npm - @poolzin/pool-bot - Versions diffs - 2026.2.24 → 2026.2.26 - Mend

@poolzin/pool-bot 2026.2.24 → 2026.2.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (646) hide show

package/CHANGELOG.md +21 -0
package/dist/acp/client.js +207 -18
package/dist/acp/event-mapper.js +87 -22
package/dist/acp/meta.js +12 -6
package/dist/acp/secret-file.js +22 -0
package/dist/agents/agent-paths.js +8 -9
package/dist/agents/agent-scope.js +17 -5
package/dist/agents/auth-profiles/oauth.js +148 -64
package/dist/agents/auth-profiles/session-override.js +13 -7
package/dist/agents/bash-process-registry.test-helpers.js +29 -0
package/dist/agents/bash-tools.exec-approval-request.js +20 -0
package/dist/agents/bash-tools.exec-host-gateway.js +240 -0
package/dist/agents/bash-tools.exec-host-node.js +235 -0
package/dist/agents/bash-tools.exec-runtime.js +2 -25
package/dist/agents/bash-tools.exec-types.js +1 -0
package/dist/agents/bash-tools.process.js +224 -218
package/dist/agents/bedrock-discovery.js +3 -1
package/dist/agents/byteplus-models.js +97 -0
package/dist/agents/chutes-oauth.js +1 -0
package/dist/agents/cli-runner/helpers.js +4 -0
package/dist/agents/compaction.js +41 -14
package/dist/agents/content-blocks.js +16 -0
package/dist/agents/doubao-models.js +121 -0
package/dist/agents/failover-error.js +2 -0
package/dist/agents/huggingface-models.js +5 -3
package/dist/agents/live-model-filter.js +5 -0
package/dist/agents/minimax-vlm.js +10 -8
package/dist/agents/model-auth.js +6 -0
package/dist/agents/model-catalog.js +3 -1
package/dist/agents/model-fallback.js +96 -101
package/dist/agents/model-selection.js +7 -1
package/dist/agents/models-config.providers.js +364 -165
package/dist/agents/ollama-stream.js +117 -4
package/dist/agents/opencode-zen-models.js +22 -11
package/dist/agents/pi-embedded-helpers/errors.js +55 -33
package/dist/agents/pi-embedded-helpers/messaging-dedupe.js +10 -5
package/dist/agents/pi-embedded-helpers/thinking.js +10 -5
package/dist/agents/pi-embedded-helpers.js +1 -1
package/dist/agents/pi-embedded-payloads.js +1 -0
package/dist/agents/pi-embedded-runner/compact.js +29 -7
package/dist/agents/pi-embedded-runner/extensions.js +28 -26
package/dist/agents/pi-embedded-runner/google.js +20 -8
package/dist/agents/pi-embedded-runner/run/attempt.js +95 -36
package/dist/agents/pi-embedded-runner/run.js +71 -12
package/dist/agents/pi-embedded-runner/run.overflow-compaction.fixture.js +34 -0
package/dist/agents/pi-embedded-runner/run.overflow-compaction.mocks.shared.js +11 -2
package/dist/agents/pi-embedded-runner/session-manager-cache.js +11 -7
package/dist/agents/pi-embedded-runner/system-prompt.js +2 -0
package/dist/agents/pi-embedded-runner/thinking.js +42 -0
package/dist/agents/pi-embedded-runner/tool-name-allowlist.js +19 -0
package/dist/agents/pi-embedded-runner/utils.js +7 -10
package/dist/agents/pi-embedded-subscribe.handlers.lifecycle.js +45 -56
package/dist/agents/pi-embedded-subscribe.handlers.tools.js +2 -2
package/dist/agents/pi-embedded-subscribe.js +9 -4
package/dist/agents/pi-embedded-subscribe.tools.js +68 -14
package/dist/agents/pi-embedded-utils.js +3 -0
package/dist/agents/pi-extensions/compaction-safeguard-runtime.js +4 -20
package/dist/agents/pi-extensions/compaction-safeguard.js +75 -33
package/dist/agents/pi-settings.js +40 -0
package/dist/agents/pi-tools.policy.js +2 -1
package/dist/agents/provider/config-loader.js +1 -1
package/dist/agents/sandbox/browser.js +170 -33
package/dist/agents/sandbox/config-hash.js +14 -27
package/dist/agents/sandbox/config.js +21 -2
package/dist/agents/sandbox/constants.js +2 -0
package/dist/agents/sandbox/docker.js +16 -2
package/dist/agents/sandbox/novnc-auth.js +62 -0
package/dist/agents/sandbox/sanitize-env-vars.js +1 -1
package/dist/agents/sandbox/shared.js +10 -6
package/dist/agents/sandbox-paths.js +24 -11
package/dist/agents/schema/clean-for-gemini.js +132 -85
package/dist/agents/session-slug.js +10 -5
package/dist/agents/session-tool-result-guard-wrapper.js +1 -0
package/dist/agents/session-tool-result-guard.js +3 -1
package/dist/agents/session-transcript-repair.js +40 -6
package/dist/agents/skills/bundled-dir.js +19 -5
package/dist/agents/skills/env-overrides.js +124 -43
package/dist/agents/skills/frontmatter.js +6 -6
package/dist/agents/skills/plugin-skills.js +14 -7
package/dist/agents/skills/workspace.js +1 -0
package/dist/agents/skills.test-helpers.js +13 -0
package/dist/agents/stable-stringify.js +12 -0
package/dist/agents/subagent-announce.js +251 -49
package/dist/agents/subagent-lifecycle-events.js +19 -0
package/dist/agents/subagent-registry-cleanup.js +31 -0
package/dist/agents/subagent-registry-completion.js +68 -0
package/dist/agents/subagent-registry-queries.js +117 -0
package/dist/agents/subagent-registry-state.js +46 -0
package/dist/agents/subagent-registry.js +252 -221
package/dist/agents/subagent-registry.mocks.shared.js +12 -0
package/dist/agents/subagent-registry.store.js +1 -0
package/dist/agents/subagent-registry.types.js +1 -0
package/dist/agents/subagent-spawn.js +195 -7
package/dist/agents/system-prompt.js +22 -6
package/dist/agents/test-helpers/assistant-message-fixtures.js +29 -0
package/dist/agents/test-helpers/fast-coding-tools.js +1 -18
package/dist/agents/test-helpers/fast-core-tools.js +1 -17
package/dist/agents/test-helpers/pi-tools-sandbox-context.js +27 -0
package/dist/agents/timeout.js +18 -6
package/dist/agents/tool-call-id.js +1 -1
package/dist/agents/tool-display-common.js +162 -29
package/dist/agents/tool-images.js +82 -9
package/dist/agents/tool-policy-shared.js +108 -0
package/dist/agents/tool-policy.js +51 -26
package/dist/agents/tools/browser-tool.js +160 -54
package/dist/agents/tools/canvas-tool.js +27 -1
package/dist/agents/tools/common.js +45 -0
package/dist/agents/tools/cron-tool.test-helpers.js +12 -0
package/dist/agents/tools/discord-actions-guild.js +4 -1
package/dist/agents/tools/discord-actions-moderation-shared.js +27 -0
package/dist/agents/tools/gateway-tool.js +3 -1
package/dist/agents/tools/image-tool.js +214 -99
package/dist/agents/tools/nodes-utils.js +1 -10
package/dist/agents/tools/sessions-history-tool.js +140 -108
package/dist/agents/tools/sessions-send-helpers.js +12 -6
package/dist/agents/tools/sessions-spawn-tool.js +8 -2
package/dist/agents/tools/subagents-tool.js +2 -1
package/dist/agents/tools/whatsapp-actions.js +10 -2
package/dist/agents/tools/whatsapp-target-auth.js +18 -0
package/dist/agents/transcript-policy.js +22 -8
package/dist/agents/venice-models.js +11 -3
package/dist/agents/workspace.js +222 -46
package/dist/auto-reply/commands-registry.data.js +51 -0
package/dist/auto-reply/commands-registry.js +19 -21
package/dist/auto-reply/fallback-state.js +114 -0
package/dist/auto-reply/group-activation.js +10 -5
package/dist/auto-reply/inbound-debounce.js +10 -5
package/dist/auto-reply/model-runtime.js +68 -0
package/dist/auto-reply/reply/abort.js +1 -1
package/dist/auto-reply/reply/agent-runner-execution.js +40 -5
package/dist/auto-reply/reply/agent-runner.js +165 -39
package/dist/auto-reply/reply/bash-command.js +41 -39
package/dist/auto-reply/reply/command-gates.js +25 -0
package/dist/auto-reply/reply/commands-allowlist.js +111 -72
package/dist/auto-reply/reply/commands-bash.js +6 -5
package/dist/auto-reply/reply/commands-config.js +30 -28
package/dist/auto-reply/reply/commands-core.js +2 -1
package/dist/auto-reply/reply/commands-info.js +1 -0
package/dist/auto-reply/reply/commands-models.js +65 -14
package/dist/auto-reply/reply/commands-session.js +237 -82
package/dist/auto-reply/reply/commands-setunset-standard.js +13 -0
package/dist/auto-reply/reply/commands-setunset.js +45 -0
package/dist/auto-reply/reply/commands-subagents/action-agents.js +44 -0
package/dist/auto-reply/reply/commands-subagents/action-focus.js +64 -0
package/dist/auto-reply/reply/commands-subagents/action-help.js +4 -0
package/dist/auto-reply/reply/commands-subagents/action-info.js +45 -0
package/dist/auto-reply/reply/commands-subagents/action-kill.js +60 -0
package/dist/auto-reply/reply/commands-subagents/action-list.js +44 -0
package/dist/auto-reply/reply/commands-subagents/action-log.js +29 -0
package/dist/auto-reply/reply/commands-subagents/action-send.js +119 -0
package/dist/auto-reply/reply/commands-subagents/action-spawn.js +52 -0
package/dist/auto-reply/reply/commands-subagents/action-unfocus.js +30 -0
package/dist/auto-reply/reply/commands-subagents/shared.js +303 -0
package/dist/auto-reply/reply/commands-subagents.js +51 -587
package/dist/auto-reply/reply/commands-tts.js +10 -5
package/dist/auto-reply/reply/config-value.js +10 -5
package/dist/auto-reply/reply/directive-handling.model-picker.js +12 -6
package/dist/auto-reply/reply/directive-handling.persist.js +9 -21
package/dist/auto-reply/reply/directive-handling.shared.js +24 -4
package/dist/auto-reply/reply/followup-runner.js +1 -0
package/dist/auto-reply/reply/get-reply-directives-utils.js +23 -14
package/dist/auto-reply/reply/get-reply-directives.js +17 -28
package/dist/auto-reply/reply/get-reply-inline-actions.js +1 -0
package/dist/auto-reply/reply/get-reply.js +71 -12
package/dist/auto-reply/reply/model-selection.js +80 -39
package/dist/auto-reply/reply/queue/enqueue.js +10 -5
package/dist/auto-reply/reply/queue/state.js +13 -12
package/dist/auto-reply/reply/reply-payloads.js +67 -36
package/dist/auto-reply/reply/reply-reference.js +9 -8
package/dist/auto-reply/reply/route-reply.js +15 -8
package/dist/auto-reply/reply/session-reset-prompt.js +1 -1
package/dist/auto-reply/reply/session.js +22 -6
package/dist/auto-reply/reply/strip-inbound-meta.js +147 -0
package/dist/auto-reply/reply/subagents-utils.js +56 -30
package/dist/auto-reply/reply/typing.js +46 -21
package/dist/auto-reply/send-policy.js +14 -7
package/dist/auto-reply/status.js +140 -16
package/dist/auto-reply/templating.js +10 -5
package/dist/auto-reply/thinking.js +7 -16
package/dist/auto-reply/tokens.js +21 -5
package/dist/browser/bridge-server.js +36 -20
package/dist/browser/cdp.helpers.js +7 -14
package/dist/browser/cdp.js +35 -15
package/dist/browser/chrome.profile-decoration.js +7 -4
package/dist/browser/config.js +30 -0
package/dist/browser/extension-relay-auth.js +55 -0
package/dist/browser/extension-relay.js +74 -29
package/dist/browser/navigation-guard.js +39 -0
package/dist/browser/paths.js +77 -0
package/dist/browser/profiles.js +13 -8
package/dist/browser/pw-ai-module.js +10 -5
package/dist/browser/pw-session.js +76 -39
package/dist/browser/pw-tools-core.interactions.js +14 -7
package/dist/browser/pw-tools-core.state.js +12 -6
package/dist/browser/routes/agent.act.js +431 -424
package/dist/browser/routes/agent.shared.js +47 -3
package/dist/browser/routes/agent.snapshot.js +122 -116
package/dist/browser/routes/agent.storage.js +303 -297
package/dist/browser/routes/tabs.js +154 -100
package/dist/browser/server-context.js +7 -0
package/dist/browser/server-lifecycle.js +37 -0
package/dist/build-info.json +3 -3
package/dist/channels/allow-from.js +26 -0
package/dist/channels/allowlists/resolve-utils.js +43 -19
package/dist/channels/channel-config.js +14 -7
package/dist/channels/draft-stream-loop.js +7 -0
package/dist/channels/model-overrides.js +82 -0
package/dist/channels/plugins/account-action-gate.js +13 -0
package/dist/channels/plugins/message-actions.js +10 -0
package/dist/channels/plugins/normalize/imessage.js +14 -7
package/dist/channels/plugins/normalize/slack.js +10 -5
package/dist/channels/plugins/normalize/telegram.js +14 -7
package/dist/channels/plugins/outbound/discord.js +80 -8
package/dist/channels/plugins/outbound/signal.js +11 -11
package/dist/channels/plugins/setup-helpers.js +10 -5
package/dist/channels/sender-label.js +14 -7
package/dist/channels/session.js +4 -2
package/dist/channels/status-reactions.js +297 -0
package/dist/channels/telegram/api.js +18 -0
package/dist/cli/argv.js +84 -21
package/dist/cli/banner.js +3 -2
package/dist/cli/browser-cli-actions-input/register.files-downloads.js +65 -56
package/dist/cli/cli-name.js +11 -11
package/dist/cli/cli-utils.js +13 -3
package/dist/cli/command-format.js +1 -1
package/dist/cli/config-cli.js +1 -1
package/dist/cli/daemon-cli/lifecycle-core.js +31 -19
package/dist/cli/daemon-cli/lifecycle.js +64 -2
package/dist/cli/daemon-cli/restart-health.js +126 -0
package/dist/cli/daemon-cli/status.gather.js +9 -13
package/dist/cli/daemon-cli/status.print.js +2 -10
package/dist/cli/deps.js +27 -22
package/dist/cli/exec-approvals-cli.js +92 -124
package/dist/cli/gateway-cli/run-loop.js +23 -5
package/dist/cli/memory-cli.js +158 -61
package/dist/cli/node-cli/register.js +14 -5
package/dist/cli/nodes-cli/register.push.js +63 -0
package/dist/cli/nodes-media-utils.js +26 -0
package/dist/cli/outbound-send-deps.js +2 -9
package/dist/cli/outbound-send-mapping.js +11 -0
package/dist/cli/pairing-cli.js +40 -14
package/dist/cli/plugins-cli.js +250 -73
package/dist/cli/ports.js +11 -10
package/dist/cli/program/build-program.js +3 -1
package/dist/cli/program/command-registry.js +214 -136
package/dist/cli/program/command-tree.js +16 -0
package/dist/cli/program/help.js +43 -12
package/dist/cli/program/preaction.js +13 -9
package/dist/cli/program/register.configure.js +3 -18
package/dist/cli/program/register.maintenance.js +2 -2
package/dist/cli/program/register.onboard.js +2 -0
package/dist/cli/program/register.status-health-sessions.js +16 -17
package/dist/cli/program/register.subclis.js +93 -52
package/dist/cli/route.js +12 -8
package/dist/cli/system-cli.js +36 -46
package/dist/cli/test-runtime-capture.js +24 -0
package/dist/cli/update-cli/shared.js +22 -9
package/dist/cli/update-cli/update-command.js +89 -14
package/dist/cli/update-cli/wizard.js +6 -12
package/dist/commands/agent/run-context.js +18 -5
package/dist/commands/agent/session-store.js +17 -4
package/dist/commands/agent.js +185 -89
package/dist/commands/agents.bindings.js +14 -7
package/dist/commands/agents.commands.add.js +13 -9
package/dist/commands/agents.commands.identity.js +12 -6
package/dist/commands/agents.commands.list.js +11 -6
package/dist/commands/agents.config.js +8 -10
package/dist/commands/agents.providers.js +12 -6
package/dist/commands/auth-choice-options.js +103 -75
package/dist/commands/auth-choice.apply.byteplus.js +55 -0
package/dist/commands/auth-choice.apply.js +4 -0
package/dist/commands/auth-choice.apply.minimax.js +61 -13
package/dist/commands/auth-choice.apply.openai.js +3 -1
package/dist/commands/auth-choice.apply.volcengine.js +55 -0
package/dist/commands/auth-choice.preferred-provider.js +2 -0
package/dist/commands/channels/remove.js +13 -6
package/dist/commands/channels/shared.js +4 -14
package/dist/commands/channels.mock-harness.js +23 -0
package/dist/commands/configure.commands.js +14 -0
package/dist/commands/configure.gateway.js +2 -4
package/dist/commands/configure.js +1 -1
package/dist/commands/configure.shared.js +11 -0
package/dist/commands/daemon-install-helpers.js +2 -2
package/dist/commands/daemon-install-runtime-warning.js +11 -0
package/dist/commands/dashboard.js +12 -10
package/dist/commands/docs.js +14 -8
package/dist/commands/doctor-config-flow.js +11 -9
package/dist/commands/doctor-legacy-config.js +281 -0
package/dist/commands/doctor-state-integrity.js +99 -23
package/dist/commands/doctor-update.js +12 -9
package/dist/commands/models/list.list-command.js +7 -5
package/dist/commands/models/set-image.js +2 -21
package/dist/commands/node-daemon-install-helpers.js +10 -8
package/dist/commands/onboard-auth.config-minimax.js +54 -80
package/dist/commands/onboard-auth.config-opencode.js +2 -18
package/dist/commands/onboard-auth.credentials.js +90 -13
package/dist/commands/onboard-auth.js +1 -1
package/dist/commands/onboard-auth.models.js +6 -5
package/dist/commands/onboard-hooks.js +1 -1
package/dist/commands/onboard-non-interactive/api-keys.js +14 -7
package/dist/commands/onboard-non-interactive/local/auth-choice.js +64 -49
package/dist/commands/onboard-provider-auth-flags.js +14 -0
package/dist/commands/onboard-remote.js +14 -7
package/dist/commands/onboard.js +11 -13
package/dist/commands/sandbox-display.js +6 -5
package/dist/commands/sessions.test-helpers.js +61 -0
package/dist/commands/status-all/diagnosis.js +14 -10
package/dist/commands/status-all/format.js +1 -0
package/dist/commands/status.gateway-probe.js +1 -16
package/dist/commands/systemd-linger.js +12 -6
package/dist/config/agent-limits.js +2 -0
package/dist/config/commands.js +32 -15
package/dist/config/config-paths.js +9 -11
package/dist/config/config.js +1 -1
package/dist/config/defaults.js +22 -2
package/dist/config/discord-preview-streaming.js +104 -0
package/dist/config/env-substitution.js +62 -34
package/dist/config/env-vars.js +45 -7
package/dist/config/includes.js +4 -0
package/dist/config/io.js +656 -171
package/dist/config/legacy.migrations.part-1.js +189 -78
package/dist/config/legacy.shared.js +3 -1
package/dist/config/merge-patch.js +54 -4
package/dist/config/prototype-keys.js +4 -0
package/dist/config/redact-snapshot.js +404 -76
package/dist/config/schema.help.js +44 -7
package/dist/config/schema.js +58 -570
package/dist/config/schema.labels.js +38 -6
package/dist/config/sessions/delivery-info.js +10 -3
package/dist/config/sessions/main-session.js +10 -5
package/dist/config/sessions/session-file.js +33 -0
package/dist/config/sessions/session-key.js +10 -5
package/dist/config/sessions/store.js +1 -1
package/dist/config/sessions.js +1 -0
package/dist/config/validation.js +140 -85
package/dist/config/zod-schema.agent-runtime.js +11 -0
package/dist/config/zod-schema.hooks.js +40 -11
package/dist/config/zod-schema.installs.js +20 -0
package/dist/config/zod-schema.js +156 -20
package/dist/config/zod-schema.providers-core.js +78 -4
package/dist/config/zod-schema.providers.js +6 -1
package/dist/config/zod-schema.session.js +41 -2
package/dist/cron/run-log.js +3 -0
package/dist/cron/schedule.js +21 -10
package/dist/cron/service/ops.js +35 -21
package/dist/cron/service/timer.js +116 -16
package/dist/cron/stagger.js +3 -1
package/dist/daemon/cmd-argv.js +21 -0
package/dist/daemon/cmd-set.js +58 -0
package/dist/daemon/service-types.js +1 -0
package/dist/discord/api.js +12 -6
package/dist/discord/draft-chunking.js +22 -0
package/dist/discord/draft-stream.js +124 -0
package/dist/discord/monitor/agent-components.js +1 -1
package/dist/discord/monitor/commands.js +5 -0
package/dist/discord/monitor/exec-approvals.js +357 -162
package/dist/discord/monitor/gateway-plugin.js +2 -1
package/dist/discord/monitor/listeners.js +37 -27
package/dist/discord/monitor/message-handler.js +4 -1
package/dist/discord/monitor/message-handler.preflight.js +65 -8
package/dist/discord/monitor/message-handler.process.js +246 -217
package/dist/discord/monitor/message-utils.js +143 -6
package/dist/discord/monitor/model-picker-preferences.js +143 -0
package/dist/discord/monitor/model-picker.js +651 -0
package/dist/discord/monitor/native-command.js +573 -16
package/dist/discord/monitor/provider.allowlist.js +223 -0
package/dist/discord/monitor/provider.js +275 -347
package/dist/discord/monitor/provider.lifecycle.js +100 -0
package/dist/discord/monitor/reply-delivery.js +123 -16
package/dist/discord/monitor/thread-bindings.discord-api.js +215 -0
package/dist/discord/monitor/thread-bindings.js +4 -0
package/dist/discord/monitor/thread-bindings.lifecycle.js +177 -0
package/dist/discord/monitor/thread-bindings.manager.js +423 -0
package/dist/discord/monitor/thread-bindings.messages.js +55 -0
package/dist/discord/monitor/thread-bindings.state.js +358 -0
package/dist/discord/monitor/thread-bindings.types.js +6 -0
package/dist/discord/resolve-users.js +33 -21
package/dist/discord/send.channels.js +15 -0
package/dist/discord/send.js +3 -2
package/dist/discord/send.outbound.js +82 -26
package/dist/discord/send.permissions.js +83 -30
package/dist/discord/send.reactions.js +8 -4
package/dist/discord/token.js +10 -5
package/dist/discord/voice/command.js +263 -0
package/dist/discord/voice/manager.js +531 -0
package/dist/gateway/auth.js +72 -13
package/dist/gateway/call.js +152 -83
package/dist/gateway/canvas-capability.js +75 -0
package/dist/gateway/client.js +28 -4
package/dist/gateway/config-reload.js +3 -4
package/dist/gateway/control-plane-audit.js +28 -0
package/dist/gateway/control-plane-rate-limit.js +53 -0
package/dist/gateway/control-ui.js +219 -96
package/dist/gateway/events.js +1 -0
package/dist/gateway/hooks-mapping.js +88 -38
package/dist/gateway/hooks.js +109 -54
package/dist/gateway/http-auth-helpers.js +3 -2
package/dist/gateway/http-common.js +22 -0
package/dist/gateway/http-endpoint-helpers.js +1 -0
package/dist/gateway/method-scopes.js +169 -0
package/dist/gateway/net.js +74 -9
package/dist/gateway/node-invoke-system-run-approval.js +14 -35
package/dist/gateway/node-registry.js +10 -5
package/dist/gateway/openai-http.js +1 -0
package/dist/gateway/openresponses-http.js +121 -110
package/dist/gateway/origin-check.js +1 -18
package/dist/gateway/probe-auth.js +2 -0
package/dist/gateway/protocol/index.js +4 -2
package/dist/gateway/protocol/schema/cron.js +1 -0
package/dist/gateway/protocol/schema/devices.js +1 -0
package/dist/gateway/protocol/schema/protocol-schemas.js +4 -1
package/dist/gateway/protocol/schema/push.js +18 -0
package/dist/gateway/protocol/schema/sessions.js +6 -0
package/dist/gateway/protocol/schema.js +1 -0
package/dist/gateway/role-policy.js +17 -0
package/dist/gateway/server/ws-connection/connect-policy.js +37 -0
package/dist/gateway/server/ws-connection/message-handler.js +175 -148
package/dist/gateway/server-chat.js +83 -25
package/dist/gateway/server-constants.js +10 -9
package/dist/gateway/server-cron.js +1 -0
package/dist/gateway/server-http.js +247 -54
package/dist/gateway/server-maintenance.js +20 -5
package/dist/gateway/server-methods/agent.js +162 -24
package/dist/gateway/server-methods/chat.js +465 -130
package/dist/gateway/server-methods/config.js +193 -152
package/dist/gateway/server-methods/devices.js +17 -3
package/dist/gateway/server-methods/models.js +11 -1
package/dist/gateway/server-methods/nodes.helpers.js +12 -0
package/dist/gateway/server-methods/nodes.js +251 -69
package/dist/gateway/server-methods/push.js +53 -0
package/dist/gateway/server-methods/sessions.js +64 -8
package/dist/gateway/server-methods/usage.js +162 -75
package/dist/gateway/server-node-events.js +29 -0
package/dist/gateway/server-reload-handlers.js +2 -3
package/dist/gateway/server-runtime-config.js +39 -13
package/dist/gateway/server-runtime-state.js +2 -0
package/dist/gateway/server-startup-memory.js +17 -11
package/dist/gateway/server-ws-runtime.js +1 -0
package/dist/gateway/server.impl.js +296 -139
package/dist/gateway/session-preview.test-helpers.js +11 -0
package/dist/gateway/session-utils.fs.js +32 -34
package/dist/gateway/sessions-resolve.js +17 -5
package/dist/gateway/startup-auth.js +126 -0
package/dist/gateway/test-helpers.agent-results.js +15 -0
package/dist/gateway/test-helpers.mocks.js +37 -14
package/dist/gateway/test-helpers.openai-mock.js +14 -7
package/dist/gateway/test-helpers.server.js +161 -77
package/dist/gateway/tools-invoke-http.js +21 -10
package/dist/hooks/bundled/bootstrap-extra-files/handler.js +3 -1
package/dist/hooks/bundled/command-logger/handler.js +7 -2
package/dist/hooks/bundled/session-memory/handler.js +170 -38
package/dist/hooks/frontmatter.js +6 -6
package/dist/hooks/gmail-watcher-lifecycle.js +23 -0
package/dist/hooks/gmail-watcher.js +11 -6
package/dist/hooks/internal-hooks.js +11 -1
package/dist/hooks/llm-slug-generator.js +4 -1
package/dist/hooks/workspace.js +47 -17
package/dist/imessage/accounts.js +9 -20
package/dist/imessage/monitor/inbound-processing.js +2 -1
package/dist/infra/archive-path.js +49 -0
package/dist/infra/archive.js +174 -73
package/dist/infra/control-ui-assets.js +14 -6
package/dist/infra/device-pairing.js +204 -144
package/dist/infra/env.js +10 -5
package/dist/infra/exec-approvals-allowlist.js +141 -70
package/dist/infra/exec-approvals-analysis.js +78 -20
package/dist/infra/exec-approvals.js +5 -17
package/dist/infra/exec-safe-bin-policy.js +277 -0
package/dist/infra/fixed-window-rate-limit.js +33 -0
package/dist/infra/fs-safe.js +71 -39
package/dist/infra/gateway-lock.js +6 -2
package/dist/infra/git-root.js +61 -0
package/dist/infra/heartbeat-active-hours.js +2 -2
package/dist/infra/heartbeat-reason.js +40 -0
package/dist/infra/heartbeat-runner.js +72 -32
package/dist/infra/heartbeat-wake.js +6 -12
package/dist/infra/host-env-security-policy.json +19 -0
package/dist/infra/host-env-security.js +66 -0
package/dist/infra/install-source-utils.js +91 -7
package/dist/infra/net/ssrf.js +131 -38
package/dist/infra/node-pairing.js +50 -105
package/dist/infra/npm-integrity.js +45 -0
package/dist/infra/npm-pack-install.js +40 -0
package/dist/infra/outbound/bound-delivery-router.js +88 -0
package/dist/infra/outbound/channel-adapters.js +20 -7
package/dist/infra/outbound/channel-selection.js +12 -6
package/dist/infra/outbound/envelope.js +1 -1
package/dist/infra/outbound/format.js +12 -6
package/dist/infra/outbound/message-action-runner.js +107 -327
package/dist/infra/outbound/message.js +59 -36
package/dist/infra/outbound/outbound-policy.js +52 -25
package/dist/infra/outbound/outbound-send-service.js +58 -71
package/dist/infra/outbound/payloads.js +14 -7
package/dist/infra/outbound/session-binding-service.js +123 -0
package/dist/infra/pairing-files.js +10 -0
package/dist/infra/path-guards.js +25 -0
package/dist/infra/plain-object.js +9 -0
package/dist/infra/provider-usage.fetch.codex.js +7 -15
package/dist/infra/provider-usage.fetch.gemini.js +14 -11
package/dist/infra/provider-usage.fetch.shared.js +30 -1
package/dist/infra/provider-usage.fetch.zai.js +10 -9
package/dist/infra/push-apns.js +365 -0
package/dist/infra/restart-sentinel.js +16 -1
package/dist/infra/restart.js +229 -26
package/dist/infra/retry-policy.js +4 -2
package/dist/infra/retry.js +9 -5
package/dist/infra/scp-host.js +54 -0
package/dist/infra/session-cost-usage.js +107 -59
package/dist/infra/session-maintenance-warning.js +3 -1
package/dist/infra/shell-env.js +98 -34
package/dist/infra/ssh-config.js +12 -6
package/dist/infra/system-run-command.js +49 -4
package/dist/infra/update-channels.js +10 -5
package/dist/infra/update-startup.js +86 -9
package/dist/line/accounts.js +5 -7
package/dist/line/bot-access.js +8 -20
package/dist/line/bot-handlers.js +3 -1
package/dist/link-understanding/detect.js +15 -7
package/dist/media/constants.js +15 -6
package/dist/media/image-ops.js +7 -0
package/dist/media/inbound-path-policy.js +114 -0
package/dist/media/input-files.js +16 -0
package/dist/media/local-roots.js +3 -2
package/dist/media-understanding/apply.js +4 -1
package/dist/media-understanding/concurrency.js +8 -20
package/dist/memory/backend-config.js +45 -6
package/dist/memory/embeddings.js +10 -4
package/dist/memory/fs-utils.js +23 -0
package/dist/memory/manager-search.js +12 -6
package/dist/memory/manager-sync-ops.js +12 -2
package/dist/memory/qmd-manager.js +466 -53
package/dist/memory/query-expansion.js +167 -3
package/dist/memory/status-format.js +10 -5
package/dist/memory/sync-memory-files.js +1 -1
package/dist/memory/test-manager.js +8 -0
package/dist/node-host/invoke-system-run.js +281 -0
package/dist/node-host/invoke.js +55 -337
package/dist/pairing/pairing-store.js +22 -0
package/dist/plugin-sdk/allow-from.js +1 -1
package/dist/plugin-sdk/command-auth.js +3 -1
package/dist/plugin-sdk/index.js +6 -3
package/dist/plugin-sdk/temp-path.js +47 -0
package/dist/plugin-sdk/webhook-targets.js +32 -0
package/dist/plugins/bundled-dir.js +9 -6
package/dist/plugins/discovery.js +217 -23
package/dist/plugins/hook-runner-global.js +16 -0
package/dist/plugins/hooks.js +50 -0
package/dist/plugins/install.js +28 -16
package/dist/plugins/loader.js +192 -26
package/dist/plugins/logger.js +8 -0
package/dist/plugins/manifest-registry.js +3 -0
package/dist/plugins/path-safety.js +34 -0
package/dist/plugins/registry.js +5 -2
package/dist/plugins/runtime/index.js +271 -206
package/dist/plugins/runtime.js +3 -17
package/dist/plugins/update.js +78 -12
package/dist/process/spawn-utils.js +14 -7
package/dist/providers/github-copilot-models.js +4 -1
package/dist/providers/github-copilot-token.js +11 -6
package/dist/providers/qwen-portal-oauth.js +14 -6
package/dist/routing/account-id.js +30 -0
package/dist/routing/resolve-route.js +3 -7
package/dist/routing/session-key.js +2 -16
package/dist/security/audit-channel.js +100 -20
package/dist/security/audit-extra.async.js +505 -179
package/dist/security/audit-extra.js +12 -2
package/dist/security/audit-extra.sync.js +421 -35
package/dist/security/audit-fs.js +31 -13
package/dist/security/audit.js +180 -370
package/dist/security/dm-policy-shared.js +68 -0
package/dist/security/external-content.js +46 -14
package/dist/security/fix.js +49 -85
package/dist/security/scan-paths.js +20 -0
package/dist/security/secret-equal.js +3 -7
package/dist/security/windows-acl.js +30 -15
package/dist/shared/entry-status.js +6 -0
package/dist/shared/frontmatter.js +5 -5
package/dist/shared/node-list-parse.js +13 -0
package/dist/shared/node-match.js +11 -4
package/dist/shared/operator-scope-compat.js +42 -0
package/dist/shared/text-chunking.js +29 -0
package/dist/signal/accounts.js +7 -20
package/dist/signal/monitor/event-handler.js +3 -1
package/dist/slack/accounts.js +6 -19
package/dist/slack/actions.js +11 -3
package/dist/slack/blocks.test-helpers.js +31 -0
package/dist/slack/monitor/auth.js +1 -1
package/dist/slack/monitor/message-handler/dispatch.js +50 -29
package/dist/slack/monitor/mrkdwn.js +8 -0
package/dist/slack/monitor/replies.js +15 -7
package/dist/slack/monitor/slash.js +22 -13
package/dist/slack/resolve-channels.js +10 -5
package/dist/slack/send.js +102 -12
package/dist/slack/stream-mode.js +10 -0
package/dist/slack/streaming.js +4 -2
package/dist/telegram/accounts.js +19 -14
package/dist/telegram/bot/helpers.js +3 -5
package/dist/telegram/bot-access.js +35 -36
package/dist/telegram/bot-handlers.js +120 -148
package/dist/telegram/bot-message-context.js +68 -9
package/dist/telegram/bot-message-dispatch.js +477 -210
package/dist/telegram/bot-native-commands.js +16 -0
package/dist/telegram/draft-stream.js +44 -8
package/dist/telegram/inline-buttons.js +5 -15
package/dist/telegram/monitor.js +11 -7
package/dist/telegram/network-config.js +19 -7
package/dist/telegram/reasoning-lane-coordinator.js +128 -0
package/dist/telegram/send.js +3 -2
package/dist/telegram/sent-message-cache.js +5 -6
package/dist/telegram/status-reaction-variants.js +208 -0
package/dist/telegram/sticker-cache.js +11 -9
package/dist/terminal/prompt-select-styled.js +9 -0
package/dist/terminal/theme.js +12 -12
package/dist/test-utils/command-runner.js +6 -0
package/dist/test-utils/internal-hook-event-payload.js +10 -0
package/dist/test-utils/model-auth-mock.js +12 -0
package/dist/test-utils/provider-usage-fetch.js +14 -0
package/dist/test-utils/temp-home.js +33 -0
package/dist/tts/tts.js +80 -567
package/dist/tui/components/chat-log.js +50 -8
package/dist/tui/theme/theme.js +10 -12
package/dist/tui/tui-command-handlers.js +36 -27
package/dist/tui/tui-event-handlers.js +122 -32
package/dist/tui/tui-local-shell.js +16 -6
package/dist/tui/tui.js +236 -48
package/dist/utils/account-id.js +2 -4
package/dist/utils/boolean.js +10 -5
package/dist/utils/directive-tags.js +11 -0
package/dist/utils/mask-api-key.js +10 -0
package/dist/utils/queue-helpers.js +67 -12
package/dist/utils/run-with-concurrency.js +39 -0
package/dist/web/auto-reply/deliver-reply.js +8 -4
package/dist/web/auto-reply/mentions.js +10 -5
package/dist/web/auto-reply/monitor/group-members.js +14 -7
package/dist/web/auto-reply/monitor/process-message.js +45 -24
package/dist/web/inbound/access-control.js +5 -2
package/dist/web/login-qr.js +12 -6
package/dist/web/media.js +126 -15
package/docs/tools/slash-commands.md +5 -1
package/extensions/bluebubbles/src/monitor-processing.ts +580 -139
package/extensions/bluebubbles/src/monitor.ts +208 -1950
package/extensions/feishu/src/external-keys.ts +19 -0
package/extensions/lobster/src/windows-spawn.ts +193 -0
package/extensions/matrix/src/matrix/actions/limits.ts +6 -0
package/extensions/mattermost/src/mattermost/reactions.test-helpers.ts +83 -0
package/package.json +1 -1

package/dist/gateway/hooks.js CHANGED Viewed

@@ -1,14 +1,16 @@
 import { randomUUID } from "node:crypto";
 import { listAgentIds, resolveDefaultAgentId } from "../agents/agent-scope.js";
 import { listChannelPlugins } from "../channels/plugins/index.js";
+import { readJsonBodyWithLimit, requestBodyErrorToText } from "../infra/http-body.js";
 import { normalizeAgentId } from "../routing/session-key.js";
 import { normalizeMessageChannel } from "../utils/message-channel.js";
 import { resolveHookMappings } from "./hooks-mapping.js";
 const DEFAULT_HOOKS_PATH = "/hooks";
 const DEFAULT_HOOKS_MAX_BODY_BYTES = 256 * 1024;
 export function resolveHooksConfig(cfg) {
-    if (cfg.hooks?.enabled !== true)
+    if (cfg.hooks?.enabled !== true) {
         return null;
+    }
     const token = cfg.hooks?.token?.trim();
     if (!token) {
         throw new Error("hooks.enabled requires hooks.token");
@@ -26,6 +28,18 @@ export function resolveHooksConfig(cfg) {
     const defaultAgentId = resolveDefaultAgentId(cfg);
     const knownAgentIds = resolveKnownAgentIds(cfg, defaultAgentId);
     const allowedAgentIds = resolveAllowedAgentIds(cfg.hooks?.allowedAgentIds);
+    const defaultSessionKey = resolveSessionKey(cfg.hooks?.defaultSessionKey);
+    const allowedSessionKeyPrefixes = resolveAllowedSessionKeyPrefixes(cfg.hooks?.allowedSessionKeyPrefixes);
+    if (defaultSessionKey &&
+        allowedSessionKeyPrefixes &&
+        !isSessionKeyAllowedByPrefix(defaultSessionKey, allowedSessionKeyPrefixes)) {
+        throw new Error("hooks.defaultSessionKey must match hooks.allowedSessionKeyPrefixes");
+    }
+    if (!defaultSessionKey &&
+        allowedSessionKeyPrefixes &&
+        !isSessionKeyAllowedByPrefix("hook:example", allowedSessionKeyPrefixes)) {
+        throw new Error("hooks.allowedSessionKeyPrefixes must include 'hook:' when hooks.defaultSessionKey is unset");
+    }
     return {
         basePath: trimmed,
         token,
@@ -36,6 +50,11 @@ export function resolveHooksConfig(cfg) {
             knownAgentIds,
             allowedAgentIds,
         },
+        sessionPolicy: {
+            defaultSessionKey,
+            allowRequestSessionKey: cfg.hooks?.allowRequestSessionKey === true,
+            allowedSessionKeyPrefixes,
+        },
     };
 }
 function resolveKnownAgentIds(cfg, defaultAgentId) {
@@ -65,62 +84,68 @@ function resolveAllowedAgentIds(raw) {
     }
     return allowed;
 }
+function resolveSessionKey(raw) {
+    const value = raw?.trim();
+    return value ? value : undefined;
+}
+function normalizeSessionKeyPrefix(raw) {
+    const value = raw.trim().toLowerCase();
+    return value ? value : undefined;
+}
+function resolveAllowedSessionKeyPrefixes(raw) {
+    if (!Array.isArray(raw)) {
+        return undefined;
+    }
+    const set = new Set();
+    for (const prefix of raw) {
+        const normalized = normalizeSessionKeyPrefix(prefix);
+        if (!normalized) {
+            continue;
+        }
+        set.add(normalized);
+    }
+    return set.size > 0 ? Array.from(set) : undefined;
+}
+function isSessionKeyAllowedByPrefix(sessionKey, prefixes) {
+    const normalized = sessionKey.trim().toLowerCase();
+    if (!normalized) {
+        return false;
+    }
+    return prefixes.some((prefix) => normalized.startsWith(prefix));
+}
 export function extractHookToken(req, url) {
     const auth = typeof req.headers.authorization === "string" ? req.headers.authorization.trim() : "";
     if (auth.toLowerCase().startsWith("bearer ")) {
         const token = auth.slice(7).trim();
-        if (token)
+        if (token) {
             return { token, fromQuery: false };
+        }
     }
     const headerToken = typeof req.headers["x-poolbot-token"] === "string" ? req.headers["x-poolbot-token"].trim() : "";
-    if (headerToken)
+    if (headerToken) {
         return { token: headerToken, fromQuery: false };
-    const queryToken = url.searchParams.get("token");
-    if (queryToken)
-        return { token: queryToken.trim(), fromQuery: true };
+    }
+    const queryToken = url?.searchParams.get("token")?.trim();
+    if (queryToken) {
+        return { token: queryToken, fromQuery: true };
+    }
     return { token: undefined, fromQuery: false };
 }
 export async function readJsonBody(req, maxBytes) {
-    return await new Promise((resolve) => {
-        let done = false;
-        let total = 0;
-        const chunks = [];
-        req.on("data", (chunk) => {
-            if (done)
-                return;
-            total += chunk.length;
-            if (total > maxBytes) {
-                done = true;
-                resolve({ ok: false, error: "payload too large" });
-                req.destroy();
-                return;
-            }
-            chunks.push(chunk);
-        });
-        req.on("end", () => {
-            if (done)
-                return;
-            done = true;
-            const raw = Buffer.concat(chunks).toString("utf-8").trim();
-            if (!raw) {
-                resolve({ ok: true, value: {} });
-                return;
-            }
-            try {
-                const parsed = JSON.parse(raw);
-                resolve({ ok: true, value: parsed });
-            }
-            catch (err) {
-                resolve({ ok: false, error: String(err) });
-            }
-        });
-        req.on("error", (err) => {
-            if (done)
-                return;
-            done = true;
-            resolve({ ok: false, error: String(err) });
-        });
-    });
+    const result = await readJsonBodyWithLimit(req, { maxBytes, emptyObjectOnEmpty: true });
+    if (result.ok) {
+        return result;
+    }
+    if (result.code === "PAYLOAD_TOO_LARGE") {
+        return { ok: false, error: "payload too large" };
+    }
+    if (result.code === "REQUEST_BODY_TIMEOUT") {
+        return { ok: false, error: "request body timeout" };
+    }
+    if (result.code === "CONNECTION_CLOSED") {
+        return { ok: false, error: requestBodyErrorToText("CONNECTION_CLOSED") };
+    }
+    return { ok: false, error: result.error };
 }
 export function normalizeHookHeaders(req) {
     const headers = {};
@@ -136,8 +161,9 @@ export function normalizeHookHeaders(req) {
 }
 export function normalizeWakePayload(payload) {
     const text = typeof payload.text === "string" ? payload.text.trim() : "";
-    if (!text)
+    if (!text) {
         return { ok: false, error: "text required" };
+    }
     const mode = payload.mode === "next-heartbeat" ? "next-heartbeat" : "now";
     return { ok: true, value: { text, mode } };
 }
@@ -145,13 +171,16 @@ const listHookChannelValues = () => ["last", ...listChannelPlugins().map((plugin
 const getHookChannelSet = () => new Set(listHookChannelValues());
 export const getHookChannelError = () => `channel must be ${listHookChannelValues().join("|")}`;
 export function resolveHookChannel(raw) {
-    if (raw === undefined)
+    if (raw === undefined) {
         return "last";
-    if (typeof raw !== "string")
+    }
+    if (typeof raw !== "string") {
         return null;
+    }
     const normalized = normalizeMessageChannel(raw);
-    if (!normalized || !getHookChannelSet().has(normalized))
+    if (!normalized || !getHookChannelSet().has(normalized)) {
         return null;
+    }
     return normalized;
 }
 export function resolveHookDeliver(raw) {
@@ -182,23 +211,49 @@ export function isHookAgentAllowed(hooksConfig, agentId) {
     return resolved ? allowed.has(resolved) : false;
 }
 export const getHookAgentPolicyError = () => "agentId is not allowed by hooks.allowedAgentIds";
+export const getHookSessionKeyRequestPolicyError = () => "sessionKey is disabled for external /hooks/agent payloads; set hooks.allowRequestSessionKey=true to enable";
+export const getHookSessionKeyPrefixError = (prefixes) => `sessionKey must start with one of: ${prefixes.join(", ")}`;
+export function resolveHookSessionKey(params) {
+    const requested = resolveSessionKey(params.sessionKey);
+    if (requested) {
+        if (params.source === "request" && !params.hooksConfig.sessionPolicy.allowRequestSessionKey) {
+            return { ok: false, error: getHookSessionKeyRequestPolicyError() };
+        }
+        const allowedPrefixes = params.hooksConfig.sessionPolicy.allowedSessionKeyPrefixes;
+        if (allowedPrefixes && !isSessionKeyAllowedByPrefix(requested, allowedPrefixes)) {
+            return { ok: false, error: getHookSessionKeyPrefixError(allowedPrefixes) };
+        }
+        return { ok: true, value: requested };
+    }
+    const defaultSessionKey = params.hooksConfig.sessionPolicy.defaultSessionKey;
+    if (defaultSessionKey) {
+        return { ok: true, value: defaultSessionKey };
+    }
+    const generated = `hook:${(params.idFactory ?? randomUUID)()}`;
+    const allowedPrefixes = params.hooksConfig.sessionPolicy.allowedSessionKeyPrefixes;
+    if (allowedPrefixes && !isSessionKeyAllowedByPrefix(generated, allowedPrefixes)) {
+        return { ok: false, error: getHookSessionKeyPrefixError(allowedPrefixes) };
+    }
+    return { ok: true, value: generated };
+}
 export function normalizeAgentPayload(payload, opts) {
     const message = typeof payload.message === "string" ? payload.message.trim() : "";
-    if (!message)
+    if (!message) {
         return { ok: false, error: "message required" };
+    }
     const nameRaw = payload.name;
     const name = typeof nameRaw === "string" && nameRaw.trim() ? nameRaw.trim() : "Hook";
     const agentIdRaw = payload.agentId;
     const agentId = typeof agentIdRaw === "string" && agentIdRaw.trim() ? agentIdRaw.trim() : undefined;
     const wakeMode = payload.wakeMode === "next-heartbeat" ? "next-heartbeat" : "now";
     const sessionKeyRaw = payload.sessionKey;
-    const idFactory = opts?.idFactory ?? randomUUID;
     const sessionKey = typeof sessionKeyRaw === "string" && sessionKeyRaw.trim()
         ? sessionKeyRaw.trim()
-        : `hook:${idFactory()}`;
+        : `hook:${(opts?.idFactory ?? randomUUID)()}`;
     const channel = resolveHookChannel(payload.channel);
-    if (!channel)
+    if (!channel) {
         return { ok: false, error: getHookChannelError() };
+    }
     const toRaw = payload.to;
     const to = typeof toRaw === "string" && toRaw.trim() ? toRaw.trim() : undefined;
     const modelRaw = payload.model;

package/dist/gateway/http-auth-helpers.js CHANGED Viewed

@@ -1,13 +1,14 @@
-import { authorizeGatewayConnect } from "./auth.js";
+import { authorizeHttpGatewayConnect } from "./auth.js";
 import { sendGatewayAuthFailure } from "./http-common.js";
 import { getBearerToken } from "./http-utils.js";
 export async function authorizeGatewayBearerRequestOrReply(params) {
     const token = getBearerToken(params.req);
-    const authResult = await authorizeGatewayConnect({
+    const authResult = await authorizeHttpGatewayConnect({
         auth: params.auth,
         connectAuth: token ? { token, password: token } : null,
         req: params.req,
         trustedProxies: params.trustedProxies,
+        allowRealIpFallback: params.allowRealIpFallback,
         rateLimiter: params.rateLimiter,
     });
     if (!authResult.ok) {

package/dist/gateway/http-common.js CHANGED Viewed

@@ -1,4 +1,14 @@
 import { readJsonBody } from "./hooks.js";
+/**
+ * Apply baseline security headers that are safe for all response types (API JSON,
+ * HTML pages, static assets, SSE streams). Headers that restrict framing or set a
+ * Content-Security-Policy are intentionally omitted here because some handlers
+ * (canvas host, A2UI) serve content that may be loaded inside frames.
+ */
+export function setDefaultSecurityHeaders(res) {
+    res.setHeader("X-Content-Type-Options", "nosniff");
+    res.setHeader("Referrer-Policy", "no-referrer");
+}
 export function sendJson(res, status, body) {
     res.statusCode = status;
     res.setHeader("Content-Type", "application/json; charset=utf-8");
@@ -44,6 +54,18 @@ export function sendInvalidRequest(res, message) {
 export async function readJsonBodyOrError(req, res, maxBytes) {
     const body = await readJsonBody(req, maxBytes);
     if (!body.ok) {
+        if (body.error === "payload too large") {
+            sendJson(res, 413, {
+                error: { message: "Payload too large", type: "invalid_request_error" },
+            });
+            return undefined;
+        }
+        if (body.error === "request body timeout") {
+            sendJson(res, 408, {
+                error: { message: "Request body timeout", type: "invalid_request_error" },
+            });
+            return undefined;
+        }
         sendInvalidRequest(res, body.error);
         return undefined;
     }

package/dist/gateway/http-endpoint-helpers.js CHANGED Viewed

@@ -14,6 +14,7 @@ export async function handleGatewayPostJsonEndpoint(req, res, opts) {
         res,
         auth: opts.auth,
         trustedProxies: opts.trustedProxies,
+        allowRealIpFallback: opts.allowRealIpFallback,
         rateLimiter: opts.rateLimiter,
     });
     if (!authorized) {

package/dist/gateway/method-scopes.js ADDED Viewed

@@ -0,0 +1,169 @@
+export const ADMIN_SCOPE = "operator.admin";
+export const READ_SCOPE = "operator.read";
+export const WRITE_SCOPE = "operator.write";
+export const APPROVALS_SCOPE = "operator.approvals";
+export const PAIRING_SCOPE = "operator.pairing";
+export const CLI_DEFAULT_OPERATOR_SCOPES = [
+    ADMIN_SCOPE,
+    APPROVALS_SCOPE,
+    PAIRING_SCOPE,
+];
+const NODE_ROLE_METHODS = new Set(["node.invoke.result", "node.event", "skills.bins"]);
+const METHOD_SCOPE_GROUPS = {
+    [APPROVALS_SCOPE]: [
+        "exec.approval.request",
+        "exec.approval.waitDecision",
+        "exec.approval.resolve",
+    ],
+    [PAIRING_SCOPE]: [
+        "node.pair.request",
+        "node.pair.list",
+        "node.pair.approve",
+        "node.pair.reject",
+        "node.pair.verify",
+        "device.pair.list",
+        "device.pair.approve",
+        "device.pair.reject",
+        "device.pair.remove",
+        "device.token.rotate",
+        "device.token.revoke",
+        "node.rename",
+    ],
+    [READ_SCOPE]: [
+        "health",
+        "logs.tail",
+        "channels.status",
+        "status",
+        "usage.status",
+        "usage.cost",
+        "tts.status",
+        "tts.providers",
+        "models.list",
+        "agents.list",
+        "agent.identity.get",
+        "skills.status",
+        "voicewake.get",
+        "sessions.list",
+        "sessions.preview",
+        "sessions.resolve",
+        "sessions.usage",
+        "sessions.usage.timeseries",
+        "sessions.usage.logs",
+        "cron.list",
+        "cron.status",
+        "cron.runs",
+        "system-presence",
+        "last-heartbeat",
+        "node.list",
+        "node.describe",
+        "chat.history",
+        "config.get",
+        "talk.config",
+        "agents.files.list",
+        "agents.files.get",
+    ],
+    [WRITE_SCOPE]: [
+        "send",
+        "poll",
+        "agent",
+        "agent.wait",
+        "wake",
+        "talk.mode",
+        "tts.enable",
+        "tts.disable",
+        "tts.convert",
+        "tts.setProvider",
+        "voicewake.set",
+        "node.invoke",
+        "chat.send",
+        "chat.abort",
+        "browser.request",
+        "push.test",
+    ],
+    [ADMIN_SCOPE]: [
+        "channels.logout",
+        "agents.create",
+        "agents.update",
+        "agents.delete",
+        "skills.install",
+        "skills.update",
+        "cron.add",
+        "cron.update",
+        "cron.remove",
+        "cron.run",
+        "sessions.patch",
+        "sessions.reset",
+        "sessions.delete",
+        "sessions.compact",
+        "connect",
+        "chat.inject",
+        "web.login.start",
+        "web.login.wait",
+        "set-heartbeats",
+        "system-event",
+        "agents.files.set",
+    ],
+};
+const ADMIN_METHOD_PREFIXES = ["exec.approvals.", "config.", "wizard.", "update."];
+const METHOD_SCOPE_BY_NAME = new Map(Object.entries(METHOD_SCOPE_GROUPS).flatMap(([scope, methods]) => methods.map((method) => [method, scope])));
+function resolveScopedMethod(method) {
+    const explicitScope = METHOD_SCOPE_BY_NAME.get(method);
+    if (explicitScope) {
+        return explicitScope;
+    }
+    if (ADMIN_METHOD_PREFIXES.some((prefix) => method.startsWith(prefix))) {
+        return ADMIN_SCOPE;
+    }
+    return undefined;
+}
+export function isApprovalMethod(method) {
+    return resolveScopedMethod(method) === APPROVALS_SCOPE;
+}
+export function isPairingMethod(method) {
+    return resolveScopedMethod(method) === PAIRING_SCOPE;
+}
+export function isReadMethod(method) {
+    return resolveScopedMethod(method) === READ_SCOPE;
+}
+export function isWriteMethod(method) {
+    return resolveScopedMethod(method) === WRITE_SCOPE;
+}
+export function isNodeRoleMethod(method) {
+    return NODE_ROLE_METHODS.has(method);
+}
+export function isAdminOnlyMethod(method) {
+    return resolveScopedMethod(method) === ADMIN_SCOPE;
+}
+export function resolveRequiredOperatorScopeForMethod(method) {
+    return resolveScopedMethod(method);
+}
+export function resolveLeastPrivilegeOperatorScopesForMethod(method) {
+    const requiredScope = resolveRequiredOperatorScopeForMethod(method);
+    if (requiredScope) {
+        return [requiredScope];
+    }
+    // Default-deny for unclassified methods.
+    return [];
+}
+export function authorizeOperatorScopesForMethod(method, scopes) {
+    if (scopes.includes(ADMIN_SCOPE)) {
+        return { allowed: true };
+    }
+    const requiredScope = resolveRequiredOperatorScopeForMethod(method) ?? ADMIN_SCOPE;
+    if (requiredScope === READ_SCOPE) {
+        if (scopes.includes(READ_SCOPE) || scopes.includes(WRITE_SCOPE)) {
+            return { allowed: true };
+        }
+        return { allowed: false, missingScope: READ_SCOPE };
+    }
+    if (scopes.includes(requiredScope)) {
+        return { allowed: true };
+    }
+    return { allowed: false, missingScope: requiredScope };
+}
+export function isGatewayMethodClassified(method) {
+    if (isNodeRoleMethod(method)) {
+        return true;
+    }
+    return resolveRequiredOperatorScopeForMethod(method) !== undefined;
+}

package/dist/gateway/net.js CHANGED Viewed

@@ -135,19 +135,44 @@ function stripOptionalPort(ip) {
     }
     return ip;
 }
-export function parseForwardedForClientIp(forwardedFor) {
-    const raw = forwardedFor?.split(",")[0]?.trim();
-    if (!raw) {
+function parseIpLiteral(raw) {
+    const trimmed = raw?.trim();
+    if (!trimmed) {
+        return undefined;
+    }
+    const stripped = stripOptionalPort(trimmed);
+    const normalized = normalizeIp(stripped);
+    if (!normalized || net.isIP(normalized) === 0) {
         return undefined;
     }
-    return normalizeIp(stripOptionalPort(raw));
+    return normalized;
 }
 function parseRealIp(realIp) {
-    const raw = realIp?.trim();
-    if (!raw) {
+    return parseIpLiteral(realIp);
+}
+function resolveForwardedClientIp(params) {
+    const { forwardedFor, trustedProxies } = params;
+    if (!trustedProxies?.length) {
+        return undefined;
+    }
+    const forwardedChain = [];
+    for (const entry of forwardedFor?.split(",") ?? []) {
+        const normalized = parseIpLiteral(entry);
+        if (normalized) {
+            forwardedChain.push(normalized);
+        }
+    }
+    if (forwardedChain.length === 0) {
         return undefined;
     }
-    return normalizeIp(stripOptionalPort(raw));
+    // Walk right-to-left and return the first untrusted hop.
+    for (let index = forwardedChain.length - 1; index >= 0; index -= 1) {
+        const hop = forwardedChain[index];
+        if (!isTrustedProxyAddress(hop, trustedProxies)) {
+            return hop;
+        }
+    }
+    return undefined;
 }
 /**
  * Check if an IP address matches a CIDR block.
@@ -202,7 +227,7 @@ export function isTrustedProxyAddress(ip, trustedProxies) {
         return normalizeIp(candidate) === normalized;
     });
 }
-export function resolveGatewayClientIp(params) {
+export function resolveClientIp(params) {
     const remote = normalizeIp(params.remoteAddr);
     if (!remote) {
         return undefined;
@@ -210,7 +235,20 @@ export function resolveGatewayClientIp(params) {
     if (!isTrustedProxyAddress(remote, params.trustedProxies)) {
         return remote;
     }
-    return parseForwardedForClientIp(params.forwardedFor) ?? parseRealIp(params.realIp) ?? remote;
+    // Fail closed when traffic comes from a trusted proxy but client-origin headers
+    // are missing or invalid. Falling back to the proxy's own IP can accidentally
+    // treat unrelated requests as local/trusted.
+    const forwardedIp = resolveForwardedClientIp({
+        forwardedFor: params.forwardedFor,
+        trustedProxies: params.trustedProxies,
+    });
+    if (forwardedIp) {
+        return forwardedIp;
+    }
+    if (params.allowRealIpFallback) {
+        return parseRealIp(params.realIp);
+    }
+    return undefined;
 }
 export function isLocalGatewayAddress(ip) {
     if (isLoopbackAddress(ip)) {
@@ -347,3 +385,30 @@ export function isLoopbackHost(host) {
     const unbracket = h.startsWith("[") && h.endsWith("]") ? h.slice(1, -1) : h;
     return isLoopbackAddress(unbracket);
 }
+/**
+ * Security check for WebSocket URLs (CWE-319: Cleartext Transmission of Sensitive Information).
+ *
+ * Returns true if the URL is secure for transmitting data:
+ * - wss:// (TLS) is always secure
+ * - ws:// is only secure for loopback addresses (localhost, 127.x.x.x, ::1)
+ *
+ * All other ws:// URLs are considered insecure because both credentials
+ * AND chat/conversation data would be exposed to network interception.
+ */
+export function isSecureWebSocketUrl(url) {
+    let parsed;
+    try {
+        parsed = new URL(url);
+    }
+    catch {
+        return false;
+    }
+    if (parsed.protocol === "wss:") {
+        return true;
+    }
+    if (parsed.protocol !== "ws:") {
+        return false;
+    }
+    // ws:// is only secure for loopback addresses
+    return isLoopbackHost(parsed.hostname);
+}

package/dist/gateway/node-invoke-system-run-approval.js CHANGED Viewed

@@ -1,4 +1,4 @@
-import { formatExecCommand, validateSystemRunCommandConsistency, } from "../infra/system-run-command.js";
+import { resolveSystemRunCommand } from "../infra/system-run-command.js";
 function asRecord(value) {
     if (!value || typeof value !== "object" || Array.isArray(value)) {
         return null;
@@ -20,24 +20,10 @@ function clientHasApprovals(client) {
     const scopes = Array.isArray(client?.connect?.scopes) ? client?.connect?.scopes : [];
     return scopes.includes("operator.admin") || scopes.includes("operator.approvals");
 }
-function getCmdText(params) {
-    const raw = normalizeString(params.rawCommand);
-    if (raw) {
-        return raw;
-    }
-    if (Array.isArray(params.command)) {
-        const parts = params.command.map((v) => String(v));
-        if (parts.length > 0) {
-            return formatExecCommand(parts);
-        }
-    }
-    return "";
-}
-function approvalMatchesRequest(params, record) {
+function approvalMatchesRequest(cmdText, params, record) {
     if (record.request.host !== "node") {
         return false;
     }
-    const cmdText = getCmdText(params);
     if (!cmdText || record.request.command !== cmdText) {
         return false;
     }
@@ -90,25 +76,18 @@ export function sanitizeSystemRunParamsForForwarding(opts) {
         return { ok: true, params: opts.rawParams };
     }
     const p = obj;
-    const argv = Array.isArray(p.command) ? p.command.map((v) => String(v)) : [];
-    const raw = normalizeString(p.rawCommand);
-    if (raw) {
-        if (!Array.isArray(p.command) || argv.length === 0) {
-            return {
-                ok: false,
-                message: "rawCommand requires params.command",
-                details: { code: "MISSING_COMMAND" },
-            };
-        }
-        const validation = validateSystemRunCommandConsistency({ argv, rawCommand: raw });
-        if (!validation.ok) {
-            return {
-                ok: false,
-                message: validation.message,
-                details: validation.details ?? { code: "RAW_COMMAND_MISMATCH" },
-            };
-        }
+    const cmdTextResolution = resolveSystemRunCommand({
+        command: p.command,
+        rawCommand: p.rawCommand,
+    });
+    if (!cmdTextResolution.ok) {
+        return {
+            ok: false,
+            message: cmdTextResolution.message,
+            details: cmdTextResolution.details,
+        };
     }
+    const cmdText = cmdTextResolution.cmdText;
     const approved = p.approved === true;
     const requestedDecision = normalizeApprovalDecision(p.approvalDecision);
     const wantsApprovalOverride = approved || requestedDecision !== null;
@@ -171,7 +150,7 @@ export function sanitizeSystemRunParamsForForwarding(opts) {
             details: { code: "APPROVAL_CLIENT_MISMATCH", runId },
         };
     }
-    if (!approvalMatchesRequest(p, snapshot)) {
+    if (!approvalMatchesRequest(cmdText, p, snapshot)) {
         return {
             ok: false,
             message: "approval id does not match request",