
-      expect(intent.restartAgentsAfter).toBe(true);
-    }
-  });
-  it("/auth enable <label> <a> <b> wires multiple agents", () => {
-    const intent = parseAuthSubCommand(
-      ["enable", "work-pro", "foo", "bar"],
-      "clerk",
-    );
-    expect(intent.kind).toBe("enable");
-    if (intent.kind === "enable") {
-      expect(intent.agents).toEqual(["foo", "bar"]);
-      expect(intent.cliArgs).toEqual(["auth", "enable", "work-pro", "foo", "bar"]);
-    }
-  });
-  it("/auth enable without label is a usage error", () => {
-    const intent = parseAuthSubCommand(["enable"], "clerk");
-    expect(intent.kind).toBe("usage");
-  });
-  it("/auth enable rejects invalid agent names", () => {
-    const intent = parseAuthSubCommand(
-      ["enable", "work-pro", "foo;ls"],
-      "clerk",
-    );
-    expect(intent.kind).toBe("error");
-  });
-  it("/auth disable <label> mirrors enable shape", () => {
-    const intent = parseAuthSubCommand(["disable", "work-pro"], "clerk");
-    expect(intent.kind).toBe("disable");
-    if (intent.kind === "disable") {
-      expect(intent.account).toBe("work-pro");
-      expect(intent.agents).toEqual(["clerk"]);
-      expect(intent.cliArgs).toEqual(["auth", "disable", "work-pro", "clerk"]);
-    }
-  });
-  it("/auth disable <label> <a> <b> for explicit agents", () => {
-    const intent = parseAuthSubCommand(
-      ["disable", "work-pro", "foo", "bar"],
-      "clerk",
-    );
-    expect(intent.kind).toBe("disable");
-    if (intent.kind === "disable") {
-      expect(intent.agents).toEqual(["foo", "bar"]);
-    }
-  });
-});
-describe("AUTH_VERBS includes the new account-shaped verbs", () => {
-  it("exports account / enable / disable in the verb list", () => {
-    expect(AUTH_VERBS).toContain("account");
-    expect(AUTH_VERBS).toContain("enable");
-    expect(AUTH_VERBS).toContain("disable");
-  });
-  it("exports share in the verb list", () => {
-    expect(AUTH_VERBS).toContain("share");
-  });
-});
-describe("parseAuthSubCommand — `all` keyword for enable/disable", () => {
-  it("/auth enable <label> all parses with agents=['all']", () => {
-    const intent = parseAuthSubCommand(["enable", "work-pro", "all"], "clerk");
-    expect(intent.kind).toBe("enable");
-    if (intent.kind === "enable") {
-      expect(intent.agents).toEqual(["all"]);
-      expect(intent.cliArgs).toEqual(["auth", "enable", "work-pro", "all"]);
-      expect(intent.restartAgentsAfter).toBe(true);
-    }
-  });
-  it("/auth disable <label> all is symmetric", () => {
-    const intent = parseAuthSubCommand(["disable", "work-pro", "all"], "clerk");
-    expect(intent.kind).toBe("disable");
-    if (intent.kind === "disable") {
-      expect(intent.agents).toEqual(["all"]);
-      expect(intent.cliArgs).toEqual(["auth", "disable", "work-pro", "all"]);
-    }
-  });
-});
-describe("parseAuthSubCommand — /auth share", () => {
-  it("/auth share <label> defaults --from-agent to currentAgent", () => {
-    const intent = parseAuthSubCommand(["share", "work-pro"], "clerk");
-    expect(intent.kind).toBe("share");
-    if (intent.kind === "share") {
-      expect(intent.account).toBe("work-pro");
-      expect(intent.fromAgent).toBe("clerk");
-      expect(intent.cliArgs).toEqual(["auth", "share", "work-pro", "--from-agent", "clerk"]);
-      expect(intent.restartAgentsAfter).toBe(true);
-    }
-  });
-  it("/auth share <label> --from-agent <name> honors explicit value", () => {
-    const intent = parseAuthSubCommand(
-      ["share", "work-pro", "--from-agent", "klanker"],
-      "clerk",
-    );
-    expect(intent.kind).toBe("share");
-    if (intent.kind === "share") {
-      expect(intent.fromAgent).toBe("klanker");
-      expect(intent.cliArgs).toEqual([
-        "auth", "share", "work-pro", "--from-agent", "klanker",
-      ]);
-    }
-  });
-  it("/auth share without label is a usage error", () => {
-    const intent = parseAuthSubCommand(["share"], "clerk");
-    expect(intent.kind).toBe("usage");
-  });
-  it("/auth share rejects invalid labels", () => {
-    const intent = parseAuthSubCommand(["share", "../etc"], "clerk");
-    expect(intent.kind).toBe("error");
-  });
-  it("/auth share rejects --from-agent with shell metacharacters", () => {
-    const intent = parseAuthSubCommand(
-      ["share", "work-pro", "--from-agent", "foo;ls"],
-      "clerk",
-    );
-    expect(intent.kind).toBe("error");
-  });
-});
-describe("usageText — `all` keyword and share verb", () => {
-  it("documents the `all` keyword on enable/disable and `/auth share`", () => {
-    const u = usageText();
-    expect(u).toContain("/auth share");
-    expect(u).toMatch(/all/);
-  });
-});