@poolzin/pool-bot 2026.2.25 → 2026.2.26

package/dist/gateway/client.js

@@ -2,11 +2,13 @@ import { randomUUID } from "node:crypto";
 import { WebSocket } from "ws";
 import { clearDeviceAuthToken, loadDeviceAuthToken, storeDeviceAuthToken, } from "../infra/device-auth-store.js";
 import { loadOrCreateDeviceIdentity, publicKeyRawBase64UrlFromPem, signDevicePayload, } from "../infra/device-identity.js";
+import { clearDevicePairing } from "../infra/device-pairing.js";
 import { normalizeFingerprint } from "../infra/tls/fingerprint.js";
 import { rawDataToString } from "../infra/ws.js";
 import { logDebug, logError } from "../logger.js";
 import { GATEWAY_CLIENT_MODES, GATEWAY_CLIENT_NAMES, } from "../utils/message-channel.js";
 import { buildDeviceAuthPayload } from "./device-auth.js";
+import { isSecureWebSocketUrl } from "./net.js";
 import { PROTOCOL_VERSION, validateEventFrame, validateRequestFrame, validateResponseFrame, } from "./protocol/index.js";
 export const GATEWAY_CLOSE_CODE_HINTS = {
     1000: "normal closure",
@@ -46,6 +48,24 @@ export class GatewayClient {
             this.opts.onConnectError?.(new Error("gateway tls fingerprint requires wss:// gateway url"));
             return;
         }
+        // Security check: block ALL plaintext ws:// to non-loopback addresses (CWE-319, CVSS 9.8)
+        // This protects both credentials AND chat/conversation data from MITM attacks.
+        // Device tokens may be loaded later in sendConnect(), so we block regardless of hasCredentials.
+        if (!isSecureWebSocketUrl(url)) {
+            // Safe hostname extraction - avoid throwing on malformed URLs in error path
+            let displayHost = url;
+            try {
+                displayHost = new URL(url).hostname || url;
+            }
+            catch {
+                // Use raw URL if parsing fails
+            }
+            const error = new Error(`SECURITY ERROR: Cannot connect to "${displayHost}" over plaintext ws://. ` +
+                "Both credentials and chat data would be exposed to network interception. " +
+                "Use wss:// for the gateway URL, or connect via SSH tunnel to localhost.");
+            this.opts.onConnectError?.(error);
+            return;
+        }
         // Allow node screen snapshots and other large responses.
         const wsOptions = {
             maxPayload: 25 * 1024 * 1024,
@@ -87,17 +107,21 @@ export class GatewayClient {
         this.ws.on("close", (code, reason) => {
             const reasonText = rawDataToString(reason);
             this.ws = null;
-            // If closed due to device token mismatch, clear the stored token so next attempt can get a fresh one
+            // If closed due to device token mismatch, clear the stored token and pairing so next attempt can get a fresh one
             if (code === 1008 &&
                 reasonText.toLowerCase().includes("device token mismatch") &&
                 this.opts.deviceIdentity) {
+                const deviceId = this.opts.deviceIdentity.deviceId;
                 const role = this.opts.role ?? "operator";
                 try {
-                    clearDeviceAuthToken({ deviceId: this.opts.deviceIdentity.deviceId, role });
-                    logDebug(`cleared stale device-auth token for device ${this.opts.deviceIdentity.deviceId}`);
+                    clearDeviceAuthToken({ deviceId, role });
+                    void clearDevicePairing(deviceId).catch((err) => {
+                        logDebug(`failed clearing stale device pairing for device ${deviceId}: ${String(err)}`);
+                    });
+                    logDebug(`cleared stale device-auth token for device ${deviceId}`);
                 }
                 catch (err) {
-                    logDebug(`failed clearing stale device-auth token for device ${this.opts.deviceIdentity.deviceId}: ${String(err)}`);
+                    logDebug(`failed clearing stale device-auth token for device ${deviceId}: ${String(err)}`);
                 }
             }
             this.flushPendingErrors(new Error(`gateway closed (${code}): ${reasonText}`));

package/dist/gateway/config-reload.js

@@ -1,3 +1,4 @@
+import { isDeepStrictEqual } from "node:util";
 import chokidar from "chokidar";
 import { listChannelPlugins } from "../channels/plugins/index.js";
 import { getActivePluginRegistry } from "../plugins/runtime.js";
@@ -102,10 +103,8 @@ export function diffConfigPaths(prev, next, prefix = "") {
         }
         return paths;
     }
-    if (Array.isArray(prev) && Array.isArray(next)) {
-        if (prev.length === next.length && prev.every((val, idx) => val === next[idx])) {
-            return [];
-        }
+    if (isDeepStrictEqual(prev, next)) {
+        return [];
     }
     return [prefix || "<root>"];
 }

package/dist/gateway/control-ui.js

@@ -1,35 +1,12 @@
 import fs from "node:fs";
 import path from "node:path";
-import { fileURLToPath } from "node:url";
+import { resolveControlUiRootSync } from "../infra/control-ui-assets.js";
+import { isWithinDir } from "../infra/path-safety.js";
 import { DEFAULT_ASSISTANT_IDENTITY, resolveAssistantIdentity } from "./assistant-identity.js";
+import { CONTROL_UI_BOOTSTRAP_CONFIG_PATH, } from "./control-ui-contract.js";
+import { buildControlUiCspHeader } from "./control-ui-csp.js";
 import { buildControlUiAvatarUrl, CONTROL_UI_AVATAR_PREFIX, normalizeControlUiBasePath, resolveAssistantAvatarUrl, } from "./control-ui-shared.js";
 const ROOT_PREFIX = "/";
-function resolveControlUiRoot() {
-    const here = path.dirname(fileURLToPath(import.meta.url));
-    const execDir = (() => {
-        try {
-            return path.dirname(fs.realpathSync(process.execPath));
-        }
-        catch {
-            return null;
-        }
-    })();
-    const candidates = [
-        // Packaged app: control-ui lives alongside the executable.
-        execDir ? path.resolve(execDir, "control-ui") : null,
-        // Running from dist: dist/gateway/control-ui.js -> dist/control-ui
-        path.resolve(here, "../control-ui"),
-        // Running from source: src/gateway/control-ui.ts -> dist/control-ui
-        path.resolve(here, "../../dist/control-ui"),
-        // Fallback to cwd (dev)
-        path.resolve(process.cwd(), "dist", "control-ui"),
-    ].filter((dir) => Boolean(dir));
-    for (const dir of candidates) {
-        if (fs.existsSync(path.join(dir, "index.html")))
-            return dir;
-    }
-    return null;
-}
 function contentTypeForExt(ext) {
     switch (ext) {
         case ".html":
@@ -60,6 +37,33 @@ function contentTypeForExt(ext) {
             return "application/octet-stream";
     }
 }
+/**
+ * Extensions recognised as static assets.  Missing files with these extensions
+ * return 404 instead of the SPA index.html fallback.  `.html` is intentionally
+ * excluded — actual HTML files on disk are served earlier, and missing `.html`
+ * paths should fall through to the SPA router (client-side routers may use
+ * `.html`-suffixed routes).
+ */
+const STATIC_ASSET_EXTENSIONS = new Set([
+    ".js",
+    ".css",
+    ".json",
+    ".map",
+    ".svg",
+    ".png",
+    ".jpg",
+    ".jpeg",
+    ".gif",
+    ".webp",
+    ".ico",
+    ".txt",
+]);
+function applyControlUiSecurityHeaders(res) {
+    res.setHeader("X-Frame-Options", "DENY");
+    res.setHeader("Content-Security-Policy", buildControlUiCspHeader());
+    res.setHeader("X-Content-Type-Options", "nosniff");
+    res.setHeader("Referrer-Policy", "no-referrer");
+}
 function sendJson(res, status, body) {
     res.statusCode = status;
     res.setHeader("Content-Type", "application/json; charset=utf-8");
@@ -71,18 +75,22 @@ function isValidAgentId(agentId) {
 }
 export function handleControlUiAvatarRequest(req, res, opts) {
     const urlRaw = req.url;
-    if (!urlRaw)
+    if (!urlRaw) {
         return false;
-    if (req.method !== "GET" && req.method !== "HEAD")
+    }
+    if (req.method !== "GET" && req.method !== "HEAD") {
         return false;
+    }
     const url = new URL(urlRaw, "http://localhost");
     const basePath = normalizeControlUiBasePath(opts.basePath);
     const pathname = url.pathname;
     const pathWithBase = basePath
         ? `${basePath}${CONTROL_UI_AVATAR_PREFIX}/`
         : `${CONTROL_UI_AVATAR_PREFIX}/`;
-    if (!pathname.startsWith(pathWithBase))
+    if (!pathname.startsWith(pathWithBase)) {
         return false;
+    }
+    applyControlUiSecurityHeaders(res);
     const agentIdParts = pathname.slice(pathWithBase.length).split("/").filter(Boolean);
     const agentId = agentIdParts[0] ?? "";
     if (agentIdParts.length !== 1 || !agentId || !isValidAgentId(agentId)) {
@@ -119,66 +127,93 @@ function respondNotFound(res) {
     res.setHeader("Content-Type", "text/plain; charset=utf-8");
     res.end("Not Found");
 }
-function serveFile(res, filePath) {
+function setStaticFileHeaders(res, filePath) {
     const ext = path.extname(filePath).toLowerCase();
     res.setHeader("Content-Type", contentTypeForExt(ext));
     // Static UI should never be cached aggressively while iterating; allow the
     // browser to revalidate.
     res.setHeader("Cache-Control", "no-cache");
+}
+function serveFile(res, filePath) {
+    setStaticFileHeaders(res, filePath);
     res.end(fs.readFileSync(filePath));
 }
-function injectControlUiConfig(html, opts) {
-    const { basePath, assistantName, assistantAvatar } = opts;
-    const script = `<script>` +
-        `window.__CLAWDBOT_CONTROL_UI_BASE_PATH__=${JSON.stringify(basePath)};` +
-        `window.__CLAWDBOT_ASSISTANT_NAME__=${JSON.stringify(assistantName ?? DEFAULT_ASSISTANT_IDENTITY.name)};` +
-        `window.__CLAWDBOT_ASSISTANT_AVATAR__=${JSON.stringify(assistantAvatar ?? DEFAULT_ASSISTANT_IDENTITY.avatar)};` +
-        `</script>`;
-    // Check if already injected
-    if (html.includes("__CLAWDBOT_ASSISTANT_NAME__"))
-        return html;
-    const headClose = html.indexOf("</head>");
-    if (headClose !== -1) {
-        return `${html.slice(0, headClose)}${script}${html.slice(headClose)}`;
-    }
-    return `${script}${html}`;
+function serveResolvedFile(res, filePath, body) {
+    setStaticFileHeaders(res, filePath);
+    res.end(body);
 }
-function serveIndexHtml(res, indexPath, opts) {
-    const { basePath, config, agentId } = opts;
-    const identity = config
-        ? resolveAssistantIdentity({ cfg: config, agentId })
-        : DEFAULT_ASSISTANT_IDENTITY;
-    const resolvedAgentId = typeof identity.agentId === "string"
-        ? identity.agentId
-        : agentId;
-    const avatarValue = resolveAssistantAvatarUrl({
-        avatar: identity.avatar,
-        agentId: resolvedAgentId,
-        basePath,
-    }) ?? identity.avatar;
+function serveResolvedIndexHtml(res, body) {
     res.setHeader("Content-Type", "text/html; charset=utf-8");
     res.setHeader("Cache-Control", "no-cache");
-    const raw = fs.readFileSync(indexPath, "utf8");
-    res.end(injectControlUiConfig(raw, {
-        basePath,
-        assistantName: identity.name,
-        assistantAvatar: avatarValue,
-    }));
+    res.end(body);
+}
+function isContainedPath(baseDir, targetPath) {
+    const relative = path.relative(baseDir, targetPath);
+    return relative !== ".." && !relative.startsWith(`..${path.sep}`) && !path.isAbsolute(relative);
+}
+function isExpectedSafePathError(error) {
+    const code = typeof error === "object" && error !== null && "code" in error ? String(error.code) : "";
+    return code === "ENOENT" || code === "ENOTDIR" || code === "ELOOP";
+}
+function areSameFileIdentity(preOpen, opened) {
+    return preOpen.dev === opened.dev && preOpen.ino === opened.ino;
+}
+function resolveSafeControlUiFile(rootReal, filePath) {
+    let fd = null;
+    try {
+        const fileReal = fs.realpathSync(filePath);
+        if (!isContainedPath(rootReal, fileReal)) {
+            return null;
+        }
+        const preOpenStat = fs.lstatSync(fileReal);
+        if (!preOpenStat.isFile()) {
+            return null;
+        }
+        const openFlags = fs.constants.O_RDONLY |
+            (typeof fs.constants.O_NOFOLLOW === "number" ? fs.constants.O_NOFOLLOW : 0);
+        fd = fs.openSync(fileReal, openFlags);
+        const openedStat = fs.fstatSync(fd);
+        // Compare inode identity so swaps between validation and open are rejected.
+        if (!openedStat.isFile() || !areSameFileIdentity(preOpenStat, openedStat)) {
+            return null;
+        }
+        const resolved = { path: fileReal, fd };
+        fd = null;
+        return resolved;
+    }
+    catch (error) {
+        if (isExpectedSafePathError(error)) {
+            return null;
+        }
+        throw error;
+    }
+    finally {
+        if (fd !== null) {
+            fs.closeSync(fd);
+        }
+    }
 }
 function isSafeRelativePath(relPath) {
-    if (!relPath)
+    if (!relPath) {
         return false;
+    }
     const normalized = path.posix.normalize(relPath);
-    if (normalized.startsWith("../") || normalized === "..")
+    if (path.posix.isAbsolute(normalized) || path.win32.isAbsolute(normalized)) {
         return false;
-    if (normalized.includes("\0"))
+    }
+    if (normalized.startsWith("../") || normalized === "..") {
+        return false;
+    }
+    if (normalized.includes("\0")) {
         return false;
+    }
     return true;
 }
 export function handleControlUiHttpRequest(req, res, opts) {
     const urlRaw = req.url;
-    if (!urlRaw)
+    if (!urlRaw) {
         return false;
+    }
     if (req.method !== "GET" && req.method !== "HEAD") {
         res.statusCode = 405;
         res.setHeader("Content-Type", "text/plain; charset=utf-8");
@@ -190,41 +225,104 @@ export function handleControlUiHttpRequest(req, res, opts) {
     const pathname = url.pathname;
     if (!basePath) {
         if (pathname === "/ui" || pathname.startsWith("/ui/")) {
+            applyControlUiSecurityHeaders(res);
             respondNotFound(res);
             return true;
         }
     }
     if (basePath) {
         if (pathname === basePath) {
+            applyControlUiSecurityHeaders(res);
             res.statusCode = 302;
             res.setHeader("Location", `${basePath}/${url.search}`);
             res.end();
             return true;
         }
-        if (!pathname.startsWith(`${basePath}/`))
+        if (!pathname.startsWith(`${basePath}/`)) {
             return false;
+        }
     }
-    const root = (() => {
-        if (opts?.root) {
-            if (opts.root.kind === "resolved")
-                return opts.root.path;
-            return null;
+    applyControlUiSecurityHeaders(res);
+    const bootstrapConfigPath = basePath
+        ? `${basePath}${CONTROL_UI_BOOTSTRAP_CONFIG_PATH}`
+        : CONTROL_UI_BOOTSTRAP_CONFIG_PATH;
+    if (pathname === bootstrapConfigPath) {
+        const config = opts?.config;
+        const identity = config
+            ? resolveAssistantIdentity({ cfg: config, agentId: opts?.agentId })
+            : DEFAULT_ASSISTANT_IDENTITY;
+        const avatarValue = resolveAssistantAvatarUrl({
+            avatar: identity.avatar,
+            agentId: identity.agentId,
+            basePath,
+        });
+        if (req.method === "HEAD") {
+            res.statusCode = 200;
+            res.setHeader("Content-Type", "application/json; charset=utf-8");
+            res.setHeader("Cache-Control", "no-cache");
+            res.end();
+            return true;
         }
-        return resolveControlUiRoot();
-    })();
+        sendJson(res, 200, {
+            basePath,
+            assistantName: identity.name,
+            assistantAvatar: avatarValue ?? identity.avatar,
+            assistantAgentId: identity.agentId,
+        });
+        return true;
+    }
+    const rootState = opts?.root;
+    if (rootState?.kind === "invalid") {
+        res.statusCode = 503;
+        res.setHeader("Content-Type", "text/plain; charset=utf-8");
+        res.end(`Control UI assets not found at ${rootState.path}. Build them with \`pnpm ui:build\` (auto-installs UI deps), or update gateway.controlUi.root.`);
+        return true;
+    }
+    if (rootState?.kind === "missing") {
+        res.statusCode = 503;
+        res.setHeader("Content-Type", "text/plain; charset=utf-8");
+        res.end("Control UI assets not found. Build them with `pnpm ui:build` (auto-installs UI deps), or run `pnpm ui:dev` during development.");
+        return true;
+    }
+    const root = rootState?.kind === "resolved"
+        ? rootState.path
+        : resolveControlUiRootSync({
+            moduleUrl: import.meta.url,
+            argv1: process.argv[1],
+            cwd: process.cwd(),
+        });
     if (!root) {
         res.statusCode = 503;
         res.setHeader("Content-Type", "text/plain; charset=utf-8");
         res.end("Control UI assets not found. Build them with `pnpm ui:build` (auto-installs UI deps), or run `pnpm ui:dev` during development.");
         return true;
     }
+    const rootReal = (() => {
+        try {
+            return fs.realpathSync(root);
+        }
+        catch (error) {
+            if (isExpectedSafePathError(error)) {
+                return null;
+            }
+            throw error;
+        }
+    })();
+    if (!rootReal) {
+        res.statusCode = 503;
+        res.setHeader("Content-Type", "text/plain; charset=utf-8");
+        res.end("Control UI assets not found. Build them with `pnpm ui:build` (auto-installs UI deps), or run `pnpm ui:dev` during development.");
+        return true;
+    }
     const uiPath = basePath && pathname.startsWith(`${basePath}/`) ? pathname.slice(basePath.length) : pathname;
     const rel = (() => {
-        if (uiPath === ROOT_PREFIX)
+        if (uiPath === ROOT_PREFIX) {
             return "";
+        }
         const assetsIndex = uiPath.indexOf("/assets/");
-        if (assetsIndex >= 0)
+        if (assetsIndex >= 0) {
             return uiPath.slice(assetsIndex + 1);
+        }
         return uiPath.slice(1);
     })();
     const requested = rel && !rel.endsWith("/") ? rel : `${rel}index.html`;
@@ -233,32 +331,57 @@ export function handleControlUiHttpRequest(req, res, opts) {
         respondNotFound(res);
         return true;
     }
-    const filePath = path.join(root, fileRel);
-    if (!filePath.startsWith(root)) {
+    const filePath = path.resolve(root, fileRel);
+    if (!isWithinDir(root, filePath)) {
         respondNotFound(res);
         return true;
     }
-    if (fs.existsSync(filePath) && fs.statSync(filePath).isFile()) {
-        if (path.basename(filePath) === "index.html") {
-            serveIndexHtml(res, filePath, {
-                basePath,
-                config: opts?.config,
-                agentId: opts?.agentId,
-            });
+    const safeFile = resolveSafeControlUiFile(rootReal, filePath);
+    if (safeFile) {
+        try {
+            if (req.method === "HEAD") {
+                res.statusCode = 200;
+                setStaticFileHeaders(res, safeFile.path);
+                res.end();
+                return true;
+            }
+            if (path.basename(safeFile.path) === "index.html") {
+                serveResolvedIndexHtml(res, fs.readFileSync(safeFile.fd, "utf8"));
+                return true;
+            }
+            serveResolvedFile(res, safeFile.path, fs.readFileSync(safeFile.fd));
             return true;
         }
-        serveFile(res, filePath);
+        finally {
+            fs.closeSync(safeFile.fd);
+        }
+    }
+    // If the requested path looks like a static asset (known extension), return
+    // 404 rather than falling through to the SPA index.html fallback.  We check
+    // against the same set of extensions that contentTypeForExt() recognises so
+    // that dotted SPA routes (e.g. /user/jane.doe, /v2.0) still get the
+    // client-side router fallback.
+    if (STATIC_ASSET_EXTENSIONS.has(path.extname(fileRel).toLowerCase())) {
+        respondNotFound(res);
         return true;
     }
     // SPA fallback (client-side router): serve index.html for unknown paths.
     const indexPath = path.join(root, "index.html");
-    if (fs.existsSync(indexPath)) {
-        serveIndexHtml(res, indexPath, {
-            basePath,
-            config: opts?.config,
-            agentId: opts?.agentId,
-        });
-        return true;
+    const safeIndex = resolveSafeControlUiFile(rootReal, indexPath);
+    if (safeIndex) {
+        try {
+            if (req.method === "HEAD") {
+                res.statusCode = 200;
+                setStaticFileHeaders(res, safeIndex.path);
+                res.end();
+                return true;
+            }
+            serveResolvedIndexHtml(res, fs.readFileSync(safeIndex.fd, "utf8"));
+            return true;
+        }
+        finally {
+            fs.closeSync(safeIndex.fd);
+        }
     }
     respondNotFound(res);
     return true;