npm - @poolzin/pool-bot - Versions diffs - 2026.2.23 → 2026.2.25 - Mend

@poolzin/pool-bot 2026.2.23 → 2026.2.25

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (235) hide show

package/CHANGELOG.md +29 -0
package/dist/acp/client.js +207 -18
package/dist/acp/secret-file.js +22 -0
package/dist/agents/agent-scope.js +10 -0
package/dist/agents/bash-process-registry.test-helpers.js +29 -0
package/dist/agents/bash-tools.exec-approval-request.js +20 -0
package/dist/agents/bash-tools.exec-host-gateway.js +230 -0
package/dist/agents/bash-tools.exec-host-node.js +235 -0
package/dist/agents/bash-tools.exec-types.js +1 -0
package/dist/agents/bash-tools.process.js +224 -218
package/dist/agents/content-blocks.js +16 -0
package/dist/agents/model-fallback.js +96 -101
package/dist/agents/models-config.providers.js +299 -182
package/dist/agents/pi-embedded-payloads.js +1 -0
package/dist/agents/pi-embedded-runner/run.overflow-compaction.fixture.js +34 -0
package/dist/agents/skills.test-helpers.js +13 -0
package/dist/agents/stable-stringify.js +12 -0
package/dist/agents/subagent-registry.mocks.shared.js +12 -0
package/dist/agents/test-helpers/assistant-message-fixtures.js +29 -0
package/dist/agents/test-helpers/pi-tools-sandbox-context.js +27 -0
package/dist/agents/tool-policy-shared.js +108 -0
package/dist/agents/tools/browser-tool.js +160 -54
package/dist/agents/tools/cron-tool.test-helpers.js +12 -0
package/dist/agents/tools/discord-actions-moderation-shared.js +27 -0
package/dist/agents/tools/image-tool.js +214 -99
package/dist/agents/tools/sessions-history-tool.js +140 -108
package/dist/agents/workspace.js +222 -46
package/dist/auto-reply/commands-registry.js +15 -18
package/dist/auto-reply/fallback-state.js +114 -0
package/dist/auto-reply/model-runtime.js +68 -0
package/dist/auto-reply/reply/agent-runner-execution.js +36 -4
package/dist/auto-reply/reply/agent-runner.js +165 -39
package/dist/auto-reply/reply/commands-setunset-standard.js +13 -0
package/dist/browser/config.js +26 -0
package/dist/browser/navigation-guard.js +31 -0
package/dist/browser/routes/agent.act.js +431 -424
package/dist/browser/routes/agent.shared.js +47 -3
package/dist/browser/routes/agent.snapshot.js +122 -116
package/dist/browser/routes/agent.storage.js +303 -297
package/dist/browser/routes/tabs.js +154 -100
package/dist/browser/server-lifecycle.js +37 -0
package/dist/build-info.json +3 -3
package/dist/channels/allow-from.js +25 -0
package/dist/channels/plugins/account-action-gate.js +13 -0
package/dist/channels/plugins/message-actions.js +10 -0
package/dist/channels/telegram/api.js +18 -0
package/dist/cli/argv.js +84 -21
package/dist/cli/banner.js +2 -1
package/dist/cli/exec-approvals-cli.js +92 -124
package/dist/cli/memory-cli.js +158 -61
package/dist/cli/nodes-cli/register.push.js +63 -0
package/dist/cli/nodes-media-utils.js +21 -0
package/dist/cli/plugins-cli.js +245 -61
package/dist/cli/program/build-program.js +3 -1
package/dist/cli/program/command-registry.js +223 -136
package/dist/cli/program/help.js +43 -12
package/dist/cli/route.js +1 -1
package/dist/cli/test-runtime-capture.js +24 -0
package/dist/commands/agent.js +163 -87
package/dist/commands/channels.mock-harness.js +23 -0
package/dist/commands/daemon-install-runtime-warning.js +11 -0
package/dist/commands/onboard-helpers.js +4 -4
package/dist/commands/sessions.test-helpers.js +61 -0
package/dist/compat/legacy-names.js +2 -2
package/dist/config/commands.js +3 -0
package/dist/config/config.js +1 -1
package/dist/config/env-substitution.js +62 -34
package/dist/config/env-vars.js +9 -0
package/dist/config/io.js +571 -171
package/dist/config/merge-patch.js +50 -4
package/dist/config/redact-snapshot.js +404 -76
package/dist/config/schema.js +58 -570
package/dist/config/validation.js +140 -85
package/dist/config/zod-schema.hooks.js +40 -11
package/dist/config/zod-schema.installs.js +20 -0
package/dist/config/zod-schema.js +8 -7
package/dist/control-ui/assets/{index-HRr1grwl.js → index-Dvkl4Xlx.js} +2 -1
package/dist/control-ui/assets/{index-HRr1grwl.js.map → index-Dvkl4Xlx.js.map} +1 -1
package/dist/control-ui/index.html +1 -1
package/dist/daemon/cmd-argv.js +21 -0
package/dist/daemon/cmd-set.js +58 -0
package/dist/daemon/service-types.js +1 -0
package/dist/discord/monitor/exec-approvals.js +357 -162
package/dist/gateway/auth.js +38 -3
package/dist/gateway/call.js +149 -68
package/dist/gateway/canvas-capability.js +75 -0
package/dist/gateway/control-plane-audit.js +28 -0
package/dist/gateway/control-plane-rate-limit.js +53 -0
package/dist/gateway/events.js +1 -0
package/dist/gateway/hooks.js +109 -54
package/dist/gateway/http-common.js +22 -0
package/dist/gateway/method-scopes.js +169 -0
package/dist/gateway/net.js +23 -0
package/dist/gateway/openresponses-http.js +120 -110
package/dist/gateway/probe-auth.js +2 -0
package/dist/gateway/protocol/index.js +3 -2
package/dist/gateway/protocol/schema/protocol-schemas.js +2 -0
package/dist/gateway/protocol/schema/push.js +18 -0
package/dist/gateway/protocol/schema.js +1 -0
package/dist/gateway/server-http.js +236 -52
package/dist/gateway/server-methods/agent.js +162 -24
package/dist/gateway/server-methods/chat.js +461 -130
package/dist/gateway/server-methods/config.js +193 -150
package/dist/gateway/server-methods/nodes.helpers.js +12 -0
package/dist/gateway/server-methods/nodes.js +251 -69
package/dist/gateway/server-methods/push.js +53 -0
package/dist/gateway/server-reload-handlers.js +2 -3
package/dist/gateway/server-runtime-config.js +5 -0
package/dist/gateway/server-runtime-state.js +2 -0
package/dist/gateway/server-ws-runtime.js +1 -0
package/dist/gateway/server.impl.js +296 -139
package/dist/gateway/session-preview.test-helpers.js +11 -0
package/dist/gateway/startup-auth.js +126 -0
package/dist/gateway/test-helpers.agent-results.js +15 -0
package/dist/gateway/test-helpers.mocks.js +37 -14
package/dist/gateway/test-helpers.server.js +161 -77
package/dist/hooks/bundled/session-memory/handler.js +165 -34
package/dist/hooks/gmail-watcher-lifecycle.js +23 -0
package/dist/infra/archive-path.js +49 -0
package/dist/infra/device-pairing.js +148 -167
package/dist/infra/exec-approvals-allowlist.js +19 -70
package/dist/infra/exec-approvals-analysis.js +44 -17
package/dist/infra/exec-safe-bin-policy.js +269 -0
package/dist/infra/fixed-window-rate-limit.js +33 -0
package/dist/infra/git-root.js +61 -0
package/dist/infra/heartbeat-active-hours.js +2 -2
package/dist/infra/heartbeat-reason.js +40 -0
package/dist/infra/heartbeat-runner.js +72 -32
package/dist/infra/install-source-utils.js +91 -7
package/dist/infra/node-pairing.js +50 -105
package/dist/infra/npm-integrity.js +45 -0
package/dist/infra/npm-pack-install.js +40 -0
package/dist/infra/outbound/channel-adapters.js +20 -7
package/dist/infra/outbound/message-action-runner.js +107 -327
package/dist/infra/outbound/message.js +59 -36
package/dist/infra/outbound/outbound-policy.js +52 -25
package/dist/infra/outbound/outbound-send-service.js +58 -71
package/dist/infra/pairing-files.js +10 -0
package/dist/infra/plain-object.js +9 -0
package/dist/infra/push-apns.js +365 -0
package/dist/infra/restart-sentinel.js +16 -1
package/dist/infra/restart.js +229 -26
package/dist/infra/scp-host.js +54 -0
package/dist/infra/update-startup.js +86 -9
package/dist/media/inbound-path-policy.js +114 -0
package/dist/media/input-files.js +16 -0
package/dist/memory/test-manager.js +8 -0
package/dist/plugin-sdk/temp-path.js +47 -0
package/dist/plugins/discovery.js +217 -23
package/dist/plugins/hook-runner-global.js +16 -0
package/dist/plugins/loader.js +192 -26
package/dist/plugins/logger.js +8 -0
package/dist/plugins/manifest-registry.js +3 -0
package/dist/plugins/path-safety.js +34 -0
package/dist/plugins/registry.js +5 -2
package/dist/plugins/runtime/index.js +271 -206
package/dist/providers/github-copilot-models.js +4 -1
package/dist/security/audit-channel.js +8 -19
package/dist/security/audit-extra.async.js +354 -182
package/dist/security/audit-extra.js +11 -1
package/dist/security/audit-extra.sync.js +340 -33
package/dist/security/audit-fs.js +31 -13
package/dist/security/audit.js +145 -371
package/dist/security/dm-policy-shared.js +24 -0
package/dist/security/external-content.js +20 -8
package/dist/security/fix.js +49 -85
package/dist/security/scan-paths.js +20 -0
package/dist/security/secret-equal.js +3 -7
package/dist/security/windows-acl.js +30 -15
package/dist/shared/node-list-parse.js +13 -0
package/dist/shared/operator-scope-compat.js +37 -0
package/dist/shared/text-chunking.js +29 -0
package/dist/slack/blocks.test-helpers.js +31 -0
package/dist/slack/monitor/mrkdwn.js +8 -0
package/dist/telegram/bot-message-dispatch.js +366 -164
package/dist/telegram/draft-stream.js +30 -7
package/dist/telegram/reasoning-lane-coordinator.js +128 -0
package/dist/terminal/prompt-select-styled.js +9 -0
package/dist/test-utils/command-runner.js +6 -0
package/dist/test-utils/internal-hook-event-payload.js +10 -0
package/dist/test-utils/model-auth-mock.js +12 -0
package/dist/test-utils/provider-usage-fetch.js +14 -0
package/dist/test-utils/temp-home.js +33 -0
package/dist/tui/components/chat-log.js +9 -0
package/dist/tui/tui-command-handlers.js +36 -27
package/dist/tui/tui-event-handlers.js +122 -32
package/dist/tui/tui.js +181 -45
package/dist/utils/mask-api-key.js +10 -0
package/dist/utils/run-with-concurrency.js +39 -0
package/dist/web/media.js +4 -0
package/docs/tools/slash-commands.md +5 -1
package/extensions/bluebubbles/package.json +1 -1
package/extensions/copilot-proxy/package.json +1 -1
package/extensions/diagnostics-otel/package.json +1 -1
package/extensions/discord/package.json +1 -1
package/extensions/feishu/package.json +1 -1
package/extensions/feishu/src/external-keys.ts +19 -0
package/extensions/google-antigravity-auth/package.json +1 -1
package/extensions/google-gemini-cli-auth/package.json +1 -1
package/extensions/googlechat/package.json +1 -1
package/extensions/imessage/package.json +1 -1
package/extensions/irc/package.json +1 -1
package/extensions/line/package.json +1 -1
package/extensions/llm-task/package.json +1 -1
package/extensions/lobster/package.json +1 -1
package/extensions/lobster/src/windows-spawn.ts +193 -0
package/extensions/matrix/CHANGELOG.md +5 -0
package/extensions/matrix/package.json +1 -1
package/extensions/matrix/src/matrix/actions/limits.ts +6 -0
package/extensions/mattermost/package.json +1 -1
package/extensions/mattermost/src/mattermost/reactions.test-helpers.ts +83 -0
package/extensions/memory-core/package.json +1 -1
package/extensions/memory-lancedb/package.json +1 -1
package/extensions/minimax-portal-auth/package.json +1 -1
package/extensions/msteams/CHANGELOG.md +5 -0
package/extensions/msteams/package.json +1 -1
package/extensions/nextcloud-talk/package.json +1 -1
package/extensions/nostr/CHANGELOG.md +5 -0
package/extensions/nostr/package.json +1 -1
package/extensions/open-prose/package.json +1 -1
package/extensions/openai-codex-auth/package.json +1 -1
package/extensions/signal/package.json +1 -1
package/extensions/slack/package.json +1 -1
package/extensions/telegram/package.json +1 -1
package/extensions/tlon/package.json +1 -1
package/extensions/twitch/CHANGELOG.md +5 -0
package/extensions/twitch/package.json +1 -1
package/extensions/voice-call/CHANGELOG.md +5 -0
package/extensions/voice-call/package.json +1 -1
package/extensions/whatsapp/package.json +1 -1
package/extensions/zalo/CHANGELOG.md +5 -0
package/extensions/zalo/package.json +1 -1
package/extensions/zalouser/CHANGELOG.md +5 -0
package/extensions/zalouser/package.json +1 -1
package/package.json +1 -1

package/dist/infra/restart.js CHANGED Viewed

@@ -1,15 +1,109 @@
 import { spawnSync } from "node:child_process";
 import { resolveGatewayLaunchAgentLabel, resolveGatewaySystemdServiceName, } from "../daemon/constants.js";
+import { createSubsystemLogger } from "../logging/subsystem.js";
 const SPAWN_TIMEOUT_MS = 2000;
 const SIGUSR1_AUTH_GRACE_MS = 5000;
+const DEFAULT_DEFERRAL_POLL_MS = 500;
+const DEFAULT_DEFERRAL_MAX_WAIT_MS = 30_000;
+const RESTART_COOLDOWN_MS = 30_000;
+const restartLog = createSubsystemLogger("restart");
 let sigusr1AuthorizedCount = 0;
 let sigusr1AuthorizedUntil = 0;
 let sigusr1ExternalAllowed = false;
+let preRestartCheck = null;
+let restartCycleToken = 0;
+let emittedRestartToken = 0;
+let consumedRestartToken = 0;
+let lastRestartEmittedAt = 0;
+let pendingRestartTimer = null;
+let pendingRestartDueAt = 0;
+let pendingRestartReason;
+function hasUnconsumedRestartSignal() {
+    return emittedRestartToken > consumedRestartToken;
+}
+function clearPendingScheduledRestart() {
+    if (pendingRestartTimer) {
+        clearTimeout(pendingRestartTimer);
+    }
+    pendingRestartTimer = null;
+    pendingRestartDueAt = 0;
+    pendingRestartReason = undefined;
+}
+function summarizeChangedPaths(paths, maxPaths = 6) {
+    if (!Array.isArray(paths) || paths.length === 0) {
+        return null;
+    }
+    if (paths.length <= maxPaths) {
+        return paths.join(",");
+    }
+    const head = paths.slice(0, maxPaths).join(",");
+    return `${head},+${paths.length - maxPaths} more`;
+}
+function formatRestartAudit(audit) {
+    const actor = typeof audit?.actor === "string" && audit.actor.trim() ? audit.actor.trim() : null;
+    const deviceId = typeof audit?.deviceId === "string" && audit.deviceId.trim() ? audit.deviceId.trim() : null;
+    const clientIp = typeof audit?.clientIp === "string" && audit.clientIp.trim() ? audit.clientIp.trim() : null;
+    const changed = summarizeChangedPaths(audit?.changedPaths);
+    const fields = [];
+    if (actor) {
+        fields.push(`actor=${actor}`);
+    }
+    if (deviceId) {
+        fields.push(`device=${deviceId}`);
+    }
+    if (clientIp) {
+        fields.push(`ip=${clientIp}`);
+    }
+    if (changed) {
+        fields.push(`changedPaths=${changed}`);
+    }
+    return fields.length > 0 ? fields.join(" ") : "actor=<unknown>";
+}
+/**
+ * Register a callback that scheduleGatewaySigusr1Restart checks before emitting SIGUSR1.
+ * The callback should return the number of pending items (0 = safe to restart).
+ */
+export function setPreRestartDeferralCheck(fn) {
+    preRestartCheck = fn;
+}
+/**
+ * Emit an authorized SIGUSR1 gateway restart, guarded against duplicate emissions.
+ * Returns true if SIGUSR1 was emitted, false if a restart was already emitted.
+ * Both scheduleGatewaySigusr1Restart and the config watcher should use this
+ * to ensure only one restart fires.
+ */
+export function emitGatewayRestart() {
+    if (hasUnconsumedRestartSignal()) {
+        clearPendingScheduledRestart();
+        return false;
+    }
+    clearPendingScheduledRestart();
+    const cycleToken = ++restartCycleToken;
+    emittedRestartToken = cycleToken;
+    authorizeGatewaySigusr1Restart();
+    try {
+        if (process.listenerCount("SIGUSR1") > 0) {
+            process.emit("SIGUSR1");
+        }
+        else {
+            process.kill(process.pid, "SIGUSR1");
+        }
+    }
+    catch {
+        // Roll back the cycle marker so future restart requests can still proceed.
+        emittedRestartToken = consumedRestartToken;
+        return false;
+    }
+    lastRestartEmittedAt = Date.now();
+    return true;
+}
 function resetSigusr1AuthorizationIfExpired(now = Date.now()) {
-    if (sigusr1AuthorizedCount <= 0)
+    if (sigusr1AuthorizedCount <= 0) {
         return;
-    if (now <= sigusr1AuthorizedUntil)
+    }
+    if (now <= sigusr1AuthorizedUntil) {
         return;
+    }
     sigusr1AuthorizedCount = 0;
     sigusr1AuthorizedUntil = 0;
 }
@@ -19,7 +113,7 @@ export function setGatewaySigusr1RestartPolicy(opts) {
 export function isGatewaySigusr1RestartExternallyAllowed() {
     return sigusr1ExternalAllowed;
 }
-export function authorizeGatewaySigusr1Restart(delayMs = 0) {
+function authorizeGatewaySigusr1Restart(delayMs = 0) {
     const delay = Math.max(0, Math.floor(delayMs));
     const expiresAt = Date.now() + delay + SIGUSR1_AUTH_GRACE_MS;
     sigusr1AuthorizedCount += 1;
@@ -29,24 +123,87 @@ export function authorizeGatewaySigusr1Restart(delayMs = 0) {
 }
 export function consumeGatewaySigusr1RestartAuthorization() {
     resetSigusr1AuthorizationIfExpired();
-    if (sigusr1AuthorizedCount <= 0)
+    if (sigusr1AuthorizedCount <= 0) {
         return false;
+    }
     sigusr1AuthorizedCount -= 1;
     if (sigusr1AuthorizedCount <= 0) {
         sigusr1AuthorizedUntil = 0;
     }
     return true;
 }
+/**
+ * Mark the currently emitted SIGUSR1 restart cycle as consumed by the run loop.
+ * This explicitly advances the cycle state instead of resetting emit guards inside
+ * consumeGatewaySigusr1RestartAuthorization().
+ */
+export function markGatewaySigusr1RestartHandled() {
+    if (hasUnconsumedRestartSignal()) {
+        consumedRestartToken = emittedRestartToken;
+    }
+}
+/**
+ * Poll pending work until it drains (or times out), then emit one restart signal.
+ * Shared by both the direct RPC restart path and the config watcher path.
+ */
+export function deferGatewayRestartUntilIdle(opts) {
+    const pollMsRaw = opts.pollMs ?? DEFAULT_DEFERRAL_POLL_MS;
+    const pollMs = Math.max(10, Math.floor(pollMsRaw));
+    const maxWaitMsRaw = opts.maxWaitMs ?? DEFAULT_DEFERRAL_MAX_WAIT_MS;
+    const maxWaitMs = Math.max(pollMs, Math.floor(maxWaitMsRaw));
+    let pending;
+    try {
+        pending = opts.getPendingCount();
+    }
+    catch (err) {
+        opts.hooks?.onCheckError?.(err);
+        emitGatewayRestart();
+        return;
+    }
+    if (pending <= 0) {
+        opts.hooks?.onReady?.();
+        emitGatewayRestart();
+        return;
+    }
+    opts.hooks?.onDeferring?.(pending);
+    const startedAt = Date.now();
+    const poll = setInterval(() => {
+        let current;
+        try {
+            current = opts.getPendingCount();
+        }
+        catch (err) {
+            clearInterval(poll);
+            opts.hooks?.onCheckError?.(err);
+            emitGatewayRestart();
+            return;
+        }
+        if (current <= 0) {
+            clearInterval(poll);
+            opts.hooks?.onReady?.();
+            emitGatewayRestart();
+            return;
+        }
+        const elapsedMs = Date.now() - startedAt;
+        if (elapsedMs >= maxWaitMs) {
+            clearInterval(poll);
+            opts.hooks?.onTimeout?.(current, elapsedMs);
+            emitGatewayRestart();
+        }
+    }, pollMs);
+}
 function formatSpawnDetail(result) {
     const clean = (value) => {
         const text = typeof value === "string" ? value : value ? value.toString() : "";
         return text.replace(/\s+/g, " ").trim();
     };
     if (result.error) {
-        if (result.error instanceof Error)
+        if (result.error instanceof Error) {
             return result.error.message;
-        if (typeof result.error === "string")
+        }
+        if (typeof result.error === "string") {
             return result.error;
+        }
         try {
             return JSON.stringify(result.error);
         }
@@ -55,13 +212,16 @@ function formatSpawnDetail(result) {
         }
     }
     const stderr = clean(result.stderr);
-    if (stderr)
+    if (stderr) {
         return stderr;
+    }
     const stdout = clean(result.stdout);
-    if (stdout)
+    if (stdout) {
         return stdout;
-    if (typeof result.status === "number")
+    }
+    if (typeof result.status === "number") {
         return `exit ${result.status}`;
+    }
     return "unknown error";
 }
 function normalizeSystemdUnit(raw, profile) {
@@ -138,29 +298,66 @@ export function scheduleGatewaySigusr1Restart(opts) {
     const reason = typeof opts?.reason === "string" && opts.reason.trim()
         ? opts.reason.trim().slice(0, 200)
         : undefined;
-    authorizeGatewaySigusr1Restart(delayMs);
-    const pid = process.pid;
-    const hasListener = process.listenerCount("SIGUSR1") > 0;
-    setTimeout(() => {
-        try {
-            if (hasListener) {
-                process.emit("SIGUSR1");
-            }
-            else {
-                process.kill(pid, "SIGUSR1");
-            }
+    const mode = process.listenerCount("SIGUSR1") > 0 ? "emit" : "signal";
+    const nowMs = Date.now();
+    const cooldownMsApplied = Math.max(0, lastRestartEmittedAt + RESTART_COOLDOWN_MS - nowMs);
+    const requestedDueAt = nowMs + delayMs + cooldownMsApplied;
+    if (hasUnconsumedRestartSignal()) {
+        restartLog.warn(`restart request coalesced (already in-flight) reason=${reason ?? "unspecified"} ${formatRestartAudit(opts?.audit)}`);
+        return {
+            ok: true,
+            pid: process.pid,
+            signal: "SIGUSR1",
+            delayMs: 0,
+            reason,
+            mode,
+            coalesced: true,
+            cooldownMsApplied,
+        };
+    }
+    if (pendingRestartTimer) {
+        const remainingMs = Math.max(0, pendingRestartDueAt - nowMs);
+        const shouldPullEarlier = requestedDueAt < pendingRestartDueAt;
+        if (shouldPullEarlier) {
+            restartLog.warn(`restart request rescheduled earlier reason=${reason ?? "unspecified"} pendingReason=${pendingRestartReason ?? "unspecified"} oldDelayMs=${remainingMs} newDelayMs=${Math.max(0, requestedDueAt - nowMs)} ${formatRestartAudit(opts?.audit)}`);
+            clearPendingScheduledRestart();
         }
-        catch {
-            /* ignore */
+        else {
+            restartLog.warn(`restart request coalesced (already scheduled) reason=${reason ?? "unspecified"} pendingReason=${pendingRestartReason ?? "unspecified"} delayMs=${remainingMs} ${formatRestartAudit(opts?.audit)}`);
+            return {
+                ok: true,
+                pid: process.pid,
+                signal: "SIGUSR1",
+                delayMs: remainingMs,
+                reason,
+                mode,
+                coalesced: true,
+                cooldownMsApplied,
+            };
+        }
+    }
+    pendingRestartDueAt = requestedDueAt;
+    pendingRestartReason = reason;
+    pendingRestartTimer = setTimeout(() => {
+        pendingRestartTimer = null;
+        pendingRestartDueAt = 0;
+        pendingRestartReason = undefined;
+        const pendingCheck = preRestartCheck;
+        if (!pendingCheck) {
+            emitGatewayRestart();
+            return;
         }
-    }, delayMs);
+        deferGatewayRestartUntilIdle({ getPendingCount: pendingCheck });
+    }, Math.max(0, requestedDueAt - nowMs));
     return {
         ok: true,
-        pid,
+        pid: process.pid,
         signal: "SIGUSR1",
-        delayMs,
+        delayMs: Math.max(0, requestedDueAt - nowMs),
         reason,
-        mode: hasListener ? "emit" : "signal",
+        mode,
+        coalesced: false,
+        cooldownMsApplied,
     };
 }
 export const __testing = {
@@ -168,5 +365,11 @@ export const __testing = {
         sigusr1AuthorizedCount = 0;
         sigusr1AuthorizedUntil = 0;
         sigusr1ExternalAllowed = false;
+        preRestartCheck = null;
+        restartCycleToken = 0;
+        emittedRestartToken = 0;
+        consumedRestartToken = 0;
+        lastRestartEmittedAt = 0;
+        clearPendingScheduledRestart();
     },
 };

package/dist/infra/scp-host.js ADDED Viewed

@@ -0,0 +1,54 @@
+const SSH_TOKEN = /^[A-Za-z0-9._-]+$/;
+const BRACKETED_IPV6 = /^\[[0-9A-Fa-f:.%]+\]$/;
+const WHITESPACE = /\s/;
+function hasControlOrWhitespace(value) {
+    for (const char of value) {
+        const code = char.charCodeAt(0);
+        if (code <= 0x1f || code === 0x7f || WHITESPACE.test(char)) {
+            return true;
+        }
+    }
+    return false;
+}
+export function normalizeScpRemoteHost(value) {
+    if (typeof value !== "string") {
+        return undefined;
+    }
+    const trimmed = value.trim();
+    if (!trimmed) {
+        return undefined;
+    }
+    if (hasControlOrWhitespace(trimmed)) {
+        return undefined;
+    }
+    if (trimmed.startsWith("-") || trimmed.includes("/") || trimmed.includes("\\")) {
+        return undefined;
+    }
+    const firstAt = trimmed.indexOf("@");
+    const lastAt = trimmed.lastIndexOf("@");
+    let user;
+    let host = trimmed;
+    if (firstAt !== -1) {
+        if (firstAt !== lastAt || firstAt === 0 || firstAt === trimmed.length - 1) {
+            return undefined;
+        }
+        user = trimmed.slice(0, firstAt);
+        host = trimmed.slice(firstAt + 1);
+        if (!SSH_TOKEN.test(user)) {
+            return undefined;
+        }
+    }
+    if (!host || host.startsWith("-") || host.includes("@")) {
+        return undefined;
+    }
+    if (host.includes(":") && !BRACKETED_IPV6.test(host)) {
+        return undefined;
+    }
+    if (!SSH_TOKEN.test(host) && !BRACKETED_IPV6.test(host)) {
+        return undefined;
+    }
+    return user ? `${user}@${host}` : host;
+}
+export function isSafeScpRemoteHost(value) {
+    return normalizeScpRemoteHost(value) !== undefined;
+}

package/dist/infra/update-startup.js CHANGED Viewed

@@ -1,18 +1,27 @@
 import fs from "node:fs/promises";
 import path from "node:path";
+import { formatCliCommand } from "../cli/command-format.js";
 import { resolveStateDir } from "../config/paths.js";
+import { VERSION } from "../version.js";
 import { resolvePoolBotPackageRoot } from "./poolbot-root.js";
-import { compareSemverStrings, resolveNpmChannelTag, checkUpdateStatus } from "./update-check.js";
 import { normalizeUpdateChannel, DEFAULT_PACKAGE_CHANNEL } from "./update-channels.js";
-import { VERSION } from "../version.js";
-import { formatCliCommand } from "../cli/command-format.js";
+import { compareSemverStrings, resolveNpmChannelTag, checkUpdateStatus } from "./update-check.js";
+let updateAvailableCache = null;
+export function getUpdateAvailable() {
+    return updateAvailableCache;
+}
+export function resetUpdateAvailableStateForTest() {
+    updateAvailableCache = null;
+}
 const UPDATE_CHECK_FILENAME = "update-check.json";
 const UPDATE_CHECK_INTERVAL_MS = 24 * 60 * 60 * 1000;
 function shouldSkipCheck(allowInTests) {
-    if (allowInTests)
+    if (allowInTests) {
         return false;
-    if (process.env.VITEST || process.env.NODE_ENV === "test")
+    }
+    if (process.env.VITEST || process.env.NODE_ENV === "test") {
         return true;
+    }
     return false;
 }
 async function readState(statePath) {
@@ -29,20 +38,63 @@ async function writeState(statePath, state) {
     await fs.mkdir(path.dirname(statePath), { recursive: true });
     await fs.writeFile(statePath, JSON.stringify(state, null, 2), "utf-8");
 }
+function sameUpdateAvailable(a, b) {
+    if (a === b) {
+        return true;
+    }
+    if (!a || !b) {
+        return false;
+    }
+    return (a.currentVersion === b.currentVersion &&
+        a.latestVersion === b.latestVersion &&
+        a.channel === b.channel);
+}
+function setUpdateAvailableCache(params) {
+    if (sameUpdateAvailable(updateAvailableCache, params.next)) {
+        return;
+    }
+    updateAvailableCache = params.next;
+    params.onUpdateAvailableChange?.(params.next);
+}
+function resolvePersistedUpdateAvailable(state) {
+    const latestVersion = state.lastAvailableVersion?.trim();
+    if (!latestVersion) {
+        return null;
+    }
+    const cmp = compareSemverStrings(VERSION, latestVersion);
+    if (cmp == null || cmp >= 0) {
+        return null;
+    }
+    const channel = state.lastAvailableTag?.trim() || DEFAULT_PACKAGE_CHANNEL;
+    return {
+        currentVersion: VERSION,
+        latestVersion,
+        channel,
+    };
+}
 export async function runGatewayUpdateCheck(params) {
-    if (shouldSkipCheck(Boolean(params.allowInTests)))
+    if (shouldSkipCheck(Boolean(params.allowInTests))) {
         return;
-    if (params.isNixMode)
+    }
+    if (params.isNixMode) {
         return;
-    if (params.cfg.update?.checkOnStart === false)
+    }
+    if (params.cfg.update?.checkOnStart === false) {
         return;
+    }
     const statePath = path.join(resolveStateDir(), UPDATE_CHECK_FILENAME);
     const state = await readState(statePath);
     const now = Date.now();
     const lastCheckedAt = state.lastCheckedAt ? Date.parse(state.lastCheckedAt) : null;
+    const persistedAvailable = resolvePersistedUpdateAvailable(state);
+    setUpdateAvailableCache({
+        next: persistedAvailable,
+        onUpdateAvailableChange: params.onUpdateAvailableChange,
+    });
     if (lastCheckedAt && Number.isFinite(lastCheckedAt)) {
-        if (now - lastCheckedAt < UPDATE_CHECK_INTERVAL_MS)
+        if (now - lastCheckedAt < UPDATE_CHECK_INTERVAL_MS) {
             return;
+        }
     }
     const root = await resolvePoolBotPackageRoot({
         moduleUrl: import.meta.url,
@@ -60,6 +112,12 @@ export async function runGatewayUpdateCheck(params) {
         lastCheckedAt: new Date(now).toISOString(),
     };
     if (status.installKind !== "package") {
+        delete nextState.lastAvailableVersion;
+        delete nextState.lastAvailableTag;
+        setUpdateAvailableCache({
+            next: null,
+            onUpdateAvailableChange: params.onUpdateAvailableChange,
+        });
         await writeState(statePath, nextState);
         return;
     }
@@ -72,6 +130,17 @@ export async function runGatewayUpdateCheck(params) {
     }
     const cmp = compareSemverStrings(VERSION, resolved.version);
     if (cmp != null && cmp < 0) {
+        const nextAvailable = {
+            currentVersion: VERSION,
+            latestVersion: resolved.version,
+            channel: tag,
+        };
+        setUpdateAvailableCache({
+            next: nextAvailable,
+            onUpdateAvailableChange: params.onUpdateAvailableChange,
+        });
+        nextState.lastAvailableVersion = resolved.version;
+        nextState.lastAvailableTag = tag;
         const shouldNotify = state.lastNotifiedVersion !== resolved.version || state.lastNotifiedTag !== tag;
         if (shouldNotify) {
             params.log.info(`update available (${tag}): v${resolved.version} (current v${VERSION}). Run: ${formatCliCommand("poolbot update")}`);
@@ -79,6 +148,14 @@ export async function runGatewayUpdateCheck(params) {
             nextState.lastNotifiedTag = tag;
         }
     }
+    else {
+        delete nextState.lastAvailableVersion;
+        delete nextState.lastAvailableTag;
+        setUpdateAvailableCache({
+            next: null,
+            onUpdateAvailableChange: params.onUpdateAvailableChange,
+        });
+    }
     await writeState(statePath, nextState);
 }
 export function scheduleGatewayUpdateCheck(params) {

package/dist/media/inbound-path-policy.js ADDED Viewed

@@ -0,0 +1,114 @@
+import path from "node:path";
+const WILDCARD_SEGMENT = "*";
+const WINDOWS_DRIVE_ABS_RE = /^[A-Za-z]:\//;
+const WINDOWS_DRIVE_ROOT_RE = /^[A-Za-z]:$/;
+export const DEFAULT_IMESSAGE_ATTACHMENT_ROOTS = ["/Users/*/Library/Messages/Attachments"];
+function normalizePosixAbsolutePath(value) {
+    const trimmed = value.trim();
+    if (!trimmed || trimmed.includes("\0")) {
+        return undefined;
+    }
+    const normalized = path.posix.normalize(trimmed.replaceAll("\\", "/"));
+    const isAbsolute = normalized.startsWith("/") || WINDOWS_DRIVE_ABS_RE.test(normalized);
+    if (!isAbsolute || normalized === "/") {
+        return undefined;
+    }
+    const withoutTrailingSlash = normalized.endsWith("/") ? normalized.slice(0, -1) : normalized;
+    if (WINDOWS_DRIVE_ROOT_RE.test(withoutTrailingSlash)) {
+        return undefined;
+    }
+    return withoutTrailingSlash;
+}
+function splitPathSegments(value) {
+    return value.split("/").filter(Boolean);
+}
+function matchesRootPattern(params) {
+    const candidateSegments = splitPathSegments(params.candidatePath);
+    const rootSegments = splitPathSegments(params.rootPattern);
+    if (candidateSegments.length < rootSegments.length) {
+        return false;
+    }
+    for (let idx = 0; idx < rootSegments.length; idx += 1) {
+        const expected = rootSegments[idx];
+        const actual = candidateSegments[idx];
+        if (expected === WILDCARD_SEGMENT) {
+            continue;
+        }
+        if (expected !== actual) {
+            return false;
+        }
+    }
+    return true;
+}
+export function isValidInboundPathRootPattern(value) {
+    const normalized = normalizePosixAbsolutePath(value);
+    if (!normalized) {
+        return false;
+    }
+    const segments = splitPathSegments(normalized);
+    if (segments.length === 0) {
+        return false;
+    }
+    return segments.every((segment) => segment === WILDCARD_SEGMENT || !segment.includes("*"));
+}
+export function normalizeInboundPathRoots(roots) {
+    const normalized = [];
+    const seen = new Set();
+    for (const root of roots ?? []) {
+        if (typeof root !== "string") {
+            continue;
+        }
+        if (!isValidInboundPathRootPattern(root)) {
+            continue;
+        }
+        const candidate = normalizePosixAbsolutePath(root);
+        if (!candidate || seen.has(candidate)) {
+            continue;
+        }
+        seen.add(candidate);
+        normalized.push(candidate);
+    }
+    return normalized;
+}
+export function mergeInboundPathRoots(...rootsLists) {
+    const merged = [];
+    const seen = new Set();
+    for (const roots of rootsLists) {
+        const normalized = normalizeInboundPathRoots(roots);
+        for (const root of normalized) {
+            if (seen.has(root)) {
+                continue;
+            }
+            seen.add(root);
+            merged.push(root);
+        }
+    }
+    return merged;
+}
+export function isInboundPathAllowed(params) {
+    const candidatePath = normalizePosixAbsolutePath(params.filePath);
+    if (!candidatePath) {
+        return false;
+    }
+    const roots = normalizeInboundPathRoots(params.roots);
+    const effectiveRoots = roots.length > 0 ? roots : normalizeInboundPathRoots(params.fallbackRoots ?? undefined);
+    if (effectiveRoots.length === 0) {
+        return false;
+    }
+    return effectiveRoots.some((rootPattern) => matchesRootPattern({ candidatePath, rootPattern }));
+}
+function resolveIMessageAccountConfig(params) {
+    const accountId = params.accountId?.trim();
+    if (!accountId) {
+        return undefined;
+    }
+    return params.cfg.channels?.imessage?.accounts?.[accountId];
+}
+export function resolveIMessageAttachmentRoots(params) {
+    const accountConfig = resolveIMessageAccountConfig(params);
+    return mergeInboundPathRoots(accountConfig?.attachmentRoots, params.cfg.channels?.imessage?.attachmentRoots, DEFAULT_IMESSAGE_ATTACHMENT_ROOTS);
+}
+export function resolveIMessageRemoteAttachmentRoots(params) {
+    const accountConfig = resolveIMessageAccountConfig(params);
+    return mergeInboundPathRoots(accountConfig?.remoteAttachmentRoots, params.cfg.channels?.imessage?.remoteAttachmentRoots, accountConfig?.attachmentRoots, params.cfg.channels?.imessage?.attachmentRoots, DEFAULT_IMESSAGE_ATTACHMENT_ROOTS);
+}

package/dist/media/input-files.js CHANGED Viewed

@@ -62,6 +62,22 @@ export function normalizeMimeList(values, fallback) {
     const input = values && values.length > 0 ? values : fallback;
     return new Set(input.map((value) => normalizeMimeType(value)).filter(Boolean));
 }
+export function resolveInputFileLimits(config) {
+    return {
+        allowUrl: config?.allowUrl ?? true,
+        allowedMimes: normalizeMimeList(config?.allowedMimes, DEFAULT_INPUT_FILE_MIMES),
+        maxBytes: config?.maxBytes ?? DEFAULT_INPUT_FILE_MAX_BYTES,
+        maxChars: config?.maxChars ?? DEFAULT_INPUT_FILE_MAX_CHARS,
+        maxRedirects: config?.maxRedirects ?? DEFAULT_INPUT_MAX_REDIRECTS,
+        timeoutMs: config?.timeoutMs ?? DEFAULT_INPUT_TIMEOUT_MS,
+        urlAllowlist: config?.urlAllowlist,
+        pdf: {
+            maxPages: config?.pdf?.maxPages ?? DEFAULT_INPUT_PDF_MAX_PAGES,
+            maxPixels: config?.pdf?.maxPixels ?? DEFAULT_INPUT_PDF_MAX_PIXELS,
+            minTextChars: config?.pdf?.minTextChars ?? DEFAULT_INPUT_PDF_MIN_TEXT_CHARS,
+        },
+    };
+}
 export async function fetchWithGuard(params) {
     let currentUrl = params.url;
     let redirectCount = 0;

package/dist/memory/test-manager.js ADDED Viewed

@@ -0,0 +1,8 @@
+import { getMemorySearchManager } from "./index.js";
+export async function createMemoryManagerOrThrow(cfg, agentId = "main") {
+    const result = await getMemorySearchManager({ cfg, agentId });
+    if (!result.manager) {
+        throw new Error("manager missing");
+    }
+    return result.manager;
+}