npm - polygram - Versions diffs - 0.12.6 → 0.12.8 - Mend

polygram 0.12.6 → 0.12.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/lib/db/events-retention.js +62 -17
package/lib/handlers/gate-inbound.js +11 -0
package/lib/history-preload.js +16 -3
package/package.json +1 -1
package/skills/history/scripts/query.js +13 -2

package/lib/db/events-retention.js CHANGED Viewed

@@ -23,6 +23,9 @@
  */
 const DAY_MS = 86_400_000;
+// A few minutes of grace so rows written ~now (between Date.now() capture and the
+// COUNT) don't read as "future". Genuine backward-clock detection is fraction-based.
+const CLOCK_SKEW_TOLERANCE_MS = 60_000;
 const DEFAULT_POLICY = {
   enabled: true,
@@ -65,6 +68,25 @@ function resolveRetentionPolicy(config) {
 /** Fail loud on a misconfigured policy. Called at load and defensively per-run. */
 function validatePolicy(policy) {
+  // Numeric sanity. An unvalidated batchSize<=0 makes batchedDelete spin forever
+  // (DELETE LIMIT 0 deletes 0, `0 < 0` is false) and wedges the synchronous
+  // daemon — the "a config typo must never take down the bot" promise depends on
+  // catching it here, before the loop.
+  if (!Number.isInteger(policy.batchSize) || policy.batchSize < 1) {
+    throw new Error(`events_retention: batchSize must be a positive integer (got ${policy.batchSize})`);
+  }
+  if (!Number.isInteger(policy.maxPerKind) || policy.maxPerKind < 1) {
+    throw new Error(`events_retention: maxPerKind must be a positive integer (got ${policy.maxPerKind})`);
+  }
+  if (!(typeof policy.maxDeleteFraction === 'number' && policy.maxDeleteFraction > 0 && policy.maxDeleteFraction <= 1)) {
+    throw new Error(`events_retention: maxDeleteFraction must be in (0,1] (got ${policy.maxDeleteFraction})`);
+  }
+  for (const f of ['diagnosticDays', 'defaultDays']) {
+    if (!(typeof policy[f] === 'number' && policy[f] > 0)) {
+      throw new Error(`events_retention: ${f} must be a positive number (got ${policy[f]})`);
+    }
+  }
   const diag = policy.diagnosticKinds || [];
   const keep = policy.keepForeverKinds || [];
   for (const k of [...diag, ...keep]) {
@@ -98,7 +120,10 @@ function batchedDelete(rawDb, sql, params, batchSize) {
   for (;;) {
     const r = stmt.run(...params, batchSize);
     deleted += r.changes;
-    if (r.changes < batchSize) break;
+    // `=== 0` is the belt-and-suspenders against a pathological LIMIT (e.g. a
+    // negative LIMIT = unlimited, which would otherwise loop on the empty set);
+    // validatePolicy already rejects batchSize<1, so this is defense-in-depth.
+    if (r.changes < batchSize || r.changes === 0) break;
   }
   return deleted;
 }
@@ -117,37 +142,57 @@ function pruneEvents(rawDb, now, policy) {
   const diagSet = new Set(policy.diagnosticKinds);
   const keepSet = new Set(policy.keepForeverKinds);
-  const before = rawDb.prepare('SELECT count(*) c, max(ts) mx FROM events').get();
-  const totalBefore = before.c;
+  const totalBefore = rawDb.prepare('SELECT count(*) c FROM events').get().c;
   if (totalBefore === 0) {
-    return { deleted: { default: 0, diagnostic: 0, cap: 0, total: 0 }, before: 0, after: 0 };
+    return policy.dryRun
+      ? { dryRun: true, preview: { default: 0, diagnostic: 0, cap: 0, total: 0 }, before: 0 }
+      : { deleted: { default: 0, diagnostic: 0, cap: 0, total: 0 }, before: 0, after: 0 };
   }
-  // Clock-backward guard: newest row is in the future relative to `now` ⇒ the
-  // system clock can't be trusted, don't delete on it.
-  if (before.mx != null && now < before.mx) {
-    return { skipped: true, reason: `clock-backward (now ${now} < max ts ${before.mx})` };
+  // Clock-suspect guard. A genuine backward clock makes a LARGE fraction of rows
+  // read as "future" relative to `now` — pruning under it would delete recent
+  // data. But a SINGLE skewed/imported future row must NOT disable pruning, so
+  // this is fraction-based, not max(ts)-based (review finding #3: one outlier
+  // poisoning MAX(ts) silently stopped all pruning).
+  const future = rawDb.prepare('SELECT count(*) c FROM events WHERE ts > ?').get(now + CLOCK_SKEW_TOLERANCE_MS).c;
+  if (future > 0 && future / totalBefore > policy.maxDeleteFraction) {
+    return { skipped: true, reason: `clock-suspect (${future}/${totalBefore} rows future-dated > ${policy.maxDeleteFraction})` };
   }
   const diagCut = now - policy.diagnosticDays * DAY_MS;
   const defCut = now - policy.defaultDays * DAY_MS;
-  // Default-bucket predicate: old AND not diagnostic AND not keep-forever.
-  // Explicit ?-placeholders — better-sqlite3 does NOT expand a JS array from one
-  // param, and `NOT IN (…, NULL)` is a 3-valued-logic trap. validatePolicy
-  // already guarantees no NULL members.
+  // Default-bucket predicate (for the actual bulk delete): old AND not diagnostic
+  // AND not keep-forever. Explicit ?-placeholders — better-sqlite3 does NOT expand
+  // a JS array from one param, and `NOT IN (…, NULL)` is a 3-valued-logic trap;
+  // validatePolicy already guarantees no NULL members.
   const excluded = [...diagSet, ...keepSet];
   const ph = excluded.map(() => '?').join(',');
   const defWhere = `ts < ?${excluded.length ? ` AND kind NOT IN (${ph})` : ''}`;
   // ---- estimate (drives dryRun + the mass-delete guard) ----
-  const estDefault = rawDb.prepare(`SELECT count(*) c FROM events WHERE ${defWhere}`).get(defCut, ...excluded).c;
-  let estDiag = 0;
-  const diagCountStmt = rawDb.prepare('SELECT count(*) c FROM events WHERE kind = ? AND ts < ?');
-  for (const k of diagSet) estDiag += diagCountStmt.get(k, diagCut).c;
+  // Per-kind so the cap estimate counts SURVIVORS after the time-delete, not raw
+  // counts. Otherwise a kind that is both old AND over-cap is counted twice
+  // (time bucket + cap bucket), inflating estTotal past the real delete count and
+  // tripping the mass-delete guard against the exact high-volume prune it exists
+  // for — self-defeating (review finding #1). Each row is counted at most once.
+  const cntOlder = rawDb.prepare('SELECT count(*) c FROM events WHERE kind = ? AND ts < ?');
   const kinds = rawDb.prepare('SELECT kind, count(*) c FROM events GROUP BY kind').all();
+  let estDefault = 0;
+  let estDiag = 0;
   let estCap = 0;
-  for (const { c } of kinds) if (c > policy.maxPerKind) estCap += c - policy.maxPerKind;
+  for (const { kind, c } of kinds) {
+    let timeDel = 0;
+    if (keepSet.has(kind)) {
+      timeDel = 0; // keep-forever: no time delete
+    } else if (diagSet.has(kind)) {
+      timeDel = cntOlder.get(kind, diagCut).c; estDiag += timeDel;
+    } else {
+      timeDel = cntOlder.get(kind, defCut).c; estDefault += timeDel;
+    }
+    const survivors = c - timeDel;
+    if (survivors > policy.maxPerKind) estCap += survivors - policy.maxPerKind;
+  }
   const estTotal = estDefault + estDiag + estCap;
   // dryRun returns the preview regardless of the mass-delete guard (you want to

package/lib/handlers/gate-inbound.js CHANGED Viewed

@@ -79,6 +79,17 @@ function createGateInbound({
       && pairings.hasLivePairing({ bot_name: botName, user_id: msg.from.id, chat_id: chatId })) {
       return true;
     }
+    // The operator owns the bot — their abort is never a bystander abort, so it
+    // outranks the @mention/reply requirement even in a group. Without this, the
+    // operator's bare "stop" in a group is silently abort-identity-blocked (prod:
+    // chat -1003369922517, 2026-06-15). Same operator predicate /rewind uses
+    // below: operatorUserId, else adminChatId ONLY when it's a user id — a
+    // negative/group adminChatId never equals a positive sender id, so it grants
+    // no bypass (fail-safe). Narrow: only the operator, not every group member.
+    const opId = config.bot?.operatorUserId;
+    const adminChatId = config.bot?.adminChatId;
+    const operatorUid = opId != null ? Number(opId) : (adminChatId != null ? Number(adminChatId) : null);
+    if (operatorUid != null && msg.from?.id != null && Number(msg.from.id) === operatorUid) return true;
     return false;
   }

package/lib/history-preload.js CHANGED Viewed

@@ -57,6 +57,19 @@ function formatRow(row) {
   return `[${ts}] ${who}: ${prefix}${text}`;
 }
+/**
+ * The `<polygram-history …>` opening tag. All string attribute values are
+ * xmlEscaped — defense-in-depth, matching lib/prompt.js's convention. Today
+ * chat_id/thread_id are Telegram integers and since is a constant ('7d'), so
+ * this isn't currently exploitable, but the #10 body-escape fix shouldn't leave
+ * the attribute axis as the one unescaped breakout sink. `count` is rows.length
+ * (a number) — no escape needed.
+ */
+function openTag(chatId, threadId, count, since) {
+  const t = threadId ? ` thread_id="${xmlEscape(threadId)}"` : '';
+  return `<polygram-history chat_id="${xmlEscape(chatId)}"${t} preloaded="${count}" since="${xmlEscape(since)}">`;
+}
 /**
  * Build the SessionStart hook callback.
  *
@@ -122,7 +135,7 @@ function makeSessionStartHook({
       const lines = rows.map(formatRow).join('\n');
       const additionalContext = [
-        `<polygram-history chat_id="${chatId}"${threadId ? ` thread_id="${threadId}"` : ''} preloaded="${rows.length}" since="${since}">`,
+        openTag(chatId, threadId, rows.length, since),
         lines,
         `</polygram-history>`,
         '',
@@ -208,9 +221,8 @@ function buildHistoryBlock({
   }
   if (rows.length === 0) return '';
   const lines = rows.map(formatRow).join('\n');
-  const attrs = `chat_id="${chatId}"${threadId ? ` thread_id="${threadId}"` : ''} preloaded="${rows.length}" since="${since}"`;
   return [
-    `<polygram-history ${attrs}>`,
+    openTag(chatId, threadId, rows.length, since),
     lines,
     `</polygram-history>`,
     '',
@@ -228,6 +240,7 @@ module.exports = {
   buildHistoryBlock,
   // Internals for tests
   _formatRow: formatRow,
+  _openTag: openTag,
   DEFAULT_PRELOAD_LIMIT,
   DEFAULT_PRELOAD_SINCE,
 };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "polygram",
-  "version": "0.12.6",
+  "version": "0.12.8",
   "description": "Telegram daemon for Claude Code that preserves the OpenClaw per-chat session model. Migration path for OpenClaw users moving to Claude Code.",
   "main": "lib/ipc/client.js",
   "bin": {

package/skills/history/scripts/query.js CHANGED Viewed

@@ -21,7 +21,14 @@ const fs = require('fs');
 const path = require('path');
 const Database = require('better-sqlite3');
-const history = require('../lib/history');
+// The history helpers live at the PACKAGE ROOT lib/ (one source of truth, shared
+// with the daemon's history-preload) — NOT a skill-local copy. The old
+// `../lib/history` pointed at skills/history/lib/history.js, which has never
+// existed in the repo or the published package, so EVERY `query.js` invocation
+// crashed with MODULE_NOT_FOUND (the history skill was entirely non-functional;
+// found in the 0.12.5–0.12.7 ultra-review). `../../../lib` = <pkg-root>/lib in
+// both the repo and the npm install (which ships skills/ + lib/ as siblings).
+const history = require('../../../lib/history');
 const POLYGRAM_DIR = process.env.POLYGRAM_DIR || path.resolve(__dirname, '../../../../polygram');
 const CONFIG_PATH = process.env.POLYGRAM_CONFIG || path.join(POLYGRAM_DIR, 'config.json');
@@ -281,4 +288,8 @@ function main() {
   }
 }
-main();
+// Exported for tests (the #4 scope-derivation security boundary needs a
+// regression pin). Only auto-run when invoked as the CLI, not when require()'d.
+module.exports = { deriveBotScope, resolveDbPaths, loadConfig };
+if (require.main === module) main();