@poolzin/pool-bot 2026.3.6 → 2026.3.7

package/dist/agents/pi-tools.js

@@ -16,8 +16,10 @@ import { assertRequiredParams, CLAUDE_PARAM_GROUPS, createPoolbotReadTool, creat
 import { cleanToolSchemaForGemini, normalizeToolParameters } from "./pi-tools.schema.js";
 import { getSubagentDepthFromSessionStore } from "./subagent-depth.js";
 import { applyToolPolicyPipeline, buildDefaultToolPolicyPipelineSteps, } from "./tool-policy-pipeline.js";
-import { applyOwnerOnlyToolPolicy, collectExplicitAllowlist, mergeAlsoAllowPolicy, resolveToolProfilePolicy, } from "./tool-policy.js";
+import { applyOwnerOnlyToolPolicy, collectExplicitAllowlist, mergeAlsoAllowPolicy, normalizeToolName, resolveToolProfilePolicy, } from "./tool-policy.js";
 import { resolveWorkspaceRoot } from "./workspace-dir.js";
+import { CapabilityError } from "../security/capability-guards.js";
+import { createDefaultSecurityMiddleware } from "../security/middleware.js";
 function isOpenAIProvider(provider) {
     const normalized = provider?.trim().toLowerCase();
     return normalized === "openai" || normalized === "openai-codex";
@@ -339,8 +341,36 @@ export function createPoolbotCodingTools(options) {
     const withAbort = options?.abortSignal
         ? withHooks.map((tool) => wrapToolWithAbortSignal(tool, options.abortSignal))
         : withHooks;
+    // Apply capability-based security middleware if enabled
+    const withCapabilities = options?.config?.security?.enabled && agentId
+        ? withAbort.map((tool) => wrapToolWithCapabilityCheck(tool, agentId))
+        : withAbort;
     // NOTE: Keep canonical (lowercase) tool names here.
     // pi-ai's Anthropic OAuth transport remaps tool names to Claude Code-style names
     // on the wire and maps them back for tool dispatch.
-    return withAbort;
+    return withCapabilities;
+}
+/**
+ * Wraps a tool with capability-based security checks.
+ * This enforces fine-grained permissions for tool invocation.
+ */
+function wrapToolWithCapabilityCheck(tool, agentId) {
+    const middleware = createDefaultSecurityMiddleware();
+    return {
+        ...tool,
+        execute: async (toolCallId, args, signal, onUpdate) => {
+            const ctx = { agentId };
+            const toolId = normalizeToolName(tool.name);
+            const result = await middleware(ctx, toolId, (args ?? {}), async () => {
+                if (!tool.execute) {
+                    throw new CapabilityError(`Tool ${tool.name} has no execute function`, agentId, {
+                        type: "tool:invoke",
+                        toolId,
+                    });
+                }
+                return await tool.execute(toolCallId, args, signal, onUpdate);
+            });
+            return result;
+        },
+    };
 }

package/dist/auto-reply/reply/get-reply.js

@@ -14,6 +14,7 @@ import { resolveReplyDirectives } from "./get-reply-directives.js";
 import { handleInlineActions } from "./get-reply-inline-actions.js";
 import { runPreparedReply } from "./get-reply-run.js";
 import { finalizeInboundContext } from "./inbound-context.js";
+import { emitPreAgentMessageHooks } from "./message-preprocess-hooks.js";
 import { applyResetModelOverride } from "./session-reset-model.js";
 import { initSessionState } from "./session.js";
 import { stageSandboxMedia } from "./stage-sandbox-media.js";
@@ -110,6 +111,11 @@ export async function getReplyFromConfig(ctx, opts, configOverride) {
             cfg,
         });
     }
+    emitPreAgentMessageHooks({
+        ctx: finalized,
+        cfg,
+        isFastTestEnv,
+    });
     const commandAuthorized = finalized.CommandAuthorized;
     resolveCommandAuthorization({
         ctx: finalized,

package/dist/auto-reply/reply/message-preprocess-hooks.js

@@ -0,0 +1,17 @@
+import { fireAndForgetHook } from "../../hooks/fire-and-forget.js";
+import { createInternalHookEvent, triggerInternalHook } from "../../hooks/internal-hooks.js";
+import { deriveInboundMessageHookContext, toInternalMessagePreprocessedContext, toInternalMessageTranscribedContext, } from "../../hooks/message-hook-mappers.js";
+export function emitPreAgentMessageHooks(params) {
+    if (params.isFastTestEnv) {
+        return;
+    }
+    const sessionKey = params.ctx.SessionKey?.trim();
+    if (!sessionKey) {
+        return;
+    }
+    const canonical = deriveInboundMessageHookContext(params.ctx);
+    if (canonical.transcript) {
+        fireAndForgetHook(triggerInternalHook(createInternalHookEvent("message", "transcribed", sessionKey, toInternalMessageTranscribedContext(canonical, params.cfg))), "get-reply: message:transcribed internal hook failed");
+    }
+    fireAndForgetHook(triggerInternalHook(createInternalHookEvent("message", "preprocessed", sessionKey, toInternalMessagePreprocessedContext(canonical, params.cfg))), "get-reply: message:preprocessed internal hook failed");
+}

package/dist/build-info.json

@@ -1,5 +1,5 @@
 {
-  "version": "2026.3.6",
-  "commit": "def3163876b28829de26ed4eb0c2166b051434ae",
-  "builtAt": "2026-03-06T12:13:28.765Z"
+  "version": "2026.3.7",
+  "commit": "2bb47cd934fe9cb9d58ee7210ee3997714a07f09",
+  "builtAt": "2026-03-07T19:13:06.611Z"
 }

package/dist/cli/banner.js

@@ -1,9 +1,28 @@
+import { loadConfig } from "../config/config.js";
 import { resolveCommitHash } from "../infra/git-commit.js";
 import { visibleWidth } from "../terminal/ansi.js";
 import { isRich, theme } from "../terminal/theme.js";
 import { hasRootVersionAlias } from "./argv.js";
 import { pickTagline } from "./tagline.js";
 import { resolveCliName } from "./cli-name.js";
+function parseTaglineMode(value) {
+    if (value === "random" || value === "default" || value === "off") {
+        return value;
+    }
+    return undefined;
+}
+function resolveTaglineMode(options) {
+    const explicit = parseTaglineMode(options.mode);
+    if (explicit) {
+        return explicit;
+    }
+    try {
+        return parseTaglineMode(loadConfig().cli?.banner?.taglineMode);
+    }
+    catch {
+        return undefined;
+    }
+}
 let bannerEmitted = false;
 const graphemeSegmenter = typeof Intl !== "undefined" && "Segmenter" in Intl
     ? new Intl.Segmenter(undefined, { granularity: "grapheme" })
@@ -23,7 +42,7 @@ const hasVersionFlag = (argv) => argv.some((arg) => arg === "--version" || arg =
 export function formatCliBannerLine(version, options = {}) {
     const commit = options.commit ?? resolveCommitHash({ env: options.env });
     const commitLabel = commit ?? "unknown";
-    const tagline = pickTagline(options);
+    const tagline = pickTagline({ ...options, mode: resolveTaglineMode(options) });
     const rich = options.richTty ?? isRich();
     const cliName = resolveCliName(options.argv ?? process.argv);
     const title = cliName === "poolbot" ? "🎱 Pool Bot" : "🎱 Pool Bot";

package/dist/cli/security-cli.js

@@ -1,7 +1,8 @@
-import { loadConfig } from "../config/config.js";
+import { loadConfig, writeConfigFile } from "../config/config.js";
 import { defaultRuntime } from "../runtime.js";
 import { runSecurityAudit } from "../security/audit.js";
 import { fixSecurityFootguns } from "../security/fix.js";
+import { CAPABILITY_TYPES } from "../security/capability.js";
 import { formatDocsLink } from "../terminal/links.js";
 import { isRich, theme } from "../terminal/theme.js";
 import { shortenHomeInString, shortenHomePath } from "../utils.js";
@@ -17,10 +18,24 @@ function formatSummary(summary) {
     parts.push(rich ? theme.muted(`${i} info`) : `${i} info`);
     return parts.join(" · ");
 }
+function formatCapability(cap) {
+    let result = cap.type;
+    if ("pattern" in cap && cap.pattern)
+        result += ` pattern="${cap.pattern}"`;
+    if ("toolId" in cap && cap.toolId)
+        result += ` tool="${cap.toolId}"`;
+    if ("limit" in cap && cap.limit)
+        result += ` limit=${cap.limit}`;
+    if ("scope" in cap && cap.scope)
+        result += ` scope="${cap.scope}"`;
+    if ("port" in cap && cap.port)
+        result += ` port=${cap.port}`;
+    return result;
+}
 export function registerSecurityCli(program) {
     const security = program
         .command("security")
-        .description("Security tools (audit)")
+        .description("Security tools (audit, capabilities)")
         .addHelpText("after", () => `\n${theme.muted("Docs:")} ${formatDocsLink("/cli/security", "docs.molt.bot/cli/security")}\n`);
     security
         .command("audit")
@@ -120,4 +135,198 @@ export function registerSecurityCli(program) {
         render("info");
         defaultRuntime.log(lines.join("\n"));
     });
+    // Capability management commands
+    const capabilities = security
+        .command("capabilities")
+        .description("Manage agent capabilities (permission system)");
+    capabilities
+        .command("grant")
+        .description("Grant a capability to an agent or pattern")
+        .argument("<type>", `Capability type (${CAPABILITY_TYPES.join(", ")})`)
+        .option("-a, --agent <pattern>", "Agent ID pattern (e.g., 'agent-*', 'coder')", "*")
+        .option("-p, --pattern <glob>", "File path pattern for file:* capabilities")
+        .option("-t, --tool <name>", "Tool name for tool:invoke capability")
+        .option("-h, --host <hostname>", "Host pattern for net:connect capability")
+        .option("-m, --max-tokens <n>", "Max tokens for llm:maxTokens capability")
+        .option("--json", "Print JSON output")
+        .action(async (type, opts) => {
+        const rich = isRich();
+        const cfg = loadConfig();
+        // Validate capability type
+        if (!CAPABILITY_TYPES.includes(type)) {
+            defaultRuntime.log(rich
+                ? theme.error(`Invalid capability type: ${type}`)
+                : `Invalid capability type: ${type}`);
+            defaultRuntime.log(`Valid types: ${CAPABILITY_TYPES.join(", ")}`);
+            process.exit(1);
+        }
+        // Build capability object
+        const capability = { type: type };
+        if (opts.pattern && (type.startsWith("file:") || type === "shell:exec")) {
+            capability.pattern = opts.pattern;
+        }
+        if (opts.tool && type === "tool:invoke") {
+            capability.toolId = opts.tool;
+        }
+        if (opts.host && type === "net:connect") {
+            capability.pattern = opts.host;
+        }
+        if (opts.maxTokens && type === "llm:maxTokens") {
+            capability.limit = parseInt(opts.maxTokens, 10);
+        }
+        // Initialize security config if needed
+        if (!cfg.security) {
+            cfg.security = { enabled: true };
+        }
+        if (!cfg.security.agents) {
+            cfg.security.agents = [];
+        }
+        // Find or create agent entry
+        const agentId = opts.agent || "*";
+        let agentEntry = cfg.security.agents.find((a) => a.agentId === agentId);
+        if (!agentEntry) {
+            agentEntry = { agentId, capabilities: [] };
+            cfg.security.agents.push(agentEntry);
+        }
+        // Add capability
+        agentEntry.capabilities.push(capability);
+        // Write config
+        await writeConfigFile(cfg);
+        if (opts.json) {
+            defaultRuntime.log(JSON.stringify({ success: true, capability, agentId }, null, 2));
+            return;
+        }
+        defaultRuntime.log(rich
+            ? theme.success(`Granted ${type} to agent "${agentId}"`)
+            : `Granted ${type} to agent "${agentId}"`);
+        defaultRuntime.log(formatCapability(capability));
+    });
+    capabilities
+        .command("revoke")
+        .description("Revoke capabilities from an agent")
+        .argument("[type]", `Capability type to revoke (omit to revoke all)`)
+        .option("-a, --agent <pattern>", "Agent ID pattern", "*")
+        .option("--json", "Print JSON output")
+        .action(async (type, opts) => {
+        const rich = isRich();
+        const cfg = loadConfig();
+        if (!cfg.security?.agents || cfg.security.agents.length === 0) {
+            if (opts.json) {
+                defaultRuntime.log(JSON.stringify({ success: true, removed: 0 }));
+            }
+            else {
+                defaultRuntime.log(rich ? theme.muted("No capabilities configured") : "No capabilities configured");
+            }
+            return;
+        }
+        const agentId = opts.agent || "*";
+        const agentEntry = cfg.security.agents.find((a) => a.agentId === agentId);
+        if (!agentEntry) {
+            if (opts.json) {
+                defaultRuntime.log(JSON.stringify({ success: true, removed: 0 }));
+            }
+            else {
+                defaultRuntime.log(rich
+                    ? theme.muted(`No capabilities found for agent "${agentId}"`)
+                    : `No capabilities found for agent "${agentId}"`);
+            }
+            return;
+        }
+        const beforeCount = agentEntry.capabilities.length;
+        if (type) {
+            agentEntry.capabilities = agentEntry.capabilities.filter((c) => c.type !== type);
+        }
+        else {
+            agentEntry.capabilities = [];
+        }
+        const removed = beforeCount - agentEntry.capabilities.length;
+        // Remove empty agent entries
+        cfg.security.agents = cfg.security.agents.filter((a) => a.capabilities.length > 0);
+        await writeConfigFile(cfg);
+        if (opts.json) {
+            defaultRuntime.log(JSON.stringify({ success: true, removed }));
+            return;
+        }
+        if (removed === 0) {
+            defaultRuntime.log(rich ? theme.muted("No matching capabilities found") : "No matching capabilities found");
+        }
+        else {
+            defaultRuntime.log(rich
+                ? theme.success(`Revoked ${removed} capability(s) from agent "${agentId}"`)
+                : `Revoked ${removed} capability(s) from agent "${agentId}"`);
+        }
+    });
+    capabilities
+        .command("list")
+        .description("List agent capabilities")
+        .option("-a, --agent <pattern>", "Filter by agent ID pattern")
+        .option("--json", "Print JSON output")
+        .action(async (opts) => {
+        const rich = isRich();
+        const cfg = loadConfig();
+        const agents = cfg.security?.agents || [];
+        const filtered = opts.agent
+            ? agents.filter((a) => a.agentId === opts.agent || (opts.agent && a.agentId.includes(opts.agent)))
+            : agents;
+        if (opts.json) {
+            defaultRuntime.log(JSON.stringify({ enabled: cfg.security?.enabled ?? false, agents: filtered }, null, 2));
+            return;
+        }
+        if (filtered.length === 0) {
+            defaultRuntime.log(rich ? theme.muted("No capabilities configured") : "No capabilities configured");
+            defaultRuntime.log(`\nEnable capability system: ${formatCliCommand("poolbot config set security.enabled true")}`);
+            return;
+        }
+        const lines = [];
+        lines.push(rich ? theme.heading("Agent Capabilities") : "Agent Capabilities");
+        lines.push(rich
+            ? theme.muted(`Security enabled: ${cfg.security?.enabled ?? false}`)
+            : `Security enabled: ${cfg.security?.enabled ?? false}`);
+        lines.push("");
+        for (const agent of filtered) {
+            lines.push(rich ? theme.heading(agent.agentId) : agent.agentId);
+            for (const cap of agent.capabilities) {
+                lines.push(`  ${formatCapability(cap)}`);
+            }
+            lines.push("");
+        }
+        defaultRuntime.log(lines.join("\n"));
+    });
+    capabilities
+        .command("enable")
+        .description("Enable the capability security system")
+        .option("--json", "Print JSON output")
+        .action(async (opts) => {
+        const cfg = loadConfig();
+        cfg.security = cfg.security || {};
+        cfg.security.enabled = true;
+        await writeConfigFile(cfg);
+        if (opts.json) {
+            defaultRuntime.log(JSON.stringify({ success: true, enabled: true }));
+        }
+        else {
+            defaultRuntime.log(isRich()
+                ? theme.success("Capability security system enabled")
+                : "Capability security system enabled");
+            defaultRuntime.log(`Run ${formatCliCommand("poolbot security capabilities list")} to view current grants`);
+        }
+    });
+    capabilities
+        .command("disable")
+        .description("Disable the capability security system (permissive mode)")
+        .option("--json", "Print JSON output")
+        .action(async (opts) => {
+        const cfg = loadConfig();
+        cfg.security = cfg.security || {};
+        cfg.security.enabled = false;
+        await writeConfigFile(cfg);
+        if (opts.json) {
+            defaultRuntime.log(JSON.stringify({ success: true, enabled: false }));
+        }
+        else {
+            defaultRuntime.log(isRich()
+                ? theme.warn("Capability security system disabled (permissive mode)")
+                : "Capability security system disabled (permissive mode)");
+        }
+    });
 }

package/dist/cli/tagline.js

@@ -191,6 +191,13 @@ export function activeTaglines(options = {}) {
     return filtered.length > 0 ? filtered : TAGLINES;
 }
 export function pickTagline(options = {}) {
+    const mode = options.mode;
+    if (mode === "off") {
+        return "";
+    }
+    if (mode === "default") {
+        return DEFAULT_TAGLINE;
+    }
     const env = options.env ?? process.env;
     const override = env?.POOLBOT_TAGLINE_INDEX ?? env?.CLAWDBOT_TAGLINE_INDEX;
     if (override !== undefined) {

package/dist/config/types.cli.js

@@ -0,0 +1 @@
+export {};

package/dist/config/types.security.js

@@ -0,0 +1,33 @@
+/** Default permissive capabilities (when security is disabled). */
+export const PERMISSIVE_CAPABILITIES = [
+    { type: "file:read", pattern: "*" },
+    { type: "file:write", pattern: "*" },
+    { type: "net:connect", pattern: "*" },
+    { type: "tool:all" },
+    { type: "llm:query", pattern: "*" },
+    { type: "llm:maxTokens", limit: Number.MAX_SAFE_INTEGER },
+    { type: "agent:spawn" },
+    { type: "agent:message", pattern: "*" },
+    { type: "agent:kill", pattern: "*" },
+    { type: "memory:read", scope: "*" },
+    { type: "memory:write", scope: "*" },
+    { type: "shell:exec", pattern: "*" },
+    { type: "env:read", pattern: "*" },
+    { type: "gateway:admin" },
+    { type: "gateway:channels:read" },
+    { type: "gateway:channels:write", pattern: "*" },
+    { type: "econ:spend", limit: Number.MAX_SAFE_INTEGER },
+    { type: "econ:earn" },
+    { type: "econ:transfer", pattern: "*" },
+];
+/** Restricted capabilities for untrusted agents. */
+export const RESTRICTED_CAPABILITIES = [
+    { type: "file:read", pattern: "/data/*" },
+    { type: "net:connect", pattern: "*.openai.com:443" },
+    { type: "tool:invoke", toolId: "web_search" },
+    { type: "tool:invoke", toolId: "file_read" },
+    { type: "llm:query", pattern: "gpt-4*" },
+    { type: "llm:maxTokens", limit: 10000 },
+    { type: "memory:read", scope: "session/*" },
+    { type: "memory:write", scope: "session/*" },
+];

package/dist/config/zod-schema.js

@@ -6,6 +6,7 @@ import { HexColorSchema, ModelsConfigSchema } from "./zod-schema.core.js";
 import { HookMappingSchema, HooksGmailSchema, InternalHooksSchema } from "./zod-schema.hooks.js";
 import { InstallRecordShape } from "./zod-schema.installs.js";
 import { ChannelsSchema } from "./zod-schema.providers.js";
+import { SecuritySchema } from "./zod-schema.security.js";
 import { sensitive } from "./zod-schema.sensitive.js";
 import { CommandsSchema, MessagesSchema, SessionSchema, SessionSendPolicySchema, } from "./zod-schema.session.js";
 const BrowserSnapshotDefaultsSchema = z
@@ -641,6 +642,20 @@ export const PoolBotSchema = z
     })
         .strict()
         .optional(),
+    cli: z
+        .object({
+        banner: z
+            .object({
+            taglineMode: z
+                .union([z.literal("random"), z.literal("default"), z.literal("off")])
+                .optional(),
+        })
+            .strict()
+            .optional(),
+    })
+        .strict()
+        .optional(),
+    security: SecuritySchema,
 })
     .strict()
     .superRefine((cfg, ctx) => {

package/dist/config/zod-schema.providers-core.js

@@ -583,6 +583,7 @@ export const SlackAccountSchema = z
     heartbeat: ChannelHeartbeatVisibilitySchema,
     responsePrefix: z.string().optional(),
     ackReaction: z.string().optional(),
+    typingReaction: z.string().optional(),
 })
     .strict()
     .superRefine((value, ctx) => {

package/dist/config/zod-schema.security.js

@@ -0,0 +1,113 @@
+/**
+ * Zod schema for security configuration.
+ */
+import { z } from "zod";
+/** Capability type schema - matches the TypeScript Capability type. */
+const CapabilitySchema = z.union([
+    // File capabilities
+    z.object({
+        type: z.literal("file:read"),
+        pattern: z.string(),
+    }),
+    z.object({
+        type: z.literal("file:write"),
+        pattern: z.string(),
+    }),
+    // Network capabilities
+    z.object({
+        type: z.literal("net:connect"),
+        pattern: z.string(),
+    }),
+    // Tool capabilities
+    z.object({
+        type: z.literal("tool:invoke"),
+        toolId: z.string(),
+    }),
+    z.object({
+        type: z.literal("tool:all"),
+    }),
+    // LLM capabilities
+    z.object({
+        type: z.literal("llm:query"),
+        pattern: z.string(),
+    }),
+    z.object({
+        type: z.literal("llm:maxTokens"),
+        limit: z.number().int().positive(),
+    }),
+    // Agent capabilities
+    z.object({
+        type: z.literal("agent:spawn"),
+    }),
+    z.object({
+        type: z.literal("agent:message"),
+        pattern: z.string(),
+    }),
+    z.object({
+        type: z.literal("agent:kill"),
+        pattern: z.string(),
+    }),
+    // Memory capabilities
+    z.object({
+        type: z.literal("memory:read"),
+        scope: z.string(),
+    }),
+    z.object({
+        type: z.literal("memory:write"),
+        scope: z.string(),
+    }),
+    // Shell capabilities
+    z.object({
+        type: z.literal("shell:exec"),
+        pattern: z.string(),
+    }),
+    // Environment capabilities
+    z.object({
+        type: z.literal("env:read"),
+        pattern: z.string(),
+    }),
+    // Gateway capabilities
+    z.object({
+        type: z.literal("gateway:admin"),
+    }),
+    z.object({
+        type: z.literal("gateway:channels:read"),
+    }),
+    z.object({
+        type: z.literal("gateway:channels:write"),
+        pattern: z.string(),
+    }),
+    // Economic capabilities
+    z.object({
+        type: z.literal("econ:spend"),
+        limit: z.number().int().nonnegative(),
+    }),
+    z.object({
+        type: z.literal("econ:earn"),
+    }),
+    z.object({
+        type: z.literal("econ:transfer"),
+        pattern: z.string(),
+    }),
+]);
+/** Agent capability configuration schema. */
+const AgentCapabilityConfigSchema = z
+    .object({
+    agentId: z.string(),
+    capabilities: z.array(CapabilitySchema),
+})
+    .strict();
+/** Security configuration schema. */
+export const SecuritySchema = z
+    .object({
+    /** Enable capability enforcement. Default: false (permissive mode). */
+    enabled: z.boolean().optional(),
+    /** Default capabilities for agents without explicit config. */
+    defaultCapabilities: z.array(CapabilitySchema).optional(),
+    /** Per-agent capability configurations. */
+    agents: z.array(AgentCapabilityConfigSchema).optional(),
+    /** Capabilities for the system/root agent. */
+    systemCapabilities: z.array(CapabilitySchema).optional(),
+})
+    .strict()
+    .optional();

package/dist/discord/monitor/message-handler.preflight.js

@@ -66,7 +66,8 @@ export async function preflightDiscordMessage(params) {
         logVerbose(`discord: drop message ${message.id} (missing channel id)`);
         return null;
     }
-    const allowBots = params.discordConfig?.allowBots ?? false;
+    const allowBotsSetting = params.discordConfig?.allowBots;
+    const allowBotsMode = allowBotsSetting === "mentions" ? "mentions" : allowBotsSetting === true ? "all" : "off";
     if (params.botUserId && author.id === params.botUserId) {
         // Always ignore own messages to prevent self-reply loops
         return null;
@@ -92,7 +93,7 @@ export async function preflightDiscordMessage(params) {
         pluralkitInfo,
     });
     if (author.bot) {
-        if (!allowBots && !sender.isPluralKit) {
+        if (allowBotsMode === "off" && !sender.isPluralKit) {
             logVerbose("discord: drop bot message (allowBots=false)");
             return null;
         }
@@ -523,6 +524,14 @@ export async function preflightDiscordMessage(params) {
         });
         return null;
     }
+    if (author.bot && !sender.isPluralKit && allowBotsMode === "mentions") {
+        const botMentioned = isDirectMessage || wasMentioned || implicitMention;
+        if (!botMentioned) {
+            logDebug(`[discord-preflight] drop: bot message missing mention (allowBots=mentions)`);
+            logVerbose("discord: drop bot message (allowBots=mentions, missing mention)");
+            return null;
+        }
+    }
     if (!messageText) {
         logDebug(`[discord-preflight] drop: empty content`);
         logVerbose(`discord: drop message ${message.id} (empty content)`);

package/dist/gateway/http-common.js

@@ -5,9 +5,14 @@ import { readJsonBody } from "./hooks.js";
  * Content-Security-Policy are intentionally omitted here because some handlers
  * (canvas host, A2UI) serve content that may be loaded inside frames.
  */
-export function setDefaultSecurityHeaders(res) {
+export function setDefaultSecurityHeaders(res, opts) {
     res.setHeader("X-Content-Type-Options", "nosniff");
     res.setHeader("Referrer-Policy", "no-referrer");
+    res.setHeader("Permissions-Policy", "camera=(), microphone=(), geolocation=()");
+    const strictTransportSecurity = opts?.strictTransportSecurity;
+    if (typeof strictTransportSecurity === "string" && strictTransportSecurity.length > 0) {
+        res.setHeader("Strict-Transport-Security", strictTransportSecurity);
+    }
 }
 export function sendJson(res, status, body) {
     res.statusCode = status;

package/dist/hooks/fire-and-forget.js

@@ -0,0 +1,6 @@
+import { logVerbose } from "../globals.js";
+export function fireAndForgetHook(task, label, logger = logVerbose) {
+    void task.catch((err) => {
+        logger(`${label}: ${String(err)}`);
+    });
+}