npm - @poolzin/pool-bot - Versions diffs - 2026.2.11 → 2026.2.18 - Mend

@poolzin/pool-bot 2026.2.11 → 2026.2.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (535) hide show

package/CHANGELOG.md +34 -0
package/dist/agents/agent-scope.js +4 -0
package/dist/agents/announce-idempotency.js +14 -0
package/dist/agents/auth-profiles/usage.js +22 -0
package/dist/agents/auth-profiles.js +1 -1
package/dist/agents/auth-profiles.resolve-auth-profile-order.fixtures.js +23 -0
package/dist/agents/bash-tools.exec-runtime.js +438 -0
package/dist/agents/bash-tools.shared.js +6 -0
package/dist/agents/cli-runner/reliability.js +61 -0
package/dist/agents/cli-watchdog-defaults.js +11 -0
package/dist/agents/command-poll-backoff.js +63 -0
package/dist/agents/current-time.js +16 -0
package/dist/agents/glob-pattern.js +42 -0
package/dist/agents/memory-search.js +33 -0
package/dist/agents/model-alias-lines.js +18 -0
package/dist/agents/model-auth-label.js +61 -0
package/dist/agents/model-fallback.js +59 -8
package/dist/agents/models-config.e2e-harness.js +115 -0
package/dist/agents/ollama-stream.js +11 -3
package/dist/agents/openclaw-tools.js +135 -0
package/dist/agents/pi-auth-json.js +118 -0
package/dist/agents/pi-embedded-runner/run.overflow-compaction.mocks.shared.js +147 -0
package/dist/agents/pi-embedded-subscribe.e2e-harness.js +90 -0
package/dist/agents/pi-embedded-subscribe.handlers.compaction.js +63 -0
package/dist/agents/pi-embedded-subscribe.handlers.tools.media.test-helpers.js +30 -0
package/dist/agents/pi-extensions/session-manager-runtime-registry.js +23 -0
package/dist/agents/pi-tools.before-tool-call.js +145 -4
package/dist/agents/pi-tools.js +29 -9
package/dist/agents/pi-tools.policy.js +85 -92
package/dist/agents/pi-tools.schema.js +54 -27
package/dist/agents/queued-file-writer.js +22 -0
package/dist/agents/sandbox/docker.js +133 -40
package/dist/agents/sandbox/fs-bridge.js +146 -0
package/dist/agents/sandbox/fs-paths.js +205 -0
package/dist/agents/sandbox/hash.js +4 -0
package/dist/agents/sandbox/validate-sandbox-security.js +157 -0
package/dist/agents/sandbox-paths.js +3 -0
package/dist/agents/sandbox-tool-policy.js +26 -0
package/dist/agents/sanitize-for-prompt.js +18 -0
package/dist/agents/session-dirs.js +20 -0
package/dist/agents/session-write-lock.js +203 -39
package/dist/agents/skills/filter.js +24 -0
package/dist/agents/skills/tools-dir.js +9 -0
package/dist/agents/skills-install-download.js +290 -0
package/dist/agents/skills-install-output.js +30 -0
package/dist/agents/skills-install.download-test-utils.js +36 -0
package/dist/agents/skills.e2e-test-helpers.js +13 -0
package/dist/agents/subagent-announce-queue.js +59 -15
package/dist/agents/subagent-depth.js +137 -0
package/dist/agents/subagent-registry.js +448 -96
package/dist/agents/subagent-spawn.js +262 -0
package/dist/agents/system-prompt.js +52 -10
package/dist/agents/test-helpers/fast-tool-stubs.js +18 -0
package/dist/agents/test-helpers/host-sandbox-fs-bridge.js +74 -0
package/dist/agents/tool-display-common.js +782 -0
package/dist/agents/tool-loop-detection.js +466 -0
package/dist/agents/tool-policy.js +6 -0
package/dist/agents/tools/image-tool.js +1 -1
package/dist/agents/tools/sessions-access.js +178 -0
package/dist/agents/tools/sessions-resolution.js +206 -0
package/dist/agents/tools/subagents-tool.js +616 -0
package/dist/agents/workspace-dir.js +18 -0
package/dist/agents/workspace-dirs.js +14 -0
package/dist/agents/workspace.js +70 -0
package/dist/auto-reply/heartbeat-reply-payload.js +18 -0
package/dist/auto-reply/reply/commands-export-session.js +163 -0
package/dist/auto-reply/reply/commands-mesh.js +245 -0
package/dist/auto-reply/reply/commands-setunset.js +28 -0
package/dist/auto-reply/reply/commands-slash-parse.js +31 -0
package/dist/auto-reply/reply/commands-system-prompt.js +117 -0
package/dist/auto-reply/reply/directive-handling.levels.js +17 -0
package/dist/auto-reply/reply/directive-handling.params.js +1 -0
package/dist/auto-reply/reply/directive-parsing.js +36 -0
package/dist/auto-reply/reply/dispatcher-registry.js +43 -0
package/dist/auto-reply/reply/elevated-unavailable.js +20 -0
package/dist/auto-reply/reply/post-compaction-audit.js +96 -0
package/dist/auto-reply/reply/post-compaction-context.js +98 -0
package/dist/auto-reply/reply/reply-delivery.js +92 -0
package/dist/auto-reply/reply/session-reset-prompt.js +1 -0
package/dist/auto-reply/reply/session-run-accounting.js +33 -0
package/dist/auto-reply/reply.directive.directive-behavior.e2e-harness.js +115 -0
package/dist/auto-reply/reply.directive.directive-behavior.e2e-mocks.js +12 -0
package/dist/browser/bridge-auth-registry.js +26 -0
package/dist/browser/client-actions-url.js +10 -0
package/dist/browser/control-auth.js +73 -0
package/dist/browser/csrf.js +64 -0
package/dist/browser/http-auth.js +52 -0
package/dist/browser/paths.js +37 -0
package/dist/browser/proxy-files.js +32 -0
package/dist/browser/pw-ai-state.js +7 -0
package/dist/browser/resolved-config-refresh.js +42 -0
package/dist/browser/routes/path-output.js +1 -0
package/dist/browser/server-context.chrome-test-harness.js +20 -0
package/dist/browser/server-middleware.js +31 -0
package/dist/browser/test-port.js +16 -0
package/dist/build-info.json +3 -3
package/dist/canvas-host/file-resolver.js +43 -0
package/dist/channels/account-summary.js +19 -0
package/dist/channels/draft-stream-loop.js +77 -0
package/dist/channels/plugins/account-helpers.js +26 -0
package/dist/channels/telegram/allow-from.js +10 -0
package/dist/cli/browser-cli-resize.js +22 -0
package/dist/cli/browser-cli-shared.js +8 -0
package/dist/cli/clawbot-cli.js +5 -0
package/dist/cli/completion-cli.js +566 -0
package/dist/cli/config-cli.js +63 -5
package/dist/cli/daemon-cli/lifecycle-core.js +256 -0
package/dist/cli/daemon-cli/register-service-commands.js +60 -0
package/dist/cli/daemon-cli-compat.js +80 -0
package/dist/cli/nodes-cli/pairing-render.js +26 -0
package/dist/cli/program/action-reparse.js +17 -0
package/dist/cli/program/command-registry.js +17 -0
package/dist/cli/program/program-context.js +8 -0
package/dist/cli/program/register.subclis.js +7 -0
package/dist/cli/program/routes.js +233 -0
package/dist/cli/qr-cli.js +132 -0
package/dist/cli/requirements-test-fixtures.js +17 -0
package/dist/cli/respawn-policy.js +4 -0
package/dist/cli/shared/parse-port.js +18 -0
package/dist/cli/skills-cli.format.js +241 -0
package/dist/cli/update-cli/progress.js +121 -0
package/dist/cli/update-cli/restart-helper.js +108 -0
package/dist/cli/update-cli/shared.js +196 -0
package/dist/cli/update-cli/status.js +97 -0
package/dist/cli/update-cli/suppress-deprecations.js +17 -0
package/dist/cli/update-cli/update-command.js +506 -0
package/dist/cli/update-cli/wizard.js +130 -0
package/dist/cli/update-cli.js +3 -9
package/dist/cli/windows-argv.js +69 -0
package/dist/commands/auth-choice-legacy.js +20 -0
package/dist/commands/auth-choice.apply-helpers.js +8 -0
package/dist/commands/channel-test-helpers.js +19 -0
package/dist/commands/cleanup-plan.js +10 -0
package/dist/commands/cleanup-utils.js +7 -0
package/dist/commands/config-validation.js +15 -0
package/dist/commands/doctor-completion.js +112 -0
package/dist/commands/doctor-memory-search.js +119 -0
package/dist/commands/doctor-session-locks.js +73 -0
package/dist/commands/doctor.e2e-harness.js +364 -0
package/dist/commands/gateway-presence.js +19 -0
package/dist/commands/model-default.js +35 -0
package/dist/commands/models/fallbacks-shared.js +102 -0
package/dist/commands/models/shared.js +24 -0
package/dist/commands/onboard-auth.config-gateways.js +64 -0
package/dist/commands/onboard-auth.config-litellm.js +45 -0
package/dist/commands/onboard-auth.config-shared.js +116 -0
package/dist/commands/onboard-config.js +16 -0
package/dist/commands/onboard-non-interactive.test-helpers.js +31 -0
package/dist/commands/onboard-provider-auth-flags.js +136 -0
package/dist/commands/openai-codex-oauth.js +40 -0
package/dist/commands/test-runtime-config-helpers.js +21 -0
package/dist/commands/test-wizard-helpers.js +68 -0
package/dist/commands/vllm-setup.js +66 -0
package/dist/compat/legacy-names.js +2 -0
package/dist/config/backup-rotation.js +19 -0
package/dist/config/env-preserve.js +122 -0
package/dist/config/includes-scan.js +78 -0
package/dist/config/plugins-allowlist.js +13 -0
package/dist/config/schema.help.js +256 -0
package/dist/config/schema.hints.js +189 -0
package/dist/config/schema.irc.js +20 -0
package/dist/config/schema.labels.js +317 -0
package/dist/config/sessions/delivery-info.js +40 -0
package/dist/config/types.irc.js +1 -0
package/dist/config/zod-schema.agent-defaults.js +14 -0
package/dist/config/zod-schema.agent-model.js +10 -0
package/dist/config/zod-schema.agent-runtime.js +14 -0
package/dist/config/zod-schema.allowdeny.js +35 -0
package/dist/config/zod-schema.sensitive.js +4 -0
package/dist/control-ui/assets/index-HRr1grwl.js.map +1 -1
package/dist/cron/isolated-agent/skills-snapshot.js +26 -0
package/dist/cron/isolated-agent/subagent-followup.js +127 -0
package/dist/cron/isolated-agent.mocks.js +12 -0
package/dist/cron/isolated-agent.test-setup.js +22 -0
package/dist/cron/legacy-delivery.js +43 -0
package/dist/cron/webhook-url.js +22 -0
package/dist/daemon/arg-split.js +40 -0
package/dist/daemon/exec-file.js +23 -0
package/dist/daemon/output.js +6 -0
package/dist/daemon/runtime-format.js +31 -0
package/dist/daemon/schtasks-exec.js +4 -0
package/dist/daemon/service-audit.js +22 -0
package/dist/discord/client.js +41 -0
package/dist/discord/components-registry.js +57 -0
package/dist/discord/components.js +816 -0
package/dist/discord/guilds.js +12 -0
package/dist/discord/monitor/gateway-plugin.js +48 -0
package/dist/discord/monitor/presence.js +30 -0
package/dist/discord/send.components.js +115 -0
package/dist/discord/send.shared.js +4 -0
package/dist/discord/ui.js +26 -0
package/dist/discord/voice-message.js +254 -0
package/dist/gateway/agent-event-assistant-text.js +5 -0
package/dist/gateway/agent-prompt.js +33 -0
package/dist/gateway/auth-rate-limit.js +136 -0
package/dist/gateway/channel-health-monitor.js +114 -0
package/dist/gateway/control-ui-contract.js +1 -0
package/dist/gateway/control-ui-csp.js +15 -0
package/dist/gateway/gateway-config-prompts.shared.js +25 -0
package/dist/gateway/http-auth-helpers.js +18 -0
package/dist/gateway/http-common.js +18 -0
package/dist/gateway/http-endpoint-helpers.js +27 -0
package/dist/gateway/node-invoke-sanitize.js +11 -0
package/dist/gateway/node-invoke-system-run-approval.js +205 -0
package/dist/gateway/probe-auth.js +21 -0
package/dist/gateway/protocol/index.js +7 -2
package/dist/gateway/protocol/schema/mesh.js +54 -0
package/dist/gateway/protocol/schema/protocol-schemas.js +7 -0
package/dist/gateway/protocol/schema.js +1 -0
package/dist/gateway/server/ws-connection/auth-messages.js +54 -0
package/dist/gateway/server-channels.js +11 -0
package/dist/gateway/server-methods/attachment-normalize.js +16 -0
package/dist/gateway/server-methods/base-hash.js +8 -0
package/dist/gateway/server-methods/mesh.js +700 -0
package/dist/gateway/server-methods/nodes.handlers.invoke-result.js +55 -0
package/dist/gateway/server-methods/restart-request.js +13 -0
package/dist/gateway/server-methods/validation.js +8 -0
package/dist/gateway/server.agent.gateway-server-agent.mocks.js +35 -0
package/dist/gateway/server.e2e-registry-helpers.js +1 -0
package/dist/gateway/server.e2e-ws-harness.js +20 -0
package/dist/gateway/test-helpers.js +2 -0
package/dist/gateway/test-helpers.server.js +3 -1
package/dist/gateway/test-http-response.js +12 -0
package/dist/gateway/test-openai-responses-model.js +20 -0
package/dist/gateway/test-temp-config.js +30 -0
package/dist/gateway/test-with-server.js +32 -0
package/dist/hooks/bundled/bootstrap-extra-files/handler.js +46 -0
package/dist/imessage/monitor/abort-handler.js +23 -0
package/dist/imessage/monitor/inbound-processing.js +346 -0
package/dist/imessage/monitor/parse-notification.js +64 -0
package/dist/imessage/target-parsing-helpers.js +92 -0
package/dist/infra/archive.js +244 -20
package/dist/infra/detect-package-manager.js +26 -0
package/dist/infra/exec-approvals-allowlist.js +257 -0
package/dist/infra/exec-approvals-analysis.js +770 -0
package/dist/infra/exec-approvals.js +13 -0
package/dist/infra/file-lock.js +1 -0
package/dist/infra/gemini-auth.js +39 -0
package/dist/infra/heartbeat-active-hours.js +85 -0
package/dist/infra/heartbeat-events-filter.js +50 -0
package/dist/infra/heartbeat-runner.test-utils.js +39 -0
package/dist/infra/http-body.js +265 -0
package/dist/infra/install-package-dir.js +50 -0
package/dist/infra/install-safe-path.js +49 -0
package/dist/infra/json-files.js +49 -0
package/dist/infra/jsonl-socket.js +52 -0
package/dist/infra/map-size.js +14 -0
package/dist/infra/net/hostname.js +7 -0
package/dist/infra/npm-registry-spec.js +39 -0
package/dist/infra/openclaw-root.js +109 -0
package/dist/infra/outbound/delivery-queue.js +214 -0
package/dist/infra/outbound/identity.js +23 -0
package/dist/infra/outbound/message-action-params.js +307 -0
package/dist/infra/outbound/tool-payload.js +21 -0
package/dist/infra/package-json.js +23 -0
package/dist/infra/pairing-files.js +19 -0
package/dist/infra/pairing-token.js +9 -0
package/dist/infra/path-prepend.js +51 -0
package/dist/infra/path-safety.js +16 -0
package/dist/infra/process-respawn.js +49 -0
package/dist/infra/runtime-status.js +16 -0
package/dist/infra/session-cost-usage.types.js +1 -0
package/dist/infra/session-maintenance-warning.js +89 -0
package/dist/infra/system-run-command.js +78 -0
package/dist/infra/tmp-openclaw-dir.js +81 -0
package/dist/infra/tmp-poolbot-dir.js +2 -0
package/dist/infra/update-channels.js +19 -0
package/dist/line/actions.js +45 -0
package/dist/line/channel-access-token.js +9 -0
package/dist/line/flex-templates/basic-cards.js +332 -0
package/dist/line/flex-templates/common.js +18 -0
package/dist/line/flex-templates/media-control-cards.js +453 -0
package/dist/line/flex-templates/message.js +10 -0
package/dist/line/flex-templates/schedule-cards.js +399 -0
package/dist/line/flex-templates/types.js +1 -0
package/dist/line/webhook-node.js +100 -0
package/dist/line/webhook-utils.js +11 -0
package/dist/logging/diagnostic-session-state.js +73 -0
package/dist/logging/diagnostic.js +22 -0
package/dist/logging/timestamps.js +14 -0
package/dist/markdown/whatsapp.js +62 -0
package/dist/media/base64.js +34 -0
package/dist/media/local-roots.js +32 -0
package/dist/media/outbound-attachment.js +10 -0
package/dist/media/read-response-with-limit.js +41 -0
package/dist/media/sniff-mime-from-base64.js +19 -0
package/dist/media-understanding/audio-preflight.js +67 -0
package/dist/media-understanding/fs.js +13 -0
package/dist/media-understanding/output-extract.js +26 -0
package/dist/media-understanding/providers/audio.test-helpers.js +34 -0
package/dist/media-understanding/providers/google/inline-data.js +64 -0
package/dist/media-understanding/providers/shared.js +7 -0
package/dist/media-understanding/runner.entries.js +459 -0
package/dist/memory/batch-error-utils.js +11 -0
package/dist/memory/batch-http.js +27 -0
package/dist/memory/batch-output.js +29 -0
package/dist/memory/batch-runner.js +22 -0
package/dist/memory/batch-upload.js +23 -0
package/dist/memory/batch-utils.js +26 -0
package/dist/memory/embeddings-debug.js +11 -0
package/dist/memory/embeddings-remote-client.js +22 -0
package/dist/memory/embeddings-remote-fetch.js +14 -0
package/dist/memory/embeddings.js +36 -9
package/dist/memory/hybrid.js +24 -5
package/dist/memory/manager-embedding-ops.js +616 -0
package/dist/memory/manager-sync-ops.js +953 -0
package/dist/memory/manager.js +76 -28
package/dist/memory/mmr.js +164 -0
package/dist/memory/qmd-manager.js +1061 -0
package/dist/memory/qmd-query-parser.js +107 -0
package/dist/memory/qmd-scope.js +93 -0
package/dist/memory/query-expansion.js +331 -0
package/dist/memory/search-manager.js +0 -1
package/dist/memory/sync-index.js +21 -0
package/dist/memory/sync-progress.js +22 -0
package/dist/memory/sync-stale.js +30 -0
package/dist/memory/temporal-decay.js +119 -0
package/dist/memory/test-embeddings-mock.js +16 -0
package/dist/memory/test-manager-helpers.js +14 -0
package/dist/memory/test-runtime-mocks.js +11 -0
package/dist/node-host/invoke-browser.js +177 -0
package/dist/node-host/invoke.js +685 -0
package/dist/pairing/setup-code.js +285 -0
package/dist/plugin-sdk/account-id.js +1 -0
package/dist/plugin-sdk/agent-media-payload.js +13 -0
package/dist/plugin-sdk/allow-from.js +47 -0
package/dist/plugin-sdk/command-auth.js +23 -0
package/dist/plugin-sdk/config-paths.js +9 -0
package/dist/plugin-sdk/file-lock.js +116 -0
package/dist/plugin-sdk/json-store.js +31 -0
package/dist/plugin-sdk/onboarding.js +28 -0
package/dist/plugin-sdk/provider-auth-result.js +29 -0
package/dist/plugin-sdk/slack-message-actions.js +133 -0
package/dist/plugin-sdk/status-helpers.js +35 -0
package/dist/plugin-sdk/text-chunking.js +31 -0
package/dist/plugin-sdk/tool-send.js +12 -0
package/dist/plugin-sdk/webhook-path.js +27 -0
package/dist/plugin-sdk/webhook-targets.js +34 -0
package/dist/plugins/hooks.test-helpers.js +21 -0
package/dist/plugins/uninstall.js +171 -0
package/dist/process/kill-tree.js +98 -0
package/dist/process/supervisor/adapters/child.js +143 -0
package/dist/process/supervisor/adapters/env.js +13 -0
package/dist/process/supervisor/adapters/pty.js +148 -0
package/dist/process/supervisor/index.js +10 -0
package/dist/process/supervisor/registry.js +117 -0
package/dist/process/supervisor/supervisor.js +244 -0
package/dist/process/supervisor/types.js +1 -0
package/dist/providers/google-shared.test-helpers.js +75 -0
package/dist/security/audit-channel.js +419 -0
package/dist/security/audit-tool-policy.js +1 -0
package/dist/security/scan-paths.js +12 -0
package/dist/sessions/input-provenance.js +55 -0
package/dist/sessions/session-key-utils.js +7 -0
package/dist/shared/chat-content.js +31 -0
package/dist/shared/chat-envelope.js +45 -0
package/dist/shared/config-eval.js +117 -0
package/dist/shared/device-auth.js +16 -0
package/dist/shared/entry-metadata.js +9 -0
package/dist/shared/entry-status.js +25 -0
package/dist/shared/frontmatter.js +98 -0
package/dist/shared/model-param-b.js +19 -0
package/dist/shared/net/ipv4.js +17 -0
package/dist/shared/node-match.js +53 -0
package/dist/shared/pid-alive.js +12 -0
package/dist/shared/process-scoped-map.js +10 -0
package/dist/shared/requirements.js +128 -0
package/dist/shared/subagents-format.js +84 -0
package/dist/shared/usage-aggregates.js +28 -0
package/dist/signal/monitor/mentions.js +45 -0
package/dist/signal/rpc-context.js +19 -0
package/dist/slack/blocks-fallback.js +76 -0
package/dist/slack/blocks-input.js +40 -0
package/dist/slack/draft-stream.js +106 -0
package/dist/slack/message-actions.js +51 -0
package/dist/slack/modal-metadata.js +32 -0
package/dist/slack/monitor/events/interactions.js +462 -0
package/dist/slack/monitor/room-context.js +17 -0
package/dist/slack/stream-mode.js +41 -0
package/dist/telegram/bot-native-command-menu.js +64 -0
package/dist/telegram/bot.media.e2e-harness.js +81 -0
package/dist/telegram/button-types.js +1 -0
package/dist/telegram/group-access.js +65 -0
package/dist/telegram/outbound-params.js +21 -0
package/dist/telegram/poll-vote-cache.js +21 -0
package/dist/terminal/health-style.js +36 -0
package/dist/test-utils/chunk-test-helpers.js +21 -0
package/dist/test-utils/env.js +72 -0
package/dist/test-utils/exec-assertions.js +12 -0
package/dist/test-utils/imessage-test-plugin.js +54 -0
package/dist/test-utils/mock-http-response.js +17 -0
package/dist/test-utils/vitest-mock-fn.js +1 -0
package/dist/tts/tts-core.js +550 -0
package/dist/utils/chunk-items.js +10 -0
package/dist/utils/reaction-level.js +52 -0
package/dist/utils/safe-json.js +22 -0
package/dist/utils/with-timeout.js +14 -0
package/dist/web/media.js +17 -5
package/dist/whatsapp/resolve-outbound-target.js +42 -0
package/dist/wizard/onboarding.completion.js +74 -0
package/extensions/bluebubbles/package.json +1 -1
package/extensions/bluebubbles/src/account-resolve.ts +29 -0
package/extensions/bluebubbles/src/monitor-normalize.ts +796 -0
package/extensions/bluebubbles/src/monitor-processing.ts +1007 -0
package/extensions/bluebubbles/src/monitor-reply-cache.ts +185 -0
package/extensions/bluebubbles/src/monitor-shared.ts +51 -0
package/extensions/bluebubbles/src/multipart.ts +32 -0
package/extensions/bluebubbles/src/send-helpers.ts +53 -0
package/extensions/bluebubbles/src/test-harness.ts +50 -0
package/extensions/bluebubbles/src/test-mocks.ts +11 -0
package/extensions/copilot-proxy/package.json +1 -1
package/extensions/device-pair/index.ts +554 -0
package/extensions/diagnostics-otel/package.json +1 -1
package/extensions/discord/package.json +1 -1
package/extensions/discord/src/channel.js +366 -0
package/extensions/discord/src/runtime.js +10 -0
package/extensions/feishu/index.ts +63 -0
package/extensions/feishu/src/accounts.ts +114 -0
package/extensions/feishu/src/bitable.ts +739 -0
package/extensions/feishu/src/bot.ts +965 -0
package/extensions/feishu/src/channel.ts +351 -0
package/extensions/feishu/src/client.ts +118 -0
package/extensions/feishu/src/config-schema.ts +206 -0
package/extensions/feishu/src/dedup.ts +33 -0
package/extensions/feishu/src/directory.ts +177 -0
package/extensions/feishu/src/doc-schema.ts +47 -0
package/extensions/feishu/src/docx.ts +536 -0
package/extensions/feishu/src/drive-schema.ts +46 -0
package/extensions/feishu/src/drive.ts +227 -0
package/extensions/feishu/src/dynamic-agent.ts +131 -0
package/extensions/feishu/src/media.ts +449 -0
package/extensions/feishu/src/mention.ts +126 -0
package/extensions/feishu/src/monitor.ts +330 -0
package/extensions/feishu/src/onboarding.ts +359 -0
package/extensions/feishu/src/outbound.ts +55 -0
package/extensions/feishu/src/perm-schema.ts +52 -0
package/extensions/feishu/src/perm.ts +173 -0
package/extensions/feishu/src/policy.ts +84 -0
package/extensions/feishu/src/probe.ts +44 -0
package/extensions/feishu/src/reactions.ts +160 -0
package/extensions/feishu/src/reply-dispatcher.ts +239 -0
package/extensions/feishu/src/runtime.ts +14 -0
package/extensions/feishu/src/send-result.ts +29 -0
package/extensions/feishu/src/send.ts +335 -0
package/extensions/feishu/src/streaming-card.ts +223 -0
package/extensions/feishu/src/targets.ts +78 -0
package/extensions/feishu/src/tools-config.ts +21 -0
package/extensions/feishu/src/types.ts +81 -0
package/extensions/feishu/src/typing.ts +80 -0
package/extensions/feishu/src/wiki-schema.ts +55 -0
package/extensions/feishu/src/wiki.ts +232 -0
package/extensions/google-antigravity-auth/package.json +1 -1
package/extensions/google-gemini-cli-auth/package.json +1 -1
package/extensions/googlechat/package.json +1 -1
package/extensions/imessage/package.json +1 -1
package/extensions/imessage/src/channel.js +253 -0
package/extensions/imessage/src/runtime.js +10 -0
package/extensions/irc/index.ts +17 -0
package/extensions/irc/src/accounts.ts +268 -0
package/extensions/irc/src/channel.ts +367 -0
package/extensions/irc/src/client.ts +439 -0
package/extensions/irc/src/config-schema.ts +97 -0
package/extensions/irc/src/connect-options.ts +30 -0
package/extensions/irc/src/control-chars.ts +22 -0
package/extensions/irc/src/inbound.ts +334 -0
package/extensions/irc/src/monitor.ts +147 -0
package/extensions/irc/src/normalize.ts +117 -0
package/extensions/irc/src/onboarding.ts +479 -0
package/extensions/irc/src/policy.ts +157 -0
package/extensions/irc/src/probe.ts +53 -0
package/extensions/irc/src/protocol.ts +169 -0
package/extensions/irc/src/runtime.ts +14 -0
package/extensions/irc/src/send.ts +88 -0
package/extensions/irc/src/types.ts +93 -0
package/extensions/line/package.json +1 -1
package/extensions/llm-task/package.json +1 -1
package/extensions/lobster/package.json +1 -1
package/extensions/matrix/CHANGELOG.md +5 -0
package/extensions/matrix/package.json +1 -1
package/extensions/matrix/src/matrix/client-bootstrap.ts +39 -0
package/extensions/mattermost/package.json +1 -1
package/extensions/mattermost/src/mattermost/monitor-onchar.ts +25 -0
package/extensions/mattermost/src/mattermost/monitor-websocket.ts +221 -0
package/extensions/mattermost/src/mattermost/reactions.ts +130 -0
package/extensions/mattermost/src/mattermost/reconnect.ts +103 -0
package/extensions/memory-core/package.json +1 -1
package/extensions/memory-lancedb/package.json +1 -1
package/extensions/minimax-portal-auth/index.ts +161 -0
package/extensions/minimax-portal-auth/oauth.ts +247 -0
package/extensions/msteams/CHANGELOG.md +5 -0
package/extensions/msteams/package.json +1 -1
package/extensions/msteams/src/file-lock.ts +1 -0
package/extensions/msteams/src/graph.ts +92 -0
package/extensions/msteams/src/mentions.ts +114 -0
package/extensions/msteams/src/test-runtime.ts +16 -0
package/extensions/nextcloud-talk/package.json +1 -1
package/extensions/nostr/CHANGELOG.md +5 -0
package/extensions/nostr/package.json +1 -1
package/extensions/open-prose/package.json +1 -1
package/extensions/openai-codex-auth/index.ts +177 -0
package/extensions/phone-control/index.ts +421 -0
package/extensions/shared/resolve-target-test-helpers.ts +66 -0
package/extensions/signal/package.json +1 -1
package/extensions/signal/src/channel.js +273 -0
package/extensions/signal/src/runtime.js +10 -0
package/extensions/slack/package.json +1 -1
package/extensions/slack/src/channel.js +489 -0
package/extensions/slack/src/runtime.js +10 -0
package/extensions/talk-voice/index.ts +150 -0
package/extensions/telegram/package.json +1 -1
package/extensions/telegram/src/channel.js +424 -0
package/extensions/telegram/src/runtime.js +10 -0
package/extensions/thread-ownership/index.ts +133 -0
package/extensions/tlon/package.json +1 -1
package/extensions/tlon/src/account-fields.ts +25 -0
package/extensions/tlon/src/urbit/base-url.ts +57 -0
package/extensions/tlon/src/urbit/channel-client.ts +157 -0
package/extensions/tlon/src/urbit/channel-ops.ts +164 -0
package/extensions/tlon/src/urbit/context.ts +47 -0
package/extensions/tlon/src/urbit/errors.ts +51 -0
package/extensions/tlon/src/urbit/fetch.ts +39 -0
package/extensions/twitch/CHANGELOG.md +5 -0
package/extensions/twitch/package.json +1 -1
package/extensions/twitch/src/test-fixtures.ts +30 -0
package/extensions/voice-call/CHANGELOG.md +5 -0
package/extensions/voice-call/package.json +1 -1
package/extensions/voice-call/src/allowlist.ts +19 -0
package/extensions/whatsapp/package.json +1 -1
package/extensions/whatsapp/src/channel.js +429 -0
package/extensions/whatsapp/src/runtime.js +10 -0
package/extensions/zalo/CHANGELOG.md +5 -0
package/extensions/zalo/package.json +1 -1
package/extensions/zalouser/CHANGELOG.md +5 -0
package/extensions/zalouser/package.json +1 -1
package/package.json +1 -1

package/dist/node-host/invoke.js ADDED Viewed

@@ -0,0 +1,685 @@
+import { spawn } from "node:child_process";
+import crypto from "node:crypto";
+import fs from "node:fs";
+import path from "node:path";
+import { resolveAgentConfig } from "../agents/agent-scope.js";
+import { loadConfig } from "../config/config.js";
+import { addAllowlistEntry, analyzeArgvCommand, evaluateExecAllowlist, evaluateShellAllowlist, requiresExecApproval, normalizeExecApprovals, mergeExecApprovalsSocketDefaults, recordAllowlistUse, resolveExecApprovals, resolveSafeBins, ensureExecApprovals, readExecApprovalsSnapshot, saveExecApprovals, } from "../infra/exec-approvals.js";
+import { requestExecHostViaSocket, } from "../infra/exec-host.js";
+import { validateSystemRunCommandConsistency } from "../infra/system-run-command.js";
+import { runBrowserProxyCommand } from "./invoke-browser.js";
+const OUTPUT_CAP = 200_000;
+const OUTPUT_EVENT_TAIL = 20_000;
+const DEFAULT_NODE_PATH = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin";
+const execHostEnforced = process.env.POOLBOT_NODE_EXEC_HOST?.trim().toLowerCase() === "app";
+const execHostFallbackAllowed = process.env.POOLBOT_NODE_EXEC_FALLBACK?.trim().toLowerCase() !== "0";
+const blockedEnvKeys = new Set([
+    "NODE_OPTIONS",
+    "PYTHONHOME",
+    "PYTHONPATH",
+    "PERL5LIB",
+    "PERL5OPT",
+    "RUBYOPT",
+]);
+const blockedEnvPrefixes = ["DYLD_", "LD_"];
+function resolveExecSecurity(value) {
+    return value === "deny" || value === "allowlist" || value === "full" ? value : "allowlist";
+}
+function isCmdExeInvocation(argv) {
+    const token = argv[0]?.trim();
+    if (!token) {
+        return false;
+    }
+    const base = path.win32.basename(token).toLowerCase();
+    return base === "cmd.exe" || base === "cmd";
+}
+function resolveExecAsk(value) {
+    return value === "off" || value === "on-miss" || value === "always" ? value : "on-miss";
+}
+export function sanitizeEnv(overrides) {
+    if (!overrides) {
+        return undefined;
+    }
+    const merged = { ...process.env };
+    for (const [rawKey, value] of Object.entries(overrides)) {
+        const key = rawKey.trim();
+        if (!key) {
+            continue;
+        }
+        const upper = key.toUpperCase();
+        // PATH is part of the security boundary (command resolution + safe-bin checks). Never allow
+        // request-scoped PATH overrides from agents/gateways.
+        if (upper === "PATH") {
+            continue;
+        }
+        if (blockedEnvKeys.has(upper)) {
+            continue;
+        }
+        if (blockedEnvPrefixes.some((prefix) => upper.startsWith(prefix))) {
+            continue;
+        }
+        merged[key] = value;
+    }
+    return merged;
+}
+function truncateOutput(raw, maxChars) {
+    if (raw.length <= maxChars) {
+        return { text: raw, truncated: false };
+    }
+    return { text: `... (truncated) ${raw.slice(raw.length - maxChars)}`, truncated: true };
+}
+function redactExecApprovals(file) {
+    const socketPath = file.socket?.path?.trim();
+    return {
+        ...file,
+        socket: socketPath ? { path: socketPath } : undefined,
+    };
+}
+function requireExecApprovalsBaseHash(params, snapshot) {
+    if (!snapshot.exists) {
+        return;
+    }
+    if (!snapshot.hash) {
+        throw new Error("INVALID_REQUEST: exec approvals base hash unavailable; reload and retry");
+    }
+    const baseHash = typeof params.baseHash === "string" ? params.baseHash.trim() : "";
+    if (!baseHash) {
+        throw new Error("INVALID_REQUEST: exec approvals base hash required; reload and retry");
+    }
+    if (baseHash !== snapshot.hash) {
+        throw new Error("INVALID_REQUEST: exec approvals changed; reload and retry");
+    }
+}
+async function runCommand(argv, cwd, env, timeoutMs) {
+    return await new Promise((resolve) => {
+        let stdout = "";
+        let stderr = "";
+        let outputLen = 0;
+        let truncated = false;
+        let timedOut = false;
+        let settled = false;
+        const child = spawn(argv[0], argv.slice(1), {
+            cwd,
+            env,
+            stdio: ["ignore", "pipe", "pipe"],
+            windowsHide: true,
+        });
+        const onChunk = (chunk, target) => {
+            if (outputLen >= OUTPUT_CAP) {
+                truncated = true;
+                return;
+            }
+            const remaining = OUTPUT_CAP - outputLen;
+            const slice = chunk.length > remaining ? chunk.subarray(0, remaining) : chunk;
+            const str = slice.toString("utf8");
+            outputLen += slice.length;
+            if (target === "stdout") {
+                stdout += str;
+            }
+            else {
+                stderr += str;
+            }
+            if (chunk.length > remaining) {
+                truncated = true;
+            }
+        };
+        child.stdout?.on("data", (chunk) => onChunk(chunk, "stdout"));
+        child.stderr?.on("data", (chunk) => onChunk(chunk, "stderr"));
+        let timer;
+        if (timeoutMs && timeoutMs > 0) {
+            timer = setTimeout(() => {
+                timedOut = true;
+                try {
+                    child.kill("SIGKILL");
+                }
+                catch {
+                    // ignore
+                }
+            }, timeoutMs);
+        }
+        const finalize = (exitCode, error) => {
+            if (settled) {
+                return;
+            }
+            settled = true;
+            if (timer) {
+                clearTimeout(timer);
+            }
+            resolve({
+                exitCode,
+                timedOut,
+                success: exitCode === 0 && !timedOut && !error,
+                stdout,
+                stderr,
+                error: error ?? null,
+                truncated,
+            });
+        };
+        child.on("error", (err) => {
+            finalize(undefined, err.message);
+        });
+        child.on("exit", (code) => {
+            finalize(code === null ? undefined : code, null);
+        });
+    });
+}
+function resolveEnvPath(env) {
+    const raw = env?.PATH ??
+        env?.Path ??
+        process.env.PATH ??
+        process.env.Path ??
+        DEFAULT_NODE_PATH;
+    return raw.split(path.delimiter).filter(Boolean);
+}
+function resolveExecutable(bin, env) {
+    if (bin.includes("/") || bin.includes("\\")) {
+        return null;
+    }
+    const extensions = process.platform === "win32"
+        ? (process.env.PATHEXT ?? process.env.PathExt ?? ".EXE;.CMD;.BAT;.COM")
+            .split(";")
+            .map((ext) => ext.toLowerCase())
+        : [""];
+    for (const dir of resolveEnvPath(env)) {
+        for (const ext of extensions) {
+            const candidate = path.join(dir, bin + ext);
+            if (fs.existsSync(candidate)) {
+                return candidate;
+            }
+        }
+    }
+    return null;
+}
+async function handleSystemWhich(params, env) {
+    const bins = params.bins.map((bin) => bin.trim()).filter(Boolean);
+    const found = {};
+    for (const bin of bins) {
+        const path = resolveExecutable(bin, env);
+        if (path) {
+            found[bin] = path;
+        }
+    }
+    return { bins: found };
+}
+function buildExecEventPayload(payload) {
+    if (!payload.output) {
+        return payload;
+    }
+    const trimmed = payload.output.trim();
+    if (!trimmed) {
+        return payload;
+    }
+    const { text } = truncateOutput(trimmed, OUTPUT_EVENT_TAIL);
+    return { ...payload, output: text };
+}
+async function sendExecFinishedEvent(params) {
+    const combined = [params.result.stdout, params.result.stderr, params.result.error]
+        .filter(Boolean)
+        .join("\n");
+    await sendNodeEvent(params.client, "exec.finished", buildExecEventPayload({
+        sessionKey: params.sessionKey,
+        runId: params.runId,
+        host: "node",
+        command: params.cmdText,
+        exitCode: params.result.exitCode ?? undefined,
+        timedOut: params.result.timedOut,
+        success: params.result.success,
+        output: combined,
+    }));
+}
+async function runViaMacAppExecHost(params) {
+    const { approvals, request } = params;
+    return await requestExecHostViaSocket({
+        socketPath: approvals.socketPath,
+        token: approvals.token,
+        request,
+    });
+}
+export async function handleInvoke(frame, client, skillBins) {
+    const command = String(frame.command ?? "");
+    if (command === "system.execApprovals.get") {
+        try {
+            ensureExecApprovals();
+            const snapshot = readExecApprovalsSnapshot();
+            const payload = {
+                path: snapshot.path,
+                exists: snapshot.exists,
+                hash: snapshot.hash,
+                file: redactExecApprovals(snapshot.file),
+            };
+            await sendInvokeResult(client, frame, {
+                ok: true,
+                payloadJSON: JSON.stringify(payload),
+            });
+        }
+        catch (err) {
+            const message = String(err);
+            const code = message.toLowerCase().includes("timed out") ? "TIMEOUT" : "INVALID_REQUEST";
+            await sendInvokeResult(client, frame, {
+                ok: false,
+                error: { code, message },
+            });
+        }
+        return;
+    }
+    if (command === "system.execApprovals.set") {
+        try {
+            const params = decodeParams(frame.paramsJSON);
+            if (!params.file || typeof params.file !== "object") {
+                throw new Error("INVALID_REQUEST: exec approvals file required");
+            }
+            ensureExecApprovals();
+            const snapshot = readExecApprovalsSnapshot();
+            requireExecApprovalsBaseHash(params, snapshot);
+            const normalized = normalizeExecApprovals(params.file);
+            const next = mergeExecApprovalsSocketDefaults({ normalized, current: snapshot.file });
+            saveExecApprovals(next);
+            const nextSnapshot = readExecApprovalsSnapshot();
+            const payload = {
+                path: nextSnapshot.path,
+                exists: nextSnapshot.exists,
+                hash: nextSnapshot.hash,
+                file: redactExecApprovals(nextSnapshot.file),
+            };
+            await sendInvokeResult(client, frame, {
+                ok: true,
+                payloadJSON: JSON.stringify(payload),
+            });
+        }
+        catch (err) {
+            await sendInvokeResult(client, frame, {
+                ok: false,
+                error: { code: "INVALID_REQUEST", message: String(err) },
+            });
+        }
+        return;
+    }
+    if (command === "system.which") {
+        try {
+            const params = decodeParams(frame.paramsJSON);
+            if (!Array.isArray(params.bins)) {
+                throw new Error("INVALID_REQUEST: bins required");
+            }
+            const env = sanitizeEnv(undefined);
+            const payload = await handleSystemWhich(params, env);
+            await sendInvokeResult(client, frame, {
+                ok: true,
+                payloadJSON: JSON.stringify(payload),
+            });
+        }
+        catch (err) {
+            await sendInvokeResult(client, frame, {
+                ok: false,
+                error: { code: "INVALID_REQUEST", message: String(err) },
+            });
+        }
+        return;
+    }
+    if (command === "browser.proxy") {
+        try {
+            const payload = await runBrowserProxyCommand(frame.paramsJSON);
+            await sendInvokeResult(client, frame, {
+                ok: true,
+                payloadJSON: payload,
+            });
+        }
+        catch (err) {
+            await sendInvokeResult(client, frame, {
+                ok: false,
+                error: { code: "INVALID_REQUEST", message: String(err) },
+            });
+        }
+        return;
+    }
+    if (command !== "system.run") {
+        await sendInvokeResult(client, frame, {
+            ok: false,
+            error: { code: "UNAVAILABLE", message: "command not supported" },
+        });
+        return;
+    }
+    let params;
+    try {
+        params = decodeParams(frame.paramsJSON);
+    }
+    catch (err) {
+        await sendInvokeResult(client, frame, {
+            ok: false,
+            error: { code: "INVALID_REQUEST", message: String(err) },
+        });
+        return;
+    }
+    if (!Array.isArray(params.command) || params.command.length === 0) {
+        await sendInvokeResult(client, frame, {
+            ok: false,
+            error: { code: "INVALID_REQUEST", message: "command required" },
+        });
+        return;
+    }
+    const argv = params.command.map((item) => String(item));
+    const rawCommand = typeof params.rawCommand === "string" ? params.rawCommand.trim() : "";
+    const consistency = validateSystemRunCommandConsistency({
+        argv,
+        rawCommand: rawCommand || null,
+    });
+    if (!consistency.ok) {
+        await sendInvokeResult(client, frame, {
+            ok: false,
+            error: { code: "INVALID_REQUEST", message: consistency.message },
+        });
+        return;
+    }
+    const shellCommand = consistency.shellCommand;
+    const cmdText = consistency.cmdText;
+    const agentId = params.agentId?.trim() || undefined;
+    const cfg = loadConfig();
+    const agentExec = agentId ? resolveAgentConfig(cfg, agentId)?.tools?.exec : undefined;
+    const configuredSecurity = resolveExecSecurity(agentExec?.security ?? cfg.tools?.exec?.security);
+    const configuredAsk = resolveExecAsk(agentExec?.ask ?? cfg.tools?.exec?.ask);
+    const approvals = resolveExecApprovals(agentId, {
+        security: configuredSecurity,
+        ask: configuredAsk,
+    });
+    const security = approvals.agent.security;
+    const ask = approvals.agent.ask;
+    const autoAllowSkills = approvals.agent.autoAllowSkills;
+    const sessionKey = params.sessionKey?.trim() || "node";
+    const runId = params.runId?.trim() || crypto.randomUUID();
+    const env = sanitizeEnv(params.env ?? undefined);
+    const safeBins = resolveSafeBins(agentExec?.safeBins ?? cfg.tools?.exec?.safeBins);
+    const bins = autoAllowSkills ? await skillBins.current() : new Set();
+    let analysisOk = false;
+    let allowlistMatches = [];
+    let allowlistSatisfied = false;
+    let segments = [];
+    if (shellCommand) {
+        const allowlistEval = evaluateShellAllowlist({
+            command: shellCommand,
+            allowlist: approvals.allowlist,
+            safeBins,
+            cwd: params.cwd ?? undefined,
+            env,
+            skillBins: bins,
+            autoAllowSkills,
+            platform: process.platform,
+        });
+        analysisOk = allowlistEval.analysisOk;
+        allowlistMatches = allowlistEval.allowlistMatches;
+        allowlistSatisfied =
+            security === "allowlist" && analysisOk ? allowlistEval.allowlistSatisfied : false;
+        segments = allowlistEval.segments;
+    }
+    else {
+        const analysis = analyzeArgvCommand({ argv, cwd: params.cwd ?? undefined, env });
+        const allowlistEval = evaluateExecAllowlist({
+            analysis,
+            allowlist: approvals.allowlist,
+            safeBins,
+            cwd: params.cwd ?? undefined,
+            skillBins: bins,
+            autoAllowSkills,
+        });
+        analysisOk = analysis.ok;
+        allowlistMatches = allowlistEval.allowlistMatches;
+        allowlistSatisfied =
+            security === "allowlist" && analysisOk ? allowlistEval.allowlistSatisfied : false;
+        segments = analysis.segments;
+    }
+    const isWindows = process.platform === "win32";
+    const cmdInvocation = shellCommand
+        ? isCmdExeInvocation(segments[0]?.argv ?? [])
+        : isCmdExeInvocation(argv);
+    if (security === "allowlist" && isWindows && cmdInvocation) {
+        analysisOk = false;
+        allowlistSatisfied = false;
+    }
+    const useMacAppExec = process.platform === "darwin";
+    if (useMacAppExec) {
+        const approvalDecision = params.approvalDecision === "allow-once" || params.approvalDecision === "allow-always"
+            ? params.approvalDecision
+            : null;
+        const execRequest = {
+            command: argv,
+            rawCommand: rawCommand || shellCommand || null,
+            cwd: params.cwd ?? null,
+            env: params.env ?? null,
+            timeoutMs: params.timeoutMs ?? null,
+            needsScreenRecording: params.needsScreenRecording ?? null,
+            agentId: agentId ?? null,
+            sessionKey: sessionKey ?? null,
+            approvalDecision,
+        };
+        const response = await runViaMacAppExecHost({ approvals, request: execRequest });
+        if (!response) {
+            if (execHostEnforced || !execHostFallbackAllowed) {
+                await sendNodeEvent(client, "exec.denied", buildExecEventPayload({
+                    sessionKey,
+                    runId,
+                    host: "node",
+                    command: cmdText,
+                    reason: "companion-unavailable",
+                }));
+                await sendInvokeResult(client, frame, {
+                    ok: false,
+                    error: {
+                        code: "UNAVAILABLE",
+                        message: "COMPANION_APP_UNAVAILABLE: macOS app exec host unreachable",
+                    },
+                });
+                return;
+            }
+        }
+        else if (!response.ok) {
+            const reason = response.error.reason ?? "approval-required";
+            await sendNodeEvent(client, "exec.denied", buildExecEventPayload({
+                sessionKey,
+                runId,
+                host: "node",
+                command: cmdText,
+                reason,
+            }));
+            await sendInvokeResult(client, frame, {
+                ok: false,
+                error: { code: "UNAVAILABLE", message: response.error.message },
+            });
+            return;
+        }
+        else {
+            const result = response.payload;
+            await sendExecFinishedEvent({ client, sessionKey, runId, cmdText, result });
+            await sendInvokeResult(client, frame, {
+                ok: true,
+                payloadJSON: JSON.stringify(result),
+            });
+            return;
+        }
+    }
+    if (security === "deny") {
+        await sendNodeEvent(client, "exec.denied", buildExecEventPayload({
+            sessionKey,
+            runId,
+            host: "node",
+            command: cmdText,
+            reason: "security=deny",
+        }));
+        await sendInvokeResult(client, frame, {
+            ok: false,
+            error: { code: "UNAVAILABLE", message: "SYSTEM_RUN_DISABLED: security=deny" },
+        });
+        return;
+    }
+    const requiresAsk = requiresExecApproval({
+        ask,
+        security,
+        analysisOk,
+        allowlistSatisfied,
+    });
+    const approvalDecision = params.approvalDecision === "allow-once" || params.approvalDecision === "allow-always"
+        ? params.approvalDecision
+        : null;
+    const approvedByAsk = approvalDecision !== null || params.approved === true;
+    if (requiresAsk && !approvedByAsk) {
+        await sendNodeEvent(client, "exec.denied", buildExecEventPayload({
+            sessionKey,
+            runId,
+            host: "node",
+            command: cmdText,
+            reason: "approval-required",
+        }));
+        await sendInvokeResult(client, frame, {
+            ok: false,
+            error: { code: "UNAVAILABLE", message: "SYSTEM_RUN_DENIED: approval required" },
+        });
+        return;
+    }
+    if (approvalDecision === "allow-always" && security === "allowlist") {
+        if (analysisOk) {
+            for (const segment of segments) {
+                const pattern = segment.resolution?.resolvedPath ?? "";
+                if (pattern) {
+                    addAllowlistEntry(approvals.file, agentId, pattern);
+                }
+            }
+        }
+    }
+    if (security === "allowlist" && (!analysisOk || !allowlistSatisfied) && !approvedByAsk) {
+        await sendNodeEvent(client, "exec.denied", buildExecEventPayload({
+            sessionKey,
+            runId,
+            host: "node",
+            command: cmdText,
+            reason: "allowlist-miss",
+        }));
+        await sendInvokeResult(client, frame, {
+            ok: false,
+            error: { code: "UNAVAILABLE", message: "SYSTEM_RUN_DENIED: allowlist miss" },
+        });
+        return;
+    }
+    if (allowlistMatches.length > 0) {
+        const seen = new Set();
+        for (const match of allowlistMatches) {
+            if (!match?.pattern || seen.has(match.pattern)) {
+                continue;
+            }
+            seen.add(match.pattern);
+            recordAllowlistUse(approvals.file, agentId, match, cmdText, segments[0]?.resolution?.resolvedPath);
+        }
+    }
+    if (params.needsScreenRecording === true) {
+        await sendNodeEvent(client, "exec.denied", buildExecEventPayload({
+            sessionKey,
+            runId,
+            host: "node",
+            command: cmdText,
+            reason: "permission:screenRecording",
+        }));
+        await sendInvokeResult(client, frame, {
+            ok: false,
+            error: { code: "UNAVAILABLE", message: "PERMISSION_MISSING: screenRecording" },
+        });
+        return;
+    }
+    let execArgv = argv;
+    if (security === "allowlist" &&
+        isWindows &&
+        !approvedByAsk &&
+        shellCommand &&
+        analysisOk &&
+        allowlistSatisfied &&
+        segments.length === 1 &&
+        segments[0]?.argv.length > 0) {
+        execArgv = segments[0].argv;
+    }
+    const result = await runCommand(execArgv, params.cwd?.trim() || undefined, env, params.timeoutMs ?? undefined);
+    if (result.truncated) {
+        const suffix = "... (truncated)";
+        if (result.stderr.trim().length > 0) {
+            result.stderr = `${result.stderr}\n${suffix}`;
+        }
+        else {
+            result.stdout = `${result.stdout}\n${suffix}`;
+        }
+    }
+    await sendExecFinishedEvent({ client, sessionKey, runId, cmdText, result });
+    await sendInvokeResult(client, frame, {
+        ok: true,
+        payloadJSON: JSON.stringify({
+            exitCode: result.exitCode,
+            timedOut: result.timedOut,
+            success: result.success,
+            stdout: result.stdout,
+            stderr: result.stderr,
+            error: result.error ?? null,
+        }),
+    });
+}
+function decodeParams(raw) {
+    if (!raw) {
+        throw new Error("INVALID_REQUEST: paramsJSON required");
+    }
+    return JSON.parse(raw);
+}
+export function coerceNodeInvokePayload(payload) {
+    if (!payload || typeof payload !== "object") {
+        return null;
+    }
+    const obj = payload;
+    const id = typeof obj.id === "string" ? obj.id.trim() : "";
+    const nodeId = typeof obj.nodeId === "string" ? obj.nodeId.trim() : "";
+    const command = typeof obj.command === "string" ? obj.command.trim() : "";
+    if (!id || !nodeId || !command) {
+        return null;
+    }
+    const paramsJSON = typeof obj.paramsJSON === "string"
+        ? obj.paramsJSON
+        : obj.params !== undefined
+            ? JSON.stringify(obj.params)
+            : null;
+    const timeoutMs = typeof obj.timeoutMs === "number" ? obj.timeoutMs : null;
+    const idempotencyKey = typeof obj.idempotencyKey === "string" ? obj.idempotencyKey : null;
+    return {
+        id,
+        nodeId,
+        command,
+        paramsJSON,
+        timeoutMs,
+        idempotencyKey,
+    };
+}
+async function sendInvokeResult(client, frame, result) {
+    try {
+        await client.request("node.invoke.result", buildNodeInvokeResultParams(frame, result));
+    }
+    catch {
+        // ignore: node invoke responses are best-effort
+    }
+}
+export function buildNodeInvokeResultParams(frame, result) {
+    const params = {
+        id: frame.id,
+        nodeId: frame.nodeId,
+        ok: result.ok,
+    };
+    if (result.payload !== undefined) {
+        params.payload = result.payload;
+    }
+    if (typeof result.payloadJSON === "string") {
+        params.payloadJSON = result.payloadJSON;
+    }
+    if (result.error) {
+        params.error = result.error;
+    }
+    return params;
+}
+async function sendNodeEvent(client, event, payload) {
+    try {
+        await client.request("node.event", {
+            event,
+            payloadJSON: payload ? JSON.stringify(payload) : null,
+        });
+    }
+    catch {
+        // ignore: node events are best-effort
+    }
+}