@poolzin/pool-bot 2026.2.21 → 2026.2.23

package/dist/agents/tool-security.js

@@ -1,96 +0,0 @@
-/**
- * Tool Security - Tool Gating and Access Control
- *
- * Based on OpenClaw 2026.2.4 security fixes:
- * - Gate sensitive tools to owner senders only
- * - Prevent tool hijacking by non-owners
- *
- * @version 2026.1.30
- */
-/**
- * List of sensitive tools that require owner permissions
- */
-export const SENSITIVE_TOOLS = [
-    // WhatsApp
-    "whatsapp_login",
-    // Gateway management
-    "gateway",
-    "gateway:restart",
-    "gateway:update",
-    // Config management
-    "gateway:config:apply",
-    "gateway:config:patch",
-    // Cron management
-    "cron:add",
-    "cron:remove",
-    "cron:update",
-    // Session management
-    "sessions_spawn", // Pode criar sub-agentes
-];
-/**
- * Check if a tool is sensitive (requires owner permission)
- */
-export function isSensitiveTool(toolName) {
-    const normalized = toolName.trim().toLowerCase();
-    return SENSITIVE_TOOLS.some((tool) => {
-        const normalizedTool = tool.toLowerCase();
-        // Exact match ou prefix match (ex: "gateway" match "gateway:restart")
-        return normalized === normalizedTool || normalized.startsWith(`${normalizedTool}:`);
-    });
-}
-/**
- * Check if a sender is an owner
- *
- * Owners are configured in poolbot.json:
- * {
- *   "security": {
- *     "owners": ["+554498569337", "5140768830"]
- *   }
- * }
- */
-export function isOwner(sender, owners = []) {
-    if (!sender)
-        return false;
-    const normalizedSender = sender.trim();
-    if (!normalizedSender)
-        return false;
-    // Check if sender is in owners list
-    return owners.some((owner) => {
-        const normalizedOwner = owner.trim();
-        return normalizedOwner === normalizedSender;
-    });
-}
-/**
- * Check if a user can use a tool
- *
- * @param toolName - Tool name (ex: "whatsapp_login")
- * @param sender - Sender identifier (phone number, user ID, etc.)
- * @param owners - List of owner identifiers
- * @returns true if user can use the tool, false otherwise
- */
-export function canUseTool(toolName, sender, owners = []) {
-    // Non-sensitive tools são permitidas para todos
-    if (!isSensitiveTool(toolName)) {
-        return true;
-    }
-    // Sensitive tools requerem owner permission
-    return isOwner(sender, owners);
-}
-/**
- * Error message for denied tool access
- */
-export function toolAccessDeniedMessage(toolName) {
-    return (`Tool "${toolName}" is restricted to owners only. ` +
-        `This tool requires owner permissions for security reasons. ` +
-        `Contact the bot owner for access.`);
-}
-/**
- * Validate tool access and throw if denied
- *
- * @throws Error if access is denied
- */
-export function validateToolAccess(toolName, sender, owners = []) {
-    if (!canUseTool(toolName, sender, owners)) {
-        throw new Error(toolAccessDeniedMessage(toolName));
-    }
-}

package/dist/gateway/url-validation.js

@@ -1,94 +0,0 @@
-/**
- * Gateway URL Override Security
- * Prevents credential leakage via gateway URL redirects
- *
- * Based on OpenClaw 2026.2.4 security fix:
- * - Require explicit credentials for gateway URL overrides
- *
- * @version 2026.1.30
- */
-/**
- * Default gateway URLs (considered safe)
- */
-export const DEFAULT_GATEWAY_URLS = [
-    "http://127.0.0.1:18789",
-    "http://localhost:18789",
-    "http://[::1]:18789",
-];
-/**
- * Minimum token length for security
- */
-export const MIN_TOKEN_LENGTH = 32;
-/**
- * Check if URL is a default/safe gateway URL
- */
-export function isDefaultGatewayUrl(url) {
-    if (!url)
-        return true; // No URL means use default
-    const normalized = url.trim().toLowerCase();
-    return DEFAULT_GATEWAY_URLS.some((defaultUrl) => normalized === defaultUrl.toLowerCase());
-}
-/**
- * Validate gateway URL override security
- *
- * @param config - Gateway configuration
- * @throws Error if security requirements are not met
- *
- * @example
- * ```typescript
- * // Safe: Using default URL
- * validateGatewayUrlSecurity({ url: "http://localhost:18789" });
- *
- * // Safe: Custom URL with explicit token
- * validateGatewayUrlSecurity({
- *   url: "http://custom.gateway.com",
- *   token: "very-long-secure-token-32chars+",
- *   requireExplicitToken: true
- * });
- *
- * // Unsafe: Custom URL without explicit flag
- * validateGatewayUrlSecurity({
- *   url: "http://malicious.com",
- *   token: "token"
- * });
- * // Throws: "Gateway URL override requires explicit token flag"
- * ```
- */
-export function validateGatewayUrlSecurity(config) {
-    // If URL is default/safe, no additional validation needed
-    if (isDefaultGatewayUrl(config.url)) {
-        return;
-    }
-    // Custom URL detected - require explicit confirmation
-    if (!config.requireExplicitToken) {
-        throw new Error("Gateway URL override requires explicit token flag. " +
-            "Set 'requireExplicitToken: true' in your gateway config to confirm " +
-            "you want to use a custom gateway URL. This prevents accidental " +
-            "credential leakage to untrusted gateways.");
-    }
-    // Require token when using custom URL
-    if (!config.token) {
-        throw new Error("Gateway URL override requires a token. " +
-            "Provide a secure token when using a custom gateway URL.");
-    }
-    // Require strong token (32+ characters)
-    if (config.token.length < MIN_TOKEN_LENGTH) {
-        throw new Error(`Gateway URL override requires a strong token (${MIN_TOKEN_LENGTH}+ characters). ` +
-            `Current token length: ${config.token.length} characters.`);
-    }
-}
-/**
- * Check if gateway config is safe without throwing
- *
- * @param config - Gateway configuration
- * @returns true if config is safe, false otherwise
- */
-export function isGatewayConfigSafe(config) {
-    try {
-        validateGatewayUrlSecurity(config);
-        return true;
-    }
-    catch {
-        return false;
-    }
-}

package/dist/infra/openclaw-root.js

@@ -1,109 +0,0 @@
-import fsSync from "node:fs";
-import fs from "node:fs/promises";
-import path from "node:path";
-import { fileURLToPath } from "node:url";
-const CORE_PACKAGE_NAMES = new Set(["poolbot"]);
-async function readPackageName(dir) {
-    try {
-        const raw = await fs.readFile(path.join(dir, "package.json"), "utf-8");
-        const parsed = JSON.parse(raw);
-        return typeof parsed.name === "string" ? parsed.name : null;
-    }
-    catch {
-        return null;
-    }
-}
-function readPackageNameSync(dir) {
-    try {
-        const raw = fsSync.readFileSync(path.join(dir, "package.json"), "utf-8");
-        const parsed = JSON.parse(raw);
-        return typeof parsed.name === "string" ? parsed.name : null;
-    }
-    catch {
-        return null;
-    }
-}
-async function findPackageRoot(startDir, maxDepth = 12) {
-    let current = path.resolve(startDir);
-    for (let i = 0; i < maxDepth; i += 1) {
-        const name = await readPackageName(current);
-        if (name && CORE_PACKAGE_NAMES.has(name)) {
-            return current;
-        }
-        const parent = path.dirname(current);
-        if (parent === current) {
-            break;
-        }
-        current = parent;
-    }
-    return null;
-}
-function findPackageRootSync(startDir, maxDepth = 12) {
-    let current = path.resolve(startDir);
-    for (let i = 0; i < maxDepth; i += 1) {
-        const name = readPackageNameSync(current);
-        if (name && CORE_PACKAGE_NAMES.has(name)) {
-            return current;
-        }
-        const parent = path.dirname(current);
-        if (parent === current) {
-            break;
-        }
-        current = parent;
-    }
-    return null;
-}
-function candidateDirsFromArgv1(argv1) {
-    const normalized = path.resolve(argv1);
-    const candidates = [path.dirname(normalized)];
-    // Resolve symlinks for version managers (nvm, fnm, n, Homebrew/Linuxbrew)
-    // that create symlinks in bin/ pointing to the real package location.
-    try {
-        const resolved = fsSync.realpathSync(normalized);
-        if (resolved !== normalized) {
-            candidates.push(path.dirname(resolved));
-        }
-    }
-    catch {
-        // realpathSync throws if path doesn't exist; keep original candidates
-    }
-    const parts = normalized.split(path.sep);
-    const binIndex = parts.lastIndexOf(".bin");
-    if (binIndex > 0 && parts[binIndex - 1] === "node_modules") {
-        const binName = path.basename(normalized);
-        const nodeModulesDir = parts.slice(0, binIndex).join(path.sep);
-        candidates.push(path.join(nodeModulesDir, binName));
-    }
-    return candidates;
-}
-export async function resolveOpenClawPackageRoot(opts) {
-    for (const candidate of buildCandidates(opts)) {
-        const found = await findPackageRoot(candidate);
-        if (found) {
-            return found;
-        }
-    }
-    return null;
-}
-export function resolveOpenClawPackageRootSync(opts) {
-    for (const candidate of buildCandidates(opts)) {
-        const found = findPackageRootSync(candidate);
-        if (found) {
-            return found;
-        }
-    }
-    return null;
-}
-function buildCandidates(opts) {
-    const candidates = [];
-    if (opts.moduleUrl) {
-        candidates.push(path.dirname(fileURLToPath(opts.moduleUrl)));
-    }
-    if (opts.argv1) {
-        candidates.push(...candidateDirsFromArgv1(opts.argv1));
-    }
-    if (opts.cwd) {
-        candidates.push(opts.cwd);
-    }
-    return candidates;
-}

package/dist/infra/tmp-openclaw-dir.js

@@ -1,81 +0,0 @@
-import fs from "node:fs";
-import os from "node:os";
-import path from "node:path";
-export const POSIX_POOLBOT_TMP_DIR = "/tmp/openclaw";
-function isNodeErrorWithCode(err, code) {
-    return (typeof err === "object" &&
-        err !== null &&
-        "code" in err &&
-        err.code === code);
-}
-export function resolvePreferredOpenClawTmpDir(options = {}) {
-    const accessSync = options.accessSync ?? fs.accessSync;
-    const lstatSync = options.lstatSync ?? fs.lstatSync;
-    const mkdirSync = options.mkdirSync ?? fs.mkdirSync;
-    const getuid = options.getuid ??
-        (() => {
-            try {
-                return typeof process.getuid === "function" ? process.getuid() : undefined;
-            }
-            catch {
-                return undefined;
-            }
-        });
-    const tmpdir = options.tmpdir ?? os.tmpdir;
-    const uid = getuid();
-    const isSecureDirForUser = (st) => {
-        if (uid === undefined) {
-            return true;
-        }
-        if (typeof st.uid === "number" && st.uid !== uid) {
-            return false;
-        }
-        // Avoid group/other writable dirs when running on multi-user hosts.
-        if (typeof st.mode === "number" && (st.mode & 0o022) !== 0) {
-            return false;
-        }
-        return true;
-    };
-    const fallback = () => {
-        const base = tmpdir();
-        const suffix = uid === undefined ? "poolbot" : `openclaw-${uid}`;
-        return path.join(base, suffix);
-    };
-    try {
-        const preferred = lstatSync(POSIX_POOLBOT_TMP_DIR);
-        if (!preferred.isDirectory() || preferred.isSymbolicLink()) {
-            return fallback();
-        }
-        accessSync(POSIX_POOLBOT_TMP_DIR, fs.constants.W_OK | fs.constants.X_OK);
-        if (!isSecureDirForUser(preferred)) {
-            return fallback();
-        }
-        return POSIX_POOLBOT_TMP_DIR;
-    }
-    catch (err) {
-        if (!isNodeErrorWithCode(err, "ENOENT")) {
-            return fallback();
-        }
-    }
-    try {
-        accessSync("/tmp", fs.constants.W_OK | fs.constants.X_OK);
-        // Create with a safe default; subsequent callers expect it exists.
-        mkdirSync(POSIX_POOLBOT_TMP_DIR, { recursive: true, mode: 0o700 });
-        try {
-            const preferred = lstatSync(POSIX_POOLBOT_TMP_DIR);
-            if (!preferred.isDirectory() || preferred.isSymbolicLink()) {
-                return fallback();
-            }
-            if (!isSecureDirForUser(preferred)) {
-                return fallback();
-            }
-        }
-        catch {
-            return fallback();
-        }
-        return POSIX_POOLBOT_TMP_DIR;
-    }
-    catch {
-        return fallback();
-    }
-}

package/dist/media/path-sanitization.js

@@ -1,78 +0,0 @@
-/**
- * Media Path Sanitization
- * Prevents path traversal attacks in media attachments
- *
- * Based on OpenClaw 2026.2.4 security fix:
- * - Enforce sandboxed media paths for message tool attachments
- *
- * @version 2026.1.30
- */
-import path from "node:path";
-import fs from "node:fs";
-/**
- * Sanitize media path to prevent path traversal
- *
- * @param inputPath - User-provided path (may contain ../ or absolute paths)
- * @param baseDir - Base directory for media files (sandbox root)
- * @returns Sanitized absolute path within baseDir
- * @throws Error if path is outside baseDir or file doesn't exist
- *
- * @example
- * ```typescript
- * // Safe usage:
- * const safe = sanitizeMediaPath("photo.jpg", "/root/.poolbot/media/");
- * // Returns: "/root/.poolbot/media/photo.jpg"
- *
- * // Blocked (path traversal):
- * sanitizeMediaPath("../../etc/passwd", "/root/.poolbot/media/");
- * // Throws: "Path traversal detected"
- * ```
- */
-export function sanitizeMediaPath(inputPath, baseDir) {
-    // 1. Normalize base directory (ensure trailing slash)
-    const normalizedBase = path.resolve(baseDir);
-    // 2. Resolve absolute path (follows ../ and resolves relative paths)
-    const resolved = path.resolve(normalizedBase, inputPath);
-    // 3. Security check: must be within baseDir
-    if (!resolved.startsWith(normalizedBase + path.sep) && resolved !== normalizedBase) {
-        throw new Error(`Path traversal detected: "${inputPath}" resolves to "${resolved}" ` +
-            `which is outside the allowed directory "${normalizedBase}"`);
-    }
-    // 4. Check if file exists
-    if (!fs.existsSync(resolved)) {
-        throw new Error(`File not found: ${inputPath}`);
-    }
-    // 5. Check if it's a file (not directory)
-    const stats = fs.statSync(resolved);
-    if (!stats.isFile()) {
-        throw new Error(`Path is not a file: ${inputPath}`);
-    }
-    return resolved;
-}
-/**
- * Sanitize multiple media paths
- *
- * @param inputPaths - Array of user-provided paths
- * @param baseDir - Base directory for media files
- * @returns Array of sanitized paths
- * @throws Error if any path is invalid
- */
-export function sanitizeMediaPaths(inputPaths, baseDir) {
-    return inputPaths.map((p) => sanitizeMediaPath(p, baseDir));
-}
-/**
- * Check if path is safe without throwing
- *
- * @param inputPath - User-provided path
- * @param baseDir - Base directory
- * @returns true if path is safe, false otherwise
- */
-export function isMediaPathSafe(inputPath, baseDir) {
-    try {
-        sanitizeMediaPath(inputPath, baseDir);
-        return true;
-    }
-    catch {
-        return false;
-    }
-}