@poolzin/pool-bot 2026.3.23 → 2026.3.24

package/dist/commands/sessions-cleanup.js

@@ -0,0 +1,97 @@
+/**
+ * Session Cleanup Command
+ *
+ * Clean up old sessions to stay within disk budget.
+ */
+import { cleanupSessions, getSessionCleanupStatus } from "../infra/session-cleanup.js";
+function formatBytes(bytes) {
+    if (bytes < 1024)
+        return `${bytes} B`;
+    if (bytes < 1024 * 1024)
+        return `${(bytes / 1024).toFixed(2)} KB`;
+    if (bytes < 1024 * 1024 * 1024)
+        return `${(bytes / (1024 * 1024)).toFixed(2)} MB`;
+    return `${(bytes / (1024 * 1024 * 1024)).toFixed(2)} GB`;
+}
+export function registerSessionCleanupCommand(program) {
+    const cleanupCmd = program
+        .command("sessions-cleanup")
+        .description("Clean up old sessions to stay within disk budget");
+    // Run cleanup
+    cleanupCmd
+        .command("run")
+        .description("Run session cleanup")
+        .option("--max-size <MB>", "Maximum disk usage in MB", "1000")
+        .option("--min-keep <count>", "Minimum sessions to keep", "5")
+        .option("--dry-run", "Show what would be deleted without actually deleting")
+        .action(async (options) => {
+        console.log("🎱 Pool Bot - Session Cleanup\n");
+        const maxDiskUsageMB = parseInt(options.maxSize);
+        const minSessionsToKeep = parseInt(options.minKeep);
+        // Show current status
+        const status = await getSessionCleanupStatus({
+            maxDiskUsageMB,
+        });
+        console.log("📊 Current Status:");
+        console.log(`   Sessions: ${status.sessionCount}`);
+        console.log(`   Disk Usage: ${formatBytes(status.currentUsageMB * 1024 * 1024)}`);
+        console.log(`   Max Allowed: ${formatBytes(status.maxUsageMB * 1024 * 1024)}`);
+        console.log(`   Usage: ${status.usagePercent.toFixed(1)}%`);
+        console.log(`   Over Budget: ${status.overBudget ? "Yes ⚠️" : "No ✅"}\n`);
+        if (!status.overBudget) {
+            console.log("✅ No cleanup needed - under budget\n");
+            return;
+        }
+        // Run cleanup
+        const result = await cleanupSessions({
+            maxDiskUsageMB,
+            minSessionsToKeep,
+            dryRun: options.dryRun,
+        });
+        if (result.success) {
+            if (options.dryRun) {
+                console.log("🔍 Dry Run - No changes made\n");
+                console.log("📊 Would cleanup:");
+                console.log(`   - Sessions to delete: ${result.sessionsDeleted}`);
+                console.log(`   - Space to free: ${formatBytes(result.spaceFreedBytes)}`);
+                console.log(`   - Sessions remaining: ${result.sessionsRemaining}`);
+            }
+            else {
+                console.log("✅ Cleanup completed successfully!\n");
+                console.log("📊 Results:");
+                console.log(`   - Sessions deleted: ${result.sessionsDeleted}`);
+                console.log(`   - Space freed: ${formatBytes(result.spaceFreedBytes)}`);
+                console.log(`   - Sessions remaining: ${result.sessionsRemaining}`);
+                console.log(`   - Current usage: ${formatBytes(result.currentDiskUsageBytes)}`);
+                console.log(`   - Duration: ${result.duration}ms`);
+            }
+        }
+        else {
+            console.error("❌ Cleanup failed!\n");
+            console.error(`Error: ${result.error}`);
+            process.exit(1);
+        }
+    });
+    // Show status
+    cleanupCmd
+        .command("status")
+        .description("Show session cleanup status")
+        .option("--max-size <MB>", "Maximum disk usage in MB", "1000")
+        .action(async (options) => {
+        console.log("🎱 Pool Bot - Session Status\n");
+        const maxDiskUsageMB = parseInt(options.maxSize);
+        const status = await getSessionCleanupStatus({
+            maxDiskUsageMB,
+        });
+        console.log("📊 Session Status:");
+        console.log(`   Sessions: ${status.sessionCount}`);
+        console.log(`   Disk Usage: ${formatBytes(status.currentUsageMB * 1024 * 1024)}`);
+        console.log(`   Max Allowed: ${formatBytes(status.maxUsageMB * 1024 * 1024)}`);
+        console.log(`   Usage: ${status.usagePercent.toFixed(1)}%`);
+        console.log(`   Over Budget: ${status.overBudget ? "Yes ⚠️" : "No ✅"}\n`);
+        if (status.overBudget) {
+            console.log('💡 Run "poolbot sessions-cleanup run" to cleanup old sessions\n');
+        }
+    });
+    return cleanupCmd;
+}

package/dist/cron/heartbeat-policy.js

@@ -0,0 +1,26 @@
+import { stripHeartbeatToken } from "../auto-reply/heartbeat.js";
+export function shouldSkipHeartbeatOnlyDelivery(payloads, ackMaxChars) {
+    if (payloads.length === 0) {
+        return true;
+    }
+    const hasAnyMedia = payloads.some((payload) => (payload.mediaUrls?.length ?? 0) > 0 || Boolean(payload.mediaUrl));
+    if (hasAnyMedia) {
+        return false;
+    }
+    return payloads.some((payload) => {
+        const result = stripHeartbeatToken(payload.text, {
+            mode: "heartbeat",
+            maxAckChars: ackMaxChars,
+        });
+        return result.shouldSkip;
+    });
+}
+export function shouldEnqueueCronMainSummary(params) {
+    const summaryText = params.summaryText?.trim();
+    return Boolean(summaryText &&
+        params.isCronSystemEvent(summaryText) &&
+        params.deliveryRequested &&
+        !params.delivered &&
+        params.deliveryAttempted !== true &&
+        !params.suppressMainSummary);
+}

package/dist/gateway/hooks-mapping.js

@@ -1,6 +1,7 @@
+import fs from "node:fs";
 import path from "node:path";
-import { pathToFileURL } from "node:url";
 import { CONFIG_PATH } from "../config/config.js";
+import { importFileModule, resolveFunctionModuleExport } from "../hooks/module-loader.js";
 const hookPresetMappings = {
     gmail: [
         {
@@ -204,15 +205,18 @@ async function loadTransform(transform) {
     if (cached) {
         return cached;
     }
-    const url = pathToFileURL(transform.modulePath).href;
-    const mod = (await import(url));
+    const mod = await importFileModule({ modulePath: transform.modulePath });
     const fn = resolveTransformFn(mod, transform.exportName);
     transformCache.set(cacheKey, fn);
     return fn;
 }
 function resolveTransformFn(mod, exportName) {
-    const candidate = exportName ? mod[exportName] : (mod.default ?? mod.transform);
-    if (typeof candidate !== "function") {
+    const candidate = resolveFunctionModuleExport({
+        mod,
+        exportName,
+        fallbackExportNames: ["default", "transform"],
+    });
+    if (!candidate) {
         throw new Error("hook transform module must export a function");
     }
     return candidate;
@@ -223,6 +227,32 @@ function resolvePath(baseDir, target) {
     }
     return path.isAbsolute(target) ? path.resolve(target) : path.resolve(baseDir, target);
 }
+function escapesBase(baseDir, candidate) {
+    const relative = path.relative(baseDir, candidate);
+    return relative === ".." || relative.startsWith(`..${path.sep}`) || path.isAbsolute(relative);
+}
+function safeRealpathSync(candidate) {
+    try {
+        const nativeRealpath = fs.realpathSync.native;
+        return nativeRealpath ? nativeRealpath(candidate) : fs.realpathSync(candidate);
+    }
+    catch {
+        return null;
+    }
+}
+function resolveExistingAncestor(candidate) {
+    let current = path.resolve(candidate);
+    while (true) {
+        if (fs.existsSync(current)) {
+            return current;
+        }
+        const parent = path.dirname(current);
+        if (parent === current) {
+            return null;
+        }
+        current = parent;
+    }
+}
 function resolveContainedPath(baseDir, target, label) {
     const base = path.resolve(baseDir);
     const trimmed = target?.trim();
@@ -230,8 +260,17 @@ function resolveContainedPath(baseDir, target, label) {
         throw new Error(`${label} module path is required`);
     }
     const resolved = resolvePath(base, trimmed);
-    const relative = path.relative(base, resolved);
-    if (relative === ".." || relative.startsWith(`..${path.sep}`) || path.isAbsolute(relative)) {
+    if (escapesBase(base, resolved)) {
+        throw new Error(`${label} module path must be within ${base}: ${target}`);
+    }
+    // Block symlink escapes for existing path segments while preserving current
+    // behavior for not-yet-created files.
+    const baseRealpath = safeRealpathSync(base);
+    const existingAncestor = resolveExistingAncestor(resolved);
+    const existingAncestorRealpath = existingAncestor ? safeRealpathSync(existingAncestor) : null;
+    if (baseRealpath &&
+        existingAncestorRealpath &&
+        escapesBase(baseRealpath, existingAncestorRealpath)) {
         throw new Error(`${label} module path must be within ${base}: ${target}`);
     }
     return resolved;

package/dist/hooks/module-loader.js

@@ -0,0 +1,28 @@
+import { pathToFileURL } from "node:url";
+export function resolveFileModuleUrl(params) {
+    const url = pathToFileURL(params.modulePath).href;
+    if (!params.cacheBust) {
+        return url;
+    }
+    const ts = params.nowMs ?? Date.now();
+    return `${url}?t=${ts}`;
+}
+export async function importFileModule(params) {
+    const specifier = resolveFileModuleUrl(params);
+    return (await import(specifier));
+}
+export function resolveFunctionModuleExport(params) {
+    const explicitExport = params.exportName?.trim();
+    if (explicitExport) {
+        const candidate = params.mod[explicitExport];
+        return typeof candidate === "function" ? candidate : undefined;
+    }
+    const fallbacks = params.fallbackExportNames ?? ["default"];
+    for (const exportName of fallbacks) {
+        const candidate = params.mod[exportName];
+        if (typeof candidate === "function") {
+            return candidate;
+        }
+    }
+    return undefined;
+}

package/dist/infra/agent-command-binding.js

@@ -0,0 +1,144 @@
+/**
+ * Agent Command Binding System
+ *
+ * Allows binding specific commands to agents.
+ * Implemented from scratch for Pool Bot architecture.
+ */
+import fs from "node:fs/promises";
+import path from "node:path";
+const BINDINGS_FILE = path.join(process.cwd(), ".poolbot", "agent-command-bindings.json");
+/**
+ * Load command bindings from file
+ */
+export async function loadCommandBindings() {
+    try {
+        const data = await fs.readFile(BINDINGS_FILE, "utf-8");
+        return JSON.parse(data);
+    }
+    catch (error) {
+        if (error.code === "ENOENT") {
+            return { bindings: {} };
+        }
+        throw error;
+    }
+}
+/**
+ * Save command bindings to file
+ */
+export async function saveCommandBindings(store) {
+    await fs.mkdir(path.dirname(BINDINGS_FILE), { recursive: true });
+    await fs.writeFile(BINDINGS_FILE, JSON.stringify(store, null, 2));
+}
+/**
+ * Bind commands to an agent
+ */
+export async function bindCommandsToAgent(params) {
+    const { agentId, commands, allowlist = true } = params;
+    const now = Date.now();
+    const store = await loadCommandBindings();
+    const existing = store.bindings[agentId];
+    const binding = {
+        agentId,
+        commands: [...new Set(commands)], // Remove duplicates
+        allowlist,
+        createdAt: existing?.createdAt || now,
+        updatedAt: now,
+    };
+    store.bindings[agentId] = binding;
+    await saveCommandBindings(store);
+    return binding;
+}
+/**
+ * Unbind commands from an agent
+ */
+export async function unbindCommandsFromAgent(agentId) {
+    const store = await loadCommandBindings();
+    if (!store.bindings[agentId]) {
+        return false;
+    }
+    delete store.bindings[agentId];
+    await saveCommandBindings(store);
+    return true;
+}
+/**
+ * Get command bindings for an agent
+ */
+export async function getAgentBindings(agentId) {
+    const store = await loadCommandBindings();
+    return store.bindings[agentId];
+}
+/**
+ * Get all command bindings
+ */
+export async function getAllBindings() {
+    const store = await loadCommandBindings();
+    return Object.values(store.bindings);
+}
+/**
+ * Check if a command is allowed for an agent
+ */
+export async function isCommandAllowedForAgent(params) {
+    const { agentId, command } = params;
+    const binding = await getAgentBindings(agentId);
+    // No binding = all commands allowed
+    if (!binding) {
+        return { allowed: true, reason: "No binding - all commands allowed" };
+    }
+    const commandExists = binding.commands.includes(command);
+    if (binding.allowlist) {
+        // Allowlist mode: only these commands are allowed
+        if (commandExists) {
+            return { allowed: true, reason: "Command in allowlist" };
+        }
+        else {
+            return { allowed: false, reason: "Command not in allowlist" };
+        }
+    }
+    else {
+        // Denylist mode: all commands allowed except these
+        if (commandExists) {
+            return { allowed: false, reason: "Command in denylist" };
+        }
+        else {
+            return { allowed: true, reason: "Command not in denylist" };
+        }
+    }
+}
+/**
+ * Add commands to an agent's binding
+ */
+export async function addCommandsToAgent(params) {
+    const { agentId, commands } = params;
+    const binding = await getAgentBindings(agentId);
+    if (!binding) {
+        return bindCommandsToAgent({ agentId, commands });
+    }
+    const updatedCommands = [...new Set([...binding.commands, ...commands])];
+    return bindCommandsToAgent({ agentId, commands: updatedCommands, allowlist: binding.allowlist });
+}
+/**
+ * Remove commands from an agent's binding
+ */
+export async function removeCommandsFromAgent(params) {
+    const { agentId, commands } = params;
+    const binding = await getAgentBindings(agentId);
+    if (!binding) {
+        throw new Error(`No binding found for agent ${agentId}`);
+    }
+    const updatedCommands = binding.commands.filter((cmd) => !commands.includes(cmd));
+    return bindCommandsToAgent({ agentId, commands: updatedCommands, allowlist: binding.allowlist });
+}
+/**
+ * Toggle binding mode (allowlist/denylist)
+ */
+export async function toggleBindingMode(agentId) {
+    const binding = await getAgentBindings(agentId);
+    if (!binding) {
+        throw new Error(`No binding found for agent ${agentId}`);
+    }
+    return bindCommandsToAgent({
+        agentId,
+        commands: binding.commands,
+        allowlist: !binding.allowlist,
+    });
+}