@poolzin/pool-bot 2026.2.0 → 2026.2.2

package/dist/agents/shell-utils.js

@@ -53,6 +53,57 @@ function resolveShellFromPath(name) {
     }
     return undefined;
 }
+function normalizeShellName(value) {
+    const trimmed = value.trim();
+    if (!trimmed) {
+        return "";
+    }
+    return path
+        .basename(trimmed)
+        .replace(/\.(exe|cmd|bat)$/i, "")
+        .replace(/[^a-zA-Z0-9_-]/g, "");
+}
+export function detectRuntimeShell() {
+    const overrideShell = process.env.CLAWDBOT_SHELL?.trim();
+    if (overrideShell) {
+        const name = normalizeShellName(overrideShell);
+        if (name) {
+            return name;
+        }
+    }
+    if (process.platform === "win32") {
+        if (process.env.POWERSHELL_DISTRIBUTION_CHANNEL) {
+            return "pwsh";
+        }
+        return "powershell";
+    }
+    const envShell = process.env.SHELL?.trim();
+    if (envShell) {
+        const name = normalizeShellName(envShell);
+        if (name) {
+            return name;
+        }
+    }
+    if (process.env.POWERSHELL_DISTRIBUTION_CHANNEL) {
+        return "pwsh";
+    }
+    if (process.env.BASH_VERSION) {
+        return "bash";
+    }
+    if (process.env.ZSH_VERSION) {
+        return "zsh";
+    }
+    if (process.env.FISH_VERSION) {
+        return "fish";
+    }
+    if (process.env.KSH_VERSION) {
+        return "ksh";
+    }
+    if (process.env.NU_VERSION || process.env.NUSHELL_VERSION) {
+        return "nu";
+    }
+    return undefined;
+}
 export function sanitizeBinaryOutput(text) {
     const scrubbed = text.replace(/[\p{Format}\p{Surrogate}]/gu, "");
     if (!scrubbed)

package/dist/agents/skills/bundled-context.js

@@ -0,0 +1,23 @@
+import { loadSkillsFromDir } from "@mariozechner/pi-coding-agent";
+import { createSubsystemLogger } from "../../logging/subsystem.js";
+import { resolveBundledSkillsDir } from "./bundled-dir.js";
+const skillsLogger = createSubsystemLogger("skills");
+let hasWarnedMissingBundledDir = false;
+export function resolveBundledSkillsContext(opts = {}) {
+    const dir = resolveBundledSkillsDir(opts);
+    const names = new Set();
+    if (!dir) {
+        if (!hasWarnedMissingBundledDir) {
+            hasWarnedMissingBundledDir = true;
+            skillsLogger.warn("Bundled skills directory could not be resolved; built-in skills may be missing.");
+        }
+        return { dir, names };
+    }
+    const result = loadSkillsFromDir({ dir, source: "poolbot-bundled" });
+    for (const skill of result.skills) {
+        if (skill.name.trim()) {
+            names.add(skill.name);
+        }
+    }
+    return { dir, names };
+}

package/dist/agents/skills/bundled-dir.js

@@ -1,13 +1,37 @@
 import fs from "node:fs";
 import path from "node:path";
 import { fileURLToPath } from "node:url";
-export function resolveBundledSkillsDir() {
+function looksLikeSkillsDir(dir) {
+    try {
+        const entries = fs.readdirSync(dir, { withFileTypes: true });
+        for (const entry of entries) {
+            if (entry.name.startsWith(".")) {
+                continue;
+            }
+            const fullPath = path.join(dir, entry.name);
+            if (entry.isFile() && entry.name.endsWith(".md")) {
+                return true;
+            }
+            if (entry.isDirectory()) {
+                if (fs.existsSync(path.join(fullPath, "SKILL.md"))) {
+                    return true;
+                }
+            }
+        }
+    }
+    catch {
+        return false;
+    }
+    return false;
+}
+export function resolveBundledSkillsDir(opts = {}) {
     const override = process.env.CLAWDBOT_BUNDLED_SKILLS_DIR?.trim();
     if (override)
         return override;
     // bun --compile: ship a sibling `skills/` next to the executable.
     try {
-        const execDir = path.dirname(process.execPath);
+        const execPath = opts.execPath ?? process.execPath;
+        const execDir = path.dirname(execPath);
         const sibling = path.join(execDir, "skills");
         if (fs.existsSync(sibling))
             return sibling;
@@ -17,11 +41,21 @@ export function resolveBundledSkillsDir() {
     }
     // npm/dev: resolve `<packageRoot>/skills` relative to this module.
     try {
-        const moduleDir = path.dirname(fileURLToPath(import.meta.url));
-        const root = path.resolve(moduleDir, "..", "..", "..");
-        const candidate = path.join(root, "skills");
-        if (fs.existsSync(candidate))
-            return candidate;
+        const moduleUrl = opts.moduleUrl ?? import.meta.url;
+        const moduleDir = path.dirname(fileURLToPath(moduleUrl));
+        // Walk up from this module to find the package root containing skills/
+        let current = moduleDir;
+        for (let depth = 0; depth < 6; depth += 1) {
+            const candidate = path.join(current, "skills");
+            if (looksLikeSkillsDir(candidate)) {
+                return candidate;
+            }
+            const next = path.dirname(current);
+            if (next === current) {
+                break;
+            }
+            current = next;
+        }
     }
     catch {
         // ignore

package/dist/agents/skills-install.js

@@ -3,10 +3,45 @@ import path from "node:path";
 import { Readable } from "node:stream";
 import { pipeline } from "node:stream/promises";
 import { resolveBrewExecutable } from "../infra/brew.js";
+import { fetchWithSsrFGuard } from "../infra/net/fetch-guard.js";
 import { runCommandWithTimeout } from "../process/exec.js";
+import { scanDirectoryWithSummary } from "../security/skill-scanner.js";
 import { CONFIG_DIR, ensureDir, resolveUserPath } from "../utils.js";
 import { hasBinary, loadWorkspaceSkillEntries, resolveSkillsInstallPreferences, } from "./skills.js";
 import { resolveSkillKey } from "./skills/frontmatter.js";
+function withWarnings(result, warnings) {
+    if (warnings.length === 0)
+        return result;
+    return { ...result, warnings };
+}
+function formatScanFindingDetail(finding) {
+    const severity = finding.severity.toUpperCase();
+    const loc = finding.line ? `${finding.file}:${finding.line}` : finding.file;
+    return `[${severity}] ${loc} — ${finding.message}`;
+}
+async function collectSkillInstallScanWarnings(entry) {
+    const skillDir = entry.skill.filePath ? path.dirname(entry.skill.filePath) : undefined;
+    if (!skillDir)
+        return [];
+    try {
+        const summary = await scanDirectoryWithSummary(skillDir);
+        if (summary.findings.length === 0)
+            return [];
+        const warnings = [];
+        const header = summary.critical > 0
+            ? `⚠️  Security scan found ${summary.critical} critical finding(s).`
+            : `Security scan found ${summary.warn} warning(s).`;
+        warnings.push(header);
+        for (const finding of summary.findings) {
+            warnings.push(formatScanFindingDetail(finding));
+        }
+        warnings.push('Run "poolbot security audit --deep" for a full report.');
+        return warnings;
+    }
+    catch {
+        return [];
+    }
+}
 function isNodeReadableStream(value) {
     return Boolean(value && typeof value.pipe === "function");
 }
@@ -110,10 +145,11 @@ function resolveArchiveType(spec, filename) {
     return undefined;
 }
 async function downloadFile(url, destPath, timeoutMs) {
-    const controller = new AbortController();
-    const timeout = setTimeout(() => controller.abort(), Math.max(1_000, timeoutMs));
+    const { response, release } = await fetchWithSsrFGuard({
+        url,
+        timeoutMs: Math.max(1_000, timeoutMs),
+    });
     try {
-        const response = await fetch(url, { signal: controller.signal });
         if (!response.ok || !response.body) {
             throw new Error(`Download failed (${response.status} ${response.statusText})`);
         }
@@ -128,7 +164,7 @@ async function downloadFile(url, destPath, timeoutMs) {
         return { bytes: stat.size };
     }
     finally {
-        clearTimeout(timeout);
+        await release();
     }
 }
 async function extractArchive(params) {
@@ -261,39 +297,40 @@ export async function installSkill(params) {
             code: null,
         };
     }
+    const warnings = await collectSkillInstallScanWarnings(entry);
     const spec = findInstallSpec(entry, params.installId);
     if (!spec) {
-        return {
+        return withWarnings({
             ok: false,
             message: `Installer not found: ${params.installId}`,
             stdout: "",
             stderr: "",
             code: null,
-        };
+        }, warnings);
     }
     if (spec.kind === "download") {
-        return await installDownloadSpec({ entry, spec, timeoutMs });
+        return withWarnings(await installDownloadSpec({ entry, spec, timeoutMs }), warnings);
     }
     const prefs = resolveSkillsInstallPreferences(params.config);
     const command = buildInstallCommand(spec, prefs);
     if (command.error) {
-        return {
+        return withWarnings({
             ok: false,
             message: command.error,
             stdout: "",
             stderr: "",
             code: null,
-        };
+        }, warnings);
     }
     const brewExe = hasBinary("brew") ? "brew" : resolveBrewExecutable();
     if (spec.kind === "brew" && !brewExe) {
-        return {
+        return withWarnings({
             ok: false,
             message: "brew not installed",
             stdout: "",
             stderr: "",
             code: null,
-        };
+        }, warnings);
     }
     if (spec.kind === "uv" && !hasBinary("uv")) {
         if (brewExe) {
@@ -301,33 +338,33 @@ export async function installSkill(params) {
                 timeoutMs,
             });
             if (brewResult.code !== 0) {
-                return {
+                return withWarnings({
                     ok: false,
                     message: "Failed to install uv (brew)",
                     stdout: brewResult.stdout.trim(),
                     stderr: brewResult.stderr.trim(),
                     code: brewResult.code,
-                };
+                }, warnings);
             }
         }
         else {
-            return {
+            return withWarnings({
                 ok: false,
                 message: "uv not installed (install via brew)",
                 stdout: "",
                 stderr: "",
                 code: null,
-            };
+            }, warnings);
         }
     }
     if (!command.argv || command.argv.length === 0) {
-        return {
+        return withWarnings({
             ok: false,
             message: "invalid install command",
             stdout: "",
             stderr: "",
             code: null,
-        };
+        }, warnings);
     }
     if (spec.kind === "brew" && brewExe && command.argv[0] === "brew") {
         command.argv[0] = brewExe;
@@ -338,23 +375,23 @@ export async function installSkill(params) {
                 timeoutMs,
             });
             if (brewResult.code !== 0) {
-                return {
+                return withWarnings({
                     ok: false,
                     message: "Failed to install go (brew)",
                     stdout: brewResult.stdout.trim(),
                     stderr: brewResult.stderr.trim(),
                     code: brewResult.code,
-                };
+                }, warnings);
             }
         }
         else {
-            return {
+            return withWarnings({
                 ok: false,
                 message: "go not installed (install via brew)",
                 stdout: "",
                 stderr: "",
                 code: null,
-            };
+            }, warnings);
         }
     }
     let env;
@@ -380,11 +417,11 @@ export async function installSkill(params) {
         }
     })();
     const success = result.code === 0;
-    return {
+    return withWarnings({
         ok: success,
         message: success ? "Installed" : formatInstallFailureMessage(result),
         stdout: result.stdout.trim(),
         stderr: result.stderr.trim(),
         code: result.code,
-    };
+    }, warnings);
 }

package/dist/agents/subagent-announce.js

@@ -1,28 +1,16 @@
 import crypto from "node:crypto";
 import path from "node:path";
+import { resolveQueueSettings } from "../auto-reply/reply/queue.js";
 import { loadConfig } from "../config/config.js";
 import { loadSessionStore, resolveAgentIdFromSessionKey, resolveMainSessionKey, resolveStorePath, } from "../config/sessions.js";
-import { normalizeMainKey } from "../routing/session-key.js";
-import { resolveQueueSettings } from "../auto-reply/reply/queue.js";
 import { callGateway } from "../gateway/call.js";
+import { formatDurationCompact } from "../infra/format-time/format-duration.js";
+import { normalizeMainKey } from "../routing/session-key.js";
 import { defaultRuntime } from "../runtime.js";
 import { deliveryContextFromSession, mergeDeliveryContext, normalizeDeliveryContext, } from "../utils/delivery-context.js";
-import { isEmbeddedPiRunActive, queueEmbeddedPiMessage } from "./pi-embedded.js";
+import { isEmbeddedPiRunActive, queueEmbeddedPiMessage, waitForEmbeddedPiRunEnd, } from "./pi-embedded.js";
 import { enqueueAnnounce } from "./subagent-announce-queue.js";
 import { readLatestAssistantReply } from "./tools/agent-step.js";
-function formatDurationShort(valueMs) {
-    if (!valueMs || !Number.isFinite(valueMs) || valueMs <= 0)
-        return undefined;
-    const totalSeconds = Math.round(valueMs / 1000);
-    const hours = Math.floor(totalSeconds / 3600);
-    const minutes = Math.floor((totalSeconds % 3600) / 60);
-    const seconds = totalSeconds % 60;
-    if (hours > 0)
-        return `${hours}h${minutes}m`;
-    if (minutes > 0)
-        return `${minutes}m${seconds}s`;
-    return `${seconds}s`;
-}
 function formatTokenCount(value) {
     if (!value || !Number.isFinite(value))
         return "0";
@@ -72,7 +60,10 @@ async function waitForSessionUsage(params) {
     return { entry, storePath };
 }
 function resolveAnnounceOrigin(entry, requesterOrigin) {
-    return mergeDeliveryContext(deliveryContextFromSession(entry), requesterOrigin);
+    // requesterOrigin (captured at spawn time) reflects the channel the user is
+    // actually on and must take priority over the session entry, which may carry
+    // stale lastChannel / lastTo values from a previous channel interaction.
+    return mergeDeliveryContext(requesterOrigin, deliveryContextFromSession(entry));
 }
 async function sendAnnounce(item) {
     const origin = item.origin;
@@ -178,7 +169,7 @@ async function buildSubagentStatsLine(params) {
         ? (input * costConfig.input + output * costConfig.output) / 1_000_000
         : undefined;
     const parts = [];
-    const runtime = formatDurationShort(runtimeMs);
+    const runtime = formatDurationCompact(runtimeMs);
     parts.push(`runtime ${runtime ?? "n/a"}`);
     if (typeof total === "number") {
         const inputText = typeof input === "number" ? formatTokenCount(input) : "n/a";
@@ -199,6 +190,28 @@ async function buildSubagentStatsLine(params) {
         parts.push(`transcript ${transcriptPath}`);
     return `Stats: ${parts.join(" \u2022 ")}`;
 }
+function loadSessionEntryByKey(sessionKey) {
+    const cfg = loadConfig();
+    const agentId = resolveAgentIdFromSessionKey(sessionKey);
+    const storePath = resolveStorePath(cfg.session?.store, { agentId });
+    const store = loadSessionStore(storePath);
+    return store[sessionKey];
+}
+async function readLatestAssistantReplyWithRetry(params) {
+    let reply = params.initialReply?.trim() ? params.initialReply : undefined;
+    if (reply) {
+        return reply;
+    }
+    const deadline = Date.now() + Math.max(0, Math.min(params.maxWaitMs, 15_000));
+    while (Date.now() < deadline) {
+        await new Promise((resolve) => setTimeout(resolve, 300));
+        const latest = await readLatestAssistantReply({ sessionKey: params.sessionKey });
+        if (latest?.trim()) {
+            return latest;
+        }
+    }
+    return reply;
+}
 export function buildSubagentSystemPrompt(params) {
     const taskText = typeof params.task === "string" && params.task.trim()
         ? params.task.replace(/\s+/g, " ").trim()
@@ -227,10 +240,10 @@ export function buildSubagentSystemPrompt(params) {
         "",
         "## What You DON'T Do",
         "- NO user conversations (that's main agent's job)",
-        "- NO external messages (email, tweets, etc.) unless explicitly tasked",
+        "- NO external messages (email, tweets, etc.) unless explicitly tasked with a specific recipient/channel",
         "- NO cron jobs or persistent state",
         "- NO pretending to be the main agent",
-        "- NO using the `message` tool directly",
+        "- Only use the `message` tool when explicitly instructed to contact a specific external recipient; otherwise return plain text and let the main agent deliver it",
         "",
         "## Session Context",
         params.label ? `- Label: ${params.label}` : undefined,
@@ -245,25 +258,46 @@ export function buildSubagentSystemPrompt(params) {
 }
 export async function runSubagentAnnounceFlow(params) {
     let didAnnounce = false;
+    let shouldDeleteChildSession = params.cleanup === "delete";
     try {
         const requesterOrigin = normalizeDeliveryContext(params.requesterOrigin);
+        const childSessionId = (() => {
+            const entry = loadSessionEntryByKey(params.childSessionKey);
+            return typeof entry?.sessionId === "string" && entry.sessionId.trim()
+                ? entry.sessionId.trim()
+                : undefined;
+        })();
+        const settleTimeoutMs = Math.min(Math.max(params.timeoutMs, 1), 120_000);
         let reply = params.roundOneReply;
         let outcome = params.outcome;
+        // Lifecycle "end" can arrive before auto-compaction retries finish. If the
+        // subagent is still active, wait for the embedded run to fully settle.
+        if (childSessionId && isEmbeddedPiRunActive(childSessionId)) {
+            const settled = await waitForEmbeddedPiRunEnd(childSessionId, settleTimeoutMs);
+            if (!settled && isEmbeddedPiRunActive(childSessionId)) {
+                // The child run is still active (e.g., compaction retry still in progress).
+                // Defer announcement so we don't report stale/partial output.
+                // Keep the child session so output is not lost while the run is still active.
+                shouldDeleteChildSession = false;
+                return false;
+            }
+        }
         if (!reply && params.waitForCompletion !== false) {
-            const waitMs = Math.min(params.timeoutMs, 60_000);
-            const wait = (await callGateway({
+            const waitMs = settleTimeoutMs;
+            const wait = await callGateway({
                 method: "agent.wait",
                 params: {
                     runId: params.childRunId,
                     timeoutMs: waitMs,
                 },
                 timeoutMs: waitMs + 2000,
-            }));
+            });
+            const waitError = typeof wait?.error === "string" ? wait.error : undefined;
             if (wait?.status === "timeout") {
                 outcome = { status: "timeout" };
             }
             else if (wait?.status === "error") {
-                outcome = { status: "error", error: wait.error };
+                outcome = { status: "error", error: waitError };
             }
             else if (wait?.status === "ok") {
                 outcome = { status: "ok" };
@@ -275,20 +309,30 @@ export async function runSubagentAnnounceFlow(params) {
                 params.endedAt = wait.endedAt;
             }
             if (wait?.status === "timeout") {
-                if (!outcome)
+                if (!outcome) {
                     outcome = { status: "timeout" };
+                }
             }
-            reply = await readLatestAssistantReply({
-                sessionKey: params.childSessionKey,
-            });
+            reply = await readLatestAssistantReply({ sessionKey: params.childSessionKey });
         }
         if (!reply) {
-            reply = await readLatestAssistantReply({
+            reply = await readLatestAssistantReply({ sessionKey: params.childSessionKey });
+        }
+        if (!reply?.trim()) {
+            reply = await readLatestAssistantReplyWithRetry({
                 sessionKey: params.childSessionKey,
+                initialReply: reply,
+                maxWaitMs: params.timeoutMs,
             });
         }
-        if (!outcome)
+        if (!reply?.trim() && childSessionId && isEmbeddedPiRunActive(childSessionId)) {
+            // Avoid announcing "(no output)" while the child run is still producing output.
+            shouldDeleteChildSession = false;
+            return false;
+        }
+        if (!outcome) {
             outcome = { status: "unknown" };
+        }
         // Build stats
         const statsLine = await buildSubagentStatsLine({
             sessionKey: params.childSessionKey,
@@ -304,9 +348,10 @@ export async function runSubagentAnnounceFlow(params) {
                     ? `failed: ${outcome.error || "unknown error"}`
                     : "finished with unknown status";
         // Build instructional message for main agent
-        const taskLabel = params.label || params.task || "background task";
+        const announceType = params.announceType ?? "subagent task";
+        const taskLabel = params.label || params.task || "task";
         const triggerMessage = [
-            `A background task "${taskLabel}" just ${statusLabel}.`,
+            `A ${announceType} "${taskLabel}" just ${statusLabel}.`,
             "",
             "Findings:",
             reply || "(no output)",
@@ -314,7 +359,7 @@ export async function runSubagentAnnounceFlow(params) {
             statsLine,
             "",
             "Summarize this naturally for the user. Keep it brief (1-2 sentences). Flow it into the conversation naturally.",
-            "Do not mention technical details like tokens, stats, or that this was a background task.",
+            `Do not mention technical details like tokens, stats, or that this was a ${announceType}.`,
             "You can respond with NO_REPLY if no announcement is needed (e.g., internal task with no user-facing result).",
         ].join("\n");
         const queued = await maybeQueueSubagentAnnounce({
@@ -374,7 +419,7 @@ export async function runSubagentAnnounceFlow(params) {
                 // Best-effort
             }
         }
-        if (params.cleanup === "delete") {
+        if (shouldDeleteChildSession) {
             try {
                 await callGateway({
                     method: "sessions.delete",

package/dist/agents/tool-policy.conformance.js

@@ -0,0 +1,14 @@
+/**
+ * Conformance snapshot for tool policy.
+ *
+ * Security note:
+ * - This is static, build-time information (no runtime I/O, no network exposure).
+ * - Intended for CI/tools to detect drift between the implementation policy and
+ *   the formal models/extractors.
+ */
+import { TOOL_GROUPS } from "./tool-policy.js";
+// Tool name aliases are intentionally not exported from tool-policy today.
+// Keep the conformance snapshot focused on exported policy constants.
+export const TOOL_POLICY_CONFORMANCE = {
+    toolGroups: TOOL_GROUPS,
+};

package/dist/agents/tool-policy.js

@@ -47,6 +47,7 @@ export const TOOL_GROUPS = {
         "image",
     ],
 };
+const OWNER_ONLY_TOOL_NAMES = new Set(["whatsapp_login"]);
 const TOOL_PROFILES = {
     minimal: {
         allow: ["session_status"],
@@ -69,6 +70,29 @@ export function normalizeToolName(name) {
     const normalized = name.trim().toLowerCase();
     return TOOL_NAME_ALIASES[normalized] ?? normalized;
 }
+export function isOwnerOnlyToolName(name) {
+    return OWNER_ONLY_TOOL_NAMES.has(normalizeToolName(name));
+}
+export function applyOwnerOnlyToolPolicy(tools, senderIsOwner) {
+    const withGuard = tools.map((tool) => {
+        if (!isOwnerOnlyToolName(tool.name)) {
+            return tool;
+        }
+        if (senderIsOwner || !tool.execute) {
+            return tool;
+        }
+        return {
+            ...tool,
+            execute: async () => {
+                throw new Error("Tool restricted to owner senders.");
+            },
+        };
+    });
+    if (senderIsOwner) {
+        return withGuard;
+    }
+    return withGuard.filter((tool) => !isOwnerOnlyToolName(tool.name));
+}
 export function normalizeToolList(list) {
     if (!list)
         return [];