@poolzin/pool-bot 2026.3.22 → 2026.3.24

package/dist/browser/profile-capabilities.js

@@ -0,0 +1,47 @@
+export function getBrowserProfileCapabilities(profile) {
+    if (profile.driver === "extension") {
+        return {
+            mode: "local-extension-relay",
+            isRemote: false,
+            requiresRelay: true,
+            requiresAttachedTab: true,
+            usesPersistentPlaywright: false,
+            supportsPerTabWs: false,
+            supportsJsonTabEndpoints: true,
+            supportsReset: true,
+            supportsManagedTabLimit: false,
+        };
+    }
+    return {
+        mode: "local-managed",
+        isRemote: !profile.cdpIsLoopback,
+        requiresRelay: false,
+        requiresAttachedTab: false,
+        usesPersistentPlaywright: false,
+        supportsPerTabWs: profile.cdpIsLoopback,
+        supportsJsonTabEndpoints: profile.cdpIsLoopback,
+        supportsReset: profile.cdpIsLoopback,
+        supportsManagedTabLimit: profile.cdpIsLoopback,
+    };
+}
+export function resolveDefaultSnapshotFormat(params) {
+    if (params.explicitFormat) {
+        return params.explicitFormat;
+    }
+    if (params.mode === "efficient") {
+        return "ai";
+    }
+    const capabilities = getBrowserProfileCapabilities(params.profile);
+    if (capabilities.mode === "local-extension-relay") {
+        return "aria";
+    }
+    return params.hasPlaywright ? "ai" : "aria";
+}
+export function shouldUsePlaywrightForScreenshot(params) {
+    const capabilities = getBrowserProfileCapabilities(params.profile);
+    return (capabilities.requiresRelay || !params.wsUrl || Boolean(params.ref) || Boolean(params.element));
+}
+export function shouldUsePlaywrightForAriaSnapshot(params) {
+    const capabilities = getBrowserProfileCapabilities(params.profile);
+    return capabilities.requiresRelay || !params.wsUrl;
+}

package/dist/browser/safe-filename.js

@@ -0,0 +1,25 @@
+import path from "node:path";
+export function sanitizeUntrustedFileName(fileName, fallbackName) {
+    const trimmed = String(fileName ?? "").trim();
+    if (!trimmed) {
+        return fallbackName;
+    }
+    let base = path.posix.basename(trimmed);
+    base = path.win32.basename(base);
+    let cleaned = "";
+    for (let i = 0; i < base.length; i++) {
+        const code = base.charCodeAt(i);
+        if (code < 0x20 || code === 0x7f) {
+            continue;
+        }
+        cleaned += base[i];
+    }
+    base = cleaned.trim();
+    if (!base || base === "." || base === "..") {
+        return fallbackName;
+    }
+    if (base.length > 200) {
+        base = base.slice(0, 200);
+    }
+    return base;
+}

package/dist/browser/snapshot-roles.js

@@ -0,0 +1,60 @@
+/**
+ * Shared ARIA role classification sets used by both the Playwright and Chrome MCP
+ * snapshot paths. Keep these in sync — divergence causes the two drivers to produce
+ * different snapshot output for the same page.
+ */
+/** Roles that represent user-interactive elements and always get a ref. */
+export const INTERACTIVE_ROLES = new Set([
+    "button",
+    "checkbox",
+    "combobox",
+    "link",
+    "listbox",
+    "menuitem",
+    "menuitemcheckbox",
+    "menuitemradio",
+    "option",
+    "radio",
+    "searchbox",
+    "slider",
+    "spinbutton",
+    "switch",
+    "tab",
+    "textbox",
+    "treeitem",
+]);
+/** Roles that carry meaningful content and get a ref when named. */
+export const CONTENT_ROLES = new Set([
+    "article",
+    "cell",
+    "columnheader",
+    "gridcell",
+    "heading",
+    "listitem",
+    "main",
+    "navigation",
+    "region",
+    "rowheader",
+]);
+/** Structural/container roles — typically skipped in compact mode. */
+export const STRUCTURAL_ROLES = new Set([
+    "application",
+    "directory",
+    "document",
+    "generic",
+    "grid",
+    "group",
+    "ignored",
+    "list",
+    "menu",
+    "menubar",
+    "none",
+    "presentation",
+    "row",
+    "rowgroup",
+    "table",
+    "tablist",
+    "toolbar",
+    "tree",
+    "treegrid",
+]);

package/dist/build-info.json

@@ -1,5 +1,5 @@
 {
-  "version": "2026.3.22",
-  "commit": "d73f24d737d21800609b762183d8554526df0ee7",
-  "builtAt": "2026-03-13T23:59:05.337Z"
+  "version": "2026.3.24",
+  "commit": "30d8108895641ae634c05fb74351706c65b83308",
+  "builtAt": "2026-03-16T18:27:37.980Z"
 }

package/dist/channels/account-snapshot-fields.js

@@ -0,0 +1,176 @@
+// Read-only status commands project a safe subset of account fields into snapshots
+// so renderers can preserve "configured but unavailable" state without touching
+// strict runtime-only credential helpers.
+const CREDENTIAL_STATUS_KEYS = [
+    "tokenStatus",
+    "botTokenStatus",
+    "appTokenStatus",
+    "signingSecretStatus",
+    "userTokenStatus",
+];
+function asRecord(value) {
+    if (!value || typeof value !== "object" || Array.isArray(value)) {
+        return null;
+    }
+    return value;
+}
+function readTrimmedString(record, key) {
+    const value = record[key];
+    if (typeof value !== "string") {
+        return undefined;
+    }
+    const trimmed = value.trim();
+    return trimmed.length > 0 ? trimmed : undefined;
+}
+function readBoolean(record, key) {
+    return typeof record[key] === "boolean" ? record[key] : undefined;
+}
+function readNumber(record, key) {
+    const value = record[key];
+    return typeof value === "number" && Number.isFinite(value) ? value : undefined;
+}
+function readStringArray(record, key) {
+    const value = record[key];
+    if (!Array.isArray(value)) {
+        return undefined;
+    }
+    const normalized = value
+        .map((entry) => (typeof entry === "string" || typeof entry === "number" ? String(entry) : ""))
+        .map((entry) => entry.trim())
+        .filter(Boolean);
+    return normalized.length > 0 ? normalized : undefined;
+}
+function readCredentialStatus(record, key) {
+    const value = record[key];
+    return value === "available" || value === "configured_unavailable" || value === "missing"
+        ? value
+        : undefined;
+}
+export function resolveConfiguredFromCredentialStatuses(account) {
+    const record = asRecord(account);
+    if (!record) {
+        return undefined;
+    }
+    let sawCredentialStatus = false;
+    for (const key of CREDENTIAL_STATUS_KEYS) {
+        const status = readCredentialStatus(record, key);
+        if (!status) {
+            continue;
+        }
+        sawCredentialStatus = true;
+        if (status !== "missing") {
+            return true;
+        }
+    }
+    return sawCredentialStatus ? false : undefined;
+}
+export function resolveConfiguredFromRequiredCredentialStatuses(account, requiredKeys) {
+    const record = asRecord(account);
+    if (!record) {
+        return undefined;
+    }
+    let sawCredentialStatus = false;
+    for (const key of requiredKeys) {
+        const status = readCredentialStatus(record, key);
+        if (!status) {
+            continue;
+        }
+        sawCredentialStatus = true;
+        if (status === "missing") {
+            return false;
+        }
+    }
+    return sawCredentialStatus ? true : undefined;
+}
+export function hasConfiguredUnavailableCredentialStatus(account) {
+    const record = asRecord(account);
+    if (!record) {
+        return false;
+    }
+    return CREDENTIAL_STATUS_KEYS.some((key) => readCredentialStatus(record, key) === "configured_unavailable");
+}
+export function hasResolvedCredentialValue(account) {
+    const record = asRecord(account);
+    if (!record) {
+        return false;
+    }
+    return (["token", "botToken", "appToken", "signingSecret", "userToken"].some((key) => {
+        const value = record[key];
+        return typeof value === "string" && value.trim().length > 0;
+    }) || CREDENTIAL_STATUS_KEYS.some((key) => readCredentialStatus(record, key) === "available"));
+}
+export function projectCredentialSnapshotFields(account) {
+    const record = asRecord(account);
+    if (!record) {
+        return {};
+    }
+    return {
+        ...(readTrimmedString(record, "tokenSource")
+            ? { tokenSource: readTrimmedString(record, "tokenSource") }
+            : {}),
+        ...(readTrimmedString(record, "botTokenSource")
+            ? { botTokenSource: readTrimmedString(record, "botTokenSource") }
+            : {}),
+        ...(readTrimmedString(record, "appTokenSource")
+            ? { appTokenSource: readTrimmedString(record, "appTokenSource") }
+            : {}),
+        ...(readTrimmedString(record, "signingSecretSource")
+            ? { signingSecretSource: readTrimmedString(record, "signingSecretSource") }
+            : {}),
+        ...(readCredentialStatus(record, "tokenStatus")
+            ? { tokenStatus: readCredentialStatus(record, "tokenStatus") }
+            : {}),
+        ...(readCredentialStatus(record, "botTokenStatus")
+            ? { botTokenStatus: readCredentialStatus(record, "botTokenStatus") }
+            : {}),
+        ...(readCredentialStatus(record, "appTokenStatus")
+            ? { appTokenStatus: readCredentialStatus(record, "appTokenStatus") }
+            : {}),
+        ...(readCredentialStatus(record, "signingSecretStatus")
+            ? { signingSecretStatus: readCredentialStatus(record, "signingSecretStatus") }
+            : {}),
+        ...(readCredentialStatus(record, "userTokenStatus")
+            ? { userTokenStatus: readCredentialStatus(record, "userTokenStatus") }
+            : {}),
+    };
+}
+export function projectSafeChannelAccountSnapshotFields(account) {
+    const record = asRecord(account);
+    if (!record) {
+        return {};
+    }
+    return {
+        ...(readTrimmedString(record, "name") ? { name: readTrimmedString(record, "name") } : {}),
+        ...(readBoolean(record, "linked") !== undefined
+            ? { linked: readBoolean(record, "linked") }
+            : {}),
+        ...(readBoolean(record, "running") !== undefined
+            ? { running: readBoolean(record, "running") }
+            : {}),
+        ...(readBoolean(record, "connected") !== undefined
+            ? { connected: readBoolean(record, "connected") }
+            : {}),
+        ...(readNumber(record, "reconnectAttempts") !== undefined
+            ? { reconnectAttempts: readNumber(record, "reconnectAttempts") }
+            : {}),
+        ...(readTrimmedString(record, "mode") ? { mode: readTrimmedString(record, "mode") } : {}),
+        ...(readTrimmedString(record, "dmPolicy")
+            ? { dmPolicy: readTrimmedString(record, "dmPolicy") }
+            : {}),
+        ...(readStringArray(record, "allowFrom")
+            ? { allowFrom: readStringArray(record, "allowFrom") }
+            : {}),
+        ...projectCredentialSnapshotFields(account),
+        ...(readTrimmedString(record, "baseUrl")
+            ? { baseUrl: readTrimmedString(record, "baseUrl") }
+            : {}),
+        ...(readBoolean(record, "allowUnmentionedGroups") !== undefined
+            ? { allowUnmentionedGroups: readBoolean(record, "allowUnmentionedGroups") }
+            : {}),
+        ...(readTrimmedString(record, "cliPath")
+            ? { cliPath: readTrimmedString(record, "cliPath") }
+            : {}),
+        ...(readTrimmedString(record, "dbPath") ? { dbPath: readTrimmedString(record, "dbPath") } : {}),
+        ...(readNumber(record, "port") !== undefined ? { port: readNumber(record, "port") } : {}),
+    };
+}

package/dist/channels/draft-stream-controls.js

@@ -0,0 +1,89 @@
+import { createDraftStreamLoop } from "./draft-stream-loop.js";
+export function createFinalizableDraftStreamControls(params) {
+    const loop = createDraftStreamLoop({
+        throttleMs: params.throttleMs,
+        isStopped: params.isStopped,
+        sendOrEditStreamMessage: params.sendOrEditStreamMessage,
+    });
+    const update = (text) => {
+        if (params.isStopped() || params.isFinal()) {
+            return;
+        }
+        loop.update(text);
+    };
+    const stop = async () => {
+        params.markFinal();
+        await loop.flush();
+    };
+    const stopForClear = async () => {
+        params.markStopped();
+        loop.stop();
+        await loop.waitForInFlight();
+    };
+    return {
+        loop,
+        update,
+        stop,
+        stopForClear,
+    };
+}
+export function createFinalizableDraftStreamControlsForState(params) {
+    return createFinalizableDraftStreamControls({
+        throttleMs: params.throttleMs,
+        isStopped: () => params.state.stopped,
+        isFinal: () => params.state.final,
+        markStopped: () => {
+            params.state.stopped = true;
+        },
+        markFinal: () => {
+            params.state.final = true;
+        },
+        sendOrEditStreamMessage: params.sendOrEditStreamMessage,
+    });
+}
+export async function takeMessageIdAfterStop(params) {
+    await params.stopForClear();
+    const messageId = params.readMessageId();
+    params.clearMessageId();
+    return messageId;
+}
+export async function clearFinalizableDraftMessage(params) {
+    const messageId = await takeMessageIdAfterStop({
+        stopForClear: params.stopForClear,
+        readMessageId: params.readMessageId,
+        clearMessageId: params.clearMessageId,
+    });
+    if (!params.isValidMessageId(messageId)) {
+        return;
+    }
+    try {
+        await params.deleteMessage(messageId);
+        params.onDeleteSuccess?.(messageId);
+    }
+    catch (err) {
+        params.warn?.(`${params.warnPrefix}: ${err instanceof Error ? err.message : String(err)}`);
+    }
+}
+export function createFinalizableDraftLifecycle(params) {
+    const controls = createFinalizableDraftStreamControlsForState({
+        throttleMs: params.throttleMs,
+        state: params.state,
+        sendOrEditStreamMessage: params.sendOrEditStreamMessage,
+    });
+    const clear = async () => {
+        await clearFinalizableDraftMessage({
+            stopForClear: controls.stopForClear,
+            readMessageId: params.readMessageId,
+            clearMessageId: params.clearMessageId,
+            isValidMessageId: params.isValidMessageId,
+            deleteMessage: params.deleteMessage,
+            onDeleteSuccess: params.onDeleteSuccess,
+            warn: params.warn,
+            warnPrefix: params.warnPrefix,
+        });
+    };
+    return {
+        ...controls,
+        clear,
+    };
+}

package/dist/channels/inbound-debounce-policy.js

@@ -0,0 +1,28 @@
+import { hasControlCommand } from "../auto-reply/command-detection.js";
+import { createInboundDebouncer, resolveInboundDebounceMs, } from "../auto-reply/inbound-debounce.js";
+export function shouldDebounceTextInbound(params) {
+    if (params.allowDebounce === false) {
+        return false;
+    }
+    if (params.hasMedia) {
+        return false;
+    }
+    const text = params.text?.trim() ?? "";
+    if (!text) {
+        return false;
+    }
+    return !hasControlCommand(text, params.cfg, params.commandOptions);
+}
+export function createChannelInboundDebouncer(params) {
+    const debounceMs = resolveInboundDebounceMs({
+        cfg: params.cfg,
+        channel: params.channel,
+        overrideMs: params.debounceMsOverride,
+    });
+    const { cfg: _cfg, channel: _channel, debounceMsOverride: _override, ...rest } = params;
+    const debouncer = createInboundDebouncer({
+        debounceMs,
+        ...rest,
+    });
+    return { debounceMs, debouncer };
+}

package/dist/channels/typing-lifecycle.js

@@ -0,0 +1,39 @@
+export function createTypingKeepaliveLoop(params) {
+    let timer;
+    let tickInFlight = false;
+    const tick = async () => {
+        if (tickInFlight) {
+            return;
+        }
+        tickInFlight = true;
+        try {
+            await params.onTick();
+        }
+        finally {
+            tickInFlight = false;
+        }
+    };
+    const start = () => {
+        if (params.intervalMs <= 0 || timer) {
+            return;
+        }
+        timer = setInterval(() => {
+            void tick();
+        }, params.intervalMs);
+    };
+    const stop = () => {
+        if (!timer) {
+            return;
+        }
+        clearInterval(timer);
+        timer = undefined;
+        tickInFlight = false;
+    };
+    const isRunning = () => timer !== undefined;
+    return {
+        tick,
+        start,
+        stop,
+        isRunning,
+    };
+}

package/dist/cli/program/command-registry.js

@@ -92,6 +92,19 @@ const coreEntries = [
             mod.registerMaintenanceCommands(program);
         },
     },
+    {
+        commands: [
+            {
+                name: "sessions-cleanup",
+                description: "Clean up old sessions to stay within disk budget",
+                hasSubcommands: true,
+            },
+        ],
+        register: async ({ program }) => {
+            const mod = await import("../../commands/sessions-cleanup.js");
+            mod.registerSessionCleanupCommand(program);
+        },
+    },
     {
         commands: [
             {
@@ -138,6 +151,19 @@ const coreEntries = [
             });
         },
     },
+    {
+        commands: [
+            {
+                name: "agent-binding",
+                description: "Manage agent command bindings (bind/unbind commands to agents)",
+                hasSubcommands: true,
+            },
+        ],
+        register: async ({ program }) => {
+            const mod = await import("../../commands/agent-binding.js");
+            mod.registerAgentCommandBindingCommand(program);
+        },
+    },
     {
         commands: [
             {
@@ -161,6 +187,32 @@ const coreEntries = [
             mod.registerStatusHealthSessionsCommands(program);
         },
     },
+    {
+        commands: [
+            {
+                name: "backup",
+                description: "Manage Pool Bot backups (create, restore, list, delete)",
+                hasSubcommands: true,
+            },
+        ],
+        register: async ({ program }) => {
+            const mod = await import("../../commands/backup.js");
+            mod.registerBackupCommand(program);
+        },
+    },
+    {
+        commands: [
+            {
+                name: "channel-account",
+                description: "Manage channel accounts (multi-account support)",
+                hasSubcommands: true,
+            },
+        ],
+        register: async ({ program }) => {
+            const mod = await import("../../commands/channel-account.js");
+            mod.registerChannelAccountCommand(program);
+        },
+    },
     {
         commands: [
             {

package/dist/commands/agent-binding.js

@@ -0,0 +1,123 @@
+/**
+ * Agent Command Binding CLI
+ *
+ * Bind specific commands to agents.
+ */
+import { bindCommandsToAgent, unbindCommandsFromAgent, getAgentBindings, getAllBindings, addCommandsToAgent, removeCommandsFromAgent, toggleBindingMode, isCommandAllowedForAgent, } from "../infra/agent-command-binding.js";
+export function registerAgentCommandBindingCommand(program) {
+    const bindingCmd = program.command("agent-binding").description("Manage agent command bindings");
+    // List all bindings
+    bindingCmd
+        .command("list")
+        .description("List all agent command bindings")
+        .action(async () => {
+        console.log("🎱 Pool Bot - Agent Command Bindings\n");
+        const bindings = await getAllBindings();
+        if (bindings.length === 0) {
+            console.log("No bindings found.\n");
+            return;
+        }
+        console.log("┌──────────────┬──────────────┬──────────────┬──────────────┐");
+        console.log("│ Agent ID     │ Mode         │ Commands     │ Updated      │");
+        console.log("├──────────────┼──────────────┼──────────────┼──────────────┤");
+        bindings.forEach((binding) => {
+            const mode = binding.allowlist ? "Allowlist" : "Denylist";
+            const commandCount = binding.commands.length;
+            const updated = new Date(binding.updatedAt).toLocaleDateString();
+            console.log(`│ ${binding.agentId.padEnd(12)} │ ${mode.padEnd(12)} │ ${String(commandCount).padEnd(12)} │ ${updated.padEnd(12)} │`);
+        });
+        console.log("└──────────────┴──────────────┴──────────────┴──────────────┘\n");
+        console.log(`Total: ${bindings.length} binding(s)\n`);
+    });
+    // Show binding for specific agent
+    bindingCmd
+        .command("show <agentId>")
+        .description("Show bindings for a specific agent")
+        .action(async (agentId) => {
+        console.log(`🎱 Pool Bot - Agent Binding for ${agentId}\n`);
+        const binding = await getAgentBindings(agentId);
+        if (!binding) {
+            console.log(`No binding found for agent ${agentId}\n`);
+            return;
+        }
+        console.log(`Agent ID: ${binding.agentId}`);
+        console.log(`Mode: ${binding.allowlist ? "Allowlist" : "Denylist"}`);
+        console.log(`Commands (${binding.commands.length}):`);
+        binding.commands.forEach((cmd) => console.log(`  - ${cmd}`));
+        console.log(`Created: ${new Date(binding.createdAt).toLocaleString()}`);
+        console.log(`Updated: ${new Date(binding.updatedAt).toLocaleString()}\n`);
+    });
+    // Bind commands
+    bindingCmd
+        .command("bind <agentId> <commands...>")
+        .description("Bind commands to an agent (allowlist mode)")
+        .option("--denylist", "Use denylist mode instead of allowlist")
+        .action(async (agentId, commands, options) => {
+        console.log("🎱 Pool Bot - Binding Commands\n");
+        const binding = await bindCommandsToAgent({
+            agentId,
+            commands,
+            allowlist: !options.denylist,
+        });
+        console.log(`✅ Commands bound to agent ${agentId}\n`);
+        console.log(`Mode: ${binding.allowlist ? "Allowlist" : "Denylist"}`);
+        console.log(`Commands: ${binding.commands.join(", ")}\n`);
+    });
+    // Add commands
+    bindingCmd
+        .command("add <agentId> <commands...>")
+        .description("Add commands to an agent's binding")
+        .action(async (agentId, commands) => {
+        console.log("🎱 Pool Bot - Adding Commands\n");
+        const binding = await addCommandsToAgent({ agentId, commands });
+        console.log(`✅ Commands added to agent ${agentId}\n`);
+        console.log(`Total commands: ${binding.commands.length}\n`);
+    });
+    // Remove commands
+    bindingCmd
+        .command("remove <agentId> <commands...>")
+        .description("Remove commands from an agent's binding")
+        .action(async (agentId, commands) => {
+        console.log("🎱 Pool Bot - Removing Commands\n");
+        const binding = await removeCommandsFromAgent({ agentId, commands });
+        console.log(`✅ Commands removed from agent ${agentId}\n`);
+        console.log(`Remaining commands: ${binding.commands.length}\n`);
+    });
+    // Unbind
+    bindingCmd
+        .command("unbind <agentId>")
+        .description("Remove all bindings from an agent")
+        .action(async (agentId) => {
+        console.log("🎱 Pool Bot - Unbinding Commands\n");
+        const success = await unbindCommandsFromAgent(agentId);
+        if (success) {
+            console.log(`✅ Bindings removed for agent ${agentId}\n`);
+        }
+        else {
+            console.log(`No bindings found for agent ${agentId}\n`);
+        }
+    });
+    // Toggle mode
+    bindingCmd
+        .command("toggle <agentId>")
+        .description("Toggle between allowlist and denylist mode")
+        .action(async (agentId) => {
+        console.log("🎱 Pool Bot - Toggling Binding Mode\n");
+        const binding = await toggleBindingMode(agentId);
+        console.log(`✅ Mode toggled for agent ${agentId}\n`);
+        console.log(`New mode: ${binding.allowlist ? "Allowlist" : "Denylist"}\n`);
+    });
+    // Test command
+    bindingCmd
+        .command("test <agentId> <command>")
+        .description("Test if a command is allowed for an agent")
+        .action(async (agentId, command) => {
+        console.log("🎱 Pool Bot - Testing Command\n");
+        const result = await isCommandAllowedForAgent({ agentId, command });
+        console.log(`Agent: ${agentId}`);
+        console.log(`Command: ${command}`);
+        console.log(`Allowed: ${result.allowed ? "Yes ✅" : "No ❌"}`);
+        console.log(`Reason: ${result.reason}\n`);
+    });
+    return bindingCmd;
+}