@openbmb/clawxrouter 1.0.4

package/src/routers/token-saver.ts

@@ -0,0 +1,273 @@
+import { createHash } from "node:crypto";
+import type { ClawXrouterRouter, DetectionContext, EdgeProviderType, RouterDecision } from "../types.js";
+import { callChatCompletion } from "../local-model.js";
+import { loadPrompt } from "../prompt-loader.js";
+import { getGlobalCollector } from "../token-stats.js";
+
+// ── Types ──
+
+type TierTarget = {
+  provider: string;
+  model: string;
+  description?: string;
+};
+
+type TokenSaverConfig = {
+  enabled: boolean;
+  judgeEndpoint: string;
+  judgeModel: string;
+  judgeProviderType: EdgeProviderType;
+  judgeCustomModule?: string;
+  judgeApiKey?: string;
+  tiers: Record<string, TierTarget>;
+  defaultTier?: string;
+  rules?: string[];
+  cacheTtlMs: number;
+};
+
+const DEFAULT_CONFIG: TokenSaverConfig = {
+  enabled: false,
+  judgeEndpoint: "http://localhost:11434",
+  judgeModel: "openbmb/minicpm4.1",
+  judgeProviderType: "openai-compatible",
+  tiers: {
+    SIMPLE:    { provider: "zhipu",   model: "glm-4.5-air" },
+    MEDIUM:    { provider: "minimax", model: "minimax-m2.5" },
+    COMPLEX:   { provider: "deepseek", model: "deepseek-v3.2" },
+    RESEARCH:  { provider: "zhipu",   model: "glm-5" },
+    REASONING: { provider: "moonshot", model: "kimi-k2.5" },
+  },
+  cacheTtlMs: 300_000,
+};
+
+// ── Prompt generation ──
+
+function generateJudgePrompt(tiers: Record<string, TierTarget>, rules?: string[]): string {
+  const tierNames = Object.keys(tiers);
+
+  const tierDefs = tierNames
+    .map((name) => {
+      const desc = tiers[name].description;
+      return desc ? `${name} = ${desc}` : name;
+    })
+    .join("\n");
+
+  const defaultRules = [
+    "When unsure, pick the LOWER tier (save tokens).",
+    "Short prompts (< 20 words) with no technical depth → the lowest tier.",
+  ];
+  const allRules = [...defaultRules, ...(rules ?? [])];
+  const rulesBlock = allRules.map((r) => `- ${r}`).join("\n");
+
+  const tierList = tierNames.join("|");
+
+  return [
+    "You are a task complexity classifier. Classify the user's task into exactly one tier.",
+    "",
+    tierDefs,
+    "",
+    "Rules:",
+    rulesBlock,
+    "",
+    `CRITICAL: Output ONLY the raw JSON object. Do NOT wrap in markdown code blocks. Do NOT add any text before or after.`,
+    `{"tier":"${tierList}"}`,
+  ].join("\n");
+}
+
+const FALLBACK_JUDGE_PROMPT = `You are a task complexity classifier. Output ONLY a JSON object: {"tier":"MEDIUM"}`;
+
+// ── Cache ──
+
+type CacheEntry = { tier: string; ts: number };
+const classificationCache = new Map<string, CacheEntry>();
+
+const CACHE_CLEANUP_INTERVAL_MS = 60_000;
+const CACHE_MAX_AGE_MS = 600_000;
+
+let cleanupTimer: ReturnType<typeof setInterval> | null = null;
+
+function startCacheCleanup(): void {
+  if (cleanupTimer) return;
+  cleanupTimer = setInterval(() => {
+    const now = Date.now();
+    for (const [k, v] of classificationCache) {
+      if (now - v.ts > CACHE_MAX_AGE_MS) classificationCache.delete(k);
+    }
+  }, CACHE_CLEANUP_INTERVAL_MS);
+  if (cleanupTimer && typeof cleanupTimer === "object" && "unref" in cleanupTimer) {
+    (cleanupTimer as NodeJS.Timeout).unref();
+  }
+}
+
+// ── Helpers ──
+
+function hashPrompt(prompt: string): string {
+  return createHash("sha256").update(prompt).digest("hex").slice(0, 16);
+}
+
+function parseTier(response: string, validTiers: Set<string>, defaultTier: string): string {
+  try {
+    const cleaned = response.replace(/<think>[\s\S]*?<\/think>/g, "").trim();
+    const match = cleaned.match(/\{[\s\S]*?"tier"\s*:\s*"([A-Za-z_]+)"[\s\S]*?\}/);
+    if (match) {
+      const tier = match[1].toUpperCase();
+      if (validTiers.has(tier)) return tier;
+    }
+  } catch {
+    // parse failure
+  }
+  return defaultTier;
+}
+
+function buildDecision(tier: string, config: TokenSaverConfig): RouterDecision {
+  const target = config.tiers[tier];
+  if (!target) {
+    return { level: "S1", action: "passthrough", reason: `no model mapping for tier ${tier}` };
+  }
+  return {
+    level: "S1",
+    action: "redirect",
+    target: { provider: target.provider, model: target.model },
+    reason: `tier=${tier}`,
+    confidence: 0.8,
+  };
+}
+
+function resolveConfig(pluginConfig: Record<string, unknown>): TokenSaverConfig {
+  const routers = (pluginConfig?.privacy as Record<string, unknown>)?.routers as
+    | Record<string, { options?: Record<string, unknown>; enabled?: boolean }>
+    | undefined;
+  const tsConfig = routers?.["token-saver"];
+  const options = (tsConfig?.options ?? {}) as Record<string, unknown>;
+
+  const privacyLocalModel = (pluginConfig?.privacy as Record<string, unknown>)?.localModel as
+    | { endpoint?: string; model?: string; type?: EdgeProviderType; module?: string; apiKey?: string }
+    | undefined;
+
+  return {
+    enabled: tsConfig?.enabled ?? DEFAULT_CONFIG.enabled,
+    judgeEndpoint:
+      (options.judgeEndpoint as string) ??
+      privacyLocalModel?.endpoint ??
+      DEFAULT_CONFIG.judgeEndpoint,
+    judgeModel:
+      (options.judgeModel as string) ??
+      privacyLocalModel?.model ??
+      DEFAULT_CONFIG.judgeModel,
+    judgeProviderType:
+      (options.judgeProviderType as EdgeProviderType) ??
+      privacyLocalModel?.type ??
+      DEFAULT_CONFIG.judgeProviderType,
+    judgeCustomModule:
+      (options.judgeCustomModule as string) ??
+      privacyLocalModel?.module,
+    judgeApiKey:
+      (options.judgeApiKey as string) ??
+      privacyLocalModel?.apiKey,
+    tiers: (options.tiers as Record<string, TierTarget>) ?? {},
+    defaultTier: (options.defaultTier as string) ?? undefined,
+    rules: (options.rules as string[]) ?? undefined,
+    cacheTtlMs: (options.cacheTtlMs as number) ?? DEFAULT_CONFIG.cacheTtlMs,
+  };
+}
+
+function hasAnyDescription(tiers: Record<string, TierTarget>): boolean {
+  return Object.values(tiers).some((t) => t.description);
+}
+
+// ── Router ──
+
+export const tokenSaverRouter: ClawXrouterRouter = {
+  id: "token-saver",
+
+  async detect(
+    context: DetectionContext,
+    pluginConfig: Record<string, unknown>,
+  ): Promise<RouterDecision> {
+    const config = resolveConfig(pluginConfig);
+    if (!config.enabled && !context.dryRun) {
+      return { level: "S1", action: "passthrough" };
+    }
+
+    const isSubagent = context.sessionKey?.includes(":subagent:") ?? false;
+    if (isSubagent) {
+      return { level: "S1", action: "passthrough", reason: "subagent — skipped" };
+    }
+
+    const tierNames = Object.keys(config.tiers);
+    if (tierNames.length === 0) {
+      return { level: "S1", action: "passthrough", reason: "no tiers configured" };
+    }
+
+    const prompt = context.message ?? "";
+    if (!prompt.trim()) {
+      return { level: "S1", action: "passthrough" };
+    }
+
+    startCacheCleanup();
+    const validTiers = new Set(tierNames);
+    const defaultTier = config.defaultTier && validTiers.has(config.defaultTier)
+      ? config.defaultTier
+      : tierNames[Math.floor(tierNames.length / 2)] ?? "MEDIUM";
+
+    const cacheKey = hashPrompt(prompt);
+    const cached = classificationCache.get(cacheKey);
+    if (cached && Date.now() - cached.ts < config.cacheTtlMs) {
+      if (validTiers.has(cached.tier)) {
+        return buildDecision(cached.tier, config);
+      }
+    }
+
+    try {
+      const promptFileContent = loadPrompt("token-saver-judge", "");
+      let judgeSystemPrompt: string;
+
+      if (promptFileContent) {
+        judgeSystemPrompt = promptFileContent;
+      } else if (hasAnyDescription(config.tiers)) {
+        judgeSystemPrompt = generateJudgePrompt(config.tiers, config.rules);
+      } else {
+        judgeSystemPrompt = FALLBACK_JUDGE_PROMPT;
+      }
+
+      const result = await callChatCompletion(
+        config.judgeEndpoint,
+        config.judgeModel,
+        [
+          { role: "system", content: judgeSystemPrompt },
+          { role: "user", content: prompt },
+        ],
+        {
+          temperature: 0,
+          maxTokens: 1024,
+          providerType: config.judgeProviderType,
+          customModule: config.judgeCustomModule,
+          apiKey: config.judgeApiKey,
+        },
+      );
+
+      if (result.usage) {
+        const collector = getGlobalCollector();
+        collector?.record({
+          sessionKey: context.sessionKey ?? "",
+          provider: "edge",
+          model: config.judgeModel,
+          source: "router",
+          usage: result.usage,
+        });
+      }
+
+      const tier = parseTier(result.text, validTiers, defaultTier);
+      classificationCache.set(cacheKey, { tier, ts: Date.now() });
+      return buildDecision(tier, config);
+    } catch (err) {
+      console.error(`[ClawXrouter] [TokenSaver] judge call failed:`, err);
+      return { level: "S1", action: "passthrough", reason: "judge call failed — passthrough" };
+    }
+  },
+};
+
+// ── Exports for testing ──
+
+export { parseTier, hashPrompt, classificationCache, resolveConfig, generateJudgePrompt, DEFAULT_CONFIG, FALLBACK_JUDGE_PROMPT as DEFAULT_JUDGE_PROMPT };
+export type { TierTarget, TokenSaverConfig };

package/src/rules.ts

@@ -0,0 +1,320 @@
+import type { DetectionContext, DetectionResult, PrivacyConfig, SensitivityLevel } from "./types.js";
+import { levelToNumeric, maxLevel } from "./types.js";
+import { extractPathsFromParams, matchesPathPattern } from "./utils.js";
+
+/** Cache compiled regex patterns to avoid re-compilation on every call */
+const PATTERN_CACHE_MAX = 500;
+const patternCache = new Map<string, RegExp>();
+
+function getOrCompileRegex(pattern: string): RegExp | null {
+  const cached = patternCache.get(pattern);
+  if (cached) return cached;
+  try {
+    // Strip Python-style inline flags (?i), (?s), (?m) etc. — JS uses RegExp flags instead
+    let flags = "i";
+    const cleaned = pattern.replace(/^\(\?([gimsuy]+)\)/, (_m, f: string) => {
+      flags = f.includes("i") ? "i" : "";
+      if (f.includes("s")) flags += "s";
+      if (f.includes("m")) flags += "m";
+      return "";
+    });
+    const compiled = new RegExp(cleaned, flags);
+    if (patternCache.size >= PATTERN_CACHE_MAX) {
+      const firstKey = patternCache.keys().next().value;
+      if (firstKey !== undefined) patternCache.delete(firstKey);
+    }
+    patternCache.set(pattern, compiled);
+    return compiled;
+  } catch (err) {
+    console.warn(`[ClawXrouter] Invalid regex pattern: ${pattern} — ${(err as Error).message}`);
+    return null;
+  }
+}
+
+/**
+ * Detect sensitivity level based on configured rules
+ */
+export function detectByRules(
+  context: DetectionContext,
+  config: PrivacyConfig
+): DetectionResult {
+  const levels: SensitivityLevel[] = [];
+  const reasons: string[] = [];
+
+  // 1. Check keywords in message
+  if (context.message) {
+    const keywordResult = checkKeywords(context.message, config);
+    if (keywordResult.level !== "S1") {
+      levels.push(keywordResult.level);
+      if (keywordResult.reason) {
+        reasons.push(keywordResult.reason);
+      }
+    }
+  }
+
+  // 2. Check regex patterns in message
+  if (context.message) {
+    const patternResult = checkPatterns(context.message, config);
+    if (patternResult.level !== "S1") {
+      levels.push(patternResult.level);
+      if (patternResult.reason) {
+        reasons.push(patternResult.reason);
+      }
+    }
+  }
+
+  // 3. Check tool type and parameters
+  if (context.toolName) {
+    const toolResult = checkToolType(context.toolName, config);
+    if (toolResult.level !== "S1") {
+      levels.push(toolResult.level);
+      if (toolResult.reason) {
+        reasons.push(toolResult.reason);
+      }
+    }
+  }
+
+  // 4. Check tool parameters (paths, etc.)
+  if (context.toolParams) {
+    const paramResult = checkToolParams(context.toolParams, config);
+    if (paramResult.level !== "S1") {
+      levels.push(paramResult.level);
+      if (paramResult.reason) {
+        reasons.push(paramResult.reason);
+      }
+    }
+  }
+
+  // 5. Check tool result content (keywords + patterns)
+  if (context.toolResult) {
+    const resultText = typeof context.toolResult === "string" 
+      ? context.toolResult 
+      : JSON.stringify(context.toolResult);
+    const resultKeywordLevel = checkKeywords(resultText, config);
+    if (resultKeywordLevel.level !== "S1") {
+      levels.push(resultKeywordLevel.level);
+      if (resultKeywordLevel.reason) {
+        reasons.push(`Result: ${resultKeywordLevel.reason}`);
+      }
+    }
+    const resultPatternLevel = checkPatterns(resultText, config);
+    if (resultPatternLevel.level !== "S1") {
+      levels.push(resultPatternLevel.level);
+      if (resultPatternLevel.reason) {
+        reasons.push(`Result: ${resultPatternLevel.reason}`);
+      }
+    }
+  }
+
+  // Determine final level (max of all checks)
+  const finalLevel = levels.length > 0 ? maxLevel(...levels) : "S1";
+  const finalReason = reasons.length > 0 ? reasons.join("; ") : undefined;
+
+  return {
+    level: finalLevel,
+    levelNumeric: levelToNumeric(finalLevel),
+    reason: finalReason,
+    detectorType: "ruleDetector",
+    confidence: 1.0, // Rules have high confidence
+  };
+}
+
+/**
+ * Build a keyword-aware regex that matches the keyword at word-like boundaries.
+ *
+ * For keywords starting with "." (file extensions like ".env", ".key"):
+ *   The "." itself is a boundary, so only check that the tail is NOT followed
+ *   by an alphanumeric char.  "file.env" matches, ".envelope" does not.
+ *
+ * For plain-word keywords:
+ *   Negative lookbehind/lookahead on alphanumeric chars so "token" matches
+ *   "auth_token" and "the token" but NOT "tokenize".
+ */
+const keywordRegexCache = new Map<string, RegExp>();
+
+export function getKeywordRegex(keyword: string): RegExp {
+  const cached = keywordRegexCache.get(keyword);
+  if (cached) return cached;
+
+  const escaped = keyword.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+  let pattern: string;
+  if (keyword.startsWith(".")) {
+    pattern = `${escaped}(?![a-zA-Z0-9])`;
+  } else {
+    pattern = `(?<![a-zA-Z0-9])${escaped}(?![a-zA-Z0-9])`;
+  }
+  const re = new RegExp(pattern, "i");
+  keywordRegexCache.set(keyword, re);
+  return re;
+}
+
+/**
+ * Check for sensitive keywords in text
+ */
+function checkKeywords(
+  text: string,
+  config: PrivacyConfig
+): { level: SensitivityLevel; reason?: string } {
+  // Check S3 keywords first (higher priority)
+  const s3Keywords = config.rules?.keywords?.S3 ?? [];
+  for (const keyword of s3Keywords) {
+    if (getKeywordRegex(keyword).test(text)) {
+      return {
+        level: "S3",
+        reason: `S3 keyword detected: ${keyword}`,
+      };
+    }
+  }
+
+  // Check S2 keywords
+  const s2Keywords = config.rules?.keywords?.S2 ?? [];
+  for (const keyword of s2Keywords) {
+    if (getKeywordRegex(keyword).test(text)) {
+      return {
+        level: "S2",
+        reason: `S2 keyword detected: ${keyword}`,
+      };
+    }
+  }
+
+  return { level: "S1" };
+}
+
+/**
+ * Check for sensitive content using regex patterns
+ */
+function checkPatterns(
+  text: string,
+  config: PrivacyConfig
+): { level: SensitivityLevel; reason?: string } {
+  // Check S3 patterns first (higher priority)
+  const s3Patterns = config.rules?.patterns?.S3 ?? [];
+  for (const pattern of s3Patterns) {
+    const regex = getOrCompileRegex(pattern);
+    if (regex && regex.test(text)) {
+      return {
+        level: "S3",
+        reason: `S3 pattern matched: ${pattern}`,
+      };
+    }
+  }
+
+  // Check S2 patterns
+  const s2Patterns = config.rules?.patterns?.S2 ?? [];
+  for (const pattern of s2Patterns) {
+    const regex = getOrCompileRegex(pattern);
+    if (regex && regex.test(text)) {
+      return {
+        level: "S2",
+        reason: `S2 pattern matched: ${pattern}`,
+      };
+    }
+  }
+
+  return { level: "S1" };
+}
+
+/**
+ * Check if `name` contains `segment` as a whole word delimited by common
+ * tool-name separators (`.`, `_`, `-`) or string boundaries.
+ * Prevents "pseudocode_generator" matching "sudo", "powershell" matching "shell", etc.
+ */
+function toolNameContainsSegment(name: string, segment: string): boolean {
+  const escaped = segment.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+  const re = new RegExp(`(?:^|[._\\-])${escaped}(?:$|[._\\-])`, "i");
+  return re.test(name);
+}
+
+/**
+ * Check tool type against configured sensitive tools
+ */
+function checkToolType(
+  toolName: string,
+  config: PrivacyConfig
+): { level: SensitivityLevel; reason?: string } {
+  const normalizedTool = toolName.toLowerCase();
+
+  // Check S3 tools first (higher priority)
+  const s3Tools = config.rules?.tools?.S3?.tools ?? [];
+  for (const tool of s3Tools) {
+    const pattern = tool.toLowerCase();
+    if (normalizedTool === pattern || toolNameContainsSegment(normalizedTool, pattern)) {
+      return {
+        level: "S3",
+        reason: `S3 tool detected: ${toolName}`,
+      };
+    }
+  }
+
+  // Check S2 tools
+  const s2Tools = config.rules?.tools?.S2?.tools ?? [];
+  for (const tool of s2Tools) {
+    const pattern = tool.toLowerCase();
+    if (normalizedTool === pattern || toolNameContainsSegment(normalizedTool, pattern)) {
+      return {
+        level: "S2",
+        reason: `S2 tool detected: ${toolName}`,
+      };
+    }
+  }
+
+  return { level: "S1" };
+}
+
+/**
+ * Check tool parameters for sensitive paths or values
+ */
+function checkToolParams(
+  params: Record<string, unknown>,
+  config: PrivacyConfig
+): { level: SensitivityLevel; reason?: string } {
+  const paths = extractPathsFromParams(params);
+
+  if (paths.length === 0) {
+    return { level: "S1" };
+  }
+
+  // Check S3 paths first (higher priority)
+  const s3Paths = config.rules?.tools?.S3?.paths ?? [];
+  for (const path of paths) {
+    if (matchesPathPattern(path, s3Paths)) {
+      return {
+        level: "S3",
+        reason: `S3 path detected: ${path}`,
+      };
+    }
+  }
+
+  // Check S2 paths
+  const s2Paths = config.rules?.tools?.S2?.paths ?? [];
+  for (const path of paths) {
+    if (matchesPathPattern(path, s2Paths)) {
+      return {
+        level: "S2",
+        reason: `S2 path detected: ${path}`,
+      };
+    }
+  }
+
+  // Check for common sensitive file extensions
+  for (const path of paths) {
+    const lowerPath = path.toLowerCase();
+    if (
+      lowerPath.endsWith(".pem") ||
+      lowerPath.endsWith(".key") ||
+      lowerPath.endsWith(".p12") ||
+      lowerPath.endsWith(".pfx") ||
+      lowerPath.includes("id_rsa") ||
+      lowerPath.includes("id_dsa") ||
+      lowerPath.includes("id_ecdsa") ||
+      lowerPath.includes("id_ed25519")
+    ) {
+      return {
+        level: "S3",
+        reason: `Sensitive file extension detected: ${path}`,
+      };
+    }
+  }
+
+  return { level: "S1" };
+}