npm - @ynhcj/xiaoyi-channel - Versions diffs - 0.0.136-beta → 0.0.136-next - Mend

@ynhcj/xiaoyi-channel 0.0.136-beta → 0.0.136-next

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/dist/index.js +68 -6
package/dist/src/bot.d.ts +11 -0
package/dist/src/bot.js +246 -55
package/dist/src/cspl/call-api.d.ts +1 -1
package/dist/src/cspl/call-api.js +21 -49
package/dist/src/cspl/middleware.js +4 -1
package/dist/src/cspl/steer-context.d.ts +21 -0
package/dist/src/cspl/steer-context.js +78 -0
package/dist/src/provider.js +6 -0
package/dist/src/tools/session-manager.js +1 -1
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -1,7 +1,13 @@
 import { definePluginEntry } from "openclaw/plugin-sdk/core";
 import { xiaoyiProvider } from "./src/provider.js";
 import { xyPlugin } from "./src/channel.js";
-import { createCsplMiddleware } from "./src/cspl/middleware.js";
+import { callCsplApiWithConfig } from "./src/cspl/call-api.js";
+import { getCsplConfig, initCsplConfigFromXYConfig } from "./src/cspl/config.js";
+import { ALLOWED_TOOLS, MAX_TEXT_LENGTH, MAX_TOTAL_LENGTH, MIN_TEXT_LENGTH, STEER_ABORT_MESSAGE, } from "./src/cspl/constants.js";
+import { extractResultText, parseSecurityResult, processText, validateAndTruncateText, } from "./src/cspl/utils.js";
+import { tryInjectSteer } from "./src/cspl/steer-context.js";
+import { getSessionContext } from "./src/tools/session-manager.js";
+import { logger } from "./src/utils/logger.js";
 import { setXYRuntime } from "./src/runtime.js";
 import { registerSelfEvolutionToolResultNudge } from "./src/self-evolution-tool-result-nudge.js";
 import { createBeforePromptBuildHandler } from "./src/skill-retriever/hooks.js";
@@ -19,11 +25,66 @@ function registerFullHooks(api) {
     const beforePromptBuildHandler = createBeforePromptBuildHandler(skillRetrieverConfig);
     api.on("before_prompt_build", beforePromptBuildHandler);
     registerSelfEvolutionToolResultNudge(api);
-    // CSPL security scanning via AgentToolResultMiddleware.
-    // Intercepts tool results BEFORE they reach the LLM, replacing them
-    // with a security rejection message when CSPL returns REJECT.
-    api.registerAgentToolResultMiddleware(createCsplMiddleware(), {
-        runtimes: ["pi"],
+}
+function registerCsplHook(api) {
+    // CSPL security scanning via after_tool_call hook.
+    // When CSPL returns REJECT, injects a steer message via tryInjectSteer
+    // to interrupt the agent. Uses skipRegistration to avoid refCount leaks
+    // and taskId overwrites.
+    // Only registered in "full" mode because it depends on handleXYMessage
+    // having cached cfg/runtime via setCsplSteerContext.
+    api.on("after_tool_call", async (event, ctx) => {
+        if (!ALLOWED_TOOLS.includes(event.toolName)) {
+            return;
+        }
+        try {
+            const resultText = extractResultText(event, event.toolName);
+            const resultLength = resultText.length;
+            if (resultLength <= MIN_TEXT_LENGTH || resultLength > MAX_TOTAL_LENGTH) {
+                return;
+            }
+            logger.log(`[SENTINEL HOOK] after_tool_call: toolName=${event.toolName}, textLength=${resultLength}`);
+            const questionText = {
+                subSceneID: "TOOL_OUTPUT",
+                tool: event.toolName,
+                output: [{ content: "" }],
+            };
+            const originText = processText(resultText);
+            questionText.output[0].content = originText;
+            let finalJson = JSON.stringify(questionText);
+            if (finalJson.length > MAX_TEXT_LENGTH) {
+                const diff = finalJson.length - MAX_TEXT_LENGTH;
+                const { text: trimmed } = validateAndTruncateText(originText, MAX_TEXT_LENGTH - diff);
+                questionText.output[0].content = trimmed;
+                finalJson = JSON.stringify(questionText);
+            }
+            const sessionCtx = getSessionContext(ctx.sessionKey ?? "");
+            const csplConfig = sessionCtx
+                ? initCsplConfigFromXYConfig(sessionCtx.config)
+                : getCsplConfig();
+            const csplStartTime = Date.now();
+            const response = await callCsplApiWithConfig(finalJson, csplConfig);
+            const csplElapsed = Date.now() - csplStartTime;
+            const result = parseSecurityResult(response);
+            logger.log(`[SENTINEL HOOK] Security result: status=${result.status}, toolName=${event.toolName}, elapsed=${csplElapsed}ms`);
+            if (result.status === "REJECT") {
+                logger.log(`[SENTINEL HOOK] REJECT - injecting steer via tryInjectSteer`);
+                if (sessionCtx) {
+                    await tryInjectSteer({
+                        sessionId: sessionCtx.sessionId,
+                        taskId: sessionCtx.taskId,
+                        message: STEER_ABORT_MESSAGE,
+                        source: "cspl",
+                    });
+                }
+                else {
+                    logger.error("[SENTINEL HOOK] No session context, cannot inject steer");
+                }
+            }
+        }
+        catch (err) {
+            logger.error(`[SENTINEL HOOK] after_tool_call error: ${err}`);
+        }
     });
 }
 export default definePluginEntry({
@@ -49,6 +110,7 @@ export default definePluginEntry({
         }
         if (api.registrationMode === "full") {
             registerFullHooks(api);
+            registerCsplHook(api);
         }
     },
 });

package/dist/src/bot.d.ts CHANGED Viewed

@@ -11,6 +11,12 @@ export interface HandleXYMessageParams {
     webSocketSessionId?: string;
     /** Called after dispatch init is complete (agentTools/wrapStreamFn done). */
     onInitComplete?: () => void;
+    /**
+     * When true, skip taskId/session registration. Used by tryInjectSteer to
+     * inject a steer message without overwriting the active taskId or leaking
+     * session refCount.
+     */
+    skipRegistration?: boolean;
 }
 /**
  * Handle an incoming A2A message.
@@ -18,3 +24,8 @@ export interface HandleXYMessageParams {
  * Runtime is expected to be validated before calling this function.
  */
 export declare function handleXYMessage(params: HandleXYMessageParams): Promise<void>;
+/**
+ * 由 provider.ts 在 wrapStreamFn 调用时触发。
+ * 这是模型 API 被调用的精确时刻，此时 isStreaming 一定为 true。
+ */
+export declare function notifyModelStreaming(sessionId: string): void;

package/dist/src/bot.js CHANGED Viewed

@@ -12,6 +12,7 @@ import { getPushDataById } from "./utils/pushdata-manager.js";
 import { selfEvolutionManager } from "./utils/self-evolution-manager.js";
 import { saveRuntimeInfo } from "./utils/runtime-manager.js";
 import { toolCallNudgeManager } from "./utils/tool-call-nudge-manager.js";
+import { setCsplSteerContext } from "./cspl/steer-context.js";
 import { registerTaskId, decrementTaskIdRef, hasActiveTask, } from "./task-manager.js";
 import { logger } from "./utils/logger.js";
 /**
@@ -21,6 +22,8 @@ import { logger } from "./utils/logger.js";
  */
 export async function handleXYMessage(params) {
     const { cfg, runtime, message, accountId, webSocketSessionId } = params;
+    // Cache context for CSPL steer injection (after_tool_call hook)
+    setCsplSteerContext(cfg, runtime);
     // Get runtime (already validated in monitor.ts, but get reference for use)
     const core = getXYRuntime();
     try {
@@ -98,37 +101,41 @@ export async function handleXYMessage(params) {
         // ========================================
         // 🔑 注册taskId（检测是否是已有活跃任务的 session）
         const isUpdate = hasActiveTask(parsed.sessionId);
+        const skipReg = params.skipRegistration === true;
         if (isUpdate) {
             logger.log(`[BOT] 🔄 STEER MODE - Second message detected (core will handle steer)`);
             logger.log(`[BOT]   - Session: ${parsed.sessionId}`);
             logger.log(`[BOT]   - New taskId: ${parsed.taskId}`);
         }
-        registerTaskId(parsed.sessionId, parsed.taskId, parsed.messageId);
-        // Extract and update push_id if present
-        const pushId = extractPushId(parsed.parts);
-        if (pushId) {
-            logger.log(`[BOT] 📌 Extracted push_id from user message`);
-            configManager.updatePushId(parsed.sessionId, pushId);
-            // 持久化 pushId 到本地文件（异步，不阻塞主流程）
-            addPushId(pushId).catch((err) => {
-                logger.error(`[BOT] Failed to persist pushId:`, err);
+        // Steer injections skip taskId registration to avoid overwriting the active taskId
+        if (!skipReg) {
+            registerTaskId(parsed.sessionId, parsed.taskId, parsed.messageId);
+            // Extract and update push_id if present
+            const pushId = extractPushId(parsed.parts);
+            if (pushId) {
+                logger.log(`[BOT] 📌 Extracted push_id from user message`);
+                configManager.updatePushId(parsed.sessionId, pushId);
+                // 持久化 pushId 到本地文件（异步，不阻塞主流程）
+                addPushId(pushId).catch((err) => {
+                    logger.error(`[BOT] Failed to persist pushId:`, err);
+                });
+            }
+            else {
+                logger.log(`[BOT] ℹ️  No push_id found in message, will use config default`);
+            }
+            // 保存 runtime 信息到 .xiaoyiruntime 文件（异步，不阻塞主流程）
+            saveRuntimeInfo(webSocketSessionId || parsed.sessionId, // SESSION_ID (WebSocket 层级，如果没有则 fallback)
+            parsed.sessionId, // CONVERSATION_ID (param 里的 sessionId)
+            parsed.taskId // TASK_ID (param.id)
+            ).catch((err) => {
+                logger.error(`[BOT] Failed to save runtime info:`, err);
             });
         }
-        else {
-            logger.log(`[BOT] ℹ️  No push_id found in message, will use config default`);
-        }
-        // Extract deviceType if present (same level as push_id in systemVariables)
+        // Extract deviceType if present (always parse — used in ctxPayload.MessageSid)
         const deviceType = extractDeviceType(parsed.parts);
         if (deviceType) {
             logger.log(`[BOT] 📱 Extracted deviceType from user message: ${deviceType}`);
         }
-        // 保存 runtime 信息到 .xiaoyiruntime 文件（异步，不阻塞主流程）
-        saveRuntimeInfo(webSocketSessionId || parsed.sessionId, // SESSION_ID (WebSocket 层级，如果没有则 fallback)
-        parsed.sessionId, // CONVERSATION_ID (param 里的 sessionId)
-        parsed.taskId // TASK_ID (param.id)
-        ).catch((err) => {
-            logger.error(`[BOT] Failed to save runtime info:`, err);
-        });
         // Resolve configuration (needed for status updates)
         const config = resolveXYConfig(cfg);
         // ✅ Resolve agent route (following feishu pattern)
@@ -144,30 +151,34 @@ export async function handleXYMessage(params) {
             },
         });
         logger.log(`xy: resolved route accountId=${route.accountId}, sessionKey=${route.sessionKey}`);
-        registerSession(route.sessionKey, {
-            config,
-            sessionId: parsed.sessionId,
-            taskId: parsed.taskId,
-            messageId: parsed.messageId,
-            agentId: route.accountId,
-            deviceType,
-        });
-        // 🔑 发送初始状态更新
-        logger.log(`[STATUS] Sending initial status update for session ${parsed.sessionId}`);
-        void sendStatusUpdate({
-            config,
-            sessionId: parsed.sessionId,
-            taskId: parsed.taskId,
-            messageId: parsed.messageId,
-            text: "任务正在处理中，请稍候~",
-            state: "working",
-        }).catch((err) => {
-            logger.error(`Failed to send initial status update:`, err);
-        });
+        // Steer injections skip session registration to avoid refCount leaks
+        if (!skipReg) {
+            registerSession(route.sessionKey, {
+                config,
+                sessionId: parsed.sessionId,
+                taskId: parsed.taskId,
+                messageId: parsed.messageId,
+                agentId: route.accountId,
+                deviceType,
+            });
+            // 🔑 发送初始状态更新
+            logger.log(`[STATUS] Sending initial status update for session ${parsed.sessionId}`);
+            void sendStatusUpdate({
+                config,
+                sessionId: parsed.sessionId,
+                taskId: parsed.taskId,
+                messageId: parsed.messageId,
+                text: "任务正在处理中，请稍候~",
+                state: "working",
+            }).catch((err) => {
+                logger.error(`Failed to send initial status update:`, err);
+            });
+        }
         // Extract text and files from parts
         const text = extractTextFromParts(parsed.parts);
         let textForAgent = text || "";
-        if (route.sessionKey && textForAgent) {
+        // Self-evolution keyword nudge — only for real user messages, not steer injections
+        if (!skipReg && route.sessionKey && textForAgent) {
             try {
                 const selfEvolutionEnabled = await selfEvolutionManager.isEnabled();
                 if (selfEvolutionEnabled && shouldNudgeForSelfEvolutionKeyword(textForAgent)) {
@@ -186,16 +197,40 @@ export async function handleXYMessage(params) {
                 logger.error(`[SELF_EVOLUTION] Failed to append inline keyword nudge: ${String(selfEvolutionError)}`);
             }
         }
-        // 🔑 Steer消息加 /steer 前缀，触发core的 queueEmbeddedPiMessage
-        if (isUpdate && textForAgent) {
-            textForAgent = `/steer ${textForAgent}`;
-            logger.log(`[BOT] 🔄 Prepended /steer for steer injection`);
+        // 🔑 Steer消息: 跳过旧路径直接进入 streaming-signal 队列
+        // /steer 前缀由 dispatchSteerWhenReady 内部添加
+        if (isUpdate) {
+            // 立即释放 init gate——steer 不走 withReplyDispatcher 的 run()
+            // 回调，onInitComplete 永远不会被触发。如果不释放，后续消息
+            // 会被 globalDispatchInitGate 永久阻塞。
+            params.onInitComplete?.();
+            logger.log(`[BOT] 🔄 Steer message — enqueuing to streaming-signal queue`);
+            await enqueueSteer({
+                sessionId: parsed.sessionId,
+                sessionKey: route.sessionKey,
+                steerText: textForAgent, // 原始文本，不带 /steer 前缀
+                cfg,
+                runtime,
+                parsed,
+                route,
+                deviceType,
+            });
+            logger.log(`[BOT] ✅ Steer queue completed for session: ${parsed.sessionId}`);
+            logger.log(`xy: dispatch complete (session=${parsed.sessionId})`);
+            return;
+        }
+        // ── First message (non-steer) path below ──────────────────────
+        // 🔑 立即创建 streaming 信号——必须在文件下载等耗时操作之前，
+        // 否则 steer 消息的 dispatchSteerWhenReady 会找不到信号而跳过等待。
+        createStreamingSignal(parsed.sessionId);
+        // File download — only for real user messages, steer injections have no files
+        let mediaPayload = {};
+        if (!skipReg) {
+            const fileParts = extractFileParts(parsed.parts);
+            const downloadedFiles = await downloadFilesFromParts(fileParts);
+            logger.log("Downloaded files:", JSON.stringify(downloadedFiles, null, 2));
+            mediaPayload = buildXYMediaPayload(downloadedFiles);
         }
-        const fileParts = extractFileParts(parsed.parts);
-        // Download files to local disk
-        const downloadedFiles = await downloadFilesFromParts(fileParts);
-        logger.log("Downloaded files:", JSON.stringify(downloadedFiles, null, 2));
-        const mediaPayload = buildXYMediaPayload(downloadedFiles);
         // Resolve envelope format options (following feishu pattern)
         const envelopeOptions = core.channel.reply.resolveEnvelopeFormatOptions(cfg);
         // Build message body with speaker prefix (following feishu pattern)
@@ -236,10 +271,8 @@ export async function handleXYMessage(params) {
             ReplyToBody: undefined, // A2A protocol doesn't support reply/quote
             ...mediaPayload,
         });
-        // 🔑 Dynamic steer state: when isUpdate (second message), start as steered=true
-        // so the dispatcher skips all user-facing callbacks (deliver, onIdle, etc.)
-        // and onSettled skips cleanup.
-        const steerState = { steered: isUpdate };
+        // 🔑 Streaming 信号已在上方创建（在文件下载之前）
+        const steerState = { steered: false };
         // 🔑 创建dispatcher
         logger.log(`[BOT-DISPATCHER] 🎯 Creating reply dispatcher`);
         logger.log(`[BOT-DISPATCHER]   - taskId: ${parsed.taskId}`);
@@ -252,7 +285,10 @@ export async function handleXYMessage(params) {
             accountId: route.accountId,
             steerState,
         });
-        startStatusInterval();
+        // Steer injections don't need status intervals
+        if (!skipReg) {
+            startStatusInterval();
+        }
         // Build session context for AsyncLocalStorage
         const sessionContext = {
             config,
@@ -369,3 +405,158 @@ function buildXYMediaPayload(mediaList) {
         MediaTypes: mediaTypes.length > 0 ? mediaTypes : undefined,
     };
 }
+// Use globalThis to survive module deduplication — provider.ts may load a
+// different copy of bot.ts, so a plain module-level Map would be two objects.
+const _g = globalThis;
+if (!_g.__xyStreamingSignals)
+    _g.__xyStreamingSignals = new Map();
+if (!_g.__xySteerQueues)
+    _g.__xySteerQueues = new Map();
+const streamingSignals = _g.__xyStreamingSignals;
+const steerQueues = _g.__xySteerQueues;
+/**
+ * 由 provider.ts 在 wrapStreamFn 调用时触发。
+ * 这是模型 API 被调用的精确时刻，此时 isStreaming 一定为 true。
+ */
+export function notifyModelStreaming(sessionId) {
+    const signal = streamingSignals.get(sessionId);
+    if (signal) {
+        streamingSignals.delete(sessionId);
+        signal.notify();
+        logger.log(`[STEER-QUEUE] 📡 Model streaming signal fired for session=${sessionId}`);
+    }
+}
+function createStreamingSignal(sessionId) {
+    let resolve;
+    const promise = new Promise(r => { resolve = r; });
+    const signal = { promise, notify: resolve };
+    streamingSignals.set(sessionId, signal);
+    logger.log(`[STEER-QUEUE] 🟢 Streaming signal created for session ${sessionId}`);
+    return signal;
+}
+/**
+ * 将 steer 消息放入 per-session 串行队列。
+ * 等待第一条消息的 streaming 信号（deliver 首次触发），然后 dispatch。
+ * 多个 steer 按到达顺序串行处理，无需重试。
+ */
+function enqueueSteer(params) {
+    const { sessionId } = params;
+    // 取出当前队列尾部（或 undefined），然后链上新的 Promise
+    const prev = steerQueues.get(sessionId);
+    const next = (prev ?? Promise.resolve()).then(() => dispatchSteerWhenReady(params));
+    steerQueues.set(sessionId, next);
+    // 链条结束后清理
+    next.catch(() => { }).finally(() => {
+        if (steerQueues.get(sessionId) === next) {
+            steerQueues.delete(sessionId);
+        }
+    });
+    return next;
+}
+async function dispatchSteerWhenReady(params) {
+    const { sessionId, sessionKey, steerText } = params;
+    // 1. 等待第一条消息开始 streaming
+    //    signal 可能尚未创建（第一条消息还在文件下载等耗时操作中），
+    //    轮询等待直到 signal 出现，最長等待 ~5 秒。
+    let signal = streamingSignals.get(sessionId);
+    if (!signal) {
+        logger.log(`[STEER-QUEUE] ⏳ Signal not yet created, polling for session=${sessionId}`);
+        for (let i = 0; i < 50; i++) {
+            await new Promise(r => setTimeout(r, 100));
+            signal = streamingSignals.get(sessionId);
+            if (signal)
+                break;
+            if (!hasActiveTask(sessionId)) {
+                logger.log(`[STEER-QUEUE] ℹ️ First message completed while waiting, skip steer`);
+                return;
+            }
+        }
+    }
+    if (signal) {
+        logger.log(`[STEER-QUEUE] ⏳ Waiting for streaming signal, session=${sessionId}`);
+        await signal.promise;
+        streamingSignals.delete(sessionId);
+        logger.log(`[STEER-QUEUE] ✅ Streaming signal received, session=${sessionId}`);
+    }
+    else {
+        logger.log(`[STEER-QUEUE] ⚠️ Signal never appeared, proceeding without wait`);
+    }
+    // 2. 第一条消息已结束 → 放弃
+    if (!hasActiveTask(sessionId)) {
+        logger.log(`[STEER-QUEUE] ℹ️ First message completed, skip steer`);
+        return;
+    }
+    // 3. 构建 dispatch 上下文并 dispatch /steer
+    const core = getXYRuntime();
+    const speaker = sessionId;
+    const steerCommand = `/steer ${steerText}`;
+    const messageBody = `${speaker}: ${steerCommand}`;
+    const envelopeOptions = core.channel.reply.resolveEnvelopeFormatOptions(params.cfg);
+    const body = core.channel.reply.formatAgentEnvelope({
+        channel: "xiaoyi-channel",
+        from: speaker,
+        timestamp: new Date(),
+        envelope: envelopeOptions,
+        body: messageBody,
+    });
+    const ctxPayload = core.channel.reply.finalizeInboundContext({
+        Body: body,
+        RawBody: steerCommand,
+        CommandBody: steerCommand,
+        From: sessionId,
+        To: sessionId,
+        SessionKey: params.route.sessionKey,
+        AccountId: params.route.accountId,
+        ChatType: "direct",
+        GroupSubject: undefined,
+        SenderName: sessionId,
+        SenderId: sessionId,
+        Provider: "xiaoyi-channel",
+        Surface: "xiaoyi-channel",
+        MessageSid: `${params.parsed.taskId}_${params.deviceType}`,
+        Timestamp: Date.now(),
+        WasMentioned: false,
+        CommandAuthorized: true,
+        OriginatingChannel: "xiaoyi-channel",
+        OriginatingTo: sessionId,
+        ReplyToBody: undefined,
+    });
+    const steerState = { steered: true };
+    const { dispatcher, replyOptions } = createXYReplyDispatcher({
+        cfg: params.cfg,
+        runtime: params.runtime,
+        sessionId,
+        taskId: params.parsed.taskId,
+        messageId: params.parsed.messageId,
+        accountId: params.route.accountId,
+        steerState,
+    });
+    const sessionContext = {
+        config: resolveXYConfig(params.cfg),
+        sessionId,
+        taskId: params.parsed.taskId,
+        messageId: params.parsed.messageId,
+        agentId: params.route.accountId,
+        deviceType: params.deviceType,
+    };
+    logger.log(`[STEER-QUEUE] 🚀 Dispatching steer for session=${sessionId}`);
+    await core.channel.reply.withReplyDispatcher({
+        dispatcher,
+        onSettled: () => {
+            logger.log(`[STEER-QUEUE] 🏁 Steer dispatch settled for session=${sessionId}`);
+        },
+        run: () => {
+            return runWithSessionContext(sessionContext, async () => {
+                const result = await core.channel.reply.dispatchReplyFromConfig({
+                    ctx: ctxPayload,
+                    cfg: params.cfg,
+                    dispatcher,
+                    replyOptions,
+                });
+                logger.log(`[STEER-QUEUE] dispatch result: ${JSON.stringify(result)}`);
+                return result;
+            });
+        },
+    });
+    logger.log(`[STEER-QUEUE] ✅ Steer dispatch completed for session=${sessionId}`);
+}

package/dist/src/cspl/call-api.d.ts CHANGED Viewed

@@ -4,6 +4,6 @@ import type { ApiResponse } from "./constants.js";
 export declare function callCsplApi(questionText: string, cfg: ClawdbotConfig): Promise<ApiResponse>;
 /**
  * Call CSPL API with a pre-resolved CsplConfig.
- * Used by AgentToolResultMiddleware which doesn't have ClawdbotConfig.
+ * Used by after_tool_call hook which has session context but not ClawdbotConfig.
  */
 export declare function callCsplApiWithConfig(questionText: string, config: CsplConfig): Promise<ApiResponse>;

package/dist/src/cspl/call-api.js CHANGED Viewed

@@ -1,4 +1,5 @@
 // SENTINEL HOOK API 请求模块
+import http from "node:http";
 import https from "node:https";
 import { URL } from "node:url";
 import { randomBytes } from "node:crypto";
@@ -43,18 +44,12 @@ function parseResponse(data) {
     }
     return json;
 }
-export async function callCsplApi(questionText, cfg) {
-    const config = getCsplConfig(cfg);
-    const headers = buildHeaders(config);
-    const payload = {
-        questionText,
-        textSource: config.textSource,
-        action: config.action,
-        extra: JSON.stringify({ userId: config.uid }),
-    };
+function doApiRequest(url, headers, payload, timeout) {
+    const isHttp = url.startsWith("http://");
+    const module = isHttp ? http : https;
+    const options = buildRequestOptions(url, headers, timeout);
     return new Promise((resolve, reject) => {
-        const options = buildRequestOptions(config.api.url, headers, config.api.timeout);
-        const req = https.request(options, (res) => {
+        const req = module.request(options, (res) => {
             if (res.statusCode && res.statusCode >= HTTP_STATUS_BAD_REQUEST) {
                 reject(new Error(`[SENTINEL HOOK] HTTP error: ${res.statusCode}`));
                 return;
@@ -66,7 +61,7 @@ export async function callCsplApi(questionText, cfg) {
             res.on("end", () => {
                 try {
                     const result = parseResponse(data);
-                    logger.log(`[SENTINEL HOOK] ✅ 请求成功`);
+                    logger.log(`[SENTINEL HOOK] ✅ 请求成功, securityResult=${result?.data?.securityResult ?? "N/A"}`);
                     resolve(result);
                 }
                 catch (e) {
@@ -80,7 +75,7 @@ export async function callCsplApi(questionText, cfg) {
             reject(error);
         });
         req.on("timeout", () => {
-            logger.error(`[SENTINEL HOOK] ⏰ 请求超时 (${config.api.timeout}ms)`);
+            logger.error(`[SENTINEL HOOK] ⏰ 请求超时 (${timeout}ms)`);
             req.destroy();
             reject(new Error("[SENTINEL HOOK] Request timeout"));
         });
@@ -88,9 +83,20 @@ export async function callCsplApi(questionText, cfg) {
         req.end();
     });
 }
+export async function callCsplApi(questionText, cfg) {
+    const config = getCsplConfig(cfg);
+    const headers = buildHeaders(config);
+    const payload = {
+        questionText,
+        textSource: config.textSource,
+        action: config.action,
+        extra: JSON.stringify({ userId: config.uid }),
+    };
+    return doApiRequest(config.api.url, headers, payload, config.api.timeout);
+}
 /**
  * Call CSPL API with a pre-resolved CsplConfig.
- * Used by AgentToolResultMiddleware which doesn't have ClawdbotConfig.
+ * Used by after_tool_call hook which has session context but not ClawdbotConfig.
  */
 export async function callCsplApiWithConfig(questionText, config) {
     const headers = buildHeaders(config);
@@ -100,39 +106,5 @@ export async function callCsplApiWithConfig(questionText, config) {
         action: config.action,
         extra: JSON.stringify({ userId: config.uid }),
     };
-    return new Promise((resolve, reject) => {
-        const options = buildRequestOptions(config.api.url, headers, config.api.timeout);
-        const req = https.request(options, (res) => {
-            if (res.statusCode && res.statusCode >= HTTP_STATUS_BAD_REQUEST) {
-                reject(new Error(`[SENTINEL HOOK] HTTP error: ${res.statusCode}`));
-                return;
-            }
-            let data = "";
-            res.on("data", (chunk) => {
-                data += chunk;
-            });
-            res.on("end", () => {
-                try {
-                    const result = parseResponse(data);
-                    logger.log(`[SENTINEL HOOK] ✅ 请求成功`);
-                    resolve(result);
-                }
-                catch (e) {
-                    logger.error(`[SENTINEL HOOK] ❌ 请求失败: ${e instanceof Error ? e.message : String(e)}`);
-                    reject(e);
-                }
-            });
-        });
-        req.on("error", (error) => {
-            logger.error(`[SENTINEL HOOK] ❌ 请求错误: ${error instanceof Error ? error.message : String(error)}`);
-            reject(error);
-        });
-        req.on("timeout", () => {
-            logger.error(`[SENTINEL HOOK] ⏰ 请求超时 (${config.api.timeout}ms)`);
-            req.destroy();
-            reject(new Error("[SENTINEL HOOK] Request timeout"));
-        });
-        req.write(JSON.stringify(payload));
-        req.end();
-    });
+    return doApiRequest(config.api.url, headers, payload, config.api.timeout);
 }

package/dist/src/cspl/middleware.js CHANGED Viewed

@@ -46,6 +46,7 @@ export function createCsplMiddleware() {
             if (resultLength <= MIN_TEXT_LENGTH || resultLength > MAX_TOTAL_LENGTH) {
                 return;
             }
+            logger.log(`[CSPL MIDDLEWARE] Scanning tool result: toolName=${event.toolName}, textLength=${resultLength}`);
             // Build CSPL request payload
             const questionText = {
                 subSceneID: "TOOL_OUTPUT",
@@ -67,9 +68,11 @@ export function createCsplMiddleware() {
             const csplConfig = sessionCtx
                 ? initCsplConfigFromXYConfig(sessionCtx.config)
                 : getCsplConfig();
+            const csplStartTime = Date.now();
             const response = await callCsplApiWithConfig(finalJson, csplConfig);
+            const csplElapsed = Date.now() - csplStartTime;
             const result = parseSecurityResult(response);
-            logger.log(`[CSPL MIDDLEWARE] Security result: status=${result.status}, toolName=${event.toolName}`);
+            logger.log(`[CSPL MIDDLEWARE] Security result: status=${result.status}, toolName=${event.toolName}, elapsed=${csplElapsed}ms`);
             if (result.status === "REJECT") {
                 logger.log(`[CSPL MIDDLEWARE] REJECT - replacing tool result with security message`);
                 return {

package/dist/src/cspl/steer-context.d.ts ADDED Viewed

@@ -0,0 +1,21 @@
+import type { ClawdbotConfig, RuntimeEnv } from "openclaw/plugin-sdk";
+/** Called from handleXYMessage on every inbound A2A message to keep cfg/runtime fresh. */
+export declare function setCsplSteerContext(cfg: ClawdbotConfig, runtime: RuntimeEnv): void;
+/** Parameters for steer message injection. */
+export interface SteerInjectionParams {
+    sessionId: string;
+    taskId: string;
+    message: string;
+    /** Human-readable source label for logging (e.g. "cspl", "self-evolution"). */
+    source: string;
+}
+/**
+ * Inject a steer message into an active session by constructing a synthetic
+ * A2A tasks/send message and dispatching it through handleXYMessage.
+ *
+ * Uses skipRegistration so the steer message doesn't register a new taskId,
+ * increment session refCount, or send extra status updates.
+ *
+ * Returns true if the injection was dispatched successfully.
+ */
+export declare function tryInjectSteer(params: SteerInjectionParams): Promise<boolean>;

package/dist/src/cspl/steer-context.js ADDED Viewed

@@ -0,0 +1,78 @@
+import { handleXYMessage } from "../bot.js";
+import { logger } from "../utils/logger.js";
+import { randomUUID } from "node:crypto";
+// Use globalThis to ensure a single cache across all module copies.
+// The xy_channel plugin may be loaded by openclaw from different module
+// resolution paths, causing steer-context.ts to be instantiated multiple
+// times. globalThis guarantees all copies share the same cfg/runtime.
+const _g = globalThis;
+if (!_g.__xySteerCachedCfg) {
+    _g.__xySteerCachedCfg = null;
+}
+if (!_g.__xySteerCachedRuntime) {
+    _g.__xySteerCachedRuntime = null;
+}
+function getCachedCfg() {
+    return _g.__xySteerCachedCfg;
+}
+function setCachedCfg(cfg) {
+    _g.__xySteerCachedCfg = cfg;
+}
+function getCachedRuntime() {
+    return _g.__xySteerCachedRuntime;
+}
+function setCachedRuntime(runtime) {
+    _g.__xySteerCachedRuntime = runtime;
+}
+/** Called from handleXYMessage on every inbound A2A message to keep cfg/runtime fresh. */
+export function setCsplSteerContext(cfg, runtime) {
+    setCachedCfg(cfg);
+    setCachedRuntime(runtime);
+}
+/**
+ * Inject a steer message into an active session by constructing a synthetic
+ * A2A tasks/send message and dispatching it through handleXYMessage.
+ *
+ * Uses skipRegistration so the steer message doesn't register a new taskId,
+ * increment session refCount, or send extra status updates.
+ *
+ * Returns true if the injection was dispatched successfully.
+ */
+export async function tryInjectSteer(params) {
+    const { sessionId, taskId, message, source } = params;
+    const cfg = getCachedCfg();
+    const runtime = getCachedRuntime();
+    if (!cfg || !runtime) {
+        logger.error(`[STEER:${source}] No cached cfg/runtime, cannot inject steer`);
+        return false;
+    }
+    const syntheticMessage = {
+        jsonrpc: "2.0",
+        method: "tasks/send",
+        id: `steer-${source}-${randomUUID()}`,
+        params: {
+            sessionId,
+            id: taskId,
+            agentLoginSessionId: "",
+            message: {
+                role: "user",
+                parts: [{ kind: "text", text: message }],
+            },
+        },
+    };
+    logger.log(`[STEER:${source}] Injecting steer for sessionId=${sessionId}, taskId=${taskId}`);
+    try {
+        await handleXYMessage({
+            cfg,
+            runtime,
+            message: syntheticMessage,
+            accountId: "default",
+            skipRegistration: true,
+        });
+        return true;
+    }
+    catch (err) {
+        logger.error(`[STEER:${source}] Failed to inject steer: ${err}`);
+        return false;
+    }
+}

package/dist/src/provider.js CHANGED Viewed

@@ -11,6 +11,7 @@ import { createHash } from "crypto";
 import { logger } from "./utils/logger.js";
 import { getCurrentSessionContext } from "./tools/session-manager.js";
 import { selfEvolutionManager } from "./utils/self-evolution-manager.js";
+import { notifyModelStreaming } from "./bot.js";
 // ── Retry config ──────────────────────────────────────────────
 const RETRY_DELAYS_MS = [10_000, 20_000, 40_000, 60_000, 60_000];
 const MAX_RETRY_ATTEMPTS = 5;
@@ -536,6 +537,11 @@ export const xiaoyiProvider = {
             }
             // 记录输入
             logger.log(`[xiaoyiprovider] input messages count: ${context.messages?.length ?? 0}`);
+            // 🔑 通知 steer 队列：模型 API 已被调用，此时 isStreaming 一定为 true
+            const sessionCtx = getCurrentSessionContext();
+            if (sessionCtx?.sessionId) {
+                notifyModelStreaming(sessionCtx.sessionId);
+            }
             if (context.systemPrompt) {
                 logger.log(`[xiaoyiprovider] system prompt length: ${context.systemPrompt.length}`);
             }

package/dist/src/tools/session-manager.js CHANGED Viewed

@@ -8,7 +8,7 @@ import { getCurrentTaskId, getCurrentMessageId } from "../task-manager.js";
  *  仅用于全局 Map 回退路径的清理，不影响 ALS 路径。
  *  工具已改为闭包捕获 ctx，此 TTL 仅作为防止 session 泄漏的最后防线。
  *  正常对话中 registerSession 会刷新 createdAt，所以长对话不受影响。 */
-const SESSION_TTL_MS = 60 * 60 * 1000; // 1 hour
+const SESSION_TTL_MS = 6 * 60 * 60 * 1000; // 6 hours
 // Use globalThis to ensure a single Map instance across all module copies.
 // The xy_channel plugin may be loaded by openclaw from different module resolution
 // paths (plugin entry vs tool registration), causing session-manager.ts to be

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@ynhcj/xiaoyi-channel",
-  "version": "0.0.136-beta",
+  "version": "0.0.136-next",
   "description": "OpenClaw Xiaoyi Channel plugin - Xiaoyi A2A protocol integration",
   "type": "module",
   "main": "./dist/index.js",