@poolzin/pool-bot 2026.2.24 → 2026.2.26

package/dist/node-host/invoke.js

@@ -1,27 +1,16 @@
 import { spawn } from "node:child_process";
-import crypto from "node:crypto";
 import fs from "node:fs";
 import path from "node:path";
-import { resolveAgentConfig } from "../agents/agent-scope.js";
-import { loadConfig } from "../config/config.js";
-import { addAllowlistEntry, analyzeArgvCommand, evaluateExecAllowlist, evaluateShellAllowlist, requiresExecApproval, normalizeExecApprovals, mergeExecApprovalsSocketDefaults, recordAllowlistUse, resolveExecApprovals, resolveSafeBins, ensureExecApprovals, readExecApprovalsSnapshot, saveExecApprovals, } from "../infra/exec-approvals.js";
+import { ensureExecApprovals, mergeExecApprovalsSocketDefaults, normalizeExecApprovals, readExecApprovalsSnapshot, saveExecApprovals, } from "../infra/exec-approvals.js";
 import { requestExecHostViaSocket, } from "../infra/exec-host.js";
-import { validateSystemRunCommandConsistency } from "../infra/system-run-command.js";
+import { sanitizeHostExecEnv } from "../infra/host-env-security.js";
 import { runBrowserProxyCommand } from "./invoke-browser.js";
+import { handleSystemRunInvoke } from "./invoke-system-run.js";
 const OUTPUT_CAP = 200_000;
 const OUTPUT_EVENT_TAIL = 20_000;
 const DEFAULT_NODE_PATH = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin";
 const execHostEnforced = process.env.POOLBOT_NODE_EXEC_HOST?.trim().toLowerCase() === "app";
 const execHostFallbackAllowed = process.env.POOLBOT_NODE_EXEC_FALLBACK?.trim().toLowerCase() !== "0";
-const blockedEnvKeys = new Set([
-    "NODE_OPTIONS",
-    "PYTHONHOME",
-    "PYTHONPATH",
-    "PERL5LIB",
-    "PERL5OPT",
-    "RUBYOPT",
-]);
-const blockedEnvPrefixes = ["DYLD_", "LD_"];
 function resolveExecSecurity(value) {
     return value === "deny" || value === "allowlist" || value === "full" ? value : "allowlist";
 }
@@ -37,30 +26,7 @@ function resolveExecAsk(value) {
     return value === "off" || value === "on-miss" || value === "always" ? value : "on-miss";
 }
 export function sanitizeEnv(overrides) {
-    if (!overrides) {
-        return undefined;
-    }
-    const merged = { ...process.env };
-    for (const [rawKey, value] of Object.entries(overrides)) {
-        const key = rawKey.trim();
-        if (!key) {
-            continue;
-        }
-        const upper = key.toUpperCase();
-        // PATH is part of the security boundary (command resolution + safe-bin checks). Never allow
-        // request-scoped PATH overrides from agents/gateways.
-        if (upper === "PATH") {
-            continue;
-        }
-        if (blockedEnvKeys.has(upper)) {
-            continue;
-        }
-        if (blockedEnvPrefixes.some((prefix) => upper.startsWith(prefix))) {
-            continue;
-        }
-        merged[key] = value;
-    }
-    return merged;
+    return sanitizeHostExecEnv({ overrides, blockPathOverrides: true });
 }
 function truncateOutput(raw, maxChars) {
     if (raw.length <= maxChars) {
@@ -235,6 +201,27 @@ async function runViaMacAppExecHost(params) {
         request,
     });
 }
+async function sendJsonPayloadResult(client, frame, payload) {
+    await sendInvokeResult(client, frame, {
+        ok: true,
+        payloadJSON: JSON.stringify(payload),
+    });
+}
+async function sendRawPayloadResult(client, frame, payloadJSON) {
+    await sendInvokeResult(client, frame, {
+        ok: true,
+        payloadJSON,
+    });
+}
+async function sendErrorResult(client, frame, code, message) {
+    await sendInvokeResult(client, frame, {
+        ok: false,
+        error: { code, message },
+    });
+}
+async function sendInvalidRequestResult(client, frame, err) {
+    await sendErrorResult(client, frame, "INVALID_REQUEST", String(err));
+}
 export async function handleInvoke(frame, client, skillBins) {
     const command = String(frame.command ?? "");
     if (command === "system.execApprovals.get") {
@@ -247,18 +234,12 @@ export async function handleInvoke(frame, client, skillBins) {
                 hash: snapshot.hash,
                 file: redactExecApprovals(snapshot.file),
             };
-            await sendInvokeResult(client, frame, {
-                ok: true,
-                payloadJSON: JSON.stringify(payload),
-            });
+            await sendJsonPayloadResult(client, frame, payload);
         }
         catch (err) {
             const message = String(err);
             const code = message.toLowerCase().includes("timed out") ? "TIMEOUT" : "INVALID_REQUEST";
-            await sendInvokeResult(client, frame, {
-                ok: false,
-                error: { code, message },
-            });
+            await sendErrorResult(client, frame, code, message);
         }
         return;
     }
@@ -281,16 +262,10 @@ export async function handleInvoke(frame, client, skillBins) {
                 hash: nextSnapshot.hash,
                 file: redactExecApprovals(nextSnapshot.file),
             };
-            await sendInvokeResult(client, frame, {
-                ok: true,
-                payloadJSON: JSON.stringify(payload),
-            });
+            await sendJsonPayloadResult(client, frame, payload);
         }
         catch (err) {
-            await sendInvokeResult(client, frame, {
-                ok: false,
-                error: { code: "INVALID_REQUEST", message: String(err) },
-            });
+            await sendInvalidRequestResult(client, frame, err);
         }
         return;
     }
@@ -302,40 +277,25 @@ export async function handleInvoke(frame, client, skillBins) {
             }
             const env = sanitizeEnv(undefined);
             const payload = await handleSystemWhich(params, env);
-            await sendInvokeResult(client, frame, {
-                ok: true,
-                payloadJSON: JSON.stringify(payload),
-            });
+            await sendJsonPayloadResult(client, frame, payload);
         }
         catch (err) {
-            await sendInvokeResult(client, frame, {
-                ok: false,
-                error: { code: "INVALID_REQUEST", message: String(err) },
-            });
+            await sendInvalidRequestResult(client, frame, err);
         }
         return;
     }
     if (command === "browser.proxy") {
         try {
             const payload = await runBrowserProxyCommand(frame.paramsJSON);
-            await sendInvokeResult(client, frame, {
-                ok: true,
-                payloadJSON: payload,
-            });
+            await sendRawPayloadResult(client, frame, payload);
         }
         catch (err) {
-            await sendInvokeResult(client, frame, {
-                ok: false,
-                error: { code: "INVALID_REQUEST", message: String(err) },
-            });
+            await sendInvalidRequestResult(client, frame, err);
         }
         return;
     }
     if (command !== "system.run") {
-        await sendInvokeResult(client, frame, {
-            ok: false,
-            error: { code: "UNAVAILABLE", message: "command not supported" },
-        });
+        await sendErrorResult(client, frame, "UNAVAILABLE", "command not supported");
         return;
     }
     let params;
@@ -343,275 +303,33 @@ export async function handleInvoke(frame, client, skillBins) {
         params = decodeParams(frame.paramsJSON);
     }
     catch (err) {
-        await sendInvokeResult(client, frame, {
-            ok: false,
-            error: { code: "INVALID_REQUEST", message: String(err) },
-        });
+        await sendInvalidRequestResult(client, frame, err);
         return;
     }
     if (!Array.isArray(params.command) || params.command.length === 0) {
-        await sendInvokeResult(client, frame, {
-            ok: false,
-            error: { code: "INVALID_REQUEST", message: "command required" },
-        });
+        await sendErrorResult(client, frame, "INVALID_REQUEST", "command required");
         return;
     }
-    const argv = params.command.map((item) => String(item));
-    const rawCommand = typeof params.rawCommand === "string" ? params.rawCommand.trim() : "";
-    const consistency = validateSystemRunCommandConsistency({
-        argv,
-        rawCommand: rawCommand || null,
-    });
-    if (!consistency.ok) {
-        await sendInvokeResult(client, frame, {
-            ok: false,
-            error: { code: "INVALID_REQUEST", message: consistency.message },
-        });
-        return;
-    }
-    const shellCommand = consistency.shellCommand;
-    const cmdText = consistency.cmdText;
-    const agentId = params.agentId?.trim() || undefined;
-    const cfg = loadConfig();
-    const agentExec = agentId ? resolveAgentConfig(cfg, agentId)?.tools?.exec : undefined;
-    const configuredSecurity = resolveExecSecurity(agentExec?.security ?? cfg.tools?.exec?.security);
-    const configuredAsk = resolveExecAsk(agentExec?.ask ?? cfg.tools?.exec?.ask);
-    const approvals = resolveExecApprovals(agentId, {
-        security: configuredSecurity,
-        ask: configuredAsk,
-    });
-    const security = approvals.agent.security;
-    const ask = approvals.agent.ask;
-    const autoAllowSkills = approvals.agent.autoAllowSkills;
-    const sessionKey = params.sessionKey?.trim() || "node";
-    const runId = params.runId?.trim() || crypto.randomUUID();
-    const env = sanitizeEnv(params.env ?? undefined);
-    const safeBins = resolveSafeBins(agentExec?.safeBins ?? cfg.tools?.exec?.safeBins);
-    const bins = autoAllowSkills ? await skillBins.current() : new Set();
-    let analysisOk = false;
-    let allowlistMatches = [];
-    let allowlistSatisfied = false;
-    let segments = [];
-    if (shellCommand) {
-        const allowlistEval = evaluateShellAllowlist({
-            command: shellCommand,
-            allowlist: approvals.allowlist,
-            safeBins,
-            cwd: params.cwd ?? undefined,
-            env,
-            skillBins: bins,
-            autoAllowSkills,
-            platform: process.platform,
-        });
-        analysisOk = allowlistEval.analysisOk;
-        allowlistMatches = allowlistEval.allowlistMatches;
-        allowlistSatisfied =
-            security === "allowlist" && analysisOk ? allowlistEval.allowlistSatisfied : false;
-        segments = allowlistEval.segments;
-    }
-    else {
-        const analysis = analyzeArgvCommand({ argv, cwd: params.cwd ?? undefined, env });
-        const allowlistEval = evaluateExecAllowlist({
-            analysis,
-            allowlist: approvals.allowlist,
-            safeBins,
-            cwd: params.cwd ?? undefined,
-            skillBins: bins,
-            autoAllowSkills,
-        });
-        analysisOk = analysis.ok;
-        allowlistMatches = allowlistEval.allowlistMatches;
-        allowlistSatisfied =
-            security === "allowlist" && analysisOk ? allowlistEval.allowlistSatisfied : false;
-        segments = analysis.segments;
-    }
-    const isWindows = process.platform === "win32";
-    const cmdInvocation = shellCommand
-        ? isCmdExeInvocation(segments[0]?.argv ?? [])
-        : isCmdExeInvocation(argv);
-    if (security === "allowlist" && isWindows && cmdInvocation) {
-        analysisOk = false;
-        allowlistSatisfied = false;
-    }
-    const useMacAppExec = process.platform === "darwin";
-    if (useMacAppExec) {
-        const approvalDecision = params.approvalDecision === "allow-once" || params.approvalDecision === "allow-always"
-            ? params.approvalDecision
-            : null;
-        const execRequest = {
-            command: argv,
-            rawCommand: rawCommand || shellCommand || null,
-            cwd: params.cwd ?? null,
-            env: params.env ?? null,
-            timeoutMs: params.timeoutMs ?? null,
-            needsScreenRecording: params.needsScreenRecording ?? null,
-            agentId: agentId ?? null,
-            sessionKey: sessionKey ?? null,
-            approvalDecision,
-        };
-        const response = await runViaMacAppExecHost({ approvals, request: execRequest });
-        if (!response) {
-            if (execHostEnforced || !execHostFallbackAllowed) {
-                await sendNodeEvent(client, "exec.denied", buildExecEventPayload({
-                    sessionKey,
-                    runId,
-                    host: "node",
-                    command: cmdText,
-                    reason: "companion-unavailable",
-                }));
-                await sendInvokeResult(client, frame, {
-                    ok: false,
-                    error: {
-                        code: "UNAVAILABLE",
-                        message: "COMPANION_APP_UNAVAILABLE: macOS app exec host unreachable",
-                    },
-                });
-                return;
-            }
-        }
-        else if (!response.ok) {
-            const reason = response.error.reason ?? "approval-required";
-            await sendNodeEvent(client, "exec.denied", buildExecEventPayload({
-                sessionKey,
-                runId,
-                host: "node",
-                command: cmdText,
-                reason,
-            }));
-            await sendInvokeResult(client, frame, {
-                ok: false,
-                error: { code: "UNAVAILABLE", message: response.error.message },
-            });
-            return;
-        }
-        else {
-            const result = response.payload;
+    await handleSystemRunInvoke({
+        client,
+        params,
+        skillBins,
+        execHostEnforced,
+        execHostFallbackAllowed,
+        resolveExecSecurity,
+        resolveExecAsk,
+        isCmdExeInvocation,
+        sanitizeEnv,
+        runCommand,
+        runViaMacAppExecHost,
+        sendNodeEvent,
+        buildExecEventPayload,
+        sendInvokeResult: async (result) => {
+            await sendInvokeResult(client, frame, result);
+        },
+        sendExecFinishedEvent: async ({ sessionKey, runId, cmdText, result }) => {
             await sendExecFinishedEvent({ client, sessionKey, runId, cmdText, result });
-            await sendInvokeResult(client, frame, {
-                ok: true,
-                payloadJSON: JSON.stringify(result),
-            });
-            return;
-        }
-    }
-    if (security === "deny") {
-        await sendNodeEvent(client, "exec.denied", buildExecEventPayload({
-            sessionKey,
-            runId,
-            host: "node",
-            command: cmdText,
-            reason: "security=deny",
-        }));
-        await sendInvokeResult(client, frame, {
-            ok: false,
-            error: { code: "UNAVAILABLE", message: "SYSTEM_RUN_DISABLED: security=deny" },
-        });
-        return;
-    }
-    const requiresAsk = requiresExecApproval({
-        ask,
-        security,
-        analysisOk,
-        allowlistSatisfied,
-    });
-    const approvalDecision = params.approvalDecision === "allow-once" || params.approvalDecision === "allow-always"
-        ? params.approvalDecision
-        : null;
-    const approvedByAsk = approvalDecision !== null || params.approved === true;
-    if (requiresAsk && !approvedByAsk) {
-        await sendNodeEvent(client, "exec.denied", buildExecEventPayload({
-            sessionKey,
-            runId,
-            host: "node",
-            command: cmdText,
-            reason: "approval-required",
-        }));
-        await sendInvokeResult(client, frame, {
-            ok: false,
-            error: { code: "UNAVAILABLE", message: "SYSTEM_RUN_DENIED: approval required" },
-        });
-        return;
-    }
-    if (approvalDecision === "allow-always" && security === "allowlist") {
-        if (analysisOk) {
-            for (const segment of segments) {
-                const pattern = segment.resolution?.resolvedPath ?? "";
-                if (pattern) {
-                    addAllowlistEntry(approvals.file, agentId, pattern);
-                }
-            }
-        }
-    }
-    if (security === "allowlist" && (!analysisOk || !allowlistSatisfied) && !approvedByAsk) {
-        await sendNodeEvent(client, "exec.denied", buildExecEventPayload({
-            sessionKey,
-            runId,
-            host: "node",
-            command: cmdText,
-            reason: "allowlist-miss",
-        }));
-        await sendInvokeResult(client, frame, {
-            ok: false,
-            error: { code: "UNAVAILABLE", message: "SYSTEM_RUN_DENIED: allowlist miss" },
-        });
-        return;
-    }
-    if (allowlistMatches.length > 0) {
-        const seen = new Set();
-        for (const match of allowlistMatches) {
-            if (!match?.pattern || seen.has(match.pattern)) {
-                continue;
-            }
-            seen.add(match.pattern);
-            recordAllowlistUse(approvals.file, agentId, match, cmdText, segments[0]?.resolution?.resolvedPath);
-        }
-    }
-    if (params.needsScreenRecording === true) {
-        await sendNodeEvent(client, "exec.denied", buildExecEventPayload({
-            sessionKey,
-            runId,
-            host: "node",
-            command: cmdText,
-            reason: "permission:screenRecording",
-        }));
-        await sendInvokeResult(client, frame, {
-            ok: false,
-            error: { code: "UNAVAILABLE", message: "PERMISSION_MISSING: screenRecording" },
-        });
-        return;
-    }
-    let execArgv = argv;
-    if (security === "allowlist" &&
-        isWindows &&
-        !approvedByAsk &&
-        shellCommand &&
-        analysisOk &&
-        allowlistSatisfied &&
-        segments.length === 1 &&
-        segments[0]?.argv.length > 0) {
-        execArgv = segments[0].argv;
-    }
-    const result = await runCommand(execArgv, params.cwd?.trim() || undefined, env, params.timeoutMs ?? undefined);
-    if (result.truncated) {
-        const suffix = "... (truncated)";
-        if (result.stderr.trim().length > 0) {
-            result.stderr = `${result.stderr}\n${suffix}`;
-        }
-        else {
-            result.stdout = `${result.stdout}\n${suffix}`;
-        }
-    }
-    await sendExecFinishedEvent({ client, sessionKey, runId, cmdText, result });
-    await sendInvokeResult(client, frame, {
-        ok: true,
-        payloadJSON: JSON.stringify({
-            exitCode: result.exitCode,
-            timedOut: result.timedOut,
-            success: result.success,
-            stdout: result.stdout,
-            stderr: result.stderr,
-            error: result.error ?? null,
-        }),
+        },
     });
 }
 function decodeParams(raw) {

package/dist/pairing/pairing-store.js

@@ -199,6 +199,16 @@ async function readAllowFromStateForPath(channel, filePath) {
     });
     return normalizeAllowFromList(channel, value);
 }
+function readAllowFromStateForPathSync(channel, filePath) {
+    try {
+        const raw = fs.readFileSync(filePath, "utf8");
+        const parsed = JSON.parse(raw);
+        return normalizeAllowFromList(channel, parsed);
+    }
+    catch {
+        return [];
+    }
+}
 async function readAllowFromState(params) {
     const { value } = await readJsonFile(params.filePath, {
         version: 1,
@@ -248,6 +258,18 @@ export async function readChannelAllowFromStore(channel, env = process.env, acco
     const legacyEntries = await readAllowFromStateForPath(channel, legacyPath);
     return dedupePreserveOrder([...scopedEntries, ...legacyEntries]);
 }
+export function readChannelAllowFromStoreSync(channel, env = process.env, accountId) {
+    const normalizedAccountId = accountId?.trim().toLowerCase() ?? "";
+    if (!normalizedAccountId) {
+        const filePath = resolveAllowFromPath(channel, env);
+        return readAllowFromStateForPathSync(channel, filePath);
+    }
+    const scopedPath = resolveAllowFromPath(channel, env, accountId);
+    const scopedEntries = readAllowFromStateForPathSync(channel, scopedPath);
+    const legacyPath = resolveAllowFromPath(channel, env);
+    const legacyEntries = readAllowFromStateForPathSync(channel, legacyPath);
+    return dedupePreserveOrder([...scopedEntries, ...legacyEntries]);
+}
 async function updateChannelAllowFromStore(params) {
     return await updateAllowFromStoreEntry({
         channel: params.channel,

package/dist/plugin-sdk/allow-from.js

@@ -8,7 +8,7 @@ export function formatAllowFromLowercase(params) {
 export function isAllowedParsedChatSender(params) {
     const allowFrom = params.allowFrom.map((entry) => String(entry).trim());
     if (allowFrom.length === 0) {
-        return true;
+        return false;
     }
     if (allowFrom.includes("*")) {
         return true;

package/dist/plugin-sdk/command-auth.js

@@ -1,6 +1,8 @@
 export async function resolveSenderCommandAuthorization(params) {
     const shouldComputeAuth = params.shouldComputeCommandAuthorized(params.rawBody, params.cfg);
-    const storeAllowFrom = !params.isGroup && (params.dmPolicy !== "open" || shouldComputeAuth)
+    const storeAllowFrom = !params.isGroup &&
+        params.dmPolicy !== "allowlist" &&
+        (params.dmPolicy !== "open" || shouldComputeAuth)
         ? await params.readAllowFromStore().catch(() => [])
         : [];
     const effectiveAllowFrom = [...params.configuredAllowFrom, ...storeAllowFrom];

package/dist/plugin-sdk/index.js

@@ -1,12 +1,13 @@
 export { createAccountListHelpers } from "../channels/plugins/account-helpers.js";
 export { CHANNEL_MESSAGE_ACTION_NAMES } from "../channels/plugins/message-action-names.js";
 export { BLUEBUBBLES_ACTIONS, BLUEBUBBLES_ACTION_NAMES, BLUEBUBBLES_GROUP_ACTIONS, } from "../channels/plugins/bluebubbles-actions.js";
+export { autoBindSpawnedDiscordSubagent, listThreadBindingsBySessionKey, unbindThreadBindingsBySessionKey, } from "../discord/monitor/thread-bindings.js";
 export { normalizePluginHttpPath } from "../plugins/http-path.js";
 export { registerPluginHttpRoute } from "../plugins/http-registry.js";
 export { emptyPluginConfigSchema } from "../plugins/config-schema.js";
 export { acquireFileLock, withFileLock } from "./file-lock.js";
 export { normalizeWebhookPath, resolveWebhookPath } from "./webhook-path.js";
-export { registerWebhookTarget, rejectNonPostWebhookRequest, resolveWebhookTargets, } from "./webhook-targets.js";
+export { registerWebhookTarget, rejectNonPostWebhookRequest, resolveSingleWebhookTarget, resolveSingleWebhookTargetAsync, resolveWebhookTargets, } from "./webhook-targets.js";
 export { buildAgentMediaPayload } from "./agent-media-payload.js";
 export { buildBaseChannelStatusSummary, collectStatusIssuesFromLastError, createDefaultChannelRuntimeState, } from "./status-helpers.js";
 export { buildOauthProviderAuthResult } from "./provider-auth-result.js";
@@ -23,6 +24,7 @@ export { extractToolSend } from "./tool-send.js";
 export { resolveChannelAccountConfigBasePath } from "./config-paths.js";
 export { chunkTextForOutbound } from "./text-chunking.js";
 export { readJsonFileWithFallback, writeJsonFileAtomically } from "./json-store.js";
+export { buildRandomTempFilePath, withTempDownloadPath } from "./temp-path.js";
 export { resolveAckReaction } from "../agents/identity.js";
 export { SILENT_REPLY_TOKEN, isSilentReplyText } from "../auto-reply/tokens.js";
 export { approveDevicePairing, listDevicePairing, rejectDevicePairing, } from "../infra/device-pairing.js";
@@ -30,12 +32,12 @@ export { createDedupeCache } from "../infra/dedupe.js";
 export { formatErrorMessage } from "../infra/errors.js";
 export { DEFAULT_WEBHOOK_BODY_TIMEOUT_MS, DEFAULT_WEBHOOK_MAX_BODY_BYTES, RequestBodyLimitError, installRequestBodyLimitGuard, isRequestBodyLimitError, readJsonBodyWithLimit, readRequestBodyWithLimit, requestBodyErrorToText, } from "../infra/http-body.js";
 export { fetchWithSsrFGuard } from "../infra/net/fetch-guard.js";
-export { SsrFBlockedError, isBlockedHostname, isPrivateIpAddress } from "../infra/net/ssrf.js";
+export { SsrFBlockedError, isBlockedHostname, isBlockedHostnameOrIp, isPrivateIpAddress, } from "../infra/net/ssrf.js";
 export { rawDataToString } from "../infra/ws.js";
 export { isWSLSync, isWSL2Sync, isWSLEnv } from "../infra/wsl.js";
 export { isTruthyEnvValue } from "../infra/env.js";
 export { resolveToolsBySender } from "../config/group-policy.js";
-export { buildPendingHistoryContextFromMap, clearHistoryEntries, clearHistoryEntriesIfEnabled, DEFAULT_GROUP_HISTORY_LIMIT, recordPendingHistoryEntry, recordPendingHistoryEntryIfEnabled, } from "../auto-reply/reply/history.js";
+export { buildPendingHistoryContextFromMap, clearHistoryEntries, clearHistoryEntriesIfEnabled, DEFAULT_GROUP_HISTORY_LIMIT, evictOldHistoryKeys, recordPendingHistoryEntry, recordPendingHistoryEntryIfEnabled, } from "../auto-reply/reply/history.js";
 export { mergeAllowlist, summarizeMapping } from "../channels/allowlists/resolve-utils.js";
 export { resolveMentionGating, resolveMentionGatingWithBypass, } from "../channels/mention-gating.js";
 export { removeAckReactionAfterReply, shouldAckReaction, shouldAckReactionForWhatsApp, } from "../channels/ack-reactions.js";
@@ -60,6 +62,7 @@ export { addWildcardAllowFrom, mergeAllowFromEntries, promptAccountId, } from ".
 export { promptChannelAccessConfig } from "../channels/plugins/onboarding/channel-access.js";
 export { createActionGate, jsonResult, readNumberParam, readReactionParams, readStringParam, } from "../agents/tools/common.js";
 export { formatDocsLink } from "../terminal/links.js";
+export { resolveDmAllowState, resolveDmGroupAccessDecision, resolveEffectiveAllowFromLists, } from "../security/dm-policy-shared.js";
 export { clamp, escapeRegExp, normalizeE164, safeParseJson, sleep } from "../utils.js";
 export { stripAnsi } from "../terminal/ansi.js";
 export { missingTargetError } from "../infra/outbound/target-errors.js";

package/dist/plugin-sdk/temp-path.js

@@ -0,0 +1,47 @@
+import crypto from "node:crypto";
+import { mkdtemp, rm } from "node:fs/promises";
+import os from "node:os";
+import path from "node:path";
+function sanitizePrefix(prefix) {
+    const normalized = prefix.replace(/[^a-zA-Z0-9_-]+/g, "-").replace(/^-+|-+$/g, "");
+    return normalized || "tmp";
+}
+function sanitizeExtension(extension) {
+    if (!extension) {
+        return "";
+    }
+    const normalized = extension.startsWith(".") ? extension : `.${extension}`;
+    const suffix = normalized.match(/[a-zA-Z0-9._-]+$/)?.[0] ?? "";
+    const token = suffix.replace(/^[._-]+/, "");
+    if (!token) {
+        return "";
+    }
+    return `.${token}`;
+}
+function sanitizeFileName(fileName) {
+    const base = path.basename(fileName).replace(/[^a-zA-Z0-9._-]+/g, "-");
+    const normalized = base.replace(/^-+|-+$/g, "");
+    return normalized || "download.bin";
+}
+export function buildRandomTempFilePath(params) {
+    const prefix = sanitizePrefix(params.prefix);
+    const extension = sanitizeExtension(params.extension);
+    const nowCandidate = params.now;
+    const now = typeof nowCandidate === "number" && Number.isFinite(nowCandidate)
+        ? Math.trunc(nowCandidate)
+        : Date.now();
+    const uuid = params.uuid?.trim() || crypto.randomUUID();
+    return path.join(params.tmpDir ?? os.tmpdir(), `${prefix}-${now}-${uuid}${extension}`);
+}
+export async function withTempDownloadPath(params, fn) {
+    const tempRoot = params.tmpDir ?? os.tmpdir();
+    const prefix = `${sanitizePrefix(params.prefix)}-`;
+    const dir = await mkdtemp(path.join(tempRoot, prefix));
+    const tmpPath = path.join(dir, sanitizeFileName(params.fileName ?? "download.bin"));
+    try {
+        return await fn(tmpPath);
+    }
+    finally {
+        await rm(dir, { recursive: true, force: true }).catch(() => { });
+    }
+}

package/dist/plugin-sdk/webhook-targets.js

@@ -23,6 +23,38 @@ export function resolveWebhookTargets(req, targetsByPath) {
     }
     return { path, targets };
 }
+export function resolveSingleWebhookTarget(targets, isMatch) {
+    let matched;
+    for (const target of targets) {
+        if (!isMatch(target)) {
+            continue;
+        }
+        if (matched) {
+            return { kind: "ambiguous" };
+        }
+        matched = target;
+    }
+    if (!matched) {
+        return { kind: "none" };
+    }
+    return { kind: "single", target: matched };
+}
+export async function resolveSingleWebhookTargetAsync(targets, isMatch) {
+    let matched;
+    for (const target of targets) {
+        if (!(await isMatch(target))) {
+            continue;
+        }
+        if (matched) {
+            return { kind: "ambiguous" };
+        }
+        matched = target;
+    }
+    if (!matched) {
+        return { kind: "none" };
+    }
+    return { kind: "single", target: matched };
+}
 export function rejectNonPostWebhookRequest(req, res) {
     if (req.method === "POST") {
         return false;