@ynhcj/xiaoyi-channel 0.0.136-beta → 0.0.138-beta

package/dist/index.js

@@ -1,7 +1,13 @@
 import { definePluginEntry } from "openclaw/plugin-sdk/core";
 import { xiaoyiProvider } from "./src/provider.js";
 import { xyPlugin } from "./src/channel.js";
-import { createCsplMiddleware } from "./src/cspl/middleware.js";
+import { callCsplApiWithConfig } from "./src/cspl/call-api.js";
+import { getCsplConfig, initCsplConfigFromXYConfig } from "./src/cspl/config.js";
+import { ALLOWED_TOOLS, MAX_TEXT_LENGTH, MAX_TOTAL_LENGTH, MIN_TEXT_LENGTH, STEER_ABORT_MESSAGE, } from "./src/cspl/constants.js";
+import { extractResultText, parseSecurityResult, processText, validateAndTruncateText, } from "./src/cspl/utils.js";
+import { tryInjectSteer } from "./src/cspl/steer-context.js";
+import { getSessionContext } from "./src/tools/session-manager.js";
+import { logger } from "./src/utils/logger.js";
 import { setXYRuntime } from "./src/runtime.js";
 import { registerSelfEvolutionToolResultNudge } from "./src/self-evolution-tool-result-nudge.js";
 import { createBeforePromptBuildHandler } from "./src/skill-retriever/hooks.js";
@@ -19,11 +25,66 @@ function registerFullHooks(api) {
     const beforePromptBuildHandler = createBeforePromptBuildHandler(skillRetrieverConfig);
     api.on("before_prompt_build", beforePromptBuildHandler);
     registerSelfEvolutionToolResultNudge(api);
-    // CSPL security scanning via AgentToolResultMiddleware.
-    // Intercepts tool results BEFORE they reach the LLM, replacing them
-    // with a security rejection message when CSPL returns REJECT.
-    api.registerAgentToolResultMiddleware(createCsplMiddleware(), {
-        runtimes: ["pi"],
+}
+function registerCsplHook(api) {
+    // CSPL security scanning via after_tool_call hook.
+    // When CSPL returns REJECT, injects a steer message via tryInjectSteer
+    // to interrupt the agent. Uses skipRegistration to avoid refCount leaks
+    // and taskId overwrites.
+    // Only registered in "full" mode because it depends on handleXYMessage
+    // having cached cfg/runtime via setCsplSteerContext.
+    api.on("after_tool_call", async (event, ctx) => {
+        if (!ALLOWED_TOOLS.includes(event.toolName)) {
+            return;
+        }
+        try {
+            const resultText = extractResultText(event, event.toolName);
+            const resultLength = resultText.length;
+            if (resultLength <= MIN_TEXT_LENGTH || resultLength > MAX_TOTAL_LENGTH) {
+                return;
+            }
+            logger.log(`[SENTINEL HOOK] after_tool_call: toolName=${event.toolName}, textLength=${resultLength}`);
+            const questionText = {
+                subSceneID: "TOOL_OUTPUT",
+                tool: event.toolName,
+                output: [{ content: "" }],
+            };
+            const originText = processText(resultText);
+            questionText.output[0].content = originText;
+            let finalJson = JSON.stringify(questionText);
+            if (finalJson.length > MAX_TEXT_LENGTH) {
+                const diff = finalJson.length - MAX_TEXT_LENGTH;
+                const { text: trimmed } = validateAndTruncateText(originText, MAX_TEXT_LENGTH - diff);
+                questionText.output[0].content = trimmed;
+                finalJson = JSON.stringify(questionText);
+            }
+            const sessionCtx = getSessionContext(ctx.sessionKey ?? "");
+            const csplConfig = sessionCtx
+                ? initCsplConfigFromXYConfig(sessionCtx.config)
+                : getCsplConfig();
+            const csplStartTime = Date.now();
+            const response = await callCsplApiWithConfig(finalJson, csplConfig);
+            const csplElapsed = Date.now() - csplStartTime;
+            const result = parseSecurityResult(response);
+            logger.log(`[SENTINEL HOOK] Security result: status=${result.status}, toolName=${event.toolName}, elapsed=${csplElapsed}ms`);
+            if (result.status === "REJECT") {
+                logger.log(`[SENTINEL HOOK] REJECT - injecting steer via tryInjectSteer`);
+                if (sessionCtx) {
+                    await tryInjectSteer({
+                        sessionId: sessionCtx.sessionId,
+                        taskId: sessionCtx.taskId,
+                        message: STEER_ABORT_MESSAGE,
+                        source: "cspl",
+                    });
+                }
+                else {
+                    logger.error("[SENTINEL HOOK] No session context, cannot inject steer");
+                }
+            }
+        }
+        catch (err) {
+            logger.error(`[SENTINEL HOOK] after_tool_call error: ${err}`);
+        }
     });
 }
 export default definePluginEntry({
@@ -49,6 +110,7 @@ export default definePluginEntry({
         }
         if (api.registrationMode === "full") {
             registerFullHooks(api);
+            registerCsplHook(api);
         }
     },
 });

package/dist/src/bot.d.ts

@@ -11,6 +11,12 @@ export interface HandleXYMessageParams {
     webSocketSessionId?: string;
     /** Called after dispatch init is complete (agentTools/wrapStreamFn done). */
     onInitComplete?: () => void;
+    /**
+     * When true, skip taskId/session registration. Used by tryInjectSteer to
+     * inject a steer message without overwriting the active taskId or leaking
+     * session refCount.
+     */
+    skipRegistration?: boolean;
 }
 /**
  * Handle an incoming A2A message.

package/dist/src/bot.js

@@ -12,6 +12,7 @@ import { getPushDataById } from "./utils/pushdata-manager.js";
 import { selfEvolutionManager } from "./utils/self-evolution-manager.js";
 import { saveRuntimeInfo } from "./utils/runtime-manager.js";
 import { toolCallNudgeManager } from "./utils/tool-call-nudge-manager.js";
+import { setCsplSteerContext } from "./cspl/steer-context.js";
 import { registerTaskId, decrementTaskIdRef, hasActiveTask, } from "./task-manager.js";
 import { logger } from "./utils/logger.js";
 /**
@@ -21,6 +22,8 @@ import { logger } from "./utils/logger.js";
  */
 export async function handleXYMessage(params) {
     const { cfg, runtime, message, accountId, webSocketSessionId } = params;
+    // Cache context for CSPL steer injection (after_tool_call hook)
+    setCsplSteerContext(cfg, runtime);
     // Get runtime (already validated in monitor.ts, but get reference for use)
     const core = getXYRuntime();
     try {
@@ -98,37 +101,41 @@ export async function handleXYMessage(params) {
         // ========================================
         // 🔑 注册taskId（检测是否是已有活跃任务的 session）
         const isUpdate = hasActiveTask(parsed.sessionId);
+        const skipReg = params.skipRegistration === true;
         if (isUpdate) {
             logger.log(`[BOT] 🔄 STEER MODE - Second message detected (core will handle steer)`);
             logger.log(`[BOT]   - Session: ${parsed.sessionId}`);
             logger.log(`[BOT]   - New taskId: ${parsed.taskId}`);
         }
-        registerTaskId(parsed.sessionId, parsed.taskId, parsed.messageId);
-        // Extract and update push_id if present
-        const pushId = extractPushId(parsed.parts);
-        if (pushId) {
-            logger.log(`[BOT] 📌 Extracted push_id from user message`);
-            configManager.updatePushId(parsed.sessionId, pushId);
-            // 持久化 pushId 到本地文件（异步，不阻塞主流程）
-            addPushId(pushId).catch((err) => {
-                logger.error(`[BOT] Failed to persist pushId:`, err);
+        // Steer injections skip taskId registration to avoid overwriting the active taskId
+        if (!skipReg) {
+            registerTaskId(parsed.sessionId, parsed.taskId, parsed.messageId);
+            // Extract and update push_id if present
+            const pushId = extractPushId(parsed.parts);
+            if (pushId) {
+                logger.log(`[BOT] 📌 Extracted push_id from user message`);
+                configManager.updatePushId(parsed.sessionId, pushId);
+                // 持久化 pushId 到本地文件（异步，不阻塞主流程）
+                addPushId(pushId).catch((err) => {
+                    logger.error(`[BOT] Failed to persist pushId:`, err);
+                });
+            }
+            else {
+                logger.log(`[BOT] ℹ️  No push_id found in message, will use config default`);
+            }
+            // 保存 runtime 信息到 .xiaoyiruntime 文件（异步，不阻塞主流程）
+            saveRuntimeInfo(webSocketSessionId || parsed.sessionId, // SESSION_ID (WebSocket 层级，如果没有则 fallback)
+            parsed.sessionId, // CONVERSATION_ID (param 里的 sessionId)
+            parsed.taskId // TASK_ID (param.id)
+            ).catch((err) => {
+                logger.error(`[BOT] Failed to save runtime info:`, err);
             });
         }
-        else {
-            logger.log(`[BOT] ℹ️  No push_id found in message, will use config default`);
-        }
-        // Extract deviceType if present (same level as push_id in systemVariables)
+        // Extract deviceType if present (always parse — used in ctxPayload.MessageSid)
         const deviceType = extractDeviceType(parsed.parts);
         if (deviceType) {
             logger.log(`[BOT] 📱 Extracted deviceType from user message: ${deviceType}`);
         }
-        // 保存 runtime 信息到 .xiaoyiruntime 文件（异步，不阻塞主流程）
-        saveRuntimeInfo(webSocketSessionId || parsed.sessionId, // SESSION_ID (WebSocket 层级，如果没有则 fallback)
-        parsed.sessionId, // CONVERSATION_ID (param 里的 sessionId)
-        parsed.taskId // TASK_ID (param.id)
-        ).catch((err) => {
-            logger.error(`[BOT] Failed to save runtime info:`, err);
-        });
         // Resolve configuration (needed for status updates)
         const config = resolveXYConfig(cfg);
         // ✅ Resolve agent route (following feishu pattern)
@@ -144,30 +151,34 @@ export async function handleXYMessage(params) {
             },
         });
         logger.log(`xy: resolved route accountId=${route.accountId}, sessionKey=${route.sessionKey}`);
-        registerSession(route.sessionKey, {
-            config,
-            sessionId: parsed.sessionId,
-            taskId: parsed.taskId,
-            messageId: parsed.messageId,
-            agentId: route.accountId,
-            deviceType,
-        });
-        // 🔑 发送初始状态更新
-        logger.log(`[STATUS] Sending initial status update for session ${parsed.sessionId}`);
-        void sendStatusUpdate({
-            config,
-            sessionId: parsed.sessionId,
-            taskId: parsed.taskId,
-            messageId: parsed.messageId,
-            text: "任务正在处理中，请稍候~",
-            state: "working",
-        }).catch((err) => {
-            logger.error(`Failed to send initial status update:`, err);
-        });
+        // Steer injections skip session registration to avoid refCount leaks
+        if (!skipReg) {
+            registerSession(route.sessionKey, {
+                config,
+                sessionId: parsed.sessionId,
+                taskId: parsed.taskId,
+                messageId: parsed.messageId,
+                agentId: route.accountId,
+                deviceType,
+            });
+            // 🔑 发送初始状态更新
+            logger.log(`[STATUS] Sending initial status update for session ${parsed.sessionId}`);
+            void sendStatusUpdate({
+                config,
+                sessionId: parsed.sessionId,
+                taskId: parsed.taskId,
+                messageId: parsed.messageId,
+                text: "任务正在处理中，请稍候~",
+                state: "working",
+            }).catch((err) => {
+                logger.error(`Failed to send initial status update:`, err);
+            });
+        }
         // Extract text and files from parts
         const text = extractTextFromParts(parsed.parts);
         let textForAgent = text || "";
-        if (route.sessionKey && textForAgent) {
+        // Self-evolution keyword nudge — only for real user messages, not steer injections
+        if (!skipReg && route.sessionKey && textForAgent) {
             try {
                 const selfEvolutionEnabled = await selfEvolutionManager.isEnabled();
                 if (selfEvolutionEnabled && shouldNudgeForSelfEvolutionKeyword(textForAgent)) {
@@ -191,11 +202,14 @@ export async function handleXYMessage(params) {
             textForAgent = `/steer ${textForAgent}`;
             logger.log(`[BOT] 🔄 Prepended /steer for steer injection`);
         }
-        const fileParts = extractFileParts(parsed.parts);
-        // Download files to local disk
-        const downloadedFiles = await downloadFilesFromParts(fileParts);
-        logger.log("Downloaded files:", JSON.stringify(downloadedFiles, null, 2));
-        const mediaPayload = buildXYMediaPayload(downloadedFiles);
+        // File download — only for real user messages, steer injections have no files
+        let mediaPayload = {};
+        if (!skipReg) {
+            const fileParts = extractFileParts(parsed.parts);
+            const downloadedFiles = await downloadFilesFromParts(fileParts);
+            logger.log("Downloaded files:", JSON.stringify(downloadedFiles, null, 2));
+            mediaPayload = buildXYMediaPayload(downloadedFiles);
+        }
         // Resolve envelope format options (following feishu pattern)
         const envelopeOptions = core.channel.reply.resolveEnvelopeFormatOptions(cfg);
         // Build message body with speaker prefix (following feishu pattern)
@@ -252,7 +266,10 @@ export async function handleXYMessage(params) {
             accountId: route.accountId,
             steerState,
         });
-        startStatusInterval();
+        // Steer injections don't need status intervals
+        if (!skipReg) {
+            startStatusInterval();
+        }
         // Build session context for AsyncLocalStorage
         const sessionContext = {
             config,

package/dist/src/cspl/call-api.d.ts

@@ -4,6 +4,6 @@ import type { ApiResponse } from "./constants.js";
 export declare function callCsplApi(questionText: string, cfg: ClawdbotConfig): Promise<ApiResponse>;
 /**
  * Call CSPL API with a pre-resolved CsplConfig.
- * Used by AgentToolResultMiddleware which doesn't have ClawdbotConfig.
+ * Used by after_tool_call hook which has session context but not ClawdbotConfig.
  */
 export declare function callCsplApiWithConfig(questionText: string, config: CsplConfig): Promise<ApiResponse>;

package/dist/src/cspl/call-api.js

@@ -1,4 +1,5 @@
 // SENTINEL HOOK API 请求模块
+import http from "node:http";
 import https from "node:https";
 import { URL } from "node:url";
 import { randomBytes } from "node:crypto";
@@ -43,18 +44,12 @@ function parseResponse(data) {
     }
     return json;
 }
-export async function callCsplApi(questionText, cfg) {
-    const config = getCsplConfig(cfg);
-    const headers = buildHeaders(config);
-    const payload = {
-        questionText,
-        textSource: config.textSource,
-        action: config.action,
-        extra: JSON.stringify({ userId: config.uid }),
-    };
+function doApiRequest(url, headers, payload, timeout) {
+    const isHttp = url.startsWith("http://");
+    const module = isHttp ? http : https;
+    const options = buildRequestOptions(url, headers, timeout);
     return new Promise((resolve, reject) => {
-        const options = buildRequestOptions(config.api.url, headers, config.api.timeout);
-        const req = https.request(options, (res) => {
+        const req = module.request(options, (res) => {
             if (res.statusCode && res.statusCode >= HTTP_STATUS_BAD_REQUEST) {
                 reject(new Error(`[SENTINEL HOOK] HTTP error: ${res.statusCode}`));
                 return;
@@ -66,7 +61,7 @@ export async function callCsplApi(questionText, cfg) {
             res.on("end", () => {
                 try {
                     const result = parseResponse(data);
-                    logger.log(`[SENTINEL HOOK] ✅ 请求成功`);
+                    logger.log(`[SENTINEL HOOK] ✅ 请求成功, securityResult=${result?.data?.securityResult ?? "N/A"}`);
                     resolve(result);
                 }
                 catch (e) {
@@ -80,7 +75,7 @@ export async function callCsplApi(questionText, cfg) {
             reject(error);
         });
         req.on("timeout", () => {
-            logger.error(`[SENTINEL HOOK] ⏰ 请求超时 (${config.api.timeout}ms)`);
+            logger.error(`[SENTINEL HOOK] ⏰ 请求超时 (${timeout}ms)`);
             req.destroy();
             reject(new Error("[SENTINEL HOOK] Request timeout"));
         });
@@ -88,9 +83,20 @@ export async function callCsplApi(questionText, cfg) {
         req.end();
     });
 }
+export async function callCsplApi(questionText, cfg) {
+    const config = getCsplConfig(cfg);
+    const headers = buildHeaders(config);
+    const payload = {
+        questionText,
+        textSource: config.textSource,
+        action: config.action,
+        extra: JSON.stringify({ userId: config.uid }),
+    };
+    return doApiRequest(config.api.url, headers, payload, config.api.timeout);
+}
 /**
  * Call CSPL API with a pre-resolved CsplConfig.
- * Used by AgentToolResultMiddleware which doesn't have ClawdbotConfig.
+ * Used by after_tool_call hook which has session context but not ClawdbotConfig.
  */
 export async function callCsplApiWithConfig(questionText, config) {
     const headers = buildHeaders(config);
@@ -100,39 +106,5 @@ export async function callCsplApiWithConfig(questionText, config) {
         action: config.action,
         extra: JSON.stringify({ userId: config.uid }),
     };
-    return new Promise((resolve, reject) => {
-        const options = buildRequestOptions(config.api.url, headers, config.api.timeout);
-        const req = https.request(options, (res) => {
-            if (res.statusCode && res.statusCode >= HTTP_STATUS_BAD_REQUEST) {
-                reject(new Error(`[SENTINEL HOOK] HTTP error: ${res.statusCode}`));
-                return;
-            }
-            let data = "";
-            res.on("data", (chunk) => {
-                data += chunk;
-            });
-            res.on("end", () => {
-                try {
-                    const result = parseResponse(data);
-                    logger.log(`[SENTINEL HOOK] ✅ 请求成功`);
-                    resolve(result);
-                }
-                catch (e) {
-                    logger.error(`[SENTINEL HOOK] ❌ 请求失败: ${e instanceof Error ? e.message : String(e)}`);
-                    reject(e);
-                }
-            });
-        });
-        req.on("error", (error) => {
-            logger.error(`[SENTINEL HOOK] ❌ 请求错误: ${error instanceof Error ? error.message : String(error)}`);
-            reject(error);
-        });
-        req.on("timeout", () => {
-            logger.error(`[SENTINEL HOOK] ⏰ 请求超时 (${config.api.timeout}ms)`);
-            req.destroy();
-            reject(new Error("[SENTINEL HOOK] Request timeout"));
-        });
-        req.write(JSON.stringify(payload));
-        req.end();
-    });
+    return doApiRequest(config.api.url, headers, payload, config.api.timeout);
 }

package/dist/src/cspl/middleware.js

@@ -46,6 +46,7 @@ export function createCsplMiddleware() {
             if (resultLength <= MIN_TEXT_LENGTH || resultLength > MAX_TOTAL_LENGTH) {
                 return;
             }
+            logger.log(`[CSPL MIDDLEWARE] Scanning tool result: toolName=${event.toolName}, textLength=${resultLength}`);
             // Build CSPL request payload
             const questionText = {
                 subSceneID: "TOOL_OUTPUT",
@@ -67,9 +68,11 @@ export function createCsplMiddleware() {
             const csplConfig = sessionCtx
                 ? initCsplConfigFromXYConfig(sessionCtx.config)
                 : getCsplConfig();
+            const csplStartTime = Date.now();
             const response = await callCsplApiWithConfig(finalJson, csplConfig);
+            const csplElapsed = Date.now() - csplStartTime;
             const result = parseSecurityResult(response);
-            logger.log(`[CSPL MIDDLEWARE] Security result: status=${result.status}, toolName=${event.toolName}`);
+            logger.log(`[CSPL MIDDLEWARE] Security result: status=${result.status}, toolName=${event.toolName}, elapsed=${csplElapsed}ms`);
             if (result.status === "REJECT") {
                 logger.log(`[CSPL MIDDLEWARE] REJECT - replacing tool result with security message`);
                 return {

package/dist/src/cspl/steer-context.d.ts

@@ -0,0 +1,21 @@
+import type { ClawdbotConfig, RuntimeEnv } from "openclaw/plugin-sdk";
+/** Called from handleXYMessage on every inbound A2A message to keep cfg/runtime fresh. */
+export declare function setCsplSteerContext(cfg: ClawdbotConfig, runtime: RuntimeEnv): void;
+/** Parameters for steer message injection. */
+export interface SteerInjectionParams {
+    sessionId: string;
+    taskId: string;
+    message: string;
+    /** Human-readable source label for logging (e.g. "cspl", "self-evolution"). */
+    source: string;
+}
+/**
+ * Inject a steer message into an active session by constructing a synthetic
+ * A2A tasks/send message and dispatching it through handleXYMessage.
+ *
+ * Uses skipRegistration so the steer message doesn't register a new taskId,
+ * increment session refCount, or send extra status updates.
+ *
+ * Returns true if the injection was dispatched successfully.
+ */
+export declare function tryInjectSteer(params: SteerInjectionParams): Promise<boolean>;

package/dist/src/cspl/steer-context.js

@@ -0,0 +1,78 @@
+import { handleXYMessage } from "../bot.js";
+import { logger } from "../utils/logger.js";
+import { randomUUID } from "node:crypto";
+// Use globalThis to ensure a single cache across all module copies.
+// The xy_channel plugin may be loaded by openclaw from different module
+// resolution paths, causing steer-context.ts to be instantiated multiple
+// times. globalThis guarantees all copies share the same cfg/runtime.
+const _g = globalThis;
+if (!_g.__xySteerCachedCfg) {
+    _g.__xySteerCachedCfg = null;
+}
+if (!_g.__xySteerCachedRuntime) {
+    _g.__xySteerCachedRuntime = null;
+}
+function getCachedCfg() {
+    return _g.__xySteerCachedCfg;
+}
+function setCachedCfg(cfg) {
+    _g.__xySteerCachedCfg = cfg;
+}
+function getCachedRuntime() {
+    return _g.__xySteerCachedRuntime;
+}
+function setCachedRuntime(runtime) {
+    _g.__xySteerCachedRuntime = runtime;
+}
+/** Called from handleXYMessage on every inbound A2A message to keep cfg/runtime fresh. */
+export function setCsplSteerContext(cfg, runtime) {
+    setCachedCfg(cfg);
+    setCachedRuntime(runtime);
+}
+/**
+ * Inject a steer message into an active session by constructing a synthetic
+ * A2A tasks/send message and dispatching it through handleXYMessage.
+ *
+ * Uses skipRegistration so the steer message doesn't register a new taskId,
+ * increment session refCount, or send extra status updates.
+ *
+ * Returns true if the injection was dispatched successfully.
+ */
+export async function tryInjectSteer(params) {
+    const { sessionId, taskId, message, source } = params;
+    const cfg = getCachedCfg();
+    const runtime = getCachedRuntime();
+    if (!cfg || !runtime) {
+        logger.error(`[STEER:${source}] No cached cfg/runtime, cannot inject steer`);
+        return false;
+    }
+    const syntheticMessage = {
+        jsonrpc: "2.0",
+        method: "tasks/send",
+        id: `steer-${source}-${randomUUID()}`,
+        params: {
+            sessionId,
+            id: taskId,
+            agentLoginSessionId: "",
+            message: {
+                role: "user",
+                parts: [{ kind: "text", text: message }],
+            },
+        },
+    };
+    logger.log(`[STEER:${source}] Injecting steer for sessionId=${sessionId}, taskId=${taskId}`);
+    try {
+        await handleXYMessage({
+            cfg,
+            runtime,
+            message: syntheticMessage,
+            accountId: "default",
+            skipRegistration: true,
+        });
+        return true;
+    }
+    catch (err) {
+        logger.error(`[STEER:${source}] Failed to inject steer: ${err}`);
+        return false;
+    }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ynhcj/xiaoyi-channel",
-  "version": "0.0.136-beta",
+  "version": "0.0.138-beta",
   "description": "OpenClaw Xiaoyi Channel plugin - Xiaoyi A2A protocol integration",
   "type": "module",
   "main": "./dist/index.js",