@poolzin/pool-bot 2026.2.11 → 2026.2.18

package/dist/agents/pi-tools.js

@@ -5,12 +5,13 @@ import { createApplyPatchTool } from "./apply-patch.js";
 import { createExecTool, createProcessTool, } from "./bash-tools.js";
 import { listChannelAgentTools } from "./channel-tools.js";
 import { createPoolBotTools } from "./poolbot-tools.js";
+import { resolveAgentConfig } from "./agent-scope.js";
 import { wrapToolWithAbortSignal } from "./pi-tools.abort.js";
 import { wrapToolWithBeforeToolCallHook } from "./pi-tools.before-tool-call.js";
 import { filterToolsByPolicy, isToolAllowedByPolicies, resolveEffectiveToolPolicy, resolveGroupToolPolicy, resolveSubagentToolPolicy, } from "./pi-tools.policy.js";
 import { assertRequiredParams, CLAUDE_PARAM_GROUPS, createPoolbotReadTool, createSandboxedEditTool, createSandboxedReadTool, createSandboxedWriteTool, normalizeToolParams, patchToolSchemaForClaudeCompatibility, wrapToolParamNormalization, } from "./pi-tools.read.js";
 import { cleanToolSchemaForGemini, normalizeToolParameters } from "./pi-tools.schema.js";
-import { buildPluginToolGroups, collectExplicitAllowlist, expandPolicyWithPluginGroups, normalizeToolName, resolveToolProfilePolicy, stripPluginOnlyAllowlist, applyOwnerOnlyToolPolicy, } from "./tool-policy.js";
+import { buildPluginToolGroups, collectExplicitAllowlist, expandPolicyWithPluginGroups, mergeAlsoAllowPolicy, normalizeToolName, resolveToolProfilePolicy, stripPluginOnlyAllowlist, applyOwnerOnlyToolPolicy, } from "./tool-policy.js";
 import { getPluginToolMeta } from "../plugins/tools.js";
 import { logWarn } from "../logger.js";
 function isOpenAIProvider(provider) {
@@ -53,6 +54,26 @@ function resolveExecConfig(cfg) {
         applyPatch: globalExec?.applyPatch,
     };
 }
+export function resolveToolLoopDetectionConfig(params) {
+    const global = params.cfg?.tools?.loopDetection;
+    const agent = params.agentId && params.cfg
+        ? resolveAgentConfig(params.cfg, params.agentId)?.tools?.loopDetection
+        : undefined;
+    if (!agent) {
+        return global;
+    }
+    if (!global) {
+        return agent;
+    }
+    return {
+        ...global,
+        ...agent,
+        detectors: {
+            ...global.detectors,
+            ...agent.detectors,
+        },
+    };
+}
 export const __testing = {
     cleanToolSchemaForGemini,
     normalizeToolParams,
@@ -60,6 +81,8 @@ export const __testing = {
     wrapToolParamNormalization,
     assertRequiredParams,
 };
+/** Alias for upstream compatibility — callers importing the upstream name get the pool-bot version. */
+export const createOpenClawCodingTools = createPoolbotCodingTools;
 export function createPoolbotCodingTools(options) {
     const execToolName = "exec";
     const sandbox = options?.sandbox?.enabled ? options.sandbox : undefined;
@@ -85,13 +108,8 @@ export function createPoolbotCodingTools(options) {
     });
     const profilePolicy = resolveToolProfilePolicy(profile);
     const providerProfilePolicy = resolveToolProfilePolicy(providerProfile);
-    const mergeAlsoAllow = (policy, alsoAllow) => {
-        if (!policy?.allow || !Array.isArray(alsoAllow) || alsoAllow.length === 0)
-            return policy;
-        return { ...policy, allow: Array.from(new Set([...policy.allow, ...alsoAllow])) };
-    };
-    const profilePolicyWithAlsoAllow = mergeAlsoAllow(profilePolicy, profileAlsoAllow);
-    const providerProfilePolicyWithAlsoAllow = mergeAlsoAllow(providerProfilePolicy, providerProfileAlsoAllow);
+    const profilePolicyWithAlsoAllow = mergeAlsoAllowPolicy(profilePolicy, profileAlsoAllow);
+    const providerProfilePolicyWithAlsoAllow = mergeAlsoAllowPolicy(providerProfilePolicy, providerProfileAlsoAllow);
     const scopeKey = options?.exec?.scopeKey ?? (agentId ? `agent:${agentId}` : undefined);
     const subagentPolicy = isSubagentSessionKey(options?.sessionKey) && options?.sessionKey
         ? resolveSubagentToolPolicy(options.config)
@@ -292,10 +310,12 @@ export function createPoolbotCodingTools(options) {
         : sandboxed;
     // Always normalize tool JSON Schemas before handing them to pi-agent/pi-ai.
     // Without this, some providers (notably OpenAI) will reject root-level union schemas.
-    const normalized = subagentFiltered.map(normalizeToolParameters);
+    // Provider-specific cleaning: Gemini needs constraint keywords stripped, but Anthropic expects them.
+    const normalized = subagentFiltered.map((tool) => normalizeToolParameters(tool, { modelProvider: options?.modelProvider }));
     const withHooks = normalized.map((tool) => wrapToolWithBeforeToolCallHook(tool, {
         agentId,
         sessionKey: options?.sessionKey,
+        loopDetection: resolveToolLoopDetectionConfig({ cfg: options?.config, agentId }),
     }));
     const withAbort = options?.abortSignal
         ? withHooks.map((tool) => wrapToolWithAbortSignal(tool, options.abortSignal))

package/dist/agents/pi-tools.policy.js

@@ -1,63 +1,42 @@
 import { getChannelDock } from "../channels/dock.js";
 import { resolveChannelGroupToolsPolicy } from "../config/group-policy.js";
+import { resolveThreadParentSessionKey } from "../sessions/session-key-utils.js";
+import { normalizeMessageChannel } from "../utils/message-channel.js";
 import { resolveAgentConfig, resolveAgentIdFromSessionKey } from "./agent-scope.js";
+import { compileGlobPatterns, matchesAnyGlobPattern } from "./glob-pattern.js";
+import { pickSandboxToolPolicy } from "./sandbox-tool-policy.js";
 import { expandToolGroups, normalizeToolName } from "./tool-policy.js";
-import { normalizeMessageChannel } from "../utils/message-channel.js";
-import { resolveThreadParentSessionKey } from "../sessions/session-key-utils.js";
-function compilePattern(pattern) {
-    const normalized = normalizeToolName(pattern);
-    if (!normalized)
-        return { kind: "exact", value: "" };
-    if (normalized === "*")
-        return { kind: "all" };
-    if (!normalized.includes("*"))
-        return { kind: "exact", value: normalized };
-    const escaped = normalized.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
-    return {
-        kind: "regex",
-        value: new RegExp(`^${escaped.replaceAll("\\*", ".*")}$`),
-    };
-}
-function compilePatterns(patterns) {
-    if (!Array.isArray(patterns))
-        return [];
-    return expandToolGroups(patterns)
-        .map(compilePattern)
-        .filter((pattern) => pattern.kind !== "exact" || pattern.value);
-}
-function matchesAny(name, patterns) {
-    for (const pattern of patterns) {
-        if (pattern.kind === "all")
-            return true;
-        if (pattern.kind === "exact" && name === pattern.value)
-            return true;
-        if (pattern.kind === "regex" && pattern.value.test(name))
-            return true;
-    }
-    return false;
-}
 function makeToolPolicyMatcher(policy) {
-    const deny = compilePatterns(policy.deny);
-    const allow = compilePatterns(policy.allow);
+    const deny = compileGlobPatterns({
+        raw: expandToolGroups(policy.deny ?? []),
+        normalize: normalizeToolName,
+    });
+    const allow = compileGlobPatterns({
+        raw: expandToolGroups(policy.allow ?? []),
+        normalize: normalizeToolName,
+    });
     return (name) => {
         const normalized = normalizeToolName(name);
-        if (matchesAny(normalized, deny))
+        if (matchesAnyGlobPattern(normalized, deny)) {
             return false;
-        if (allow.length === 0)
+        }
+        if (allow.length === 0) {
             return true;
-        if (matchesAny(normalized, allow))
+        }
+        if (matchesAnyGlobPattern(normalized, allow)) {
             return true;
-        if (normalized === "apply_patch" && matchesAny("exec", allow))
+        }
+        if (normalized === "apply_patch" && matchesAnyGlobPattern("exec", allow)) {
             return true;
+        }
         return false;
     };
 }
-const DEFAULT_SUBAGENT_TOOL_DENY = [
-    // Session management - main agent orchestrates
-    "sessions_list",
-    "sessions_history",
-    "sessions_send",
-    "sessions_spawn",
+/**
+ * Tools always denied for sub-agents regardless of depth.
+ * These are system-level or interactive tools that sub-agents should never use.
+ */
+const SUBAGENT_TOOL_DENY_ALWAYS = [
     // System admin - dangerous from subagent
     "gateway",
     "agents_list",
@@ -69,85 +48,95 @@ const DEFAULT_SUBAGENT_TOOL_DENY = [
     // Memory - pass relevant info in spawn prompt instead
     "memory_search",
     "memory_get",
+    // Direct session sends - subagents communicate through announce chain
+    "sessions_send",
 ];
-export function resolveSubagentToolPolicy(cfg) {
+/**
+ * Additional tools denied for leaf sub-agents (depth >= maxSpawnDepth).
+ * These are tools that only make sense for orchestrator sub-agents that can spawn children.
+ */
+const SUBAGENT_TOOL_DENY_LEAF = ["sessions_list", "sessions_history", "sessions_spawn"];
+/**
+ * Build the deny list for a sub-agent at a given depth.
+ *
+ * - Depth 1 with maxSpawnDepth >= 2 (orchestrator): allowed to use sessions_spawn,
+ *   subagents, sessions_list, sessions_history so it can manage its children.
+ * - Depth >= maxSpawnDepth (leaf): denied sessions_spawn and
+ *   session management tools. Still allowed subagents (for list/status visibility).
+ */
+function resolveSubagentDenyList(depth, maxSpawnDepth) {
+    const isLeaf = depth >= Math.max(1, Math.floor(maxSpawnDepth));
+    if (isLeaf) {
+        return [...SUBAGENT_TOOL_DENY_ALWAYS, ...SUBAGENT_TOOL_DENY_LEAF];
+    }
+    // Orchestrator sub-agent: only deny the always-denied tools.
+    // sessions_spawn, subagents, sessions_list, sessions_history are allowed.
+    return [...SUBAGENT_TOOL_DENY_ALWAYS];
+}
+export function resolveSubagentToolPolicy(cfg, depth) {
     const configured = cfg?.tools?.subagents?.tools;
-    const deny = [
-        ...DEFAULT_SUBAGENT_TOOL_DENY,
-        ...(Array.isArray(configured?.deny) ? configured.deny : []),
-    ];
+    const maxSpawnDepth = cfg?.agents?.defaults?.subagents?.maxSpawnDepth ?? 1;
+    const effectiveDepth = typeof depth === "number" && depth >= 0 ? depth : 1;
+    const baseDeny = resolveSubagentDenyList(effectiveDepth, maxSpawnDepth);
+    const deny = [...baseDeny, ...(Array.isArray(configured?.deny) ? configured.deny : [])];
     const allow = Array.isArray(configured?.allow) ? configured.allow : undefined;
     return { allow, deny };
 }
 export function isToolAllowedByPolicyName(name, policy) {
-    if (!policy)
+    if (!policy) {
         return true;
+    }
     return makeToolPolicyMatcher(policy)(name);
 }
 export function filterToolsByPolicy(tools, policy) {
-    if (!policy)
+    if (!policy) {
         return tools;
+    }
     const matcher = makeToolPolicyMatcher(policy);
     return tools.filter((tool) => matcher(tool.name));
 }
-function unionAllow(base, extra) {
-    if (!Array.isArray(extra) || extra.length === 0)
-        return base;
-    // If the user is using alsoAllow without an allowlist, treat it as additive on top of
-    // an implicit allow-all policy.
-    if (!Array.isArray(base) || base.length === 0) {
-        return Array.from(new Set(["*", ...extra]));
-    }
-    return Array.from(new Set([...base, ...extra]));
-}
-function pickToolPolicy(config) {
-    if (!config)
-        return undefined;
-    const allow = Array.isArray(config.allow)
-        ? unionAllow(config.allow, config.alsoAllow)
-        : Array.isArray(config.alsoAllow) && config.alsoAllow.length > 0
-            ? unionAllow(undefined, config.alsoAllow)
-            : undefined;
-    const deny = Array.isArray(config.deny) ? config.deny : undefined;
-    if (!allow && !deny)
-        return undefined;
-    return { allow, deny };
-}
 function normalizeProviderKey(value) {
     return value.trim().toLowerCase();
 }
 function resolveGroupContextFromSessionKey(sessionKey) {
     const raw = (sessionKey ?? "").trim();
-    if (!raw)
+    if (!raw) {
         return {};
+    }
     const base = resolveThreadParentSessionKey(raw) ?? raw;
     const parts = base.split(":").filter(Boolean);
     let body = parts[0] === "agent" ? parts.slice(2) : parts;
     if (body[0] === "subagent") {
         body = body.slice(1);
     }
-    if (body.length < 3)
+    if (body.length < 3) {
         return {};
+    }
     const [channel, kind, ...rest] = body;
-    if (kind !== "group" && kind !== "channel")
+    if (kind !== "group" && kind !== "channel") {
         return {};
+    }
     const groupId = rest.join(":").trim();
-    if (!groupId)
+    if (!groupId) {
         return {};
+    }
     return { channel: channel.trim().toLowerCase(), groupId };
 }
 function resolveProviderToolPolicy(params) {
     const provider = params.modelProvider?.trim();
-    if (!provider || !params.byProvider)
+    if (!provider || !params.byProvider) {
         return undefined;
+    }
     const entries = Object.entries(params.byProvider);
-    if (entries.length === 0)
+    if (entries.length === 0) {
         return undefined;
+    }
     const lookup = new Map();
     for (const [key, value] of entries) {
         const normalized = normalizeProviderKey(key);
-        if (!normalized)
+        if (!normalized) {
             continue;
+        }
         lookup.set(normalized, value);
     }
     const normalizedProvider = normalizeProviderKey(provider);
@@ -156,8 +145,9 @@ function resolveProviderToolPolicy(params) {
     const candidates = [...(fullModelId ? [fullModelId] : []), normalizedProvider];
     for (const key of candidates) {
         const match = lookup.get(key);
-        if (match)
+        if (match) {
             return match;
+        }
     }
     return undefined;
 }
@@ -179,10 +169,10 @@ export function resolveEffectiveToolPolicy(params) {
     });
     return {
         agentId,
-        globalPolicy: pickToolPolicy(globalTools),
-        globalProviderPolicy: pickToolPolicy(providerPolicy),
-        agentPolicy: pickToolPolicy(agentTools),
-        agentProviderPolicy: pickToolPolicy(agentProviderPolicy),
+        globalPolicy: pickSandboxToolPolicy(globalTools),
+        globalProviderPolicy: pickSandboxToolPolicy(providerPolicy),
+        agentPolicy: pickSandboxToolPolicy(agentTools),
+        agentProviderPolicy: pickSandboxToolPolicy(agentProviderPolicy),
         profile,
         providerProfile: agentProviderPolicy?.profile ?? providerPolicy?.profile,
         // alsoAllow is applied at the profile stage (to avoid being filtered out early).
@@ -199,17 +189,20 @@ export function resolveEffectiveToolPolicy(params) {
     };
 }
 export function resolveGroupToolPolicy(params) {
-    if (!params.config)
+    if (!params.config) {
         return undefined;
+    }
     const sessionContext = resolveGroupContextFromSessionKey(params.sessionKey);
     const spawnedContext = resolveGroupContextFromSessionKey(params.spawnedBy);
     const groupId = params.groupId ?? sessionContext.groupId ?? spawnedContext.groupId;
-    if (!groupId)
+    if (!groupId) {
         return undefined;
+    }
     const channelRaw = params.messageProvider ?? sessionContext.channel ?? spawnedContext.channel;
     const channel = normalizeMessageChannel(channelRaw);
-    if (!channel)
+    if (!channel) {
         return undefined;
+    }
     let dock;
     try {
         dock = getChannelDock(channel);
@@ -238,7 +231,7 @@ export function resolveGroupToolPolicy(params) {
             senderUsername: params.senderUsername,
             senderE164: params.senderE164,
         });
-    return pickToolPolicy(toolsConfig);
+    return pickSandboxToolPolicy(toolsConfig);
 }
 export function isToolAllowedByPolicies(name, policies) {
     return policies.every((policy) => isToolAllowedByPolicyName(name, policy));

package/dist/agents/pi-tools.schema.js

@@ -1,12 +1,15 @@
 import { cleanSchemaForGemini } from "./schema/clean-for-gemini.js";
 function extractEnumValues(schema) {
-    if (!schema || typeof schema !== "object")
+    if (!schema || typeof schema !== "object") {
         return undefined;
+    }
     const record = schema;
-    if (Array.isArray(record.enum))
+    if (Array.isArray(record.enum)) {
         return record.enum;
-    if ("const" in record)
+    }
+    if ("const" in record) {
         return [record.const];
+    }
     const variants = Array.isArray(record.anyOf)
         ? record.anyOf
         : Array.isArray(record.oneOf)
@@ -22,50 +25,61 @@ function extractEnumValues(schema) {
     return undefined;
 }
 function mergePropertySchemas(existing, incoming) {
-    if (!existing)
+    if (!existing) {
         return incoming;
-    if (!incoming)
+    }
+    if (!incoming) {
         return existing;
+    }
     const existingEnum = extractEnumValues(existing);
     const incomingEnum = extractEnumValues(incoming);
     if (existingEnum || incomingEnum) {
         const values = Array.from(new Set([...(existingEnum ?? []), ...(incomingEnum ?? [])]));
         const merged = {};
         for (const source of [existing, incoming]) {
-            if (!source || typeof source !== "object")
+            if (!source || typeof source !== "object") {
                 continue;
+            }
             const record = source;
             for (const key of ["title", "description", "default"]) {
-                if (!(key in merged) && key in record)
+                if (!(key in merged) && key in record) {
                     merged[key] = record[key];
+                }
             }
         }
         const types = new Set(values.map((value) => typeof value));
-        if (types.size === 1)
+        if (types.size === 1) {
             merged.type = Array.from(types)[0];
+        }
         merged.enum = values;
         return merged;
     }
     return existing;
 }
-export function normalizeToolParameters(tool) {
+export function normalizeToolParameters(tool, options) {
     const schema = tool.parameters && typeof tool.parameters === "object"
         ? tool.parameters
         : undefined;
-    if (!schema)
+    if (!schema) {
         return tool;
+    }
     // Provider quirks:
     // - Gemini rejects several JSON Schema keywords, so we scrub those.
     // - OpenAI rejects function tool schemas unless the *top-level* is `type: "object"`.
     //   (TypeBox root unions compile to `{ anyOf: [...] }` without `type`).
+    // - Anthropic (google-antigravity) expects full JSON Schema draft 2020-12 compliance.
     //
     // Normalize once here so callers can always pass `tools` through unchanged.
+    const isGeminiProvider = options?.modelProvider?.toLowerCase().includes("google") ||
+        options?.modelProvider?.toLowerCase().includes("gemini");
+    const isAnthropicProvider = options?.modelProvider?.toLowerCase().includes("anthropic") ||
+        options?.modelProvider?.toLowerCase().includes("google-antigravity");
     // If schema already has type + properties (no top-level anyOf to merge),
-    // still clean it for Gemini compatibility
+    // clean it for Gemini compatibility (but only if using Gemini, not Anthropic)
     if ("type" in schema && "properties" in schema && !Array.isArray(schema.anyOf)) {
         return {
             ...tool,
-            parameters: cleanSchemaForGemini(schema),
+            parameters: isGeminiProvider && !isAnthropicProvider ? cleanSchemaForGemini(schema) : schema,
         };
     }
     // Some tool schemas (esp. unions) may omit `type` at the top-level. If we see
@@ -74,9 +88,12 @@ export function normalizeToolParameters(tool) {
         (typeof schema.properties === "object" || Array.isArray(schema.required)) &&
         !Array.isArray(schema.anyOf) &&
         !Array.isArray(schema.oneOf)) {
+        const schemaWithType = { ...schema, type: "object" };
         return {
             ...tool,
-            parameters: cleanSchemaForGemini({ ...schema, type: "object" }),
+            parameters: isGeminiProvider && !isAnthropicProvider
+                ? cleanSchemaForGemini(schemaWithType)
+                : schemaWithType,
         };
     }
     const variantKey = Array.isArray(schema.anyOf)
@@ -84,18 +101,21 @@ export function normalizeToolParameters(tool) {
         : Array.isArray(schema.oneOf)
             ? "oneOf"
             : null;
-    if (!variantKey)
+    if (!variantKey) {
         return tool;
+    }
     const variants = schema[variantKey];
     const mergedProperties = {};
     const requiredCounts = new Map();
     let objectVariants = 0;
     for (const entry of variants) {
-        if (!entry || typeof entry !== "object")
+        if (!entry || typeof entry !== "object") {
             continue;
+        }
         const props = entry.properties;
-        if (!props || typeof props !== "object")
+        if (!props || typeof props !== "object") {
             continue;
+        }
         objectVariants += 1;
         for (const [key, value] of Object.entries(props)) {
             if (!(key in mergedProperties)) {
@@ -108,8 +128,9 @@ export function normalizeToolParameters(tool) {
             ? entry.required
             : [];
         for (const key of required) {
-            if (typeof key !== "string")
+            if (typeof key !== "string") {
                 continue;
+            }
             requiredCounts.set(key, (requiredCounts.get(key) ?? 0) + 1);
         }
     }
@@ -124,24 +145,30 @@ export function normalizeToolParameters(tool) {
                 .map(([key]) => key)
             : undefined;
     const nextSchema = { ...schema };
+    const flattenedSchema = {
+        type: "object",
+        ...(typeof nextSchema.title === "string" ? { title: nextSchema.title } : {}),
+        ...(typeof nextSchema.description === "string" ? { description: nextSchema.description } : {}),
+        properties: Object.keys(mergedProperties).length > 0 ? mergedProperties : (schema.properties ?? {}),
+        ...(mergedRequired && mergedRequired.length > 0 ? { required: mergedRequired } : {}),
+        additionalProperties: "additionalProperties" in schema ? schema.additionalProperties : true,
+    };
     return {
         ...tool,
         // Flatten union schemas into a single object schema:
         // - Gemini doesn't allow top-level `type` together with `anyOf`.
         // - OpenAI rejects schemas without top-level `type: "object"`.
+        // - Anthropic accepts proper JSON Schema with constraints.
         // Merging properties preserves useful enums like `action` while keeping schemas portable.
-        parameters: cleanSchemaForGemini({
-            type: "object",
-            ...(typeof nextSchema.title === "string" ? { title: nextSchema.title } : {}),
-            ...(typeof nextSchema.description === "string"
-                ? { description: nextSchema.description }
-                : {}),
-            properties: Object.keys(mergedProperties).length > 0 ? mergedProperties : (schema.properties ?? {}),
-            ...(mergedRequired && mergedRequired.length > 0 ? { required: mergedRequired } : {}),
-            additionalProperties: "additionalProperties" in schema ? schema.additionalProperties : true,
-        }),
+        parameters: isGeminiProvider && !isAnthropicProvider
+            ? cleanSchemaForGemini(flattenedSchema)
+            : flattenedSchema,
     };
 }
+/**
+ * @deprecated Use normalizeToolParameters with modelProvider instead.
+ * This function should only be used for Gemini providers.
+ */
 export function cleanToolSchemaForGemini(schema) {
     return cleanSchemaForGemini(schema);
 }

package/dist/agents/queued-file-writer.js

@@ -0,0 +1,22 @@
+import fs from "node:fs/promises";
+import path from "node:path";
+export function getQueuedFileWriter(writers, filePath) {
+    const existing = writers.get(filePath);
+    if (existing) {
+        return existing;
+    }
+    const dir = path.dirname(filePath);
+    const ready = fs.mkdir(dir, { recursive: true }).catch(() => undefined);
+    let queue = Promise.resolve();
+    const writer = {
+        filePath,
+        write: (line) => {
+            queue = queue
+                .then(() => ready)
+                .then(() => fs.appendFile(filePath, line, "utf8"))
+                .catch(() => undefined);
+        },
+    };
+    writers.set(filePath, writer);
+    return writer;
+}