npm - @poolzin/pool-bot - Versions diffs - 2026.2.21 → 2026.2.22 - Mend

@poolzin/pool-bot 2026.2.21 → 2026.2.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (369) hide show

package/CHANGELOG.md +17 -0
package/dist/agents/api-key-rotation.js +47 -0
package/dist/agents/apply-patch-update.js +19 -9
package/dist/agents/apply-patch.js +72 -47
package/dist/agents/bash-tools.exec.js +141 -559
package/dist/agents/cli-backends.js +49 -6
package/dist/agents/cli-runner/helpers.js +69 -152
package/dist/agents/cli-runner.js +70 -19
package/dist/agents/identity.js +20 -1
package/dist/agents/image-sanitization.js +9 -0
package/dist/agents/live-auth-keys.js +123 -26
package/dist/agents/live-model-filter.js +13 -4
package/dist/agents/model-catalog.js +40 -9
package/dist/agents/model-forward-compat.js +60 -23
package/dist/agents/model-selection.js +134 -41
package/dist/agents/pi-auth-json.js +2 -2
package/dist/agents/pi-embedded-helpers/bootstrap.js +65 -15
package/dist/agents/pi-embedded-helpers/errors.js +140 -15
package/dist/agents/pi-embedded-helpers/images.js +22 -12
package/dist/agents/pi-embedded-helpers.js +2 -2
package/dist/agents/pi-embedded-runner/abort.js +10 -3
package/dist/agents/pi-embedded-runner/compact.js +230 -32
package/dist/agents/pi-embedded-runner/extra-params.js +203 -12
package/dist/agents/pi-embedded-runner/google.js +109 -19
package/dist/agents/pi-embedded-runner/history.js +35 -17
package/dist/agents/pi-embedded-runner/run/attempt.js +386 -95
package/dist/agents/pi-embedded-runner/run/images.js +81 -55
package/dist/agents/pi-embedded-runner/run/payloads.js +89 -39
package/dist/agents/pi-embedded-runner/run.js +193 -25
package/dist/agents/pi-embedded-runner/run.overflow-compaction.mocks.shared.js +2 -2
package/dist/agents/pi-embedded-runner/runs.js +17 -8
package/dist/agents/pi-embedded-runner/tool-result-context-guard.js +262 -0
package/dist/agents/pi-embedded-runner.js +1 -1
package/dist/agents/pi-embedded-subscribe.handlers.tools.js +180 -10
package/dist/agents/pi-embedded-subscribe.js +37 -0
package/dist/agents/pi-embedded-subscribe.tools.js +127 -30
package/dist/agents/pi-model-discovery.js +9 -2
package/dist/agents/pi-tool-definition-adapter.js +60 -8
package/dist/agents/pi-tools.before-tool-call.js +1 -1
package/dist/agents/pi-tools.js +113 -94
package/dist/agents/pi-tools.read.js +337 -38
package/dist/agents/poolbot-tools.js +14 -5
package/dist/agents/sandbox/docker.js +10 -5
package/dist/agents/sandbox/registry.js +96 -46
package/dist/agents/sandbox/sanitize-env-vars.js +82 -0
package/dist/agents/sandbox-paths.js +43 -10
package/dist/agents/session-tool-result-guard-wrapper.js +23 -11
package/dist/agents/session-tool-result-guard.js +39 -39
package/dist/agents/session-transcript-repair.js +36 -33
package/dist/agents/session-write-lock.js +62 -44
package/dist/agents/skills/frontmatter.js +49 -88
package/dist/agents/skills/workspace.js +335 -28
package/dist/agents/subagent-announce.js +508 -174
package/dist/agents/subagent-registry.js +45 -4
package/dist/agents/subagent-spawn.js +16 -33
package/dist/agents/system-prompt-report.js +27 -10
package/dist/agents/system-prompt.js +26 -32
package/dist/agents/tool-call-id.js +69 -17
package/dist/agents/tool-display-common.js +1 -1
package/dist/agents/tool-images.js +64 -31
package/dist/agents/tools/canvas-tool.js +17 -11
package/dist/agents/tools/common.js +37 -19
package/dist/agents/tools/cron-tool.js +40 -38
package/dist/agents/tools/gateway.js +70 -2
package/dist/agents/tools/message-tool.js +181 -40
package/dist/agents/tools/nodes-tool.js +128 -36
package/dist/agents/tools/nodes-utils.js +12 -38
package/dist/agents/tools/session-status-tool.js +24 -71
package/dist/agents/tools/sessions-helpers.js +38 -210
package/dist/agents/tools/sessions-spawn-tool.js +28 -198
package/dist/agents/tools/telegram-actions.js +58 -7
package/dist/agents/tools/web-fetch-utils.js +112 -7
package/dist/agents/tools/web-fetch.js +279 -175
package/dist/agents/tools/web-shared.js +71 -8
package/dist/agents/usage.js +25 -16
package/dist/auto-reply/commands-registry.data.js +85 -11
package/dist/auto-reply/dispatch.js +40 -21
package/dist/auto-reply/reply/abort.js +102 -33
package/dist/auto-reply/reply/commands-core.js +82 -33
package/dist/auto-reply/reply/commands-export-session.js +1 -1
package/dist/auto-reply/reply/commands-info.js +41 -12
package/dist/auto-reply/reply/commands-subagents.js +352 -100
package/dist/auto-reply/reply/commands-system-prompt.js +2 -2
package/dist/auto-reply/reply/dispatch-from-config.js +100 -29
package/dist/auto-reply/reply/elevated-unavailable.js +1 -1
package/dist/auto-reply/reply/inbound-meta.js +12 -1
package/dist/auto-reply/reply/mentions.js +18 -11
package/dist/auto-reply/reply/normalize-reply.js +17 -8
package/dist/auto-reply/reply/reply-dispatcher.js +62 -10
package/dist/auto-reply/reply/session.js +102 -21
package/dist/auto-reply/reply/streaming-directives.js +16 -5
package/dist/auto-reply/status.js +73 -50
package/dist/browser/extension-relay.js +3 -3
package/dist/browser/http-auth.js +1 -1
package/dist/browser/paths.js +2 -2
package/dist/build-info.json +3 -3
package/dist/channels/allowlist-match.js +20 -0
package/dist/channels/allowlists/resolve-utils.js +65 -2
package/dist/channels/chat-type.js +8 -4
package/dist/channels/dock.js +127 -35
package/dist/channels/draft-stream-loop.js +6 -2
package/dist/channels/plugins/actions/telegram.js +42 -18
package/dist/channels/plugins/allowlist-match.js +1 -1
package/dist/channels/plugins/group-mentions.js +51 -41
package/dist/channels/plugins/message-action-names.js +2 -0
package/dist/channels/plugins/message-actions.js +24 -5
package/dist/channels/plugins/normalize/discord.js +26 -4
package/dist/channels/plugins/normalize/signal.js +35 -22
package/dist/channels/plugins/onboarding/helpers.js +8 -26
package/dist/channels/plugins/outbound/imessage.js +15 -14
package/dist/channels/registry.js +20 -7
package/dist/cli/acp-cli.js +7 -5
package/dist/cli/browser-cli-extension.js +25 -12
package/dist/cli/browser-cli-state.cookies-storage.js +25 -6
package/dist/cli/browser-cli-state.js +101 -145
package/dist/cli/command-options.js +28 -0
package/dist/cli/completion-cli.js +6 -6
package/dist/cli/cron-cli/register.cron-add.js +25 -1
package/dist/cli/cron-cli/register.cron-edit.js +44 -0
package/dist/cli/cron-cli/shared.js +7 -1
package/dist/cli/daemon-cli/lifecycle-core.js +23 -21
package/dist/cli/daemon-cli/lifecycle.js +23 -247
package/dist/cli/daemon-cli/register-service-commands.js +25 -4
package/dist/cli/daemon-cli.js +1 -0
package/dist/cli/devices-cli.js +33 -20
package/dist/cli/gateway-cli/register.js +37 -105
package/dist/cli/gateway-cli/run.js +49 -11
package/dist/cli/nodes-camera.js +59 -4
package/dist/cli/nodes-cli/register.camera.js +27 -24
package/dist/cli/nodes-cli/rpc.js +21 -38
package/dist/cli/qr-cli.js +2 -2
package/dist/cli/skills-cli.format.js +2 -2
package/dist/cli/update-cli/progress.js +2 -2
package/dist/cli/update-cli/restart-helper.js +28 -7
package/dist/cli/update-cli/shared.js +7 -7
package/dist/cli/update-cli/status.js +1 -1
package/dist/cli/update-cli/update-command.js +14 -8
package/dist/cli/update-cli/wizard.js +2 -2
package/dist/cli/update-cli.js +21 -1027
package/dist/commands/auth-choice.apply.anthropic.js +10 -2
package/dist/commands/channels/add-mutators.js +3 -35
package/dist/commands/channels/add.js +39 -51
package/dist/commands/config-validation.js +1 -1
package/dist/commands/configure.gateway-auth.js +52 -15
package/dist/commands/configure.gateway.js +84 -40
package/dist/commands/doctor-completion.js +3 -3
package/dist/commands/doctor-config-flow.js +536 -16
package/dist/commands/doctor-gateway-services.js +103 -79
package/dist/commands/doctor-memory-search.js +9 -9
package/dist/commands/doctor-platform-notes.js +57 -30
package/dist/commands/doctor-prompter.js +26 -15
package/dist/commands/doctor-session-locks.js +1 -1
package/dist/commands/doctor.js +21 -9
package/dist/commands/model-picker.js +120 -95
package/dist/commands/models/set.js +2 -21
package/dist/commands/models/shared.js +65 -37
package/dist/commands/onboard-helpers.js +81 -39
package/dist/commands/openai-codex-oauth.js +1 -1
package/dist/commands/sessions.js +52 -53
package/dist/commands/status.summary.js +52 -34
package/dist/commands/test-wizard-helpers.js +2 -2
package/dist/config/defaults.js +79 -42
package/dist/config/group-policy.js +50 -18
package/dist/config/includes.js +37 -10
package/dist/config/schema.help.js +5 -4
package/dist/config/schema.hints.js +2 -2
package/dist/config/schema.labels.js +1 -0
package/dist/config/sessions/group.js +12 -11
package/dist/config/sessions/paths.js +137 -11
package/dist/config/sessions/store.js +185 -65
package/dist/config/sessions/types.js +15 -1
package/dist/config/sessions.js +1 -0
package/dist/config/telegram-custom-commands.js +3 -2
package/dist/config/types.js +2 -0
package/dist/config/zod-schema.agent-defaults.js +6 -27
package/dist/config/zod-schema.agent-runtime.js +171 -79
package/dist/config/zod-schema.providers-core.js +138 -65
package/dist/config/zod-schema.session.js +49 -22
package/dist/control-ui/assets/index-HRr1grwl.js.map +1 -1
package/dist/cron/isolated-agent/run.js +224 -57
package/dist/cron/normalize.js +48 -45
package/dist/cron/run-log.js +14 -0
package/dist/cron/service/jobs.js +190 -28
package/dist/cron/service/normalize.js +29 -11
package/dist/cron/service/store.js +30 -44
package/dist/cron/service/timer.js +182 -96
package/dist/cron/service.js +3 -0
package/dist/cron/stagger.js +37 -0
package/dist/daemon/inspect.js +132 -92
package/dist/daemon/runtime-paths.js +25 -4
package/dist/daemon/service-audit.js +47 -16
package/dist/discord/accounts.js +23 -20
package/dist/discord/monitor/agent-components.js +1115 -219
package/dist/discord/monitor/allow-list.js +114 -34
package/dist/discord/monitor/listeners.js +204 -97
package/dist/discord/monitor/message-handler.js +21 -10
package/dist/discord/monitor/message-handler.preflight.js +195 -101
package/dist/discord/monitor/message-handler.process.js +384 -123
package/dist/discord/monitor/message-utils.js +86 -23
package/dist/discord/monitor/native-command.js +77 -57
package/dist/discord/monitor/provider.js +122 -117
package/dist/discord/monitor/reply-context.js +20 -16
package/dist/discord/monitor/reply-delivery.js +40 -8
package/dist/discord/monitor/rest-fetch.js +22 -0
package/dist/discord/monitor/threading.js +117 -24
package/dist/discord/send.js +2 -1
package/dist/discord/send.outbound.js +124 -11
package/dist/discord/send.shared.js +112 -72
package/dist/discord/voice-message.js +3 -3
package/dist/gateway/auth.js +119 -44
package/dist/gateway/call.js +76 -34
package/dist/gateway/channel-health-monitor.js +57 -50
package/dist/gateway/client.js +63 -29
package/dist/gateway/control-ui-contract.js +1 -1
package/dist/gateway/gateway-config-prompts.shared.js +2 -2
package/dist/gateway/net.js +109 -1
package/dist/gateway/protocol/index.js +5 -8
package/dist/gateway/protocol/schema/agent.js +19 -1
package/dist/gateway/protocol/schema/channels.js +21 -0
package/dist/gateway/protocol/schema/cron.js +43 -30
package/dist/gateway/protocol/schema/protocol-schemas.js +6 -11
package/dist/gateway/protocol/schema/sessions.js +5 -1
package/dist/gateway/protocol/schema.js +0 -1
package/dist/gateway/server/presence-events.js +12 -0
package/dist/gateway/server/ws-connection/message-handler.js +203 -212
package/dist/gateway/server/ws-connection.js +58 -21
package/dist/gateway/server-broadcast.js +18 -13
package/dist/gateway/server-cron.js +177 -10
package/dist/gateway/server-methods/agent-job.js +131 -38
package/dist/gateway/server-methods/send.js +60 -14
package/dist/gateway/server-methods/sessions.js +160 -96
package/dist/gateway/server-methods/system.js +5 -7
package/dist/gateway/server-methods-list.js +8 -0
package/dist/gateway/server-methods.js +24 -8
package/dist/gateway/server-node-events.js +278 -68
package/dist/gateway/session-utils.fs.js +316 -75
package/dist/gateway/session-utils.js +224 -70
package/dist/gateway/sessions-patch.js +63 -20
package/dist/gateway/test-temp-config.js +1 -1
package/dist/gateway/tools-invoke-http.js +118 -70
package/dist/gateway/ws-log.js +135 -107
package/dist/hooks/frontmatter.js +36 -82
package/dist/hooks/install.js +149 -139
package/dist/hooks/internal-hooks.js +29 -4
package/dist/hooks/plugin-hooks.js +2 -1
package/dist/imessage/monitor/deliver.js +10 -4
package/dist/imessage/monitor/monitor-provider.js +138 -375
package/dist/imessage/monitor/runtime.js +4 -8
package/dist/imessage/send.js +65 -19
package/dist/infra/exec-approvals-allowlist.js +7 -0
package/dist/infra/exec-approvals.js +35 -920
package/dist/infra/exec-safe-bin-trust.js +64 -0
package/dist/infra/heartbeat-runner.js +207 -134
package/dist/infra/heartbeat-wake.js +183 -22
package/dist/infra/install-source-utils.js +47 -0
package/dist/infra/net/ssrf.js +170 -36
package/dist/infra/outbound/deliver.js +224 -58
package/dist/infra/outbound/message-action-spec.js +12 -5
package/dist/infra/outbound/outbound-session.js +27 -25
package/dist/infra/poolbot-root.js +32 -22
package/dist/infra/ports.js +14 -11
package/dist/infra/skills-remote.js +48 -37
package/dist/infra/system-events.js +25 -11
package/dist/infra/system-presence.js +26 -33
package/dist/infra/tmp-poolbot-dir.js +81 -2
package/dist/infra/wsl.js +37 -1
package/dist/line/bot-message-context.js +163 -191
package/dist/logging/subsystem.js +59 -22
package/dist/markdown/ir.js +124 -50
package/dist/media/store.js +1 -1
package/dist/media-understanding/runner.entries.js +42 -25
package/dist/media-understanding/runner.js +53 -488
package/dist/memory/embeddings-gemini.js +53 -38
package/dist/memory/manager-embedding-ops.js +48 -69
package/dist/pairing/pairing-store.js +178 -119
package/dist/plugin-sdk/index.js +34 -6
package/dist/plugins/hooks.js +135 -14
package/dist/plugins/install.js +190 -152
package/dist/polls.js +11 -0
package/dist/routing/resolve-route.js +190 -56
package/dist/routing/session-key.js +38 -22
package/dist/runtime.js +35 -9
package/dist/security/audit-channel.js +1 -1
package/dist/sessions/session-key-utils.js +29 -11
package/dist/shared/frontmatter.js +5 -5
package/dist/shared/node-list-types.js +1 -0
package/dist/shared/string-normalization.js +15 -0
package/dist/signal/monitor/event-handler.js +68 -36
package/dist/signal/send.js +29 -37
package/dist/slack/monitor/allow-list.js +10 -11
package/dist/slack/monitor/commands.js +14 -3
package/dist/slack/monitor/events/interactions.js +4 -4
package/dist/slack/monitor/media.js +224 -16
package/dist/slack/monitor/message-handler/dispatch.js +247 -13
package/dist/slack/monitor/message-handler/prepare.js +128 -45
package/dist/slack/monitor/slash.js +357 -144
package/dist/slack/streaming.js +77 -0
package/dist/telegram/accounts.js +40 -13
package/dist/telegram/allowed-updates.js +3 -0
package/dist/telegram/bot/delivery.js +129 -66
package/dist/telegram/bot/helpers.js +136 -122
package/dist/telegram/bot-handlers.js +600 -339
package/dist/telegram/bot-message-context.js +115 -73
package/dist/telegram/bot-message-dispatch.js +235 -104
package/dist/telegram/bot-native-command-menu.js +3 -1
package/dist/telegram/bot-native-commands.js +213 -193
package/dist/telegram/bot.js +24 -132
package/dist/telegram/draft-stream.js +84 -75
package/dist/telegram/format.js +150 -6
package/dist/telegram/send.js +415 -255
package/dist/telegram/targets.js +21 -2
package/dist/telegram/update-offset-store.js +19 -3
package/dist/terminal/restore.js +5 -2
package/dist/test-utils/fetch-mock.js +5 -0
package/dist/version.js +18 -5
package/dist/web/auto-reply/monitor/broadcast.js +7 -3
package/dist/web/auto-reply/monitor/on-message.js +6 -3
package/dist/web/inbound/media.js +34 -8
package/dist/web/inbound/monitor.js +34 -17
package/dist/web/inbound/send-api.js +18 -17
package/dist/web/outbound.js +12 -5
package/dist/wizard/clack-prompter.js +40 -7
package/extensions/bluebubbles/package.json +1 -1
package/extensions/copilot-proxy/package.json +1 -1
package/extensions/diagnostics-otel/package.json +1 -1
package/extensions/discord/package.json +1 -1
package/extensions/feishu/package.json +1 -1
package/extensions/google-antigravity-auth/package.json +1 -1
package/extensions/google-gemini-cli-auth/package.json +1 -1
package/extensions/googlechat/package.json +1 -1
package/extensions/imessage/package.json +1 -1
package/extensions/irc/package.json +1 -1
package/extensions/line/package.json +1 -1
package/extensions/llm-task/package.json +1 -1
package/extensions/lobster/package.json +1 -1
package/extensions/matrix/CHANGELOG.md +5 -0
package/extensions/matrix/package.json +1 -1
package/extensions/mattermost/package.json +1 -1
package/extensions/memory-core/package.json +1 -1
package/extensions/memory-lancedb/package.json +1 -1
package/extensions/minimax-portal-auth/package.json +1 -1
package/extensions/msteams/CHANGELOG.md +5 -0
package/extensions/msteams/package.json +1 -1
package/extensions/nextcloud-talk/package.json +1 -1
package/extensions/nostr/CHANGELOG.md +5 -0
package/extensions/nostr/package.json +1 -1
package/extensions/open-prose/package.json +1 -1
package/extensions/openai-codex-auth/package.json +1 -1
package/extensions/signal/package.json +1 -1
package/extensions/slack/package.json +1 -1
package/extensions/telegram/package.json +1 -1
package/extensions/tlon/package.json +1 -1
package/extensions/twitch/CHANGELOG.md +5 -0
package/extensions/twitch/package.json +1 -1
package/extensions/voice-call/CHANGELOG.md +5 -0
package/extensions/voice-call/package.json +1 -1
package/extensions/whatsapp/package.json +1 -1
package/extensions/zalo/CHANGELOG.md +5 -0
package/extensions/zalo/package.json +1 -1
package/extensions/zalouser/CHANGELOG.md +5 -0
package/extensions/zalouser/package.json +1 -1
package/package.json +1 -1
package/skills/apple-reminders/SKILL.md +100 -49
package/skills/coding-agent/SKILL.md +34 -28
package/skills/github/SKILL.md +131 -16
package/skills/imsg/SKILL.md +112 -15
package/skills/openhue/SKILL.md +101 -19
package/skills/tmux/SKILL.md +111 -79
package/skills/weather/SKILL.md +88 -25

package/dist/gateway/server-methods.js CHANGED Viewed

@@ -29,7 +29,11 @@ const READ_SCOPE = "operator.read";
 const WRITE_SCOPE = "operator.write";
 const APPROVALS_SCOPE = "operator.approvals";
 const PAIRING_SCOPE = "operator.pairing";
-const APPROVAL_METHODS = new Set(["exec.approval.request", "exec.approval.resolve"]);
+const APPROVAL_METHODS = new Set([
+    "exec.approval.request",
+    "exec.approval.waitDecision",
+    "exec.approval.resolve",
+]);
 const NODE_ROLE_METHODS = new Set(["node.invoke.result", "node.event", "skills.bins"]);
 const PAIRING_METHODS = new Set([
     "node.pair.request",
@@ -69,6 +73,8 @@ const READ_METHODS = new Set([
     "node.list",
     "node.describe",
     "chat.history",
+    "config.get",
+    "talk.config",
 ]);
 const WRITE_METHODS = new Set([
     "send",
@@ -87,13 +93,15 @@ const WRITE_METHODS = new Set([
     "browser.request",
 ]);
 function authorizeGatewayMethod(method, client) {
-    if (!client?.connect)
+    if (!client?.connect) {
         return null;
+    }
     const role = client.connect.role ?? "operator";
     const scopes = client.connect.scopes ?? [];
     if (NODE_ROLE_METHODS.has(method)) {
-        if (role === "node")
+        if (role === "node") {
             return null;
+        }
         return errorShape(ErrorCodes.INVALID_REQUEST, `unauthorized role: ${role}`);
     }
     if (role === "node") {
@@ -102,8 +110,9 @@ function authorizeGatewayMethod(method, client) {
     if (role !== "operator") {
         return errorShape(ErrorCodes.INVALID_REQUEST, `unauthorized role: ${role}`);
     }
-    if (scopes.includes(ADMIN_SCOPE))
+    if (scopes.includes(ADMIN_SCOPE)) {
         return null;
+    }
     if (APPROVAL_METHODS.has(method) && !scopes.includes(APPROVALS_SCOPE)) {
         return errorShape(ErrorCodes.INVALID_REQUEST, "missing scope: operator.approvals");
     }
@@ -116,14 +125,18 @@ function authorizeGatewayMethod(method, client) {
     if (WRITE_METHODS.has(method) && !scopes.includes(WRITE_SCOPE)) {
         return errorShape(ErrorCodes.INVALID_REQUEST, "missing scope: operator.write");
     }
-    if (APPROVAL_METHODS.has(method))
+    if (APPROVAL_METHODS.has(method)) {
         return null;
-    if (PAIRING_METHODS.has(method))
+    }
+    if (PAIRING_METHODS.has(method)) {
         return null;
-    if (READ_METHODS.has(method))
+    }
+    if (READ_METHODS.has(method)) {
         return null;
-    if (WRITE_METHODS.has(method))
+    }
+    if (WRITE_METHODS.has(method)) {
         return null;
+    }
     if (ADMIN_METHOD_PREFIXES.some((prefix) => method.startsWith(prefix))) {
         return errorShape(ErrorCodes.INVALID_REQUEST, "missing scope: operator.admin");
     }
@@ -131,6 +144,9 @@ function authorizeGatewayMethod(method, client) {
         method.startsWith("wizard.") ||
         method.startsWith("update.") ||
         method === "channels.logout" ||
+        method === "agents.create" ||
+        method === "agents.update" ||
+        method === "agents.delete" ||
         method === "skills.install" ||
         method === "skills.update" ||
         method === "cron.add" ||

package/dist/gateway/server-node-events.js CHANGED Viewed

@@ -1,19 +1,183 @@
 import { randomUUID } from "node:crypto";
+import { resolveSessionAgentId } from "../agents/agent-scope.js";
 import { normalizeChannelId } from "../channels/plugins/index.js";
+import { createOutboundSendDeps } from "../cli/outbound-send-deps.js";
 import { agentCommand } from "../commands/agent.js";
 import { loadConfig } from "../config/config.js";
 import { updateSessionStore } from "../config/sessions.js";
 import { requestHeartbeatNow } from "../infra/heartbeat-wake.js";
+import { deliverOutboundPayloads } from "../infra/outbound/deliver.js";
+import { resolveOutboundTarget } from "../infra/outbound/targets.js";
 import { enqueueSystemEvent } from "../infra/system-events.js";
 import { normalizeMainKey } from "../routing/session-key.js";
 import { defaultRuntime } from "../runtime.js";
-import { loadSessionEntry } from "./session-utils.js";
+import { parseMessageWithAttachments } from "./chat-attachments.js";
+import { normalizeRpcAttachmentsToChatAttachments } from "./server-methods/attachment-normalize.js";
+import { loadSessionEntry, pruneLegacyStoreKeys, resolveGatewaySessionStoreTarget, } from "./session-utils.js";
 import { formatForLog } from "./ws-log.js";
+const MAX_EXEC_EVENT_OUTPUT_CHARS = 180;
+const VOICE_TRANSCRIPT_DEDUPE_WINDOW_MS = 1500;
+const MAX_RECENT_VOICE_TRANSCRIPTS = 200;
+const recentVoiceTranscripts = new Map();
+function normalizeNonEmptyString(value) {
+    if (typeof value !== "string") {
+        return null;
+    }
+    const trimmed = value.trim();
+    return trimmed.length > 0 ? trimmed : null;
+}
+function normalizeFiniteInteger(value) {
+    return typeof value === "number" && Number.isFinite(value) ? Math.trunc(value) : null;
+}
+function resolveVoiceTranscriptFingerprint(obj, text) {
+    const eventId = normalizeNonEmptyString(obj.eventId) ??
+        normalizeNonEmptyString(obj.providerEventId) ??
+        normalizeNonEmptyString(obj.transcriptId);
+    if (eventId) {
+        return `event:${eventId}`;
+    }
+    const callId = normalizeNonEmptyString(obj.providerCallId) ?? normalizeNonEmptyString(obj.callId);
+    const sequence = normalizeFiniteInteger(obj.sequence) ?? normalizeFiniteInteger(obj.seq);
+    if (callId && sequence !== null) {
+        return `call-seq:${callId}:${sequence}`;
+    }
+    const eventTimestamp = normalizeFiniteInteger(obj.timestamp) ??
+        normalizeFiniteInteger(obj.ts) ??
+        normalizeFiniteInteger(obj.eventTimestamp);
+    if (callId && eventTimestamp !== null) {
+        return `call-ts:${callId}:${eventTimestamp}`;
+    }
+    if (eventTimestamp !== null) {
+        return `timestamp:${eventTimestamp}|text:${text}`;
+    }
+    return `text:${text}`;
+}
+function shouldDropDuplicateVoiceTranscript(params) {
+    const previous = recentVoiceTranscripts.get(params.sessionKey);
+    if (previous &&
+        previous.fingerprint === params.fingerprint &&
+        params.now - previous.ts <= VOICE_TRANSCRIPT_DEDUPE_WINDOW_MS) {
+        return true;
+    }
+    recentVoiceTranscripts.set(params.sessionKey, {
+        fingerprint: params.fingerprint,
+        ts: params.now,
+    });
+    if (recentVoiceTranscripts.size > MAX_RECENT_VOICE_TRANSCRIPTS) {
+        const cutoff = params.now - VOICE_TRANSCRIPT_DEDUPE_WINDOW_MS * 2;
+        for (const [key, value] of recentVoiceTranscripts) {
+            if (value.ts < cutoff) {
+                recentVoiceTranscripts.delete(key);
+            }
+            if (recentVoiceTranscripts.size <= MAX_RECENT_VOICE_TRANSCRIPTS) {
+                break;
+            }
+        }
+        while (recentVoiceTranscripts.size > MAX_RECENT_VOICE_TRANSCRIPTS) {
+            const oldestKey = recentVoiceTranscripts.keys().next().value;
+            if (oldestKey === undefined) {
+                break;
+            }
+            recentVoiceTranscripts.delete(oldestKey);
+        }
+    }
+    return false;
+}
+function compactExecEventOutput(raw) {
+    const normalized = raw.replace(/\s+/g, " ").trim();
+    if (!normalized) {
+        return "";
+    }
+    if (normalized.length <= MAX_EXEC_EVENT_OUTPUT_CHARS) {
+        return normalized;
+    }
+    const safe = Math.max(1, MAX_EXEC_EVENT_OUTPUT_CHARS - 1);
+    return `${normalized.slice(0, safe)}…`;
+}
+async function touchSessionStore(params) {
+    const { storePath } = params;
+    if (!storePath) {
+        return;
+    }
+    await updateSessionStore(storePath, (store) => {
+        const target = resolveGatewaySessionStoreTarget({
+            cfg: params.cfg,
+            key: params.sessionKey,
+            store,
+        });
+        pruneLegacyStoreKeys({
+            store,
+            canonicalKey: target.canonicalKey,
+            candidates: target.storeKeys,
+        });
+        store[params.canonicalKey] = {
+            sessionId: params.sessionId,
+            updatedAt: params.now,
+            thinkingLevel: params.entry?.thinkingLevel,
+            verboseLevel: params.entry?.verboseLevel,
+            reasoningLevel: params.entry?.reasoningLevel,
+            systemSent: params.entry?.systemSent,
+            sendPolicy: params.entry?.sendPolicy,
+            lastChannel: params.entry?.lastChannel,
+            lastTo: params.entry?.lastTo,
+        };
+    });
+}
+function queueSessionStoreTouch(params) {
+    void touchSessionStore({
+        cfg: params.cfg,
+        sessionKey: params.sessionKey,
+        storePath: params.storePath,
+        canonicalKey: params.canonicalKey,
+        entry: params.entry,
+        sessionId: params.sessionId,
+        now: params.now,
+    }).catch((err) => {
+        params.ctx.logGateway.warn("voice session-store update failed: " + formatForLog(err));
+    });
+}
+function parseSessionKeyFromPayloadJSON(payloadJSON) {
+    let payload;
+    try {
+        payload = JSON.parse(payloadJSON);
+    }
+    catch {
+        return null;
+    }
+    if (typeof payload !== "object" || payload === null) {
+        return null;
+    }
+    const obj = payload;
+    const sessionKey = typeof obj.sessionKey === "string" ? obj.sessionKey.trim() : "";
+    return sessionKey.length > 0 ? sessionKey : null;
+}
+async function sendReceiptAck(params) {
+    const resolved = resolveOutboundTarget({
+        channel: params.channel,
+        to: params.to,
+        cfg: params.cfg,
+        mode: "explicit",
+    });
+    if (!resolved.ok) {
+        throw new Error(String(resolved.error));
+    }
+    const agentId = resolveSessionAgentId({ sessionKey: params.sessionKey, config: params.cfg });
+    await deliverOutboundPayloads({
+        cfg: params.cfg,
+        channel: params.channel,
+        to: resolved.to,
+        payloads: [{ text: params.text }],
+        agentId,
+        bestEffort: true,
+        deps: createOutboundSendDeps(params.deps),
+    });
+}
 export const handleNodeEvent = async (ctx, nodeId, evt) => {
     switch (evt.event) {
         case "voice.transcript": {
-            if (!evt.payloadJSON)
+            if (!evt.payloadJSON) {
                 return;
+            }
             let payload;
             try {
                 payload = JSON.parse(evt.payloadJSON);
@@ -23,53 +187,60 @@ export const handleNodeEvent = async (ctx, nodeId, evt) => {
             }
             const obj = typeof payload === "object" && payload !== null ? payload : {};
             const text = typeof obj.text === "string" ? obj.text.trim() : "";
-            if (!text)
+            if (!text) {
                 return;
-            if (text.length > 20_000)
+            }
+            if (text.length > 20_000) {
                 return;
+            }
             const sessionKeyRaw = typeof obj.sessionKey === "string" ? obj.sessionKey.trim() : "";
             const cfg = loadConfig();
             const rawMainKey = normalizeMainKey(cfg.session?.mainKey);
             const sessionKey = sessionKeyRaw.length > 0 ? sessionKeyRaw : rawMainKey;
             const { storePath, entry, canonicalKey } = loadSessionEntry(sessionKey);
             const now = Date.now();
-            const sessionId = entry?.sessionId ?? randomUUID();
-            if (storePath) {
-                await updateSessionStore(storePath, (store) => {
-                    store[canonicalKey] = {
-                        sessionId,
-                        updatedAt: now,
-                        thinkingLevel: entry?.thinkingLevel,
-                        verboseLevel: entry?.verboseLevel,
-                        reasoningLevel: entry?.reasoningLevel,
-                        systemSent: entry?.systemSent,
-                        sendPolicy: entry?.sendPolicy,
-                        lastChannel: entry?.lastChannel,
-                        lastTo: entry?.lastTo,
-                    };
-                });
+            const fingerprint = resolveVoiceTranscriptFingerprint(obj, text);
+            if (shouldDropDuplicateVoiceTranscript({ sessionKey: canonicalKey, fingerprint, now })) {
+                return;
             }
+            const sessionId = entry?.sessionId ?? randomUUID();
+            queueSessionStoreTouch({
+                ctx,
+                cfg,
+                sessionKey,
+                storePath,
+                canonicalKey,
+                entry,
+                sessionId,
+                now,
+            });
             // Ensure chat UI clients refresh when this run completes (even though it wasn't started via chat.send).
             // This maps agent bus events (keyed by sessionId) to chat events (keyed by clientRunId).
             ctx.addChatRun(sessionId, {
-                sessionKey,
+                sessionKey: canonicalKey,
                 clientRunId: `voice-${randomUUID()}`,
             });
             void agentCommand({
                 message: text,
                 sessionId,
-                sessionKey,
+                sessionKey: canonicalKey,
                 thinking: "low",
                 deliver: false,
                 messageChannel: "node",
+                inputProvenance: {
+                    kind: "external_user",
+                    sourceChannel: "voice",
+                    sourceTool: "gateway.voice.transcript",
+                },
             }, defaultRuntime, ctx.deps).catch((err) => {
                 ctx.logGateway.warn(`agent failed node=${nodeId}: ${formatForLog(err)}`);
             });
             return;
         }
         case "agent.request": {
-            if (!evt.payloadJSON)
+            if (!evt.payloadJSON) {
                 return;
+            }
             let link = null;
             try {
                 link = JSON.parse(evt.payloadJSON);
@@ -77,43 +248,84 @@ export const handleNodeEvent = async (ctx, nodeId, evt) => {
             catch {
                 return;
             }
-            const message = (link?.message ?? "").trim();
-            if (!message)
+            let message = (link?.message ?? "").trim();
+            const normalizedAttachments = normalizeRpcAttachmentsToChatAttachments(link?.attachments ?? undefined);
+            let images = [];
+            if (normalizedAttachments.length > 0) {
+                try {
+                    const parsed = await parseMessageWithAttachments(message, normalizedAttachments, {
+                        maxBytes: 5_000_000,
+                        log: ctx.logGateway,
+                    });
+                    message = parsed.message.trim();
+                    images = parsed.images;
+                }
+                catch {
+                    return;
+                }
+            }
+            if (!message) {
                 return;
-            if (message.length > 20_000)
+            }
+            if (message.length > 20_000) {
                 return;
+            }
             const channelRaw = typeof link?.channel === "string" ? link.channel.trim() : "";
-            const channel = normalizeChannelId(channelRaw) ?? undefined;
-            const to = typeof link?.to === "string" && link.to.trim() ? link.to.trim() : undefined;
-            const deliver = Boolean(link?.deliver) && Boolean(channel);
+            let channel = normalizeChannelId(channelRaw) ?? undefined;
+            let to = typeof link?.to === "string" && link.to.trim() ? link.to.trim() : undefined;
+            const deliverRequested = Boolean(link?.deliver);
+            const wantsReceipt = Boolean(link?.receipt);
+            const receiptTextRaw = typeof link?.receiptText === "string" ? link.receiptText.trim() : "";
+            const receiptText = receiptTextRaw || "Just received your iOS share + request, working on it.";
             const sessionKeyRaw = (link?.sessionKey ?? "").trim();
             const sessionKey = sessionKeyRaw.length > 0 ? sessionKeyRaw : `node-${nodeId}`;
+            const cfg = loadConfig();
             const { storePath, entry, canonicalKey } = loadSessionEntry(sessionKey);
             const now = Date.now();
             const sessionId = entry?.sessionId ?? randomUUID();
-            if (storePath) {
-                await updateSessionStore(storePath, (store) => {
-                    store[canonicalKey] = {
-                        sessionId,
-                        updatedAt: now,
-                        thinkingLevel: entry?.thinkingLevel,
-                        verboseLevel: entry?.verboseLevel,
-                        reasoningLevel: entry?.reasoningLevel,
-                        systemSent: entry?.systemSent,
-                        sendPolicy: entry?.sendPolicy,
-                        lastChannel: entry?.lastChannel,
-                        lastTo: entry?.lastTo,
-                    };
+            await touchSessionStore({ cfg, sessionKey, storePath, canonicalKey, entry, sessionId, now });
+            if (deliverRequested && (!channel || !to)) {
+                const entryChannel = typeof entry?.lastChannel === "string"
+                    ? normalizeChannelId(entry.lastChannel)
+                    : undefined;
+                const entryTo = typeof entry?.lastTo === "string" ? entry.lastTo.trim() : "";
+                if (!channel && entryChannel) {
+                    channel = entryChannel;
+                }
+                if (!to && entryTo) {
+                    to = entryTo;
+                }
+            }
+            const deliver = deliverRequested && Boolean(channel && to);
+            const deliveryChannel = deliver ? channel : undefined;
+            const deliveryTo = deliver ? to : undefined;
+            if (deliverRequested && !deliver) {
+                ctx.logGateway.warn(`agent delivery disabled node=${nodeId}: missing session delivery route (channel=${channel ?? "-"} to=${to ?? "-"})`);
+            }
+            if (wantsReceipt && deliveryChannel && deliveryTo) {
+                void sendReceiptAck({
+                    cfg,
+                    deps: ctx.deps,
+                    sessionKey: canonicalKey,
+                    channel: deliveryChannel,
+                    to: deliveryTo,
+                    text: receiptText,
+                }).catch((err) => {
+                    ctx.logGateway.warn(`agent receipt failed node=${nodeId}: ${formatForLog(err)}`);
                 });
             }
+            else if (wantsReceipt) {
+                ctx.logGateway.warn(`agent receipt skipped node=${nodeId}: missing delivery route (channel=${deliveryChannel ?? "-"} to=${deliveryTo ?? "-"})`);
+            }
             void agentCommand({
                 message,
+                images,
                 sessionId,
-                sessionKey,
+                sessionKey: canonicalKey,
                 thinking: link?.thinking ?? undefined,
                 deliver,
-                to,
-                channel,
+                to: deliveryTo,
+                channel: deliveryChannel,
                 timeout: typeof link?.timeoutSeconds === "number" ? link.timeoutSeconds.toString() : undefined,
                 messageChannel: "node",
             }, defaultRuntime, ctx.deps).catch((err) => {
@@ -122,44 +334,33 @@ export const handleNodeEvent = async (ctx, nodeId, evt) => {
             return;
         }
         case "chat.subscribe": {
-            if (!evt.payloadJSON)
+            if (!evt.payloadJSON) {
                 return;
-            let payload;
-            try {
-                payload = JSON.parse(evt.payloadJSON);
             }
-            catch {
+            const sessionKey = parseSessionKeyFromPayloadJSON(evt.payloadJSON);
+            if (!sessionKey) {
                 return;
             }
-            const obj = typeof payload === "object" && payload !== null ? payload : {};
-            const sessionKey = typeof obj.sessionKey === "string" ? obj.sessionKey.trim() : "";
-            if (!sessionKey)
-                return;
             ctx.nodeSubscribe(nodeId, sessionKey);
             return;
         }
         case "chat.unsubscribe": {
-            if (!evt.payloadJSON)
+            if (!evt.payloadJSON) {
                 return;
-            let payload;
-            try {
-                payload = JSON.parse(evt.payloadJSON);
             }
-            catch {
+            const sessionKey = parseSessionKeyFromPayloadJSON(evt.payloadJSON);
+            if (!sessionKey) {
                 return;
             }
-            const obj = typeof payload === "object" && payload !== null ? payload : {};
-            const sessionKey = typeof obj.sessionKey === "string" ? obj.sessionKey.trim() : "";
-            if (!sessionKey)
-                return;
             ctx.nodeUnsubscribe(nodeId, sessionKey);
             return;
         }
         case "exec.started":
         case "exec.finished":
         case "exec.denied": {
-            if (!evt.payloadJSON)
+            if (!evt.payloadJSON) {
                 return;
+            }
             let payload;
             try {
                 payload = JSON.parse(evt.payloadJSON);
@@ -169,8 +370,9 @@ export const handleNodeEvent = async (ctx, nodeId, evt) => {
             }
             const obj = typeof payload === "object" && payload !== null ? payload : {};
             const sessionKey = typeof obj.sessionKey === "string" ? obj.sessionKey.trim() : `node-${nodeId}`;
-            if (!sessionKey)
+            if (!sessionKey) {
                 return;
+            }
             const runId = typeof obj.runId === "string" ? obj.runId.trim() : "";
             const command = typeof obj.command === "string" ? obj.command.trim() : "";
             const exitCode = typeof obj.exitCode === "number" && Number.isFinite(obj.exitCode)
@@ -182,19 +384,27 @@ export const handleNodeEvent = async (ctx, nodeId, evt) => {
             let text = "";
             if (evt.event === "exec.started") {
                 text = `Exec started (node=${nodeId}${runId ? ` id=${runId}` : ""})`;
-                if (command)
+                if (command) {
                     text += `: ${command}`;
+                }
             }
             else if (evt.event === "exec.finished") {
                 const exitLabel = timedOut ? "timeout" : `code ${exitCode ?? "?"}`;
+                const compactOutput = compactExecEventOutput(output);
+                const shouldNotify = timedOut || exitCode !== 0 || compactOutput.length > 0;
+                if (!shouldNotify) {
+                    return;
+                }
                 text = `Exec finished (node=${nodeId}${runId ? ` id=${runId}` : ""}, ${exitLabel})`;
-                if (output)
-                    text += `\n${output}`;
+                if (compactOutput) {
+                    text += `\n${compactOutput}`;
+                }
             }
             else {
                 text = `Exec denied (node=${nodeId}${runId ? ` id=${runId}` : ""}${reason ? `, ${reason}` : ""})`;
-                if (command)
+                if (command) {
                     text += `: ${command}`;
+                }
             }
             enqueueSystemEvent(text, { sessionKey, contextKey: runId ? `exec:${runId}` : "exec" });
             requestHeartbeatNow({ reason: "exec-event" });