npm - @poolzin/pool-bot - Versions diffs - 2026.2.24 → 2026.2.26 - Mend

@poolzin/pool-bot 2026.2.24 → 2026.2.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (646) hide show

package/CHANGELOG.md +21 -0
package/dist/acp/client.js +207 -18
package/dist/acp/event-mapper.js +87 -22
package/dist/acp/meta.js +12 -6
package/dist/acp/secret-file.js +22 -0
package/dist/agents/agent-paths.js +8 -9
package/dist/agents/agent-scope.js +17 -5
package/dist/agents/auth-profiles/oauth.js +148 -64
package/dist/agents/auth-profiles/session-override.js +13 -7
package/dist/agents/bash-process-registry.test-helpers.js +29 -0
package/dist/agents/bash-tools.exec-approval-request.js +20 -0
package/dist/agents/bash-tools.exec-host-gateway.js +240 -0
package/dist/agents/bash-tools.exec-host-node.js +235 -0
package/dist/agents/bash-tools.exec-runtime.js +2 -25
package/dist/agents/bash-tools.exec-types.js +1 -0
package/dist/agents/bash-tools.process.js +224 -218
package/dist/agents/bedrock-discovery.js +3 -1
package/dist/agents/byteplus-models.js +97 -0
package/dist/agents/chutes-oauth.js +1 -0
package/dist/agents/cli-runner/helpers.js +4 -0
package/dist/agents/compaction.js +41 -14
package/dist/agents/content-blocks.js +16 -0
package/dist/agents/doubao-models.js +121 -0
package/dist/agents/failover-error.js +2 -0
package/dist/agents/huggingface-models.js +5 -3
package/dist/agents/live-model-filter.js +5 -0
package/dist/agents/minimax-vlm.js +10 -8
package/dist/agents/model-auth.js +6 -0
package/dist/agents/model-catalog.js +3 -1
package/dist/agents/model-fallback.js +96 -101
package/dist/agents/model-selection.js +7 -1
package/dist/agents/models-config.providers.js +364 -165
package/dist/agents/ollama-stream.js +117 -4
package/dist/agents/opencode-zen-models.js +22 -11
package/dist/agents/pi-embedded-helpers/errors.js +55 -33
package/dist/agents/pi-embedded-helpers/messaging-dedupe.js +10 -5
package/dist/agents/pi-embedded-helpers/thinking.js +10 -5
package/dist/agents/pi-embedded-helpers.js +1 -1
package/dist/agents/pi-embedded-payloads.js +1 -0
package/dist/agents/pi-embedded-runner/compact.js +29 -7
package/dist/agents/pi-embedded-runner/extensions.js +28 -26
package/dist/agents/pi-embedded-runner/google.js +20 -8
package/dist/agents/pi-embedded-runner/run/attempt.js +95 -36
package/dist/agents/pi-embedded-runner/run.js +71 -12
package/dist/agents/pi-embedded-runner/run.overflow-compaction.fixture.js +34 -0
package/dist/agents/pi-embedded-runner/run.overflow-compaction.mocks.shared.js +11 -2
package/dist/agents/pi-embedded-runner/session-manager-cache.js +11 -7
package/dist/agents/pi-embedded-runner/system-prompt.js +2 -0
package/dist/agents/pi-embedded-runner/thinking.js +42 -0
package/dist/agents/pi-embedded-runner/tool-name-allowlist.js +19 -0
package/dist/agents/pi-embedded-runner/utils.js +7 -10
package/dist/agents/pi-embedded-subscribe.handlers.lifecycle.js +45 -56
package/dist/agents/pi-embedded-subscribe.handlers.tools.js +2 -2
package/dist/agents/pi-embedded-subscribe.js +9 -4
package/dist/agents/pi-embedded-subscribe.tools.js +68 -14
package/dist/agents/pi-embedded-utils.js +3 -0
package/dist/agents/pi-extensions/compaction-safeguard-runtime.js +4 -20
package/dist/agents/pi-extensions/compaction-safeguard.js +75 -33
package/dist/agents/pi-settings.js +40 -0
package/dist/agents/pi-tools.policy.js +2 -1
package/dist/agents/provider/config-loader.js +1 -1
package/dist/agents/sandbox/browser.js +170 -33
package/dist/agents/sandbox/config-hash.js +14 -27
package/dist/agents/sandbox/config.js +21 -2
package/dist/agents/sandbox/constants.js +2 -0
package/dist/agents/sandbox/docker.js +16 -2
package/dist/agents/sandbox/novnc-auth.js +62 -0
package/dist/agents/sandbox/sanitize-env-vars.js +1 -1
package/dist/agents/sandbox/shared.js +10 -6
package/dist/agents/sandbox-paths.js +24 -11
package/dist/agents/schema/clean-for-gemini.js +132 -85
package/dist/agents/session-slug.js +10 -5
package/dist/agents/session-tool-result-guard-wrapper.js +1 -0
package/dist/agents/session-tool-result-guard.js +3 -1
package/dist/agents/session-transcript-repair.js +40 -6
package/dist/agents/skills/bundled-dir.js +19 -5
package/dist/agents/skills/env-overrides.js +124 -43
package/dist/agents/skills/frontmatter.js +6 -6
package/dist/agents/skills/plugin-skills.js +14 -7
package/dist/agents/skills/workspace.js +1 -0
package/dist/agents/skills.test-helpers.js +13 -0
package/dist/agents/stable-stringify.js +12 -0
package/dist/agents/subagent-announce.js +251 -49
package/dist/agents/subagent-lifecycle-events.js +19 -0
package/dist/agents/subagent-registry-cleanup.js +31 -0
package/dist/agents/subagent-registry-completion.js +68 -0
package/dist/agents/subagent-registry-queries.js +117 -0
package/dist/agents/subagent-registry-state.js +46 -0
package/dist/agents/subagent-registry.js +252 -221
package/dist/agents/subagent-registry.mocks.shared.js +12 -0
package/dist/agents/subagent-registry.store.js +1 -0
package/dist/agents/subagent-registry.types.js +1 -0
package/dist/agents/subagent-spawn.js +195 -7
package/dist/agents/system-prompt.js +22 -6
package/dist/agents/test-helpers/assistant-message-fixtures.js +29 -0
package/dist/agents/test-helpers/fast-coding-tools.js +1 -18
package/dist/agents/test-helpers/fast-core-tools.js +1 -17
package/dist/agents/test-helpers/pi-tools-sandbox-context.js +27 -0
package/dist/agents/timeout.js +18 -6
package/dist/agents/tool-call-id.js +1 -1
package/dist/agents/tool-display-common.js +162 -29
package/dist/agents/tool-images.js +82 -9
package/dist/agents/tool-policy-shared.js +108 -0
package/dist/agents/tool-policy.js +51 -26
package/dist/agents/tools/browser-tool.js +160 -54
package/dist/agents/tools/canvas-tool.js +27 -1
package/dist/agents/tools/common.js +45 -0
package/dist/agents/tools/cron-tool.test-helpers.js +12 -0
package/dist/agents/tools/discord-actions-guild.js +4 -1
package/dist/agents/tools/discord-actions-moderation-shared.js +27 -0
package/dist/agents/tools/gateway-tool.js +3 -1
package/dist/agents/tools/image-tool.js +214 -99
package/dist/agents/tools/nodes-utils.js +1 -10
package/dist/agents/tools/sessions-history-tool.js +140 -108
package/dist/agents/tools/sessions-send-helpers.js +12 -6
package/dist/agents/tools/sessions-spawn-tool.js +8 -2
package/dist/agents/tools/subagents-tool.js +2 -1
package/dist/agents/tools/whatsapp-actions.js +10 -2
package/dist/agents/tools/whatsapp-target-auth.js +18 -0
package/dist/agents/transcript-policy.js +22 -8
package/dist/agents/venice-models.js +11 -3
package/dist/agents/workspace.js +222 -46
package/dist/auto-reply/commands-registry.data.js +51 -0
package/dist/auto-reply/commands-registry.js +19 -21
package/dist/auto-reply/fallback-state.js +114 -0
package/dist/auto-reply/group-activation.js +10 -5
package/dist/auto-reply/inbound-debounce.js +10 -5
package/dist/auto-reply/model-runtime.js +68 -0
package/dist/auto-reply/reply/abort.js +1 -1
package/dist/auto-reply/reply/agent-runner-execution.js +40 -5
package/dist/auto-reply/reply/agent-runner.js +165 -39
package/dist/auto-reply/reply/bash-command.js +41 -39
package/dist/auto-reply/reply/command-gates.js +25 -0
package/dist/auto-reply/reply/commands-allowlist.js +111 -72
package/dist/auto-reply/reply/commands-bash.js +6 -5
package/dist/auto-reply/reply/commands-config.js +30 -28
package/dist/auto-reply/reply/commands-core.js +2 -1
package/dist/auto-reply/reply/commands-info.js +1 -0
package/dist/auto-reply/reply/commands-models.js +65 -14
package/dist/auto-reply/reply/commands-session.js +237 -82
package/dist/auto-reply/reply/commands-setunset-standard.js +13 -0
package/dist/auto-reply/reply/commands-setunset.js +45 -0
package/dist/auto-reply/reply/commands-subagents/action-agents.js +44 -0
package/dist/auto-reply/reply/commands-subagents/action-focus.js +64 -0
package/dist/auto-reply/reply/commands-subagents/action-help.js +4 -0
package/dist/auto-reply/reply/commands-subagents/action-info.js +45 -0
package/dist/auto-reply/reply/commands-subagents/action-kill.js +60 -0
package/dist/auto-reply/reply/commands-subagents/action-list.js +44 -0
package/dist/auto-reply/reply/commands-subagents/action-log.js +29 -0
package/dist/auto-reply/reply/commands-subagents/action-send.js +119 -0
package/dist/auto-reply/reply/commands-subagents/action-spawn.js +52 -0
package/dist/auto-reply/reply/commands-subagents/action-unfocus.js +30 -0
package/dist/auto-reply/reply/commands-subagents/shared.js +303 -0
package/dist/auto-reply/reply/commands-subagents.js +51 -587
package/dist/auto-reply/reply/commands-tts.js +10 -5
package/dist/auto-reply/reply/config-value.js +10 -5
package/dist/auto-reply/reply/directive-handling.model-picker.js +12 -6
package/dist/auto-reply/reply/directive-handling.persist.js +9 -21
package/dist/auto-reply/reply/directive-handling.shared.js +24 -4
package/dist/auto-reply/reply/followup-runner.js +1 -0
package/dist/auto-reply/reply/get-reply-directives-utils.js +23 -14
package/dist/auto-reply/reply/get-reply-directives.js +17 -28
package/dist/auto-reply/reply/get-reply-inline-actions.js +1 -0
package/dist/auto-reply/reply/get-reply.js +71 -12
package/dist/auto-reply/reply/model-selection.js +80 -39
package/dist/auto-reply/reply/queue/enqueue.js +10 -5
package/dist/auto-reply/reply/queue/state.js +13 -12
package/dist/auto-reply/reply/reply-payloads.js +67 -36
package/dist/auto-reply/reply/reply-reference.js +9 -8
package/dist/auto-reply/reply/route-reply.js +15 -8
package/dist/auto-reply/reply/session-reset-prompt.js +1 -1
package/dist/auto-reply/reply/session.js +22 -6
package/dist/auto-reply/reply/strip-inbound-meta.js +147 -0
package/dist/auto-reply/reply/subagents-utils.js +56 -30
package/dist/auto-reply/reply/typing.js +46 -21
package/dist/auto-reply/send-policy.js +14 -7
package/dist/auto-reply/status.js +140 -16
package/dist/auto-reply/templating.js +10 -5
package/dist/auto-reply/thinking.js +7 -16
package/dist/auto-reply/tokens.js +21 -5
package/dist/browser/bridge-server.js +36 -20
package/dist/browser/cdp.helpers.js +7 -14
package/dist/browser/cdp.js +35 -15
package/dist/browser/chrome.profile-decoration.js +7 -4
package/dist/browser/config.js +30 -0
package/dist/browser/extension-relay-auth.js +55 -0
package/dist/browser/extension-relay.js +74 -29
package/dist/browser/navigation-guard.js +39 -0
package/dist/browser/paths.js +77 -0
package/dist/browser/profiles.js +13 -8
package/dist/browser/pw-ai-module.js +10 -5
package/dist/browser/pw-session.js +76 -39
package/dist/browser/pw-tools-core.interactions.js +14 -7
package/dist/browser/pw-tools-core.state.js +12 -6
package/dist/browser/routes/agent.act.js +431 -424
package/dist/browser/routes/agent.shared.js +47 -3
package/dist/browser/routes/agent.snapshot.js +122 -116
package/dist/browser/routes/agent.storage.js +303 -297
package/dist/browser/routes/tabs.js +154 -100
package/dist/browser/server-context.js +7 -0
package/dist/browser/server-lifecycle.js +37 -0
package/dist/build-info.json +3 -3
package/dist/channels/allow-from.js +26 -0
package/dist/channels/allowlists/resolve-utils.js +43 -19
package/dist/channels/channel-config.js +14 -7
package/dist/channels/draft-stream-loop.js +7 -0
package/dist/channels/model-overrides.js +82 -0
package/dist/channels/plugins/account-action-gate.js +13 -0
package/dist/channels/plugins/message-actions.js +10 -0
package/dist/channels/plugins/normalize/imessage.js +14 -7
package/dist/channels/plugins/normalize/slack.js +10 -5
package/dist/channels/plugins/normalize/telegram.js +14 -7
package/dist/channels/plugins/outbound/discord.js +80 -8
package/dist/channels/plugins/outbound/signal.js +11 -11
package/dist/channels/plugins/setup-helpers.js +10 -5
package/dist/channels/sender-label.js +14 -7
package/dist/channels/session.js +4 -2
package/dist/channels/status-reactions.js +297 -0
package/dist/channels/telegram/api.js +18 -0
package/dist/cli/argv.js +84 -21
package/dist/cli/banner.js +3 -2
package/dist/cli/browser-cli-actions-input/register.files-downloads.js +65 -56
package/dist/cli/cli-name.js +11 -11
package/dist/cli/cli-utils.js +13 -3
package/dist/cli/command-format.js +1 -1
package/dist/cli/config-cli.js +1 -1
package/dist/cli/daemon-cli/lifecycle-core.js +31 -19
package/dist/cli/daemon-cli/lifecycle.js +64 -2
package/dist/cli/daemon-cli/restart-health.js +126 -0
package/dist/cli/daemon-cli/status.gather.js +9 -13
package/dist/cli/daemon-cli/status.print.js +2 -10
package/dist/cli/deps.js +27 -22
package/dist/cli/exec-approvals-cli.js +92 -124
package/dist/cli/gateway-cli/run-loop.js +23 -5
package/dist/cli/memory-cli.js +158 -61
package/dist/cli/node-cli/register.js +14 -5
package/dist/cli/nodes-cli/register.push.js +63 -0
package/dist/cli/nodes-media-utils.js +26 -0
package/dist/cli/outbound-send-deps.js +2 -9
package/dist/cli/outbound-send-mapping.js +11 -0
package/dist/cli/pairing-cli.js +40 -14
package/dist/cli/plugins-cli.js +250 -73
package/dist/cli/ports.js +11 -10
package/dist/cli/program/build-program.js +3 -1
package/dist/cli/program/command-registry.js +214 -136
package/dist/cli/program/command-tree.js +16 -0
package/dist/cli/program/help.js +43 -12
package/dist/cli/program/preaction.js +13 -9
package/dist/cli/program/register.configure.js +3 -18
package/dist/cli/program/register.maintenance.js +2 -2
package/dist/cli/program/register.onboard.js +2 -0
package/dist/cli/program/register.status-health-sessions.js +16 -17
package/dist/cli/program/register.subclis.js +93 -52
package/dist/cli/route.js +12 -8
package/dist/cli/system-cli.js +36 -46
package/dist/cli/test-runtime-capture.js +24 -0
package/dist/cli/update-cli/shared.js +22 -9
package/dist/cli/update-cli/update-command.js +89 -14
package/dist/cli/update-cli/wizard.js +6 -12
package/dist/commands/agent/run-context.js +18 -5
package/dist/commands/agent/session-store.js +17 -4
package/dist/commands/agent.js +185 -89
package/dist/commands/agents.bindings.js +14 -7
package/dist/commands/agents.commands.add.js +13 -9
package/dist/commands/agents.commands.identity.js +12 -6
package/dist/commands/agents.commands.list.js +11 -6
package/dist/commands/agents.config.js +8 -10
package/dist/commands/agents.providers.js +12 -6
package/dist/commands/auth-choice-options.js +103 -75
package/dist/commands/auth-choice.apply.byteplus.js +55 -0
package/dist/commands/auth-choice.apply.js +4 -0
package/dist/commands/auth-choice.apply.minimax.js +61 -13
package/dist/commands/auth-choice.apply.openai.js +3 -1
package/dist/commands/auth-choice.apply.volcengine.js +55 -0
package/dist/commands/auth-choice.preferred-provider.js +2 -0
package/dist/commands/channels/remove.js +13 -6
package/dist/commands/channels/shared.js +4 -14
package/dist/commands/channels.mock-harness.js +23 -0
package/dist/commands/configure.commands.js +14 -0
package/dist/commands/configure.gateway.js +2 -4
package/dist/commands/configure.js +1 -1
package/dist/commands/configure.shared.js +11 -0
package/dist/commands/daemon-install-helpers.js +2 -2
package/dist/commands/daemon-install-runtime-warning.js +11 -0
package/dist/commands/dashboard.js +12 -10
package/dist/commands/docs.js +14 -8
package/dist/commands/doctor-config-flow.js +11 -9
package/dist/commands/doctor-legacy-config.js +281 -0
package/dist/commands/doctor-state-integrity.js +99 -23
package/dist/commands/doctor-update.js +12 -9
package/dist/commands/models/list.list-command.js +7 -5
package/dist/commands/models/set-image.js +2 -21
package/dist/commands/node-daemon-install-helpers.js +10 -8
package/dist/commands/onboard-auth.config-minimax.js +54 -80
package/dist/commands/onboard-auth.config-opencode.js +2 -18
package/dist/commands/onboard-auth.credentials.js +90 -13
package/dist/commands/onboard-auth.js +1 -1
package/dist/commands/onboard-auth.models.js +6 -5
package/dist/commands/onboard-hooks.js +1 -1
package/dist/commands/onboard-non-interactive/api-keys.js +14 -7
package/dist/commands/onboard-non-interactive/local/auth-choice.js +64 -49
package/dist/commands/onboard-provider-auth-flags.js +14 -0
package/dist/commands/onboard-remote.js +14 -7
package/dist/commands/onboard.js +11 -13
package/dist/commands/sandbox-display.js +6 -5
package/dist/commands/sessions.test-helpers.js +61 -0
package/dist/commands/status-all/diagnosis.js +14 -10
package/dist/commands/status-all/format.js +1 -0
package/dist/commands/status.gateway-probe.js +1 -16
package/dist/commands/systemd-linger.js +12 -6
package/dist/config/agent-limits.js +2 -0
package/dist/config/commands.js +32 -15
package/dist/config/config-paths.js +9 -11
package/dist/config/config.js +1 -1
package/dist/config/defaults.js +22 -2
package/dist/config/discord-preview-streaming.js +104 -0
package/dist/config/env-substitution.js +62 -34
package/dist/config/env-vars.js +45 -7
package/dist/config/includes.js +4 -0
package/dist/config/io.js +656 -171
package/dist/config/legacy.migrations.part-1.js +189 -78
package/dist/config/legacy.shared.js +3 -1
package/dist/config/merge-patch.js +54 -4
package/dist/config/prototype-keys.js +4 -0
package/dist/config/redact-snapshot.js +404 -76
package/dist/config/schema.help.js +44 -7
package/dist/config/schema.js +58 -570
package/dist/config/schema.labels.js +38 -6
package/dist/config/sessions/delivery-info.js +10 -3
package/dist/config/sessions/main-session.js +10 -5
package/dist/config/sessions/session-file.js +33 -0
package/dist/config/sessions/session-key.js +10 -5
package/dist/config/sessions/store.js +1 -1
package/dist/config/sessions.js +1 -0
package/dist/config/validation.js +140 -85
package/dist/config/zod-schema.agent-runtime.js +11 -0
package/dist/config/zod-schema.hooks.js +40 -11
package/dist/config/zod-schema.installs.js +20 -0
package/dist/config/zod-schema.js +156 -20
package/dist/config/zod-schema.providers-core.js +78 -4
package/dist/config/zod-schema.providers.js +6 -1
package/dist/config/zod-schema.session.js +41 -2
package/dist/cron/run-log.js +3 -0
package/dist/cron/schedule.js +21 -10
package/dist/cron/service/ops.js +35 -21
package/dist/cron/service/timer.js +116 -16
package/dist/cron/stagger.js +3 -1
package/dist/daemon/cmd-argv.js +21 -0
package/dist/daemon/cmd-set.js +58 -0
package/dist/daemon/service-types.js +1 -0
package/dist/discord/api.js +12 -6
package/dist/discord/draft-chunking.js +22 -0
package/dist/discord/draft-stream.js +124 -0
package/dist/discord/monitor/agent-components.js +1 -1
package/dist/discord/monitor/commands.js +5 -0
package/dist/discord/monitor/exec-approvals.js +357 -162
package/dist/discord/monitor/gateway-plugin.js +2 -1
package/dist/discord/monitor/listeners.js +37 -27
package/dist/discord/monitor/message-handler.js +4 -1
package/dist/discord/monitor/message-handler.preflight.js +65 -8
package/dist/discord/monitor/message-handler.process.js +246 -217
package/dist/discord/monitor/message-utils.js +143 -6
package/dist/discord/monitor/model-picker-preferences.js +143 -0
package/dist/discord/monitor/model-picker.js +651 -0
package/dist/discord/monitor/native-command.js +573 -16
package/dist/discord/monitor/provider.allowlist.js +223 -0
package/dist/discord/monitor/provider.js +275 -347
package/dist/discord/monitor/provider.lifecycle.js +100 -0
package/dist/discord/monitor/reply-delivery.js +123 -16
package/dist/discord/monitor/thread-bindings.discord-api.js +215 -0
package/dist/discord/monitor/thread-bindings.js +4 -0
package/dist/discord/monitor/thread-bindings.lifecycle.js +177 -0
package/dist/discord/monitor/thread-bindings.manager.js +423 -0
package/dist/discord/monitor/thread-bindings.messages.js +55 -0
package/dist/discord/monitor/thread-bindings.state.js +358 -0
package/dist/discord/monitor/thread-bindings.types.js +6 -0
package/dist/discord/resolve-users.js +33 -21
package/dist/discord/send.channels.js +15 -0
package/dist/discord/send.js +3 -2
package/dist/discord/send.outbound.js +82 -26
package/dist/discord/send.permissions.js +83 -30
package/dist/discord/send.reactions.js +8 -4
package/dist/discord/token.js +10 -5
package/dist/discord/voice/command.js +263 -0
package/dist/discord/voice/manager.js +531 -0
package/dist/gateway/auth.js +72 -13
package/dist/gateway/call.js +152 -83
package/dist/gateway/canvas-capability.js +75 -0
package/dist/gateway/client.js +28 -4
package/dist/gateway/config-reload.js +3 -4
package/dist/gateway/control-plane-audit.js +28 -0
package/dist/gateway/control-plane-rate-limit.js +53 -0
package/dist/gateway/control-ui.js +219 -96
package/dist/gateway/events.js +1 -0
package/dist/gateway/hooks-mapping.js +88 -38
package/dist/gateway/hooks.js +109 -54
package/dist/gateway/http-auth-helpers.js +3 -2
package/dist/gateway/http-common.js +22 -0
package/dist/gateway/http-endpoint-helpers.js +1 -0
package/dist/gateway/method-scopes.js +169 -0
package/dist/gateway/net.js +74 -9
package/dist/gateway/node-invoke-system-run-approval.js +14 -35
package/dist/gateway/node-registry.js +10 -5
package/dist/gateway/openai-http.js +1 -0
package/dist/gateway/openresponses-http.js +121 -110
package/dist/gateway/origin-check.js +1 -18
package/dist/gateway/probe-auth.js +2 -0
package/dist/gateway/protocol/index.js +4 -2
package/dist/gateway/protocol/schema/cron.js +1 -0
package/dist/gateway/protocol/schema/devices.js +1 -0
package/dist/gateway/protocol/schema/protocol-schemas.js +4 -1
package/dist/gateway/protocol/schema/push.js +18 -0
package/dist/gateway/protocol/schema/sessions.js +6 -0
package/dist/gateway/protocol/schema.js +1 -0
package/dist/gateway/role-policy.js +17 -0
package/dist/gateway/server/ws-connection/connect-policy.js +37 -0
package/dist/gateway/server/ws-connection/message-handler.js +175 -148
package/dist/gateway/server-chat.js +83 -25
package/dist/gateway/server-constants.js +10 -9
package/dist/gateway/server-cron.js +1 -0
package/dist/gateway/server-http.js +247 -54
package/dist/gateway/server-maintenance.js +20 -5
package/dist/gateway/server-methods/agent.js +162 -24
package/dist/gateway/server-methods/chat.js +465 -130
package/dist/gateway/server-methods/config.js +193 -152
package/dist/gateway/server-methods/devices.js +17 -3
package/dist/gateway/server-methods/models.js +11 -1
package/dist/gateway/server-methods/nodes.helpers.js +12 -0
package/dist/gateway/server-methods/nodes.js +251 -69
package/dist/gateway/server-methods/push.js +53 -0
package/dist/gateway/server-methods/sessions.js +64 -8
package/dist/gateway/server-methods/usage.js +162 -75
package/dist/gateway/server-node-events.js +29 -0
package/dist/gateway/server-reload-handlers.js +2 -3
package/dist/gateway/server-runtime-config.js +39 -13
package/dist/gateway/server-runtime-state.js +2 -0
package/dist/gateway/server-startup-memory.js +17 -11
package/dist/gateway/server-ws-runtime.js +1 -0
package/dist/gateway/server.impl.js +296 -139
package/dist/gateway/session-preview.test-helpers.js +11 -0
package/dist/gateway/session-utils.fs.js +32 -34
package/dist/gateway/sessions-resolve.js +17 -5
package/dist/gateway/startup-auth.js +126 -0
package/dist/gateway/test-helpers.agent-results.js +15 -0
package/dist/gateway/test-helpers.mocks.js +37 -14
package/dist/gateway/test-helpers.openai-mock.js +14 -7
package/dist/gateway/test-helpers.server.js +161 -77
package/dist/gateway/tools-invoke-http.js +21 -10
package/dist/hooks/bundled/bootstrap-extra-files/handler.js +3 -1
package/dist/hooks/bundled/command-logger/handler.js +7 -2
package/dist/hooks/bundled/session-memory/handler.js +170 -38
package/dist/hooks/frontmatter.js +6 -6
package/dist/hooks/gmail-watcher-lifecycle.js +23 -0
package/dist/hooks/gmail-watcher.js +11 -6
package/dist/hooks/internal-hooks.js +11 -1
package/dist/hooks/llm-slug-generator.js +4 -1
package/dist/hooks/workspace.js +47 -17
package/dist/imessage/accounts.js +9 -20
package/dist/imessage/monitor/inbound-processing.js +2 -1
package/dist/infra/archive-path.js +49 -0
package/dist/infra/archive.js +174 -73
package/dist/infra/control-ui-assets.js +14 -6
package/dist/infra/device-pairing.js +204 -144
package/dist/infra/env.js +10 -5
package/dist/infra/exec-approvals-allowlist.js +141 -70
package/dist/infra/exec-approvals-analysis.js +78 -20
package/dist/infra/exec-approvals.js +5 -17
package/dist/infra/exec-safe-bin-policy.js +277 -0
package/dist/infra/fixed-window-rate-limit.js +33 -0
package/dist/infra/fs-safe.js +71 -39
package/dist/infra/gateway-lock.js +6 -2
package/dist/infra/git-root.js +61 -0
package/dist/infra/heartbeat-active-hours.js +2 -2
package/dist/infra/heartbeat-reason.js +40 -0
package/dist/infra/heartbeat-runner.js +72 -32
package/dist/infra/heartbeat-wake.js +6 -12
package/dist/infra/host-env-security-policy.json +19 -0
package/dist/infra/host-env-security.js +66 -0
package/dist/infra/install-source-utils.js +91 -7
package/dist/infra/net/ssrf.js +131 -38
package/dist/infra/node-pairing.js +50 -105
package/dist/infra/npm-integrity.js +45 -0
package/dist/infra/npm-pack-install.js +40 -0
package/dist/infra/outbound/bound-delivery-router.js +88 -0
package/dist/infra/outbound/channel-adapters.js +20 -7
package/dist/infra/outbound/channel-selection.js +12 -6
package/dist/infra/outbound/envelope.js +1 -1
package/dist/infra/outbound/format.js +12 -6
package/dist/infra/outbound/message-action-runner.js +107 -327
package/dist/infra/outbound/message.js +59 -36
package/dist/infra/outbound/outbound-policy.js +52 -25
package/dist/infra/outbound/outbound-send-service.js +58 -71
package/dist/infra/outbound/payloads.js +14 -7
package/dist/infra/outbound/session-binding-service.js +123 -0
package/dist/infra/pairing-files.js +10 -0
package/dist/infra/path-guards.js +25 -0
package/dist/infra/plain-object.js +9 -0
package/dist/infra/provider-usage.fetch.codex.js +7 -15
package/dist/infra/provider-usage.fetch.gemini.js +14 -11
package/dist/infra/provider-usage.fetch.shared.js +30 -1
package/dist/infra/provider-usage.fetch.zai.js +10 -9
package/dist/infra/push-apns.js +365 -0
package/dist/infra/restart-sentinel.js +16 -1
package/dist/infra/restart.js +229 -26
package/dist/infra/retry-policy.js +4 -2
package/dist/infra/retry.js +9 -5
package/dist/infra/scp-host.js +54 -0
package/dist/infra/session-cost-usage.js +107 -59
package/dist/infra/session-maintenance-warning.js +3 -1
package/dist/infra/shell-env.js +98 -34
package/dist/infra/ssh-config.js +12 -6
package/dist/infra/system-run-command.js +49 -4
package/dist/infra/update-channels.js +10 -5
package/dist/infra/update-startup.js +86 -9
package/dist/line/accounts.js +5 -7
package/dist/line/bot-access.js +8 -20
package/dist/line/bot-handlers.js +3 -1
package/dist/link-understanding/detect.js +15 -7
package/dist/media/constants.js +15 -6
package/dist/media/image-ops.js +7 -0
package/dist/media/inbound-path-policy.js +114 -0
package/dist/media/input-files.js +16 -0
package/dist/media/local-roots.js +3 -2
package/dist/media-understanding/apply.js +4 -1
package/dist/media-understanding/concurrency.js +8 -20
package/dist/memory/backend-config.js +45 -6
package/dist/memory/embeddings.js +10 -4
package/dist/memory/fs-utils.js +23 -0
package/dist/memory/manager-search.js +12 -6
package/dist/memory/manager-sync-ops.js +12 -2
package/dist/memory/qmd-manager.js +466 -53
package/dist/memory/query-expansion.js +167 -3
package/dist/memory/status-format.js +10 -5
package/dist/memory/sync-memory-files.js +1 -1
package/dist/memory/test-manager.js +8 -0
package/dist/node-host/invoke-system-run.js +281 -0
package/dist/node-host/invoke.js +55 -337
package/dist/pairing/pairing-store.js +22 -0
package/dist/plugin-sdk/allow-from.js +1 -1
package/dist/plugin-sdk/command-auth.js +3 -1
package/dist/plugin-sdk/index.js +6 -3
package/dist/plugin-sdk/temp-path.js +47 -0
package/dist/plugin-sdk/webhook-targets.js +32 -0
package/dist/plugins/bundled-dir.js +9 -6
package/dist/plugins/discovery.js +217 -23
package/dist/plugins/hook-runner-global.js +16 -0
package/dist/plugins/hooks.js +50 -0
package/dist/plugins/install.js +28 -16
package/dist/plugins/loader.js +192 -26
package/dist/plugins/logger.js +8 -0
package/dist/plugins/manifest-registry.js +3 -0
package/dist/plugins/path-safety.js +34 -0
package/dist/plugins/registry.js +5 -2
package/dist/plugins/runtime/index.js +271 -206
package/dist/plugins/runtime.js +3 -17
package/dist/plugins/update.js +78 -12
package/dist/process/spawn-utils.js +14 -7
package/dist/providers/github-copilot-models.js +4 -1
package/dist/providers/github-copilot-token.js +11 -6
package/dist/providers/qwen-portal-oauth.js +14 -6
package/dist/routing/account-id.js +30 -0
package/dist/routing/resolve-route.js +3 -7
package/dist/routing/session-key.js +2 -16
package/dist/security/audit-channel.js +100 -20
package/dist/security/audit-extra.async.js +505 -179
package/dist/security/audit-extra.js +12 -2
package/dist/security/audit-extra.sync.js +421 -35
package/dist/security/audit-fs.js +31 -13
package/dist/security/audit.js +180 -370
package/dist/security/dm-policy-shared.js +68 -0
package/dist/security/external-content.js +46 -14
package/dist/security/fix.js +49 -85
package/dist/security/scan-paths.js +20 -0
package/dist/security/secret-equal.js +3 -7
package/dist/security/windows-acl.js +30 -15
package/dist/shared/entry-status.js +6 -0
package/dist/shared/frontmatter.js +5 -5
package/dist/shared/node-list-parse.js +13 -0
package/dist/shared/node-match.js +11 -4
package/dist/shared/operator-scope-compat.js +42 -0
package/dist/shared/text-chunking.js +29 -0
package/dist/signal/accounts.js +7 -20
package/dist/signal/monitor/event-handler.js +3 -1
package/dist/slack/accounts.js +6 -19
package/dist/slack/actions.js +11 -3
package/dist/slack/blocks.test-helpers.js +31 -0
package/dist/slack/monitor/auth.js +1 -1
package/dist/slack/monitor/message-handler/dispatch.js +50 -29
package/dist/slack/monitor/mrkdwn.js +8 -0
package/dist/slack/monitor/replies.js +15 -7
package/dist/slack/monitor/slash.js +22 -13
package/dist/slack/resolve-channels.js +10 -5
package/dist/slack/send.js +102 -12
package/dist/slack/stream-mode.js +10 -0
package/dist/slack/streaming.js +4 -2
package/dist/telegram/accounts.js +19 -14
package/dist/telegram/bot/helpers.js +3 -5
package/dist/telegram/bot-access.js +35 -36
package/dist/telegram/bot-handlers.js +120 -148
package/dist/telegram/bot-message-context.js +68 -9
package/dist/telegram/bot-message-dispatch.js +477 -210
package/dist/telegram/bot-native-commands.js +16 -0
package/dist/telegram/draft-stream.js +44 -8
package/dist/telegram/inline-buttons.js +5 -15
package/dist/telegram/monitor.js +11 -7
package/dist/telegram/network-config.js +19 -7
package/dist/telegram/reasoning-lane-coordinator.js +128 -0
package/dist/telegram/send.js +3 -2
package/dist/telegram/sent-message-cache.js +5 -6
package/dist/telegram/status-reaction-variants.js +208 -0
package/dist/telegram/sticker-cache.js +11 -9
package/dist/terminal/prompt-select-styled.js +9 -0
package/dist/terminal/theme.js +12 -12
package/dist/test-utils/command-runner.js +6 -0
package/dist/test-utils/internal-hook-event-payload.js +10 -0
package/dist/test-utils/model-auth-mock.js +12 -0
package/dist/test-utils/provider-usage-fetch.js +14 -0
package/dist/test-utils/temp-home.js +33 -0
package/dist/tts/tts.js +80 -567
package/dist/tui/components/chat-log.js +50 -8
package/dist/tui/theme/theme.js +10 -12
package/dist/tui/tui-command-handlers.js +36 -27
package/dist/tui/tui-event-handlers.js +122 -32
package/dist/tui/tui-local-shell.js +16 -6
package/dist/tui/tui.js +236 -48
package/dist/utils/account-id.js +2 -4
package/dist/utils/boolean.js +10 -5
package/dist/utils/directive-tags.js +11 -0
package/dist/utils/mask-api-key.js +10 -0
package/dist/utils/queue-helpers.js +67 -12
package/dist/utils/run-with-concurrency.js +39 -0
package/dist/web/auto-reply/deliver-reply.js +8 -4
package/dist/web/auto-reply/mentions.js +10 -5
package/dist/web/auto-reply/monitor/group-members.js +14 -7
package/dist/web/auto-reply/monitor/process-message.js +45 -24
package/dist/web/inbound/access-control.js +5 -2
package/dist/web/login-qr.js +12 -6
package/dist/web/media.js +126 -15
package/docs/tools/slash-commands.md +5 -1
package/extensions/bluebubbles/src/monitor-processing.ts +580 -139
package/extensions/bluebubbles/src/monitor.ts +208 -1950
package/extensions/feishu/src/external-keys.ts +19 -0
package/extensions/lobster/src/windows-spawn.ts +193 -0
package/extensions/matrix/src/matrix/actions/limits.ts +6 -0
package/extensions/mattermost/src/mattermost/reactions.test-helpers.ts +83 -0
package/package.json +1 -1

package/dist/gateway/server-http.js CHANGED Viewed

@@ -1,19 +1,24 @@
 import { createServer as createHttpServer, } from "node:http";
 import { createServer as createHttpsServer } from "node:https";
+import { resolveAgentAvatar } from "../agents/identity-avatar.js";
 import { A2UI_PATH, CANVAS_HOST_PATH, CANVAS_WS_PATH, handleA2uiHttpRequest, } from "../canvas-host/a2ui.js";
 import { loadConfig } from "../config/config.js";
-import { resolveAgentAvatar } from "../agents/identity-avatar.js";
+import { safeEqualSecret } from "../security/secret-equal.js";
 import { handleSlackHttpRequest } from "../slack/http/index.js";
-import { authorizeGatewayConnect, isLocalDirectRequest } from "./auth.js";
+import { authorizeHttpGatewayConnect, isLocalDirectRequest, } from "./auth.js";
+import { CANVAS_CAPABILITY_TTL_MS, normalizeCanvasScopedUrl } from "./canvas-capability.js";
 import { handleControlUiAvatarRequest, handleControlUiHttpRequest, } from "./control-ui.js";
-import { extractHookToken, getHookAgentPolicyError, getHookChannelError, isHookAgentAllowed, normalizeAgentPayload, normalizeHookHeaders, normalizeWakePayload, readJsonBody, resolveHookTargetAgentId, resolveHookChannel, resolveHookDeliver, } from "./hooks.js";
 import { applyHookMappings } from "./hooks-mapping.js";
-import { sendUnauthorized } from "./http-common.js";
-import { getBearerToken, getHeader } from "./http-utils.js";
-import { resolveGatewayClientIp } from "./net.js";
+import { extractHookToken, getHookAgentPolicyError, getHookChannelError, isHookAgentAllowed, normalizeAgentPayload, normalizeHookHeaders, normalizeWakePayload, readJsonBody, resolveHookSessionKey, resolveHookTargetAgentId, resolveHookChannel, resolveHookDeliver, } from "./hooks.js";
+import { sendGatewayAuthFailure, setDefaultSecurityHeaders } from "./http-common.js";
+import { getBearerToken } from "./http-utils.js";
 import { handleOpenAiHttpRequest } from "./openai-http.js";
 import { handleOpenResponsesHttpRequest } from "./openresponses-http.js";
+import { GATEWAY_CLIENT_MODES, normalizeGatewayClientMode } from "./protocol/client-info.js";
 import { handleToolsInvokeHttpRequest } from "./tools-invoke-http.js";
+const HOOK_AUTH_FAILURE_LIMIT = 20;
+const HOOK_AUTH_FAILURE_WINDOW_MS = 60_000;
+const HOOK_AUTH_FAILURE_TRACK_MAX = 2048;
 function sendJson(res, status, body) {
     res.statusCode = status;
     res.setHeader("Content-Type", "application/json; charset=utf-8");
@@ -26,67 +31,167 @@ function isCanvasPath(pathname) {
         pathname.startsWith(`${CANVAS_HOST_PATH}/`) ||
         pathname === CANVAS_WS_PATH);
 }
-function hasAuthorizedWsClientForIp(clients, clientIp) {
+function isNodeWsClient(client) {
+    if (client.connect.role === "node") {
+        return true;
+    }
+    return normalizeGatewayClientMode(client.connect.client.mode) === GATEWAY_CLIENT_MODES.NODE;
+}
+function hasAuthorizedNodeWsClientForCanvasCapability(clients, capability) {
+    const nowMs = Date.now();
     for (const client of clients) {
-        if (client.clientIp && client.clientIp === clientIp) {
+        if (!isNodeWsClient(client)) {
+            continue;
+        }
+        if (!client.canvasCapability || !client.canvasCapabilityExpiresAtMs) {
+            continue;
+        }
+        if (client.canvasCapabilityExpiresAtMs <= nowMs) {
+            continue;
+        }
+        if (safeEqualSecret(client.canvasCapability, capability)) {
+            // Sliding expiration while the connected node keeps using canvas.
+            client.canvasCapabilityExpiresAtMs = nowMs + CANVAS_CAPABILITY_TTL_MS;
             return true;
         }
     }
     return false;
 }
 async function authorizeCanvasRequest(params) {
-    const { req, auth, trustedProxies, clients } = params;
-    if (isLocalDirectRequest(req, trustedProxies)) {
-        return true;
+    const { req, auth, trustedProxies, allowRealIpFallback, clients, canvasCapability, malformedScopedPath, rateLimiter, } = params;
+    if (malformedScopedPath) {
+        return { ok: false, reason: "unauthorized" };
     }
+    if (isLocalDirectRequest(req, trustedProxies, allowRealIpFallback)) {
+        return { ok: true };
+    }
+    let lastAuthFailure = null;
     const token = getBearerToken(req);
     if (token) {
-        const authResult = await authorizeGatewayConnect({
+        const authResult = await authorizeHttpGatewayConnect({
             auth: { ...auth, allowTailscale: false },
             connectAuth: { token, password: token },
             req,
             trustedProxies,
+            allowRealIpFallback,
+            rateLimiter,
         });
         if (authResult.ok) {
-            return true;
+            return authResult;
         }
+        lastAuthFailure = authResult;
     }
-    const clientIp = resolveGatewayClientIp({
-        remoteAddr: req.socket?.remoteAddress ?? "",
-        forwardedFor: getHeader(req, "x-forwarded-for"),
-        realIp: getHeader(req, "x-real-ip"),
-        trustedProxies,
-    });
-    if (!clientIp) {
-        return false;
+    if (canvasCapability && hasAuthorizedNodeWsClientForCanvasCapability(clients, canvasCapability)) {
+        return { ok: true };
+    }
+    return lastAuthFailure ?? { ok: false, reason: "unauthorized" };
+}
+function writeUpgradeAuthFailure(socket, auth) {
+    if (auth.rateLimited) {
+        const retryAfterSeconds = auth.retryAfterMs && auth.retryAfterMs > 0 ? Math.ceil(auth.retryAfterMs / 1000) : undefined;
+        socket.write([
+            "HTTP/1.1 429 Too Many Requests",
+            retryAfterSeconds ? `Retry-After: ${retryAfterSeconds}` : undefined,
+            "Content-Type: application/json; charset=utf-8",
+            "Connection: close",
+            "",
+            JSON.stringify({
+                error: {
+                    message: "Too many failed authentication attempts. Please try again later.",
+                    type: "rate_limited",
+                },
+            }),
+        ]
+            .filter(Boolean)
+            .join("\r\n"));
+        return;
     }
-    return hasAuthorizedWsClientForIp(clients, clientIp);
+    socket.write("HTTP/1.1 401 Unauthorized\r\nConnection: close\r\n\r\n");
 }
 export function createHooksRequestHandler(opts) {
     const { getHooksConfig, bindHost, port, logHooks, dispatchAgentHook, dispatchWakeHook } = opts;
+    const hookAuthFailures = new Map();
+    const resolveHookClientKey = (req) => {
+        return req.socket?.remoteAddress?.trim() || "unknown";
+    };
+    const recordHookAuthFailure = (clientKey, nowMs) => {
+        if (!hookAuthFailures.has(clientKey) && hookAuthFailures.size >= HOOK_AUTH_FAILURE_TRACK_MAX) {
+            // Prune expired entries instead of clearing all state.
+            for (const [key, entry] of hookAuthFailures) {
+                if (nowMs - entry.windowStartedAtMs >= HOOK_AUTH_FAILURE_WINDOW_MS) {
+                    hookAuthFailures.delete(key);
+                }
+            }
+            // If still at capacity after pruning, drop the oldest half.
+            if (hookAuthFailures.size >= HOOK_AUTH_FAILURE_TRACK_MAX) {
+                let toRemove = Math.floor(hookAuthFailures.size / 2);
+                for (const key of hookAuthFailures.keys()) {
+                    if (toRemove <= 0) {
+                        break;
+                    }
+                    hookAuthFailures.delete(key);
+                    toRemove--;
+                }
+            }
+        }
+        const current = hookAuthFailures.get(clientKey);
+        const expired = !current || nowMs - current.windowStartedAtMs >= HOOK_AUTH_FAILURE_WINDOW_MS;
+        const next = expired
+            ? { count: 1, windowStartedAtMs: nowMs }
+            : { count: current.count + 1, windowStartedAtMs: current.windowStartedAtMs };
+        // Delete-before-set refreshes Map insertion order so recently-active
+        // clients are not evicted before dormant ones during oldest-half eviction.
+        if (hookAuthFailures.has(clientKey)) {
+            hookAuthFailures.delete(clientKey);
+        }
+        hookAuthFailures.set(clientKey, next);
+        if (next.count <= HOOK_AUTH_FAILURE_LIMIT) {
+            return { throttled: false };
+        }
+        const retryAfterMs = Math.max(1, next.windowStartedAtMs + HOOK_AUTH_FAILURE_WINDOW_MS - nowMs);
+        return {
+            throttled: true,
+            retryAfterSeconds: Math.ceil(retryAfterMs / 1000),
+        };
+    };
+    const clearHookAuthFailure = (clientKey) => {
+        hookAuthFailures.delete(clientKey);
+    };
     return async (req, res) => {
         const hooksConfig = getHooksConfig();
-        if (!hooksConfig)
+        if (!hooksConfig) {
             return false;
+        }
         const url = new URL(req.url ?? "/", `http://${bindHost}:${port}`);
         const basePath = hooksConfig.basePath;
         if (url.pathname !== basePath && !url.pathname.startsWith(`${basePath}/`)) {
             return false;
         }
-        // pool-bot keeps the deprecation-warning approach for query-param tokens
-        // (upstream hard-rejects; we warn and allow for now)
-        const { token, fromQuery } = extractHookToken(req, url);
-        if (!token || token !== hooksConfig.token) {
+        if (url.searchParams.has("token")) {
+            res.statusCode = 400;
+            res.setHeader("Content-Type", "text/plain; charset=utf-8");
+            res.end("Hook token must be provided via Authorization: Bearer <token> or X-Pool Bot-Token header (query parameters are not allowed).");
+            return true;
+        }
+        const { token } = extractHookToken(req);
+        const clientKey = resolveHookClientKey(req);
+        if (!safeEqualSecret(token, hooksConfig.token)) {
+            const throttle = recordHookAuthFailure(clientKey, Date.now());
+            if (throttle.throttled) {
+                const retryAfter = throttle.retryAfterSeconds ?? 1;
+                res.statusCode = 429;
+                res.setHeader("Retry-After", String(retryAfter));
+                res.setHeader("Content-Type", "text/plain; charset=utf-8");
+                res.end("Too Many Requests");
+                logHooks.warn(`hook auth throttled for ${clientKey}; retry-after=${retryAfter}s`);
+                return true;
+            }
             res.statusCode = 401;
             res.setHeader("Content-Type", "text/plain; charset=utf-8");
             res.end("Unauthorized");
             return true;
         }
-        if (fromQuery) {
-            logHooks.warn("Hook token provided via query parameter is deprecated for security reasons. " +
-                "Tokens in URLs appear in logs, browser history, and referrer headers. " +
-                "Use Authorization: Bearer <token> or X-Poolbot-Token header instead.");
-        }
+        clearHookAuthFailure(clientKey);
         if (req.method !== "POST") {
             res.statusCode = 405;
             res.setHeader("Allow", "POST");
@@ -103,7 +208,11 @@ export function createHooksRequestHandler(opts) {
         }
         const body = await readJsonBody(req, hooksConfig.maxBodyBytes);
         if (!body.ok) {
-            const status = body.error === "payload too large" ? 413 : 400;
+            const status = body.error === "payload too large"
+                ? 413
+                : body.error === "request body timeout"
+                    ? 408
+                    : 400;
             sendJson(res, status, { ok: false, error: body.error });
             return true;
         }
@@ -129,8 +238,18 @@ export function createHooksRequestHandler(opts) {
                 sendJson(res, 400, { ok: false, error: getHookAgentPolicyError() });
                 return true;
             }
+            const sessionKey = resolveHookSessionKey({
+                hooksConfig,
+                source: "request",
+                sessionKey: normalized.value.sessionKey,
+            });
+            if (!sessionKey.ok) {
+                sendJson(res, 400, { ok: false, error: sessionKey.error });
+                return true;
+            }
             const runId = dispatchAgentHook({
                 ...normalized.value,
+                sessionKey: sessionKey.value,
                 agentId: resolveHookTargetAgentId(hooksConfig, normalized.value.agentId),
             });
             sendJson(res, 202, { ok: true, runId });
@@ -171,12 +290,21 @@ export function createHooksRequestHandler(opts) {
                         sendJson(res, 400, { ok: false, error: getHookAgentPolicyError() });
                         return true;
                     }
+                    const sessionKey = resolveHookSessionKey({
+                        hooksConfig,
+                        source: "mapping",
+                        sessionKey: mapped.action.sessionKey,
+                    });
+                    if (!sessionKey.ok) {
+                        sendJson(res, 400, { ok: false, error: sessionKey.error });
+                        return true;
+                    }
                     const runId = dispatchAgentHook({
                         message: mapped.action.message,
                         name: mapped.action.name ?? "Hook",
                         agentId: resolveHookTargetAgentId(hooksConfig, mapped.action.agentId),
                         wakeMode: mapped.action.wakeMode,
-                        sessionKey: mapped.action.sessionKey ?? "",
+                        sessionKey: sessionKey.value,
                         deliver: resolveHookDeliver(mapped.action.deliver),
                         channel,
                         to: mapped.action.to,
@@ -202,7 +330,7 @@ export function createHooksRequestHandler(opts) {
     };
 }
 export function createGatewayHttpServer(opts) {
-    const { canvasHost, clients, controlUiEnabled, controlUiBasePath, controlUiRoot, openAiChatCompletionsEnabled, openResponsesEnabled, openResponsesConfig, handleHooksRequest, handlePluginRequest, resolvedAuth, } = opts;
+    const { canvasHost, clients, controlUiEnabled, controlUiBasePath, controlUiRoot, openAiChatCompletionsEnabled, openResponsesEnabled, openResponsesConfig, handleHooksRequest, handlePluginRequest, resolvedAuth, rateLimiter, } = opts;
     const httpServer = opts.tlsOptions
         ? createHttpsServer(opts.tlsOptions, (req, res) => {
             void handleRequest(req, res);
@@ -211,69 +339,120 @@ export function createGatewayHttpServer(opts) {
             void handleRequest(req, res);
         });
     async function handleRequest(req, res) {
+        setDefaultSecurityHeaders(res);
         // Don't interfere with WebSocket upgrades; ws handles the 'upgrade' event.
-        if (String(req.headers.upgrade ?? "").toLowerCase() === "websocket")
+        if (String(req.headers.upgrade ?? "").toLowerCase() === "websocket") {
             return;
+        }
         try {
             const configSnapshot = loadConfig();
             const trustedProxies = configSnapshot.gateway?.trustedProxies ?? [];
-            if (await handleHooksRequest(req, res))
+            const allowRealIpFallback = configSnapshot.gateway?.allowRealIpFallback === true;
+            const scopedCanvas = normalizeCanvasScopedUrl(req.url ?? "/");
+            if (scopedCanvas.malformedScopedPath) {
+                sendGatewayAuthFailure(res, { ok: false, reason: "unauthorized" });
+                return;
+            }
+            if (scopedCanvas.rewrittenUrl) {
+                req.url = scopedCanvas.rewrittenUrl;
+            }
+            const requestPath = new URL(req.url ?? "/", "http://localhost").pathname;
+            if (await handleHooksRequest(req, res)) {
                 return;
+            }
             if (await handleToolsInvokeHttpRequest(req, res, {
                 auth: resolvedAuth,
                 trustedProxies,
-            }))
-                return;
-            if (await handleSlackHttpRequest(req, res))
+                allowRealIpFallback,
+                rateLimiter,
+            })) {
                 return;
-            if (handlePluginRequest && (await handlePluginRequest(req, res)))
+            }
+            if (await handleSlackHttpRequest(req, res)) {
                 return;
+            }
+            if (handlePluginRequest) {
+                // Channel HTTP endpoints are gateway-auth protected by default.
+                // Non-channel plugin routes remain plugin-owned and must enforce
+                // their own auth when exposing sensitive functionality.
+                if (requestPath.startsWith("/api/channels/")) {
+                    const token = getBearerToken(req);
+                    const authResult = await authorizeHttpGatewayConnect({
+                        auth: resolvedAuth,
+                        connectAuth: token ? { token, password: token } : null,
+                        req,
+                        trustedProxies,
+                        allowRealIpFallback,
+                        rateLimiter,
+                    });
+                    if (!authResult.ok) {
+                        sendGatewayAuthFailure(res, authResult);
+                        return;
+                    }
+                }
+                if (await handlePluginRequest(req, res)) {
+                    return;
+                }
+            }
             if (openResponsesEnabled) {
                 if (await handleOpenResponsesHttpRequest(req, res, {
                     auth: resolvedAuth,
                     config: openResponsesConfig,
                     trustedProxies,
-                }))
+                    allowRealIpFallback,
+                    rateLimiter,
+                })) {
                     return;
+                }
             }
             if (openAiChatCompletionsEnabled) {
                 if (await handleOpenAiHttpRequest(req, res, {
                     auth: resolvedAuth,
                     trustedProxies,
-                }))
+                    allowRealIpFallback,
+                    rateLimiter,
+                })) {
                     return;
+                }
             }
             if (canvasHost) {
-                const url = new URL(req.url ?? "/", "http://localhost");
-                if (isCanvasPath(url.pathname)) {
+                if (isCanvasPath(requestPath)) {
                     const ok = await authorizeCanvasRequest({
                         req,
                         auth: resolvedAuth,
                         trustedProxies,
+                        allowRealIpFallback,
                         clients,
+                        canvasCapability: scopedCanvas.capability,
+                        malformedScopedPath: scopedCanvas.malformedScopedPath,
+                        rateLimiter,
                     });
-                    if (!ok) {
-                        sendUnauthorized(res);
+                    if (!ok.ok) {
+                        sendGatewayAuthFailure(res, ok);
                         return;
                     }
                 }
-                if (await handleA2uiHttpRequest(req, res))
+                if (await handleA2uiHttpRequest(req, res)) {
                     return;
-                if (await canvasHost.handleHttpRequest(req, res))
+                }
+                if (await canvasHost.handleHttpRequest(req, res)) {
                     return;
+                }
             }
             if (controlUiEnabled) {
                 if (handleControlUiAvatarRequest(req, res, {
                     basePath: controlUiBasePath,
                     resolveAvatar: (agentId) => resolveAgentAvatar(configSnapshot, agentId),
-                }))
+                })) {
                     return;
+                }
                 if (handleControlUiHttpRequest(req, res, {
                     basePath: controlUiBasePath,
                     config: configSnapshot,
                     root: controlUiRoot,
-                }))
+                })) {
                     return;
+                }
             }
             res.statusCode = 404;
             res.setHeader("Content-Type", "text/plain; charset=utf-8");
@@ -288,22 +467,36 @@ export function createGatewayHttpServer(opts) {
     return httpServer;
 }
 export function attachGatewayUpgradeHandler(opts) {
-    const { httpServer, wss, canvasHost, clients, resolvedAuth } = opts;
+    const { httpServer, wss, canvasHost, clients, resolvedAuth, rateLimiter } = opts;
     httpServer.on("upgrade", (req, socket, head) => {
         void (async () => {
+            const scopedCanvas = normalizeCanvasScopedUrl(req.url ?? "/");
+            if (scopedCanvas.malformedScopedPath) {
+                writeUpgradeAuthFailure(socket, { ok: false, reason: "unauthorized" });
+                socket.destroy();
+                return;
+            }
+            if (scopedCanvas.rewrittenUrl) {
+                req.url = scopedCanvas.rewrittenUrl;
+            }
             if (canvasHost) {
                 const url = new URL(req.url ?? "/", "http://localhost");
                 if (url.pathname === CANVAS_WS_PATH) {
                     const configSnapshot = loadConfig();
                     const trustedProxies = configSnapshot.gateway?.trustedProxies ?? [];
+                    const allowRealIpFallback = configSnapshot.gateway?.allowRealIpFallback === true;
                     const ok = await authorizeCanvasRequest({
                         req,
                         auth: resolvedAuth,
                         trustedProxies,
+                        allowRealIpFallback,
                         clients,
+                        canvasCapability: scopedCanvas.capability,
+                        malformedScopedPath: scopedCanvas.malformedScopedPath,
+                        rateLimiter,
                     });
-                    if (!ok) {
-                        socket.write("HTTP/1.1 401 Unauthorized\r\nConnection: close\r\n\r\n");
+                    if (!ok.ok) {
+                        writeUpgradeAuthFailure(socket, ok);
                         socket.destroy();
                         return;
                     }

package/dist/gateway/server-maintenance.js CHANGED Viewed

@@ -1,7 +1,7 @@
 import { abortChatRunById } from "./chat-abort.js";
-import { setBroadcastHealthUpdate } from "./server/health-state.js";
 import { DEDUPE_MAX, DEDUPE_TTL_MS, HEALTH_REFRESH_INTERVAL_MS, TICK_INTERVAL_MS, } from "./server-constants.js";
 import { formatError } from "./server-utils.js";
+import { setBroadcastHealthUpdate } from "./server/health-state.js";
 export function startGatewayMaintenanceTimers(params) {
     setBroadcastHealthUpdate((snap) => {
         params.broadcast("health", snap, {
@@ -30,20 +30,34 @@ export function startGatewayMaintenanceTimers(params) {
         .catch((err) => params.logHealth.error(`initial refresh failed: ${formatError(err)}`));
     // dedupe cache cleanup
     const dedupeCleanup = setInterval(() => {
+        const AGENT_RUN_SEQ_MAX = 10_000;
         const now = Date.now();
         for (const [k, v] of params.dedupe) {
-            if (now - v.ts > DEDUPE_TTL_MS)
+            if (now - v.ts > DEDUPE_TTL_MS) {
                 params.dedupe.delete(k);
+            }
         }
         if (params.dedupe.size > DEDUPE_MAX) {
-            const entries = [...params.dedupe.entries()].sort((a, b) => a[1].ts - b[1].ts);
+            const entries = [...params.dedupe.entries()].toSorted((a, b) => a[1].ts - b[1].ts);
             for (let i = 0; i < params.dedupe.size - DEDUPE_MAX; i++) {
                 params.dedupe.delete(entries[i][0]);
             }
         }
+        if (params.agentRunSeq.size > AGENT_RUN_SEQ_MAX) {
+            const excess = params.agentRunSeq.size - AGENT_RUN_SEQ_MAX;
+            let removed = 0;
+            for (const runId of params.agentRunSeq.keys()) {
+                params.agentRunSeq.delete(runId);
+                removed += 1;
+                if (removed >= excess) {
+                    break;
+                }
+            }
+        }
         for (const [runId, entry] of params.chatAbortControllers) {
-            if (now <= entry.expiresAtMs)
+            if (now <= entry.expiresAtMs) {
                 continue;
+            }
             abortChatRunById({
                 chatAbortControllers: params.chatAbortControllers,
                 chatRunBuffers: params.chatRunBuffers,
@@ -57,8 +71,9 @@ export function startGatewayMaintenanceTimers(params) {
         }
         const ABORTED_RUN_TTL_MS = 60 * 60_000;
         for (const [runId, abortedAt] of params.chatRunState.abortedRuns) {
-            if (now - abortedAt <= ABORTED_RUN_TTL_MS)
+            if (now - abortedAt <= ABORTED_RUN_TTL_MS) {
                 continue;
+            }
             params.chatRunState.abortedRuns.delete(runId);
             params.chatRunBuffers.delete(runId);
             params.chatDeltaSentAt.delete(runId);