HexBot

News

v0.5.0

AI Channel Regular, Ollama & BOTLINK v2

v0.5.0 reshapes ai-chat into a true channel regular — character engine, ambient participation, mood, on-demand games — adds an Ollama provider for self-hosted setups, hardens the BOTLINK handshake against replay, and closes 10 findings from a post-incident stability audit.

Added

Character engine9 personality presets (friendly, sarcastic, chaotic, deadpan, gossip, nightowl, oldhead…), per-channel assignment, runtime swap with !ai character <name>
Ambient participationbot speaks unprompted in quiet channels, answers unanswered questions, reacts to topic and join events; rate-limited per channel and globally
Thread-based engagementreplaces the old 60s timer with IRC-native floor-holding semantics; two users can be concurrently engaged in the same channel
Ollama providerself-hosted, private-by-default alternative to Gemini; flip provider between gemini and ollama with a plugin reload
On-demand game sessionsdrop a .txt into games/ and play it via !ai play <name>; ships with 20 Questions and Trivia
Founder-tier refusal gateai-chat refuses to respond when the bot's ChanServ tier is founder, with a per-line gated sender for mid-request tier changes
Bounded channel-join retrychannels stuck on +b/+i/+k/+r failures retry on a configurable backoff schedule (default 5/15/45 min) instead of waiting for reconnect
Nick collision detection + GHOST recoveryautomatic NickServ GHOST + reclaim when the configured nick is taken on connect
IDENTIFY-before-JOIN gatebot waits for confirmed identification before joining channels, eliminating the IDENTIFY/ChanServ probe race

Changed

  • BOTLINK v2 handshakeHMAC challenge-response replaces the replay-able scrypt wire token; every botnet must share a link_salt in bot.json
  • Hub-side BSAY re-checkfanout re-runs the originating user's +m permission so a compromised leaf can't bypass it
  • System-prompt assembly restructuredexplicit Persona / Right now / Rules sections with non-overridable safety clause; defense-in-depth dropper for fantasy-command prefixes

Breaking

  • `!ai` freeform removedtalk to the bot by nick (<botnick>: hello); !ai is now a subcommand console with !ai help
  • ai-chat private messaging removedthe plugin responds only in channels — PMs were a reconnaissance vector for prompt-injection probes
  • `triggers.engagement_seconds` removedreplaced by engagement.soft_timeout_minutes and engagement.hard_ceiling_minutes

Fixed

  • 2026-04-21 stability audit10 findings closed from the post-incident review of a 12+ hour outage where silent SASL failure left the bot unidentified and op-less
  • SASL silent failureNickServ "please identify" notice now triggers a one-shot password fallback and surfaces bot:identified on confirmation
  • Ambient tick-loop crash recoverywrapped in try/catch so a transient bug surfaces in the log instead of silently disabling ambient for the process lifetime
  • Engagement map leakeviction TTL with an unconditional 1000-entry cap so stale entries can't pin below the cap indefinitely

See CHANGELOG.md for the full list of changes.

v0.4.1

Shell Injection & ReDoS Fixes

Two security fixes surfaced by audit follow-up: a command injection in the plugin build script and a polynomial ReDoS in the RSS HTML stripper.

Fixed

  • Shell command injection in plugin build scriptswitched from execSync with string interpolation to execFileSync with an argument array so paths with spaces or shell metacharacters cannot alter the command
  • Polynomial ReDoS in RSS HTML tag stripperreplaced the /<[^>]*>/g regex (O(n²) on pathological input) with a single-pass O(n) character scanner that buffers after < and flushes unclosed tags
v0.4.0

Plugin Bundling via tsup

Plugins are now compiled to self-contained bundles at build time. Polish around mode-grant safety, DCC error messages, and Docker image hygiene.

Changed

  • Plugins bundled via tsupplugins with a tsup.config.ts compile into self-contained dist/index.js bundles instead of being loaded as raw TypeScript via tsx; the loader resolves plugins/<name>/dist/index.js for bundled plugins
  • `.binds` output grouped by pluginsection headers for easier scanning
  • Topic plugin `protect_topic` renamed to `topic_lock`consistency with Eggdrop terminology
  • DCC CHAT rejection notices collapsedsingle generic "request denied" message — no longer leaks the specific denial reason to the connecting user

Fixed

  • Mode-grant commands targeting the bot itselfpreviously the bot could attempt to op/deop/voice itself, causing confusing no-ops and mode bounces
  • Docker build failure with plugin local node_modulesadded plugins/*/node_modules and plugins/*/dist to .dockerignore
  • ESLint errors on plugin `dist/` bundlesignore pattern updated to **/dist/ so plugin build output is excluded

Removed

  • `dcc.nickserv_verify` config fielddeprecated in 0.3.0; DCC now uses per-user passwords exclusively
v0.3.0

Audit Logging, AI Chat, RSS & Security Hardening

A foundation release: full mod_log audit pipeline, the ai-chat and rss plugins land, DCC gains password authentication, IRCv3 STS / account-tag / away-notify support, and four parallel audits (security, stability, memleak, quality) close ~50+ findings.

Added

  • `mod_log` audit pipelineschema rewrite with source/plugin/outcome/metadata; api.audit.log() for plugins; .modlog operator UI with filter grammar and DCC-only paging; .audit-tail REPL stream; retention knob
  • `ai-chat` pluginAI-powered chat via Gemini with provider adapter pattern, layered rate limiting, per-user token budgets, sliding-window context, multiple personality presets, on-demand game sessions, and ChanServ fantasy-command injection defense
  • RSS pluginpolls feeds and announces new items, SHA-1 dedup via KV store, first-run silent seeding, admin commands !rss list/add/remove/check, SSRF defense in depth (HTTPS-only, RFC1918 blocking, byte cap, DOCTYPE rejection)
  • DCC console log sinkper-session .console flags filter live log lines (m/o/j/k/p/b/s/d/w); .who is now the session-list command
  • ISUPPORT parsertyped ServerCapabilities snapshot covering PREFIX, CHANMODES, MODES, CHANTYPES, TARGMAX, CASEMAPPING; mode-batching and channel validation now follow what the connected IRCd advertises
  • IRCv3 caps expandedaway-notify (channel-aware), account-tag consumption, $a:account permission patterns, and Strict Transport Security (sts=) with auto-upgrade
  • Configurable command prefixcommand_prefix field in bot.json (default .)
  • Per-target message queueround-robin drain so a flooding target can't starve output to quieter channels
  • BotLink per-IP brute-force protectionescalating bans (5min → 24h cap), CIDR whitelist, per-IP pending-handshake limit, configurable handshake timeout
  • ChanServ-assisted join error recoveryasks ChanServ for help on 471/473/474/475/477 numerics with exponential backoff

Breaking

  • DCC CHAT requires per-user passwordsscrypt-hashed; existing users have no password_hash and are blocked from DCC until an admin runs .chpass <handle> <newpass>. Closes a Rizon-style vhost-persistence bypass.
  • Inline secrets removed from `bot.json`services.password, botlink.password, chanmod.nick_recovery_password, proxy.password, and +k keys must be referenced via <field>_env keys backed by .env
  • `chanmod` `channel_modes` legacy format removedvalues must start with + or - (e.g. "+nt"); unprefixed strings are rejected at parse time
  • `MessageQueue.enqueue(fn)` → `enqueue(target, fn)`core call sites updated; plugin code using api.say/api.notice/etc. is unaffected

Changed

  • Reconnect loop rewrittenHexBot owns the loop end-to-end; classifies disconnects into transient / rate-limited / fatal tiers with appropriate backoff. K/G-line and DNSBL blocks no longer cause exits — they expire on their own.
  • NickServ ACC/STATUS replies suppressed from DCC mirrorinternal verification chatter no longer narrates every !voice command twice in operator consoles

Fixed

  • 2026-04-14 security auditevery Phase 1 critical, Phase 2 warning, and Phase 3 info finding closed across the full codebase
  • 2026-04-14 stability audit10 subsystems hardened against months-of-uptime failure modes — DB error classification, plugin lifecycle fail-loud, services dedup, BotLink jitter, message-queue deadline, DCC eviction, plugin teardown
  • 2026-04-14 memleak auditevery scheduled finding closed across flood, chanmod, DCC, BotLink, RSS, services, memo, and connection-lifecycle; createPluginApi now returns a dispose that neutralises every method post-unload
  • 2026-04-14 quality auditgod-file splits across src/core/dcc/, src/core/botlink/, RSS, flood, plus cross-cutting dedup of permission and pending-request helpers
  • Stalled-reconnect zombie loop30s registration timeout fires on socket-connected so a TCP-but-no-IRC-greeting hang is classified transient and retried with backoff
v0.2.3

Startup Retry & Docker over WireGuard

Initial connection failures now back off and retry, ChanServ presence detection is automatic, and a Docker-over-WireGuard hang is fixed.

Added

  • Startup retry with exponential backofffirst-connection failures no longer exit the process
  • ChanServ auto-detectchanserv_op merged into chanserv_access

Changed

  • Refactored botlink, mode-enforce, and bot.tsreadability cleanup with no behaviour change
  • Detailed disconnect reason loggingconnection error handling enhanced

Fixed

  • IRC connection failure in Docker over WireGuarddisabled Node's Happy Eyeballs algorithm
v0.2.2

Single-Stage Dockerfile

Simpler Docker build using tsx at runtime; pnpm start is now the single entry point.

Changed

  • Dockerfile simplified to single-stage builduses tsx at runtime instead of compiling to JS
  • `tsx` moved from devDependencies to dependenciesrequired for runtime execution
  • `start:prod` script removedpnpm start is the single entry point
v0.2.1

Documentation Sync

Getting Started guide lands; README and core docs synced to current behaviour.

Added

  • Getting Started guidedocs/GETTING_STARTED.md

Changed

  • README overhauledhighlights section, full admin/bot-link/DCC command tables, documentation index
  • Comprehensive doc syncDESIGN.md, PLUGIN_API.md, DCC.md, plugins/README.md updated to match the current codebase
  • Healthcheck heartbeat uses `utimesSync`instead of writing unused file content

Fixed

  • Docker build failure on `husky` prepareran during --prod install and failed because husky is a devDependency
v0.2.0

Bot Linking & Channel Takeover Protection

Multi-bot networking inspired by Eggdrop botnet, persistent channel rejoin, ChanServ-backed takeover protection, and a round of security fixes.

Added

  • Bot linking protocolhub-and-leaf networking with state sync, command relay, party line chat, session relay, protection frames, and ban sharing — JSON-framed protocol over TCP with SHA-256 auth and rate limiting; admin commands .botlink status|disconnect|reconnect, .bots, .bottree, .relay, .whom
  • Persistent channel rejoinperiodic check every 30s; handles kick+ban, channel full, invite-only, bad key
  • ChanServ-based takeover protectiondetects unauthorized mass deop/mode changes and escalates: deop, kickban, akick
  • Enforce unauthorized `+k`/`+l` removalreactive (real-time) and proactive (on join via RPL_CHANNELMODEIS)
  • Channel mode trackingmode string, key, and limit tracked from MODE and channel info reply; new channel:modesReady event
  • Multi-stage Dockerfile + healthchecksmaller production images; healthcheck for orchestration tools

Changed

  • `channel_modes` Eggdrop-style format"+nt-s" means "ensure +n and +t, ensure -s, leave everything else alone"; modes not mentioned are no longer treated as unauthorized
  • `enforce_modes` gates both directionswhen off, neither additions nor removals run

Fixed

  • ChanServ OP on RizonOP request no longer gated on ChanServ being in the channel
  • DCC TOCTOU raceduplicate DCC CHAT requests now rejected when one is already pending
  • `!seen` cross-channel info disclosurequeries from a different channel omit channel name and message text
  • Bot-link security audit1 critical + 5 warning findings closed (permission bypass, frame validation, rate limiting)
  • Codebase security sweep8 additional warnings closed from full-codebase audit
v0.1.0

Initial Release

HexBot v0.1.0 is the first public release. The core bot framework is production-ready with a full plugin API, permission system, and Docker deployment.

Included

8 bundled pluginschanmod, flood, greeter, seen, topic, help, ctcp, 8ball
Bind system16 event types, pattern-matched handlers
Flag-based permissionsOwner, master, op, voice, deop; per-channel and global
Hot-reloadEdit and reload plugins without restarting
SASL authenticationPLAIN and EXTERNAL (CertFP)
IRCv3 capsextended-join, account-notify, chghost
SOCKS5 proxyTor and SSH tunnel support
DCC CHAT party lineRemote admin sessions
SQLite persistenceNamespaced per-plugin key/value store
Docker deploymentCompose file with host-mounted config and plugins

See the deploy guide to get started, or browse the plugin list to see what’s included.

Roadmap

upcomingRoadmap
  • XDCCFile serving over DCC
  • IdleRPGIdle-based RPG plugin