switchroom 0.8.1 → 0.11.0

package/dist/vault/approvals/kernel-server.js

@@ -10948,7 +10948,7 @@ var init_dist = __esm(() => {
 });
 
 // src/config/schema.ts
-var CodeRepoEntrySchema, AgentBindMountSchema, ScheduleEntrySchema, AgentSoulSchema, AgentToolsSchema, AgentMemorySchema, HookEntrySchema, AgentHooksSchema, SubagentSchema, SessionSchema, SessionContinuitySchema, TelegramChannelSchema, ChannelsSchema, TIMEZONE_REGEX, ApproverIdSchema, DriveConfigSchema, AgentDriveConfigSchema, ReactionsSchema, profileFields, ProfileSchema, _omitExtends, defaultsFields, AgentDefaultsSchema, AgentSchema, TelegramConfigSchema, MemoryBackendConfigSchema, VaultConfigSchema, QuotaConfigSchema, HostControlConfigSchema, SwitchroomConfigSchema;
+var CodeRepoEntrySchema, AgentBindMountSchema, ScheduleEntrySchema, AgentSoulSchema, AgentToolsSchema, AgentMemorySchema, HookEntrySchema, AgentHooksSchema, SubagentSchema, SessionSchema, SessionContinuitySchema, TelegramChannelSchema, ChannelsSchema, TIMEZONE_REGEX, ApproverIdSchema, GoogleWorkspaceTierSchema, GoogleWorkspaceConfigSchema, AgentGoogleWorkspaceConfigSchema, ReactionsSchema, profileFields, ProfileSchema, _omitExtends, defaultsFields, AgentDefaultsSchema, AgentSchema, TelegramConfigSchema, MemoryBackendConfigSchema, VaultConfigSchema, QuotaConfigSchema, HostControlConfigSchema, SwitchroomConfigSchema;
 var init_schema = __esm(() => {
   init_zod();
   CodeRepoEntrySchema = exports_external.object({
@@ -11004,7 +11004,7 @@ var init_schema = __esm(() => {
     SessionEnd: exports_external.array(HookEntrySchema).optional()
   }).catchall(exports_external.array(HookEntrySchema)).optional();
   SubagentSchema = exports_external.object({
-    description: exports_external.string().describe("When the main agent should delegate to this sub-agent"),
+    description: exports_external.string().optional().describe("When the main agent should delegate to this sub-agent"),
     model: exports_external.string().optional().describe("Model: 'sonnet', 'opus', 'haiku', full ID, or 'inherit' (default)"),
     background: exports_external.boolean().optional().describe("Run in background by default (non-blocking). Default false"),
     isolation: exports_external.enum(["worktree"]).optional().describe("'worktree' gives the sub-agent its own git branch"),
@@ -11083,13 +11083,20 @@ var init_schema = __esm(() => {
   }).optional();
   TIMEZONE_REGEX = /^UTC$|^[A-Z][A-Za-z0-9_+-]+(\/[A-Z][A-Za-z0-9_+-]+){1,2}$/;
   ApproverIdSchema = exports_external.union([exports_external.number(), exports_external.string().regex(/^\d+$/)]);
-  DriveConfigSchema = exports_external.object({
+  GoogleWorkspaceTierSchema = exports_external.enum([
+    "core",
+    "extended",
+    "complete"
+  ]);
+  GoogleWorkspaceConfigSchema = exports_external.object({
     google_client_id: exports_external.string().min(1).describe("Google OAuth client ID (literal string or vault reference e.g. 'vault:google-oauth-client-id')"),
     google_client_secret: exports_external.string().min(1).describe("Google OAuth client secret (literal string or vault reference e.g. 'vault:google-oauth-client-secret')"),
-    approvers: exports_external.array(ApproverIdSchema).min(1).describe("Array of numeric Telegram user IDs authorized to approve drive onboarding. " + "At least one must be specified.")
+    approvers: exports_external.array(ApproverIdSchema).min(1).describe("Array of numeric Telegram user IDs authorized to approve drive onboarding. " + "At least one must be specified."),
+    tier: GoogleWorkspaceTierSchema.optional().describe("RFC G Phase 1: which upstream MCP tier to expose. " + "core (default) = ~16 tools (Drive+Docs+Sheets+Calendar). " + "extended = ~40 tools (+Slides, Forms, Tasks, Chat). " + "complete = ~60+ tools (+Gmail; not recommended yet — see RFC G §5).")
   }).optional();
-  AgentDriveConfigSchema = exports_external.object({
-    approvers: exports_external.array(ApproverIdSchema).min(1).optional().describe("Per-agent approver override. When set, replaces (does not extend) " + "the top-level drive.approvers list for this agent's onboarding card.")
+  AgentGoogleWorkspaceConfigSchema = exports_external.object({
+    approvers: exports_external.array(ApproverIdSchema).min(1).optional().describe("Per-agent approver override. When set, replaces (does not extend) " + "the top-level drive.approvers list for this agent's onboarding card."),
+    tier: GoogleWorkspaceTierSchema.optional().describe("Per-agent tier override (RFC G Phase 1). When set, replaces the " + "top-level google_workspace.tier for this agent. Common case: most " + "agents on `core`, one specialist on `extended` for Slides access.")
   }).optional();
   ReactionsSchema = exports_external.object({
     enabled: exports_external.boolean().optional().describe("Master switch for the reaction-trigger path. When false, " + "reactions are still persisted via recordReaction but never " + "dispatched to the agent as synthetic inbound turns. Default true."),
@@ -11143,6 +11150,12 @@ var init_schema = __esm(() => {
     claude_md_raw: exports_external.string().optional(),
     cli_args: exports_external.array(exports_external.string()).optional(),
     extra_stable_files: exports_external.array(exports_external.string()).optional().describe("Extra filenames (relative to the agent's workspace directory) to append " + "to the stable bootstrap render. Loaded once at session start via " + "`--append-system-prompt`. Missing files are silently skipped. " + "Example: ['BRIEF.md', 'CONTEXT.md']."),
+    resources: exports_external.object({
+      memory: exports_external.string().regex(/^\d+(\.\d+)?[kmgKMG]?$/, "memory must be a Docker size string like '6g', '512m', '1.5g'").optional().describe("Hard memory cap (Docker `mem_limit` → cgroup memory.max). When the " + "container exceeds this, the kernel OOM-kills processes in the cgroup. " + "Format: '6g', '1.5g', '512m'. When unset at every cascade layer the " + "compose generator falls back to the hard-coded per-profile defaults " + "in src/agents/compose.ts (klanker 6g, coding 2g, conversational 1.5g, " + "lightweight 1g, default 1.5g)."),
+      memory_reservation: exports_external.string().regex(/^\d+(\.\d+)?[kmgKMG]?$/, "memory_reservation must be a Docker size string like '4g', '256m'").optional().describe("Soft memory floor (Docker `mem_reservation` → cgroup memory.low). " + "Under host-wide memory pressure, the kernel protects at least this " + "much from being reclaimed from the cgroup. Must be ≤ memory. Use to " + "keep an agent RAM-resident when the host has other tenants that " + "might push the box (Coolify apps, build jobs). Default: unset."),
+      pids_limit: exports_external.number().int().positive().optional().describe("Max processes the cgroup can spawn (cgroup pids.max). Prevents " + "fork bombs and runaway test runners. Counts every process in the " + "cgroup including bash subprocesses, claude itself, sidecars, and " + "any test/build worker. A typical agent at idle uses ~30 PIDs; " + "`npm test`-style workloads can spike to 200+. Set generously " + "(2000 is a comfortable cap for test-running agents). Default: " + "unset (no cgroup pid cap)."),
+      cpus: exports_external.number().positive().optional().describe("CPU quota (Docker `cpus`). Fractional values OK (e.g. 0.5, 2.0). " + "When unset at every cascade layer the compose generator falls " + "back to the per-profile default (klanker/coding 2.0, default 1.0, " + "lightweight 0.5).")
+    }).optional().describe("Per-agent resource limits. Cascades through defaults → profile → " + "per-agent with per-field merge (agent wins on each field independently). " + "Any field left unset at every layer falls back to the hard-coded " + "per-profile defaults in src/agents/compose.ts."),
     experimental: exports_external.object({
       legacy_pty: exports_external.boolean().optional().describe("Opt out of the default tmux supervisor (#725) and run the agent under " + "the legacy PTY supervisor instead. Default: false (tmux is the default)."),
       legacy_autoaccept_expect: exports_external.boolean().optional().describe("Opt the autoaccept gateway back into the legacy expect-script behaviour " + "instead of the tmux send-keys path. Default: false.")
@@ -11156,13 +11169,13 @@ var init_schema = __esm(() => {
     bot_token: exports_external.string().optional().describe("Per-agent Telegram bot token or vault reference (overrides global telegram.bot_token)"),
     bot_username: exports_external.string().optional().describe("Per-agent Telegram bot username (without leading @) when it doesn't " + "contain the agent slug. Replaces the default 'username includes slug' " + "preflight check with an exact (case-insensitive) match. Use when an " + "agent and its bot have intentionally divergent names (e.g. agent " + "'lawgpt' paired with bot '@meken_law_bot')."),
     timezone: exports_external.string().regex(TIMEZONE_REGEX, "timezone must be an IANA zone name like 'Australia/Melbourne' or 'UTC' " + "(three-letter aliases like EST/PST and bare offsets like UTC+10 are not accepted)").optional().describe("Per-agent IANA timezone override. Wins over any profile/defaults " + "value and over the top-level switchroom.timezone global. Controls " + "the UserPromptSubmit timezone hook's emitted local time and the " + "systemd unit's TZ= env."),
-    auth_label: exports_external.string().optional().describe("Human-readable identity for the session-start greeting (e.g. 'user@example.com'). " + "Anthropic does not expose a public user-profile endpoint for OAuth tokens, so the " + "email/account cannot be read locally; the user declares it here. Appears in the Auth " + "row as '✓ max · <label> · expires ...'."),
     auth: exports_external.object({
-      accounts: exports_external.array(exports_external.string()).optional().describe("Ordered list of Anthropic account labels (from `~/.switchroom/accounts/`) " + "this agent can use. The first non-quota-exhausted account is the active one; " + "subsequent entries are auto-fallback targets. switchroom-auth-broker keeps " + "`<agentDir>/.claude/credentials.json` in sync with the active account on " + "every refresh and on every quota event. When unset, the agent falls back to " + "a single 'default' account; if no `default` account exists, the boot self-test " + "surfaces a one-line nudge to run `switchroom auth account add`.")
-    }).optional().describe("Account routing for switchroom-auth-broker. See " + "reference/share-auth-across-the-fleet.md for the unit-of-authentication model."),
+      override: exports_external.string().min(1).optional().describe("Per-agent override of the fleet-wide `auth.active`. Edge-case use only — " + "this agent talks to the named account regardless of fleet active. See RFC H §4.5.")
+    }).optional().describe("Account routing for switchroom-auth-broker. RFC H schema uses " + "fleet-wide `auth.active` plus per-agent `override:` for edge cases. " + "Pre-RFC-H `auth.accounts: [..]` and `auth_label:` are migrated in-place " + "on first apply (see src/auth/migrate-schema.ts)."),
     dm_only: exports_external.boolean().optional().describe("Mark this agent as a DM-only bot — has its own bot_token and lives " + "exclusively in a private chat with the operator. Suppresses " + "scaffolding's default behavior of inheriting the global " + "telegram.forum_chat_id into the agent's access.json `groups` entry " + "(the forum chat the bot isn't a member of, which would otherwise " + "trigger a 'boot-probe-failed: 400 chat not found' warning every " + "restart). topic_name is still schema-required but unused — set it " + "to a display label like 'DM' for /switchroom status output."),
     topic_name: exports_external.string().describe("Telegram forum topic display name"),
     topic_emoji: exports_external.string().optional().describe("Emoji for the topic (e.g., '\uD83C\uDFCB️')"),
+    purpose: exports_external.string().max(140).optional().describe("One-line description of what this agent does (≤140 chars). Shown to " + "peer agents when they call the agent-config MCP `peers_list` tool, so " + "every agent on the instance can answer 'is there an agent that does X' " + "without baking the fleet into prompts. Sourced live from " + "switchroom.yaml — never memorized into Hindsight. Falls back to " + "`topic_name` when absent."),
     role: exports_external.enum(["assistant", "foreman"]).optional().describe("Agent role. Default (omitted) is `assistant` — a fleet agent doing " + "user-facing tasks. `foreman` opts the agent in to switchroom's bundled " + "operator skills (switchroom-architecture / cli / health / install / manage " + "/ status), auto-symlinked into the agent's .claude/skills/ on scaffold and " + "reconcile. Fleet agents (assistant role) get no operator skills; reconcile " + "actively retracts them if the role flips back. See docs/skills.md for the model."),
     topic_id: exports_external.number().optional().describe("Telegram topic thread ID (auto-populated by switchroom topics sync)"),
     webhook_sources: exports_external.array(exports_external.enum(["github", "generic"])).optional().describe("[DEPRECATED — moved to channels.telegram.webhook_sources in #596] " + "Old per-agent location. Still read but logs a deprecation warning. " + "See channels.telegram.webhook_sources for the canonical spot."),
@@ -11209,7 +11222,8 @@ var init_schema = __esm(() => {
     disallowed_tools: exports_external.array(exports_external.string()).optional().describe("Granular tool denylist passed verbatim to Claude Code's --disallowedTools " + "flag. Same pattern syntax as allowed_tools (e.g. 'Bash(rm *)'). See #199."),
     extra_stable_files: exports_external.array(exports_external.string()).optional().describe("Extra filenames (relative to the agent's workspace directory) to append " + "to the stable bootstrap render. Loaded once at session start via " + "`--append-system-prompt`. Missing files are silently skipped. " + "Example: ['BRIEF.md', 'CONTEXT.md']."),
     code_repos: exports_external.array(CodeRepoEntrySchema).optional().describe("Git repositories this agent is allowed to claim worktrees from. " + "Each entry provides a short name alias, a source path, and an " + "optional concurrency cap (default 5). When code_repos is set, " + "claim_worktree accepts the alias as the repo argument. " + "Absolute paths may always be passed regardless of this list."),
-    drive: AgentDriveConfigSchema.describe("Per-agent drive onboarding overrides (currently just approvers). " + "When set, replaces the top-level drive.approvers list for this agent. " + "google_client_id/secret are not per-agent — they live at the top level."),
+    drive: AgentGoogleWorkspaceConfigSchema.describe("RFC D legacy key — use `google_workspace:` instead. Per-agent " + "google_workspace overrides (currently approvers + tier). When set, " + "replaces the top-level approvers list for this agent. " + "google_client_id/secret are not per-agent — they live at the top level."),
+    google_workspace: AgentGoogleWorkspaceConfigSchema.describe("RFC G canonical key. Per-agent Google Workspace overrides — currently " + "approvers (replaces, does not extend the top-level list) and tier " + "(`core` | `extended` | `complete`, replaces top-level default). " + "google_client_id/secret are not per-agent — they live at the top level. " + "Mutually exclusive with `drive:` on the same agent (loader fails fast " + "if both are set)."),
     repos: exports_external.record(exports_external.string().regex(/^[a-z0-9][a-z0-9-]*$/, "Repo slug must be kebab-case ASCII: start with a lowercase letter or digit, contain only lowercase letters, digits, and hyphens"), exports_external.object({
       url: exports_external.string().min(1).describe("Git remote URL for the repo (e.g. 'git@github.com:org/repo.git' or " + "'https://github.com/org/repo.git'). Used verbatim for git clone."),
       branch_default: exports_external.string().optional().describe("Default branch to track (defaults to the remote's HEAD, typically 'main'). " + "The per-agent branch 'agent/<agentName>/main' fast-forwards to this branch " + "when the worktree is clean on session start.")
@@ -11217,7 +11231,13 @@ var init_schema = __esm(() => {
     experimental: exports_external.object({
       legacy_pty: exports_external.boolean().optional().describe("Opt out of the default tmux supervisor (#725) and run the agent " + "under the legacy PTY supervisor instead. Default: false."),
       legacy_autoaccept_expect: exports_external.boolean().optional().describe("Opt the autoaccept gateway back into the legacy expect-script " + "behaviour instead of the tmux send-keys path. Default: false.")
-    }).optional().describe("Opt-in flags for experimental / legacy behaviours. Cascades through " + "defaults → profile → per-agent.")
+    }).optional().describe("Opt-in flags for experimental / legacy behaviours. Cascades through " + "defaults → profile → per-agent."),
+    resources: exports_external.object({
+      memory: exports_external.string().regex(/^\d+(\.\d+)?[kmgKMG]?$/).optional(),
+      memory_reservation: exports_external.string().regex(/^\d+(\.\d+)?[kmgKMG]?$/).optional(),
+      pids_limit: exports_external.number().int().positive().optional(),
+      cpus: exports_external.number().positive().optional()
+    }).optional()
   });
   TelegramConfigSchema = exports_external.object({
     bot_token: exports_external.string().describe("Telegram bot token or vault reference (e.g., 'vault:telegram-bot-token')"),
@@ -11258,7 +11278,7 @@ var init_schema = __esm(() => {
     monthly_budget_usd: exports_external.number().positive().optional().describe("Monthly USD spend budget. If unset, the greeting shows raw usage only.")
   });
   HostControlConfigSchema = exports_external.object({
-    enabled: exports_external.boolean().optional().describe("Opt-in to the host-control daemon. Default: false (Phase 1). " + "When true, the compose generator emits per-agent bind mounts " + "at `~/.switchroom/hostd/<name>/sock` for every admin-flagged " + "agent. The daemon itself is installed by `switchroom setup` " + "as a systemd user unit. systemd hosts only — compose-mode " + "support is deferred to a v2 RFC (see RFC C §5.1 for why). " + "Gateway integration (swap of spawnSwitchroomDetached callsites) " + "lands in a Phase 2 follow-up PR; setting enabled: true in " + "Phase 1 ships the daemon but does not change gateway behavior.")
+    enabled: exports_external.boolean().optional().describe("Opt-in to the host-control daemon. Default: false. " + "When true, the compose generator emits per-agent bind mounts " + "at `~/.switchroom/hostd/<name>/sock` for every admin-flagged " + "agent. Install the daemon with `switchroom hostd install` — " + "it runs as a docker container in its own compose project " + "(`switchroom-hostd`), separate from the agent fleet's compose " + "project so `up -d --remove-orphans` cycles of the fleet " + "can't recreate the daemon mid-RPC. See RFC C §5.1. " + "Since Phase 2 (#1175 PR γ) the gateway's /restart, /new, /reset, " + "and /update apply slash-commands automatically dispatch through " + "hostd when enabled — replacing the in-container " + "`spawnSwitchroomDetached` shellout that requires docker access. " + "Set enabled: true on docker-mode installs to make those verbs work " + "(they otherwise fail because the agent container has no docker " + "binary/socket).")
   });
   SwitchroomConfigSchema = exports_external.object({
     switchroom: exports_external.object({
@@ -11270,9 +11290,28 @@ var init_schema = __esm(() => {
     telegram: TelegramConfigSchema,
     memory: MemoryBackendConfigSchema.optional(),
     vault: VaultConfigSchema.optional(),
-    drive: DriveConfigSchema.describe("Optional drive onboarding configuration. When set, supplies Google " + "OAuth client credentials and the approver allowlist for `switchroom " + "drive connect`. Env vars (SWITCHROOM_GOOGLE_CLIENT_ID, " + "SWITCHROOM_GOOGLE_CLIENT_SECRET, SWITCHROOM_APPROVER_USER_ID) take " + "precedence over this block when set, preserving back-compat with " + "the env-only flow shipped in #766."),
+    auth: exports_external.object({
+      active: exports_external.string().min(1).optional().describe("Fleet-wide active Anthropic account label. Every agent without " + "an explicit `agent.auth.override` uses this account. See " + "docs/auth.md for the full model. Set by `switchroom auth use <label>`."),
+      fallback_order: exports_external.array(exports_external.string().min(1)).optional().describe("Ordered list of account labels for `switchroom auth rotate` to cycle " + "through when the active account hits a quota event. First entry is " + "normally the same as `auth.active`. When unset, `rotate` is a no-op."),
+      consumers: exports_external.array(exports_external.object({
+        name: exports_external.string().regex(/^[a-zA-Z0-9][a-zA-Z0-9_-]*$/, {
+          message: "Consumer name must be a path-safe slug (letters, digits, underscore, hyphen)"
+        }).describe("Socket-path identity; binds at /run/switchroom/auth-broker/<name>/sock"),
+        account: exports_external.string().min(1).describe("Pinned account label for this consumer. `get-credentials` returns " + "this account's credentials; `mark-exhausted` from this consumer " + "only affects this account."),
+        uid: exports_external.number().int().nonnegative().optional().describe("Optional UID to chown the consumer socket to (defaults to 0 = root, " + "suitable for sibling containers running as root).")
+      })).optional().describe("Non-agent peers that hold a broker socket (RFC H §4.8). Each gets " + "its own `/run/switchroom/auth-broker/<name>/sock` chowned to its UID. " + "Consumers cannot be admins; a consumer name that collides with an " + "agent (whether that agent has `admin: true` or not) is a config " + "error caught at schema validation.")
+    }).optional().describe("Switchroom-auth-broker configuration (RFC H). Fleet-wide active account, " + "fallback order, admin-agent ACL, and ephemeral-consumer surface. " + "Required from the v0.8+ schema onwards; pre-v0.8 fleets are migrated " + "in-place by `switchroom apply` (see src/auth/migrate-schema.ts)."),
+    drive: GoogleWorkspaceConfigSchema.describe("RFC D legacy key — use `google_workspace:` instead. Optional Google " + "Workspace onboarding configuration. When set, supplies Google OAuth " + "client credentials, the approver allowlist for `switchroom drive " + "connect`, and the optional tier knob. Env vars " + "(SWITCHROOM_GOOGLE_CLIENT_ID, SWITCHROOM_GOOGLE_CLIENT_SECRET, " + "SWITCHROOM_APPROVER_USER_ID) take precedence over this block when " + "set, preserving back-compat with the env-only flow shipped in #766."),
+    google_workspace: GoogleWorkspaceConfigSchema.describe("RFC G canonical key. Top-level Google Workspace configuration — " + "OAuth client credentials, approver allowlist, and tier knob (`core` " + "| `extended` | `complete`, default `core`). Mutually exclusive with " + "`drive:` at the top level (loader fails fast if both are set)."),
     quota: QuotaConfigSchema.optional().describe("Optional weekly/monthly USD spend budgets rendered in the session " + "greeting. Usage is read from ccusage at runtime; no network calls."),
     host_control: HostControlConfigSchema.optional().describe("Optional host-control daemon configuration. See RFC C " + "(docs/rfcs/host-control-daemon.md) and the field-level help on " + "`enabled` for the Phase 1 scope."),
+    google_accounts: exports_external.record(exports_external.string().regex(/^[^@\s:]+@[^@\s:]+\.[^@\s:]+$/, {
+      message: "Account key must be a Google account email like 'alice@example.com' (colons not allowed)"
+    }).transform((v) => v.trim().toLowerCase()), exports_external.object({
+      enabled_for: exports_external.array(exports_external.string().regex(/^[a-z0-9][a-z0-9_-]{0,50}$/, {
+        message: "Agent name must match the standard agent-name pattern"
+      })).describe("Agent slugs that may read this account's vault slots " + "(`google:<account>:refresh_token` etc). Per-agent ACL is " + "enforced at the broker, not at the agent identity layer — " + "the agent still authenticates via socket-path-as-identity " + "per RFC D §4.1, broker just gates the cross-agent token share.")
+    })).optional().describe("RFC G Phase 2: per-Google-account ACL for vault slots holding " + "OAuth refresh tokens. Maps account email → list of agents " + "permitted to read that account's slots. Written by `switchroom " + "auth google enable|disable` (Phase 3); read by the broker on " + "every Google slot access. Replaces RFC D's per-agent vault slot " + "scope (which can't express 'two agents share one Google account')."),
     defaults: AgentDefaultsSchema.describe("Implicit bottom-of-cascade profile applied to every agent before " + "per-agent config and `extends:` resolution. Tools, mcp_servers, and " + "schedule are unioned/concatenated; scalars and nested objects are " + "shallow-merged with per-agent values winning."),
     profiles: exports_external.record(exports_external.string(), ProfileSchema).optional().describe("Named profile definitions. Agents reference via `extends: <name>`. " + "Inline profiles declared here take priority over filesystem " + "profiles/<name>/ directories when both exist."),
     agents: exports_external.record(exports_external.string().regex(/^[a-z0-9][a-z0-9_-]{0,50}$/, {
@@ -11307,6 +11346,142 @@ function resolveDualPath(pathStr) {
 var DEFAULT_STATE_DIR = ".switchroom", LEGACY_STATE_DIR = ".clerk";
 var init_paths = () => {};
 
+// src/config/overlay-schema.ts
+var OverlayDocSchema;
+var init_overlay_schema = __esm(() => {
+  init_zod();
+  init_schema();
+  OverlayDocSchema = exports_external.object({
+    schedule: exports_external.array(ScheduleEntrySchema).optional(),
+    skills: exports_external.array(exports_external.string()).optional()
+  }).strict();
+});
+
+// src/config/overlay-loader.ts
+import { existsSync as existsSync2, readFileSync, readdirSync, statSync } from "node:fs";
+import { resolve as resolve2 } from "node:path";
+function overlayDirFor(agentName, subdir) {
+  const base = resolveDualPath(`~/.switchroom/agents/${agentName}/${subdir}`);
+  return resolve2(base);
+}
+function listYamlFiles(dir) {
+  if (!existsSync2(dir))
+    return [];
+  let entries;
+  try {
+    entries = readdirSync(dir);
+  } catch {
+    return [];
+  }
+  const out = [];
+  for (const name of entries) {
+    if (!/\.ya?ml$/i.test(name))
+      continue;
+    const full = resolve2(dir, name);
+    try {
+      if (statSync(full).isFile())
+        out.push(full);
+    } catch {}
+  }
+  return out.sort();
+}
+function stampOverlay(entry) {
+  Object.defineProperty(entry, OVERLAY_SOURCE, {
+    value: true,
+    enumerable: false,
+    configurable: false,
+    writable: false
+  });
+  return entry;
+}
+function applyAgentOverlays(config) {
+  const warnings = [];
+  const agents = config.agents ?? {};
+  for (const [agentName, agentCfg] of Object.entries(agents)) {
+    try {
+      const scheduleDir = overlayDirFor(agentName, "schedule.d");
+      const files = listYamlFiles(scheduleDir);
+      if (files.length > 0) {
+        const merged = [...agentCfg.schedule ?? []];
+        for (const file of files) {
+          try {
+            const raw = readFileSync(file, "utf-8");
+            const parsed = $parse(raw);
+            const doc = OverlayDocSchema.parse(parsed);
+            for (const entry of doc.schedule ?? []) {
+              if (entry.secrets && entry.secrets.length > 0) {
+                const w = {
+                  agent: agentName,
+                  file,
+                  reason: "Overlay schedule entry declares secrets — dropped pending Phase E operator approval"
+                };
+                warnings.push(w);
+                console.warn(`[switchroom] overlay-loader: agent='${agentName}' file='${file}': ${w.reason}`);
+                continue;
+              }
+              merged.push(stampOverlay(entry));
+            }
+          } catch (err) {
+            const reason = err instanceof ZodError ? `schema rejection: ${err.errors.map((e) => `${e.path.join(".")}: ${e.message}`).join("; ")}` : `parse error: ${err.message}`;
+            warnings.push({ agent: agentName, file, reason });
+            console.warn(`[switchroom] overlay-loader: agent='${agentName}' file='${file}': ${reason}`);
+          }
+        }
+        agentCfg.schedule = merged;
+      }
+    } catch (err) {
+      warnings.push({
+        agent: agentName,
+        file: "(agent schedule overlay scan)",
+        reason: `unexpected error: ${err.message}`
+      });
+      console.warn(`[switchroom] overlay-loader: agent='${agentName}' schedule.d: unexpected error: ${err.message}`);
+    }
+    try {
+      const skillsDir = overlayDirFor(agentName, "skills.d");
+      const skillFiles = listYamlFiles(skillsDir);
+      if (skillFiles.length === 0) {} else {
+        const merged = [...agentCfg.skills ?? []];
+        const seen = new Set(merged);
+        for (const file of skillFiles) {
+          try {
+            const raw = readFileSync(file, "utf-8");
+            const parsed = $parse(raw);
+            const doc = OverlayDocSchema.parse(parsed);
+            for (const skillName of doc.skills ?? []) {
+              if (seen.has(skillName))
+                continue;
+              seen.add(skillName);
+              merged.push(skillName);
+            }
+          } catch (err) {
+            const reason = err instanceof ZodError ? `schema rejection: ${err.errors.map((e) => `${e.path.join(".")}: ${e.message}`).join("; ")}` : `parse error: ${err.message}`;
+            warnings.push({ agent: agentName, file, reason });
+            console.warn(`[switchroom] overlay-loader: agent='${agentName}' file='${file}': ${reason}`);
+          }
+        }
+        agentCfg.skills = merged;
+      }
+    } catch (err) {
+      warnings.push({
+        agent: agentName,
+        file: "(agent skills overlay scan)",
+        reason: `unexpected error: ${err.message}`
+      });
+      console.warn(`[switchroom] overlay-loader: agent='${agentName}' skills.d: unexpected error: ${err.message}`);
+    }
+  }
+  return { config, warnings };
+}
+var OVERLAY_SOURCE;
+var init_overlay_loader = __esm(() => {
+  init_dist();
+  init_zod();
+  init_overlay_schema();
+  init_paths();
+  OVERLAY_SOURCE = Symbol.for("switchroom.config.overlay-source");
+});
+
 // src/config/loader.ts
 var exports_loader = {};
 __export(exports_loader, {
@@ -11316,36 +11491,74 @@ __export(exports_loader, {
   findConfigFile: () => findConfigFile,
   ConfigError: () => ConfigError
 });
-import { readFileSync, existsSync as existsSync2 } from "node:fs";
+import { readFileSync as readFileSync2, existsSync as existsSync3 } from "node:fs";
 import { homedir } from "node:os";
-import { resolve as resolve2 } from "node:path";
+import { resolve as resolve3 } from "node:path";
 function formatZodErrors(error) {
   return error.errors.map((e) => {
     const path = e.path.join(".");
     return `  ${path}: ${e.message}`;
   });
 }
+function coerceLegacyGoogleWorkspaceKeys(parsed, filePath) {
+  const stableStringify = (v) => {
+    if (v === null || typeof v !== "object")
+      return JSON.stringify(v);
+    if (Array.isArray(v))
+      return `[${v.map(stableStringify).join(",")}]`;
+    const obj = v;
+    const keys = Object.keys(obj).sort();
+    return `{${keys.map((k) => `${JSON.stringify(k)}:${stableStringify(obj[k])}`).join(",")}}`;
+  };
+  const aliasInPlace = (obj, where) => {
+    const a = obj.drive;
+    const b = obj.google_workspace;
+    if (a !== undefined && b !== undefined) {
+      if (stableStringify(a) !== stableStringify(b)) {
+        throw new ConfigError(`Both \`drive:\` and \`google_workspace:\` are set on ${where} in ${filePath} with different values.`, [
+          "  These are aliases — pick one and remove the other.",
+          "  `google_workspace:` is the RFC G canonical key; `drive:` is the legacy alias.",
+          "  Allowed during transition: setting both with identical values."
+        ]);
+      }
+      return;
+    }
+    if (a !== undefined && b === undefined)
+      obj.google_workspace = a;
+    if (b !== undefined && a === undefined)
+      obj.drive = b;
+  };
+  aliasInPlace(parsed, "the top level");
+  const agents = parsed.agents;
+  if (agents && typeof agents === "object" && !Array.isArray(agents)) {
+    for (const [name, agent] of Object.entries(agents)) {
+      if (agent && typeof agent === "object" && !Array.isArray(agent)) {
+        aliasInPlace(agent, `agent \`${name}\``);
+      }
+    }
+  }
+}
 function findConfigFile(startDir) {
   const envPath = process.env.SWITCHROOM_CONFIG;
   const home2 = homedir();
-  const userDir = resolve2(home2, ".switchroom");
+  const userDir = resolve3(home2, ".switchroom");
   const searchPaths = [
-    envPath ? resolve2(envPath) : null,
-    startDir ? resolve2(startDir, "switchroom.yaml") : null,
-    startDir ? resolve2(startDir, "switchroom.yml") : null,
-    startDir ? resolve2(startDir, "clerk.yaml") : null,
-    startDir ? resolve2(startDir, "clerk.yml") : null,
-    resolve2(process.cwd(), "switchroom.yaml"),
-    resolve2(process.cwd(), "switchroom.yml"),
-    resolve2(process.cwd(), "clerk.yaml"),
-    resolve2(process.cwd(), "clerk.yml"),
-    resolve2(userDir, "switchroom.yaml"),
-    resolve2(userDir, "switchroom.yml"),
-    resolve2(userDir, "clerk.yaml"),
-    resolve2(userDir, "clerk.yml")
+    envPath ? resolve3(envPath) : null,
+    startDir ? resolve3(startDir, "switchroom.yaml") : null,
+    startDir ? resolve3(startDir, "switchroom.yml") : null,
+    startDir ? resolve3(startDir, "clerk.yaml") : null,
+    startDir ? resolve3(startDir, "clerk.yml") : null,
+    resolve3(process.cwd(), "switchroom.yaml"),
+    resolve3(process.cwd(), "switchroom.yml"),
+    resolve3(process.cwd(), "clerk.yaml"),
+    resolve3(process.cwd(), "clerk.yml"),
+    resolve3(userDir, "switchroom.yaml"),
+    resolve3(userDir, "switchroom.yml"),
+    resolve3(userDir, "clerk.yaml"),
+    resolve3(userDir, "clerk.yml")
   ].filter(Boolean);
   for (const path of searchPaths) {
-    if (existsSync2(path)) {
+    if (existsSync3(path)) {
       return path;
     }
   }
@@ -11353,12 +11566,12 @@ function findConfigFile(startDir) {
 }
 function loadConfig(configPath) {
   const filePath = configPath ?? findConfigFile();
-  if (!existsSync2(filePath)) {
+  if (!existsSync3(filePath)) {
     throw new ConfigError(`Config file not found: ${filePath}`);
   }
   let raw;
   try {
-    raw = readFileSync(filePath, "utf-8");
+    raw = readFileSync2(filePath, "utf-8");
   } catch (err) {
     throw new ConfigError(`Failed to read config file: ${filePath}`, [
       `  ${err.message}`
@@ -11377,16 +11590,26 @@ function loadConfig(configPath) {
     obj.switchroom = obj.clerk;
     delete obj.clerk;
   }
+  if (parsed && typeof parsed === "object" && !Array.isArray(parsed)) {
+    coerceLegacyGoogleWorkspaceKeys(parsed, filePath);
+  }
+  let config;
   try {
-    return SwitchroomConfigSchema.parse(parsed);
+    config = SwitchroomConfigSchema.parse(parsed);
   } catch (err) {
     if (err instanceof ZodError) {
       throw new ConfigError("Invalid switchroom.yaml configuration", formatZodErrors(err));
     }
     throw err;
   }
+  applyAgentOverlays(config);
+  return config;
 }
 function resolveAgentsDir(config) {
+  const override = process.env.SWITCHROOM_AGENTS_DIR;
+  if (override && override.length > 0 && override.startsWith("/")) {
+    return override;
+  }
   return resolveDualPath(config.switchroom.agents_dir);
 }
 function resolvePath(pathStr) {
@@ -11398,6 +11621,7 @@ var init_loader = __esm(() => {
   init_zod();
   init_schema();
   init_paths();
+  init_overlay_loader();
   ConfigError = class ConfigError extends Error {
     details;
     constructor(message, details) {
@@ -11410,8 +11634,8 @@ var init_loader = __esm(() => {
 
 // src/vault/approvals/kernel-server.ts
 import * as net from "node:net";
-import { mkdirSync, chmodSync, chownSync, existsSync as existsSync3, unlinkSync, readdirSync, statSync } from "node:fs";
-import { dirname, resolve as resolve3, basename } from "node:path";
+import { mkdirSync, chmodSync, chownSync, existsSync as existsSync4, unlinkSync, readdirSync as readdirSync2, statSync as statSync2 } from "node:fs";
+import { dirname, resolve as resolve4, basename } from "node:path";
 import { Database } from "bun:sqlite";
 
 // src/vault/broker/protocol.ts
@@ -12316,6 +12540,11 @@ function mergeAgentConfig(defaultsIn, agentIn) {
     }
     merged.reactions = combined;
   }
+  if (defaults.resources || merged.resources) {
+    const d = defaults.resources ?? {};
+    const a = merged.resources ?? {};
+    merged.resources = { ...d, ...a };
+  }
   if (defaults.experimental || merged.experimental) {
     const d = defaults.experimental ?? {};
     const a = merged.experimental ?? {};
@@ -12445,7 +12674,7 @@ function openKernelDb(dbPath) {
   return db;
 }
 async function bindAgentSocket(parentDir, agent, db) {
-  const dir = resolve3(parentDir, agent);
+  const dir = resolve4(parentDir, agent);
   mkdirSync(dir, { recursive: true, mode: 448 });
   try {
     chownSync(dir, 0, 0);
@@ -12454,8 +12683,8 @@ async function bindAgentSocket(parentDir, agent, db) {
     chmodSync(dir, 448);
   } catch {}
   const uid = allocateAgentUid(agent);
-  const socketPath = resolve3(dir, "sock");
-  if (existsSync3(socketPath)) {
+  const socketPath = resolve4(dir, "sock");
+  if (existsSync4(socketPath)) {
     try {
       unlinkSync(socketPath);
     } catch (err) {
@@ -12668,7 +12897,7 @@ async function bootstrap(opts) {
           l.server.close();
         } catch {}
         try {
-          if (existsSync3(l.socketPath))
+          if (existsSync4(l.socketPath))
             unlinkSync(l.socketPath);
         } catch {}
       }
@@ -12680,16 +12909,16 @@ async function bootstrap(opts) {
 }
 async function main() {
   const socketEnv = process.env.SWITCHROOM_KERNEL_SOCKET ?? `${DEFAULT_SOCKET_PARENT}/approval-kernel.sock`;
-  const socketParent = dirname(resolve3(socketEnv));
+  const socketParent = dirname(resolve4(socketEnv));
   const dbPath = process.env.SWITCHROOM_KERNEL_DB_PATH ?? DEFAULT_DB_PATH;
   const configPath = process.env.SWITCHROOM_CONFIG;
   let agents = [];
   try {
-    if (existsSync3(socketParent)) {
-      agents = readdirSync(socketParent).filter((name) => {
+    if (existsSync4(socketParent)) {
+      agents = readdirSync2(socketParent).filter((name) => {
         try {
-          const p = resolve3(socketParent, name);
-          return statSync(p).isDirectory();
+          const p = resolve4(socketParent, name);
+          return statSync2(p).isDirectory();
         } catch {
           return false;
         }
@@ -12717,8 +12946,8 @@ async function main() {
       chmodSync(socketParent, 493);
     } catch {}
     const db = openKernelDb(dbPath);
-    const socketPath = resolve3(socketEnv);
-    if (existsSync3(socketPath)) {
+    const socketPath = resolve4(socketEnv);
+    if (existsSync4(socketPath)) {
       try {
         unlinkSync(socketPath);
       } catch {}
@@ -12740,7 +12969,7 @@ async function main() {
         server.close();
       } catch {}
       try {
-        if (existsSync3(socketPath))
+        if (existsSync4(socketPath))
           unlinkSync(socketPath);
       } catch {}
       try {