@poolzin/pool-bot 2026.2.25 → 2026.2.26

package/dist/gateway/server-chat.js

@@ -1,15 +1,39 @@
+import { DEFAULT_HEARTBEAT_ACK_MAX_CHARS, stripHeartbeatToken } from "../auto-reply/heartbeat.js";
 import { normalizeVerboseLevel } from "../auto-reply/thinking.js";
+import { isSilentReplyText, SILENT_REPLY_TOKEN } from "../auto-reply/tokens.js";
 import { loadConfig } from "../config/config.js";
 import { getAgentRunContext } from "../infra/agent-events.js";
 import { resolveHeartbeatVisibility } from "../infra/heartbeat-visibility.js";
+import { stripInlineDirectiveTagsForDisplay } from "../utils/directive-tags.js";
 import { loadSessionEntry } from "./session-utils.js";
 import { formatForLog } from "./ws-log.js";
+function resolveHeartbeatAckMaxChars() {
+    try {
+        const cfg = loadConfig();
+        return Math.max(0, cfg.agents?.defaults?.heartbeat?.ackMaxChars ?? DEFAULT_HEARTBEAT_ACK_MAX_CHARS);
+    }
+    catch {
+        return DEFAULT_HEARTBEAT_ACK_MAX_CHARS;
+    }
+}
+function resolveHeartbeatContext(runId, sourceRunId) {
+    const primary = getAgentRunContext(runId);
+    if (primary?.isHeartbeat) {
+        return primary;
+    }
+    if (sourceRunId && sourceRunId !== runId) {
+        const source = getAgentRunContext(sourceRunId);
+        if (source?.isHeartbeat) {
+            return source;
+        }
+    }
+    return primary;
+}
 /**
- * Check if webchat broadcasts should be suppressed for heartbeat runs.
- * Returns true if the run is a heartbeat and showOk is false.
+ * Check if heartbeat ACK/noise should be hidden from interactive chat surfaces.
  */
-function shouldSuppressHeartbeatBroadcast(runId) {
-    const runContext = getAgentRunContext(runId);
+function shouldHideHeartbeatChatOutput(runId, sourceRunId) {
+    const runContext = resolveHeartbeatContext(runId, sourceRunId);
     if (!runContext?.isHeartbeat) {
         return false;
     }
@@ -23,6 +47,22 @@ function shouldSuppressHeartbeatBroadcast(runId) {
         return true;
     }
 }
+function normalizeHeartbeatChatFinalText(params) {
+    if (!shouldHideHeartbeatChatOutput(params.runId, params.sourceRunId)) {
+        return { suppress: false, text: params.text };
+    }
+    const stripped = stripHeartbeatToken(params.text, {
+        mode: "heartbeat",
+        maxAckChars: resolveHeartbeatAckMaxChars(),
+    });
+    if (!stripped.didStrip) {
+        return { suppress: false, text: params.text };
+    }
+    if (stripped.shouldSkip) {
+        return { suppress: true, text: "" };
+    }
+    return { suppress: false, text: stripped.text };
+}
 export function createChatRunRegistry() {
     const chatRunSessions = new Map();
     const add = (sessionId, entry) => {
@@ -141,8 +181,18 @@ export function createToolEventRecipientRegistry() {
     return { add, get, markFinal };
 }
 export function createAgentEventHandler({ broadcast, broadcastToConnIds, nodeSendToSession, agentRunSeq, chatRunState, resolveSessionKeyForRun, clearAgentRunContext, toolEventRecipients, }) {
-    const emitChatDelta = (sessionKey, clientRunId, seq, text) => {
-        chatRunState.buffers.set(clientRunId, text);
+    const emitChatDelta = (sessionKey, clientRunId, sourceRunId, seq, text) => {
+        const cleaned = stripInlineDirectiveTagsForDisplay(text).text;
+        if (!cleaned) {
+            return;
+        }
+        if (isSilentReplyText(cleaned, SILENT_REPLY_TOKEN)) {
+            return;
+        }
+        chatRunState.buffers.set(clientRunId, cleaned);
+        if (shouldHideHeartbeatChatOutput(clientRunId, sourceRunId)) {
+            return;
+        }
         const now = Date.now();
         const last = chatRunState.deltaSentAt.get(clientRunId) ?? 0;
         if (now - last < 150) {
@@ -156,18 +206,22 @@ export function createAgentEventHandler({ broadcast, broadcastToConnIds, nodeSen
             state: "delta",
             message: {
                 role: "assistant",
-                content: [{ type: "text", text }],
+                content: [{ type: "text", text: cleaned }],
                 timestamp: now,
             },
         };
-        // Suppress webchat broadcast for heartbeat runs when showOk is false
-        if (!shouldSuppressHeartbeatBroadcast(clientRunId)) {
-            broadcast("chat", payload, { dropIfSlow: true });
-        }
+        broadcast("chat", payload, { dropIfSlow: true });
         nodeSendToSession(sessionKey, "chat", payload);
     };
-    const emitChatFinal = (sessionKey, clientRunId, seq, jobState, error) => {
-        const text = chatRunState.buffers.get(clientRunId)?.trim() ?? "";
+    const emitChatFinal = (sessionKey, clientRunId, sourceRunId, seq, jobState, error) => {
+        const bufferedText = stripInlineDirectiveTagsForDisplay(chatRunState.buffers.get(clientRunId) ?? "").text.trim();
+        const normalizedHeartbeatText = normalizeHeartbeatChatFinalText({
+            runId: clientRunId,
+            sourceRunId,
+            text: bufferedText,
+        });
+        const text = normalizedHeartbeatText.text.trim();
+        const shouldSuppressSilent = normalizedHeartbeatText.suppress || isSilentReplyText(text, SILENT_REPLY_TOKEN);
         chatRunState.buffers.delete(clientRunId);
         chatRunState.deltaSentAt.delete(clientRunId);
         if (jobState === "done") {
@@ -176,7 +230,7 @@ export function createAgentEventHandler({ broadcast, broadcastToConnIds, nodeSen
                 sessionKey,
                 seq,
                 state: "final",
-                message: text
+                message: text && !shouldSuppressSilent
                     ? {
                         role: "assistant",
                         content: [{ type: "text", text }],
@@ -184,10 +238,7 @@ export function createAgentEventHandler({ broadcast, broadcastToConnIds, nodeSen
                     }
                     : undefined,
             };
-            // Suppress webchat broadcast for heartbeat runs when showOk is false
-            if (!shouldSuppressHeartbeatBroadcast(clientRunId)) {
-                broadcast("chat", payload);
-            }
+            broadcast("chat", payload);
             nodeSendToSession(sessionKey, "chat", payload);
             return;
         }
@@ -225,11 +276,14 @@ export function createAgentEventHandler({ broadcast, broadcastToConnIds, nodeSen
     };
     return (evt) => {
         const chatLink = chatRunState.registry.peek(evt.runId);
-        const sessionKey = chatLink?.sessionKey ?? resolveSessionKeyForRun(evt.runId);
+        const eventSessionKey = typeof evt.sessionKey === "string" && evt.sessionKey.trim() ? evt.sessionKey : undefined;
+        const sessionKey = chatLink?.sessionKey ?? eventSessionKey ?? resolveSessionKeyForRun(evt.runId);
         const clientRunId = chatLink?.clientRunId ?? evt.runId;
+        const eventRunId = chatLink?.clientRunId ?? evt.runId;
+        const eventForClients = chatLink ? { ...evt, runId: eventRunId } : evt;
         const isAborted = chatRunState.abortedRuns.has(clientRunId) || chatRunState.abortedRuns.has(evt.runId);
         // Include sessionKey so Control UI can filter tool streams per session.
-        const agentPayload = sessionKey ? { ...evt, sessionKey } : evt;
+        const agentPayload = sessionKey ? { ...eventForClients, sessionKey } : eventForClients;
         const last = agentRunSeq.get(evt.runId) ?? 0;
         const isToolEvent = evt.stream === "tool";
         const toolVerbose = isToolEvent ? resolveToolVerboseLevel(evt.runId, sessionKey) : "off";
@@ -239,12 +293,14 @@ export function createAgentEventHandler({ broadcast, broadcastToConnIds, nodeSen
                 const data = evt.data ? { ...evt.data } : {};
                 delete data.result;
                 delete data.partialResult;
-                return sessionKey ? { ...evt, sessionKey, data } : { ...evt, data };
+                return sessionKey
+                    ? { ...eventForClients, sessionKey, data }
+                    : { ...eventForClients, data };
             })()
             : agentPayload;
         if (evt.seq !== last + 1) {
             broadcast("agent", {
-                runId: evt.runId,
+                runId: eventRunId,
                 stream: "error",
                 ts: Date.now(),
                 sessionKey,
@@ -277,7 +333,7 @@ export function createAgentEventHandler({ broadcast, broadcastToConnIds, nodeSen
                 nodeSendToSession(sessionKey, "agent", isToolEvent ? toolPayload : agentPayload);
             }
             if (!isAborted && evt.stream === "assistant" && typeof evt.data?.text === "string") {
-                emitChatDelta(sessionKey, clientRunId, evt.seq, evt.data.text);
+                emitChatDelta(sessionKey, clientRunId, evt.runId, evt.seq, evt.data.text);
             }
             else if (!isAborted && (lifecyclePhase === "end" || lifecyclePhase === "error")) {
                 if (chatLink) {
@@ -286,10 +342,10 @@ export function createAgentEventHandler({ broadcast, broadcastToConnIds, nodeSen
                         clearAgentRunContext(evt.runId);
                         return;
                     }
-                    emitChatFinal(finished.sessionKey, finished.clientRunId, evt.seq, lifecyclePhase === "error" ? "error" : "done", evt.data?.error);
+                    emitChatFinal(finished.sessionKey, finished.clientRunId, evt.runId, evt.seq, lifecyclePhase === "error" ? "error" : "done", evt.data?.error);
                 }
                 else {
-                    emitChatFinal(sessionKey, evt.runId, evt.seq, lifecyclePhase === "error" ? "error" : "done", evt.data?.error);
+                    emitChatFinal(sessionKey, eventRunId, evt.runId, evt.seq, lifecyclePhase === "error" ? "error" : "done", evt.data?.error);
                 }
             }
             else if (isAborted && (lifecyclePhase === "end" || lifecyclePhase === "error")) {
@@ -305,6 +361,8 @@ export function createAgentEventHandler({ broadcast, broadcastToConnIds, nodeSen
         if (lifecyclePhase === "end" || lifecyclePhase === "error") {
             toolEventRecipients.markFinal(evt.runId);
             clearAgentRunContext(evt.runId);
+            agentRunSeq.delete(evt.runId);
+            agentRunSeq.delete(clientRunId);
         }
     };
 }

package/dist/gateway/server-constants.js

@@ -1,11 +1,14 @@
-export const MAX_PAYLOAD_BYTES = 512 * 1024; // cap incoming frame size
-export const MAX_BUFFERED_BYTES = 1.5 * 1024 * 1024; // per-connection send buffer limit
+// Keep server maxPayload aligned with gateway client maxPayload so high-res canvas snapshots
+// don't get disconnected mid-invoke with "Max payload size exceeded".
+export const MAX_PAYLOAD_BYTES = 25 * 1024 * 1024;
+export const MAX_BUFFERED_BYTES = 50 * 1024 * 1024; // per-connection send buffer limit (2x max payload)
 const DEFAULT_MAX_CHAT_HISTORY_MESSAGES_BYTES = 6 * 1024 * 1024; // keep history responses comfortably under client WS limits
 let maxChatHistoryMessagesBytes = DEFAULT_MAX_CHAT_HISTORY_MESSAGES_BYTES;
 export const getMaxChatHistoryMessagesBytes = () => maxChatHistoryMessagesBytes;
 export const __setMaxChatHistoryMessagesBytesForTest = (value) => {
-    if (!process.env.VITEST && process.env.NODE_ENV !== "test")
+    if (!process.env.VITEST && process.env.NODE_ENV !== "test") {
         return;
+    }
     if (value === undefined) {
         maxChatHistoryMessagesBytes = DEFAULT_MAX_CHAT_HISTORY_MESSAGES_BYTES;
         return;
@@ -16,13 +19,11 @@ export const __setMaxChatHistoryMessagesBytesForTest = (value) => {
 };
 export const DEFAULT_HANDSHAKE_TIMEOUT_MS = 10_000;
 export const getHandshakeTimeoutMs = () => {
-    if (process.env.VITEST &&
-        (process.env.POOLBOT_TEST_HANDSHAKE_TIMEOUT_MS ||
-            process.env.CLAWDBOT_TEST_HANDSHAKE_TIMEOUT_MS)) {
-        const parsed = Number(process.env.POOLBOT_TEST_HANDSHAKE_TIMEOUT_MS ||
-            process.env.CLAWDBOT_TEST_HANDSHAKE_TIMEOUT_MS);
-        if (Number.isFinite(parsed) && parsed > 0)
+    if (process.env.VITEST && process.env.POOLBOT_TEST_HANDSHAKE_TIMEOUT_MS) {
+        const parsed = Number(process.env.POOLBOT_TEST_HANDSHAKE_TIMEOUT_MS);
+        if (Number.isFinite(parsed) && parsed > 0) {
             return parsed;
+        }
     }
     return DEFAULT_HANDSHAKE_TIMEOUT_MS;
 };

package/dist/gateway/server-cron.js

@@ -235,6 +235,7 @@ export function buildGatewayCronService(params) {
                     status: evt.status,
                     error: evt.error,
                     summary: evt.summary,
+                    delivered: evt.delivered,
                     sessionId: evt.sessionId,
                     sessionKey: evt.sessionKey,
                     runAtMs: evt.runAtMs,

package/dist/gateway/server-http.js

@@ -5,7 +5,7 @@ import { A2UI_PATH, CANVAS_HOST_PATH, CANVAS_WS_PATH, handleA2uiHttpRequest, } f
 import { loadConfig } from "../config/config.js";
 import { safeEqualSecret } from "../security/secret-equal.js";
 import { handleSlackHttpRequest } from "../slack/http/index.js";
-import { authorizeGatewayConnect, isLocalDirectRequest, } from "./auth.js";
+import { authorizeHttpGatewayConnect, isLocalDirectRequest, } from "./auth.js";
 import { CANVAS_CAPABILITY_TTL_MS, normalizeCanvasScopedUrl } from "./canvas-capability.js";
 import { handleControlUiAvatarRequest, handleControlUiHttpRequest, } from "./control-ui.js";
 import { applyHookMappings } from "./hooks-mapping.js";
@@ -58,21 +58,22 @@ function hasAuthorizedNodeWsClientForCanvasCapability(clients, capability) {
     return false;
 }
 async function authorizeCanvasRequest(params) {
-    const { req, auth, trustedProxies, clients, canvasCapability, malformedScopedPath, rateLimiter } = params;
+    const { req, auth, trustedProxies, allowRealIpFallback, clients, canvasCapability, malformedScopedPath, rateLimiter, } = params;
     if (malformedScopedPath) {
         return { ok: false, reason: "unauthorized" };
     }
-    if (isLocalDirectRequest(req, trustedProxies)) {
+    if (isLocalDirectRequest(req, trustedProxies, allowRealIpFallback)) {
         return { ok: true };
     }
     let lastAuthFailure = null;
     const token = getBearerToken(req);
     if (token) {
-        const authResult = await authorizeGatewayConnect({
+        const authResult = await authorizeHttpGatewayConnect({
             auth: { ...auth, allowTailscale: false },
             connectAuth: { token, password: token },
             req,
             trustedProxies,
+            allowRealIpFallback,
             rateLimiter,
         });
         if (authResult.ok) {
@@ -169,10 +170,10 @@ export function createHooksRequestHandler(opts) {
         if (url.searchParams.has("token")) {
             res.statusCode = 400;
             res.setHeader("Content-Type", "text/plain; charset=utf-8");
-            res.end("Hook token must be provided via Authorization: Bearer <token> or X-PoolBot-Token header (query parameters are not allowed).");
+            res.end("Hook token must be provided via Authorization: Bearer <token> or X-Pool Bot-Token header (query parameters are not allowed).");
             return true;
         }
-        const token = extractHookToken(req).token;
+        const { token } = extractHookToken(req);
         const clientKey = resolveHookClientKey(req);
         if (!safeEqualSecret(token, hooksConfig.token)) {
             const throttle = recordHookAuthFailure(clientKey, Date.now());
@@ -346,6 +347,7 @@ export function createGatewayHttpServer(opts) {
         try {
             const configSnapshot = loadConfig();
             const trustedProxies = configSnapshot.gateway?.trustedProxies ?? [];
+            const allowRealIpFallback = configSnapshot.gateway?.allowRealIpFallback === true;
             const scopedCanvas = normalizeCanvasScopedUrl(req.url ?? "/");
             if (scopedCanvas.malformedScopedPath) {
                 sendGatewayAuthFailure(res, { ok: false, reason: "unauthorized" });
@@ -361,6 +363,7 @@ export function createGatewayHttpServer(opts) {
             if (await handleToolsInvokeHttpRequest(req, res, {
                 auth: resolvedAuth,
                 trustedProxies,
+                allowRealIpFallback,
                 rateLimiter,
             })) {
                 return;
@@ -374,11 +377,12 @@ export function createGatewayHttpServer(opts) {
                 // their own auth when exposing sensitive functionality.
                 if (requestPath.startsWith("/api/channels/")) {
                     const token = getBearerToken(req);
-                    const authResult = await authorizeGatewayConnect({
+                    const authResult = await authorizeHttpGatewayConnect({
                         auth: resolvedAuth,
                         connectAuth: token ? { token, password: token } : null,
                         req,
                         trustedProxies,
+                        allowRealIpFallback,
                         rateLimiter,
                     });
                     if (!authResult.ok) {
@@ -395,6 +399,7 @@ export function createGatewayHttpServer(opts) {
                     auth: resolvedAuth,
                     config: openResponsesConfig,
                     trustedProxies,
+                    allowRealIpFallback,
                     rateLimiter,
                 })) {
                     return;
@@ -404,6 +409,7 @@ export function createGatewayHttpServer(opts) {
                 if (await handleOpenAiHttpRequest(req, res, {
                     auth: resolvedAuth,
                     trustedProxies,
+                    allowRealIpFallback,
                     rateLimiter,
                 })) {
                     return;
@@ -415,6 +421,7 @@ export function createGatewayHttpServer(opts) {
                         req,
                         auth: resolvedAuth,
                         trustedProxies,
+                        allowRealIpFallback,
                         clients,
                         canvasCapability: scopedCanvas.capability,
                         malformedScopedPath: scopedCanvas.malformedScopedPath,
@@ -477,10 +484,12 @@ export function attachGatewayUpgradeHandler(opts) {
                 if (url.pathname === CANVAS_WS_PATH) {
                     const configSnapshot = loadConfig();
                     const trustedProxies = configSnapshot.gateway?.trustedProxies ?? [];
+                    const allowRealIpFallback = configSnapshot.gateway?.allowRealIpFallback === true;
                     const ok = await authorizeCanvasRequest({
                         req,
                         auth: resolvedAuth,
                         trustedProxies,
+                        allowRealIpFallback,
                         clients,
                         canvasCapability: scopedCanvas.capability,
                         malformedScopedPath: scopedCanvas.malformedScopedPath,

package/dist/gateway/server-maintenance.js

@@ -1,7 +1,7 @@
 import { abortChatRunById } from "./chat-abort.js";
-import { setBroadcastHealthUpdate } from "./server/health-state.js";
 import { DEDUPE_MAX, DEDUPE_TTL_MS, HEALTH_REFRESH_INTERVAL_MS, TICK_INTERVAL_MS, } from "./server-constants.js";
 import { formatError } from "./server-utils.js";
+import { setBroadcastHealthUpdate } from "./server/health-state.js";
 export function startGatewayMaintenanceTimers(params) {
     setBroadcastHealthUpdate((snap) => {
         params.broadcast("health", snap, {
@@ -30,20 +30,34 @@ export function startGatewayMaintenanceTimers(params) {
         .catch((err) => params.logHealth.error(`initial refresh failed: ${formatError(err)}`));
     // dedupe cache cleanup
     const dedupeCleanup = setInterval(() => {
+        const AGENT_RUN_SEQ_MAX = 10_000;
         const now = Date.now();
         for (const [k, v] of params.dedupe) {
-            if (now - v.ts > DEDUPE_TTL_MS)
+            if (now - v.ts > DEDUPE_TTL_MS) {
                 params.dedupe.delete(k);
+            }
         }
         if (params.dedupe.size > DEDUPE_MAX) {
-            const entries = [...params.dedupe.entries()].sort((a, b) => a[1].ts - b[1].ts);
+            const entries = [...params.dedupe.entries()].toSorted((a, b) => a[1].ts - b[1].ts);
             for (let i = 0; i < params.dedupe.size - DEDUPE_MAX; i++) {
                 params.dedupe.delete(entries[i][0]);
             }
         }
+        if (params.agentRunSeq.size > AGENT_RUN_SEQ_MAX) {
+            const excess = params.agentRunSeq.size - AGENT_RUN_SEQ_MAX;
+            let removed = 0;
+            for (const runId of params.agentRunSeq.keys()) {
+                params.agentRunSeq.delete(runId);
+                removed += 1;
+                if (removed >= excess) {
+                    break;
+                }
+            }
+        }
         for (const [runId, entry] of params.chatAbortControllers) {
-            if (now <= entry.expiresAtMs)
+            if (now <= entry.expiresAtMs) {
                 continue;
+            }
             abortChatRunById({
                 chatAbortControllers: params.chatAbortControllers,
                 chatRunBuffers: params.chatRunBuffers,
@@ -57,8 +71,9 @@ export function startGatewayMaintenanceTimers(params) {
         }
         const ABORTED_RUN_TTL_MS = 60 * 60_000;
         for (const [runId, abortedAt] of params.chatRunState.abortedRuns) {
-            if (now - abortedAt <= ABORTED_RUN_TTL_MS)
+            if (now - abortedAt <= ABORTED_RUN_TTL_MS) {
                 continue;
+            }
             params.chatRunState.abortedRuns.delete(runId);
             params.chatRunBuffers.delete(runId);
             params.chatDeltaSentAt.delete(runId);

package/dist/gateway/server-methods/chat.js

@@ -9,6 +9,7 @@ import { createReplyDispatcher } from "../../auto-reply/reply/reply-dispatcher.j
 import { createReplyPrefixOptions } from "../../channels/reply-prefix.js";
 import { resolveSessionFilePath } from "../../config/sessions.js";
 import { resolveSendPolicy } from "../../sessions/send-policy.js";
+import { stripInlineDirectiveTagsForDisplay } from "../../utils/directive-tags.js";
 import { INTERNAL_MESSAGE_CHANNEL } from "../../utils/message-channel.js";
 import { abortChatRunById, abortChatRunsForSessionKey, isChatStopCommandText, resolveChatRunExpiresAtMs, } from "../chat-abort.js";
 import { parseMessageWithAttachments } from "../chat-attachments.js";
@@ -57,9 +58,10 @@ function sanitizeChatHistoryContentBlock(block) {
     const entry = { ...block };
     let changed = false;
     if (typeof entry.text === "string") {
-        const res = truncateChatHistoryText(entry.text);
+        const stripped = stripInlineDirectiveTagsForDisplay(entry.text);
+        const res = truncateChatHistoryText(stripped.text);
         entry.text = res.text;
-        changed ||= res.truncated;
+        changed ||= stripped.changed || res.truncated;
     }
     if (typeof entry.partialJson === "string") {
         const res = truncateChatHistoryText(entry.partialJson);
@@ -109,9 +111,10 @@ function sanitizeChatHistoryMessage(message) {
         changed = true;
     }
     if (typeof entry.content === "string") {
-        const res = truncateChatHistoryText(entry.content);
+        const stripped = stripInlineDirectiveTagsForDisplay(entry.content);
+        const res = truncateChatHistoryText(stripped.text);
         entry.content = res.text;
-        changed ||= res.truncated;
+        changed ||= stripped.changed || res.truncated;
     }
     else if (Array.isArray(entry.content)) {
         const updated = entry.content.map((block) => sanitizeChatHistoryContentBlock(block));
@@ -121,9 +124,10 @@ function sanitizeChatHistoryMessage(message) {
         }
     }
     if (typeof entry.text === "string") {
-        const res = truncateChatHistoryText(entry.text);
+        const stripped = stripInlineDirectiveTagsForDisplay(entry.text);
+        const res = truncateChatHistoryText(stripped.text);
         entry.text = res.text;
-        changed ||= res.truncated;
+        changed ||= stripped.changed || res.truncated;
     }
     return { message: changed ? entry : message, changed };
 }

package/dist/gateway/server-methods/config.js

@@ -233,16 +233,15 @@ export const configHandlers = {
             note,
         });
         const sentinelPath = await tryWriteRestartSentinelPayload(payload);
-        const audit = {
-            actor: actor.actor,
-            deviceId: actor.deviceId,
-            clientIp: actor.clientIp,
-            changedPaths,
-        };
         const restart = scheduleGatewaySigusr1Restart({
             delayMs: restartDelayMs,
             reason: "config.patch",
-            audit,
+            audit: {
+                actor: actor.actor,
+                deviceId: actor.deviceId,
+                clientIp: actor.clientIp,
+                changedPaths,
+            },
         });
         if (restart.coalesced) {
             context?.logGateway?.warn(`config.patch restart coalesced ${formatControlPlaneActor(actor)} delayMs=${restart.delayMs}`);
@@ -284,16 +283,15 @@ export const configHandlers = {
             note,
         });
         const sentinelPath = await tryWriteRestartSentinelPayload(payload);
-        const audit = {
-            actor: actor.actor,
-            deviceId: actor.deviceId,
-            clientIp: actor.clientIp,
-            changedPaths,
-        };
         const restart = scheduleGatewaySigusr1Restart({
             delayMs: restartDelayMs,
             reason: "config.apply",
-            audit,
+            audit: {
+                actor: actor.actor,
+                deviceId: actor.deviceId,
+                clientIp: actor.clientIp,
+                changedPaths,
+            },
         });
         if (restart.coalesced) {
             context?.logGateway?.warn(`config.apply restart coalesced ${formatControlPlaneActor(actor)} delayMs=${restart.delayMs}`);

package/dist/gateway/server-methods/devices.js

@@ -1,7 +1,7 @@
-import { approveDevicePairing, listDevicePairing, rejectDevicePairing, revokeDeviceToken, rotateDeviceToken, summarizeDeviceTokens, } from "../../infra/device-pairing.js";
-import { ErrorCodes, errorShape, formatValidationErrors, validateDevicePairApproveParams, validateDevicePairListParams, validateDevicePairRejectParams, validateDeviceTokenRevokeParams, validateDeviceTokenRotateParams, } from "../protocol/index.js";
+import { approveDevicePairing, listDevicePairing, removePairedDevice, rejectDevicePairing, revokeDeviceToken, rotateDeviceToken, summarizeDeviceTokens, } from "../../infra/device-pairing.js";
+import { ErrorCodes, errorShape, formatValidationErrors, validateDevicePairApproveParams, validateDevicePairListParams, validateDevicePairRemoveParams, validateDevicePairRejectParams, validateDeviceTokenRevokeParams, validateDeviceTokenRotateParams, } from "../protocol/index.js";
 function redactPairedDevice(device) {
-    const { tokens, ...rest } = device;
+    const { tokens, approvedScopes: _approvedScopes, ...rest } = device;
     return {
         ...rest,
         tokens: summarizeDeviceTokens(tokens),
@@ -58,6 +58,20 @@ export const deviceHandlers = {
         }, { dropIfSlow: true });
         respond(true, rejected, undefined);
     },
+    "device.pair.remove": async ({ params, respond, context }) => {
+        if (!validateDevicePairRemoveParams(params)) {
+            respond(false, undefined, errorShape(ErrorCodes.INVALID_REQUEST, `invalid device.pair.remove params: ${formatValidationErrors(validateDevicePairRemoveParams.errors)}`));
+            return;
+        }
+        const { deviceId } = params;
+        const removed = await removePairedDevice(deviceId);
+        if (!removed) {
+            respond(false, undefined, errorShape(ErrorCodes.INVALID_REQUEST, "unknown deviceId"));
+            return;
+        }
+        context.logGateway.info(`device pairing removed device=${removed.deviceId}`);
+        respond(true, removed, undefined);
+    },
     "device.token.rotate": async ({ params, respond, context }) => {
         if (!validateDeviceTokenRotateParams(params)) {
             respond(false, undefined, errorShape(ErrorCodes.INVALID_REQUEST, `invalid device.token.rotate params: ${formatValidationErrors(validateDeviceTokenRotateParams.errors)}`));

package/dist/gateway/server-methods/models.js

@@ -1,3 +1,6 @@
+import { DEFAULT_PROVIDER } from "../../agents/defaults.js";
+import { buildAllowedModelSet } from "../../agents/model-selection.js";
+import { loadConfig } from "../../config/config.js";
 import { ErrorCodes, errorShape, formatValidationErrors, validateModelsListParams, } from "../protocol/index.js";
 export const modelsHandlers = {
     "models.list": async ({ params, respond, context }) => {
@@ -6,7 +9,14 @@ export const modelsHandlers = {
             return;
         }
         try {
-            const models = await context.loadGatewayModelCatalog();
+            const catalog = await context.loadGatewayModelCatalog();
+            const cfg = loadConfig();
+            const { allowedCatalog } = buildAllowedModelSet({
+                cfg,
+                catalog,
+                defaultProvider: DEFAULT_PROVIDER,
+            });
+            const models = allowedCatalog.length > 0 ? allowedCatalog : catalog;
             respond(true, { models }, undefined);
         }
         catch (err) {