npm - @poolzin/pool-bot - Versions diffs - 2026.2.21 → 2026.2.23 - Mend

@poolzin/pool-bot 2026.2.21 → 2026.2.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (378) hide show

package/CHANGELOG.md +25 -0
package/dist/agents/api-key-rotation.js +47 -0
package/dist/agents/apply-patch-update.js +19 -9
package/dist/agents/apply-patch.js +72 -47
package/dist/agents/bash-tools.exec.js +141 -559
package/dist/agents/cli-backends.js +49 -6
package/dist/agents/cli-runner/helpers.js +69 -152
package/dist/agents/cli-runner.js +70 -19
package/dist/agents/identity.js +20 -1
package/dist/agents/image-sanitization.js +9 -0
package/dist/agents/live-auth-keys.js +123 -26
package/dist/agents/live-model-filter.js +13 -4
package/dist/agents/model-catalog.js +40 -9
package/dist/agents/model-forward-compat.js +60 -23
package/dist/agents/model-selection.js +134 -41
package/dist/agents/pi-auth-json.js +2 -2
package/dist/agents/pi-embedded-helpers/bootstrap.js +65 -15
package/dist/agents/pi-embedded-helpers/errors.js +140 -15
package/dist/agents/pi-embedded-helpers/images.js +22 -12
package/dist/agents/pi-embedded-helpers.js +2 -2
package/dist/agents/pi-embedded-runner/abort.js +10 -3
package/dist/agents/pi-embedded-runner/compact.js +230 -32
package/dist/agents/pi-embedded-runner/extra-params.js +203 -12
package/dist/agents/pi-embedded-runner/google.js +109 -19
package/dist/agents/pi-embedded-runner/history.js +35 -17
package/dist/agents/pi-embedded-runner/run/attempt.js +386 -95
package/dist/agents/pi-embedded-runner/run/images.js +81 -55
package/dist/agents/pi-embedded-runner/run/payloads.js +89 -39
package/dist/agents/pi-embedded-runner/run.js +193 -25
package/dist/agents/pi-embedded-runner/run.overflow-compaction.mocks.shared.js +2 -2
package/dist/agents/pi-embedded-runner/runs.js +17 -8
package/dist/agents/pi-embedded-runner/tool-result-context-guard.js +262 -0
package/dist/agents/pi-embedded-runner.js +1 -1
package/dist/agents/pi-embedded-subscribe.handlers.tools.js +180 -10
package/dist/agents/pi-embedded-subscribe.js +37 -0
package/dist/agents/pi-embedded-subscribe.tools.js +127 -30
package/dist/agents/pi-model-discovery.js +9 -2
package/dist/agents/pi-tool-definition-adapter.js +60 -8
package/dist/agents/pi-tools.before-tool-call.js +1 -1
package/dist/agents/pi-tools.js +113 -94
package/dist/agents/pi-tools.read.js +337 -38
package/dist/agents/poolbot-tools.js +14 -5
package/dist/agents/sandbox/docker.js +10 -5
package/dist/agents/sandbox/registry.js +96 -46
package/dist/agents/sandbox/sanitize-env-vars.js +82 -0
package/dist/agents/sandbox-paths.js +43 -10
package/dist/agents/session-tool-result-guard-wrapper.js +23 -11
package/dist/agents/session-tool-result-guard.js +39 -39
package/dist/agents/session-transcript-repair.js +36 -33
package/dist/agents/session-write-lock.js +62 -44
package/dist/agents/skills/frontmatter.js +49 -88
package/dist/agents/skills/workspace.js +335 -28
package/dist/agents/subagent-announce.js +508 -174
package/dist/agents/subagent-registry.js +45 -4
package/dist/agents/subagent-spawn.js +16 -33
package/dist/agents/system-prompt-report.js +27 -10
package/dist/agents/system-prompt.js +26 -32
package/dist/agents/tool-call-id.js +69 -17
package/dist/agents/tool-display-common.js +1 -1
package/dist/agents/tool-images.js +64 -31
package/dist/agents/tools/canvas-tool.js +17 -11
package/dist/agents/tools/common.js +37 -19
package/dist/agents/tools/cron-tool.js +40 -38
package/dist/agents/tools/gateway.js +70 -2
package/dist/agents/tools/message-tool.js +181 -40
package/dist/agents/tools/nodes-tool.js +128 -36
package/dist/agents/tools/nodes-utils.js +12 -38
package/dist/agents/tools/session-status-tool.js +24 -71
package/dist/agents/tools/sessions-helpers.js +38 -210
package/dist/agents/tools/sessions-spawn-tool.js +28 -198
package/dist/agents/tools/telegram-actions.js +58 -7
package/dist/agents/tools/web-fetch-utils.js +112 -7
package/dist/agents/tools/web-fetch.js +279 -175
package/dist/agents/tools/web-shared.js +71 -8
package/dist/agents/usage.js +25 -16
package/dist/auto-reply/commands-registry.data.js +85 -11
package/dist/auto-reply/dispatch.js +40 -21
package/dist/auto-reply/reply/abort.js +102 -33
package/dist/auto-reply/reply/commands-core.js +82 -33
package/dist/auto-reply/reply/commands-export-session.js +1 -1
package/dist/auto-reply/reply/commands-info.js +41 -12
package/dist/auto-reply/reply/commands-subagents.js +352 -100
package/dist/auto-reply/reply/commands-system-prompt.js +2 -2
package/dist/auto-reply/reply/dispatch-from-config.js +100 -29
package/dist/auto-reply/reply/elevated-unavailable.js +1 -1
package/dist/auto-reply/reply/inbound-meta.js +12 -1
package/dist/auto-reply/reply/mentions.js +18 -11
package/dist/auto-reply/reply/normalize-reply.js +17 -8
package/dist/auto-reply/reply/reply-dispatcher.js +62 -10
package/dist/auto-reply/reply/session.js +102 -21
package/dist/auto-reply/reply/streaming-directives.js +16 -5
package/dist/auto-reply/status.js +73 -50
package/dist/browser/extension-relay.js +3 -3
package/dist/browser/http-auth.js +1 -1
package/dist/browser/paths.js +2 -2
package/dist/build-info.json +3 -3
package/dist/channels/allowlist-match.js +20 -0
package/dist/channels/allowlists/resolve-utils.js +65 -2
package/dist/channels/chat-type.js +8 -4
package/dist/channels/dock.js +127 -35
package/dist/channels/draft-stream-loop.js +6 -2
package/dist/channels/plugins/actions/telegram.js +42 -18
package/dist/channels/plugins/allowlist-match.js +1 -1
package/dist/channels/plugins/group-mentions.js +51 -41
package/dist/channels/plugins/message-action-names.js +2 -0
package/dist/channels/plugins/message-actions.js +24 -5
package/dist/channels/plugins/normalize/discord.js +26 -4
package/dist/channels/plugins/normalize/signal.js +35 -22
package/dist/channels/plugins/onboarding/helpers.js +8 -26
package/dist/channels/plugins/outbound/imessage.js +15 -14
package/dist/channels/registry.js +20 -7
package/dist/cli/acp-cli.js +7 -5
package/dist/cli/browser-cli-extension.js +25 -12
package/dist/cli/browser-cli-state.cookies-storage.js +25 -6
package/dist/cli/browser-cli-state.js +101 -145
package/dist/cli/command-options.js +28 -0
package/dist/cli/completion-cli.js +6 -6
package/dist/cli/cron-cli/register.cron-add.js +25 -1
package/dist/cli/cron-cli/register.cron-edit.js +44 -0
package/dist/cli/cron-cli/shared.js +7 -1
package/dist/cli/daemon-cli/lifecycle-core.js +23 -21
package/dist/cli/daemon-cli/lifecycle.js +23 -247
package/dist/cli/daemon-cli/register-service-commands.js +25 -4
package/dist/cli/daemon-cli.js +1 -0
package/dist/cli/devices-cli.js +33 -20
package/dist/cli/gateway-cli/register.js +37 -105
package/dist/cli/gateway-cli/run.js +49 -11
package/dist/cli/nodes-camera.js +59 -4
package/dist/cli/nodes-cli/register.camera.js +27 -24
package/dist/cli/nodes-cli/rpc.js +21 -38
package/dist/cli/qr-cli.js +2 -2
package/dist/cli/skills-cli.format.js +2 -2
package/dist/cli/update-cli/progress.js +2 -2
package/dist/cli/update-cli/restart-helper.js +28 -7
package/dist/cli/update-cli/shared.js +7 -7
package/dist/cli/update-cli/status.js +1 -1
package/dist/cli/update-cli/update-command.js +14 -8
package/dist/cli/update-cli/wizard.js +2 -2
package/dist/cli/update-cli.js +21 -1027
package/dist/commands/auth-choice.apply.anthropic.js +10 -2
package/dist/commands/channels/add-mutators.js +3 -35
package/dist/commands/channels/add.js +39 -51
package/dist/commands/config-validation.js +1 -1
package/dist/commands/configure.gateway-auth.js +52 -15
package/dist/commands/configure.gateway.js +84 -40
package/dist/commands/doctor-completion.js +3 -3
package/dist/commands/doctor-config-flow.js +536 -16
package/dist/commands/doctor-gateway-services.js +103 -79
package/dist/commands/doctor-memory-search.js +9 -9
package/dist/commands/doctor-platform-notes.js +57 -30
package/dist/commands/doctor-prompter.js +26 -15
package/dist/commands/doctor-session-locks.js +1 -1
package/dist/commands/doctor.js +21 -9
package/dist/commands/model-picker.js +120 -95
package/dist/commands/models/set.js +2 -21
package/dist/commands/models/shared.js +65 -37
package/dist/commands/onboard-helpers.js +81 -39
package/dist/commands/openai-codex-oauth.js +1 -1
package/dist/commands/sessions.js +52 -53
package/dist/commands/status.summary.js +52 -34
package/dist/commands/test-wizard-helpers.js +2 -2
package/dist/config/defaults.js +79 -42
package/dist/config/group-policy.js +50 -18
package/dist/config/includes.js +37 -10
package/dist/config/schema.help.js +5 -4
package/dist/config/schema.hints.js +2 -2
package/dist/config/schema.labels.js +1 -0
package/dist/config/sessions/group.js +12 -11
package/dist/config/sessions/paths.js +137 -11
package/dist/config/sessions/store.js +185 -65
package/dist/config/sessions/types.js +15 -1
package/dist/config/sessions.js +1 -0
package/dist/config/telegram-custom-commands.js +3 -2
package/dist/config/types.js +2 -0
package/dist/config/zod-schema.agent-defaults.js +6 -27
package/dist/config/zod-schema.agent-runtime.js +171 -79
package/dist/config/zod-schema.providers-core.js +138 -65
package/dist/config/zod-schema.session.js +49 -22
package/dist/control-ui/assets/index-HRr1grwl.js.map +1 -1
package/dist/cron/isolated-agent/run.js +224 -57
package/dist/cron/normalize.js +48 -45
package/dist/cron/run-log.js +14 -0
package/dist/cron/service/jobs.js +190 -28
package/dist/cron/service/normalize.js +29 -11
package/dist/cron/service/store.js +30 -44
package/dist/cron/service/timer.js +182 -96
package/dist/cron/service.js +3 -0
package/dist/cron/stagger.js +37 -0
package/dist/daemon/inspect.js +132 -92
package/dist/daemon/runtime-paths.js +25 -4
package/dist/daemon/service-audit.js +47 -16
package/dist/discord/accounts.js +23 -20
package/dist/discord/monitor/agent-components.js +1115 -219
package/dist/discord/monitor/allow-list.js +114 -34
package/dist/discord/monitor/listeners.js +204 -97
package/dist/discord/monitor/message-handler.js +21 -10
package/dist/discord/monitor/message-handler.preflight.js +195 -101
package/dist/discord/monitor/message-handler.process.js +384 -123
package/dist/discord/monitor/message-utils.js +86 -23
package/dist/discord/monitor/native-command.js +77 -57
package/dist/discord/monitor/provider.js +122 -117
package/dist/discord/monitor/reply-context.js +20 -16
package/dist/discord/monitor/reply-delivery.js +40 -8
package/dist/discord/monitor/rest-fetch.js +22 -0
package/dist/discord/monitor/threading.js +117 -24
package/dist/discord/send.js +2 -1
package/dist/discord/send.outbound.js +124 -11
package/dist/discord/send.shared.js +112 -72
package/dist/discord/voice-message.js +3 -3
package/dist/gateway/auth.js +119 -44
package/dist/gateway/call.js +76 -34
package/dist/gateway/channel-health-monitor.js +57 -50
package/dist/gateway/client.js +63 -29
package/dist/gateway/control-ui-contract.js +1 -1
package/dist/gateway/gateway-config-prompts.shared.js +2 -2
package/dist/gateway/net.js +109 -1
package/dist/gateway/protocol/index.js +5 -8
package/dist/gateway/protocol/schema/agent.js +19 -1
package/dist/gateway/protocol/schema/channels.js +21 -0
package/dist/gateway/protocol/schema/cron.js +43 -30
package/dist/gateway/protocol/schema/protocol-schemas.js +6 -11
package/dist/gateway/protocol/schema/sessions.js +5 -1
package/dist/gateway/protocol/schema.js +0 -1
package/dist/gateway/server/presence-events.js +12 -0
package/dist/gateway/server/ws-connection/message-handler.js +203 -212
package/dist/gateway/server/ws-connection.js +58 -21
package/dist/gateway/server-broadcast.js +18 -13
package/dist/gateway/server-cron.js +177 -10
package/dist/gateway/server-methods/agent-job.js +131 -38
package/dist/gateway/server-methods/send.js +60 -14
package/dist/gateway/server-methods/sessions.js +160 -96
package/dist/gateway/server-methods/system.js +5 -7
package/dist/gateway/server-methods-list.js +8 -0
package/dist/gateway/server-methods.js +24 -8
package/dist/gateway/server-node-events.js +278 -68
package/dist/gateway/session-utils.fs.js +316 -75
package/dist/gateway/session-utils.js +224 -70
package/dist/gateway/sessions-patch.js +63 -20
package/dist/gateway/test-temp-config.js +1 -1
package/dist/gateway/tools-invoke-http.js +118 -70
package/dist/gateway/ws-log.js +135 -107
package/dist/hooks/frontmatter.js +36 -82
package/dist/hooks/install.js +149 -139
package/dist/hooks/internal-hooks.js +29 -4
package/dist/hooks/plugin-hooks.js +2 -1
package/dist/imessage/monitor/deliver.js +10 -4
package/dist/imessage/monitor/monitor-provider.js +138 -375
package/dist/imessage/monitor/runtime.js +4 -8
package/dist/imessage/send.js +65 -19
package/dist/infra/exec-approvals-allowlist.js +7 -0
package/dist/infra/exec-approvals.js +35 -920
package/dist/infra/exec-safe-bin-trust.js +64 -0
package/dist/infra/heartbeat-runner.js +207 -134
package/dist/infra/heartbeat-wake.js +183 -22
package/dist/infra/install-source-utils.js +47 -0
package/dist/infra/net/ssrf.js +170 -36
package/dist/infra/outbound/deliver.js +224 -58
package/dist/infra/outbound/message-action-spec.js +12 -5
package/dist/infra/outbound/outbound-session.js +27 -25
package/dist/infra/poolbot-root.js +32 -22
package/dist/infra/ports.js +14 -11
package/dist/infra/skills-remote.js +48 -37
package/dist/infra/system-events.js +25 -11
package/dist/infra/system-presence.js +26 -33
package/dist/infra/tmp-poolbot-dir.js +81 -2
package/dist/infra/wsl.js +37 -1
package/dist/line/bot-message-context.js +163 -191
package/dist/logging/subsystem.js +59 -22
package/dist/markdown/ir.js +124 -50
package/dist/media/store.js +1 -1
package/dist/media-understanding/runner.entries.js +42 -25
package/dist/media-understanding/runner.js +53 -488
package/dist/memory/embeddings-gemini.js +53 -38
package/dist/memory/manager-embedding-ops.js +48 -69
package/dist/pairing/pairing-store.js +178 -119
package/dist/plugin-sdk/index.js +34 -6
package/dist/plugins/hooks.js +135 -14
package/dist/plugins/install.js +190 -152
package/dist/polls.js +11 -0
package/dist/routing/resolve-route.js +190 -56
package/dist/routing/session-key.js +38 -22
package/dist/runtime.js +35 -9
package/dist/security/audit-channel.js +1 -1
package/dist/sessions/session-key-utils.js +29 -11
package/dist/shared/frontmatter.js +5 -5
package/dist/shared/node-list-types.js +1 -0
package/dist/shared/string-normalization.js +15 -0
package/dist/signal/monitor/event-handler.js +68 -36
package/dist/signal/send.js +29 -37
package/dist/slack/monitor/allow-list.js +10 -11
package/dist/slack/monitor/commands.js +14 -3
package/dist/slack/monitor/events/interactions.js +4 -4
package/dist/slack/monitor/media.js +224 -16
package/dist/slack/monitor/message-handler/dispatch.js +247 -13
package/dist/slack/monitor/message-handler/prepare.js +128 -45
package/dist/slack/monitor/slash.js +357 -144
package/dist/slack/streaming.js +77 -0
package/dist/telegram/accounts.js +40 -13
package/dist/telegram/allowed-updates.js +3 -0
package/dist/telegram/bot/delivery.js +129 -66
package/dist/telegram/bot/helpers.js +136 -122
package/dist/telegram/bot-handlers.js +600 -339
package/dist/telegram/bot-message-context.js +115 -73
package/dist/telegram/bot-message-dispatch.js +235 -104
package/dist/telegram/bot-native-command-menu.js +3 -1
package/dist/telegram/bot-native-commands.js +213 -193
package/dist/telegram/bot.js +24 -132
package/dist/telegram/draft-stream.js +84 -75
package/dist/telegram/format.js +150 -6
package/dist/telegram/send.js +415 -255
package/dist/telegram/targets.js +21 -2
package/dist/telegram/update-offset-store.js +19 -3
package/dist/terminal/restore.js +5 -2
package/dist/test-utils/fetch-mock.js +5 -0
package/dist/version.js +18 -5
package/dist/web/auto-reply/monitor/broadcast.js +7 -3
package/dist/web/auto-reply/monitor/on-message.js +6 -3
package/dist/web/inbound/media.js +34 -8
package/dist/web/inbound/monitor.js +34 -17
package/dist/web/inbound/send-api.js +18 -17
package/dist/web/outbound.js +12 -5
package/dist/wizard/clack-prompter.js +40 -7
package/extensions/bluebubbles/package.json +1 -1
package/extensions/copilot-proxy/package.json +1 -1
package/extensions/device-pair/index.ts +2 -2
package/extensions/diagnostics-otel/package.json +1 -1
package/extensions/discord/package.json +1 -1
package/extensions/feishu/package.json +1 -1
package/extensions/google-antigravity-auth/package.json +1 -1
package/extensions/google-gemini-cli-auth/package.json +1 -1
package/extensions/googlechat/package.json +1 -1
package/extensions/imessage/package.json +1 -1
package/extensions/irc/package.json +1 -1
package/extensions/irc/src/accounts.ts +1 -1
package/extensions/irc/src/onboarding.ts +4 -4
package/extensions/line/package.json +1 -1
package/extensions/llm-task/package.json +1 -1
package/extensions/lobster/package.json +1 -1
package/extensions/matrix/CHANGELOG.md +10 -0
package/extensions/matrix/package.json +1 -1
package/extensions/mattermost/package.json +1 -1
package/extensions/memory-core/package.json +1 -1
package/extensions/memory-lancedb/package.json +1 -1
package/extensions/minimax-portal-auth/package.json +1 -1
package/extensions/msteams/CHANGELOG.md +10 -0
package/extensions/msteams/package.json +1 -1
package/extensions/nextcloud-talk/package.json +1 -1
package/extensions/nostr/CHANGELOG.md +10 -0
package/extensions/nostr/package.json +1 -1
package/extensions/open-prose/package.json +1 -1
package/extensions/openai-codex-auth/package.json +1 -1
package/extensions/signal/package.json +1 -1
package/extensions/slack/package.json +1 -1
package/extensions/telegram/package.json +1 -1
package/extensions/tlon/package.json +1 -1
package/extensions/twitch/CHANGELOG.md +10 -0
package/extensions/twitch/package.json +1 -1
package/extensions/voice-call/CHANGELOG.md +10 -0
package/extensions/voice-call/package.json +1 -1
package/extensions/whatsapp/package.json +1 -1
package/extensions/zalo/CHANGELOG.md +10 -0
package/extensions/zalo/package.json +1 -1
package/extensions/zalouser/CHANGELOG.md +10 -0
package/extensions/zalouser/package.json +1 -1
package/package.json +1 -1
package/skills/apple-reminders/SKILL.md +100 -49
package/skills/coding-agent/SKILL.md +34 -28
package/skills/github/SKILL.md +131 -16
package/skills/imsg/SKILL.md +112 -15
package/skills/openhue/SKILL.md +101 -19
package/skills/tmux/SKILL.md +111 -79
package/skills/weather/SKILL.md +88 -25
package/dist/agents/openclaw-tools.js +0 -151
package/dist/agents/tool-security.js +0 -96
package/dist/gateway/url-validation.js +0 -94
package/dist/infra/openclaw-root.js +0 -109
package/dist/infra/tmp-openclaw-dir.js +0 -81
package/dist/media/path-sanitization.js +0 -78

package/dist/imessage/monitor/runtime.js CHANGED Viewed

@@ -1,12 +1,8 @@
+import { createNonExitingRuntime } from "../../runtime.js";
+import { normalizeStringEntries } from "../../shared/string-normalization.js";
 export function resolveRuntime(opts) {
-    return (opts.runtime ?? {
-        log: console.log,
-        error: console.error,
-        exit: (code) => {
-            throw new Error(`exit ${code}`);
-        },
-    });
+    return opts.runtime ?? createNonExitingRuntime();
 }
 export function normalizeAllowList(list) {
-    return (list ?? []).map((entry) => String(entry).trim()).filter(Boolean);
+    return normalizeStringEntries(list);
 }

package/dist/imessage/send.js CHANGED Viewed

@@ -1,15 +1,56 @@
 import { loadConfig } from "../config/config.js";
 import { resolveMarkdownTableMode } from "../config/markdown-tables.js";
-import { mediaKindFromMime } from "../media/constants.js";
-import { saveMediaBuffer } from "../media/store.js";
-import { loadWebMedia } from "../web/media.js";
 import { convertMarkdownTables } from "../markdown/tables.js";
+import { mediaKindFromMime } from "../media/constants.js";
+import { resolveOutboundAttachmentFromUrl } from "../media/outbound-attachment.js";
 import { resolveIMessageAccount } from "./accounts.js";
 import { createIMessageRpcClient } from "./client.js";
 import { formatIMessageChatTarget, parseIMessageTarget } from "./targets.js";
+const LEADING_REPLY_TAG_RE = /^\s*\[\[\s*reply_to\s*:\s*([^\]\n]+)\s*\]\]\s*/i;
+const MAX_REPLY_TO_ID_LENGTH = 256;
+function stripUnsafeReplyTagChars(value) {
+    let next = "";
+    for (const ch of value) {
+        const code = ch.charCodeAt(0);
+        if ((code >= 0 && code <= 31) || code === 127 || ch === "[" || ch === "]") {
+            continue;
+        }
+        next += ch;
+    }
+    return next;
+}
+function sanitizeReplyToId(rawReplyToId) {
+    const trimmed = rawReplyToId?.trim();
+    if (!trimmed) {
+        return undefined;
+    }
+    const sanitized = stripUnsafeReplyTagChars(trimmed).trim();
+    if (!sanitized) {
+        return undefined;
+    }
+    if (sanitized.length > MAX_REPLY_TO_ID_LENGTH) {
+        return sanitized.slice(0, MAX_REPLY_TO_ID_LENGTH);
+    }
+    return sanitized;
+}
+function prependReplyTagIfNeeded(message, replyToId) {
+    const resolvedReplyToId = sanitizeReplyToId(replyToId);
+    if (!resolvedReplyToId) {
+        return message;
+    }
+    const replyTag = `[[reply_to:${resolvedReplyToId}]]`;
+    const existingLeadingTag = message.match(LEADING_REPLY_TAG_RE);
+    if (existingLeadingTag) {
+        const remainder = message.slice(existingLeadingTag[0].length).trimStart();
+        return remainder ? `${replyTag} ${remainder}` : replyTag;
+    }
+    const trimmedMessage = message.trimStart();
+    return trimmedMessage ? `${replyTag} ${trimmedMessage}` : replyTag;
+}
 function resolveMessageId(result) {
-    if (!result)
+    if (!result) {
         return null;
+    }
     const raw = (typeof result.messageId === "string" && result.messageId.trim()) ||
         (typeof result.message_id === "string" && result.message_id.trim()) ||
         (typeof result.id === "string" && result.id.trim()) ||
@@ -18,17 +59,13 @@ function resolveMessageId(result) {
         (typeof result.id === "number" ? String(result.id) : null);
     return raw ? String(raw).trim() : null;
 }
-async function resolveAttachment(mediaUrl, maxBytes) {
-    const media = await loadWebMedia(mediaUrl, maxBytes);
-    const saved = await saveMediaBuffer(media.buffer, media.contentType ?? undefined, "outbound", maxBytes);
-    return { path: saved.path, contentType: saved.contentType };
-}
 export async function sendMessageIMessage(to, text, opts = {}) {
-    const cfg = loadConfig();
-    const account = resolveIMessageAccount({
-        cfg,
-        accountId: opts.accountId,
-    });
+    const cfg = opts.config ?? loadConfig();
+    const account = opts.account ??
+        resolveIMessageAccount({
+            cfg,
+            accountId: opts.accountId,
+        });
     const cliPath = opts.cliPath?.trim() || account.config.cliPath?.trim() || "imsg";
     const dbPath = opts.dbPath?.trim() || account.config.dbPath?.trim();
     const target = parseIMessageTarget(opts.chatId ? formatIMessageChatTarget(opts.chatId) : to);
@@ -44,12 +81,16 @@ export async function sendMessageIMessage(to, text, opts = {}) {
     let message = text ?? "";
     let filePath;
     if (opts.mediaUrl?.trim()) {
-        const resolved = await resolveAttachment(opts.mediaUrl.trim(), maxBytes);
+        const resolveAttachmentFn = opts.resolveAttachmentImpl ?? resolveOutboundAttachmentFromUrl;
+        const resolved = await resolveAttachmentFn(opts.mediaUrl.trim(), maxBytes, {
+            localRoots: opts.mediaLocalRoots,
+        });
         filePath = resolved.path;
         if (!message.trim()) {
             const kind = mediaKindFromMime(resolved.contentType ?? undefined);
-            if (kind)
+            if (kind) {
                 message = kind === "image" ? "<media:image>" : `<media:${kind}>`;
+            }
         }
     }
     if (!message.trim() && !filePath) {
@@ -63,13 +104,15 @@ export async function sendMessageIMessage(to, text, opts = {}) {
         });
         message = convertMarkdownTables(message, tableMode);
     }
+    message = prependReplyTagIfNeeded(message, opts.replyToId);
     const params = {
         text: message,
-        service: (service || "auto"),
+        service: service || "auto",
         region,
     };
-    if (filePath)
+    if (filePath) {
         params.file = filePath;
+    }
     if (target.kind === "chat_id") {
         params.chat_id = target.chatId;
     }
@@ -82,7 +125,10 @@ export async function sendMessageIMessage(to, text, opts = {}) {
     else {
         params.to = target.to;
     }
-    const client = opts.client ?? (await createIMessageRpcClient({ cliPath, dbPath }));
+    const client = opts.client ??
+        (opts.createClient
+            ? await opts.createClient({ cliPath, dbPath })
+            : await createIMessageRpcClient({ cliPath, dbPath }));
     const shouldClose = !opts.client;
     try {
         const result = await client.request("send", params, {

package/dist/infra/exec-approvals-allowlist.js CHANGED Viewed

@@ -1,6 +1,7 @@
 import fs from "node:fs";
 import path from "node:path";
 import { DEFAULT_SAFE_BINS, analyzeShellCommand, isWindowsPlatform, matchAllowlist, resolveAllowlistCandidatePath, splitCommandChain, } from "./exec-approvals-analysis.js";
+import { isTrustedSafeBinPath } from "./exec-safe-bin-trust.js";
 function isPathLikeToken(value) {
     const trimmed = value.trim();
     if (!trimmed) {
@@ -67,6 +68,12 @@ export function isSafeBinUsage(params) {
     if (!resolution?.resolvedPath) {
         return false;
     }
+    if (!isTrustedSafeBinPath({
+        resolvedPath: resolution.resolvedPath,
+        trustedDirs: params.trustedSafeBinDirs,
+    })) {
+        return false;
+    }
     const cwd = params.cwd ?? process.cwd();
     const exists = params.fileExists ?? defaultFileExists;
     const argv = params.argv.slice(1);