npm - @poolzin/pool-bot - Versions diffs - 2026.2.21 → 2026.2.22 - Mend

@poolzin/pool-bot 2026.2.21 → 2026.2.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (369) hide show

package/CHANGELOG.md +17 -0
package/dist/agents/api-key-rotation.js +47 -0
package/dist/agents/apply-patch-update.js +19 -9
package/dist/agents/apply-patch.js +72 -47
package/dist/agents/bash-tools.exec.js +141 -559
package/dist/agents/cli-backends.js +49 -6
package/dist/agents/cli-runner/helpers.js +69 -152
package/dist/agents/cli-runner.js +70 -19
package/dist/agents/identity.js +20 -1
package/dist/agents/image-sanitization.js +9 -0
package/dist/agents/live-auth-keys.js +123 -26
package/dist/agents/live-model-filter.js +13 -4
package/dist/agents/model-catalog.js +40 -9
package/dist/agents/model-forward-compat.js +60 -23
package/dist/agents/model-selection.js +134 -41
package/dist/agents/pi-auth-json.js +2 -2
package/dist/agents/pi-embedded-helpers/bootstrap.js +65 -15
package/dist/agents/pi-embedded-helpers/errors.js +140 -15
package/dist/agents/pi-embedded-helpers/images.js +22 -12
package/dist/agents/pi-embedded-helpers.js +2 -2
package/dist/agents/pi-embedded-runner/abort.js +10 -3
package/dist/agents/pi-embedded-runner/compact.js +230 -32
package/dist/agents/pi-embedded-runner/extra-params.js +203 -12
package/dist/agents/pi-embedded-runner/google.js +109 -19
package/dist/agents/pi-embedded-runner/history.js +35 -17
package/dist/agents/pi-embedded-runner/run/attempt.js +386 -95
package/dist/agents/pi-embedded-runner/run/images.js +81 -55
package/dist/agents/pi-embedded-runner/run/payloads.js +89 -39
package/dist/agents/pi-embedded-runner/run.js +193 -25
package/dist/agents/pi-embedded-runner/run.overflow-compaction.mocks.shared.js +2 -2
package/dist/agents/pi-embedded-runner/runs.js +17 -8
package/dist/agents/pi-embedded-runner/tool-result-context-guard.js +262 -0
package/dist/agents/pi-embedded-runner.js +1 -1
package/dist/agents/pi-embedded-subscribe.handlers.tools.js +180 -10
package/dist/agents/pi-embedded-subscribe.js +37 -0
package/dist/agents/pi-embedded-subscribe.tools.js +127 -30
package/dist/agents/pi-model-discovery.js +9 -2
package/dist/agents/pi-tool-definition-adapter.js +60 -8
package/dist/agents/pi-tools.before-tool-call.js +1 -1
package/dist/agents/pi-tools.js +113 -94
package/dist/agents/pi-tools.read.js +337 -38
package/dist/agents/poolbot-tools.js +14 -5
package/dist/agents/sandbox/docker.js +10 -5
package/dist/agents/sandbox/registry.js +96 -46
package/dist/agents/sandbox/sanitize-env-vars.js +82 -0
package/dist/agents/sandbox-paths.js +43 -10
package/dist/agents/session-tool-result-guard-wrapper.js +23 -11
package/dist/agents/session-tool-result-guard.js +39 -39
package/dist/agents/session-transcript-repair.js +36 -33
package/dist/agents/session-write-lock.js +62 -44
package/dist/agents/skills/frontmatter.js +49 -88
package/dist/agents/skills/workspace.js +335 -28
package/dist/agents/subagent-announce.js +508 -174
package/dist/agents/subagent-registry.js +45 -4
package/dist/agents/subagent-spawn.js +16 -33
package/dist/agents/system-prompt-report.js +27 -10
package/dist/agents/system-prompt.js +26 -32
package/dist/agents/tool-call-id.js +69 -17
package/dist/agents/tool-display-common.js +1 -1
package/dist/agents/tool-images.js +64 -31
package/dist/agents/tools/canvas-tool.js +17 -11
package/dist/agents/tools/common.js +37 -19
package/dist/agents/tools/cron-tool.js +40 -38
package/dist/agents/tools/gateway.js +70 -2
package/dist/agents/tools/message-tool.js +181 -40
package/dist/agents/tools/nodes-tool.js +128 -36
package/dist/agents/tools/nodes-utils.js +12 -38
package/dist/agents/tools/session-status-tool.js +24 -71
package/dist/agents/tools/sessions-helpers.js +38 -210
package/dist/agents/tools/sessions-spawn-tool.js +28 -198
package/dist/agents/tools/telegram-actions.js +58 -7
package/dist/agents/tools/web-fetch-utils.js +112 -7
package/dist/agents/tools/web-fetch.js +279 -175
package/dist/agents/tools/web-shared.js +71 -8
package/dist/agents/usage.js +25 -16
package/dist/auto-reply/commands-registry.data.js +85 -11
package/dist/auto-reply/dispatch.js +40 -21
package/dist/auto-reply/reply/abort.js +102 -33
package/dist/auto-reply/reply/commands-core.js +82 -33
package/dist/auto-reply/reply/commands-export-session.js +1 -1
package/dist/auto-reply/reply/commands-info.js +41 -12
package/dist/auto-reply/reply/commands-subagents.js +352 -100
package/dist/auto-reply/reply/commands-system-prompt.js +2 -2
package/dist/auto-reply/reply/dispatch-from-config.js +100 -29
package/dist/auto-reply/reply/elevated-unavailable.js +1 -1
package/dist/auto-reply/reply/inbound-meta.js +12 -1
package/dist/auto-reply/reply/mentions.js +18 -11
package/dist/auto-reply/reply/normalize-reply.js +17 -8
package/dist/auto-reply/reply/reply-dispatcher.js +62 -10
package/dist/auto-reply/reply/session.js +102 -21
package/dist/auto-reply/reply/streaming-directives.js +16 -5
package/dist/auto-reply/status.js +73 -50
package/dist/browser/extension-relay.js +3 -3
package/dist/browser/http-auth.js +1 -1
package/dist/browser/paths.js +2 -2
package/dist/build-info.json +3 -3
package/dist/channels/allowlist-match.js +20 -0
package/dist/channels/allowlists/resolve-utils.js +65 -2
package/dist/channels/chat-type.js +8 -4
package/dist/channels/dock.js +127 -35
package/dist/channels/draft-stream-loop.js +6 -2
package/dist/channels/plugins/actions/telegram.js +42 -18
package/dist/channels/plugins/allowlist-match.js +1 -1
package/dist/channels/plugins/group-mentions.js +51 -41
package/dist/channels/plugins/message-action-names.js +2 -0
package/dist/channels/plugins/message-actions.js +24 -5
package/dist/channels/plugins/normalize/discord.js +26 -4
package/dist/channels/plugins/normalize/signal.js +35 -22
package/dist/channels/plugins/onboarding/helpers.js +8 -26
package/dist/channels/plugins/outbound/imessage.js +15 -14
package/dist/channels/registry.js +20 -7
package/dist/cli/acp-cli.js +7 -5
package/dist/cli/browser-cli-extension.js +25 -12
package/dist/cli/browser-cli-state.cookies-storage.js +25 -6
package/dist/cli/browser-cli-state.js +101 -145
package/dist/cli/command-options.js +28 -0
package/dist/cli/completion-cli.js +6 -6
package/dist/cli/cron-cli/register.cron-add.js +25 -1
package/dist/cli/cron-cli/register.cron-edit.js +44 -0
package/dist/cli/cron-cli/shared.js +7 -1
package/dist/cli/daemon-cli/lifecycle-core.js +23 -21
package/dist/cli/daemon-cli/lifecycle.js +23 -247
package/dist/cli/daemon-cli/register-service-commands.js +25 -4
package/dist/cli/daemon-cli.js +1 -0
package/dist/cli/devices-cli.js +33 -20
package/dist/cli/gateway-cli/register.js +37 -105
package/dist/cli/gateway-cli/run.js +49 -11
package/dist/cli/nodes-camera.js +59 -4
package/dist/cli/nodes-cli/register.camera.js +27 -24
package/dist/cli/nodes-cli/rpc.js +21 -38
package/dist/cli/qr-cli.js +2 -2
package/dist/cli/skills-cli.format.js +2 -2
package/dist/cli/update-cli/progress.js +2 -2
package/dist/cli/update-cli/restart-helper.js +28 -7
package/dist/cli/update-cli/shared.js +7 -7
package/dist/cli/update-cli/status.js +1 -1
package/dist/cli/update-cli/update-command.js +14 -8
package/dist/cli/update-cli/wizard.js +2 -2
package/dist/cli/update-cli.js +21 -1027
package/dist/commands/auth-choice.apply.anthropic.js +10 -2
package/dist/commands/channels/add-mutators.js +3 -35
package/dist/commands/channels/add.js +39 -51
package/dist/commands/config-validation.js +1 -1
package/dist/commands/configure.gateway-auth.js +52 -15
package/dist/commands/configure.gateway.js +84 -40
package/dist/commands/doctor-completion.js +3 -3
package/dist/commands/doctor-config-flow.js +536 -16
package/dist/commands/doctor-gateway-services.js +103 -79
package/dist/commands/doctor-memory-search.js +9 -9
package/dist/commands/doctor-platform-notes.js +57 -30
package/dist/commands/doctor-prompter.js +26 -15
package/dist/commands/doctor-session-locks.js +1 -1
package/dist/commands/doctor.js +21 -9
package/dist/commands/model-picker.js +120 -95
package/dist/commands/models/set.js +2 -21
package/dist/commands/models/shared.js +65 -37
package/dist/commands/onboard-helpers.js +81 -39
package/dist/commands/openai-codex-oauth.js +1 -1
package/dist/commands/sessions.js +52 -53
package/dist/commands/status.summary.js +52 -34
package/dist/commands/test-wizard-helpers.js +2 -2
package/dist/config/defaults.js +79 -42
package/dist/config/group-policy.js +50 -18
package/dist/config/includes.js +37 -10
package/dist/config/schema.help.js +5 -4
package/dist/config/schema.hints.js +2 -2
package/dist/config/schema.labels.js +1 -0
package/dist/config/sessions/group.js +12 -11
package/dist/config/sessions/paths.js +137 -11
package/dist/config/sessions/store.js +185 -65
package/dist/config/sessions/types.js +15 -1
package/dist/config/sessions.js +1 -0
package/dist/config/telegram-custom-commands.js +3 -2
package/dist/config/types.js +2 -0
package/dist/config/zod-schema.agent-defaults.js +6 -27
package/dist/config/zod-schema.agent-runtime.js +171 -79
package/dist/config/zod-schema.providers-core.js +138 -65
package/dist/config/zod-schema.session.js +49 -22
package/dist/control-ui/assets/index-HRr1grwl.js.map +1 -1
package/dist/cron/isolated-agent/run.js +224 -57
package/dist/cron/normalize.js +48 -45
package/dist/cron/run-log.js +14 -0
package/dist/cron/service/jobs.js +190 -28
package/dist/cron/service/normalize.js +29 -11
package/dist/cron/service/store.js +30 -44
package/dist/cron/service/timer.js +182 -96
package/dist/cron/service.js +3 -0
package/dist/cron/stagger.js +37 -0
package/dist/daemon/inspect.js +132 -92
package/dist/daemon/runtime-paths.js +25 -4
package/dist/daemon/service-audit.js +47 -16
package/dist/discord/accounts.js +23 -20
package/dist/discord/monitor/agent-components.js +1115 -219
package/dist/discord/monitor/allow-list.js +114 -34
package/dist/discord/monitor/listeners.js +204 -97
package/dist/discord/monitor/message-handler.js +21 -10
package/dist/discord/monitor/message-handler.preflight.js +195 -101
package/dist/discord/monitor/message-handler.process.js +384 -123
package/dist/discord/monitor/message-utils.js +86 -23
package/dist/discord/monitor/native-command.js +77 -57
package/dist/discord/monitor/provider.js +122 -117
package/dist/discord/monitor/reply-context.js +20 -16
package/dist/discord/monitor/reply-delivery.js +40 -8
package/dist/discord/monitor/rest-fetch.js +22 -0
package/dist/discord/monitor/threading.js +117 -24
package/dist/discord/send.js +2 -1
package/dist/discord/send.outbound.js +124 -11
package/dist/discord/send.shared.js +112 -72
package/dist/discord/voice-message.js +3 -3
package/dist/gateway/auth.js +119 -44
package/dist/gateway/call.js +76 -34
package/dist/gateway/channel-health-monitor.js +57 -50
package/dist/gateway/client.js +63 -29
package/dist/gateway/control-ui-contract.js +1 -1
package/dist/gateway/gateway-config-prompts.shared.js +2 -2
package/dist/gateway/net.js +109 -1
package/dist/gateway/protocol/index.js +5 -8
package/dist/gateway/protocol/schema/agent.js +19 -1
package/dist/gateway/protocol/schema/channels.js +21 -0
package/dist/gateway/protocol/schema/cron.js +43 -30
package/dist/gateway/protocol/schema/protocol-schemas.js +6 -11
package/dist/gateway/protocol/schema/sessions.js +5 -1
package/dist/gateway/protocol/schema.js +0 -1
package/dist/gateway/server/presence-events.js +12 -0
package/dist/gateway/server/ws-connection/message-handler.js +203 -212
package/dist/gateway/server/ws-connection.js +58 -21
package/dist/gateway/server-broadcast.js +18 -13
package/dist/gateway/server-cron.js +177 -10
package/dist/gateway/server-methods/agent-job.js +131 -38
package/dist/gateway/server-methods/send.js +60 -14
package/dist/gateway/server-methods/sessions.js +160 -96
package/dist/gateway/server-methods/system.js +5 -7
package/dist/gateway/server-methods-list.js +8 -0
package/dist/gateway/server-methods.js +24 -8
package/dist/gateway/server-node-events.js +278 -68
package/dist/gateway/session-utils.fs.js +316 -75
package/dist/gateway/session-utils.js +224 -70
package/dist/gateway/sessions-patch.js +63 -20
package/dist/gateway/test-temp-config.js +1 -1
package/dist/gateway/tools-invoke-http.js +118 -70
package/dist/gateway/ws-log.js +135 -107
package/dist/hooks/frontmatter.js +36 -82
package/dist/hooks/install.js +149 -139
package/dist/hooks/internal-hooks.js +29 -4
package/dist/hooks/plugin-hooks.js +2 -1
package/dist/imessage/monitor/deliver.js +10 -4
package/dist/imessage/monitor/monitor-provider.js +138 -375
package/dist/imessage/monitor/runtime.js +4 -8
package/dist/imessage/send.js +65 -19
package/dist/infra/exec-approvals-allowlist.js +7 -0
package/dist/infra/exec-approvals.js +35 -920
package/dist/infra/exec-safe-bin-trust.js +64 -0
package/dist/infra/heartbeat-runner.js +207 -134
package/dist/infra/heartbeat-wake.js +183 -22
package/dist/infra/install-source-utils.js +47 -0
package/dist/infra/net/ssrf.js +170 -36
package/dist/infra/outbound/deliver.js +224 -58
package/dist/infra/outbound/message-action-spec.js +12 -5
package/dist/infra/outbound/outbound-session.js +27 -25
package/dist/infra/poolbot-root.js +32 -22
package/dist/infra/ports.js +14 -11
package/dist/infra/skills-remote.js +48 -37
package/dist/infra/system-events.js +25 -11
package/dist/infra/system-presence.js +26 -33
package/dist/infra/tmp-poolbot-dir.js +81 -2
package/dist/infra/wsl.js +37 -1
package/dist/line/bot-message-context.js +163 -191
package/dist/logging/subsystem.js +59 -22
package/dist/markdown/ir.js +124 -50
package/dist/media/store.js +1 -1
package/dist/media-understanding/runner.entries.js +42 -25
package/dist/media-understanding/runner.js +53 -488
package/dist/memory/embeddings-gemini.js +53 -38
package/dist/memory/manager-embedding-ops.js +48 -69
package/dist/pairing/pairing-store.js +178 -119
package/dist/plugin-sdk/index.js +34 -6
package/dist/plugins/hooks.js +135 -14
package/dist/plugins/install.js +190 -152
package/dist/polls.js +11 -0
package/dist/routing/resolve-route.js +190 -56
package/dist/routing/session-key.js +38 -22
package/dist/runtime.js +35 -9
package/dist/security/audit-channel.js +1 -1
package/dist/sessions/session-key-utils.js +29 -11
package/dist/shared/frontmatter.js +5 -5
package/dist/shared/node-list-types.js +1 -0
package/dist/shared/string-normalization.js +15 -0
package/dist/signal/monitor/event-handler.js +68 -36
package/dist/signal/send.js +29 -37
package/dist/slack/monitor/allow-list.js +10 -11
package/dist/slack/monitor/commands.js +14 -3
package/dist/slack/monitor/events/interactions.js +4 -4
package/dist/slack/monitor/media.js +224 -16
package/dist/slack/monitor/message-handler/dispatch.js +247 -13
package/dist/slack/monitor/message-handler/prepare.js +128 -45
package/dist/slack/monitor/slash.js +357 -144
package/dist/slack/streaming.js +77 -0
package/dist/telegram/accounts.js +40 -13
package/dist/telegram/allowed-updates.js +3 -0
package/dist/telegram/bot/delivery.js +129 -66
package/dist/telegram/bot/helpers.js +136 -122
package/dist/telegram/bot-handlers.js +600 -339
package/dist/telegram/bot-message-context.js +115 -73
package/dist/telegram/bot-message-dispatch.js +235 -104
package/dist/telegram/bot-native-command-menu.js +3 -1
package/dist/telegram/bot-native-commands.js +213 -193
package/dist/telegram/bot.js +24 -132
package/dist/telegram/draft-stream.js +84 -75
package/dist/telegram/format.js +150 -6
package/dist/telegram/send.js +415 -255
package/dist/telegram/targets.js +21 -2
package/dist/telegram/update-offset-store.js +19 -3
package/dist/terminal/restore.js +5 -2
package/dist/test-utils/fetch-mock.js +5 -0
package/dist/version.js +18 -5
package/dist/web/auto-reply/monitor/broadcast.js +7 -3
package/dist/web/auto-reply/monitor/on-message.js +6 -3
package/dist/web/inbound/media.js +34 -8
package/dist/web/inbound/monitor.js +34 -17
package/dist/web/inbound/send-api.js +18 -17
package/dist/web/outbound.js +12 -5
package/dist/wizard/clack-prompter.js +40 -7
package/extensions/bluebubbles/package.json +1 -1
package/extensions/copilot-proxy/package.json +1 -1
package/extensions/diagnostics-otel/package.json +1 -1
package/extensions/discord/package.json +1 -1
package/extensions/feishu/package.json +1 -1
package/extensions/google-antigravity-auth/package.json +1 -1
package/extensions/google-gemini-cli-auth/package.json +1 -1
package/extensions/googlechat/package.json +1 -1
package/extensions/imessage/package.json +1 -1
package/extensions/irc/package.json +1 -1
package/extensions/line/package.json +1 -1
package/extensions/llm-task/package.json +1 -1
package/extensions/lobster/package.json +1 -1
package/extensions/matrix/CHANGELOG.md +5 -0
package/extensions/matrix/package.json +1 -1
package/extensions/mattermost/package.json +1 -1
package/extensions/memory-core/package.json +1 -1
package/extensions/memory-lancedb/package.json +1 -1
package/extensions/minimax-portal-auth/package.json +1 -1
package/extensions/msteams/CHANGELOG.md +5 -0
package/extensions/msteams/package.json +1 -1
package/extensions/nextcloud-talk/package.json +1 -1
package/extensions/nostr/CHANGELOG.md +5 -0
package/extensions/nostr/package.json +1 -1
package/extensions/open-prose/package.json +1 -1
package/extensions/openai-codex-auth/package.json +1 -1
package/extensions/signal/package.json +1 -1
package/extensions/slack/package.json +1 -1
package/extensions/telegram/package.json +1 -1
package/extensions/tlon/package.json +1 -1
package/extensions/twitch/CHANGELOG.md +5 -0
package/extensions/twitch/package.json +1 -1
package/extensions/voice-call/CHANGELOG.md +5 -0
package/extensions/voice-call/package.json +1 -1
package/extensions/whatsapp/package.json +1 -1
package/extensions/zalo/CHANGELOG.md +5 -0
package/extensions/zalo/package.json +1 -1
package/extensions/zalouser/CHANGELOG.md +5 -0
package/extensions/zalouser/package.json +1 -1
package/package.json +1 -1
package/skills/apple-reminders/SKILL.md +100 -49
package/skills/coding-agent/SKILL.md +34 -28
package/skills/github/SKILL.md +131 -16
package/skills/imsg/SKILL.md +112 -15
package/skills/openhue/SKILL.md +101 -19
package/skills/tmux/SKILL.md +111 -79
package/skills/weather/SKILL.md +88 -25

package/dist/config/zod-schema.agent-runtime.js CHANGED Viewed

@@ -1,6 +1,8 @@
 import { z } from "zod";
 import { parseDurationMs } from "../cli/parse-duration.js";
+import { AgentModelSchema } from "./zod-schema.agent-model.js";
 import { GroupChatSchema, HumanDelaySchema, IdentitySchema, ToolsLinksSchema, ToolsMediaSchema, } from "./zod-schema.core.js";
+import { sensitive } from "./zod-schema.sensitive.js";
 export const HeartbeatSchema = z
     .object({
     every: z.string().optional(),
@@ -20,11 +22,13 @@ export const HeartbeatSchema = z
     accountId: z.string().optional(),
     prompt: z.string().optional(),
     ackMaxChars: z.number().int().nonnegative().optional(),
+    suppressToolErrorWarnings: z.boolean().optional(),
 })
     .strict()
     .superRefine((val, ctx) => {
-    if (!val.every)
+    if (!val.every) {
         return;
+    }
     try {
         parseDurationMs(val.every, { defaultUnit: "m" });
     }
@@ -36,12 +40,14 @@ export const HeartbeatSchema = z
         });
     }
     const active = val.activeHours;
-    if (!active)
+    if (!active) {
         return;
+    }
     const timePattern = /^([01]\d|2[0-3]|24):([0-5]\d)$/;
     const validateTime = (raw, opts, path) => {
-        if (!raw)
+        if (!raw) {
             return;
+        }
         if (!timePattern.test(raw)) {
             ctx.addIssue({
                 code: z.ZodIssueCode.custom,
@@ -108,6 +114,54 @@ export const SandboxDockerSchema = z
     binds: z.array(z.string()).optional(),
 })
     .strict()
+    .superRefine((data, ctx) => {
+    if (data.binds) {
+        for (let i = 0; i < data.binds.length; i += 1) {
+            const bind = data.binds[i]?.trim() ?? "";
+            if (!bind) {
+                ctx.addIssue({
+                    code: z.ZodIssueCode.custom,
+                    path: ["binds", i],
+                    message: "Sandbox security: bind mount entry must be a non-empty string.",
+                });
+                continue;
+            }
+            const firstColon = bind.indexOf(":");
+            const source = (firstColon <= 0 ? bind : bind.slice(0, firstColon)).trim();
+            if (!source.startsWith("/")) {
+                ctx.addIssue({
+                    code: z.ZodIssueCode.custom,
+                    path: ["binds", i],
+                    message: `Sandbox security: bind mount "${bind}" uses a non-absolute source path "${source}". ` +
+                        "Only absolute POSIX paths are supported for sandbox binds.",
+                });
+            }
+        }
+    }
+    if (data.network?.trim().toLowerCase() === "host") {
+        ctx.addIssue({
+            code: z.ZodIssueCode.custom,
+            path: ["network"],
+            message: 'Sandbox security: network mode "host" is blocked. Use "bridge" or "none" instead.',
+        });
+    }
+    if (data.seccompProfile?.trim().toLowerCase() === "unconfined") {
+        ctx.addIssue({
+            code: z.ZodIssueCode.custom,
+            path: ["seccompProfile"],
+            message: 'Sandbox security: seccomp profile "unconfined" is blocked. ' +
+                "Use a custom seccomp profile file or omit this setting.",
+        });
+    }
+    if (data.apparmorProfile?.trim().toLowerCase() === "unconfined") {
+        ctx.addIssue({
+            code: z.ZodIssueCode.custom,
+            path: ["apparmorProfile"],
+            message: 'Sandbox security: apparmor profile "unconfined" is blocked. ' +
+                "Use a named AppArmor profile or omit this setting.",
+        });
+    }
+})
     .optional();
 export const SandboxBrowserSchema = z
     .object({
@@ -122,6 +176,7 @@ export const SandboxBrowserSchema = z
     allowHostControl: z.boolean().optional(),
     autoStart: z.boolean().optional(),
     autoStartTimeoutMs: z.number().int().positive().optional(),
+    binds: z.array(z.string()).optional(),
 })
     .strict()
     .optional();
@@ -150,19 +205,27 @@ export const ToolPolicySchema = ToolPolicyBaseSchema.superRefine((value, ctx) =>
 export const ToolsWebSearchSchema = z
     .object({
     enabled: z.boolean().optional(),
-    provider: z.union([z.literal("brave"), z.literal("perplexity")]).optional(),
-    apiKey: z.string().optional(),
+    provider: z.union([z.literal("brave"), z.literal("perplexity"), z.literal("grok")]).optional(),
+    apiKey: z.string().optional().register(sensitive),
     maxResults: z.number().int().positive().optional(),
     timeoutSeconds: z.number().int().positive().optional(),
     cacheTtlMinutes: z.number().nonnegative().optional(),
     perplexity: z
         .object({
-        apiKey: z.string().optional(),
+        apiKey: z.string().optional().register(sensitive),
         baseUrl: z.string().optional(),
         model: z.string().optional(),
     })
         .strict()
         .optional(),
+    grok: z
+        .object({
+        apiKey: z.string().optional().register(sensitive),
+        model: z.string().optional(),
+        inlineCitations: z.boolean().optional(),
+    })
+        .strict()
+        .optional(),
 })
     .strict()
     .optional();
@@ -170,6 +233,7 @@ export const ToolsWebFetchSchema = z
     .object({
     enabled: z.boolean().optional(),
     maxChars: z.number().int().positive().optional(),
+    maxCharsCap: z.number().int().positive().optional(),
     timeoutSeconds: z.number().int().positive().optional(),
     cacheTtlMinutes: z.number().nonnegative().optional(),
     maxRedirects: z.number().int().nonnegative().optional(),
@@ -187,6 +251,14 @@ export const ToolsWebSchema = z
 export const ToolProfileSchema = z
     .union([z.literal("minimal"), z.literal("coding"), z.literal("messaging"), z.literal("full")])
     .optional();
+function addAllowAlsoAllowConflictIssue(value, ctx, message) {
+    if (value.allow && value.allow.length > 0 && value.alsoAllow && value.alsoAllow.length > 0) {
+        ctx.addIssue({
+            code: z.ZodIssueCode.custom,
+            message,
+        });
+    }
+}
 export const ToolPolicyWithProfileSchema = z
     .object({
     allow: z.array(z.string()).optional(),
@@ -196,17 +268,87 @@ export const ToolPolicyWithProfileSchema = z
 })
     .strict()
     .superRefine((value, ctx) => {
-    if (value.allow && value.allow.length > 0 && value.alsoAllow && value.alsoAllow.length > 0) {
-        ctx.addIssue({
-            code: z.ZodIssueCode.custom,
-            message: "tools.byProvider policy cannot set both allow and alsoAllow in the same scope (merge alsoAllow into allow, or remove allow and use profile + alsoAllow)",
-        });
-    }
+    addAllowAlsoAllowConflictIssue(value, ctx, "tools.byProvider policy cannot set both allow and alsoAllow in the same scope (merge alsoAllow into allow, or remove allow and use profile + alsoAllow)");
 });
 // Provider docking: allowlists keyed by provider id (no schema updates when adding providers).
 export const ElevatedAllowFromSchema = z
     .record(z.string(), z.array(z.union([z.string(), z.number()])))
     .optional();
+const ToolExecApplyPatchSchema = z
+    .object({
+    enabled: z.boolean().optional(),
+    workspaceOnly: z.boolean().optional(),
+    allowModels: z.array(z.string()).optional(),
+})
+    .strict()
+    .optional();
+const ToolExecBaseShape = {
+    host: z.enum(["sandbox", "gateway", "node"]).optional(),
+    security: z.enum(["deny", "allowlist", "full"]).optional(),
+    ask: z.enum(["off", "on-miss", "always"]).optional(),
+    node: z.string().optional(),
+    pathPrepend: z.array(z.string()).optional(),
+    safeBins: z.array(z.string()).optional(),
+    backgroundMs: z.number().int().positive().optional(),
+    timeoutSec: z.number().int().positive().optional(),
+    cleanupMs: z.number().int().positive().optional(),
+    notifyOnExit: z.boolean().optional(),
+    notifyOnExitEmptySuccess: z.boolean().optional(),
+    applyPatch: ToolExecApplyPatchSchema,
+};
+const AgentToolExecSchema = z
+    .object({
+    ...ToolExecBaseShape,
+    approvalRunningNoticeMs: z.number().int().nonnegative().optional(),
+})
+    .strict()
+    .optional();
+const ToolExecSchema = z.object(ToolExecBaseShape).strict().optional();
+const ToolFsSchema = z
+    .object({
+    workspaceOnly: z.boolean().optional(),
+})
+    .strict()
+    .optional();
+const ToolLoopDetectionDetectorSchema = z
+    .object({
+    genericRepeat: z.boolean().optional(),
+    knownPollNoProgress: z.boolean().optional(),
+    pingPong: z.boolean().optional(),
+})
+    .strict()
+    .optional();
+const ToolLoopDetectionSchema = z
+    .object({
+    enabled: z.boolean().optional(),
+    historySize: z.number().int().positive().optional(),
+    warningThreshold: z.number().int().positive().optional(),
+    criticalThreshold: z.number().int().positive().optional(),
+    globalCircuitBreakerThreshold: z.number().int().positive().optional(),
+    detectors: ToolLoopDetectionDetectorSchema,
+})
+    .strict()
+    .superRefine((value, ctx) => {
+    if (value.warningThreshold !== undefined &&
+        value.criticalThreshold !== undefined &&
+        value.warningThreshold >= value.criticalThreshold) {
+        ctx.addIssue({
+            code: z.ZodIssueCode.custom,
+            path: ["criticalThreshold"],
+            message: "tools.loopDetection.warningThreshold must be lower than criticalThreshold.",
+        });
+    }
+    if (value.criticalThreshold !== undefined &&
+        value.globalCircuitBreakerThreshold !== undefined &&
+        value.criticalThreshold >= value.globalCircuitBreakerThreshold) {
+        ctx.addIssue({
+            code: z.ZodIssueCode.custom,
+            path: ["globalCircuitBreakerThreshold"],
+            message: "tools.loopDetection.criticalThreshold must be lower than globalCircuitBreakerThreshold.",
+        });
+    }
+})
+    .optional();
 export const AgentSandboxSchema = z
     .object({
     mode: z.union([z.literal("off"), z.literal("non-main"), z.literal("all")]).optional(),
@@ -235,29 +377,9 @@ export const AgentToolsSchema = z
     })
         .strict()
         .optional(),
-    exec: z
-        .object({
-        host: z.enum(["sandbox", "gateway", "node"]).optional(),
-        security: z.enum(["deny", "allowlist", "full"]).optional(),
-        ask: z.enum(["off", "on-miss", "always"]).optional(),
-        node: z.string().optional(),
-        pathPrepend: z.array(z.string()).optional(),
-        safeBins: z.array(z.string()).optional(),
-        backgroundMs: z.number().int().positive().optional(),
-        timeoutSec: z.number().int().positive().optional(),
-        approvalRunningNoticeMs: z.number().int().nonnegative().optional(),
-        cleanupMs: z.number().int().positive().optional(),
-        notifyOnExit: z.boolean().optional(),
-        applyPatch: z
-            .object({
-            enabled: z.boolean().optional(),
-            allowModels: z.array(z.string()).optional(),
-        })
-            .strict()
-            .optional(),
-    })
-        .strict()
-        .optional(),
+    exec: AgentToolExecSchema,
+    fs: ToolFsSchema,
+    loopDetection: ToolLoopDetectionSchema,
     sandbox: z
         .object({
         tools: ToolPolicySchema,
@@ -267,12 +389,7 @@ export const AgentToolsSchema = z
 })
     .strict()
     .superRefine((value, ctx) => {
-    if (value.allow && value.allow.length > 0 && value.alsoAllow && value.alsoAllow.length > 0) {
-        ctx.addIssue({
-            code: z.ZodIssueCode.custom,
-            message: "agent tools cannot set both allow and alsoAllow in the same scope (merge alsoAllow into allow, or remove allow and use profile + alsoAllow)",
-        });
-    }
+    addAllowAlsoAllowConflictIssue(value, ctx, "agent tools cannot set both allow and alsoAllow in the same scope (merge alsoAllow into allow, or remove allow and use profile + alsoAllow)");
 })
     .optional();
 export const MemorySearchSchema = z
@@ -292,7 +409,7 @@ export const MemorySearchSchema = z
     remote: z
         .object({
         baseUrl: z.string().optional(),
-        apiKey: z.string().optional(),
+        apiKey: z.string().optional().register(sensitive),
         headers: z.record(z.string(), z.string()).optional(),
         batch: z
             .object({
@@ -402,15 +519,7 @@ export const MemorySearchSchema = z
 })
     .strict()
     .optional();
-export const AgentModelSchema = z.union([
-    z.string(),
-    z
-        .object({
-        primary: z.string().optional(),
-        fallbacks: z.array(z.string()).optional(),
-    })
-        .strict(),
-]);
+export { AgentModelSchema };
 export const AgentEntrySchema = z
     .object({
     id: z.string(),
@@ -419,6 +528,7 @@ export const AgentEntrySchema = z
     workspace: z.string().optional(),
     agentDir: z.string().optional(),
     model: AgentModelSchema.optional(),
+    skills: z.array(z.string()).optional(),
     memorySearch: MemorySearchSchema,
     humanDelay: HumanDelaySchema.optional(),
     heartbeat: HeartbeatSchema,
@@ -456,6 +566,13 @@ export const ToolsSchema = z
     web: ToolsWebSchema,
     media: ToolsMediaSchema,
     links: ToolsLinksSchema,
+    sessions: z
+        .object({
+        visibility: z.enum(["self", "tree", "agent", "all"]).optional(),
+    })
+        .strict()
+        .optional(),
+    loopDetection: ToolLoopDetectionSchema,
     message: z
         .object({
         allowCrossContextSend: z.boolean().optional(),
@@ -497,28 +614,8 @@ export const ToolsSchema = z
     })
         .strict()
         .optional(),
-    exec: z
-        .object({
-        host: z.enum(["sandbox", "gateway", "node"]).optional(),
-        security: z.enum(["deny", "allowlist", "full"]).optional(),
-        ask: z.enum(["off", "on-miss", "always"]).optional(),
-        node: z.string().optional(),
-        pathPrepend: z.array(z.string()).optional(),
-        safeBins: z.array(z.string()).optional(),
-        backgroundMs: z.number().int().positive().optional(),
-        timeoutSec: z.number().int().positive().optional(),
-        cleanupMs: z.number().int().positive().optional(),
-        notifyOnExit: z.boolean().optional(),
-        applyPatch: z
-            .object({
-            enabled: z.boolean().optional(),
-            allowModels: z.array(z.string()).optional(),
-        })
-            .strict()
-            .optional(),
-    })
-        .strict()
-        .optional(),
+    exec: ToolExecSchema,
+    fs: ToolFsSchema,
     subagents: z
         .object({
         tools: ToolPolicySchema,
@@ -534,11 +631,6 @@ export const ToolsSchema = z
 })
     .strict()
     .superRefine((value, ctx) => {
-    if (value.allow && value.allow.length > 0 && value.alsoAllow && value.alsoAllow.length > 0) {
-        ctx.addIssue({
-            code: z.ZodIssueCode.custom,
-            message: "tools cannot set both allow and alsoAllow in the same scope (merge alsoAllow into allow, or remove allow and use profile + alsoAllow)",
-        });
-    }
+    addAllowAlsoAllowConflictIssue(value, ctx, "tools cannot set both allow and alsoAllow in the same scope (merge alsoAllow into allow, or remove allow and use profile + alsoAllow)");
 })
     .optional();