@poolzin/pool-bot 2026.2.23 → 2026.2.25

package/dist/plugins/loader.js

@@ -3,37 +3,43 @@ import path from "node:path";
 import { fileURLToPath } from "node:url";
 import { createJiti } from "jiti";
 import { createSubsystemLogger } from "../logging/subsystem.js";
+import { isPathInsideWithRealpath } from "../security/scan-paths.js";
 import { resolveUserPath } from "../utils.js";
+import { clearPluginCommands } from "./commands.js";
+import { applyTestPluginDefaults, normalizePluginsConfig, resolveEnableState, resolveMemorySlotDecision, } from "./config-state.js";
 import { discoverPoolBotPlugins } from "./discovery.js";
-import { loadPluginManifestRegistry } from "./manifest-registry.js";
-import { normalizePluginsConfig, resolveEnableState, resolveMemorySlotDecision, } from "./config-state.js";
 import { initializeGlobalHookRunner } from "./hook-runner-global.js";
-import { clearPluginCommands } from "./commands.js";
+import { loadPluginManifestRegistry } from "./manifest-registry.js";
+import { isPathInside, safeStatSync } from "./path-safety.js";
 import { createPluginRegistry } from "./registry.js";
-import { createPluginRuntime } from "./runtime/index.js";
 import { setActivePluginRegistry } from "./runtime.js";
+import { createPluginRuntime } from "./runtime/index.js";
 import { validateJsonSchemaValue } from "./schema-validator.js";
 const registryCache = new Map();
 const defaultLogger = () => createSubsystemLogger("plugins");
-const resolvePluginSdkAlias = () => {
+const resolvePluginSdkAliasFile = (params) => {
     try {
         const modulePath = fileURLToPath(import.meta.url);
-        const isDistRuntime = modulePath.split(path.sep).includes("dist");
-        const preferDist = process.env.VITEST || process.env.NODE_ENV === "test" || isDistRuntime;
+        const isProduction = process.env.NODE_ENV === "production";
+        const isTest = process.env.VITEST || process.env.NODE_ENV === "test";
         let cursor = path.dirname(modulePath);
         for (let i = 0; i < 6; i += 1) {
-            const srcCandidate = path.join(cursor, "src", "plugin-sdk", "index.ts");
-            const distCandidate = path.join(cursor, "dist", "plugin-sdk", "index.js");
-            const orderedCandidates = preferDist
-                ? [distCandidate, srcCandidate]
+            const srcCandidate = path.join(cursor, "src", "plugin-sdk", params.srcFile);
+            const distCandidate = path.join(cursor, "dist", "plugin-sdk", params.distFile);
+            const orderedCandidates = isProduction
+                ? isTest
+                    ? [distCandidate, srcCandidate]
+                    : [distCandidate]
                 : [srcCandidate, distCandidate];
             for (const candidate of orderedCandidates) {
-                if (fs.existsSync(candidate))
+                if (fs.existsSync(candidate)) {
                     return candidate;
+                }
             }
             const parent = path.dirname(cursor);
-            if (parent === cursor)
+            if (parent === cursor) {
                 break;
+            }
             cursor = parent;
         }
     }
@@ -42,6 +48,10 @@ const resolvePluginSdkAlias = () => {
     }
     return null;
 };
+const resolvePluginSdkAlias = () => resolvePluginSdkAliasFile({ srcFile: "index.ts", distFile: "index.js" });
+const resolvePluginSdkAccountIdAlias = () => {
+    return resolvePluginSdkAliasFile({ srcFile: "account-id.ts", distFile: "account-id.js" });
+};
 function buildCacheKey(params) {
     const workspaceKey = params.workspaceDir ? resolveUserPath(params.workspaceDir) : "";
     return `${workspaceKey}::${JSON.stringify(params.plugins)}`;
@@ -109,8 +119,118 @@ function createPluginRecord(params) {
 function pushDiagnostics(diagnostics, append) {
     diagnostics.push(...append);
 }
+function createPathMatcher() {
+    return { exact: new Set(), dirs: [] };
+}
+function addPathToMatcher(matcher, rawPath) {
+    const trimmed = rawPath.trim();
+    if (!trimmed) {
+        return;
+    }
+    const resolved = resolveUserPath(trimmed);
+    if (!resolved) {
+        return;
+    }
+    if (matcher.exact.has(resolved) || matcher.dirs.includes(resolved)) {
+        return;
+    }
+    const stat = safeStatSync(resolved);
+    if (stat?.isDirectory()) {
+        matcher.dirs.push(resolved);
+        return;
+    }
+    matcher.exact.add(resolved);
+}
+function matchesPathMatcher(matcher, sourcePath) {
+    if (matcher.exact.has(sourcePath)) {
+        return true;
+    }
+    return matcher.dirs.some((dirPath) => isPathInside(dirPath, sourcePath));
+}
+function buildProvenanceIndex(params) {
+    const loadPathMatcher = createPathMatcher();
+    for (const loadPath of params.normalizedLoadPaths) {
+        addPathToMatcher(loadPathMatcher, loadPath);
+    }
+    const installRules = new Map();
+    const installs = params.config.plugins?.installs ?? {};
+    for (const [pluginId, install] of Object.entries(installs)) {
+        const rule = {
+            trackedWithoutPaths: false,
+            matcher: createPathMatcher(),
+        };
+        const trackedPaths = [install.installPath, install.sourcePath]
+            .map((entry) => (typeof entry === "string" ? entry.trim() : ""))
+            .filter(Boolean);
+        if (trackedPaths.length === 0) {
+            rule.trackedWithoutPaths = true;
+        }
+        else {
+            for (const trackedPath of trackedPaths) {
+                addPathToMatcher(rule.matcher, trackedPath);
+            }
+        }
+        installRules.set(pluginId, rule);
+    }
+    return { loadPathMatcher, installRules };
+}
+function isTrackedByProvenance(params) {
+    const sourcePath = resolveUserPath(params.source);
+    const installRule = params.index.installRules.get(params.pluginId);
+    if (installRule) {
+        if (installRule.trackedWithoutPaths) {
+            return true;
+        }
+        if (matchesPathMatcher(installRule.matcher, sourcePath)) {
+            return true;
+        }
+    }
+    return matchesPathMatcher(params.index.loadPathMatcher, sourcePath);
+}
+function warnWhenAllowlistIsOpen(params) {
+    if (!params.pluginsEnabled) {
+        return;
+    }
+    if (params.allow.length > 0) {
+        return;
+    }
+    const nonBundled = params.discoverablePlugins.filter((entry) => entry.origin !== "bundled");
+    if (nonBundled.length === 0) {
+        return;
+    }
+    const preview = nonBundled
+        .slice(0, 6)
+        .map((entry) => `${entry.id} (${entry.source})`)
+        .join(", ");
+    const extra = nonBundled.length > 6 ? ` (+${nonBundled.length - 6} more)` : "";
+    params.logger.warn(`[plugins] plugins.allow is empty; discovered non-bundled plugins may auto-load: ${preview}${extra}. Set plugins.allow to explicit trusted ids.`);
+}
+function warnAboutUntrackedLoadedPlugins(params) {
+    for (const plugin of params.registry.plugins) {
+        if (plugin.status !== "loaded" || plugin.origin === "bundled") {
+            continue;
+        }
+        if (isTrackedByProvenance({
+            pluginId: plugin.id,
+            source: plugin.source,
+            index: params.provenance,
+        })) {
+            continue;
+        }
+        const message = "loaded without install/load-path provenance; treat as untracked local code and pin trust via plugins.allow or install records";
+        params.registry.diagnostics.push({
+            level: "warn",
+            pluginId: plugin.id,
+            source: plugin.source,
+            message,
+        });
+        params.logger.warn(`[plugins] ${plugin.id}: ${message} (${plugin.source})`);
+    }
+}
 export function loadPoolBotPlugins(options = {}) {
-    const cfg = options.config ?? {};
+    // Test env: default-disable plugins unless explicitly configured.
+    // This keeps unit/gateway suites fast and avoids loading heavyweight plugin deps by accident.
+    const cfg = applyTestPluginDefaults(options.config ?? {}, process.env);
     const logger = options.logger ?? defaultLogger();
     const validateOnly = options.mode === "validate";
     const normalized = normalizePluginsConfig(cfg.plugins);
@@ -146,18 +266,44 @@ export function loadPoolBotPlugins(options = {}) {
         diagnostics: discovery.diagnostics,
     });
     pushDiagnostics(registry.diagnostics, manifestRegistry.diagnostics);
-    const pluginSdkAlias = resolvePluginSdkAlias();
-    const jiti = createJiti(import.meta.url, {
-        interopDefault: true,
-        extensions: [".ts", ".tsx", ".mts", ".cts", ".mtsx", ".ctsx", ".js", ".mjs", ".cjs", ".json"],
-        ...(pluginSdkAlias
-            ? {
-                alias: {
-                    "poolbot/plugin-sdk": pluginSdkAlias,
-                },
-            }
-            : {}),
+    warnWhenAllowlistIsOpen({
+        logger,
+        pluginsEnabled: normalized.enabled,
+        allow: normalized.allow,
+        discoverablePlugins: manifestRegistry.plugins.map((plugin) => ({
+            id: plugin.id,
+            source: plugin.source,
+            origin: plugin.origin,
+        })),
     });
+    const provenance = buildProvenanceIndex({
+        config: cfg,
+        normalizedLoadPaths: normalized.loadPaths,
+    });
+    // Lazy: avoid creating the Jiti loader when all plugins are disabled (common in unit tests).
+    let jitiLoader = null;
+    const getJiti = () => {
+        if (jitiLoader) {
+            return jitiLoader;
+        }
+        const pluginSdkAlias = resolvePluginSdkAlias();
+        const pluginSdkAccountIdAlias = resolvePluginSdkAccountIdAlias();
+        jitiLoader = createJiti(import.meta.url, {
+            interopDefault: true,
+            extensions: [".ts", ".tsx", ".mts", ".cts", ".mtsx", ".ctsx", ".js", ".mjs", ".cjs", ".json"],
+            ...(pluginSdkAlias || pluginSdkAccountIdAlias
+                ? {
+                    alias: {
+                        ...(pluginSdkAlias ? { "poolbot/plugin-sdk": pluginSdkAlias } : {}),
+                        ...(pluginSdkAccountIdAlias
+                            ? { "poolbot/plugin-sdk/account-id": pluginSdkAccountIdAlias }
+                            : {}),
+                    },
+                }
+                : {}),
+        });
+        return jitiLoader;
+    };
     const manifestByRoot = new Map(manifestRegistry.plugins.map((record) => [record.rootDir, record]));
     const seenIds = new Map();
     const memorySlot = normalized.slots.memory;
@@ -223,9 +369,24 @@ export function loadPoolBotPlugins(options = {}) {
             });
             continue;
         }
+        if (!isPathInsideWithRealpath(candidate.rootDir, candidate.source, {
+            requireRealpath: true,
+        })) {
+            record.status = "error";
+            record.error = "plugin entry path escapes plugin root";
+            registry.plugins.push(record);
+            seenIds.set(pluginId, candidate.origin);
+            registry.diagnostics.push({
+                level: "error",
+                pluginId: record.id,
+                source: record.source,
+                message: record.error,
+            });
+            continue;
+        }
         let mod = null;
         try {
-            mod = jiti(candidate.source);
+            mod = getJiti()(candidate.source);
         }
         catch (err) {
             logger.error(`[plugins] ${record.id} failed to load from ${record.source}: ${String(err)}`);
@@ -361,6 +522,11 @@ export function loadPoolBotPlugins(options = {}) {
             message: `memory slot plugin not found or not marked as memory: ${memorySlot}`,
         });
     }
+    warnAboutUntrackedLoadedPlugins({
+        registry,
+        provenance,
+        logger,
+    });
     if (cacheEnabled) {
         registryCache.set(cacheKey, registry);
     }

package/dist/plugins/logger.js

@@ -0,0 +1,8 @@
+export function createPluginLoaderLogger(logger) {
+    return {
+        info: (msg) => logger.info(msg),
+        warn: (msg) => logger.warn(msg),
+        error: (msg) => logger.error(msg),
+        debug: (msg) => logger.debug?.(msg),
+    };
+}

package/dist/plugins/manifest-registry.js

@@ -5,6 +5,9 @@ import { discoverPoolBotPlugins } from "./discovery.js";
 import { loadPluginManifest } from "./manifest.js";
 const registryCache = new Map();
 const DEFAULT_MANIFEST_CACHE_MS = 200;
+export function clearPluginManifestRegistryCache() {
+    registryCache.clear();
+}
 function resolveManifestCacheMs(env) {
     const raw = env.POOLBOT_PLUGIN_MANIFEST_CACHE_MS?.trim() || env.CLAWDBOT_PLUGIN_MANIFEST_CACHE_MS?.trim();
     if (raw === "" || raw === "0")

package/dist/plugins/path-safety.js

@@ -0,0 +1,34 @@
+import fs from "node:fs";
+import path from "node:path";
+export function isPathInside(baseDir, targetPath) {
+    const rel = path.relative(baseDir, targetPath);
+    if (!rel) {
+        return true;
+    }
+    return !rel.startsWith("..") && !path.isAbsolute(rel);
+}
+export function safeRealpathSync(targetPath, cache) {
+    const cached = cache?.get(targetPath);
+    if (cached) {
+        return cached;
+    }
+    try {
+        const resolved = fs.realpathSync(targetPath);
+        cache?.set(targetPath, resolved);
+        return resolved;
+    }
+    catch {
+        return null;
+    }
+}
+export function safeStatSync(targetPath) {
+    try {
+        return fs.statSync(targetPath);
+    }
+    catch {
+        return null;
+    }
+}
+export function formatPosixMode(mode) {
+    return (mode & 0o777).toString(8).padStart(3, "0");
+}

package/dist/plugins/registry.js

@@ -3,8 +3,8 @@ import { resolveUserPath } from "../utils.js";
 import { registerPluginCommand } from "./commands.js";
 import path from "node:path";
 import { normalizePluginHttpPath } from "./http-path.js";
-export function createPluginRegistry(registryParams) {
-    const registry = {
+export function createEmptyPluginRegistry() {
+    return {
         plugins: [],
         tools: [],
         hooks: [],
@@ -19,6 +19,9 @@ export function createPluginRegistry(registryParams) {
         commands: [],
         diagnostics: [],
     };
+}
+export function createPluginRegistry(registryParams) {
+    const registry = createEmptyPluginRegistry();
     const coreGatewayMethods = new Set(Object.keys(registryParams.coreGatewayHandlers ?? {}));
     const pushDiagnostic = (diag) => {
         registry.diagnostics.push(diag);