@poolzin/pool-bot 2026.2.24 → 2026.2.26

package/dist/gateway/session-utils.fs.js

@@ -4,6 +4,7 @@ import path from "node:path";
 import { resolveSessionFilePath, resolveSessionTranscriptPath, resolveSessionTranscriptPathInDir, } from "../config/sessions.js";
 import { resolveRequiredHomeDir } from "../infra/home-dir.js";
 import { hasInterSessionUserProvenance } from "../sessions/input-provenance.js";
+import { stripInlineDirectiveTagsForDisplay } from "../utils/directive-tags.js";
 import { extractToolCallNames, hasToolCall } from "../utils/transcript-tools.js";
 import { stripEnvelope } from "./chat-sanitize.js";
 const sessionTitleFieldsCache = new Map();
@@ -284,7 +285,8 @@ export function readSessionTitleFieldsFromTranscript(sessionId, storePath, sessi
 }
 function extractTextFromContent(content) {
     if (typeof content === "string") {
-        return content.trim() || null;
+        const normalized = stripInlineDirectiveTagsForDisplay(content).text.trim();
+        return normalized || null;
     }
     if (!Array.isArray(content)) {
         return null;
@@ -294,9 +296,9 @@ function extractTextFromContent(content) {
             continue;
         }
         if (part.type === "text" || part.type === "output_text" || part.type === "input_text") {
-            const trimmed = part.text.trim();
-            if (trimmed) {
-                return trimmed;
+            const normalized = stripInlineDirectiveTagsForDisplay(part.text).text.trim();
+            if (normalized) {
+                return normalized;
             }
         }
     }
@@ -336,20 +338,15 @@ function extractFirstUserMessageFromTranscriptChunk(chunk, opts) {
     }
     return null;
 }
-export function readFirstUserMessageFromTranscript(sessionId, storePath, sessionFile, agentId, opts) {
+function findExistingTranscriptPath(sessionId, storePath, sessionFile, agentId) {
     const candidates = resolveSessionTranscriptCandidates(sessionId, storePath, sessionFile, agentId);
-    const filePath = candidates.find((p) => fs.existsSync(p));
-    if (!filePath) {
-        return null;
-    }
+    return candidates.find((p) => fs.existsSync(p)) ?? null;
+}
+function withOpenTranscriptFd(filePath, read) {
     let fd = null;
     try {
         fd = fs.openSync(filePath, "r");
-        const chunk = readTranscriptHeadChunk(fd);
-        if (!chunk) {
-            return null;
-        }
-        return extractFirstUserMessageFromTranscriptChunk(chunk, opts);
+        return read(fd);
     }
     catch {
         // file read error
@@ -361,6 +358,19 @@ export function readFirstUserMessageFromTranscript(sessionId, storePath, session
     }
     return null;
 }
+export function readFirstUserMessageFromTranscript(sessionId, storePath, sessionFile, agentId, opts) {
+    const filePath = findExistingTranscriptPath(sessionId, storePath, sessionFile, agentId);
+    if (!filePath) {
+        return null;
+    }
+    return withOpenTranscriptFd(filePath, (fd) => {
+        const chunk = readTranscriptHeadChunk(fd);
+        if (!chunk) {
+            return null;
+        }
+        return extractFirstUserMessageFromTranscriptChunk(chunk, opts);
+    });
+}
 const LAST_MSG_MAX_BYTES = 16384;
 const LAST_MSG_MAX_LINES = 20;
 function readLastMessagePreviewFromOpenTranscript(params) {
@@ -391,30 +401,18 @@ function readLastMessagePreviewFromOpenTranscript(params) {
     return null;
 }
 export function readLastMessagePreviewFromTranscript(sessionId, storePath, sessionFile, agentId) {
-    const candidates = resolveSessionTranscriptCandidates(sessionId, storePath, sessionFile, agentId);
-    const filePath = candidates.find((p) => fs.existsSync(p));
+    const filePath = findExistingTranscriptPath(sessionId, storePath, sessionFile, agentId);
     if (!filePath) {
         return null;
     }
-    let fd = null;
-    try {
-        fd = fs.openSync(filePath, "r");
+    return withOpenTranscriptFd(filePath, (fd) => {
         const stat = fs.fstatSync(fd);
         const size = stat.size;
         if (size === 0) {
             return null;
         }
         return readLastMessagePreviewFromOpenTranscript({ fd, size });
-    }
-    catch {
-        // file error
-    }
-    finally {
-        if (fd !== null) {
-            fs.closeSync(fd);
-        }
-    }
-    return null;
+    });
 }
 const PREVIEW_READ_SIZES = [64 * 1024, 256 * 1024, 1024 * 1024];
 const PREVIEW_MAX_LINES = 200;
@@ -446,20 +444,20 @@ function truncatePreviewText(text, maxChars) {
 }
 function extractPreviewText(message) {
     if (typeof message.content === "string") {
-        const trimmed = message.content.trim();
-        return trimmed ? trimmed : null;
+        const normalized = stripInlineDirectiveTagsForDisplay(message.content).text.trim();
+        return normalized ? normalized : null;
     }
     if (Array.isArray(message.content)) {
         const parts = message.content
-            .map((entry) => (typeof entry?.text === "string" ? entry.text : ""))
+            .map((entry) => typeof entry?.text === "string" ? stripInlineDirectiveTagsForDisplay(entry.text).text : "")
             .filter((text) => text.trim().length > 0);
         if (parts.length > 0) {
             return parts.join("\n").trim();
         }
     }
     if (typeof message.text === "string") {
-        const trimmed = message.text.trim();
-        return trimmed ? trimmed : null;
+        const normalized = stripInlineDirectiveTagsForDisplay(message.text).text.trim();
+        return normalized ? normalized : null;
     }
     return null;
 }

package/dist/gateway/sessions-resolve.js

@@ -1,8 +1,8 @@
-import { loadSessionStore } from "../config/sessions.js";
+import { loadSessionStore, updateSessionStore } from "../config/sessions.js";
 import { parseSessionLabel } from "../sessions/session-label.js";
 import { ErrorCodes, errorShape, } from "./protocol/index.js";
-import { listSessionsFromStore, loadCombinedSessionStoreForGateway, resolveGatewaySessionStoreTarget, } from "./session-utils.js";
-export function resolveSessionKeyFromResolveParams(params) {
+import { listSessionsFromStore, loadCombinedSessionStoreForGateway, pruneLegacyStoreKeys, resolveGatewaySessionStoreTarget, } from "./session-utils.js";
+export async function resolveSessionKeyFromResolveParams(params) {
     const { cfg, p } = params;
     const key = typeof p.key === "string" ? p.key.trim() : "";
     const hasKey = key.length > 0;
@@ -25,13 +25,25 @@ export function resolveSessionKeyFromResolveParams(params) {
     if (hasKey) {
         const target = resolveGatewaySessionStoreTarget({ cfg, key });
         const store = loadSessionStore(target.storePath);
-        const existingKey = target.storeKeys.find((candidate) => store[candidate]);
-        if (!existingKey) {
+        if (store[target.canonicalKey]) {
+            return { ok: true, key: target.canonicalKey };
+        }
+        const legacyKey = target.storeKeys.find((candidate) => store[candidate]);
+        if (!legacyKey) {
             return {
                 ok: false,
                 error: errorShape(ErrorCodes.INVALID_REQUEST, `No session found: ${key}`),
             };
         }
+        await updateSessionStore(target.storePath, (s) => {
+            const liveTarget = resolveGatewaySessionStoreTarget({ cfg, key, store: s });
+            const canonicalKey = liveTarget.canonicalKey;
+            // Migrate the first legacy entry to the canonical key.
+            if (!s[canonicalKey] && s[legacyKey]) {
+                s[canonicalKey] = s[legacyKey];
+            }
+            pruneLegacyStoreKeys({ store: s, canonicalKey, candidates: liveTarget.storeKeys });
+        });
         return { ok: true, key: target.canonicalKey };
     }
     if (hasSessionId) {

package/dist/gateway/startup-auth.js

@@ -0,0 +1,126 @@
+import crypto from "node:crypto";
+import { writeConfigFile } from "../config/config.js";
+import { resolveGatewayAuth } from "./auth.js";
+export function mergeGatewayAuthConfig(base, override) {
+    const merged = { ...base };
+    if (!override) {
+        return merged;
+    }
+    if (override.mode !== undefined) {
+        merged.mode = override.mode;
+    }
+    if (override.token !== undefined) {
+        merged.token = override.token;
+    }
+    if (override.password !== undefined) {
+        merged.password = override.password;
+    }
+    if (override.allowTailscale !== undefined) {
+        merged.allowTailscale = override.allowTailscale;
+    }
+    if (override.rateLimit !== undefined) {
+        merged.rateLimit = override.rateLimit;
+    }
+    if (override.trustedProxy !== undefined) {
+        merged.trustedProxy = override.trustedProxy;
+    }
+    return merged;
+}
+export function mergeGatewayTailscaleConfig(base, override) {
+    const merged = { ...base };
+    if (!override) {
+        return merged;
+    }
+    if (override.mode !== undefined) {
+        merged.mode = override.mode;
+    }
+    if (override.resetOnExit !== undefined) {
+        merged.resetOnExit = override.resetOnExit;
+    }
+    return merged;
+}
+function resolveGatewayAuthFromConfig(params) {
+    const tailscaleConfig = mergeGatewayTailscaleConfig(params.cfg.gateway?.tailscale, params.tailscaleOverride);
+    return resolveGatewayAuth({
+        authConfig: params.cfg.gateway?.auth,
+        authOverride: params.authOverride,
+        env: params.env,
+        tailscaleMode: tailscaleConfig.mode ?? "off",
+    });
+}
+function shouldPersistGeneratedToken(params) {
+    if (!params.persistRequested) {
+        return false;
+    }
+    // Keep CLI/runtime mode overrides ephemeral: startup should not silently
+    // mutate durable auth policy when mode was chosen by an override flag.
+    if (params.resolvedAuth.modeSource === "override") {
+        return false;
+    }
+    return true;
+}
+export async function ensureGatewayStartupAuth(params) {
+    const env = params.env ?? process.env;
+    const persistRequested = params.persist === true;
+    const resolved = resolveGatewayAuthFromConfig({
+        cfg: params.cfg,
+        env,
+        authOverride: params.authOverride,
+        tailscaleOverride: params.tailscaleOverride,
+    });
+    if (resolved.mode !== "token" || (resolved.token?.trim().length ?? 0) > 0) {
+        assertHooksTokenSeparateFromGatewayAuth({ cfg: params.cfg, auth: resolved });
+        return { cfg: params.cfg, auth: resolved, persistedGeneratedToken: false };
+    }
+    const generatedToken = crypto.randomBytes(24).toString("hex");
+    const nextCfg = {
+        ...params.cfg,
+        gateway: {
+            ...params.cfg.gateway,
+            auth: {
+                ...params.cfg.gateway?.auth,
+                mode: "token",
+                token: generatedToken,
+            },
+        },
+    };
+    const persist = shouldPersistGeneratedToken({
+        persistRequested,
+        resolvedAuth: resolved,
+    });
+    if (persist) {
+        await writeConfigFile(nextCfg);
+    }
+    const nextAuth = resolveGatewayAuthFromConfig({
+        cfg: nextCfg,
+        env,
+        authOverride: params.authOverride,
+        tailscaleOverride: params.tailscaleOverride,
+    });
+    assertHooksTokenSeparateFromGatewayAuth({ cfg: nextCfg, auth: nextAuth });
+    return {
+        cfg: nextCfg,
+        auth: nextAuth,
+        generatedToken,
+        persistedGeneratedToken: persist,
+    };
+}
+export function assertHooksTokenSeparateFromGatewayAuth(params) {
+    if (params.cfg.hooks?.enabled !== true) {
+        return;
+    }
+    const hooksToken = typeof params.cfg.hooks.token === "string" ? params.cfg.hooks.token.trim() : "";
+    if (!hooksToken) {
+        return;
+    }
+    const gatewayToken = params.auth.mode === "token" && typeof params.auth.token === "string"
+        ? params.auth.token.trim()
+        : "";
+    if (!gatewayToken) {
+        return;
+    }
+    if (hooksToken !== gatewayToken) {
+        return;
+    }
+    throw new Error("Invalid config: hooks.token must not match gateway auth token. Set a distinct hooks.token for hook ingress.");
+}

package/dist/gateway/test-helpers.agent-results.js

@@ -0,0 +1,15 @@
+export function extractPayloadText(result) {
+    const record = result;
+    const payloads = Array.isArray(record.payloads) ? record.payloads : [];
+    const texts = payloads
+        .map((p) => (p && typeof p === "object" ? p.text : undefined))
+        .filter((t) => typeof t === "string" && t.trim().length > 0);
+    return texts.join("\n").trim();
+}
+export function buildAssistantDeltaResult(params) {
+    const runId = params.opts?.runId ?? "";
+    for (const delta of params.deltas) {
+        params.emit({ runId, stream: "assistant", data: { delta } });
+    }
+    return { payloads: [{ text: params.text }] };
+}

package/dist/gateway/test-helpers.mocks.js

@@ -1,6 +1,6 @@
 import crypto from "node:crypto";
-import fs from "node:fs/promises";
 import fsSync from "node:fs";
+import fs from "node:fs/promises";
 import os from "node:os";
 import path from "node:path";
 import { vi } from "vitest";
@@ -147,6 +147,7 @@ const hoisted = vi.hoisted(() => ({
         waitCalls: [],
         waitResults: new Map(),
     },
+    testTailscaleWhois: { value: null },
     getReplyFromConfig: vi.fn().mockResolvedValue(undefined),
     sendWhatsAppMock: vi.fn().mockResolvedValue({ messageId: "msg-1", toJid: "jid-1" }),
 }));
@@ -168,9 +169,9 @@ const testConfigRoot = {
 export const setTestConfigRoot = (root) => {
     testConfigRoot.value = root;
     process.env.POOLBOT_CONFIG_PATH = path.join(root, "poolbot.json");
-    process.env.CLAWDBOT_CONFIG_PATH = path.join(root, "poolbot.json");
 };
 export const testTailnetIPv4 = hoisted.testTailnetIPv4;
+export const testTailscaleWhois = hoisted.testTailscaleWhois;
 export const piSdkMock = hoisted.piSdkMock;
 export const cronIsolatedRun = hoisted.cronIsolatedRun;
 export const agentCommand = hoisted.agentCommand;
@@ -222,6 +223,13 @@ vi.mock("../infra/tailnet.js", () => ({
     pickPrimaryTailnetIPv4: () => testTailnetIPv4.value,
     pickPrimaryTailnetIPv6: () => undefined,
 }));
+vi.mock("../infra/tailscale.js", async () => {
+    const actual = await vi.importActual("../infra/tailscale.js");
+    return {
+        ...actual,
+        readTailscaleWhoisIdentity: async () => testTailscaleWhois.value,
+    };
+});
 vi.mock("../config/sessions.js", async () => {
     const actual = await vi.importActual("../config/sessions.js");
     return {
@@ -350,8 +358,8 @@ vi.mock("../config/config.js", async () => {
                 ? fileAgents.defaults
                 : {};
             const defaults = {
-                model: { primary: "anthropic/claude-opus-4-5" },
-                workspace: path.join(os.tmpdir(), "clawd-gateway-test"),
+                model: { primary: "anthropic/claude-opus-4-6" },
+                workspace: path.join(os.tmpdir(), "poolbot-gateway-test"),
                 ...fileDefaults,
                 ...testState.agentConfig,
             };
@@ -391,38 +399,46 @@ vi.mock("../config/config.js", async () => {
                 ...fileSession,
                 mainKey: fileSession.mainKey ?? "main",
             };
-            if (typeof testState.sessionStorePath === "string")
+            if (typeof testState.sessionStorePath === "string") {
                 session.store = testState.sessionStorePath;
-            if (testState.sessionConfig)
+            }
+            if (testState.sessionConfig) {
                 Object.assign(session, testState.sessionConfig);
+            }
             const fileGateway = fileConfig.gateway &&
                 typeof fileConfig.gateway === "object" &&
                 !Array.isArray(fileConfig.gateway)
                 ? { ...fileConfig.gateway }
                 : {};
-            if (testState.gatewayBind)
+            if (testState.gatewayBind) {
                 fileGateway.bind = testState.gatewayBind;
-            if (testState.gatewayAuth)
+            }
+            if (testState.gatewayAuth) {
                 fileGateway.auth = testState.gatewayAuth;
-            if (testState.gatewayControlUi)
+            }
+            if (testState.gatewayControlUi) {
                 fileGateway.controlUi = testState.gatewayControlUi;
+            }
             const gateway = Object.keys(fileGateway).length > 0 ? fileGateway : undefined;
             const fileCanvasHost = fileConfig.canvasHost &&
                 typeof fileConfig.canvasHost === "object" &&
                 !Array.isArray(fileConfig.canvasHost)
                 ? { ...fileConfig.canvasHost }
                 : {};
-            if (typeof testState.canvasHostPort === "number")
+            if (typeof testState.canvasHostPort === "number") {
                 fileCanvasHost.port = testState.canvasHostPort;
+            }
             const canvasHost = Object.keys(fileCanvasHost).length > 0 ? fileCanvasHost : undefined;
             const hooks = testState.hooksConfig ?? fileConfig.hooks;
             const fileCron = fileConfig.cron && typeof fileConfig.cron === "object" && !Array.isArray(fileConfig.cron)
                 ? { ...fileConfig.cron }
                 : {};
-            if (typeof testState.cronEnabled === "boolean")
+            if (typeof testState.cronEnabled === "boolean") {
                 fileCron.enabled = testState.cronEnabled;
-            if (typeof testState.cronStorePath === "string")
+            }
+            if (typeof testState.cronStorePath === "string") {
                 fileCron.store = testState.cronStorePath;
+            }
             const cron = Object.keys(fileCron).length > 0 ? fileCron : undefined;
             const config = {
                 ...fileConfig,
@@ -503,7 +519,14 @@ vi.mock("../cli/deps.js", async () => {
         }),
     };
 });
+vi.mock("../plugins/loader.js", async () => {
+    const actual = await vi.importActual("../plugins/loader.js");
+    return {
+        ...actual,
+        loadPoolBotPlugins: () => pluginRegistryState.registry,
+    };
+});
+process.env.POOLBOT_SKIP_CHANNELS = "1";
+process.env.POOLBOT_SKIP_CRON = "1";
 process.env.POOLBOT_SKIP_CHANNELS = "1";
-process.env.CLAWDBOT_SKIP_CHANNELS = "1";
 process.env.POOLBOT_SKIP_CRON = "1";
-process.env.CLAWDBOT_SKIP_CRON = "1";

package/dist/gateway/test-helpers.openai-mock.js

@@ -1,8 +1,9 @@
 function extractLastUserText(input) {
     for (let i = input.length - 1; i >= 0; i -= 1) {
         const item = input[i];
-        if (!item || item.role !== "user")
+        if (!item || item.role !== "user") {
             continue;
+        }
         const content = item.content;
         if (Array.isArray(content)) {
             const text = content
@@ -13,8 +14,9 @@ function extractLastUserText(input) {
                 .map((c) => c.text)
                 .join("\n")
                 .trim();
-            if (text)
+            if (text) {
                 return text;
+            }
         }
     }
     return "";
@@ -22,8 +24,9 @@ function extractLastUserText(input) {
 function extractToolOutput(input) {
     for (const itemRaw of input) {
         const item = itemRaw;
-        if (!item || item.type !== "function_call_output")
+        if (!item || item.type !== "function_call_output") {
             continue;
+        }
         return typeof item.output === "string" ? item.output : "";
     }
     return "";
@@ -98,14 +101,18 @@ async function* fakeOpenAIResponsesStream(params) {
     };
 }
 function decodeBodyText(body) {
-    if (!body)
+    if (!body) {
         return "";
-    if (typeof body === "string")
+    }
+    if (typeof body === "string") {
         return body;
-    if (body instanceof Uint8Array)
+    }
+    if (body instanceof Uint8Array) {
         return Buffer.from(body).toString("utf8");
-    if (body instanceof ArrayBuffer)
+    }
+    if (body instanceof ArrayBuffer) {
         return Buffer.from(new Uint8Array(body)).toString("utf8");
+    }
     return "";
 }
 async function buildOpenAIResponsesSse(params) {