npm - @poolzin/pool-bot - Versions diffs - 2026.1.39 → 2026.2.1 - Mend

@poolzin/pool-bot 2026.1.39 → 2026.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (511) hide show

package/assets/chrome-extension/README.md +3 -3
package/assets/chrome-extension/background.js +5 -5
package/assets/chrome-extension/manifest.json +3 -3
package/assets/chrome-extension/options.html +4 -4
package/assets/chrome-extension/options.js +1 -1
package/dist/acp/client.js +3 -3
package/dist/acp/types.js +1 -1
package/dist/agents/agent-paths.js +3 -3
package/dist/agents/auth-profiles/paths.js +3 -3
package/dist/agents/bash-tools.exec.js +76 -25
package/dist/agents/cli-runner/helpers.js +10 -12
package/dist/agents/cli-runner.js +2 -2
package/dist/agents/cloudflare-ai-gateway.js +31 -0
package/dist/agents/compaction.js +16 -2
package/dist/agents/context-window-guard.js +13 -10
package/dist/agents/context.js +4 -4
package/dist/agents/docs-path.js +1 -1
package/dist/agents/identity.js +47 -7
package/dist/agents/memory-search.js +25 -8
package/dist/agents/minimax-vlm.js +1 -1
package/dist/agents/model-auth.js +12 -1
package/dist/agents/model-catalog.js +4 -4
package/dist/agents/model-selection.js +31 -4
package/dist/agents/models-config.js +3 -3
package/dist/agents/models-config.providers.js +147 -39
package/dist/agents/pi-embedded-block-chunker.js +117 -42
package/dist/agents/pi-embedded-helpers/errors.js +183 -78
package/dist/agents/pi-embedded-helpers/openai.js +1 -1
package/dist/agents/pi-embedded-helpers.js +1 -1
package/dist/agents/pi-embedded-runner/compact.js +9 -8
package/dist/agents/pi-embedded-runner/model.js +63 -4
package/dist/agents/pi-embedded-runner/run/attempt.js +27 -17
package/dist/agents/pi-embedded-runner/run.js +203 -50
package/dist/agents/pi-embedded-runner/system-prompt.js +10 -2
package/dist/agents/pi-embedded-runner/tool-result-truncation.js +275 -0
package/dist/agents/pi-embedded-runner/utils.js +1 -1
package/dist/agents/pi-embedded-subscribe.js +118 -29
package/dist/agents/pi-model-discovery.js +10 -0
package/dist/agents/pi-tool-definition-adapter.js +50 -9
package/dist/agents/pi-tools.before-tool-call.js +67 -0
package/dist/agents/pi-tools.js +20 -10
package/dist/agents/pi-tools.read.js +2 -2
package/dist/agents/poolbot-tools.js +15 -10
package/dist/agents/sandbox-paths.js +31 -0
package/dist/agents/session-file-repair.js +83 -0
package/dist/agents/session-tool-result-guard.js +94 -15
package/dist/agents/session-transcript-repair.js +68 -0
package/dist/agents/shell-utils.js +51 -0
package/dist/agents/skills/bundled-context.js +23 -0
package/dist/agents/skills/bundled-dir.js +41 -7
package/dist/agents/skills/frontmatter.js +1 -1
package/dist/agents/skills/workspace.js +2 -2
package/dist/agents/skills-install.js +60 -23
package/dist/agents/subagent-announce.js +79 -34
package/dist/agents/system-prompt.js +28 -4
package/dist/agents/together-models.js +127 -0
package/dist/agents/tool-images.js +1 -1
package/dist/agents/tool-policy.conformance.js +14 -0
package/dist/agents/tool-policy.js +25 -1
package/dist/agents/tools/browser-tool.js +3 -3
package/dist/agents/tools/cron-tool.js +166 -19
package/dist/agents/tools/discord-actions-presence.js +78 -0
package/dist/agents/tools/image-tool.js +2 -2
package/dist/agents/tools/memory-tool.js +93 -5
package/dist/agents/tools/message-tool.js +56 -2
package/dist/agents/tools/sessions-history-tool.js +69 -1
package/dist/agents/tools/web-search.js +211 -42
package/dist/agents/usage.js +23 -1
package/dist/agents/workspace-run.js +67 -0
package/dist/agents/workspace-templates.js +44 -0
package/dist/auto-reply/command-auth.js +121 -6
package/dist/auto-reply/commands-registry.data.js +1 -1
package/dist/auto-reply/envelope.js +50 -72
package/dist/auto-reply/reply/commands-compact.js +1 -0
package/dist/auto-reply/reply/commands-context-report.js +3 -2
package/dist/auto-reply/reply/commands-context.js +1 -0
package/dist/auto-reply/reply/commands-models.js +107 -60
package/dist/auto-reply/reply/commands-ptt.js +171 -0
package/dist/auto-reply/reply/commands-session.js +2 -2
package/dist/auto-reply/reply/get-reply-run.js +16 -5
package/dist/auto-reply/reply/groups.js +1 -1
package/dist/auto-reply/reply/inbound-context.js +9 -1
package/dist/auto-reply/reply/inbound-meta.js +130 -0
package/dist/auto-reply/reply/model-selection.js +3 -3
package/dist/auto-reply/reply/untrusted-context.js +15 -0
package/dist/auto-reply/status.js +1 -1
package/dist/auto-reply/thinking.js +88 -43
package/dist/browser/bridge-server.js +13 -0
package/dist/browser/cdp.helpers.js +38 -24
package/dist/browser/client-fetch.js +51 -8
package/dist/browser/config.js +2 -11
package/dist/browser/extension-relay.js +104 -43
package/dist/browser/pw-ai.js +1 -1
package/dist/browser/pw-session.js +143 -8
package/dist/browser/pw-tools-core.interactions.js +125 -27
package/dist/browser/pw-tools-core.responses.js +1 -1
package/dist/browser/pw-tools-core.state.js +1 -1
package/dist/browser/routes/agent.act.js +86 -41
package/dist/browser/routes/dispatcher.js +4 -4
package/dist/browser/screenshot.js +1 -1
package/dist/browser/server-context.js +2 -2
package/dist/browser/server.js +13 -0
package/dist/build-info.json +3 -3
package/dist/canvas-host/a2ui.js +3 -3
package/dist/channels/plugins/catalog.js +2 -2
package/dist/channels/plugins/onboarding/imessage.js +1 -1
package/dist/channels/plugins/onboarding/signal.js +1 -1
package/dist/channels/plugins/onboarding/slack.js +4 -4
package/dist/channels/plugins/onboarding/whatsapp.js +3 -3
package/dist/channels/plugins/pairing-message.js +1 -1
package/dist/channels/reply-prefix.js +8 -1
package/dist/cli/browser-cli-extension.js +2 -2
package/dist/cli/cron-cli/register.cron-add.js +61 -40
package/dist/cli/cron-cli/register.cron-edit.js +60 -34
package/dist/cli/cron-cli/shared.js +56 -41
package/dist/cli/dns-cli.js +26 -14
package/dist/cli/docs-cli.js +1 -1
package/dist/cli/gateway-cli/dev.js +1 -1
package/dist/cli/gateway-cli/register.js +37 -19
package/dist/cli/memory-cli.js +30 -20
package/dist/cli/nodes-cli/register.canvas.js +1 -1
package/dist/cli/parse-bytes.js +37 -0
package/dist/cli/plugins-cli.js +1 -1
package/dist/cli/run-main.js +2 -2
package/dist/cli/security-cli.js +1 -1
package/dist/cli/tagline.js +1 -1
package/dist/cli/update-cli.js +173 -52
package/dist/cli/webhooks-cli.js +5 -5
package/dist/commands/agent.js +1 -0
package/dist/commands/agents.commands.add.js +1 -1
package/dist/commands/auth-choice.apply.api-providers.js +305 -17
package/dist/commands/auth-choice.apply.js +4 -1
package/dist/commands/auth-choice.apply.plugin-provider.js +2 -2
package/dist/commands/auth-choice.apply.xai.js +63 -0
package/dist/commands/auth-choice.preferred-provider.js +7 -1
package/dist/commands/configure.wizard.js +1 -1
package/dist/commands/dashboard.js +1 -1
package/dist/commands/docs.js +1 -1
package/dist/commands/doctor-config-flow.js +61 -5
package/dist/commands/doctor-gateway-services.js +3 -3
package/dist/commands/doctor-state-migrations.js +1 -1
package/dist/commands/doctor-update.js +3 -3
package/dist/commands/doctor.js +1 -1
package/dist/commands/health.js +1 -1
package/dist/commands/model-allowlist.js +29 -0
package/dist/commands/model-picker.js +2 -1
package/dist/commands/models/list.probe.js +2 -2
package/dist/commands/models/list.registry.js +4 -4
package/dist/commands/models/list.status-command.js +44 -24
package/dist/commands/models/shared.js +15 -0
package/dist/commands/onboard-auth.config-core.js +366 -28
package/dist/commands/onboard-auth.credentials.js +71 -9
package/dist/commands/onboard-auth.js +3 -3
package/dist/commands/onboard-auth.models.js +26 -24
package/dist/commands/onboard-custom.js +384 -0
package/dist/commands/onboard-non-interactive/local/auth-choice-inference.js +35 -0
package/dist/commands/onboard-non-interactive/local/auth-choice.js +146 -9
package/dist/commands/onboard-skills.js +63 -38
package/dist/commands/openai-model-default.js +41 -0
package/dist/commands/status-all/report-lines.js +1 -1
package/dist/commands/status.command.js +1 -1
package/dist/commands/uninstall.js +3 -3
package/dist/compat/legacy-names.js +1 -1
package/dist/config/defaults.js +3 -2
package/dist/config/io.js +3 -3
package/dist/config/paths.js +136 -35
package/dist/config/plugin-auto-enable.js +21 -5
package/dist/config/redact-snapshot.js +153 -0
package/dist/config/schema.field-metadata.js +590 -0
package/dist/config/schema.js +3 -3
package/dist/config/sessions/store.js +291 -23
package/dist/config/types.memory.js +1 -0
package/dist/config/version.js +4 -4
package/dist/config/zod-schema.agent-defaults.js +3 -0
package/dist/config/zod-schema.agent-runtime.js +13 -2
package/dist/config/zod-schema.providers-core.js +142 -0
package/dist/config/zod-schema.session.js +3 -0
package/dist/cron/delivery.js +57 -0
package/dist/cron/isolated-agent/delivery-target.js +18 -3
package/dist/cron/isolated-agent/helpers.js +22 -5
package/dist/cron/isolated-agent/run.js +171 -63
package/dist/cron/isolated-agent/session.js +2 -0
package/dist/cron/normalize.js +356 -28
package/dist/cron/parse.js +10 -5
package/dist/cron/run-log.js +35 -10
package/dist/cron/schedule.js +41 -6
package/dist/cron/service/jobs.js +208 -35
package/dist/cron/service/ops.js +72 -16
package/dist/cron/service/state.js +2 -0
package/dist/cron/service/store.js +386 -14
package/dist/cron/service/timer.js +390 -147
package/dist/cron/session-reaper.js +86 -0
package/dist/cron/store.js +23 -8
package/dist/cron/validate-timestamp.js +43 -0
package/dist/daemon/constants.js +7 -7
package/dist/daemon/inspect.js +6 -6
package/dist/daemon/systemd-unit.js +1 -1
package/dist/discord/monitor/agent-components.js +438 -0
package/dist/discord/monitor/allow-list.js +28 -5
package/dist/discord/monitor/gateway-registry.js +29 -0
package/dist/discord/monitor/native-command.js +44 -23
package/dist/discord/monitor/sender-identity.js +45 -0
package/dist/discord/pluralkit.js +27 -0
package/dist/discord/send.outbound.js +92 -5
package/dist/discord/send.shared.js +60 -23
package/dist/discord/targets.js +84 -1
package/dist/entry.js +15 -9
package/dist/extensionAPI.js +8 -0
package/dist/gateway/control-ui.js +8 -1
package/dist/gateway/hooks-mapping.js +3 -0
package/dist/gateway/hooks.js +65 -0
package/dist/gateway/live-image-probe.js +1 -66
package/dist/gateway/net.js +96 -31
package/dist/gateway/node-command-policy.js +50 -15
package/dist/gateway/openai-http.js +2 -2
package/dist/gateway/openresponses-http.js +4 -4
package/dist/gateway/origin-check.js +56 -0
package/dist/gateway/protocol/client-info.js +9 -0
package/dist/gateway/protocol/index.js +9 -2
package/dist/gateway/protocol/schema/agents-models-skills.js +71 -1
package/dist/gateway/protocol/schema/cron.js +22 -10
package/dist/gateway/protocol/schema/protocol-schemas.js +16 -2
package/dist/gateway/protocol/schema/sessions.js +12 -0
package/dist/gateway/server/hooks.js +1 -1
package/dist/gateway/server-broadcast.js +26 -9
package/dist/gateway/server-chat.js +112 -23
package/dist/gateway/server-discovery-runtime.js +10 -2
package/dist/gateway/server-discovery.js +2 -2
package/dist/gateway/server-http.js +110 -12
package/dist/gateway/server-methods/agent-timestamp.js +60 -0
package/dist/gateway/server-methods/agents.js +321 -2
package/dist/gateway/server-methods/usage.js +559 -16
package/dist/gateway/server-runtime-state.js +22 -8
package/dist/gateway/server-startup-memory.js +16 -0
package/dist/gateway/server.impl.js +7 -3
package/dist/gateway/session-utils.fs.js +23 -25
package/dist/gateway/session-utils.js +20 -10
package/dist/gateway/sessions-patch.js +7 -22
package/dist/gateway/test-helpers.server.js +35 -2
package/dist/hooks/frontmatter.js +1 -1
package/dist/hooks/hooks-status.js +1 -1
package/dist/hooks/install.js +2 -2
package/dist/hooks/loader.js +1 -1
package/dist/hooks/workspace.js +3 -3
package/dist/imessage/constants.js +2 -0
package/dist/imessage/monitor/deliver.js +4 -1
package/dist/imessage/monitor/monitor-provider.js +51 -1
package/dist/index.js +2 -2
package/dist/infra/bonjour-discovery.js +131 -70
package/dist/infra/bonjour.js +3 -3
package/dist/infra/control-ui-assets.js +134 -12
package/dist/infra/errors.js +12 -0
package/dist/infra/exec-approvals.js +266 -57
package/dist/infra/format-time/format-datetime.js +79 -0
package/dist/infra/format-time/format-duration.js +81 -0
package/dist/infra/format-time/format-relative.js +80 -0
package/dist/infra/heartbeat-runner.js +140 -49
package/dist/infra/home-dir.js +54 -0
package/dist/infra/net/fetch-guard.js +122 -0
package/dist/infra/net/ssrf.js +65 -29
package/dist/infra/outbound/abort.js +14 -0
package/dist/infra/outbound/message-action-runner.js +77 -13
package/dist/infra/outbound/outbound-session.js +143 -37
package/dist/infra/path-env.js +3 -3
package/dist/infra/poolbot-root.js +43 -1
package/dist/infra/provider-usage.fetch.minimax.js +1 -1
package/dist/infra/restart.js +1 -1
package/dist/infra/session-cost-usage.js +631 -41
package/dist/infra/state-migrations.js +317 -47
package/dist/infra/tailscale.js +1 -1
package/dist/infra/update-global.js +35 -0
package/dist/infra/update-runner.js +149 -43
package/dist/infra/warning-filter.js +65 -0
package/dist/infra/widearea-dns.js +30 -9
package/dist/logging/redact-identifier.js +12 -0
package/dist/macos/relay.js +2 -2
package/dist/media/fetch.js +81 -58
package/dist/media/input-files.js +1 -1
package/dist/media/mime.js +4 -0
package/dist/media/png-encode.js +74 -0
package/dist/media-understanding/apply.js +403 -3
package/dist/media-understanding/attachments.js +38 -27
package/dist/media-understanding/defaults.js +16 -0
package/dist/media-understanding/providers/deepgram/audio.js +22 -14
package/dist/media-understanding/providers/google/audio.js +24 -17
package/dist/media-understanding/providers/google/video.js +24 -17
package/dist/media-understanding/providers/image.js +4 -4
package/dist/media-understanding/providers/index.js +4 -1
package/dist/media-understanding/providers/openai/audio.js +22 -14
package/dist/media-understanding/providers/shared.js +16 -11
package/dist/media-understanding/providers/zai/index.js +6 -0
package/dist/media-understanding/runner.js +158 -90
package/dist/memory/backend-config.js +207 -0
package/dist/memory/batch-voyage.js +277 -0
package/dist/memory/embeddings-voyage.js +75 -0
package/dist/memory/embeddings.js +29 -17
package/dist/memory/internal.js +101 -18
package/dist/memory/manager.js +155 -48
package/dist/memory/search-manager.js +173 -0
package/dist/memory/session-files.js +9 -3
package/dist/memory/types.js +1 -0
package/dist/node-host/runner.js +36 -26
package/dist/node-host/with-timeout.js +27 -0
package/dist/pairing/pairing-messages.js +1 -1
package/dist/plugins/commands.js +5 -1
package/dist/plugins/config-state.js +86 -7
package/dist/plugins/discovery.js +1 -1
package/dist/plugins/install.js +2 -2
package/dist/plugins/source-display.js +51 -0
package/dist/plugins/update.js +1 -1
package/dist/process/exec.js +20 -2
package/dist/routing/resolve-route.js +12 -0
package/dist/routing/session-key.js +15 -0
package/dist/runtime.js +2 -0
package/dist/security/audit-extra.async.js +601 -0
package/dist/security/audit-extra.js +2 -830
package/dist/security/audit-extra.sync.js +505 -0
package/dist/security/audit.js +2 -2
package/dist/security/channel-metadata.js +34 -0
package/dist/security/external-content.js +88 -6
package/dist/security/skill-scanner.js +330 -0
package/dist/sessions/session-key-utils.js +7 -0
package/dist/shared/text/reasoning-tags.js +52 -7
package/dist/signal/monitor/event-handler.js +80 -1
package/dist/slack/monitor/media.js +85 -15
package/dist/tailscale/detect.js +145 -0
package/dist/telegram/bot/helpers.js +109 -28
package/dist/telegram/bot-handlers.js +144 -3
package/dist/telegram/bot-message-context.js +38 -11
package/dist/telegram/bot-message-dispatch.js +48 -15
package/dist/telegram/bot-native-commands.js +86 -29
package/dist/telegram/bot.js +30 -29
package/dist/telegram/model-buttons.js +163 -0
package/dist/telegram/monitor.js +110 -85
package/dist/telegram/send.js +129 -47
package/dist/terminal/restore.js +45 -0
package/dist/test-helpers/state-dir-env.js +16 -0
package/dist/test-helpers/workspace.js +11 -0
package/dist/test-utils/channel-plugins.js +82 -0
package/dist/test-utils/ports.js +73 -0
package/dist/tts/tts.js +12 -6
package/dist/tui/tui-session-actions.js +166 -54
package/dist/utils/fetch-timeout.js +20 -0
package/dist/utils/normalize-secret-input.js +19 -0
package/dist/utils/shell-argv.js +61 -0
package/dist/utils/transcript-tools.js +58 -0
package/dist/utils.js +55 -14
package/dist/version.js +42 -5
package/dist/web/qr-image.js +1 -61
package/dist/wizard/onboarding.finalize.js +7 -7
package/dist/wizard/onboarding.js +3 -3
package/docs/RELEASE_WORKFOTS_COMPARISON.md +3 -3
package/docs/_config.yml +2 -2
package/docs/_layouts/default.html +9 -9
package/docs/concepts/typebox.md +1 -1
package/docs/docs.json +1 -1
package/docs/northflank.mdx +7 -7
package/docs/railway.mdx +3 -3
package/docs/render.mdx +5 -5
package/docs/start/lore.md +2 -2
package/extensions/bluebubbles/index.ts +2 -2
package/extensions/bluebubbles/package.json +1 -1
package/extensions/bluebubbles/src/accounts.ts +8 -8
package/extensions/bluebubbles/src/actions.test.ts +22 -22
package/extensions/bluebubbles/src/actions.ts +5 -5
package/extensions/bluebubbles/src/attachments.ts +2 -2
package/extensions/bluebubbles/src/channel.ts +16 -16
package/extensions/bluebubbles/src/chat.ts +2 -2
package/extensions/bluebubbles/src/media-send.ts +2 -2
package/extensions/bluebubbles/src/monitor.test.ts +46 -46
package/extensions/bluebubbles/src/monitor.ts +5 -5
package/extensions/bluebubbles/src/onboarding.ts +7 -7
package/extensions/bluebubbles/src/reactions.ts +2 -2
package/extensions/bluebubbles/src/send.ts +2 -2
package/extensions/copilot-proxy/README.md +1 -1
package/extensions/copilot-proxy/package.json +1 -1
package/extensions/diagnostics-otel/index.ts +2 -2
package/extensions/diagnostics-otel/package.json +1 -1
package/extensions/diagnostics-otel/src/service.ts +3 -3
package/extensions/discord/index.ts +2 -2
package/extensions/discord/package.json +1 -1
package/extensions/google-antigravity-auth/README.md +1 -1
package/extensions/google-antigravity-auth/index.ts +1 -1
package/extensions/google-antigravity-auth/package.json +1 -1
package/extensions/google-gemini-cli-auth/README.md +1 -1
package/extensions/google-gemini-cli-auth/oauth.ts +1 -1
package/extensions/google-gemini-cli-auth/package.json +1 -1
package/extensions/googlechat/index.ts +3 -3
package/extensions/googlechat/package.json +1 -1
package/extensions/googlechat/src/accounts.ts +8 -8
package/extensions/googlechat/src/actions.ts +6 -6
package/extensions/googlechat/src/channel.ts +21 -21
package/extensions/googlechat/src/monitor.ts +8 -8
package/extensions/googlechat/src/onboarding.ts +10 -10
package/extensions/imessage/index.ts +2 -2
package/extensions/imessage/package.json +1 -1
package/extensions/line/index.ts +2 -2
package/extensions/line/package.json +1 -1
package/extensions/line/src/card-command.ts +2 -2
package/extensions/line/src/channel.logout.test.ts +4 -4
package/extensions/line/src/channel.sendPayload.test.ts +8 -8
package/extensions/line/src/channel.ts +3 -3
package/extensions/llm-task/README.md +3 -3
package/extensions/llm-task/index.ts +2 -2
package/extensions/llm-task/package.json +1 -1
package/extensions/llm-task/src/llm-task-tool.ts +4 -4
package/extensions/lobster/README.md +6 -6
package/extensions/lobster/index.ts +2 -2
package/extensions/lobster/src/lobster-tool.test.ts +4 -4
package/extensions/lobster/src/lobster-tool.ts +2 -2
package/extensions/matrix/index.ts +2 -2
package/extensions/matrix/package.json +1 -1
package/extensions/matrix/src/matrix/client/config.ts +1 -1
package/extensions/matrix/src/matrix/monitor/handler.ts +1 -1
package/extensions/matrix/src/onboarding.ts +1 -1
package/extensions/mattermost/index.ts +2 -2
package/extensions/mattermost/package.json +1 -1
package/extensions/mattermost/src/mattermost/accounts.ts +8 -8
package/extensions/mattermost/src/mattermost/monitor-helpers.ts +5 -5
package/extensions/mattermost/src/mattermost/monitor.ts +2 -2
package/extensions/mattermost/src/onboarding-helpers.ts +3 -3
package/extensions/mattermost/src/onboarding.ts +2 -2
package/extensions/memory-core/index.ts +2 -2
package/extensions/memory-core/package.json +1 -1
package/extensions/memory-lancedb/index.ts +3 -3
package/extensions/memory-lancedb/package.json +1 -1
package/extensions/msteams/index.ts +2 -2
package/extensions/msteams/package.json +1 -1
package/extensions/msteams/src/channel.directory.test.ts +2 -2
package/extensions/msteams/src/channel.ts +2 -2
package/extensions/msteams/src/graph-upload.ts +4 -4
package/extensions/msteams/src/monitor-handler.ts +2 -2
package/extensions/msteams/src/monitor.ts +2 -2
package/extensions/msteams/src/onboarding.ts +9 -9
package/extensions/msteams/src/reply-dispatcher.ts +2 -2
package/extensions/msteams/src/send-context.ts +2 -2
package/extensions/msteams/src/send.ts +4 -4
package/extensions/nextcloud-talk/index.ts +2 -2
package/extensions/nextcloud-talk/package.json +1 -1
package/extensions/nextcloud-talk/src/channel.ts +7 -7
package/extensions/nextcloud-talk/src/inbound.ts +7 -7
package/extensions/nextcloud-talk/src/onboarding.ts +1 -1
package/extensions/nostr/README.md +2 -2
package/extensions/nostr/index.ts +5 -5
package/extensions/nostr/package.json +1 -1
package/extensions/nostr/src/types.ts +4 -4
package/extensions/open-prose/index.ts +2 -2
package/extensions/qwen-portal-auth/README.md +1 -1
package/extensions/signal/index.ts +2 -2
package/extensions/signal/package.json +1 -1
package/extensions/slack/index.ts +2 -2
package/extensions/slack/package.json +1 -1
package/extensions/telegram/index.ts +2 -2
package/extensions/telegram/package.json +1 -1
package/extensions/telegram/src/channel.ts +2 -2
package/extensions/tlon/README.md +2 -2
package/extensions/tlon/index.ts +2 -2
package/extensions/tlon/package.json +1 -1
package/extensions/tlon/src/channel.ts +13 -13
package/extensions/tlon/src/monitor/index.ts +3 -3
package/extensions/tlon/src/onboarding.ts +3 -3
package/extensions/tlon/src/types.ts +3 -3
package/extensions/twitch/README.md +1 -1
package/extensions/twitch/index.ts +2 -2
package/extensions/twitch/package.json +1 -1
package/extensions/twitch/src/config.ts +3 -3
package/extensions/twitch/src/monitor.ts +3 -3
package/extensions/twitch/src/onboarding.ts +9 -9
package/extensions/twitch/src/outbound.test.ts +2 -2
package/extensions/twitch/src/plugin.test.ts +2 -2
package/extensions/twitch/src/plugin.ts +8 -8
package/extensions/twitch/src/send.test.ts +2 -2
package/extensions/twitch/src/send.ts +4 -4
package/extensions/twitch/src/token.test.ts +8 -8
package/extensions/twitch/src/token.ts +3 -3
package/extensions/twitch/src/twitch-client.ts +3 -3
package/extensions/twitch/src/types.ts +3 -3
package/extensions/twitch/src/utils/markdown.ts +1 -1
package/extensions/voice-call/README.md +3 -3
package/extensions/voice-call/package.json +1 -1
package/extensions/voice-call/src/core-bridge.ts +2 -2
package/extensions/voice-call/src/response-generator.ts +1 -1
package/extensions/whatsapp/index.ts +2 -2
package/extensions/whatsapp/package.json +1 -1
package/extensions/zalo/README.md +1 -1
package/extensions/zalo/index.ts +2 -2
package/extensions/zalo/package.json +1 -1
package/extensions/zalo/src/accounts.ts +8 -8
package/extensions/zalo/src/actions.ts +4 -4
package/extensions/zalo/src/channel.directory.test.ts +2 -2
package/extensions/zalo/src/channel.ts +18 -18
package/extensions/zalo/src/monitor.ts +9 -9
package/extensions/zalo/src/monitor.webhook.test.ts +2 -2
package/extensions/zalo/src/onboarding.ts +24 -24
package/extensions/zalo/src/send.ts +2 -2
package/extensions/zalouser/README.md +2 -2
package/extensions/zalouser/index.ts +2 -2
package/extensions/zalouser/package.json +1 -1
package/extensions/zalouser/src/accounts.ts +9 -9
package/extensions/zalouser/src/channel.ts +24 -24
package/extensions/zalouser/src/monitor.ts +4 -4
package/extensions/zalouser/src/onboarding.ts +28 -28
package/package.json +13 -251
package/skills/nano-banana-pro/scripts/generate_image.py +1 -1
package/skills/tmux/scripts/find-sessions.sh +1 -1
package/CHANGELOG.md +0 -102
package/README-header.png +0 -0
package/git-hooks/pre-commit +0 -4
package/scripts/format-staged.js +0 -148
package/scripts/postinstall.js +0 -300
package/scripts/setup-git-hooks.js +0 -96

package/dist/agents/pi-tool-definition-adapter.js CHANGED Viewed

@@ -1,6 +1,16 @@
 import { logDebug, logError } from "../logger.js";
+import { isPlainObject } from "../utils.js";
+import { runBeforeToolCallHook } from "./pi-tools.before-tool-call.js";
 import { normalizeToolName } from "./tool-policy.js";
 import { jsonResult } from "./tools/common.js";
+function isAbortSignal(value) {
+    return typeof value === "object" && value !== null && "aborted" in value;
+}
+function isLegacyToolExecuteArgs(args) {
+    const third = args[2];
+    const fourth = args[3];
+    return isAbortSignal(third) || typeof fourth === "function";
+}
 function describeToolExecutionError(err) {
     if (err instanceof Error) {
         const message = err.message?.trim() ? err.message : String(err);
@@ -8,6 +18,24 @@ function describeToolExecutionError(err) {
     }
     return { message: String(err) };
 }
+function splitToolExecuteArgs(args) {
+    if (isLegacyToolExecuteArgs(args)) {
+        const [toolCallId, params, signal, onUpdate] = args;
+        return {
+            toolCallId,
+            params,
+            onUpdate,
+            signal,
+        };
+    }
+    const [toolCallId, params, onUpdate, _ctx, signal] = args;
+    return {
+        toolCallId,
+        params,
+        onUpdate,
+        signal,
+    };
+}
 export function toToolDefinitions(tools) {
     return tools.map((tool) => {
         const name = tool.name || "tool";
@@ -16,22 +44,22 @@ export function toToolDefinitions(tools) {
             name,
             label: tool.label ?? name,
             description: tool.description ?? "",
-            // biome-ignore lint/suspicious/noExplicitAny: TypeBox schema from pi-agent-core uses a different module instance.
             parameters: tool.parameters,
-            execute: async (toolCallId, params, onUpdate, _ctx, signal) => {
-                // KNOWN: pi-coding-agent `ToolDefinition.execute` has a different signature/order
-                // than pi-agent-core `AgentTool.execute`. This adapter keeps our existing tools intact.
+            execute: async (...args) => {
+                const { toolCallId, params, onUpdate, signal } = splitToolExecuteArgs(args);
                 try {
                     return await tool.execute(toolCallId, params, signal, onUpdate);
                 }
                 catch (err) {
-                    if (signal?.aborted)
+                    if (signal?.aborted) {
                         throw err;
+                    }
                     const name = err && typeof err === "object" && "name" in err
                         ? String(err.name)
                         : "";
-                    if (name === "AbortError")
+                    if (name === "AbortError") {
                         throw err;
+                    }
                     const described = describeToolExecutionError(err);
                     if (described.stack && described.stack !== described.message) {
                         logDebug(`tools: ${normalizedName} failed stack:\n${described.stack}`);
@@ -49,18 +77,31 @@ export function toToolDefinitions(tools) {
 }
 // Convert client tools (OpenResponses hosted tools) to ToolDefinition format
 // These tools are intercepted to return a "pending" result instead of executing
-export function toClientToolDefinitions(tools, onClientToolCall) {
+export function toClientToolDefinitions(tools, onClientToolCall, hookContext) {
     return tools.map((tool) => {
         const func = tool.function;
         return {
             name: func.name,
             label: func.name,
             description: func.description ?? "",
+            // oxlint-disable-next-line typescript/no-explicit-any
             parameters: func.parameters,
-            execute: async (toolCallId, params, _onUpdate, _ctx, _signal) => {
+            execute: async (...args) => {
+                const { toolCallId, params } = splitToolExecuteArgs(args);
+                const outcome = await runBeforeToolCallHook({
+                    toolName: func.name,
+                    params,
+                    toolCallId,
+                    ctx: hookContext,
+                });
+                if (outcome.blocked) {
+                    throw new Error(outcome.reason);
+                }
+                const adjustedParams = outcome.params;
+                const paramsRecord = isPlainObject(adjustedParams) ? adjustedParams : {};
                 // Notify handler that a client tool was called
                 if (onClientToolCall) {
-                    onClientToolCall(func.name, params);
+                    onClientToolCall(func.name, paramsRecord);
                 }
                 // Return a pending result - the client will execute this tool
                 return jsonResult({

package/dist/agents/pi-tools.before-tool-call.js ADDED Viewed

@@ -0,0 +1,67 @@
+import { createSubsystemLogger } from "../logging/subsystem.js";
+import { getGlobalHookRunner } from "../plugins/hook-runner-global.js";
+import { isPlainObject } from "../utils.js";
+import { normalizeToolName } from "./tool-policy.js";
+const log = createSubsystemLogger("agents/tools");
+export async function runBeforeToolCallHook(args) {
+    const hookRunner = getGlobalHookRunner();
+    if (!hookRunner?.hasHooks("before_tool_call")) {
+        return { blocked: false, params: args.params };
+    }
+    const toolName = normalizeToolName(args.toolName || "tool");
+    const params = args.params;
+    try {
+        const normalizedParams = isPlainObject(params) ? params : {};
+        const hookResult = await hookRunner.runBeforeToolCall({
+            toolName,
+            params: normalizedParams,
+        }, {
+            toolName,
+            agentId: args.ctx?.agentId,
+            sessionKey: args.ctx?.sessionKey,
+        });
+        if (hookResult?.block) {
+            return {
+                blocked: true,
+                reason: hookResult.blockReason || "Tool call blocked by plugin hook",
+            };
+        }
+        if (hookResult?.params && isPlainObject(hookResult.params)) {
+            if (isPlainObject(params)) {
+                return { blocked: false, params: { ...params, ...hookResult.params } };
+            }
+            return { blocked: false, params: hookResult.params };
+        }
+    }
+    catch (err) {
+        const toolCallId = args.toolCallId ? ` toolCallId=${args.toolCallId}` : "";
+        log.warn(`before_tool_call hook failed: tool=${toolName}${toolCallId} error=${String(err)}`);
+    }
+    return { blocked: false, params };
+}
+export function wrapToolWithBeforeToolCallHook(tool, ctx) {
+    const execute = tool.execute;
+    if (!execute) {
+        return tool;
+    }
+    const toolName = tool.name || "tool";
+    return {
+        ...tool,
+        execute: async (toolCallId, params, signal, onUpdate) => {
+            const outcome = await runBeforeToolCallHook({
+                toolName,
+                params,
+                toolCallId,
+                ctx,
+            });
+            if (outcome.blocked) {
+                throw new Error(outcome.reason);
+            }
+            return await execute(toolCallId, outcome.params, signal, onUpdate);
+        },
+    };
+}
+export const __testing = {
+    runBeforeToolCallHook,
+    isPlainObject,
+};

package/dist/agents/pi-tools.js CHANGED Viewed

@@ -6,10 +6,11 @@ import { createExecTool, createProcessTool, } from "./bash-tools.js";
 import { listChannelAgentTools } from "./channel-tools.js";
 import { createPoolBotTools } from "./poolbot-tools.js";
 import { wrapToolWithAbortSignal } from "./pi-tools.abort.js";
+import { wrapToolWithBeforeToolCallHook } from "./pi-tools.before-tool-call.js";
 import { filterToolsByPolicy, isToolAllowedByPolicies, resolveEffectiveToolPolicy, resolveGroupToolPolicy, resolveSubagentToolPolicy, } from "./pi-tools.policy.js";
-import { assertRequiredParams, CLAUDE_PARAM_GROUPS, createMoltbotReadTool, createSandboxedEditTool, createSandboxedReadTool, createSandboxedWriteTool, normalizeToolParams, patchToolSchemaForClaudeCompatibility, wrapToolParamNormalization, } from "./pi-tools.read.js";
+import { assertRequiredParams, CLAUDE_PARAM_GROUPS, createPoolbotReadTool, createSandboxedEditTool, createSandboxedReadTool, createSandboxedWriteTool, normalizeToolParams, patchToolSchemaForClaudeCompatibility, wrapToolParamNormalization, } from "./pi-tools.read.js";
 import { cleanToolSchemaForGemini, normalizeToolParameters } from "./pi-tools.schema.js";
-import { buildPluginToolGroups, collectExplicitAllowlist, expandPolicyWithPluginGroups, normalizeToolName, resolveToolProfilePolicy, stripPluginOnlyAllowlist, } from "./tool-policy.js";
+import { buildPluginToolGroups, collectExplicitAllowlist, expandPolicyWithPluginGroups, normalizeToolName, resolveToolProfilePolicy, stripPluginOnlyAllowlist, applyOwnerOnlyToolPolicy, } from "./tool-policy.js";
 import { getPluginToolMeta } from "../plugins/tools.js";
 import { logWarn } from "../logger.js";
 function isOpenAIProvider(provider) {
@@ -59,7 +60,7 @@ export const __testing = {
     wrapToolParamNormalization,
     assertRequiredParams,
 };
-export function createMoltbotCodingTools(options) {
+export function createPoolbotCodingTools(options) {
     const execToolName = "exec";
     const sandbox = options?.sandbox?.enabled ? options.sandbox : undefined;
     const { agentId, globalPolicy, globalProviderPolicy, agentPolicy, agentProviderPolicy, profile, providerProfile, profileAlsoAllow, providerProfileAlsoAllow, } = resolveEffectiveToolPolicy({
@@ -124,7 +125,7 @@ export function createMoltbotCodingTools(options) {
                 return [createSandboxedReadTool(sandboxRoot)];
             }
             const freshReadTool = createReadTool(workspaceRoot);
-            return [createMoltbotReadTool(freshReadTool)];
+            return [createPoolbotReadTool(freshReadTool)];
         }
         if (tool.name === "bash" || tool.name === execToolName)
             return [];
@@ -226,15 +227,20 @@ export function createMoltbotCodingTools(options) {
             replyToMode: options?.replyToMode,
             hasRepliedRef: options?.hasRepliedRef,
             modelHasVision: options?.modelHasVision,
+            requireExplicitMessageTarget: options?.requireExplicitMessageTarget,
+            disableMessageTool: options?.disableMessageTool,
             requesterAgentIdOverride: agentId,
         }),
     ];
-    const coreToolNames = new Set(tools
+    // Security: treat unknown/undefined as unauthorized (opt-in, not opt-out)
+    const senderIsOwner = options?.senderIsOwner === true;
+    const toolsByAuthorization = applyOwnerOnlyToolPolicy(tools, senderIsOwner);
+    const coreToolNames = new Set(toolsByAuthorization
         .filter((tool) => !getPluginToolMeta(tool))
         .map((tool) => normalizeToolName(tool.name))
         .filter(Boolean));
     const pluginGroups = buildPluginToolGroups({
-        tools,
+        tools: toolsByAuthorization,
         toolMeta: (tool) => getPluginToolMeta(tool),
     });
     const resolvePolicy = (policy, label) => {
@@ -258,8 +264,8 @@ export function createMoltbotCodingTools(options) {
     const sandboxPolicyExpanded = expandPolicyWithPluginGroups(sandbox?.tools, pluginGroups);
     const subagentPolicyExpanded = expandPolicyWithPluginGroups(subagentPolicy, pluginGroups);
     const toolsFiltered = profilePolicyExpanded
-        ? filterToolsByPolicy(tools, profilePolicyExpanded)
-        : tools;
+        ? filterToolsByPolicy(toolsByAuthorization, profilePolicyExpanded)
+        : toolsByAuthorization;
     const providerProfileFiltered = providerProfileExpanded
         ? filterToolsByPolicy(toolsFiltered, providerProfileExpanded)
         : toolsFiltered;
@@ -287,9 +293,13 @@ export function createMoltbotCodingTools(options) {
     // Always normalize tool JSON Schemas before handing them to pi-agent/pi-ai.
     // Without this, some providers (notably OpenAI) will reject root-level union schemas.
     const normalized = subagentFiltered.map(normalizeToolParameters);
+    const withHooks = normalized.map((tool) => wrapToolWithBeforeToolCallHook(tool, {
+        agentId,
+        sessionKey: options?.sessionKey,
+    }));
     const withAbort = options?.abortSignal
-        ? normalized.map((tool) => wrapToolWithAbortSignal(tool, options.abortSignal))
-        : normalized;
+        ? withHooks.map((tool) => wrapToolWithAbortSignal(tool, options.abortSignal))
+        : withHooks;
     // NOTE: Keep canonical (lowercase) tool names here.
     // pi-ai's Anthropic OAuth transport remaps tool names to Claude Code-style names
     // on the wire and maps them back for tool dispatch.

package/dist/agents/pi-tools.read.js CHANGED Viewed

@@ -199,7 +199,7 @@ function wrapSandboxPathGuard(tool, root) {
 }
 export function createSandboxedReadTool(root) {
     const base = createReadTool(root);
-    return wrapSandboxPathGuard(createMoltbotReadTool(base), root);
+    return wrapSandboxPathGuard(createPoolbotReadTool(base), root);
 }
 export function createSandboxedWriteTool(root) {
     const base = createWriteTool(root);
@@ -209,7 +209,7 @@ export function createSandboxedEditTool(root) {
     const base = createEditTool(root);
     return wrapSandboxPathGuard(wrapToolParamNormalization(base, CLAUDE_PARAM_GROUPS.edit), root);
 }
-export function createMoltbotReadTool(base) {
+export function createPoolbotReadTool(base) {
     const patched = patchToolSchemaForClaudeCompatibility(base);
     return {
         ...patched,

package/dist/agents/poolbot-tools.js CHANGED Viewed

@@ -32,6 +32,20 @@ export function createPoolBotTools(options) {
         config: options?.config,
         sandboxed: options?.sandboxed,
     });
+    const messageTool = options?.disableMessageTool
+        ? null
+        : createMessageTool({
+            agentAccountId: options?.agentAccountId,
+            agentSessionKey: options?.agentSessionKey,
+            config: options?.config,
+            currentChannelId: options?.currentChannelId,
+            currentChannelProvider: options?.agentChannel,
+            currentThreadTs: options?.currentThreadTs,
+            replyToMode: options?.replyToMode,
+            hasRepliedRef: options?.hasRepliedRef,
+            sandboxRoot: options?.sandboxRoot,
+            requireExplicitTarget: options?.requireExplicitMessageTarget,
+        });
     const tools = [
         createBrowserTool({
             sandboxBridgeUrl: options?.sandboxBrowserBridgeUrl,
@@ -45,16 +59,7 @@ export function createPoolBotTools(options) {
         createCronTool({
             agentSessionKey: options?.agentSessionKey,
         }),
-        createMessageTool({
-            agentAccountId: options?.agentAccountId,
-            agentSessionKey: options?.agentSessionKey,
-            config: options?.config,
-            currentChannelId: options?.currentChannelId,
-            currentChannelProvider: options?.agentChannel,
-            currentThreadTs: options?.currentThreadTs,
-            replyToMode: options?.replyToMode,
-            hasRepliedRef: options?.hasRepliedRef,
-        }),
+        ...(messageTool ? [messageTool] : []),
         createTtsTool({
             agentChannel: options?.agentChannel,
             config: options?.config,

package/dist/agents/sandbox-paths.js CHANGED Viewed

@@ -1,6 +1,9 @@
 import fs from "node:fs/promises";
 import os from "node:os";
 import path from "node:path";
+import { fileURLToPath } from "node:url";
+const HTTP_URL_RE = /^https?:\/\//i;
+const DATA_URL_RE = /^data:/i;
 const UNICODE_SPACES = /[\u00A0\u2000-\u200A\u202F\u205F\u3000]/g;
 function normalizeUnicodeSpaces(str) {
     return str.replace(UNICODE_SPACES, " ");
@@ -38,6 +41,34 @@ export async function assertSandboxPath(params) {
     await assertNoSymlink(resolved.relative, path.resolve(params.root));
     return resolved;
 }
+export function assertMediaNotDataUrl(media) {
+    const raw = media.trim();
+    if (DATA_URL_RE.test(raw)) {
+        throw new Error("data: URLs are not supported for media. Use buffer instead.");
+    }
+}
+export async function resolveSandboxedMediaSource(params) {
+    const raw = params.media.trim();
+    if (!raw)
+        return raw;
+    if (HTTP_URL_RE.test(raw))
+        return raw;
+    let candidate = raw;
+    if (/^file:\/\//i.test(candidate)) {
+        try {
+            candidate = fileURLToPath(candidate);
+        }
+        catch {
+            throw new Error(`Invalid file:// URL for sandboxed media: ${raw}`);
+        }
+    }
+    const resolved = await assertSandboxPath({
+        filePath: candidate,
+        cwd: params.sandboxRoot,
+        root: params.sandboxRoot,
+    });
+    return resolved.resolved;
+}
 async function assertNoSymlink(relative, root) {
     if (!relative)
         return;

package/dist/agents/session-file-repair.js ADDED Viewed

@@ -0,0 +1,83 @@
+import fs from "node:fs/promises";
+import path from "node:path";
+function isSessionHeader(entry) {
+    if (!entry || typeof entry !== "object") {
+        return false;
+    }
+    const record = entry;
+    return record.type === "session" && typeof record.id === "string" && record.id.length > 0;
+}
+export async function repairSessionFileIfNeeded(params) {
+    const sessionFile = params.sessionFile.trim();
+    if (!sessionFile) {
+        return { repaired: false, droppedLines: 0, reason: "missing session file" };
+    }
+    let content;
+    try {
+        content = await fs.readFile(sessionFile, "utf-8");
+    }
+    catch (err) {
+        const code = err?.code;
+        if (code === "ENOENT") {
+            return { repaired: false, droppedLines: 0, reason: "missing session file" };
+        }
+        const reason = `failed to read session file: ${err instanceof Error ? err.message : "unknown error"}`;
+        params.warn?.(`session file repair skipped: ${reason} (${path.basename(sessionFile)})`);
+        return { repaired: false, droppedLines: 0, reason };
+    }
+    const lines = content.split(/\r?\n/);
+    const entries = [];
+    let droppedLines = 0;
+    for (const line of lines) {
+        if (!line.trim()) {
+            continue;
+        }
+        try {
+            const entry = JSON.parse(line);
+            entries.push(entry);
+        }
+        catch {
+            droppedLines += 1;
+        }
+    }
+    if (entries.length === 0) {
+        return { repaired: false, droppedLines, reason: "empty session file" };
+    }
+    if (!isSessionHeader(entries[0])) {
+        params.warn?.(`session file repair skipped: invalid session header (${path.basename(sessionFile)})`);
+        return { repaired: false, droppedLines, reason: "invalid session header" };
+    }
+    if (droppedLines === 0) {
+        return { repaired: false, droppedLines: 0 };
+    }
+    const cleaned = `${entries.map((entry) => JSON.stringify(entry)).join("\n")}\n`;
+    const backupPath = `${sessionFile}.bak-${process.pid}-${Date.now()}`;
+    const tmpPath = `${sessionFile}.repair-${process.pid}-${Date.now()}.tmp`;
+    try {
+        const stat = await fs.stat(sessionFile).catch(() => null);
+        await fs.writeFile(backupPath, content, "utf-8");
+        if (stat) {
+            await fs.chmod(backupPath, stat.mode);
+        }
+        await fs.writeFile(tmpPath, cleaned, "utf-8");
+        if (stat) {
+            await fs.chmod(tmpPath, stat.mode);
+        }
+        await fs.rename(tmpPath, sessionFile);
+    }
+    catch (err) {
+        try {
+            await fs.unlink(tmpPath);
+        }
+        catch (cleanupErr) {
+            params.warn?.(`session file repair cleanup failed: ${cleanupErr instanceof Error ? cleanupErr.message : "unknown error"} (${path.basename(tmpPath)})`);
+        }
+        return {
+            repaired: false,
+            droppedLines,
+            reason: `repair failed: ${err instanceof Error ? err.message : "unknown error"}`,
+        };
+    }
+    params.warn?.(`session file repaired: dropped ${droppedLines} malformed line(s) (${path.basename(sessionFile)})`);
+    return { repaired: true, droppedLines, backupPath };
+}

package/dist/agents/session-tool-result-guard.js CHANGED Viewed

@@ -1,16 +1,76 @@
-import { makeMissingToolResult } from "./session-transcript-repair.js";
 import { emitSessionTranscriptUpdate } from "../sessions/transcript-events.js";
+import { HARD_MAX_TOOL_RESULT_CHARS } from "./pi-embedded-runner/tool-result-truncation.js";
+import { makeMissingToolResult, sanitizeToolCallInputs } from "./session-transcript-repair.js";
+const GUARD_TRUNCATION_SUFFIX = "\n\n⚠️ [Content truncated during persistence — original exceeded size limit. " +
+    "Use offset/limit parameters or request specific sections for large content.]";
+/**
+ * Truncate oversized text content blocks in a tool result message.
+ * Returns the original message if under the limit, or a new message with
+ * truncated text blocks otherwise.
+ */
+function capToolResultSize(msg) {
+    const role = msg.role;
+    if (role !== "toolResult") {
+        return msg;
+    }
+    const content = msg.content;
+    if (!Array.isArray(content)) {
+        return msg;
+    }
+    // Calculate total text size
+    let totalTextChars = 0;
+    for (const block of content) {
+        if (block && typeof block === "object" && block.type === "text") {
+            const text = block.text;
+            if (typeof text === "string") {
+                totalTextChars += text.length;
+            }
+        }
+    }
+    if (totalTextChars <= HARD_MAX_TOOL_RESULT_CHARS) {
+        return msg;
+    }
+    // Truncate proportionally
+    const newContent = content.map((block) => {
+        if (!block || typeof block !== "object" || block.type !== "text") {
+            return block;
+        }
+        const textBlock = block;
+        if (typeof textBlock.text !== "string") {
+            return block;
+        }
+        const blockShare = textBlock.text.length / totalTextChars;
+        const blockBudget = Math.max(2_000, Math.floor(HARD_MAX_TOOL_RESULT_CHARS * blockShare) - GUARD_TRUNCATION_SUFFIX.length);
+        if (textBlock.text.length <= blockBudget) {
+            return block;
+        }
+        // Try to cut at a newline boundary
+        let cutPoint = blockBudget;
+        const lastNewline = textBlock.text.lastIndexOf("\n", blockBudget);
+        if (lastNewline > blockBudget * 0.8) {
+            cutPoint = lastNewline;
+        }
+        return {
+            ...textBlock,
+            text: textBlock.text.slice(0, cutPoint) + GUARD_TRUNCATION_SUFFIX,
+        };
+    });
+    return { ...msg, content: newContent };
+}
 function extractAssistantToolCalls(msg) {
     const content = msg.content;
-    if (!Array.isArray(content))
+    if (!Array.isArray(content)) {
         return [];
+    }
     const toolCalls = [];
     for (const block of content) {
-        if (!block || typeof block !== "object")
+        if (!block || typeof block !== "object") {
             continue;
+        }
         const rec = block;
-        if (typeof rec.id !== "string" || !rec.id)
+        if (typeof rec.id !== "string" || !rec.id) {
             continue;
+        }
         if (rec.type === "toolCall" || rec.type === "toolUse" || rec.type === "functionCall") {
             toolCalls.push({
                 id: rec.id,
@@ -22,11 +82,13 @@ function extractAssistantToolCalls(msg) {
 }
 function extractToolResultId(msg) {
     const toolCallId = msg.toolCallId;
-    if (typeof toolCallId === "string" && toolCallId)
+    if (typeof toolCallId === "string" && toolCallId) {
         return toolCallId;
+    }
     const toolUseId = msg.toolUseId;
-    if (typeof toolUseId === "string" && toolUseId)
+    if (typeof toolUseId === "string" && toolUseId) {
         return toolUseId;
+    }
     return null;
 }
 export function installSessionToolResultGuard(sessionManager, opts) {
@@ -38,8 +100,9 @@ export function installSessionToolResultGuard(sessionManager, opts) {
     };
     const allowSyntheticToolResults = opts?.allowSyntheticToolResults ?? true;
     const flushPendingToolResults = () => {
-        if (pending.size === 0)
+        if (pending.size === 0) {
             return;
+        }
         if (allowSyntheticToolResults) {
             for (const [id, name] of pending.entries()) {
                 const synthetic = makeMissingToolResult({ toolCallId: id, toolName: name });
@@ -53,24 +116,40 @@ export function installSessionToolResultGuard(sessionManager, opts) {
         pending.clear();
     };
     const guardedAppend = (message) => {
+        let nextMessage = message;
         const role = message.role;
-        if (role === "toolResult") {
-            const id = extractToolResultId(message);
+        if (role === "assistant") {
+            const sanitized = sanitizeToolCallInputs([message]);
+            if (sanitized.length === 0) {
+                if (allowSyntheticToolResults && pending.size > 0) {
+                    flushPendingToolResults();
+                }
+                return undefined;
+            }
+            nextMessage = sanitized[0];
+        }
+        const nextRole = nextMessage.role;
+        if (nextRole === "toolResult") {
+            const id = extractToolResultId(nextMessage);
             const toolName = id ? pending.get(id) : undefined;
-            if (id)
+            if (id) {
                 pending.delete(id);
-            return originalAppend(persistToolResult(message, {
+            }
+            // Apply hard size cap before persistence to prevent oversized tool results
+            // from consuming the entire context window on subsequent LLM calls.
+            const capped = capToolResultSize(nextMessage);
+            return originalAppend(persistToolResult(capped, {
                 toolCallId: id ?? undefined,
                 toolName,
                 isSynthetic: false,
             }));
         }
-        const toolCalls = role === "assistant"
-            ? extractAssistantToolCalls(message)
+        const toolCalls = nextRole === "assistant"
+            ? extractAssistantToolCalls(nextMessage)
             : [];
         if (allowSyntheticToolResults) {
             // If previous tool calls are still pending, flush before non-tool results.
-            if (pending.size > 0 && (toolCalls.length === 0 || role !== "assistant")) {
+            if (pending.size > 0 && (toolCalls.length === 0 || nextRole !== "assistant")) {
                 flushPendingToolResults();
             }
             // If new tool calls arrive while older ones are pending, flush the old ones first.
@@ -78,7 +157,7 @@ export function installSessionToolResultGuard(sessionManager, opts) {
                 flushPendingToolResults();
             }
         }
-        const result = originalAppend(message);
+        const result = originalAppend(nextMessage);
         const sessionFile = sessionManager.getSessionFile?.();
         if (sessionFile) {
             emitSessionTranscriptUpdate(sessionFile);