@poolzin/pool-bot 2026.3.7 → 2026.3.10

package/extensions/hexstrike-bridge/index.ts

@@ -0,0 +1,487 @@
+import type { PoolBotPluginApi, PoolBotPluginDefinition, PoolBotPluginConfigSchema } from "../../src/plugins/types.js";
+import type { GatewayRequestHandlerOptions } from "../../src/gateway/server-methods/types.js";
+import { ErrorCodes } from "../../src/gateway/protocol/schema/error-codes.js";
+import { getGlobalTelemetryService } from "../../src/telemetry/service.js";
+import { z } from "zod";
+
+const HexStrikeConfigSchema = z.object({
+  baseUrl: z.string().default("http://localhost:8888"),
+  timeoutMs: z.number().default(300000),
+  maxConcurrentScans: z.number().default(3),
+});
+
+type HexStrikeConfig = z.infer<typeof HexStrikeConfigSchema>;
+
+interface ScanJob {
+  id: string;
+  tool: string;
+  target: string;
+  status: "pending" | "running" | "completed" | "failed";
+  progress: number;
+  result?: unknown;
+  error?: string;
+  startedAt?: Date;
+  completedAt?: Date;
+  durationMs?: number;
+}
+
+interface HexStrikeTool {
+  name: string;
+  description: string;
+  category: string;
+  params: Array<{
+    name: string;
+    type: string;
+    required: boolean;
+    description: string;
+  }>;
+}
+
+class HexStrikeClient {
+  private config: HexStrikeConfig;
+  private activeScans = new Map<string, ScanJob>();
+  private metrics = {
+    totalScans: 0,
+    completedScans: 0,
+    failedScans: 0,
+    totalDurationMs: 0,
+  };
+
+  constructor(config: HexStrikeConfig) {
+    this.config = config;
+  }
+
+  private recordMetrics(job: ScanJob): void {
+    const telemetry = getGlobalTelemetryService();
+    if (!telemetry) return;
+
+    const duration = job.durationMs ?? 0;
+
+    telemetry.recordCounter("poolbot.security.scans_total", 1, {
+      tool: job.tool,
+      status: job.status,
+    });
+
+    if (duration > 0) {
+      telemetry.recordHistogram("poolbot.security.scan_duration_ms", duration, {
+        tool: job.tool,
+      });
+    }
+
+    if (job.status === "completed") {
+      this.metrics.completedScans++;
+    } else if (job.status === "failed") {
+      this.metrics.failedScans++;
+      telemetry.recordCounter("poolbot.security.scan_failures", 1, {
+        tool: job.tool,
+        error: job.error ? job.error.substring(0, 50) : "unknown",
+      });
+    }
+
+    this.metrics.totalScans++;
+    this.metrics.totalDurationMs += duration;
+  }
+
+  async listTools(): Promise<HexStrikeTool[]> {
+    const startTime = Date.now();
+    const telemetry = getGlobalTelemetryService();
+
+    try {
+      const response = await fetch(`${this.config.baseUrl}/api/tools`, {
+        method: "GET",
+        headers: { "Content-Type": "application/json" },
+      });
+
+      if (!response.ok) {
+        throw new Error(`HexStrike API error: ${response.status}`);
+      }
+
+      const data = await response.json();
+      const tools = data.tools || [];
+
+      telemetry?.recordCounter("poolbot.security.api_calls", 1, {
+        endpoint: "list_tools",
+        status: "success",
+      });
+
+      return tools;
+    } catch (error) {
+      telemetry?.recordCounter("poolbot.security.api_calls", 1, {
+        endpoint: "list_tools",
+        status: "error",
+      });
+      throw new Error(`Failed to list tools: ${String(error)}`);
+    } finally {
+      telemetry?.recordHistogram("poolbot.security.api_latency_ms", Date.now() - startTime, {
+        endpoint: "list_tools",
+      });
+    }
+  }
+
+  async executeTool(tool: string, params: Record<string, unknown>): Promise<ScanJob> {
+    const jobId = `scan-${Date.now()}-${Math.random().toString(36).slice(2, 7)}`;
+
+    const job: ScanJob = {
+      id: jobId,
+      tool,
+      target: typeof params.target === "string" ? params.target : typeof params.host === "string" ? params.host : typeof params.url === "string" ? params.url : "unknown",
+      status: "pending",
+      progress: 0,
+    };
+
+    this.activeScans.set(jobId, job);
+
+    const telemetry = getGlobalTelemetryService();
+    telemetry?.recordGauge("poolbot.security.active_scans", this.getActiveScanCount());
+
+    const startTime = Date.now();
+
+    try {
+      job.status = "running";
+      job.startedAt = new Date();
+
+      const response = await fetch(`${this.config.baseUrl}/api/scan`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ tool, params }),
+      });
+
+      if (!response.ok) {
+        throw new Error(`Scan failed: ${response.status}`);
+      }
+
+      const result = await response.json();
+
+      job.status = "completed";
+      job.progress = 100;
+      job.result = result;
+      job.completedAt = new Date();
+      job.durationMs = Date.now() - startTime;
+
+      this.recordMetrics(job);
+
+      return job;
+    } catch (error) {
+      job.status = "failed";
+      job.error = String(error);
+      job.completedAt = new Date();
+      job.durationMs = Date.now() - startTime;
+
+      this.recordMetrics(job);
+
+      throw error;
+    } finally {
+      telemetry?.recordGauge("poolbot.security.active_scans", this.getActiveScanCount());
+    }
+  }
+
+  getJob(jobId: string): ScanJob | undefined {
+    return this.activeScans.get(jobId);
+  }
+
+  listJobs(): ScanJob[] {
+    return Array.from(this.activeScans.values());
+  }
+
+  getActiveScanCount(): number {
+    return Array.from(this.activeScans.values()).filter((j: ScanJob) => j.status === "running").length;
+  }
+
+  getMetrics() {
+    return { ...this.metrics };
+  }
+
+  async getHealth(): Promise<{ status: string; version?: string; latencyMs?: number }> {
+    const startTime = Date.now();
+
+    try {
+      const response = await fetch(`${this.config.baseUrl}/health`, {
+        method: "GET",
+      } as RequestInit);
+
+      const latencyMs = Date.now() - startTime;
+
+      if (!response.ok) {
+        return { status: "unhealthy", latencyMs };
+      }
+
+      const data = await response.json();
+      return { status: "healthy", version: data.version, latencyMs };
+    } catch {
+      return { status: "offline" };
+    }
+  }
+}
+
+// Wrap Zod schema to match PoolBotPluginConfigSchema
+const configSchema: PoolBotPluginConfigSchema = {
+  parse(value: unknown) {
+    return HexStrikeConfigSchema.parse(value);
+  },
+  safeParse(value: unknown) {
+    const result = HexStrikeConfigSchema.safeParse(value);
+    if (result.success) {
+      return { success: true, data: result.data };
+    }
+    return {
+      success: false,
+      error: {
+        issues: result.error?.issues?.map((issue) => ({
+          path: issue.path.map(String),
+          message: issue.message,
+        })),
+      },
+    };
+  },
+};
+
+const definition: PoolBotPluginDefinition = {
+  id: "hexstrike-bridge",
+  name: "HexStrike Security Bridge",
+  description: "Integrates HexStrike AI security tools (150+ scanners)",
+  version: "2026.3.9",
+
+  configSchema,
+
+  async register(api: PoolBotPluginApi) {
+    const config = HexStrikeConfigSchema.parse(api.pluginConfig || {});
+    const client = new HexStrikeClient(config);
+
+    api.logger.info(`HexStrike bridge registering (baseUrl: ${config.baseUrl})`);
+
+    // Record plugin load metric
+    const telemetry = getGlobalTelemetryService();
+    telemetry?.recordCounter("poolbot.security.plugin_loads", 1);
+
+    // Register gateway methods
+    api.registerGatewayMethod("security.status", async (opts: GatewayRequestHandlerOptions) => {
+      const health = await client.getHealth();
+      const metrics = client.getMetrics();
+
+      opts.respond(true, {
+        connected: health.status === "healthy",
+        version: health.version,
+        latencyMs: health.latencyMs,
+        maxConcurrent: config.maxConcurrentScans,
+        activeScans: client.getActiveScanCount(),
+        totalScans: metrics.totalScans,
+        completedScans: metrics.completedScans,
+        failedScans: metrics.failedScans,
+      });
+    });
+
+    api.registerGatewayMethod("security.tools.list", async (opts: GatewayRequestHandlerOptions) => {
+      const tools = await client.listTools();
+      opts.respond(true, { tools });
+    });
+
+    api.registerGatewayMethod("security.scan.start", async (opts: GatewayRequestHandlerOptions) => {
+      const params = opts.params as { tool: string; target: string; options?: Record<string, unknown> };
+
+      // Check concurrent scan limit
+      if (client.getActiveScanCount() >= config.maxConcurrentScans) {
+        opts.respond(false, undefined, {
+          code: ErrorCodes.UNAVAILABLE,
+          message: `Maximum concurrent scans (${config.maxConcurrentScans}) reached`,
+        });
+        return;
+      }
+
+      const job = await client.executeTool(params.tool, {
+        target: params.target,
+        ...params.options,
+      });
+      opts.respond(true, { jobId: job.id, status: job.status });
+    });
+
+    api.registerGatewayMethod("security.scan.status", async (opts: GatewayRequestHandlerOptions) => {
+      const params = opts.params as { jobId: string };
+      const job = client.getJob(params.jobId);
+      if (!job) {
+        opts.respond(false, undefined, { code: ErrorCodes.INVALID_REQUEST, message: `Job not found: ${params.jobId}` });
+        return;
+      }
+      opts.respond(true, {
+        jobId: job.id,
+        status: job.status,
+        progress: job.progress,
+        result: job.result,
+        error: job.error,
+        durationMs: job.durationMs,
+        startedAt: job.startedAt,
+        completedAt: job.completedAt,
+      });
+    });
+
+    api.registerGatewayMethod("security.scan.list", async (opts: GatewayRequestHandlerOptions) => {
+      const jobs = client.listJobs();
+      opts.respond(true, {
+        jobs: jobs.map(j => ({
+          jobId: j.id,
+          tool: j.tool,
+          target: j.target,
+          status: j.status,
+          progress: j.progress,
+          durationMs: j.durationMs,
+          startedAt: j.startedAt,
+          completedAt: j.completedAt,
+        })),
+      });
+    });
+
+    api.registerGatewayMethod("security.metrics", async (opts: GatewayRequestHandlerOptions) => {
+      const metrics = client.getMetrics();
+      const health = await client.getHealth();
+
+      opts.respond(true, {
+        ...metrics,
+        activeScans: client.getActiveScanCount(),
+        connected: health.status === "healthy",
+        averageDurationMs: metrics.totalScans > 0 ? Math.round(metrics.totalDurationMs / metrics.totalScans) : 0,
+      });
+    });
+
+    // Register CLI commands
+    api.registerCli((ctx) => {
+      const securityCmd = ctx.program
+        .command("security")
+        .description("Security scanning via HexStrike AI");
+
+      securityCmd
+        .command("status")
+        .description("Check HexStrike connection status")
+        .action(async () => {
+          const health = await client.getHealth();
+          console.log(`HexStrike Status: ${health.status}`);
+          if (health.version) {
+            console.log(`Version: ${health.version}`);
+          }
+          if (health.latencyMs) {
+            console.log(`Latency: ${health.latencyMs}ms`);
+          }
+        });
+
+      securityCmd
+        .command("tools")
+        .description("List available security tools")
+        .action(async () => {
+          const tools = await client.listTools();
+          console.log(`\nAvailable Security Tools (${tools.length}):\n`);
+
+          const byCategory = new Map<string, HexStrikeTool[]>();
+          for (const tool of tools) {
+            const list = byCategory.get(tool.category) || [];
+            list.push(tool);
+            byCategory.set(tool.category, list);
+          }
+
+          for (const [category, categoryTools] of byCategory) {
+            console.log(`\n${category}:`);
+            for (const tool of categoryTools) {
+              console.log(`  • ${tool.name} - ${tool.description}`);
+            }
+          }
+        });
+
+      securityCmd
+        .command("scan <tool> <target>")
+        .description("Run a security scan")
+        .option("-w, --wait", "Wait for scan completion", false)
+        .option("-t, --timeout <seconds>", "Timeout in seconds", "300")
+        .action(async (tool: string, target: string, options: { wait?: boolean; timeout?: string }) => {
+          console.log(`Starting ${tool} scan against ${target}...`);
+
+          const job = await client.executeTool(tool, {
+            target,
+          });
+
+          console.log(`Scan started: ${job.id}`);
+
+          if (options.wait) {
+            console.log("Waiting for completion...");
+
+            const startTime = Date.now();
+            const timeoutMs = parseInt(options.timeout || "300", 10) * 1000;
+
+            while (job.status === "running" || job.status === "pending") {
+              if (Date.now() - startTime > timeoutMs) {
+                console.log("Timeout reached");
+                break;
+              }
+
+              await new Promise(r => setTimeout(r, 2000));
+              const current = client.getJob(job.id);
+              if (current) {
+                Object.assign(job, current);
+                if (job.progress > 0) {
+                  process.stdout.write(`\rProgress: ${job.progress}%`);
+                }
+              }
+            }
+
+            console.log("\n");
+
+            if (job.status === "completed" && job.result) {
+              console.log("Scan completed successfully!");
+              console.log(JSON.stringify(job.result, null, 2));
+            } else if (job.error) {
+              console.error(`Scan failed: ${job.error}`);
+              process.exit(1);
+            }
+          } else {
+            console.log(`Use 'poolbot security scan-status ${job.id}' to check progress`);
+          }
+        });
+
+      securityCmd
+        .command("scan-status <jobId>")
+        .description("Check scan status")
+        .action(async (jobId: string) => {
+          const job = client.getJob(jobId);
+          if (!job) {
+            console.error(`Job not found: ${jobId}`);
+            process.exit(1);
+          }
+
+          console.log(`Job: ${job.id}`);
+          console.log(`Tool: ${job.tool}`);
+          console.log(`Target: ${job.target}`);
+          console.log(`Status: ${job.status}`);
+          console.log(`Progress: ${job.progress}%`);
+          if (job.durationMs) {
+            console.log(`Duration: ${job.durationMs}ms`);
+          }
+
+          if (job.result) {
+            console.log("\nResult:");
+            console.log(JSON.stringify(job.result, null, 2));
+          }
+
+          if (job.error) {
+            console.error(`\nError: ${job.error}`);
+          }
+        });
+
+      securityCmd
+        .command("metrics")
+        .description("Show security scan metrics")
+        .action(async () => {
+          const metrics = client.getMetrics();
+          const health = await client.getHealth();
+
+          console.log("\nSecurity Scan Metrics:\n");
+          console.log(`Connection: ${health.status}`);
+          console.log(`Active Scans: ${client.getActiveScanCount()}`);
+          console.log(`Total Scans: ${metrics.totalScans}`);
+          console.log(`Completed: ${metrics.completedScans}`);
+          console.log(`Failed: ${metrics.failedScans}`);
+          console.log(`Success Rate: ${metrics.totalScans > 0 ? Math.round((metrics.completedScans / metrics.totalScans) * 100) : 0}%`);
+          if (metrics.totalScans > 0) {
+            console.log(`Avg Duration: ${Math.round(metrics.totalDurationMs / metrics.totalScans)}ms`);
+          }
+        });
+    });
+  },
+};
+
+export default definition;

package/extensions/hexstrike-bridge/package.json

@@ -0,0 +1,17 @@
+{
+  "name": "@poolbot/hexstrike-bridge",
+  "version": "2026.3.10",
+  "type": "module",
+  "description": "HexStrike AI security tools bridge for PoolBot - integrates 150+ security scanners",
+  "poolbot": {
+    "extensions": [
+      "./src/index.ts"
+    ]
+  },
+  "dependencies": {
+    "zod": "^3.22.4"
+  },
+  "devDependencies": {
+    "poolbot": "workspace:*"
+  }
+}

package/extensions/imessage/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@poolbot/imessage",
-  "version": "2026.3.4",
+  "version": "2026.3.10",
   "type": "module",
   "description": "Poolbot iMessage channel plugin",
   "poolbot": {

package/extensions/irc/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@poolzin/irc",
-  "version": "2026.3.4",
+  "version": "2026.3.10",
   "description": "Pool Bot IRC channel plugin",
   "type": "module",
   "devDependencies": {

package/extensions/line/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@poolbot/line",
-  "version": "2026.3.4",
+  "version": "2026.3.10",
   "type": "module",
   "description": "Poolbot LINE channel plugin",
   "poolbot": {

package/extensions/llm-task/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@poolbot/llm-task",
-  "version": "2026.3.4",
+  "version": "2026.3.10",
   "type": "module",
   "description": "Poolbot JSON-only LLM task plugin",
   "poolbot": {

package/extensions/lobster/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@poolbot/lobster",
-  "version": "2026.3.4",
+  "version": "2026.3.10",
   "type": "module",
   "description": "Lobster workflow tool plugin (typed pipelines + resumable approvals)",
   "poolbot": {

package/extensions/matrix/CHANGELOG.md

@@ -1,5 +1,10 @@
 # Changelog
 
+## 2026.3.10
+
+### Changes
+- Version alignment with core Poolbot release numbers.
+
 ## 2026.3.4
 
 ### Changes

package/extensions/matrix/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@poolbot/matrix",
-  "version": "2026.3.4",
+  "version": "2026.3.10",
   "type": "module",
   "description": "Poolbot Matrix channel plugin",
   "poolbot": {

package/extensions/mattermost/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@poolbot/mattermost",
-  "version": "2026.3.4",
+  "version": "2026.3.10",
   "type": "module",
   "description": "Poolbot Mattermost channel plugin",
   "poolbot": {

package/extensions/mcp-server/index.ts

@@ -0,0 +1,14 @@
+import type { PoolBotPluginApi } from "../../src/plugins/types.js";
+
+import { createMcpServerService } from "./src/service.js";
+
+const plugin = {
+  id: "mcp-server",
+  name: "MCP Server",
+  description: "MCP (Model Context Protocol) server - exposes PoolBot tools via MCP protocol",
+  register(api: PoolBotPluginApi) {
+    api.registerService(createMcpServerService());
+  },
+};
+
+export default plugin;

package/extensions/mcp-server/package.json

@@ -0,0 +1,11 @@
+{
+  "name": "@poolbot/mcp-server",
+  "version": "2026.3.10",
+  "type": "module",
+  "description": "MCP (Model Context Protocol) server plugin for PoolBot - exposes tools via MCP protocol",
+  "poolbot": {
+    "extensions": [
+      "./index.ts"
+    ]
+  }
+}