@poolzin/pool-bot 2026.3.4 → 2026.3.6

package/docs/adr/003-feature-gap-analysis.md

@@ -0,0 +1,112 @@
+# ADR 003: Feature Gap Analysis — Pool Bot vs OpenClaw
+
+**Status:** Accepted  
+**Date:** 2026-03-04  
+**Author:** PLCode analysis agent
+
+## Context
+
+Pool Bot (v2026.3.4) was forked from OpenClaw. OpenClaw has continued shipping features through versions 2026.2.12 to 2026.3.3 that Pool Bot has not yet adopted. This document identifies the highest-value gaps and prioritizes implementation.
+
+## Analysis Method
+
+- Full diff of both CHANGELOGs (2000+ OpenClaw lines vs 297 Pool Bot lines)
+- Deep source-tree exploration of `src/`, `extensions/`, `docs/`, and config schemas
+- Cross-reference of every OpenClaw feature against Pool Bot codebase using grep/AST search
+
+## Confirmed Present (No Gap)
+
+These OpenClaw features already exist in Pool Bot:
+
+| Feature | Evidence |
+|---------|----------|
+| SSRF protection | 91+ references across `src/infra/net/ssrf.ts` and callers |
+| Draft streaming (Telegram/Discord/Slack) | Full implementation in channel modules |
+| Config validation | 100+ Zod schema matches |
+| Session compaction | Plugin hooks, auto-compaction, diagnostics |
+| Feishu/LINE/Mattermost/IRC/MS Teams/Nextcloud Talk/Tlon | Extensions present |
+| Ollama memory embeddings | v2026.3.4 |
+| Channel auto-restart with exponential backoff | Cherry-picked from OpenClaw |
+| Boundary file read / safe-open-sync | Cherry-picked from OpenClaw |
+| Hardened fs-safe with atomic writes | Cherry-picked from OpenClaw |
+
+## Confirmed Missing — Critical & High Priority
+
+### 1. HTTP Container Health Probes
+
+**Priority:** Critical | **Effort:** S (small)
+
+OpenClaw 2026.3.1 added built-in HTTP liveness/readiness endpoints (`/health`, `/healthz`, `/ready`, `/readyz`) for Docker/Kubernetes orchestrators. Pool Bot's gateway has WS-based health only — no HTTP endpoint paths for container probes.
+
+**Impact:** Blocks production Kubernetes/Docker deployments from proper health checking.
+
+### 2. First-class PDF Tool
+
+**Priority:** High | **Effort:** M (medium)
+
+OpenClaw 2026.3.2 added a native PDF document extraction tool using provider-native document understanding (Anthropic/Google). Pool Bot's browser-tool has a "pdf" action that renders pages to PDF via browser, but no dedicated extraction tool.
+
+**Impact:** Users cannot extract text/data from PDF documents using provider-native capabilities.
+
+### 3. Cron Failure Alerts
+
+**Priority:** High | **Effort:** L (large)
+
+OpenClaw 2026.3.1 added `failureAlert.mode` (announce | webhook) with `failureAlert.accountId`, per-job `delivery.failureDestination`. OpenClaw 2026.3.3 extended this with repeated-failure alerting, per-job overrides, and Web UI editor support. Pool Bot's cron logs failures but has no notification mechanism.
+
+**Impact:** Operators have no way to be notified when scheduled tasks fail.
+
+### 4. Tools/Diffs Plugin
+
+**Priority:** High | **Effort:** M (medium)
+
+OpenClaw 2026.3.1 added a `diffs` plugin tool for read-only diff rendering from before/after text or unified patches, with gateway viewer URLs. OpenClaw 2026.3.2 added PDF output support.
+
+**Impact:** Agents cannot present structured diffs to users in a readable format.
+
+### 5. Head+Tail Truncation Strategy
+
+**Priority:** Medium | **Effort:** S (small)
+
+OpenClaw added head+tail truncation for long messages — keeping the beginning and end of messages while eliding the middle. Pool Bot only has simple character-limit truncation.
+
+**Impact:** Long responses lose valuable ending content when truncated.
+
+## Confirmed Missing — Medium Priority
+
+| Feature | OpenClaw Version | Effort |
+|---------|-----------------|--------|
+| Perplexity Search API integration | 2026.2.14 | M |
+| Telegram per-topic agentId | 2026.2.25 | S |
+| Slack DM typing indicators | 2026.2.28 | S |
+| Discord `allowBots` flag | 2026.2.28 | S |
+| `config validate` CLI command | 2026.3.1 | S |
+| OpenAI Responses WS transport | 2026.3.1 | L |
+| Discord thread binding lifecycle | 2026.3.1 | M |
+| Telegram DM topics | 2026.3.1 | S |
+| Plugin runtime API enhancements | 2026.3.2 | M |
+| Adaptive thinking budget | 2026.3.2 | M |
+| Gateway Permissions-Policy header | 2026.3.2 | S |
+| Config heartbeat auto-migration | 2026.3.3 | S |
+
+## Confirmed Missing — Low Priority
+
+| Feature | OpenClaw Version | Effort |
+|---------|-----------------|--------|
+| CLI banner tagline randomizer | 2026.2.14 | S |
+| `config file` command | 2026.3.1 | S |
+| Web UI locale additions | 2026.3.2 | S |
+| SecretRef/Secrets management | 2026.3.1-3.3 | XL |
+
+## Recommended Implementation Order
+
+1. **HTTP Health Probes** — smallest effort, unblocks container orchestration
+2. **Head+tail truncation** — small effort, immediate UX improvement
+3. **Cron failure alerts** — high operator value, moderate effort
+4. **First-class PDF tool** — high user value, leverages existing patterns
+5. **Diffs plugin tool** — complements agent capabilities
+6. **SecretRef system** — XL effort, defer to dedicated sprint
+
+## Decision
+
+Implement items 1-5 in a single feature batch. Defer SecretRef and medium/low items to subsequent releases.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@poolzin/pool-bot",
-  "version": "2026.3.4",
+  "version": "2026.3.6",
   "description": "🎱 Pool Bot - AI assistant with PLCODE integrations",
   "keywords": [],
   "license": "MIT",
@@ -130,6 +130,7 @@
     "express": "^5.2.1",
     "file-type": "^21.3.0",
     "grammy": "^1.40.0",
+    "ipaddr.js": "^2.3.0",
     "jiti": "^2.6.1",
     "json5": "^2.2.3",
     "jszip": "^3.10.1",
@@ -186,11 +187,16 @@
   "pnpm": {
     "minimumReleaseAge": 2880,
     "overrides": {
-      "fast-xml-parser": "5.3.4",
+      "hono": "4.11.10",
+      "fast-xml-parser": "5.3.8",
+      "request": "npm:@cypress/request@3.0.10",
+      "request-promise": "npm:@cypress/request-promise@5.0.0",
       "form-data": "2.5.4",
-      "qs": "6.14.1",
+      "minimatch": "10.2.4",
+      "qs": "6.14.2",
+      "node-domexception": "npm:@nolyfill/domexception@^1.0.28",
       "@sinclair/typebox": "0.34.48",
-      "tar": "7.5.7",
+      "tar": "7.5.9",
       "tough-cookie": "4.1.3"
     },
     "onlyBuiltDependencies": [