@poolzin/pool-bot 2026.3.22 → 2026.3.23

package/dist/browser/profile-capabilities.js

@@ -0,0 +1,47 @@
+export function getBrowserProfileCapabilities(profile) {
+    if (profile.driver === "extension") {
+        return {
+            mode: "local-extension-relay",
+            isRemote: false,
+            requiresRelay: true,
+            requiresAttachedTab: true,
+            usesPersistentPlaywright: false,
+            supportsPerTabWs: false,
+            supportsJsonTabEndpoints: true,
+            supportsReset: true,
+            supportsManagedTabLimit: false,
+        };
+    }
+    return {
+        mode: "local-managed",
+        isRemote: !profile.cdpIsLoopback,
+        requiresRelay: false,
+        requiresAttachedTab: false,
+        usesPersistentPlaywright: false,
+        supportsPerTabWs: profile.cdpIsLoopback,
+        supportsJsonTabEndpoints: profile.cdpIsLoopback,
+        supportsReset: profile.cdpIsLoopback,
+        supportsManagedTabLimit: profile.cdpIsLoopback,
+    };
+}
+export function resolveDefaultSnapshotFormat(params) {
+    if (params.explicitFormat) {
+        return params.explicitFormat;
+    }
+    if (params.mode === "efficient") {
+        return "ai";
+    }
+    const capabilities = getBrowserProfileCapabilities(params.profile);
+    if (capabilities.mode === "local-extension-relay") {
+        return "aria";
+    }
+    return params.hasPlaywright ? "ai" : "aria";
+}
+export function shouldUsePlaywrightForScreenshot(params) {
+    const capabilities = getBrowserProfileCapabilities(params.profile);
+    return (capabilities.requiresRelay || !params.wsUrl || Boolean(params.ref) || Boolean(params.element));
+}
+export function shouldUsePlaywrightForAriaSnapshot(params) {
+    const capabilities = getBrowserProfileCapabilities(params.profile);
+    return capabilities.requiresRelay || !params.wsUrl;
+}

package/dist/browser/safe-filename.js

@@ -0,0 +1,25 @@
+import path from "node:path";
+export function sanitizeUntrustedFileName(fileName, fallbackName) {
+    const trimmed = String(fileName ?? "").trim();
+    if (!trimmed) {
+        return fallbackName;
+    }
+    let base = path.posix.basename(trimmed);
+    base = path.win32.basename(base);
+    let cleaned = "";
+    for (let i = 0; i < base.length; i++) {
+        const code = base.charCodeAt(i);
+        if (code < 0x20 || code === 0x7f) {
+            continue;
+        }
+        cleaned += base[i];
+    }
+    base = cleaned.trim();
+    if (!base || base === "." || base === "..") {
+        return fallbackName;
+    }
+    if (base.length > 200) {
+        base = base.slice(0, 200);
+    }
+    return base;
+}

package/dist/browser/snapshot-roles.js

@@ -0,0 +1,60 @@
+/**
+ * Shared ARIA role classification sets used by both the Playwright and Chrome MCP
+ * snapshot paths. Keep these in sync — divergence causes the two drivers to produce
+ * different snapshot output for the same page.
+ */
+/** Roles that represent user-interactive elements and always get a ref. */
+export const INTERACTIVE_ROLES = new Set([
+    "button",
+    "checkbox",
+    "combobox",
+    "link",
+    "listbox",
+    "menuitem",
+    "menuitemcheckbox",
+    "menuitemradio",
+    "option",
+    "radio",
+    "searchbox",
+    "slider",
+    "spinbutton",
+    "switch",
+    "tab",
+    "textbox",
+    "treeitem",
+]);
+/** Roles that carry meaningful content and get a ref when named. */
+export const CONTENT_ROLES = new Set([
+    "article",
+    "cell",
+    "columnheader",
+    "gridcell",
+    "heading",
+    "listitem",
+    "main",
+    "navigation",
+    "region",
+    "rowheader",
+]);
+/** Structural/container roles — typically skipped in compact mode. */
+export const STRUCTURAL_ROLES = new Set([
+    "application",
+    "directory",
+    "document",
+    "generic",
+    "grid",
+    "group",
+    "ignored",
+    "list",
+    "menu",
+    "menubar",
+    "none",
+    "presentation",
+    "row",
+    "rowgroup",
+    "table",
+    "tablist",
+    "toolbar",
+    "tree",
+    "treegrid",
+]);

package/dist/build-info.json

@@ -1,5 +1,5 @@
 {
-  "version": "2026.3.22",
-  "commit": "d73f24d737d21800609b762183d8554526df0ee7",
-  "builtAt": "2026-03-13T23:59:05.337Z"
+  "version": "2026.3.23",
+  "commit": "127528099de2f9958448f0d468e1a91bdf3bb13e",
+  "builtAt": "2026-03-16T05:19:01.312Z"
 }

package/dist/commands/security-owner-only.js

@@ -0,0 +1,86 @@
+/**
+ * Commands Security - Owner-Only Enforcement
+ *
+ * Security hardening for sensitive commands:
+ * - /config - Configuration management
+ * - /debug - Runtime debug information
+ *
+ * GHSA-commands-owner-only: Require sender ownership for owner-only commands
+ */
+/**
+ * List of owner-only commands
+ */
+export const OWNER_ONLY_COMMANDS = new Set([
+    "config",
+    "debug",
+    "config.set",
+    "config.get",
+    "config.reset",
+    "debug.gateway",
+    "debug.sessions",
+    "debug.memory",
+]);
+/**
+ * Check if a command requires owner-only access
+ */
+export function isOwnerOnlyCommand(command) {
+    const normalized = command.toLowerCase().trim();
+    return OWNER_ONLY_COMMANDS.has(normalized);
+}
+/**
+ * Validate sender ownership for owner-only commands
+ *
+ * Returns true if sender is authorized, false otherwise
+ */
+export function validateOwnerOnlyAccess(params) {
+    const { command, senderId, config } = params;
+    // Check if command requires owner-only access
+    if (!isOwnerOnlyCommand(command)) {
+        return true;
+    }
+    // Get owner ID from config (check multiple possible locations)
+    const ownerId = config.gateway?.ownerId ||
+        config?.ownerId ||
+        config.auth?.ownerId;
+    if (!ownerId) {
+        // No owner configured, allow access (legacy mode)
+        return true;
+    }
+    // Validate sender ownership
+    return senderId === ownerId;
+}
+/**
+ * Get owner-only command error message
+ */
+export function getOwnerOnlyErrorMessage(command) {
+    return `Command "${command}" requires owner access. Only the gateway owner can execute this command.`;
+}
+/**
+ * Analyze command security requirements
+ */
+export function analyzeCommandSecurity(params) {
+    const { command, senderId, config } = params;
+    const isOwnerOnly = isOwnerOnlyCommand(command);
+    const senderAuthorized = validateOwnerOnlyAccess({ command, senderId, config });
+    // Determine security level
+    let securityLevel;
+    if (isOwnerOnly) {
+        securityLevel = "owner";
+    }
+    else if (command.startsWith("admin.")) {
+        securityLevel = "admin";
+    }
+    else if (command.startsWith("user.")) {
+        securityLevel = "user";
+    }
+    else {
+        securityLevel = "public";
+    }
+    return {
+        command,
+        isOwnerOnly,
+        senderAuthorized,
+        requiresElevation: isOwnerOnly && !senderAuthorized,
+        securityLevel,
+    };
+}