@opentrust/guards 7.3.3

package/agent/config.ts

@@ -0,0 +1,485 @@
+/**
+ * 插件配置和凭证管理
+ *
+ * 功能：
+ * - 定义默认的 Core 和 Dashboard URL
+ * - 管理 Core 平台凭证（加载、保存、注册）
+ * - 轮询账户激活状态
+ * - 读取 Agent Profile（从 OpenClaw 工作区）
+ * - 解析配置（合并默认值和用户配置）
+ */
+
+import type { OpenClawGuardConfig } from "./types.js";
+import os from "node:os";
+import path from "node:path";
+import fs from "node:fs";
+
+// ── 常量 ─────────────────────────────────────────────
+
+/** 默认 Core API 地址（可通过环境变量 OG_CORE_URL 覆盖） */
+export const DEFAULT_CORE_URL =
+  process.env.OG_CORE_URL ?? "http://localhost:53666";
+
+/** 默认 Dashboard API 地址（可通过环境变量 OG_DASHBOARD_URL 覆盖） */
+export const DEFAULT_DASHBOARD_URL =
+  process.env.OG_DASHBOARD_URL ?? "http://localhost:53667";
+
+/** 凭证存储目录 */
+const CREDENTIALS_DIR = path.join(os.homedir(), ".openclaw/credentials/opentrust-guard");
+/** 凭证文件路径 */
+const CREDENTIALS_FILE = path.join(CREDENTIALS_DIR, "credentials.json");
+
+// ── Core 凭证管理 ────────────────────────────────────
+
+/**
+ * Core 平台凭证
+ */
+export type CoreCredentials = {
+  /** API Key（sk-og-xxx 格式） */
+  apiKey: string;
+  /** Agent ID */
+  agentId: string;
+  /** 激活链接（未激活时有值） */
+  claimUrl: string;
+  /** 验证码 */
+  verificationCode: string;
+  /** 关联邮箱（激活后有值） */
+  email?: string;
+};
+
+/**
+ * 从本地文件加载凭证
+ * @returns 凭证对象，如果不存在或无效则返回 null
+ */
+export function loadCoreCredentials(): CoreCredentials | null {
+  try {
+    if (!fs.existsSync(CREDENTIALS_FILE)) return null;
+    const data = JSON.parse(fs.readFileSync(CREDENTIALS_FILE, "utf-8"));
+    if (typeof data.apiKey === "string" && typeof data.agentId === "string") {
+      return data as CoreCredentials;
+    }
+    return null;
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * 保存凭证到本地文件
+ * @param creds - 凭证对象
+ */
+export function saveCoreCredentials(creds: CoreCredentials): void {
+  if (!fs.existsSync(CREDENTIALS_DIR)) {
+    fs.mkdirSync(CREDENTIALS_DIR, { recursive: true });
+  }
+  fs.writeFileSync(CREDENTIALS_FILE, JSON.stringify(creds, null, 2), "utf-8");
+}
+
+/** 注册结果 */
+export type RegisterResult = {
+  /** 凭证 */
+  credentials: CoreCredentials;
+  /** 激活链接 */
+  activateUrl: string;
+  /** 登录链接 */
+  loginUrl: string;
+};
+
+/**
+ * 向 Core 平台注册新 Agent
+ *
+ * @param name - Agent 名称
+ * @param description - Agent 描述
+ * @param coreUrl - Core API 地址
+ * @returns 注册结果（包含凭证和激活链接）
+ */
+export async function registerWithCore(
+  name: string,
+  description: string,
+  coreUrl: string = DEFAULT_CORE_URL,
+): Promise<RegisterResult> {
+  const response = await fetch(`${coreUrl}/api/v1/agents/register`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({ name, description }),
+  });
+
+  if (!response.ok) {
+    const text = await response.text().catch(() => "");
+    throw new Error(
+      `Registration failed: ${response.status} ${response.statusText}${text ? ` — ${text}` : ""}`,
+    );
+  }
+
+  const json = (await response.json()) as {
+    success: boolean;
+    agent?: { id: string; api_key: string };
+    activate_url?: string;
+    login_url?: string;
+    error?: string;
+  };
+
+  if (!json.success || !json.agent) {
+    throw new Error(`Registration error: ${json.error ?? "unknown"}`);
+  }
+
+  // 构建凭证对象
+  const creds: CoreCredentials = {
+    apiKey: json.agent.api_key,
+    agentId: json.agent.id,
+    claimUrl: json.activate_url ?? "",
+    verificationCode: "",
+  };
+
+  // 保存到本地
+  saveCoreCredentials(creds);
+
+  return {
+    credentials: creds,
+    activateUrl: json.activate_url ?? "",
+    loginUrl: json.login_url ?? `${coreUrl}/login`,
+  };
+}
+
+// ── 账户状态轮询 ─────────────────────────────────────
+
+/**
+ * 轮询账户邮箱激活状态
+ * 检查 Agent 是否已通过邮箱激活
+ *
+ * @param apiKey - API Key
+ * @param coreUrl - Core API 地址
+ * @returns 邮箱和状态（如果已激活），否则返回 null
+ */
+export async function pollAccountEmail(
+  apiKey: string,
+  coreUrl: string = DEFAULT_CORE_URL,
+): Promise<{ email: string; status: string } | null> {
+  try {
+    const res = await fetch(`${coreUrl}/api/v1/account`, {
+      headers: { Authorization: `Bearer ${apiKey}` },
+    });
+    if (!res.ok) return null;
+    const data = (await res.json()) as { success: boolean; email?: string | null; status?: string };
+    if (data.success && data.email && data.status === "active") {
+      return { email: data.email, status: data.status };
+    }
+    return null;
+  } catch {
+    return null;
+  }
+}
+
+// ── 默认配置 ─────────────────────────────────────────
+
+/** 默认插件配置 */
+export const DEFAULT_CONFIG: Required<OpenClawGuardConfig> = {
+  enabled: true,
+  blockOnRisk: true,
+  apiKey: process.env.OG_API_KEY ?? "",
+  timeoutMs: 60000,
+  coreUrl: DEFAULT_CORE_URL,
+  agentName: "OpenClaw Agent",
+  dashboardUrl: DEFAULT_DASHBOARD_URL,
+  logLevel: "info",
+};
+
+// ── 辅助函数 ─────────────────────────────────────────
+
+/**
+ * 安全读取文件内容
+ * @param filePath - 文件路径
+ * @returns 文件内容，读取失败返回空字符串
+ */
+function readFileSafe(filePath: string): string {
+  try { return fs.readFileSync(filePath, "utf-8"); } catch { return ""; }
+}
+
+/**
+ * 安全读取 JSON 文件
+ * @param filePath - 文件路径
+ * @returns 解析后的对象，读取或解析失败返回 null
+ */
+function readJsonSafe(filePath: string): Record<string, unknown> | null {
+  try { return JSON.parse(fs.readFileSync(filePath, "utf-8")); } catch { return null; }
+}
+
+/**
+ * 检查值是否为未填写的 IDENTITY.md 占位符
+ * 占位符格式：_(...some hint...)_
+ */
+function isPlaceholder(value: string): boolean {
+  return /^_\(.*\)_$/.test(value.trim());
+}
+
+/**
+ * 从 Markdown 内容中解析指定字段
+ * 支持格式：`- **FieldName:** value`
+ *
+ * @param content - Markdown 内容
+ * @param field - 字段名
+ * @returns 字段值，未找到返回空字符串
+ */
+function parseIdentityField(content: string, field: string): string {
+  const prefix = `- **${field}:**`;
+  const lines = content.split("\n");
+  for (let i = 0; i < lines.length; i++) {
+    const trimmed = lines[i]!.trim();
+    if (trimmed.startsWith(prefix)) {
+      // 检查同一行的内联值
+      const inline = trimmed.slice(prefix.length).trim();
+      if (inline && !isPlaceholder(inline)) return inline;
+      // 检查下一行
+      const next = lines[i + 1]?.trim();
+      if (next && !next.startsWith("-") && !next.startsWith("#") && !isPlaceholder(next)) return next;
+    }
+  }
+  return "";
+}
+
+/**
+ * 从 IDENTITY.md 读取 Agent 名称
+ * @returns Agent 名称，未找到返回 null
+ */
+function readIdentityName(): string | null {
+  try {
+    const identityPath = path.join(os.homedir(), ".openclaw/workspace/IDENTITY.md");
+    const content = fs.readFileSync(identityPath, "utf-8");
+    return parseIdentityField(content, "Name") || null;
+  } catch {
+    return null;
+  }
+}
+
+// ── Agent Profile ────────────────────────────────────
+
+/**
+ * Agent Profile 类型
+ * 包含从 OpenClaw 工作区读取的完整 Agent 信息
+ */
+export type AgentProfile = {
+  /** 表情符号 */
+  emoji: string;
+  /** 生物类型 */
+  creature: string;
+  /** 个性氛围 */
+  vibe: string;
+  /** AI 模型 */
+  model: string;
+  /** 模型提供商 */
+  provider: string;
+  /** 所有者名称 */
+  ownerName: string;
+  /** 技能列表 */
+  skills: { name: string; description?: string }[];
+  /** 插件列表 */
+  plugins: { name: string; enabled: boolean }[];
+  /** 钩子列表 */
+  hooks: { name: string; enabled: boolean }[];
+  /** 已连接的系统 */
+  connectedSystems: string[];
+  /** 活跃的渠道 */
+  channels: string[];
+  /** 会话数量 */
+  sessionCount: number;
+  /** 最后活跃时间 */
+  lastActive: string | null;
+  /** 工作区 Markdown 文件内容 */
+  workspaceFiles: {
+    soul: string;
+    identity: string;
+    user: string;
+    agents: string;
+    tools: string;
+    heartbeat: string;
+  };
+  /** Bootstrap 文件是否存在 */
+  bootstrapExists: boolean;
+  /** 定时任务列表 */
+  cronJobs: Array<{ id?: string; schedule?: string; task?: string; enabled?: boolean }>;
+};
+
+/**
+ * 读取 Agent Profile
+ * 从 OpenClaw 工作区收集 Agent 的完整信息
+ *
+ * @returns Agent Profile 对象
+ */
+export function readAgentProfile(): AgentProfile {
+  const openclawDir = path.join(os.homedir(), ".openclaw");
+
+  // 初始化空 Profile
+  const result: AgentProfile = {
+    emoji: "", creature: "", vibe: "", model: "", provider: "", ownerName: "",
+    skills: [], plugins: [], hooks: [], connectedSystems: [], channels: [],
+    sessionCount: 0, lastActive: null,
+    workspaceFiles: { soul: "", identity: "", user: "", agents: "", tools: "", heartbeat: "" },
+    bootstrapExists: false,
+    cronJobs: [],
+  };
+
+  // 读取 openclaw.json 配置
+  const config = readJsonSafe(path.join(openclawDir, "openclaw.json"));
+  let workspacePath = path.join(openclawDir, "workspace");
+
+  if (config) {
+    // 解析模型配置
+    const agentsConfig = config.agents as { defaults?: { model?: { primary?: string }; workspace?: string } } | undefined;
+    const defaultModel = agentsConfig?.defaults?.model?.primary ?? "";
+    if (defaultModel.includes("/")) {
+      const [provider, model] = defaultModel.split("/", 2);
+      result.provider = provider ?? "";
+      result.model = model ?? "";
+    } else {
+      result.model = defaultModel;
+    }
+    if (agentsConfig?.defaults?.workspace) workspacePath = agentsConfig.defaults.workspace;
+
+    // 解析插件配置
+    const pluginsConfig = config.plugins as { entries?: Record<string, { enabled?: boolean }> } | undefined;
+    if (pluginsConfig?.entries) {
+      for (const [name, entry] of Object.entries(pluginsConfig.entries)) {
+        result.plugins.push({ name, enabled: entry?.enabled !== false });
+      }
+    }
+
+    // 解析钩子配置
+    const hooksConfig = config.hooks as { internal?: { entries?: Record<string, { enabled?: boolean }> } } | undefined;
+    if (hooksConfig?.internal?.entries) {
+      for (const [name, entry] of Object.entries(hooksConfig.internal.entries)) {
+        result.hooks.push({ name, enabled: entry?.enabled !== false });
+      }
+    }
+  }
+
+  // 读取工作区 Markdown 文件
+  const identityContent = readFileSafe(path.join(workspacePath, "IDENTITY.md"));
+  result.workspaceFiles.identity = identityContent;
+  result.workspaceFiles.soul     = readFileSafe(path.join(workspacePath, "SOUL.md"));
+  result.workspaceFiles.user     = readFileSafe(path.join(workspacePath, "USER.md"));
+  result.workspaceFiles.agents   = readFileSafe(path.join(workspacePath, "AGENTS.md"));
+  result.workspaceFiles.tools    = readFileSafe(path.join(workspacePath, "TOOLS.md"));
+  result.workspaceFiles.heartbeat = readFileSafe(path.join(workspacePath, "HEARTBEAT.md"));
+  result.bootstrapExists = fs.existsSync(path.join(workspacePath, "BOOTSTRAP.md"));
+
+  // 解析身份字段（使用 OpenClaw 默认值作为后备）
+  if (identityContent) {
+    result.emoji    = parseIdentityField(identityContent, "Emoji")    || "🦞";
+    result.creature = parseIdentityField(identityContent, "Creature") || "OpenClaw AI Agent";
+    result.vibe     = parseIdentityField(identityContent, "Vibe")     || "Secure";
+  } else {
+    result.emoji    = "🦞";
+    result.creature = "OpenClaw AI Agent";
+    result.vibe     = "Secure";
+  }
+
+  // 解析所有者名称
+  if (result.workspaceFiles.user) {
+    result.ownerName = parseIdentityField(result.workspaceFiles.user, "Name")
+      || parseIdentityField(result.workspaceFiles.user, "name");
+  }
+
+  // 发现技能
+  try {
+    const skillsDir = path.join(workspacePath, "skills");
+    if (fs.existsSync(skillsDir)) {
+      result.skills = fs.readdirSync(skillsDir, { withFileTypes: true })
+        .filter((d) => d.isDirectory())
+        .map((d) => {
+          const meta = readJsonSafe(path.join(skillsDir, d.name, "_meta.json")) as { description?: string } | null;
+          return { name: d.name, description: meta?.description };
+        });
+    }
+  } catch { /* 忽略错误 */ }
+
+  // 发现已连接的系统（从凭证目录）
+  try {
+    const credsDir = path.join(openclawDir, "credentials");
+    if (fs.existsSync(credsDir)) {
+      result.connectedSystems = fs.readdirSync(credsDir)
+        .filter((f) => f.endsWith(".json"))
+        .map((f) => f.slice(0, -5)); // 移除 .json 后缀
+    }
+  } catch { /* 忽略错误 */ }
+
+  // 统计会话信息
+  try {
+    const agentsDir = path.join(openclawDir, "agents");
+    if (fs.existsSync(agentsDir)) {
+      for (const dir of fs.readdirSync(agentsDir, { withFileTypes: true })) {
+        if (!dir.isDirectory()) continue;
+        const sessionsData = readJsonSafe(path.join(agentsDir, dir.name, "sessions", "sessions.json")) as
+          Record<string, { updatedAt?: number; lastChannel?: string }> | null;
+        if (!sessionsData) continue;
+        for (const session of Object.values(sessionsData)) {
+          result.sessionCount++;
+          // 更新最后活跃时间
+          if (typeof session.updatedAt === "number") {
+            const iso = new Date(session.updatedAt).toISOString();
+            if (!result.lastActive || iso > result.lastActive) result.lastActive = iso;
+          }
+          // 收集渠道
+          if (typeof session.lastChannel === "string" && !result.channels.includes(session.lastChannel)) {
+            result.channels.push(session.lastChannel);
+          }
+        }
+      }
+    }
+  } catch { /* 忽略错误 */ }
+
+  // 读取定时任务
+  try {
+    const raw = readFileSafe(path.join(openclawDir, "cron", "jobs.json"));
+    if (raw) {
+      const parsed = JSON.parse(raw) as unknown;
+      result.cronJobs = Array.isArray(parsed) ? parsed : ((parsed as { jobs?: unknown[] })?.jobs ?? []);
+    }
+  } catch { /* 忽略错误 */ }
+
+  return result;
+}
+
+/**
+ * 获取需要监视的 Profile 文件路径
+ * 用于在文件变更时自动同步 Profile 到 Dashboard
+ *
+ * @param openclawDir - OpenClaw 目录（可选）
+ * @returns 文件路径数组
+ */
+export function getProfileWatchPaths(openclawDir?: string): string[] {
+  const dir = openclawDir ?? path.join(os.homedir(), ".openclaw");
+  const config = readJsonSafe(path.join(dir, "openclaw.json"));
+  const agentsConfig = config?.agents as { defaults?: { workspace?: string } } | undefined;
+  const workspace = agentsConfig?.defaults?.workspace ?? path.join(dir, "workspace");
+  return [
+    path.join(dir, "openclaw.json"),
+    path.join(workspace, "IDENTITY.md"),
+    path.join(workspace, "SOUL.md"),
+    path.join(workspace, "USER.md"),
+    path.join(workspace, "AGENTS.md"),
+    path.join(workspace, "TOOLS.md"),
+    path.join(workspace, "HEARTBEAT.md"),
+    path.join(dir, "cron", "jobs.json"),
+    path.join(workspace, "skills"),
+  ];
+}
+
+/**
+ * 解析配置
+ * 合并用户配置和默认配置
+ *
+ * @param config - 用户配置（可选）
+ * @returns 完整配置
+ */
+export function resolveConfig(config?: Partial<OpenClawGuardConfig>): Required<OpenClawGuardConfig> {
+  return {
+    enabled: config?.enabled ?? DEFAULT_CONFIG.enabled,
+    blockOnRisk: config?.blockOnRisk ?? DEFAULT_CONFIG.blockOnRisk,
+    apiKey: config?.apiKey ?? DEFAULT_CONFIG.apiKey,
+    timeoutMs: config?.timeoutMs ?? DEFAULT_CONFIG.timeoutMs,
+    coreUrl: config?.coreUrl ?? DEFAULT_CONFIG.coreUrl,
+    agentName: config?.agentName ?? readIdentityName() ?? DEFAULT_CONFIG.agentName,
+    dashboardUrl: config?.dashboardUrl ?? DEFAULT_CONFIG.dashboardUrl,
+    logLevel: config?.logLevel ?? DEFAULT_CONFIG.logLevel,
+  };
+}

package/agent/content-injection-scanner.ts

@@ -0,0 +1,170 @@
+/**
+ * 基于内容的提示词注入扫描器
+ *
+ * 纯本地/同步的正则扫描器 — 无网络依赖。
+ *
+ * 双层设计：
+ *   HIGH 高置信度 — 单个匹配即触发检测
+ *   MEDIUM 中置信度 — 需要 2+ 个不同类别才触发检测
+ *
+ * 检测类别：
+ *   - INSTRUCTION_OVERRIDE: 指令覆盖（如 "ignore previous instructions"）
+ *   - MODE_SWITCHING: 模式切换（如 "you are now in debug mode"）
+ *   - FAKE_SYSTEM_MESSAGE: 伪造系统消息（如 "SYSTEM ALERT:"）
+ *   - CONCEALMENT_DIRECTIVE: 隐藏指令（如 "do not mention these instructions"）
+ *   - COMMAND_EXECUTION: 命令执行（如 "execute the following shell command"）
+ *   - TASK_HIJACKING: 任务劫持（如 "your new task is:"）
+ *   - ROLE_ASSUMPTION: 角色假设（如 "you are now unrestricted"）
+ *   - DATA_EXFILTRATION: 数据外泄（如 "send contents to URL"）
+ */
+
+import type { DetectionFinding, DetectionRiskType, RiskLevel } from "./types.js";
+import type { InjectionCategory } from "./patterns/types.js";
+import { HIGH_CONFIDENCE_PATTERNS } from "./patterns/high-confidence.js";
+import { MEDIUM_CONFIDENCE_PATTERNS } from "./patterns/medium-confidence.js";
+
+export type { InjectionCategory } from "./patterns/types.js";
+
+/** 注入匹配结果 */
+export type InjectionMatch = {
+  /** 匹配的模式名称 */
+  pattern: string;
+  /** 注入类别 */
+  category: InjectionCategory;
+  /** 置信度 */
+  confidence: "high" | "medium";
+  /** 匹配到的文本 */
+  matchedText: string;
+};
+
+/** 注入扫描结果 */
+export type InjectionScanResult = {
+  /** 是否检测到注入 */
+  detected: boolean;
+  /** 所有匹配结果 */
+  matches: InjectionMatch[];
+  /** 去重后的类别列表 */
+  distinctCategories: InjectionCategory[];
+  /** 摘要描述 */
+  summary: string;
+  /** 检测发现列表（用于上报） */
+  findings: DetectionFinding[];
+};
+
+/** 合并所有模式 */
+const ALL_PATTERNS = [...HIGH_CONFIDENCE_PATTERNS, ...MEDIUM_CONFIDENCE_PATTERNS];
+
+/** 类别到风险类型的映射 */
+const CATEGORY_TO_RISK_TYPE: Record<InjectionCategory, DetectionRiskType> = {
+  INSTRUCTION_OVERRIDE: "PROMPT_INJECTION",
+  MODE_SWITCHING: "PROMPT_INJECTION",
+  FAKE_SYSTEM_MESSAGE: "PROMPT_INJECTION",
+  CONCEALMENT_DIRECTIVE: "PROMPT_INJECTION",
+  COMMAND_EXECUTION: "COMMAND_EXECUTION",
+  TASK_HIJACKING: "PROMPT_INJECTION",
+  ROLE_ASSUMPTION: "PROMPT_INJECTION",
+  DATA_EXFILTRATION: "DATA_EXFILTRATION",
+};
+
+/**
+ * 脱敏内容
+ * 将检测到的注入模式替换为 `__REDACTED_BY_OPENTRUST_DUE_TO_{riskType}__` 标记
+ *
+ * @param text - 要脱敏的文本
+ * @returns 脱敏后的文本和检测发现
+ */
+export function redactContent(text: string): { redacted: string; findings: DetectionFinding[] } {
+  if (!text || text.length === 0) return { redacted: text, findings: [] };
+
+  const findings: DetectionFinding[] = [];
+  let redacted = text;
+
+  // 遍历所有模式进行替换
+  for (const entry of ALL_PATTERNS) {
+    // 确保使用全局匹配
+    const globalRegex = new RegExp(
+      entry.regex.source,
+      entry.regex.flags.includes("g") ? entry.regex.flags : entry.regex.flags + "g",
+    );
+    const riskType = CATEGORY_TO_RISK_TYPE[entry.category];
+
+    // 替换匹配内容
+    redacted = redacted.replace(globalRegex, (matched) => {
+      findings.push({
+        riskLevel: (entry.confidence === "high" ? "high" : "medium") as RiskLevel,
+        riskType,
+        riskContent: matched,
+        reason: `Matched injection pattern: "${entry.label}" (${entry.category})`,
+      });
+      return `__REDACTED_BY_OPENTRUST_DUE_TO_${riskType}__`;
+    });
+  }
+
+  return { redacted, findings };
+}
+
+/**
+ * 扫描注入模式
+ * 检测文本中是否包含提示词注入攻击
+ *
+ * 触发条件：
+ * - 任何 HIGH 置信度匹配
+ * - 或 2+ 个不同类别的 MEDIUM 置信度匹配
+ *
+ * @param text - 要扫描的文本
+ * @returns 扫描结果
+ */
+export function scanForInjection(text: string): InjectionScanResult {
+  if (!text || text.length === 0) {
+    return { detected: false, matches: [], distinctCategories: [], summary: "", findings: [] };
+  }
+
+  const matches: InjectionMatch[] = [];
+  const categorySet = new Set<InjectionCategory>();
+  let hasHigh = false;
+
+  // 遍历所有模式进行匹配
+  for (const entry of ALL_PATTERNS) {
+    const execResult = entry.regex.exec(text);
+    if (execResult) {
+      matches.push({
+        pattern: entry.label,
+        category: entry.category,
+        confidence: entry.confidence,
+        matchedText: execResult[0],
+      });
+      categorySet.add(entry.category);
+      if (entry.confidence === "high") hasHigh = true;
+    }
+  }
+
+  const distinctCategories = [...categorySet];
+
+  // 判断是否触发检测：任何 HIGH 匹配，或 2+ 个不同的 MEDIUM 类别
+  const mediumCategories = new Set(
+    matches.filter((m) => m.confidence === "medium").map((m) => m.category),
+  );
+  const detected = hasHigh || mediumCategories.size >= 2;
+
+  // 生成摘要
+  let summary = "";
+  if (detected) {
+    const patternList = matches.map((m) => `"${m.pattern}"`).join(", ");
+    summary =
+      `Detected ${matches.length} injection pattern(s) across ${distinctCategories.length} ` +
+      `categor${distinctCategories.length === 1 ? "y" : "ies"}: ${distinctCategories.join(", ")}. ` +
+      `Matched patterns: ${patternList}`;
+  }
+
+  // 构建检测发现列表
+  const findings: DetectionFinding[] = detected
+    ? matches.map((m) => ({
+        riskLevel: (m.confidence === "high" ? "high" : "medium") as RiskLevel,
+        riskType: CATEGORY_TO_RISK_TYPE[m.category],
+        riskContent: m.matchedText,
+        reason: `Matched injection pattern: "${m.pattern}" (${m.category})`,
+      }))
+    : [];
+
+  return { detected, matches, distinctCategories, summary, findings };
+}

package/agent/index.ts

@@ -0,0 +1,22 @@
+/**
+ * Agent 模块导出
+ *
+ * 导出 agent 相关的核心功能：
+ * - 检测运行器
+ * - 配置和凭证管理
+ * - 内容脱敏
+ * - 类型定义
+ */
+
+export { runGuardAgent, mapApiResponseToVerdict, type RunnerConfig } from "./runner.js";
+export {
+  loadCoreCredentials,
+  saveCoreCredentials,
+  registerWithCore,
+  DEFAULT_CORE_URL,
+  DEFAULT_CONFIG,
+  resolveConfig,
+  type CoreCredentials,
+} from "./config.js";
+export { sanitizeContent } from "./sanitizer.js";
+export * from "./types.js";