@poolzin/pool-bot 2026.2.24 → 2026.2.26

package/CHANGELOG.md

@@ -1,3 +1,24 @@
+## v2026.2.25 (2026-02-22)
+
+### Features
+- **Upstream Port (OpenClaw):** ported 26 files from OpenClaw upstream covering agents, auto-reply, browser, gateway, hooks, plugins, config, and CLI
+  - **Agent tooling:** sandbox filesystem bridge, host sandbox bridge helpers, workspace sandbox integration, model fallback provider updates (openai/gpt-4.1-mini default)
+  - **Auto-reply:** commands registry extensions, templating updates, agent runner execution improvements, verbose-gated session notices
+  - **Browser:** config updates, agent act/snapshot/storage routes, tabs route enhancements, form layout contract tests
+  - **Gateway:** hook token extraction with query-string fallback, normalized agent payload with auto-generated session keys, HTTP server integration
+  - **Plugins:** plugin discovery and loading aligned with upstream patterns
+  - **Config:** browser config, CLI config, and schema updates
+
+### Fixes
+- **Tests:** fixed 9 pre-existing test failures across 6 test files (52 tests total)
+  - `model-fallback.test.ts`: updated expectations for openai/gpt-4.1-mini default
+  - `image-tool.test.ts`: aligned sandbox parameter structure with new bridge API
+  - `hooks.test.ts`: updated for new `extractHookToken` and `normalizeAgentPayload` signatures
+  - `poolbot-tools.sessions.test.ts`: added mock sessions.list handler for spawned sessions
+  - `reply.media-note.test.ts` / `reply.raw-body.test.ts`: verbose-gated session notice, rebranded env vars and paths
+
+---
+
 ## v2026.2.24 (2026-02-19)
 
 ### Fixes

package/dist/acp/client.js

@@ -1,11 +1,187 @@
 import { spawn } from "node:child_process";
+import fs from "node:fs";
+import path from "node:path";
 import * as readline from "node:readline";
 import { Readable, Writable } from "node:stream";
+import { fileURLToPath } from "node:url";
 import { ClientSideConnection, PROTOCOL_VERSION, ndJsonStream, } from "@agentclientprotocol/sdk";
 import { ensurePoolbotCliOnPath } from "../infra/path-env.js";
+import { DANGEROUS_ACP_TOOLS } from "../security/dangerous-tools.js";
+const SAFE_AUTO_APPROVE_KINDS = new Set(["read", "search"]);
+function asRecord(value) {
+    return value && typeof value === "object" && !Array.isArray(value)
+        ? value
+        : undefined;
+}
+function readFirstStringValue(source, keys) {
+    if (!source) {
+        return undefined;
+    }
+    for (const key of keys) {
+        const value = source[key];
+        if (typeof value === "string" && value.trim()) {
+            return value.trim();
+        }
+    }
+    return undefined;
+}
+function normalizeToolName(value) {
+    const normalized = value.trim().toLowerCase();
+    if (!normalized) {
+        return undefined;
+    }
+    return normalized;
+}
+function parseToolNameFromTitle(title) {
+    if (!title) {
+        return undefined;
+    }
+    const head = title.split(":", 1)[0]?.trim();
+    if (!head || !/^[a-zA-Z0-9._-]+$/.test(head)) {
+        return undefined;
+    }
+    return normalizeToolName(head);
+}
+function resolveToolKindForPermission(params, toolName) {
+    const toolCall = params.toolCall;
+    const kindRaw = typeof toolCall?.kind === "string" ? toolCall.kind.trim().toLowerCase() : "";
+    if (kindRaw) {
+        return kindRaw;
+    }
+    const name = toolName ??
+        parseToolNameFromTitle(typeof toolCall?.title === "string" ? toolCall.title : undefined);
+    if (!name) {
+        return undefined;
+    }
+    const normalized = name.toLowerCase();
+    const hasToken = (token) => {
+        // Tool names tend to be snake_case. Avoid substring heuristics (ex: "thread" contains "read").
+        const re = new RegExp(`(?:^|[._-])${token}(?:$|[._-])`);
+        return re.test(normalized);
+    };
+    // Prefer a conservative classifier: only classify safe kinds when confident.
+    if (normalized === "read" || hasToken("read")) {
+        return "read";
+    }
+    if (normalized === "search" || hasToken("search") || hasToken("find")) {
+        return "search";
+    }
+    if (normalized.includes("fetch") || normalized.includes("http")) {
+        return "fetch";
+    }
+    if (normalized.includes("write") || normalized.includes("edit") || normalized.includes("patch")) {
+        return "edit";
+    }
+    if (normalized.includes("delete") || normalized.includes("remove")) {
+        return "delete";
+    }
+    if (normalized.includes("move") || normalized.includes("rename")) {
+        return "move";
+    }
+    if (normalized.includes("exec") || normalized.includes("run") || normalized.includes("bash")) {
+        return "execute";
+    }
+    return "other";
+}
+function resolveToolNameForPermission(params) {
+    const toolCall = params.toolCall;
+    const toolMeta = asRecord(toolCall?._meta);
+    const rawInput = asRecord(toolCall?.rawInput);
+    const fromMeta = readFirstStringValue(toolMeta, ["toolName", "tool_name", "name"]);
+    const fromRawInput = readFirstStringValue(rawInput, ["tool", "toolName", "tool_name", "name"]);
+    const fromTitle = parseToolNameFromTitle(toolCall?.title);
+    return normalizeToolName(fromMeta ?? fromRawInput ?? fromTitle ?? "");
+}
+function pickOption(options, kinds) {
+    for (const kind of kinds) {
+        const match = options.find((option) => option.kind === kind);
+        if (match) {
+            return match;
+        }
+    }
+    return undefined;
+}
+function selectedPermission(optionId) {
+    return { outcome: { outcome: "selected", optionId } };
+}
+function cancelledPermission() {
+    return { outcome: { outcome: "cancelled" } };
+}
+function promptUserPermission(toolName, toolTitle) {
+    if (!process.stdin.isTTY || !process.stderr.isTTY) {
+        console.error(`[permission denied] ${toolName ?? "unknown"}: non-interactive terminal`);
+        return Promise.resolve(false);
+    }
+    return new Promise((resolve) => {
+        let settled = false;
+        const rl = readline.createInterface({
+            input: process.stdin,
+            output: process.stderr,
+        });
+        const finish = (approved) => {
+            if (settled) {
+                return;
+            }
+            settled = true;
+            clearTimeout(timeout);
+            rl.close();
+            resolve(approved);
+        };
+        const timeout = setTimeout(() => {
+            console.error(`\n[permission timeout] denied: ${toolName ?? "unknown"}`);
+            finish(false);
+        }, 30_000);
+        const label = toolTitle
+            ? toolName
+                ? `${toolTitle} (${toolName})`
+                : toolTitle
+            : (toolName ?? "unknown tool");
+        rl.question(`\n[permission] Allow "${label}"? (y/N) `, (answer) => {
+            const approved = answer.trim().toLowerCase() === "y";
+            console.error(`[permission ${approved ? "approved" : "denied"}] ${toolName ?? "unknown"}`);
+            finish(approved);
+        });
+    });
+}
+export async function resolvePermissionRequest(params, deps = {}) {
+    const log = deps.log ?? ((line) => console.error(line));
+    const prompt = deps.prompt ?? promptUserPermission;
+    const options = params.options ?? [];
+    const toolTitle = params.toolCall?.title ?? "tool";
+    const toolName = resolveToolNameForPermission(params);
+    const toolKind = resolveToolKindForPermission(params, toolName);
+    if (options.length === 0) {
+        log(`[permission cancelled] ${toolName ?? "unknown"}: no options available`);
+        return cancelledPermission();
+    }
+    const allowOption = pickOption(options, ["allow_once", "allow_always"]);
+    const rejectOption = pickOption(options, ["reject_once", "reject_always"]);
+    const isSafeKind = Boolean(toolKind && SAFE_AUTO_APPROVE_KINDS.has(toolKind));
+    const promptRequired = !toolName || !isSafeKind || DANGEROUS_ACP_TOOLS.has(toolName);
+    if (!promptRequired) {
+        const option = allowOption ?? options[0];
+        if (!option) {
+            log(`[permission cancelled] ${toolName}: no selectable options`);
+            return cancelledPermission();
+        }
+        log(`[permission auto-approved] ${toolName} (${toolKind ?? "unknown"})`);
+        return selectedPermission(option.optionId);
+    }
+    log(`\n[permission requested] ${toolTitle}${toolName ? ` (${toolName})` : ""}${toolKind ? ` [${toolKind}]` : ""}`);
+    const approved = await prompt(toolName, toolTitle);
+    if (approved && allowOption) {
+        return selectedPermission(allowOption.optionId);
+    }
+    if (!approved && rejectOption) {
+        return selectedPermission(rejectOption.optionId);
+    }
+    log(`[permission cancelled] ${toolName ?? "unknown"}: missing ${approved ? "allow" : "reject"} option`);
+    return cancelledPermission();
+}
 function toArgs(value) {
-    if (!value)
+    if (!value) {
         return [];
+    }
     return Array.isArray(value) ? value : [value];
 }
 function buildServerArgs(opts) {
@@ -15,10 +191,29 @@ function buildServerArgs(opts) {
     }
     return args;
 }
+function resolveSelfEntryPath() {
+    // Prefer a path relative to the built module location (dist/acp/client.js -> dist/entry.js).
+    try {
+        const here = fileURLToPath(import.meta.url);
+        const candidate = path.resolve(path.dirname(here), "..", "entry.js");
+        if (fs.existsSync(candidate)) {
+            return candidate;
+        }
+    }
+    catch {
+        // ignore
+    }
+    const argv1 = process.argv[1]?.trim();
+    if (argv1) {
+        return path.isAbsolute(argv1) ? argv1 : path.resolve(process.cwd(), argv1);
+    }
+    return null;
+}
 function printSessionUpdate(notification) {
     const update = notification.update;
-    if (!("sessionUpdate" in update))
+    if (!("sessionUpdate" in update)) {
         return;
+    }
     switch (update.sessionUpdate) {
         case "agent_message_chunk": {
             if (update.content?.type === "text") {
@@ -38,8 +233,9 @@ function printSessionUpdate(notification) {
         }
         case "available_commands_update": {
             const names = update.availableCommands?.map((cmd) => `/${cmd.name}`).join(" ");
-            if (names)
+            if (names) {
                 console.log(`\n[commands] ${names}`);
+            }
             return;
         }
         default:
@@ -50,11 +246,13 @@ export async function createAcpClient(opts = {}) {
     const cwd = opts.cwd ?? process.cwd();
     const verbose = Boolean(opts.verbose);
     const log = verbose ? (msg) => console.error(`[acp-client] ${msg}`) : () => { };
-    ensurePoolbotCliOnPath({ cwd });
-    const serverCommand = opts.serverCommand ?? "poolbot";
+    ensurePoolbotCliOnPath();
     const serverArgs = buildServerArgs(opts);
-    log(`spawning: ${serverCommand} ${serverArgs.join(" ")}`);
-    const agent = spawn(serverCommand, serverArgs, {
+    const entryPath = resolveSelfEntryPath();
+    const serverCommand = opts.serverCommand ?? (entryPath ? process.execPath : "poolbot");
+    const effectiveArgs = opts.serverCommand || !entryPath ? serverArgs : [entryPath, ...serverArgs];
+    log(`spawning: ${serverCommand} ${effectiveArgs.join(" ")}`);
+    const agent = spawn(serverCommand, effectiveArgs, {
         stdio: ["pipe", "pipe", "inherit"],
         cwd,
     });
@@ -69,16 +267,7 @@ export async function createAcpClient(opts = {}) {
             printSessionUpdate(params);
         },
         requestPermission: async (params) => {
-            console.log("\n[permission requested]", params.toolCall?.title ?? "tool");
-            const options = params.options ?? [];
-            const allowOnce = options.find((option) => option.kind === "allow_once");
-            const fallback = options[0];
-            return {
-                outcome: {
-                    outcome: "selected",
-                    optionId: allowOnce?.optionId ?? fallback?.optionId ?? "allow",
-                },
-            };
+            return resolvePermissionRequest(params);
         },
     }), stream);
     log("initializing");
@@ -107,7 +296,7 @@ export async function runAcpClientInteractive(opts = {}) {
         input: process.stdin,
         output: process.stdout,
     });
-    console.log("Poolbot ACP client");
+    console.log("Pool Bot ACP client");
     console.log(`Session: ${sessionId}`);
     console.log('Type a prompt, or "exit" to quit.\n');
     const prompt = () => {

package/dist/acp/event-mapper.js

@@ -1,21 +1,76 @@
-export function extractTextFromPrompt(prompt) {
+const INLINE_CONTROL_ESCAPE_MAP = {
+    "\0": "\\0",
+    "\r": "\\r",
+    "\n": "\\n",
+    "\t": "\\t",
+    "\v": "\\v",
+    "\f": "\\f",
+    "\u2028": "\\u2028",
+    "\u2029": "\\u2029",
+};
+function escapeInlineControlChars(value) {
+    let escaped = "";
+    for (const char of value) {
+        const codePoint = char.codePointAt(0);
+        if (codePoint === undefined) {
+            escaped += char;
+            continue;
+        }
+        const isInlineControl = codePoint <= 0x1f ||
+            (codePoint >= 0x7f && codePoint <= 0x9f) ||
+            codePoint === 0x2028 ||
+            codePoint === 0x2029;
+        if (!isInlineControl) {
+            escaped += char;
+            continue;
+        }
+        const mapped = INLINE_CONTROL_ESCAPE_MAP[char];
+        if (mapped) {
+            escaped += mapped;
+            continue;
+        }
+        // Keep escaped control bytes readable and stable in logs/prompts.
+        escaped +=
+            codePoint <= 0xff
+                ? `\\x${codePoint.toString(16).padStart(2, "0")}`
+                : `\\u${codePoint.toString(16).padStart(4, "0")}`;
+    }
+    return escaped;
+}
+function escapeResourceTitle(value) {
+    // Keep title content, but escape characters that can break the resource-link annotation shape.
+    return escapeInlineControlChars(value).replace(/[()[\]]/g, (char) => `\\${char}`);
+}
+export function extractTextFromPrompt(prompt, maxBytes) {
     const parts = [];
+    // Track accumulated byte count per block to catch oversized prompts before full concatenation
+    let totalBytes = 0;
     for (const block of prompt) {
+        let blockText;
         if (block.type === "text") {
-            parts.push(block.text);
-            continue;
+            blockText = block.text;
         }
-        if (block.type === "resource") {
+        else if (block.type === "resource") {
             const resource = block.resource;
-            if (resource?.text)
-                parts.push(resource.text);
-            continue;
+            if (resource?.text) {
+                blockText = resource.text;
+            }
         }
-        if (block.type === "resource_link") {
-            const title = block.title ? ` (${block.title})` : "";
-            const uri = block.uri ?? "";
-            const line = uri ? `[Resource link${title}] ${uri}` : `[Resource link${title}]`;
-            parts.push(line);
+        else if (block.type === "resource_link") {
+            const title = block.title ? ` (${escapeResourceTitle(block.title)})` : "";
+            const uri = block.uri ? escapeInlineControlChars(block.uri) : "";
+            blockText = uri ? `[Resource link${title}] ${uri}` : `[Resource link${title}]`;
+        }
+        if (blockText !== undefined) {
+            // Guard: reject before allocating the full concatenated string
+            if (maxBytes !== undefined) {
+                const separatorBytes = parts.length > 0 ? 1 : 0; // "\n" added by join() between blocks
+                totalBytes += separatorBytes + Buffer.byteLength(blockText, "utf-8");
+                if (totalBytes > maxBytes) {
+                    throw new Error(`Prompt exceeds maximum allowed size of ${maxBytes} bytes`);
+                }
+            }
+            parts.push(blockText);
         }
     }
     return parts.join("\n");
@@ -23,11 +78,13 @@ export function extractTextFromPrompt(prompt) {
 export function extractAttachmentsFromPrompt(prompt) {
     const attachments = [];
     for (const block of prompt) {
-        if (block.type !== "image")
+        if (block.type !== "image") {
             continue;
+        }
         const image = block;
-        if (!image.data || !image.mimeType)
+        if (!image.data || !image.mimeType) {
             continue;
+        }
         attachments.push({
             type: "image",
             mimeType: image.mimeType,
@@ -38,8 +95,9 @@ export function extractAttachmentsFromPrompt(prompt) {
 }
 export function formatToolTitle(name, args) {
     const base = name ?? "tool";
-    if (!args || Object.keys(args).length === 0)
+    if (!args || Object.keys(args).length === 0) {
         return base;
+    }
     const parts = Object.entries(args).map(([key, value]) => {
         const raw = typeof value === "string" ? value : JSON.stringify(value);
         const safe = raw.length > 100 ? `${raw.slice(0, 100)}...` : raw;
@@ -48,23 +106,30 @@ export function formatToolTitle(name, args) {
     return `${base}: ${parts.join(", ")}`;
 }
 export function inferToolKind(name) {
-    if (!name)
+    if (!name) {
         return "other";
+    }
     const normalized = name.toLowerCase();
-    if (normalized.includes("read"))
+    if (normalized.includes("read")) {
         return "read";
-    if (normalized.includes("write") || normalized.includes("edit"))
+    }
+    if (normalized.includes("write") || normalized.includes("edit")) {
         return "edit";
-    if (normalized.includes("delete") || normalized.includes("remove"))
+    }
+    if (normalized.includes("delete") || normalized.includes("remove")) {
         return "delete";
-    if (normalized.includes("move") || normalized.includes("rename"))
+    }
+    if (normalized.includes("move") || normalized.includes("rename")) {
         return "move";
-    if (normalized.includes("search") || normalized.includes("find"))
+    }
+    if (normalized.includes("search") || normalized.includes("find")) {
         return "search";
+    }
     if (normalized.includes("exec") || normalized.includes("run") || normalized.includes("bash")) {
         return "execute";
     }
-    if (normalized.includes("fetch") || normalized.includes("http"))
+    if (normalized.includes("fetch") || normalized.includes("http")) {
         return "fetch";
+    }
     return "other";
 }

package/dist/acp/meta.js

@@ -1,30 +1,36 @@
 export function readString(meta, keys) {
-    if (!meta)
+    if (!meta) {
         return undefined;
+    }
     for (const key of keys) {
         const value = meta[key];
-        if (typeof value === "string" && value.trim())
+        if (typeof value === "string" && value.trim()) {
             return value.trim();
+        }
     }
     return undefined;
 }
 export function readBool(meta, keys) {
-    if (!meta)
+    if (!meta) {
         return undefined;
+    }
     for (const key of keys) {
         const value = meta[key];
-        if (typeof value === "boolean")
+        if (typeof value === "boolean") {
             return value;
+        }
     }
     return undefined;
 }
 export function readNumber(meta, keys) {
-    if (!meta)
+    if (!meta) {
         return undefined;
+    }
     for (const key of keys) {
         const value = meta[key];
-        if (typeof value === "number" && Number.isFinite(value))
+        if (typeof value === "number" && Number.isFinite(value)) {
             return value;
+        }
     }
     return undefined;
 }

package/dist/acp/secret-file.js

@@ -0,0 +1,22 @@
+import fs from "node:fs";
+import { resolveUserPath } from "../utils.js";
+export function readSecretFromFile(filePath, label) {
+    const resolvedPath = resolveUserPath(filePath.trim());
+    if (!resolvedPath) {
+        throw new Error(`${label} file path is empty.`);
+    }
+    let raw = "";
+    try {
+        raw = fs.readFileSync(resolvedPath, "utf8");
+    }
+    catch (err) {
+        throw new Error(`Failed to read ${label} file at ${resolvedPath}: ${String(err)}`, {
+            cause: err,
+        });
+    }
+    const secret = raw.trim();
+    if (!secret) {
+        throw new Error(`${label} file at ${resolvedPath} is empty.`);
+    }
+    return secret;
+}

package/dist/agents/agent-paths.js

@@ -3,21 +3,20 @@ import { resolveStateDir } from "../config/paths.js";
 import { DEFAULT_AGENT_ID } from "../routing/session-key.js";
 import { resolveUserPath } from "../utils.js";
 export function resolvePoolbotAgentDir() {
-    const override = process.env.POOLBOT_AGENT_DIR?.trim() ||
-        process.env.CLAWDBOT_AGENT_DIR?.trim() ||
-        process.env.PI_CODING_AGENT_DIR?.trim();
-    if (override)
+    const override = process.env.POOLBOT_AGENT_DIR?.trim() || process.env.PI_CODING_AGENT_DIR?.trim();
+    if (override) {
         return resolveUserPath(override);
+    }
     const defaultAgentDir = path.join(resolveStateDir(), "agents", DEFAULT_AGENT_ID, "agent");
     return resolveUserPath(defaultAgentDir);
 }
-export function ensurePoolbotAgentEnv() {
+export function ensurePoolBotAgentEnv() {
     const dir = resolvePoolbotAgentDir();
-    if (!process.env.POOLBOT_AGENT_DIR)
+    if (!process.env.POOLBOT_AGENT_DIR) {
         process.env.POOLBOT_AGENT_DIR = dir;
-    if (!process.env.CLAWDBOT_AGENT_DIR)
-        process.env.CLAWDBOT_AGENT_DIR = dir;
-    if (!process.env.PI_CODING_AGENT_DIR)
+    }
+    if (!process.env.PI_CODING_AGENT_DIR) {
         process.env.PI_CODING_AGENT_DIR = dir;
+    }
     return dir;
 }

package/dist/agents/agent-scope.js

@@ -4,17 +4,19 @@ import { resolveStateDir } from "../config/paths.js";
 import { DEFAULT_AGENT_ID, normalizeAgentId, parseAgentSessionKey, } from "../routing/session-key.js";
 import { normalizeSkillFilter } from "./skills/filter.js";
 import { resolveUserPath } from "../utils.js";
+import { createSubsystemLogger } from "../logging/subsystem.js";
 import { DEFAULT_AGENT_WORKSPACE_DIR } from "./workspace.js";
+const log = createSubsystemLogger("agent-scope");
 export { resolveAgentIdFromSessionKey } from "../routing/session-key.js";
 let defaultAgentWarned = false;
-function listAgents(cfg) {
+export function listAgentEntries(cfg) {
     const list = cfg.agents?.list;
     if (!Array.isArray(list))
         return [];
     return list.filter((entry) => Boolean(entry && typeof entry === "object"));
 }
 export function listAgentIds(cfg) {
-    const agents = listAgents(cfg);
+    const agents = listAgentEntries(cfg);
     if (agents.length === 0)
         return [DEFAULT_AGENT_ID];
     const seen = new Set();
@@ -29,13 +31,13 @@ export function listAgentIds(cfg) {
     return ids.length > 0 ? ids : [DEFAULT_AGENT_ID];
 }
 export function resolveDefaultAgentId(cfg) {
-    const agents = listAgents(cfg);
+    const agents = listAgentEntries(cfg);
     if (agents.length === 0)
         return DEFAULT_AGENT_ID;
     const defaults = agents.filter((agent) => agent?.default);
     if (defaults.length > 1 && !defaultAgentWarned) {
         defaultAgentWarned = true;
-        console.warn("Multiple agents marked default=true; using the first entry as default.");
+        log.warn("Multiple agents marked default=true; using the first entry as default.");
     }
     const chosen = (defaults[0] ?? agents[0])?.id?.trim();
     return normalizeAgentId(chosen || DEFAULT_AGENT_ID);
@@ -53,7 +55,7 @@ export function resolveSessionAgentId(params) {
 }
 function resolveAgentEntry(cfg, agentId) {
     const id = normalizeAgentId(agentId);
-    return listAgents(cfg).find((entry) => normalizeAgentId(entry.id) === id);
+    return listAgentEntries(cfg).find((entry) => normalizeAgentId(entry.id) === id);
 }
 export function resolveAgentConfig(cfg, agentId) {
     const id = normalizeAgentId(agentId);
@@ -98,6 +100,16 @@ export function resolveAgentModelFallbacksOverride(cfg, agentId) {
         return undefined;
     return Array.isArray(raw.fallbacks) ? raw.fallbacks : undefined;
 }
+export function resolveEffectiveModelFallbacks(params) {
+    const agentFallbacksOverride = resolveAgentModelFallbacksOverride(params.cfg, params.agentId);
+    if (!params.hasSessionModelOverride) {
+        return agentFallbacksOverride;
+    }
+    const defaultFallbacks = typeof params.cfg.agents?.defaults?.model === "object"
+        ? (params.cfg.agents.defaults.model.fallbacks ?? [])
+        : [];
+    return agentFallbacksOverride ?? defaultFallbacks;
+}
 export function resolveAgentWorkspaceDir(cfg, agentId) {
     const id = normalizeAgentId(agentId);
     const configured = resolveAgentConfig(cfg, id)?.workspace?.trim();