@m1a0rz/agent-identity 0.2.5 → 0.3.2

package/dist/src/hooks/sessions-spawn-propagation.js

@@ -16,6 +16,7 @@
 import { getOrRefreshTIPToken } from "../services/tip-with-refresh.js";
 import { propagateTIPToTarget } from "../services/tip-propagation.js";
 import { logWarn } from "../utils/logger.js";
+import { resolveEffectiveSessionKeyForRun } from "../store/group-sender-store.js";
 export function createSessionsSpawnPropagationHandler(deps) {
     const { storeDir, identityService, configWorkloadName, getOidcConfigForRefresh, subagentTipPropagation, logger, } = deps;
     return async (event, ctx) => {
@@ -24,16 +25,17 @@ export function createSessionsSpawnPropagationHandler(deps) {
         if (!callerSessionKey || !targetSessionKey || callerSessionKey === targetSessionKey) {
             return;
         }
+        const effectiveCallerKey = resolveEffectiveSessionKeyForRun(callerSessionKey, event.runId);
         try {
             await propagateTIPToTarget({
                 storeDir,
-                callerSessionKey,
+                callerSessionKey: effectiveCallerKey,
                 targetSessionKey,
                 identityService,
                 configWorkloadName,
                 subagentTipPropagation,
                 ctxAgentId: event.agentId,
-                getCallerTIP: () => getOrRefreshTIPToken(storeDir, callerSessionKey, {
+                getCallerTIP: () => getOrRefreshTIPToken(storeDir, effectiveCallerKey, {
                     identityService,
                     getOidcConfigForRefresh,
                     configWorkloadName,

package/dist/src/hooks/subagent-ended-cleanup.d.ts

@@ -9,5 +9,6 @@ export type SubagentEndedCleanupDeps = {
 export declare function createSubagentEndedCleanupHandler(deps: SubagentEndedCleanupDeps): (event: {
     targetSessionKey: string;
     targetKind: string;
+    runId?: string;
 }) => Promise<void>;
 //# sourceMappingURL=subagent-ended-cleanup.d.ts.map

package/dist/src/hooks/subagent-ended-cleanup.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"subagent-ended-cleanup.d.ts","sourceRoot":"","sources":["../../../src/hooks/subagent-ended-cleanup.ts"],"names":[],"mappings":"AA2BA,MAAM,MAAM,wBAAwB,GAAG;IACrC,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE;QAAE,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;QAAC,KAAK,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;QAAC,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;KAAE,CAAC;CACvG,CAAC;AAEF,wBAAgB,iCAAiC,CAAC,IAAI,EAAE,wBAAwB,IAI5E,OAAO;IAAE,gBAAgB,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,KACtD,OAAO,CAAC,IAAI,CAAC,CAcjB"}
+{"version":3,"file":"subagent-ended-cleanup.d.ts","sourceRoot":"","sources":["../../../src/hooks/subagent-ended-cleanup.ts"],"names":[],"mappings":"AA4BA,MAAM,MAAM,wBAAwB,GAAG;IACrC,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE;QAAE,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;QAAC,KAAK,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;QAAC,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;KAAE,CAAC;CACvG,CAAC;AAEF,wBAAgB,iCAAiC,CAAC,IAAI,EAAE,wBAAwB,IAI5E,OAAO;IAAE,gBAAgB,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,KACtE,OAAO,CAAC,IAAI,CAAC,CAgBjB"}

package/dist/src/hooks/subagent-ended-cleanup.js

@@ -21,17 +21,20 @@
  */
 import { deleteSession } from "../store/session-store.js";
 import { deleteTIPToken } from "../store/tip-store.js";
+import { clearFrozenRun } from "../store/group-sender-store.js";
 import { logDebug, logWarn } from "../utils/logger.js";
 export function createSubagentEndedCleanupHandler(deps) {
     const { storeDir, logger } = deps;
     return async (event) => {
         if (event.targetKind !== "subagent")
             return;
+        if (event.runId)
+            clearFrozenRun(event.runId);
         const targetSessionKey = event.targetSessionKey?.trim();
         if (!targetSessionKey)
             return;
         try {
-            await deleteTIPToken(storeDir, targetSessionKey);
+            deleteTIPToken(targetSessionKey);
             await deleteSession(storeDir, targetSessionKey);
             logDebug(logger, `cleaned up TIP and session for ${targetSessionKey.slice(0, 24)}... on subagent_ended`);
         }

package/dist/src/risk/low-risk-tools.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"low-risk-tools.d.ts","sourceRoot":"","sources":["../../../src/risk/low-risk-tools.ts"],"names":[],"mappings":"AAqCA,wBAAgB,aAAa,CAAC,QAAQ,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,EAAE,GAAG,OAAO,CAQhF"}
+{"version":3,"file":"low-risk-tools.d.ts","sourceRoot":"","sources":["../../../src/risk/low-risk-tools.ts"],"names":[],"mappings":"AAmCA,wBAAgB,aAAa,CAAC,QAAQ,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,EAAE,GAAG,OAAO,CAQhF"}

package/dist/src/risk/low-risk-tools.js

@@ -20,8 +20,6 @@ const LOW_RISK_TOOL_NAMES = new Set([
     "memory_search",
     "memory_get",
     "session_status",
-    "identity_whoami",
-    "identity_status",
     "identity_list_tips",
     "identity_list_credentials",
     "identity_config",

package/dist/src/services/tip-acquisition.d.ts

@@ -4,7 +4,6 @@
  */
 import type { IdentityService } from "./identity-service.js";
 export type FetchAndStoreTIPParams = {
-    storeDir: string;
     sessionKey: string;
     identityService: IdentityService;
     jwtForExchange: string;

package/dist/src/services/tip-acquisition.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"tip-acquisition.d.ts","sourceRoot":"","sources":["../../../src/services/tip-acquisition.ts"],"names":[],"mappings":"AAgBA;;;GAGG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAO7D,MAAM,MAAM,sBAAsB,GAAG;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,EAAE,eAAe,CAAC;IACjC,cAAc,EAAE,MAAM,CAAC;IACvB,GAAG,EAAE,MAAM,CAAC;IACZ,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B,CAAC;AAEF,wBAAsB,gBAAgB,CAAC,MAAM,EAAE,sBAAsB,GAAG,OAAO,CAAC,IAAI,CAAC,CA+BpF"}
+{"version":3,"file":"tip-acquisition.d.ts","sourceRoot":"","sources":["../../../src/services/tip-acquisition.ts"],"names":[],"mappings":"AAgBA;;;GAGG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAO7D,MAAM,MAAM,sBAAsB,GAAG;IACnC,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,EAAE,eAAe,CAAC;IACjC,cAAc,EAAE,MAAM,CAAC;IACvB,GAAG,EAAE,MAAM,CAAC;IACZ,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B,CAAC;AAEF,wBAAsB,gBAAgB,CAAC,MAAM,EAAE,sBAAsB,GAAG,OAAO,CAAC,IAAI,CAAC,CA8BpF"}

package/dist/src/services/tip-acquisition.js

@@ -16,7 +16,7 @@
 import { setTIPToken } from "../store/tip-store.js";
 import { resolveAgentId, resolveWorkloadNameForSession, } from "../utils/derive-session-key.js";
 export async function fetchAndStoreTIP(params) {
-    const { storeDir, sessionKey, identityService, jwtForExchange, sub, ctxAgentId, configWorkloadName, targetWorkloadSessionKey, parentSessionKey, } = params;
+    const { sessionKey, identityService, jwtForExchange, sub, ctxAgentId, configWorkloadName, targetWorkloadSessionKey, parentSessionKey, } = params;
     const workloadKey = targetWorkloadSessionKey ?? sessionKey;
     const agentId = resolveAgentId({ agentId: ctxAgentId, sessionKey: workloadKey });
     const workloadName = resolveWorkloadNameForSession({
@@ -35,5 +35,5 @@ export async function fetchAndStoreTIP(params) {
         ...(parentSessionKey && { parentSessionKey }),
         issuedAt: Date.now(),
     };
-    await setTIPToken(storeDir, sessionKey, entry);
+    setTIPToken(sessionKey, entry);
 }

package/dist/src/services/tip-propagation.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"tip-propagation.d.ts","sourceRoot":"","sources":["../../../src/services/tip-propagation.ts"],"names":[],"mappings":"AAgBA;;GAEG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAC7D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAM3D,MAAM,MAAM,kBAAkB,GAAG;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,CAAC;IACzB,eAAe,EAAE,eAAe,CAAC;IACjC,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,sBAAsB,CAAC,EAAE,OAAO,CAAC;IACjC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAAC;IAClD,MAAM,EAAE;QAAE,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;QAAC,KAAK,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;KAAE,CAAC;CACzE,CAAC;AAEF;;;GAGG;AACH,wBAAsB,oBAAoB,CAAC,MAAM,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC,CA2CpF"}
+{"version":3,"file":"tip-propagation.d.ts","sourceRoot":"","sources":["../../../src/services/tip-propagation.ts"],"names":[],"mappings":"AAgBA;;GAEG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAC7D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAM3D,MAAM,MAAM,kBAAkB,GAAG;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,CAAC;IACzB,eAAe,EAAE,eAAe,CAAC;IACjC,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,sBAAsB,CAAC,EAAE,OAAO,CAAC;IACjC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAAC;IAClD,MAAM,EAAE;QAAE,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;QAAC,KAAK,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;KAAE,CAAC;CACzE,CAAC;AAEF;;;GAGG;AACH,wBAAsB,oBAAoB,CAAC,MAAM,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC,CA0CpF"}

package/dist/src/services/tip-propagation.js

@@ -30,7 +30,6 @@ export async function propagateTIPToTarget(params) {
     }
     if (subagentTipPropagation === true) {
         await fetchAndStoreTIP({
-            storeDir,
             sessionKey: targetSessionKey,
             identityService,
             jwtForExchange: callerTIP.token,
@@ -42,7 +41,7 @@ export async function propagateTIPToTarget(params) {
         logInfo(logger, `TIP propagated to ${targetSessionKey.slice(0, 24)}...`);
     }
     else {
-        await setTIPToken(storeDir, targetSessionKey, {
+        setTIPToken(targetSessionKey, {
             ...callerTIP,
             ...(callerSessionKey && { parentSessionKey: callerSessionKey }),
         });

package/dist/src/services/tip-with-refresh.d.ts

@@ -20,5 +20,5 @@ export type GetOrRefreshTIPOptions = {
  * Get TIP token for session. If missing or expired and refresh options provided,
  * attempts to fetch TIP (refreshing userToken if needed).
  */
-export declare function getOrRefreshTIPToken(storeDir: string, sessionKey: string, options?: GetOrRefreshTIPOptions): Promise<Awaited<ReturnType<typeof getTIPToken>>>;
+export declare function getOrRefreshTIPToken(storeDir: string, sessionKey: string, options?: GetOrRefreshTIPOptions): Promise<ReturnType<typeof getTIPToken>>;
 //# sourceMappingURL=tip-with-refresh.d.ts.map

package/dist/src/services/tip-with-refresh.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"tip-with-refresh.d.ts","sourceRoot":"","sources":["../../../src/services/tip-with-refresh.ts"],"names":[],"mappings":"AAgBA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAC7D,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAEjE,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAMpD,MAAM,MAAM,sBAAsB,GAAG;IACnC,eAAe,EAAE,eAAe,CAAC;IACjC,uBAAuB,CAAC,EAAE,MAAM,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAC9D,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;QAAC,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;KAAE,CAAC;CAC1E,CAAC;AAEF;;;GAGG;AACH,wBAAsB,oBAAoB,CACxC,QAAQ,EAAE,MAAM,EAChB,UAAU,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE,sBAAsB,GAC/B,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,WAAW,CAAC,CAAC,CAAC,CAgElD"}
+{"version":3,"file":"tip-with-refresh.d.ts","sourceRoot":"","sources":["../../../src/services/tip-with-refresh.ts"],"names":[],"mappings":"AAgBA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAC7D,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAEjE,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAMpD,MAAM,MAAM,sBAAsB,GAAG;IACnC,eAAe,EAAE,eAAe,CAAC;IACjC,uBAAuB,CAAC,EAAE,MAAM,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAC9D,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;QAAC,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;KAAE,CAAC;CAC1E,CAAC;AAEF;;;GAGG;AACH,wBAAsB,oBAAoB,CACxC,QAAQ,EAAE,MAAM,EAChB,UAAU,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE,sBAAsB,GAC/B,OAAO,CAAC,UAAU,CAAC,OAAO,WAAW,CAAC,CAAC,CA8DzC"}

package/dist/src/services/tip-with-refresh.js

@@ -24,7 +24,7 @@ import { fetchAndStoreTIP } from "./tip-acquisition.js";
  * attempts to fetch TIP (refreshing userToken if needed).
  */
 export async function getOrRefreshTIPToken(storeDir, sessionKey, options) {
-    const cached = await getTIPToken(storeDir, sessionKey);
+    const cached = getTIPToken(sessionKey);
     if (cached)
         return cached;
     if (!options) {
@@ -36,7 +36,6 @@ export async function getOrRefreshTIPToken(storeDir, sessionKey, options) {
         return null;
     try {
         await fetchAndStoreTIP({
-            storeDir,
             sessionKey,
             identityService,
             jwtForExchange: session.userToken,
@@ -45,7 +44,7 @@ export async function getOrRefreshTIPToken(storeDir, sessionKey, options) {
             configWorkloadName,
         });
         logInfo(logger, `TIP acquired for ${sessionKey.slice(0, 24)}...`);
-        return getTIPToken(storeDir, sessionKey);
+        return getTIPToken(sessionKey);
     }
     catch (err) {
         const canRefresh = isTokenExpiredError(err) && !!getOidcConfigForRefresh && !!session.refreshToken;
@@ -60,7 +59,6 @@ export async function getOrRefreshTIPToken(storeDir, sessionKey, options) {
             return null;
         try {
             await fetchAndStoreTIP({
-                storeDir,
                 sessionKey,
                 identityService,
                 jwtForExchange: refreshed,
@@ -69,7 +67,7 @@ export async function getOrRefreshTIPToken(storeDir, sessionKey, options) {
                 configWorkloadName,
             });
             logInfo(logger, `TIP acquired after refresh for ${sessionKey.slice(0, 24)}...`);
-            return getTIPToken(storeDir, sessionKey);
+            return getTIPToken(sessionKey);
         }
         catch {
             return null;

package/dist/src/store/credential-env-snapshot.d.ts

@@ -0,0 +1,38 @@
+/**
+ * In-memory env snapshot store for per-tool-call credential injection.
+ *
+ * before_tool_call applies a snapshot (saves baseline, sets env);
+ * after_tool_call restores the snapshot (reverts env to baseline).
+ * Keyed by "runId:toolCallId" so concurrent tool calls stay isolated.
+ *
+ * Each env key has its own promise-chain mutex so concurrent tool calls
+ * writing the SAME key are serialized, while calls using different keys
+ * run fully in parallel.
+ */
+type EnvSnapshot = {
+    /** envVar → previous value (undefined = key was absent) */
+    baseline: Map<string, string | undefined>;
+    /** Release functions for per-key locks (call on restore) */
+    releasers: Array<() => void>;
+    createdAt: number;
+};
+export declare function snapshotKey(runId?: string, toolCallId?: string): string;
+export declare function hasSnapshot(runId?: string, toolCallId?: string): boolean;
+/**
+ * Acquire per-key locks, record baseline, then overwrite process.env.
+ * Keys are sorted before acquisition to prevent deadlocks when two
+ * concurrent calls compete for the same set of keys.
+ */
+export declare function applyEnvSnapshot(credentials: Record<string, string>, runId?: string, toolCallId?: string): Promise<void>;
+/**
+ * Revert process.env to baseline values, then release per-key locks
+ * so the next queued tool call for each key can proceed.
+ */
+export declare function restoreEnvSnapshot(runId?: string, toolCallId?: string): void;
+/** Exposed for testing. */
+export declare const __testing: {
+    snapshots: Map<string, EnvSnapshot>;
+    envKeyChains: Map<string, Promise<void>>;
+};
+export {};
+//# sourceMappingURL=credential-env-snapshot.d.ts.map

package/dist/src/store/credential-env-snapshot.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"credential-env-snapshot.d.ts","sourceRoot":"","sources":["../../../src/store/credential-env-snapshot.ts"],"names":[],"mappings":"AAgBA;;;;;;;;;;GAUG;AAEH,KAAK,WAAW,GAAG;IACjB,2DAA2D;IAC3D,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC;IAC1C,4DAA4D;IAC5D,SAAS,EAAE,KAAK,CAAC,MAAM,IAAI,CAAC,CAAC;IAC7B,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAyBF,wBAAgB,WAAW,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,MAAM,CAEvE;AAED,wBAAgB,WAAW,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAExE;AAED;;;;GAIG;AACH,wBAAsB,gBAAgB,CACpC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EACnC,KAAK,CAAC,EAAE,MAAM,EACd,UAAU,CAAC,EAAE,MAAM,GAClB,OAAO,CAAC,IAAI,CAAC,CAgBf;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAc5E;AAoBD,2BAA2B;AAC3B,eAAO,MAAM,SAAS;;;CAA8B,CAAC"}

package/dist/src/store/credential-env-snapshot.js

@@ -0,0 +1,101 @@
+/*
+ * Copyright (c) 2026 Beijing Volcano Engine Technology Co., Ltd. and/or its affiliates.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const SNAPSHOT_TTL_MS = 2 * 60 * 1000;
+const MAX_SNAPSHOTS = 512;
+const snapshots = new Map();
+/**
+ * Per-key promise chain mutex. Each env key has a chain; to acquire a key
+ * the caller appends to the chain and awaits the previous holder. Releasing
+ * resolves the promise so the next waiter proceeds.
+ */
+const envKeyChains = new Map();
+async function acquireEnvKey(key) {
+    const prev = envKeyChains.get(key) ?? Promise.resolve();
+    let release;
+    const next = new Promise((resolve) => {
+        release = resolve;
+    });
+    envKeyChains.set(key, next);
+    await prev;
+    return release;
+}
+export function snapshotKey(runId, toolCallId) {
+    return `${runId ?? "no-run"}:${toolCallId ?? "no-tcid"}`;
+}
+export function hasSnapshot(runId, toolCallId) {
+    return snapshots.has(snapshotKey(runId, toolCallId));
+}
+/**
+ * Acquire per-key locks, record baseline, then overwrite process.env.
+ * Keys are sorted before acquisition to prevent deadlocks when two
+ * concurrent calls compete for the same set of keys.
+ */
+export async function applyEnvSnapshot(credentials, runId, toolCallId) {
+    const key = snapshotKey(runId, toolCallId);
+    const baseline = new Map();
+    const releasers = [];
+    const sortedEntries = Object.entries(credentials).sort(([a], [b]) => a.localeCompare(b));
+    for (const [envVar, value] of sortedEntries) {
+        const release = await acquireEnvKey(envVar);
+        releasers.push(release);
+        baseline.set(envVar, process.env[envVar]);
+        process.env[envVar] = value;
+    }
+    snapshots.set(key, { baseline, releasers, createdAt: Date.now() });
+    pruneSnapshots();
+}
+/**
+ * Revert process.env to baseline values, then release per-key locks
+ * so the next queued tool call for each key can proceed.
+ */
+export function restoreEnvSnapshot(runId, toolCallId) {
+    const key = snapshotKey(runId, toolCallId);
+    const snapshot = snapshots.get(key);
+    if (!snapshot)
+        return;
+    snapshots.delete(key);
+    for (const [envVar, oldValue] of snapshot.baseline) {
+        if (oldValue === undefined)
+            delete process.env[envVar];
+        else
+            process.env[envVar] = oldValue;
+    }
+    for (const release of snapshot.releasers) {
+        release();
+    }
+}
+/** Evict expired snapshots, restoring env and releasing locks to prevent leaks. */
+function pruneSnapshots() {
+    if (snapshots.size < MAX_SNAPSHOTS)
+        return;
+    const now = Date.now();
+    for (const [key, snap] of snapshots) {
+        if (now - snap.createdAt > SNAPSHOT_TTL_MS) {
+            for (const [envVar, oldValue] of snap.baseline) {
+                if (oldValue === undefined)
+                    delete process.env[envVar];
+                else
+                    process.env[envVar] = oldValue;
+            }
+            for (const release of snap.releasers) {
+                release();
+            }
+            snapshots.delete(key);
+        }
+    }
+}
+/** Exposed for testing. */
+export const __testing = { snapshots, envKeyChains };

package/dist/src/store/encryption.d.ts

@@ -0,0 +1,30 @@
+/**
+ * Schedule key derivation. Call once at plugin startup (synchronous context
+ * is fine — the returned promise is awaited lazily by getEncryptionKey).
+ */
+export declare function initEncryptionKey(storeDir: string): void;
+/**
+ * Get the derived encryption key, awaiting initialization if it hasn't
+ * completed yet. Callers in async hooks simply `await getEncryptionKey()`.
+ */
+export declare function getEncryptionKey(): Promise<Buffer>;
+export declare function encrypt(key: Buffer, plaintext: string): Buffer;
+export declare function decrypt(key: Buffer, raw: Buffer): string;
+/**
+ * Read and decrypt a file. Returns null if the file is missing or
+ * decryption fails (e.g. key changed after config migration).
+ */
+export declare function readEncrypted(key: Buffer, filePath: string): Promise<string | null>;
+/**
+ * Encrypt and write data to a file with restrictive permissions.
+ */
+export declare function writeEncrypted(key: Buffer, filePath: string, data: string): Promise<void>;
+/** Encrypt a single field value, returning a prefixed base64 string. */
+export declare function encryptField(key: Buffer, plaintext: string): string;
+/** Decrypt a field value previously encrypted by encryptField. */
+export declare function decryptField(key: Buffer, value: string): string;
+/** Check whether a string looks like an encrypted field value. */
+export declare function isEncryptedField(value: unknown): boolean;
+/** Reset cached key and init promise (for testing only). */
+export declare function __resetCachedKey(): void;
+//# sourceMappingURL=encryption.d.ts.map

package/dist/src/store/encryption.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryption.d.ts","sourceRoot":"","sources":["../../../src/store/encryption.ts"],"names":[],"mappings":"AAgEA;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAMxD;AAED;;;GAGG;AACH,wBAAsB,gBAAgB,IAAI,OAAO,CAAC,MAAM,CAAC,CAIxD;AAED,wBAAgB,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAS9D;AAED,wBAAgB,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CAaxD;AAED;;;GAGG;AACH,wBAAsB,aAAa,CACjC,GAAG,EAAE,MAAM,EACX,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAOxB;AAED;;GAEG;AACH,wBAAsB,cAAc,CAClC,GAAG,EAAE,MAAM,EACX,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,GACX,OAAO,CAAC,IAAI,CAAC,CAGf;AAID,wEAAwE;AACxE,wBAAgB,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAGnE;AAED,kEAAkE;AAClE,wBAAgB,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,CAM/D;AAED,kEAAkE;AAClE,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAExD;AAED,4DAA4D;AAC5D,wBAAgB,gBAAgB,IAAI,IAAI,CAGvC"}

package/dist/src/store/encryption.js

@@ -0,0 +1,147 @@
+/*
+ * Copyright (c) 2026 Beijing Volcano Engine Technology Co., Ltd. and/or its affiliates.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * Encryption layer for sensitive on-disk data (sessions.json).
+ *
+ * Derives a 256-bit AES key via HKDF-SHA512 from:
+ *   1. A per-installation random salt (.key-salt, generated once)
+ *   2. A hardcoded pepper (compiled into plugin code)
+ *
+ * Files are encrypted with AES-256-GCM (authenticated encryption).
+ * On-disk format: [IV 12B][AuthTag 16B][Ciphertext ...]
+ */
+import crypto from "node:crypto";
+import fs from "node:fs/promises";
+import path from "node:path";
+const IV_LEN = 12;
+const TAG_LEN = 16;
+const KEY_LEN = 32;
+const SALT_LEN = 32;
+const SALT_FILENAME = ".key-salt";
+const PEPPER = "openclaw-identity-plugin-v1-AES256GCM-7f3a9c";
+const HKDF_INFO = "openclaw-identity-enc";
+let cachedKey = null;
+let initPromise = null;
+async function readOrCreateSalt(storeDir) {
+    const saltPath = path.join(storeDir, SALT_FILENAME);
+    try {
+        const existing = await fs.readFile(saltPath);
+        if (existing.length === SALT_LEN)
+            return existing;
+    }
+    catch {
+        // salt file missing — will create below
+    }
+    const salt = crypto.randomBytes(SALT_LEN);
+    await fs.mkdir(storeDir, { recursive: true });
+    await fs.writeFile(saltPath, salt, { mode: 0o600 });
+    return salt;
+}
+async function deriveKey(storeDir) {
+    const salt = await readOrCreateSalt(storeDir);
+    const ikm = Buffer.concat([salt, Buffer.from(PEPPER, "utf8")]);
+    return Buffer.from(crypto.hkdfSync("sha512", ikm, salt, HKDF_INFO, KEY_LEN));
+}
+/**
+ * Schedule key derivation. Call once at plugin startup (synchronous context
+ * is fine — the returned promise is awaited lazily by getEncryptionKey).
+ */
+export function initEncryptionKey(storeDir) {
+    if (cachedKey || initPromise)
+        return;
+    initPromise = deriveKey(storeDir).then((key) => {
+        cachedKey = key;
+        return key;
+    });
+}
+/**
+ * Get the derived encryption key, awaiting initialization if it hasn't
+ * completed yet. Callers in async hooks simply `await getEncryptionKey()`.
+ */
+export async function getEncryptionKey() {
+    if (cachedKey)
+        return cachedKey;
+    if (initPromise)
+        return initPromise;
+    throw new Error("Encryption key not initialized — call initEncryptionKey first");
+}
+export function encrypt(key, plaintext) {
+    const iv = crypto.randomBytes(IV_LEN);
+    const cipher = crypto.createCipheriv("aes-256-gcm", key, iv);
+    const encrypted = Buffer.concat([
+        cipher.update(plaintext, "utf8"),
+        cipher.final(),
+    ]);
+    const tag = cipher.getAuthTag();
+    return Buffer.concat([iv, tag, encrypted]);
+}
+export function decrypt(key, raw) {
+    if (raw.length < IV_LEN + TAG_LEN + 1) {
+        throw new Error("Encrypted data too short");
+    }
+    const iv = raw.subarray(0, IV_LEN);
+    const tag = raw.subarray(IV_LEN, IV_LEN + TAG_LEN);
+    const ciphertext = raw.subarray(IV_LEN + TAG_LEN);
+    const decipher = crypto.createDecipheriv("aes-256-gcm", key, iv);
+    decipher.setAuthTag(tag);
+    return Buffer.concat([
+        decipher.update(ciphertext),
+        decipher.final(),
+    ]).toString("utf8");
+}
+/**
+ * Read and decrypt a file. Returns null if the file is missing or
+ * decryption fails (e.g. key changed after config migration).
+ */
+export async function readEncrypted(key, filePath) {
+    try {
+        const raw = await fs.readFile(filePath);
+        return decrypt(key, raw);
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Encrypt and write data to a file with restrictive permissions.
+ */
+export async function writeEncrypted(key, filePath, data) {
+    const encrypted = encrypt(key, data);
+    await fs.writeFile(filePath, encrypted, { mode: 0o600 });
+}
+const FIELD_PREFIX = "enc:v1:";
+/** Encrypt a single field value, returning a prefixed base64 string. */
+export function encryptField(key, plaintext) {
+    const buf = encrypt(key, plaintext);
+    return FIELD_PREFIX + buf.toString("base64");
+}
+/** Decrypt a field value previously encrypted by encryptField. */
+export function decryptField(key, value) {
+    if (!value.startsWith(FIELD_PREFIX)) {
+        throw new Error("Not an encrypted field value");
+    }
+    const raw = Buffer.from(value.slice(FIELD_PREFIX.length), "base64");
+    return decrypt(key, raw);
+}
+/** Check whether a string looks like an encrypted field value. */
+export function isEncryptedField(value) {
+    return typeof value === "string" && value.startsWith(FIELD_PREFIX);
+}
+/** Reset cached key and init promise (for testing only). */
+export function __resetCachedKey() {
+    cachedKey = null;
+    initPromise = null;
+}

package/dist/src/store/group-sender-store.d.ts

@@ -0,0 +1,35 @@
+export type SenderInfo = {
+    senderId: string;
+    senderName?: string;
+    from?: string;
+    channelId?: string;
+    messageId?: string;
+    capturedAt: number;
+};
+export declare function setSender(sessionKey: string, info: SenderInfo): void;
+export declare function getSender(sessionKey: string): SenderInfo | undefined;
+export declare function clearSender(sessionKey: string): void;
+/**
+ * For group sessions, append :user:<senderId> so each member gets isolated
+ * TIP tokens, credentials and session state.
+ * For non-group sessions the key is returned unchanged.
+ */
+export declare function resolveEffectiveSessionKey(sessionKey: string): string;
+/**
+ * Same as resolveEffectiveSessionKey but takes an explicit senderId
+ * (used by commands where ctx.senderId is already available).
+ */
+export declare function buildEffectiveSessionKey(sessionKey: string, senderId?: string): string;
+/**
+ * Freeze the effective sessionKey for a runId.
+ * Once frozen, all hooks in this run use the same user-scoped key
+ * regardless of later message_received overwrites.
+ */
+export declare function freezeRun(runId: string, effectiveKey: string): void;
+/**
+ * Resolve effective sessionKey with run-level freeze support.
+ * Priority: frozen[runId] > store lookup > original key.
+ */
+export declare function resolveEffectiveSessionKeyForRun(sessionKey: string, runId?: string): string;
+export declare function clearFrozenRun(runId: string): void;
+//# sourceMappingURL=group-sender-store.d.ts.map

package/dist/src/store/group-sender-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"group-sender-store.d.ts","sourceRoot":"","sources":["../../../src/store/group-sender-store.ts"],"names":[],"mappings":"AA0BA,MAAM,MAAM,UAAU,GAAG;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC;AAIF,wBAAgB,SAAS,CAAC,UAAU,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,GAAG,IAAI,CAGpE;AAED,wBAAgB,SAAS,CAAC,UAAU,EAAE,MAAM,GAAG,UAAU,GAAG,SAAS,CAQpE;AAED,wBAAgB,WAAW,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAEpD;AAED;;;;GAIG;AACH,wBAAgB,0BAA0B,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAKrE;AAED;;;GAGG;AACH,wBAAgB,wBAAwB,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,CAGtF;AASD;;;;GAIG;AACH,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,IAAI,CAInE;AAED;;;GAGG;AACH,wBAAgB,gCAAgC,CAAC,UAAU,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,MAAM,CAQ3F;AAED,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAElD"}