@poolzin/pool-bot 2026.3.6 → 2026.3.9

package/CHANGELOG.md

@@ -1,3 +1,19 @@
+## v2026.3.9 (2026-03-09)
+
+### Features
+- **Modular Skills System:** new comprehensive skills management system in `src/skills/` — 8 core modules providing SKILL.md parsing, security scanning, registry management, progressive disclosure loading, and CLI commands (`poolbot mods`)
+  - `types.ts`: Type definitions compatible with agentskills.io specification
+  - `parser.ts`: YAML frontmatter parser for SKILL.md files with validation
+  - `registry.ts`: EventEmitter-based skills registry with lifecycle management
+  - `loader.ts`: Progressive disclosure loader with dependency resolution
+  - `security.ts`: Security scanner for prompt injection and path traversal detection
+  - `commands.ts`: CLI commands for skill management
+  - `index.ts`: Public API exports
+  - Comprehensive test suite with 52 passing tests
+- **Integration Plans:** detailed implementation plans for external project integrations (Page Agent, HexStrike AI, xyOps) via Gateway Node protocol
+
+---
+
 ## v2026.3.6 (2026-03-06)
 
 ### Features

package/dist/.buildstamp

@@ -1 +1 @@
-1772591706886
+1773025806569

package/dist/agents/error-classifier.js

@@ -0,0 +1,302 @@
+/**
+ * Error Classification System
+ *
+ * Provides comprehensive error classification for LLM/AI operations.
+ * Detects specific error types like context overflow, rate limits, etc.
+ */
+// OpenAI error patterns
+const OPENAI_PATTERNS = {
+    context_overflow: [
+        /context length exceeded/i,
+        /maximum context length/i,
+        /token limit exceeded/i,
+        /too many tokens/i,
+        /rate_limit_exceeded.*context/i,
+    ],
+    rate_limit: [
+        /rate limit exceeded/i,
+        /too many requests/i,
+        /ratelimit/i,
+    ],
+    authentication: [
+        /invalid api key/i,
+        /incorrect api key/i,
+        /authentication/i,
+        /unauthorized/i,
+    ],
+    invalid_request: [
+        /invalid_request_error/i,
+        /bad request/i,
+        /invalid parameter/i,
+    ],
+};
+// Anthropic error patterns
+const ANTHROPIC_PATTERNS = {
+    context_overflow: [
+        /context window exceeded/i,
+        /maximum token count/i,
+        /too many tokens/i,
+    ],
+    rate_limit: [
+        /rate limit/i,
+        /too many requests/i,
+    ],
+    authentication: [
+        /invalid api key/i,
+        /authentication failed/i,
+    ],
+    authorization: [
+        /forbidden/i,
+        /access denied/i,
+        /unauthorized.*resource/i,
+        /insufficient.*permission/i,
+    ],
+};
+// Google/Gemini error patterns
+const GEMINI_PATTERNS = {
+    context_overflow: [
+        /token limit exceeded/i,
+        /maximum input size/i,
+        /context too long/i,
+    ],
+    rate_limit: [
+        /rate limit exceeded/i,
+        /quota exceeded/i,
+        /too many requests/i,
+    ],
+    quota_exceeded: [
+        /quota exceeded/i,
+        /billing limit/i,
+        /project quota/i,
+    ],
+};
+// Generic patterns
+const GENERIC_PATTERNS = {
+    context_overflow: [
+        /context.*overflow/i,
+        /context.*exceeded/i,
+        /token.*limit/i,
+        /maximum.*context/i,
+        /message too long/i,
+        /input too long/i,
+    ],
+    rate_limit: [
+        /rate.?limit/i,
+        /too many requests/i,
+        /throttled/i,
+        /429/i,
+    ],
+    timeout: [
+        /timeout/i,
+        /timed out/i,
+        /etimedout/i,
+    ],
+    network_error: [
+        /network error/i,
+        /econnreset/i,
+        /econnrefused/i,
+        /enotfound/i,
+        /network/i,
+    ],
+    server_error: [
+        /server error/i,
+        /internal error/i,
+        /500/i,
+        /502/i,
+        /503/i,
+        /504/i,
+    ],
+    compaction_failure: [
+        /compaction failed/i,
+        /summarization failed/i,
+        /failed to compact/i,
+    ],
+};
+/**
+ * Classify an error based on message patterns
+ */
+export function classifyError(error) {
+    if (!(error instanceof Error)) {
+        return {
+            type: "unknown",
+            retryable: false,
+            message: String(error),
+        };
+    }
+    const message = error.message.toLowerCase();
+    // Check context overflow first (highest priority for LLM errors)
+    for (const pattern of [...OPENAI_PATTERNS.context_overflow, ...ANTHROPIC_PATTERNS.context_overflow, ...GEMINI_PATTERNS.context_overflow, ...GENERIC_PATTERNS.context_overflow]) {
+        if (pattern.test(message)) {
+            return {
+                type: "context_overflow",
+                retryable: false,
+                message: error.message,
+            };
+        }
+    }
+    // Check quota exceeded (before rate limit to avoid false positives)
+    for (const pattern of GEMINI_PATTERNS.quota_exceeded) {
+        if (pattern.test(message)) {
+            return {
+                type: "quota_exceeded",
+                retryable: false,
+                message: error.message,
+            };
+        }
+    }
+    // Check rate limit
+    for (const pattern of [...OPENAI_PATTERNS.rate_limit, ...ANTHROPIC_PATTERNS.rate_limit, ...GEMINI_PATTERNS.rate_limit, ...GENERIC_PATTERNS.rate_limit]) {
+        if (pattern.test(message)) {
+            return {
+                type: "rate_limit",
+                retryable: true,
+                message: error.message,
+            };
+        }
+    }
+    // Check authentication
+    for (const pattern of [...OPENAI_PATTERNS.authentication, ...ANTHROPIC_PATTERNS.authentication]) {
+        if (pattern.test(message)) {
+            return {
+                type: "authentication",
+                retryable: false,
+                message: error.message,
+            };
+        }
+    }
+    // Check authorization (403-like errors)
+    for (const pattern of ANTHROPIC_PATTERNS.authorization) {
+        if (pattern.test(message)) {
+            return {
+                type: "authorization",
+                retryable: false,
+                message: error.message,
+            };
+        }
+    }
+    // Check timeout
+    for (const pattern of GENERIC_PATTERNS.timeout) {
+        if (pattern.test(message)) {
+            return {
+                type: "timeout",
+                retryable: true,
+                message: error.message,
+            };
+        }
+    }
+    // Check network errors
+    for (const pattern of GENERIC_PATTERNS.network_error) {
+        if (pattern.test(message)) {
+            return {
+                type: "network_error",
+                retryable: true,
+                message: error.message,
+            };
+        }
+    }
+    // Check server errors
+    for (const pattern of GENERIC_PATTERNS.server_error) {
+        if (pattern.test(message)) {
+            return {
+                type: "server_error",
+                retryable: true,
+                message: error.message,
+            };
+        }
+    }
+    // Check compaction failure
+    for (const pattern of GENERIC_PATTERNS.compaction_failure) {
+        if (pattern.test(message)) {
+            return {
+                type: "compaction_failure",
+                retryable: true,
+                message: error.message,
+            };
+        }
+    }
+    // Default to unknown
+    return {
+        type: "unknown",
+        retryable: false,
+        message: error.message,
+    };
+}
+/**
+ * Check if error is a context overflow error
+ */
+export function isContextOverflowError(error) {
+    const classification = classifyError(error);
+    return classification.type === "context_overflow";
+}
+/**
+ * Check if error is a rate limit error
+ */
+export function isRateLimitError(error) {
+    const classification = classifyError(error);
+    return classification.type === "rate_limit";
+}
+/**
+ * Check if error is a compaction failure
+ */
+export function isCompactionFailureError(error) {
+    const classification = classifyError(error);
+    return classification.type === "compaction_failure";
+}
+/**
+ * Check if error is likely a context overflow (heuristic)
+ */
+export function isLikelyContextOverflowError(error) {
+    if (!(error instanceof Error)) {
+        return false;
+    }
+    const message = error.message.toLowerCase();
+    // Check for common indicators
+    const indicators = [
+        "context",
+        "token",
+        "length",
+        "exceeded",
+        "maximum",
+        "limit",
+        "too long",
+        "too many",
+    ];
+    const score = indicators.reduce((acc, indicator) => {
+        return acc + (message.includes(indicator) ? 1 : 0);
+    }, 0);
+    // If 3+ indicators present, likely context overflow
+    return score >= 3;
+}
+/**
+ * Get retry delay for error type
+ */
+export function getRetryDelayForError(error, attempt) {
+    const classification = classifyError(error);
+    switch (classification.type) {
+        case "rate_limit":
+            // Rate limits: start with 2s, double each attempt
+            return Math.min(2000 * 2 ** attempt, 60000);
+        case "timeout":
+        case "network_error":
+            // Network issues: start with 500ms
+            return Math.min(500 * 2 ** attempt, 30000);
+        case "server_error":
+            // Server errors: start with 1s
+            return Math.min(1000 * 2 ** attempt, 30000);
+        case "compaction_failure":
+            // Compaction: shorter delays
+            return Math.min(500 * 2 ** attempt, 5000);
+        default:
+            return 1000;
+    }
+}
+/**
+ * Format error for logging (sanitized)
+ */
+export function formatErrorForLogging(error) {
+    if (error instanceof Error) {
+        const classification = classifyError(error);
+        return `[${classification.type}] ${classification.message}`;
+    }
+    return `[unknown] ${String(error)}`;
+}

package/dist/agents/pi-tools.js

@@ -16,8 +16,10 @@ import { assertRequiredParams, CLAUDE_PARAM_GROUPS, createPoolbotReadTool, creat
 import { cleanToolSchemaForGemini, normalizeToolParameters } from "./pi-tools.schema.js";
 import { getSubagentDepthFromSessionStore } from "./subagent-depth.js";
 import { applyToolPolicyPipeline, buildDefaultToolPolicyPipelineSteps, } from "./tool-policy-pipeline.js";
-import { applyOwnerOnlyToolPolicy, collectExplicitAllowlist, mergeAlsoAllowPolicy, resolveToolProfilePolicy, } from "./tool-policy.js";
+import { applyOwnerOnlyToolPolicy, collectExplicitAllowlist, mergeAlsoAllowPolicy, normalizeToolName, resolveToolProfilePolicy, } from "./tool-policy.js";
 import { resolveWorkspaceRoot } from "./workspace-dir.js";
+import { CapabilityError } from "../security/capability-guards.js";
+import { createDefaultSecurityMiddleware } from "../security/middleware.js";
 function isOpenAIProvider(provider) {
     const normalized = provider?.trim().toLowerCase();
     return normalized === "openai" || normalized === "openai-codex";
@@ -339,8 +341,36 @@ export function createPoolbotCodingTools(options) {
     const withAbort = options?.abortSignal
         ? withHooks.map((tool) => wrapToolWithAbortSignal(tool, options.abortSignal))
         : withHooks;
+    // Apply capability-based security middleware if enabled
+    const withCapabilities = options?.config?.security?.enabled && agentId
+        ? withAbort.map((tool) => wrapToolWithCapabilityCheck(tool, agentId))
+        : withAbort;
     // NOTE: Keep canonical (lowercase) tool names here.
     // pi-ai's Anthropic OAuth transport remaps tool names to Claude Code-style names
     // on the wire and maps them back for tool dispatch.
-    return withAbort;
+    return withCapabilities;
+}
+/**
+ * Wraps a tool with capability-based security checks.
+ * This enforces fine-grained permissions for tool invocation.
+ */
+function wrapToolWithCapabilityCheck(tool, agentId) {
+    const middleware = createDefaultSecurityMiddleware();
+    return {
+        ...tool,
+        execute: async (toolCallId, args, signal, onUpdate) => {
+            const ctx = { agentId };
+            const toolId = normalizeToolName(tool.name);
+            const result = await middleware(ctx, toolId, (args ?? {}), async () => {
+                if (!tool.execute) {
+                    throw new CapabilityError(`Tool ${tool.name} has no execute function`, agentId, {
+                        type: "tool:invoke",
+                        toolId,
+                    });
+                }
+                return await tool.execute(toolCallId, args, signal, onUpdate);
+            });
+            return result;
+        },
+    };
 }

package/dist/agents/skills/security.js

@@ -0,0 +1,217 @@
+/**
+ * Skill Security Scanner
+ *
+ * Security scanning for PoolBot skills.
+ * Detects potential security issues in skill files.
+ *
+ * @module agents/skills/security
+ */
+// ============================================================================
+// Constants
+// ============================================================================
+const SCANNER_VERSION = "1.0.0";
+// Patterns that indicate potential security issues
+const PATTERNS = [
+    // Prompt injection attempts
+    {
+        type: "prompt_injection",
+        severity: "critical",
+        pattern: /ignore\s+(?:previous|above|prior)|disregard\s+(?:instructions?|prompt)|system\s*:\s*you\s+are|new\s+instructions?\s*:/i,
+        description: "Potential prompt injection attempt detected",
+        remediation: "Review skill content for malicious instruction overrides",
+    },
+    {
+        type: "prompt_injection",
+        severity: "high",
+        pattern: /\[\s*system\s*\]|\(\s*system\s*\)|\{\s*system\s*\}|\bDAN\b|do\s+anything\s+now/i,
+        description: "Suspicious system role reference",
+        remediation: "Verify skill doesn't attempt to override system behavior",
+    },
+    // Command injection
+    {
+        type: "command_injection",
+        severity: "critical",
+        pattern: /(?:bash|sh|zsh|cmd|powershell)\s+-c\s+["']|exec\s*\(|eval\s*\(|system\s*\(/i,
+        description: "Potential command injection pattern",
+        remediation: "Avoid executing arbitrary shell commands from skill content",
+    },
+    {
+        type: "command_injection",
+        severity: "high",
+        pattern: /`[^`]*(?:rm|del|format|mkfs|dd|wget|curl|fetch)[^`]*`|\$\([^)]*(?:rm|del|wget|curl)[^)]*\)/i,
+        description: "Dangerous command in template literal",
+        remediation: "Review shell command usage for safety",
+    },
+    // Path traversal
+    {
+        type: "path_traversal",
+        severity: "high",
+        pattern: /\.\.[/\\]|\.\.%2f|\.\.%5c|%2e%2e[/\\]/i,
+        description: "Path traversal attempt detected",
+        remediation: "Validate and sanitize all file paths",
+    },
+    // Suspicious patterns
+    {
+        type: "suspicious_pattern",
+        severity: "medium",
+        pattern: /(?:password|secret|token|key|credential)\s*=\s*["'][^"']{8,}["']/i,
+        description: "Hardcoded credential-like pattern",
+        remediation: "Use environment variables or secure secret storage",
+    },
+    {
+        type: "suspicious_pattern",
+        severity: "medium",
+        pattern: /base64\s*\(\s*["'][^"']{20,}["']\s*\)|atob\s*\(|btoa\s*\(/i,
+        description: "Suspicious encoding/decoding pattern",
+        remediation: "Verify encoding is not used to obfuscate malicious content",
+    },
+    // External dependencies
+    {
+        type: "external_dependency",
+        severity: "low",
+        pattern: /(?:npm|pip|gem|cargo|go\s+get)\s+install/i,
+        description: "External package installation mentioned",
+        remediation: "Verify all external dependencies are trustworthy",
+    },
+    // Data exfiltration
+    {
+        type: "data_exfiltration",
+        severity: "high",
+        pattern: /(?:https?:\/\/|ftp:\/\/)[^\s"']+(?:webhook|callback|exfil|collect|steal|send)/i,
+        description: "Potential data exfiltration endpoint",
+        remediation: "Verify all external URLs are legitimate",
+    },
+];
+// ============================================================================
+// Scanner
+// ============================================================================
+/**
+ * Scan skill content for security issues
+ */
+export function scanSkill(skillName, content) {
+    const findings = [];
+    const lines = content.split("\n");
+    for (const { type, severity, pattern, description, remediation } of PATTERNS) {
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            const matches = line.matchAll(pattern);
+            for (const match of matches) {
+                if (match.index !== undefined) {
+                    findings.push({
+                        type,
+                        severity,
+                        line: i + 1,
+                        column: match.index + 1,
+                        match: match[0].slice(0, 100), // Limit match length
+                        description,
+                        remediation,
+                    });
+                }
+            }
+        }
+    }
+    // Sort by severity
+    const severityOrder = [
+        "critical",
+        "high",
+        "medium",
+        "low",
+        "info",
+    ];
+    findings.sort((a, b) => severityOrder.indexOf(a.severity) - severityOrder.indexOf(b.severity));
+    return {
+        skillName,
+        scannerVersion: SCANNER_VERSION,
+        scannedAt: new Date(),
+        findings,
+        passed: !findings.some((f) => f.severity === "critical" || f.severity === "high"),
+    };
+}
+/**
+ * Quick security check - returns true if skill passes basic security
+ */
+export function quickSecurityCheck(skillName, content) {
+    const report = scanSkill(skillName, content);
+    return report.passed;
+}
+/**
+ * Get security summary for display
+ */
+export function getSecuritySummary(report) {
+    const counts = {
+        critical: 0,
+        high: 0,
+        medium: 0,
+        low: 0,
+        info: 0,
+    };
+    for (const finding of report.findings) {
+        counts[finding.severity]++;
+    }
+    const hasCritical = counts.critical > 0;
+    const hasHigh = counts.high > 0;
+    const hasMedium = counts.medium > 0;
+    const hasLow = counts.low > 0;
+    if (hasCritical) {
+        return {
+            status: "Failed",
+            color: "red",
+            summary: `${counts.critical} critical, ${counts.high} high severity issues`,
+            counts,
+        };
+    }
+    if (hasHigh) {
+        return {
+            status: "Warning",
+            color: "yellow",
+            summary: `${counts.high} high severity issues`,
+            counts,
+        };
+    }
+    if (hasMedium || hasLow) {
+        return {
+            status: "Passed",
+            color: "yellow",
+            summary: `${counts.medium} medium, ${counts.low} low severity issues`,
+            counts,
+        };
+    }
+    return {
+        status: "Passed",
+        color: "green",
+        summary: "No security issues found",
+        counts,
+    };
+}
+/**
+ * Format findings for display
+ */
+export function formatFindings(findings) {
+    if (findings.length === 0) {
+        return ["No security issues found."];
+    }
+    const lines = [];
+    const bySeverity = {
+        critical: [],
+        high: [],
+        medium: [],
+        low: [],
+        info: [],
+    };
+    for (const finding of findings) {
+        bySeverity[finding.severity].push(finding);
+    }
+    for (const severity of ["critical", "high", "medium", "low", "info"]) {
+        const items = bySeverity[severity];
+        if (items.length === 0)
+            continue;
+        lines.push(`\n${severity.toUpperCase()} (${items.length}):`);
+        for (const finding of items) {
+            lines.push(`  [${finding.type}] Line ${finding.line}: ${finding.description}`);
+            if (finding.remediation) {
+                lines.push(`    → ${finding.remediation}`);
+            }
+        }
+    }
+    return lines;
+}

package/dist/auto-reply/reply/get-reply.js

@@ -14,6 +14,7 @@ import { resolveReplyDirectives } from "./get-reply-directives.js";
 import { handleInlineActions } from "./get-reply-inline-actions.js";
 import { runPreparedReply } from "./get-reply-run.js";
 import { finalizeInboundContext } from "./inbound-context.js";
+import { emitPreAgentMessageHooks } from "./message-preprocess-hooks.js";
 import { applyResetModelOverride } from "./session-reset-model.js";
 import { initSessionState } from "./session.js";
 import { stageSandboxMedia } from "./stage-sandbox-media.js";
@@ -110,6 +111,11 @@ export async function getReplyFromConfig(ctx, opts, configOverride) {
             cfg,
         });
     }
+    emitPreAgentMessageHooks({
+        ctx: finalized,
+        cfg,
+        isFastTestEnv,
+    });
     const commandAuthorized = finalized.CommandAuthorized;
     resolveCommandAuthorization({
         ctx: finalized,

package/dist/auto-reply/reply/message-preprocess-hooks.js

@@ -0,0 +1,17 @@
+import { fireAndForgetHook } from "../../hooks/fire-and-forget.js";
+import { createInternalHookEvent, triggerInternalHook } from "../../hooks/internal-hooks.js";
+import { deriveInboundMessageHookContext, toInternalMessagePreprocessedContext, toInternalMessageTranscribedContext, } from "../../hooks/message-hook-mappers.js";
+export function emitPreAgentMessageHooks(params) {
+    if (params.isFastTestEnv) {
+        return;
+    }
+    const sessionKey = params.ctx.SessionKey?.trim();
+    if (!sessionKey) {
+        return;
+    }
+    const canonical = deriveInboundMessageHookContext(params.ctx);
+    if (canonical.transcript) {
+        fireAndForgetHook(triggerInternalHook(createInternalHookEvent("message", "transcribed", sessionKey, toInternalMessageTranscribedContext(canonical, params.cfg))), "get-reply: message:transcribed internal hook failed");
+    }
+    fireAndForgetHook(triggerInternalHook(createInternalHookEvent("message", "preprocessed", sessionKey, toInternalMessagePreprocessedContext(canonical, params.cfg))), "get-reply: message:preprocessed internal hook failed");
+}

package/dist/build-info.json

@@ -1,5 +1,5 @@
 {
-  "version": "2026.3.6",
-  "commit": "def3163876b28829de26ed4eb0c2166b051434ae",
-  "builtAt": "2026-03-06T12:13:28.765Z"
+  "version": "2026.3.9",
+  "commit": "d5b6ac08110e3d6f001682436afdb5921d394bca",
+  "builtAt": "2026-03-09T04:38:56.911Z"
 }

package/dist/cli/banner.js

@@ -1,9 +1,28 @@
+import { loadConfig } from "../config/config.js";
 import { resolveCommitHash } from "../infra/git-commit.js";
 import { visibleWidth } from "../terminal/ansi.js";
 import { isRich, theme } from "../terminal/theme.js";
 import { hasRootVersionAlias } from "./argv.js";
 import { pickTagline } from "./tagline.js";
 import { resolveCliName } from "./cli-name.js";
+function parseTaglineMode(value) {
+    if (value === "random" || value === "default" || value === "off") {
+        return value;
+    }
+    return undefined;
+}
+function resolveTaglineMode(options) {
+    const explicit = parseTaglineMode(options.mode);
+    if (explicit) {
+        return explicit;
+    }
+    try {
+        return parseTaglineMode(loadConfig().cli?.banner?.taglineMode);
+    }
+    catch {
+        return undefined;
+    }
+}
 let bannerEmitted = false;
 const graphemeSegmenter = typeof Intl !== "undefined" && "Segmenter" in Intl
     ? new Intl.Segmenter(undefined, { granularity: "grapheme" })
@@ -23,7 +42,7 @@ const hasVersionFlag = (argv) => argv.some((arg) => arg === "--version" || arg =
 export function formatCliBannerLine(version, options = {}) {
     const commit = options.commit ?? resolveCommitHash({ env: options.env });
     const commitLabel = commit ?? "unknown";
-    const tagline = pickTagline(options);
+    const tagline = pickTagline({ ...options, mode: resolveTaglineMode(options) });
     const rich = options.richTty ?? isRich();
     const cliName = resolveCliName(options.argv ?? process.argv);
     const title = cliName === "poolbot" ? "🎱 Pool Bot" : "🎱 Pool Bot";