@poolzin/pool-bot 2026.2.21 → 2026.2.23

package/dist/agents/sandbox/registry.js

@@ -1,71 +1,121 @@
+import crypto from "node:crypto";
 import fs from "node:fs/promises";
+import path from "node:path";
+import { acquireSessionWriteLock } from "../session-write-lock.js";
 import { SANDBOX_BROWSER_REGISTRY_PATH, SANDBOX_REGISTRY_PATH, SANDBOX_STATE_DIR, } from "./constants.js";
-export async function readRegistry() {
+function isRecord(value) {
+    return Boolean(value) && typeof value === "object";
+}
+function isRegistryEntry(value) {
+    return isRecord(value) && typeof value.containerName === "string";
+}
+function isRegistryFile(value) {
+    if (!isRecord(value)) {
+        return false;
+    }
+    const maybeEntries = value.entries;
+    return Array.isArray(maybeEntries) && maybeEntries.every(isRegistryEntry);
+}
+async function withRegistryLock(registryPath, fn) {
+    const lock = await acquireSessionWriteLock({ sessionFile: registryPath, allowReentrant: false });
+    try {
+        return await fn();
+    }
+    finally {
+        await lock.release();
+    }
+}
+async function readRegistryFromFile(registryPath, mode) {
     try {
-        const raw = await fs.readFile(SANDBOX_REGISTRY_PATH, "utf-8");
+        const raw = await fs.readFile(registryPath, "utf-8");
         const parsed = JSON.parse(raw);
-        if (parsed && Array.isArray(parsed.entries))
+        if (isRegistryFile(parsed)) {
             return parsed;
+        }
+        if (mode === "fallback") {
+            return { entries: [] };
+        }
+        throw new Error(`Invalid sandbox registry format: ${registryPath}`);
     }
-    catch {
-        // ignore
+    catch (error) {
+        const code = error?.code;
+        if (code === "ENOENT") {
+            return { entries: [] };
+        }
+        if (mode === "fallback") {
+            return { entries: [] };
+        }
+        if (error instanceof Error) {
+            throw error;
+        }
+        throw new Error(`Failed to read sandbox registry file: ${registryPath}`, { cause: error });
     }
-    return { entries: [] };
 }
-async function writeRegistry(registry) {
+async function writeRegistryFile(registryPath, registry) {
     await fs.mkdir(SANDBOX_STATE_DIR, { recursive: true });
-    await fs.writeFile(SANDBOX_REGISTRY_PATH, `${JSON.stringify(registry, null, 2)}\n`, "utf-8");
+    const payload = `${JSON.stringify(registry, null, 2)}\n`;
+    const registryDir = path.dirname(registryPath);
+    const tempPath = path.join(registryDir, `${path.basename(registryPath)}.${crypto.randomUUID()}.tmp`);
+    await fs.writeFile(tempPath, payload, "utf-8");
+    try {
+        await fs.rename(tempPath, registryPath);
+    }
+    catch (error) {
+        await fs.rm(tempPath, { force: true });
+        throw error;
+    }
 }
-export async function updateRegistry(entry) {
-    const registry = await readRegistry();
-    const existing = registry.entries.find((item) => item.containerName === entry.containerName);
-    const next = registry.entries.filter((item) => item.containerName !== entry.containerName);
+export async function readRegistry() {
+    return await readRegistryFromFile(SANDBOX_REGISTRY_PATH, "fallback");
+}
+function upsertEntry(entries, entry) {
+    const existing = entries.find((item) => item.containerName === entry.containerName);
+    const next = entries.filter((item) => item.containerName !== entry.containerName);
     next.push({
         ...entry,
         createdAtMs: existing?.createdAtMs ?? entry.createdAtMs,
         image: existing?.image ?? entry.image,
         configHash: entry.configHash ?? existing?.configHash,
     });
-    await writeRegistry({ entries: next });
+    return next;
+}
+function removeEntry(entries, containerName) {
+    return entries.filter((entry) => entry.containerName !== containerName);
+}
+async function withRegistryMutation(registryPath, mutate) {
+    await withRegistryLock(registryPath, async () => {
+        const registry = await readRegistryFromFile(registryPath, "strict");
+        const next = mutate(registry.entries);
+        if (next === null) {
+            return;
+        }
+        await writeRegistryFile(registryPath, { entries: next });
+    });
+}
+export async function updateRegistry(entry) {
+    await withRegistryMutation(SANDBOX_REGISTRY_PATH, (entries) => upsertEntry(entries, entry));
 }
 export async function removeRegistryEntry(containerName) {
-    const registry = await readRegistry();
-    const next = registry.entries.filter((item) => item.containerName !== containerName);
-    if (next.length === registry.entries.length)
-        return;
-    await writeRegistry({ entries: next });
+    await withRegistryMutation(SANDBOX_REGISTRY_PATH, (entries) => {
+        const next = removeEntry(entries, containerName);
+        if (next.length === entries.length) {
+            return null;
+        }
+        return next;
+    });
 }
 export async function readBrowserRegistry() {
-    try {
-        const raw = await fs.readFile(SANDBOX_BROWSER_REGISTRY_PATH, "utf-8");
-        const parsed = JSON.parse(raw);
-        if (parsed && Array.isArray(parsed.entries))
-            return parsed;
-    }
-    catch {
-        // ignore
-    }
-    return { entries: [] };
-}
-async function writeBrowserRegistry(registry) {
-    await fs.mkdir(SANDBOX_STATE_DIR, { recursive: true });
-    await fs.writeFile(SANDBOX_BROWSER_REGISTRY_PATH, `${JSON.stringify(registry, null, 2)}\n`, "utf-8");
+    return await readRegistryFromFile(SANDBOX_BROWSER_REGISTRY_PATH, "fallback");
 }
 export async function updateBrowserRegistry(entry) {
-    const registry = await readBrowserRegistry();
-    const existing = registry.entries.find((item) => item.containerName === entry.containerName);
-    const next = registry.entries.filter((item) => item.containerName !== entry.containerName);
-    next.push({
-        ...entry,
-        createdAtMs: existing?.createdAtMs ?? entry.createdAtMs,
-        image: existing?.image ?? entry.image,
-    });
-    await writeBrowserRegistry({ entries: next });
+    await withRegistryMutation(SANDBOX_BROWSER_REGISTRY_PATH, (entries) => upsertEntry(entries, entry));
 }
 export async function removeBrowserRegistryEntry(containerName) {
-    const registry = await readBrowserRegistry();
-    const next = registry.entries.filter((item) => item.containerName !== containerName);
-    if (next.length === registry.entries.length)
-        return;
-    await writeBrowserRegistry({ entries: next });
+    await withRegistryMutation(SANDBOX_BROWSER_REGISTRY_PATH, (entries) => {
+        const next = removeEntry(entries, containerName);
+        if (next.length === entries.length) {
+            return null;
+        }
+        return next;
+    });
 }

package/dist/agents/sandbox/sanitize-env-vars.js

@@ -0,0 +1,82 @@
+const BLOCKED_ENV_VAR_PATTERNS = [
+    /^ANTHROPIC_API_KEY$/i,
+    /^OPENAI_API_KEY$/i,
+    /^GEMINI_API_KEY$/i,
+    /^OPENROUTER_API_KEY$/i,
+    /^MINIMAX_API_KEY$/i,
+    /^ELEVENLABS_API_KEY$/i,
+    /^SYNTHETIC_API_KEY$/i,
+    /^TELEGRAM_BOT_TOKEN$/i,
+    /^DISCORD_BOT_TOKEN$/i,
+    /^SLACK_(BOT|APP)_TOKEN$/i,
+    /^LINE_CHANNEL_SECRET$/i,
+    /^LINE_CHANNEL_ACCESS_TOKEN$/i,
+    /^POOLBOT_GATEWAY_(TOKEN|PASSWORD)$/i,
+    /^AWS_(SECRET_ACCESS_KEY|SECRET_KEY|SESSION_TOKEN)$/i,
+    /^(GH|GITHUB)_TOKEN$/i,
+    /^(AZURE|AZURE_OPENAI|COHERE|AI_GATEWAY|OPENROUTER)_API_KEY$/i,
+    /_?(API_KEY|TOKEN|PASSWORD|PRIVATE_KEY|SECRET)$/i,
+];
+const ALLOWED_ENV_VAR_PATTERNS = [
+    /^LANG$/,
+    /^LC_.*$/i,
+    /^PATH$/i,
+    /^HOME$/i,
+    /^USER$/i,
+    /^SHELL$/i,
+    /^TERM$/i,
+    /^TZ$/i,
+    /^NODE_ENV$/i,
+];
+function validateEnvVarValue(value) {
+    if (value.includes("\0")) {
+        return "Contains null bytes";
+    }
+    if (value.length > 32768) {
+        return "Value exceeds maximum length";
+    }
+    if (/^[A-Za-z0-9+/=]{80,}$/.test(value)) {
+        return "Value looks like base64-encoded credential data";
+    }
+    return undefined;
+}
+function matchesAnyPattern(value, patterns) {
+    return patterns.some((pattern) => pattern.test(value));
+}
+export function sanitizeEnvVars(envVars, options = {}) {
+    const allowed = {};
+    const blocked = [];
+    const warnings = [];
+    const blockedPatterns = [...BLOCKED_ENV_VAR_PATTERNS, ...(options.customBlockedPatterns ?? [])];
+    const allowedPatterns = [...ALLOWED_ENV_VAR_PATTERNS, ...(options.customAllowedPatterns ?? [])];
+    for (const [rawKey, value] of Object.entries(envVars)) {
+        const key = rawKey.trim();
+        if (!key) {
+            continue;
+        }
+        if (matchesAnyPattern(key, blockedPatterns)) {
+            blocked.push(key);
+            continue;
+        }
+        if (options.strictMode && !matchesAnyPattern(key, allowedPatterns)) {
+            blocked.push(key);
+            continue;
+        }
+        const warning = validateEnvVarValue(value);
+        if (warning) {
+            if (warning === "Contains null bytes") {
+                blocked.push(key);
+                continue;
+            }
+            warnings.push(`${key}: ${warning}`);
+        }
+        allowed[key] = value;
+    }
+    return { allowed, blocked, warnings };
+}
+export function getBlockedPatterns() {
+    return BLOCKED_ENV_VAR_PATTERNS.map((pattern) => pattern.source);
+}
+export function getAllowedPatterns() {
+    return ALLOWED_ENV_VAR_PATTERNS.map((pattern) => pattern.source);
+}

package/dist/agents/sandbox-paths.js

@@ -2,9 +2,9 @@ import fs from "node:fs/promises";
 import os from "node:os";
 import path from "node:path";
 import { fileURLToPath } from "node:url";
+const UNICODE_SPACES = /[\u00A0\u2000-\u200A\u202F\u205F\u3000]/g;
 const HTTP_URL_RE = /^https?:\/\//i;
 const DATA_URL_RE = /^data:/i;
-const UNICODE_SPACES = /[\u00A0\u2000-\u200A\u202F\u205F\u3000]/g;
 function normalizeUnicodeSpaces(str) {
     return str.replace(UNICODE_SPACES, " ");
 }
@@ -20,15 +20,16 @@ function expandPath(filePath) {
 }
 function resolveToCwd(filePath, cwd) {
     const expanded = expandPath(filePath);
-    if (path.isAbsolute(expanded))
+    if (path.isAbsolute(expanded)) {
         return expanded;
+    }
     return path.resolve(cwd, expanded);
 }
 export function resolveSandboxInputPath(filePath, cwd) {
     return resolveToCwd(filePath, cwd);
 }
 export function resolveSandboxPath(params) {
-    const resolved = resolveToCwd(params.filePath, params.cwd);
+    const resolved = resolveSandboxInputPath(params.filePath, params.cwd);
     const rootResolved = path.resolve(params.root);
     const relative = path.relative(rootResolved, resolved);
     if (!relative || relative === "") {
@@ -41,7 +42,9 @@ export function resolveSandboxPath(params) {
 }
 export async function assertSandboxPath(params) {
     const resolved = resolveSandboxPath(params);
-    await assertNoSymlink(resolved.relative, path.resolve(params.root));
+    await assertNoSymlinkEscape(resolved.relative, path.resolve(params.root), {
+        allowFinalSymlink: params.allowFinalSymlink,
+    });
     return resolved;
 }
 export function assertMediaNotDataUrl(media) {
@@ -52,10 +55,12 @@ export function assertMediaNotDataUrl(media) {
 }
 export async function resolveSandboxedMediaSource(params) {
     const raw = params.media.trim();
-    if (!raw)
+    if (!raw) {
         return raw;
-    if (HTTP_URL_RE.test(raw))
+    }
+    if (HTTP_URL_RE.test(raw)) {
         return raw;
+    }
     let candidate = raw;
     if (/^file:\/\//i.test(candidate)) {
         try {
@@ -72,17 +77,30 @@ export async function resolveSandboxedMediaSource(params) {
     });
     return resolved.resolved;
 }
-async function assertNoSymlink(relative, root) {
-    if (!relative)
+async function assertNoSymlinkEscape(relative, root, options) {
+    if (!relative) {
         return;
+    }
+    const rootReal = await tryRealpath(root);
     const parts = relative.split(path.sep).filter(Boolean);
     let current = root;
-    for (const part of parts) {
+    for (let idx = 0; idx < parts.length; idx += 1) {
+        const part = parts[idx];
+        const isLast = idx === parts.length - 1;
         current = path.join(current, part);
         try {
             const stat = await fs.lstat(current);
             if (stat.isSymbolicLink()) {
-                throw new Error(`Symlink not allowed in sandbox path: ${current}`);
+                // Unlinking a symlink itself is safe even if it points outside the root. What we
+                // must prevent is traversing through a symlink to reach targets outside root.
+                if (options?.allowFinalSymlink && isLast) {
+                    return;
+                }
+                const target = await tryRealpath(current);
+                if (!isPathInside(rootReal, target)) {
+                    throw new Error(`Symlink escapes sandbox root (${shortPath(rootReal)}): ${shortPath(current)}`);
+                }
+                current = target;
             }
         }
         catch (err) {
@@ -94,6 +112,21 @@ async function assertNoSymlink(relative, root) {
         }
     }
 }
+async function tryRealpath(value) {
+    try {
+        return await fs.realpath(value);
+    }
+    catch {
+        return path.resolve(value);
+    }
+}
+function isPathInside(root, target) {
+    const relative = path.relative(root, target);
+    if (!relative || relative === "") {
+        return true;
+    }
+    return !(relative.startsWith("..") || path.isAbsolute(relative));
+}
 function shortPath(value) {
     if (value.startsWith(os.homedir())) {
         return `~${value.slice(os.homedir().length)}`;

package/dist/agents/session-tool-result-guard-wrapper.js

@@ -1,4 +1,5 @@
 import { getGlobalHookRunner } from "../plugins/hook-runner-global.js";
+import { applyInputProvenanceToUserMessage, } from "../sessions/input-provenance.js";
 import { installSessionToolResultGuard } from "./session-tool-result-guard.js";
 /**
  * Apply the tool-result guard to a SessionManager exactly once and expose
@@ -9,25 +10,36 @@ export function guardSessionManager(sessionManager, opts) {
         return sessionManager;
     }
     const hookRunner = getGlobalHookRunner();
-    const transform = hookRunner?.hasHooks("tool_result_persist")
-        ? (message, meta) => {
-            const out = hookRunner.runToolResultPersist({
-                toolName: meta.toolName,
-                toolCallId: meta.toolCallId,
-                message,
-                isSynthetic: meta.isSynthetic,
-            }, {
+    const beforeMessageWrite = hookRunner?.hasHooks("before_message_write")
+        ? (event) => {
+            return hookRunner.runBeforeMessageWrite(event, {
                 agentId: opts?.agentId,
                 sessionKey: opts?.sessionKey,
-                toolName: meta.toolName,
-                toolCallId: meta.toolCallId,
             });
-            return out?.message ?? message;
         }
         : undefined;
+    const transform = hookRunner?.hasHooks("tool_result_persist")
+        ? // oxlint-disable-next-line typescript/no-explicit-any
+            (message, meta) => {
+                const out = hookRunner.runToolResultPersist({
+                    toolName: meta.toolName,
+                    toolCallId: meta.toolCallId,
+                    message,
+                    isSynthetic: meta.isSynthetic,
+                }, {
+                    agentId: opts?.agentId,
+                    sessionKey: opts?.sessionKey,
+                    toolName: meta.toolName,
+                    toolCallId: meta.toolCallId,
+                });
+                return out?.message ?? message;
+            }
+        : undefined;
     const guard = installSessionToolResultGuard(sessionManager, {
+        transformMessageForPersistence: (message) => applyInputProvenanceToUserMessage(message, opts?.inputProvenance),
         transformToolResultForPersistence: transform,
         allowSyntheticToolResults: opts?.allowSyntheticToolResults,
+        beforeMessageWriteHook: beforeMessageWrite,
     });
     sessionManager.flushPendingToolResults = guard.flushPendingToolResults;
     return sessionManager;

package/dist/agents/session-tool-result-guard.js

@@ -1,6 +1,7 @@
 import { emitSessionTranscriptUpdate } from "../sessions/transcript-events.js";
 import { HARD_MAX_TOOL_RESULT_CHARS } from "./pi-embedded-runner/tool-result-truncation.js";
 import { makeMissingToolResult, sanitizeToolCallInputs } from "./session-transcript-repair.js";
+import { extractToolCallsFromAssistant, extractToolResultId } from "./tool-call-id.js";
 const GUARD_TRUNCATION_SUFFIX = "\n\n⚠️ [Content truncated during persistence — original exceeded size limit. " +
     "Use offset/limit parameters or request specific sections for large content.]";
 /**
@@ -57,48 +58,36 @@ function capToolResultSize(msg) {
     });
     return { ...msg, content: newContent };
 }
-function extractAssistantToolCalls(msg) {
-    const content = msg.content;
-    if (!Array.isArray(content)) {
-        return [];
-    }
-    const toolCalls = [];
-    for (const block of content) {
-        if (!block || typeof block !== "object") {
-            continue;
-        }
-        const rec = block;
-        if (typeof rec.id !== "string" || !rec.id) {
-            continue;
-        }
-        if (rec.type === "toolCall" || rec.type === "toolUse" || rec.type === "functionCall") {
-            toolCalls.push({
-                id: rec.id,
-                name: typeof rec.name === "string" ? rec.name : undefined,
-            });
-        }
-    }
-    return toolCalls;
-}
-function extractToolResultId(msg) {
-    const toolCallId = msg.toolCallId;
-    if (typeof toolCallId === "string" && toolCallId) {
-        return toolCallId;
-    }
-    const toolUseId = msg.toolUseId;
-    if (typeof toolUseId === "string" && toolUseId) {
-        return toolUseId;
-    }
-    return null;
-}
 export function installSessionToolResultGuard(sessionManager, opts) {
     const originalAppend = sessionManager.appendMessage.bind(sessionManager);
     const pending = new Map();
+    const persistMessage = (message) => {
+        const transformer = opts?.transformMessageForPersistence;
+        return transformer ? transformer(message) : message;
+    };
     const persistToolResult = (message, meta) => {
         const transformer = opts?.transformToolResultForPersistence;
         return transformer ? transformer(message, meta) : message;
     };
     const allowSyntheticToolResults = opts?.allowSyntheticToolResults ?? true;
+    const beforeWrite = opts?.beforeMessageWriteHook;
+    /**
+     * Run the before_message_write hook. Returns the (possibly modified) message,
+     * or null if the message should be blocked.
+     */
+    const applyBeforeWriteHook = (msg) => {
+        if (!beforeWrite) {
+            return msg;
+        }
+        const result = beforeWrite({ message: msg });
+        if (result?.block) {
+            return null;
+        }
+        if (result?.message) {
+            return result.message;
+        }
+        return msg;
+    };
     const flushPendingToolResults = () => {
         if (pending.size === 0) {
             return;
@@ -106,11 +95,14 @@ export function installSessionToolResultGuard(sessionManager, opts) {
         if (allowSyntheticToolResults) {
             for (const [id, name] of pending.entries()) {
                 const synthetic = makeMissingToolResult({ toolCallId: id, toolName: name });
-                originalAppend(persistToolResult(synthetic, {
+                const flushed = applyBeforeWriteHook(persistToolResult(persistMessage(synthetic), {
                     toolCallId: id,
                     toolName: name,
                     isSynthetic: true,
                 }));
+                if (flushed) {
+                    originalAppend(flushed);
+                }
             }
         }
         pending.clear();
@@ -137,15 +129,19 @@ export function installSessionToolResultGuard(sessionManager, opts) {
             }
             // Apply hard size cap before persistence to prevent oversized tool results
             // from consuming the entire context window on subsequent LLM calls.
-            const capped = capToolResultSize(nextMessage);
-            return originalAppend(persistToolResult(capped, {
+            const capped = capToolResultSize(persistMessage(nextMessage));
+            const persisted = applyBeforeWriteHook(persistToolResult(capped, {
                 toolCallId: id ?? undefined,
                 toolName,
                 isSynthetic: false,
             }));
+            if (!persisted) {
+                return undefined;
+            }
+            return originalAppend(persisted);
         }
         const toolCalls = nextRole === "assistant"
-            ? extractAssistantToolCalls(nextMessage)
+            ? extractToolCallsFromAssistant(nextMessage)
             : [];
         if (allowSyntheticToolResults) {
             // If previous tool calls are still pending, flush before non-tool results.
@@ -157,7 +153,11 @@ export function installSessionToolResultGuard(sessionManager, opts) {
                 flushPendingToolResults();
             }
         }
-        const result = originalAppend(nextMessage);
+        const finalMessage = applyBeforeWriteHook(persistMessage(nextMessage));
+        if (!finalMessage) {
+            return undefined;
+        }
+        const result = originalAppend(finalMessage);
         const sessionFile = sessionManager.getSessionFile?.();
         if (sessionFile) {
             emitSessionTranscriptUpdate(sessionFile);

package/dist/agents/session-transcript-repair.js

@@ -1,44 +1,25 @@
-const TOOL_CALL_TYPES = new Set(["toolCall", "toolUse", "functionCall"]);
-function extractToolCallsFromAssistant(msg) {
-    const content = msg.content;
-    if (!Array.isArray(content))
-        return [];
-    const toolCalls = [];
-    for (const block of content) {
-        if (!block || typeof block !== "object")
-            continue;
-        const rec = block;
-        if (typeof rec.id !== "string" || !rec.id)
-            continue;
-        if (rec.type === "toolCall" || rec.type === "toolUse" || rec.type === "functionCall") {
-            toolCalls.push({
-                id: rec.id,
-                name: typeof rec.name === "string" ? rec.name : undefined,
-            });
-        }
-    }
-    return toolCalls;
-}
+import { extractToolCallsFromAssistant, extractToolResultId } from "./tool-call-id.js";
 function isToolCallBlock(block) {
     if (!block || typeof block !== "object") {
         return false;
     }
     const type = block.type;
-    return typeof type === "string" && TOOL_CALL_TYPES.has(type);
+    return (typeof type === "string" &&
+        (type === "toolCall" || type === "toolUse" || type === "functionCall"));
 }
 function hasToolCallInput(block) {
     const hasInput = "input" in block ? block.input !== undefined && block.input !== null : false;
     const hasArguments = "arguments" in block ? block.arguments !== undefined && block.arguments !== null : false;
     return hasInput || hasArguments;
 }
-function extractToolResultId(msg) {
-    const toolCallId = msg.toolCallId;
-    if (typeof toolCallId === "string" && toolCallId)
-        return toolCallId;
-    const toolUseId = msg.toolUseId;
-    if (typeof toolUseId === "string" && toolUseId)
-        return toolUseId;
-    return null;
+function hasNonEmptyStringField(value) {
+    return typeof value === "string" && value.trim().length > 0;
+}
+function hasToolCallId(block) {
+    return hasNonEmptyStringField(block.id);
+}
+function hasToolCallName(block) {
+    return hasNonEmptyStringField(block.name);
 }
 function makeMissingToolResult(params) {
     return {
@@ -56,6 +37,24 @@ function makeMissingToolResult(params) {
     };
 }
 export { makeMissingToolResult };
+export function stripToolResultDetails(messages) {
+    let touched = false;
+    const out = [];
+    for (const msg of messages) {
+        if (!msg || typeof msg !== "object" || msg.role !== "toolResult") {
+            out.push(msg);
+            continue;
+        }
+        if (!("details" in msg)) {
+            out.push(msg);
+            continue;
+        }
+        const { details: _details, ...rest } = msg;
+        touched = true;
+        out.push(rest);
+    }
+    return touched ? out : messages;
+}
 export function repairToolCallInputs(messages) {
     let droppedToolCalls = 0;
     let droppedAssistantMessages = 0;
@@ -73,7 +72,8 @@ export function repairToolCallInputs(messages) {
         const nextContent = [];
         let droppedInMessage = 0;
         for (const block of msg.content) {
-            if (isToolCallBlock(block) && !hasToolCallInput(block)) {
+            if (isToolCallBlock(block) &&
+                (!hasToolCallInput(block) || !hasToolCallId(block) || !hasToolCallName(block))) {
                 droppedToolCalls += 1;
                 droppedInMessage += 1;
                 changed = true;
@@ -125,8 +125,9 @@ export function repairToolUseResultPairing(messages) {
             changed = true;
             return;
         }
-        if (id)
+        if (id) {
             seenToolResultIds.add(id);
+        }
         out.push(msg);
     };
     for (let i = 0; i < messages.length; i += 1) {
@@ -155,6 +156,7 @@ export function repairToolUseResultPairing(messages) {
         // (e.g., partialJson: true) and should not have synthetic tool_results created.
         // Creating synthetic results for incomplete tool calls causes API 400 errors:
         // "unexpected tool_use_id found in tool_result blocks"
+        // See: https://github.com/poolbot/poolbot/issues/4597
         const stopReason = assistant.stopReason;
         if (stopReason === "error" || stopReason === "aborted") {
             out.push(msg);
@@ -176,8 +178,9 @@ export function repairToolUseResultPairing(messages) {
                 continue;
             }
             const nextRole = next.role;
-            if (nextRole === "assistant")
+            if (nextRole === "assistant") {
                 break;
+            }
             if (nextRole === "toolResult") {
                 const toolResult = next;
                 const id = extractToolResultId(toolResult);