@poolzin/pool-bot 2026.2.21 → 2026.2.22

package/dist/agents/pi-embedded-runner/run/images.js

@@ -1,11 +1,8 @@
-import fs from "node:fs/promises";
 import path from "node:path";
 import { fileURLToPath } from "node:url";
-import { assertSandboxPath } from "../../sandbox-paths.js";
-import { sanitizeImageBlocks } from "../../tool-images.js";
-import { extractTextFromMessage } from "../../../tui/tui-formatters.js";
-import { loadWebMedia } from "../../../web/media.js";
 import { resolveUserPath } from "../../../utils.js";
+import { loadWebMedia } from "../../../web/media.js";
+import { sanitizeImageBlocks } from "../../tool-images.js";
 import { log } from "../logger.js";
 /**
  * Common image file extensions for detection.
@@ -29,8 +26,8 @@ function isImageExtension(filePath) {
     const ext = path.extname(filePath).toLowerCase();
     return IMAGE_EXTENSIONS.has(ext);
 }
-async function sanitizeImagesWithLog(images, label) {
-    const { images: sanitized, dropped } = await sanitizeImageBlocks(images, label);
+async function sanitizeImagesWithLog(images, label, imageSanitization) {
+    const { images: sanitized, dropped } = await sanitizeImageBlocks(images, label, imageSanitization);
     if (dropped > 0) {
         log.warn(`Native image: dropped ${dropped} image(s) after sanitization (${label}).`);
     }
@@ -55,12 +52,15 @@ export function detectImageReferences(prompt) {
     // Helper to add a path ref
     const addPathRef = (raw) => {
         const trimmed = raw.trim();
-        if (!trimmed || seen.has(trimmed.toLowerCase()))
+        if (!trimmed || seen.has(trimmed.toLowerCase())) {
             return;
-        if (trimmed.startsWith("http://") || trimmed.startsWith("https://"))
+        }
+        if (trimmed.startsWith("http://") || trimmed.startsWith("https://")) {
             return;
-        if (!isImageExtension(trimmed))
+        }
+        if (!isImageExtension(trimmed)) {
             return;
+        }
         seen.add(trimmed.toLowerCase());
         const resolved = trimmed.startsWith("~") ? resolveUserPath(trimmed) : trimmed;
         refs.push({ raw: trimmed, type: "path", resolved });
@@ -89,16 +89,18 @@ export function detectImageReferences(prompt) {
     const messageImagePattern = /\[Image:\s*source:\s*([^\]]+\.(?:png|jpe?g|gif|webp|bmp|tiff?|heic|heif))\]/gi;
     while ((match = messageImagePattern.exec(prompt)) !== null) {
         const raw = match[1]?.trim();
-        if (raw)
+        if (raw) {
             addPathRef(raw);
+        }
     }
     // Remote HTTP(S) URLs are intentionally ignored. Native image injection is local-only.
     // Pattern for file:// URLs - treat as paths since loadWebMedia handles them
     const fileUrlPattern = /file:\/\/[^\s<>"'`\]]+\.(?:png|jpe?g|gif|webp|bmp|tiff?|heic|heif)/gi;
     while ((match = fileUrlPattern.exec(prompt)) !== null) {
         const raw = match[0];
-        if (seen.has(raw.toLowerCase()))
+        if (seen.has(raw.toLowerCase())) {
             continue;
+        }
         seen.add(raw.toLowerCase());
         // Use fileURLToPath for proper handling (e.g., file://localhost/path)
         try {
@@ -118,8 +120,9 @@ export function detectImageReferences(prompt) {
     const pathPattern = /(?:^|\s|["'`(])((\.\.?\/|[~/])[^\s"'`()[\]]*\.(?:png|jpe?g|gif|webp|bmp|tiff?|heic|heif))/gi;
     while ((match = pathPattern.exec(prompt)) !== null) {
         // Use capture group 1 (the path without delimiter prefix); skip if undefined
-        if (match[1])
+        if (match[1]) {
             addPathRef(match[1]);
+        }
     }
     return refs;
 }
@@ -139,43 +142,33 @@ export async function loadImageFromRef(ref, workspaceDir, options) {
             log.debug(`Native image: rejecting remote URL (local-only): ${ref.resolved}`);
             return null;
         }
-        // For file paths, resolve relative to the appropriate root:
-        // - When sandbox is enabled, resolve relative to sandboxRoot for security
-        // - Otherwise, resolve relative to workspaceDir
-        // Note: ref.resolved may already be absolute (e.g., after ~ expansion in detectImageReferences),
-        // in which case we skip relative resolution.
-        if (ref.type === "path" && !path.isAbsolute(targetPath)) {
-            const resolveRoot = options?.sandboxRoot ?? workspaceDir;
-            targetPath = path.resolve(resolveRoot, targetPath);
-        }
-        // Enforce sandbox restrictions if sandboxRoot is set
-        if (ref.type === "path" && options?.sandboxRoot) {
-            try {
-                const validated = await assertSandboxPath({
-                    filePath: targetPath,
-                    cwd: options.sandboxRoot,
-                    root: options.sandboxRoot,
-                });
-                targetPath = validated.resolved;
-            }
-            catch (err) {
-                // Log the actual error for debugging (sandbox violation or other path error)
-                log.debug(`Native image: sandbox validation failed for ${ref.resolved}: ${err instanceof Error ? err.message : String(err)}`);
-                return null;
-            }
-        }
-        // Check file exists for local paths
+        // Resolve paths relative to sandbox or workspace as needed
         if (ref.type === "path") {
-            try {
-                await fs.stat(targetPath);
+            if (options?.sandbox) {
+                try {
+                    const resolved = options.sandbox.bridge.resolvePath({
+                        filePath: targetPath,
+                        cwd: options.sandbox.root,
+                    });
+                    targetPath = resolved.hostPath;
+                }
+                catch (err) {
+                    log.debug(`Native image: sandbox validation failed for ${ref.resolved}: ${err instanceof Error ? err.message : String(err)}`);
+                    return null;
+                }
             }
-            catch {
-                log.debug(`Native image: file not found: ${targetPath}`);
-                return null;
+            else if (!path.isAbsolute(targetPath)) {
+                targetPath = path.resolve(workspaceDir, targetPath);
             }
         }
         // loadWebMedia handles local file paths (including file:// URLs)
-        const media = await loadWebMedia(targetPath, options?.maxBytes);
+        const media = options?.sandbox
+            ? await loadWebMedia(targetPath, {
+                maxBytes: options.maxBytes,
+                sandboxValidated: true,
+                readFile: (filePath) => options.sandbox.bridge.readFile({ filePath, cwd: options.sandbox.root }),
+            })
+            : await loadWebMedia(targetPath, options?.maxBytes);
         if (media.kind !== "image") {
             log.debug(`Native image: not an image file: ${targetPath} (got ${media.kind})`);
             return null;
@@ -201,6 +194,29 @@ export async function loadImageFromRef(ref, workspaceDir, options) {
 export function modelSupportsImages(model) {
     return model.input?.includes("image") ?? false;
 }
+function extractTextFromMessage(message) {
+    if (!message || typeof message !== "object") {
+        return "";
+    }
+    const content = message.content;
+    if (typeof content === "string") {
+        return content;
+    }
+    if (!Array.isArray(content)) {
+        return "";
+    }
+    const textParts = [];
+    for (const part of content) {
+        if (!part || typeof part !== "object") {
+            continue;
+        }
+        const record = part;
+        if (record.type === "text" && typeof record.text === "string") {
+            textParts.push(record.text);
+        }
+    }
+    return textParts.join("\n").trim();
+}
 /**
  * Extracts image references from conversation history messages.
  * Scans user messages for image paths/URLs that can be loaded.
@@ -216,32 +232,39 @@ function detectImagesFromHistory(messages) {
     const allRefs = [];
     const seen = new Set();
     const messageHasImageContent = (msg) => {
-        if (!msg || typeof msg !== "object")
+        if (!msg || typeof msg !== "object") {
             return false;
+        }
         const content = msg.content;
-        if (!Array.isArray(content))
+        if (!Array.isArray(content)) {
             return false;
+        }
         return content.some((part) => part != null && typeof part === "object" && part.type === "image");
     };
     for (let i = 0; i < messages.length; i++) {
         const msg = messages[i];
-        if (!msg || typeof msg !== "object")
+        if (!msg || typeof msg !== "object") {
             continue;
+        }
         const message = msg;
         // Only scan user messages for image references
-        if (message.role !== "user")
+        if (message.role !== "user") {
             continue;
+        }
         // Skip if message already has image content (prevents reloading each turn)
-        if (messageHasImageContent(msg))
+        if (messageHasImageContent(msg)) {
             continue;
+        }
         const text = extractTextFromMessage(msg);
-        if (!text)
+        if (!text) {
             continue;
+        }
         const refs = detectImageReferences(text);
         for (const ref of refs) {
             const key = ref.resolved.toLowerCase();
-            if (seen.has(key))
+            if (seen.has(key)) {
                 continue;
+            }
             seen.add(key);
             allRefs.push({ ...ref, messageIndex: i });
         }
@@ -302,7 +325,7 @@ export async function detectAndLoadPromptImages(params) {
     for (const ref of allRefs) {
         const image = await loadImageFromRef(ref, params.workspaceDir, {
             maxBytes: params.maxBytes,
-            sandboxRoot: params.sandboxRoot,
+            sandbox: params.sandbox,
         });
         if (image) {
             if (ref.messageIndex !== undefined) {
@@ -326,10 +349,13 @@ export async function detectAndLoadPromptImages(params) {
             skippedCount++;
         }
     }
-    const sanitizedPromptImages = await sanitizeImagesWithLog(promptImages, "prompt:images");
+    const imageSanitization = {
+        maxDimensionPx: params.maxDimensionPx,
+    };
+    const sanitizedPromptImages = await sanitizeImagesWithLog(promptImages, "prompt:images", imageSanitization);
     const sanitizedHistoryImagesByIndex = new Map();
     for (const [index, images] of historyImagesByIndex) {
-        const sanitized = await sanitizeImagesWithLog(images, `history:images:${index}`);
+        const sanitized = await sanitizeImagesWithLog(images, `history:images:${index}`, imageSanitization);
         if (sanitized.length > 0) {
             sanitizedHistoryImagesByIndex.set(index, sanitized);
         }

package/dist/agents/pi-embedded-runner/run/payloads.js

@@ -1,8 +1,35 @@
 import { parseReplyDirectives } from "../../../auto-reply/reply/reply-directives.js";
 import { isSilentReplyText, SILENT_REPLY_TOKEN } from "../../../auto-reply/tokens.js";
 import { formatToolAggregate } from "../../../auto-reply/tool-meta.js";
-import { formatAssistantErrorText, formatRawAssistantErrorForUi, getApiErrorPayloadFingerprint, isRawApiErrorPayload, normalizeTextForComparison, } from "../../pi-embedded-helpers.js";
+import { BILLING_ERROR_USER_MESSAGE, formatAssistantErrorText, formatRawAssistantErrorForUi, getApiErrorPayloadFingerprint, isRawApiErrorPayload, normalizeTextForComparison, } from "../../pi-embedded-helpers.js";
 import { extractAssistantText, extractAssistantThinking, formatReasoningMessage, } from "../../pi-embedded-utils.js";
+import { isLikelyMutatingToolName } from "../../tool-mutation.js";
+const RECOVERABLE_TOOL_ERROR_KEYWORDS = [
+    "required",
+    "missing",
+    "invalid",
+    "must be",
+    "must have",
+    "needs",
+    "requires",
+];
+function isRecoverableToolError(error) {
+    const errorLower = (error ?? "").toLowerCase();
+    return RECOVERABLE_TOOL_ERROR_KEYWORDS.some((keyword) => errorLower.includes(keyword));
+}
+function shouldShowToolErrorWarning(params) {
+    if (params.suppressToolErrorWarnings) {
+        return false;
+    }
+    const isMutatingToolError = params.lastToolError.mutatingAction ?? isLikelyMutatingToolName(params.lastToolError.toolName);
+    if (isMutatingToolError) {
+        return true;
+    }
+    if (params.suppressToolErrors) {
+        return false;
+    }
+    return !params.hasUserFacingReply && !isRecoverableToolError(params.lastToolError.error);
+}
 export function buildEmbeddedRunPayloads(params) {
     const replyItems = [];
     const useMarkdown = params.toolResultFormat === "markdown";
@@ -11,6 +38,7 @@ export function buildEmbeddedRunPayloads(params) {
         ? formatAssistantErrorText(params.lastAssistant, {
             cfg: params.config,
             sessionKey: params.sessionKey,
+            provider: params.provider,
         })
         : undefined;
     const rawErrorMessage = lastAssistantErrored
@@ -29,9 +57,11 @@ export function buildEmbeddedRunPayloads(params) {
         ? normalizeTextForComparison(rawErrorMessage)
         : null;
     const normalizedErrorText = errorText ? normalizeTextForComparison(errorText) : null;
+    const normalizedGenericBillingErrorText = normalizeTextForComparison(BILLING_ERROR_USER_MESSAGE);
     const genericErrorText = "The AI service returned an error. Please try again.";
-    if (errorText)
+    if (errorText) {
         replyItems.push({ text: errorText, isError: true });
+    }
     const inlineToolResults = params.inlineToolResultsAllowed && params.verboseLevel !== "off" && params.toolMetas.length > 0;
     if (inlineToolResults) {
         for (const { toolName, meta } of params.toolMetas) {
@@ -54,40 +84,55 @@ export function buildEmbeddedRunPayloads(params) {
     const reasoningText = params.lastAssistant && params.reasoningLevel === "on"
         ? formatReasoningMessage(extractAssistantThinking(params.lastAssistant))
         : "";
-    if (reasoningText)
+    if (reasoningText) {
         replyItems.push({ text: reasoningText });
+    }
     const fallbackAnswerText = params.lastAssistant ? extractAssistantText(params.lastAssistant) : "";
     const shouldSuppressRawErrorText = (text) => {
-        if (!lastAssistantErrored)
+        if (!lastAssistantErrored) {
             return false;
+        }
         const trimmed = text.trim();
-        if (!trimmed)
+        if (!trimmed) {
             return false;
+        }
         if (errorText) {
             const normalized = normalizeTextForComparison(trimmed);
-            if (normalized && normalizedErrorText && normalized === normalizedErrorText)
+            if (normalized && normalizedErrorText && normalized === normalizedErrorText) {
                 return true;
-            if (trimmed === genericErrorText)
+            }
+            if (trimmed === genericErrorText) {
+                return true;
+            }
+            if (normalized &&
+                normalizedGenericBillingErrorText &&
+                normalized === normalizedGenericBillingErrorText) {
                 return true;
+            }
         }
-        if (rawErrorMessage && trimmed === rawErrorMessage)
+        if (rawErrorMessage && trimmed === rawErrorMessage) {
             return true;
-        if (formattedRawErrorMessage && trimmed === formattedRawErrorMessage)
+        }
+        if (formattedRawErrorMessage && trimmed === formattedRawErrorMessage) {
             return true;
+        }
         if (normalizedRawErrorText) {
             const normalized = normalizeTextForComparison(trimmed);
-            if (normalized && normalized === normalizedRawErrorText)
+            if (normalized && normalized === normalizedRawErrorText) {
                 return true;
+            }
         }
         if (normalizedFormattedRawErrorMessage) {
             const normalized = normalizeTextForComparison(trimmed);
-            if (normalized && normalized === normalizedFormattedRawErrorMessage)
+            if (normalized && normalized === normalizedFormattedRawErrorMessage) {
                 return true;
+            }
         }
         if (rawErrorFingerprint) {
             const fingerprint = getApiErrorPayloadFingerprint(trimmed);
-            if (fingerprint && fingerprint === rawErrorFingerprint)
+            if (fingerprint && fingerprint === rawErrorFingerprint) {
                 return true;
+            }
         }
         return isRawApiErrorPayload(trimmed);
     };
@@ -96,6 +141,7 @@ export function buildEmbeddedRunPayloads(params) {
         : fallbackAnswerText
             ? [fallbackAnswerText]
             : []).filter((text) => !shouldSuppressRawErrorText(text));
+    let hasUserFacingAssistantReply = false;
     for (const text of answerTexts) {
         const { text: cleanedText, mediaUrls, audioAsVoice, replyToId, replyToTag, replyToCurrent, } = parseReplyDirectives(text);
         if (!cleanedText && (!mediaUrls || mediaUrls.length === 0) && !audioAsVoice) {
@@ -109,35 +155,37 @@ export function buildEmbeddedRunPayloads(params) {
             replyToTag,
             replyToCurrent,
         });
+        hasUserFacingAssistantReply = true;
     }
     if (params.lastToolError) {
-        const lastAssistantHasToolCalls = Array.isArray(params.lastAssistant?.content) &&
-            params.lastAssistant?.content.some((block) => block && typeof block === "object"
-                ? block.type === "toolCall"
-                : false);
-        const lastAssistantWasToolUse = params.lastAssistant?.stopReason === "toolUse";
-        const hasUserFacingReply = replyItems.length > 0 && !lastAssistantHasToolCalls && !lastAssistantWasToolUse;
-        // Check if this is a recoverable/internal tool error that shouldn't be shown to users
-        // when there's already a user-facing reply (the model should have retried).
-        const errorLower = (params.lastToolError.error ?? "").toLowerCase();
-        const isRecoverableError = errorLower.includes("required") ||
-            errorLower.includes("missing") ||
-            errorLower.includes("invalid") ||
-            errorLower.includes("must be") ||
-            errorLower.includes("must have") ||
-            errorLower.includes("needs") ||
-            errorLower.includes("requires");
-        // Show tool errors only when:
-        // 1. There's no user-facing reply AND the error is not recoverable
-        // Recoverable errors (validation, missing params) are already in the model's context
-        // and shouldn't be surfaced to users since the model should retry.
-        if (!hasUserFacingReply && !isRecoverableError) {
+        const shouldShowToolError = shouldShowToolErrorWarning({
+            lastToolError: params.lastToolError,
+            hasUserFacingReply: hasUserFacingAssistantReply,
+            suppressToolErrors: Boolean(params.config?.messages?.suppressToolErrors),
+            suppressToolErrorWarnings: params.suppressToolErrorWarnings,
+        });
+        // Always surface mutating tool failures so we do not silently confirm actions that did not happen.
+        // Otherwise, keep the previous behavior and only surface non-recoverable failures when no reply exists.
+        if (shouldShowToolError) {
             const toolSummary = formatToolAggregate(params.lastToolError.toolName, params.lastToolError.meta ? [params.lastToolError.meta] : undefined, { markdown: useMarkdown });
             const errorSuffix = params.lastToolError.error ? `: ${params.lastToolError.error}` : "";
-            replyItems.push({
-                text: `⚠️ ${toolSummary} failed${errorSuffix}`,
-                isError: true,
-            });
+            const warningText = `⚠️ ${toolSummary} failed${errorSuffix}`;
+            const normalizedWarning = normalizeTextForComparison(warningText);
+            const duplicateWarning = normalizedWarning
+                ? replyItems.some((item) => {
+                    if (!item.text) {
+                        return false;
+                    }
+                    const normalizedExisting = normalizeTextForComparison(item.text);
+                    return normalizedExisting.length > 0 && normalizedExisting === normalizedWarning;
+                })
+                : false;
+            if (!duplicateWarning) {
+                replyItems.push({
+                    text: warningText,
+                    isError: true,
+                });
+            }
         }
     }
     const hasAudioAsVoiceTag = replyItems.some((item) => item.audioAsVoice);
@@ -153,10 +201,12 @@ export function buildEmbeddedRunPayloads(params) {
         audioAsVoice: item.audioAsVoice || Boolean(hasAudioAsVoiceTag && item.media?.length),
     }))
         .filter((p) => {
-        if (!p.text && !p.mediaUrl && (!p.mediaUrls || p.mediaUrls.length === 0))
+        if (!p.text && !p.mediaUrl && (!p.mediaUrls || p.mediaUrls.length === 0)) {
             return false;
-        if (p.text && isSilentReplyText(p.text, SILENT_REPLY_TOKEN))
+        }
+        if (p.text && isSilentReplyText(p.text, SILENT_REPLY_TOKEN)) {
             return false;
+        }
         return true;
     });
 }