@poolzin/pool-bot 2026.2.24 → 2026.2.26

package/dist/agents/session-tool-result-guard-wrapper.js

@@ -39,6 +39,7 @@ export function guardSessionManager(sessionManager, opts) {
         transformMessageForPersistence: (message) => applyInputProvenanceToUserMessage(message, opts?.inputProvenance),
         transformToolResultForPersistence: transform,
         allowSyntheticToolResults: opts?.allowSyntheticToolResults,
+        allowedToolNames: opts?.allowedToolNames,
         beforeMessageWriteHook: beforeMessageWrite,
     });
     sessionManager.flushPendingToolResults = guard.flushPendingToolResults;

package/dist/agents/session-tool-result-guard.js

@@ -111,7 +111,9 @@ export function installSessionToolResultGuard(sessionManager, opts) {
         let nextMessage = message;
         const role = message.role;
         if (role === "assistant") {
-            const sanitized = sanitizeToolCallInputs([message]);
+            const sanitized = sanitizeToolCallInputs([message], {
+                allowedToolNames: opts?.allowedToolNames,
+            });
             if (sanitized.length === 0) {
                 if (allowSyntheticToolResults && pending.size > 0) {
                     flushPendingToolResults();

package/dist/agents/session-transcript-repair.js

@@ -1,4 +1,6 @@
 import { extractToolCallsFromAssistant, extractToolResultId } from "./tool-call-id.js";
+const TOOL_CALL_NAME_MAX_CHARS = 64;
+const TOOL_CALL_NAME_RE = /^[A-Za-z0-9_-]+$/;
 function isToolCallBlock(block) {
     if (!block || typeof block !== "object") {
         return false;
@@ -18,8 +20,37 @@ function hasNonEmptyStringField(value) {
 function hasToolCallId(block) {
     return hasNonEmptyStringField(block.id);
 }
-function hasToolCallName(block) {
-    return hasNonEmptyStringField(block.name);
+function normalizeAllowedToolNames(allowedToolNames) {
+    if (!allowedToolNames) {
+        return null;
+    }
+    const normalized = new Set();
+    for (const name of allowedToolNames) {
+        if (typeof name !== "string") {
+            continue;
+        }
+        const trimmed = name.trim();
+        if (trimmed) {
+            normalized.add(trimmed.toLowerCase());
+        }
+    }
+    return normalized.size > 0 ? normalized : null;
+}
+function hasToolCallName(block, allowedToolNames) {
+    if (typeof block.name !== "string") {
+        return false;
+    }
+    const trimmed = block.name.trim();
+    if (!trimmed || trimmed !== block.name) {
+        return false;
+    }
+    if (trimmed.length > TOOL_CALL_NAME_MAX_CHARS || !TOOL_CALL_NAME_RE.test(trimmed)) {
+        return false;
+    }
+    if (!allowedToolNames) {
+        return true;
+    }
+    return allowedToolNames.has(trimmed.toLowerCase());
 }
 function makeMissingToolResult(params) {
     return {
@@ -55,11 +86,12 @@ export function stripToolResultDetails(messages) {
     }
     return touched ? out : messages;
 }
-export function repairToolCallInputs(messages) {
+export function repairToolCallInputs(messages, options) {
     let droppedToolCalls = 0;
     let droppedAssistantMessages = 0;
     let changed = false;
     const out = [];
+    const allowedToolNames = normalizeAllowedToolNames(options?.allowedToolNames);
     for (const msg of messages) {
         if (!msg || typeof msg !== "object") {
             out.push(msg);
@@ -73,7 +105,9 @@ export function repairToolCallInputs(messages) {
         let droppedInMessage = 0;
         for (const block of msg.content) {
             if (isToolCallBlock(block) &&
-                (!hasToolCallInput(block) || !hasToolCallId(block) || !hasToolCallName(block))) {
+                (!hasToolCallInput(block) ||
+                    !hasToolCallId(block) ||
+                    !hasToolCallName(block, allowedToolNames))) {
                 droppedToolCalls += 1;
                 droppedInMessage += 1;
                 changed = true;
@@ -98,8 +132,8 @@ export function repairToolCallInputs(messages) {
         droppedAssistantMessages,
     };
 }
-export function sanitizeToolCallInputs(messages) {
-    return repairToolCallInputs(messages).messages;
+export function sanitizeToolCallInputs(messages, options) {
+    return repairToolCallInputs(messages, options).messages;
 }
 export function sanitizeToolUseResultPairing(messages) {
     return repairToolUseResultPairing(messages).messages;

package/dist/agents/skills/bundled-dir.js

@@ -1,6 +1,7 @@
 import fs from "node:fs";
 import path from "node:path";
 import { fileURLToPath } from "node:url";
+import { resolvePoolBotPackageRootSync } from "../../infra/poolbot-root.js";
 function looksLikeSkillsDir(dir) {
     try {
         const entries = fs.readdirSync(dir, { withFileTypes: true });
@@ -25,17 +26,18 @@ function looksLikeSkillsDir(dir) {
     return false;
 }
 export function resolveBundledSkillsDir(opts = {}) {
-    const override = process.env.POOLBOT_BUNDLED_SKILLS_DIR?.trim() ||
-        process.env.CLAWDBOT_BUNDLED_SKILLS_DIR?.trim();
-    if (override)
+    const override = process.env.POOLBOT_BUNDLED_SKILLS_DIR?.trim();
+    if (override) {
         return override;
+    }
     // bun --compile: ship a sibling `skills/` next to the executable.
     try {
         const execPath = opts.execPath ?? process.execPath;
         const execDir = path.dirname(execPath);
         const sibling = path.join(execDir, "skills");
-        if (fs.existsSync(sibling))
+        if (fs.existsSync(sibling)) {
             return sibling;
+        }
     }
     catch {
         // ignore
@@ -44,7 +46,19 @@ export function resolveBundledSkillsDir(opts = {}) {
     try {
         const moduleUrl = opts.moduleUrl ?? import.meta.url;
         const moduleDir = path.dirname(fileURLToPath(moduleUrl));
-        // Walk up from this module to find the package root containing skills/
+        const argv1 = opts.argv1 ?? process.argv[1];
+        const cwd = opts.cwd ?? process.cwd();
+        const packageRoot = resolvePoolBotPackageRootSync({
+            argv1,
+            moduleUrl,
+            cwd,
+        });
+        if (packageRoot) {
+            const candidate = path.join(packageRoot, "skills");
+            if (looksLikeSkillsDir(candidate)) {
+                return candidate;
+            }
+        }
         let current = moduleDir;
         for (let depth = 0; depth < 6; depth += 1) {
             const candidate = path.join(current, "skills");

package/dist/agents/skills/env-overrides.js

@@ -1,67 +1,148 @@
+import { isDangerousHostEnvVarName } from "../../infra/host-env-security.js";
+import { createSubsystemLogger } from "../../logging/subsystem.js";
+import { sanitizeEnvVars, validateEnvVarValue } from "../sandbox/sanitize-env-vars.js";
 import { resolveSkillConfig } from "./config.js";
 import { resolveSkillKey } from "./frontmatter.js";
-export function applySkillEnvOverrides(params) {
-    const { skills, config } = params;
-    const updates = [];
-    for (const entry of skills) {
-        const skillKey = resolveSkillKey(entry.skill, entry);
-        const skillConfig = resolveSkillConfig(config, skillKey);
-        if (!skillConfig)
+const log = createSubsystemLogger("env-overrides");
+// Always block skill env overrides that can alter runtime loading or host execution behavior.
+const SKILL_ALWAYS_BLOCKED_ENV_PATTERNS = [/^OPENSSL_CONF$/i];
+function matchesAnyPattern(value, patterns) {
+    return patterns.some((pattern) => pattern.test(value));
+}
+function isAlwaysBlockedSkillEnvKey(key) {
+    return (isDangerousHostEnvVarName(key) || matchesAnyPattern(key, SKILL_ALWAYS_BLOCKED_ENV_PATTERNS));
+}
+function sanitizeSkillEnvOverrides(params) {
+    if (Object.keys(params.overrides).length === 0) {
+        return { allowed: {}, blocked: [], warnings: [] };
+    }
+    const result = sanitizeEnvVars(params.overrides);
+    const allowed = {};
+    const blocked = new Set();
+    const warnings = [...result.warnings];
+    for (const [key, value] of Object.entries(result.allowed)) {
+        if (isAlwaysBlockedSkillEnvKey(key)) {
+            blocked.add(key);
+            continue;
+        }
+        allowed[key] = value;
+    }
+    for (const key of result.blocked) {
+        if (isAlwaysBlockedSkillEnvKey(key) || !params.allowedSensitiveKeys.has(key)) {
+            blocked.add(key);
             continue;
-        if (skillConfig.env) {
-            for (const [envKey, envValue] of Object.entries(skillConfig.env)) {
-                if (!envValue || process.env[envKey])
-                    continue;
-                updates.push({ key: envKey, prev: process.env[envKey] });
-                process.env[envKey] = envValue;
+        }
+        const value = params.overrides[key];
+        if (!value) {
+            continue;
+        }
+        const warning = validateEnvVarValue(value);
+        if (warning) {
+            if (warning === "Contains null bytes") {
+                blocked.add(key);
+                continue;
+            }
+            warnings.push(`${key}: ${warning}`);
+        }
+        allowed[key] = value;
+    }
+    return { allowed, blocked: [...blocked], warnings };
+}
+function applySkillConfigEnvOverrides(params) {
+    const { updates, skillConfig, primaryEnv, requiredEnv, skillKey } = params;
+    const allowedSensitiveKeys = new Set();
+    const normalizedPrimaryEnv = primaryEnv?.trim();
+    if (normalizedPrimaryEnv) {
+        allowedSensitiveKeys.add(normalizedPrimaryEnv);
+    }
+    for (const envName of requiredEnv ?? []) {
+        const trimmedEnv = envName.trim();
+        if (trimmedEnv) {
+            allowedSensitiveKeys.add(trimmedEnv);
+        }
+    }
+    const pendingOverrides = {};
+    if (skillConfig.env) {
+        for (const [rawKey, envValue] of Object.entries(skillConfig.env)) {
+            const envKey = rawKey.trim();
+            if (!envKey || !envValue || process.env[envKey]) {
+                continue;
             }
+            pendingOverrides[envKey] = envValue;
         }
-        const primaryEnv = entry.metadata?.primaryEnv;
-        if (primaryEnv && skillConfig.apiKey && !process.env[primaryEnv]) {
-            updates.push({ key: primaryEnv, prev: process.env[primaryEnv] });
-            process.env[primaryEnv] = skillConfig.apiKey;
+    }
+    if (normalizedPrimaryEnv && skillConfig.apiKey && !process.env[normalizedPrimaryEnv]) {
+        if (!pendingOverrides[normalizedPrimaryEnv]) {
+            pendingOverrides[normalizedPrimaryEnv] = skillConfig.apiKey;
+        }
+    }
+    const sanitized = sanitizeSkillEnvOverrides({
+        overrides: pendingOverrides,
+        allowedSensitiveKeys,
+    });
+    if (sanitized.blocked.length > 0) {
+        log.warn(`Blocked skill env overrides for ${skillKey}: ${sanitized.blocked.join(", ")}`);
+    }
+    if (sanitized.warnings.length > 0) {
+        log.warn(`Suspicious skill env overrides for ${skillKey}: ${sanitized.warnings.join(", ")}`);
+    }
+    for (const [envKey, envValue] of Object.entries(sanitized.allowed)) {
+        if (process.env[envKey]) {
+            continue;
         }
+        updates.push({ key: envKey, prev: process.env[envKey] });
+        process.env[envKey] = envValue;
     }
+}
+function createEnvReverter(updates) {
     return () => {
         for (const update of updates) {
-            if (update.prev === undefined)
+            if (update.prev === undefined) {
                 delete process.env[update.key];
-            else
+            }
+            else {
                 process.env[update.key] = update.prev;
+            }
         }
     };
 }
+export function applySkillEnvOverrides(params) {
+    const { skills, config } = params;
+    const updates = [];
+    for (const entry of skills) {
+        const skillKey = resolveSkillKey(entry.skill, entry);
+        const skillConfig = resolveSkillConfig(config, skillKey);
+        if (!skillConfig) {
+            continue;
+        }
+        applySkillConfigEnvOverrides({
+            updates,
+            skillConfig,
+            primaryEnv: entry.metadata?.primaryEnv,
+            requiredEnv: entry.metadata?.requires?.env,
+            skillKey,
+        });
+    }
+    return createEnvReverter(updates);
+}
 export function applySkillEnvOverridesFromSnapshot(params) {
     const { snapshot, config } = params;
-    if (!snapshot)
+    if (!snapshot) {
         return () => { };
+    }
     const updates = [];
     for (const skill of snapshot.skills) {
         const skillConfig = resolveSkillConfig(config, skill.name);
-        if (!skillConfig)
+        if (!skillConfig) {
             continue;
-        if (skillConfig.env) {
-            for (const [envKey, envValue] of Object.entries(skillConfig.env)) {
-                if (!envValue || process.env[envKey])
-                    continue;
-                updates.push({ key: envKey, prev: process.env[envKey] });
-                process.env[envKey] = envValue;
-            }
-        }
-        if (skill.primaryEnv && skillConfig.apiKey && !process.env[skill.primaryEnv]) {
-            updates.push({
-                key: skill.primaryEnv,
-                prev: process.env[skill.primaryEnv],
-            });
-            process.env[skill.primaryEnv] = skillConfig.apiKey;
         }
+        applySkillConfigEnvOverrides({
+            updates,
+            skillConfig,
+            primaryEnv: skill.primaryEnv,
+            requiredEnv: skill.requiredEnv,
+            skillKey: skill.name,
+        });
     }
-    return () => {
-        for (const update of updates) {
-            if (update.prev === undefined)
-                delete process.env[update.key];
-            else
-                process.env[update.key] = update.prev;
-        }
-    };
+    return createEnvReverter(updates);
 }

package/dist/agents/skills/frontmatter.js

@@ -1,10 +1,10 @@
 import { parseFrontmatterBlock } from "../../markdown/frontmatter.js";
-import { getFrontmatterString, normalizeStringList, parsePoolbotManifestInstallBase, parseFrontmatterBool, resolvePoolbotManifestBlock, resolvePoolbotManifestInstall, resolvePoolbotManifestOs, resolvePoolbotManifestRequires, } from "../../shared/frontmatter.js";
+import { getFrontmatterString, normalizeStringList, parsePoolBotManifestInstallBase, parseFrontmatterBool, resolvePoolBotManifestBlock, resolvePoolBotManifestInstall, resolvePoolBotManifestOs, resolvePoolBotManifestRequires, } from "../../shared/frontmatter.js";
 export function parseFrontmatter(content) {
     return parseFrontmatterBlock(content);
 }
 function parseInstallSpec(input) {
-    const parsed = parsePoolbotManifestInstallBase(input, ["brew", "node", "go", "uv", "download"]);
+    const parsed = parsePoolBotManifestInstallBase(input, ["brew", "node", "go", "uv", "download"]);
     if (!parsed) {
         return undefined;
     }
@@ -52,13 +52,13 @@ function parseInstallSpec(input) {
     return spec;
 }
 export function resolvePoolbotMetadata(frontmatter) {
-    const metadataObj = resolvePoolbotManifestBlock({ frontmatter });
+    const metadataObj = resolvePoolBotManifestBlock({ frontmatter });
     if (!metadataObj) {
         return undefined;
     }
-    const requires = resolvePoolbotManifestRequires(metadataObj);
-    const install = resolvePoolbotManifestInstall(metadataObj, parseInstallSpec);
-    const osRaw = resolvePoolbotManifestOs(metadataObj);
+    const requires = resolvePoolBotManifestRequires(metadataObj);
+    const install = resolvePoolBotManifestInstall(metadataObj, parseInstallSpec);
+    const osRaw = resolvePoolBotManifestOs(metadataObj);
     return {
         always: typeof metadataObj.always === "boolean" ? metadataObj.always : undefined,
         emoji: typeof metadataObj.emoji === "string" ? metadataObj.emoji : undefined,

package/dist/agents/skills/plugin-skills.js

@@ -6,47 +6,54 @@ import { loadPluginManifestRegistry } from "../../plugins/manifest-registry.js";
 const log = createSubsystemLogger("skills");
 export function resolvePluginSkillDirs(params) {
     const workspaceDir = params.workspaceDir.trim();
-    if (!workspaceDir)
+    if (!workspaceDir) {
         return [];
+    }
     const registry = loadPluginManifestRegistry({
         workspaceDir,
         config: params.config,
     });
-    if (registry.plugins.length === 0)
+    if (registry.plugins.length === 0) {
         return [];
+    }
     const normalizedPlugins = normalizePluginsConfig(params.config?.plugins);
     const memorySlot = normalizedPlugins.slots.memory;
     let selectedMemoryPluginId = null;
     const seen = new Set();
     const resolved = [];
     for (const record of registry.plugins) {
-        if (!record.skills || record.skills.length === 0)
+        if (!record.skills || record.skills.length === 0) {
             continue;
+        }
         const enableState = resolveEnableState(record.id, record.origin, normalizedPlugins);
-        if (!enableState.enabled)
+        if (!enableState.enabled) {
             continue;
+        }
         const memoryDecision = resolveMemorySlotDecision({
             id: record.id,
             kind: record.kind,
             slot: memorySlot,
             selectedId: selectedMemoryPluginId,
         });
-        if (!memoryDecision.enabled)
+        if (!memoryDecision.enabled) {
             continue;
+        }
         if (memoryDecision.selected && record.kind === "memory") {
             selectedMemoryPluginId = record.id;
         }
         for (const raw of record.skills) {
             const trimmed = raw.trim();
-            if (!trimmed)
+            if (!trimmed) {
                 continue;
+            }
             const candidate = path.resolve(record.rootDir, trimmed);
             if (!fs.existsSync(candidate)) {
                 log.warn(`plugin skill path not found (${record.id}): ${candidate}`);
                 continue;
             }
-            if (seen.has(candidate))
+            if (seen.has(candidate)) {
                 continue;
+            }
             seen.add(candidate);
             resolved.push(candidate);
         }

package/dist/agents/skills/workspace.js

@@ -391,6 +391,7 @@ export function buildWorkspaceSkillSnapshot(workspaceDir, opts) {
         skills: eligible.map((entry) => ({
             name: entry.skill.name,
             primaryEnv: entry.metadata?.primaryEnv,
+            requiredEnv: entry.metadata?.requires?.env?.slice(),
         })),
         ...(skillFilter === undefined ? {} : { skillFilter }),
         resolvedSkills,

package/dist/agents/skills.test-helpers.js

@@ -0,0 +1,13 @@
+import fs from "node:fs/promises";
+import path from "node:path";
+export async function writeSkill(params) {
+    const { dir, name, description, body } = params;
+    await fs.mkdir(dir, { recursive: true });
+    await fs.writeFile(path.join(dir, "SKILL.md"), `---
+name: ${name}
+description: ${description}
+---
+
+${body ?? `# ${name}\n`}
+`, "utf-8");
+}

package/dist/agents/stable-stringify.js

@@ -0,0 +1,12 @@
+export function stableStringify(value) {
+    if (value === null || typeof value !== "object") {
+        return JSON.stringify(value) ?? "null";
+    }
+    if (Array.isArray(value)) {
+        return `[${value.map((entry) => stableStringify(entry)).join(",")}]`;
+    }
+    const record = value;
+    const keys = Object.keys(record).toSorted();
+    const entries = keys.map((key) => `${JSON.stringify(key)}:${stableStringify(record[key])}`);
+    return `{${entries.join(",")}}`;
+}