@poolzin/pool-bot 2026.2.24 → 2026.2.26

package/dist/agents/sandbox/config.js

@@ -1,9 +1,22 @@
 import { resolveAgentConfig } from "../agent-scope.js";
-import { DEFAULT_SANDBOX_BROWSER_AUTOSTART_TIMEOUT_MS, DEFAULT_SANDBOX_BROWSER_CDP_PORT, DEFAULT_SANDBOX_BROWSER_IMAGE, DEFAULT_SANDBOX_BROWSER_NOVNC_PORT, DEFAULT_SANDBOX_BROWSER_PREFIX, DEFAULT_SANDBOX_BROWSER_VNC_PORT, DEFAULT_SANDBOX_CONTAINER_PREFIX, DEFAULT_SANDBOX_IDLE_HOURS, DEFAULT_SANDBOX_IMAGE, DEFAULT_SANDBOX_MAX_AGE_DAYS, DEFAULT_SANDBOX_WORKDIR, DEFAULT_SANDBOX_WORKSPACE_ROOT, } from "./constants.js";
+import { DEFAULT_SANDBOX_BROWSER_AUTOSTART_TIMEOUT_MS, DEFAULT_SANDBOX_BROWSER_CDP_PORT, DEFAULT_SANDBOX_BROWSER_IMAGE, DEFAULT_SANDBOX_BROWSER_NETWORK, DEFAULT_SANDBOX_BROWSER_NOVNC_PORT, DEFAULT_SANDBOX_BROWSER_PREFIX, DEFAULT_SANDBOX_BROWSER_VNC_PORT, DEFAULT_SANDBOX_CONTAINER_PREFIX, DEFAULT_SANDBOX_IDLE_HOURS, DEFAULT_SANDBOX_IMAGE, DEFAULT_SANDBOX_MAX_AGE_DAYS, DEFAULT_SANDBOX_WORKDIR, DEFAULT_SANDBOX_WORKSPACE_ROOT, } from "./constants.js";
 import { resolveSandboxToolPolicyForAgent } from "./tool-policy.js";
+export function resolveSandboxBrowserDockerCreateConfig(params) {
+    const browserNetwork = params.browser.network.trim();
+    const base = {
+        ...params.docker,
+        // Browser container needs network access for Chrome, downloads, etc.
+        network: browserNetwork || DEFAULT_SANDBOX_BROWSER_NETWORK,
+        // For hashing and consistency, treat browser image as the docker image even though we
+        // pass it separately as the final `docker create` argument.
+        image: params.browser.image,
+    };
+    return params.browser.binds !== undefined ? { ...base, binds: params.browser.binds } : base;
+}
 export function resolveSandboxScope(params) {
-    if (params.scope)
+    if (params.scope) {
         return params.scope;
+    }
     if (typeof params.perSession === "boolean") {
         return params.perSession ? "session" : "shared";
     }
@@ -47,13 +60,18 @@ export function resolveSandboxDockerConfig(params) {
 export function resolveSandboxBrowserConfig(params) {
     const agentBrowser = params.scope === "shared" ? undefined : params.agentBrowser;
     const globalBrowser = params.globalBrowser;
+    const binds = [...(globalBrowser?.binds ?? []), ...(agentBrowser?.binds ?? [])];
+    // Treat `binds: []` as an explicit override, so it can disable `docker.binds` for the browser container.
+    const bindsConfigured = globalBrowser?.binds !== undefined || agentBrowser?.binds !== undefined;
     return {
         enabled: agentBrowser?.enabled ?? globalBrowser?.enabled ?? false,
         image: agentBrowser?.image ?? globalBrowser?.image ?? DEFAULT_SANDBOX_BROWSER_IMAGE,
         containerPrefix: agentBrowser?.containerPrefix ??
             globalBrowser?.containerPrefix ??
             DEFAULT_SANDBOX_BROWSER_PREFIX,
+        network: agentBrowser?.network ?? globalBrowser?.network ?? DEFAULT_SANDBOX_BROWSER_NETWORK,
         cdpPort: agentBrowser?.cdpPort ?? globalBrowser?.cdpPort ?? DEFAULT_SANDBOX_BROWSER_CDP_PORT,
+        cdpSourceRange: agentBrowser?.cdpSourceRange ?? globalBrowser?.cdpSourceRange,
         vncPort: agentBrowser?.vncPort ?? globalBrowser?.vncPort ?? DEFAULT_SANDBOX_BROWSER_VNC_PORT,
         noVncPort: agentBrowser?.noVncPort ?? globalBrowser?.noVncPort ?? DEFAULT_SANDBOX_BROWSER_NOVNC_PORT,
         headless: agentBrowser?.headless ?? globalBrowser?.headless ?? false,
@@ -63,6 +81,7 @@ export function resolveSandboxBrowserConfig(params) {
         autoStartTimeoutMs: agentBrowser?.autoStartTimeoutMs ??
             globalBrowser?.autoStartTimeoutMs ??
             DEFAULT_SANDBOX_BROWSER_AUTOSTART_TIMEOUT_MS,
+        binds: bindsConfigured ? binds : undefined,
     };
 }
 export function resolveSandboxPruneConfig(params) {

package/dist/agents/sandbox/constants.js

@@ -43,3 +43,5 @@ const resolvedSandboxStateDir = STATE_DIR ?? path.join(os.homedir(), ".poolbot")
 export const SANDBOX_STATE_DIR = path.join(resolvedSandboxStateDir, "sandbox");
 export const SANDBOX_REGISTRY_PATH = path.join(SANDBOX_STATE_DIR, "containers.json");
 export const SANDBOX_BROWSER_REGISTRY_PATH = path.join(SANDBOX_STATE_DIR, "browsers.json");
+export const SANDBOX_BROWSER_SECURITY_HASH_EPOCH = "2026-02-21-novnc-auth-default";
+export const DEFAULT_SANDBOX_BROWSER_NETWORK = "poolbot-sandbox-browser";

package/dist/agents/sandbox/docker.js

@@ -1,4 +1,5 @@
 import { spawn } from "node:child_process";
+import { createSubsystemLogger } from "../../logging/subsystem.js";
 import { sanitizeEnvVars } from "./sanitize-env-vars.js";
 function createAbortError() {
     const err = new Error("Aborted");
@@ -82,6 +83,7 @@ import { DEFAULT_SANDBOX_IMAGE, SANDBOX_AGENT_WORKSPACE_MOUNT } from "./constant
 import { readRegistry, updateRegistry } from "./registry.js";
 import { resolveSandboxAgentId, resolveSandboxScopeKey, slugifySessionKey } from "./shared.js";
 import { validateSandboxSecurity } from "./validate-sandbox-security.js";
+const log = createSubsystemLogger("docker");
 const HOT_CONTAINER_WINDOW_MS = 5 * 60 * 1000;
 export async function execDocker(args, opts) {
     const result = await execDockerRaw(args, opts);
@@ -102,6 +104,18 @@ export async function readDockerContainerLabel(containerName, label) {
     }
     return raw;
 }
+export async function readDockerContainerEnvVar(containerName, envVar) {
+    const result = await execDocker(["inspect", "-f", "{{range .Config.Env}}{{println .}}{{end}}", containerName], { allowFailure: true });
+    if (result.code !== 0) {
+        return null;
+    }
+    for (const line of result.stdout.split(/\r?\n/)) {
+        if (line.startsWith(`${envVar}=`)) {
+            return line.slice(envVar.length + 1);
+        }
+    }
+    return null;
+}
 export async function readDockerPort(containerName, port) {
     const result = await execDocker(["port", containerName, `${port}/tcp`], {
         allowFailure: true,
@@ -212,10 +226,10 @@ export function buildSandboxCreateArgs(params) {
     }
     const envSanitization = sanitizeEnvVars(params.cfg.env ?? {});
     if (envSanitization.blocked.length > 0) {
-        console.warn("[Security] Blocked sensitive environment variables:", envSanitization.blocked.join(", "));
+        log.warn(`Blocked sensitive environment variables: ${envSanitization.blocked.join(", ")}`);
     }
     if (envSanitization.warnings.length > 0) {
-        console.warn("[Security] Suspicious environment variables:", envSanitization.warnings);
+        log.warn(`Suspicious environment variables: ${envSanitization.warnings.join(", ")}`);
     }
     for (const [key, value] of Object.entries(envSanitization.allowed)) {
         args.push("--env", `${key}=${value}`);

package/dist/agents/sandbox/novnc-auth.js

@@ -0,0 +1,62 @@
+import crypto from "node:crypto";
+export const NOVNC_PASSWORD_ENV_KEY = "POOLBOT_BROWSER_NOVNC_PASSWORD";
+const NOVNC_TOKEN_TTL_MS = 5 * 60 * 1000;
+const NO_VNC_OBSERVER_TOKENS = new Map();
+function pruneExpiredNoVncObserverTokens(now) {
+    for (const [token, entry] of NO_VNC_OBSERVER_TOKENS) {
+        if (entry.expiresAt <= now) {
+            NO_VNC_OBSERVER_TOKENS.delete(token);
+        }
+    }
+}
+export function isNoVncEnabled(params) {
+    return params.enableNoVnc && !params.headless;
+}
+export function generateNoVncPassword() {
+    // VNC auth uses an 8-char password max.
+    return crypto.randomBytes(4).toString("hex");
+}
+export function buildNoVncDirectUrl(port, password) {
+    const query = new URLSearchParams({
+        autoconnect: "1",
+        resize: "remote",
+    });
+    if (password?.trim()) {
+        query.set("password", password);
+    }
+    return `http://127.0.0.1:${port}/vnc.html?${query.toString()}`;
+}
+export function issueNoVncObserverToken(params) {
+    const now = params.nowMs ?? Date.now();
+    pruneExpiredNoVncObserverTokens(now);
+    const token = crypto.randomBytes(24).toString("hex");
+    NO_VNC_OBSERVER_TOKENS.set(token, {
+        url: params.url,
+        expiresAt: now + Math.max(1, params.ttlMs ?? NOVNC_TOKEN_TTL_MS),
+    });
+    return token;
+}
+export function consumeNoVncObserverToken(token, nowMs) {
+    const now = nowMs ?? Date.now();
+    pruneExpiredNoVncObserverTokens(now);
+    const normalized = token.trim();
+    if (!normalized) {
+        return null;
+    }
+    const entry = NO_VNC_OBSERVER_TOKENS.get(normalized);
+    if (!entry) {
+        return null;
+    }
+    NO_VNC_OBSERVER_TOKENS.delete(normalized);
+    if (entry.expiresAt <= now) {
+        return null;
+    }
+    return entry.url;
+}
+export function buildNoVncObserverTokenUrl(baseUrl, token) {
+    const query = new URLSearchParams({ token });
+    return `${baseUrl}/sandbox/novnc?${query.toString()}`;
+}
+export function resetNoVncObserverTokensForTests() {
+    NO_VNC_OBSERVER_TOKENS.clear();
+}

package/dist/agents/sandbox/sanitize-env-vars.js

@@ -28,7 +28,7 @@ const ALLOWED_ENV_VAR_PATTERNS = [
     /^TZ$/i,
     /^NODE_ENV$/i,
 ];
-function validateEnvVarValue(value) {
+export function validateEnvVarValue(value) {
     if (value.includes("\0")) {
         return "Contains null bytes";
     }

package/dist/agents/sandbox/shared.js

@@ -1,11 +1,11 @@
-import crypto from "node:crypto";
 import path from "node:path";
 import { normalizeAgentId } from "../../routing/session-key.js";
 import { resolveUserPath } from "../../utils.js";
 import { resolveAgentIdFromSessionKey } from "../agent-scope.js";
+import { hashTextSha256 } from "./hash.js";
 export function slugifySessionKey(value) {
     const trimmed = value.trim() || "session";
-    const hash = crypto.createHash("sha1").update(trimmed).digest("hex").slice(0, 8);
+    const hash = hashTextSha256(trimmed).slice(0, 8);
     const safe = trimmed
         .toLowerCase()
         .replace(/[^a-z0-9._-]+/g, "-")
@@ -20,19 +20,23 @@ export function resolveSandboxWorkspaceDir(root, sessionKey) {
 }
 export function resolveSandboxScopeKey(scope, sessionKey) {
     const trimmed = sessionKey.trim() || "main";
-    if (scope === "shared")
+    if (scope === "shared") {
         return "shared";
-    if (scope === "session")
+    }
+    if (scope === "session") {
         return trimmed;
+    }
     const agentId = resolveAgentIdFromSessionKey(trimmed);
     return `agent:${agentId}`;
 }
 export function resolveSandboxAgentId(scopeKey) {
     const trimmed = scopeKey.trim();
-    if (!trimmed || trimmed === "shared")
+    if (!trimmed || trimmed === "shared") {
         return undefined;
+    }
     const parts = trimmed.split(":").filter(Boolean);
-    if (parts[0] === "agent" && parts[1])
+    if (parts[0] === "agent" && parts[1]) {
         return normalizeAgentId(parts[1]);
+    }
     return resolveAgentIdFromSessionKey(trimmed);
 }

package/dist/agents/sandbox-paths.js

@@ -2,6 +2,7 @@ import fs from "node:fs/promises";
 import os from "node:os";
 import path from "node:path";
 import { fileURLToPath } from "node:url";
+import { isNotFoundPathError, isPathInside } from "../infra/path-guards.js";
 const UNICODE_SPACES = /[\u00A0\u2000-\u200A\u202F\u205F\u3000]/g;
 const HTTP_URL_RE = /^https?:\/\//i;
 const DATA_URL_RE = /^data:/i;
@@ -70,12 +71,32 @@ export async function resolveSandboxedMediaSource(params) {
             throw new Error(`Invalid file:// URL for sandboxed media: ${raw}`);
         }
     }
-    const resolved = await assertSandboxPath({
+    const tmpMediaPath = await resolveAllowedTmpMediaPath({
+        candidate,
+        sandboxRoot: params.sandboxRoot,
+    });
+    if (tmpMediaPath) {
+        return tmpMediaPath;
+    }
+    const sandboxResult = await assertSandboxPath({
         filePath: candidate,
         cwd: params.sandboxRoot,
         root: params.sandboxRoot,
     });
-    return resolved.resolved;
+    return sandboxResult.resolved;
+}
+async function resolveAllowedTmpMediaPath(params) {
+    const candidateIsAbsolute = path.isAbsolute(expandPath(params.candidate));
+    if (!candidateIsAbsolute) {
+        return undefined;
+    }
+    const resolved = path.resolve(resolveSandboxInputPath(params.candidate, params.sandboxRoot));
+    const tmpDir = path.resolve(os.tmpdir());
+    if (!isPathInside(tmpDir, resolved)) {
+        return undefined;
+    }
+    await assertNoSymlinkEscape(path.relative(tmpDir, resolved), tmpDir);
+    return resolved;
 }
 async function assertNoSymlinkEscape(relative, root, options) {
     if (!relative) {
@@ -104,8 +125,7 @@ async function assertNoSymlinkEscape(relative, root, options) {
             }
         }
         catch (err) {
-            const anyErr = err;
-            if (anyErr.code === "ENOENT") {
+            if (isNotFoundPathError(err)) {
                 return;
             }
             throw err;
@@ -120,13 +140,6 @@ async function tryRealpath(value) {
         return path.resolve(value);
     }
 }
-function isPathInside(root, target) {
-    const relative = path.relative(root, target);
-    if (!relative || relative === "") {
-        return true;
-    }
-    return !(relative.startsWith("..") || path.isAbsolute(relative));
-}
 function shortPath(value) {
     if (value.startsWith(os.homedir())) {
         return `~${value.slice(os.homedir().length)}`;

package/dist/agents/schema/clean-for-gemini.js

@@ -26,18 +26,28 @@ export const GEMINI_UNSUPPORTED_SCHEMA_KEYWORDS = new Set([
     "minProperties",
     "maxProperties",
 ]);
+const SCHEMA_META_KEYS = ["description", "title", "default"];
+function copySchemaMeta(from, to) {
+    for (const key of SCHEMA_META_KEYS) {
+        if (key in from && from[key] !== undefined) {
+            to[key] = from[key];
+        }
+    }
+}
 // Check if an anyOf/oneOf array contains only literal values that can be flattened.
 // TypeBox Type.Literal generates { const: "value", type: "string" }.
 // Some schemas may use { enum: ["value"], type: "string" }.
 // Both patterns are flattened to { type: "string", enum: ["a", "b", ...] }.
 function tryFlattenLiteralAnyOf(variants) {
-    if (variants.length === 0)
+    if (variants.length === 0) {
         return null;
+    }
     const allValues = [];
     let commonType = null;
     for (const variant of variants) {
-        if (!variant || typeof variant !== "object")
+        if (!variant || typeof variant !== "object") {
             return null;
+        }
         const v = variant;
         let literalValue;
         if ("const" in v) {
@@ -50,16 +60,20 @@ function tryFlattenLiteralAnyOf(variants) {
             return null;
         }
         const variantType = typeof v.type === "string" ? v.type : null;
-        if (!variantType)
+        if (!variantType) {
             return null;
-        if (commonType === null)
+        }
+        if (commonType === null) {
             commonType = variantType;
-        else if (commonType !== variantType)
+        }
+        else if (commonType !== variantType) {
             return null;
+        }
         allValues.push(literalValue);
     }
-    if (commonType && allValues.length > 0)
+    if (commonType && allValues.length > 0) {
         return { type: commonType, enum: allValues };
+    }
     return null;
 }
 function isNullSchema(variant) {
@@ -67,22 +81,25 @@ function isNullSchema(variant) {
         return false;
     }
     const record = variant;
-    if ("const" in record && record.const === null)
+    if ("const" in record && record.const === null) {
         return true;
+    }
     if (Array.isArray(record.enum) && record.enum.length === 1) {
         return record.enum[0] === null;
     }
     const typeValue = record.type;
-    if (typeValue === "null")
+    if (typeValue === "null") {
         return true;
+    }
     if (Array.isArray(typeValue) && typeValue.length === 1 && typeValue[0] === "null") {
         return true;
     }
     return false;
 }
 function stripNullVariants(variants) {
-    if (variants.length === 0)
+    if (variants.length === 0) {
         return { variants, stripped: false };
+    }
     const nonNull = variants.filter((variant) => !isNullSchema(variant));
     return {
         variants: nonNull,
@@ -98,16 +115,19 @@ function extendSchemaDefs(defs, schema) {
         !Array.isArray(schema.definitions)
         ? schema.definitions
         : undefined;
-    if (!defsEntry && !legacyDefsEntry)
+    if (!defsEntry && !legacyDefsEntry) {
         return defs;
+    }
     const next = defs ? new Map(defs) : new Map();
     if (defsEntry) {
-        for (const [key, value] of Object.entries(defsEntry))
+        for (const [key, value] of Object.entries(defsEntry)) {
             next.set(key, value);
+        }
     }
     if (legacyDefsEntry) {
-        for (const [key, value] of Object.entries(legacyDefsEntry))
+        for (const [key, value] of Object.entries(legacyDefsEntry)) {
             next.set(key, value);
+        }
     }
     return next;
 }
@@ -115,19 +135,48 @@ function decodeJsonPointerSegment(segment) {
     return segment.replaceAll("~1", "/").replaceAll("~0", "~");
 }
 function tryResolveLocalRef(ref, defs) {
-    if (!defs)
+    if (!defs) {
         return undefined;
+    }
     const match = ref.match(/^#\/(?:\$defs|definitions)\/(.+)$/);
-    if (!match)
+    if (!match) {
         return undefined;
+    }
     const name = decodeJsonPointerSegment(match[1] ?? "");
-    if (!name)
+    if (!name) {
         return undefined;
+    }
     return defs.get(name);
 }
+function simplifyUnionVariants(params) {
+    const { obj, variants } = params;
+    const { variants: nonNullVariants, stripped } = stripNullVariants(variants);
+    const flattened = tryFlattenLiteralAnyOf(nonNullVariants);
+    if (flattened) {
+        const result = {
+            type: flattened.type,
+            enum: flattened.enum,
+        };
+        copySchemaMeta(obj, result);
+        return { variants: nonNullVariants, simplified: result };
+    }
+    if (stripped && nonNullVariants.length === 1) {
+        const lone = nonNullVariants[0];
+        if (lone && typeof lone === "object" && !Array.isArray(lone)) {
+            const result = {
+                ...lone,
+            };
+            copySchemaMeta(obj, result);
+            return { variants: nonNullVariants, simplified: result };
+        }
+        return { variants: nonNullVariants, simplified: lone };
+    }
+    return { variants: stripped ? nonNullVariants : variants };
+}
 function cleanSchemaForGeminiWithDefs(schema, defs, refStack) {
-    if (!schema || typeof schema !== "object")
+    if (!schema || typeof schema !== "object") {
         return schema;
+    }
     if (Array.isArray(schema)) {
         return schema.map((item) => cleanSchemaForGeminiWithDefs(item, defs, refStack));
     }
@@ -135,8 +184,9 @@ function cleanSchemaForGeminiWithDefs(schema, defs, refStack) {
     const nextDefs = extendSchemaDefs(defs, obj);
     const refValue = typeof obj.$ref === "string" ? obj.$ref : undefined;
     if (refValue) {
-        if (refStack?.has(refValue))
+        if (refStack?.has(refValue)) {
             return {};
+        }
         const resolved = tryResolveLocalRef(refValue, nextDefs);
         if (resolved) {
             const nextRefStack = refStack ? new Set(refStack) : new Set();
@@ -148,17 +198,11 @@ function cleanSchemaForGeminiWithDefs(schema, defs, refStack) {
             const result = {
                 ...cleaned,
             };
-            for (const key of ["description", "title", "default"]) {
-                if (key in obj && obj[key] !== undefined)
-                    result[key] = obj[key];
-            }
+            copySchemaMeta(obj, result);
             return result;
         }
         const result = {};
-        for (const key of ["description", "title", "default"]) {
-            if (key in obj && obj[key] !== undefined)
-                result[key] = obj[key];
-        }
+        copySchemaMeta(obj, result);
         return result;
     }
     const hasAnyOf = "anyOf" in obj && Array.isArray(obj.anyOf);
@@ -170,77 +214,31 @@ function cleanSchemaForGeminiWithDefs(schema, defs, refStack) {
         ? obj.oneOf.map((variant) => cleanSchemaForGeminiWithDefs(variant, nextDefs, refStack))
         : undefined;
     if (hasAnyOf) {
-        const { variants: nonNullVariants, stripped } = stripNullVariants(cleanedAnyOf ?? []);
-        if (stripped)
-            cleanedAnyOf = nonNullVariants;
-        const flattened = tryFlattenLiteralAnyOf(nonNullVariants);
-        if (flattened) {
-            const result = {
-                type: flattened.type,
-                enum: flattened.enum,
-            };
-            for (const key of ["description", "title", "default"]) {
-                if (key in obj && obj[key] !== undefined)
-                    result[key] = obj[key];
-            }
-            return result;
-        }
-        if (stripped && nonNullVariants.length === 1) {
-            const lone = nonNullVariants[0];
-            if (lone && typeof lone === "object" && !Array.isArray(lone)) {
-                const result = {
-                    ...lone,
-                };
-                for (const key of ["description", "title", "default"]) {
-                    if (key in obj && obj[key] !== undefined)
-                        result[key] = obj[key];
-                }
-                return result;
-            }
-            return lone;
+        const simplified = simplifyUnionVariants({ obj, variants: cleanedAnyOf ?? [] });
+        cleanedAnyOf = simplified.variants;
+        if ("simplified" in simplified) {
+            return simplified.simplified;
         }
     }
     if (hasOneOf) {
-        const { variants: nonNullVariants, stripped } = stripNullVariants(cleanedOneOf ?? []);
-        if (stripped)
-            cleanedOneOf = nonNullVariants;
-        const flattened = tryFlattenLiteralAnyOf(nonNullVariants);
-        if (flattened) {
-            const result = {
-                type: flattened.type,
-                enum: flattened.enum,
-            };
-            for (const key of ["description", "title", "default"]) {
-                if (key in obj && obj[key] !== undefined)
-                    result[key] = obj[key];
-            }
-            return result;
-        }
-        if (stripped && nonNullVariants.length === 1) {
-            const lone = nonNullVariants[0];
-            if (lone && typeof lone === "object" && !Array.isArray(lone)) {
-                const result = {
-                    ...lone,
-                };
-                for (const key of ["description", "title", "default"]) {
-                    if (key in obj && obj[key] !== undefined)
-                        result[key] = obj[key];
-                }
-                return result;
-            }
-            return lone;
+        const simplified = simplifyUnionVariants({ obj, variants: cleanedOneOf ?? [] });
+        cleanedOneOf = simplified.variants;
+        if ("simplified" in simplified) {
+            return simplified.simplified;
         }
     }
     const cleaned = {};
     for (const [key, value] of Object.entries(obj)) {
-        if (GEMINI_UNSUPPORTED_SCHEMA_KEYWORDS.has(key))
+        if (GEMINI_UNSUPPORTED_SCHEMA_KEYWORDS.has(key)) {
             continue;
+        }
         if (key === "const") {
             cleaned.enum = [value];
             continue;
         }
-        if (key === "type" && (hasAnyOf || hasOneOf))
+        if (key === "type" && (hasAnyOf || hasOneOf)) {
             continue;
+        }
         if (key === "type" &&
             Array.isArray(value) &&
             value.every((entry) => typeof entry === "string")) {
@@ -283,13 +281,62 @@ function cleanSchemaForGeminiWithDefs(schema, defs, refStack) {
             cleaned[key] = value;
         }
     }
+    // Cloud Code Assist API rejects anyOf/oneOf in nested schemas even after
+    // simplifyUnionVariants runs above. Flatten remaining unions as a fallback:
+    // pick the common type or use the first variant's type so the tool
+    // declaration is accepted by Google's validation layer.
+    if (cleaned.anyOf && Array.isArray(cleaned.anyOf)) {
+        const flattened = flattenUnionFallback(cleaned, cleaned.anyOf);
+        if (flattened) {
+            return flattened;
+        }
+    }
+    if (cleaned.oneOf && Array.isArray(cleaned.oneOf)) {
+        const flattened = flattenUnionFallback(cleaned, cleaned.oneOf);
+        if (flattened) {
+            return flattened;
+        }
+    }
     return cleaned;
 }
+/**
+ * Last-resort flattening for anyOf/oneOf arrays that could not be simplified
+ * by `simplifyUnionVariants`. Picks a representative type so the schema is
+ * accepted by Google's restricted JSON Schema validation.
+ */
+function flattenUnionFallback(obj, variants) {
+    const objects = variants.filter((v) => !!v && typeof v === "object");
+    if (objects.length === 0) {
+        return undefined;
+    }
+    const types = new Set(objects.map((v) => v.type).filter(Boolean));
+    if (objects.length === 1) {
+        const merged = { ...objects[0] };
+        copySchemaMeta(obj, merged);
+        return merged;
+    }
+    if (types.size === 1) {
+        const merged = { type: Array.from(types)[0] };
+        copySchemaMeta(obj, merged);
+        return merged;
+    }
+    const first = objects[0];
+    if (first?.type) {
+        const merged = { type: first.type };
+        copySchemaMeta(obj, merged);
+        return merged;
+    }
+    const merged = {};
+    copySchemaMeta(obj, merged);
+    return merged;
+}
 export function cleanSchemaForGemini(schema) {
-    if (!schema || typeof schema !== "object")
+    if (!schema || typeof schema !== "object") {
         return schema;
-    if (Array.isArray(schema))
+    }
+    if (Array.isArray(schema)) {
         return schema.map(cleanSchemaForGemini);
+    }
     const defs = extendSchemaDefs(undefined, schema);
     return cleanSchemaForGeminiWithDefs(schema, defs, undefined);
 }

package/dist/agents/session-slug.js

@@ -103,30 +103,35 @@ function randomChoice(values, fallback) {
 }
 function createSlugBase(words = 2) {
     const parts = [randomChoice(SLUG_ADJECTIVES, "steady"), randomChoice(SLUG_NOUNS, "harbor")];
-    if (words > 2)
+    if (words > 2) {
         parts.push(randomChoice(SLUG_NOUNS, "reef"));
+    }
     return parts.join("-");
 }
 export function createSessionSlug(isTaken) {
     const isIdTaken = isTaken ?? (() => false);
     for (let attempt = 0; attempt < 12; attempt += 1) {
         const base = createSlugBase(2);
-        if (!isIdTaken(base))
+        if (!isIdTaken(base)) {
             return base;
+        }
         for (let i = 2; i <= 12; i += 1) {
             const candidate = `${base}-${i}`;
-            if (!isIdTaken(candidate))
+            if (!isIdTaken(candidate)) {
                 return candidate;
+            }
         }
     }
     for (let attempt = 0; attempt < 12; attempt += 1) {
         const base = createSlugBase(3);
-        if (!isIdTaken(base))
+        if (!isIdTaken(base)) {
             return base;
+        }
         for (let i = 2; i <= 12; i += 1) {
             const candidate = `${base}-${i}`;
-            if (!isIdTaken(candidate))
+            if (!isIdTaken(candidate)) {
                 return candidate;
+            }
         }
     }
     const fallback = `${createSlugBase(3)}-${Math.random().toString(36).slice(2, 5)}`;