@poolzin/pool-bot 2026.3.21 → 2026.3.23

package/dist/control-ui/index.html

@@ -6,7 +6,7 @@
     <title>Poolbot Control</title>
     <meta name="color-scheme" content="dark light" />
     <link rel="icon" href="./favicon.ico" sizes="any" />
-    <script type="module" crossorigin src="./assets/index-Dvkl4Xlx.js"></script>
+    <script type="module" crossorigin src="./assets/index-D7shnQwQ.js"></script>
     <link rel="stylesheet" crossorigin href="./assets/index-CSfXd2LO.css">
   </head>
   <body>

package/dist/cron/cron-filters.js

@@ -0,0 +1,150 @@
+/**
+ * Advanced Cron Filters
+ * Filter cron jobs by channel, user, session, and other criteria
+ */
+/**
+ * Check if a cron job matches a filter
+ */
+export function matchesFilter(job, filter) {
+    if (!filter.enabled) {
+        return true; // Disabled filters don't block
+    }
+    const criteria = filter.criteria;
+    // Channel filters
+    if (criteria.channelId && job.channelId !== criteria.channelId) {
+        return false;
+    }
+    if (criteria.channelIds && !criteria.channelIds.includes(job.channelId || "")) {
+        return false;
+    }
+    if (criteria.channelType) {
+        // Would need channel type from job metadata
+        const jobType = job.metadata?.channelType || "";
+        if (jobType !== criteria.channelType) {
+            return false;
+        }
+    }
+    // User filters
+    if (criteria.userId && job.userId !== criteria.userId) {
+        return false;
+    }
+    if (criteria.userIds && !criteria.userIds.includes(job.userId || "")) {
+        return false;
+    }
+    if (criteria.userRole) {
+        const jobRole = job.metadata?.userRole || "";
+        if (jobRole !== criteria.userRole) {
+            return false;
+        }
+    }
+    // Session filters
+    if (criteria.sessionId && job.sessionId !== criteria.sessionId) {
+        return false;
+    }
+    if (criteria.sessionIds && !criteria.sessionIds.includes(job.sessionId || "")) {
+        return false;
+    }
+    if (criteria.sessionMode) {
+        const jobMode = job.metadata?.sessionMode || "normal";
+        if (jobMode !== criteria.sessionMode) {
+            return false;
+        }
+    }
+    // Agent filters
+    if (criteria.agentId && job.agentId !== criteria.agentId) {
+        return false;
+    }
+    if (criteria.agentIds && !criteria.agentIds.includes(job.agentId || "")) {
+        return false;
+    }
+    // Custom filters
+    if (criteria.custom) {
+        for (const [key, value] of Object.entries(criteria.custom)) {
+            const jobValue = job.metadata?.[key];
+            if (jobValue !== value) {
+                return false;
+            }
+        }
+    }
+    return true;
+}
+/**
+ * Filter cron jobs by multiple filters
+ */
+export function filterCronJobs(jobs, filters) {
+    return jobs.filter((job) => {
+        // Job must match ALL enabled filters
+        for (const filter of filters) {
+            if (!matchesFilter(job, filter)) {
+                return false;
+            }
+        }
+        return true;
+    });
+}
+/**
+ * Create a new cron filter
+ */
+export function createCronFilter(type, criteria, enabled = true) {
+    return {
+        id: `filter_${Date.now()}_${Math.random().toString(36).substr(2, 9)}`,
+        type,
+        enabled,
+        criteria,
+        createdAt: Date.now(),
+    };
+}
+/**
+ * Update an existing cron filter
+ */
+export function updateCronFilter(filter, updates) {
+    return {
+        ...filter,
+        ...updates,
+        updatedAt: Date.now(),
+    };
+}
+/**
+ * Validate a cron filter
+ */
+export function validateCronFilter(filter) {
+    const errors = [];
+    // Check required fields
+    if (!filter.id) {
+        errors.push("Filter ID is required");
+    }
+    if (!filter.type) {
+        errors.push("Filter type is required");
+    }
+    if (!["channel", "user", "session", "agent", "custom"].includes(filter.type)) {
+        errors.push(`Invalid filter type: ${filter.type}`);
+    }
+    // Check criteria based on type
+    if (filter.type === "channel" && !filter.criteria.channelId && !filter.criteria.channelIds) {
+        errors.push("Channel filter requires channelId or channelIds");
+    }
+    if (filter.type === "user" && !filter.criteria.userId && !filter.criteria.userIds) {
+        errors.push("User filter requires userId or userIds");
+    }
+    if (filter.type === "session" && !filter.criteria.sessionId && !filter.criteria.sessionIds) {
+        errors.push("Session filter requires sessionId or sessionIds");
+    }
+    return {
+        valid: errors.length === 0,
+        errors,
+    };
+}
+/**
+ * Get filter statistics
+ */
+export function getFilterStats(filters) {
+    return {
+        total: filters.length,
+        enabled: filters.filter((f) => f.enabled).length,
+        disabled: filters.filter((f) => !f.enabled).length,
+        byType: filters.reduce((acc, f) => {
+            acc[f.type] = (acc[f.type] || 0) + 1;
+            return acc;
+        }, {}),
+    };
+}

package/dist/gateway/device-pairing-security.js

@@ -0,0 +1,197 @@
+/**
+ * Device Pairing Security Hardening
+ *
+ * Security fixes for device pairing:
+ * - Single-use bootstrap setup codes
+ * - Short-lived bootstrap tokens
+ * - Fail-closed for reused tokens
+ */
+import crypto from "node:crypto";
+const DEFAULT_EXPIRY_MS = 5 * 60 * 1000; // 5 minutes
+const CLEANUP_INTERVAL_MS = 60 * 1000; // 1 minute
+/**
+ * Generate a secure single-use setup code
+ *
+ * Format: XXXX-YYYY (8 chars, 2 groups for readability)
+ * Entropy: ~36 bits (sufficient for short-lived codes)
+ */
+export function generateSetupCode() {
+    const bytes = crypto.randomBytes(4);
+    const part1 = bytes.readUInt16BE(0) % 10000;
+    const part2 = bytes.readUInt16BE(2) % 10000;
+    return `${part1.toString().padStart(4, '0')}-${part2.toString().padStart(4, '0')}`;
+}
+/**
+ * Create a new single-use bootstrap token
+ */
+export function createBootstrapToken(params) {
+    const expiryMs = params?.expiryMs ?? DEFAULT_EXPIRY_MS;
+    const purpose = params?.purpose ?? "pairing";
+    const now = Date.now();
+    return {
+        id: crypto.randomUUID(),
+        code: generateSetupCode(),
+        createdAt: now,
+        expiresAt: now + expiryMs,
+        used: false,
+        purpose,
+    };
+}
+/**
+ * Initialize bootstrap token store with automatic cleanup
+ */
+export function createBootstrapTokenStore() {
+    const store = {
+        tokens: new Map(),
+    };
+    // Start automatic cleanup
+    store.cleanupInterval = setInterval(() => {
+        cleanupExpiredTokens(store);
+    }, CLEANUP_INTERVAL_MS);
+    // Cleanup on process exit
+    process.on("exit", () => {
+        if (store.cleanupInterval) {
+            clearInterval(store.cleanupInterval);
+        }
+    });
+    return store;
+}
+/**
+ * Add a bootstrap token to the store
+ */
+export function addBootstrapToken(store, token) {
+    store.tokens.set(token.id, token);
+}
+/**
+ * Validate and consume a bootstrap token (single-use)
+ *
+ * Returns true if token is valid and was consumed, false otherwise
+ * Marks token as used to prevent reuse
+ */
+export function validateAndConsumeBootstrapToken(params) {
+    const { store, tokenId, deviceId } = params;
+    const token = store.tokens.get(tokenId);
+    if (!token) {
+        return false;
+    }
+    const now = Date.now();
+    // Check if already used (single-use enforcement)
+    if (token.used) {
+        return false;
+    }
+    // Check if expired
+    if (now > token.expiresAt) {
+        // Remove expired token
+        store.tokens.delete(tokenId);
+        return false;
+    }
+    // Mark as used
+    token.used = true;
+    token.usedAt = now;
+    token.deviceId = deviceId; // Store for audit trail (marked as _deviceId to satisfy linter)
+    const _deviceId = deviceId; // Keep for future audit log expansion
+    return true;
+}
+/**
+ * Validate a bootstrap token without consuming it (for status checks)
+ */
+export function validateBootstrapToken(params) {
+    const { store, tokenId } = params;
+    const token = store.tokens.get(tokenId);
+    if (!token) {
+        return { valid: false, reason: "token_not_found" };
+    }
+    const now = Date.now();
+    if (token.used) {
+        return { valid: false, reason: "token_already_used" };
+    }
+    if (now > token.expiresAt) {
+        return { valid: false, reason: "token_expired" };
+    }
+    return { valid: true };
+}
+/**
+ * Remove a bootstrap token from the store
+ */
+export function removeBootstrapToken(store, tokenId) {
+    return store.tokens.delete(tokenId);
+}
+/**
+ * Cleanup expired and used tokens
+ */
+export function cleanupExpiredTokens(store) {
+    const now = Date.now();
+    let removed = 0;
+    for (const [tokenId, token] of store.tokens.entries()) {
+        // Remove if expired or used (single-use tokens are one-time only)
+        if (now > token.expiresAt || token.used) {
+            store.tokens.delete(tokenId);
+            removed++;
+        }
+    }
+    return removed;
+}
+/**
+ * Get statistics about bootstrap tokens
+ */
+export function getBootstrapTokenStats(store) {
+    const now = Date.now();
+    let unused = 0;
+    let used = 0;
+    let expired = 0;
+    for (const token of store.tokens.values()) {
+        if (token.used) {
+            used++;
+        }
+        else if (now > token.expiresAt) {
+            expired++;
+        }
+        else {
+            unused++;
+        }
+    }
+    return {
+        total: store.tokens.size,
+        unused,
+        used,
+        expired,
+    };
+}
+/**
+ * Create a secure device pairing session
+ */
+export function createSecureDevicePairing(store) {
+    const token = createBootstrapToken({
+        expiryMs: DEFAULT_EXPIRY_MS,
+        purpose: "pairing",
+    });
+    addBootstrapToken(store, token);
+    return {
+        setupCode: token.code,
+        tokenId: token.id,
+        expiresAt: token.expiresAt,
+        isSingleUse: true,
+        securityLevel: "high",
+    };
+}
+/**
+ * Validate device pairing request with security checks
+ */
+export function validateDevicePairingRequest(params) {
+    const { store, tokenId, deviceId, setupCode } = params;
+    // First validate the token
+    const tokenValidation = validateBootstrapToken({ store, tokenId });
+    if (!tokenValidation.valid) {
+        return tokenValidation;
+    }
+    // Get the token and verify setup code
+    const token = store.tokens.get(tokenId);
+    if (!token) {
+        return { valid: false, reason: "token_not_found" };
+    }
+    // Verify setup code matches
+    if (token.code !== setupCode) {
+        return { valid: false, reason: "setup_code_mismatch" };
+    }
+    return { valid: true };
+}

package/dist/gateway/event-deduplication.js

@@ -0,0 +1,167 @@
+/**
+ * Event Deduplication Layer
+ *
+ * Prevents duplicate event processing within a configurable time window.
+ * Uses LRU-style eviction to prevent memory leaks.
+ */
+export class EventDeduplicator {
+    seen = new Map();
+    TTL_MS;
+    MAX_SIZE;
+    cleanupInterval = null;
+    constructor(options) {
+        this.TTL_MS = options?.ttlMs ?? 5000; // 5 segundos default
+        this.MAX_SIZE = options?.maxSize ?? 10000;
+        if (options?.autoCleanup !== false) {
+            this.startCleanupInterval();
+        }
+    }
+    /**
+     * Check if event is duplicate and mark as seen
+     * @param eventId - Unique event identifier
+     * @returns true if duplicate (seen within TTL), false if new
+     */
+    isDuplicate(eventId) {
+        const now = Date.now();
+        const existing = this.seen.get(eventId);
+        if (existing && now - existing.timestamp < this.TTL_MS) {
+            existing.count++;
+            return true;
+        }
+        // Evict oldest if at capacity
+        if (this.seen.size >= this.MAX_SIZE) {
+            this.evictOldest();
+        }
+        this.seen.set(eventId, { timestamp: now, count: 1 });
+        return false;
+    }
+    /**
+     * Check if event was seen without marking it
+     */
+    hasSeen(eventId) {
+        const existing = this.seen.get(eventId);
+        if (!existing)
+            return false;
+        return Date.now() - existing.timestamp < this.TTL_MS;
+    }
+    /**
+     * Get duplicate count for an event
+     */
+    getDuplicateCount(eventId) {
+        const existing = this.seen.get(eventId);
+        return existing?.count ?? 0;
+    }
+    /**
+     * Clear specific event from seen set
+     */
+    clear(eventId) {
+        this.seen.delete(eventId);
+    }
+    /**
+     * Clear all seen events
+     */
+    clearAll() {
+        this.seen.clear();
+    }
+    /**
+     * Get statistics about deduplication
+     */
+    getStats() {
+        let duplicates = 0;
+        let oldest = null;
+        for (const event of this.seen.values()) {
+            if (event.count > 1) {
+                duplicates += event.count - 1;
+            }
+            if (!oldest || event.timestamp < oldest) {
+                oldest = event.timestamp;
+            }
+        }
+        return {
+            totalEvents: this.seen.size,
+            oldestEvent: oldest,
+            duplicates,
+        };
+    }
+    /**
+     * Cleanup expired events
+     */
+    cleanup() {
+        const now = Date.now();
+        let removed = 0;
+        for (const [eventId, event] of this.seen.entries()) {
+            if (now - event.timestamp > this.TTL_MS) {
+                this.seen.delete(eventId);
+                removed++;
+            }
+        }
+        return removed;
+    }
+    /**
+     * Get count of active events being tracked
+     */
+    get activeEventCount() {
+        return this.seen.size;
+    }
+    /**
+     * Destroy deduplicator and stop cleanup interval
+     */
+    destroy() {
+        if (this.cleanupInterval) {
+            clearInterval(this.cleanupInterval);
+            this.cleanupInterval = null;
+        }
+        this.clearAll();
+    }
+    startCleanupInterval() {
+        // Cleanup a cada 1/4 do TTL
+        const cleanupIntervalMs = Math.max(1000, this.TTL_MS / 4);
+        this.cleanupInterval = setInterval(() => {
+            this.cleanup();
+        }, cleanupIntervalMs);
+        // Unref para não impedir o processo de sair
+        this.cleanupInterval.unref();
+    }
+    evictOldest() {
+        let oldestId = null;
+        let oldestTime = Infinity;
+        for (const [eventId, event] of this.seen.entries()) {
+            if (event.timestamp < oldestTime) {
+                oldestTime = event.timestamp;
+                oldestId = eventId;
+            }
+        }
+        if (oldestId) {
+            this.seen.delete(oldestId);
+        }
+    }
+}
+/**
+ * Generate unique event ID for deduplication
+ */
+export function generateEventId(params) {
+    const { type, sessionId, runId, payload } = params;
+    const parts = [type];
+    if (sessionId)
+        parts.push(sessionId);
+    if (runId)
+        parts.push(runId);
+    // Include payload hash if available
+    if (payload) {
+        const hash = quickHash(JSON.stringify(payload));
+        parts.push(hash.toString());
+    }
+    return parts.join(":");
+}
+/**
+ * Quick hash function for strings (not cryptographically secure)
+ */
+function quickHash(str) {
+    let hash = 0;
+    for (let i = 0; i < str.length; i++) {
+        const char = str.charCodeAt(i);
+        hash = (hash << 5) - hash + char;
+        hash = hash & hash; // Convert to 32bit integer
+    }
+    return Math.abs(hash);
+}