@yan162/changewayguard 6.8.25

package/dist/index.js

@@ -0,0 +1,2990 @@
+/**
+ * OpenGuardrails Plugin for OpenClaw
+ *
+ * Responsibilities:
+ *   1. Load credentials from disk on startup (no network)
+ *   2. Fall back to local MAC identity when no saved credentials exist
+ *   3. Detect behavioral anomalies at before_tool_call (block / alert)
+ *   4. Expose /og_status, /og_upgrade, /og_config commands
+ */
+import { resolveConfig, loadCoreCredentials, deleteCoreCredentials, readAgentProfile, getProfileWatchPaths, readPluginEnabledFromOpenclawConfig, } from "./agent/config.js";
+import { buildSignedAuthHeadersForUrl, getLocalAgentId, getLocalMacAddress, withChangewayOpenPrefix, } from "./agent/auth.js";
+import { BehaviorDetector, FILE_READ_TOOLS, WEB_FETCH_TOOLS } from "./agent/behavior-detector.js";
+import { EventReporter } from "./agent/event-reporter.js";
+import { BusinessReporter } from "./agent/business-reporter.js";
+import { ConfigSync } from "./agent/config-sync.js";
+import { DashboardClient } from "./platform-client/index.js";
+import { enableGateway, disableGateway, getGatewayStatus, startGateway, stopGateway, setDashboardPort, setGatewayActivityCallback } from "./agent/gateway-manager.js";
+import { FileWatcher } from "./agent/file-watcher.js";
+import fs from "node:fs";
+import path from "node:path";
+import { randomBytes } from "node:crypto";
+import { spawn, spawnSync } from "node:child_process";
+import { fileURLToPath } from "node:url";
+import { openclawHome } from "./agent/env.js";
+import { loadJsonSync } from "./agent/fs-utils.js";
+import { appendEngineLogLine } from "./agent/engine-log-writer.js";
+import { buildScanActivityObservation } from "./agent/scan-activity.js";
+import { shouldActivatePluginRuntime } from "./agent/runtime-mode.js";
+import { extractLatestUserPromptForDetection, extractPromptForDetection, extractTextContent, extractToolContentForDetection, isPromptAlertConfirmation, isSyntheticSessionBootstrapPrompt, isUserSender, } from "./agent/prompt-input.js";
+import { rewriteAssistantMessageWithNotice } from "./agent/prompt-output.js";
+import { buildPromptRiskNotice, buildPromptRiskOverrideInstruction, } from "./agent/prompt-gate.js";
+import { activateDeviceByCode, getActivationStatus, getOrCreateDeviceId, loadActivationKeys, } from "./agent/activation.js";
+import { syncAllWorkspaceAgentsGuides } from "./workspace-agents-sync.js";
+import { WorkspaceAgentsWatcher } from "./workspace-agents-watcher.js";
+// =============================================================================
+// Constants
+// =============================================================================
+const PLUGIN_ID = "changewayguard";
+const PLUGIN_NAME = "changewayguard";
+const PLUGIN_VERSION = "6.7.0";
+const LOG_PREFIX = `[${PLUGIN_ID}]`;
+const BRAND_NAME = "电信安全·龙虾小卫士";
+const BRAND_TAG = "changewayguard";
+const QUOTA_EXCEEDED_TAG = `${BRAND_TAG}-quota-exceeded`;
+const PROMPT_ALERT_WARNING = "经过见微大模型研判，该行为存在风险，请谨慎操作。";
+const PROMPT_BLOCK_WARNING = "经过见微大模型研判，该行为存在风险，已为您阻断执行。";
+//MAC 地址认证相关
+const MAC_RECORD_DIR = path.join(openclawHome, "credentials", "changewayguard");
+const MAC_RECORD_TEXT_PATH = path.join(MAC_RECORD_DIR, "local-mac-address.txt");
+const MAC_RECORD_JSON_PATH = path.join(MAC_RECORD_DIR, "local-mac-address.json");
+//  4. 安全扫描脚本
+const CT_SCAN_SCRIPT_NAME = "openclaw-hybrid-audit-changeway.js";
+const CT_SCAN_TIMEOUT_MS = 10 * 60 * 1000; // 10分钟
+const CT_SCAN_OUTPUT_MAX_CHARS = 12_000; // 1.2万字符
+//  这段代码用来以 CommonJS 方式运行一个 ES Module 脚本：  OpenClaw 插件是 ES Module（"type": "module"），但安全扫描脚本 openclaw-hybrid-audit-changeway.js 可能是 CommonJS 格式。
+const CT_SCAN_COMMONJS_LAUNCHER = [
+    "const fs=require('fs');",
+    "const path=require('path');",
+    "const Module=require('module');",
+    "const f=process.argv[1];",
+    "const m=new Module(f);",
+    "m.filename=f;",
+    "m.paths=Module._nodeModulePaths(path.dirname(f));",
+    "m._compile(fs.readFileSync(f,'utf8'), f);",
+].join("");
+// 6. 状态持久化,记录行为钩子的启用状态
+const BEHAVIOR_HOOKS_STATE_PATH = path.join(MAC_RECORD_DIR, "behavior-hooks.json");
+const SECURITY_AUDIT_CRON_STATE_PATH = path.join(MAC_RECORD_DIR, "security-audit-cron.json");
+//5. 定时安全审计
+const SECURITY_AUDIT_CRON_NAME = "lunch-reminder"; // 定时任务名称
+const SECURITY_AUDIT_CRON_DESC = "每天定时巡检"; // 任务描述
+const SECURITY_AUDIT_CRON_TZ = "Asia/Shanghai"; // 时区
+const SECURITY_AUDIT_SETUP_TIMEOUT_MS = 15_000;
+const SECURITY_AUDIT_SYSTEM_EVENT = "/ct_scan"; // 触发的事件
+//  这是一个历史遗留定时任务名称列表，用于兼容旧版本的插件。 确保插件升级时能自动清理旧版本的定时任务，防止重复运行安全扫描。
+const LEGACY_SECURITY_AUDIT_CRON_NAMES = ["changeway-security-audit"];
+// =============================================================================
+// Debug file logger — writes to openclaw logs dir for agentic hours diagnosis
+// =============================================================================
+const DEBUG_LOG_PATH = path.join(openclawHome, "logs", "changewayguard-debug.log");
+function debugLog(msg) {
+    try {
+        const ts = new Date().toISOString();
+        fs.appendFileSync(DEBUG_LOG_PATH, `[${ts}] ${msg}\n`);
+    }
+    catch { /* ignore */ }
+}
+function loadBehaviorHooksPreference() {
+    try {
+        if (!fs.existsSync(BEHAVIOR_HOOKS_STATE_PATH))
+            return null;
+        const raw = fs.readFileSync(BEHAVIOR_HOOKS_STATE_PATH, "utf-8");
+        const data = JSON.parse(raw);
+        if (typeof data.enabled !== "boolean")
+            return null;
+        return data.enabled;
+    }
+    catch {
+        return null;
+    }
+}
+function saveBehaviorHooksPreference(enabled) {
+    try {
+        fs.mkdirSync(MAC_RECORD_DIR, { recursive: true });
+        fs.writeFileSync(BEHAVIOR_HOOKS_STATE_PATH, JSON.stringify({
+            enabled,
+            updatedAt: new Date().toISOString(),
+        }, null, 2), "utf-8");
+    }
+    catch {
+        // Ignore persistence errors.
+    }
+}
+function loadSecurityAuditCronState() {
+    try {
+        if (!fs.existsSync(SECURITY_AUDIT_CRON_STATE_PATH))
+            return {};
+        const raw = fs.readFileSync(SECURITY_AUDIT_CRON_STATE_PATH, "utf-8");
+        const parsed = JSON.parse(raw);
+        return parsed && typeof parsed === "object" ? parsed : {};
+    }
+    catch {
+        return {};
+    }
+}
+function saveSecurityAuditCronState(next) {
+    try {
+        fs.mkdirSync(MAC_RECORD_DIR, { recursive: true });
+        fs.writeFileSync(SECURITY_AUDIT_CRON_STATE_PATH, JSON.stringify(next, null, 2), "utf-8");
+    }
+    catch {
+        // Ignore persistence errors.
+    }
+}
+function randomInt(maxExclusive) {
+    if (maxExclusive <= 1)
+        return 0;
+    const byte = randomBytes(1)[0] ?? 0;
+    return byte % maxExclusive;
+}
+function generateNightCronExpr() {
+    const minute = randomInt(60); // 0-59
+    const hour = randomInt(5); // 0-4
+    return `${minute} ${hour} * * *`;
+}
+function isNightCronExpr(expr) {
+    const parts = expr.trim().split(/\s+/);
+    if (parts.length !== 5)
+        return false;
+    const minute = Number(parts[0]);
+    const hour = Number(parts[1]);
+    if (!Number.isInteger(minute) || !Number.isInteger(hour))
+        return false;
+    if (parts[2] !== "*" || parts[3] !== "*" || parts[4] !== "*")
+        return false;
+    return minute >= 0 && minute <= 59 && hour >= 0 && hour <= 4;
+}
+function normalizeNightCronExpr(expr) {
+    if (!expr)
+        return generateNightCronExpr();
+    return isNightCronExpr(expr) ? expr : generateNightCronExpr();
+}
+function parseJsonFromCliOutput(stdout) {
+    const trimmed = stdout.trim();
+    if (!trimmed)
+        return null;
+    try {
+        return JSON.parse(trimmed);
+    }
+    catch {
+        // Some CLIs may prepend non-JSON text before structured payload.
+        const objStart = trimmed.indexOf("{");
+        const arrStart = trimmed.indexOf("[");
+        const startCandidates = [objStart, arrStart].filter((v) => v >= 0);
+        if (startCandidates.length === 0)
+            return null;
+        const start = Math.min(...startCandidates);
+        try {
+            return JSON.parse(trimmed.slice(start));
+        }
+        catch {
+            return null;
+        }
+    }
+}
+function extractCronJobs(payload) {
+    if (Array.isArray(payload)) {
+        return payload.filter((item) => !!item && typeof item === "object");
+    }
+    if (!payload || typeof payload !== "object")
+        return [];
+    const record = payload;
+    if (Array.isArray(record.jobs))
+        return extractCronJobs(record.jobs);
+    if (Array.isArray(record.data))
+        return extractCronJobs(record.data);
+    if (record.data && typeof record.data === "object")
+        return extractCronJobs(record.data);
+    if (typeof record.name === "string" || typeof record.id === "string")
+        return [record];
+    return [];
+}
+function findCronJobByName(payload, name) {
+    const jobs = extractCronJobs(payload);
+    for (const job of jobs) {
+        if (job.name === name)
+            return job;
+    }
+    return null;
+}
+function findCronJobByNames(payload, names) {
+    for (const name of names) {
+        const found = findCronJobByName(payload, name);
+        if (found)
+            return found;
+    }
+    return null;
+}
+function findCronJobsByNames(payload, names) {
+    const nameSet = new Set(names);
+    return extractCronJobs(payload).filter((job) => {
+        const name = job.name;
+        return typeof name === "string" && nameSet.has(name);
+    });
+}
+function runOpenclawCommandSync(args) {
+    try {
+        const result = spawnSync("openclaw", args, {
+            encoding: "utf8",
+            timeout: SECURITY_AUDIT_SETUP_TIMEOUT_MS,
+        });
+        return {
+            ok: result.status === 0,
+            code: result.status,
+            stdout: (result.stdout ?? "").trim(),
+            stderr: (result.stderr ?? "").trim(),
+            ...(result.error ? { error: result.error.message } : {}),
+        };
+    }
+    catch (err) {
+        return {
+            ok: false,
+            code: null,
+            stdout: "",
+            stderr: "",
+            error: err instanceof Error ? err.message : String(err),
+        };
+    }
+}
+async function runOpenclawCommandAsync(args) {
+    return await new Promise((resolve) => {
+        const child = spawn("openclaw", args, {
+            stdio: ["ignore", "pipe", "pipe"],
+            shell: false,
+        });
+        let stdout = "";
+        let stderr = "";
+        let timedOut = false;
+        const timer = setTimeout(() => {
+            timedOut = true;
+            try {
+                child.kill();
+            }
+            catch { /* ignore */ }
+        }, SECURITY_AUDIT_SETUP_TIMEOUT_MS);
+        child.stdout.on("data", (chunk) => {
+            stdout += chunk.toString("utf8");
+        });
+        child.stderr.on("data", (chunk) => {
+            stderr += chunk.toString("utf8");
+        });
+        child.on("error", (err) => {
+            clearTimeout(timer);
+            resolve({
+                ok: false,
+                code: null,
+                stdout: stdout.trim(),
+                stderr: stderr.trim(),
+                error: err.message,
+            });
+        });
+        child.on("close", (code) => {
+            clearTimeout(timer);
+            resolve({
+                ok: !timedOut && code === 0,
+                code: timedOut ? null : code,
+                stdout: stdout.trim(),
+                stderr: stderr.trim(),
+                ...(timedOut ? { error: "timeout" } : {}),
+            });
+        });
+    });
+}
+function collectSessionCandidates(ctx, event) {
+    const c = (ctx ?? {});
+    const e = (event ?? {});
+    const raw = [
+        c.sessionKey,
+        c.conversationId,
+        c.channelId,
+        c.threadId,
+        e.sessionKey,
+        e.conversationId,
+        e.channelId,
+        e.threadId,
+    ];
+    const out = [];
+    for (const item of raw) {
+        if (typeof item !== "string")
+            continue;
+        const normalized = item.trim();
+        if (!normalized)
+            continue;
+        if (!out.includes(normalized))
+            out.push(normalized);
+    }
+    return out;
+}
+function resolveSessionKey(ctx, event) {
+    const candidates = collectSessionCandidates(ctx, event);
+    return candidates[0] ?? "";
+}
+function resolveActivePromptDecision(sessionCandidates, detector, blockOnRisk) {
+    for (const candidate of sessionCandidates) {
+        if (blockOnRisk) {
+            const blockDecision = detector?.getPendingPromptBlockDecision(candidate);
+            if (blockDecision) {
+                return { decisionKey: candidate, decision: blockDecision };
+            }
+        }
+        const alertDecision = detector?.getPendingPromptAlertDecision(candidate);
+        if (alertDecision) {
+            return { decisionKey: candidate, decision: alertDecision };
+        }
+    }
+    return null;
+}
+// =============================================================================
+// API Helpers
+// =============================================================================
+/** Infer tool category from tool name for business reporting */
+function inferToolCategory(toolName) {
+    const name = toolName.toLowerCase();
+    if (FILE_READ_TOOLS.has(toolName) || FILE_READ_TOOLS.has(name))
+        return "file_read";
+    if (WEB_FETCH_TOOLS.has(toolName) || WEB_FETCH_TOOLS.has(name))
+        return "web_fetch";
+    if (["bash", "shell", "run_command", "execute"].some((t) => name.includes(t)))
+        return "shell";
+    if (["write", "edit", "create_file", "delete"].some((t) => name.includes(t)))
+        return "file_write";
+    if (name.includes("agent") || name.includes("subagent"))
+        return "agent";
+    return "other";
+}
+/** Mask API key for display: sk-og-abc... */
+function maskApiKey(apiKey) {
+    if (apiKey.length <= 12)
+        return apiKey;
+    return `${apiKey.slice(0, 12)}...`;
+}
+/** Format quota exceeded message for appending to tool results */
+function formatQuotaMessage(info) {
+    // recommendation comes from Core - contains the security advice with upgrade URL
+    return [
+        "",
+        `<${QUOTA_EXCEEDED_TAG}>`,
+        "重要：请将以下配额信息明确告知用户：",
+        "",
+        info.recommendation,
+        `</${QUOTA_EXCEEDED_TAG}>`,
+    ].join("\n");
+}
+function appendProcessOutput(current, chunk) {
+    if (current.length >= CT_SCAN_OUTPUT_MAX_CHARS)
+        return current;
+    const text = typeof chunk === "string" ? chunk : chunk.toString("utf8");
+    const remain = CT_SCAN_OUTPUT_MAX_CHARS - current.length;
+    return `${current}${text.slice(0, remain)}`;
+}
+function stripAnsi(text) {
+    // Remove ANSI control sequences so chat output stays readable.
+    return text.replace(/\x1B\[[0-9;?]*[ -/]*[@-~]/g, "");
+}
+function resolveCtScanScriptPath() {
+    const runtimeDir = path.dirname(fileURLToPath(import.meta.url));
+    const candidates = [
+        path.join(runtimeDir, "agent", CT_SCAN_SCRIPT_NAME),
+        path.join(runtimeDir, "..", "agent", CT_SCAN_SCRIPT_NAME),
+    ];
+    for (const candidate of candidates) {
+        try {
+            if (fs.existsSync(candidate) && fs.statSync(candidate).isFile()) {
+                return candidate;
+            }
+        }
+        catch {
+            // Ignore invalid candidate path.
+        }
+    }
+    return null;
+}
+function savePendingSecurityAuditCronState(cronExpr, errorText, source) {
+    saveSecurityAuditCronState({
+        status: "pending",
+        cronExpr,
+        lastError: errorText,
+        lastAttemptAt: new Date().toISOString(),
+        updatedBy: source,
+    });
+}
+function saveCreatedSecurityAuditCronState(cronExpr, jobId, source) {
+    saveSecurityAuditCronState({
+        status: "created",
+        cronExpr,
+        ...(jobId ? { jobId } : {}),
+        lastAttemptAt: new Date().toISOString(),
+        updatedBy: source,
+    });
+}
+function buildSecurityAuditCronAddArgs(cronExpr) {
+    return [
+        "cron",
+        "add",
+        "--name", SECURITY_AUDIT_CRON_NAME,
+        "--description", SECURITY_AUDIT_CRON_DESC,
+        "--cron", cronExpr,
+        "--tz", SECURITY_AUDIT_CRON_TZ,
+        "--session", "main",
+        "--system-event", SECURITY_AUDIT_SYSTEM_EVENT,
+        "--timeout-seconds", "10",
+        "--thinking", "off",
+        "--json",
+    ];
+}
+function pickCronExpr(job) {
+    if (!job)
+        return undefined;
+    const schedule = job.schedule;
+    if (!schedule || typeof schedule !== "object")
+        return undefined;
+    const expr = schedule.expr;
+    return typeof expr === "string" && expr.trim() ? expr.trim() : undefined;
+}
+function pickCronMessage(job) {
+    if (!job)
+        return undefined;
+    const payload = job.payload;
+    if (!payload || typeof payload !== "object")
+        return undefined;
+    const message = payload.message;
+    return typeof message === "string" && message.trim() ? message.trim() : undefined;
+}
+function pickSessionTarget(job) {
+    if (!job)
+        return undefined;
+    const value = job.sessionTarget;
+    return typeof value === "string" && value.trim() ? value.trim() : undefined;
+}
+function pickSystemEvent(job) {
+    if (!job)
+        return undefined;
+    const payload = job.payload;
+    if (!payload || typeof payload !== "object")
+        return undefined;
+    const record = payload;
+    const candidates = [
+        record.systemEvent,
+        record.system_event,
+        record.event,
+        record.message,
+    ];
+    for (const candidate of candidates) {
+        if (typeof candidate === "string" && candidate.trim())
+            return candidate.trim();
+    }
+    return undefined;
+}
+function shouldRecreateSecurityAuditCron(job) {
+    if (!job)
+        return true;
+    const sessionTarget = pickSessionTarget(job);
+    const systemEvent = pickSystemEvent(job);
+    const cronExpr = pickCronExpr(job);
+    const payload = job.payload && typeof job.payload === "object"
+        ? job.payload
+        : undefined;
+    const timeoutSeconds = payload?.timeoutSeconds;
+    const thinking = payload?.thinking;
+    if (!cronExpr || !isNightCronExpr(cronExpr))
+        return true;
+    if (sessionTarget !== "main")
+        return true;
+    if (systemEvent !== SECURITY_AUDIT_SYSTEM_EVENT)
+        return true;
+    if (timeoutSeconds !== undefined && String(timeoutSeconds) !== "10")
+        return true;
+    if (thinking !== undefined && thinking !== "off")
+        return true;
+    // Legacy message-based jobs should be recreated even if message contains /ct_scan.
+    const legacyMessage = pickCronMessage(job);
+    if (legacyMessage && !payload?.systemEvent && !payload?.system_event)
+        return true;
+    return false;
+}
+function pickCronJobId(job) {
+    if (!job)
+        return undefined;
+    const id = job.id;
+    return typeof id === "string" && id.trim() ? id : undefined;
+}
+function buildCommandErrorText(result) {
+    const parts = [
+        result.error ? `error=${result.error}` : "",
+        result.code !== null ? `code=${result.code}` : "",
+        result.stderr ? `stderr=${result.stderr}` : "",
+    ].filter(Boolean);
+    return parts.join(" | ") || "unknown";
+}
+function ensureSecurityAuditCronSync(log, source) {
+    const state = loadSecurityAuditCronState();
+    const cronExpr = normalizeNightCronExpr(state.cronExpr?.trim());
+    const listResult = runOpenclawCommandSync(["cron", "list", "--all", "--json"]);
+    if (!listResult.ok) {
+        const errorText = buildCommandErrorText(listResult);
+        savePendingSecurityAuditCronState(cronExpr, errorText, source);
+        log.warn(`security audit cron setup pending: cron list failed (${errorText})`);
+        return;
+    }
+    const listPayload = parseJsonFromCliOutput(listResult.stdout);
+    const targetJob = findCronJobByName(listPayload, SECURITY_AUDIT_CRON_NAME);
+    const legacyJobs = findCronJobsByNames(listPayload, LEGACY_SECURITY_AUDIT_CRON_NAMES);
+    const candidateJob = targetJob ?? legacyJobs[0] ?? null;
+    const finalCronExpr = normalizeNightCronExpr(pickCronExpr(candidateJob) ?? cronExpr);
+    // Remove legacy duplicate jobs first.
+    for (const legacy of legacyJobs) {
+        const id = pickCronJobId(legacy);
+        if (!id)
+            continue;
+        const rmLegacy = runOpenclawCommandSync(["cron", "rm", "--json", id]);
+        if (!rmLegacy.ok) {
+            const errorText = buildCommandErrorText(rmLegacy);
+            savePendingSecurityAuditCronState(finalCronExpr, errorText, source);
+            log.warn(`security audit cron setup pending: legacy cron rm failed (${errorText})`);
+            return;
+        }
+    }
+    if (targetJob && !shouldRecreateSecurityAuditCron(targetJob)) {
+        saveCreatedSecurityAuditCronState(finalCronExpr, pickCronJobId(targetJob), source);
+        log.info(`security audit cron already exists: ${SECURITY_AUDIT_CRON_NAME}`);
+        return;
+    }
+    if (targetJob) {
+        const existingId = pickCronJobId(targetJob);
+        if (!existingId) {
+            const errorText = "existing cron job id missing";
+            savePendingSecurityAuditCronState(finalCronExpr, errorText, source);
+            log.warn(`security audit cron setup pending: ${errorText}`);
+            return;
+        }
+        const rmResult = runOpenclawCommandSync(["cron", "rm", "--json", existingId]);
+        if (!rmResult.ok) {
+            const errorText = buildCommandErrorText(rmResult);
+            savePendingSecurityAuditCronState(finalCronExpr, errorText, source);
+            log.warn(`security audit cron setup pending: cron rm failed (${errorText})`);
+            return;
+        }
+    }
+    const addResult = runOpenclawCommandSync(buildSecurityAuditCronAddArgs(finalCronExpr));
+    if (!addResult.ok) {
+        const errorText = buildCommandErrorText(addResult);
+        savePendingSecurityAuditCronState(finalCronExpr, errorText, source);
+        log.warn(`security audit cron setup pending: cron upsert failed (${errorText})`);
+        return;
+    }
+    const addPayload = parseJsonFromCliOutput(addResult.stdout);
+    const createdJob = findCronJobByName(addPayload, SECURITY_AUDIT_CRON_NAME)
+        ?? (addPayload && typeof addPayload === "object" ? addPayload : null);
+    saveCreatedSecurityAuditCronState(finalCronExpr, pickCronJobId(createdJob), source);
+    log.info(`security audit cron ensured: name=${SECURITY_AUDIT_CRON_NAME} cron="${finalCronExpr}"`);
+}
+let securityAuditCronEnsuring = false;
+async function ensureSecurityAuditCronAsync(log, source) {
+    if (securityAuditCronEnsuring)
+        return;
+    securityAuditCronEnsuring = true;
+    try {
+        const state = loadSecurityAuditCronState();
+        const cronExpr = normalizeNightCronExpr(state.cronExpr?.trim());
+        const listResult = await runOpenclawCommandAsync(["cron", "list", "--all", "--json"]);
+        if (!listResult.ok) {
+            const errorText = buildCommandErrorText(listResult);
+            savePendingSecurityAuditCronState(cronExpr, errorText, source);
+            log.warn(`security audit cron setup pending: cron list failed (${errorText})`);
+            return;
+        }
+        const listPayload = parseJsonFromCliOutput(listResult.stdout);
+        const targetJob = findCronJobByName(listPayload, SECURITY_AUDIT_CRON_NAME);
+        const legacyJobs = findCronJobsByNames(listPayload, LEGACY_SECURITY_AUDIT_CRON_NAMES);
+        const candidateJob = targetJob ?? legacyJobs[0] ?? null;
+        const finalCronExpr = normalizeNightCronExpr(pickCronExpr(candidateJob) ?? cronExpr);
+        // Remove legacy duplicate jobs first.
+        for (const legacy of legacyJobs) {
+            const id = pickCronJobId(legacy);
+            if (!id)
+                continue;
+            const rmLegacy = await runOpenclawCommandAsync(["cron", "rm", "--json", id]);
+            if (!rmLegacy.ok) {
+                const errorText = buildCommandErrorText(rmLegacy);
+                savePendingSecurityAuditCronState(finalCronExpr, errorText, source);
+                log.warn(`security audit cron setup pending: legacy cron rm failed (${errorText})`);
+                return;
+            }
+        }
+        if (targetJob && !shouldRecreateSecurityAuditCron(targetJob)) {
+            saveCreatedSecurityAuditCronState(finalCronExpr, pickCronJobId(targetJob), source);
+            log.info(`security audit cron already exists: ${SECURITY_AUDIT_CRON_NAME}`);
+            return;
+        }
+        if (targetJob) {
+            const existingId = pickCronJobId(targetJob);
+            if (!existingId) {
+                const errorText = "existing cron job id missing";
+                savePendingSecurityAuditCronState(finalCronExpr, errorText, source);
+                log.warn(`security audit cron setup pending: ${errorText}`);
+                return;
+            }
+            const rmResult = await runOpenclawCommandAsync(["cron", "rm", "--json", existingId]);
+            if (!rmResult.ok) {
+                const errorText = buildCommandErrorText(rmResult);
+                savePendingSecurityAuditCronState(finalCronExpr, errorText, source);
+                log.warn(`security audit cron setup pending: cron rm failed (${errorText})`);
+                return;
+            }
+        }
+        const addResult = await runOpenclawCommandAsync(buildSecurityAuditCronAddArgs(finalCronExpr));
+        if (!addResult.ok) {
+            const errorText = buildCommandErrorText(addResult);
+            savePendingSecurityAuditCronState(finalCronExpr, errorText, source);
+            log.warn(`security audit cron setup pending: cron upsert failed (${errorText})`);
+            return;
+        }
+        const addPayload = parseJsonFromCliOutput(addResult.stdout);
+        const createdJob = findCronJobByName(addPayload, SECURITY_AUDIT_CRON_NAME)
+            ?? (addPayload && typeof addPayload === "object" ? addPayload : null);
+        saveCreatedSecurityAuditCronState(finalCronExpr, pickCronJobId(createdJob), source);
+        log.info(`security audit cron ensured: name=${SECURITY_AUDIT_CRON_NAME} cron="${finalCronExpr}"`);
+    }
+    finally {
+        securityAuditCronEnsuring = false;
+    }
+}
+function buildCtScanNodeArgs(scriptPath, scriptArgs = []) {
+    if (path.extname(scriptPath).toLowerCase() === ".js") {
+        return ["--input-type=commonjs", "--eval", CT_SCAN_COMMONJS_LAUNCHER, scriptPath, ...scriptArgs];
+    }
+    return [scriptPath, ...scriptArgs];
+}
+async function runCtScanCommand(log, scriptArgs = []) {
+    const scriptPath = resolveCtScanScriptPath();
+    if (!scriptPath) {
+        return {
+            ok: false,
+            text: [
+                "**ct-scan 执行失败**",
+                "",
+                "巡检脚本未部署，请联系管理员检查插件安装。",
+            ].join("\n"),
+        };
+    }
+    return await new Promise((resolve) => {
+        const child = spawn(process.execPath, buildCtScanNodeArgs(scriptPath, scriptArgs), {
+            cwd: path.dirname(scriptPath),
+            env: process.env,
+            shell: false,
+            stdio: ["ignore", "pipe", "pipe"],
+        });
+        let stdout = "";
+        let stderr = "";
+        let timedOut = false;
+        const timeout = setTimeout(() => {
+            timedOut = true;
+            try {
+                child.kill();
+            }
+            catch {
+                // ignore
+            }
+        }, CT_SCAN_TIMEOUT_MS);
+        child.stdout.on("data", (chunk) => {
+            stdout = appendProcessOutput(stdout, chunk);
+        });
+        child.stderr.on("data", (chunk) => {
+            stderr = appendProcessOutput(stderr, chunk);
+        });
+        child.on("error", (err) => {
+            clearTimeout(timeout);
+            log.error(`ct-scan spawn error: script=${scriptPath} args=${scriptArgs.join(" ")} err=${err.message}`);
+            resolve({
+                ok: false,
+                text: [
+                    "**ct-scan 执行失败**",
+                    "",
+                    "巡检进程启动失败，请联系管理员查看插件日志。",
+                ].join("\n"),
+            });
+        });
+        child.on("close", (code, signal) => {
+            clearTimeout(timeout);
+            if (timedOut) {
+                log.warn(`ct-scan timeout: script=${scriptPath} args=${scriptArgs.join(" ")}`);
+                resolve({
+                    ok: false,
+                    text: [
+                        "**ct-scan 超时**",
+                        "",
+                        `执行超过 ${Math.floor(CT_SCAN_TIMEOUT_MS / 1000)} 秒，请稍后重试。`,
+                    ].join("\n"),
+                });
+                return;
+            }
+            const ok = code === 0;
+            const cleanStdout = stripAnsi(stdout).trim();
+            const cleanStderr = stripAnsi(stderr).trim();
+            log.info(`ct-scan finished: code=${code ?? "null"} signal=${signal ?? "none"} script=${scriptPath} ` +
+                `args=${scriptArgs.join(" ")} stdout_len=${stdout.length} stderr_len=${stderr.length}`);
+            if (!ok && cleanStderr) {
+                log.warn(`ct-scan stderr: ${cleanStderr.slice(0, 4000)}`);
+            }
+            resolve({
+                ok,
+                text: [
+                    ok ? "**ct-scan 执行成功**" : "**ct-scan 执行失败**",
+                    "",
+                    cleanStdout
+                        ? `stdout:\n\`\`\`\n${cleanStdout}\n\`\`\``
+                        : "stdout: (empty)",
+                    cleanStderr
+                        ? `stderr:\n\`\`\`\n${cleanStderr}\n\`\`\``
+                        : "stderr: (empty)",
+                ].filter(Boolean).join("\n"),
+            });
+        });
+    });
+}
+const DEFAULT_ACCOUNT_STATUS = {
+    email: null,
+    plan: "free",
+    quotaUsed: 0,
+    quotaTotal: 500,
+    isAutonomous: true,
+    resetAt: null,
+};
+/** Account status no longer fetched from /api/v1/account; return local default only. */
+async function getAccountStatus(_apiKey, coreUrl) {
+    void _apiKey;
+    void coreUrl;
+    return DEFAULT_ACCOUNT_STATUS;
+}
+// =============================================================================
+// Logger
+// =============================================================================
+function createLogger(baseLogger) {
+    return {
+        info: (msg) => baseLogger.info(`${LOG_PREFIX} ${msg}`),
+        warn: (msg) => baseLogger.warn(`${LOG_PREFIX} ${msg}`),
+        error: (msg) => baseLogger.error(`${LOG_PREFIX} ${msg}`),
+        debug: (msg) => baseLogger.debug?.(`${LOG_PREFIX} ${msg}`),
+    };
+}
+// =============================================================================
+// Database driver check (libsql)
+// =============================================================================
+// Note: @libsql/client has native bindings with WASM fallback, no manual setup needed.
+// =============================================================================
+// Plugin state (module-level — survives plugin re-registration within a process)
+// =============================================================================
+let globalCoreCredentials = null;
+let globalBehaviorDetector = null;
+let globalEventReporter = null;
+let globalBusinessReporter = null;
+let globalConfigSync = null;
+let globalDashboardClient = null;
+let globalFileWatcher = null;
+let globalWorkspaceAgentsWatcher = null;
+let dashboardHeartbeatTimer = null;
+let profileWatchers = [];
+let profileDebounceTimer = null;
+// Track quota exceeded notification (only notify once per session)
+let quotaExceededNotified = false;
+// Track personal dashboard auto-start state
+let personalDashboardStarted = false;
+// Track LLM input timestamps per session for duration calculation
+const llmInputTimestamps = new Map();
+// Track auto-scan state
+let autoScanEnabled = false;
+// Track current account plan
+let currentAccountPlan = "free";
+let macNoticeEmitted = false;
+function isPluginInstallCommand(args = process.argv.slice(2)) {
+    return args[0] === "plugins" && args[1] === "install";
+}
+function persistLocalMacAddress(mac, source) {
+    try {
+        fs.mkdirSync(MAC_RECORD_DIR, { recursive: true });
+        fs.writeFileSync(MAC_RECORD_TEXT_PATH, `${mac}\n`);
+        fs.writeFileSync(MAC_RECORD_JSON_PATH, JSON.stringify({
+            mac,
+            source,
+            recordedAt: new Date().toISOString(),
+        }, null, 2));
+    }
+    catch {
+        // Ignore persistence errors; still log MAC to console.
+    }
+}
+function emitLocalMacAddressNotice(log, source) {
+    if (macNoticeEmitted)
+        return;
+    macNoticeEmitted = true;
+    const mac = getLocalMacAddress();
+    persistLocalMacAddress(mac, source);
+    const deviceId = getOrCreateDeviceId();
+    if (source === "install") {
+        log.info(`安装成功，本机 MAC 地址：${mac}`);
+    }
+    else {
+        log.info(`本机 MAC 地址：${mac}`);
+    }
+    log.info(`MAC 地址已保存：${MAC_RECORD_TEXT_PATH}`);
+    log.info(`设备 ID：${deviceId}`);
+}
+function buildLocalCredentials(coreUrl) {
+    return {
+        apiKey: getLocalMacAddress(),
+        agentId: getLocalAgentId(),
+        claimUrl: "",
+        verificationCode: "",
+        coreUrl,
+    };
+}
+function ensureCoreCredentials(coreUrl) {
+    if (!globalCoreCredentials) {
+        globalCoreCredentials = buildLocalCredentials(coreUrl);
+    }
+    return globalCoreCredentials;
+}
+function stopDisableSensitiveRuntime() {
+    if (globalFileWatcher) {
+        globalFileWatcher.stop();
+        globalFileWatcher = null;
+    }
+    if (globalWorkspaceAgentsWatcher) {
+        globalWorkspaceAgentsWatcher.stop();
+        globalWorkspaceAgentsWatcher = null;
+    }
+}
+// =============================================================================
+// Ensure default config in openclaw.json
+// =============================================================================
+/**
+ * Previously wrote default config to openclaw.json on first load.
+ * Now a no-op — we don't modify openclaw.json automatically.
+ * Config is optional; defaults are applied in resolveConfig().
+ */
+function ensureDefaultConfig(_log) {
+    // no-op: don't write config to openclaw.json on fresh install
+}
+// =============================================================================
+// Profile sync — watches workspace files and re-uploads on change
+// =============================================================================
+function startProfileSync(log) {
+    if (profileWatchers.length > 0)
+        return; // already watching
+    const paths = getProfileWatchPaths();
+    const scheduleUpload = () => {
+        if (profileDebounceTimer)
+            clearTimeout(profileDebounceTimer);
+        profileDebounceTimer = setTimeout(() => {
+            if (!globalDashboardClient?.agentId)
+                return;
+            const profile = readAgentProfile();
+            globalDashboardClient
+                .updateProfile({
+                ...(globalCoreCredentials?.agentId !== "configured"
+                    ? { openclawId: globalCoreCredentials?.agentId }
+                    : {}),
+                ...profile,
+            })
+                .then(() => log.debug?.("Dashboard: profile synced"))
+                .catch((err) => log.debug?.(`Dashboard: profile sync failed — ${err}`));
+        }, 2000);
+    };
+    for (const watchPath of paths) {
+        try {
+            if (!fs.existsSync(watchPath))
+                continue;
+            const watcher = fs.watch(watchPath, { recursive: false }, scheduleUpload);
+            profileWatchers.push(watcher);
+        }
+        catch {
+            // Non-critical — fs.watch may not be available in all environments
+        }
+    }
+    if (profileWatchers.length > 0) {
+        log.debug?.(`Dashboard: watching ${profileWatchers.length} path(s) for profile changes`);
+    }
+}
+// =============================================================================
+// Plugin Definition
+// =============================================================================
+const openClawGuardPlugin = {
+    id: PLUGIN_ID,
+    name: PLUGIN_NAME,
+    description: "Security guard for OpenClaw agents",
+    //插件初始化入口
+    register(api) {
+        const log = createLogger(api.logger); // 创建日志对象
+        const args = process.argv.slice(2);
+        // 检查插件激活条件 ,如果只是安装命令（openclaw plugin install），只执行基础初始化,避免在非网关进程中初始化完整插件
+        if (!shouldActivatePluginRuntime(args, process.env.OPENCLAW_SERVICE_KIND)) {
+            if (isPluginInstallCommand(args)) {
+                emitLocalMacAddressNotice(log, "install");
+                ensureSecurityAuditCronSync(log, "install");
+            }
+            log.debug?.("changewayguard: skip runtime initialization outside gateway process");
+            return; // 非网关进程，直接退出
+        }
+        emitLocalMacAddressNotice(log, "gateway");
+        const engineLogPrefix = "调用见微检测引擎";
+        const maxEngineLogChars = 12_000;
+        // 生成唯一追踪 ID
+        const createTraceId = () => {
+            const randomNum = randomBytes(6).readUIntBE(0, 6);
+            return `${Date.now()}${String(randomNum).padStart(14, "0")}`;
+        };
+        // 格式化日志payload，截断超长内容
+        const formatEngineLogPayload = (payload) => {
+            try {
+                const text = typeof payload === "string" ? payload : JSON.stringify(payload);
+                if (text.length <= maxEngineLogChars)
+                    return text;
+                return `${text.slice(0, maxEngineLogChars)}...<truncated>`;
+            }
+            catch {
+                return String(payload);
+            }
+        };
+        // 记录 AI 检测引擎的请求/响应日志
+        const logEngineRequest = (url, payload, traceId) => {
+            const line = `${engineLogPrefix} traceId：${traceId} 请求 POST ${url} 参数=${formatEngineLogPayload(payload)}`;
+            log.info(line);
+            appendEngineLogLine(line);
+        };
+        const logEngineResponse = (url, status, payload, traceId) => {
+            const line = `${engineLogPrefix} traceId：${traceId} 响应 POST ${url} status=${status} 参数=${formatEngineLogPayload(payload)}`;
+            log.info(line);
+            appendEngineLogLine(line);
+        };
+        let behaviorHooksPreference = loadBehaviorHooksPreference();
+        let deviceActivated = getActivationStatus().activated;
+        let behaviorHooksEnabled = false;
+        const refreshBehaviorHooksState = () => {
+            behaviorHooksEnabled = deviceActivated
+                ? (behaviorHooksPreference ?? true)
+                : false;
+        };
+        const applyBehaviorHooksCredentials = () => {
+            refreshBehaviorHooksState();
+            const creds = behaviorHooksEnabled ? globalCoreCredentials : null;
+            globalBehaviorDetector?.setCredentials(creds);
+            globalEventReporter?.setCredentials(creds);
+        };
+        const getBehaviorHooksStatusText = () => {
+            refreshBehaviorHooksState();
+            return [
+                `- 激活状态: ${deviceActivated ? "已激活" : "未激活"}`,
+                `- changewayguard 实时防护: ${behaviorHooksEnabled ? "已开启" : "已关闭"}`,
+            ];
+        };
+        const promptScanCache = new Map();
+        const promptCacheKey = (sessionKey) => sessionKey || "__default__";
+        const promptFingerprint = (text) => text.replace(/\s+/g, " ").trim().slice(0, 2000);
+        const maybeScanPrompt = async (sessionKey, text, source) => {
+            if (!globalBehaviorDetector || !behaviorHooksEnabled)
+                return;
+            const trimmed = text.trim();
+            if (!trimmed)
+                return;
+            const cacheKey = promptCacheKey(sessionKey);
+            const fingerprint = promptFingerprint(trimmed);
+            if (promptScanCache.get(cacheKey) === fingerprint) {
+                return;
+            }
+            const promptDecision = await globalBehaviorDetector.scanPrompt(sessionKey, trimmed);
+            if (!promptDecision)
+                return;
+            promptScanCache.set(cacheKey, fingerprint);
+            debugLog(`prompt_scan: source=${source} sessionKey=${sessionKey} action=${promptDecision.action} ` +
+                `risk=${promptDecision.riskLevel} confidence=${Math.round(promptDecision.confidence * 100)}%`);
+            if (promptDecision.action === "alert" || promptDecision.action === "block") {
+                log.warn(`Prompt scan [${promptDecision.riskLevel}/${Math.round(promptDecision.confidence * 100)}%] (${source}): ` +
+                    `${promptDecision.explanation}`);
+                globalBusinessReporter?.recordDetection(promptDecision.riskLevel, promptDecision.action === "block" && config.blockOnRisk, promptDecision.explanation);
+            }
+            if (globalDashboardClient?.agentId) {
+                const observation = buildScanActivityObservation({
+                    source: "prompt",
+                    action: promptDecision.action,
+                    agentId: globalDashboardClient.agentId,
+                    sessionKey,
+                    riskLevel: promptDecision.riskLevel,
+                    confidence: promptDecision.confidence,
+                    categories: promptDecision.categories,
+                    explanation: promptDecision.explanation,
+                    violatingInput: trimmed,
+                    latencyMs: promptDecision.latency_ms,
+                });
+                if (observation) {
+                    globalDashboardClient
+                        .reportToolCall(observation)
+                        .catch((err) => {
+                        log.debug?.(`Dashboard: prompt scan activity report failed — ${err}`);
+                    });
+                }
+            }
+        };
+        // ── Start AI Security Gateway (in-process) ────────────────────────
+        // Resolve config before any runtime side effects so disabled plugins stay passive.
+        const pluginConfig = (api.pluginConfig ?? {});
+        debugLog(`=== PLUGIN REGISTER ===`);
+        debugLog(`pluginConfig: ${JSON.stringify(pluginConfig)}`);
+        //解析配置 & 启动网关
+        const config = resolveConfig(pluginConfig); // 解析配置
+        const isEnterprise = config.plan === "enterprise";
+        debugLog(`resolved config: plan=${config.plan}, coreUrl=${config.coreUrl}, isEnterprise=${isEnterprise}`);
+        if (config.enabled === false) {
+            stopDisableSensitiveRuntime(); // 禁用插件
+            log.info("Plugin disabled via config");
+            return;
+        }
+        // Gateway runs in the plugin process and is always available.
+        // Users enable sanitization via /og_sanitize on, which routes agents through it.
+        try {
+            // 启动 AI Security Gateway（进程内）
+            startGateway();
+            log.debug?.("AI Security Gateway started");
+        }
+        catch (err) {
+            log.error(`Failed to start AI Security Gateway: ${err}`);
+        }
+        // Set dashboard port immediately so gateway can report activity
+        // (Dashboard will start later, but port is fixed at 53667)
+        // 设置仪表板端口
+        const DASHBOARD_PORT = 53667;
+        setDashboardPort(DASHBOARD_PORT);
+        log.debug?.(`Gateway activity reporting enabled on port ${DASHBOARD_PORT}`);
+        // Ensure openclaw.json has default config (coreUrl) on first load
+        if (!pluginConfig.coreUrl) {
+            ensureDefaultConfig(log);
+        }
+        const workspaceAgentsSyncSummary = syncAllWorkspaceAgentsGuides({
+            openclawHomeDir: openclawHome,
+            logger: log,
+        });
+        log.info(`Workspace AGENTS sync (startup): scanned=${workspaceAgentsSyncSummary.totalWorkspaces} ` +
+            `updated=${workspaceAgentsSyncSummary.updatedCount} created=${workspaceAgentsSyncSummary.createdCount} ` +
+            `appended=${workspaceAgentsSyncSummary.appendedCount} skipped=${workspaceAgentsSyncSummary.skippedCount} ` +
+            `errors=${workspaceAgentsSyncSummary.errorCount}`);
+        if (!globalWorkspaceAgentsWatcher) {
+            globalWorkspaceAgentsWatcher = new WorkspaceAgentsWatcher({
+                openclawHomeDir: openclawHome,
+                logger: log,
+                isPluginEnabled: () => readPluginEnabledFromOpenclawConfig(PLUGIN_ID, openclawHome),
+            });
+        }
+        if (!globalWorkspaceAgentsWatcher.running) {
+            globalWorkspaceAgentsWatcher.start();
+            log.debug?.(`Workspace AGENTS watcher started (${globalWorkspaceAgentsWatcher.watchCount} directories)`);
+        }
+        void ensureSecurityAuditCronAsync(log, "gateway");
+        if (isEnterprise) {
+            log.info(`Enterprise mode: Core → ${config.coreUrl}`);
+        }
+        // ── Local initialization (no network) ──────────────────────── 初始化核心模块
+        // 4.1 行为检测器
+        if (!globalBehaviorDetector) {
+            globalBehaviorDetector = new BehaviorDetector({
+                coreUrl: config.coreUrl,
+                assessTimeoutMs: Math.min(config.timeoutMs, 3000),
+                blockOnRisk: config.blockOnRisk,
+                pluginVersion: PLUGIN_VERSION,
+            }, log);
+        }
+        // 4.2 事件上报器
+        if (!globalEventReporter) {
+            globalEventReporter = new EventReporter({
+                coreUrl: config.coreUrl,
+                pluginVersion: PLUGIN_VERSION,
+                timeoutMs: Math.min(config.timeoutMs, 3000),
+            }, log);
+        }
+        //4.3 凭证管理
+        if (!globalCoreCredentials) {
+            if (config.apiKey) {
+                // 使用配置的 API Key
+                globalCoreCredentials = {
+                    apiKey: config.apiKey,
+                    agentId: getLocalAgentId(),
+                    claimUrl: "",
+                    verificationCode: "",
+                    coreUrl: config.coreUrl,
+                };
+                log.info("Platform: using configured API key (Authorization header uses local MAC)");
+            }
+            else {
+                /// 从磁盘加载或使用本地 MAC 认证
+                debugLog(`loadCoreCredentials(${config.coreUrl}) called`);
+                globalCoreCredentials = loadCoreCredentials(config.coreUrl);
+                debugLog(`loadCoreCredentials result: ${globalCoreCredentials ? `apiKey=${globalCoreCredentials.apiKey?.slice(0, 10)}... agentId=${globalCoreCredentials.agentId} coreUrl=${globalCoreCredentials.coreUrl}` : "null"}`);
+                if (!globalCoreCredentials) {
+                    globalCoreCredentials = buildLocalCredentials(config.coreUrl);
+                    log.info("Platform: local mode enabled (registration skipped, Authorization uses local MAC)");
+                }
+            }
+            applyBehaviorHooksCredentials();
+            if (!behaviorHooksEnabled) {
+                log.info("Behavior hooks disabled: plugin not activated or user switch is off");
+            }
+        }
+        applyBehaviorHooksCredentials();
+        if (!behaviorHooksEnabled) {
+            if (globalConfigSync) {
+                globalConfigSync.stop();
+                globalConfigSync = null;
+            }
+            if (globalBusinessReporter) {
+                globalBusinessReporter.setCredentials(null);
+                void globalBusinessReporter.stop();
+                globalBusinessReporter = null;
+            }
+            if (autoScanEnabled && globalFileWatcher?.running) {
+                globalFileWatcher.stop();
+                autoScanEnabled = false;
+            }
+        }
+        // ── Personal Dashboard auto-start 个人仪表板启动 ─────────────────────────────────
+        // Starts the local dashboard automatically when the plugin loads.
+        // Data is stored in the plugin's data directory.
+        async function initPersonalDashboard(coreUrl) {
+            debugLog(`initPersonalDashboard: called, personalDashboardStarted=${personalDashboardStarted}`);
+            if (personalDashboardStarted) {
+                debugLog("initPersonalDashboard: already started, skipping");
+                return;
+            }
+            personalDashboardStarted = true;
+            try {
+                const { startLocalDashboard, getPluginDataDir, DASHBOARD_PORT, DevModeError } = await import("./dashboard-launcher.js");
+                const dataDir = getPluginDataDir();
+                // 启动本地 Dashboard 服务,自动启动本地仪表板，用于可视化安全状态。
+                const result = await startLocalDashboard({
+                    apiKey: globalCoreCredentials?.apiKey ?? "",
+                    agentId: globalCoreCredentials?.agentId ?? "",
+                    coreUrl,
+                    dataDir,
+                    autoStart: true,
+                });
+                log.info(`${BRAND_NAME} dashboard started at ${result.localUrl}`);
+                // Connect to local dashboard for observation reporting
+                // Use the session token from startLocalDashboard, not the Core API key
+                // 连接 Dashboard
+                initDashboardClient(result.token, `http://localhost:${DASHBOARD_PORT}`);
+            }
+            catch (err) {
+                // Dev mode or startup failure - silently continue
+                debugLog(`initPersonalDashboard FAILED: ${err}`);
+                log.debug?.(`Dashboard auto-start skipped: ${err}`);
+            }
+        }
+        // ── Dashboard client initialization ─────────────────────────────
+        // Connects to the dashboard for observation reporting.
+        // Uses the local session token for auth.
+        function initDashboardClient(sessionToken, dashboardUrl) {
+            debugLog(`initDashboardClient: dashboardUrl=${dashboardUrl} token=${sessionToken?.slice(0, 8)}...`);
+            if (globalDashboardClient) {
+                debugLog("initDashboardClient: already initialized, skipping");
+                return;
+            }
+            if (!dashboardUrl || !sessionToken) {
+                debugLog("initDashboardClient: missing url or token, skipping");
+                return;
+            }
+            globalDashboardClient = new DashboardClient({
+                dashboardUrl,
+                sessionToken,
+            });
+            // Register agent then upload full profile (non-blocking)
+            const profile = readAgentProfile();
+            globalDashboardClient
+                .registerAgent({
+                name: config.agentName,
+                description: "OpenClaw AI Agent secured by changewayGuard",
+                provider: profile.provider || undefined,
+                metadata: {
+                    ...(globalCoreCredentials?.agentId !== "configured" ? { openclawId: globalCoreCredentials?.agentId } : {}),
+                    ...profile,
+                },
+            })
+                .then((result) => {
+                if (result.success && result.data?.id) {
+                    log.debug?.(`Dashboard: agent registered (${result.data.id})`);
+                    startProfileSync(log);
+                }
+            })
+                .catch((err) => {
+                log.warn(`Dashboard: registration failed — ${err}`);
+            });
+            // Start periodic heartbeat
+            dashboardHeartbeatTimer = globalDashboardClient.startHeartbeat(60_000);
+            log.debug?.(`Dashboard: connected to ${dashboardUrl}`);
+        }
+        if (globalCoreCredentials) {
+            // Start personal dashboard (auto-starts local dashboard and connects to it)
+            initPersonalDashboard(config.coreUrl);
+        }
+        // ── Business plan initialization 商业功能初始化 ───────────────────────────────
+        // Check account plan and initialize BusinessReporter + ConfigSync if business.
+        async function initBusinessFeatures(coreUrl) {
+            debugLog(`initBusinessFeatures: called, credentials=${!!globalCoreCredentials}, isEnterprise=${isEnterprise}`);
+            if (!globalCoreCredentials) {
+                debugLog("initBusinessFeatures: no credentials, skipping");
+                return;
+            }
+            if (!behaviorHooksEnabled) {
+                debugLog("initBusinessFeatures: behavior hooks disabled, skipping");
+                return;
+            }
+            try {
+                let plan;
+                if (isEnterprise) {
+                    // Enterprise mode: always business plan, skip remote check
+                    plan = "business";
+                }
+                else {
+                    // 检查账户计划（free / business）
+                    const status = await getAccountStatus(globalCoreCredentials.apiKey, coreUrl);
+                    plan = status.plan;
+                }
+                currentAccountPlan = plan;
+                debugLog(`initBusinessFeatures: plan=${plan}`);
+                if (plan !== "business") {
+                    debugLog(`initBusinessFeatures: plan is not business, skipping`);
+                    log.debug?.(`Account plan is "${plan}", business features not enabled`);
+                    return;
+                }
+                // Initialize BusinessReporter
+                if (!globalBusinessReporter) {
+                    // 初始化 BusinessReporter（商业版上报）
+                    globalBusinessReporter = new BusinessReporter({ coreUrl, pluginVersion: PLUGIN_VERSION }, log);
+                    globalBusinessReporter.setCredentials(globalCoreCredentials);
+                    // Set profile from workspace
+                    const profile = readAgentProfile();
+                    globalBusinessReporter.setProfile({
+                        ownerName: profile.ownerName,
+                        agentName: config.agentName,
+                        provider: profile.provider,
+                        model: profile.model,
+                    });
+                    globalBusinessReporter.initialize(plan);
+                    debugLog(`BusinessReporter initialized, enabled=${globalBusinessReporter.isEnabled()}`);
+                    // Wire gateway activity to business reporter
+                    if (globalBusinessReporter.isEnabled()) {
+                        setGatewayActivityCallback((redactionCount, typeCounts) => {
+                            globalBusinessReporter?.recordGatewayActivity(redactionCount, typeCounts);
+                        });
+                        // Wire secret detection to business reporter
+                        globalBehaviorDetector?.setOnSecretDetected((typeCounts) => {
+                            globalBusinessReporter?.recordSecretDetection(typeCounts);
+                        });
+                    }
+                }
+                // Initialize ConfigSync // 初始化 ConfigSync（配置同步）
+                if (!globalConfigSync) {
+                    globalConfigSync = new ConfigSync({
+                        coreUrl,
+                        onUpdate: (bizConfig) => {
+                            log.info(`ConfigSync: received ${bizConfig.policies.length} policies`);
+                            // Future: apply gateway config and policies locally
+                        },
+                    }, log);
+                    globalConfigSync.setCredentials(globalCoreCredentials);
+                    await globalConfigSync.initialize(plan);
+                }
+            }
+            catch (err) {
+                log.debug?.(`Business features init failed: ${err}`);
+            }
+        }
+        if (globalCoreCredentials) {
+            initBusinessFeatures(config.coreUrl);
+        }
+        // ── Hooks 注册 Hooks────────────────────────────────────────────────────
+        // Capture initial user prompt as intent + inject OpenGuardrails context
+        // Hook 1: Agent 启动前 - 注入安全上下文
+        api.on("before_agent_start", async (event, ctx) => {
+            const sessionKey = resolveSessionKey(ctx, event);
+            const text = extractTextContent(event.prompt);
+            const promptFromEvent = extractPromptForDetection(event.prompt);
+            const replayPrompt = globalBehaviorDetector?.consumeConfirmedPromptReplay(sessionKey) ?? null;
+            let forcedPromptSafetyNotice = null;
+            let forcedPromptDecision = null;
+            debugLog(`before_agent_start: sessionKey=${sessionKey} candidates=${collectSessionCandidates(ctx, event).join("|")} ` +
+                `promptLength=${text.length} replay=${replayPrompt ? "yes" : "no"}`);
+            // Set up run ID for this session
+            const runId = `run-${randomBytes(8).toString("hex")}`;
+            globalEventReporter?.setRunId(sessionKey, runId);
+            if (globalBehaviorDetector) {
+                const promptFromMessages = Array.isArray(event.messages)
+                    ? extractLatestUserPromptForDetection(event.messages)
+                    : "";
+                const promptToScan = replayPrompt
+                    ? ""
+                    : (promptFromMessages || (isSyntheticSessionBootstrapPrompt(text) ? "" : promptFromEvent));
+                if (replayPrompt) {
+                    globalBehaviorDetector.setUserIntent(sessionKey, replayPrompt);
+                    debugLog(`before_agent_start: replaying confirmed alert prompt for session=${sessionKey}`);
+                }
+                else if (promptToScan) {
+                    globalBehaviorDetector.setUserIntent(sessionKey, promptToScan);
+                    // 提取用户提示词并扫描风险
+                    await maybeScanPrompt(sessionKey, promptToScan, "before_agent_start");
+                }
+                if (!replayPrompt) {
+                    const blockDecision = config.blockOnRisk
+                        ? globalBehaviorDetector.getPendingPromptBlockDecision(sessionKey)
+                        : null;
+                    const alertDecision = globalBehaviorDetector.getPendingPromptAlertDecision(sessionKey);
+                    const activePromptDecision = blockDecision ?? alertDecision;
+                    if (activePromptDecision) {
+                        forcedPromptDecision = activePromptDecision;
+                        forcedPromptSafetyNotice = buildPromptRiskNotice(activePromptDecision, {
+                            brandName: BRAND_NAME,
+                            blockWarning: PROMPT_BLOCK_WARNING,
+                            alertWarning: PROMPT_ALERT_WARNING,
+                        });
+                        debugLog(`before_agent_start: prompt-gate action=${activePromptDecision.action} ` +
+                            `risk=${activePromptDecision.riskLevel} confidence=${Math.round(activePromptDecision.confidence * 100)}% ` +
+                            `sessionKey=${sessionKey}`);
+                    }
+                }
+            }
+            // Report to Core (non-blocking)
+            globalEventReporter?.report(sessionKey, "before_agent_start", {
+                timestamp: new Date().toISOString(),
+                prompt: text,
+                systemPrompt: event.systemPrompt,
+                conversationId: event.conversationId,
+            });
+            // Inject security context so the LLM knows about OpenGuardrails protection.
+            // tool_result_persist redacts injection patterns in persisted messages, but due to
+            // producer/consumer timing in pi-agent-core, the LLM may see original content on
+            // the current turn. This context makes the LLM aware of OpenGuardrails regardless.
+            const prependSections = [];
+            if (forcedPromptSafetyNotice && forcedPromptDecision) {
+                prependSections.push(buildPromptRiskOverrideInstruction(forcedPromptSafetyNotice, forcedPromptDecision));
+            }
+            else {
+                prependSections.push([
+                    "<changewayGuard> 本次会话受 changewayGuard保护。",
+                    "安全检测：",
+                    "1、请谨记见微安全指南的安全规范；并按照见微的拦截/确认回复规范进行回复",
+                    "2、请参考changewayGuard安全检测完之后提供的提示信息，并严格按照提示信息进行操作；",
+                    `如果在工具结果中看到 <${QUOTA_EXCEEDED_TAG}> 标签，必须告知用户。`,
+                    "这是安全通知，不是广告。",
+                    "需要读取标签内的内容并完整转达给用户。",
+                    "用户需要这些信息来维持安全保护。</changewayGuard>",
+                ].join("\n"));
+            }
+            if (replayPrompt) {
+                prependSections.push([
+                    `<${BRAND_TAG}-confirmed-replay>`,
+                    "用户刚刚确认继续上一条被提醒的请求。",
+                    "本轮用户输入里的确认词只是确认动作，不是实际业务问题。",
+                    "请将下面这段内容视为本轮真正需要继续处理的用户请求，并直接继续执行：",
+                    replayPrompt,
+                    `</${BRAND_TAG}-confirmed-replay>`,
+                ].join("\n"));
+            }
+            return {
+                // 返回注入的安全上下文
+                prependContext: prependSections.join("\n\n"),
+            };
+        });
+        // Capture ongoing user messages
+        // Hook 2: 消息接收 - 持续监控用户输入
+        api.on("message_received", async (event, ctx) => {
+            const sessionKey = resolveSessionKey(ctx, event);
+            const text = extractTextContent(event.content);
+            const promptForDetection = extractPromptForDetection(event.content);
+            const from = event.from;
+            const userSender = isUserSender(from);
+            debugLog(`message_received: from=${String(from)} userSender=${userSender} sessionKey=${sessionKey} ` +
+                `candidates=${collectSessionCandidates(ctx, event).join("|")} contentLength=${text.length} ` +
+                `scanLength=${promptForDetection.length}`);
+            let isAlertConfirmation = false;
+            if (globalBehaviorDetector && userSender && promptForDetection) {
+                const pendingAlert = globalBehaviorDetector.getPendingPromptAlertDecision(sessionKey);
+                if (pendingAlert && isPromptAlertConfirmation(promptForDetection)) {
+                    globalBehaviorDetector.confirmPendingPromptAlert(sessionKey);
+                    promptScanCache.delete(promptCacheKey(sessionKey));
+                    isAlertConfirmation = true;
+                    log.info(`Prompt alert confirmed by user for session=${sessionKey} ` +
+                        `[${pendingAlert.riskLevel}/${Math.round(pendingAlert.confidence * 100)}%]`);
+                }
+            }
+            if (globalBehaviorDetector && userSender && promptForDetection && !isAlertConfirmation) {
+                globalBehaviorDetector.setUserIntent(sessionKey, promptForDetection);
+                // 扫描新消息的风险
+                await maybeScanPrompt(sessionKey, promptForDetection, "message_received");
+            }
+            // Report to Core (non-blocking)
+            globalEventReporter?.report(sessionKey, "message_received", {
+                timestamp: new Date().toISOString(),
+                from: event.from,
+                content: text.slice(0, 100000), // Truncate very large content
+                contentLength: text.length,
+            });
+        });
+        // Clear behavioral state when session ends
+        // Hook 4: Session 结束 - 清理状态
+        api.on("session_end", async (event, ctx) => {
+            const sessionKey = ctx.sessionKey ?? event.sessionId ?? "";
+            // Report to Core (non-blocking)
+            globalEventReporter?.report(sessionKey, "session_end", {
+                timestamp: new Date().toISOString(),
+                sessionId: event.sessionId ?? sessionKey,
+                durationMs: event.durationMs,
+            });
+            // Report session end to business reporter
+            globalBusinessReporter?.recordSession("end", event.durationMs);
+            globalBehaviorDetector?.clearSession(sessionKey);
+            globalEventReporter?.clearSession(sessionKey);
+            promptScanCache.delete(promptCacheKey(sessionKey));
+        });
+        // Core detection hook — may block the tool call
+        // Hook 3: 工具调用前 - 核心安全检查
+        api.on("before_tool_call", async (event, ctx) => {
+            log.debug?.(`before_tool_call: ${event.toolName}`);
+            let blocked = false;
+            let blockReason;
+            if (globalBehaviorDetector && behaviorHooksEnabled) {
+                const decision = await globalBehaviorDetector.onBeforeToolCall({ sessionKey: ctx.sessionKey ?? "", agentId: ctx.agentId }, { toolName: event.toolName, params: event.params });
+                if (decision?.block) {
+                    blocked = true;
+                    blockReason = decision.blockReason;
+                    log.warn(`BLOCKED "${event.toolName}": ${decision.blockReason}`);
+                }
+            }
+            // Report to dashboard (non-blocking)
+            if (globalDashboardClient?.agentId) {
+                globalDashboardClient
+                    .reportToolCall({
+                    agentId: globalDashboardClient.agentId,
+                    sessionKey: ctx.sessionKey,
+                    toolName: event.toolName,
+                    params: event.params,
+                    phase: "before",
+                    blocked,
+                    blockReason,
+                })
+                    .catch((err) => {
+                    log.debug?.(`Dashboard: report failed (before ${event.toolName}) — ${err}`);
+                });
+            }
+            if (blocked) {
+                // Report blocked tool call to business reporter
+                globalBusinessReporter?.recordToolCall(event.toolName, inferToolCategory(event.toolName), 0, true);
+                // Record blocked call for local agentic hours
+                globalDashboardClient?.recordToolCallDuration(0, true);
+                return { block: true, blockReason };
+            }
+        }, { priority: 100 });
+        // Scan tool results for content injection before they reach the LLM
+        // Also append quota exceeded messages when applicable
+        api.on("tool_result_persist", (event, ctx) => {
+            log.info(`tool_result_persist triggered: toolName=${event.toolName ?? ctx.toolName ?? "unknown"}`);
+            if (!globalBehaviorDetector) {
+                log.debug?.("tool_result_persist: no detector");
+                return;
+            }
+            // Resolve tool name from event, context, or the message itself
+            const message = event.message;
+            const msgToolName = message && "toolName" in message ? message.toolName : undefined;
+            const toolName = event.toolName ?? ctx.toolName ?? msgToolName;
+            log.debug?.(`tool_result_persist: toolName=${toolName ?? "(none)"} [event=${event.toolName}, ctx=${ctx.toolName}, msg=${msgToolName}]`);
+            // Check message structure first before consuming quota message
+            if (!message || !("content" in message) || !Array.isArray(message.content)) {
+                log.debug?.(`tool_result_persist: message.content not an array (role=${message && "role" in message ? message.role : "?"})`);
+                // Don't consume quota message if we can't append it
+                return;
+            }
+            const contentArray = message.content;
+            let messageModified = false;
+            // Check for pending quota message (should be appended to any tool result)
+            const quotaMessage = globalBehaviorDetector.consumePendingQuotaMessage();
+            log.debug?.(`tool_result_persist: quotaMessage=${quotaMessage ? "present" : "none"}`);
+            if (quotaMessage) {
+                const formattedMsg = formatQuotaMessage(quotaMessage);
+                contentArray.push({
+                    type: "text",
+                    text: formattedMsg,
+                });
+                messageModified = true;
+                log.warn(`Quota exceeded — appending upgrade message to tool result (${quotaMessage.quotaUsed}/${quotaMessage.quotaTotal})`);
+            }
+            // Report to Core (non-blocking)
+            globalEventReporter?.report(ctx.sessionKey ?? "", "tool_result_persist", {
+                timestamp: new Date().toISOString(),
+                toolName,
+                modified: messageModified,
+                modificationReason: messageModified ? "quota_message_appended" : undefined,
+            });
+            // If no toolName, we've done what we can (appended quota message if any)
+            // Local injection scanning removed - all detection handled by Core
+            return messageModified ? { message } : undefined;
+        }, { priority: 100 });
+        // Record completed tool for chain history + scan content for injection via Core
+        api.on("after_tool_call", async (event, ctx) => {
+            log.debug?.(`after_tool_call: ${event.toolName} (${event.durationMs}ms)`);
+            if (globalBehaviorDetector && behaviorHooksEnabled) {
+                globalBehaviorDetector.onAfterToolCall({ sessionKey: ctx.sessionKey ?? "" }, {
+                    toolName: event.toolName,
+                    params: event.params,
+                    result: event.result,
+                    error: event.error,
+                    durationMs: event.durationMs,
+                });
+                // Scan ALL tool results for injection via Core (not just file read / web fetch)
+                if (event.result && !event.error) {
+                    const extractedResultText = extractToolContentForDetection(event.result);
+                    const resultText = extractedResultText || (typeof event.result === "string"
+                        ? event.result
+                        : JSON.stringify(event.result));
+                    // Only scan if content is non-trivial (> 20 chars to avoid noise)
+                    if (resultText.length > 20) {
+                        const scanResult = await globalBehaviorDetector.scanContent(ctx.sessionKey ?? "", event.toolName, resultText);
+                        if (scanResult && globalDashboardClient?.agentId) {
+                            const observation = buildScanActivityObservation({
+                                source: "content",
+                                action: scanResult.action,
+                                agentId: globalDashboardClient.agentId,
+                                sessionKey: ctx.sessionKey,
+                                riskLevel: scanResult.riskLevel,
+                                confidence: scanResult.confidence,
+                                categories: scanResult.categories,
+                                explanation: scanResult.explanation || scanResult.summary,
+                                latencyMs: scanResult.latency_ms,
+                                scannedToolName: event.toolName,
+                            });
+                            if (observation) {
+                                globalDashboardClient
+                                    .reportToolCall(observation)
+                                    .catch((err) => {
+                                    log.debug?.(`Dashboard: content scan activity report failed — ${err}`);
+                                });
+                            }
+                        }
+                        if (scanResult?.detected) {
+                            log.warn(`Core: injection detected in "${event.toolName}" result: ${scanResult.summary}`);
+                            // Report detection to business reporter
+                            globalBusinessReporter?.recordDetection(scanResult.detected ? "high" : "no_risk", false, scanResult.summary);
+                            // Report dynamic scan result to business reporter
+                            globalBusinessReporter?.recordScanResult("dynamic", scanResult.categories ?? [], true);
+                            // Record risk event for local agentic hours
+                            globalDashboardClient?.recordRiskEvent();
+                        }
+                        // Report detection result to dashboard (non-blocking)
+                        if (scanResult && globalDashboardClient) {
+                            // Calculate sensitivity score from findings confidence
+                            // high=0.9, medium=0.7, low=0.5, take max
+                            const confidenceScores = { high: 0.9, medium: 0.7, low: 0.5 };
+                            const sensitivityScore = scanResult.findings.length > 0
+                                ? Math.max(...scanResult.findings.map((f) => confidenceScores[f.confidence] ?? 0.5))
+                                : 0;
+                            globalDashboardClient
+                                .reportDetection({
+                                agentId: globalDashboardClient.agentId || "unknown",
+                                sessionKey: ctx.sessionKey,
+                                toolName: event.toolName,
+                                safe: !scanResult.detected,
+                                categories: scanResult.categories,
+                                findings: scanResult.findings.map((f) => ({
+                                    scanner: f.scanner,
+                                    name: f.name,
+                                    matchedText: f.matchedText,
+                                    confidence: f.confidence,
+                                })),
+                                sensitivityScore,
+                                latencyMs: scanResult.latency_ms,
+                            })
+                                .catch((err) => {
+                                log.debug?.(`Dashboard: detection report failed — ${err}`);
+                            });
+                        }
+                    }
+                }
+            }
+            // Report to dashboard (non-blocking)
+            if (globalDashboardClient?.agentId) {
+                globalDashboardClient
+                    .reportToolCall({
+                    agentId: globalDashboardClient.agentId,
+                    sessionKey: ctx.sessionKey,
+                    toolName: event.toolName,
+                    params: event.params,
+                    phase: "after",
+                    result: event.error ? undefined : "ok",
+                    error: event.error,
+                    durationMs: event.durationMs,
+                })
+                    .catch((err) => {
+                    log.debug?.(`Dashboard: report failed (after ${event.toolName}) — ${err}`);
+                });
+            }
+            // Report tool call to business reporter (with duration and category)
+            debugLog(`after_tool_call: tool=${event.toolName} durationMs=${event.durationMs} dashboardClient=${!!globalDashboardClient} businessReporter=${!!globalBusinessReporter} businessEnabled=${globalBusinessReporter?.isEnabled()}`);
+            globalBusinessReporter?.recordToolCall(event.toolName, inferToolCategory(event.toolName), event.durationMs ?? 0, false);
+            // Record tool call duration for local agentic hours
+            globalDashboardClient?.recordToolCallDuration(event.durationMs ?? 0);
+        });
+        // ── New Hooks (18 additional hooks for complete context) ────
+        // Note: Many of these hooks may not be in the OpenClaw SDK types yet.
+        // We use type assertions to register them, and they'll work at runtime
+        // when/if OpenClaw supports them.
+        const apiAny = api;
+        // Agent lifecycle: agent_end
+        apiAny.on("agent_end", async (event, ctx) => {
+            const sessionKey = ctx?.sessionKey ?? "";
+            globalEventReporter?.report(sessionKey, "agent_end", {
+                timestamp: new Date().toISOString(),
+                reason: event?.reason ?? "unknown",
+                error: event?.error,
+                durationMs: event?.durationMs,
+            });
+        });
+        // Session lifecycle: session_start
+        apiAny.on("session_start", async (event, ctx) => {
+            const sessionKey = ctx?.sessionKey ?? "";
+            const sessionId = event?.sessionId ?? sessionKey;
+            // Set up run ID if not already set
+            if (!globalEventReporter?.getRunId(sessionKey)) {
+                const runId = `run-${randomBytes(8).toString("hex")}`;
+                globalEventReporter?.setRunId(sessionKey, runId);
+            }
+            globalEventReporter?.report(sessionKey, "session_start", {
+                timestamp: new Date().toISOString(),
+                sessionId,
+                isNew: event?.isNew ?? true,
+            });
+            // Report session start to business reporter
+            debugLog(`session_start: sessionKey=${sessionKey} dashboardClient=${!!globalDashboardClient} businessReporter=${!!globalBusinessReporter}`);
+            globalBusinessReporter?.recordSession("start");
+            // Record session start for local agentic hours
+            globalDashboardClient?.recordSessionStart();
+        });
+        // Model resolution: before_model_resolve
+        apiAny.on("before_model_resolve", async (event, ctx) => {
+            const sessionKey = ctx?.sessionKey ?? "";
+            globalEventReporter?.report(sessionKey, "before_model_resolve", {
+                timestamp: new Date().toISOString(),
+                requestedModel: event?.model ?? event?.requestedModel ?? "unknown",
+            });
+        });
+        // Prompt building: before_prompt_build
+        apiAny.on("before_prompt_build", async (event, ctx) => {
+            const sessionKey = ctx?.sessionKey ?? "";
+            const sessionCandidates = collectSessionCandidates(ctx, event);
+            const activeDecision = resolveActivePromptDecision(sessionCandidates, globalBehaviorDetector, config.blockOnRisk);
+            let prependSystemContext;
+            if (activeDecision) {
+                const notice = buildPromptRiskNotice(activeDecision.decision, {
+                    brandName: BRAND_NAME,
+                    blockWarning: PROMPT_BLOCK_WARNING,
+                    alertWarning: PROMPT_ALERT_WARNING,
+                });
+                prependSystemContext = buildPromptRiskOverrideInstruction(notice, activeDecision.decision);
+                debugLog(`before_prompt_build:prompt-notice-system action=${activeDecision.decision.action} ` +
+                    `sessionKey=${sessionKey} decisionKey=${activeDecision.decisionKey} ` +
+                    `risk=${activeDecision.decision.riskLevel} ` +
+                    `confidence=${Math.round(activeDecision.decision.confidence * 100)}%`);
+            }
+            globalEventReporter?.report(sessionKey, "before_prompt_build", {
+                timestamp: new Date().toISOString(),
+                messageCount: event?.messageCount ?? event?.messages?.length ?? 0,
+                tokenEstimate: event?.tokenEstimate,
+            });
+            if (prependSystemContext) {
+                return { prependSystemContext };
+            }
+        });
+        // LLM input: llm_input (critical for context)
+        apiAny.on("llm_input", async (event, ctx) => {
+            const sessionKey = ctx?.sessionKey ?? "";
+            // Track timestamp for LLM duration calculation (OpenClaw may not provide latencyMs)
+            llmInputTimestamps.set(sessionKey, Date.now());
+            const content = typeof event?.content === "string"
+                ? event.content
+                : JSON.stringify(event?.messages ?? event?.content ?? "");
+            globalEventReporter?.report(sessionKey, "llm_input", {
+                timestamp: new Date().toISOString(),
+                model: event?.model ?? "unknown",
+                content: content.slice(0, 100000), // Truncate very large content
+                contentLength: content.length,
+                messageCount: event?.messages?.length ?? 1,
+                tokenCount: event?.tokenCount,
+                systemPrompt: event?.systemPrompt,
+            });
+        });
+        // LLM output: llm_output (critical for context)
+        apiAny.on("llm_output", async (event, ctx) => {
+            const sessionKey = ctx?.sessionKey ?? "";
+            const content = typeof event?.content === "string"
+                ? event.content
+                : JSON.stringify(event?.content ?? "");
+            // Compute LLM duration: prefer event-provided, fall back to our own timing
+            const inputTs = llmInputTimestamps.get(sessionKey);
+            const llmDuration = event?.latencyMs ?? event?.durationMs ?? (inputTs ? Date.now() - inputTs : 0);
+            if (inputTs)
+                llmInputTimestamps.delete(sessionKey);
+            globalEventReporter?.report(sessionKey, "llm_output", {
+                timestamp: new Date().toISOString(),
+                model: event?.model ?? "unknown",
+                content: content.slice(0, 100000),
+                contentLength: content.length,
+                streamed: event?.streamed ?? false,
+                tokenUsage: event?.usage ?? event?.tokenUsage,
+                latencyMs: llmDuration,
+                stopReason: event?.stopReason ?? event?.stop_reason,
+            });
+            // Report LLM call to business reporter
+            debugLog(`llm_output: model=${event?.model} latencyMs=${event?.latencyMs} durationMs=${event?.durationMs} computed=${llmDuration} dashboardClient=${!!globalDashboardClient} businessReporter=${!!globalBusinessReporter}`);
+            if (llmDuration > 0) {
+                globalBusinessReporter?.recordLlmCall(llmDuration, event?.model);
+                // Record LLM duration for local agentic hours
+                globalDashboardClient?.recordLlmDuration(llmDuration);
+            }
+        });
+        // Message sending: message_sending (blocking - can modify/cancel)
+        api.on("message_sending", async (event, ctx) => {
+            const sessionCandidates = collectSessionCandidates(ctx, event);
+            const sessionKey = sessionCandidates[0] ?? "";
+            const content = typeof event.content === "string"
+                ? event.content
+                : JSON.stringify(event.content ?? "");
+            debugLog(`message_sending: sessionKey=${sessionKey} candidates=${sessionCandidates.join("|")} contentLength=${content.length}`);
+            const activeDecision = resolveActivePromptDecision(sessionCandidates, globalBehaviorDetector, config.blockOnRisk);
+            if (activeDecision) {
+                const notice = buildPromptRiskNotice(activeDecision.decision, {
+                    brandName: BRAND_NAME,
+                    blockWarning: PROMPT_BLOCK_WARNING,
+                    alertWarning: PROMPT_ALERT_WARNING,
+                });
+                debugLog(`message_sending:prompt-notice action=${activeDecision.decision.action} sessionKey=${sessionKey} ` +
+                    `decisionKey=${activeDecision.decisionKey} risk=${activeDecision.decision.riskLevel} ` +
+                    `confidence=${Math.round(activeDecision.decision.confidence * 100)}%`);
+                log.warn(`Message replaced by prompt ${activeDecision.decision.action} gate ` +
+                    `[${activeDecision.decision.riskLevel}/${Math.round(activeDecision.decision.confidence * 100)}%]: ` +
+                    `${activeDecision.decision.explanation}`);
+                globalEventReporter?.report(sessionKey, "message_sending", {
+                    timestamp: new Date().toISOString(),
+                    to: event.to ?? "user",
+                    content: notice,
+                    contentLength: notice.length,
+                }, false);
+                return { content: notice };
+            }
+            // Report to Core (non-blocking telemetry)
+            globalEventReporter?.report(sessionKey, "message_sending", {
+                timestamp: new Date().toISOString(),
+                to: event.to ?? "user",
+                content: content.slice(0, 100000),
+                contentLength: content.length,
+            }, false);
+        });
+        // Message sent: message_sent
+        api.on("message_sent", async (event, ctx) => {
+            const sessionKey = resolveSessionKey(ctx, event);
+            globalEventReporter?.report(sessionKey, "message_sent", {
+                timestamp: new Date().toISOString(),
+                to: event.to ?? "user",
+                success: true,
+                durationMs: event.durationMs,
+            });
+        });
+        // Before message write: before_message_write (synchronous in current OpenClaw runtime)
+        apiAny.on("before_message_write", (event, ctx) => {
+            const sessionKey = resolveSessionKey(ctx, event);
+            const sessionCandidates = collectSessionCandidates(ctx, event);
+            const message = event?.message;
+            const role = typeof message?.role === "string" ? message.role : "unknown";
+            const content = extractTextContent(message?.content ?? event?.content ?? message);
+            debugLog(`before_message_write: sessionKey=${sessionKey} role=${role} candidates=${sessionCandidates.join("|")} ` +
+                `contentLength=${content.length}`);
+            if (role === "assistant") {
+                const activeDecision = resolveActivePromptDecision(sessionCandidates, globalBehaviorDetector, config.blockOnRisk);
+                if (activeDecision) {
+                    const notice = buildPromptRiskNotice(activeDecision.decision, {
+                        brandName: BRAND_NAME,
+                        blockWarning: PROMPT_BLOCK_WARNING,
+                        alertWarning: PROMPT_ALERT_WARNING,
+                    });
+                    const rewritten = rewriteAssistantMessageWithNotice(message, notice);
+                    if (rewritten) {
+                        debugLog(`before_message_write:prompt-notice-applied action=${activeDecision.decision.action} ` +
+                            `sessionKey=${sessionKey} decisionKey=${activeDecision.decisionKey} ` +
+                            `risk=${activeDecision.decision.riskLevel} ` +
+                            `confidence=${Math.round(activeDecision.decision.confidence * 100)}%`);
+                        log.warn(`Prompt notice enforced at before_message_write: action=${activeDecision.decision.action}, ` +
+                            `risk=${activeDecision.decision.riskLevel}, ` +
+                            `confidence=${Math.round(activeDecision.decision.confidence * 100)}%`);
+                        void globalEventReporter?.report(sessionKey, "before_message_write", {
+                            timestamp: new Date().toISOString(),
+                            filePath: event?.filePath ?? event?.path ?? "unknown",
+                            content: notice.slice(0, 100000),
+                            contentLength: notice.length,
+                        }, false);
+                        return { message: rewritten };
+                    }
+                }
+            }
+            void globalEventReporter?.report(sessionKey, "before_message_write", {
+                timestamp: new Date().toISOString(),
+                filePath: event?.filePath ?? event?.path ?? "unknown",
+                content: content.slice(0, 100000),
+                contentLength: content.length,
+            }, false);
+        });
+        // Compaction: before_compaction
+        api.on("before_compaction", async (event, ctx) => {
+            const sessionKey = ctx.sessionKey ?? "";
+            globalEventReporter?.report(sessionKey, "before_compaction", {
+                timestamp: new Date().toISOString(),
+                messageCount: event.messageCount ?? 0,
+                tokenEstimate: event.tokenEstimate,
+                reason: event.reason ?? "auto",
+            });
+        });
+        // Compaction: after_compaction
+        api.on("after_compaction", async (event, ctx) => {
+            const sessionKey = ctx.sessionKey ?? "";
+            globalEventReporter?.report(sessionKey, "after_compaction", {
+                timestamp: new Date().toISOString(),
+                messageCount: event.messageCount ?? 0,
+                removedCount: event.removedCount ?? 0,
+                tokenEstimate: event.tokenEstimate,
+            });
+        });
+        // Reset: before_reset
+        apiAny.on("before_reset", async (event, ctx) => {
+            const sessionKey = ctx?.sessionKey ?? "";
+            globalEventReporter?.report(sessionKey, "before_reset", {
+                timestamp: new Date().toISOString(),
+                reason: event?.reason ?? "unknown",
+                messageCount: event?.messageCount ?? 0,
+            });
+        });
+        // Subagent: subagent_spawning (blocking - critical for security)
+        apiAny.on("subagent_spawning", async (event, ctx) => {
+            const sessionKey = ctx?.sessionKey ?? "";
+            const task = typeof event?.task === "string"
+                ? event.task
+                : typeof event?.prompt === "string"
+                    ? event.prompt
+                    : JSON.stringify(event?.task ?? event?.prompt ?? "");
+            const decision = await globalEventReporter?.report(sessionKey, "subagent_spawning", {
+                timestamp: new Date().toISOString(),
+                subagentId: event?.subagentId ?? event?.id ?? "unknown",
+                subagentType: event?.subagentType ?? event?.type ?? "unknown",
+                task: task.slice(0, 100000),
+                taskLength: task.length,
+                parentContext: event?.parentContext,
+            }, true);
+            if (decision?.block) {
+                log.warn(`BLOCKED subagent spawn: ${decision.reason}`);
+                return { block: true, blockReason: decision.reason };
+            }
+        });
+        // Subagent: subagent_delivery_target
+        apiAny.on("subagent_delivery_target", async (event, ctx) => {
+            const sessionKey = ctx?.sessionKey ?? "";
+            globalEventReporter?.report(sessionKey, "subagent_delivery_target", {
+                timestamp: new Date().toISOString(),
+                subagentId: event?.subagentId ?? event?.id ?? "unknown",
+                targetType: event?.targetType ?? event?.type ?? "unknown",
+                targetDetails: event?.targetDetails ?? event?.details,
+            });
+        });
+        // Subagent: subagent_spawned
+        apiAny.on("subagent_spawned", async (event, ctx) => {
+            const sessionKey = ctx?.sessionKey ?? "";
+            globalEventReporter?.report(sessionKey, "subagent_spawned", {
+                timestamp: new Date().toISOString(),
+                subagentId: event?.subagentId ?? event?.id ?? "unknown",
+                subagentType: event?.subagentType ?? event?.type ?? "unknown",
+                success: event?.success ?? true,
+                error: event?.error,
+            });
+        });
+        // Subagent: subagent_ended
+        apiAny.on("subagent_ended", async (event, ctx) => {
+            const sessionKey = ctx?.sessionKey ?? "";
+            globalEventReporter?.report(sessionKey, "subagent_ended", {
+                timestamp: new Date().toISOString(),
+                subagentId: event?.subagentId ?? event?.id ?? "unknown",
+                reason: event?.reason ?? "unknown",
+                resultSummary: event?.resultSummary ?? event?.result,
+                error: event?.error,
+                durationMs: event?.durationMs,
+            });
+        });
+        // Gateway: gateway_start
+        apiAny.on("gateway_start", async (event, ctx) => {
+            const sessionKey = ctx?.sessionKey ?? "";
+            globalEventReporter?.report(sessionKey, "gateway_start", {
+                timestamp: new Date().toISOString(),
+                port: event?.port ?? 0,
+                url: event?.url ?? "",
+            });
+        });
+        // Gateway: gateway_stop
+        apiAny.on("gateway_stop", async (event, ctx) => {
+            const sessionKey = ctx?.sessionKey ?? "";
+            globalEventReporter?.report(sessionKey, "gateway_stop", {
+                timestamp: new Date().toISOString(),
+                reason: event?.reason ?? "unknown",
+                error: event?.error,
+            });
+        });
+        // ── Commands 注册命令─────────────────────────────────────────────────
+        // 状态查询
+        api.registerCommand({
+            name: "og_status", // 状态查询
+            description: "Show MoltGuard status, API key, and quota",
+            requireAuth: true,
+            handler: async () => {
+                const creds = ensureCoreCredentials(config.coreUrl);
+                deviceActivated = getActivationStatus().activated;
+                applyBehaviorHooksCredentials();
+                // Get live quota status from Core (skip in enterprise mode)
+                const status = isEnterprise
+                    ? { email: "", plan: "enterprise", quotaUsed: 0, quotaTotal: 999_999_999, isAutonomous: false, resetAt: "" }
+                    : await getAccountStatus(creds.apiKey, config.coreUrl);
+                const mode = status.isAutonomous ? "autonomous" : "human managed";
+                const quotaDisplay = `${status.quotaUsed}/${status.quotaTotal}/day`;
+                const lines = [
+                    "**MoltGuard Status**",
+                    "",
+                    `- API Key: ${maskApiKey(creds.apiKey)}`,
+                    `- Agent ID: ${creds.agentId}`,
+                    `- Email: ${status.email || "(not set)"}`,
+                    `- Plan: ${isEnterprise ? "enterprise" : status.plan}`,
+                    `- Quota: ${isEnterprise ? "unlimited" : quotaDisplay}${!isEnterprise && status.resetAt ? " (resets at UTC 0:00)" : ""}`,
+                    `- Mode: ${isEnterprise ? "enterprise" : mode}`,
+                    `- Authorization: Bearer <local-mac>`,
+                    ...(isEnterprise ? [`- Core: ${config.coreUrl}`] : []),
+                    `- blockOnRisk: ${config.blockOnRisk}`,
+                    ...getBehaviorHooksStatusText(),
+                    "",
+                    "Commands:",
+                    ...(isEnterprise ? [] : [
+                        "- /og_core — Open Core portal to upgrade plan",
+                        "- /og_claim — Show agent info for claiming",
+                    ]),
+                    "- /ct-scan — 执行本地混合安全巡检脚本",
+                    "- /ct_scan — 执行巡检并追加 --push",
+                    "- /ct_guard on|off|status — changewayguard 实时防护开关",
+                    "- /plugin_regist <激活码> — 输入激活码完成授权",
+                    "- /og_config — Configure API key",
+                ];
+                return { text: lines.join("\n") };
+            },
+        });
+        // // 配置管理
+        api.registerCommand({
+            name: "og_config",
+            description: "Show how to configure API key for cross-machine sharing",
+            requireAuth: true,
+            handler: async () => {
+                // Show configuration instructions
+                // Note: OpenClaw commands don't support arguments directly.
+                // Users configure API key via openclaw.json or environment variable.
+                return {
+                    text: [
+                        "**Configure MoltGuard API Key**",
+                        "",
+                        "To use an existing API key (e.g., from a paid plan) across multiple machines:",
+                        "",
+                        "**Option 1: Edit openclaw.json**",
+                        "```json",
+                        "{",
+                        '  "plugins": {',
+                        '    "entries": {',
+                        '      "changewayguard": {',
+                        '        "config": { "apiKey": "sk-og-<your-key>" }',
+                        "      }",
+                        "    }",
+                        "  }",
+                        "}",
+                        "```",
+                        "",
+                        "**Option 2: Environment variable**",
+                        "```bash",
+                        "export OG_API_KEY=sk-og-<your-key>",
+                        "```",
+                        "",
+                        "Then restart the gateway: `openclaw gateway restart`",
+                        "",
+                        `Get your API key from: ${config.coreUrl}/login`,
+                        "",
+                        `Current API key: ${globalCoreCredentials?.apiKey ? maskApiKey(globalCoreCredentials.apiKey) : "(none)"}`,
+                    ].join("\n"),
+                };
+            },
+        });
+        api.registerCommand({
+            name: "ct_guard",
+            description: "Enable/disable behavior hooks and remote detection requests",
+            requireAuth: true,
+            acceptsArgs: true,
+            handler: async (ctx) => {
+                const command = (ctx.args?.trim().toLowerCase() || "status");
+                deviceActivated = getActivationStatus().activated;
+                if (command === "on") {
+                    if (!deviceActivated) {
+                        applyBehaviorHooksCredentials();
+                        return {
+                            text: [
+                                "**changewayguard 实时防护未开启**",
+                                "",
+                                "设备未激活，默认关闭且不可开启。",
+                                "请先执行：`/plugin_regist ACT-XXXX-XXXX-XXXX`",
+                                "",
+                                ...getBehaviorHooksStatusText(),
+                            ].join("\n"),
+                        };
+                    }
+                    behaviorHooksPreference = true;
+                    saveBehaviorHooksPreference(true);
+                    applyBehaviorHooksCredentials();
+                    await initBusinessFeatures(config.coreUrl);
+                    return {
+                        text: [
+                            "**changewayguard 实时防护已开启**",
+                            "",
+                            ...getBehaviorHooksStatusText(),
+                        ].join("\n"),
+                    };
+                }
+                if (command === "off") {
+                    behaviorHooksPreference = false;
+                    saveBehaviorHooksPreference(false);
+                    applyBehaviorHooksCredentials();
+                    if (globalConfigSync) {
+                        globalConfigSync.stop();
+                        globalConfigSync = null;
+                    }
+                    if (globalBusinessReporter) {
+                        globalBusinessReporter.setCredentials(null);
+                        await globalBusinessReporter.stop();
+                        globalBusinessReporter = null;
+                    }
+                    if (autoScanEnabled && globalFileWatcher?.running) {
+                        globalFileWatcher.stop();
+                        autoScanEnabled = false;
+                    }
+                    return {
+                        text: [
+                            "**changewayguard 实时防护已关闭**",
+                            "",
+                            "自动扫描已停止（如之前已开启）。",
+                            ...getBehaviorHooksStatusText(),
+                        ].join("\n"),
+                    };
+                }
+                return {
+                    text: [
+                        "**changewayguard 实时防护状态**",
+                        "",
+                        ...getBehaviorHooksStatusText(),
+                        "",
+                        "Usage:",
+                        "  /ct_guard on  — 开启实时防护（需设备已激活）",
+                        "  /ct_guard off — 关闭实时防护（立即停止自动检测请求）",
+                        "  /ct_guard status — 查看当前状态",
+                    ].join("\n"),
+                };
+            },
+        });
+        api.registerCommand({
+            name: "plugin_regist",
+            description: "Activate plugin with an activation code",
+            requireAuth: true,
+            acceptsArgs: true,
+            handler: async (ctx) => {
+                const rawArgs = ctx.args?.trim() ?? "";
+                deviceActivated = getActivationStatus().activated;
+                applyBehaviorHooksCredentials();
+                const status = getActivationStatus();
+                if (!rawArgs || rawArgs.toLowerCase() === "status") {
+                    return {
+                        text: [
+                            "**插件激活状态**",
+                            "",
+                            `- 设备 ID: ${status.deviceId}`,
+                            `- 激活状态: ${status.activated ? "已激活" : "未激活"}`,
+                            `- 激活时间: ${status.activatedAt ?? "(未激活)"}`,
+                            "",
+                            "**使用方式**",
+                            "  /plugin_regist ACT-XXXX-XXXX-XXXX",
+                        ].join("\n"),
+                    };
+                }
+                const result = await activateDeviceByCode(config.coreUrl, rawArgs);
+                if (!result.ok) {
+                    return {
+                        text: [
+                            "**激活失败**",
+                            "",
+                            result.message,
+                        ].join("\n"),
+                    };
+                }
+                deviceActivated = true;
+                // Activation success should enable hooks by default.
+                behaviorHooksPreference = true;
+                saveBehaviorHooksPreference(true);
+                applyBehaviorHooksCredentials();
+                const keys = loadActivationKeys();
+                return {
+                    text: [
+                        "**激活成功**",
+                        "",
+                        `- 设备 ID: ${result.status.deviceId}`,
+                        `- 激活时间: ${result.status.activatedAt ?? new Date().toISOString()}`,
+                        `- API Key: ${keys?.apiKey ? maskApiKey(keys.apiKey) : "(已保存)"}`,
+                        ...getBehaviorHooksStatusText(),
+                        "",
+                        result.message,
+                    ].join("\n"),
+                };
+            },
+        });
+        api.registerCommand({
+            name: "og_core",
+            description: "Open Core portal for account and billing",
+            requireAuth: true,
+            handler: async () => {
+                return {
+                    text: [
+                        `**${BRAND_NAME} Core Portal**`,
+                        "",
+                        "Manage your account, view usage, and upgrade your plan:",
+                        "",
+                        `  ${config.coreUrl}/login`,
+                        "",
+                        "Enter your email to receive a magic login link.",
+                    ].join("\n"),
+                };
+            },
+        });
+        api.registerCommand({
+            name: "ct_dashboard",
+            description: "Start local Dashboard and get access URLs",
+            requireAuth: true,
+            handler: async () => {
+                const creds = ensureCoreCredentials(config.coreUrl);
+                // Import dashboard launcher (dynamic to avoid circular deps)
+                const { startLocalDashboard, DevModeError } = await import("./dashboard-launcher.js");
+                try {
+                    const result = await startLocalDashboard({
+                        apiKey: creds.apiKey,
+                        agentId: creds.agentId,
+                        coreUrl: config.coreUrl,
+                    });
+                    return {
+                        text: [
+                            "**Dashboard URL**",
+                            "",
+                            result.localUrl,
+                        ].join("\n"),
+                    };
+                }
+                catch (err) {
+                    // Development mode: show instructions for manual startup
+                    if (err instanceof DevModeError) {
+                        return { text: err.getInstructions() };
+                    }
+                    return {
+                        text: [
+                            "**Dashboard Startup Failed**",
+                            "",
+                            `Error: ${err}`,
+                            "",
+                            "Try running the Dashboard manually:",
+                            "  cd dashboard && pnpm dev",
+                        ].join("\n"),
+                    };
+                }
+            },
+        });
+        api.registerCommand({
+            name: "ct-scan",
+            description: "Run local changeway hybrid audit script",
+            requireAuth: true,
+            handler: async () => {
+                const result = await runCtScanCommand(log);
+                return { text: result.text };
+            },
+        });
+        api.registerCommand({
+            name: "ct_scan",
+            description: "Run /ct-scan with --push",
+            requireAuth: true,
+            handler: async () => {
+                const result = await runCtScanCommand(log, ["--push"]);
+                return { text: result.text };
+            },
+        });
+        api.registerCommand({
+            name: "og_claim",
+            description: "Display agent ID and API key for claiming on Core",
+            requireAuth: true,
+            handler: async () => {
+                const creds = ensureCoreCredentials(config.coreUrl);
+                // Get current status to check if already claimed
+                const status = await getAccountStatus(creds.apiKey, config.coreUrl);
+                if (status.email) {
+                    return {
+                        text: [
+                            "**Agent Already Claimed**",
+                            "",
+                            `This agent is already linked to: ${status.email}`,
+                            "",
+                            `Agent ID: ${creds.agentId}`,
+                            `Plan: ${status.plan}`,
+                            `Quota: ${status.quotaUsed}/${status.quotaTotal}`,
+                            "",
+                            `Manage at: ${config.coreUrl}/login`,
+                        ].join("\n"),
+                    };
+                }
+                return {
+                    text: [
+                        "**Claim Your Agent**",
+                        "",
+                        "Copy and paste these credentials to claim this agent on the Core platform:",
+                        "",
+                        "```",
+                        `Agent ID: ${creds.agentId}`,
+                        `API Key: ${creds.apiKey}`,
+                        "```",
+                        "",
+                        "Steps:",
+                        `1. Go to ${config.coreUrl}/login and enter your email`,
+                        "2. Click the magic link in your email to log in",
+                        `3. Go to ${config.coreUrl}/claim-agent`,
+                        "4. Paste the Agent ID and API Key above",
+                        "",
+                        "After claiming, all your agents share the same quota.",
+                    ].join("\n"),
+                };
+            },
+        });
+        // 开启内容脱敏
+        api.registerCommand({
+            name: "og_sanitize",
+            description: "Enable/disable AI Security Gateway for data sanitization",
+            requireAuth: true,
+            acceptsArgs: true,
+            handler: async (ctx) => {
+                const command = ctx.args?.trim().toLowerCase();
+                if (command === "on") {
+                    // Enable gateway (only modifies agent configs, gateway is always running)
+                    try {
+                        const result = await enableGateway();
+                        return {
+                            text: [
+                                "**AI Security Gateway Enabled**",
+                                "",
+                                "All LLM requests will now be sanitized before being sent to providers.",
+                                "Sensitive data (API keys, PII, credentials) will be automatically detected and replaced with placeholders.",
+                                "",
+                                `- Gateway URL: http://127.0.0.1:53669`,
+                                `- Providers protected: ${result.providers.join(", ")}`,
+                                "",
+                                result.warnings.length > 0 ? "**Warnings:**" : "",
+                                ...result.warnings.map(w => `  ${w}`),
+                                result.warnings.length > 0 ? "" : "",
+                                "**IMPORTANT:** Do not add/modify providers in openclaw.json while Gateway is enabled.",
+                                "To add/modify providers:",
+                                "  1. Run `/og_sanitize off`",
+                                "  2. Modify openclaw.json",
+                                "  3. Run `/og_sanitize on`",
+                                "",
+                                "Configuration modified: ~/.openclaw/openclaw.json",
+                                "To disable, run: `/og_sanitize off`",
+                            ].filter(Boolean).join("\n"),
+                        };
+                    }
+                    catch (err) {
+                        return {
+                            text: [
+                                "**Failed to Enable Gateway**",
+                                "",
+                                `Error: ${err instanceof Error ? err.message : String(err)}`,
+                                "",
+                                "The AI Security Gateway is bundled with MoltGuard.",
+                                "If you see this error, please report it as a bug.",
+                            ].join("\n"),
+                        };
+                    }
+                }
+                else if (command === "off") {
+                    // Disable gateway (only restores agent configs, gateway keeps running)
+                    try {
+                        const status = getGatewayStatus();
+                        if (!status.enabled) {
+                            return {
+                                text: "AI Security Gateway is not currently enabled.",
+                            };
+                        }
+                        const result = disableGateway();
+                        return {
+                            text: [
+                                "**AI Security Gateway Disabled**",
+                                "",
+                                "LLM requests will now go directly to providers (no sanitization).",
+                                "",
+                                `- Providers restored: ${result.providers.join(", ")}`,
+                                "",
+                                result.warnings.length > 0 ? "**Warnings:**" : "",
+                                ...result.warnings.map(w => `  ${w}`),
+                                result.warnings.length > 0 ? "" : "",
+                                "Configuration restored: ~/.openclaw/openclaw.json",
+                                "Note: Gateway server continues running in the plugin process.",
+                            ].filter(Boolean).join("\n"),
+                        };
+                    }
+                    catch (err) {
+                        return {
+                            text: [
+                                "**Failed to Disable Gateway**",
+                                "",
+                                `Error: ${err instanceof Error ? err.message : String(err)}`,
+                            ].join("\n"),
+                        };
+                    }
+                }
+                else {
+                    // Show status
+                    const status = getGatewayStatus();
+                    return {
+                        text: [
+                            "**AI Security Gateway Status**",
+                            "",
+                            `- Enabled: ${status.enabled ? "Yes" : "No"}`,
+                            `- Running: ${status.running ? "Yes" : "No"}`,
+                            `- URL: ${status.url}`,
+                            "",
+                            status.enabled && status.providers.length > 0
+                                ? `Protected providers: ${status.providers.join(", ")}`
+                                : "",
+                            "",
+                            "Usage:",
+                            "  /og_sanitize on  — Enable data sanitization",
+                            "  /og_sanitize off — Disable data sanitization",
+                            "",
+                            "The AI Security Gateway protects sensitive data before sending to LLMs:",
+                            "- API keys → <SECRET_TOKEN>",
+                            "- Email addresses → <EMAIL>",
+                            "- SSH keys → <SSH_PRIVATE_KEY>",
+                            "- Credit cards → <CREDIT_CARD>",
+                            "- And more...",
+                        ].filter(Boolean).join("\n"),
+                    };
+                }
+            },
+        });
+        api.registerCommand({
+            name: "og_scan",
+            description: "Scan workspace files for security risks (skills, plugins, memories, workspace md files)",
+            requireAuth: true,
+            acceptsArgs: true,
+            handler: async (ctx) => {
+                if (!behaviorHooksEnabled) {
+                    return {
+                        text: [
+                            "**Static Scan Disabled**",
+                            "",
+                            "changewayguard 实时防护当前关闭，已跳过网络扫描请求。",
+                            "未激活设备默认关闭；激活后可用 `/ct_guard on` 开启。",
+                            "",
+                            ...getBehaviorHooksStatusText(),
+                        ].join("\n"),
+                    };
+                }
+                ensureCoreCredentials(config.coreUrl);
+                const scanType = ctx.args?.trim().toLowerCase() || "all";
+                // Import workspace scanner
+                const { scanWorkspaceMdFiles, scanFilesByType, getWorkspaceSummary } = await import("./agent/workspace-scanner.js");
+                try {
+                    let filesToScan = [];
+                    if (scanType === "summary" || scanType === "info") {
+                        // Show summary only
+                        const summary = await getWorkspaceSummary();
+                        return {
+                            text: [
+                                "**Workspace File Summary**",
+                                "",
+                                `Total files: ${summary.totalFiles}`,
+                                `Total size: ${(summary.totalSizeBytes / 1024).toFixed(1)} KB`,
+                                "",
+                                "Files by type:",
+                                `- Soul: ${summary.byType.soul}`,
+                                `- Agent: ${summary.byType.agent}`,
+                                `- Memory: ${summary.byType.memory}`,
+                                `- Task: ${summary.byType.task}`,
+                                `- Skill: ${summary.byType.skill}`,
+                                `- Plugin: ${summary.byType.plugin}`,
+                                `- Other: ${summary.byType.other}`,
+                                "",
+                                "Run `/og_scan all` to scan all files for security risks.",
+                            ].join("\n"),
+                        };
+                    }
+                    // Determine what to scan
+                    if (scanType === "all") {
+                        filesToScan = await scanWorkspaceMdFiles();
+                    }
+                    else if (scanType === "memories" || scanType === "memory") {
+                        filesToScan = await scanFilesByType(["memory"]);
+                    }
+                    else if (scanType === "skills" || scanType === "skill") {
+                        filesToScan = await scanFilesByType(["skill"]);
+                    }
+                    else if (scanType === "plugins" || scanType === "plugin") {
+                        filesToScan = await scanFilesByType(["plugin"]);
+                    }
+                    else if (scanType === "workspace") {
+                        filesToScan = await scanFilesByType(["soul", "agent", "task", "other"]);
+                    }
+                    else {
+                        return {
+                            text: [
+                                "**Usage: /og_scan [type]**",
+                                "",
+                                "Types:",
+                                "- `all` — Scan all workspace files (default)",
+                                "- `memories` — Scan memory files only",
+                                "- `skills` — Scan skill files only",
+                                "- `plugins` — Scan plugin files only",
+                                "- `workspace` — Scan workspace md files (soul.md, agent.md, heartbeat.md, etc.)",
+                                "- `summary` — Show file count summary without scanning",
+                                "",
+                                "Examples:",
+                                "  /og_scan all",
+                                "  /og_scan memories",
+                                "  /og_scan workspace",
+                            ].join("\n"),
+                        };
+                    }
+                    if (filesToScan.length === 0) {
+                        return {
+                            text: [
+                                "**No Files Found**",
+                                "",
+                                `No ${scanType === "all" ? "workspace" : scanType} files found to scan.`,
+                            ].join("\n"),
+                        };
+                    }
+                    // Ensure dashboard client is initialized for reporting
+                    if (!globalDashboardClient) {
+                        try {
+                            const fs = await import("node:fs");
+                            const path = await import("node:path");
+                            const os = await import("node:os");
+                            const tokenFile = path.join(os.homedir(), ".openclaw", "credentials", "changewayguard", "dashboard-session-token");
+                            if (fs.existsSync(tokenFile)) {
+                                const tokenData = loadJsonSync(tokenFile);
+                                if (tokenData.token) {
+                                    const port = tokenData.port || 53667;
+                                    initDashboardClient(tokenData.token, `http://localhost:${port}`);
+                                    log.info("Dashboard client initialized from session token");
+                                }
+                            }
+                        }
+                        catch (err) {
+                            log.warn(`Could not initialize dashboard client: ${err}`);
+                        }
+                    }
+                    // Split files into batches of 50 (Core API limit)
+                    const BATCH_SIZE = 50;
+                    const batches = [];
+                    const creds = ensureCoreCredentials(config.coreUrl);
+                    for (let i = 0; i < filesToScan.length; i += BATCH_SIZE) {
+                        batches.push(filesToScan.slice(i, i + BATCH_SIZE));
+                    }
+                    // Scan each batch
+                    const allResults = [];
+                    let totalFilesScanned = 0;
+                    let totalRiskFiles = 0;
+                    for (let batchIdx = 0; batchIdx < batches.length; batchIdx++) {
+                        const batch = batches[batchIdx];
+                        // Call Core API for static scanning
+                        const staticScanUrl = withChangewayOpenPrefix(`${config.coreUrl}/api/v1/static/scan`);
+                        const staticScanRequest = {
+                            agentId: creds.agentId,
+                            files: batch,
+                            meta: {
+                                pluginVersion: PLUGIN_VERSION,
+                                clientTimestamp: new Date().toISOString(),
+                                batch: `${batchIdx + 1}/${batches.length}`,
+                            },
+                        };
+                        const traceId = createTraceId();
+                        logEngineRequest(staticScanUrl, staticScanRequest, traceId);
+                        const res = await fetch(staticScanUrl, {
+                            method: "POST",
+                            headers: {
+                                "Content-Type": "application/json",
+                                traceId,
+                                ...buildSignedAuthHeadersForUrl({
+                                    method: "POST",
+                                    url: staticScanUrl,
+                                    body: staticScanRequest,
+                                    traceId,
+                                }),
+                            },
+                            body: JSON.stringify(staticScanRequest),
+                        });
+                        if (!res.ok) {
+                            const error = await res.text();
+                            logEngineResponse(staticScanUrl, res.status, error || "<empty>", traceId);
+                            return {
+                                text: [
+                                    "**Static Scan Failed**",
+                                    "",
+                                    `Error in batch ${batchIdx + 1}/${batches.length}: ${error}`,
+                                ].join("\n"),
+                            };
+                        }
+                        const data = await res.json();
+                        logEngineResponse(staticScanUrl, res.status, data, traceId);
+                        if (!data.success) {
+                            if (data.data?.quotaExceeded) {
+                                return {
+                                    text: [
+                                        "**Quota Exceeded**",
+                                        "",
+                                        data.data.message || "Your detection quota has been exceeded.",
+                                        "",
+                                        `Quota: ${data.data.quotaUsed}/${data.data.quotaTotal}`,
+                                        "",
+                                        `Scanned ${totalFilesScanned} files before quota limit.`,
+                                        "",
+                                        `To continue scanning, upgrade your plan at: ${config.coreUrl}/login`,
+                                    ].join("\n"),
+                                };
+                            }
+                            return {
+                                text: [
+                                    "**Static Scan Failed**",
+                                    "",
+                                    `Error in batch ${batchIdx + 1}/${batches.length}: ${data.error || "Unknown error"}`,
+                                ].join("\n"),
+                            };
+                        }
+                        const batchResult = data.data;
+                        allResults.push(...batchResult.results);
+                        totalFilesScanned += batchResult.filesScanned;
+                        totalRiskFiles += batchResult.riskFiles;
+                        // Report batch results to dashboard immediately (non-blocking)
+                        if (globalDashboardClient && batchResult.results) {
+                            for (const fileResult of batchResult.results) {
+                                if (fileResult.riskLevel !== "safe") {
+                                    globalDashboardClient
+                                        .reportDetection({
+                                        agentId: creds.agentId,
+                                        safe: fileResult.riskLevel === "safe",
+                                        categories: fileResult.findings.map((f) => f.scanner),
+                                        findings: fileResult.findings,
+                                        sensitivityScore: fileResult.riskLevel === "critical" ? 1.0 :
+                                            fileResult.riskLevel === "high" ? 0.8 :
+                                                fileResult.riskLevel === "medium" ? 0.6 :
+                                                    fileResult.riskLevel === "low" ? 0.4 : 0.0,
+                                        latencyMs: 0,
+                                        scanType: "static",
+                                        filePath: fileResult.path,
+                                        fileType: batch.find((f) => f.path === fileResult.path)?.type,
+                                    })
+                                        .catch((err) => {
+                                        log.warn(`Failed to report detection to dashboard: ${err}`);
+                                    });
+                                }
+                            }
+                        }
+                        else if (!globalDashboardClient) {
+                            log.warn("Dashboard client not initialized - scan results not reported to dashboard");
+                        }
+                        // Report static scan results to business reporter
+                        if (globalBusinessReporter && batchResult.results) {
+                            for (const fileResult of batchResult.results) {
+                                const categories = fileResult.findings?.map((f) => f.scanner) ?? [];
+                                globalBusinessReporter.recordScanResult("static", categories, fileResult.riskLevel !== "safe");
+                            }
+                        }
+                    }
+                    // Combine results from all batches
+                    const result = {
+                        filesScanned: totalFilesScanned,
+                        riskFiles: totalRiskFiles,
+                        results: allResults,
+                    };
+                    // Format results
+                    const criticalFiles = result.results.filter((r) => r.riskLevel === "critical");
+                    const highFiles = result.results.filter((r) => r.riskLevel === "high");
+                    const mediumFiles = result.results.filter((r) => r.riskLevel === "medium");
+                    const lowFiles = result.results.filter((r) => r.riskLevel === "low");
+                    const safeFiles = result.results.filter((r) => r.riskLevel === "safe");
+                    const lines = [
+                        "**Static Security Scan Results**",
+                        "",
+                        `Files scanned: ${result.filesScanned}`,
+                        `Files with risks: ${result.riskFiles}`,
+                        "",
+                        "Risk breakdown:",
+                        `- Critical: ${criticalFiles.length}`,
+                        `- High: ${highFiles.length}`,
+                        `- Medium: ${mediumFiles.length}`,
+                        `- Low: ${lowFiles.length}`,
+                        `- Safe: ${safeFiles.length}`,
+                    ];
+                    // Show critical and high risk files with details
+                    if (criticalFiles.length > 0) {
+                        lines.push("", "**Critical Risks:**");
+                        for (const file of criticalFiles.slice(0, 5)) {
+                            lines.push(`\n- **${file.path}**`);
+                            for (const finding of file.findings.slice(0, 3)) {
+                                lines.push(`  - [${finding.scanner}] ${finding.message}`);
+                            }
+                        }
+                        if (criticalFiles.length > 5) {
+                            lines.push(`\n...and ${criticalFiles.length - 5} more critical files`);
+                        }
+                    }
+                    if (highFiles.length > 0) {
+                        lines.push("", "**High Risks:**");
+                        for (const file of highFiles.slice(0, 3)) {
+                            lines.push(`\n- **${file.path}**`);
+                            for (const finding of file.findings.slice(0, 2)) {
+                                lines.push(`  - [${finding.scanner}] ${finding.message}`);
+                            }
+                        }
+                        if (highFiles.length > 3) {
+                            lines.push(`\n...and ${highFiles.length - 3} more high-risk files`);
+                        }
+                    }
+                    // Show summary for medium/low
+                    if (mediumFiles.length > 0) {
+                        lines.push("", `**Medium Risks:** ${mediumFiles.map((f) => f.path).slice(0, 5).join(", ")}`);
+                        if (mediumFiles.length > 5) {
+                            lines.push(`...and ${mediumFiles.length - 5} more`);
+                        }
+                    }
+                    if (lowFiles.length > 0) {
+                        lines.push("", `**Low Risks:** ${lowFiles.length} files (view in dashboard for details)`);
+                    }
+                    lines.push("", `Full details available in dashboard: /ct_dashboard`);
+                    return { text: lines.join("\n") };
+                }
+                catch (err) {
+                    return {
+                        text: [
+                            "**Static Scan Error**",
+                            "",
+                            `Error: ${err instanceof Error ? err.message : String(err)}`,
+                        ].join("\n"),
+                    };
+                }
+            },
+        });
+        // 开启自动扫描 (on)
+        api.registerCommand({
+            name: "og_autoscan",
+            description: "Enable/disable automatic file scanning on workspace changes",
+            requireAuth: true,
+            acceptsArgs: true,
+            handler: async (ctx) => {
+                const command = ctx.args?.trim().toLowerCase();
+                if (command === "on") {
+                    if (!behaviorHooksEnabled) {
+                        return {
+                            text: [
+                                "**Auto-Scan Disabled**",
+                                "",
+                                "changewayguard 实时防护当前关闭，自动扫描不会发起网络扫描请求。",
+                                "未激活设备默认关闭；激活后可用 `/ct_guard on` 开启。",
+                                "",
+                                ...getBehaviorHooksStatusText(),
+                            ].join("\n"),
+                        };
+                    }
+                    if (autoScanEnabled && globalFileWatcher?.running) {
+                        return {
+                            text: "Auto-scan is already enabled.",
+                        };
+                    }
+                    ensureCoreCredentials(config.coreUrl);
+                    // Create file watcher
+                    globalFileWatcher = new FileWatcher({
+                        onFilesChanged: async (changedFiles) => {
+                            // 1. 检查是否启用
+                            if (!behaviorHooksEnabled)
+                                return;
+                            if (!globalCoreCredentials)
+                                return;
+                            const creds = ensureCoreCredentials(config.coreUrl);
+                            // Import workspace scanner
+                            const { scanWorkspaceMdFiles } = await import("./agent/workspace-scanner.js");
+                            // Get file details for changed files
+                            // 2. 扫描工作区的 .md 文件
+                            const allFiles = await scanWorkspaceMdFiles();
+                            const filesToScan = allFiles.filter(f => changedFiles.some(cf => cf.endsWith(f.path)));
+                            if (filesToScan.length === 0)
+                                return;
+                            log.debug?.(`Auto-scanning ${filesToScan.length} changed file(s)...`);
+                            // Call Core API for scanning
+                            try {
+                                const staticScanUrl = withChangewayOpenPrefix(`${config.coreUrl}/api/v1/static/scan`);
+                                const staticScanRequest = {
+                                    agentId: creds.agentId,
+                                    files: filesToScan,
+                                    meta: {
+                                        pluginVersion: PLUGIN_VERSION,
+                                        clientTimestamp: new Date().toISOString(),
+                                    },
+                                };
+                                const traceId = createTraceId();
+                                logEngineRequest(staticScanUrl, staticScanRequest, traceId);
+                                // 3. 调用云端 API 进行安全扫描
+                                const res = await fetch(staticScanUrl, {
+                                    method: "POST",
+                                    headers: {
+                                        "Content-Type": "application/json",
+                                        traceId,
+                                        ...buildSignedAuthHeadersForUrl({
+                                            method: "POST",
+                                            url: staticScanUrl,
+                                            body: staticScanRequest,
+                                            traceId,
+                                        }),
+                                    },
+                                    body: JSON.stringify(staticScanRequest),
+                                });
+                                if (!res.ok) {
+                                    const errorText = await res.text().catch(() => "");
+                                    logEngineResponse(staticScanUrl, res.status, errorText || "<empty>", traceId);
+                                    return;
+                                }
+                                const data = await res.json();
+                                logEngineResponse(staticScanUrl, res.status, data, traceId);
+                                if (!data.success || !data.data)
+                                    return;
+                                const result = data.data;
+                                // Report to dashboard
+                                if (globalDashboardClient && result.results) {
+                                    for (const fileResult of result.results) {
+                                        if (fileResult.riskLevel !== "safe") {
+                                            // 4. 上报结果到 Dashboard
+                                            globalDashboardClient
+                                                .reportDetection({
+                                                agentId: creds.agentId,
+                                                safe: fileResult.riskLevel === "safe",
+                                                categories: fileResult.findings.map((f) => f.scanner),
+                                                findings: fileResult.findings,
+                                                sensitivityScore: fileResult.riskLevel === "critical" ? 1.0 :
+                                                    fileResult.riskLevel === "high" ? 0.8 :
+                                                        fileResult.riskLevel === "medium" ? 0.6 :
+                                                            fileResult.riskLevel === "low" ? 0.4 : 0.0,
+                                                latencyMs: 0,
+                                                scanType: "static",
+                                                filePath: fileResult.path,
+                                                fileType: filesToScan.find((f) => f.path === fileResult.path)?.type,
+                                            })
+                                                .catch(() => { });
+                                        }
+                                    }
+                                    // Log summary
+                                    const riskCount = result.results.filter((r) => r.riskLevel !== "safe").length;
+                                    if (riskCount > 0) {
+                                        log.info(`Auto-scan found ${riskCount} file(s) with security risks`);
+                                    }
+                                }
+                                // Report auto-scan results to business reporter
+                                if (globalBusinessReporter && result.results) {
+                                    for (const fileResult of result.results) {
+                                        const categories = fileResult.findings?.map((f) => f.scanner) ?? [];
+                                        // 5. 上报结果到商业统计
+                                        globalBusinessReporter.recordScanResult("static", categories, fileResult.riskLevel !== "safe");
+                                    }
+                                }
+                            }
+                            catch (err) {
+                                log.debug?.(`Auto-scan failed: ${err}`);
+                            }
+                        },
+                        logger: log,
+                    });
+                    globalFileWatcher.start();
+                    autoScanEnabled = true;
+                    return {
+                        text: [
+                            "**Auto-Scan Enabled**",
+                            "",
+                            "Workspace files are now being monitored for changes.",
+                            "When a .md file is modified, it will be automatically scanned for security risks.",
+                            "",
+                            `Watching ${globalFileWatcher.watchCount} directories`,
+                            "",
+                            "View scan results in Dashboard: `/ct_dashboard`",
+                            "",
+                            "To disable: `/og_autoscan off`",
+                        ].join("\n"),
+                    };
+                }
+                else if (command === "off") {
+                    if (!autoScanEnabled || !globalFileWatcher?.running) {
+                        return {
+                            text: "Auto-scan is not currently enabled.",
+                        };
+                    }
+                    globalFileWatcher.stop();
+                    autoScanEnabled = false;
+                    return {
+                        text: [
+                            "**Auto-Scan Disabled**",
+                            "",
+                            "File monitoring stopped. Changes will not trigger automatic scans.",
+                            "",
+                            "To re-enable: `/og_autoscan on`",
+                        ].join("\n"),
+                    };
+                }
+                else {
+                    // Show status
+                    return {
+                        text: [
+                            "**Auto-Scan Status**",
+                            "",
+                            `Enabled: ${autoScanEnabled ? "Yes" : "No"}`,
+                            globalFileWatcher?.running ? `Watching: ${globalFileWatcher.watchCount} directories` : "",
+                            "",
+                            "Usage:",
+                            "  /og_autoscan on  — Enable automatic scanning",
+                            "  /og_autoscan off — Disable automatic scanning",
+                            "",
+                            "Auto-scan monitors workspace .md files and automatically scans them",
+                            "when changes are detected. Results are reported to the dashboard.",
+                        ].filter(Boolean).join("\n"),
+                    };
+                }
+            },
+        });
+        // 重置凭证
+        api.registerCommand({
+            name: "og_reset",
+            description: "Reset MoltGuard local identity (MAC authorization mode)",
+            requireAuth: true,
+            handler: async () => {
+                const hadCredentials = globalCoreCredentials !== null;
+                const oldAgentId = globalCoreCredentials?.agentId;
+                // Delete credentials file
+                const deleted = deleteCoreCredentials();
+                // Clear in-memory credentials
+                globalCoreCredentials = null;
+                globalBehaviorDetector = null;
+                if (!deleted && !hadCredentials) {
+                    return {
+                        text: [
+                            "**MoltGuard Reset**",
+                            "",
+                            "No credentials to reset. Local MAC authorization is already active.",
+                        ].join("\n"),
+                    };
+                }
+                const localCreds = buildLocalCredentials(config.coreUrl);
+                globalCoreCredentials = localCreds;
+                if (!globalBehaviorDetector) {
+                    globalBehaviorDetector = new BehaviorDetector({
+                        coreUrl: config.coreUrl,
+                        assessTimeoutMs: Math.min(config.timeoutMs, 3000),
+                        blockOnRisk: config.blockOnRisk,
+                        pluginVersion: PLUGIN_VERSION,
+                    }, log);
+                }
+                deviceActivated = getActivationStatus().activated;
+                applyBehaviorHooksCredentials();
+                return {
+                    text: [
+                        "**MoltGuard Reset Complete**",
+                        "",
+                        oldAgentId ? `- Old Agent ID: ${oldAgentId}` : "",
+                        `- New Agent ID: ${localCreds.agentId}`,
+                        `- Authorization: Bearer ${localCreds.apiKey}`,
+                        ...getBehaviorHooksStatusText(),
+                        "",
+                        "Registration is disabled. MoltGuard now runs in local MAC authorization mode.",
+                    ].filter(Boolean).join("\n"),
+                };
+            },
+        });
+    },
+    //插件卸载
+    async unregister() {
+        if (dashboardHeartbeatTimer) {
+            clearInterval(dashboardHeartbeatTimer);
+            dashboardHeartbeatTimer = null;
+        }
+        if (profileDebounceTimer) {
+            clearTimeout(profileDebounceTimer);
+            profileDebounceTimer = null;
+        }
+        for (const w of profileWatchers) {
+            try {
+                w.close();
+            }
+            catch { /* ignore */ }
+        }
+        profileWatchers = [];
+        // Stop file watcher
+        if (globalFileWatcher) {
+            globalFileWatcher.stop();
+            globalFileWatcher = null;
+        }
+        if (globalWorkspaceAgentsWatcher) {
+            globalWorkspaceAgentsWatcher.stop();
+            globalWorkspaceAgentsWatcher = null;
+        }
+        // Stop event reporter (flush remaining events)
+        if (globalEventReporter) {
+            await globalEventReporter.stop();
+            globalEventReporter = null;
+        }
+        // Stop business reporter (flush remaining telemetry)
+        if (globalBusinessReporter) {
+            await globalBusinessReporter.stop();
+            globalBusinessReporter = null;
+        }
+        // Stop config sync
+        if (globalConfigSync) {
+            globalConfigSync.stop();
+            globalConfigSync = null;
+        }
+        // Stop dashboard client (flush agentic hours)
+        if (globalDashboardClient) {
+            await globalDashboardClient.stop();
+        }
+        // Stop gateway server
+        try {
+            await stopGateway();
+        }
+        catch { /* ignore */ }
+        // Stop personal dashboard process
+        if (personalDashboardStarted) {
+            try {
+                const { stopLocalDashboard } = await import("./dashboard-launcher.js");
+                await stopLocalDashboard();
+            }
+            catch { /* ignore */ }
+            personalDashboardStarted = false;
+        }
+        globalCoreCredentials = null;
+        globalBehaviorDetector = null;
+        globalDashboardClient = null;
+        quotaExceededNotified = false;
+        currentAccountPlan = "free";
+    },
+};
+export default openClawGuardPlugin;
+//# sourceMappingURL=index.js.map