@ynhcj/xiaoyi-channel 0.0.120-next → 0.0.121-next

package/dist/index.js

@@ -1,7 +1,13 @@
 import { definePluginEntry } from "openclaw/plugin-sdk/core";
 import { xiaoyiProvider } from "./src/provider.js";
 import { xyPlugin } from "./src/channel.js";
-import { createCsplMiddleware } from "./src/cspl/middleware.js";
+import { callCsplApiWithConfig } from "./src/cspl/call-api.js";
+import { getCsplConfig, initCsplConfigFromXYConfig } from "./src/cspl/config.js";
+import { ALLOWED_TOOLS, MAX_TEXT_LENGTH, MAX_TOTAL_LENGTH, MIN_TEXT_LENGTH, STEER_ABORT_MESSAGE, } from "./src/cspl/constants.js";
+import { extractResultText, parseSecurityResult, processText, validateAndTruncateText, } from "./src/cspl/utils.js";
+import { injectCsplSteer } from "./src/cspl/steer-context.js";
+import { getSessionContext } from "./src/tools/session-manager.js";
+import { logger } from "./src/utils/logger.js";
 import { setXYRuntime } from "./src/runtime.js";
 import { registerSelfEvolutionToolResultNudge } from "./src/self-evolution-tool-result-nudge.js";
 import { createBeforePromptBuildHandler } from "./src/skill-retriever/hooks.js";
@@ -19,11 +25,56 @@ function registerFullHooks(api) {
     const beforePromptBuildHandler = createBeforePromptBuildHandler(skillRetrieverConfig);
     api.on("before_prompt_build", beforePromptBuildHandler);
     registerSelfEvolutionToolResultNudge(api);
-    // CSPL security scanning via AgentToolResultMiddleware.
-    // Intercepts tool results BEFORE they reach the LLM, replacing them
-    // with a security rejection message when CSPL returns REJECT.
-    api.registerAgentToolResultMiddleware(createCsplMiddleware(), {
-        runtimes: ["pi"],
+    // CSPL security scanning via after_tool_call hook.
+    // When CSPL returns REJECT, injects a steer message (with /steer prefix)
+    // into the active Pi run to interrupt the agent.
+    api.on("after_tool_call", async (event, ctx) => {
+        if (!ALLOWED_TOOLS.includes(event.toolName)) {
+            return;
+        }
+        try {
+            const resultText = extractResultText(event, event.toolName);
+            const resultLength = resultText.length;
+            if (resultLength <= MIN_TEXT_LENGTH || resultLength > MAX_TOTAL_LENGTH) {
+                return;
+            }
+            logger.log(`[SENTINEL HOOK] after_tool_call: toolName=${event.toolName}, textLength=${resultLength}`);
+            const questionText = {
+                subSceneID: "TOOL_OUTPUT",
+                tool: event.toolName,
+                output: [{ content: "" }],
+            };
+            const originText = processText(resultText);
+            questionText.output[0].content = originText;
+            let finalJson = JSON.stringify(questionText);
+            if (finalJson.length > MAX_TEXT_LENGTH) {
+                const diff = finalJson.length - MAX_TEXT_LENGTH;
+                const { text: trimmed } = validateAndTruncateText(originText, MAX_TEXT_LENGTH - diff);
+                questionText.output[0].content = trimmed;
+                finalJson = JSON.stringify(questionText);
+            }
+            const sessionCtx = getSessionContext(ctx.sessionKey ?? "");
+            const csplConfig = sessionCtx
+                ? initCsplConfigFromXYConfig(sessionCtx.config)
+                : getCsplConfig();
+            const csplStartTime = Date.now();
+            const response = await callCsplApiWithConfig(finalJson, csplConfig);
+            const csplElapsed = Date.now() - csplStartTime;
+            const result = parseSecurityResult(response);
+            logger.log(`[SENTINEL HOOK] Security result: status=${result.status}, toolName=${event.toolName}, elapsed=${csplElapsed}ms`);
+            if (result.status === "REJECT") {
+                logger.log(`[SENTINEL HOOK] REJECT - injecting steer message`);
+                if (sessionCtx) {
+                    await injectCsplSteer(sessionCtx.sessionId, sessionCtx.taskId, STEER_ABORT_MESSAGE);
+                }
+                else {
+                    logger.error("[SENTINEL HOOK] No session context, cannot inject steer");
+                }
+            }
+        }
+        catch (err) {
+            logger.error(`[SENTINEL HOOK] after_tool_call error: ${err}`);
+        }
     });
 }
 export default definePluginEntry({

package/dist/src/bot.js

@@ -12,6 +12,7 @@ import { getPushDataById } from "./utils/pushdata-manager.js";
 import { selfEvolutionManager } from "./utils/self-evolution-manager.js";
 import { saveRuntimeInfo } from "./utils/runtime-manager.js";
 import { toolCallNudgeManager } from "./utils/tool-call-nudge-manager.js";
+import { setCsplSteerContext } from "./cspl/steer-context.js";
 import { registerTaskId, decrementTaskIdRef, hasActiveTask, } from "./task-manager.js";
 import { logger } from "./utils/logger.js";
 /**
@@ -21,6 +22,8 @@ import { logger } from "./utils/logger.js";
  */
 export async function handleXYMessage(params) {
     const { cfg, runtime, message, accountId, webSocketSessionId } = params;
+    // Cache context for CSPL steer injection (after_tool_call hook)
+    setCsplSteerContext(cfg, runtime, accountId);
     // Get runtime (already validated in monitor.ts, but get reference for use)
     const core = getXYRuntime();
     try {

package/dist/src/cspl/steer-context.d.ts

@@ -0,0 +1,12 @@
+import type { ClawdbotConfig, RuntimeEnv } from "openclaw/plugin-sdk";
+export declare function setCsplSteerContext(cfg: ClawdbotConfig, runtime: RuntimeEnv, accountId: string): void;
+export declare function getCsplSteerContext(): {
+    cfg: ClawdbotConfig | null;
+    runtime: RuntimeEnv | null;
+    accountId: string;
+};
+/**
+ * Inject a steer message into the given session by constructing a synthetic
+ * A2A message and dispatching it through handleXYMessage.
+ */
+export declare function injectCsplSteer(sessionId: string, taskId: string, message: string): Promise<boolean>;

package/dist/src/cspl/steer-context.js

@@ -0,0 +1,52 @@
+import { handleXYMessage } from "../bot.js";
+import { logger } from "../utils/logger.js";
+import { randomUUID } from "node:crypto";
+let cachedCfg = null;
+let cachedRuntime = null;
+let cachedAccountId = "default";
+export function setCsplSteerContext(cfg, runtime, accountId) {
+    cachedCfg = cfg;
+    cachedRuntime = runtime;
+    cachedAccountId = accountId;
+}
+export function getCsplSteerContext() {
+    return { cfg: cachedCfg, runtime: cachedRuntime, accountId: cachedAccountId };
+}
+/**
+ * Inject a steer message into the given session by constructing a synthetic
+ * A2A message and dispatching it through handleXYMessage.
+ */
+export async function injectCsplSteer(sessionId, taskId, message) {
+    if (!cachedCfg || !cachedRuntime) {
+        logger.error("[CSPL STEER] No cached cfg/runtime, cannot inject steer");
+        return false;
+    }
+    const syntheticMessage = {
+        jsonrpc: "2.0",
+        method: "tasks/send",
+        id: `cspl-steer-${randomUUID()}`,
+        params: {
+            sessionId,
+            id: taskId,
+            agentLoginSessionId: "",
+            message: {
+                role: "user",
+                parts: [{ kind: "text", text: message }],
+            },
+        },
+    };
+    logger.log(`[CSPL STEER] Injecting steer for sessionId=${sessionId}, taskId=${taskId}`);
+    try {
+        await handleXYMessage({
+            cfg: cachedCfg,
+            runtime: cachedRuntime,
+            message: syntheticMessage,
+            accountId: cachedAccountId,
+        });
+        return true;
+    }
+    catch (err) {
+        logger.error(`[CSPL STEER] Failed to inject steer: ${err}`);
+        return false;
+    }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ynhcj/xiaoyi-channel",
-  "version": "0.0.120-next",
+  "version": "0.0.121-next",
   "description": "OpenClaw Xiaoyi Channel plugin - Xiaoyi A2A protocol integration",
   "type": "module",
   "main": "./dist/index.js",