@poolzin/pool-bot 2026.2.0 → 2026.2.1

package/dist/infra/exec-approvals.js

@@ -18,12 +18,15 @@ function hashExecApprovalsRaw(raw) {
         .digest("hex");
 }
 function expandHome(value) {
-    if (!value)
+    if (!value) {
         return value;
-    if (value === "~")
+    }
+    if (value === "~") {
         return os.homedir();
-    if (value.startsWith("~/"))
+    }
+    if (value.startsWith("~/")) {
         return path.join(os.homedir(), value.slice(2));
+    }
     return value;
 }
 export function resolveExecApprovalsPath() {
@@ -41,15 +44,18 @@ function mergeLegacyAgent(current, legacy) {
     const seen = new Set();
     const pushEntry = (entry) => {
         const key = normalizeAllowlistPattern(entry.pattern);
-        if (!key || seen.has(key))
+        if (!key || seen.has(key)) {
             return;
+        }
         seen.add(key);
         allowlist.push(entry);
     };
-    for (const entry of current.allowlist ?? [])
+    for (const entry of current.allowlist ?? []) {
         pushEntry(entry);
-    for (const entry of legacy.allowlist ?? [])
+    }
+    for (const entry of legacy.allowlist ?? []) {
         pushEntry(entry);
+    }
     return {
         security: current.security ?? legacy.security,
         ask: current.ask ?? legacy.ask,
@@ -62,13 +68,49 @@ function ensureDir(filePath) {
     const dir = path.dirname(filePath);
     fs.mkdirSync(dir, { recursive: true });
 }
+// Coerce legacy/corrupted allowlists into `ExecAllowlistEntry[]` before we spread
+// entries to add ids (spreading strings creates {"0":"l","1":"s",...}).
+function coerceAllowlistEntries(allowlist) {
+    if (!Array.isArray(allowlist) || allowlist.length === 0) {
+        return Array.isArray(allowlist) ? allowlist : undefined;
+    }
+    let changed = false;
+    const result = [];
+    for (const item of allowlist) {
+        if (typeof item === "string") {
+            const trimmed = item.trim();
+            if (trimmed) {
+                result.push({ pattern: trimmed });
+                changed = true;
+            }
+            else {
+                changed = true; // dropped empty string
+            }
+        }
+        else if (item && typeof item === "object" && !Array.isArray(item)) {
+            const pattern = item.pattern;
+            if (typeof pattern === "string" && pattern.trim().length > 0) {
+                result.push(item);
+            }
+            else {
+                changed = true; // dropped invalid entry
+            }
+        }
+        else {
+            changed = true; // dropped invalid entry
+        }
+    }
+    return changed ? (result.length > 0 ? result : undefined) : allowlist;
+}
 function ensureAllowlistIds(allowlist) {
-    if (!Array.isArray(allowlist) || allowlist.length === 0)
+    if (!Array.isArray(allowlist) || allowlist.length === 0) {
         return allowlist;
+    }
     let changed = false;
     const next = allowlist.map((entry) => {
-        if (entry.id)
+        if (entry.id) {
             return entry;
+        }
         changed = true;
         return { ...entry, id: crypto.randomUUID() };
     });
@@ -85,7 +127,8 @@ export function normalizeExecApprovals(file) {
         delete agents.default;
     }
     for (const [key, agent] of Object.entries(agents)) {
-        const allowlist = ensureAllowlistIds(agent.allowlist);
+        const coerced = coerceAllowlistEntries(agent.allowlist);
+        const allowlist = ensureAllowlistIds(coerced);
         if (allowlist !== agent.allowlist) {
             agents[key] = { ...agent, allowlist };
         }
@@ -184,13 +227,15 @@ export function ensureExecApprovals() {
     return updated;
 }
 function normalizeSecurity(value, fallback) {
-    if (value === "allowlist" || value === "full" || value === "deny")
+    if (value === "allowlist" || value === "full" || value === "deny") {
         return value;
+    }
     return fallback;
 }
 function normalizeAsk(value, fallback) {
-    if (value === "always" || value === "off" || value === "on-miss")
+    if (value === "always" || value === "off" || value === "on-miss") {
         return value;
+    }
     return fallback;
 }
 export function resolveExecApprovals(agentId, overrides) {
@@ -243,8 +288,9 @@ export function resolveExecApprovalsFromFile(params) {
 function isExecutableFile(filePath) {
     try {
         const stat = fs.statSync(filePath);
-        if (!stat.isFile())
+        if (!stat.isFile()) {
             return false;
+        }
         if (process.platform !== "win32") {
             fs.accessSync(filePath, fs.constants.X_OK);
         }
@@ -256,13 +302,15 @@ function isExecutableFile(filePath) {
 }
 function parseFirstToken(command) {
     const trimmed = command.trim();
-    if (!trimmed)
+    if (!trimmed) {
         return null;
+    }
     const first = trimmed[0];
     if (first === '"' || first === "'") {
         const end = trimmed.indexOf(first, 1);
-        if (end > 1)
+        if (end > 1) {
             return trimmed.slice(1, end);
+        }
         return trimmed.slice(1);
     }
     const match = /^[^\s]+/.exec(trimmed);
@@ -295,24 +343,27 @@ function resolveExecutablePath(rawExecutable, cwd, env) {
     for (const entry of entries) {
         for (const ext of extensions) {
             const candidate = path.join(entry, expanded + ext);
-            if (isExecutableFile(candidate))
+            if (isExecutableFile(candidate)) {
                 return candidate;
+            }
         }
     }
     return undefined;
 }
 export function resolveCommandResolution(command, cwd, env) {
     const rawExecutable = parseFirstToken(command);
-    if (!rawExecutable)
+    if (!rawExecutable) {
         return null;
+    }
     const resolvedPath = resolveExecutablePath(rawExecutable, cwd, env);
     const executableName = resolvedPath ? path.basename(resolvedPath) : rawExecutable;
     return { rawExecutable, resolvedPath, executableName };
 }
 export function resolveCommandResolutionFromArgv(argv, cwd, env) {
     const rawExecutable = argv[0]?.trim();
-    if (!rawExecutable)
+    if (!rawExecutable) {
         return null;
+    }
     const resolvedPath = resolveExecutablePath(rawExecutable, cwd, env);
     const executableName = resolvedPath ? path.basename(resolvedPath) : rawExecutable;
     return { rawExecutable, resolvedPath, executableName };
@@ -361,8 +412,9 @@ function globToRegExp(pattern) {
 }
 function matchesPattern(pattern, target) {
     const trimmed = pattern.trim();
-    if (!trimmed)
+    if (!trimmed) {
         return false;
+    }
     const expanded = trimmed.startsWith("~") ? expandHome(trimmed) : trimmed;
     const hasWildcard = /[*?]/.test(expanded);
     let normalizedPattern = expanded;
@@ -377,38 +429,64 @@ function matchesPattern(pattern, target) {
     return regex.test(normalizedTarget);
 }
 function resolveAllowlistCandidatePath(resolution, cwd) {
-    if (!resolution)
+    if (!resolution) {
         return undefined;
-    if (resolution.resolvedPath)
+    }
+    if (resolution.resolvedPath) {
         return resolution.resolvedPath;
+    }
     const raw = resolution.rawExecutable?.trim();
-    if (!raw)
+    if (!raw) {
         return undefined;
+    }
     const expanded = raw.startsWith("~") ? expandHome(raw) : raw;
-    if (!expanded.includes("/") && !expanded.includes("\\"))
+    if (!expanded.includes("/") && !expanded.includes("\\")) {
         return undefined;
-    if (path.isAbsolute(expanded))
+    }
+    if (path.isAbsolute(expanded)) {
         return expanded;
+    }
     const base = cwd && cwd.trim() ? cwd.trim() : process.cwd();
     return path.resolve(base, expanded);
 }
 export function matchAllowlist(entries, resolution) {
-    if (!entries.length || !resolution?.resolvedPath)
+    if (!entries.length || !resolution?.resolvedPath) {
         return null;
+    }
     const resolvedPath = resolution.resolvedPath;
     for (const entry of entries) {
         const pattern = entry.pattern?.trim();
-        if (!pattern)
+        if (!pattern) {
             continue;
+        }
         const hasPath = pattern.includes("/") || pattern.includes("\\") || pattern.includes("~");
-        if (!hasPath)
+        if (!hasPath) {
             continue;
-        if (matchesPattern(pattern, resolvedPath))
+        }
+        if (matchesPattern(pattern, resolvedPath)) {
             return entry;
+        }
     }
     return null;
 }
 const DISALLOWED_PIPELINE_TOKENS = new Set([">", "<", "`", "\n", "\r", "(", ")"]);
+const DOUBLE_QUOTE_ESCAPES = new Set(["\\", '"', "$", "`", "\n", "\r"]);
+const WINDOWS_UNSUPPORTED_TOKENS = new Set([
+    "&",
+    "|",
+    "<",
+    ">",
+    "^",
+    "(",
+    ")",
+    "%",
+    "!",
+    "\n",
+    "\r",
+]);
+function isDoubleQuoteEscape(next) {
+    return Boolean(next && DOUBLE_QUOTE_ESCAPES.has(next));
+}
 /**
  * Iterates through a command string while respecting shell quoting rules.
  * The callback receives each character and the next character, and returns an action:
@@ -445,14 +523,31 @@ function iterateQuoteAware(command, onChar) {
             continue;
         }
         if (inSingle) {
-            if (ch === "'")
+            if (ch === "'") {
                 inSingle = false;
+            }
             buf += ch;
             continue;
         }
         if (inDouble) {
-            if (ch === '"')
+            if (ch === "\\" && isDoubleQuoteEscape(next)) {
+                buf += ch;
+                buf += next;
+                i += 1;
+                continue;
+            }
+            if (ch === "$" && next === "(") {
+                return { ok: false, reason: "unsupported shell token: $()" };
+            }
+            if (ch === "`") {
+                return { ok: false, reason: "unsupported shell token: `" };
+            }
+            if (ch === "\n" || ch === "\r") {
+                return { ok: false, reason: "unsupported shell token: newline" };
+            }
+            if (ch === '"') {
                 inDouble = false;
+            }
             buf += ch;
             continue;
         }
@@ -523,6 +618,75 @@ function splitShellPipeline(command) {
     }
     return { ok: true, segments: result.parts };
 }
+function findWindowsUnsupportedToken(command) {
+    for (const ch of command) {
+        if (WINDOWS_UNSUPPORTED_TOKENS.has(ch)) {
+            if (ch === "\n" || ch === "\r") {
+                return "newline";
+            }
+            return ch;
+        }
+    }
+    return null;
+}
+function tokenizeWindowsSegment(segment) {
+    const tokens = [];
+    let buf = "";
+    let inDouble = false;
+    const pushToken = () => {
+        if (buf.length > 0) {
+            tokens.push(buf);
+            buf = "";
+        }
+    };
+    for (let i = 0; i < segment.length; i += 1) {
+        const ch = segment[i];
+        if (ch === '"') {
+            inDouble = !inDouble;
+            continue;
+        }
+        if (!inDouble && /\s/.test(ch)) {
+            pushToken();
+            continue;
+        }
+        buf += ch;
+    }
+    if (inDouble) {
+        return null;
+    }
+    pushToken();
+    return tokens.length > 0 ? tokens : null;
+}
+function analyzeWindowsShellCommand(params) {
+    const unsupported = findWindowsUnsupportedToken(params.command);
+    if (unsupported) {
+        return {
+            ok: false,
+            reason: `unsupported windows shell token: ${unsupported}`,
+            segments: [],
+        };
+    }
+    const argv = tokenizeWindowsSegment(params.command);
+    if (!argv || argv.length === 0) {
+        return { ok: false, reason: "unable to parse windows command", segments: [] };
+    }
+    return {
+        ok: true,
+        segments: [
+            {
+                raw: params.command,
+                argv,
+                resolution: resolveCommandResolutionFromArgv(argv, params.cwd, params.env),
+            },
+        ],
+    };
+}
+function isWindowsPlatform(platform) {
+    const normalized = String(platform ?? "")
+        .trim()
+        .toLowerCase();
+    return normalized.startsWith("win");
+}
 function tokenizeShellSegment(segment) {
     const tokens = [];
     let buf = "";
@@ -556,6 +720,12 @@ function tokenizeShellSegment(segment) {
             continue;
         }
         if (inDouble) {
+            const next = segment[i + 1];
+            if (ch === "\\" && isDoubleQuoteEscape(next)) {
+                buf += next;
+                i += 1;
+                continue;
+            }
             if (ch === '"') {
                 inDouble = false;
             }
@@ -600,6 +770,9 @@ function parseSegmentsFromParts(parts, cwd, env) {
     return segments;
 }
 export function analyzeShellCommand(params) {
+    if (isWindowsPlatform(params.platform)) {
+        return analyzeWindowsShellCommand(params);
+    }
     // First try splitting by chain operators (&&, ||, ;)
     const chainParts = splitCommandChain(params.command);
     if (chainParts) {
@@ -648,14 +821,18 @@ export function analyzeArgvCommand(params) {
 }
 function isPathLikeToken(value) {
     const trimmed = value.trim();
-    if (!trimmed)
+    if (!trimmed) {
         return false;
-    if (trimmed === "-")
+    }
+    if (trimmed === "-") {
         return false;
-    if (trimmed.startsWith("./") || trimmed.startsWith("../") || trimmed.startsWith("~"))
+    }
+    if (trimmed.startsWith("./") || trimmed.startsWith("../") || trimmed.startsWith("~")) {
         return true;
-    if (trimmed.startsWith("/"))
+    }
+    if (trimmed.startsWith("/")) {
         return true;
+    }
     return /^[A-Za-z]:[\\/]/.test(trimmed);
 }
 function defaultFileExists(filePath) {
@@ -667,40 +844,48 @@ function defaultFileExists(filePath) {
     }
 }
 export function normalizeSafeBins(entries) {
-    if (!Array.isArray(entries))
+    if (!Array.isArray(entries)) {
         return new Set();
+    }
     const normalized = entries
         .map((entry) => entry.trim().toLowerCase())
         .filter((entry) => entry.length > 0);
     return new Set(normalized);
 }
 export function resolveSafeBins(entries) {
-    if (entries === undefined)
+    if (entries === undefined) {
         return normalizeSafeBins(DEFAULT_SAFE_BINS);
+    }
     return normalizeSafeBins(entries ?? []);
 }
 export function isSafeBinUsage(params) {
-    if (params.safeBins.size === 0)
+    if (params.safeBins.size === 0) {
         return false;
+    }
     const resolution = params.resolution;
     const execName = resolution?.executableName?.toLowerCase();
-    if (!execName)
+    if (!execName) {
         return false;
+    }
     const matchesSafeBin = params.safeBins.has(execName) ||
         (process.platform === "win32" && params.safeBins.has(path.parse(execName).name));
-    if (!matchesSafeBin)
+    if (!matchesSafeBin) {
         return false;
-    if (!resolution?.resolvedPath)
+    }
+    if (!resolution?.resolvedPath) {
         return false;
+    }
     const cwd = params.cwd ?? process.cwd();
     const exists = params.fileExists ?? defaultFileExists;
     const argv = params.argv.slice(1);
     for (let i = 0; i < argv.length; i += 1) {
         const token = argv[i];
-        if (!token)
+        if (!token) {
             continue;
-        if (token === "-")
+        }
+        if (token === "-") {
             continue;
+        }
         if (token.startsWith("-")) {
             const eqIndex = token.indexOf("=");
             if (eqIndex > 0) {
@@ -711,10 +896,12 @@ export function isSafeBinUsage(params) {
             }
             continue;
         }
-        if (isPathLikeToken(token))
+        if (isPathLikeToken(token)) {
             return false;
-        if (exists(path.resolve(cwd, token)))
+        }
+        if (exists(path.resolve(cwd, token))) {
             return false;
+        }
     }
     return true;
 }
@@ -727,8 +914,9 @@ function evaluateSegments(segments, params) {
             ? { ...segment.resolution, resolvedPath: candidatePath }
             : segment.resolution;
         const match = matchAllowlist(params.allowlist, candidateResolution);
-        if (match)
+        if (match) {
             matches.push(match);
+        }
         const safe = isSafeBinUsage({
             argv: segment.argv,
             resolution: segment.resolution,
@@ -798,6 +986,7 @@ function splitCommandChain(command) {
     };
     for (let i = 0; i < command.length; i += 1) {
         const ch = command[i];
+        const next = command[i + 1];
         if (escaped) {
             buf += ch;
             escaped = false;
@@ -809,14 +998,22 @@ function splitCommandChain(command) {
             continue;
         }
         if (inSingle) {
-            if (ch === "'")
+            if (ch === "'") {
                 inSingle = false;
+            }
             buf += ch;
             continue;
         }
         if (inDouble) {
-            if (ch === '"')
+            if (ch === "\\" && isDoubleQuoteEscape(next)) {
+                buf += ch;
+                buf += next;
+                i += 1;
+                continue;
+            }
+            if (ch === '"') {
                 inDouble = false;
+            }
             buf += ch;
             continue;
         }
@@ -831,44 +1028,50 @@ function splitCommandChain(command) {
             continue;
         }
         if (ch === "&" && command[i + 1] === "&") {
-            if (!pushPart())
+            if (!pushPart()) {
                 invalidChain = true;
+            }
             i += 1;
             foundChain = true;
             continue;
         }
         if (ch === "|" && command[i + 1] === "|") {
-            if (!pushPart())
+            if (!pushPart()) {
                 invalidChain = true;
+            }
             i += 1;
             foundChain = true;
             continue;
         }
         if (ch === ";") {
-            if (!pushPart())
+            if (!pushPart()) {
                 invalidChain = true;
+            }
             foundChain = true;
             continue;
         }
         buf += ch;
     }
     const pushedFinal = pushPart();
-    if (!foundChain)
+    if (!foundChain) {
         return null;
-    if (invalidChain || !pushedFinal)
+    }
+    if (invalidChain || !pushedFinal) {
         return null;
+    }
     return parts.length > 0 ? parts : null;
 }
 /**
  * Evaluates allowlist for shell commands (including &&, ||, ;) and returns analysis metadata.
  */
 export function evaluateShellAllowlist(params) {
-    const chainParts = splitCommandChain(params.command);
+    const chainParts = isWindowsPlatform(params.platform) ? null : splitCommandChain(params.command);
     if (!chainParts) {
         const analysis = analyzeShellCommand({
             command: params.command,
             cwd: params.cwd,
             env: params.env,
+            platform: params.platform,
         });
         if (!analysis.ok) {
             return {
@@ -900,6 +1103,7 @@ export function evaluateShellAllowlist(params) {
             command: part,
             cwd: params.cwd,
             env: params.env,
+            platform: params.platform,
         });
         if (!analysis.ok) {
             return {
@@ -965,10 +1169,12 @@ export function addAllowlistEntry(approvals, agentId, pattern) {
     const existing = agents[target] ?? {};
     const allowlist = Array.isArray(existing.allowlist) ? existing.allowlist : [];
     const trimmed = pattern.trim();
-    if (!trimmed)
+    if (!trimmed) {
         return;
-    if (allowlist.some((entry) => entry.pattern === trimmed))
+    }
+    if (allowlist.some((entry) => entry.pattern === trimmed)) {
         return;
+    }
     allowlist.push({ id: crypto.randomUUID(), pattern: trimmed, lastUsedAt: Date.now() });
     agents[target] = { ...existing, allowlist };
     approvals.agents = agents;
@@ -984,16 +1190,18 @@ export function maxAsk(a, b) {
 }
 export async function requestExecApprovalViaSocket(params) {
     const { socketPath, token, request } = params;
-    if (!socketPath || !token)
+    if (!socketPath || !token) {
         return null;
+    }
     const timeoutMs = params.timeoutMs ?? 15_000;
     return await new Promise((resolve) => {
         const client = new net.Socket();
         let settled = false;
         let buffer = "";
         const finish = (value) => {
-            if (settled)
+            if (settled) {
                 return;
+            }
             settled = true;
             try {
                 client.destroy();
@@ -1021,8 +1229,9 @@ export async function requestExecApprovalViaSocket(params) {
                 const line = buffer.slice(0, idx).trim();
                 buffer = buffer.slice(idx + 1);
                 idx = buffer.indexOf("\n");
-                if (!line)
+                if (!line) {
                     continue;
+                }
                 try {
                     const msg = JSON.parse(line);
                     if (msg?.type === "decision" && msg.decision) {