@hongmaple0820/scale-engine 0.1.0

package/dist/evolution/EvolutionEngine.js

@@ -0,0 +1,321 @@
+// SCALE Engine — Evolution Layer (W7)
+// 4 级自进化：Defect → Lesson → Rule → Hook
+// 设计参考：docs/01-ARCHITECTURE.md §二 L6
+import { logger } from '../core/logger.js';
+import { writeFileSync, mkdirSync } from 'node:fs';
+import { join } from 'node:path';
+export class LessonExtractor {
+    store;
+    kb;
+    eventBus;
+    constructor(store, kb, eventBus) {
+        this.store = store;
+        this.kb = kb;
+        this.eventBus = eventBus;
+    }
+    /**
+     * 从已关闭的 Defect 中提取 Lesson
+     * Gate 1: Defect 必须在 DIAGNOSED/FIXED/CLOSED 状态
+     * Gate 2: 必须有 rootCauseCategory
+     * Gate 3: 不重复（标题相似度检查）
+     */
+    async extract(defectId) {
+        const defect = await this.store.get(defectId);
+        if (!defect)
+            return null;
+        // Gate 1: 状态检查
+        if (!['DIAGNOSED', 'FIXED', 'CLOSED'].includes(defect.status)) {
+            logger.debug({ defectId, status: defect.status }, 'Defect not ready for lesson extraction');
+            return null;
+        }
+        // Gate 2: 根因检查
+        const payload = defect.payload;
+        const rootCause = payload.rootCauseCategory;
+        if (!rootCause || rootCause === 'unknown') {
+            logger.debug({ defectId }, 'Defect has no root cause');
+            return null;
+        }
+        // Gate 3: 去重
+        const title = `[${rootCause}] ${defect.title}`;
+        const existing = await this.kb.recall({ tags: [rootCause] });
+        const isDupe = existing.some((e) => this.similarity(e.title, title) > 0.85);
+        if (isDupe) {
+            logger.debug({ defectId, title }, 'Similar lesson already exists — skipping');
+            return null;
+        }
+        // 创建 Lesson
+        const entry = await this.kb.add({
+            type: 'lesson',
+            title,
+            tags: [rootCause, defect.type, ...(payload.tags ?? [])],
+            contentRef: `lessons/${defectId}.md`,
+            verified: false,
+            sourceArtifact: defectId,
+        });
+        this.eventBus.emit('lesson.proposed', {
+            lessonId: entry.id,
+            defectId,
+            rootCause,
+            title,
+        });
+        logger.info({ lessonId: entry.id, defectId }, 'Lesson extracted from defect');
+        return entry;
+    }
+    /**
+     * 扫描所有已关闭的 Defect，批量提取 lessons
+     */
+    async scanForPatterns() {
+        const defects = await this.store.query({ type: 'Defect' });
+        const closedDefects = defects.filter((d) => ['DIAGNOSED', 'FIXED', 'CLOSED'].includes(d.status));
+        const extracted = [];
+        for (const defect of closedDefects) {
+            const lesson = await this.extract(defect.id);
+            if (lesson)
+                extracted.push(lesson);
+        }
+        // 检测重复模式：同类根因出现 ≥3 次 → 标记为高优先
+        const causeCount = new Map();
+        for (const d of closedDefects) {
+            const cause = d.payload.rootCauseCategory;
+            if (cause)
+                causeCount.set(cause, (causeCount.get(cause) ?? 0) + 1);
+        }
+        for (const [cause, count] of causeCount) {
+            if (count >= 3) {
+                logger.warn({ cause, count }, 'Recurring defect pattern detected — consider promoting to Rule');
+            }
+        }
+        return extracted;
+    }
+    similarity(a, b) {
+        const setA = new Set(a.toLowerCase().split(/\s+/));
+        const setB = new Set(b.toLowerCase().split(/\s+/));
+        const intersection = [...setA].filter((w) => setB.has(w));
+        return intersection.length / Math.max(setA.size, setB.size);
+    }
+}
+export class RuleProposer {
+    kb;
+    eventBus;
+    rules = new Map();
+    seq = 0;
+    constructor(kb, eventBus) {
+        this.kb = kb;
+        this.eventBus = eventBus;
+    }
+    async proposeFromLesson(lessonId) {
+        const lessons = await this.kb.recall({});
+        const lesson = lessons.find((l) => l.id === lessonId);
+        if (!lesson)
+            return null;
+        // 只对 verified + active 的 lesson 提议
+        if (!lesson.verified) {
+            logger.debug({ lessonId }, 'Lesson not verified — cannot propose rule');
+            return null;
+        }
+        const rule = {
+            id: `RULE-${Date.now()}-${(++this.seq).toString().padStart(3, '0')}`,
+            title: `Rule: ${lesson.title}`,
+            description: `Auto-proposed from lesson ${lessonId}. Tags: ${lesson.tags.join(', ')}`,
+            sourceLesson: lessonId,
+            pattern: lesson.tags[0] ?? 'general',
+            enforcement: lesson.accessCount >= 5 ? 'hook' : 'prompt',
+            createdAt: Date.now(),
+            approved: false,
+        };
+        this.rules.set(rule.id, rule);
+        this.eventBus.emit('rule.proposed', {
+            ruleId: rule.id,
+            lessonId,
+            enforcement: rule.enforcement,
+        });
+        logger.info({ ruleId: rule.id, lessonId }, 'Rule proposed from lesson');
+        return rule;
+    }
+    async scanAndPropose() {
+        const lessons = await this.kb.recall({ verifiedOnly: true });
+        const proposed = [];
+        for (const lesson of lessons) {
+            // 只对 relevance ≥ 0.6 且 accessCount ≥ 3 的 lesson 自动提议
+            if (lesson.relevance >= 0.6 && lesson.accessCount >= 3) {
+                const existing = [...this.rules.values()].find((r) => r.sourceLesson === lesson.id);
+                if (!existing) {
+                    const rule = await this.proposeFromLesson(lesson.id);
+                    if (rule)
+                        proposed.push(rule);
+                }
+            }
+        }
+        return proposed;
+    }
+    async approve(ruleId, approvedBy) {
+        const rule = this.rules.get(ruleId);
+        if (!rule)
+            throw new Error(`Rule not found: ${ruleId}`);
+        rule.approved = true;
+        rule.approvedBy = approvedBy;
+        this.eventBus.emit('rule.enforced', { ruleId, approvedBy });
+        logger.info({ ruleId, approvedBy }, 'Rule approved');
+        return rule;
+    }
+    getProposedRules() {
+        return [...this.rules.values()];
+    }
+    writeRuleFile(rule, rulesDir) {
+        mkdirSync(rulesDir, { recursive: true });
+        const filename = `${rule.id}.md`;
+        const path = join(rulesDir, filename);
+        const content = `# ${rule.title}
+
+> Source: ${rule.sourceLesson}
+> Enforcement: ${rule.enforcement}
+> Approved: ${rule.approved ? `Yes (by ${rule.approvedBy})` : 'Pending'}
+> Created: ${new Date(rule.createdAt).toISOString()}
+
+## Description
+
+${rule.description}
+
+## Pattern
+
+\`${rule.pattern}\`
+`;
+        writeFileSync(path, content, 'utf-8');
+        return path;
+    }
+}
+export class HookGenerator {
+    eventBus;
+    hooks = [];
+    constructor(eventBus) {
+        this.eventBus = eventBus;
+    }
+    generate(rule, hooksDir) {
+        if (!rule.approved) {
+            logger.debug({ ruleId: rule.id }, 'Rule not approved — cannot generate hook');
+            return null;
+        }
+        if (rule.enforcement !== 'hook') {
+            logger.debug({ ruleId: rule.id }, 'Rule enforcement is prompt, not hook — skipping');
+            return null;
+        }
+        mkdirSync(hooksDir, { recursive: true });
+        const hookType = this.inferHookType(rule.pattern);
+        const matcher = this.inferMatcher(rule.pattern);
+        const scriptName = `${rule.id}.sh`;
+        const scriptPath = join(hooksDir, scriptName);
+        // Generate shell script
+        const script = `#!/bin/bash
+# Auto-generated hook from Rule: ${rule.id}
+# Source lesson: ${rule.sourceLesson}
+# Pattern: ${rule.pattern}
+# Hook type: ${hookType} | Matcher: ${matcher}
+#
+# This hook was automatically promoted from a recurring lesson.
+# Edit with caution — it enforces a hard constraint.
+
+# Read tool input from stdin
+INPUT=$(cat)
+
+# Check condition
+# TODO: Implement specific check for pattern "${rule.pattern}"
+# For now, this is a placeholder that always passes.
+echo "Hook ${rule.id} checked (pattern: ${rule.pattern})" >&2
+exit 0
+`;
+        writeFileSync(scriptPath, script, 'utf-8');
+        const hook = {
+            id: `HOOK-${Date.now()}`,
+            ruleId: rule.id,
+            hookType,
+            matcher,
+            scriptPath,
+            createdAt: Date.now(),
+        };
+        this.hooks.push(hook);
+        this.eventBus.emit('hook.generated', {
+            hookId: hook.id,
+            ruleId: rule.id,
+            hookType,
+            matcher,
+            scriptPath,
+        });
+        logger.info({ hookId: hook.id, ruleId: rule.id, hookType }, 'Hook generated from rule');
+        return hook;
+    }
+    getGeneratedHooks() {
+        return [...this.hooks];
+    }
+    inferHookType(pattern) {
+        if (/test|verify|lint|build/i.test(pattern))
+            return 'Stop';
+        if (/edit|write|delete/i.test(pattern))
+            return 'PreToolUse';
+        return 'PostToolUse';
+    }
+    inferMatcher(pattern) {
+        if (/bash|command|shell/i.test(pattern))
+            return 'Bash';
+        if (/edit|write/i.test(pattern))
+            return 'Edit|Write|MultiEdit';
+        return '';
+    }
+}
+// ============================================================================
+// EvolutionEngine — 编排 4 级进化
+// ============================================================================
+export class EvolutionEngine {
+    extractor;
+    proposer;
+    generator;
+    scaleDir;
+    eventBus;
+    constructor(extractor, proposer, generator, eventBus, scaleDir = '.scale') {
+        this.extractor = extractor;
+        this.proposer = proposer;
+        this.generator = generator;
+        this.scaleDir = scaleDir;
+        this.eventBus = eventBus;
+    }
+    /**
+     * 完整进化周期：
+     * 1. 扫描 Defects → 提取 Lessons
+     * 2. 扫描 Lessons → 提议 Rules
+     * 3. (人审后) 已批准 Rules → 生成 Hooks
+     */
+    async runCycle() {
+        const stats = {
+            lessonsExtracted: 0,
+            rulesProposed: 0,
+            rulesApproved: 0,
+            hooksGenerated: 0,
+        };
+        // Step 1: Extract lessons
+        const lessons = await this.extractor.scanForPatterns();
+        stats.lessonsExtracted = lessons.length;
+        // Step 2: Propose rules
+        const rules = await this.proposer.scanAndPropose();
+        stats.rulesProposed = rules.length;
+        // Step 3: Generate hooks for approved rules
+        const approvedRules = this.proposer.getProposedRules().filter((r) => r.approved && r.enforcement === 'hook');
+        stats.rulesApproved = approvedRules.length;
+        const hooksDir = join(this.scaleDir, 'hooks');
+        for (const rule of approvedRules) {
+            const hook = this.generator.generate(rule, hooksDir);
+            if (hook)
+                stats.hooksGenerated++;
+        }
+        logger.info(stats, 'Evolution cycle completed');
+        this.eventBus.emit('evolution.cycle_completed', stats);
+        return stats;
+    }
+    getStats() {
+        return {
+            lessonsExtracted: 0, // Would need persistence
+            rulesProposed: this.proposer.getProposedRules().length,
+            rulesApproved: this.proposer.getProposedRules().filter((r) => r.approved).length,
+            hooksGenerated: this.generator.getGeneratedHooks().length,
+        };
+    }
+}
+//# sourceMappingURL=EvolutionEngine.js.map

package/dist/evolution/EvolutionEngine.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"EvolutionEngine.js","sourceRoot":"","sources":["../../src/evolution/EvolutionEngine.ts"],"names":[],"mappings":"AAAA,sCAAsC;AACtC,uCAAuC;AACvC,qCAAqC;AAMrC,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAA;AAC1C,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,SAAS,CAAA;AAClD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAA;AA2ChC,MAAM,OAAO,eAAe;IAEhB;IACA;IACA;IAHV,YACU,KAAqB,EACrB,EAAkB,EAClB,QAAmB;QAFnB,UAAK,GAAL,KAAK,CAAgB;QACrB,OAAE,GAAF,EAAE,CAAgB;QAClB,aAAQ,GAAR,QAAQ,CAAW;IAC1B,CAAC;IAEJ;;;;;OAKG;IACH,KAAK,CAAC,OAAO,CAAC,QAAoB;QAChC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;QAC7C,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAA;QAExB,eAAe;QACf,IAAI,CAAC,CAAC,WAAW,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;YAC9D,MAAM,CAAC,KAAK,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,EAAE,wCAAwC,CAAC,CAAA;YAC3F,OAAO,IAAI,CAAA;QACb,CAAC;QAED,eAAe;QACf,MAAM,OAAO,GAAG,MAAM,CAAC,OAAkC,CAAA;QACzD,MAAM,SAAS,GAAG,OAAO,CAAC,iBAAuC,CAAA;QACjE,IAAI,CAAC,SAAS,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC1C,MAAM,CAAC,KAAK,CAAC,EAAE,QAAQ,EAAE,EAAE,0BAA0B,CAAC,CAAA;YACtD,OAAO,IAAI,CAAA;QACb,CAAC;QAED,aAAa;QACb,MAAM,KAAK,GAAG,IAAI,SAAS,KAAK,MAAM,CAAC,KAAK,EAAE,CAAA;QAC9C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;QAC5D,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,IAAI,CAAC,CAAA;QAC3E,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,CAAC,KAAK,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,0CAA0C,CAAC,CAAA;YAC7E,OAAO,IAAI,CAAA;QACb,CAAC;QAED,YAAY;QACZ,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC;YAC9B,IAAI,EAAE,QAAQ;YACd,KAAK;YACL,IAAI,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC,IAAgB,IAAI,EAAE,CAAC,CAAC;YACnE,UAAU,EAAE,WAAW,QAAQ,KAAK;YACpC,QAAQ,EAAE,KAAK;YACf,cAAc,EAAE,QAAQ;SACzB,CAAC,CAAA;QAEF,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,iBAAiB,EAAE;YACpC,QAAQ,EAAE,KAAK,CAAC,EAAE;YAClB,QAAQ;YACR,SAAS;YACT,KAAK;SACN,CAAC,CAAA;QAEF,MAAM,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,KAAK,CAAC,EAAE,EAAE,QAAQ,EAAE,EAAE,8BAA8B,CAAC,CAAA;QAC7E,OAAO,KAAK,CAAA;IACd,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe;QACnB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAA;QAC1D,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACzC,CAAC,WAAW,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CACpD,CAAA;QAED,MAAM,SAAS,GAAqB,EAAE,CAAA;QACtC,KAAK,MAAM,MAAM,IAAI,aAAa,EAAE,CAAC;YACnC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;YAC5C,IAAI,MAAM;gBAAE,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QACpC,CAAC;QAED,8BAA8B;QAC9B,MAAM,UAAU,GAAG,IAAI,GAAG,EAAkB,CAAA;QAC5C,KAAK,MAAM,CAAC,IAAI,aAAa,EAAE,CAAC;YAC9B,MAAM,KAAK,GAAI,CAAC,CAAC,OAAmC,CAAC,iBAA2B,CAAA;YAChF,IAAI,KAAK;gBAAE,UAAU,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAA;QACpE,CAAC;QAED,KAAK,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,UAAU,EAAE,CAAC;YACxC,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;gBACf,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,gEAAgE,CAAC,CAAA;YACjG,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAA;IAClB,CAAC;IAEO,UAAU,CAAC,CAAS,EAAE,CAAS;QACrC,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAA;QAClD,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAA;QAClD,MAAM,YAAY,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;QACzD,OAAO,YAAY,CAAC,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,CAAA;IAC7D,CAAC;CACF;AAcD,MAAM,OAAO,YAAY;IAKb;IACA;IALF,KAAK,GAAG,IAAI,GAAG,EAAwB,CAAA;IACvC,GAAG,GAAG,CAAC,CAAA;IAEf,YACU,EAAkB,EAClB,QAAmB;QADnB,OAAE,GAAF,EAAE,CAAgB;QAClB,aAAQ,GAAR,QAAQ,CAAW;IAC1B,CAAC;IAEJ,KAAK,CAAC,iBAAiB,CAAC,QAAgB;QACtC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;QACxC,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,QAAQ,CAAC,CAAA;QACrD,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAA;QAExB,mCAAmC;QACnC,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YACrB,MAAM,CAAC,KAAK,CAAC,EAAE,QAAQ,EAAE,EAAE,2CAA2C,CAAC,CAAA;YACvE,OAAO,IAAI,CAAA;QACb,CAAC;QAED,MAAM,IAAI,GAAiB;YACzB,EAAE,EAAE,QAAQ,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACpE,KAAK,EAAE,SAAS,MAAM,CAAC,KAAK,EAAE;YAC9B,WAAW,EAAE,6BAA6B,QAAQ,WAAW,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;YACrF,YAAY,EAAE,QAAQ;YACtB,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,SAAS;YACpC,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ;YACxD,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,QAAQ,EAAE,KAAK;SAChB,CAAA;QAED,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAA;QAE7B,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,eAAe,EAAE;YAClC,MAAM,EAAE,IAAI,CAAC,EAAE;YACf,QAAQ;YACR,WAAW,EAAE,IAAI,CAAC,WAAW;SAC9B,CAAC,CAAA;QAEF,MAAM,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,EAAE,2BAA2B,CAAC,CAAA;QACvE,OAAO,IAAI,CAAA;IACb,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAA;QAC5D,MAAM,QAAQ,GAAmB,EAAE,CAAA;QAEnC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,qDAAqD;YACrD,IAAI,MAAM,CAAC,SAAS,IAAI,GAAG,IAAI,MAAM,CAAC,WAAW,IAAI,CAAC,EAAE,CAAC;gBACvD,MAAM,QAAQ,GAAG,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,KAAK,MAAM,CAAC,EAAE,CAAC,CAAA;gBACnF,IAAI,CAAC,QAAQ,EAAE,CAAC;oBACd,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;oBACpD,IAAI,IAAI;wBAAE,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;gBAC/B,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAA;IACjB,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,MAAc,EAAE,UAAkB;QAC9C,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QACnC,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC,mBAAmB,MAAM,EAAE,CAAC,CAAA;QACvD,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAA;QACpB,IAAI,CAAC,UAAU,GAAG,UAAU,CAAA;QAE5B,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,eAAe,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC,CAAA;QAC3D,MAAM,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,EAAE,eAAe,CAAC,CAAA;QACpD,OAAO,IAAI,CAAA;IACb,CAAC;IAED,gBAAgB;QACd,OAAO,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAA;IACjC,CAAC;IAED,aAAa,CAAC,IAAkB,EAAE,QAAgB;QAChD,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;QACxC,MAAM,QAAQ,GAAG,GAAG,IAAI,CAAC,EAAE,KAAK,CAAA;QAChC,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAA;QACrC,MAAM,OAAO,GAAG,KAAK,IAAI,CAAC,KAAK;;YAEvB,IAAI,CAAC,YAAY;iBACZ,IAAI,CAAC,WAAW;cACnB,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,IAAI,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC,SAAS;aAC1D,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE;;;;EAIjD,IAAI,CAAC,WAAW;;;;IAId,IAAI,CAAC,OAAO;CACf,CAAA;QACG,aAAa,CAAC,IAAI,EAAE,OAAO,EAAE,OAAO,CAAC,CAAA;QACrC,OAAO,IAAI,CAAA;IACb,CAAC;CACF;AAWD,MAAM,OAAO,aAAa;IAGJ;IAFZ,KAAK,GAAoB,EAAE,CAAA;IAEnC,YAAoB,QAAmB;QAAnB,aAAQ,GAAR,QAAQ,CAAW;IAAG,CAAC;IAE3C,QAAQ,CAAC,IAAkB,EAAE,QAAgB;QAC3C,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACnB,MAAM,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,EAAE,0CAA0C,CAAC,CAAA;YAC7E,OAAO,IAAI,CAAA;QACb,CAAC;QACD,IAAI,IAAI,CAAC,WAAW,KAAK,MAAM,EAAE,CAAC;YAChC,MAAM,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,EAAE,iDAAiD,CAAC,CAAA;YACpF,OAAO,IAAI,CAAA;QACb,CAAC;QAED,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;QAExC,MAAM,QAAQ,GAAG,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QACjD,MAAM,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QAC/C,MAAM,UAAU,GAAG,GAAG,IAAI,CAAC,EAAE,KAAK,CAAA;QAClC,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAA;QAE7C,wBAAwB;QACxB,MAAM,MAAM,GAAG;mCACgB,IAAI,CAAC,EAAE;mBACvB,IAAI,CAAC,YAAY;aACvB,IAAI,CAAC,OAAO;eACV,QAAQ,eAAe,OAAO;;;;;;;;;gDASG,IAAI,CAAC,OAAO;;aAE/C,IAAI,CAAC,EAAE,sBAAsB,IAAI,CAAC,OAAO;;CAErD,CAAA;QACG,aAAa,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,CAAC,CAAA;QAE1C,MAAM,IAAI,GAAkB;YAC1B,EAAE,EAAE,QAAQ,IAAI,CAAC,GAAG,EAAE,EAAE;YACxB,MAAM,EAAE,IAAI,CAAC,EAAE;YACf,QAAQ;YACR,OAAO;YACP,UAAU;YACV,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;SACtB,CAAA;QAED,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAErB,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,gBAAgB,EAAE;YACnC,MAAM,EAAE,IAAI,CAAC,EAAE;YACf,MAAM,EAAE,IAAI,CAAC,EAAE;YACf,QAAQ;YACR,OAAO;YACP,UAAU;SACX,CAAC,CAAA;QAEF,MAAM,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,EAAE,0BAA0B,CAAC,CAAA;QACvF,OAAO,IAAI,CAAA;IACb,CAAC;IAED,iBAAiB;QACf,OAAO,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAA;IACxB,CAAC;IAEO,aAAa,CAAC,OAAe;QACnC,IAAI,yBAAyB,CAAC,IAAI,CAAC,OAAO,CAAC;YAAE,OAAO,MAAM,CAAA;QAC1D,IAAI,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC;YAAE,OAAO,YAAY,CAAA;QAC3D,OAAO,aAAa,CAAA;IACtB,CAAC;IAEO,YAAY,CAAC,OAAe;QAClC,IAAI,qBAAqB,CAAC,IAAI,CAAC,OAAO,CAAC;YAAE,OAAO,MAAM,CAAA;QACtD,IAAI,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC;YAAE,OAAO,sBAAsB,CAAA;QAC9D,OAAO,EAAE,CAAA;IACX,CAAC;CACF;AAED,+EAA+E;AAC/E,6BAA6B;AAC7B,+EAA+E;AAE/E,MAAM,OAAO,eAAe;IAGhB;IACA;IACA;IAEA;IANF,QAAQ,CAAW;IAC3B,YACU,SAA2B,EAC3B,QAAuB,EACvB,SAAyB,EACjC,QAAmB,EACX,WAAmB,QAAQ;QAJ3B,cAAS,GAAT,SAAS,CAAkB;QAC3B,aAAQ,GAAR,QAAQ,CAAe;QACvB,cAAS,GAAT,SAAS,CAAgB;QAEzB,aAAQ,GAAR,QAAQ,CAAmB;QAEnC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAA;IAC1B,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,QAAQ;QACZ,MAAM,KAAK,GAAmB;YAC5B,gBAAgB,EAAE,CAAC;YACnB,aAAa,EAAE,CAAC;YAChB,aAAa,EAAE,CAAC;YAChB,cAAc,EAAE,CAAC;SAClB,CAAA;QAED,0BAA0B;QAC1B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,eAAe,EAAE,CAAA;QACtD,KAAK,CAAC,gBAAgB,GAAG,OAAO,CAAC,MAAM,CAAA;QAEvC,wBAAwB;QACxB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,EAAE,CAAA;QAClD,KAAK,CAAC,aAAa,GAAG,KAAK,CAAC,MAAM,CAAA;QAElC,4CAA4C;QAC5C,MAAM,aAAa,GAAG,IAAI,CAAC,QAAQ,CAAC,gBAAgB,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,WAAW,KAAK,MAAM,CAAC,CAAA;QAC5G,KAAK,CAAC,aAAa,GAAG,aAAa,CAAC,MAAM,CAAA;QAE1C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;QAC7C,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;YACjC,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAA;YACpD,IAAI,IAAI;gBAAE,KAAK,CAAC,cAAc,EAAE,CAAA;QAClC,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,2BAA2B,CAAC,CAAA;QAC/C,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,2BAA2B,EAAE,KAAK,CAAC,CAAA;QACtD,OAAO,KAAK,CAAA;IACd,CAAC;IAED,QAAQ;QACN,OAAO;YACL,gBAAgB,EAAE,CAAC,EAAE,yBAAyB;YAC9C,aAAa,EAAE,IAAI,CAAC,QAAQ,CAAC,gBAAgB,EAAE,CAAC,MAAM;YACtD,aAAa,EAAE,IAAI,CAAC,QAAQ,CAAC,gBAAgB,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,MAAM;YAChF,cAAc,EAAE,IAAI,CAAC,SAAS,CAAC,iBAAiB,EAAE,CAAC,MAAM;SAC1D,CAAA;IACH,CAAC;CACF"}

package/dist/guardrails/Gateway.d.ts

@@ -0,0 +1,26 @@
+import type { ToolUseInput, ToolResultInput, StopInput, GateDecision, DetectorResult } from '../artifact/types.js';
+import type { IEventBus } from '../core/eventBus.js';
+export interface IDetector {
+    name: string;
+    check(input: ToolUseInput | ToolResultInput | StopInput, context: DetectorContext): Promise<DetectorResult>;
+}
+export interface DetectorContext {
+    eventBus: IEventBus;
+    cache: Map<string, unknown>;
+}
+export interface IGateway {
+    preTool(input: ToolUseInput): Promise<GateDecision>;
+    postTool(input: ToolResultInput): Promise<void>;
+    beforeStop(input: StopInput): Promise<GateDecision>;
+    registerDetector(detector: IDetector, hook: 'preTool' | 'postTool' | 'beforeStop'): void;
+}
+export declare class Gateway implements IGateway {
+    private eventBus;
+    private cache;
+    private detectors;
+    constructor(eventBus: IEventBus);
+    registerDetector(detector: IDetector, hook: 'preTool' | 'postTool' | 'beforeStop'): void;
+    preTool(input: ToolUseInput): Promise<GateDecision>;
+    postTool(input: ToolResultInput): Promise<void>;
+    beforeStop(input: StopInput): Promise<GateDecision>;
+}

package/dist/guardrails/Gateway.js

@@ -0,0 +1,57 @@
+// SCALE Engine — Guardrails Gateway (W5 完整实现)
+// Hook 网关 + 5 种懒惰检测器 + Role 权限
+// 设计参考：docs/03-CORE-MODULES.md §3.5
+import { logger } from '../core/logger.js';
+export class Gateway {
+    eventBus;
+    cache = new Map();
+    detectors = {
+        preTool: [],
+        postTool: [],
+        beforeStop: [],
+    };
+    constructor(eventBus) {
+        this.eventBus = eventBus;
+    }
+    registerDetector(detector, hook) {
+        this.detectors[hook].push(detector);
+        logger.debug({ name: detector.name, hook }, 'Detector registered');
+    }
+    async preTool(input) {
+        for (const det of this.detectors.preTool) {
+            const result = await det.check(input, { eventBus: this.eventBus, cache: this.cache });
+            if (result.triggered) {
+                if (result.severity === 'deny' || result.severity === 'block') {
+                    this.eventBus.emit('tool.blocked', { tool: input.tool, detector: det.name, reason: result.reason }, { sessionId: input.sessionId });
+                    return { allow: false, reason: result.reason, suggestion: result.suggestion };
+                }
+                if (result.severity === 'warn') {
+                    return { allow: true, reason: result.reason, injectContext: [result.reason ?? ''] };
+                }
+            }
+        }
+        this.eventBus.emit('tool.called', { tool: input.tool, args: input.args }, { sessionId: input.sessionId });
+        return { allow: true };
+    }
+    async postTool(input) {
+        if (input.exitCode === 0) {
+            this.eventBus.emit('tool.completed', { tool: input.tool, args: input.args, output: input.output }, { sessionId: input.sessionId });
+        }
+        else {
+            this.eventBus.emit('tool.failed', { tool: input.tool, args: input.args, exitCode: input.exitCode, output: input.output }, { sessionId: input.sessionId });
+        }
+        for (const det of this.detectors.postTool) {
+            await det.check(input, { eventBus: this.eventBus, cache: this.cache });
+        }
+    }
+    async beforeStop(input) {
+        for (const det of this.detectors.beforeStop) {
+            const result = await det.check(input, { eventBus: this.eventBus, cache: this.cache });
+            if (result.triggered && (result.severity === 'deny' || result.severity === 'block')) {
+                return { allow: false, reason: result.reason, suggestion: result.suggestion };
+            }
+        }
+        return { allow: true };
+    }
+}
+//# sourceMappingURL=Gateway.js.map

package/dist/guardrails/Gateway.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"Gateway.js","sourceRoot":"","sources":["../../src/guardrails/Gateway.ts"],"names":[],"mappings":"AAAA,8CAA8C;AAC9C,+BAA+B;AAC/B,oCAAoC;AAIpC,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAA;AAmB1C,MAAM,OAAO,OAAO;IAQE;IAPZ,KAAK,GAAG,IAAI,GAAG,EAAmB,CAAA;IAClC,SAAS,GAAG;QAClB,OAAO,EAAE,EAAiB;QAC1B,QAAQ,EAAE,EAAiB;QAC3B,UAAU,EAAE,EAAiB;KAC9B,CAAA;IAED,YAAoB,QAAmB;QAAnB,aAAQ,GAAR,QAAQ,CAAW;IAAG,CAAC;IAE3C,gBAAgB,CAAC,QAAmB,EAAE,IAA2C;QAC/E,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QACnC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,IAAI,EAAE,EAAE,qBAAqB,CAAC,CAAA;IACpE,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,KAAmB;QAC/B,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;YACzC,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,KAAK,CAAC,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,CAAA;YACrF,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;gBACrB,IAAI,MAAM,CAAC,QAAQ,KAAK,MAAM,IAAI,MAAM,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;oBAC9D,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,cAAc,EAAE,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,QAAQ,EAAE,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,EAAE,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAA;oBACnI,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC,UAAU,EAAE,CAAA;gBAC/E,CAAC;gBACD,IAAI,MAAM,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;oBAC/B,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,aAAa,EAAE,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC,EAAE,CAAA;gBACrF,CAAC;YACH,CAAC;QACH,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,EAAE,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAA;QACzG,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAA;IACxB,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,KAAsB;QACnC,IAAI,KAAK,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;YACzB,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,EAAE,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAA;QACpI,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,QAAQ,EAAE,KAAK,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,EAAE,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAA;QAC3J,CAAC;QACD,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC;YAC1C,MAAM,GAAG,CAAC,KAAK,CAAC,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,CAAA;QACxE,CAAC;IACH,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,KAAgB;QAC/B,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,CAAC;YAC5C,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,KAAK,CAAC,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,CAAA;YACrF,IAAI,MAAM,CAAC,SAAS,IAAI,CAAC,MAAM,CAAC,QAAQ,KAAK,MAAM,IAAI,MAAM,CAAC,QAAQ,KAAK,OAAO,CAAC,EAAE,CAAC;gBACpF,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC,UAAU,EAAE,CAAA;YAC/E,CAAC;QACH,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAA;IACxB,CAAC;CACF"}

package/dist/guardrails/advancedDetectors.d.ts

@@ -0,0 +1,26 @@
+import type { IDetector, DetectorContext } from './Gateway.js';
+import type { ToolUseInput, DetectorResult } from '../artifact/types.js';
+export declare class DangerousCommandDetector implements IDetector {
+    name: string;
+    private patterns;
+    check(input: ToolUseInput, ctx: DetectorContext): Promise<DetectorResult>;
+}
+export declare class SecretLeakDetector implements IDetector {
+    name: string;
+    private patterns;
+    check(input: ToolUseInput, ctx: DetectorContext): Promise<DetectorResult>;
+}
+export interface RoleDefinition {
+    id: string;
+    name: string;
+    allowedTools: string[];
+    deniedTools?: string[];
+}
+export declare const BUILT_IN_ROLES: Record<string, RoleDefinition>;
+export declare class RoleGateDetector implements IDetector {
+    name: string;
+    private currentRole;
+    setRole(role: RoleDefinition): void;
+    getRole(): RoleDefinition;
+    check(input: ToolUseInput, _ctx: DetectorContext): Promise<DetectorResult>;
+}

package/dist/guardrails/advancedDetectors.js

@@ -0,0 +1,138 @@
+// SCALE Engine — 危险命令检测 + Role 权限网关
+// W5 补充检测器
+// 设计参考：docs/01-ARCHITECTURE.md §二 L2
+// ============================================================================
+// 6. 危险命令检测器
+// ============================================================================
+export class DangerousCommandDetector {
+    name = 'dangerous-command';
+    patterns = [
+        { pattern: /rm\s+-rf\s+[\/~]/, description: 'rm -rf on root/home' },
+        { pattern: /rm\s+-rf\s+\*/, description: 'rm -rf wildcard' },
+        { pattern: /DROP\s+(TABLE|DATABASE|SCHEMA)/i, description: 'SQL DROP' },
+        { pattern: /TRUNCATE\s+TABLE/i, description: 'SQL TRUNCATE' },
+        { pattern: /DELETE\s+FROM\s+\w+\s*;/i, description: 'SQL DELETE without WHERE' },
+        { pattern: /ALTER\s+TABLE\s+\w+\s+DROP/i, description: 'SQL ALTER DROP column' },
+        { pattern: /curl\s+.*\|\s*(bash|sh)/i, description: 'curl pipe to shell' },
+        { pattern: /chmod\s+777/, description: 'chmod 777' },
+        { pattern: />\s*\/dev\/sda/, description: 'write to device' },
+        { pattern: /mkfs\./, description: 'format filesystem' },
+        { pattern: /:(){ :\|:& };:/, description: 'fork bomb' },
+        { pattern: /dd\s+if=.*of=\/dev\//, description: 'dd to device' },
+    ];
+    async check(input, ctx) {
+        if (input.tool !== 'Bash')
+            return { triggered: false };
+        const command = input.args.command ?? '';
+        for (const { pattern, description } of this.patterns) {
+            if (pattern.test(command)) {
+                ctx.eventBus.emit('tool.blocked', {
+                    tool: input.tool,
+                    detector: this.name,
+                    reason: description,
+                    command,
+                }, { sessionId: input.sessionId });
+                return {
+                    triggered: true,
+                    severity: 'deny',
+                    reason: `🛑 危险命令被拦截：${description}\n命令: ${command}\n此操作需要人工确认后才能执行。`,
+                    suggestion: '请使用安全的替代命令，或获取人工授权。',
+                };
+            }
+        }
+        return { triggered: false };
+    }
+}
+// ============================================================================
+// 7. 密钥泄露检测器
+// ============================================================================
+export class SecretLeakDetector {
+    name = 'secret-leak';
+    patterns = [
+        { pattern: /['"]?[A-Za-z0-9+\/]{40}['"]?/, description: 'possible API key (40 chars)' },
+        { pattern: /AKIA[0-9A-Z]{16}/, description: 'AWS Access Key ID' },
+        { pattern: /-----BEGIN (RSA |EC |DSA )?PRIVATE KEY-----/, description: 'Private key' },
+        { pattern: /sk-[a-zA-Z0-9]{48}/, description: 'OpenAI API key' },
+        { pattern: /ghp_[a-zA-Z0-9]{36}/, description: 'GitHub PAT' },
+        { pattern: /password\s*[:=]\s*['"][^'"]{8,}['"]/, description: 'hardcoded password' },
+    ];
+    async check(input, ctx) {
+        if (!['Edit', 'Write', 'MultiEdit'].includes(input.tool))
+            return { triggered: false };
+        const content = JSON.stringify(input.args);
+        for (const { pattern, description } of this.patterns) {
+            if (pattern.test(content)) {
+                ctx.eventBus.emit('tool.blocked', {
+                    tool: input.tool,
+                    detector: this.name,
+                    reason: description,
+                }, { sessionId: input.sessionId });
+                return {
+                    triggered: true,
+                    severity: 'block',
+                    reason: `🔑 检测到可能的密钥泄露：${description}\n请使用环境变量代替硬编码密钥。`,
+                    suggestion: '使用 process.env.XXX 或 .env 文件',
+                };
+            }
+        }
+        return { triggered: false };
+    }
+}
+export const BUILT_IN_ROLES = {
+    explorer: {
+        id: 'explorer',
+        name: 'Explorer',
+        allowedTools: ['Read', 'Grep', 'Glob', 'WebSearch', 'Bash'],
+        deniedTools: ['Edit', 'Write', 'MultiEdit'],
+    },
+    planner: {
+        id: 'planner',
+        name: 'Planner',
+        allowedTools: ['Read', 'Grep', 'Glob', 'Write'],
+        deniedTools: ['Bash'],
+    },
+    implementer: {
+        id: 'implementer',
+        name: 'Implementer',
+        allowedTools: ['Read', 'Grep', 'Glob', 'Edit', 'Write', 'MultiEdit', 'Bash'],
+    },
+    reviewer: {
+        id: 'reviewer',
+        name: 'Reviewer',
+        allowedTools: ['Read', 'Grep', 'Glob', 'Bash'],
+        deniedTools: ['Edit', 'Write', 'MultiEdit'],
+    },
+};
+export class RoleGateDetector {
+    name = 'role-gate';
+    currentRole = BUILT_IN_ROLES.implementer;
+    setRole(role) {
+        this.currentRole = role;
+    }
+    getRole() {
+        return this.currentRole;
+    }
+    async check(input, _ctx) {
+        const role = this.currentRole;
+        // Denied tools take priority
+        if (role.deniedTools?.includes(input.tool)) {
+            return {
+                triggered: true,
+                severity: 'deny',
+                reason: `⛔ Role "${role.name}" 不允许使用 ${input.tool}。请先切换到合适的 Role (如 Implementer)。`,
+                suggestion: `切换 Role: scale role activate implementer`,
+            };
+        }
+        // If allowedTools is specified, tool must be in the list
+        if (!role.allowedTools.includes(input.tool)) {
+            return {
+                triggered: true,
+                severity: 'deny',
+                reason: `⛔ Role "${role.name}" 不允许使用 ${input.tool}。允许的工具: [${role.allowedTools.join(', ')}]`,
+                suggestion: `切换到允许 ${input.tool} 的 Role`,
+            };
+        }
+        return { triggered: false };
+    }
+}
+//# sourceMappingURL=advancedDetectors.js.map

package/dist/guardrails/advancedDetectors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"advancedDetectors.js","sourceRoot":"","sources":["../../src/guardrails/advancedDetectors.ts"],"names":[],"mappings":"AAAA,oCAAoC;AACpC,WAAW;AACX,qCAAqC;AAKrC,+EAA+E;AAC/E,aAAa;AACb,+EAA+E;AAE/E,MAAM,OAAO,wBAAwB;IACnC,IAAI,GAAG,mBAAmB,CAAA;IAElB,QAAQ,GAAoD;QAClE,EAAE,OAAO,EAAE,kBAAkB,EAAE,WAAW,EAAE,qBAAqB,EAAE;QACnE,EAAE,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,iBAAiB,EAAE;QAC5D,EAAE,OAAO,EAAE,iCAAiC,EAAE,WAAW,EAAE,UAAU,EAAE;QACvE,EAAE,OAAO,EAAE,mBAAmB,EAAE,WAAW,EAAE,cAAc,EAAE;QAC7D,EAAE,OAAO,EAAE,0BAA0B,EAAE,WAAW,EAAE,0BAA0B,EAAE;QAChF,EAAE,OAAO,EAAE,6BAA6B,EAAE,WAAW,EAAE,uBAAuB,EAAE;QAChF,EAAE,OAAO,EAAE,0BAA0B,EAAE,WAAW,EAAE,oBAAoB,EAAE;QAC1E,EAAE,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,WAAW,EAAE;QACpD,EAAE,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,iBAAiB,EAAE;QAC7D,EAAE,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,mBAAmB,EAAE;QACvD,EAAE,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,WAAW,EAAE;QACvD,EAAE,OAAO,EAAE,sBAAsB,EAAE,WAAW,EAAE,cAAc,EAAE;KACjE,CAAA;IAED,KAAK,CAAC,KAAK,CAAC,KAAmB,EAAE,GAAoB;QACnD,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM;YAAE,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,CAAA;QAEtD,MAAM,OAAO,GAAI,KAAK,CAAC,IAA6B,CAAC,OAAO,IAAI,EAAE,CAAA;QAElE,KAAK,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YACrD,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1B,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,cAAc,EAAE;oBAChC,IAAI,EAAE,KAAK,CAAC,IAAI;oBAChB,QAAQ,EAAE,IAAI,CAAC,IAAI;oBACnB,MAAM,EAAE,WAAW;oBACnB,OAAO;iBACR,EAAE,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAA;gBAElC,OAAO;oBACL,SAAS,EAAE,IAAI;oBACf,QAAQ,EAAE,MAAM;oBAChB,MAAM,EAAE,cAAc,WAAW,SAAS,OAAO,mBAAmB;oBACpE,UAAU,EAAE,qBAAqB;iBAClC,CAAA;YACH,CAAC;QACH,CAAC;QAED,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,CAAA;IAC7B,CAAC;CACF;AAED,+EAA+E;AAC/E,aAAa;AACb,+EAA+E;AAE/E,MAAM,OAAO,kBAAkB;IAC7B,IAAI,GAAG,aAAa,CAAA;IAEZ,QAAQ,GAAoD;QAClE,EAAE,OAAO,EAAE,8BAA8B,EAAE,WAAW,EAAE,6BAA6B,EAAE;QACvF,EAAE,OAAO,EAAE,kBAAkB,EAAE,WAAW,EAAE,mBAAmB,EAAE;QACjE,EAAE,OAAO,EAAE,6CAA6C,EAAE,WAAW,EAAE,aAAa,EAAE;QACtF,EAAE,OAAO,EAAE,oBAAoB,EAAE,WAAW,EAAE,gBAAgB,EAAE;QAChE,EAAE,OAAO,EAAE,qBAAqB,EAAE,WAAW,EAAE,YAAY,EAAE;QAC7D,EAAE,OAAO,EAAE,qCAAqC,EAAE,WAAW,EAAE,oBAAoB,EAAE;KACtF,CAAA;IAED,KAAK,CAAC,KAAK,CAAC,KAAmB,EAAE,GAAoB;QACnD,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC;YAAE,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,CAAA;QAErF,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;QAE1C,KAAK,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YACrD,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1B,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,cAAc,EAAE;oBAChC,IAAI,EAAE,KAAK,CAAC,IAAI;oBAChB,QAAQ,EAAE,IAAI,CAAC,IAAI;oBACnB,MAAM,EAAE,WAAW;iBACpB,EAAE,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAA;gBAElC,OAAO;oBACL,SAAS,EAAE,IAAI;oBACf,QAAQ,EAAE,OAAO;oBACjB,MAAM,EAAE,iBAAiB,WAAW,mBAAmB;oBACvD,UAAU,EAAE,8BAA8B;iBAC3C,CAAA;YACH,CAAC;QACH,CAAC;QAED,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,CAAA;IAC7B,CAAC;CACF;AAaD,MAAM,CAAC,MAAM,cAAc,GAAmC;IAC5D,QAAQ,EAAE;QACR,EAAE,EAAE,UAAU;QACd,IAAI,EAAE,UAAU;QAChB,YAAY,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,CAAC;QAC3D,WAAW,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,WAAW,CAAC;KAC5C;IACD,OAAO,EAAE;QACP,EAAE,EAAE,SAAS;QACb,IAAI,EAAE,SAAS;QACf,YAAY,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC;QAC/C,WAAW,EAAE,CAAC,MAAM,CAAC;KACtB;IACD,WAAW,EAAE;QACX,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,aAAa;QACnB,YAAY,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,CAAC;KAC7E;IACD,QAAQ,EAAE;QACR,EAAE,EAAE,UAAU;QACd,IAAI,EAAE,UAAU;QAChB,YAAY,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;QAC9C,WAAW,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,WAAW,CAAC;KAC5C;CACF,CAAA;AAED,MAAM,OAAO,gBAAgB;IAC3B,IAAI,GAAG,WAAW,CAAA;IACV,WAAW,GAAmB,cAAc,CAAC,WAAW,CAAA;IAEhE,OAAO,CAAC,IAAoB;QAC1B,IAAI,CAAC,WAAW,GAAG,IAAI,CAAA;IACzB,CAAC;IAED,OAAO;QACL,OAAO,IAAI,CAAC,WAAW,CAAA;IACzB,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,KAAmB,EAAE,IAAqB;QACpD,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,CAAA;QAE7B,6BAA6B;QAC7B,IAAI,IAAI,CAAC,WAAW,EAAE,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3C,OAAO;gBACL,SAAS,EAAE,IAAI;gBACf,QAAQ,EAAE,MAAM;gBAChB,MAAM,EAAE,WAAW,IAAI,CAAC,IAAI,WAAW,KAAK,CAAC,IAAI,iCAAiC;gBAClF,UAAU,EAAE,0CAA0C;aACvD,CAAA;QACH,CAAC;QAED,yDAAyD;QACzD,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5C,OAAO;gBACL,SAAS,EAAE,IAAI;gBACf,QAAQ,EAAE,MAAM;gBAChB,MAAM,EAAE,WAAW,IAAI,CAAC,IAAI,WAAW,KAAK,CAAC,IAAI,YAAY,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;gBAC5F,UAAU,EAAE,SAAS,KAAK,CAAC,IAAI,SAAS;aACzC,CAAA;QACH,CAAC;QAED,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,CAAA;IAC7B,CAAC;CACF"}

package/dist/guardrails/detectors.d.ts

@@ -0,0 +1,25 @@
+import type { IDetector, DetectorContext } from './Gateway.js';
+import type { ToolUseInput, ToolResultInput, StopInput, DetectorResult } from '../artifact/types.js';
+export declare class BruteRetryDetector implements IDetector {
+    name: string;
+    private windowMs;
+    private threshold;
+    check(input: ToolUseInput, ctx: DetectorContext): Promise<DetectorResult>;
+}
+export declare class IdleToolDetector implements IDetector {
+    name: string;
+    check(input: ToolUseInput, ctx: DetectorContext): Promise<DetectorResult>;
+}
+export declare class BusyLoopDetector implements IDetector {
+    name: string;
+    check(input: ToolUseInput, ctx: DetectorContext): Promise<DetectorResult>;
+}
+export declare class PrematureDoneDetector implements IDetector {
+    name: string;
+    check(input: StopInput, ctx: DetectorContext): Promise<DetectorResult>;
+}
+export declare class BlameShiftDetector implements IDetector {
+    name: string;
+    private patterns;
+    check(input: ToolResultInput, ctx: DetectorContext): Promise<DetectorResult>;
+}