npm - @poolzin/pool-bot - Versions diffs - 2026.2.23 → 2026.2.25 - Mend

@poolzin/pool-bot 2026.2.23 → 2026.2.25

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (235) hide show

package/CHANGELOG.md +29 -0
package/dist/acp/client.js +207 -18
package/dist/acp/secret-file.js +22 -0
package/dist/agents/agent-scope.js +10 -0
package/dist/agents/bash-process-registry.test-helpers.js +29 -0
package/dist/agents/bash-tools.exec-approval-request.js +20 -0
package/dist/agents/bash-tools.exec-host-gateway.js +230 -0
package/dist/agents/bash-tools.exec-host-node.js +235 -0
package/dist/agents/bash-tools.exec-types.js +1 -0
package/dist/agents/bash-tools.process.js +224 -218
package/dist/agents/content-blocks.js +16 -0
package/dist/agents/model-fallback.js +96 -101
package/dist/agents/models-config.providers.js +299 -182
package/dist/agents/pi-embedded-payloads.js +1 -0
package/dist/agents/pi-embedded-runner/run.overflow-compaction.fixture.js +34 -0
package/dist/agents/skills.test-helpers.js +13 -0
package/dist/agents/stable-stringify.js +12 -0
package/dist/agents/subagent-registry.mocks.shared.js +12 -0
package/dist/agents/test-helpers/assistant-message-fixtures.js +29 -0
package/dist/agents/test-helpers/pi-tools-sandbox-context.js +27 -0
package/dist/agents/tool-policy-shared.js +108 -0
package/dist/agents/tools/browser-tool.js +160 -54
package/dist/agents/tools/cron-tool.test-helpers.js +12 -0
package/dist/agents/tools/discord-actions-moderation-shared.js +27 -0
package/dist/agents/tools/image-tool.js +214 -99
package/dist/agents/tools/sessions-history-tool.js +140 -108
package/dist/agents/workspace.js +222 -46
package/dist/auto-reply/commands-registry.js +15 -18
package/dist/auto-reply/fallback-state.js +114 -0
package/dist/auto-reply/model-runtime.js +68 -0
package/dist/auto-reply/reply/agent-runner-execution.js +36 -4
package/dist/auto-reply/reply/agent-runner.js +165 -39
package/dist/auto-reply/reply/commands-setunset-standard.js +13 -0
package/dist/browser/config.js +26 -0
package/dist/browser/navigation-guard.js +31 -0
package/dist/browser/routes/agent.act.js +431 -424
package/dist/browser/routes/agent.shared.js +47 -3
package/dist/browser/routes/agent.snapshot.js +122 -116
package/dist/browser/routes/agent.storage.js +303 -297
package/dist/browser/routes/tabs.js +154 -100
package/dist/browser/server-lifecycle.js +37 -0
package/dist/build-info.json +3 -3
package/dist/channels/allow-from.js +25 -0
package/dist/channels/plugins/account-action-gate.js +13 -0
package/dist/channels/plugins/message-actions.js +10 -0
package/dist/channels/telegram/api.js +18 -0
package/dist/cli/argv.js +84 -21
package/dist/cli/banner.js +2 -1
package/dist/cli/exec-approvals-cli.js +92 -124
package/dist/cli/memory-cli.js +158 -61
package/dist/cli/nodes-cli/register.push.js +63 -0
package/dist/cli/nodes-media-utils.js +21 -0
package/dist/cli/plugins-cli.js +245 -61
package/dist/cli/program/build-program.js +3 -1
package/dist/cli/program/command-registry.js +223 -136
package/dist/cli/program/help.js +43 -12
package/dist/cli/route.js +1 -1
package/dist/cli/test-runtime-capture.js +24 -0
package/dist/commands/agent.js +163 -87
package/dist/commands/channels.mock-harness.js +23 -0
package/dist/commands/daemon-install-runtime-warning.js +11 -0
package/dist/commands/onboard-helpers.js +4 -4
package/dist/commands/sessions.test-helpers.js +61 -0
package/dist/compat/legacy-names.js +2 -2
package/dist/config/commands.js +3 -0
package/dist/config/config.js +1 -1
package/dist/config/env-substitution.js +62 -34
package/dist/config/env-vars.js +9 -0
package/dist/config/io.js +571 -171
package/dist/config/merge-patch.js +50 -4
package/dist/config/redact-snapshot.js +404 -76
package/dist/config/schema.js +58 -570
package/dist/config/validation.js +140 -85
package/dist/config/zod-schema.hooks.js +40 -11
package/dist/config/zod-schema.installs.js +20 -0
package/dist/config/zod-schema.js +8 -7
package/dist/control-ui/assets/{index-HRr1grwl.js → index-Dvkl4Xlx.js} +2 -1
package/dist/control-ui/assets/{index-HRr1grwl.js.map → index-Dvkl4Xlx.js.map} +1 -1
package/dist/control-ui/index.html +1 -1
package/dist/daemon/cmd-argv.js +21 -0
package/dist/daemon/cmd-set.js +58 -0
package/dist/daemon/service-types.js +1 -0
package/dist/discord/monitor/exec-approvals.js +357 -162
package/dist/gateway/auth.js +38 -3
package/dist/gateway/call.js +149 -68
package/dist/gateway/canvas-capability.js +75 -0
package/dist/gateway/control-plane-audit.js +28 -0
package/dist/gateway/control-plane-rate-limit.js +53 -0
package/dist/gateway/events.js +1 -0
package/dist/gateway/hooks.js +109 -54
package/dist/gateway/http-common.js +22 -0
package/dist/gateway/method-scopes.js +169 -0
package/dist/gateway/net.js +23 -0
package/dist/gateway/openresponses-http.js +120 -110
package/dist/gateway/probe-auth.js +2 -0
package/dist/gateway/protocol/index.js +3 -2
package/dist/gateway/protocol/schema/protocol-schemas.js +2 -0
package/dist/gateway/protocol/schema/push.js +18 -0
package/dist/gateway/protocol/schema.js +1 -0
package/dist/gateway/server-http.js +236 -52
package/dist/gateway/server-methods/agent.js +162 -24
package/dist/gateway/server-methods/chat.js +461 -130
package/dist/gateway/server-methods/config.js +193 -150
package/dist/gateway/server-methods/nodes.helpers.js +12 -0
package/dist/gateway/server-methods/nodes.js +251 -69
package/dist/gateway/server-methods/push.js +53 -0
package/dist/gateway/server-reload-handlers.js +2 -3
package/dist/gateway/server-runtime-config.js +5 -0
package/dist/gateway/server-runtime-state.js +2 -0
package/dist/gateway/server-ws-runtime.js +1 -0
package/dist/gateway/server.impl.js +296 -139
package/dist/gateway/session-preview.test-helpers.js +11 -0
package/dist/gateway/startup-auth.js +126 -0
package/dist/gateway/test-helpers.agent-results.js +15 -0
package/dist/gateway/test-helpers.mocks.js +37 -14
package/dist/gateway/test-helpers.server.js +161 -77
package/dist/hooks/bundled/session-memory/handler.js +165 -34
package/dist/hooks/gmail-watcher-lifecycle.js +23 -0
package/dist/infra/archive-path.js +49 -0
package/dist/infra/device-pairing.js +148 -167
package/dist/infra/exec-approvals-allowlist.js +19 -70
package/dist/infra/exec-approvals-analysis.js +44 -17
package/dist/infra/exec-safe-bin-policy.js +269 -0
package/dist/infra/fixed-window-rate-limit.js +33 -0
package/dist/infra/git-root.js +61 -0
package/dist/infra/heartbeat-active-hours.js +2 -2
package/dist/infra/heartbeat-reason.js +40 -0
package/dist/infra/heartbeat-runner.js +72 -32
package/dist/infra/install-source-utils.js +91 -7
package/dist/infra/node-pairing.js +50 -105
package/dist/infra/npm-integrity.js +45 -0
package/dist/infra/npm-pack-install.js +40 -0
package/dist/infra/outbound/channel-adapters.js +20 -7
package/dist/infra/outbound/message-action-runner.js +107 -327
package/dist/infra/outbound/message.js +59 -36
package/dist/infra/outbound/outbound-policy.js +52 -25
package/dist/infra/outbound/outbound-send-service.js +58 -71
package/dist/infra/pairing-files.js +10 -0
package/dist/infra/plain-object.js +9 -0
package/dist/infra/push-apns.js +365 -0
package/dist/infra/restart-sentinel.js +16 -1
package/dist/infra/restart.js +229 -26
package/dist/infra/scp-host.js +54 -0
package/dist/infra/update-startup.js +86 -9
package/dist/media/inbound-path-policy.js +114 -0
package/dist/media/input-files.js +16 -0
package/dist/memory/test-manager.js +8 -0
package/dist/plugin-sdk/temp-path.js +47 -0
package/dist/plugins/discovery.js +217 -23
package/dist/plugins/hook-runner-global.js +16 -0
package/dist/plugins/loader.js +192 -26
package/dist/plugins/logger.js +8 -0
package/dist/plugins/manifest-registry.js +3 -0
package/dist/plugins/path-safety.js +34 -0
package/dist/plugins/registry.js +5 -2
package/dist/plugins/runtime/index.js +271 -206
package/dist/providers/github-copilot-models.js +4 -1
package/dist/security/audit-channel.js +8 -19
package/dist/security/audit-extra.async.js +354 -182
package/dist/security/audit-extra.js +11 -1
package/dist/security/audit-extra.sync.js +340 -33
package/dist/security/audit-fs.js +31 -13
package/dist/security/audit.js +145 -371
package/dist/security/dm-policy-shared.js +24 -0
package/dist/security/external-content.js +20 -8
package/dist/security/fix.js +49 -85
package/dist/security/scan-paths.js +20 -0
package/dist/security/secret-equal.js +3 -7
package/dist/security/windows-acl.js +30 -15
package/dist/shared/node-list-parse.js +13 -0
package/dist/shared/operator-scope-compat.js +37 -0
package/dist/shared/text-chunking.js +29 -0
package/dist/slack/blocks.test-helpers.js +31 -0
package/dist/slack/monitor/mrkdwn.js +8 -0
package/dist/telegram/bot-message-dispatch.js +366 -164
package/dist/telegram/draft-stream.js +30 -7
package/dist/telegram/reasoning-lane-coordinator.js +128 -0
package/dist/terminal/prompt-select-styled.js +9 -0
package/dist/test-utils/command-runner.js +6 -0
package/dist/test-utils/internal-hook-event-payload.js +10 -0
package/dist/test-utils/model-auth-mock.js +12 -0
package/dist/test-utils/provider-usage-fetch.js +14 -0
package/dist/test-utils/temp-home.js +33 -0
package/dist/tui/components/chat-log.js +9 -0
package/dist/tui/tui-command-handlers.js +36 -27
package/dist/tui/tui-event-handlers.js +122 -32
package/dist/tui/tui.js +181 -45
package/dist/utils/mask-api-key.js +10 -0
package/dist/utils/run-with-concurrency.js +39 -0
package/dist/web/media.js +4 -0
package/docs/tools/slash-commands.md +5 -1
package/extensions/bluebubbles/package.json +1 -1
package/extensions/copilot-proxy/package.json +1 -1
package/extensions/diagnostics-otel/package.json +1 -1
package/extensions/discord/package.json +1 -1
package/extensions/feishu/package.json +1 -1
package/extensions/feishu/src/external-keys.ts +19 -0
package/extensions/google-antigravity-auth/package.json +1 -1
package/extensions/google-gemini-cli-auth/package.json +1 -1
package/extensions/googlechat/package.json +1 -1
package/extensions/imessage/package.json +1 -1
package/extensions/irc/package.json +1 -1
package/extensions/line/package.json +1 -1
package/extensions/llm-task/package.json +1 -1
package/extensions/lobster/package.json +1 -1
package/extensions/lobster/src/windows-spawn.ts +193 -0
package/extensions/matrix/CHANGELOG.md +5 -0
package/extensions/matrix/package.json +1 -1
package/extensions/matrix/src/matrix/actions/limits.ts +6 -0
package/extensions/mattermost/package.json +1 -1
package/extensions/mattermost/src/mattermost/reactions.test-helpers.ts +83 -0
package/extensions/memory-core/package.json +1 -1
package/extensions/memory-lancedb/package.json +1 -1
package/extensions/minimax-portal-auth/package.json +1 -1
package/extensions/msteams/CHANGELOG.md +5 -0
package/extensions/msteams/package.json +1 -1
package/extensions/nextcloud-talk/package.json +1 -1
package/extensions/nostr/CHANGELOG.md +5 -0
package/extensions/nostr/package.json +1 -1
package/extensions/open-prose/package.json +1 -1
package/extensions/openai-codex-auth/package.json +1 -1
package/extensions/signal/package.json +1 -1
package/extensions/slack/package.json +1 -1
package/extensions/telegram/package.json +1 -1
package/extensions/tlon/package.json +1 -1
package/extensions/twitch/CHANGELOG.md +5 -0
package/extensions/twitch/package.json +1 -1
package/extensions/voice-call/CHANGELOG.md +5 -0
package/extensions/voice-call/package.json +1 -1
package/extensions/whatsapp/package.json +1 -1
package/extensions/zalo/CHANGELOG.md +5 -0
package/extensions/zalo/package.json +1 -1
package/extensions/zalouser/CHANGELOG.md +5 -0
package/extensions/zalouser/package.json +1 -1
package/package.json +1 -1

package/dist/agents/bash-tools.exec-host-node.js ADDED Viewed

@@ -0,0 +1,235 @@
+import crypto from "node:crypto";
+import { evaluateShellAllowlist, maxAsk, minSecurity, requiresExecApproval, resolveExecApprovals, resolveExecApprovalsFromFile, } from "../infra/exec-approvals.js";
+import { buildNodeShellCommand } from "../infra/node-shell.js";
+import { requestExecApprovalDecision } from "./bash-tools.exec-approval-request.js";
+import { DEFAULT_APPROVAL_TIMEOUT_MS, createApprovalSlug, emitExecSystemEvent, } from "./bash-tools.exec-runtime.js";
+import { callGatewayTool } from "./tools/gateway.js";
+import { listNodes, resolveNodeIdFromList } from "./tools/nodes-utils.js";
+export async function executeNodeHostCommand(params) {
+    const approvals = resolveExecApprovals(params.agentId, {
+        security: params.security,
+        ask: params.ask,
+    });
+    const hostSecurity = minSecurity(params.security, approvals.agent.security);
+    const hostAsk = maxAsk(params.ask, approvals.agent.ask);
+    const askFallback = approvals.agent.askFallback;
+    if (hostSecurity === "deny") {
+        throw new Error("exec denied: host=node security=deny");
+    }
+    if (params.boundNode && params.requestedNode && params.boundNode !== params.requestedNode) {
+        throw new Error(`exec node not allowed (bound to ${params.boundNode})`);
+    }
+    const nodeQuery = params.boundNode || params.requestedNode;
+    const nodes = await listNodes({});
+    if (nodes.length === 0) {
+        throw new Error("exec host=node requires a paired node (none available). This requires a companion app or node host.");
+    }
+    let nodeId;
+    try {
+        nodeId = resolveNodeIdFromList(nodes, nodeQuery, !nodeQuery);
+    }
+    catch (err) {
+        if (!nodeQuery && String(err).includes("node required")) {
+            throw new Error("exec host=node requires a node id when multiple nodes are available (set tools.exec.node or exec.node).", { cause: err });
+        }
+        throw err;
+    }
+    const nodeInfo = nodes.find((entry) => entry.nodeId === nodeId);
+    const supportsSystemRun = Array.isArray(nodeInfo?.commands)
+        ? nodeInfo?.commands?.includes("system.run")
+        : false;
+    if (!supportsSystemRun) {
+        throw new Error("exec host=node requires a node that supports system.run (companion app or node host).");
+    }
+    const argv = buildNodeShellCommand(params.command, nodeInfo?.platform);
+    const nodeEnv = params.requestedEnv ? { ...params.requestedEnv } : undefined;
+    const baseAllowlistEval = evaluateShellAllowlist({
+        command: params.command,
+        allowlist: [],
+        safeBins: new Set(),
+        cwd: params.workdir,
+        env: params.env,
+        platform: nodeInfo?.platform,
+        trustedSafeBinDirs: params.trustedSafeBinDirs,
+    });
+    let analysisOk = baseAllowlistEval.analysisOk;
+    let allowlistSatisfied = false;
+    if (hostAsk === "on-miss" && hostSecurity === "allowlist" && analysisOk) {
+        try {
+            const approvalsSnapshot = await callGatewayTool("exec.approvals.node.get", { timeoutMs: 10_000 }, { nodeId });
+            const approvalsFile = approvalsSnapshot && typeof approvalsSnapshot === "object"
+                ? approvalsSnapshot.file
+                : undefined;
+            if (approvalsFile && typeof approvalsFile === "object") {
+                const resolved = resolveExecApprovalsFromFile({
+                    file: approvalsFile,
+                    agentId: params.agentId,
+                    overrides: { security: "allowlist" },
+                });
+                // Allowlist-only precheck; safe bins are node-local and may diverge.
+                const allowlistEval = evaluateShellAllowlist({
+                    command: params.command,
+                    allowlist: resolved.allowlist,
+                    safeBins: new Set(),
+                    cwd: params.workdir,
+                    env: params.env,
+                    platform: nodeInfo?.platform,
+                    trustedSafeBinDirs: params.trustedSafeBinDirs,
+                });
+                allowlistSatisfied = allowlistEval.allowlistSatisfied;
+                analysisOk = allowlistEval.analysisOk;
+            }
+        }
+        catch {
+            // Fall back to requiring approval if node approvals cannot be fetched.
+        }
+    }
+    const requiresAsk = requiresExecApproval({
+        ask: hostAsk,
+        security: hostSecurity,
+        analysisOk,
+        allowlistSatisfied,
+    });
+    const invokeTimeoutMs = Math.max(10_000, (typeof params.timeoutSec === "number" ? params.timeoutSec : params.defaultTimeoutSec) * 1000 +
+        5_000);
+    const buildInvokeParams = (approvedByAsk, approvalDecision, runId) => ({
+        nodeId,
+        command: "system.run",
+        params: {
+            command: argv,
+            rawCommand: params.command,
+            cwd: params.workdir,
+            env: nodeEnv,
+            timeoutMs: typeof params.timeoutSec === "number" ? params.timeoutSec * 1000 : undefined,
+            agentId: params.agentId,
+            sessionKey: params.sessionKey,
+            approved: approvedByAsk,
+            approvalDecision: approvalDecision ?? undefined,
+            runId: runId ?? undefined,
+        },
+        idempotencyKey: crypto.randomUUID(),
+    });
+    if (requiresAsk) {
+        const approvalId = crypto.randomUUID();
+        const approvalSlug = createApprovalSlug(approvalId);
+        const expiresAtMs = Date.now() + DEFAULT_APPROVAL_TIMEOUT_MS;
+        const contextKey = `exec:${approvalId}`;
+        const noticeSeconds = Math.max(1, Math.round(params.approvalRunningNoticeMs / 1000));
+        const warningText = params.warnings.length ? `${params.warnings.join("\n")}\n\n` : "";
+        void (async () => {
+            let decision = null;
+            try {
+                decision = await requestExecApprovalDecision({
+                    id: approvalId,
+                    command: params.command,
+                    cwd: params.workdir,
+                    host: "node",
+                    security: hostSecurity,
+                    ask: hostAsk,
+                    agentId: params.agentId,
+                    sessionKey: params.sessionKey,
+                });
+            }
+            catch {
+                emitExecSystemEvent(`Exec denied (node=${nodeId} id=${approvalId}, approval-request-failed): ${params.command}`, { sessionKey: params.notifySessionKey, contextKey });
+                return;
+            }
+            let approvedByAsk = false;
+            let approvalDecision = null;
+            let deniedReason = null;
+            if (decision === "deny") {
+                deniedReason = "user-denied";
+            }
+            else if (!decision) {
+                if (askFallback === "full") {
+                    approvedByAsk = true;
+                    approvalDecision = "allow-once";
+                }
+                else if (askFallback === "allowlist") {
+                    // Defer allowlist enforcement to the node host.
+                }
+                else {
+                    deniedReason = "approval-timeout";
+                }
+            }
+            else if (decision === "allow-once") {
+                approvedByAsk = true;
+                approvalDecision = "allow-once";
+            }
+            else if (decision === "allow-always") {
+                approvedByAsk = true;
+                approvalDecision = "allow-always";
+            }
+            if (deniedReason) {
+                emitExecSystemEvent(`Exec denied (node=${nodeId} id=${approvalId}, ${deniedReason}): ${params.command}`, {
+                    sessionKey: params.notifySessionKey,
+                    contextKey,
+                });
+                return;
+            }
+            let runningTimer = null;
+            if (params.approvalRunningNoticeMs > 0) {
+                runningTimer = setTimeout(() => {
+                    emitExecSystemEvent(`Exec running (node=${nodeId} id=${approvalId}, >${noticeSeconds}s): ${params.command}`, { sessionKey: params.notifySessionKey, contextKey });
+                }, params.approvalRunningNoticeMs);
+            }
+            try {
+                await callGatewayTool("node.invoke", { timeoutMs: invokeTimeoutMs }, buildInvokeParams(approvedByAsk, approvalDecision, approvalId));
+            }
+            catch {
+                emitExecSystemEvent(`Exec denied (node=${nodeId} id=${approvalId}, invoke-failed): ${params.command}`, {
+                    sessionKey: params.notifySessionKey,
+                    contextKey,
+                });
+            }
+            finally {
+                if (runningTimer) {
+                    clearTimeout(runningTimer);
+                }
+            }
+        })();
+        return {
+            content: [
+                {
+                    type: "text",
+                    text: `${warningText}Approval required (id ${approvalSlug}). ` +
+                        "Approve to run; updates will arrive after completion.",
+                },
+            ],
+            details: {
+                status: "approval-pending",
+                approvalId,
+                approvalSlug,
+                expiresAtMs,
+                host: "node",
+                command: params.command,
+                cwd: params.workdir,
+                nodeId,
+            },
+        };
+    }
+    const startedAt = Date.now();
+    const raw = await callGatewayTool("node.invoke", { timeoutMs: invokeTimeoutMs }, buildInvokeParams(false, null));
+    const payload = raw && typeof raw === "object" ? raw.payload : undefined;
+    const payloadObj = payload && typeof payload === "object" ? payload : {};
+    const stdout = typeof payloadObj.stdout === "string" ? payloadObj.stdout : "";
+    const stderr = typeof payloadObj.stderr === "string" ? payloadObj.stderr : "";
+    const errorText = typeof payloadObj.error === "string" ? payloadObj.error : "";
+    const success = typeof payloadObj.success === "boolean" ? payloadObj.success : false;
+    const exitCode = typeof payloadObj.exitCode === "number" ? payloadObj.exitCode : null;
+    return {
+        content: [
+            {
+                type: "text",
+                text: stdout || stderr || errorText || "",
+            },
+        ],
+        details: {
+            status: success ? "completed" : "failed",
+            exitCode,
+            durationMs: Date.now() - startedAt,
+            aggregated: [stdout, stderr, errorText].filter(Boolean).join("\n"),
+            cwd: params.workdir,
+        },
+    };
+}

package/dist/agents/bash-tools.exec-types.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ export {};