@poolzin/pool-bot 2026.2.21 → 2026.2.23

package/dist/gateway/sessions-patch.js

@@ -1,13 +1,13 @@
 import { randomUUID } from "node:crypto";
-import { resolveAllowedModelRef, resolveDefaultModelForAgent } from "../agents/model-selection.js";
 import { resolveDefaultAgentId } from "../agents/agent-scope.js";
+import { resolveAllowedModelRef, resolveDefaultModelForAgent, resolveSubagentConfiguredModelSelection, } from "../agents/model-selection.js";
 import { normalizeGroupActivation } from "../auto-reply/group-activation.js";
 import { formatThinkingLevels, formatXHighModelHint, normalizeElevatedLevel, normalizeReasoningLevel, normalizeThinkLevel, normalizeUsageDisplay, supportsXHighThinking, } from "../auto-reply/thinking.js";
 import { isSubagentSessionKey, normalizeAgentId, parseAgentSessionKey, } from "../routing/session-key.js";
 import { applyVerboseOverride, parseVerboseOverride } from "../sessions/level-overrides.js";
+import { applyModelOverrideToSessionEntry } from "../sessions/model-overrides.js";
 import { normalizeSendPolicy } from "../sessions/send-policy.js";
 import { parseSessionLabel } from "../sessions/session-label.js";
-import { applyModelOverrideToSessionEntry } from "../sessions/model-overrides.js";
 import { ErrorCodes, errorShape, } from "./protocol/index.js";
 function invalid(message) {
     return { ok: false, error: errorShape(ErrorCodes.INVALID_REQUEST, message) };
@@ -39,6 +39,9 @@ export async function applySessionsPatchToStore(params) {
     const parsedAgent = parseAgentSessionKey(storeKey);
     const sessionAgentId = normalizeAgentId(parsedAgent?.agentId ?? resolveDefaultAgentId(cfg));
     const resolvedDefault = resolveDefaultModelForAgent({ cfg, agentId: sessionAgentId });
+    const subagentModelHint = isSubagentSessionKey(storeKey)
+        ? resolveSubagentConfiguredModelSelection({ cfg, agentId: sessionAgentId })
+        : undefined;
     const existing = store[storeKey];
     const next = existing
         ? {
@@ -49,13 +52,15 @@ export async function applySessionsPatchToStore(params) {
     if ("spawnedBy" in patch) {
         const raw = patch.spawnedBy;
         if (raw === null) {
-            if (existing?.spawnedBy)
+            if (existing?.spawnedBy) {
                 return invalid("spawnedBy cannot be cleared once set");
+            }
         }
         else if (raw !== undefined) {
             const trimmed = String(raw).trim();
-            if (!trimmed)
+            if (!trimmed) {
                 return invalid("invalid spawnedBy: empty");
+            }
             if (!isSubagentSessionKey(storeKey)) {
                 return invalid("spawnedBy is only supported for subagent:* sessions");
             }
@@ -65,6 +70,28 @@ export async function applySessionsPatchToStore(params) {
             next.spawnedBy = trimmed;
         }
     }
+    if ("spawnDepth" in patch) {
+        const raw = patch.spawnDepth;
+        if (raw === null) {
+            if (typeof existing?.spawnDepth === "number") {
+                return invalid("spawnDepth cannot be cleared once set");
+            }
+        }
+        else if (raw !== undefined) {
+            if (!isSubagentSessionKey(storeKey)) {
+                return invalid("spawnDepth is only supported for subagent:* sessions");
+            }
+            const numeric = Number(raw);
+            if (!Number.isInteger(numeric) || numeric < 0) {
+                return invalid("invalid spawnDepth (use an integer >= 0)");
+            }
+            const normalized = numeric;
+            if (typeof existing?.spawnDepth === "number" && existing.spawnDepth !== normalized) {
+                return invalid("spawnDepth cannot be changed once set");
+            }
+            next.spawnDepth = normalized;
+        }
+    }
     if ("label" in patch) {
         const raw = patch.label;
         if (raw === null) {
@@ -72,11 +99,13 @@ export async function applySessionsPatchToStore(params) {
         }
         else if (raw !== undefined) {
             const parsed = parseSessionLabel(raw);
-            if (!parsed.ok)
+            if (!parsed.ok) {
                 return invalid(parsed.error);
+            }
             for (const [key, entry] of Object.entries(store)) {
-                if (key === storeKey)
+                if (key === storeKey) {
                     continue;
+                }
                 if (entry?.label === parsed.label) {
                     return invalid(`label already in use: ${parsed.label}`);
                 }
@@ -87,6 +116,7 @@ export async function applySessionsPatchToStore(params) {
     if ("thinkingLevel" in patch) {
         const raw = patch.thinkingLevel;
         if (raw === null) {
+            // Clear the override and fall back to model default
             delete next.thinkingLevel;
         }
         else if (raw !== undefined) {
@@ -102,8 +132,9 @@ export async function applySessionsPatchToStore(params) {
     if ("verboseLevel" in patch) {
         const raw = patch.verboseLevel;
         const parsed = parseVerboseOverride(raw);
-        if (!parsed.ok)
+        if (!parsed.ok) {
             return invalid(parsed.error);
+        }
         applyVerboseOverride(next, parsed.value);
     }
     if ("reasoningLevel" in patch) {
@@ -116,10 +147,12 @@ export async function applySessionsPatchToStore(params) {
             if (!normalized) {
                 return invalid('invalid reasoningLevel (use "on"|"off"|"stream")');
             }
-            if (normalized === "off")
+            if (normalized === "off") {
                 delete next.reasoningLevel;
-            else
+            }
+            else {
                 next.reasoningLevel = normalized;
+            }
         }
     }
     if ("responseUsage" in patch) {
@@ -129,12 +162,15 @@ export async function applySessionsPatchToStore(params) {
         }
         else if (raw !== undefined) {
             const normalized = normalizeUsageDisplay(String(raw));
-            if (!normalized)
+            if (!normalized) {
                 return invalid('invalid responseUsage (use "off"|"tokens"|"full")');
-            if (normalized === "off")
+            }
+            if (normalized === "off") {
                 delete next.responseUsage;
-            else
+            }
+            else {
                 next.responseUsage = normalized;
+            }
         }
     }
     if ("elevatedLevel" in patch) {
@@ -144,8 +180,9 @@ export async function applySessionsPatchToStore(params) {
         }
         else if (raw !== undefined) {
             const normalized = normalizeElevatedLevel(String(raw));
-            if (!normalized)
+            if (!normalized) {
                 return invalid('invalid elevatedLevel (use "on"|"off"|"ask"|"full")');
+            }
             // Persist "off" explicitly so patches can override defaults.
             next.elevatedLevel = normalized;
         }
@@ -157,8 +194,9 @@ export async function applySessionsPatchToStore(params) {
         }
         else if (raw !== undefined) {
             const normalized = normalizeExecHost(String(raw));
-            if (!normalized)
+            if (!normalized) {
                 return invalid('invalid execHost (use "sandbox"|"gateway"|"node")');
+            }
             next.execHost = normalized;
         }
     }
@@ -169,8 +207,9 @@ export async function applySessionsPatchToStore(params) {
         }
         else if (raw !== undefined) {
             const normalized = normalizeExecSecurity(String(raw));
-            if (!normalized)
+            if (!normalized) {
                 return invalid('invalid execSecurity (use "deny"|"allowlist"|"full")');
+            }
             next.execSecurity = normalized;
         }
     }
@@ -181,8 +220,9 @@ export async function applySessionsPatchToStore(params) {
         }
         else if (raw !== undefined) {
             const normalized = normalizeExecAsk(String(raw));
-            if (!normalized)
+            if (!normalized) {
                 return invalid('invalid execAsk (use "off"|"on-miss"|"always")');
+            }
             next.execAsk = normalized;
         }
     }
@@ -193,8 +233,9 @@ export async function applySessionsPatchToStore(params) {
         }
         else if (raw !== undefined) {
             const trimmed = String(raw).trim();
-            if (!trimmed)
+            if (!trimmed) {
                 return invalid("invalid execNode: empty");
+            }
             next.execNode = trimmed;
         }
     }
@@ -212,8 +253,9 @@ export async function applySessionsPatchToStore(params) {
         }
         else if (raw !== undefined) {
             const trimmed = String(raw).trim();
-            if (!trimmed)
+            if (!trimmed) {
                 return invalid("invalid model: empty");
+            }
             if (!params.loadGatewayModelCatalog) {
                 return {
                     ok: false,
@@ -226,7 +268,7 @@ export async function applySessionsPatchToStore(params) {
                 catalog,
                 raw: trimmed,
                 defaultProvider: resolvedDefault.provider,
-                defaultModel: resolvedDefault.model,
+                defaultModel: subagentModelHint ?? resolvedDefault.model,
             });
             if ("error" in resolved) {
                 return invalid(resolved.error);
@@ -260,8 +302,9 @@ export async function applySessionsPatchToStore(params) {
         }
         else if (raw !== undefined) {
             const normalized = normalizeSendPolicy(String(raw));
-            if (!normalized)
+            if (!normalized) {
                 return invalid('invalid sendPolicy (use "allow"|"deny")');
+            }
             next.sendPolicy = normalized;
         }
     }

package/dist/gateway/test-temp-config.js

@@ -4,7 +4,7 @@ import path from "node:path";
 export async function withTempConfig(params) {
     const prevConfigPath = process.env.POOLBOT_CONFIG_PATH;
     const prevDisableCache = process.env.POOLBOT_DISABLE_CONFIG_CACHE;
-    const dir = await mkdtemp(path.join(os.tmpdir(), params.prefix ?? "openclaw-test-config-"));
+    const dir = await mkdtemp(path.join(os.tmpdir(), params.prefix ?? "poolbot-test-config-"));
     const configPath = path.join(dir, "poolbot.json");
     process.env.POOLBOT_CONFIG_PATH = configPath;
     process.env.POOLBOT_DISABLE_CONFIG_CACHE = "1";

package/dist/gateway/tools-invoke-http.js

@@ -1,41 +1,90 @@
 import { createPoolBotTools } from "../agents/poolbot-tools.js";
-import { filterToolsByPolicy, resolveEffectiveToolPolicy, resolveGroupToolPolicy, resolveSubagentToolPolicy, } from "../agents/pi-tools.policy.js";
-import { buildPluginToolGroups, collectExplicitAllowlist, expandPolicyWithPluginGroups, normalizeToolName, resolveToolProfilePolicy, stripPluginOnlyAllowlist, } from "../agents/tool-policy.js";
+import { resolveEffectiveToolPolicy, resolveGroupToolPolicy, resolveSubagentToolPolicy, } from "../agents/pi-tools.policy.js";
+import { applyToolPolicyPipeline, buildDefaultToolPolicyPipelineSteps, } from "../agents/tool-policy-pipeline.js";
+import { collectExplicitAllowlist, mergeAlsoAllowPolicy, resolveToolProfilePolicy, } from "../agents/tool-policy.js";
+import { ToolInputError } from "../agents/tools/common.js";
 import { loadConfig } from "../config/config.js";
 import { resolveMainSessionKey } from "../config/sessions.js";
 import { logWarn } from "../logger.js";
+import { isTestDefaultMemorySlotDisabled } from "../plugins/config-state.js";
 import { getPluginToolMeta } from "../plugins/tools.js";
 import { isSubagentSessionKey } from "../routing/session-key.js";
+import { DEFAULT_GATEWAY_HTTP_TOOL_DENY } from "../security/dangerous-tools.js";
 import { normalizeMessageChannel } from "../utils/message-channel.js";
 import { authorizeGatewayConnect } from "./auth.js";
+import { readJsonBodyOrError, sendGatewayAuthFailure, sendInvalidRequest, sendJson, sendMethodNotAllowed, } from "./http-common.js";
 import { getBearerToken, getHeader } from "./http-utils.js";
-import { readJsonBodyOrError, sendInvalidRequest, sendJson, sendMethodNotAllowed, sendUnauthorized, } from "./http-common.js";
 const DEFAULT_BODY_BYTES = 2 * 1024 * 1024;
+const MEMORY_TOOL_NAMES = new Set(["memory_search", "memory_get"]);
 function resolveSessionKeyFromBody(body) {
-    if (typeof body.sessionKey === "string" && body.sessionKey.trim())
+    if (typeof body.sessionKey === "string" && body.sessionKey.trim()) {
         return body.sessionKey.trim();
+    }
     return undefined;
 }
+function resolveMemoryToolDisableReasons(cfg) {
+    if (!process.env.VITEST) {
+        return [];
+    }
+    const reasons = [];
+    const plugins = cfg.plugins;
+    const slotRaw = plugins?.slots?.memory;
+    const slotDisabled = slotRaw === null || (typeof slotRaw === "string" && slotRaw.trim().toLowerCase() === "none");
+    const pluginsDisabled = plugins?.enabled === false;
+    const defaultDisabled = isTestDefaultMemorySlotDisabled(cfg);
+    if (pluginsDisabled) {
+        reasons.push("plugins.enabled=false");
+    }
+    if (slotDisabled) {
+        reasons.push(slotRaw === null ? "plugins.slots.memory=null" : 'plugins.slots.memory="none"');
+    }
+    if (!pluginsDisabled && !slotDisabled && defaultDisabled) {
+        reasons.push("memory plugin disabled by test default");
+    }
+    return reasons;
+}
 function mergeActionIntoArgsIfSupported(params) {
     const { toolSchema, action, args } = params;
-    if (!action)
+    if (!action) {
         return args;
-    if (args.action !== undefined)
+    }
+    if (args.action !== undefined) {
         return args;
+    }
     // TypeBox schemas are plain objects; many tools define an `action` property.
     const schemaObj = toolSchema;
     const hasAction = Boolean(schemaObj &&
         typeof schemaObj === "object" &&
         schemaObj.properties &&
         "action" in schemaObj.properties);
-    if (!hasAction)
+    if (!hasAction) {
         return args;
+    }
     return { ...args, action };
 }
+function getErrorMessage(err) {
+    if (err instanceof Error) {
+        return err.message || String(err);
+    }
+    if (typeof err === "string") {
+        return err;
+    }
+    return String(err);
+}
+function isToolInputError(err) {
+    if (err instanceof ToolInputError) {
+        return true;
+    }
+    return (typeof err === "object" &&
+        err !== null &&
+        "name" in err &&
+        err.name === "ToolInputError");
+}
 export async function handleToolsInvokeHttpRequest(req, res, opts) {
     const url = new URL(req.url ?? "/", `http://${req.headers.host ?? "localhost"}`);
-    if (url.pathname !== "/tools/invoke")
+    if (url.pathname !== "/tools/invoke") {
         return false;
+    }
     if (req.method !== "POST") {
         sendMethodNotAllowed(res, "POST");
         return true;
@@ -47,25 +96,42 @@ export async function handleToolsInvokeHttpRequest(req, res, opts) {
         connectAuth: token ? { token, password: token } : null,
         req,
         trustedProxies: opts.trustedProxies ?? cfg.gateway?.trustedProxies,
+        rateLimiter: opts.rateLimiter,
     });
     if (!authResult.ok) {
-        sendUnauthorized(res);
+        sendGatewayAuthFailure(res, authResult);
         return true;
     }
     const bodyUnknown = await readJsonBodyOrError(req, res, opts.maxBodyBytes ?? DEFAULT_BODY_BYTES);
-    if (bodyUnknown === undefined)
+    if (bodyUnknown === undefined) {
         return true;
+    }
     const body = (bodyUnknown ?? {});
     const toolName = typeof body.tool === "string" ? body.tool.trim() : "";
     if (!toolName) {
         sendInvalidRequest(res, "tools.invoke requires body.tool");
         return true;
     }
+    if (process.env.VITEST && MEMORY_TOOL_NAMES.has(toolName)) {
+        const reasons = resolveMemoryToolDisableReasons(cfg);
+        if (reasons.length > 0) {
+            const suffix = reasons.length > 0 ? ` (${reasons.join(", ")})` : "";
+            sendJson(res, 400, {
+                ok: false,
+                error: {
+                    type: "invalid_request",
+                    message: `memory tools are disabled in tests${suffix}. ` +
+                        'Enable by setting plugins.slots.memory="memory-core" (and ensure plugins.enabled is not false).',
+                },
+            });
+            return true;
+        }
+    }
     const action = typeof body.action === "string" ? body.action.trim() : undefined;
     const argsRaw = body.args;
-    const args = (argsRaw && typeof argsRaw === "object" && !Array.isArray(argsRaw)
+    const args = argsRaw && typeof argsRaw === "object" && !Array.isArray(argsRaw)
         ? argsRaw
-        : {});
+        : {};
     const rawSessionKey = resolveSessionKeyFromBody(body);
     const sessionKey = !rawSessionKey || rawSessionKey === "main" ? resolveMainSessionKey(cfg) : rawSessionKey;
     // Resolve message channel/account hints (optional headers) for policy inheritance.
@@ -74,13 +140,8 @@ export async function handleToolsInvokeHttpRequest(req, res, opts) {
     const { agentId, globalPolicy, globalProviderPolicy, agentPolicy, agentProviderPolicy, profile, providerProfile, profileAlsoAllow, providerProfileAlsoAllow, } = resolveEffectiveToolPolicy({ config: cfg, sessionKey });
     const profilePolicy = resolveToolProfilePolicy(profile);
     const providerProfilePolicy = resolveToolProfilePolicy(providerProfile);
-    const mergeAlsoAllow = (policy, alsoAllow) => {
-        if (!policy?.allow || !Array.isArray(alsoAllow) || alsoAllow.length === 0)
-            return policy;
-        return { ...policy, allow: Array.from(new Set([...policy.allow, ...alsoAllow])) };
-    };
-    const profilePolicyWithAlsoAllow = mergeAlsoAllow(profilePolicy, profileAlsoAllow);
-    const providerProfilePolicyWithAlsoAllow = mergeAlsoAllow(providerProfilePolicy, providerProfileAlsoAllow);
+    const profilePolicyWithAlsoAllow = mergeAlsoAllowPolicy(profilePolicy, profileAlsoAllow);
+    const providerProfilePolicyWithAlsoAllow = mergeAlsoAllowPolicy(providerProfilePolicy, providerProfileAlsoAllow);
     const groupPolicy = resolveGroupToolPolicy({
         config: cfg,
         sessionKey,
@@ -107,58 +168,35 @@ export async function handleToolsInvokeHttpRequest(req, res, opts) {
             subagentPolicy,
         ]),
     });
-    const coreToolNames = new Set(allTools
-        .filter((tool) => !getPluginToolMeta(tool))
-        .map((tool) => normalizeToolName(tool.name))
-        .filter(Boolean));
-    const pluginGroups = buildPluginToolGroups({
+    const subagentFiltered = applyToolPolicyPipeline({
+        // oxlint-disable-next-line typescript/no-explicit-any
         tools: allTools,
+        // oxlint-disable-next-line typescript/no-explicit-any
         toolMeta: (tool) => getPluginToolMeta(tool),
+        warn: logWarn,
+        steps: [
+            ...buildDefaultToolPolicyPipelineSteps({
+                profilePolicy: profilePolicyWithAlsoAllow,
+                profile,
+                providerProfilePolicy: providerProfilePolicyWithAlsoAllow,
+                providerProfile,
+                globalPolicy,
+                globalProviderPolicy,
+                agentPolicy,
+                agentProviderPolicy,
+                groupPolicy,
+                agentId,
+            }),
+            { policy: subagentPolicy, label: "subagent tools.allow" },
+        ],
     });
-    const resolvePolicy = (policy, label) => {
-        const resolved = stripPluginOnlyAllowlist(policy, pluginGroups, coreToolNames);
-        if (resolved.unknownAllowlist.length > 0) {
-            const entries = resolved.unknownAllowlist.join(", ");
-            const suffix = resolved.strippedAllowlist
-                ? "Ignoring allowlist so core tools remain available. Use tools.alsoAllow for additive plugin tool enablement."
-                : "These entries won't match any tool unless the plugin is enabled.";
-            logWarn(`tools: ${label} allowlist contains unknown entries (${entries}). ${suffix}`);
-        }
-        return expandPolicyWithPluginGroups(resolved.policy, pluginGroups);
-    };
-    const profilePolicyExpanded = resolvePolicy(profilePolicyWithAlsoAllow, profile ? `tools.profile (${profile})` : "tools.profile");
-    const providerProfileExpanded = resolvePolicy(providerProfilePolicyWithAlsoAllow, providerProfile ? `tools.byProvider.profile (${providerProfile})` : "tools.byProvider.profile");
-    const globalPolicyExpanded = resolvePolicy(globalPolicy, "tools.allow");
-    const globalProviderExpanded = resolvePolicy(globalProviderPolicy, "tools.byProvider.allow");
-    const agentPolicyExpanded = resolvePolicy(agentPolicy, agentId ? `agents.${agentId}.tools.allow` : "agent tools.allow");
-    const agentProviderExpanded = resolvePolicy(agentProviderPolicy, agentId ? `agents.${agentId}.tools.byProvider.allow` : "agent tools.byProvider.allow");
-    const groupPolicyExpanded = resolvePolicy(groupPolicy, "group tools.allow");
-    const subagentPolicyExpanded = expandPolicyWithPluginGroups(subagentPolicy, pluginGroups);
-    const toolsFiltered = profilePolicyExpanded
-        ? filterToolsByPolicy(allTools, profilePolicyExpanded)
-        : allTools;
-    const providerProfileFiltered = providerProfileExpanded
-        ? filterToolsByPolicy(toolsFiltered, providerProfileExpanded)
-        : toolsFiltered;
-    const globalFiltered = globalPolicyExpanded
-        ? filterToolsByPolicy(providerProfileFiltered, globalPolicyExpanded)
-        : providerProfileFiltered;
-    const globalProviderFiltered = globalProviderExpanded
-        ? filterToolsByPolicy(globalFiltered, globalProviderExpanded)
-        : globalFiltered;
-    const agentFiltered = agentPolicyExpanded
-        ? filterToolsByPolicy(globalProviderFiltered, agentPolicyExpanded)
-        : globalProviderFiltered;
-    const agentProviderFiltered = agentProviderExpanded
-        ? filterToolsByPolicy(agentFiltered, agentProviderExpanded)
-        : agentFiltered;
-    const groupFiltered = groupPolicyExpanded
-        ? filterToolsByPolicy(agentProviderFiltered, groupPolicyExpanded)
-        : agentProviderFiltered;
-    const subagentFiltered = subagentPolicyExpanded
-        ? filterToolsByPolicy(groupFiltered, subagentPolicyExpanded)
-        : groupFiltered;
-    const tool = subagentFiltered.find((t) => t.name === toolName);
+    // Gateway HTTP-specific deny list — applies to ALL sessions via HTTP.
+    const gatewayToolsCfg = cfg.gateway?.tools;
+    const defaultGatewayDeny = DEFAULT_GATEWAY_HTTP_TOOL_DENY.filter((name) => !gatewayToolsCfg?.allow?.includes(name));
+    const gatewayDenyNames = defaultGatewayDeny.concat(Array.isArray(gatewayToolsCfg?.deny) ? gatewayToolsCfg.deny : []);
+    const gatewayDenySet = new Set(gatewayDenyNames);
+    const gatewayFiltered = subagentFiltered.filter((t) => !gatewayDenySet.has(t.name));
+    const tool = gatewayFiltered.find((t) => t.name === toolName);
     if (!tool) {
         sendJson(res, 404, {
             ok: false,
@@ -168,17 +206,27 @@ export async function handleToolsInvokeHttpRequest(req, res, opts) {
     }
     try {
         const toolArgs = mergeActionIntoArgsIfSupported({
+            // oxlint-disable-next-line typescript/no-explicit-any
             toolSchema: tool.parameters,
             action,
             args,
         });
+        // oxlint-disable-next-line typescript/no-explicit-any
         const result = await tool.execute?.(`http-${Date.now()}`, toolArgs);
         sendJson(res, 200, { ok: true, result });
     }
     catch (err) {
-        sendJson(res, 400, {
+        if (isToolInputError(err)) {
+            sendJson(res, 400, {
+                ok: false,
+                error: { type: "tool_error", message: getErrorMessage(err) || "invalid tool arguments" },
+            });
+            return true;
+        }
+        logWarn(`tools-invoke: tool execution failed: ${String(err)}`);
+        sendJson(res, 500, {
             ok: false,
-            error: { type: "tool_error", message: err instanceof Error ? err.message : String(err) },
+            error: { type: "tool_error", message: "tool execution failed" },
         });
     }
     return true;