@poolzin/pool-bot 2026.2.0 → 2026.2.1

package/dist/infra/net/ssrf.js

@@ -1,5 +1,5 @@
-import { lookup as dnsLookup } from "node:dns/promises";
 import { lookup as dnsLookupCb } from "node:dns";
+import { lookup as dnsLookup } from "node:dns/promises";
 import { Agent } from "undici";
 export class SsrFBlockedError extends Error {
     constructor(message) {
@@ -16,13 +16,21 @@ function normalizeHostname(hostname) {
     }
     return normalized;
 }
+function normalizeHostnameSet(values) {
+    if (!values || values.length === 0) {
+        return new Set();
+    }
+    return new Set(values.map((value) => normalizeHostname(value)).filter(Boolean));
+}
 function parseIpv4(address) {
     const parts = address.split(".");
-    if (parts.length !== 4)
+    if (parts.length !== 4) {
         return null;
+    }
     const numbers = parts.map((part) => Number.parseInt(part, 10));
-    if (numbers.some((value) => Number.isNaN(value) || value < 0 || value > 255))
+    if (numbers.some((value) => Number.isNaN(value) || value < 0 || value > 255)) {
         return null;
+    }
     return numbers;
 }
 function parseIpv4FromMappedIpv6(mapped) {
@@ -32,12 +40,14 @@ function parseIpv4FromMappedIpv6(mapped) {
     const parts = mapped.split(":").filter(Boolean);
     if (parts.length === 1) {
         const value = Number.parseInt(parts[0], 16);
-        if (Number.isNaN(value) || value < 0 || value > 0xffff_ffff)
+        if (Number.isNaN(value) || value < 0 || value > 0xffff_ffff) {
             return null;
+        }
         return [(value >>> 24) & 0xff, (value >>> 16) & 0xff, (value >>> 8) & 0xff, value & 0xff];
     }
-    if (parts.length !== 2)
+    if (parts.length !== 2) {
         return null;
+    }
     const high = Number.parseInt(parts[0], 16);
     const low = Number.parseInt(parts[1], 16);
     if (Number.isNaN(high) ||
@@ -53,20 +63,27 @@ function parseIpv4FromMappedIpv6(mapped) {
 }
 function isPrivateIpv4(parts) {
     const [octet1, octet2] = parts;
-    if (octet1 === 0)
+    if (octet1 === 0) {
         return true;
-    if (octet1 === 10)
+    }
+    if (octet1 === 10) {
         return true;
-    if (octet1 === 127)
+    }
+    if (octet1 === 127) {
         return true;
-    if (octet1 === 169 && octet2 === 254)
+    }
+    if (octet1 === 169 && octet2 === 254) {
         return true;
-    if (octet1 === 172 && octet2 >= 16 && octet2 <= 31)
+    }
+    if (octet1 === 172 && octet2 >= 16 && octet2 <= 31) {
         return true;
-    if (octet1 === 192 && octet2 === 168)
+    }
+    if (octet1 === 192 && octet2 === 168) {
         return true;
-    if (octet1 === 100 && octet2 >= 64 && octet2 <= 127)
+    }
+    if (octet1 === 100 && octet2 >= 64 && octet2 <= 127) {
         return true;
+    }
     return false;
 }
 export function isPrivateIpAddress(address) {
@@ -74,30 +91,36 @@ export function isPrivateIpAddress(address) {
     if (normalized.startsWith("[") && normalized.endsWith("]")) {
         normalized = normalized.slice(1, -1);
     }
-    if (!normalized)
+    if (!normalized) {
         return false;
+    }
     if (normalized.startsWith("::ffff:")) {
         const mapped = normalized.slice("::ffff:".length);
         const ipv4 = parseIpv4FromMappedIpv6(mapped);
-        if (ipv4)
+        if (ipv4) {
             return isPrivateIpv4(ipv4);
+        }
     }
     if (normalized.includes(":")) {
-        if (normalized === "::" || normalized === "::1")
+        if (normalized === "::" || normalized === "::1") {
             return true;
+        }
         return PRIVATE_IPV6_PREFIXES.some((prefix) => normalized.startsWith(prefix));
     }
     const ipv4 = parseIpv4(normalized);
-    if (!ipv4)
+    if (!ipv4) {
         return false;
+    }
     return isPrivateIpv4(ipv4);
 }
 export function isBlockedHostname(hostname) {
     const normalized = normalizeHostname(hostname);
-    if (!normalized)
+    if (!normalized) {
         return false;
-    if (BLOCKED_HOSTNAMES.has(normalized))
+    }
+    if (BLOCKED_HOSTNAMES.has(normalized)) {
         return true;
+    }
     return (normalized.endsWith(".localhost") ||
         normalized.endsWith(".local") ||
         normalized.endsWith(".internal"));
@@ -114,8 +137,9 @@ export function createPinnedLookup(params) {
     let index = 0;
     return ((host, options, callback) => {
         const cb = typeof options === "function" ? options : callback;
-        if (!cb)
+        if (!cb) {
             return;
+        }
         const normalized = normalizeHostname(host);
         if (!normalized || normalized !== normalizedHost) {
             if (typeof options === "function" || options === undefined) {
@@ -140,24 +164,32 @@ export function createPinnedLookup(params) {
         cb(null, chosen.address, chosen.family);
     });
 }
-export async function resolvePinnedHostname(hostname, lookupFn = dnsLookup) {
+export async function resolvePinnedHostnameWithPolicy(hostname, params = {}) {
     const normalized = normalizeHostname(hostname);
     if (!normalized) {
         throw new Error("Invalid hostname");
     }
-    if (isBlockedHostname(normalized)) {
-        throw new SsrFBlockedError(`Blocked hostname: ${hostname}`);
-    }
-    if (isPrivateIpAddress(normalized)) {
-        throw new SsrFBlockedError("Blocked: private/internal IP address");
+    const allowPrivateNetwork = Boolean(params.policy?.allowPrivateNetwork);
+    const allowedHostnames = normalizeHostnameSet(params.policy?.allowedHostnames);
+    const isExplicitAllowed = allowedHostnames.has(normalized);
+    if (!allowPrivateNetwork && !isExplicitAllowed) {
+        if (isBlockedHostname(normalized)) {
+            throw new SsrFBlockedError(`Blocked hostname: ${hostname}`);
+        }
+        if (isPrivateIpAddress(normalized)) {
+            throw new SsrFBlockedError("Blocked: private/internal IP address");
+        }
     }
+    const lookupFn = params.lookupFn ?? dnsLookup;
     const results = await lookupFn(normalized, { all: true });
     if (results.length === 0) {
         throw new Error(`Unable to resolve hostname: ${hostname}`);
     }
-    for (const entry of results) {
-        if (isPrivateIpAddress(entry.address)) {
-            throw new SsrFBlockedError("Blocked: resolves to private/internal IP address");
+    if (!allowPrivateNetwork && !isExplicitAllowed) {
+        for (const entry of results) {
+            if (isPrivateIpAddress(entry.address)) {
+                throw new SsrFBlockedError("Blocked: resolves to private/internal IP address");
+            }
         }
     }
     const addresses = Array.from(new Set(results.map((entry) => entry.address)));
@@ -170,6 +202,9 @@ export async function resolvePinnedHostname(hostname, lookupFn = dnsLookup) {
         lookup: createPinnedLookup({ hostname: normalized, addresses }),
     };
 }
+export async function resolvePinnedHostname(hostname, lookupFn = dnsLookup) {
+    return await resolvePinnedHostnameWithPolicy(hostname, { lookupFn });
+}
 export function createPinnedDispatcher(pinned) {
     return new Agent({
         connect: {
@@ -178,8 +213,9 @@ export function createPinnedDispatcher(pinned) {
     });
 }
 export async function closeDispatcher(dispatcher) {
-    if (!dispatcher)
+    if (!dispatcher) {
         return;
+    }
     const candidate = dispatcher;
     try {
         if (typeof candidate.close === "function") {

package/dist/infra/outbound/abort.js

@@ -0,0 +1,14 @@
+/**
+ * Utility for checking AbortSignal state and throwing a standard AbortError.
+ */
+/**
+ * Throws an AbortError if the given signal has been aborted.
+ * Use at async checkpoints to support cancellation.
+ */
+export function throwIfAborted(abortSignal) {
+    if (abortSignal?.aborted) {
+        const err = new Error("Operation aborted");
+        err.name = "AbortError";
+        throw err;
+    }
+}

package/dist/infra/outbound/message-action-runner.js

@@ -15,6 +15,9 @@ import { resolveChannelTarget } from "./target-resolver.js";
 import { loadWebMedia } from "../../web/media.js";
 import { extensionForMime } from "../../media/mime.js";
 import { parseSlackTarget } from "../../slack/targets.js";
+import { parseTelegramTarget } from "../../telegram/targets.js";
+import { assertMediaNotDataUrl, resolveSandboxedMediaSource } from "../../agents/sandbox-paths.js";
+import { throwIfAborted } from "./abort.js";
 export function getToolResult(result) {
     return "toolResult" in result ? result.toolResult : undefined;
 }
@@ -99,13 +102,23 @@ function resolveSlackAutoThreadId(params) {
         return undefined;
     return context.currentThreadTs;
 }
+/**
+ * Auto-inject Telegram forum topic thread ID when the message tool targets
+ * the same chat the session originated from.
+ */
+function resolveTelegramAutoThreadId(params) {
+    const context = params.toolContext;
+    if (!context?.currentThreadTs || !context.currentChannelId)
+        return undefined;
+    const parsedTo = parseTelegramTarget(params.to);
+    const parsedChannel = parseTelegramTarget(context.currentChannelId);
+    if (parsedTo.chatId.toLowerCase() !== parsedChannel.chatId.toLowerCase())
+        return undefined;
+    return context.currentThreadTs;
+}
 function resolveAttachmentMaxBytes(params) {
-    const fallback = params.cfg.agents?.defaults?.mediaMaxMb;
-    if (params.channel !== "bluebubbles") {
-        return typeof fallback === "number" ? fallback * 1024 * 1024 : undefined;
-    }
     const accountId = typeof params.accountId === "string" ? params.accountId.trim() : "";
-    const channelCfg = params.cfg.channels?.bluebubbles;
+    const channelCfg = params.cfg.channels?.[params.channel];
     const channelObj = channelCfg && typeof channelCfg === "object"
         ? channelCfg
         : undefined;
@@ -163,6 +176,41 @@ function normalizeBase64Payload(params) {
         contentType: params.contentType ?? mime,
     };
 }
+async function normalizeSandboxMediaParams(params) {
+    const sandboxRoot = params.sandboxRoot?.trim();
+    const mediaKeys = ["media", "path", "filePath"];
+    for (const key of mediaKeys) {
+        const raw = readStringParam(params.args, key, { trim: false });
+        if (!raw)
+            continue;
+        assertMediaNotDataUrl(raw);
+        if (!sandboxRoot)
+            continue;
+        const normalized = await resolveSandboxedMediaSource({ media: raw, sandboxRoot });
+        if (normalized !== raw) {
+            params.args[key] = normalized;
+        }
+    }
+}
+async function normalizeSandboxMediaList(params) {
+    const sandboxRoot = params.sandboxRoot?.trim();
+    const normalized = [];
+    const seen = new Set();
+    for (const value of params.values) {
+        const raw = value?.trim();
+        if (!raw)
+            continue;
+        assertMediaNotDataUrl(raw);
+        const resolved = sandboxRoot
+            ? await resolveSandboxedMediaSource({ media: raw, sandboxRoot })
+            : raw;
+        if (seen.has(resolved))
+            continue;
+        seen.add(resolved);
+        normalized.push(resolved);
+    }
+    return normalized;
+}
 async function hydrateSetGroupIconParams(params) {
     if (params.action !== "setGroupIcon")
         return;
@@ -417,13 +465,6 @@ async function handleBroadcastAction(input, params) {
         dryRun: Boolean(input.dryRun),
     };
 }
-function throwIfAborted(abortSignal) {
-    if (abortSignal?.aborted) {
-        const err = new Error("Message send aborted");
-        err.name = "AbortError";
-        throw err;
-    }
-}
 async function handleSendAction(ctx) {
     const { cfg, params, channel, accountId, dryRun, gateway, input, agentId, resolvedTarget, abortSignal, } = ctx;
     throwIfAborted(abortSignal);
@@ -438,6 +479,10 @@ async function handleSendAction(ctx) {
         required: !mediaHint && !hasCard,
         allowEmpty: true,
     }) ?? "";
+    // Unescape literal \\n sequences that models sometimes emit in tool arguments.
+    if (message.includes("\\n")) {
+        message = message.replaceAll("\\n", "\n");
+    }
     const parsed = parseReplyDirectives(message);
     const mergedMediaUrls = [];
     const seenMedia = new Set();
@@ -454,6 +499,13 @@ async function handleSendAction(ctx) {
     for (const url of parsed.mediaUrls ?? [])
         pushMedia(url);
     pushMedia(parsed.mediaUrl);
+    // Sandbox-validate and deduplicate media URLs.
+    const normalizedMediaUrls = await normalizeSandboxMediaList({
+        values: mergedMediaUrls,
+        sandboxRoot: input.sandboxRoot,
+    });
+    mergedMediaUrls.length = 0;
+    mergedMediaUrls.push(...normalizedMediaUrls);
     message = parsed.text;
     params.message = message;
     if (!params.replyTo && parsed.replyToId)
@@ -482,6 +534,14 @@ async function handleSendAction(ctx) {
     const slackAutoThreadId = channel === "slack" && !replyToId && !threadId
         ? resolveSlackAutoThreadId({ to, toolContext: input.toolContext })
         : undefined;
+    // Telegram forum topic auto-threading
+    const telegramAutoThreadId = channel === "telegram" && !threadId
+        ? resolveTelegramAutoThreadId({ to, toolContext: input.toolContext })
+        : undefined;
+    const resolvedThreadId = threadId ?? slackAutoThreadId ?? telegramAutoThreadId;
+    if (resolvedThreadId && !params.threadId) {
+        params.threadId = resolvedThreadId;
+    }
     const outboundRoute = agentId && !dryRun
         ? await resolveOutboundSessionRoute({
             cfg,
@@ -491,7 +551,7 @@ async function handleSendAction(ctx) {
             target: to,
             resolvedTarget,
             replyToId,
-            threadId: threadId ?? slackAutoThreadId,
+            threadId: resolvedThreadId,
         })
         : null;
     if (outboundRoute && agentId && !dryRun) {
@@ -696,6 +756,10 @@ export async function runMessageAction(input) {
         params.accountId = accountId;
     }
     const dryRun = Boolean(input.dryRun ?? readBooleanParam(params, "dryRun"));
+    await normalizeSandboxMediaParams({
+        args: params,
+        sandboxRoot: input.sandboxRoot,
+    });
     await hydrateSendAttachmentParams({
         cfg,
         channel,