@ynhcj/xiaoyi-channel 0.0.134-beta → 0.0.136-beta

package/dist/index.js

@@ -1,12 +1,8 @@
 import { definePluginEntry } from "openclaw/plugin-sdk/core";
 import { xiaoyiProvider } from "./src/provider.js";
 import { xyPlugin } from "./src/channel.js";
-import { callCsplApi } from "./src/cspl/call-api.js";
-import { ALLOWED_TOOLS, MAX_TEXT_LENGTH, MAX_TOTAL_LENGTH, MIN_TEXT_LENGTH, STEER_ABORT_MESSAGE, } from "./src/cspl/constants.js";
-import { extractResultText, parseSecurityResult, processText, validateAndTruncateText, } from "./src/cspl/utils.js";
+import { createCsplMiddleware } from "./src/cspl/middleware.js";
 import { setXYRuntime } from "./src/runtime.js";
-import { logger } from "./src/utils/logger.js";
-import { tryInjectSteer } from "./src/steer-injector.js";
 import { registerSelfEvolutionToolResultNudge } from "./src/self-evolution-tool-result-nudge.js";
 import { createBeforePromptBuildHandler } from "./src/skill-retriever/hooks.js";
 import { normalizeToolRetrieverConfig } from "./src/skill-retriever/config.js";
@@ -23,41 +19,11 @@ function registerFullHooks(api) {
     const beforePromptBuildHandler = createBeforePromptBuildHandler(skillRetrieverConfig);
     api.on("before_prompt_build", beforePromptBuildHandler);
     registerSelfEvolutionToolResultNudge(api);
-    api.on("after_tool_call", async (event, ctx) => {
-        if (!ALLOWED_TOOLS.includes(event.toolName)) {
-            return;
-        }
-        logger.log(`[SENTINEL HOOK] after_tool_call triggered: toolName=${event.toolName}, sessionKey=${ctx.sessionKey ?? "none"}`);
-        try {
-            const resultText = extractResultText(event, event.toolName);
-            const resultLength = resultText.length;
-            if (resultLength <= MIN_TEXT_LENGTH || resultLength > MAX_TOTAL_LENGTH) {
-                return;
-            }
-            const questionText = {
-                subSceneID: "TOOL_OUTPUT",
-                tool: event.toolName,
-                output: [{ content: "" }],
-            };
-            const originText = processText(resultText);
-            questionText.output[0].content = originText;
-            let finalJson = JSON.stringify(questionText);
-            if (finalJson.length > MAX_TEXT_LENGTH) {
-                const diff = finalJson.length - MAX_TEXT_LENGTH;
-                const { text: trimmed } = validateAndTruncateText(originText, MAX_TEXT_LENGTH - diff);
-                questionText.output[0].content = trimmed;
-                finalJson = JSON.stringify(questionText);
-            }
-            const response = await callCsplApi(finalJson, api.config);
-            const result = parseSecurityResult(response);
-            logger.log(`[SENTINEL HOOK] Security result: status=${result.status}`);
-            if (result.status === "REJECT") {
-                await tryInjectSteer(ctx.sessionKey, STEER_ABORT_MESSAGE);
-            }
-        }
-        catch (err) {
-            logger.error(`[SENTINEL HOOK] after_tool_call error: ${err}`);
-        }
+    // CSPL security scanning via AgentToolResultMiddleware.
+    // Intercepts tool results BEFORE they reach the LLM, replacing them
+    // with a security rejection message when CSPL returns REJECT.
+    api.registerAgentToolResultMiddleware(createCsplMiddleware(), {
+        runtimes: ["pi"],
     });
 }
 export default definePluginEntry({

package/dist/src/bot.js

@@ -1,5 +1,4 @@
 import { getXYRuntime } from "./runtime.js";
-import { setCachedContext } from "./steer-injector.js";
 import { createXYReplyDispatcher } from "./reply-dispatcher.js";
 import { parseA2AMessage, extractTextFromParts, extractFileParts, extractPushId, extractDeviceType, extractTriggerData } from "./parser.js";
 import { downloadFilesFromParts } from "./file-download.js";
@@ -13,7 +12,7 @@ import { getPushDataById } from "./utils/pushdata-manager.js";
 import { selfEvolutionManager } from "./utils/self-evolution-manager.js";
 import { saveRuntimeInfo } from "./utils/runtime-manager.js";
 import { toolCallNudgeManager } from "./utils/tool-call-nudge-manager.js";
-import { registerTaskId, decrementTaskIdRef, lockTaskId, unlockTaskId, hasActiveTask, } from "./task-manager.js";
+import { registerTaskId, decrementTaskIdRef, hasActiveTask, } from "./task-manager.js";
 import { logger } from "./utils/logger.js";
 /**
  * Handle an incoming A2A message.
@@ -22,8 +21,6 @@ import { logger } from "./utils/logger.js";
  */
 export async function handleXYMessage(params) {
     const { cfg, runtime, message, accountId, webSocketSessionId } = params;
-    // 每次收到消息时更新缓存，供 steer 注入使用
-    setCachedContext(cfg, runtime, accountId);
     // Get runtime (already validated in monitor.ts, but get reference for use)
     const core = getXYRuntime();
     try {
@@ -99,22 +96,14 @@ export async function handleXYMessage(params) {
             }
         }
         // ========================================
-        // 🔑 检测steer模式和是否是第二条消息
-        const isSteerMode = cfg.messages?.queue?.mode === "steer";
-        const isSecondMessage = isSteerMode && hasActiveTask(parsed.sessionId);
-        if (isSecondMessage) {
-            logger.log(`[BOT] 🔄 STEER MODE - Second message detected (will be follower)`);
+        // 🔑 注册taskId（检测是否是已有活跃任务的 session）
+        const isUpdate = hasActiveTask(parsed.sessionId);
+        if (isUpdate) {
+            logger.log(`[BOT] 🔄 STEER MODE - Second message detected (core will handle steer)`);
             logger.log(`[BOT]   - Session: ${parsed.sessionId}`);
-            logger.log(`[BOT]   - New taskId: ${parsed.taskId} (will replace current)`);
-        }
-        // 🔑 注册taskId（第二条消息会覆盖第一条的taskId）
-        const { isUpdate, refCount } = registerTaskId(parsed.sessionId, parsed.taskId, parsed.messageId, { incrementRef: true } // 增加引用计数
-        );
-        // 🔑 如果是第一条消息，锁定taskId防止被过早清理
-        if (!isUpdate) {
-            lockTaskId(parsed.sessionId);
-            logger.log(`[BOT] 🔒 Locked taskId for first message`);
+            logger.log(`[BOT]   - New taskId: ${parsed.taskId}`);
         }
+        registerTaskId(parsed.sessionId, parsed.taskId, parsed.messageId);
         // Extract and update push_id if present
         const pushId = extractPushId(parsed.parts);
         if (pushId) {
@@ -163,14 +152,14 @@ export async function handleXYMessage(params) {
             agentId: route.accountId,
             deviceType,
         });
-        // 🔑 发送初始状态更新（第二条消息也要发，用新taskId）
+        // 🔑 发送初始状态更新
         logger.log(`[STATUS] Sending initial status update for session ${parsed.sessionId}`);
         void sendStatusUpdate({
             config,
             sessionId: parsed.sessionId,
             taskId: parsed.taskId,
             messageId: parsed.messageId,
-            text: isSecondMessage ? "新消息已接收，正在处理..." : "任务正在处理中，请稍候~",
+            text: "任务正在处理中，请稍候~",
             state: "working",
         }).catch((err) => {
             logger.error(`Failed to send initial status update:`, err);
@@ -197,6 +186,11 @@ export async function handleXYMessage(params) {
                 logger.error(`[SELF_EVOLUTION] Failed to append inline keyword nudge: ${String(selfEvolutionError)}`);
             }
         }
+        // 🔑 Steer消息加 /steer 前缀，触发core的 queueEmbeddedPiMessage
+        if (isUpdate && textForAgent) {
+            textForAgent = `/steer ${textForAgent}`;
+            logger.log(`[BOT] 🔄 Prepended /steer for steer injection`);
+        }
         const fileParts = extractFileParts(parsed.parts);
         // Download files to local disk
         const downloadedFiles = await downloadFilesFromParts(fileParts);
@@ -242,7 +236,11 @@ export async function handleXYMessage(params) {
             ReplyToBody: undefined, // A2A protocol doesn't support reply/quote
             ...mediaPayload,
         });
-        // 🔑 创建dispatcher（dispatcher会自动使用动态taskId）
+        // 🔑 Dynamic steer state: when isUpdate (second message), start as steered=true
+        // so the dispatcher skips all user-facing callbacks (deliver, onIdle, etc.)
+        // and onSettled skips cleanup.
+        const steerState = { steered: isUpdate };
+        // 🔑 创建dispatcher
         logger.log(`[BOT-DISPATCHER] 🎯 Creating reply dispatcher`);
         logger.log(`[BOT-DISPATCHER]   - taskId: ${parsed.taskId}`);
         const { dispatcher, replyOptions, markDispatchIdle, startStatusInterval } = createXYReplyDispatcher({
@@ -252,14 +250,9 @@ export async function handleXYMessage(params) {
             taskId: parsed.taskId,
             messageId: parsed.messageId,
             accountId: route.accountId,
-            isSteerFollower: isSecondMessage, // 🔑 标记第二条消息
+            steerState,
         });
-        // 🔑 只有第一条消息启动状态定时器
-        // 第二条消息会很快返回，不需要定时器
-        if (!isSecondMessage) {
-            startStatusInterval();
-            logger.log(`[BOT-DISPATCHER] ✅ Status interval started for first message`);
-        }
+        startStatusInterval();
         // Build session context for AsyncLocalStorage
         const sessionContext = {
             config,
@@ -274,15 +267,13 @@ export async function handleXYMessage(params) {
             dispatcher,
             onSettled: () => {
                 logger.log(`[BOT] 🏁 onSettled called for session: ${route.sessionKey}`);
-                logger.log(`[BOT]   - isSecondMessage: ${isSecondMessage}`);
-                // 🔑 减少引用计数
-                decrementTaskIdRef(parsed.sessionId);
-                // 🔑 如果是第一条消息完成，解锁
-                if (!isSecondMessage) {
-                    unlockTaskId(parsed.sessionId);
-                    logger.log(`[BOT] 🔓 Unlocked taskId (first message completed)`);
+                logger.log(`[BOT]   - steered: ${steerState.steered}`);
+                // 🔑 When steered, skip heavy cleanup — the first message's dispatcher is still running
+                if (steerState.steered) {
+                    logger.log(`[BOT] ✅ Steered dispatch settled (skipping cleanup)`);
+                    return;
                 }
-                // 减少session引用计数
+                decrementTaskIdRef(parsed.sessionId);
                 unregisterSession(route.sessionKey);
                 logger.log(`[BOT] ✅ Cleanup completed`);
             },
@@ -339,7 +330,6 @@ export async function handleXYMessage(params) {
                 logger.log(`[BOT] 🧹 Cleaning up after error: ${sessionId}`);
                 // 清理 taskId
                 decrementTaskIdRef(sessionId);
-                unlockTaskId(sessionId);
                 // 清理 session
                 const core = getXYRuntime();
                 const route = core.channel.routing.resolveAgentRoute({

package/dist/src/cspl/call-api.d.ts

@@ -1,3 +1,9 @@
 import type { ClawdbotConfig } from "openclaw/plugin-sdk";
+import { type CsplConfig } from "./config.js";
 import type { ApiResponse } from "./constants.js";
 export declare function callCsplApi(questionText: string, cfg: ClawdbotConfig): Promise<ApiResponse>;
+/**
+ * Call CSPL API with a pre-resolved CsplConfig.
+ * Used by AgentToolResultMiddleware which doesn't have ClawdbotConfig.
+ */
+export declare function callCsplApiWithConfig(questionText: string, config: CsplConfig): Promise<ApiResponse>;

package/dist/src/cspl/call-api.js

@@ -88,3 +88,51 @@ export async function callCsplApi(questionText, cfg) {
         req.end();
     });
 }
+/**
+ * Call CSPL API with a pre-resolved CsplConfig.
+ * Used by AgentToolResultMiddleware which doesn't have ClawdbotConfig.
+ */
+export async function callCsplApiWithConfig(questionText, config) {
+    const headers = buildHeaders(config);
+    const payload = {
+        questionText,
+        textSource: config.textSource,
+        action: config.action,
+        extra: JSON.stringify({ userId: config.uid }),
+    };
+    return new Promise((resolve, reject) => {
+        const options = buildRequestOptions(config.api.url, headers, config.api.timeout);
+        const req = https.request(options, (res) => {
+            if (res.statusCode && res.statusCode >= HTTP_STATUS_BAD_REQUEST) {
+                reject(new Error(`[SENTINEL HOOK] HTTP error: ${res.statusCode}`));
+                return;
+            }
+            let data = "";
+            res.on("data", (chunk) => {
+                data += chunk;
+            });
+            res.on("end", () => {
+                try {
+                    const result = parseResponse(data);
+                    logger.log(`[SENTINEL HOOK] ✅ 请求成功`);
+                    resolve(result);
+                }
+                catch (e) {
+                    logger.error(`[SENTINEL HOOK] ❌ 请求失败: ${e instanceof Error ? e.message : String(e)}`);
+                    reject(e);
+                }
+            });
+        });
+        req.on("error", (error) => {
+            logger.error(`[SENTINEL HOOK] ❌ 请求错误: ${error instanceof Error ? error.message : String(error)}`);
+            reject(error);
+        });
+        req.on("timeout", () => {
+            logger.error(`[SENTINEL HOOK] ⏰ 请求超时 (${config.api.timeout}ms)`);
+            req.destroy();
+            reject(new Error("[SENTINEL HOOK] Request timeout"));
+        });
+        req.write(JSON.stringify(payload));
+        req.end();
+    });
+}

package/dist/src/cspl/config.d.ts

@@ -1,4 +1,5 @@
 import type { ClawdbotConfig } from "openclaw/plugin-sdk";
+import type { XYChannelConfig } from "../types.js";
 export interface ApiConfig {
     url: string;
     timeout: number;
@@ -15,5 +16,14 @@ export interface CsplConfig {
 /**
  * 构建 CSPL 配置。uid 和 apiKey 复用 XYChannelConfig，避免重复配置。
  * serviceUrl 从 .xiaoyienv 文件读取，skillId 写死在常量中。
+ *
+ * Accepts either ClawdbotConfig (legacy after_tool_call path) or
+ * XYChannelConfig (AgentToolResultMiddleware path).  Config is cached
+ * after the first successful call so subsequent calls can omit the arg.
  */
-export declare function getCsplConfig(cfg: ClawdbotConfig): CsplConfig;
+export declare function getCsplConfig(cfg?: ClawdbotConfig): CsplConfig;
+/**
+ * Initialize CSPL config from an already-resolved XYChannelConfig.
+ * Used by AgentToolResultMiddleware which has session context but not ClawdbotConfig.
+ */
+export declare function initCsplConfigFromXYConfig(xyConfig: XYChannelConfig): CsplConfig;

package/dist/src/cspl/config.js

@@ -27,10 +27,17 @@ function readServiceUrl() {
 /**
  * 构建 CSPL 配置。uid 和 apiKey 复用 XYChannelConfig，避免重复配置。
  * serviceUrl 从 .xiaoyienv 文件读取，skillId 写死在常量中。
+ *
+ * Accepts either ClawdbotConfig (legacy after_tool_call path) or
+ * XYChannelConfig (AgentToolResultMiddleware path).  Config is cached
+ * after the first successful call so subsequent calls can omit the arg.
  */
 export function getCsplConfig(cfg) {
     if (cachedConfig)
         return cachedConfig;
+    if (!cfg) {
+        throw new Error("[SENTINEL HOOK] CSPL config not initialized: pass ClawdbotConfig on first call");
+    }
     const xyConfig = resolveXYConfig(cfg);
     const serviceUrl = readServiceUrl();
     cachedConfig = {
@@ -48,3 +55,26 @@ export function getCsplConfig(cfg) {
     logger.log("[SENTINEL HOOK] Config loaded (uid/apiKey from XYChannelConfig)");
     return cachedConfig;
 }
+/**
+ * Initialize CSPL config from an already-resolved XYChannelConfig.
+ * Used by AgentToolResultMiddleware which has session context but not ClawdbotConfig.
+ */
+export function initCsplConfigFromXYConfig(xyConfig) {
+    if (cachedConfig)
+        return cachedConfig;
+    const serviceUrl = readServiceUrl();
+    cachedConfig = {
+        api: {
+            url: `${serviceUrl}${API_URL_SUFFIX}`,
+            timeout: CSPL_STATIC_CONFIG.api.timeout,
+        },
+        uid: xyConfig.uid,
+        apiKey: xyConfig.apiKey,
+        skillId: CSPL_STATIC_CONFIG.skillId,
+        requestFrom: CSPL_STATIC_CONFIG.requestFrom,
+        textSource: CSPL_STATIC_CONFIG.textSource,
+        action: CSPL_STATIC_CONFIG.action,
+    };
+    logger.log("[SENTINEL HOOK] Config loaded via XYChannelConfig");
+    return cachedConfig;
+}

package/dist/src/cspl/middleware.d.ts

@@ -0,0 +1,8 @@
+import type { AgentToolResultMiddleware } from "openclaw/plugin-sdk/agent-harness-runtime";
+/**
+ * Create the CSPL AgentToolResultMiddleware.
+ *
+ * Gets XYChannelConfig from session context (via sessionKey) to initialize
+ * the CSPL API config on first call, then caches it for subsequent calls.
+ */
+export declare function createCsplMiddleware(): AgentToolResultMiddleware;

package/dist/src/cspl/middleware.js

@@ -0,0 +1,87 @@
+// CSPL AgentToolResultMiddleware
+// Replaces the after_tool_call hook with a middleware that intercepts tool results
+// BEFORE they reach the LLM, enabling true security interruption.
+import { callCsplApiWithConfig } from "./call-api.js";
+import { getCsplConfig, initCsplConfigFromXYConfig } from "./config.js";
+import { ALLOWED_TOOLS, MAX_TEXT_LENGTH, MAX_TOTAL_LENGTH, MIN_TEXT_LENGTH, STEER_ABORT_MESSAGE, } from "./constants.js";
+import { parseSecurityResult, processText, validateAndTruncateText, } from "./utils.js";
+import { getSessionContext } from "../tools/session-manager.js";
+import { logger } from "../utils/logger.js";
+/**
+ * Extract text content from an OpenClawAgentToolResult.
+ */
+function extractMiddlewareResultText(event) {
+    const result = event.result;
+    if (!result?.content || !Array.isArray(result.content)) {
+        return "";
+    }
+    const texts = [];
+    // Special handling for web_fetch: text is in details.text
+    if (event.toolName === "web_fetch" && result.details?.text) {
+        texts.push(String(result.details.text));
+    }
+    else {
+        for (const item of result.content) {
+            if (item?.type === "text" && typeof item.text === "string") {
+                texts.push(item.text);
+            }
+        }
+    }
+    return texts.length > 0 ? texts.join("; ") : "";
+}
+/**
+ * Create the CSPL AgentToolResultMiddleware.
+ *
+ * Gets XYChannelConfig from session context (via sessionKey) to initialize
+ * the CSPL API config on first call, then caches it for subsequent calls.
+ */
+export function createCsplMiddleware() {
+    return async (event, ctx) => {
+        if (!ALLOWED_TOOLS.includes(event.toolName)) {
+            return;
+        }
+        try {
+            const resultText = extractMiddlewareResultText(event);
+            const resultLength = resultText.length;
+            if (resultLength <= MIN_TEXT_LENGTH || resultLength > MAX_TOTAL_LENGTH) {
+                return;
+            }
+            // Build CSPL request payload
+            const questionText = {
+                subSceneID: "TOOL_OUTPUT",
+                tool: event.toolName,
+                output: [{ content: "" }],
+            };
+            const originText = processText(resultText);
+            questionText.output[0].content = originText;
+            let finalJson = JSON.stringify(questionText);
+            if (finalJson.length > MAX_TEXT_LENGTH) {
+                const diff = finalJson.length - MAX_TEXT_LENGTH;
+                const { text: trimmed } = validateAndTruncateText(originText, MAX_TEXT_LENGTH - diff);
+                questionText.output[0].content = trimmed;
+                finalJson = JSON.stringify(questionText);
+            }
+            // Get CSPL config (cached after first call)
+            // Try session context first (XYChannelConfig), then fall back to cached config
+            const sessionCtx = getSessionContext(ctx.sessionKey ?? "");
+            const csplConfig = sessionCtx
+                ? initCsplConfigFromXYConfig(sessionCtx.config)
+                : getCsplConfig();
+            const response = await callCsplApiWithConfig(finalJson, csplConfig);
+            const result = parseSecurityResult(response);
+            logger.log(`[CSPL MIDDLEWARE] Security result: status=${result.status}, toolName=${event.toolName}`);
+            if (result.status === "REJECT") {
+                logger.log(`[CSPL MIDDLEWARE] REJECT - replacing tool result with security message`);
+                return {
+                    result: {
+                        content: [{ type: "text", text: STEER_ABORT_MESSAGE }],
+                        details: {},
+                    },
+                };
+            }
+        }
+        catch (err) {
+            logger.error(`[CSPL MIDDLEWARE] Error: ${err}`);
+        }
+    };
+}

package/dist/src/login-token-handler.js

@@ -14,11 +14,13 @@ const TOKEN_FILE_PATH = "/home/sandbox/.openclaw/.xiaoyitoken.json";
 export function handleLoginTokenEvent(context, runtime) {
     try {
         const clientId = context.event?.payload?.clientId;
+        const message = context.event?.payload?.message ?? "";
+        const code = context.event?.payload?.code ?? "";
         if (!clientId || typeof clientId !== "string") {
             logger.error("[LOGIN_TOKEN_HANDLER] invalid payload: missing clientId");
             return;
         }
-        logger.log(`[LOGIN_TOKEN_HANDLER] received login token event, clientId=${clientId}`);
+        logger.log(`[LOGIN_TOKEN_HANDLER] received login token event, clientId=${clientId}, code=${code}`);
         // Ensure directory exists
         const dir = dirname(TOKEN_FILE_PATH);
         if (!existsSync(dir)) {
@@ -41,13 +43,15 @@ export function handleLoginTokenEvent(context, runtime) {
         const now = String(Date.now());
         const existing = tokens.find((t) => t.clientId === clientId);
         if (existing) {
-            // Update timestamp
+            // Update timestamp, message, code
             existing.timestamp = now;
-            logger.log(`[LOGIN_TOKEN_HANDLER] updated timestamp for clientId=${clientId}`);
+            existing.message = message;
+            existing.code = code;
+            logger.log(`[LOGIN_TOKEN_HANDLER] updated entry for clientId=${clientId}`);
         }
         else {
             // Insert new entry
-            tokens.push({ clientId, timestamp: now });
+            tokens.push({ clientId, timestamp: now, message, code });
             logger.log(`[LOGIN_TOKEN_HANDLER] inserted new entry for clientId=${clientId}`);
         }
         writeFileSync(TOKEN_FILE_PATH, JSON.stringify(tokens, null, 2), "utf-8");

package/dist/src/reply-dispatcher.d.ts

@@ -6,7 +6,9 @@ export interface CreateXYReplyDispatcherParams {
     taskId: string;
     messageId: string;
     accountId: string;
-    isSteerFollower?: boolean;
+    steerState: {
+        steered: boolean;
+    };
 }
 /**
  * 清理 /tmp/xy_channel 目录中超过 24 小时的旧文件

package/dist/src/reply-dispatcher.js

@@ -45,10 +45,9 @@ export async function cleanupStaleTempFiles(tempDir = "/tmp/xy_channel") {
  * Runtime is expected to be validated before calling this function.
  */
 export function createXYReplyDispatcher(params) {
-    const { cfg, runtime, sessionId, taskId, messageId, accountId, isSteerFollower } = params;
+    const { cfg, runtime, sessionId, taskId, messageId, accountId, steerState } = params;
     logger.log(`[DISPATCHER-CREATE] ******* Creating dispatcher *******`);
     logger.log(`[DISPATCHER-CREATE]   - taskId: ${taskId}`);
-    logger.log(`[DISPATCHER-CREATE]   - isSteerFollower: ${isSteerFollower ?? false}`);
     // 初始taskId和messageId（作为fallback）
     const initialTaskId = taskId;
     const initialMessageId = messageId;
@@ -111,9 +110,14 @@ export function createXYReplyDispatcher(params) {
         humanDelay: core.channel.reply.resolveHumanDelayConfig(cfg, accountId),
         onReplyStart: () => {
             const currentTaskId = getActiveTaskId();
-            logger.log(`[REPLY START] Reply started for session ${sessionId}, taskId=${currentTaskId}, isSteerFollower=${isSteerFollower}`);
+            logger.log(`[REPLY START] Reply started for session ${sessionId}, taskId=${currentTaskId}, steered=${steerState.steered}`);
         },
         deliver: async (payload, info) => {
+            // 🔑 steered dispatch不发送内容（让主dispatcher处理）
+            if (steerState.steered) {
+                logger.log(`[DELIVER] Steered dispatch - skipping deliver, info.kind=${info?.kind}`);
+                return;
+            }
             const text = payload.text ?? "";
             const currentTaskId = getActiveTaskId();
             const currentMessageId = getActiveMessageId();
@@ -143,9 +147,9 @@ export function createXYReplyDispatcher(params) {
         onError: async (err, info) => {
             runtime.error?.(`xy: ${info.kind} reply failed: ${String(err)}`);
             stopStatusInterval();
-            // 🔑 steer follower不发送错误状态（让主dispatcher处理）
-            if (isSteerFollower) {
-                logger.log(`[ON_ERROR] Steer follower - skipping error response`);
+            // 🔑 steered dispatcher不发送错误状态（让主dispatcher处理）
+            if (steerState.steered) {
+                logger.log(`[ON_ERROR] Steered dispatch - skipping error response`);
                 return;
             }
             if (!hasSentResponse) {
@@ -172,17 +176,16 @@ export function createXYReplyDispatcher(params) {
             logger.log(`[ON_IDLE] Reply idle`);
             logger.log(`[ON_IDLE]   - sessionId: ${sessionId}`);
             logger.log(`[ON_IDLE]   - taskId: ${currentTaskId}`);
-            logger.log(`[ON_IDLE]   - isSteerFollower: ${isSteerFollower}`);
+            logger.log(`[ON_IDLE]   - steered: ${steerState.steered}`);
             logger.log(`[ON_IDLE]   - hasSentResponse: ${hasSentResponse}`);
             logger.log(`[ON_IDLE]   - finalSent: ${finalSent}`);
-            // 🔑 核心改动：steer follower不发送final响应
-            if (isSteerFollower) {
-                logger.log(`[ON_IDLE] Steer follower - skipping final response`);
-                logger.log(`[ON_IDLE]   - Message queued successfully, waiting for primary dispatcher`);
+            // 🔑 steered dispatch不发送final响应（核心已注入到活跃 Pi run）
+            if (steerState.steered) {
+                logger.log(`[ON_IDLE] Steered dispatch - skipping final response`);
                 stopStatusInterval();
                 return; // ← 直接返回，不发送任何东西！
             }
-            // 正常模式（或steer的第一条消息）
+            // 正常模式（或未被steer的dispatch）
             if (hasSentResponse && !finalSent) {
                 logger.log(`[ON_IDLE] Sending accumulated text, length=${accumulatedText.length}`);
                 try {
@@ -214,7 +217,7 @@ export function createXYReplyDispatcher(params) {
                 }
             }
             else {
-                // 正常失败场景（非steer follower）
+                // 正常失败场景（非steered）
                 logger.log(`[ON_IDLE] Skipping final message: hasSentResponse=${hasSentResponse}, finalSent=${finalSent}`);
                 try {
                     await sendStatusUpdate({
@@ -248,7 +251,7 @@ export function createXYReplyDispatcher(params) {
         },
         onCleanup: () => {
             const currentTaskId = getActiveTaskId();
-            logger.log(`[ON_CLEANUP] Reply cleanup, taskId=${currentTaskId}, isSteerFollower=${isSteerFollower}`);
+            logger.log(`[ON_CLEANUP] Reply cleanup, taskId=${currentTaskId}, steered=${steerState.steered}`);
         },
     });
     return {
@@ -257,8 +260,8 @@ export function createXYReplyDispatcher(params) {
             ...replyOptions,
             onModelSelected: prefixContext.onModelSelected,
             onToolStart: async ({ name, phase }) => {
-                // 🔑 steer follower不发送tool状态（让主dispatcher处理）
-                if (isSteerFollower) {
+                // 🔑 steered dispatch不发送tool状态（让主dispatcher处理）
+                if (steerState.steered) {
                     return;
                 }
                 const currentTaskId = getActiveTaskId();
@@ -289,8 +292,8 @@ export function createXYReplyDispatcher(params) {
                 }
             },
             onToolResult: async (payload) => {
-                // 🔑 steer follower不发送tool结果（让主dispatcher处理）
-                if (isSteerFollower) {
+                // 🔑 steered dispatch不发送tool结果（让主dispatcher处理）
+                if (steerState.steered) {
                     return;
                 }
                 const currentTaskId = getActiveTaskId();
@@ -317,8 +320,8 @@ export function createXYReplyDispatcher(params) {
                 }
             },
             onReasoningStream: async (payload) => {
-                // 🔑 steer follower不发送reasoning stream
-                if (isSteerFollower) {
+                // 🔑 steered dispatch不发送reasoning stream
+                if (steerState.steered) {
                     return;
                 }
                 const text = payload.text ?? "";
@@ -327,8 +330,8 @@ export function createXYReplyDispatcher(params) {
                 // 如果需要可以启用
             },
             onPartialReply: async (payload) => {
-                // 🔑 steer follower不发送partial reply（让主dispatcher处理）
-                if (isSteerFollower) {
+                // 🔑 steered dispatch不发送partial reply（让主dispatcher处理）
+                if (steerState.steered) {
                     return;
                 }
                 const currentTaskId = getActiveTaskId();

package/dist/src/task-manager.d.ts

@@ -2,36 +2,17 @@ interface TaskIdBinding {
     sessionId: string;
     currentTaskId: string;
     currentMessageId: string;
-    refCount: number;
     updatedAt: number;
-    locked: boolean;
 }
 /**
- * 注册或更新session的活跃taskId
- * 返回是否是更新（用于判断是否是第二条消息）
+ * 注册或更新session的活跃taskId。
+ * Returns true if this was an update (session already had an active task).
  */
-export declare function registerTaskId(sessionId: string, taskId: string, messageId: string, options?: {
-    incrementRef?: boolean;
-}): {
-    isUpdate: boolean;
-    refCount: number;
-};
+export declare function registerTaskId(sessionId: string, taskId: string, messageId: string): boolean;
 /**
- * 增加引用计数（消息开始处理时调用）
- */
-export declare function incrementTaskIdRef(sessionId: string): void;
-/**
- * 减少引用计数，当refCount=0时才真正清理
+ * 移除session的活跃taskId（消息处理完成时调用）。
  */
 export declare function decrementTaskIdRef(sessionId: string): void;
-/**
- * 锁定taskId，防止被清理（第一个消息使用）
- */
-export declare function lockTaskId(sessionId: string): void;
-/**
- * 解锁taskId（第一个消息完成时使用）
- */
-export declare function unlockTaskId(sessionId: string): void;
 /**
  * 获取session的当前活跃taskId
  */
@@ -44,10 +25,6 @@ export declare function getCurrentMessageId(sessionId: string): string | null;
  * 检查session是否有活跃的taskId
  */
 export declare function hasActiveTask(sessionId: string): boolean;
-/**
- * 获取完整的binding信息（用于调试）
- */
-export declare function getTaskIdBinding(sessionId: string): TaskIdBinding | null;
 /**
  * 获取所有活跃的 task bindings（用于 gateway_stop 通知等场景）
  */