@ynhcj/xiaoyi-channel 0.0.150-beta → 0.0.151-beta

package/dist/src/cspl/utils.js

@@ -1,10 +1,21 @@
-// CSPL Hook 工具函数
-import { MAX_TEXT_LENGTH, regex, SECURITY_NOTICE } from "./constants.js";
+/*
+ * 版权所有 (c) 华为技术有限公司 2026-2026
+ */
+import { MAX_TEXT_LENGTH, regex, SECURITY_NOTICE, MAX_FILE_COUNT, MAX_COMMAND_LENGTH, CODE_FILE_EXTENSIONS, TOOL_INPUT_DEFAULT, FILE_EXTENSION_REGEX } from './constants.js';
+import crypto from 'crypto';
+import fs from 'fs';
+import path from 'path';
+import { Buffer } from 'buffer';
+import { callApi } from './call_api.js';
+import { uploadFileToObsMain } from './upload_file.js';
+import { logger } from '../utils/logger.js';
+// 文本过滤函数：仅保留中文、英文、数字、标点符号
 export function filterText(text) {
     if (!text)
         return "";
-    return text.replace(new RegExp(regex.source, "g"), "");
+    return text.replace(new RegExp(regex.source, 'g'), '');
 }
+// 文本验证和截断函数
 export function validateAndTruncateText(text, maxLength) {
     if (text.length > maxLength) {
         const halfMaxLength = Math.floor(maxLength / 2);
@@ -16,7 +27,8 @@ export function validateAndTruncateText(text, maxLength) {
 }
 export function extractResultText(event, toolName) {
     const resultTexts = [];
-    if (toolName === "web_fetch") {
+    // web_fetch工具特殊处理：从details.text提取
+    if (toolName === 'web_fetch') {
         if (event.result?.details?.text) {
             let text = event.result.details.text;
             text = text.replace(SECURITY_NOTICE, '');
@@ -24,6 +36,7 @@ export function extractResultText(event, toolName) {
         }
         return resultTexts.length > 0 ? resultTexts.join("; ") : "";
     }
+    // 白名单工具：从content[].text提取
     if (event.result?.content && Array.isArray(event.result.content)) {
         for (const item of event.result.content) {
             if (item?.text) {
@@ -33,27 +46,264 @@ export function extractResultText(event, toolName) {
     }
     return resultTexts.length > 0 ? resultTexts.join("; ") : "";
 }
-export function processText(resultText) {
+export function processText(resultText, api) {
     const questionText = filterText(resultText);
-    const { text: finalText } = validateAndTruncateText(questionText, MAX_TEXT_LENGTH);
+    // 检查是否超过4096字符限制，进行截断
+    const { text: finalText, truncated } = validateAndTruncateText(questionText, MAX_TEXT_LENGTH);
+    if (truncated) {
+        logger.warn(`[SENTINEL HOOK] filterText exceeds ${MAX_TEXT_LENGTH}. Original length: ${questionText.length}`);
+    }
     return finalText;
 }
 export function parseSecurityResult(response) {
     if (response === null || response === undefined) {
-        throw new Error("Response is null or undefined");
+        throw new Error('Response is null or undefined');
     }
-    if (!response.data || typeof response.data !== "object") {
-        throw new Error("Response.data is missing or not an object");
+    if (response.data === null || response.data === undefined || typeof response.data !== 'object') {
+        throw new Error('Response.data is null, undefined or not an object');
     }
-    const securityResult = response.data.securityResult;
-    if (typeof securityResult !== "string") {
-        throw new Error("Response.data.securityResult is missing or not a string");
+    if (!('securityResult' in response.data) || typeof response.data.securityResult !== 'string') {
+        throw new Error('Response.data.securityResult is missing or not a string');
     }
+    const securityResult = response.data.securityResult;
     if (securityResult !== securityResult.trim()) {
-        throw new Error("Response.data.securityResult contains leading or trailing spaces");
+        throw new Error('Response.data.securityResult contains leading or trailing spaces');
     }
-    if (securityResult !== "ACCEPT" && securityResult !== "REJECT") {
-        throw new Error(`Response.data.securityResult must be "ACCEPT" or "REJECT". Actual: "${securityResult}"`);
+    if (securityResult !== 'ACCEPT' && securityResult !== 'REJECT') {
+        throw new Error(`Response.data.securityResult must be "ACCEPT" or "REJECT". Actual value: "${securityResult}"`);
     }
     return { status: securityResult };
 }
+// 从event对象中提取工具输入参数
+export function extractInputParams(event, toolName) {
+    if (toolName === 'exec') {
+        return event.params?.command || '';
+    }
+    else if (toolName === 'message') {
+        return event.params?.message || '';
+    }
+    return '';
+}
+// 从shell命令中提取文件路径
+export function extractFilePathsFromCommand(command) {
+    if (!command) {
+        return [];
+    }
+    // 命令字符串超过1K则截断
+    let processedCommand = command;
+    if (command.length > MAX_COMMAND_LENGTH) {
+        processedCommand = command.substring(0, MAX_COMMAND_LENGTH);
+    }
+    // 使用空格分割命令字符串
+    const parts = processedCommand.split(' ');
+    const results = [];
+    let currentBaseDir = ''; // 当前基础目录
+    let expectBaseDir = false; // flag：下一个元素是cd后的基础目录
+    // 遍历分割后的命令部分
+    for (const part of parts) {
+        // 忽略空字符串
+        if (!part) {
+            continue;
+        }
+        // 处理cd命令后的基础目录
+        if (expectBaseDir) {
+            currentBaseDir = part;
+            expectBaseDir = false;
+            continue;
+        }
+        // 识别cd命令
+        if (part === 'cd') {
+            expectBaseDir = true;
+            continue;
+        }
+        // 处理代码文件
+        const absolutePath = processCodeFile(part, currentBaseDir);
+        if (absolutePath && !results.includes(absolutePath)) {
+            results.push(absolutePath);
+            if (results.length >= MAX_FILE_COUNT) {
+                break;
+            }
+        }
+    }
+    return results;
+}
+// 检查是否为代码文件
+function isCodeFile(filePath) {
+    const lastDotIndex = filePath.lastIndexOf('.');
+    if (lastDotIndex === -1) {
+        return { isCodeFile: false, cleanPath: null };
+    }
+    let orign_extension = filePath.substring(lastDotIndex + 1).toLowerCase();
+    orign_extension = orign_extension.replace(FILE_EXTENSION_REGEX, ' ');
+    const extension = orign_extension.split(' ')[0];
+    if (!CODE_FILE_EXTENSIONS.includes(extension)) {
+        return { isCodeFile: false, cleanPath: null };
+    }
+    const cleanPath = `${filePath.substring(0, lastDotIndex + 1)}${extension}`;
+    return { isCodeFile: true, cleanPath: cleanPath };
+}
+// 构建绝对路径
+function buildAbsolutePath(filePath, baseDir) {
+    if (path.isAbsolute(filePath)) {
+        return filePath;
+    }
+    if (baseDir) {
+        return `${baseDir}/${filePath}`;
+    }
+    return filePath;
+}
+// 处理代码文件，返回绝对路径
+function processCodeFile(part, currentBaseDir) {
+    const { isCodeFile: isCodeFileResult, cleanPath } = isCodeFile(part);
+    if (!isCodeFileResult) {
+        return null;
+    }
+    return buildAbsolutePath(cleanPath, currentBaseDir);
+}
+// 计算字符串的SHA256哈希值
+export function calculateContentHash(content) {
+    if (!content) {
+        return '';
+    }
+    return crypto.createHash('sha256').update(content, 'utf8').digest('hex');
+}
+// 获取文件大小（KB）
+export function getFileSizeInKB(filePath) {
+    try {
+        const stats = fs.statSync(filePath);
+        return Math.ceil(stats.size / 1024);
+    }
+    catch (error) {
+        return 0;
+    }
+}
+// 动态计算content字段长度，确保body总长度<=4096
+export function adjustContentLength(data, api, fields) {
+    const adjusted = { ...data };
+    let bodyStr = JSON.stringify(adjusted);
+    if (bodyStr.length <= MAX_TEXT_LENGTH) {
+        return adjusted;
+    }
+    // 需要截断指定字段
+    let lastFieldName = '';
+    for (const fieldName of fields) {
+        lastFieldName = fieldName;
+        bodyStr = JSON.stringify(adjusted);
+        const overSize = bodyStr.length - MAX_TEXT_LENGTH;
+        const currentFieldValue = adjusted[fieldName];
+        if (currentFieldValue && typeof currentFieldValue === 'string' && currentFieldValue.length > overSize) {
+            // 从字段头部开始截断
+            adjusted[fieldName] = currentFieldValue.substring(0, currentFieldValue.length - overSize);
+            logger.warn(`[SENTINEL HOOK] Field "${fieldName}" truncated by ${overSize} characters to fit ${MAX_TEXT_LENGTH} limit`);
+        }
+        else {
+            // 字段太短，清空字段
+            adjusted[fieldName] = '';
+            logger.warn(`[SENTINEL HOOK] Field "${fieldName}" cleared as it cannot fit within size limit`);
+        }
+        // 检查是否满足要求
+        bodyStr = JSON.stringify(adjusted);
+        if (bodyStr.length <= MAX_TEXT_LENGTH) {
+            break;
+        }
+    }
+    bodyStr = JSON.stringify(adjusted);
+    if (bodyStr.length > MAX_TEXT_LENGTH) {
+        throw new Error(`Field ${lastFieldName} exceeds length limit, unable to send data.`);
+    }
+    return adjusted;
+}
+// 发送TOOL_INPUT请求并处理响应
+async function sendToolInputRequest(postText, api, sessionId) {
+    const response = await callApi(postText, api, sessionId);
+    const result = parseSecurityResult(response);
+    logger.log(`[SENTINEL HOOK] TOOL_INPUT response: status=${result.status}`);
+}
+// 处理exec工具的TOOL_INPUT数据采集
+export async function handleExecToolInput(event, api, sessionId) {
+    const command = extractInputParams(event, 'exec');
+    if (!command) {
+        logger.log('[SENTINEL HOOK] No command found for exec tool');
+        return null;
+    }
+    // 解析命令提取文件路径
+    const filePaths = extractFilePathsFromCommand(command);
+    if (filePaths.length > 0) {
+        // 场景1：执行代码文件
+        logger.log(`[SENTINEL HOOK] Found ${filePaths.length} file(s) in command`);
+        const nonExistingFiles = [];
+        for (const filePath of filePaths) {
+            if (!fs.existsSync(filePath)) {
+                nonExistingFiles.push(filePath);
+                continue;
+            }
+            const fileContent = fs.readFileSync(filePath, 'utf8');
+            const fileHash = calculateContentHash(fileContent);
+            const fileSize = getFileSizeInKB(filePath);
+            const obsUrl = await uploadFileToObsMain(filePath, api, fileHash, sessionId);
+            const toolInputData = { ...TOOL_INPUT_DEFAULT, tool: 'exec', hash: fileHash, url: obsUrl, size: fileSize,
+                source: command, content: fileContent };
+            const adjustedData = adjustContentLength(toolInputData, api, ['content', 'source']);
+            const postText = JSON.stringify(adjustedData);
+            logger.log(`[SENTINEL HOOK] Sending TOOL_INPUT for file: ${path.basename(filePath)}, body length: ${postText.length}`);
+            try {
+                await sendToolInputRequest(postText, api, sessionId);
+            }
+            catch (e) {
+                logger.error(`[SENTINEL HOOK] Sending TOOL_INPUT Failed: ${e}`);
+            }
+        }
+        // 输出不存在的文件列表
+        if (nonExistingFiles.length > 0) {
+            const fileNames = nonExistingFiles.map(f => path.basename(f)).join(', ');
+            logger.log(`[SENTINEL HOOK] Non-existing files: ${fileNames}`);
+        }
+    }
+    else {
+        // 场景2：直接执行代码（heredoc场景）
+        logger.log('[SENTINEL HOOK] No code files found in command, treating as direct code execution');
+        const commandHash = calculateContentHash(command);
+        const commandSizeKB = Math.ceil(Buffer.byteLength(command, 'utf8') / 1024);
+        const toolInputData = { ...TOOL_INPUT_DEFAULT, tool: 'exec', hash: commandHash, size: commandSizeKB, source: command };
+        const adjustedData = adjustContentLength(toolInputData, api, ['source']);
+        const postText = JSON.stringify(adjustedData);
+        logger.log(`[SENTINEL HOOK] Sending TOOL_INPUT for direct code execution, body length: ${postText.length}`);
+        await sendToolInputRequest(postText, api, sessionId);
+    }
+}
+// 处理message工具的TOOL_INPUT数据采集
+export async function handleMessageToolInput(event, api, sessionId) {
+    const message = extractInputParams(event, 'message');
+    if (!message) {
+        logger.log('[SENTINEL HOOK] No message found for message tool');
+        return null;
+    }
+    logger.log(`[SENTINEL HOOK] Processing message tool input, message length: ${message.length}`);
+    const messageHash = calculateContentHash(message);
+    const messageSizeKB = Math.ceil(Buffer.byteLength(message, 'utf8') / 1024);
+    const toolInputData = { ...TOOL_INPUT_DEFAULT, tool: 'message', hash: messageHash, size: messageSizeKB, content: message };
+    const adjustedData = adjustContentLength(toolInputData, api, ['content']);
+    const postText = JSON.stringify(adjustedData);
+    logger.log(`[SENTINEL HOOK] Sending TOOL_INPUT for message, body length: ${postText.length}`);
+    await sendToolInputRequest(postText, api, sessionId);
+}
+// 处理其他工具（非 exec 和非 message）的 TOOL_INPUT 数据采集
+export async function handleOtherToolInput(event, api, sessionId) {
+    const params = event.params;
+    if (!params) {
+        logger.log('[SENTINEL HOOK] No params found for tool');
+        return;
+    }
+    logger.log(`[SENTINEL HOOK] Processing other tool input, toolName: ${event.toolName}`);
+    // 将 params 序列化为 JSON 字符串
+    const paramsJson = JSON.stringify(params);
+    const paramsHash = calculateContentHash(paramsJson);
+    const paramsSizeKB = Math.ceil(Buffer.byteLength(paramsJson, 'utf8') / 1024);
+    // 创建 toolInputData，将 params 放到 source 字段
+    const toolInputData = { ...TOOL_INPUT_DEFAULT, tool: event.toolName, hash: paramsHash, size: paramsSizeKB, content: paramsJson };
+    // 对 source 字段进行长度截断处理
+    const adjustedData = adjustContentLength(toolInputData, api, ['content']);
+    const postText = JSON.stringify(adjustedData);
+    logger.log(`[SENTINEL HOOK] Sending TOOL_INPUT for ${event.toolName}, body length: ${postText.length}`);
+    await sendToolInputRequest(postText, api, sessionId);
+}

package/dist/src/formatter.js

@@ -3,11 +3,48 @@ import { v4 as uuidv4 } from "uuid";
 import { getXYWebSocketManager } from "./client.js";
 import { logger } from "./utils/logger.js";
 import { getCurrentTaskId, getCurrentMessageId } from "./task-manager.js";
+import { redactSensitiveText, containsSensitiveInfo } from "./sensitive-redactor.js";
+import { rewriteOutboundApprovalText } from "./approval-bridge.js";
+// ─────────────────────────────────────────────────────────────
+// 敏感信息脱敏辅助函数
+// ─────────────────────────────────────────────────────────────
+const MESSAGE_CONTENT_KEYS = new Set(["text", "reasoningText", "content", "message"]);
+function redactMessagePayload(value, currentKey) {
+    if (value === null || value === undefined) {
+        return value;
+    }
+    if (typeof value === "string") {
+        if (currentKey === undefined || MESSAGE_CONTENT_KEYS.has(currentKey)) {
+            return redactSensitiveText(value);
+        }
+        return value;
+    }
+    if (Array.isArray(value)) {
+        return value.map(item => redactMessagePayload(item, currentKey));
+    }
+    if (typeof value === "object") {
+        const result = {};
+        for (const key of Object.keys(value)) {
+            result[key] = redactMessagePayload(value[key], key);
+        }
+        return result;
+    }
+    return value;
+}
+function buildTextPreview(text) {
+    if (typeof text !== "string" || text.length === 0) {
+        return "";
+    }
+    return text.length <= 10 ? text : `${text.slice(0, 5)}***${text.slice(-5)}`;
+}
 /**
  * Send an A2A artifact update response.
  */
 export async function sendA2AResponse(params) {
     const { config, sessionId, taskId, messageId, text, append, final, files, errorCode, errorMessage } = params;
+    const log = logger.withContext(sessionId, taskId);
+    // 审批桥接：将 OpenClaw 的审批提示翻译成用户友好的确认文案
+    const bridgedText = text === undefined ? text : rewriteOutboundApprovalText(sessionId, text);
     // Build artifact update event
     const artifact = {
         taskId,
@@ -21,10 +58,10 @@ export async function sendA2AResponse(params) {
         },
     };
     // Add text part (even if empty string, to maintain parts structure)
-    if (text !== undefined) {
+    if (bridgedText !== undefined) {
         artifact.artifact.parts.push({
             kind: "text",
-            text,
+            text: bridgedText,
         });
     }
     // Add file parts if provided
@@ -34,6 +71,8 @@ export async function sendA2AResponse(params) {
             data: { fileInfo: files },
         });
     }
+    // 对消息内容字段做敏感信息脱敏，不修改协议层的 id 等字段
+    artifact.artifact.parts = redactMessagePayload(artifact.artifact.parts, "parts");
     // Build JSON-RPC response
     const jsonRpcResponse = {
         jsonrpc: "2.0",
@@ -46,7 +85,7 @@ export async function sendA2AResponse(params) {
             code: errorCode,
             message: errorMessage ?? "任务执行异常，请重试",
         };
-        logger.log(`[A2A_RESPONSE] ⚠️ Including error code: ${errorCode}`);
+        log.log(`[A2A_RESPONSE] Including error code: ${errorCode}`);
     }
     // Send via WebSocket
     const wsManager = getXYWebSocketManager(config);
@@ -57,14 +96,11 @@ export async function sendA2AResponse(params) {
         taskId,
         msgDetail: JSON.stringify(jsonRpcResponse),
     };
-    // 📋 Log complete response body
-    logger.log(`[A2A_RESPONSE] 📤 Sending A2A artifact-update response: taskId: ${taskId}`);
-    logger.log(`[A2A_RESPONSE]   - append: ${append}`);
-    logger.log(`[A2A_RESPONSE]   - final: ${final}`);
-    logger.log(`[A2A_RESPONSE]   - text: ${text.length <= 10 ? text : text.slice(0, 5) + '***' + text.slice(-5)}`);
-    logger.log(`[A2A_RESPONSE]   - files count: ${files?.length ?? 0}`);
+    // Log complete response body
+    const redactedText = redactSensitiveText(bridgedText ?? "");
+    log.log(`[A2A_RESPONSE] Sending artifact-update, append=${append}, final=${final}, text=${buildTextPreview(redactedText)}, files=${files?.length ?? 0}, sensitive=${containsSensitiveInfo(bridgedText ?? "")}`);
     await wsManager.sendMessage(sessionId, outboundMessage);
-    logger.log(`[A2A_RESPONSE] ✅ Message sent successfully`);
+    log.log(`[A2A_RESPONSE] Message sent successfully`);
 }
 /**
  * Send an A2A artifact-update with reasoningText part.
@@ -73,6 +109,9 @@ export async function sendA2AResponse(params) {
  */
 export async function sendReasoningTextUpdate(params) {
     const { config, sessionId, taskId, messageId, text, append = true } = params;
+    const log = logger.withContext(sessionId, taskId);
+    // 审批桥接
+    const bridgedText = rewriteOutboundApprovalText(sessionId, text);
     const artifact = {
         taskId,
         kind: "artifact-update",
@@ -84,11 +123,13 @@ export async function sendReasoningTextUpdate(params) {
             parts: [
                 {
                     kind: "reasoningText",
-                    reasoningText: text,
+                    reasoningText: bridgedText,
                 },
             ],
         },
     };
+    // 对消息内容字段做敏感信息脱敏
+    artifact.artifact.parts = redactMessagePayload(artifact.artifact.parts, "parts");
     const jsonRpcResponse = {
         jsonrpc: "2.0",
         id: messageId,
@@ -114,21 +155,26 @@ export async function sendStatusUpdate(params) {
     // fall back to closure-captured values
     const currentTaskId = getCurrentTaskId(sessionId) ?? taskId;
     const currentMessageId = getCurrentMessageId(sessionId) ?? messageId;
+    const log = logger.withContext(sessionId, currentTaskId);
+    // 审批桥接和脱敏
+    const bridgedText = rewriteOutboundApprovalText(sessionId, text);
+    const redactedText = redactSensitiveText(bridgedText);
     // Build status update event following A2A protocol standard
+    const statusMessage = redactMessagePayload({
+        role: "agent",
+        parts: [
+            {
+                kind: "text",
+                text: bridgedText,
+            },
+        ],
+    });
     const statusUpdate = {
         taskId: currentTaskId,
         kind: "status-update",
         final: false, // Status updates should not end the stream
         status: {
-            message: {
-                role: "agent",
-                parts: [
-                    {
-                        kind: "text",
-                        text,
-                    },
-                ],
-            },
+            message: statusMessage,
             state,
         },
     };
@@ -147,10 +193,8 @@ export async function sendStatusUpdate(params) {
         taskId: currentTaskId,
         msgDetail: JSON.stringify(jsonRpcResponse),
     };
-    // 📋 Log complete response body
-    logger.log(`[A2A_STATUS] 📤 Sending A2A status-update:`);
-    logger.log(`[A2A_STATUS]   - taskId: ${currentTaskId}`);
-    logger.log(`[A2A_STATUS]   - text: "${text}"`);
+    // Log complete response body
+    log.log(`[A2A_STATUS] Sending status-update, text="${redactedText}"`);
     await wsManager.sendMessage(sessionId, outboundMessage);
 }
 /**
@@ -162,6 +206,7 @@ export async function sendCommand(params) {
     // fall back to closure-captured values
     const currentTaskId = getCurrentTaskId(sessionId) ?? taskId;
     const currentMessageId = getCurrentMessageId(sessionId) ?? messageId;
+    const log = logger.withContext(sessionId, currentTaskId);
     // Build artifact update with command as data
     // Wrap command in commands array as per protocol requirement
     const artifact = {
@@ -182,6 +227,8 @@ export async function sendCommand(params) {
             ],
         },
     };
+    // 对消息内容字段做敏感信息脱敏
+    artifact.artifact.parts = redactMessagePayload(artifact.artifact.parts, "parts");
     // Build JSON-RPC response
     const jsonRpcResponse = {
         jsonrpc: "2.0",
@@ -197,16 +244,17 @@ export async function sendCommand(params) {
         taskId: currentTaskId,
         msgDetail: JSON.stringify(jsonRpcResponse),
     };
-    // 📋 Log complete response body
-    logger.log(`[A2A_COMMAND] 📤 Sending A2A command: taskId: ${currentTaskId}`);
+    // Log complete response body
+    log.log(`[A2A_COMMAND] Sending command`);
     await wsManager.sendMessage(sessionId, outboundMessage);
-    logger.log(`[A2A_COMMAND] ✅ Command sent successfully`);
+    log.log(`[A2A_COMMAND] Command sent successfully`);
 }
 /**
  * Send a clearContext response.
  */
 export async function sendClearContextResponse(params) {
     const { config, sessionId, messageId } = params;
+    const log = logger.withContext(sessionId, "");
     // Build JSON-RPC response for clearContext
     const jsonRpcResponse = {
         jsonrpc: "2.0",
@@ -232,13 +280,14 @@ export async function sendClearContextResponse(params) {
         msgDetail: JSON.stringify(jsonRpcResponse),
     };
     await wsManager.sendMessage(sessionId, outboundMessage);
-    logger.log(`Sent clearContext response: sessionId=${sessionId}`);
+    log.log(`[CLEAR_CONTEXT] Sent clearContext response`);
 }
 /**
  * Send a tasks/cancel response.
  */
 export async function sendTasksCancelResponse(params) {
     const { config, sessionId, taskId, messageId } = params;
+    const log = logger.withContext(sessionId, taskId);
     // Build JSON-RPC response for tasks/cancel
     // Note: Using any to bypass type check as the response format differs from standard A2A types
     const jsonRpcResponse = {
@@ -265,13 +314,24 @@ export async function sendTasksCancelResponse(params) {
         msgDetail: JSON.stringify(jsonRpcResponse),
     };
     await wsManager.sendMessage(sessionId, outboundMessage);
-    logger.log(`Sent tasks/cancel response: sessionId=${sessionId}, taskId=${taskId}`);
+    log.log(`[TASKS_CANCEL] Sent tasks/cancel response`);
 }
 /**
  * Send a Trigger response with pushData content.
  */
 export async function sendTriggerResponse(params) {
     const { config, sessionId, taskId, messageId, content } = params;
+    const log = logger.withContext(sessionId, taskId);
+    // 审批桥接和脱敏
+    const bridgedContent = rewriteOutboundApprovalText(sessionId, content);
+    const redactedContent = redactSensitiveText(bridgedContent);
+    // 对消息内容做敏感信息脱敏
+    const artifactParts = redactMessagePayload([
+        {
+            kind: "text",
+            text: bridgedContent,
+        },
+    ], "parts");
     // Build JSON-RPC response for Trigger
     const jsonRpcResponse = {
         jsonrpc: "2.0",
@@ -284,12 +344,7 @@ export async function sendTriggerResponse(params) {
             final: true,
             artifact: {
                 artifactId: uuidv4(),
-                parts: [
-                    {
-                        kind: "text",
-                        text: content,
-                    },
-                ],
+                parts: artifactParts,
             },
         },
         error: {
@@ -306,7 +361,7 @@ export async function sendTriggerResponse(params) {
         taskId,
         msgDetail: JSON.stringify(jsonRpcResponse),
     };
-    logger.log(`[TRIGGER_RESPONSE] Sending Trigger response: sessionId=${sessionId}, taskId=${taskId}`);
+    log.log(`[TRIGGER_RESPONSE] Sending Trigger response, text=${buildTextPreview(redactedContent)}`);
     await wsManager.sendMessage(sessionId, outboundMessage);
-    logger.log(`[TRIGGER_RESPONSE] Trigger response sent successfully`);
+    log.log(`[TRIGGER_RESPONSE] Trigger response sent successfully`);
 }