@poolzin/pool-bot 2026.2.0 → 2026.2.1

package/dist/agents/bash-tools.exec.js

@@ -15,6 +15,46 @@ import { listNodes, resolveNodeIdFromList } from "./tools/nodes-utils.js";
 import { getShellConfig, sanitizeBinaryOutput } from "./shell-utils.js";
 import { buildCursorPositionResponse, stripDsrRequests } from "./pty-dsr.js";
 import { parseAgentSessionKey, resolveAgentIdFromSessionKey } from "../routing/session-key.js";
+// Security: Blocklist of environment variables that could alter execution flow
+// or inject code when running on non-sandboxed hosts (Gateway/Node).
+const DANGEROUS_HOST_ENV_VARS = new Set([
+    "LD_PRELOAD",
+    "LD_LIBRARY_PATH",
+    "LD_AUDIT",
+    "DYLD_INSERT_LIBRARIES",
+    "DYLD_LIBRARY_PATH",
+    "NODE_OPTIONS",
+    "NODE_PATH",
+    "PYTHONPATH",
+    "PYTHONHOME",
+    "RUBYLIB",
+    "PERL5LIB",
+    "BASH_ENV",
+    "ENV",
+    "GCONV_PATH",
+    "IFS",
+    "SSLKEYLOGFILE",
+]);
+const DANGEROUS_HOST_ENV_PREFIXES = ["DYLD_", "LD_"];
+// Centralized sanitization helper.
+// Throws an error if dangerous variables or PATH modifications are detected on the host.
+function validateHostEnv(env) {
+    for (const key of Object.keys(env)) {
+        const upperKey = key.toUpperCase();
+        // 1. Block known dangerous variables (Fail Closed)
+        if (DANGEROUS_HOST_ENV_PREFIXES.some((prefix) => upperKey.startsWith(prefix))) {
+            throw new Error(`Security Violation: Environment variable '${key}' is forbidden during host execution.`);
+        }
+        if (DANGEROUS_HOST_ENV_VARS.has(upperKey)) {
+            throw new Error(`Security Violation: Environment variable '${key}' is forbidden during host execution.`);
+        }
+        // 2. Strictly block PATH modification on host
+        // Allowing custom PATH on the gateway/node can lead to binary hijacking.
+        if (upperKey === "PATH") {
+            throw new Error("Security Violation: Custom 'PATH' variable is forbidden during host execution.");
+        }
+    }
+}
 const DEFAULT_MAX_OUTPUT = clampNumber(readEnvInt("PI_BASH_MAX_OUTPUT_CHARS"), 200_000, 1_000, 200_000);
 const DEFAULT_PENDING_MAX_OUTPUT = clampNumber(readEnvInt("CLAWDBOT_BASH_PENDING_MAX_OUTPUT_CHARS"), 200_000, 1_000, 200_000);
 const DEFAULT_PATH = process.env.PATH ?? "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin";
@@ -643,6 +683,11 @@ export function createExecTool(defaults) {
                 workdir = resolveWorkdir(rawWorkdir, warnings);
             }
             const baseEnv = coerceEnv(process.env);
+            // Logic: Sandbox gets raw env. Host (gateway/node) must pass validation.
+            // We validate BEFORE merging to prevent any dangerous vars from entering the stream.
+            if (host !== "sandbox" && params.env) {
+                validateHostEnv(params.env);
+            }
             const mergedEnv = params.env ? { ...baseEnv, ...params.env } : baseEnv;
             const env = sandbox
                 ? buildSandboxEnv({
@@ -684,7 +729,7 @@ export function createExecTool(defaults) {
                 }
                 catch (err) {
                     if (!nodeQuery && String(err).includes("node required")) {
-                        throw new Error("exec host=node requires a node id when multiple nodes are available (set tools.exec.node or exec.node).");
+                        throw new Error("exec host=node requires a node id when multiple nodes are available (set tools.exec.node or exec.node).", { cause: err });
                     }
                     throw err;
                 }
@@ -706,12 +751,13 @@ export function createExecTool(defaults) {
                     safeBins: new Set(),
                     cwd: workdir,
                     env,
+                    platform: nodeInfo?.platform,
                 });
                 let analysisOk = baseAllowlistEval.analysisOk;
                 let allowlistSatisfied = false;
                 if (hostAsk === "on-miss" && hostSecurity === "allowlist" && analysisOk) {
                     try {
-                        const approvalsSnapshot = (await callGatewayTool("exec.approvals.node.get", { timeoutMs: 10_000 }, { nodeId }));
+                        const approvalsSnapshot = await callGatewayTool("exec.approvals.node.get", { timeoutMs: 10_000 }, { nodeId });
                         const approvalsFile = approvalsSnapshot && typeof approvalsSnapshot === "object"
                             ? approvalsSnapshot.file
                             : undefined;
@@ -728,6 +774,7 @@ export function createExecTool(defaults) {
                                 safeBins: new Set(),
                                 cwd: workdir,
                                 env,
+                                platform: nodeInfo?.platform,
                             });
                             allowlistSatisfied = allowlistEval.allowlistSatisfied;
                             analysisOk = allowlistEval.analysisOk;
@@ -772,7 +819,7 @@ export function createExecTool(defaults) {
                     void (async () => {
                         let decision = null;
                         try {
-                            const decisionResult = (await callGatewayTool("exec.approval.request", { timeoutMs: DEFAULT_APPROVAL_REQUEST_TIMEOUT_MS }, {
+                            const decisionResult = await callGatewayTool("exec.approval.request", { timeoutMs: DEFAULT_APPROVAL_REQUEST_TIMEOUT_MS }, {
                                 id: approvalId,
                                 command: commandText,
                                 cwd: workdir,
@@ -783,11 +830,11 @@ export function createExecTool(defaults) {
                                 resolvedPath: undefined,
                                 sessionKey: defaults?.sessionKey,
                                 timeoutMs: DEFAULT_APPROVAL_TIMEOUT_MS,
-                            }));
-                            decision =
-                                decisionResult && typeof decisionResult === "object"
-                                    ? (decisionResult.decision ?? null)
-                                    : null;
+                            });
+                            const decisionValue = decisionResult && typeof decisionResult === "object"
+                                ? decisionResult.decision
+                                : undefined;
+                            decision = typeof decisionValue === "string" ? decisionValue : null;
                         }
                         catch {
                             emitExecSystemEvent(`Exec denied (node=${nodeId} id=${approvalId}, approval-request-failed): ${commandText}`, { sessionKey: notifySessionKey, contextKey });
@@ -861,20 +908,26 @@ export function createExecTool(defaults) {
                     };
                 }
                 const startedAt = Date.now();
-                const raw = (await callGatewayTool("node.invoke", { timeoutMs: invokeTimeoutMs }, buildInvokeParams(false, null)));
-                const payload = raw?.payload ?? {};
+                const raw = await callGatewayTool("node.invoke", { timeoutMs: invokeTimeoutMs }, buildInvokeParams(false, null));
+                const payload = raw && typeof raw === "object" ? raw.payload : undefined;
+                const payloadObj = payload && typeof payload === "object" ? payload : {};
+                const stdout = typeof payloadObj.stdout === "string" ? payloadObj.stdout : "";
+                const stderr = typeof payloadObj.stderr === "string" ? payloadObj.stderr : "";
+                const errorText = typeof payloadObj.error === "string" ? payloadObj.error : "";
+                const success = typeof payloadObj.success === "boolean" ? payloadObj.success : false;
+                const exitCode = typeof payloadObj.exitCode === "number" ? payloadObj.exitCode : null;
                 return {
                     content: [
                         {
                             type: "text",
-                            text: payload.stdout || payload.stderr || payload.error || "",
+                            text: stdout || stderr || errorText || "",
                         },
                     ],
                     details: {
-                        status: payload.success ? "completed" : "failed",
-                        exitCode: payload.exitCode ?? null,
+                        status: success ? "completed" : "failed",
+                        exitCode,
                         durationMs: Date.now() - startedAt,
-                        aggregated: [payload.stdout, payload.stderr, payload.error].filter(Boolean).join("\n"),
+                        aggregated: [stdout, stderr, errorText].filter(Boolean).join("\n"),
                         cwd: workdir,
                     },
                 };
@@ -893,6 +946,7 @@ export function createExecTool(defaults) {
                     safeBins,
                     cwd: workdir,
                     env,
+                    platform: process.platform,
                 });
                 const allowlistMatches = allowlistEval.allowlistMatches;
                 const analysisOk = allowlistEval.analysisOk;
@@ -916,7 +970,7 @@ export function createExecTool(defaults) {
                     void (async () => {
                         let decision = null;
                         try {
-                            const decisionResult = (await callGatewayTool("exec.approval.request", { timeoutMs: DEFAULT_APPROVAL_REQUEST_TIMEOUT_MS }, {
+                            const decisionResult = await callGatewayTool("exec.approval.request", { timeoutMs: DEFAULT_APPROVAL_REQUEST_TIMEOUT_MS }, {
                                 id: approvalId,
                                 command: commandText,
                                 cwd: workdir,
@@ -927,11 +981,11 @@ export function createExecTool(defaults) {
                                 resolvedPath,
                                 sessionKey: defaults?.sessionKey,
                                 timeoutMs: DEFAULT_APPROVAL_TIMEOUT_MS,
-                            }));
-                            decision =
-                                decisionResult && typeof decisionResult === "object"
-                                    ? (decisionResult.decision ?? null)
-                                    : null;
+                            });
+                            const decisionValue = decisionResult && typeof decisionResult === "object"
+                                ? decisionResult.decision
+                                : undefined;
+                            decision = typeof decisionValue === "string" ? decisionValue : null;
                         }
                         catch {
                             emitExecSystemEvent(`Exec denied (gateway id=${approvalId}, approval-request-failed): ${commandText}`, { sessionKey: notifySessionKey, contextKey });
@@ -1033,8 +1087,7 @@ export function createExecTool(defaults) {
                         content: [
                             {
                                 type: "text",
-                                text: `${warningText}` +
-                                    `Approval required (id ${approvalSlug}). ` +
+                                text: `${warningText}Approval required (id ${approvalSlug}). ` +
                                     "Approve to run; updates will arrive after completion.",
                             },
                         ],
@@ -1099,9 +1152,7 @@ export function createExecTool(defaults) {
                     content: [
                         {
                             type: "text",
-                            text: `${getWarningText()}` +
-                                `Command still running (session ${run.session.id}, pid ${run.session.pid ?? "n/a"}). ` +
-                                "Use process (list/poll/log/write/kill/clear/remove) for follow-up.",
+                            text: `${getWarningText()}Command still running (session ${run.session.id}, pid ${run.session.pid ?? "n/a"}). Use process (list/poll/log/write/kill/clear/remove) for follow-up.`,
                         },
                     ],
                     details: {

package/dist/agents/cli-runner/helpers.js

@@ -3,14 +3,13 @@ import fs from "node:fs/promises";
 import os from "node:os";
 import path from "node:path";
 import { runExec } from "../../process/exec.js";
-import { buildSystemPromptParams } from "../system-prompt-params.js";
+import { buildTtsSystemPromptHint } from "../../tts/tts.js";
+import { escapeRegExp, isRecord } from "../../utils.js";
 import { resolveDefaultModelForAgent } from "../model-selection.js";
+import { detectRuntimeShell } from "../shell-utils.js";
+import { buildSystemPromptParams } from "../system-prompt-params.js";
 import { buildAgentSystemPrompt } from "../system-prompt.js";
-import { buildTtsSystemPromptHint } from "../../tts/tts.js";
 const CLI_RUN_QUEUE = new Map();
-function escapeRegex(value) {
-    return value.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
-}
 export async function cleanupResumeProcesses(backend, sessionId) {
     if (process.platform === "win32")
         return;
@@ -25,7 +24,7 @@ export async function cleanupResumeProcesses(backend, sessionId) {
     const resumeTokens = resumeArgs.map((arg) => arg.replaceAll("{sessionId}", sessionId));
     const pattern = [commandToken, ...resumeTokens]
         .filter(Boolean)
-        .map((token) => escapeRegex(token))
+        .map((token) => escapeRegExp(token))
         .join(".*");
     if (!pattern)
         return;
@@ -69,8 +68,8 @@ function buildSessionMatchers(backend) {
 }
 function tokenToRegex(token) {
     if (!token.includes("{sessionId}"))
-        return escapeRegex(token);
-    const parts = token.split("{sessionId}").map((part) => escapeRegex(part));
+        return escapeRegExp(token);
+    const parts = token.split("{sessionId}").map((part) => escapeRegExp(part));
     return parts.join("\\S+");
 }
 /**
@@ -158,6 +157,7 @@ export function buildSystemPrompt(params) {
             node: process.version,
             model: params.modelDisplay,
             defaultModel: defaultModelLabel,
+            shell: detectRuntimeShell(),
         },
     });
     const ttsHint = params.config ? buildTtsSystemPromptHint(params.config) : undefined;
@@ -177,6 +177,7 @@ export function buildSystemPrompt(params) {
         userTimeFormat,
         contextFiles: params.contextFiles,
         ttsHint,
+        memoryCitationsMode: params.config?.memory?.citations,
     });
 }
 export function normalizeCliModel(modelId, backend) {
@@ -203,9 +204,6 @@ function toUsage(raw) {
         return undefined;
     return { input, output, cacheRead, cacheWrite, total };
 }
-function isRecord(value) {
-    return Boolean(value && typeof value === "object" && !Array.isArray(value));
-}
 function collectText(value) {
     if (!value)
         return "";

package/dist/agents/identity.js

@@ -5,15 +5,17 @@ export function resolveAgentIdentity(cfg, agentId) {
 }
 export function resolveAckReaction(cfg, agentId) {
     const configured = cfg.messages?.ackReaction;
-    if (configured !== undefined)
+    if (configured !== undefined) {
         return configured.trim();
+    }
     const emoji = resolveAgentIdentity(cfg, agentId)?.emoji?.trim();
     return emoji || DEFAULT_ACK_REACTION;
 }
 export function resolveIdentityNamePrefix(cfg, agentId) {
     const name = resolveAgentIdentity(cfg, agentId)?.name?.trim();
-    if (!name)
+    if (!name) {
         return undefined;
+    }
     return `[${name}]`;
 }
 /** Returns just the identity name (without brackets) for template context. */
@@ -22,14 +24,48 @@ export function resolveIdentityName(cfg, agentId) {
 }
 export function resolveMessagePrefix(cfg, agentId, opts) {
     const configured = opts?.configured ?? cfg.messages?.messagePrefix;
-    if (configured !== undefined)
+    if (configured !== undefined) {
         return configured;
+    }
     const hasAllowFrom = opts?.hasAllowFrom === true;
-    if (hasAllowFrom)
+    if (hasAllowFrom) {
         return "";
+    }
     return resolveIdentityNamePrefix(cfg, agentId) ?? opts?.fallback ?? "[poolbot]";
 }
-export function resolveResponsePrefix(cfg, agentId) {
+/** Helper to extract a channel config value by dynamic key. */
+function getChannelConfig(cfg, channel) {
+    const channels = cfg.channels;
+    const value = channels?.[channel];
+    return typeof value === "object" && value !== null
+        ? value
+        : undefined;
+}
+export function resolveResponsePrefix(cfg, agentId, opts) {
+    // L1: Channel account level
+    if (opts?.channel && opts?.accountId) {
+        const channelCfg = getChannelConfig(cfg, opts.channel);
+        const accounts = channelCfg?.accounts;
+        const accountPrefix = accounts?.[opts.accountId]?.responsePrefix;
+        if (accountPrefix !== undefined) {
+            if (accountPrefix === "auto") {
+                return resolveIdentityNamePrefix(cfg, agentId);
+            }
+            return accountPrefix;
+        }
+    }
+    // L2: Channel level
+    if (opts?.channel) {
+        const channelCfg = getChannelConfig(cfg, opts.channel);
+        const channelPrefix = channelCfg?.responsePrefix;
+        if (channelPrefix !== undefined) {
+            if (channelPrefix === "auto") {
+                return resolveIdentityNamePrefix(cfg, agentId);
+            }
+            return channelPrefix;
+        }
+    }
+    // L4: Global level
     const configured = cfg.messages?.responsePrefix;
     if (configured !== undefined) {
         if (configured === "auto") {
@@ -45,14 +81,18 @@ export function resolveEffectiveMessagesConfig(cfg, agentId, opts) {
             hasAllowFrom: opts?.hasAllowFrom,
             fallback: opts?.fallbackMessagePrefix,
         }),
-        responsePrefix: resolveResponsePrefix(cfg, agentId),
+        responsePrefix: resolveResponsePrefix(cfg, agentId, {
+            channel: opts?.channel,
+            accountId: opts?.accountId,
+        }),
     };
 }
 export function resolveHumanDelayConfig(cfg, agentId) {
     const defaults = cfg.agents?.defaults?.humanDelay;
     const overrides = resolveAgentConfig(cfg, agentId)?.humanDelay;
-    if (!defaults && !overrides)
+    if (!defaults && !overrides) {
         return undefined;
+    }
     return {
         mode: overrides?.mode ?? defaults?.mode,
         minMs: overrides?.minMs ?? defaults?.minMs,

package/dist/agents/memory-search.js

@@ -5,6 +5,7 @@ import { clampInt, clampNumber, resolveUserPath } from "../utils.js";
 import { resolveAgentConfig } from "./agent-scope.js";
 const DEFAULT_OPENAI_MODEL = "text-embedding-3-small";
 const DEFAULT_GEMINI_MODEL = "gemini-embedding-001";
+const DEFAULT_VOYAGE_MODEL = "voyage-4-large";
 const DEFAULT_CHUNK_TOKENS = 400;
 const DEFAULT_CHUNK_OVERLAP = 80;
 const DEFAULT_WATCH_DEBOUNCE_MS = 1500;
@@ -22,20 +23,24 @@ function normalizeSources(sources, sessionMemoryEnabled) {
     const normalized = new Set();
     const input = sources?.length ? sources : DEFAULT_SOURCES;
     for (const source of input) {
-        if (source === "memory")
+        if (source === "memory") {
             normalized.add("memory");
-        if (source === "sessions" && sessionMemoryEnabled)
+        }
+        if (source === "sessions" && sessionMemoryEnabled) {
             normalized.add("sessions");
+        }
     }
-    if (normalized.size === 0)
+    if (normalized.size === 0) {
         normalized.add("memory");
+    }
     return Array.from(normalized);
 }
 function resolveStorePath(agentId, raw) {
     const stateDir = resolveStateDir(process.env, os.homedir);
     const fallback = path.join(stateDir, "memory", `${agentId}.sqlite`);
-    if (!raw)
+    if (!raw) {
         return fallback;
+    }
     const withToken = raw.includes("{agentId}") ? raw.replaceAll("{agentId}", agentId) : raw;
     return resolveUserPath(withToken);
 }
@@ -51,9 +56,13 @@ function mergeConfig(defaults, overrides, agentId) {
         defaultRemote?.baseUrl ||
         defaultRemote?.apiKey ||
         defaultRemote?.headers);
-    const includeRemote = hasRemoteConfig || provider === "openai" || provider === "gemini" || provider === "auto";
+    const includeRemote = hasRemoteConfig ||
+        provider === "openai" ||
+        provider === "gemini" ||
+        provider === "voyage" ||
+        provider === "auto";
     const batch = {
-        enabled: overrideRemote?.batch?.enabled ?? defaultRemote?.batch?.enabled ?? true,
+        enabled: overrideRemote?.batch?.enabled ?? defaultRemote?.batch?.enabled ?? false,
         wait: overrideRemote?.batch?.wait ?? defaultRemote?.batch?.wait ?? true,
         concurrency: Math.max(1, overrideRemote?.batch?.concurrency ?? defaultRemote?.batch?.concurrency ?? 2),
         pollIntervalMs: overrideRemote?.batch?.pollIntervalMs ?? defaultRemote?.batch?.pollIntervalMs ?? 2000,
@@ -72,13 +81,19 @@ function mergeConfig(defaults, overrides, agentId) {
         ? DEFAULT_GEMINI_MODEL
         : provider === "openai"
             ? DEFAULT_OPENAI_MODEL
-            : undefined;
+            : provider === "voyage"
+                ? DEFAULT_VOYAGE_MODEL
+                : undefined;
     const model = overrides?.model ?? defaults?.model ?? modelDefault ?? "";
     const local = {
         modelPath: overrides?.local?.modelPath ?? defaults?.local?.modelPath,
         modelCacheDir: overrides?.local?.modelCacheDir ?? defaults?.local?.modelCacheDir,
     };
     const sources = normalizeSources(overrides?.sources ?? defaults?.sources, sessionMemory);
+    const rawPaths = [...(defaults?.extraPaths ?? []), ...(overrides?.extraPaths ?? [])]
+        .map((value) => value.trim())
+        .filter(Boolean);
+    const extraPaths = Array.from(new Set(rawPaths));
     const vector = {
         enabled: overrides?.store?.vector?.enabled ?? defaults?.store?.vector?.enabled ?? true,
         extensionPath: overrides?.store?.vector?.extensionPath ?? defaults?.store?.vector?.extensionPath,
@@ -144,6 +159,7 @@ function mergeConfig(defaults, overrides, agentId) {
     return {
         enabled,
         sources,
+        extraPaths,
         provider,
         remote,
         experimental: {
@@ -183,7 +199,8 @@ export function resolveMemorySearchConfig(cfg, agentId) {
     const defaults = cfg.agents?.defaults?.memorySearch;
     const overrides = resolveAgentConfig(cfg, agentId)?.memorySearch;
     const resolved = mergeConfig(defaults, overrides, agentId);
-    if (!resolved.enabled)
+    if (!resolved.enabled) {
         return null;
+    }
     return resolved;
 }

package/dist/agents/model-selection.js

@@ -68,6 +68,27 @@ export function parseModelRef(raw, defaultProvider) {
     const normalizedModel = normalizeProviderModelId(provider, model);
     return { provider, model: normalizedModel };
 }
+export function resolveAllowlistModelKey(raw, defaultProvider) {
+    const parsed = parseModelRef(raw, defaultProvider);
+    if (!parsed) {
+        return null;
+    }
+    return modelKey(parsed.provider, parsed.model);
+}
+export function buildConfiguredAllowlistKeys(params) {
+    const rawAllowlist = Object.keys(params.cfg?.agents?.defaults?.models ?? {});
+    if (rawAllowlist.length === 0) {
+        return null;
+    }
+    const keys = new Set();
+    for (const raw of rawAllowlist) {
+        const key = resolveAllowlistModelKey(String(raw ?? ""), params.defaultProvider);
+        if (key) {
+            keys.add(key);
+        }
+    }
+    return keys.size > 0 ? keys : null;
+}
 export function buildModelAliasIndex(params) {
     const byAlias = new Map();
     const byKey = new Map();