@poolzin/pool-bot 2026.2.23 → 2026.2.25

package/dist/browser/routes/tabs.js

@@ -1,120 +1,174 @@
 import { getProfileContext, jsonError, toNumber, toStringOrEmpty } from "./utils.js";
+function resolveTabsProfileContext(req, res, ctx) {
+    const profileCtx = getProfileContext(req, ctx);
+    if ("error" in profileCtx) {
+        jsonError(res, profileCtx.status, profileCtx.error);
+        return null;
+    }
+    return profileCtx;
+}
+function handleTabsRouteError(ctx, res, err, opts) {
+    if (opts?.mapTabError) {
+        const mapped = ctx.mapTabError(err);
+        if (mapped) {
+            return jsonError(res, mapped.status, mapped.message);
+        }
+    }
+    return jsonError(res, 500, String(err));
+}
+async function withTabsProfileRoute(params) {
+    const profileCtx = resolveTabsProfileContext(params.req, params.res, params.ctx);
+    if (!profileCtx) {
+        return;
+    }
+    try {
+        await params.run(profileCtx);
+    }
+    catch (err) {
+        handleTabsRouteError(params.ctx, params.res, err, { mapTabError: params.mapTabError });
+    }
+}
+async function ensureBrowserRunning(profileCtx, res) {
+    if (!(await profileCtx.isReachable(300))) {
+        jsonError(res, 409, "browser not running");
+        return false;
+    }
+    return true;
+}
+function resolveIndexedTab(tabs, index) {
+    return typeof index === "number" ? tabs[index] : tabs.at(0);
+}
+function parseRequiredTargetId(res, rawTargetId) {
+    const targetId = toStringOrEmpty(rawTargetId);
+    if (!targetId) {
+        jsonError(res, 400, "targetId is required");
+        return null;
+    }
+    return targetId;
+}
+async function runTabTargetMutation(params) {
+    await withTabsProfileRoute({
+        req: params.req,
+        res: params.res,
+        ctx: params.ctx,
+        mapTabError: true,
+        run: async (profileCtx) => {
+            if (!(await ensureBrowserRunning(profileCtx, params.res))) {
+                return;
+            }
+            await params.mutate(profileCtx, params.targetId);
+            params.res.json({ ok: true });
+        },
+    });
+}
 export function registerBrowserTabRoutes(app, ctx) {
     app.get("/tabs", async (req, res) => {
-        const profileCtx = getProfileContext(req, ctx);
-        if ("error" in profileCtx)
-            return jsonError(res, profileCtx.status, profileCtx.error);
-        try {
-            const reachable = await profileCtx.isReachable(300);
-            if (!reachable)
-                return res.json({ running: false, tabs: [] });
-            const tabs = await profileCtx.listTabs();
-            res.json({ running: true, tabs });
-        }
-        catch (err) {
-            jsonError(res, 500, String(err));
-        }
+        await withTabsProfileRoute({
+            req,
+            res,
+            ctx,
+            run: async (profileCtx) => {
+                const reachable = await profileCtx.isReachable(300);
+                if (!reachable) {
+                    return res.json({ running: false, tabs: [] });
+                }
+                const tabs = await profileCtx.listTabs();
+                res.json({ running: true, tabs });
+            },
+        });
     });
     app.post("/tabs/open", async (req, res) => {
-        const profileCtx = getProfileContext(req, ctx);
-        if ("error" in profileCtx)
-            return jsonError(res, profileCtx.status, profileCtx.error);
         const url = toStringOrEmpty(req.body?.url);
-        if (!url)
+        if (!url) {
             return jsonError(res, 400, "url is required");
-        try {
-            await profileCtx.ensureBrowserAvailable();
-            const tab = await profileCtx.openTab(url);
-            res.json(tab);
-        }
-        catch (err) {
-            jsonError(res, 500, String(err));
         }
+        await withTabsProfileRoute({
+            req,
+            res,
+            ctx,
+            mapTabError: true,
+            run: async (profileCtx) => {
+                await profileCtx.ensureBrowserAvailable();
+                const tab = await profileCtx.openTab(url);
+                res.json(tab);
+            },
+        });
     });
     app.post("/tabs/focus", async (req, res) => {
-        const profileCtx = getProfileContext(req, ctx);
-        if ("error" in profileCtx)
-            return jsonError(res, profileCtx.status, profileCtx.error);
-        const targetId = toStringOrEmpty(req.body?.targetId);
-        if (!targetId)
-            return jsonError(res, 400, "targetId is required");
-        try {
-            if (!(await profileCtx.isReachable(300)))
-                return jsonError(res, 409, "browser not running");
-            await profileCtx.focusTab(targetId);
-            res.json({ ok: true });
-        }
-        catch (err) {
-            const mapped = ctx.mapTabError(err);
-            if (mapped)
-                return jsonError(res, mapped.status, mapped.message);
-            jsonError(res, 500, String(err));
+        const targetId = parseRequiredTargetId(res, req.body?.targetId);
+        if (!targetId) {
+            return;
         }
+        await runTabTargetMutation({
+            req,
+            res,
+            ctx,
+            targetId,
+            mutate: async (profileCtx, id) => {
+                await profileCtx.focusTab(id);
+            },
+        });
     });
     app.delete("/tabs/:targetId", async (req, res) => {
-        const profileCtx = getProfileContext(req, ctx);
-        if ("error" in profileCtx)
-            return jsonError(res, profileCtx.status, profileCtx.error);
-        const targetId = toStringOrEmpty(req.params.targetId);
-        if (!targetId)
-            return jsonError(res, 400, "targetId is required");
-        try {
-            if (!(await profileCtx.isReachable(300)))
-                return jsonError(res, 409, "browser not running");
-            await profileCtx.closeTab(targetId);
-            res.json({ ok: true });
-        }
-        catch (err) {
-            const mapped = ctx.mapTabError(err);
-            if (mapped)
-                return jsonError(res, mapped.status, mapped.message);
-            jsonError(res, 500, String(err));
+        const targetId = parseRequiredTargetId(res, req.params.targetId);
+        if (!targetId) {
+            return;
         }
+        await runTabTargetMutation({
+            req,
+            res,
+            ctx,
+            targetId,
+            mutate: async (profileCtx, id) => {
+                await profileCtx.closeTab(id);
+            },
+        });
     });
     app.post("/tabs/action", async (req, res) => {
-        const profileCtx = getProfileContext(req, ctx);
-        if ("error" in profileCtx)
-            return jsonError(res, profileCtx.status, profileCtx.error);
         const action = toStringOrEmpty(req.body?.action);
         const index = toNumber(req.body?.index);
-        try {
-            if (action === "list") {
-                const reachable = await profileCtx.isReachable(300);
-                if (!reachable)
-                    return res.json({ ok: true, tabs: [] });
-                const tabs = await profileCtx.listTabs();
-                return res.json({ ok: true, tabs });
-            }
-            if (action === "new") {
-                await profileCtx.ensureBrowserAvailable();
-                const tab = await profileCtx.openTab("about:blank");
-                return res.json({ ok: true, tab });
-            }
-            if (action === "close") {
-                const tabs = await profileCtx.listTabs();
-                const target = typeof index === "number" ? tabs[index] : tabs.at(0);
-                if (!target)
-                    return jsonError(res, 404, "tab not found");
-                await profileCtx.closeTab(target.targetId);
-                return res.json({ ok: true, targetId: target.targetId });
-            }
-            if (action === "select") {
-                if (typeof index !== "number")
-                    return jsonError(res, 400, "index is required");
-                const tabs = await profileCtx.listTabs();
-                const target = tabs[index];
-                if (!target)
-                    return jsonError(res, 404, "tab not found");
-                await profileCtx.focusTab(target.targetId);
-                return res.json({ ok: true, targetId: target.targetId });
-            }
-            return jsonError(res, 400, "unknown tab action");
-        }
-        catch (err) {
-            const mapped = ctx.mapTabError(err);
-            if (mapped)
-                return jsonError(res, mapped.status, mapped.message);
-            jsonError(res, 500, String(err));
-        }
+        await withTabsProfileRoute({
+            req,
+            res,
+            ctx,
+            mapTabError: true,
+            run: async (profileCtx) => {
+                if (action === "list") {
+                    const reachable = await profileCtx.isReachable(300);
+                    if (!reachable) {
+                        return res.json({ ok: true, tabs: [] });
+                    }
+                    const tabs = await profileCtx.listTabs();
+                    return res.json({ ok: true, tabs });
+                }
+                if (action === "new") {
+                    await profileCtx.ensureBrowserAvailable();
+                    const tab = await profileCtx.openTab("about:blank");
+                    return res.json({ ok: true, tab });
+                }
+                if (action === "close") {
+                    const tabs = await profileCtx.listTabs();
+                    const target = resolveIndexedTab(tabs, index);
+                    if (!target) {
+                        return jsonError(res, 404, "tab not found");
+                    }
+                    await profileCtx.closeTab(target.targetId);
+                    return res.json({ ok: true, targetId: target.targetId });
+                }
+                if (action === "select") {
+                    if (typeof index !== "number") {
+                        return jsonError(res, 400, "index is required");
+                    }
+                    const tabs = await profileCtx.listTabs();
+                    const target = tabs[index];
+                    if (!target) {
+                        return jsonError(res, 404, "tab not found");
+                    }
+                    await profileCtx.focusTab(target.targetId);
+                    return res.json({ ok: true, targetId: target.targetId });
+                }
+                return jsonError(res, 400, "unknown tab action");
+            },
+        });
     });
 }

package/dist/browser/server-lifecycle.js

@@ -0,0 +1,37 @@
+import { resolveProfile } from "./config.js";
+import { ensureChromeExtensionRelayServer } from "./extension-relay.js";
+import { createBrowserRouteContext, listKnownProfileNames, } from "./server-context.js";
+export async function ensureExtensionRelayForProfiles(params) {
+    for (const name of Object.keys(params.resolved.profiles)) {
+        const profile = resolveProfile(params.resolved, name);
+        if (!profile || profile.driver !== "extension") {
+            continue;
+        }
+        await ensureChromeExtensionRelayServer({ cdpUrl: profile.cdpUrl }).catch((err) => {
+            params.onWarn(`Chrome extension relay init failed for profile "${name}": ${String(err)}`);
+        });
+    }
+}
+export async function stopKnownBrowserProfiles(params) {
+    const current = params.getState();
+    if (!current) {
+        return;
+    }
+    const ctx = createBrowserRouteContext({
+        getState: params.getState,
+        refreshConfigFromDisk: true,
+    });
+    try {
+        for (const name of listKnownProfileNames(current)) {
+            try {
+                await ctx.forProfile(name).stopRunningBrowser();
+            }
+            catch {
+                // ignore
+            }
+        }
+    }
+    catch (err) {
+        params.onWarn(`poolbot browser stop failed: ${String(err)}`);
+    }
+}

package/dist/build-info.json

@@ -1,5 +1,5 @@
 {
-  "version": "2026.2.23",
-  "commit": "ef242fa9f8b367333f246a3777937c94c68f5847",
-  "builtAt": "2026-02-18T18:15:41.704Z"
+  "version": "2026.2.25",
+  "commit": "748e2d3171e75e9165f427279d4a3f1ef76c14aa",
+  "builtAt": "2026-02-22T07:21:30.369Z"
 }

package/dist/channels/allow-from.js

@@ -0,0 +1,25 @@
+export function mergeAllowFromSources(params) {
+    return [...(params.allowFrom ?? []), ...(params.storeAllowFrom ?? [])]
+        .map((value) => String(value).trim())
+        .filter(Boolean);
+}
+export function firstDefined(...values) {
+    for (const value of values) {
+        if (typeof value !== "undefined") {
+            return value;
+        }
+    }
+    return undefined;
+}
+export function isSenderIdAllowed(allow, senderId, allowWhenEmpty) {
+    if (!allow.hasEntries) {
+        return allowWhenEmpty;
+    }
+    if (allow.hasWildcard) {
+        return true;
+    }
+    if (!senderId) {
+        return false;
+    }
+    return allow.entries.includes(senderId);
+}

package/dist/channels/plugins/account-action-gate.js

@@ -0,0 +1,13 @@
+export function createAccountActionGate(params) {
+    return (key, defaultValue = true) => {
+        const accountValue = params.accountActions?.[key];
+        if (accountValue !== undefined) {
+            return accountValue;
+        }
+        const baseValue = params.baseActions?.[key];
+        if (baseValue !== undefined) {
+            return baseValue;
+        }
+        return defaultValue;
+    };
+}

package/dist/channels/plugins/message-actions.js

@@ -1,4 +1,11 @@
 import { getChannelPlugin, listChannelPlugins } from "./index.js";
+const trustedRequesterRequiredByChannel = {
+    discord: new Set(["timeout", "kick", "ban"]),
+};
+function requiresTrustedRequesterSender(ctx) {
+    const actions = trustedRequesterRequiredByChannel[ctx.channel];
+    return Boolean(actions?.has(ctx.action) && ctx.toolContext);
+}
 export function listChannelMessageActions(cfg) {
     const actions = new Set(["send", "broadcast"]);
     for (const plugin of listChannelPlugins()) {
@@ -43,6 +50,9 @@ export function supportsChannelMessageCardsForChannel(params) {
     return plugin?.actions?.supportsCards?.({ cfg: params.cfg }) === true;
 }
 export async function dispatchChannelMessageAction(ctx) {
+    if (requiresTrustedRequesterSender(ctx) && !ctx.requesterSenderId?.trim()) {
+        throw new Error(`Trusted sender identity is required for ${ctx.channel}:${ctx.action} in tool-driven contexts.`);
+    }
     const plugin = getChannelPlugin(ctx.channel);
     if (!plugin?.actions?.handleAction) {
         return null;

package/dist/channels/telegram/api.js

@@ -0,0 +1,18 @@
+export async function fetchTelegramChatId(params) {
+    const url = `https://api.telegram.org/bot${params.token}/getChat?chat_id=${encodeURIComponent(params.chatId)}`;
+    try {
+        const res = await fetch(url, params.signal ? { signal: params.signal } : undefined);
+        if (!res.ok) {
+            return null;
+        }
+        const data = (await res.json().catch(() => null));
+        const id = data?.ok ? data?.result?.id : undefined;
+        if (typeof id === "number" || typeof id === "string") {
+            return String(id);
+        }
+        return null;
+    }
+    catch {
+        return null;
+    }
+}

package/dist/cli/argv.js

@@ -1,40 +1,85 @@
 const HELP_FLAGS = new Set(["-h", "--help"]);
-const VERSION_FLAGS = new Set(["-v", "-V", "--version"]);
+const VERSION_FLAGS = new Set(["-V", "--version"]);
+const ROOT_VERSION_ALIAS_FLAG = "-v";
+const ROOT_BOOLEAN_FLAGS = new Set(["--dev", "--no-color"]);
+const ROOT_VALUE_FLAGS = new Set(["--profile"]);
 const FLAG_TERMINATOR = "--";
 export function hasHelpOrVersion(argv) {
-    return argv.some((arg) => HELP_FLAGS.has(arg) || VERSION_FLAGS.has(arg));
+    return (argv.some((arg) => HELP_FLAGS.has(arg) || VERSION_FLAGS.has(arg)) || hasRootVersionAlias(argv));
 }
 function isValueToken(arg) {
-    if (!arg)
+    if (!arg) {
         return false;
-    if (arg === FLAG_TERMINATOR)
+    }
+    if (arg === FLAG_TERMINATOR) {
         return false;
-    if (!arg.startsWith("-"))
+    }
+    if (!arg.startsWith("-")) {
         return true;
+    }
     return /^-\d+(?:\.\d+)?$/.test(arg);
 }
 function parsePositiveInt(value) {
     const parsed = Number.parseInt(value, 10);
-    if (Number.isNaN(parsed) || parsed <= 0)
+    if (Number.isNaN(parsed) || parsed <= 0) {
         return undefined;
+    }
     return parsed;
 }
 export function hasFlag(argv, name) {
     const args = argv.slice(2);
     for (const arg of args) {
-        if (arg === FLAG_TERMINATOR)
+        if (arg === FLAG_TERMINATOR) {
             break;
-        if (arg === name)
+        }
+        if (arg === name) {
             return true;
+        }
     }
     return false;
 }
+export function hasRootVersionAlias(argv) {
+    const args = argv.slice(2);
+    let hasAlias = false;
+    for (let i = 0; i < args.length; i += 1) {
+        const arg = args[i];
+        if (!arg) {
+            continue;
+        }
+        if (arg === FLAG_TERMINATOR) {
+            break;
+        }
+        if (arg === ROOT_VERSION_ALIAS_FLAG) {
+            hasAlias = true;
+            continue;
+        }
+        if (ROOT_BOOLEAN_FLAGS.has(arg)) {
+            continue;
+        }
+        if (arg.startsWith("--profile=")) {
+            continue;
+        }
+        if (ROOT_VALUE_FLAGS.has(arg)) {
+            const next = args[i + 1];
+            if (isValueToken(next)) {
+                i += 1;
+            }
+            continue;
+        }
+        if (arg.startsWith("-")) {
+            continue;
+        }
+        return false;
+    }
+    return hasAlias;
+}
 export function getFlagValue(argv, name) {
     const args = argv.slice(2);
     for (let i = 0; i < args.length; i += 1) {
         const arg = args[i];
-        if (arg === FLAG_TERMINATOR)
+        if (arg === FLAG_TERMINATOR) {
             break;
+        }
         if (arg === name) {
             const next = args[i + 1];
             return isValueToken(next) ? next : null;
@@ -47,16 +92,19 @@ export function getFlagValue(argv, name) {
     return undefined;
 }
 export function getVerboseFlag(argv, options) {
-    if (hasFlag(argv, "--verbose"))
+    if (hasFlag(argv, "--verbose")) {
         return true;
-    if (options?.includeDebug && hasFlag(argv, "--debug"))
+    }
+    if (options?.includeDebug && hasFlag(argv, "--debug")) {
         return true;
+    }
     return false;
 }
 export function getPositiveIntFlagValue(argv, name) {
     const raw = getFlagValue(argv, name);
-    if (raw === null || raw === undefined)
+    if (raw === null || raw === undefined) {
         return raw;
+    }
     return parsePositiveInt(raw);
 }
 export function getCommandPath(argv, depth = 2) {
@@ -64,15 +112,19 @@ export function getCommandPath(argv, depth = 2) {
     const path = [];
     for (let i = 0; i < args.length; i += 1) {
         const arg = args[i];
-        if (!arg)
+        if (!arg) {
             continue;
-        if (arg === "--")
+        }
+        if (arg === "--") {
             break;
-        if (arg.startsWith("-"))
+        }
+        if (arg.startsWith("-")) {
             continue;
+        }
         path.push(arg);
-        if (path.length >= depth)
+        if (path.length >= depth) {
             break;
+        }
     }
     return path;
 }
@@ -94,8 +146,9 @@ export function buildParseArgv(params) {
             : baseArgv;
     const executable = (normalizedArgv[0]?.split(/[/\\]/).pop() ?? "").toLowerCase();
     const looksLikeNode = normalizedArgv.length >= 2 && (isNodeExecutable(executable) || isBunExecutable(executable));
-    if (looksLikeNode)
+    if (looksLikeNode) {
         return normalizedArgv;
+    }
     return ["node", programName || "poolbot", ...normalizedArgv];
 }
 const nodeExecutablePattern = /^node-\d+(?:\.\d+)*(?:\.exe)?$/;
@@ -110,15 +163,25 @@ function isBunExecutable(executable) {
     return executable === "bun" || executable === "bun.exe";
 }
 export function shouldMigrateStateFromPath(path) {
-    if (path.length === 0)
+    if (path.length === 0) {
         return true;
+    }
     const [primary, secondary] = path;
-    if (primary === "health" || primary === "status" || primary === "sessions")
+    if (primary === "health" || primary === "status" || primary === "sessions") {
         return false;
-    if (primary === "memory" && secondary === "status")
+    }
+    if (primary === "config" && (secondary === "get" || secondary === "unset")) {
         return false;
-    if (primary === "agent")
+    }
+    if (primary === "models" && (secondary === "list" || secondary === "status")) {
         return false;
+    }
+    if (primary === "memory" && secondary === "status") {
+        return false;
+    }
+    if (primary === "agent") {
+        return false;
+    }
     return true;
 }
 export function shouldMigrateState(argv) {

package/dist/cli/banner.js

@@ -1,6 +1,7 @@
 import { resolveCommitHash } from "../infra/git-commit.js";
 import { visibleWidth } from "../terminal/ansi.js";
 import { isRich, theme } from "../terminal/theme.js";
+import { hasRootVersionAlias } from "./argv.js";
 import { pickTagline } from "./tagline.js";
 import { resolveCliName } from "./cli-name.js";
 let bannerEmitted = false;
@@ -18,7 +19,7 @@ function splitGraphemes(value) {
     }
 }
 const hasJsonFlag = (argv) => argv.some((arg) => arg === "--json" || arg.startsWith("--json="));
-const hasVersionFlag = (argv) => argv.some((arg) => arg === "--version" || arg === "-V" || arg === "-v");
+const hasVersionFlag = (argv) => argv.some((arg) => arg === "--version" || arg === "-V") || hasRootVersionAlias(argv);
 export function formatCliBannerLine(version, options = {}) {
     const commit = options.commit ?? resolveCommitHash({ env: options.env });
     const commitLabel = commit ?? "unknown";