@poolzin/pool-bot 2026.2.25 → 2026.2.26

package/dist/infra/device-pairing.js

@@ -1,7 +1,7 @@
 import { randomUUID } from "node:crypto";
 import { normalizeDeviceAuthScopes } from "../shared/device-auth.js";
 import { roleScopesAllow } from "../shared/operator-scope-compat.js";
-import { createAsyncLock, pruneExpiredPending, readJsonFile, resolvePairingPaths, upsertPendingPairingRequest, writeJsonAtomic, } from "./pairing-files.js";
+import { createAsyncLock, pruneExpiredPending, readJsonFile, resolvePairingPaths, writeJsonAtomic, } from "./pairing-files.js";
 import { generatePairingToken, verifyPairingToken } from "./pairing-token.js";
 const PENDING_TTL_MS = 5 * 60 * 1000;
 const withLock = createAsyncLock();
@@ -76,6 +76,59 @@ function mergeScopes(...items) {
     }
     return [...scopes];
 }
+function mergePendingDevicePairingRequest(existing, incoming, isRepair) {
+    const existingRole = normalizeRole(existing.role);
+    const incomingRole = normalizeRole(incoming.role);
+    return {
+        ...existing,
+        displayName: incoming.displayName ?? existing.displayName,
+        platform: incoming.platform ?? existing.platform,
+        clientId: incoming.clientId ?? existing.clientId,
+        clientMode: incoming.clientMode ?? existing.clientMode,
+        role: existingRole ?? incomingRole ?? undefined,
+        roles: mergeRoles(existing.roles, existing.role, incoming.role),
+        scopes: mergeScopes(existing.scopes, incoming.scopes),
+        remoteIp: incoming.remoteIp ?? existing.remoteIp,
+        // If either request is interactive, keep the pending request visible for approval.
+        silent: Boolean(existing.silent && incoming.silent),
+        isRepair: existing.isRepair || isRepair,
+        ts: Date.now(),
+    };
+}
+function scopesAllow(requested, allowed) {
+    if (requested.length === 0) {
+        return true;
+    }
+    if (allowed.length === 0) {
+        return false;
+    }
+    const allowedSet = new Set(allowed);
+    return requested.every((scope) => allowedSet.has(scope));
+}
+const DEVICE_SCOPE_IMPLICATIONS = {
+    "operator.admin": ["operator.read", "operator.write", "operator.approvals", "operator.pairing"],
+    "operator.write": ["operator.read"],
+};
+function expandScopeImplications(scopes) {
+    const expanded = new Set(scopes);
+    const queue = [...scopes];
+    while (queue.length > 0) {
+        const scope = queue.pop();
+        if (!scope) {
+            continue;
+        }
+        for (const impliedScope of DEVICE_SCOPE_IMPLICATIONS[scope] ?? []) {
+            if (!expanded.has(impliedScope)) {
+                expanded.add(impliedScope);
+                queue.push(impliedScope);
+            }
+        }
+    }
+    return [...expanded];
+}
+function scopesAllowWithImplications(requested, allowed) {
+    return scopesAllow(expandScopeImplications(requested), expandScopeImplications(allowed));
+}
 function newToken() {
     return generatePairingToken();
 }
@@ -113,28 +166,33 @@ export async function requestDevicePairing(req, baseDir) {
         if (!deviceId) {
             throw new Error("deviceId required");
         }
-        return await upsertPendingPairingRequest({
-            pendingById: state.pendingById,
-            isExisting: (pending) => pending.deviceId === deviceId,
-            isRepair: Boolean(state.pairedByDeviceId[deviceId]),
-            createRequest: (isRepair) => ({
-                requestId: randomUUID(),
-                deviceId,
-                publicKey: req.publicKey,
-                displayName: req.displayName,
-                platform: req.platform,
-                clientId: req.clientId,
-                clientMode: req.clientMode,
-                role: req.role,
-                roles: req.role ? [req.role] : undefined,
-                scopes: req.scopes,
-                remoteIp: req.remoteIp,
-                silent: req.silent,
-                isRepair,
-                ts: Date.now(),
-            }),
-            persist: async () => await persistState(state, baseDir),
-        });
+        const isRepair = Boolean(state.pairedByDeviceId[deviceId]);
+        const existing = Object.values(state.pendingById).find((pending) => pending.deviceId === deviceId);
+        if (existing) {
+            const merged = mergePendingDevicePairingRequest(existing, req, isRepair);
+            state.pendingById[existing.requestId] = merged;
+            await persistState(state, baseDir);
+            return { status: "pending", request: merged, created: false };
+        }
+        const request = {
+            requestId: randomUUID(),
+            deviceId,
+            publicKey: req.publicKey,
+            displayName: req.displayName,
+            platform: req.platform,
+            clientId: req.clientId,
+            clientMode: req.clientMode,
+            role: req.role,
+            roles: req.role ? [req.role] : undefined,
+            scopes: req.scopes,
+            remoteIp: req.remoteIp,
+            silent: req.silent,
+            isRepair,
+            ts: Date.now(),
+        };
+        state.pendingById[request.requestId] = request;
+        await persistState(state, baseDir);
+        return { status: "pending", request, created: true };
     });
 }
 export async function approveDevicePairing(requestId, baseDir) {
@@ -147,12 +205,18 @@ export async function approveDevicePairing(requestId, baseDir) {
         const now = Date.now();
         const existing = state.pairedByDeviceId[pending.deviceId];
         const roles = mergeRoles(existing?.roles, existing?.role, pending.roles, pending.role);
-        const scopes = mergeScopes(existing?.scopes, pending.scopes);
+        const approvedScopes = mergeScopes(existing?.approvedScopes ?? existing?.scopes, pending.scopes);
         const tokens = existing?.tokens ? { ...existing.tokens } : {};
         const roleForToken = normalizeRole(pending.role);
         if (roleForToken) {
-            const nextScopes = normalizeDeviceAuthScopes(pending.scopes);
             const existingToken = tokens[roleForToken];
+            const requestedScopes = normalizeDeviceAuthScopes(pending.scopes);
+            const nextScopes = requestedScopes.length > 0
+                ? requestedScopes
+                : normalizeDeviceAuthScopes(existingToken?.scopes ??
+                    approvedScopes ??
+                    existing?.approvedScopes ??
+                    existing?.scopes);
             const now = Date.now();
             tokens[roleForToken] = {
                 token: newToken(),
@@ -173,7 +237,8 @@ export async function approveDevicePairing(requestId, baseDir) {
             clientMode: pending.clientMode,
             role: pending.role,
             roles,
-            scopes,
+            scopes: approvedScopes,
+            approvedScopes,
             remoteIp: pending.remoteIp,
             tokens,
             createdAtMs: existing?.createdAtMs ?? now,
@@ -224,6 +289,7 @@ export async function updatePairedDeviceMetadata(deviceId, patch, baseDir) {
             deviceId: existing.deviceId,
             createdAtMs: existing.createdAtMs,
             approvedAtMs: existing.approvedAtMs,
+            approvedScopes: existing.approvedScopes,
             role: patch.role ?? existing.role,
             roles,
             scopes,
@@ -339,6 +405,10 @@ export async function rotateDeviceToken(params) {
         }
         const { device, role, tokens, existing } = context;
         const requestedScopes = normalizeDeviceAuthScopes(params.scopes ?? existing?.scopes ?? device.scopes);
+        const approvedScopes = normalizeDeviceAuthScopes(device.approvedScopes ?? device.scopes ?? existing?.scopes);
+        if (!scopesAllowWithImplications(requestedScopes, approvedScopes)) {
+            return null;
+        }
         const now = Date.now();
         const next = buildDeviceAuthToken({
             role,
@@ -349,9 +419,6 @@ export async function rotateDeviceToken(params) {
         });
         tokens[role] = next;
         device.tokens = tokens;
-        if (params.scopes !== undefined) {
-            device.scopes = requestedScopes;
-        }
         state.pairedByDeviceId[device.deviceId] = device;
         await persistState(state, params.baseDir);
         return next;
@@ -380,3 +447,15 @@ export async function revokeDeviceToken(params) {
         return entry;
     });
 }
+export async function clearDevicePairing(deviceId, baseDir) {
+    return await withLock(async () => {
+        const state = await loadState(baseDir);
+        const normalizedId = normalizeDeviceId(deviceId);
+        if (!state.pairedByDeviceId[normalizedId]) {
+            return false;
+        }
+        delete state.pairedByDeviceId[normalizedId];
+        await persistState(state, baseDir);
+        return true;
+    });
+}

package/dist/infra/env.js

@@ -3,21 +3,26 @@ import { parseBooleanValue } from "../utils/boolean.js";
 const log = createSubsystemLogger("env");
 const loggedEnv = new Set();
 function formatEnvValue(value, redact) {
-    if (redact)
+    if (redact) {
         return "<redacted>";
+    }
     const singleLine = value.replace(/\s+/g, " ").trim();
-    if (singleLine.length <= 160)
+    if (singleLine.length <= 160) {
         return singleLine;
+    }
     return `${singleLine.slice(0, 160)}…`;
 }
 export function logAcceptedEnvOption(option) {
-    if (process.env.VITEST || process.env.NODE_ENV === "test")
+    if (process.env.VITEST || process.env.NODE_ENV === "test") {
         return;
-    if (loggedEnv.has(option.key))
+    }
+    if (loggedEnv.has(option.key)) {
         return;
+    }
     const rawValue = option.value ?? process.env[option.key];
-    if (!rawValue || !rawValue.trim())
+    if (!rawValue || !rawValue.trim()) {
         return;
+    }
     loggedEnv.add(option.key);
     log.info(`env: ${option.key}=${formatEnvValue(rawValue, option.redact)} (${option.description})`);
 }

package/dist/infra/exec-approvals-allowlist.js

@@ -127,6 +127,128 @@ export function evaluateExecAllowlist(params) {
         segmentSatisfiedBy: result.segmentSatisfiedBy,
     };
 }
+const SHELL_WRAPPER_EXECUTABLES = new Set([
+    "ash",
+    "bash",
+    "cmd",
+    "cmd.exe",
+    "dash",
+    "fish",
+    "ksh",
+    "powershell",
+    "powershell.exe",
+    "pwsh",
+    "pwsh.exe",
+    "sh",
+    "zsh",
+]);
+function normalizeExecutableName(name) {
+    return (name ?? "").trim().toLowerCase();
+}
+function isShellWrapperSegment(segment) {
+    const candidates = [
+        normalizeExecutableName(segment.resolution?.executableName),
+        normalizeExecutableName(segment.resolution?.rawExecutable),
+    ];
+    for (const candidate of candidates) {
+        if (!candidate) {
+            continue;
+        }
+        if (SHELL_WRAPPER_EXECUTABLES.has(candidate)) {
+            return true;
+        }
+        const base = candidate.split(/[\\/]/).pop();
+        if (base && SHELL_WRAPPER_EXECUTABLES.has(base)) {
+            return true;
+        }
+    }
+    return false;
+}
+function extractShellInlineCommand(argv) {
+    for (let i = 1; i < argv.length; i += 1) {
+        const token = argv[i];
+        if (!token) {
+            continue;
+        }
+        const lower = token.toLowerCase();
+        if (lower === "--") {
+            break;
+        }
+        if (lower === "-c" ||
+            lower === "--command" ||
+            lower === "-command" ||
+            lower === "/c" ||
+            lower === "/k") {
+            const next = argv[i + 1]?.trim();
+            return next ? next : null;
+        }
+        if (/^-[^-]*c[^-]*$/i.test(token)) {
+            const commandIndex = lower.indexOf("c");
+            const inline = token.slice(commandIndex + 1).trim();
+            if (inline) {
+                return inline;
+            }
+            const next = argv[i + 1]?.trim();
+            return next ? next : null;
+        }
+    }
+    return null;
+}
+function collectAllowAlwaysPatterns(params) {
+    const candidatePath = resolveAllowlistCandidatePath(params.segment.resolution, params.cwd);
+    if (!candidatePath) {
+        return;
+    }
+    if (!isShellWrapperSegment(params.segment)) {
+        params.out.add(candidatePath);
+        return;
+    }
+    if (params.depth >= 3) {
+        return;
+    }
+    const inlineCommand = extractShellInlineCommand(params.segment.argv);
+    if (!inlineCommand) {
+        return;
+    }
+    const nested = analyzeShellCommand({
+        command: inlineCommand,
+        cwd: params.cwd,
+        env: params.env,
+        platform: params.platform,
+    });
+    if (!nested.ok) {
+        return;
+    }
+    for (const nestedSegment of nested.segments) {
+        collectAllowAlwaysPatterns({
+            segment: nestedSegment,
+            cwd: params.cwd,
+            env: params.env,
+            platform: params.platform,
+            depth: params.depth + 1,
+            out: params.out,
+        });
+    }
+}
+/**
+ * Derive persisted allowlist patterns for an "allow always" decision.
+ * When a command is wrapped in a shell (for example `zsh -lc "<cmd>"`),
+ * persist the inner executable(s) rather than the shell binary.
+ */
+export function resolveAllowAlwaysPatterns(params) {
+    const patterns = new Set();
+    for (const segment of params.segments) {
+        collectAllowAlwaysPatterns({
+            segment,
+            cwd: params.cwd,
+            env: params.env,
+            platform: params.platform,
+            depth: 0,
+            out: patterns,
+        });
+    }
+    return Array.from(patterns);
+}
 /**
  * Evaluates allowlist for shell commands (including &&, ||, ;) and returns analysis metadata.
  */

package/dist/infra/exec-approvals-analysis.js

@@ -269,7 +269,7 @@ function splitShellPipeline(command) {
                     continue;
                 }
                 if (ch === quote) {
-                    return { delimiter, end: i + 1 };
+                    return { delimiter, end: i + 1, quoted: true };
                 }
                 delimiter += ch;
                 i += 1;
@@ -288,7 +288,7 @@ function splitShellPipeline(command) {
         if (!delimiter) {
             return null;
         }
-        return { delimiter, end: i };
+        return { delimiter, end: i, quoted: false };
     };
     const segments = [];
     let buf = "";
@@ -306,6 +306,28 @@ function splitShellPipeline(command) {
         }
         buf = "";
     };
+    const isEscapedInHeredocLine = (line, index) => {
+        let slashes = 0;
+        for (let i = index - 1; i >= 0 && line[i] === "\\"; i -= 1) {
+            slashes += 1;
+        }
+        return slashes % 2 === 1;
+    };
+    const hasUnquotedHeredocExpansionToken = (line) => {
+        for (let i = 0; i < line.length; i += 1) {
+            const ch = line[i];
+            if (ch === "`" && !isEscapedInHeredocLine(line, i)) {
+                return true;
+            }
+            if (ch === "$" && !isEscapedInHeredocLine(line, i)) {
+                const next = line[i + 1];
+                if (next === "(" || next === "{") {
+                    return true;
+                }
+            }
+        }
+        return false;
+    };
     for (let i = 0; i < command.length; i += 1) {
         const ch = command[i];
         const next = command[i + 1];
@@ -317,6 +339,9 @@ function splitShellPipeline(command) {
                     if (line === current.delimiter) {
                         pendingHeredocs.shift();
                     }
+                    else if (!current.quoted && hasUnquotedHeredocExpansionToken(heredocLine)) {
+                        return { ok: false, reason: "command substitution in unquoted heredoc", segments: [] };
+                    }
                 }
                 heredocLine = "";
                 if (pendingHeredocs.length === 0) {
@@ -422,7 +447,7 @@ function splitShellPipeline(command) {
             }
             const parsed = parseHeredocDelimiter(command, scanIndex);
             if (parsed) {
-                pendingHeredocs.push({ delimiter: parsed.delimiter, stripTabs });
+                pendingHeredocs.push({ delimiter: parsed.delimiter, stripTabs, quoted: parsed.quoted });
                 buf += command.slice(scanIndex, parsed.end);
                 i = parsed.end - 1;
             }
@@ -442,8 +467,14 @@ function splitShellPipeline(command) {
         const line = current.stripTabs ? heredocLine.replace(/^\t+/, "") : heredocLine;
         if (line === current.delimiter) {
             pendingHeredocs.shift();
+            if (pendingHeredocs.length === 0) {
+                inHeredocBody = false;
+            }
         }
     }
+    if (pendingHeredocs.length > 0 || inHeredocBody) {
+        return { ok: false, reason: "unterminated heredoc", segments: [] };
+    }
     if (escaped || inSingle || inDouble) {
         return { ok: false, reason: "unterminated shell quote/escape", segments: [] };
     }

package/dist/infra/exec-approvals.js

@@ -1,8 +1,8 @@
 import crypto from "node:crypto";
 import fs from "node:fs";
-import os from "node:os";
 import path from "node:path";
 import { DEFAULT_AGENT_ID } from "../routing/session-key.js";
+import { expandHomePrefix } from "./home-dir.js";
 import { requestJsonlSocket } from "./jsonl-socket.js";
 export * from "./exec-approvals-analysis.js";
 export * from "./exec-approvals-allowlist.js";
@@ -20,23 +20,11 @@ function hashExecApprovalsRaw(raw) {
         .update(raw ?? "")
         .digest("hex");
 }
-function expandHome(value) {
-    if (!value) {
-        return value;
-    }
-    if (value === "~") {
-        return os.homedir();
-    }
-    if (value.startsWith("~/")) {
-        return path.join(os.homedir(), value.slice(2));
-    }
-    return value;
-}
 export function resolveExecApprovalsPath() {
-    return expandHome(DEFAULT_FILE);
+    return expandHomePrefix(DEFAULT_FILE);
 }
 export function resolveExecApprovalsSocketPath() {
-    return expandHome(DEFAULT_SOCKET);
+    return expandHomePrefix(DEFAULT_SOCKET);
 }
 function normalizeAllowlistPattern(value) {
     const trimmed = value?.trim() ?? "";
@@ -261,7 +249,7 @@ export function resolveExecApprovals(agentId, overrides) {
         agentId,
         overrides,
         path: resolveExecApprovalsPath(),
-        socketPath: expandHome(file.socket?.path ?? resolveExecApprovalsSocketPath()),
+        socketPath: expandHomePrefix(file.socket?.path ?? resolveExecApprovalsSocketPath()),
         token: file.socket?.token ?? "",
     });
 }
@@ -293,7 +281,7 @@ export function resolveExecApprovalsFromFile(params) {
     ];
     return {
         path: params.path ?? resolveExecApprovalsPath(),
-        socketPath: expandHome(params.socketPath ?? file.socket?.path ?? resolveExecApprovalsSocketPath()),
+        socketPath: expandHomePrefix(params.socketPath ?? file.socket?.path ?? resolveExecApprovalsSocketPath()),
         token: params.token ?? file.socket?.token ?? "",
         defaults: resolvedDefaults,
         agent: resolvedAgent,