@poolzin/pool-bot 2026.3.6 → 2026.3.9

package/dist/cli/tagline.js

@@ -191,6 +191,13 @@ export function activeTaglines(options = {}) {
     return filtered.length > 0 ? filtered : TAGLINES;
 }
 export function pickTagline(options = {}) {
+    const mode = options.mode;
+    if (mode === "off") {
+        return "";
+    }
+    if (mode === "default") {
+        return DEFAULT_TAGLINE;
+    }
     const env = options.env ?? process.env;
     const override = env?.POOLBOT_TAGLINE_INDEX ?? env?.CLAWDBOT_TAGLINE_INDEX;
     if (override !== undefined) {

package/dist/config/config.js

@@ -2,6 +2,7 @@ export { createConfigIO, loadConfig, parseConfigJson5, readConfigFileSnapshot, r
 export { migrateLegacyConfig } from "./legacy-migrate.js";
 export * from "./paths.js";
 export * from "./runtime-overrides.js";
+export * from "./secrets-integration.js";
 export * from "./types.js";
 export { validateConfigObject, validateConfigObjectWithPlugins } from "./validation.js";
 export { PoolBotSchema } from "./zod-schema.js";

package/dist/config/secrets-integration.js

@@ -0,0 +1,88 @@
+/**
+ * Config Secrets Integration
+ *
+ * Integrates the secrets management system with config loading.
+ * Resolves SecretRefs in config values at runtime.
+ */
+import { SecretsRuntime } from "../secrets/index.js";
+const SECRET_PATHS = [
+    "agent.model",
+    "agent.apiKey",
+    "channels.telegram.botToken",
+    "channels.discord.token",
+    "channels.slack.botToken",
+    "channels.slack.appToken",
+    "gateway.auth.token",
+    "gateway.auth.password",
+    "memory.apiKey",
+    "tools.browser.apiKey",
+];
+/**
+ * Deeply traverse config and resolve secret references
+ */
+export function resolveConfigSecrets(config, secretsRuntime) {
+    const resolved = { ...config };
+    // Resolve specific known secret paths
+    for (const path of SECRET_PATHS) {
+        resolvePath(resolved, path.split("."), secretsRuntime);
+    }
+    // Also scan for any string values that look like secret refs
+    scanAndResolveSecrets(resolved, "", secretsRuntime);
+    return resolved;
+}
+function resolvePath(obj, path, runtime) {
+    if (path.length === 0)
+        return;
+    const [head, ...tail] = path;
+    if (!(head in obj))
+        return;
+    if (tail.length === 0) {
+        // Leaf node - resolve if it's a string
+        const value = obj[head];
+        if (typeof value === "string") {
+            const result = runtime.resolve(head, value);
+            if (result.value !== undefined) {
+                obj[head] = result.value;
+            }
+        }
+    }
+    else {
+        // Traverse deeper
+        const child = obj[head];
+        if (typeof child === "object" && child !== null && !Array.isArray(child)) {
+            resolvePath(child, tail, runtime);
+        }
+    }
+}
+function scanAndResolveSecrets(obj, path, runtime) {
+    if (typeof obj === "string") {
+        // Check if it looks like a secret ref
+        if (obj.startsWith("env:") || obj.startsWith("file:")) {
+            runtime.resolve(path || "unknown", obj);
+        }
+        return;
+    }
+    if (Array.isArray(obj)) {
+        obj.forEach((item, index) => {
+            scanAndResolveSecrets(item, `${path}[${index}]`, runtime);
+        });
+        return;
+    }
+    if (typeof obj === "object" && obj !== null) {
+        for (const [key, value] of Object.entries(obj)) {
+            const newPath = path ? `${path}.${key}` : key;
+            scanAndResolveSecrets(value, newPath, runtime);
+        }
+    }
+}
+/**
+ * Create a secrets runtime from config
+ */
+export function createSecretsRuntimeFromConfig(_config, secretsConfig) {
+    return new SecretsRuntime({
+        allowDirectValues: true,
+        warnOnDirectValues: true,
+        failOnUnresolved: false,
+        ...secretsConfig,
+    });
+}

package/dist/config/types.cli.js

@@ -0,0 +1 @@
+export {};

package/dist/config/types.security.js

@@ -0,0 +1,33 @@
+/** Default permissive capabilities (when security is disabled). */
+export const PERMISSIVE_CAPABILITIES = [
+    { type: "file:read", pattern: "*" },
+    { type: "file:write", pattern: "*" },
+    { type: "net:connect", pattern: "*" },
+    { type: "tool:all" },
+    { type: "llm:query", pattern: "*" },
+    { type: "llm:maxTokens", limit: Number.MAX_SAFE_INTEGER },
+    { type: "agent:spawn" },
+    { type: "agent:message", pattern: "*" },
+    { type: "agent:kill", pattern: "*" },
+    { type: "memory:read", scope: "*" },
+    { type: "memory:write", scope: "*" },
+    { type: "shell:exec", pattern: "*" },
+    { type: "env:read", pattern: "*" },
+    { type: "gateway:admin" },
+    { type: "gateway:channels:read" },
+    { type: "gateway:channels:write", pattern: "*" },
+    { type: "econ:spend", limit: Number.MAX_SAFE_INTEGER },
+    { type: "econ:earn" },
+    { type: "econ:transfer", pattern: "*" },
+];
+/** Restricted capabilities for untrusted agents. */
+export const RESTRICTED_CAPABILITIES = [
+    { type: "file:read", pattern: "/data/*" },
+    { type: "net:connect", pattern: "*.openai.com:443" },
+    { type: "tool:invoke", toolId: "web_search" },
+    { type: "tool:invoke", toolId: "file_read" },
+    { type: "llm:query", pattern: "gpt-4*" },
+    { type: "llm:maxTokens", limit: 10000 },
+    { type: "memory:read", scope: "session/*" },
+    { type: "memory:write", scope: "session/*" },
+];

package/dist/config/zod-schema.js

@@ -6,6 +6,7 @@ import { HexColorSchema, ModelsConfigSchema } from "./zod-schema.core.js";
 import { HookMappingSchema, HooksGmailSchema, InternalHooksSchema } from "./zod-schema.hooks.js";
 import { InstallRecordShape } from "./zod-schema.installs.js";
 import { ChannelsSchema } from "./zod-schema.providers.js";
+import { SecuritySchema } from "./zod-schema.security.js";
 import { sensitive } from "./zod-schema.sensitive.js";
 import { CommandsSchema, MessagesSchema, SessionSchema, SessionSendPolicySchema, } from "./zod-schema.session.js";
 const BrowserSnapshotDefaultsSchema = z
@@ -641,6 +642,20 @@ export const PoolBotSchema = z
     })
         .strict()
         .optional(),
+    cli: z
+        .object({
+        banner: z
+            .object({
+            taglineMode: z
+                .union([z.literal("random"), z.literal("default"), z.literal("off")])
+                .optional(),
+        })
+            .strict()
+            .optional(),
+    })
+        .strict()
+        .optional(),
+    security: SecuritySchema,
 })
     .strict()
     .superRefine((cfg, ctx) => {

package/dist/config/zod-schema.providers-core.js

@@ -583,6 +583,7 @@ export const SlackAccountSchema = z
     heartbeat: ChannelHeartbeatVisibilitySchema,
     responsePrefix: z.string().optional(),
     ackReaction: z.string().optional(),
+    typingReaction: z.string().optional(),
 })
     .strict()
     .superRefine((value, ctx) => {

package/dist/config/zod-schema.security.js

@@ -0,0 +1,113 @@
+/**
+ * Zod schema for security configuration.
+ */
+import { z } from "zod";
+/** Capability type schema - matches the TypeScript Capability type. */
+const CapabilitySchema = z.union([
+    // File capabilities
+    z.object({
+        type: z.literal("file:read"),
+        pattern: z.string(),
+    }),
+    z.object({
+        type: z.literal("file:write"),
+        pattern: z.string(),
+    }),
+    // Network capabilities
+    z.object({
+        type: z.literal("net:connect"),
+        pattern: z.string(),
+    }),
+    // Tool capabilities
+    z.object({
+        type: z.literal("tool:invoke"),
+        toolId: z.string(),
+    }),
+    z.object({
+        type: z.literal("tool:all"),
+    }),
+    // LLM capabilities
+    z.object({
+        type: z.literal("llm:query"),
+        pattern: z.string(),
+    }),
+    z.object({
+        type: z.literal("llm:maxTokens"),
+        limit: z.number().int().positive(),
+    }),
+    // Agent capabilities
+    z.object({
+        type: z.literal("agent:spawn"),
+    }),
+    z.object({
+        type: z.literal("agent:message"),
+        pattern: z.string(),
+    }),
+    z.object({
+        type: z.literal("agent:kill"),
+        pattern: z.string(),
+    }),
+    // Memory capabilities
+    z.object({
+        type: z.literal("memory:read"),
+        scope: z.string(),
+    }),
+    z.object({
+        type: z.literal("memory:write"),
+        scope: z.string(),
+    }),
+    // Shell capabilities
+    z.object({
+        type: z.literal("shell:exec"),
+        pattern: z.string(),
+    }),
+    // Environment capabilities
+    z.object({
+        type: z.literal("env:read"),
+        pattern: z.string(),
+    }),
+    // Gateway capabilities
+    z.object({
+        type: z.literal("gateway:admin"),
+    }),
+    z.object({
+        type: z.literal("gateway:channels:read"),
+    }),
+    z.object({
+        type: z.literal("gateway:channels:write"),
+        pattern: z.string(),
+    }),
+    // Economic capabilities
+    z.object({
+        type: z.literal("econ:spend"),
+        limit: z.number().int().nonnegative(),
+    }),
+    z.object({
+        type: z.literal("econ:earn"),
+    }),
+    z.object({
+        type: z.literal("econ:transfer"),
+        pattern: z.string(),
+    }),
+]);
+/** Agent capability configuration schema. */
+const AgentCapabilityConfigSchema = z
+    .object({
+    agentId: z.string(),
+    capabilities: z.array(CapabilitySchema),
+})
+    .strict();
+/** Security configuration schema. */
+export const SecuritySchema = z
+    .object({
+    /** Enable capability enforcement. Default: false (permissive mode). */
+    enabled: z.boolean().optional(),
+    /** Default capabilities for agents without explicit config. */
+    defaultCapabilities: z.array(CapabilitySchema).optional(),
+    /** Per-agent capability configurations. */
+    agents: z.array(AgentCapabilityConfigSchema).optional(),
+    /** Capabilities for the system/root agent. */
+    systemCapabilities: z.array(CapabilitySchema).optional(),
+})
+    .strict()
+    .optional();

package/dist/context-engine/index.js

@@ -0,0 +1,33 @@
+/**
+ * Context Engine - Pluggable conversation context management
+ *
+ * @example
+ * ```typescript
+ * import { LegacyContextEngine, globalContextEngineRegistry } from './context-engine/index.js';
+ *
+ * // Register the legacy engine
+ * globalContextEngineRegistry.register('legacy', LegacyContextEngine);
+ *
+ * // Get engine instance
+ * const engine = globalContextEngineRegistry.getEngine('legacy');
+ *
+ * // Bootstrap for a session
+ * await engine.bootstrap({ sessionId: 'session-123' });
+ *
+ * // Ingest a message
+ * await engine.ingest({
+ *   sessionId: 'session-123',
+ *   message: { role: 'user', content: 'Hello!' }
+ * });
+ *
+ * // Assemble context
+ * const result = await engine.assemble({
+ *   sessionId: 'session-123',
+ *   messages: []
+ * });
+ * ```
+ */
+// Registry
+export { ContextEngineRegistry, globalContextEngineRegistry, resolveContextEngine, } from "./registry.js";
+// Legacy Engine
+export { LegacyContextEngine, createLegacyContextEngine, } from "./legacy.js";

package/dist/context-engine/legacy.js

@@ -0,0 +1,181 @@
+/**
+ * Legacy Context Engine
+ *
+ * Maintains PoolBot's original context management behavior.
+ * This is the default engine that preserves backward compatibility.
+ *
+ * Strategy:
+ * - Simple message accumulation
+ * - Truncation-based overflow handling
+ * - Basic compaction via summarization
+ */
+export class LegacyContextEngine {
+    info = {
+        id: "legacy",
+        name: "Legacy Context Engine",
+        description: "PoolBot's original context management with simple accumulation and truncation",
+        supportsVectorSearch: false,
+        supportsFullTextSearch: false,
+        tokenLimit: undefined, // No explicit limit
+    };
+    sessions = new Map();
+    async bootstrap(params) {
+        try {
+            // Initialize session storage
+            this.sessions.set(params.sessionId, {
+                messages: [],
+                lastAccessed: new Date(),
+            });
+            return {
+                success: true,
+            };
+        }
+        catch (error) {
+            return {
+                success: false,
+                error: error instanceof Error ? error.message : String(error),
+            };
+        }
+    }
+    async ingest(params) {
+        try {
+            const session = this.sessions.get(params.sessionId);
+            if (!session) {
+                return {
+                    success: false,
+                    error: `Session ${params.sessionId} not found`,
+                };
+            }
+            session.messages.push(params.message);
+            session.lastAccessed = new Date();
+            // Estimate tokens (rough approximation)
+            const content = typeof params.message.content === "string"
+                ? params.message.content
+                : JSON.stringify(params.message.content);
+            const estimatedTokens = Math.ceil(content.length / 4);
+            return {
+                success: true,
+                tokensConsumed: estimatedTokens,
+            };
+        }
+        catch (error) {
+            return {
+                success: false,
+                error: error instanceof Error ? error.message : String(error),
+            };
+        }
+    }
+    async assemble(params) {
+        const session = this.sessions.get(params.sessionId);
+        const messages = session?.messages ?? params.messages;
+        // Apply token budget if specified
+        let resultMessages = messages;
+        let wasTruncated = false;
+        let excludedMessages = [];
+        if (params.tokenBudget && params.tokenBudget > 0) {
+            const estimate = this.estimateTokenCount(messages);
+            if (estimate > params.tokenBudget) {
+                // Simple truncation: keep newest messages that fit
+                const reversed = [...messages].reverse();
+                const fitting = [];
+                let currentTokens = 0;
+                for (const msg of reversed) {
+                    const msgTokens = this.estimateTokenCount([msg]);
+                    if (currentTokens + msgTokens <= params.tokenBudget) {
+                        fitting.unshift(msg);
+                        currentTokens += msgTokens;
+                    }
+                    else {
+                        excludedMessages.unshift(msg);
+                    }
+                }
+                resultMessages = fitting;
+                wasTruncated = true;
+            }
+        }
+        return {
+            messages: resultMessages,
+            totalTokens: this.estimateTokenCount(resultMessages),
+            wasTruncated,
+            excludedMessages: wasTruncated ? excludedMessages : undefined,
+        };
+    }
+    async compact(params) {
+        try {
+            const session = this.sessions.get(params.sessionId);
+            if (!session || session.messages.length === 0) {
+                return {
+                    success: true,
+                    tokensSaved: 0,
+                };
+            }
+            const originalTokens = this.estimateTokenCount(session.messages);
+            // Legacy compaction: summarize older messages
+            // Keep recent messages, summarize older ones
+            const keepRecent = 4; // Keep last 2 exchanges
+            const toSummarize = session.messages.slice(0, -keepRecent);
+            const toKeep = session.messages.slice(-keepRecent);
+            if (toSummarize.length === 0) {
+                return {
+                    success: true,
+                    tokensSaved: 0,
+                };
+            }
+            // Create summary message
+            const summary = {
+                role: "system",
+                content: `[${toSummarize.length} earlier messages summarized]`,
+                metadata: { compacted: true, originalCount: toSummarize.length },
+            };
+            session.messages = [summary, ...toKeep];
+            const newTokens = this.estimateTokenCount(session.messages);
+            return {
+                success: true,
+                summary: summary.content,
+                tokensSaved: originalTokens - newTokens,
+            };
+        }
+        catch (error) {
+            return {
+                success: false,
+                error: error instanceof Error ? error.message : String(error),
+            };
+        }
+    }
+    async cleanup(params) {
+        this.sessions.delete(params.sessionId);
+    }
+    async getStats(params) {
+        const session = this.sessions.get(params.sessionId);
+        if (!session) {
+            return {
+                messageCount: 0,
+            };
+        }
+        return {
+            messageCount: session.messages.length,
+            totalTokens: this.estimateTokenCount(session.messages),
+            lastAccessed: session.lastAccessed,
+        };
+    }
+    /**
+     * Estimate token count for messages
+     * Rough approximation: ~4 characters per token
+     */
+    estimateTokenCount(messages) {
+        let totalChars = 0;
+        for (const msg of messages) {
+            const content = typeof msg.content === "string"
+                ? msg.content
+                : JSON.stringify(msg.content);
+            totalChars += content.length;
+        }
+        return Math.ceil(totalChars / 4);
+    }
+}
+/**
+ * Create the default legacy context engine
+ */
+export function createLegacyContextEngine() {
+    return new LegacyContextEngine();
+}

package/dist/context-engine/registry.js

@@ -0,0 +1,86 @@
+/**
+ * Context Engine Registry
+ *
+ * Manages available context engines and provides
+ * factory methods for creating engine instances.
+ */
+export class ContextEngineRegistry {
+    engines = new Map();
+    instances = new Map();
+    /**
+     * Register a new context engine
+     */
+    register(id, EngineClass) {
+        this.engines.set(id, EngineClass);
+    }
+    /**
+     * Check if an engine is registered
+     */
+    has(id) {
+        return this.engines.has(id);
+    }
+    /**
+     * Get available engine IDs
+     */
+    getAvailableEngines() {
+        return Array.from(this.engines.keys());
+    }
+    /**
+     * Create or get a cached engine instance
+     */
+    getEngine(id) {
+        // Return cached instance if exists
+        const cached = this.instances.get(id);
+        if (cached) {
+            return cached;
+        }
+        // Create new instance
+        const EngineClass = this.engines.get(id);
+        if (!EngineClass) {
+            throw new Error(`Context engine "${id}" not registered. Available: ${this.getAvailableEngines().join(", ")}`);
+        }
+        const instance = new EngineClass();
+        this.instances.set(id, instance);
+        return instance;
+    }
+    /**
+     * Remove cached instance (for cleanup/testing)
+     */
+    clearCache(id) {
+        if (id) {
+            this.instances.delete(id);
+        }
+        else {
+            this.instances.clear();
+        }
+    }
+    /**
+     * Get engine info for all registered engines
+     */
+    getEngineInfos() {
+        return this.getAvailableEngines().map((id) => {
+            const engine = this.getEngine(id);
+            return {
+                id,
+                name: engine.info.name,
+                description: engine.info.description,
+            };
+        });
+    }
+}
+/**
+ * Global registry instance
+ */
+export const globalContextEngineRegistry = new ContextEngineRegistry();
+/**
+ * Resolve which engine to use based on configuration
+ */
+export function resolveContextEngine(sessionId, config, registry = globalContextEngineRegistry) {
+    // Check for session-specific override
+    const engineId = config.sessionEngines?.[sessionId] ?? config.defaultEngine;
+    if (!registry.has(engineId)) {
+        throw new Error(`Context engine "${engineId}" not found for session ${sessionId}. ` +
+            `Available engines: ${registry.getAvailableEngines().join(", ")}`);
+    }
+    return registry.getEngine(engineId);
+}