@poolzin/pool-bot 2026.3.4 → 2026.3.7

package/dist/infra/restart-stale-pids.js

@@ -0,0 +1,254 @@
+import { spawnSync } from "node:child_process";
+import { resolveGatewayPort } from "../config/paths.js";
+import { createSubsystemLogger } from "../logging/subsystem.js";
+import { resolveLsofCommandSync } from "./ports-lsof.js";
+const SPAWN_TIMEOUT_MS = 2000;
+const STALE_SIGTERM_WAIT_MS = 600;
+const STALE_SIGKILL_WAIT_MS = 400;
+/**
+ * After SIGKILL, the kernel may not release the TCP port immediately.
+ * Poll until the port is confirmed free (or until the budget expires) before
+ * returning control to the caller (typically `triggerPoolBotRestart` →
+ * `systemctl restart`). Without this wait the new process races the dying
+ * process for the port and systemd enters an EADDRINUSE restart loop.
+ *
+ * POLL_SPAWN_TIMEOUT_MS is intentionally much shorter than SPAWN_TIMEOUT_MS
+ * so that a single slow or hung lsof invocation does not consume the entire
+ * polling budget. At 400 ms per call, up to five independent lsof attempts
+ * fit within PORT_FREE_TIMEOUT_MS = 2000 ms, each with a definitive outcome.
+ */
+const PORT_FREE_POLL_INTERVAL_MS = 50;
+const PORT_FREE_TIMEOUT_MS = 2000;
+const POLL_SPAWN_TIMEOUT_MS = 400;
+const restartLog = createSubsystemLogger("restart");
+let sleepSyncOverride = null;
+let dateNowOverride = null;
+function getTimeMs() {
+    return dateNowOverride ? dateNowOverride() : Date.now();
+}
+function sleepSync(ms) {
+    const timeoutMs = Math.max(0, Math.floor(ms));
+    if (timeoutMs <= 0) {
+        return;
+    }
+    if (sleepSyncOverride) {
+        sleepSyncOverride(timeoutMs);
+        return;
+    }
+    try {
+        const lock = new Int32Array(new SharedArrayBuffer(4));
+        Atomics.wait(lock, 0, 0, timeoutMs);
+    }
+    catch {
+        const start = Date.now();
+        while (Date.now() - start < timeoutMs) {
+            // Best-effort fallback when Atomics.wait is unavailable.
+        }
+    }
+}
+/**
+ * Parse poolbot gateway PIDs from lsof -Fpc stdout.
+ * Pure function — no I/O. Excludes the current process.
+ */
+function parsePidsFromLsofOutput(stdout) {
+    const pids = [];
+    let currentPid;
+    let currentCmd;
+    for (const line of stdout.split(/\r?\n/).filter(Boolean)) {
+        if (line.startsWith("p")) {
+            if (currentPid != null && currentCmd && currentCmd.toLowerCase().includes("poolbot")) {
+                pids.push(currentPid);
+            }
+            const parsed = Number.parseInt(line.slice(1), 10);
+            currentPid = Number.isFinite(parsed) && parsed > 0 ? parsed : undefined;
+            currentCmd = undefined;
+        }
+        else if (line.startsWith("c")) {
+            currentCmd = line.slice(1);
+        }
+    }
+    if (currentPid != null && currentCmd && currentCmd.toLowerCase().includes("poolbot")) {
+        pids.push(currentPid);
+    }
+    // Deduplicate: dual-stack listeners (IPv4 + IPv6) cause lsof to emit the
+    // same PID twice. Return each PID at most once to avoid double-killing.
+    return [...new Set(pids)].filter((pid) => pid !== process.pid);
+}
+/**
+ * Find PIDs of gateway processes listening on the given port using synchronous lsof.
+ * Returns only PIDs that belong to poolbot gateway processes (not the current process).
+ */
+export function findGatewayPidsOnPortSync(port, spawnTimeoutMs = SPAWN_TIMEOUT_MS) {
+    if (process.platform === "win32") {
+        return [];
+    }
+    const lsof = resolveLsofCommandSync();
+    const res = spawnSync(lsof, ["-nP", `-iTCP:${port}`, "-sTCP:LISTEN", "-Fpc"], {
+        encoding: "utf8",
+        timeout: spawnTimeoutMs,
+    });
+    if (res.error) {
+        const code = res.error.code;
+        const detail = code && code.trim().length > 0
+            ? code
+            : res.error instanceof Error
+                ? res.error.message
+                : "unknown error";
+        restartLog.warn(`lsof failed during initial stale-pid scan for port ${port}: ${detail}`);
+        return [];
+    }
+    if (res.status === 1) {
+        return [];
+    }
+    if (res.status !== 0) {
+        restartLog.warn(`lsof exited with status ${res.status} during initial stale-pid scan for port ${port}; skipping stale pid check`);
+        return [];
+    }
+    return parsePidsFromLsofOutput(res.stdout);
+}
+function pollPortOnce(port) {
+    try {
+        const lsof = resolveLsofCommandSync();
+        const res = spawnSync(lsof, ["-nP", `-iTCP:${port}`, "-sTCP:LISTEN", "-Fpc"], {
+            encoding: "utf8",
+            timeout: POLL_SPAWN_TIMEOUT_MS,
+        });
+        if (res.error) {
+            // Spawn-level failure. ENOENT / EACCES means lsof is permanently
+            // unavailable on this system; other errors (e.g. timeout) are transient.
+            const code = res.error.code;
+            const permanent = code === "ENOENT" || code === "EACCES" || code === "EPERM";
+            return { free: null, permanent };
+        }
+        if (res.status === 1) {
+            // lsof canonical "no matching processes" exit — port is genuinely free.
+            // Guard: on Linux containers with restricted /proc (AppArmor, seccomp,
+            // user namespaces), lsof can exit 1 AND still emit some output for the
+            // processes it could read. Parse stdout when non-empty to avoid false-free.
+            if (res.stdout) {
+                const pids = parsePidsFromLsofOutput(res.stdout);
+                return pids.length === 0 ? { free: true } : { free: false };
+            }
+            return { free: true };
+        }
+        if (res.status !== 0) {
+            // status > 1: runtime/permission/flag error. Cannot confirm port state —
+            // treat as a transient failure and keep polling rather than falsely
+            // reporting the port as free (which would recreate the EADDRINUSE race).
+            return { free: null, permanent: false };
+        }
+        // status === 0: lsof found listeners. Parse pids from the stdout we
+        // already hold — no second lsof spawn, no new failure surface.
+        const pids = parsePidsFromLsofOutput(res.stdout);
+        return pids.length === 0 ? { free: true } : { free: false };
+    }
+    catch {
+        return { free: null, permanent: false };
+    }
+}
+/**
+ * Synchronously terminate stale gateway processes.
+ * Callers must pass a non-empty pids array.
+ * Sends SIGTERM, waits briefly, then SIGKILL for survivors.
+ */
+function terminateStaleProcessesSync(pids) {
+    const killed = [];
+    for (const pid of pids) {
+        try {
+            process.kill(pid, "SIGTERM");
+            killed.push(pid);
+        }
+        catch {
+            // ESRCH — already gone
+        }
+    }
+    if (killed.length === 0) {
+        return killed;
+    }
+    sleepSync(STALE_SIGTERM_WAIT_MS);
+    for (const pid of killed) {
+        try {
+            process.kill(pid, 0);
+            process.kill(pid, "SIGKILL");
+        }
+        catch {
+            // already gone
+        }
+    }
+    sleepSync(STALE_SIGKILL_WAIT_MS);
+    return killed;
+}
+/**
+ * Poll the given port until it is confirmed free, lsof is confirmed unavailable,
+ * or the wall-clock budget expires.
+ *
+ * Each poll invocation uses POLL_SPAWN_TIMEOUT_MS (400 ms), which is
+ * significantly shorter than PORT_FREE_TIMEOUT_MS (2000 ms). This ensures
+ * that a single slow or hung lsof call cannot consume the entire polling
+ * budget and cause the function to exit prematurely with an inconclusive
+ * result. Up to five independent lsof attempts fit within the budget.
+ *
+ * Exit conditions:
+ *   - `pollPortOnce` returns `{ free: true }`                    → port confirmed free
+ *   - `pollPortOnce` returns `{ free: null, permanent: true }`   → lsof unavailable, bail
+ *   - `pollPortOnce` returns `{ free: false }`                   → port busy, sleep + retry
+ *   - `pollPortOnce` returns `{ free: null, permanent: false }`  → transient error, sleep + retry
+ *   - Wall-clock deadline exceeded                               → log warning, proceed anyway
+ */
+function waitForPortFreeSync(port) {
+    const deadline = getTimeMs() + PORT_FREE_TIMEOUT_MS;
+    while (getTimeMs() < deadline) {
+        const result = pollPortOnce(port);
+        if (result.free === true) {
+            return;
+        }
+        if (result.free === null && result.permanent) {
+            // lsof is permanently unavailable (ENOENT / EACCES) — bail immediately,
+            // no point spinning the remaining budget.
+            return;
+        }
+        // result.free === false: port still bound.
+        // result.free === null && !permanent: transient lsof error — keep polling.
+        sleepSync(PORT_FREE_POLL_INTERVAL_MS);
+    }
+    restartLog.warn(`port ${port} still in use after ${PORT_FREE_TIMEOUT_MS}ms; proceeding anyway`);
+}
+/**
+ * Inspect the gateway port and kill any stale gateway processes holding it.
+ * Blocks until the port is confirmed free (or the poll budget expires) so
+ * the supervisor (systemd / launchctl) does not race a zombie process for
+ * the port and enter an EADDRINUSE restart loop.
+ *
+ * Called before service restart commands to prevent port conflicts.
+ */
+export function cleanStaleGatewayProcessesSync() {
+    try {
+        const port = resolveGatewayPort(undefined, process.env);
+        const stalePids = findGatewayPidsOnPortSync(port);
+        if (stalePids.length === 0) {
+            return [];
+        }
+        restartLog.warn(`killing ${stalePids.length} stale gateway process(es) before restart: ${stalePids.join(", ")}`);
+        const killed = terminateStaleProcessesSync(stalePids);
+        // Wait for the port to be released before returning — called unconditionally
+        // even when `killed` is empty (all pids were already dead before SIGTERM).
+        // A process can exit before our signal arrives yet still leave its socket
+        // in TIME_WAIT / FIN_WAIT; polling is the only reliable way to confirm the
+        // kernel has fully released the port before systemd fires the new process.
+        waitForPortFreeSync(port);
+        return killed;
+    }
+    catch {
+        return [];
+    }
+}
+export const __testing = {
+    setSleepSyncOverride(fn) {
+        sleepSyncOverride = fn;
+    },
+    setDateNowOverride(fn) {
+        dateNowOverride = fn;
+    },
+    /** Invoke sleepSync directly (bypasses the override) for unit-testing the real Atomics path. */
+    callSleepSyncRaw: sleepSync,
+};

package/dist/infra/safe-open-sync.js

@@ -0,0 +1,71 @@
+import fs from "node:fs";
+import { sameFileIdentity as hasSameFileIdentity } from "./file-identity.js";
+function isExpectedPathError(error) {
+    const code = typeof error === "object" && error !== null && "code" in error ? String(error.code) : "";
+    return code === "ENOENT" || code === "ENOTDIR" || code === "ELOOP";
+}
+export function sameFileIdentity(left, right) {
+    return hasSameFileIdentity(left, right);
+}
+export function openVerifiedFileSync(params) {
+    const ioFs = params.ioFs ?? fs;
+    const allowedType = params.allowedType ?? "file";
+    const openReadFlags = ioFs.constants.O_RDONLY |
+        (typeof ioFs.constants.O_NOFOLLOW === "number" ? ioFs.constants.O_NOFOLLOW : 0);
+    let fd = null;
+    try {
+        if (params.rejectPathSymlink) {
+            const candidateStat = ioFs.lstatSync(params.filePath);
+            if (candidateStat.isSymbolicLink()) {
+                return { ok: false, reason: "validation" };
+            }
+        }
+        const realPath = params.resolvedPath ?? ioFs.realpathSync(params.filePath);
+        const preOpenStat = ioFs.lstatSync(realPath);
+        if (!isAllowedType(preOpenStat, allowedType)) {
+            return { ok: false, reason: "validation" };
+        }
+        if (params.rejectHardlinks && preOpenStat.isFile() && preOpenStat.nlink > 1) {
+            return { ok: false, reason: "validation" };
+        }
+        if (params.maxBytes !== undefined &&
+            preOpenStat.isFile() &&
+            preOpenStat.size > params.maxBytes) {
+            return { ok: false, reason: "validation" };
+        }
+        fd = ioFs.openSync(realPath, openReadFlags);
+        const openedStat = ioFs.fstatSync(fd);
+        if (!isAllowedType(openedStat, allowedType)) {
+            return { ok: false, reason: "validation" };
+        }
+        if (params.rejectHardlinks && openedStat.isFile() && openedStat.nlink > 1) {
+            return { ok: false, reason: "validation" };
+        }
+        if (params.maxBytes !== undefined && openedStat.isFile() && openedStat.size > params.maxBytes) {
+            return { ok: false, reason: "validation" };
+        }
+        if (!sameFileIdentity(preOpenStat, openedStat)) {
+            return { ok: false, reason: "validation" };
+        }
+        const opened = { ok: true, path: realPath, fd, stat: openedStat };
+        fd = null;
+        return opened;
+    }
+    catch (error) {
+        if (isExpectedPathError(error)) {
+            return { ok: false, reason: "path", error };
+        }
+        return { ok: false, reason: "io", error };
+    }
+    finally {
+        if (fd !== null) {
+            ioFs.closeSync(fd);
+        }
+    }
+}
+function isAllowedType(stat, allowedType) {
+    if (allowedType === "directory") {
+        return stat.isDirectory();
+    }
+    return stat.isFile();
+}

package/dist/infra/secure-random.js

@@ -0,0 +1,7 @@
+import { randomBytes, randomUUID } from "node:crypto";
+export function generateSecureUuid() {
+    return randomUUID();
+}
+export function generateSecureToken(bytes = 16) {
+    return randomBytes(bytes).toString("base64url");
+}

package/dist/media/ffmpeg-limits.js

@@ -0,0 +1,4 @@
+export const MEDIA_FFMPEG_MAX_BUFFER_BYTES = 10 * 1024 * 1024;
+export const MEDIA_FFPROBE_TIMEOUT_MS = 10_000;
+export const MEDIA_FFMPEG_TIMEOUT_MS = 45_000;
+export const MEDIA_FFMPEG_MAX_AUDIO_DURATION_SECS = 20 * 60;

package/dist/media/input-files.js

@@ -153,8 +153,8 @@ function clampText(text, maxChars) {
         return text;
     return text.slice(0, maxChars);
 }
-async function extractPdfContent(params) {
-    const { buffer, limits } = params;
+export async function extractPdfContent(params) {
+    const { buffer, limits, pageNumbers } = params;
     const { getDocument } = await loadPdfJsModule();
     const pdf = await getDocument({
         data: new Uint8Array(buffer),
@@ -163,6 +163,8 @@ async function extractPdfContent(params) {
     const maxPages = Math.min(pdf.numPages, limits.pdf.maxPages);
     const textParts = [];
     for (let pageNum = 1; pageNum <= maxPages; pageNum += 1) {
+        if (pageNumbers && !pageNumbers.includes(pageNum))
+            continue;
         const page = await pdf.getPage(pageNum);
         const textContent = await page.getTextContent();
         const pageText = textContent.items
@@ -187,6 +189,8 @@ async function extractPdfContent(params) {
     const { createCanvas } = canvasModule;
     const images = [];
     for (let pageNum = 1; pageNum <= maxPages; pageNum += 1) {
+        if (pageNumbers && !pageNumbers.includes(pageNum))
+            continue;
         const page = await pdf.getPage(pageNum);
         const viewport = page.getViewport({ scale: 1 });
         const maxPixels = limits.pdf.maxPixels;

package/dist/media/temp-files.js

@@ -0,0 +1,12 @@
+import fs from "node:fs/promises";
+export async function unlinkIfExists(filePath) {
+    if (!filePath) {
+        return;
+    }
+    try {
+        await fs.unlink(filePath);
+    }
+    catch {
+        // Best-effort cleanup for temp files.
+    }
+}

package/dist/memory/embedding-chunk-limits.js

@@ -1,8 +1,11 @@
 import { estimateUtf8Bytes, splitTextToUtf8ByteLimit } from "./embedding-input-limits.js";
 import { resolveEmbeddingMaxInputTokens } from "./embedding-model-limits.js";
 import { hashText } from "./internal.js";
-export function enforceEmbeddingMaxInputTokens(provider, chunks) {
-    const maxInputTokens = resolveEmbeddingMaxInputTokens(provider);
+export function enforceEmbeddingMaxInputTokens(provider, chunks, hardMaxInputTokens) {
+    const providerMaxInputTokens = resolveEmbeddingMaxInputTokens(provider);
+    const maxInputTokens = typeof hardMaxInputTokens === "number" && hardMaxInputTokens > 0
+        ? Math.min(providerMaxInputTokens, hardMaxInputTokens)
+        : providerMaxInputTokens;
     const out = [];
     for (const chunk of chunks) {
         if (estimateUtf8Bytes(chunk.text) <= maxInputTokens) {

package/dist/memory/embeddings-ollama.js

@@ -1,158 +1,111 @@
-/**
- * Ollama Embedding Provider for Pool Bot
- *
- * Provides local embeddings via Ollama API (http://127.0.0.1:11434)
- * Supports models like nomic-embed-text, mxbai-embed-large, etc.
- *
- * Benefits:
- * - 100% local and private (no data leaves the server)
- * - Zero cost (no API fees)
- * - Fast inference (no network latency)
- * - Offline capable
- */
+import { resolveEnvApiKey } from "../agents/model-auth.js";
+import { formatErrorMessage } from "../infra/errors.js";
+import { normalizeOptionalSecretInput } from "../utils/normalize-secret-input.js";
+import { buildRemoteBaseUrlPolicy, withRemoteHttpResponse } from "./remote-http.js";
 export const DEFAULT_OLLAMA_EMBEDDING_MODEL = "nomic-embed-text";
-export const DEFAULT_OLLAMA_BASE_URL = "http://127.0.0.1:11434";
-// Known embedding models and their dimensions
-const OLLAMA_EMBEDDING_DIMENSIONS = {
-    "nomic-embed-text": 768,
-    "nomic-embed-text-v1.5": 768,
-    "mxbai-embed-large": 1024,
-    "all-minilm": 384,
-    "snowflake-arctic-embed": 1024,
-};
-/**
- * Normalizes model name (removes ollama/ prefix if present)
- */
-export function normalizeOllamaModel(model) {
+const DEFAULT_OLLAMA_BASE_URL = "http://127.0.0.1:11434";
+function sanitizeAndNormalizeEmbedding(vec) {
+    const sanitized = vec.map((value) => (Number.isFinite(value) ? value : 0));
+    const magnitude = Math.sqrt(sanitized.reduce((sum, value) => sum + value * value, 0));
+    if (magnitude < 1e-10) {
+        return sanitized;
+    }
+    return sanitized.map((value) => value / magnitude);
+}
+function normalizeOllamaModel(model) {
     const trimmed = model.trim();
-    if (!trimmed)
+    if (!trimmed) {
         return DEFAULT_OLLAMA_EMBEDDING_MODEL;
-    if (trimmed.startsWith("ollama/"))
+    }
+    if (trimmed.startsWith("ollama/")) {
         return trimmed.slice("ollama/".length);
+    }
     return trimmed;
 }
-/**
- * Check if Ollama server is available
- */
-export async function checkOllamaAvailable(baseUrl) {
-    try {
-        const res = await fetch(`${baseUrl}/api/tags`, {
-            method: "GET",
-            signal: AbortSignal.timeout(5000), // 5 second timeout
-        });
-        return res.ok;
-    }
-    catch {
-        return false;
+function resolveOllamaApiBase(configuredBaseUrl) {
+    if (!configuredBaseUrl) {
+        return DEFAULT_OLLAMA_BASE_URL;
     }
+    const trimmed = configuredBaseUrl.replace(/\/+$/, "");
+    return trimmed.replace(/\/v1$/i, "");
 }
-/**
- * Check if a specific model is available in Ollama
- */
-export async function checkOllamaModelAvailable(baseUrl, model) {
-    try {
-        const res = await fetch(`${baseUrl}/api/tags`, {
-            method: "GET",
-            signal: AbortSignal.timeout(5000),
-        });
-        if (!res.ok)
-            return false;
-        const payload = (await res.json());
-        const models = payload.models ?? [];
-        return models.some((m) => m.name === model || m.name.startsWith(`${model}:`));
+function resolveOllamaApiKey(options) {
+    const remoteApiKey = options.remote?.apiKey?.trim();
+    if (remoteApiKey) {
+        return remoteApiKey;
     }
-    catch {
-        return false;
+    const providerApiKey = normalizeOptionalSecretInput(options.config.models?.providers?.ollama?.apiKey);
+    if (providerApiKey) {
+        return providerApiKey;
     }
+    return resolveEnvApiKey("ollama")?.apiKey;
+}
+function resolveOllamaEmbeddingClient(options) {
+    const providerConfig = options.config.models?.providers?.ollama;
+    const rawBaseUrl = options.remote?.baseUrl?.trim() || providerConfig?.baseUrl?.trim();
+    const baseUrl = resolveOllamaApiBase(rawBaseUrl);
+    const model = normalizeOllamaModel(options.model);
+    const headerOverrides = Object.assign({}, providerConfig?.headers, options.remote?.headers);
+    const headers = {
+        "Content-Type": "application/json",
+        ...headerOverrides,
+    };
+    const apiKey = resolveOllamaApiKey(options);
+    if (apiKey) {
+        headers.Authorization = `Bearer ${apiKey}`;
+    }
+    return {
+        baseUrl,
+        headers,
+        ssrfPolicy: buildRemoteBaseUrlPolicy(baseUrl),
+        model,
+    };
 }
-/**
- * Creates an Ollama embedding provider
- *
- * Uses Ollama's /api/embeddings endpoint for generating embeddings
- */
 export async function createOllamaEmbeddingProvider(options) {
-    const client = await resolveOllamaEmbeddingClient(options);
-    const url = `${client.baseUrl}/api/embeddings`;
-    /**
-     * Get embedding for a single text
-     */
-    const embedQuery = async (text) => {
-        if (!text.trim())
-            return [];
-        const res = await fetch(url, {
-            method: "POST",
-            headers: { "Content-Type": "application/json" },
-            body: JSON.stringify({
-                model: client.model,
-                prompt: text,
-            }),
+    const client = resolveOllamaEmbeddingClient(options);
+    const embedUrl = `${client.baseUrl.replace(/\/$/, "")}/api/embeddings`;
+    const embedOne = async (text) => {
+        const json = await withRemoteHttpResponse({
+            url: embedUrl,
+            ssrfPolicy: client.ssrfPolicy,
+            init: {
+                method: "POST",
+                headers: client.headers,
+                body: JSON.stringify({ model: client.model, prompt: text }),
+            },
+            onResponse: async (res) => {
+                if (!res.ok) {
+                    throw new Error(`Ollama embeddings HTTP ${res.status}: ${await res.text()}`);
+                }
+                return (await res.json());
+            },
         });
-        if (!res.ok) {
-            const errorText = await res.text();
-            throw new Error(`ollama embeddings failed: ${res.status} ${errorText}`);
+        if (!Array.isArray(json.embedding)) {
+            throw new Error(`Ollama embeddings response missing embedding[]`);
         }
-        const payload = (await res.json());
-        return payload.embedding ?? [];
+        return sanitizeAndNormalizeEmbedding(json.embedding);
     };
-    /**
-     * Get embeddings for multiple texts (batch)
-     * Note: Ollama doesn't have a native batch endpoint, so we parallelize
-     */
-    const embedBatch = async (texts) => {
-        if (texts.length === 0)
-            return [];
-        // Ollama doesn't have a batch endpoint, so we run in parallel
-        const results = await Promise.all(texts.map((text) => embedQuery(text)));
-        return results;
+    const provider = {
+        id: "ollama",
+        model: client.model,
+        embedQuery: embedOne,
+        embedBatch: async (texts) => {
+            // Ollama /api/embeddings accepts one prompt per request.
+            return await Promise.all(texts.map(embedOne));
+        },
     };
     return {
-        provider: {
-            id: "ollama",
-            model: client.model,
-            maxInputTokens: 8192, // Most Ollama embedding models support 8K context
-            embedQuery,
-            embedBatch,
+        provider,
+        client: {
+            ...client,
+            embedBatch: async (texts) => {
+                try {
+                    return await provider.embedBatch(texts);
+                }
+                catch (err) {
+                    throw new Error(formatErrorMessage(err), { cause: err });
+                }
+            },
         },
-        client,
     };
 }
-/**
- * Resolves Ollama client configuration
- */
-export async function resolveOllamaEmbeddingClient(options) {
-    const remote = options.remote;
-    const remoteBaseUrl = remote?.baseUrl?.trim();
-    // Get base URL from options, config, or default
-    const providerConfig = options.config.models?.providers?.ollama;
-    const baseUrl = remoteBaseUrl ||
-        providerConfig?.baseUrl?.trim() ||
-        process.env.OLLAMA_BASE_URL?.trim() ||
-        DEFAULT_OLLAMA_BASE_URL;
-    // Normalize model name
-    const model = normalizeOllamaModel(options.model);
-    // Verify Ollama is available — throw so auto-selection can fall through
-    const available = await checkOllamaAvailable(baseUrl);
-    if (!available) {
-        throw new Error(`Ollama server not reachable at ${baseUrl}. ` + `Make sure Ollama is running: ollama serve`);
-    }
-    // Check if model is available (warn but don't block — user may pull later)
-    const modelAvailable = await checkOllamaModelAvailable(baseUrl, model);
-    if (!modelAvailable) {
-        console.warn(`[ollama-embeddings] Model "${model}" not found in Ollama. ` +
-            `Pull it with: ollama pull ${model}`);
-    }
-    return { baseUrl, model };
-}
-/**
- * Get embedding dimensions for a model
- */
-export function getOllamaEmbeddingDimensions(model) {
-    const normalizedModel = normalizeOllamaModel(model);
-    // Check for exact match or prefix match
-    for (const [key, dims] of Object.entries(OLLAMA_EMBEDDING_DIMENSIONS)) {
-        if (normalizedModel === key || normalizedModel.startsWith(`${key}:`)) {
-            return dims;
-        }
-    }
-    return undefined; // Unknown model
-}

package/dist/memory/embeddings-remote-fetch.js

@@ -1,14 +1,15 @@
+import { postJson } from "./post-json.js";
 export async function fetchRemoteEmbeddingVectors(params) {
-    const res = await fetch(params.url, {
-        method: "POST",
+    return await postJson({
+        url: params.url,
         headers: params.headers,
-        body: JSON.stringify(params.body),
+        ssrfPolicy: params.ssrfPolicy,
+        body: params.body,
+        errorPrefix: params.errorPrefix,
+        parse: (payload) => {
+            const typedPayload = payload;
+            const data = typedPayload.data ?? [];
+            return data.map((entry) => entry.embedding ?? []);
+        },
     });
-    if (!res.ok) {
-        const text = await res.text();
-        throw new Error(`${params.errorPrefix}: ${res.status} ${text}`);
-    }
-    const payload = (await res.json());
-    const data = payload.data ?? [];
-    return data.map((entry) => entry.embedding ?? []);
 }