@poolzin/pool-bot 2026.4.23 → 2026.4.24
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/agents/system-prompt.d.ts +5 -0
- package/dist/agents/system-prompt.d.ts.map +1 -1
- package/dist/agents/system-prompt.js +40 -1
- package/dist/build-info.json +3 -3
- package/dist/cli/config-cli.d.ts.map +1 -1
- package/dist/cli/config-cli.js +13 -3
- package/dist/infra/channel-summary.d.ts.map +1 -1
- package/dist/infra/channel-summary.js +2 -0
- package/package.json +1 -1
|
@@ -2,6 +2,11 @@ import type { ReasoningLevel, ThinkLevel } from "../auto-reply/thinking.js";
|
|
|
2
2
|
import type { MemoryCitationsMode } from "../config/types.memory.js";
|
|
3
3
|
import type { ResolvedTimeFormat } from "./date-time.js";
|
|
4
4
|
import type { EmbeddedContextFile } from "./pi-embedded-helpers.js";
|
|
5
|
+
/**
|
|
6
|
+
* Scan context file content for prompt injection patterns.
|
|
7
|
+
* Returns the original content if safe, or a blocked message if threats detected.
|
|
8
|
+
*/
|
|
9
|
+
export declare function scanContextFileForInjection(content: string, filename: string): string;
|
|
5
10
|
/**
|
|
6
11
|
* Controls which hardcoded sections are included in the system prompt.
|
|
7
12
|
* - "full": All sections (default, for main agent)
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"system-prompt.d.ts","sourceRoot":"","sources":["../../src/agents/system-prompt.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AAE5E,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAErE,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AACzD,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;
|
|
1
|
+
{"version":3,"file":"system-prompt.d.ts","sourceRoot":"","sources":["../../src/agents/system-prompt.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AAE5E,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAErE,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AACzD,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAsBpE;;;GAGG;AACH,wBAAgB,2BAA2B,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM,CAoBrF;AAED;;;;;GAKG;AACH,MAAM,MAAM,UAAU,GAAG,MAAM,GAAG,SAAS,GAAG,MAAM,CAAC;AACrD,KAAK,cAAc,GAAG,KAAK,GAAG,MAAM,CAAC;AAkLrC,wBAAgB,sBAAsB,CAAC,MAAM,EAAE;IAC7C,YAAY,EAAE,MAAM,CAAC;IACrB,iBAAiB,CAAC,EAAE,UAAU,CAAC;IAC/B,cAAc,CAAC,EAAE,cAAc,CAAC;IAChC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,YAAY,CAAC,EAAE,cAAc,CAAC;IAC9B,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACvC,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,cAAc,CAAC,EAAE,kBAAkB,CAAC;IACpC,YAAY,CAAC,EAAE,mBAAmB,EAAE,CAAC;IACrC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,wEAAwE;IACxE,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,WAAW,CAAC,EAAE;QACZ,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,EAAE,CAAC,EAAE,MAAM,CAAC;QACZ,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;QACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,CAAC;IACF,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,WAAW,CAAC,EAAE;QACZ,OAAO,EAAE,OAAO,CAAC;QACjB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,qBAAqB,CAAC,EAAE,MAAM,CAAC;QAC/B,eAAe,CAAC,EAAE,MAAM,GAAG,IAAI,GAAG,IAAI,CAAC;QACvC,mBAAmB,CAAC,EAAE,MAAM,CAAC;QAC7B,gBAAgB,CAAC,EAAE,MAAM,CAAC;QAC1B,eAAe,CAAC,EAAE,MAAM,CAAC;QACzB,kBAAkB,CAAC,EAAE,OAAO,CAAC;QAC7B,QAAQ,CAAC,EAAE;YACT,OAAO,EAAE,OAAO,CAAC;YACjB,YAAY,EAAE,IAAI,GAAG,KAAK,GAAG,KAAK,GAAG,MAAM,CAAC;SAC7C,CAAC;KACH,CAAC;IACF,8EAA8E;IAC9E,gBAAgB,CAAC,EAAE;QACjB,KAAK,EAAE,SAAS,GAAG,WAAW,CAAC;QAC/B,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;IACF,mBAAmB,CAAC,EAAE,mBAAmB,CAAC;CAC3C,UAiaA;AAED,wBAAgB,gBAAgB,CAC9B,WAAW,CAAC,EAAE;IACZ,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,EACD,cAAc,CAAC,EAAE,MAAM,EACvB,mBAAmB,GAAE,MAAM,EAAO,EAClC,iBAAiB,CAAC,EAAE,UAAU,GAC7B,MAAM,CAsBR"}
|
|
@@ -2,6 +2,44 @@ import { createHmac, createHash } from "node:crypto";
|
|
|
2
2
|
import { SILENT_REPLY_TOKEN } from "../auto-reply/tokens.js";
|
|
3
3
|
import { listDeliverableMessageChannels } from "../utils/message-channel.js";
|
|
4
4
|
import { sanitizeForPromptLiteral } from "./sanitize-for-prompt.js";
|
|
5
|
+
// Context file prompt injection patterns (inspired by Hermes Agent)
|
|
6
|
+
const CONTEXT_THREAT_PATTERNS = [
|
|
7
|
+
[/ignore\s+(previous|all|above|prior)\s+instructions/i, "prompt_injection"],
|
|
8
|
+
[/do\s+not\s+tell\s+the\s+user/i, "deception_hide"],
|
|
9
|
+
[/system\s+prompt\s+override/i, "sys_prompt_override"],
|
|
10
|
+
[/disregard\s+(your|all|any)\s+(instructions|rules|guidelines)/i, "disregard_rules"],
|
|
11
|
+
[/act\s+as\s+(if|though)\s+you\s+(have\s+no|don't\s+have)\s+(restrictions|limits|rules)/i, "bypass_restrictions"],
|
|
12
|
+
[/<!--[^>]*(?:ignore|override|system|secret|hidden)[^>]*-->/i, "html_comment_injection"],
|
|
13
|
+
[/<\s*div\s+style\s*=\s*["'].*display\s*:\s*none/i, "hidden_div"],
|
|
14
|
+
[/translate\s+.*\s+into\s+.*\s+and\s+(execute|run|eval)/i, "translate_execute"],
|
|
15
|
+
[/curl\s+[^\n]*\$\{?\w*(KEY|TOKEN|SECRET|PASSWORD|CREDENTIAL|API)/i, "exfil_curl"],
|
|
16
|
+
[/cat\s+[^\n]*(\.env|credentials|\.netrc|\.pgpass)/i, "read_secrets"],
|
|
17
|
+
];
|
|
18
|
+
const CONTEXT_INVISIBLE_CHARS = new Set([
|
|
19
|
+
"\u200b", "\u200c", "\u200d", "\u2060", "\ufeff",
|
|
20
|
+
"\u202a", "\u202b", "\u202c", "\u202d", "\u202e",
|
|
21
|
+
]);
|
|
22
|
+
/**
|
|
23
|
+
* Scan context file content for prompt injection patterns.
|
|
24
|
+
* Returns the original content if safe, or a blocked message if threats detected.
|
|
25
|
+
*/
|
|
26
|
+
export function scanContextFileForInjection(content, filename) {
|
|
27
|
+
const findings = [];
|
|
28
|
+
for (const char of CONTEXT_INVISIBLE_CHARS) {
|
|
29
|
+
if (content.includes(char)) {
|
|
30
|
+
findings.push(`invisible unicode U+${char.charCodeAt(0).toString(16).padStart(4, "0")}`);
|
|
31
|
+
}
|
|
32
|
+
}
|
|
33
|
+
for (const [pattern, threatId] of CONTEXT_THREAT_PATTERNS) {
|
|
34
|
+
if (pattern.test(content)) {
|
|
35
|
+
findings.push(threatId);
|
|
36
|
+
}
|
|
37
|
+
}
|
|
38
|
+
if (findings.length > 0) {
|
|
39
|
+
return `[BLOCKED: ${filename} contained potential prompt injection (${findings.join(", ")}). Content not loaded.]`;
|
|
40
|
+
}
|
|
41
|
+
return content;
|
|
42
|
+
}
|
|
5
43
|
function buildSkillsSection(params) {
|
|
6
44
|
if (params.isMinimal) {
|
|
7
45
|
return [];
|
|
@@ -493,7 +531,8 @@ export function buildAgentSystemPrompt(params) {
|
|
|
493
531
|
}
|
|
494
532
|
lines.push("");
|
|
495
533
|
for (const file of validContextFiles) {
|
|
496
|
-
|
|
534
|
+
const scannedContent = scanContextFileForInjection(file.content, file.path);
|
|
535
|
+
lines.push(`## ${file.path}`, "", scannedContent, "");
|
|
497
536
|
}
|
|
498
537
|
}
|
|
499
538
|
// Skip silent replies for subagent/none modes
|
package/dist/build-info.json
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config-cli.d.ts","sourceRoot":"","sources":["../../src/cli/config-cli.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAQzC,OAAO,EAAE,KAAK,UAAU,EAAkB,MAAM,eAAe,CAAC;
|
|
1
|
+
{"version":3,"file":"config-cli.d.ts","sourceRoot":"","sources":["../../src/cli/config-cli.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAQzC,OAAO,EAAE,KAAK,UAAU,EAAkB,MAAM,eAAe,CAAC;AAyXhE,wBAAsB,YAAY,CAAC,IAAI,EAAE;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,OAAO,CAAC;IAAC,OAAO,CAAC,EAAE,UAAU,CAAA;CAAE,iBA4B9F;AAED,wBAAsB,cAAc,CAAC,IAAI,EAAE;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,UAAU,CAAA;CAAE,iBAqBhF;AAED,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,OAAO,QAiOjD"}
|
package/dist/cli/config-cli.js
CHANGED
|
@@ -36,7 +36,10 @@ function generateConfigJsonSchema() {
|
|
|
36
36
|
type: "object",
|
|
37
37
|
properties: {
|
|
38
38
|
model: { type: "string", description: "Default model identifier" },
|
|
39
|
-
provider: {
|
|
39
|
+
provider: {
|
|
40
|
+
type: "string",
|
|
41
|
+
description: "Default provider (anthropic, openai, etc.)",
|
|
42
|
+
},
|
|
40
43
|
thinking: { type: "string", enum: ["off", "minimal", "low", "medium", "high"] },
|
|
41
44
|
},
|
|
42
45
|
},
|
|
@@ -76,8 +79,15 @@ function generateConfigJsonSchema() {
|
|
|
76
79
|
enabled: { type: "boolean", default: true },
|
|
77
80
|
store: { type: "string", description: "Path to cron jobs store file" },
|
|
78
81
|
maxConcurrentRuns: { type: "number", default: 1 },
|
|
79
|
-
defaultJobTimeoutSeconds: {
|
|
80
|
-
|
|
82
|
+
defaultJobTimeoutSeconds: {
|
|
83
|
+
type: "number",
|
|
84
|
+
default: 7200,
|
|
85
|
+
description: "Default timeout in seconds (0 = no timeout)",
|
|
86
|
+
},
|
|
87
|
+
sessionRetention: {
|
|
88
|
+
type: ["string", "boolean"],
|
|
89
|
+
description: "Session retention duration (e.g. '24h', '7d', false to disable)",
|
|
90
|
+
},
|
|
81
91
|
webhook: { type: "string", description: "Legacy webhook URL" },
|
|
82
92
|
webhookToken: { type: "string", description: "Bearer token for webhook delivery" },
|
|
83
93
|
},
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"channel-summary.d.ts","sourceRoot":"","sources":["../../src/infra/channel-summary.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,KAAK,aAAa,EAAc,MAAM,qBAAqB,CAAC;AAIrE,MAAM,MAAM,qBAAqB,GAAG;IAClC,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC5B,CAAC;AAyHF,wBAAsB,mBAAmB,CACvC,GAAG,CAAC,EAAE,aAAa,EACnB,OAAO,CAAC,EAAE,qBAAqB,GAC9B,OAAO,CAAC,MAAM,EAAE,CAAC,
|
|
1
|
+
{"version":3,"file":"channel-summary.d.ts","sourceRoot":"","sources":["../../src/infra/channel-summary.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,KAAK,aAAa,EAAc,MAAM,qBAAqB,CAAC;AAIrE,MAAM,MAAM,qBAAqB,GAAG;IAClC,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC5B,CAAC;AAyHF,wBAAsB,mBAAmB,CACvC,GAAG,CAAC,EAAE,aAAa,EACnB,OAAO,CAAC,EAAE,qBAAqB,GAC9B,OAAO,CAAC,MAAM,EAAE,CAAC,CAuGnB;AAED,wBAAgB,SAAS,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,CAS5C"}
|
|
@@ -98,6 +98,8 @@ export async function buildChannelSummary(cfg, options) {
|
|
|
98
98
|
const entries = [];
|
|
99
99
|
for (const accountId of resolvedAccountIds) {
|
|
100
100
|
const account = plugin.config.resolveAccount(effective, accountId);
|
|
101
|
+
if (!account)
|
|
102
|
+
continue;
|
|
101
103
|
const enabled = resolveAccountEnabled(plugin, account, effective);
|
|
102
104
|
const configured = await resolveAccountConfigured(plugin, account, effective);
|
|
103
105
|
const snapshot = buildAccountSnapshot({
|