@poolzin/pool-bot 2026.3.9 → 2026.3.10

package/extensions/feishu/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@poolzin/feishu",
-  "version": "2026.3.4",
+  "version": "2026.3.10",
   "description": "Pool Bot Feishu/Lark channel plugin (community maintained by @m1heng)",
   "type": "module",
   "dependencies": {

package/extensions/google-antigravity-auth/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@poolbot/google-antigravity-auth",
-  "version": "2026.3.4",
+  "version": "2026.3.10",
   "type": "module",
   "description": "Poolbot Google Antigravity OAuth provider plugin",
   "poolbot": {

package/extensions/google-gemini-cli-auth/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@poolbot/google-gemini-cli-auth",
-  "version": "2026.3.4",
+  "version": "2026.3.10",
   "type": "module",
   "description": "Poolbot Gemini CLI OAuth provider plugin",
   "poolbot": {

package/extensions/googlechat/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@poolbot/googlechat",
-  "version": "2026.3.4",
+  "version": "2026.3.10",
   "type": "module",
   "description": "Poolbot Google Chat channel plugin",
   "poolbot": {

package/extensions/hexstrike-bridge/README.md

@@ -0,0 +1,119 @@
+# HexStrike Bridge Extension
+
+Integração do PoolBot com HexStrike AI - plataforma de segurança com 150+ scanners.
+
+## Visão Geral
+
+Esta extensão conecta o PoolBot ao HexStrike AI, permitindo executar scans de segurança diretamente via CLI e gateway.
+
+## Funcionalidades
+
+- **150+ ferramentas de segurança** disponíveis via HexStrike
+- **Scans assíncronos** com acompanhamento de progresso
+- **CLI integrada** - comandos `poolbot security`
+- **Gateway RPC** - métodos para integração com outros sistemas
+
+## Instalação
+
+A extensão é carregada automaticamente pelo PoolBot quando presente no diretório `extensions/`.
+
+## Configuração
+
+```json
+{
+  "hexstrike-bridge": {
+    "baseUrl": "http://localhost:8888",
+    "timeoutMs": 300000,
+    "maxConcurrentScans": 3
+  }
+}
+```
+
+| Opção | Descrição | Padrão |
+|-------|-----------|--------|
+| `baseUrl` | URL da API HexStrike | `http://localhost:8888` |
+| `timeoutMs` | Timeout de scans em ms | `300000` (5min) |
+| `maxConcurrentScans` | Máximo de scans paralelos | `3` |
+
+## Comandos CLI
+
+### Verificar status
+```bash
+poolbot security status
+```
+
+### Listar ferramentas disponíveis
+```bash
+poolbot security tools
+```
+
+### Executar scan
+```bash
+# Scan rápido (assíncrono)
+poolbot security scan nmap example.com
+
+# Scan com espera
+poolbot security scan nmap example.com --wait
+
+# Scan com timeout customizado
+poolbot security scan nmap example.com --wait --timeout 600
+```
+
+### Verificar status do scan
+```bash
+poolbot security scan-status <job-id>
+```
+
+## Gateway RPC Methods
+
+| Método | Descrição |
+|--------|-----------|
+| `security.status` | Status da conexão HexStrike |
+| `security.tools.list` | Lista ferramentas disponíveis |
+| `security.scan.start` | Inicia um novo scan |
+| `security.scan.status` | Status de um scan específico |
+| `security.scan.list` | Lista todos os scans ativos |
+
+## Exemplos de Uso
+
+### Scan de portas com Nmap
+```bash
+poolbot security scan nmap 192.168.1.1 --wait
+```
+
+### Scan de vulnerabilidades
+```bash
+poolbot security scan nikto https://example.com --wait
+```
+
+### Verificar todos os scans em andamento
+```bash
+poolbot security scan-list
+```
+
+## Requisitos
+
+- HexStrike AI rodando (por padrão em `localhost:8888`)
+- PoolBot v2026.3.9+
+
+## Troubleshooting
+
+### "HexStrike offline"
+Verifique se o HexStrike está rodando:
+```bash
+curl http://localhost:8888/health
+```
+
+### Timeout em scans longos
+Aumente o timeout na configuração:
+```json
+{
+  "hexstrike-bridge": {
+    "timeoutMs": 600000
+  }
+}
+```
+
+## Licença
+
+MIT - Parte do ecossistema PoolBot

package/extensions/hexstrike-bridge/index.test.ts

@@ -0,0 +1,247 @@
+import { describe, it, expect, vi, beforeEach } from "vitest";
+import type { PoolBotPluginApi } from "../../src/plugins/types.js";
+import type { GatewayRequestHandlerOptions } from "../../src/gateway/server-methods/types.js";
+
+// Mock fetch globally
+const mockFetch = vi.fn();
+global.fetch = mockFetch as unknown as typeof fetch;
+
+// Import the plugin after mocking
+const definition = (await import("./index.js")).default;
+
+describe("hexstrike-bridge", () => {
+  let mockApi: PoolBotPluginApi;
+  let registeredMethods: Map<string, Function>;
+
+  beforeEach(() => {
+    vi.clearAllMocks();
+    registeredMethods = new Map();
+
+    mockApi = {
+      pluginConfig: {},
+      logger: {
+        info: vi.fn(),
+        warn: vi.fn(),
+        error: vi.fn(),
+        debug: vi.fn(),
+      },
+      registerGatewayMethod: vi.fn((name: string, handler: Function) => {
+        registeredMethods.set(name, handler);
+      }),
+      registerCli: vi.fn(),
+    } as unknown as PoolBotPluginApi;
+  });
+
+  describe("plugin registration", () => {
+    it("should register all gateway methods", async () => {
+      await definition.register!(mockApi);
+
+      expect(mockApi.registerGatewayMethod).toHaveBeenCalledTimes(5);
+      expect(registeredMethods.has("security.status")).toBe(true);
+      expect(registeredMethods.has("security.tools.list")).toBe(true);
+      expect(registeredMethods.has("security.scan.start")).toBe(true);
+      expect(registeredMethods.has("security.scan.status")).toBe(true);
+      expect(registeredMethods.has("security.scan.list")).toBe(true);
+    });
+
+    it("should register CLI commands", async () => {
+      await definition.register!(mockApi);
+      expect(mockApi.registerCli).toHaveBeenCalledTimes(1);
+    });
+  });
+
+  describe("security.status", () => {
+    it("should return healthy status when HexStrike is online", async () => {
+      mockFetch.mockResolvedValueOnce({
+        ok: true,
+        json: async () => ({ version: "1.0.0" }),
+      });
+
+      await definition.register!(mockApi);
+      const handler = registeredMethods.get("security.status")!;
+
+      const mockRespond = vi.fn();
+      await handler({ respond: mockRespond } as unknown as GatewayRequestHandlerOptions);
+
+      expect(mockRespond).toHaveBeenCalledWith(true, {
+        connected: true,
+        version: "1.0.0",
+        maxConcurrent: 3,
+        activeScans: 0,
+      });
+    });
+
+    it("should return offline status when HexStrike is down", async () => {
+      mockFetch.mockRejectedValueOnce(new Error("Connection refused"));
+
+      await definition.register!(mockApi);
+      const handler = registeredMethods.get("security.status")!;
+
+      const mockRespond = vi.fn();
+      await handler({ respond: mockRespond } as unknown as GatewayRequestHandlerOptions);
+
+      expect(mockRespond).toHaveBeenCalledWith(true, {
+        connected: false,
+        version: undefined,
+        maxConcurrent: 3,
+        activeScans: 0,
+      });
+    });
+  });
+
+  describe("security.tools.list", () => {
+    it("should return list of tools", async () => {
+      const mockTools = [
+        { name: "nmap", description: "Port scanner", category: "recon", params: [] },
+        { name: "nikto", description: "Web scanner", category: "web", params: [] },
+      ];
+
+      mockFetch.mockResolvedValueOnce({
+        ok: true,
+        json: async () => ({ tools: mockTools }),
+      });
+
+      await definition.register!(mockApi);
+      const handler = registeredMethods.get("security.tools.list")!;
+
+      const mockRespond = vi.fn();
+      await handler({ respond: mockRespond } as unknown as GatewayRequestHandlerOptions);
+
+      expect(mockRespond).toHaveBeenCalledWith(true, { tools: mockTools });
+    });
+
+    it("should handle API errors", async () => {
+      mockFetch.mockResolvedValueOnce({
+        ok: false,
+        status: 500,
+      });
+
+      await definition.register!(mockApi);
+      const handler = registeredMethods.get("security.tools.list")!;
+
+      await expect(
+        handler({ respond: vi.fn() } as unknown as GatewayRequestHandlerOptions)
+      ).rejects.toThrow("HexStrike API error: 500");
+    });
+  });
+
+  describe("security.scan.start", () => {
+    it("should start a scan and return job ID", async () => {
+      mockFetch.mockResolvedValueOnce({
+        ok: true,
+        json: async () => ({ result: "scan completed" }),
+      });
+
+      await definition.register!(mockApi);
+      const handler = registeredMethods.get("security.scan.start")!;
+
+      const mockRespond = vi.fn();
+      await handler({
+        params: { tool: "nmap", target: "example.com" },
+        respond: mockRespond,
+      } as unknown as GatewayRequestHandlerOptions);
+
+      expect(mockRespond).toHaveBeenCalledWith(true, {
+        jobId: expect.stringMatching(/^scan-\d+-[a-z0-9]+$/),
+        status: "completed",
+      });
+    });
+  });
+
+  describe("security.scan.status", () => {
+    it("should return job status for existing job", async () => {
+      mockFetch.mockResolvedValueOnce({
+        ok: true,
+        json: async () => ({ result: "done" }),
+      });
+
+      await definition.register!(mockApi);
+      const startHandler = registeredMethods.get("security.scan.start")!;
+      const statusHandler = registeredMethods.get("security.scan.status")!;
+
+      // Start a scan first
+      const mockRespond = vi.fn();
+      await startHandler({
+        params: { tool: "nmap", target: "example.com" },
+        respond: mockRespond,
+      } as unknown as GatewayRequestHandlerOptions);
+
+      const jobId = mockRespond.mock.calls[0][1].jobId;
+
+      // Check status
+      const statusRespond = vi.fn();
+      await statusHandler({
+        params: { jobId },
+        respond: statusRespond,
+      } as unknown as GatewayRequestHandlerOptions);
+
+      expect(statusRespond).toHaveBeenCalledWith(true, {
+        jobId,
+        status: "completed",
+        progress: 100,
+        result: { result: "done" },
+        error: undefined,
+        startedAt: expect.any(Date),
+        completedAt: expect.any(Date),
+      });
+    });
+
+    it("should return error for non-existent job", async () => {
+      await definition.register!(mockApi);
+      const handler = registeredMethods.get("security.scan.status")!;
+
+      const mockRespond = vi.fn();
+      await handler({
+        params: { jobId: "non-existent" },
+        respond: mockRespond,
+      } as unknown as GatewayRequestHandlerOptions);
+
+      expect(mockRespond).toHaveBeenCalledWith(
+        false,
+        undefined,
+        expect.objectContaining({
+          code: "INVALID_REQUEST",
+          message: "Job not found: non-existent",
+        })
+      );
+    });
+  });
+
+  describe("security.scan.list", () => {
+    it("should return all jobs", async () => {
+      mockFetch.mockResolvedValueOnce({
+        ok: true,
+        json: async () => ({ result: "done" }),
+      });
+
+      await definition.register!(mockApi);
+      const startHandler = registeredMethods.get("security.scan.start")!;
+      const listHandler = registeredMethods.get("security.scan.list")!;
+
+      // Start a scan
+      await startHandler({
+        params: { tool: "nmap", target: "example.com" },
+        respond: vi.fn(),
+      } as unknown as GatewayRequestHandlerOptions);
+
+      // List jobs
+      const mockRespond = vi.fn();
+      await listHandler({ respond: mockRespond } as unknown as GatewayRequestHandlerOptions);
+
+      expect(mockRespond).toHaveBeenCalledWith(
+        true,
+        expect.objectContaining({
+          jobs: expect.arrayContaining([
+            expect.objectContaining({
+              jobId: expect.stringMatching(/^scan-\d+-[a-z0-9]+$/),
+              tool: "nmap",
+              target: "example.com",
+              status: "completed",
+              progress: 100,
+            }),
+          ]),
+        })
+      );
+    });
+  });
+});