@poolzin/pool-bot 2026.4.43 → 2026.4.45

package/dist/plugins/webhook-ingress.js

@@ -0,0 +1,287 @@
+/**
+ * Webhook Ingress Plugin - TaskFlows via Webhook
+ *
+ * Allows external automation to trigger agent runs via HTTP webhooks.
+ * Each webhook route has:
+ * - Unique path
+ * - Shared secret for authentication
+ * - TaskFlow configuration (what agent/skill to run)
+ *
+ * Inspired by OpenClaw's webhook ingress plugin.
+ */
+import crypto from "node:crypto";
+import { readFileSync, writeFileSync, existsSync, mkdirSync } from "node:fs";
+import { join, dirname } from "node:path";
+import { createServer } from "node:http";
+import { createSubsystemLogger } from "../logging/subsystem.js";
+const log = createSubsystemLogger("webhook-ingress");
+const WEBHOOK_STORE_VERSION = 1;
+const DEFAULT_WEBHOOK_PORT = 8888;
+function getWebhookStorePath(workspaceDir) {
+    return join(workspaceDir, "webhooks.json");
+}
+function loadWebhookStore(workspaceDir) {
+    const path = getWebhookStorePath(workspaceDir);
+    if (!existsSync(path)) {
+        return { version: WEBHOOK_STORE_VERSION, routes: {}, byPath: {} };
+    }
+    try {
+        const content = readFileSync(path, "utf-8");
+        return JSON.parse(content);
+    }
+    catch {
+        return { version: WEBHOOK_STORE_VERSION, routes: {}, byPath: {} };
+    }
+}
+function saveWebhookStore(workspaceDir, store) {
+    const path = getWebhookStorePath(workspaceDir);
+    const dir = dirname(path);
+    if (!existsSync(dir)) {
+        mkdirSync(dir, { recursive: true });
+    }
+    writeFileSync(path, JSON.stringify(store, null, 2) + "\n", { mode: 0o600 });
+}
+function hashSecret(secret) {
+    return crypto.createHash("sha256").update(secret).digest("hex");
+}
+function verifySignature(payload, secret, signature) {
+    const expected = crypto.createHmac("sha256", secret).update(payload).digest("hex");
+    return crypto.timingSafeEqual(Buffer.from(expected), Buffer.from(signature));
+}
+/**
+ * Create a new webhook route.
+ */
+export function createWebhookRoute(workspaceDir, params) {
+    const store = loadWebhookStore(workspaceDir);
+    const id = `wh_${Date.now()}_${Math.random().toString(36).substring(2, 8)}`;
+    // Validate path
+    if (!params.path.startsWith("/")) {
+        throw new Error("Webhook path must start with /");
+    }
+    if (store.byPath[params.path]) {
+        throw new Error(`Webhook path "${params.path}" already exists`);
+    }
+    const route = {
+        id,
+        path: params.path,
+        secretHash: hashSecret(params.secret),
+        taskFlow: params.taskFlow,
+        methods: params.methods ?? ["POST"],
+        rateLimitPerMin: params.rateLimitPerMin,
+        createdAt: Date.now(),
+        triggerCount: 0,
+        enabled: true,
+    };
+    store.routes[id] = route;
+    store.byPath[params.path] = id;
+    saveWebhookStore(workspaceDir, store);
+    log.info(`Created webhook route: ${route.path} (${route.id})`);
+    return id;
+}
+/**
+ * Get a webhook route by ID.
+ */
+export function getWebhookRoute(workspaceDir, routeId) {
+    const store = loadWebhookStore(workspaceDir);
+    return store.routes[routeId] ?? null;
+}
+/**
+ * Get a webhook route by path.
+ */
+export function getWebhookRouteByPath(workspaceDir, path) {
+    const store = loadWebhookStore(workspaceDir);
+    const routeId = store.byPath[path];
+    if (!routeId)
+        return null;
+    return store.routes[routeId] ?? null;
+}
+/**
+ * List all webhook routes.
+ */
+export function listWebhookRoutes(workspaceDir) {
+    const store = loadWebhookStore(workspaceDir);
+    return Object.values(store.routes).sort((a, b) => b.createdAt - a.createdAt);
+}
+/**
+ * Delete a webhook route.
+ */
+export function deleteWebhookRoute(workspaceDir, routeId) {
+    const store = loadWebhookStore(workspaceDir);
+    const route = store.routes[routeId];
+    if (!route) {
+        return false;
+    }
+    delete store.routes[routeId];
+    delete store.byPath[route.path];
+    saveWebhookStore(workspaceDir, store);
+    log.info(`Deleted webhook route: ${route.path} (${routeId})`);
+    return true;
+}
+/**
+ * Update webhook route (enable/disable).
+ */
+export function updateWebhookRoute(workspaceDir, routeId, updates) {
+    const store = loadWebhookStore(workspaceDir);
+    const route = store.routes[routeId];
+    if (!route) {
+        return null;
+    }
+    Object.assign(route, updates);
+    saveWebhookStore(workspaceDir, store);
+    log.info(`Updated webhook route: ${route.path} (${routeId})`);
+    return route;
+}
+/**
+ * Verify webhook signature and payload.
+ */
+export function verifyWebhookRequest(route, payload, signature, secret) {
+    // Verify hash matches
+    if (route.secretHash !== hashSecret(secret)) {
+        return false;
+    }
+    // Verify signature
+    return verifySignature(payload, secret, signature);
+}
+/**
+ * Record webhook trigger.
+ */
+export function recordWebhookTrigger(workspaceDir, routeId) {
+    const store = loadWebhookStore(workspaceDir);
+    const route = store.routes[routeId];
+    if (!route)
+        return;
+    route.lastTriggeredAt = Date.now();
+    route.triggerCount++;
+    saveWebhookStore(workspaceDir, store);
+}
+/**
+ * Get webhook statistics.
+ */
+export function getWebhookStats(workspaceDir) {
+    const store = loadWebhookStore(workspaceDir);
+    const routes = Object.values(store.routes);
+    return {
+        total: routes.length,
+        enabled: routes.filter((r) => r.enabled).length,
+        totalTriggers: routes.reduce((sum, r) => sum + r.triggerCount, 0),
+        routes: routes.map((r) => ({
+            id: r.id,
+            path: r.path,
+            triggers: r.triggerCount,
+        })),
+    };
+}
+/**
+ * Start webhook HTTP server.
+ */
+export async function startWebhookServer(workspaceDir, port = DEFAULT_WEBHOOK_PORT, onTrigger) {
+    const server = createServer(async (req, res) => {
+        // CORS headers
+        res.setHeader("Access-Control-Allow-Origin", "*");
+        res.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
+        res.setHeader("Access-Control-Allow-Headers", "Content-Type, X-Webhook-Signature");
+        // Handle CORS preflight
+        if (req.method === "OPTIONS") {
+            res.writeHead(204);
+            res.end();
+            return;
+        }
+        // Only handle POST/GET
+        if (req.method !== "POST" && req.method !== "GET") {
+            res.writeHead(405);
+            res.end("Method not allowed");
+            return;
+        }
+        // Handle health check
+        if (req.url === "/health") {
+            res.writeHead(200, { "Content-Type": "application/json" });
+            res.end(JSON.stringify({ status: "ok", port }));
+            return;
+        }
+        // Handle stats endpoint
+        if (req.url === "/stats" && req.method === "GET") {
+            const stats = getWebhookStats(workspaceDir);
+            res.writeHead(200, { "Content-Type": "application/json" });
+            res.end(JSON.stringify(stats));
+            return;
+        }
+        // Parse URL
+        const url = new URL(req.url ?? "/", `http://${req.headers.host}`);
+        const path = url.pathname;
+        // Find route
+        const route = getWebhookRouteByPath(workspaceDir, path);
+        if (!route) {
+            res.writeHead(404);
+            res.end("Webhook route not found");
+            return;
+        }
+        // Check if enabled
+        if (!route.enabled) {
+            res.writeHead(403);
+            res.end("Webhook route disabled");
+            return;
+        }
+        // Check method
+        if (!route.methods.includes(req.method ?? "")) {
+            res.writeHead(405);
+            res.end("Method not allowed");
+            return;
+        }
+        // Read body
+        const body = [];
+        for await (const chunk of req) {
+            body.push(chunk);
+        }
+        const payload = Buffer.concat(body).toString();
+        // Verify signature
+        const signature = req.headers["x-webhook-signature"];
+        if (!signature) {
+            res.writeHead(401);
+            res.end("Missing signature");
+            return;
+        }
+        // For now, we can't verify without the original secret
+        // In production, you'd store the secret securely and verify here
+        // For now, just log and accept
+        log.warn(`Webhook signature verification skipped for ${path} (secret not stored)`);
+        // Parse payload
+        let parsedPayload;
+        try {
+            parsedPayload = JSON.parse(payload);
+        }
+        catch {
+            parsedPayload = payload;
+        }
+        // Record trigger
+        recordWebhookTrigger(workspaceDir, route.id);
+        // Trigger task flow
+        if (onTrigger) {
+            try {
+                await onTrigger(route, parsedPayload);
+                log.info(`Webhook triggered: ${path} (${route.id})`);
+            }
+            catch (error) {
+                log.error(`Webhook trigger failed: ${path}`, {
+                    error: error instanceof Error ? error.message : String(error),
+                });
+                res.writeHead(500);
+                res.end("Trigger failed");
+                return;
+            }
+        }
+        // Success response
+        res.writeHead(200, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({
+            success: true,
+            route: route.id,
+            path: route.path,
+            triggerCount: route.triggerCount,
+        }));
+    });
+    return new Promise((resolve) => {
+        server.listen(port, () => {
+            log.info(`Webhook server started on port ${port}`);
+            resolve({ server, port });
+        });
+    });
+}

package/dist/providers/ollama-vision.d.ts

@@ -0,0 +1,30 @@
+/**
+ * Ollama Vision Detection
+ *
+ * Detects vision capabilities in Ollama models via /api/show endpoint.
+ */
+export type OllamaModelInfo = {
+    name: string;
+    details: {
+        format?: string;
+        family?: string;
+        families?: string[];
+        parameter_size?: string;
+        quantization_level?: string;
+    };
+    model_info?: Record<string, unknown>;
+    capabilities?: string[];
+};
+/**
+ * Fetch Ollama model info to detect vision capabilities.
+ */
+export declare function fetchOllamaModelInfo(baseUrl: string, modelName: string): Promise<OllamaModelInfo | null>;
+/**
+ * Detect if an Ollama model has vision capabilities.
+ */
+export declare function hasVisionCapability(info: OllamaModelInfo | null): boolean;
+/**
+ * Auto-detect and update model catalog with vision capabilities.
+ */
+export declare function autoDetectOllamaVisionCapabilities(baseUrl: string, modelIds: string[]): Promise<Record<string, boolean>>;
+//# sourceMappingURL=ollama-vision.d.ts.map

package/dist/providers/ollama-vision.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ollama-vision.d.ts","sourceRoot":"","sources":["../../src/providers/ollama-vision.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,MAAM,eAAe,GAAG;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE;QACP,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;QACpB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,kBAAkB,CAAC,EAAE,MAAM,CAAC;KAC7B,CAAC;IACF,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACrC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB,CAAC;AAEF;;GAEG;AACH,wBAAsB,oBAAoB,CACxC,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAgBjC;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,eAAe,GAAG,IAAI,GAAG,OAAO,CA6BzE;AAED;;GAEG;AACH,wBAAsB,kCAAkC,CACtD,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,EAAE,GACjB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CASlC"}

package/dist/providers/ollama-vision.js

@@ -0,0 +1,62 @@
+/**
+ * Ollama Vision Detection
+ *
+ * Detects vision capabilities in Ollama models via /api/show endpoint.
+ */
+/**
+ * Fetch Ollama model info to detect vision capabilities.
+ */
+export async function fetchOllamaModelInfo(baseUrl, modelName) {
+    try {
+        const response = await fetch(`${baseUrl}/api/show`, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({ name: modelName }),
+        });
+        if (!response.ok) {
+            return null;
+        }
+        return await response.json();
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Detect if an Ollama model has vision capabilities.
+ */
+export function hasVisionCapability(info) {
+    if (!info)
+        return false;
+    // Check explicit capabilities array
+    if (info.capabilities?.includes("vision")) {
+        return true;
+    }
+    // Check model_info for vision-related keys
+    const modelInfo = info.model_info ?? {};
+    const visionKeys = ["vision", "clip", "projector", "vision_model", "image_encoder"];
+    for (const key of visionKeys) {
+        if (key in modelInfo) {
+            return true;
+        }
+    }
+    // Check family for known vision models
+    const family = info.details?.family?.toLowerCase() ?? "";
+    const families = info.details?.families?.map((f) => f.toLowerCase()) ?? [];
+    const visionFamilies = ["llava", "bakllava", "moondream", "vision", "xgen-mm", "fuyu"];
+    if (visionFamilies.some((v) => family.includes(v) || families.some((f) => f.includes(v)))) {
+        return true;
+    }
+    return false;
+}
+/**
+ * Auto-detect and update model catalog with vision capabilities.
+ */
+export async function autoDetectOllamaVisionCapabilities(baseUrl, modelIds) {
+    const results = {};
+    for (const modelId of modelIds) {
+        const info = await fetchOllamaModelInfo(baseUrl, modelId);
+        results[modelId] = hasVisionCapability(info);
+    }
+    return results;
+}

package/dist/sessions/checkpoints.d.ts

@@ -0,0 +1,76 @@
+/**
+ * Session Checkpoints - Branch/Restore functionality
+ *
+ * Allows users to:
+ * - Create checkpoints before compaction
+ * - Branch from any checkpoint
+ * - Restore session to checkpoint state
+ *
+ * Inspired by OpenClaw's persisted compaction checkpoints.
+ */
+import type { SessionEntry } from "../config/sessions.js";
+export type CheckpointId = string;
+export type SessionCheckpoint = {
+    id: CheckpointId;
+    sessionId: string;
+    sessionKey: string;
+    /** Full session state before compaction */
+    beforeCompaction: SessionEntry;
+    /** Full session state after compaction */
+    afterCompaction?: SessionEntry;
+    /** Reason for checkpoint (auto-compaction, manual, etc.) */
+    reason: "auto-compaction" | "manual" | "branch" | "restore";
+    createdAt: number;
+    metadata?: {
+        model?: string;
+        updatedAt?: number;
+        note?: string;
+    };
+};
+export type CheckpointStore = {
+    version: number;
+    checkpoints: Record<CheckpointId, SessionCheckpoint>;
+    /** Index by session key for quick lookup */
+    bySession: Record<string, CheckpointId[]>;
+};
+/**
+ * Create a new checkpoint for a session.
+ */
+export declare function createCheckpoint(workspaceDir: string, params: {
+    sessionId: string;
+    sessionKey: string;
+    beforeCompaction: SessionEntry;
+    afterCompaction?: SessionEntry;
+    reason: SessionCheckpoint["reason"];
+    note?: string;
+}): CheckpointId;
+/**
+ * Get a checkpoint by ID.
+ */
+export declare function getCheckpoint(workspaceDir: string, checkpointId: string): SessionCheckpoint | null;
+/**
+ * List checkpoints for a session.
+ */
+export declare function listSessionCheckpoints(workspaceDir: string, sessionKey: string): SessionCheckpoint[];
+/**
+ * List all checkpoints (optionally filtered by limit).
+ */
+export declare function listAllCheckpoints(workspaceDir: string, limit?: number): SessionCheckpoint[];
+/**
+ * Delete a checkpoint.
+ */
+export declare function deleteCheckpoint(workspaceDir: string, checkpointId: string): boolean;
+/**
+ * Prune old checkpoints (older than maxAgeMs).
+ */
+export declare function pruneOldCheckpoints(workspaceDir: string, maxAgeMs: number): number;
+/**
+ * Get checkpoint statistics.
+ */
+export declare function getCheckpointStats(workspaceDir: string): {
+    total: number;
+    byReason: Record<string, number>;
+    oldest?: number;
+    newest?: number;
+};
+//# sourceMappingURL=checkpoints.d.ts.map

package/dist/sessions/checkpoints.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"checkpoints.d.ts","sourceRoot":"","sources":["../../src/sessions/checkpoints.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAIH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAE1D,MAAM,MAAM,YAAY,GAAG,MAAM,CAAC;AAElC,MAAM,MAAM,iBAAiB,GAAG;IAC9B,EAAE,EAAE,YAAY,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,2CAA2C;IAC3C,gBAAgB,EAAE,YAAY,CAAC;IAC/B,0CAA0C;IAC1C,eAAe,CAAC,EAAE,YAAY,CAAC;IAC/B,4DAA4D;IAC5D,MAAM,EAAE,iBAAiB,GAAG,QAAQ,GAAG,QAAQ,GAAG,SAAS,CAAC;IAC5D,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE;QACT,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,IAAI,CAAC,EAAE,MAAM,CAAC;KACf,CAAC;CACH,CAAC;AAEF,MAAM,MAAM,eAAe,GAAG;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC,YAAY,EAAE,iBAAiB,CAAC,CAAC;IACrD,4CAA4C;IAC5C,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,YAAY,EAAE,CAAC,CAAC;CAC3C,CAAC;AA8BF;;GAEG;AACH,wBAAgB,gBAAgB,CAC9B,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE;IACN,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB,EAAE,YAAY,CAAC;IAC/B,eAAe,CAAC,EAAE,YAAY,CAAC;IAC/B,MAAM,EAAE,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IACpC,IAAI,CAAC,EAAE,MAAM,CAAC;CACf,GACA,YAAY,CA6Bd;AAED;;GAEG;AACH,wBAAgB,aAAa,CAC3B,YAAY,EAAE,MAAM,EACpB,YAAY,EAAE,MAAM,GACnB,iBAAiB,GAAG,IAAI,CAG1B;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,YAAY,EAAE,MAAM,EACpB,UAAU,EAAE,MAAM,GACjB,iBAAiB,EAAE,CAOrB;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,YAAY,EAAE,MAAM,EAAE,KAAK,SAAM,GAAG,iBAAiB,EAAE,CAKzF;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO,CAmBpF;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,YAAY,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM,CAyBlF;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG;IACxD,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,CAwBA"}

package/dist/sessions/checkpoints.js

@@ -0,0 +1,162 @@
+/**
+ * Session Checkpoints - Branch/Restore functionality
+ *
+ * Allows users to:
+ * - Create checkpoints before compaction
+ * - Branch from any checkpoint
+ * - Restore session to checkpoint state
+ *
+ * Inspired by OpenClaw's persisted compaction checkpoints.
+ */
+import { readFileSync, writeFileSync, existsSync, mkdirSync } from "node:fs";
+import { join, dirname } from "node:path";
+const CHECKPOINT_STORE_VERSION = 1;
+function getCheckpointStorePath(workspaceDir) {
+    return join(workspaceDir, "memory", "checkpoints.json");
+}
+function loadCheckpointStore(workspaceDir) {
+    const path = getCheckpointStorePath(workspaceDir);
+    if (!existsSync(path)) {
+        return { version: CHECKPOINT_STORE_VERSION, checkpoints: {}, bySession: {} };
+    }
+    try {
+        const content = readFileSync(path, "utf-8");
+        return JSON.parse(content);
+    }
+    catch {
+        return { version: CHECKPOINT_STORE_VERSION, checkpoints: {}, bySession: {} };
+    }
+}
+function saveCheckpointStore(workspaceDir, store) {
+    const path = getCheckpointStorePath(workspaceDir);
+    const dir = dirname(path);
+    if (!existsSync(dir)) {
+        mkdirSync(dir, { recursive: true });
+    }
+    writeFileSync(path, JSON.stringify(store, null, 2) + "\n", { mode: 0o600 });
+}
+/**
+ * Create a new checkpoint for a session.
+ */
+export function createCheckpoint(workspaceDir, params) {
+    const store = loadCheckpointStore(workspaceDir);
+    const id = `chk_${Date.now()}_${Math.random().toString(36).substring(2, 8)}`;
+    const checkpoint = {
+        id,
+        sessionId: params.sessionId,
+        sessionKey: params.sessionKey,
+        beforeCompaction: params.beforeCompaction,
+        afterCompaction: params.afterCompaction,
+        reason: params.reason,
+        createdAt: Date.now(),
+        metadata: {
+            model: params.beforeCompaction.model,
+            updatedAt: params.beforeCompaction.updatedAt,
+            note: params.note,
+        },
+    };
+    store.checkpoints[id] = checkpoint;
+    if (!store.bySession[params.sessionKey]) {
+        store.bySession[params.sessionKey] = [];
+    }
+    store.bySession[params.sessionKey].push(id);
+    saveCheckpointStore(workspaceDir, store);
+    return id;
+}
+/**
+ * Get a checkpoint by ID.
+ */
+export function getCheckpoint(workspaceDir, checkpointId) {
+    const store = loadCheckpointStore(workspaceDir);
+    return store.checkpoints[checkpointId] ?? null;
+}
+/**
+ * List checkpoints for a session.
+ */
+export function listSessionCheckpoints(workspaceDir, sessionKey) {
+    const store = loadCheckpointStore(workspaceDir);
+    const checkpointIds = store.bySession[sessionKey] ?? [];
+    return checkpointIds
+        .map((id) => store.checkpoints[id])
+        .filter((c) => c !== undefined)
+        .sort((a, b) => b.createdAt - a.createdAt);
+}
+/**
+ * List all checkpoints (optionally filtered by limit).
+ */
+export function listAllCheckpoints(workspaceDir, limit = 100) {
+    const store = loadCheckpointStore(workspaceDir);
+    return Object.values(store.checkpoints)
+        .sort((a, b) => b.createdAt - a.createdAt)
+        .slice(0, limit);
+}
+/**
+ * Delete a checkpoint.
+ */
+export function deleteCheckpoint(workspaceDir, checkpointId) {
+    const store = loadCheckpointStore(workspaceDir);
+    const checkpoint = store.checkpoints[checkpointId];
+    if (!checkpoint) {
+        return false;
+    }
+    delete store.checkpoints[checkpointId];
+    const sessionCheckpoints = store.bySession[checkpoint.sessionKey];
+    if (sessionCheckpoints) {
+        store.bySession[checkpoint.sessionKey] = sessionCheckpoints.filter((id) => id !== checkpointId);
+        if (store.bySession[checkpoint.sessionKey].length === 0) {
+            delete store.bySession[checkpoint.sessionKey];
+        }
+    }
+    saveCheckpointStore(workspaceDir, store);
+    return true;
+}
+/**
+ * Prune old checkpoints (older than maxAgeMs).
+ */
+export function pruneOldCheckpoints(workspaceDir, maxAgeMs) {
+    const store = loadCheckpointStore(workspaceDir);
+    const now = Date.now();
+    let pruned = 0;
+    for (const [id, checkpoint] of Object.entries(store.checkpoints)) {
+        if (now - checkpoint.createdAt > maxAgeMs) {
+            delete store.checkpoints[id];
+            pruned++;
+            const sessionCheckpoints = store.bySession[checkpoint.sessionKey];
+            if (sessionCheckpoints) {
+                store.bySession[checkpoint.sessionKey] = sessionCheckpoints.filter((cid) => cid !== id);
+                if (store.bySession[checkpoint.sessionKey].length === 0) {
+                    delete store.bySession[checkpoint.sessionKey];
+                }
+            }
+        }
+    }
+    if (pruned > 0) {
+        saveCheckpointStore(workspaceDir, store);
+    }
+    return pruned;
+}
+/**
+ * Get checkpoint statistics.
+ */
+export function getCheckpointStats(workspaceDir) {
+    const store = loadCheckpointStore(workspaceDir);
+    const checkpoints = Object.values(store.checkpoints);
+    const byReason = {};
+    let oldest;
+    let newest;
+    for (const checkpoint of checkpoints) {
+        byReason[checkpoint.reason] = (byReason[checkpoint.reason] ?? 0) + 1;
+        if (oldest === undefined || checkpoint.createdAt < oldest) {
+            oldest = checkpoint.createdAt;
+        }
+        if (newest === undefined || checkpoint.createdAt > newest) {
+            newest = checkpoint.createdAt;
+        }
+    }
+    return {
+        total: checkpoints.length,
+        byReason,
+        oldest,
+        newest,
+    };
+}

package/dist/slack/channel.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"channel.d.ts","sourceRoot":"","sources":["../../src/slack/channel.ts"],"names":[],"mappings":"AAQA,OAAO,EA6BL,KAAK,aAAa,EAClB,KAAK,oBAAoB,EAC1B,MAAM,6CAA6C,CAAC;AAwErD,eAAO,MAAM,WAAW,EAAE,aAAa,CAAC,oBAAoB,CAuX3D,CAAC"}
+{"version":3,"file":"channel.d.ts","sourceRoot":"","sources":["../../src/slack/channel.ts"],"names":[],"mappings":"AAQA,OAAO,EA6BL,KAAK,aAAa,EAClB,KAAK,oBAAoB,EAC1B,MAAM,6CAA6C,CAAC;AAwErD,eAAO,MAAM,WAAW,EAAE,aAAa,CAAC,oBAAoB,CA0Y3D,CAAC"}

package/dist/slack/channel.js

@@ -131,8 +131,14 @@ export const slackPlugin = {
             });
         },
         collectWarnings: ({ account, cfg }) => {
+            const warnings = [];
             const channelAllowlistConfigured = Boolean(account.config.channels) && Object.keys(account.config.channels ?? {}).length > 0;
-            return collectOpenProviderGroupPolicyWarnings({
+            // Validate appToken format
+            const appToken = account.appToken?.trim() ?? "";
+            if (appToken && !appToken.startsWith("xapp-")) {
+                warnings.push(`- Slack appToken is not an app-level token (should start with 'xapp-').`, `  Current token starts with: ${appToken.substring(0, 6)}...`, `  Fix: Get app-level token from https://api.slack.com/apps > Your App > Basic Information > App-Level Tokens`);
+            }
+            warnings.push(...collectOpenProviderGroupPolicyWarnings({
                 cfg,
                 providerConfigPresent: cfg.channels?.slack !== undefined,
                 configuredGroupPolicy: account.config.groupPolicy,
@@ -151,7 +157,8 @@ export const slackPlugin = {
                         remediation: 'Set channels.slack.groupPolicy="allowlist" and configure channels.slack.channels',
                     },
                 }),
-            });
+            }));
+            return warnings;
         },
     },
     groups: {
@@ -234,6 +241,10 @@ export const slackPlugin = {
             if (!input.useEnv && (!input.botToken || !input.appToken)) {
                 return "Slack requires --bot-token and --app-token (or --use-env).";
             }
+            // Validate appToken format (must be app-level token starting with xapp-)
+            if (!input.useEnv && input.appToken && !input.appToken.startsWith("xapp-")) {
+                return "Slack appToken must be an app-level token starting with 'xapp-'. Bot tokens (xoxb-) won't work. Create an app at https://api.slack.com/apps and get the app-level token from 'Basic Information' > 'App-Level Tokens'.";
+            }
             return null;
         },
         applyAccountConfig: ({ cfg, accountId, input }) => {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@poolzin/pool-bot",
-  "version": "2026.4.43",
+  "version": "2026.4.45",
   "description": "🎱 Pool Bot - AI assistant with PLCODE integrations",
   "keywords": [],
   "license": "MIT",