npm - @poolzin/pool-bot - Versions diffs - 2026.2.11 → 2026.2.18 - Mend

@poolzin/pool-bot 2026.2.11 → 2026.2.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (535) hide show

package/CHANGELOG.md +34 -0
package/dist/agents/agent-scope.js +4 -0
package/dist/agents/announce-idempotency.js +14 -0
package/dist/agents/auth-profiles/usage.js +22 -0
package/dist/agents/auth-profiles.js +1 -1
package/dist/agents/auth-profiles.resolve-auth-profile-order.fixtures.js +23 -0
package/dist/agents/bash-tools.exec-runtime.js +438 -0
package/dist/agents/bash-tools.shared.js +6 -0
package/dist/agents/cli-runner/reliability.js +61 -0
package/dist/agents/cli-watchdog-defaults.js +11 -0
package/dist/agents/command-poll-backoff.js +63 -0
package/dist/agents/current-time.js +16 -0
package/dist/agents/glob-pattern.js +42 -0
package/dist/agents/memory-search.js +33 -0
package/dist/agents/model-alias-lines.js +18 -0
package/dist/agents/model-auth-label.js +61 -0
package/dist/agents/model-fallback.js +59 -8
package/dist/agents/models-config.e2e-harness.js +115 -0
package/dist/agents/ollama-stream.js +11 -3
package/dist/agents/openclaw-tools.js +135 -0
package/dist/agents/pi-auth-json.js +118 -0
package/dist/agents/pi-embedded-runner/run.overflow-compaction.mocks.shared.js +147 -0
package/dist/agents/pi-embedded-subscribe.e2e-harness.js +90 -0
package/dist/agents/pi-embedded-subscribe.handlers.compaction.js +63 -0
package/dist/agents/pi-embedded-subscribe.handlers.tools.media.test-helpers.js +30 -0
package/dist/agents/pi-extensions/session-manager-runtime-registry.js +23 -0
package/dist/agents/pi-tools.before-tool-call.js +145 -4
package/dist/agents/pi-tools.js +29 -9
package/dist/agents/pi-tools.policy.js +85 -92
package/dist/agents/pi-tools.schema.js +54 -27
package/dist/agents/queued-file-writer.js +22 -0
package/dist/agents/sandbox/docker.js +133 -40
package/dist/agents/sandbox/fs-bridge.js +146 -0
package/dist/agents/sandbox/fs-paths.js +205 -0
package/dist/agents/sandbox/hash.js +4 -0
package/dist/agents/sandbox/validate-sandbox-security.js +157 -0
package/dist/agents/sandbox-paths.js +3 -0
package/dist/agents/sandbox-tool-policy.js +26 -0
package/dist/agents/sanitize-for-prompt.js +18 -0
package/dist/agents/session-dirs.js +20 -0
package/dist/agents/session-write-lock.js +203 -39
package/dist/agents/skills/filter.js +24 -0
package/dist/agents/skills/tools-dir.js +9 -0
package/dist/agents/skills-install-download.js +290 -0
package/dist/agents/skills-install-output.js +30 -0
package/dist/agents/skills-install.download-test-utils.js +36 -0
package/dist/agents/skills.e2e-test-helpers.js +13 -0
package/dist/agents/subagent-announce-queue.js +59 -15
package/dist/agents/subagent-depth.js +137 -0
package/dist/agents/subagent-registry.js +448 -96
package/dist/agents/subagent-spawn.js +262 -0
package/dist/agents/system-prompt.js +52 -10
package/dist/agents/test-helpers/fast-tool-stubs.js +18 -0
package/dist/agents/test-helpers/host-sandbox-fs-bridge.js +74 -0
package/dist/agents/tool-display-common.js +782 -0
package/dist/agents/tool-loop-detection.js +466 -0
package/dist/agents/tool-policy.js +6 -0
package/dist/agents/tools/image-tool.js +1 -1
package/dist/agents/tools/sessions-access.js +178 -0
package/dist/agents/tools/sessions-resolution.js +206 -0
package/dist/agents/tools/subagents-tool.js +616 -0
package/dist/agents/workspace-dir.js +18 -0
package/dist/agents/workspace-dirs.js +14 -0
package/dist/agents/workspace.js +70 -0
package/dist/auto-reply/heartbeat-reply-payload.js +18 -0
package/dist/auto-reply/reply/commands-export-session.js +163 -0
package/dist/auto-reply/reply/commands-mesh.js +245 -0
package/dist/auto-reply/reply/commands-setunset.js +28 -0
package/dist/auto-reply/reply/commands-slash-parse.js +31 -0
package/dist/auto-reply/reply/commands-system-prompt.js +117 -0
package/dist/auto-reply/reply/directive-handling.levels.js +17 -0
package/dist/auto-reply/reply/directive-handling.params.js +1 -0
package/dist/auto-reply/reply/directive-parsing.js +36 -0
package/dist/auto-reply/reply/dispatcher-registry.js +43 -0
package/dist/auto-reply/reply/elevated-unavailable.js +20 -0
package/dist/auto-reply/reply/post-compaction-audit.js +96 -0
package/dist/auto-reply/reply/post-compaction-context.js +98 -0
package/dist/auto-reply/reply/reply-delivery.js +92 -0
package/dist/auto-reply/reply/session-reset-prompt.js +1 -0
package/dist/auto-reply/reply/session-run-accounting.js +33 -0
package/dist/auto-reply/reply.directive.directive-behavior.e2e-harness.js +115 -0
package/dist/auto-reply/reply.directive.directive-behavior.e2e-mocks.js +12 -0
package/dist/browser/bridge-auth-registry.js +26 -0
package/dist/browser/client-actions-url.js +10 -0
package/dist/browser/control-auth.js +73 -0
package/dist/browser/csrf.js +64 -0
package/dist/browser/http-auth.js +52 -0
package/dist/browser/paths.js +37 -0
package/dist/browser/proxy-files.js +32 -0
package/dist/browser/pw-ai-state.js +7 -0
package/dist/browser/resolved-config-refresh.js +42 -0
package/dist/browser/routes/path-output.js +1 -0
package/dist/browser/server-context.chrome-test-harness.js +20 -0
package/dist/browser/server-middleware.js +31 -0
package/dist/browser/test-port.js +16 -0
package/dist/build-info.json +3 -3
package/dist/canvas-host/file-resolver.js +43 -0
package/dist/channels/account-summary.js +19 -0
package/dist/channels/draft-stream-loop.js +77 -0
package/dist/channels/plugins/account-helpers.js +26 -0
package/dist/channels/telegram/allow-from.js +10 -0
package/dist/cli/browser-cli-resize.js +22 -0
package/dist/cli/browser-cli-shared.js +8 -0
package/dist/cli/clawbot-cli.js +5 -0
package/dist/cli/completion-cli.js +566 -0
package/dist/cli/config-cli.js +63 -5
package/dist/cli/daemon-cli/lifecycle-core.js +256 -0
package/dist/cli/daemon-cli/register-service-commands.js +60 -0
package/dist/cli/daemon-cli-compat.js +80 -0
package/dist/cli/nodes-cli/pairing-render.js +26 -0
package/dist/cli/program/action-reparse.js +17 -0
package/dist/cli/program/command-registry.js +17 -0
package/dist/cli/program/program-context.js +8 -0
package/dist/cli/program/register.subclis.js +7 -0
package/dist/cli/program/routes.js +233 -0
package/dist/cli/qr-cli.js +132 -0
package/dist/cli/requirements-test-fixtures.js +17 -0
package/dist/cli/respawn-policy.js +4 -0
package/dist/cli/shared/parse-port.js +18 -0
package/dist/cli/skills-cli.format.js +241 -0
package/dist/cli/update-cli/progress.js +121 -0
package/dist/cli/update-cli/restart-helper.js +108 -0
package/dist/cli/update-cli/shared.js +196 -0
package/dist/cli/update-cli/status.js +97 -0
package/dist/cli/update-cli/suppress-deprecations.js +17 -0
package/dist/cli/update-cli/update-command.js +506 -0
package/dist/cli/update-cli/wizard.js +130 -0
package/dist/cli/update-cli.js +3 -9
package/dist/cli/windows-argv.js +69 -0
package/dist/commands/auth-choice-legacy.js +20 -0
package/dist/commands/auth-choice.apply-helpers.js +8 -0
package/dist/commands/channel-test-helpers.js +19 -0
package/dist/commands/cleanup-plan.js +10 -0
package/dist/commands/cleanup-utils.js +7 -0
package/dist/commands/config-validation.js +15 -0
package/dist/commands/doctor-completion.js +112 -0
package/dist/commands/doctor-memory-search.js +119 -0
package/dist/commands/doctor-session-locks.js +73 -0
package/dist/commands/doctor.e2e-harness.js +364 -0
package/dist/commands/gateway-presence.js +19 -0
package/dist/commands/model-default.js +35 -0
package/dist/commands/models/fallbacks-shared.js +102 -0
package/dist/commands/models/shared.js +24 -0
package/dist/commands/onboard-auth.config-gateways.js +64 -0
package/dist/commands/onboard-auth.config-litellm.js +45 -0
package/dist/commands/onboard-auth.config-shared.js +116 -0
package/dist/commands/onboard-config.js +16 -0
package/dist/commands/onboard-non-interactive.test-helpers.js +31 -0
package/dist/commands/onboard-provider-auth-flags.js +136 -0
package/dist/commands/openai-codex-oauth.js +40 -0
package/dist/commands/test-runtime-config-helpers.js +21 -0
package/dist/commands/test-wizard-helpers.js +68 -0
package/dist/commands/vllm-setup.js +66 -0
package/dist/compat/legacy-names.js +2 -0
package/dist/config/backup-rotation.js +19 -0
package/dist/config/env-preserve.js +122 -0
package/dist/config/includes-scan.js +78 -0
package/dist/config/plugins-allowlist.js +13 -0
package/dist/config/schema.help.js +256 -0
package/dist/config/schema.hints.js +189 -0
package/dist/config/schema.irc.js +20 -0
package/dist/config/schema.labels.js +317 -0
package/dist/config/sessions/delivery-info.js +40 -0
package/dist/config/types.irc.js +1 -0
package/dist/config/zod-schema.agent-defaults.js +14 -0
package/dist/config/zod-schema.agent-model.js +10 -0
package/dist/config/zod-schema.agent-runtime.js +14 -0
package/dist/config/zod-schema.allowdeny.js +35 -0
package/dist/config/zod-schema.sensitive.js +4 -0
package/dist/control-ui/assets/index-HRr1grwl.js.map +1 -1
package/dist/cron/isolated-agent/skills-snapshot.js +26 -0
package/dist/cron/isolated-agent/subagent-followup.js +127 -0
package/dist/cron/isolated-agent.mocks.js +12 -0
package/dist/cron/isolated-agent.test-setup.js +22 -0
package/dist/cron/legacy-delivery.js +43 -0
package/dist/cron/webhook-url.js +22 -0
package/dist/daemon/arg-split.js +40 -0
package/dist/daemon/exec-file.js +23 -0
package/dist/daemon/output.js +6 -0
package/dist/daemon/runtime-format.js +31 -0
package/dist/daemon/schtasks-exec.js +4 -0
package/dist/daemon/service-audit.js +22 -0
package/dist/discord/client.js +41 -0
package/dist/discord/components-registry.js +57 -0
package/dist/discord/components.js +816 -0
package/dist/discord/guilds.js +12 -0
package/dist/discord/monitor/gateway-plugin.js +48 -0
package/dist/discord/monitor/presence.js +30 -0
package/dist/discord/send.components.js +115 -0
package/dist/discord/send.shared.js +4 -0
package/dist/discord/ui.js +26 -0
package/dist/discord/voice-message.js +254 -0
package/dist/gateway/agent-event-assistant-text.js +5 -0
package/dist/gateway/agent-prompt.js +33 -0
package/dist/gateway/auth-rate-limit.js +136 -0
package/dist/gateway/channel-health-monitor.js +114 -0
package/dist/gateway/control-ui-contract.js +1 -0
package/dist/gateway/control-ui-csp.js +15 -0
package/dist/gateway/gateway-config-prompts.shared.js +25 -0
package/dist/gateway/http-auth-helpers.js +18 -0
package/dist/gateway/http-common.js +18 -0
package/dist/gateway/http-endpoint-helpers.js +27 -0
package/dist/gateway/node-invoke-sanitize.js +11 -0
package/dist/gateway/node-invoke-system-run-approval.js +205 -0
package/dist/gateway/probe-auth.js +21 -0
package/dist/gateway/protocol/index.js +7 -2
package/dist/gateway/protocol/schema/mesh.js +54 -0
package/dist/gateway/protocol/schema/protocol-schemas.js +7 -0
package/dist/gateway/protocol/schema.js +1 -0
package/dist/gateway/server/ws-connection/auth-messages.js +54 -0
package/dist/gateway/server-channels.js +11 -0
package/dist/gateway/server-methods/attachment-normalize.js +16 -0
package/dist/gateway/server-methods/base-hash.js +8 -0
package/dist/gateway/server-methods/mesh.js +700 -0
package/dist/gateway/server-methods/nodes.handlers.invoke-result.js +55 -0
package/dist/gateway/server-methods/restart-request.js +13 -0
package/dist/gateway/server-methods/validation.js +8 -0
package/dist/gateway/server.agent.gateway-server-agent.mocks.js +35 -0
package/dist/gateway/server.e2e-registry-helpers.js +1 -0
package/dist/gateway/server.e2e-ws-harness.js +20 -0
package/dist/gateway/test-helpers.js +2 -0
package/dist/gateway/test-helpers.server.js +3 -1
package/dist/gateway/test-http-response.js +12 -0
package/dist/gateway/test-openai-responses-model.js +20 -0
package/dist/gateway/test-temp-config.js +30 -0
package/dist/gateway/test-with-server.js +32 -0
package/dist/hooks/bundled/bootstrap-extra-files/handler.js +46 -0
package/dist/imessage/monitor/abort-handler.js +23 -0
package/dist/imessage/monitor/inbound-processing.js +346 -0
package/dist/imessage/monitor/parse-notification.js +64 -0
package/dist/imessage/target-parsing-helpers.js +92 -0
package/dist/infra/archive.js +244 -20
package/dist/infra/detect-package-manager.js +26 -0
package/dist/infra/exec-approvals-allowlist.js +257 -0
package/dist/infra/exec-approvals-analysis.js +770 -0
package/dist/infra/exec-approvals.js +13 -0
package/dist/infra/file-lock.js +1 -0
package/dist/infra/gemini-auth.js +39 -0
package/dist/infra/heartbeat-active-hours.js +85 -0
package/dist/infra/heartbeat-events-filter.js +50 -0
package/dist/infra/heartbeat-runner.test-utils.js +39 -0
package/dist/infra/http-body.js +265 -0
package/dist/infra/install-package-dir.js +50 -0
package/dist/infra/install-safe-path.js +49 -0
package/dist/infra/json-files.js +49 -0
package/dist/infra/jsonl-socket.js +52 -0
package/dist/infra/map-size.js +14 -0
package/dist/infra/net/hostname.js +7 -0
package/dist/infra/npm-registry-spec.js +39 -0
package/dist/infra/openclaw-root.js +109 -0
package/dist/infra/outbound/delivery-queue.js +214 -0
package/dist/infra/outbound/identity.js +23 -0
package/dist/infra/outbound/message-action-params.js +307 -0
package/dist/infra/outbound/tool-payload.js +21 -0
package/dist/infra/package-json.js +23 -0
package/dist/infra/pairing-files.js +19 -0
package/dist/infra/pairing-token.js +9 -0
package/dist/infra/path-prepend.js +51 -0
package/dist/infra/path-safety.js +16 -0
package/dist/infra/process-respawn.js +49 -0
package/dist/infra/runtime-status.js +16 -0
package/dist/infra/session-cost-usage.types.js +1 -0
package/dist/infra/session-maintenance-warning.js +89 -0
package/dist/infra/system-run-command.js +78 -0
package/dist/infra/tmp-openclaw-dir.js +81 -0
package/dist/infra/tmp-poolbot-dir.js +2 -0
package/dist/infra/update-channels.js +19 -0
package/dist/line/actions.js +45 -0
package/dist/line/channel-access-token.js +9 -0
package/dist/line/flex-templates/basic-cards.js +332 -0
package/dist/line/flex-templates/common.js +18 -0
package/dist/line/flex-templates/media-control-cards.js +453 -0
package/dist/line/flex-templates/message.js +10 -0
package/dist/line/flex-templates/schedule-cards.js +399 -0
package/dist/line/flex-templates/types.js +1 -0
package/dist/line/webhook-node.js +100 -0
package/dist/line/webhook-utils.js +11 -0
package/dist/logging/diagnostic-session-state.js +73 -0
package/dist/logging/diagnostic.js +22 -0
package/dist/logging/timestamps.js +14 -0
package/dist/markdown/whatsapp.js +62 -0
package/dist/media/base64.js +34 -0
package/dist/media/local-roots.js +32 -0
package/dist/media/outbound-attachment.js +10 -0
package/dist/media/read-response-with-limit.js +41 -0
package/dist/media/sniff-mime-from-base64.js +19 -0
package/dist/media-understanding/audio-preflight.js +67 -0
package/dist/media-understanding/fs.js +13 -0
package/dist/media-understanding/output-extract.js +26 -0
package/dist/media-understanding/providers/audio.test-helpers.js +34 -0
package/dist/media-understanding/providers/google/inline-data.js +64 -0
package/dist/media-understanding/providers/shared.js +7 -0
package/dist/media-understanding/runner.entries.js +459 -0
package/dist/memory/batch-error-utils.js +11 -0
package/dist/memory/batch-http.js +27 -0
package/dist/memory/batch-output.js +29 -0
package/dist/memory/batch-runner.js +22 -0
package/dist/memory/batch-upload.js +23 -0
package/dist/memory/batch-utils.js +26 -0
package/dist/memory/embeddings-debug.js +11 -0
package/dist/memory/embeddings-remote-client.js +22 -0
package/dist/memory/embeddings-remote-fetch.js +14 -0
package/dist/memory/embeddings.js +36 -9
package/dist/memory/hybrid.js +24 -5
package/dist/memory/manager-embedding-ops.js +616 -0
package/dist/memory/manager-sync-ops.js +953 -0
package/dist/memory/manager.js +76 -28
package/dist/memory/mmr.js +164 -0
package/dist/memory/qmd-manager.js +1061 -0
package/dist/memory/qmd-query-parser.js +107 -0
package/dist/memory/qmd-scope.js +93 -0
package/dist/memory/query-expansion.js +331 -0
package/dist/memory/search-manager.js +0 -1
package/dist/memory/sync-index.js +21 -0
package/dist/memory/sync-progress.js +22 -0
package/dist/memory/sync-stale.js +30 -0
package/dist/memory/temporal-decay.js +119 -0
package/dist/memory/test-embeddings-mock.js +16 -0
package/dist/memory/test-manager-helpers.js +14 -0
package/dist/memory/test-runtime-mocks.js +11 -0
package/dist/node-host/invoke-browser.js +177 -0
package/dist/node-host/invoke.js +685 -0
package/dist/pairing/setup-code.js +285 -0
package/dist/plugin-sdk/account-id.js +1 -0
package/dist/plugin-sdk/agent-media-payload.js +13 -0
package/dist/plugin-sdk/allow-from.js +47 -0
package/dist/plugin-sdk/command-auth.js +23 -0
package/dist/plugin-sdk/config-paths.js +9 -0
package/dist/plugin-sdk/file-lock.js +116 -0
package/dist/plugin-sdk/json-store.js +31 -0
package/dist/plugin-sdk/onboarding.js +28 -0
package/dist/plugin-sdk/provider-auth-result.js +29 -0
package/dist/plugin-sdk/slack-message-actions.js +133 -0
package/dist/plugin-sdk/status-helpers.js +35 -0
package/dist/plugin-sdk/text-chunking.js +31 -0
package/dist/plugin-sdk/tool-send.js +12 -0
package/dist/plugin-sdk/webhook-path.js +27 -0
package/dist/plugin-sdk/webhook-targets.js +34 -0
package/dist/plugins/hooks.test-helpers.js +21 -0
package/dist/plugins/uninstall.js +171 -0
package/dist/process/kill-tree.js +98 -0
package/dist/process/supervisor/adapters/child.js +143 -0
package/dist/process/supervisor/adapters/env.js +13 -0
package/dist/process/supervisor/adapters/pty.js +148 -0
package/dist/process/supervisor/index.js +10 -0
package/dist/process/supervisor/registry.js +117 -0
package/dist/process/supervisor/supervisor.js +244 -0
package/dist/process/supervisor/types.js +1 -0
package/dist/providers/google-shared.test-helpers.js +75 -0
package/dist/security/audit-channel.js +419 -0
package/dist/security/audit-tool-policy.js +1 -0
package/dist/security/scan-paths.js +12 -0
package/dist/sessions/input-provenance.js +55 -0
package/dist/sessions/session-key-utils.js +7 -0
package/dist/shared/chat-content.js +31 -0
package/dist/shared/chat-envelope.js +45 -0
package/dist/shared/config-eval.js +117 -0
package/dist/shared/device-auth.js +16 -0
package/dist/shared/entry-metadata.js +9 -0
package/dist/shared/entry-status.js +25 -0
package/dist/shared/frontmatter.js +98 -0
package/dist/shared/model-param-b.js +19 -0
package/dist/shared/net/ipv4.js +17 -0
package/dist/shared/node-match.js +53 -0
package/dist/shared/pid-alive.js +12 -0
package/dist/shared/process-scoped-map.js +10 -0
package/dist/shared/requirements.js +128 -0
package/dist/shared/subagents-format.js +84 -0
package/dist/shared/usage-aggregates.js +28 -0
package/dist/signal/monitor/mentions.js +45 -0
package/dist/signal/rpc-context.js +19 -0
package/dist/slack/blocks-fallback.js +76 -0
package/dist/slack/blocks-input.js +40 -0
package/dist/slack/draft-stream.js +106 -0
package/dist/slack/message-actions.js +51 -0
package/dist/slack/modal-metadata.js +32 -0
package/dist/slack/monitor/events/interactions.js +462 -0
package/dist/slack/monitor/room-context.js +17 -0
package/dist/slack/stream-mode.js +41 -0
package/dist/telegram/bot-native-command-menu.js +64 -0
package/dist/telegram/bot.media.e2e-harness.js +81 -0
package/dist/telegram/button-types.js +1 -0
package/dist/telegram/group-access.js +65 -0
package/dist/telegram/outbound-params.js +21 -0
package/dist/telegram/poll-vote-cache.js +21 -0
package/dist/terminal/health-style.js +36 -0
package/dist/test-utils/chunk-test-helpers.js +21 -0
package/dist/test-utils/env.js +72 -0
package/dist/test-utils/exec-assertions.js +12 -0
package/dist/test-utils/imessage-test-plugin.js +54 -0
package/dist/test-utils/mock-http-response.js +17 -0
package/dist/test-utils/vitest-mock-fn.js +1 -0
package/dist/tts/tts-core.js +550 -0
package/dist/utils/chunk-items.js +10 -0
package/dist/utils/reaction-level.js +52 -0
package/dist/utils/safe-json.js +22 -0
package/dist/utils/with-timeout.js +14 -0
package/dist/web/media.js +17 -5
package/dist/whatsapp/resolve-outbound-target.js +42 -0
package/dist/wizard/onboarding.completion.js +74 -0
package/extensions/bluebubbles/package.json +1 -1
package/extensions/bluebubbles/src/account-resolve.ts +29 -0
package/extensions/bluebubbles/src/monitor-normalize.ts +796 -0
package/extensions/bluebubbles/src/monitor-processing.ts +1007 -0
package/extensions/bluebubbles/src/monitor-reply-cache.ts +185 -0
package/extensions/bluebubbles/src/monitor-shared.ts +51 -0
package/extensions/bluebubbles/src/multipart.ts +32 -0
package/extensions/bluebubbles/src/send-helpers.ts +53 -0
package/extensions/bluebubbles/src/test-harness.ts +50 -0
package/extensions/bluebubbles/src/test-mocks.ts +11 -0
package/extensions/copilot-proxy/package.json +1 -1
package/extensions/device-pair/index.ts +554 -0
package/extensions/diagnostics-otel/package.json +1 -1
package/extensions/discord/package.json +1 -1
package/extensions/discord/src/channel.js +366 -0
package/extensions/discord/src/runtime.js +10 -0
package/extensions/feishu/index.ts +63 -0
package/extensions/feishu/src/accounts.ts +114 -0
package/extensions/feishu/src/bitable.ts +739 -0
package/extensions/feishu/src/bot.ts +965 -0
package/extensions/feishu/src/channel.ts +351 -0
package/extensions/feishu/src/client.ts +118 -0
package/extensions/feishu/src/config-schema.ts +206 -0
package/extensions/feishu/src/dedup.ts +33 -0
package/extensions/feishu/src/directory.ts +177 -0
package/extensions/feishu/src/doc-schema.ts +47 -0
package/extensions/feishu/src/docx.ts +536 -0
package/extensions/feishu/src/drive-schema.ts +46 -0
package/extensions/feishu/src/drive.ts +227 -0
package/extensions/feishu/src/dynamic-agent.ts +131 -0
package/extensions/feishu/src/media.ts +449 -0
package/extensions/feishu/src/mention.ts +126 -0
package/extensions/feishu/src/monitor.ts +330 -0
package/extensions/feishu/src/onboarding.ts +359 -0
package/extensions/feishu/src/outbound.ts +55 -0
package/extensions/feishu/src/perm-schema.ts +52 -0
package/extensions/feishu/src/perm.ts +173 -0
package/extensions/feishu/src/policy.ts +84 -0
package/extensions/feishu/src/probe.ts +44 -0
package/extensions/feishu/src/reactions.ts +160 -0
package/extensions/feishu/src/reply-dispatcher.ts +239 -0
package/extensions/feishu/src/runtime.ts +14 -0
package/extensions/feishu/src/send-result.ts +29 -0
package/extensions/feishu/src/send.ts +335 -0
package/extensions/feishu/src/streaming-card.ts +223 -0
package/extensions/feishu/src/targets.ts +78 -0
package/extensions/feishu/src/tools-config.ts +21 -0
package/extensions/feishu/src/types.ts +81 -0
package/extensions/feishu/src/typing.ts +80 -0
package/extensions/feishu/src/wiki-schema.ts +55 -0
package/extensions/feishu/src/wiki.ts +232 -0
package/extensions/google-antigravity-auth/package.json +1 -1
package/extensions/google-gemini-cli-auth/package.json +1 -1
package/extensions/googlechat/package.json +1 -1
package/extensions/imessage/package.json +1 -1
package/extensions/imessage/src/channel.js +253 -0
package/extensions/imessage/src/runtime.js +10 -0
package/extensions/irc/index.ts +17 -0
package/extensions/irc/src/accounts.ts +268 -0
package/extensions/irc/src/channel.ts +367 -0
package/extensions/irc/src/client.ts +439 -0
package/extensions/irc/src/config-schema.ts +97 -0
package/extensions/irc/src/connect-options.ts +30 -0
package/extensions/irc/src/control-chars.ts +22 -0
package/extensions/irc/src/inbound.ts +334 -0
package/extensions/irc/src/monitor.ts +147 -0
package/extensions/irc/src/normalize.ts +117 -0
package/extensions/irc/src/onboarding.ts +479 -0
package/extensions/irc/src/policy.ts +157 -0
package/extensions/irc/src/probe.ts +53 -0
package/extensions/irc/src/protocol.ts +169 -0
package/extensions/irc/src/runtime.ts +14 -0
package/extensions/irc/src/send.ts +88 -0
package/extensions/irc/src/types.ts +93 -0
package/extensions/line/package.json +1 -1
package/extensions/llm-task/package.json +1 -1
package/extensions/lobster/package.json +1 -1
package/extensions/matrix/CHANGELOG.md +5 -0
package/extensions/matrix/package.json +1 -1
package/extensions/matrix/src/matrix/client-bootstrap.ts +39 -0
package/extensions/mattermost/package.json +1 -1
package/extensions/mattermost/src/mattermost/monitor-onchar.ts +25 -0
package/extensions/mattermost/src/mattermost/monitor-websocket.ts +221 -0
package/extensions/mattermost/src/mattermost/reactions.ts +130 -0
package/extensions/mattermost/src/mattermost/reconnect.ts +103 -0
package/extensions/memory-core/package.json +1 -1
package/extensions/memory-lancedb/package.json +1 -1
package/extensions/minimax-portal-auth/index.ts +161 -0
package/extensions/minimax-portal-auth/oauth.ts +247 -0
package/extensions/msteams/CHANGELOG.md +5 -0
package/extensions/msteams/package.json +1 -1
package/extensions/msteams/src/file-lock.ts +1 -0
package/extensions/msteams/src/graph.ts +92 -0
package/extensions/msteams/src/mentions.ts +114 -0
package/extensions/msteams/src/test-runtime.ts +16 -0
package/extensions/nextcloud-talk/package.json +1 -1
package/extensions/nostr/CHANGELOG.md +5 -0
package/extensions/nostr/package.json +1 -1
package/extensions/open-prose/package.json +1 -1
package/extensions/openai-codex-auth/index.ts +177 -0
package/extensions/phone-control/index.ts +421 -0
package/extensions/shared/resolve-target-test-helpers.ts +66 -0
package/extensions/signal/package.json +1 -1
package/extensions/signal/src/channel.js +273 -0
package/extensions/signal/src/runtime.js +10 -0
package/extensions/slack/package.json +1 -1
package/extensions/slack/src/channel.js +489 -0
package/extensions/slack/src/runtime.js +10 -0
package/extensions/talk-voice/index.ts +150 -0
package/extensions/telegram/package.json +1 -1
package/extensions/telegram/src/channel.js +424 -0
package/extensions/telegram/src/runtime.js +10 -0
package/extensions/thread-ownership/index.ts +133 -0
package/extensions/tlon/package.json +1 -1
package/extensions/tlon/src/account-fields.ts +25 -0
package/extensions/tlon/src/urbit/base-url.ts +57 -0
package/extensions/tlon/src/urbit/channel-client.ts +157 -0
package/extensions/tlon/src/urbit/channel-ops.ts +164 -0
package/extensions/tlon/src/urbit/context.ts +47 -0
package/extensions/tlon/src/urbit/errors.ts +51 -0
package/extensions/tlon/src/urbit/fetch.ts +39 -0
package/extensions/twitch/CHANGELOG.md +5 -0
package/extensions/twitch/package.json +1 -1
package/extensions/twitch/src/test-fixtures.ts +30 -0
package/extensions/voice-call/CHANGELOG.md +5 -0
package/extensions/voice-call/package.json +1 -1
package/extensions/voice-call/src/allowlist.ts +19 -0
package/extensions/whatsapp/package.json +1 -1
package/extensions/whatsapp/src/channel.js +429 -0
package/extensions/whatsapp/src/runtime.js +10 -0
package/extensions/zalo/CHANGELOG.md +5 -0
package/extensions/zalo/package.json +1 -1
package/extensions/zalouser/CHANGELOG.md +5 -0
package/extensions/zalouser/package.json +1 -1
package/package.json +1 -1

package/dist/infra/exec-approvals.js CHANGED Viewed

@@ -35,6 +35,19 @@ export function resolveExecApprovalsPath() {
 export function resolveExecApprovalsSocketPath() {
     return expandHome(DEFAULT_SOCKET);
 }
+export function mergeExecApprovalsSocketDefaults(params) {
+    const currentSocketPath = params.current?.socket?.path?.trim();
+    const currentToken = params.current?.socket?.token?.trim();
+    const socketPath = params.normalized.socket?.path?.trim() ?? currentSocketPath ?? resolveExecApprovalsSocketPath();
+    const token = params.normalized.socket?.token?.trim() ?? currentToken ?? "";
+    return {
+        ...params.normalized,
+        socket: {
+            path: socketPath,
+            token,
+        },
+    };
+}
 function normalizeAllowlistPattern(value) {
     const trimmed = value?.trim() ?? "";
     return trimmed ? trimmed.toLowerCase() : null;

package/dist/infra/file-lock.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ export { acquireFileLock, withFileLock } from "../plugin-sdk/file-lock.js";

package/dist/infra/gemini-auth.js ADDED Viewed

@@ -0,0 +1,39 @@
+/**
+ * Shared Gemini authentication utilities.
+ *
+ * Supports both traditional API keys and OAuth JSON format.
+ */
+/**
+ * Parse Gemini API key and return appropriate auth headers.
+ *
+ * OAuth format: `{"token": "...", "projectId": "..."}`
+ *
+ * @param apiKey - Either a traditional API key string or OAuth JSON
+ * @returns Headers object with appropriate authentication
+ */
+export function parseGeminiAuth(apiKey) {
+    // Try parsing as OAuth JSON format
+    if (apiKey.startsWith("{")) {
+        try {
+            const parsed = JSON.parse(apiKey);
+            if (typeof parsed.token === "string" && parsed.token) {
+                return {
+                    headers: {
+                        Authorization: `Bearer ${parsed.token}`,
+                        "Content-Type": "application/json",
+                    },
+                };
+            }
+        }
+        catch {
+            // Parse failed, fallback to API key mode
+        }
+    }
+    // Default: traditional API key
+    return {
+        headers: {
+            "x-goog-api-key": apiKey,
+            "Content-Type": "application/json",
+        },
+    };
+}

package/dist/infra/heartbeat-active-hours.js ADDED Viewed

@@ -0,0 +1,85 @@
+import { resolveUserTimezone } from "../agents/date-time.js";
+const ACTIVE_HOURS_TIME_PATTERN = /^([01]\d|2[0-3]|24):([0-5]\d)$/;
+function resolveActiveHoursTimezone(cfg, raw) {
+    const trimmed = raw?.trim();
+    if (!trimmed || trimmed === "user") {
+        return resolveUserTimezone(cfg.agents?.defaults?.userTimezone);
+    }
+    if (trimmed === "local") {
+        const host = Intl.DateTimeFormat().resolvedOptions().timeZone;
+        return host?.trim() || "UTC";
+    }
+    try {
+        new Intl.DateTimeFormat("en-US", { timeZone: trimmed }).format(new Date());
+        return trimmed;
+    }
+    catch {
+        return resolveUserTimezone(cfg.agents?.defaults?.userTimezone);
+    }
+}
+function parseActiveHoursTime(opts, raw) {
+    if (!raw || !ACTIVE_HOURS_TIME_PATTERN.test(raw)) {
+        return null;
+    }
+    const [hourStr, minuteStr] = raw.split(":");
+    const hour = Number(hourStr);
+    const minute = Number(minuteStr);
+    if (!Number.isFinite(hour) || !Number.isFinite(minute)) {
+        return null;
+    }
+    if (hour === 24) {
+        if (!opts.allow24 || minute !== 0) {
+            return null;
+        }
+        return 24 * 60;
+    }
+    return hour * 60 + minute;
+}
+function resolveMinutesInTimeZone(nowMs, timeZone) {
+    try {
+        const parts = new Intl.DateTimeFormat("en-US", {
+            timeZone,
+            hour: "2-digit",
+            minute: "2-digit",
+            hourCycle: "h23",
+        }).formatToParts(new Date(nowMs));
+        const map = {};
+        for (const part of parts) {
+            if (part.type !== "literal") {
+                map[part.type] = part.value;
+            }
+        }
+        const hour = Number(map.hour);
+        const minute = Number(map.minute);
+        if (!Number.isFinite(hour) || !Number.isFinite(minute)) {
+            return null;
+        }
+        return hour * 60 + minute;
+    }
+    catch {
+        return null;
+    }
+}
+export function isWithinActiveHours(cfg, heartbeat, nowMs) {
+    const active = heartbeat?.activeHours;
+    if (!active) {
+        return true;
+    }
+    const startMin = parseActiveHoursTime({ allow24: false }, active.start);
+    const endMin = parseActiveHoursTime({ allow24: true }, active.end);
+    if (startMin === null || endMin === null) {
+        return true;
+    }
+    if (startMin === endMin) {
+        return true;
+    }
+    const timeZone = resolveActiveHoursTimezone(cfg, active.timezone);
+    const currentMin = resolveMinutesInTimeZone(nowMs ?? Date.now(), timeZone);
+    if (currentMin === null) {
+        return true;
+    }
+    if (endMin > startMin) {
+        return currentMin >= startMin && currentMin < endMin;
+    }
+    return currentMin >= startMin || currentMin < endMin;
+}

package/dist/infra/heartbeat-events-filter.js ADDED Viewed

@@ -0,0 +1,50 @@
+import { HEARTBEAT_TOKEN } from "../auto-reply/tokens.js";
+// Build a dynamic prompt for cron events by embedding the actual event content.
+// This ensures the model sees the reminder text directly instead of relying on
+// "shown in the system messages above" which may not be visible in context.
+export function buildCronEventPrompt(pendingEvents) {
+    const eventText = pendingEvents.join("\n").trim();
+    if (!eventText) {
+        return ("A scheduled cron event was triggered, but no event content was found. " +
+            "Reply HEARTBEAT_OK.");
+    }
+    return ("A scheduled reminder has been triggered. The reminder content is:\n\n" +
+        eventText +
+        "\n\nPlease relay this reminder to the user in a helpful and friendly way.");
+}
+const HEARTBEAT_OK_PREFIX = HEARTBEAT_TOKEN.toLowerCase();
+// Detect heartbeat-specific noise so cron reminders don't trigger on non-reminder events.
+function isHeartbeatAckEvent(evt) {
+    const trimmed = evt.trim();
+    if (!trimmed) {
+        return false;
+    }
+    const lower = trimmed.toLowerCase();
+    if (!lower.startsWith(HEARTBEAT_OK_PREFIX)) {
+        return false;
+    }
+    const suffix = lower.slice(HEARTBEAT_OK_PREFIX.length);
+    if (suffix.length === 0) {
+        return true;
+    }
+    return !/[a-z0-9_]/.test(suffix[0]);
+}
+function isHeartbeatNoiseEvent(evt) {
+    const lower = evt.trim().toLowerCase();
+    if (!lower) {
+        return false;
+    }
+    return (isHeartbeatAckEvent(lower) ||
+        lower.includes("heartbeat poll") ||
+        lower.includes("heartbeat wake"));
+}
+export function isExecCompletionEvent(evt) {
+    return evt.toLowerCase().includes("exec finished");
+}
+// Returns true when a system event should be treated as real cron reminder content.
+export function isCronSystemEvent(evt) {
+    if (!evt.trim()) {
+        return false;
+    }
+    return !isHeartbeatNoiseEvent(evt) && !isExecCompletionEvent(evt);
+}

package/dist/infra/heartbeat-runner.test-utils.js ADDED Viewed

@@ -0,0 +1,39 @@
+import fs from "node:fs/promises";
+import os from "node:os";
+import path from "node:path";
+import { vi } from "vitest";
+import * as replyModule from "../auto-reply/reply.js";
+export async function seedSessionStore(storePath, sessionKey, session) {
+    await fs.writeFile(storePath, JSON.stringify({
+        [sessionKey]: {
+            sessionId: session.sessionId ?? "sid",
+            updatedAt: session.updatedAt ?? Date.now(),
+            ...session,
+        },
+    }, null, 2));
+}
+export async function withTempHeartbeatSandbox(fn, options) {
+    const tmpDir = await fs.mkdtemp(path.join(os.tmpdir(), options?.prefix ?? "openclaw-hb-"));
+    const storePath = path.join(tmpDir, "sessions.json");
+    const replySpy = vi.spyOn(replyModule, "getReplyFromConfig");
+    const previousEnv = new Map();
+    for (const envName of options?.unsetEnvVars ?? []) {
+        previousEnv.set(envName, process.env[envName]);
+        process.env[envName] = "";
+    }
+    try {
+        return await fn({ tmpDir, storePath, replySpy });
+    }
+    finally {
+        replySpy.mockRestore();
+        for (const [envName, previousValue] of previousEnv.entries()) {
+            if (previousValue === undefined) {
+                delete process.env[envName];
+            }
+            else {
+                process.env[envName] = previousValue;
+            }
+        }
+        await fs.rm(tmpDir, { recursive: true, force: true });
+    }
+}

package/dist/infra/http-body.js ADDED Viewed

@@ -0,0 +1,265 @@
+export const DEFAULT_WEBHOOK_MAX_BODY_BYTES = 1024 * 1024;
+export const DEFAULT_WEBHOOK_BODY_TIMEOUT_MS = 30_000;
+const DEFAULT_ERROR_MESSAGE = {
+    PAYLOAD_TOO_LARGE: "PayloadTooLarge",
+    REQUEST_BODY_TIMEOUT: "RequestBodyTimeout",
+    CONNECTION_CLOSED: "RequestBodyConnectionClosed",
+};
+const DEFAULT_ERROR_STATUS_CODE = {
+    PAYLOAD_TOO_LARGE: 413,
+    REQUEST_BODY_TIMEOUT: 408,
+    CONNECTION_CLOSED: 400,
+};
+const DEFAULT_RESPONSE_MESSAGE = {
+    PAYLOAD_TOO_LARGE: "Payload too large",
+    REQUEST_BODY_TIMEOUT: "Request body timeout",
+    CONNECTION_CLOSED: "Connection closed",
+};
+export class RequestBodyLimitError extends Error {
+    code;
+    statusCode;
+    constructor(init) {
+        super(init.message ?? DEFAULT_ERROR_MESSAGE[init.code]);
+        this.name = "RequestBodyLimitError";
+        this.code = init.code;
+        this.statusCode = DEFAULT_ERROR_STATUS_CODE[init.code];
+    }
+}
+export function isRequestBodyLimitError(error, code) {
+    if (!(error instanceof RequestBodyLimitError)) {
+        return false;
+    }
+    if (!code) {
+        return true;
+    }
+    return error.code === code;
+}
+export function requestBodyErrorToText(code) {
+    return DEFAULT_RESPONSE_MESSAGE[code];
+}
+function parseContentLengthHeader(req) {
+    const header = req.headers["content-length"];
+    const raw = Array.isArray(header) ? header[0] : header;
+    if (typeof raw !== "string") {
+        return null;
+    }
+    const parsed = Number.parseInt(raw, 10);
+    if (!Number.isFinite(parsed) || parsed < 0) {
+        return null;
+    }
+    return parsed;
+}
+export async function readRequestBodyWithLimit(req, options) {
+    const maxBytes = Number.isFinite(options.maxBytes)
+        ? Math.max(1, Math.floor(options.maxBytes))
+        : 1;
+    const timeoutMs = typeof options.timeoutMs === "number" && Number.isFinite(options.timeoutMs)
+        ? Math.max(1, Math.floor(options.timeoutMs))
+        : DEFAULT_WEBHOOK_BODY_TIMEOUT_MS;
+    const encoding = options.encoding ?? "utf-8";
+    const declaredLength = parseContentLengthHeader(req);
+    if (declaredLength !== null && declaredLength > maxBytes) {
+        const error = new RequestBodyLimitError({ code: "PAYLOAD_TOO_LARGE" });
+        if (!req.destroyed) {
+            // Limit violations are expected user input; destroying with an Error causes
+            // an async 'error' event which can crash the process if no listener remains.
+            req.destroy();
+        }
+        throw error;
+    }
+    return await new Promise((resolve, reject) => {
+        let done = false;
+        let ended = false;
+        let totalBytes = 0;
+        const chunks = [];
+        const cleanup = () => {
+            req.removeListener("data", onData);
+            req.removeListener("end", onEnd);
+            req.removeListener("error", onError);
+            req.removeListener("close", onClose);
+            clearTimeout(timer);
+        };
+        const finish = (cb) => {
+            if (done) {
+                return;
+            }
+            done = true;
+            cleanup();
+            cb();
+        };
+        const fail = (error) => {
+            finish(() => reject(error));
+        };
+        const timer = setTimeout(() => {
+            const error = new RequestBodyLimitError({ code: "REQUEST_BODY_TIMEOUT" });
+            if (!req.destroyed) {
+                req.destroy();
+            }
+            fail(error);
+        }, timeoutMs);
+        const onData = (chunk) => {
+            if (done) {
+                return;
+            }
+            const buffer = Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk);
+            totalBytes += buffer.length;
+            if (totalBytes > maxBytes) {
+                const error = new RequestBodyLimitError({ code: "PAYLOAD_TOO_LARGE" });
+                if (!req.destroyed) {
+                    req.destroy();
+                }
+                fail(error);
+                return;
+            }
+            chunks.push(buffer);
+        };
+        const onEnd = () => {
+            ended = true;
+            finish(() => resolve(Buffer.concat(chunks).toString(encoding)));
+        };
+        const onError = (error) => {
+            if (done) {
+                return;
+            }
+            fail(error);
+        };
+        const onClose = () => {
+            if (done || ended) {
+                return;
+            }
+            fail(new RequestBodyLimitError({ code: "CONNECTION_CLOSED" }));
+        };
+        req.on("data", onData);
+        req.on("end", onEnd);
+        req.on("error", onError);
+        req.on("close", onClose);
+    });
+}
+export async function readJsonBodyWithLimit(req, options) {
+    try {
+        const raw = await readRequestBodyWithLimit(req, options);
+        const trimmed = raw.trim();
+        if (!trimmed) {
+            if (options.emptyObjectOnEmpty === false) {
+                return { ok: false, code: "INVALID_JSON", error: "empty payload" };
+            }
+            return { ok: true, value: {} };
+        }
+        try {
+            return { ok: true, value: JSON.parse(trimmed) };
+        }
+        catch (error) {
+            return {
+                ok: false,
+                code: "INVALID_JSON",
+                error: error instanceof Error ? error.message : String(error),
+            };
+        }
+    }
+    catch (error) {
+        if (isRequestBodyLimitError(error)) {
+            return { ok: false, code: error.code, error: requestBodyErrorToText(error.code) };
+        }
+        return {
+            ok: false,
+            code: "INVALID_JSON",
+            error: error instanceof Error ? error.message : String(error),
+        };
+    }
+}
+export function installRequestBodyLimitGuard(req, res, options) {
+    const maxBytes = Number.isFinite(options.maxBytes)
+        ? Math.max(1, Math.floor(options.maxBytes))
+        : 1;
+    const timeoutMs = typeof options.timeoutMs === "number" && Number.isFinite(options.timeoutMs)
+        ? Math.max(1, Math.floor(options.timeoutMs))
+        : DEFAULT_WEBHOOK_BODY_TIMEOUT_MS;
+    const responseFormat = options.responseFormat ?? "json";
+    const customText = options.responseText ?? {};
+    let tripped = false;
+    let reason = null;
+    let done = false;
+    let ended = false;
+    let totalBytes = 0;
+    const cleanup = () => {
+        req.removeListener("data", onData);
+        req.removeListener("end", onEnd);
+        req.removeListener("close", onClose);
+        req.removeListener("error", onError);
+        clearTimeout(timer);
+    };
+    const finish = () => {
+        if (done) {
+            return;
+        }
+        done = true;
+        cleanup();
+    };
+    const respond = (error) => {
+        const text = customText[error.code] ?? requestBodyErrorToText(error.code);
+        if (!res.headersSent) {
+            res.statusCode = error.statusCode;
+            if (responseFormat === "text") {
+                res.setHeader("Content-Type", "text/plain; charset=utf-8");
+                res.end(text);
+            }
+            else {
+                res.setHeader("Content-Type", "application/json; charset=utf-8");
+                res.end(JSON.stringify({ error: text }));
+            }
+        }
+    };
+    const trip = (error) => {
+        if (tripped) {
+            return;
+        }
+        tripped = true;
+        reason = error.code;
+        finish();
+        respond(error);
+        if (!req.destroyed) {
+            // Limit violations are expected user input; destroying with an Error causes
+            // an async 'error' event which can crash the process if no listener remains.
+            req.destroy();
+        }
+    };
+    const onData = (chunk) => {
+        if (done) {
+            return;
+        }
+        const buffer = Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk);
+        totalBytes += buffer.length;
+        if (totalBytes > maxBytes) {
+            trip(new RequestBodyLimitError({ code: "PAYLOAD_TOO_LARGE" }));
+        }
+    };
+    const onEnd = () => {
+        ended = true;
+        finish();
+    };
+    const onClose = () => {
+        if (done || ended) {
+            return;
+        }
+        finish();
+    };
+    const onError = () => {
+        finish();
+    };
+    const timer = setTimeout(() => {
+        trip(new RequestBodyLimitError({ code: "REQUEST_BODY_TIMEOUT" }));
+    }, timeoutMs);
+    req.on("data", onData);
+    req.on("end", onEnd);
+    req.on("close", onClose);
+    req.on("error", onError);
+    const declaredLength = parseContentLengthHeader(req);
+    if (declaredLength !== null && declaredLength > maxBytes) {
+        trip(new RequestBodyLimitError({ code: "PAYLOAD_TOO_LARGE" }));
+    }
+    return {
+        dispose: finish,
+        isTripped: () => tripped,
+        code: () => reason,
+    };
+}

package/dist/infra/install-package-dir.js ADDED Viewed

@@ -0,0 +1,50 @@
+import fs from "node:fs/promises";
+import { runCommandWithTimeout } from "../process/exec.js";
+import { fileExists } from "./archive.js";
+export async function installPackageDir(params) {
+    params.logger?.info?.(`Installing to ${params.targetDir}…`);
+    let backupDir = null;
+    if (params.mode === "update" && (await fileExists(params.targetDir))) {
+        backupDir = `${params.targetDir}.backup-${Date.now()}`;
+        await fs.rename(params.targetDir, backupDir);
+    }
+    const rollback = async () => {
+        if (!backupDir) {
+            return;
+        }
+        await fs.rm(params.targetDir, { recursive: true, force: true }).catch(() => undefined);
+        await fs.rename(backupDir, params.targetDir).catch(() => undefined);
+    };
+    try {
+        await fs.cp(params.sourceDir, params.targetDir, { recursive: true });
+    }
+    catch (err) {
+        await rollback();
+        return { ok: false, error: `${params.copyErrorPrefix}: ${String(err)}` };
+    }
+    try {
+        await params.afterCopy?.();
+    }
+    catch (err) {
+        await rollback();
+        return { ok: false, error: `post-copy validation failed: ${String(err)}` };
+    }
+    if (params.hasDeps) {
+        params.logger?.info?.(params.depsLogMessage);
+        const npmRes = await runCommandWithTimeout(["npm", "install", "--omit=dev", "--silent", "--ignore-scripts"], {
+            timeoutMs: Math.max(params.timeoutMs, 300_000),
+            cwd: params.targetDir,
+        });
+        if (npmRes.code !== 0) {
+            await rollback();
+            return {
+                ok: false,
+                error: `npm install failed: ${npmRes.stderr.trim() || npmRes.stdout.trim()}`,
+            };
+        }
+    }
+    if (backupDir) {
+        await fs.rm(backupDir, { recursive: true, force: true }).catch(() => undefined);
+    }
+    return { ok: true };
+}

package/dist/infra/install-safe-path.js ADDED Viewed

@@ -0,0 +1,49 @@
+import { createHash } from "node:crypto";
+import path from "node:path";
+export function unscopedPackageName(name) {
+    const trimmed = name.trim();
+    if (!trimmed) {
+        return trimmed;
+    }
+    return trimmed.includes("/") ? (trimmed.split("/").pop() ?? trimmed) : trimmed;
+}
+export function safeDirName(input) {
+    const trimmed = input.trim();
+    if (!trimmed) {
+        return trimmed;
+    }
+    return trimmed.replaceAll("/", "__").replaceAll("\\", "__");
+}
+export function safePathSegmentHashed(input) {
+    const trimmed = input.trim();
+    const base = trimmed
+        .replaceAll(/[\\/]/g, "-")
+        .replaceAll(/[^a-zA-Z0-9._-]/g, "-")
+        .replaceAll(/-+/g, "-")
+        .replaceAll(/^-+/g, "")
+        .replaceAll(/-+$/g, "");
+    const normalized = base.length > 0 ? base : "skill";
+    const safe = normalized === "." || normalized === ".." ? "skill" : normalized;
+    const hash = createHash("sha256").update(trimmed).digest("hex").slice(0, 10);
+    if (safe !== trimmed) {
+        const prefix = safe.length > 50 ? safe.slice(0, 50) : safe;
+        return `${prefix}-${hash}`;
+    }
+    if (safe.length > 60) {
+        return `${safe.slice(0, 50)}-${hash}`;
+    }
+    return safe;
+}
+export function resolveSafeInstallDir(params) {
+    const targetDir = path.join(params.baseDir, safeDirName(params.id));
+    const resolvedBase = path.resolve(params.baseDir);
+    const resolvedTarget = path.resolve(targetDir);
+    const relative = path.relative(resolvedBase, resolvedTarget);
+    if (!relative ||
+        relative === ".." ||
+        relative.startsWith(`..${path.sep}`) ||
+        path.isAbsolute(relative)) {
+        return { ok: false, error: params.invalidNameMessage };
+    }
+    return { ok: true, path: targetDir };
+}

package/dist/infra/json-files.js ADDED Viewed

@@ -0,0 +1,49 @@
+import { randomUUID } from "node:crypto";
+import fs from "node:fs/promises";
+import path from "node:path";
+export async function readJsonFile(filePath) {
+    try {
+        const raw = await fs.readFile(filePath, "utf8");
+        return JSON.parse(raw);
+    }
+    catch {
+        return null;
+    }
+}
+export async function writeJsonAtomic(filePath, value, options) {
+    const mode = options?.mode ?? 0o600;
+    const dir = path.dirname(filePath);
+    await fs.mkdir(dir, { recursive: true });
+    const tmp = `${filePath}.${randomUUID()}.tmp`;
+    await fs.writeFile(tmp, JSON.stringify(value, null, 2), "utf8");
+    try {
+        await fs.chmod(tmp, mode);
+    }
+    catch {
+        // best-effort; ignore on platforms without chmod
+    }
+    await fs.rename(tmp, filePath);
+    try {
+        await fs.chmod(filePath, mode);
+    }
+    catch {
+        // best-effort; ignore on platforms without chmod
+    }
+}
+export function createAsyncLock() {
+    let lock = Promise.resolve();
+    return async function withLock(fn) {
+        const prev = lock;
+        let release;
+        lock = new Promise((resolve) => {
+            release = resolve;
+        });
+        await prev;
+        try {
+            return await fn();
+        }
+        finally {
+            release?.();
+        }
+    };
+}