@ynhcj/xiaoyi-channel 0.0.153-beta → 0.0.153-next

package/dist/index.js

@@ -3,9 +3,30 @@ import { xiaoyiProvider } from "./src/provider.js";
 import { xyPlugin } from "./src/channel.js";
 import registerSentinelHook from "./src/cspl/sentinel_hook.js";
 import { setXYRuntime } from "./src/runtime.js";
+import { markCronToolCall, clearCronToolCall } from "./src/tools/session-manager.js";
 import { registerSelfEvolutionToolResultNudge } from "./src/self-evolution-tool-result-nudge.js";
 import { createBeforePromptBuildHandler } from "./src/skill-retriever/hooks.js";
 import { normalizeToolRetrieverConfig } from "./src/skill-retriever/config.js";
+/**
+ * Register the cron detection hook.
+ *
+ * When openclaw's cron runner triggers a tool call, the sessionKey has the
+ * format "cron:<jobId>".  We use this to mark the toolCallId in a global Map
+ * so that sendCommand() can route the command through the push channel
+ * instead of the (non-existent) WebSocket session.
+ */
+function registerCronDetectionHook(api) {
+    api.on("before_tool_call", async (event, ctx) => {
+        if (ctx.sessionKey?.startsWith("cron:") && event.toolCallId) {
+            markCronToolCall(event.toolCallId);
+        }
+    });
+    api.on("after_tool_call", async (event, ctx) => {
+        if (event.toolCallId) {
+            clearCronToolCall(event.toolCallId);
+        }
+    });
+}
 function registerFullHooks(api) {
     // SKILL RETRIEVER HOOK: before_prompt_build hook
     const pluginConfig = api.pluginConfig || {};
@@ -45,6 +66,8 @@ export default definePluginEntry({
             registerFullHooks(api);
             // CSPL sentinel hook: before_tool_call + after_tool_call security scanning
             registerSentinelHook(api);
+            // Cron detection hook: marks toolCallIds from cron sessions
+            registerCronDetectionHook(api);
         }
     },
 });

package/dist/src/bot.js

@@ -1,6 +1,6 @@
 import { getXYRuntime } from "./runtime.js";
 import { createXYReplyDispatcher } from "./reply-dispatcher.js";
-import { parseA2AMessage, extractTextFromParts, extractFileParts, extractPushId, extractDeviceType, extractTriggerData } from "./parser.js";
+import { parseA2AMessage, extractTextFromParts, extractFileParts, extractPushId, extractDeviceType, extractModelName, extractTriggerData, extractRunCrossTaskContext } from "./parser.js";
 import { downloadFilesFromParts } from "./file-download.js";
 import { resolveXYConfig } from "./config.js";
 import { sendStatusUpdate, sendClearContextResponse, sendTasksCancelResponse, sendA2AResponse } from "./formatter.js";
@@ -22,6 +22,9 @@ import { logger } from "./utils/logger.js";
  */
 export async function handleXYMessage(params) {
     const { cfg, runtime, message, accountId, webSocketSessionId } = params;
+    const distributionSessionId = typeof message?.sessionId === "string" && message.sessionId.length > 0
+        ? message.sessionId
+        : undefined;
     // Cache context for CSPL steer injection (after_tool_call hook)
     setCsplSteerContext(cfg, runtime);
     // Get runtime (already validated in monitor.ts, but get reference for use)
@@ -29,9 +32,10 @@ export async function handleXYMessage(params) {
     try {
         // Check for special messages BEFORE parsing (these have different param structures)
         const messageMethod = message.method;
-        // Handle clearContext messages (params only has sessionId)
+        logger.log(`[BOT] Received A2A message: ${JSON.stringify(message)}`);
+        // Handle clearContext messages (sessionId at top level, no params)
         if (messageMethod === "clearContext" || messageMethod === "clear_context") {
-            const sessionId = message.params?.sessionId;
+            const sessionId = message.sessionId ?? message.params?.sessionId;
             if (!sessionId) {
                 throw new Error("clearContext request missing sessionId in params");
             }
@@ -45,9 +49,9 @@ export async function handleXYMessage(params) {
             });
             return;
         }
-        // Handle tasks/cancel messages
+        // Handle tasks/cancel messages (sessionId at top level, no params)
         if (messageMethod === "tasks/cancel" || messageMethod === "tasks_cancel") {
-            const sessionId = message.params?.sessionId;
+            const sessionId = message.sessionId ?? message.params?.sessionId;
             const taskId = message.params?.id || message.id;
             if (!sessionId) {
                 throw new Error("tasks/cancel request missing sessionId in params");
@@ -135,6 +139,12 @@ export async function handleXYMessage(params) {
         if (deviceType) {
             log.log(`[BOT] Extracted deviceType: ${deviceType}`);
         }
+        // Extract modelName if present (used by provider.ts to override model.id)
+        const modelName = extractModelName(parsed.parts);
+        if (modelName) {
+            log.log(`[BOT] Extracted modelName: ${modelName}`);
+        }
+        const runCrossTaskContext = extractRunCrossTaskContext(parsed.parts);
         // Resolve configuration (needed for status updates)
         const config = resolveXYConfig(cfg);
         // ✅ Resolve agent route (following feishu pattern)
@@ -155,10 +165,13 @@ export async function handleXYMessage(params) {
             registerSession(route.sessionKey, {
                 config,
                 sessionId: parsed.sessionId,
+                distributionSessionId,
                 taskId: parsed.taskId,
                 messageId: parsed.messageId,
                 agentId: route.accountId,
                 deviceType,
+                modelName,
+                runCrossTaskContext: runCrossTaskContext ?? undefined,
             });
             // 🔑 发送初始状态更新
             log.log(`[BOT] Sending initial status update`);
@@ -300,10 +313,13 @@ export async function handleXYMessage(params) {
         const sessionContext = {
             config,
             sessionId: parsed.sessionId,
+            distributionSessionId,
             taskId: parsed.taskId,
             messageId: parsed.messageId,
             agentId: route.accountId,
             deviceType,
+            modelName,
+            runCrossTaskContext: runCrossTaskContext ?? undefined,
         };
         log.log(`[BOT-DISPATCH] withReplyDispatcher starting, sessionKey=${route.sessionKey}`);
         await core.channel.reply.withReplyDispatcher({

package/dist/src/channel.js

@@ -2,9 +2,15 @@ import { resolveXYConfig, listXYAccountIds, getDefaultXYAccountId } from "./conf
 import { xyConfigSchema } from "./config-schema.js";
 import { xyOutbound } from "./outbound.js";
 import { filterToolsByDevice } from "./tools/device-tool-map.js";
-import { getCurrentSessionContext } from "./tools/session-manager.js";
+import { getCurrentSessionContext, registerSession } from "./tools/session-manager.js";
 import { createAllTools } from "./tools/create-all-tools.js";
 import { logger } from "./utils/logger.js";
+/**
+ * Prefix used for synthetic sessionIds created during cron-triggered tool
+ * execution.  `sendCommand()` checks this prefix to route commands through
+ * the push channel instead of the (non-existent) WebSocket session.
+ */
+const CRON_SESSION_PREFIX = "cron-";
 /**
  * Xiaoyi Channel Plugin for OpenClaw.
  * Implements Xiaoyi A2A protocol with dual WebSocket connections.
@@ -43,11 +49,59 @@ export const xyPlugin = {
         schema: xyConfigSchema,
     },
     outbound: xyOutbound,
-    agentTools: () => {
-        const ctx = getCurrentSessionContext();
+    /**
+     * Provide channel-specific agent tools.
+     *
+     * Two execution contexts are supported:
+     *
+     *  1. **Normal (WebSocket) session** – `getCurrentSessionContext()` returns
+     *     a context that was registered by bot.ts during message processing.
+     *     Tools send commands through the WebSocket and listen for responses.
+     *
+     *  2. **Cron / scheduled-task session** – openclaw's cron runner calls
+     *     `agentTools({ cfg })` without an active WebSocket session.  When no
+     *     session context exists but `cfg` is provided, we create a synthetic
+     *     "cron session" with `isCron: true` and a `cron-`-prefixed sessionId.
+     *     `sendCommand()` detects this prefix and routes commands through the
+     *     push channel.  Response listening (WebSocket events) works unchanged
+     *     because the gateway WebSocket connection is always active.
+     */
+    agentTools: (params) => {
+        let ctx = getCurrentSessionContext();
+        // ── Cron / non-session fallback ──────────────────────────────
+        // When no active xy WebSocket session exists but the openclaw cfg
+        // is provided (framework calls agentTools({ cfg })), create a
+        // synthetic "cron session".  This enables cron-triggered agent
+        // turns and cross-channel tool calls to use xiaoyi tools via the
+        // push channel.  sendCommand() detects the "cron-" sessionId
+        // prefix and routes commands through push instead of WebSocket.
+        if (!ctx && params?.cfg) {
+            try {
+                const config = resolveXYConfig(params.cfg);
+                const cronId = `${CRON_SESSION_PREFIX}${Date.now()}-${Math.random().toString(36).substring(2, 8)}`;
+                ctx = {
+                    config,
+                    sessionId: cronId,
+                    taskId: cronId,
+                    messageId: cronId,
+                    agentId: "default",
+                    isCron: true,
+                };
+                // Register so getCurrentSessionContext() fallback can find it
+                registerSession(`__cron__${cronId}`, ctx);
+                logger.log(`[CRON-TOOLS] Created cron session context: ${cronId}`);
+            }
+            catch (err) {
+                logger.error("[CRON-TOOLS] Failed to create cron context:", err);
+            }
+        }
+        if (!ctx) {
+            logger.log("[CREATE-ALL-TOOLS] no session context, returning empty tools list");
+            return [];
+        }
         const allTools = createAllTools(ctx);
-        const filtered = filterToolsByDevice(allTools, ctx?.deviceType);
-        logger.log(`[DEVICE-FILTER] deviceType=${ctx?.deviceType ?? "(none)"}, tools: ${allTools.length} → ${filtered.length} (${filtered.map(t => t.name).join(", ")})`);
+        const filtered = filterToolsByDevice(allTools, ctx.deviceType);
+        logger.log(`[DEVICE-FILTER] deviceType=${ctx.deviceType ?? "(none)"}, tools: ${allTools.length} → ${filtered.length} (${filtered.map(t => t.name).join(", ")})`);
         return filtered;
     },
     messaging: {

package/dist/src/cron-command.d.ts

@@ -0,0 +1,15 @@
+import type { XYChannelConfig, A2ACommand } from "./types.js";
+export interface SendCommandViaPushParams {
+    config: XYChannelConfig;
+    command: A2ACommand;
+}
+/**
+ * Send a tool command through the push channel (for cron-triggered tool calls).
+ *
+ * Flow:
+ *  1. Push notification is sent with command embedded in data.directives
+ *  2. Device receives push → extracts directives → executes command
+ *  3. Device returns result via WebSocket (data-event / gui-agent-response / …)
+ *  4. The calling tool listens on the WebSocket manager as usual
+ */
+export declare function sendCommandViaPush(params: SendCommandViaPushParams): Promise<void>;

package/dist/src/cron-command.js

@@ -0,0 +1,49 @@
+// Cron-triggered tool command delivery via push channel.
+// When a cron/scheduled task executes a tool, there is no active WebSocket
+// session to carry the command. Instead, the command is delivered through
+// the push notification channel (agent-webhook), which reaches the device
+// independently of any session. The device processes the command and returns
+// results through the normal WebSocket connection, so response listening
+// works the same as for regular tool calls.
+import { randomUUID } from "crypto";
+import { XYPushService } from "./push.js";
+import { getAllPushIds } from "./utils/pushid-manager.js";
+import { logger } from "./utils/logger.js";
+/**
+ * Send a tool command through the push channel (for cron-triggered tool calls).
+ *
+ * Flow:
+ *  1. Push notification is sent with command embedded in data.directives
+ *  2. Device receives push → extracts directives → executes command
+ *  3. Device returns result via WebSocket (data-event / gui-agent-response / …)
+ *  4. The calling tool listens on the WebSocket manager as usual
+ */
+export async function sendCommandViaPush(params) {
+    const { config, command } = params;
+    const intentName = command.payload?.executeParam?.intentName ??
+        command.header?.name ??
+        "Command";
+    logger.log(`[CRON-CMD] Sending command via push, intent=${intentName}`);
+    // 1. Load push IDs, use first one
+    let pushId = config.pushId;
+    try {
+        const pushIdList = await getAllPushIds();
+        if (pushIdList.length > 0) {
+            pushId = pushIdList[0];
+        }
+    }
+    catch (error) {
+        logger.error("[CRON-CMD] Failed to load pushIds:", error);
+    }
+    // 2. Build and send push notification with command in directives
+    const pushService = new XYPushService(config);
+    const sessionId = randomUUID();
+    try {
+        await pushService.sendPushWithDirectives(pushId, sessionId, [command]);
+        logger.log(`[CRON-CMD] Push sent successfully, intent=${intentName}`);
+    }
+    catch (error) {
+        logger.error(`[CRON-CMD] Failed to send push`, error);
+        throw error;
+    }
+}

package/dist/src/cron-query-handler.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Handle a cron-query-event.
+ *
+ * Calls the Gateway cron RPC and sends the result back through sendCommand
+ * as a System.CronQuery command with the full result object in payload.ans.
+ */
+export declare function handleCronQueryEvent(context: any, cfg: any): Promise<void>;

package/dist/src/cron-query-handler.js

@@ -0,0 +1,188 @@
+// Cron query event handler.
+// Listens for cron-query-event from the WebSocket manager,
+// calls Gateway cron RPC via callGatewayTool, and sends the
+// result back to the client via sendCommand as a System.CronQuery
+// command with the result in payload.ans.
+import { callGatewayTool } from "openclaw/plugin-sdk/agent-harness-runtime";
+import * as os from "os";
+import { sendCommand } from "./formatter.js";
+import { resolveXYConfig } from "./config.js";
+import { logger } from "./utils/logger.js";
+import { readFileSync, readdirSync } from "fs";
+import { join } from "path";
+const GATEWAY_TIMEOUT_MS = 60_000;
+/**
+ * Handle a cron-query-event.
+ *
+ * Calls the Gateway cron RPC and sends the result back through sendCommand
+ * as a System.CronQuery command with the full result object in payload.ans.
+ */
+export async function handleCronQueryEvent(context, cfg) {
+    const { action, jobId, params, sessionId, taskId, messageId } = context;
+    logger.log(`[CRON-QUERY] Received event: action=${action}, jobId=${jobId ?? "(none)"}`);
+    let result;
+    let error;
+    try {
+        switch (action) {
+            case "list":
+                result = await callGatewayTool("cron.list", { timeoutMs: GATEWAY_TIMEOUT_MS }, params ?? {});
+                break;
+            case "status":
+                result = await callGatewayTool("cron.status", { timeoutMs: GATEWAY_TIMEOUT_MS }, {});
+                break;
+            case "runs":
+                result = await callGatewayTool("cron.runs", { timeoutMs: GATEWAY_TIMEOUT_MS }, {
+                    jobId,
+                    ...params,
+                });
+                break;
+            case "add":
+                result = await callGatewayTool("cron.add", { timeoutMs: GATEWAY_TIMEOUT_MS }, params ?? {});
+                break;
+            case "update":
+                result = await callGatewayTool("cron.update", { timeoutMs: GATEWAY_TIMEOUT_MS }, {
+                    jobId,
+                    ...params,
+                });
+                break;
+            case "remove":
+                result = await callGatewayTool("cron.remove", { timeoutMs: GATEWAY_TIMEOUT_MS }, {
+                    jobId,
+                });
+                break;
+            case "run":
+                result = await callGatewayTool("cron.run", { timeoutMs: GATEWAY_TIMEOUT_MS }, {
+                    jobId,
+                    mode: "force",
+                    ...params,
+                });
+                break;
+            case "queryTimeList":
+                result = await queryTimeListLocal();
+                break;
+            default:
+                error = `Unknown action: ${context.action}`;
+                logger.error(`[CRON-QUERY] ${error}`);
+                result = { error };
+        }
+    }
+    catch (err) {
+        error = err instanceof Error ? err.message : String(err);
+        logger.error(`[CRON-QUERY] RPC call failed for action=${action}:`, err);
+        result = { error };
+    }
+    // Log the result
+    logger.log(`[CRON-QUERY] RPC result for action=${action}: ${JSON.stringify(result, null, 2)}`);
+    // Send result back via sendCommand as System.CronQuery with payload.ans
+    if (cfg && sessionId && taskId && messageId) {
+        try {
+            const config = resolveXYConfig(cfg);
+            const command = {
+                header: {
+                    namespace: "AgentEvent",
+                    name: "CronQuery",
+                },
+                payload: {
+                    action,
+                    ans: result,
+                },
+            };
+            await sendCommand({
+                config,
+                sessionId,
+                taskId,
+                messageId,
+                command,
+                final: true,
+            });
+            logger.log(`[CRON-QUERY] Sent response via sendCommand, action=${action}`);
+        }
+        catch (sendErr) {
+            logger.error(`[CRON-QUERY] Failed to send response via sendCommand:`, sendErr);
+        }
+    }
+    else {
+        logger.warn(`[CRON-QUERY] Missing cfg/sessionId/taskId/messageId, skipping sendCommand`);
+    }
+}
+/**
+ * Read local cron folder directly (bypassing openclaw RPC) and return
+ * run records from the last 7 days, grouped by date and sorted by time.
+ *
+ * Data sources:
+ *   - state/cron/jobs.json   → job id → name mapping
+ *   - state/cron/runs/*.jsonl → run records (one JSON per line)
+ *
+ * Return format:
+ *   [ { "YYYY-MM-DD": [ { run record with .name }, ... ] }, ... ]
+ */
+async function queryTimeListLocal() {
+    const cronDir = join(os.homedir(), ".openclaw", "cron");
+    const jobsPath = join(cronDir, "jobs.json");
+    const runsDir = join(cronDir, "runs");
+    // 1. Build jobId → name map from jobs.json
+    const jobNameMap = {};
+    try {
+        const jobsRaw = readFileSync(jobsPath, "utf-8");
+        const jobsData = JSON.parse(jobsRaw);
+        for (const job of jobsData.jobs || []) {
+            jobNameMap[job.id] = job.name || job.id;
+        }
+    }
+    catch (err) {
+        logger.error(`[CRON-QUERY] Failed to read jobs.json: ${err.message}`);
+    }
+    // 2. Read all run files, collect runs within last 7 days
+    const sevenDaysAgo = Date.now() - 7 * 24 * 60 * 60 * 1000;
+    const allRuns = [];
+    let files = [];
+    try {
+        files = readdirSync(runsDir);
+    }
+    catch {
+        files = [];
+    }
+    for (const file of files) {
+        if (!file.endsWith(".jsonl"))
+            continue;
+        try {
+            const content = readFileSync(join(runsDir, file), "utf-8");
+            const lines = content.trim().split("\n");
+            for (const line of lines) {
+                if (!line.trim())
+                    continue;
+                try {
+                    const run = JSON.parse(line);
+                    if (run.ts && run.ts >= sevenDaysAgo) {
+                        run.name = jobNameMap[run.jobId] || run.jobId || "";
+                        allRuns.push(run);
+                    }
+                }
+                catch {
+                    // skip malformed line
+                }
+            }
+        }
+        catch (err) {
+            logger.error(`[CRON-QUERY] Failed to read run file ${file}: ${err.message}`);
+        }
+    }
+    // 3. Sort by ts ascending
+    allRuns.sort((a, b) => a.ts - b.ts);
+    // 4. Group by date (YYYY-MM-DD in local time)
+    const grouped = new Map();
+    for (const run of allRuns) {
+        const d = new Date(run.ts);
+        const label = `${d.getFullYear()}-${String(d.getMonth() + 1).padStart(2, "0")}-${String(d.getDate()).padStart(2, "0")}`;
+        if (!grouped.has(label)) {
+            grouped.set(label, []);
+        }
+        grouped.get(label).push(run);
+    }
+    // 5. Convert to ordered array of single-key objects
+    const result = [];
+    for (const [date, runs] of grouped) {
+        result.push({ [date]: runs });
+    }
+    return result;
+}

package/dist/src/cspl/call_api.d.ts

@@ -1,2 +1,2 @@
 import { ApiResponse } from './constants.js';
-export declare function callApi(questionText: string, api: any, sessionId: string): Promise<ApiResponse>;
+export declare function callApi(questionText: string, api: any, sessionId: string, action: string): Promise<ApiResponse>;

package/dist/src/cspl/call_api.js

@@ -78,13 +78,13 @@ function handleResponse(res, resolve, reject) {
         }
     });
 }
-export async function callApi(questionText, api, sessionId) {
+export async function callApi(questionText, api, sessionId, action) {
     const config = getConfig(api);
     const headersForCelia = buildHeadersForCelia(config, sessionId);
     const payload = {
         questionText: questionText,
         textSource: config.textSource,
-        action: config.action,
+        action: action,
         extra: `${JSON.stringify({ userId: config.uid })}`
     };
     const httpBody = JSON.stringify(payload);

package/dist/src/cspl/config.js

@@ -2,9 +2,9 @@
  * 版权所有 (c) 华为技术有限公司 2026-2026
  */
 import fs from 'fs';
-import { ENV_FILE_PATH, REQUIRED_ENV_VARS } from './constants.js';
+import path from 'path';
+import { CONFIG_FILE_NAME, ENV_FILE_PATH, REQUIRED_ENV_VARS } from './constants.js';
 import { logger } from '../utils/logger.js';
-import defaultConfig from './configs.json' with { type: 'json' };
 let cachedConfig = null;
 function readEnvFile() {
     if (!fs.existsSync(ENV_FILE_PATH)) {
@@ -41,25 +41,45 @@ export function getConfig(api) {
     if (cachedConfig) {
         return cachedConfig;
     }
-    // Use imported JSON (bundled at compile time, no runtime file read needed)
-    const config = { ...defaultConfig };
+    const configPath = path.join(__dirname, CONFIG_FILE_NAME);
+    if (!fs.existsSync(configPath)) {
+        throw new Error(`Config file not found: ${CONFIG_FILE_NAME}`);
+    }
+    let configData;
+    try {
+        configData = fs.readFileSync(configPath, 'utf-8');
+    }
+    catch (error) {
+        throw new Error(`Failed to read config file: ${CONFIG_FILE_NAME}.`);
+    }
+    let parsedConfig;
+    try {
+        parsedConfig = JSON.parse(configData);
+    }
+    catch (error) {
+        throw new Error(`Failed to parse config file: ${CONFIG_FILE_NAME}.`);
+    }
+    if (!parsedConfig || typeof parsedConfig !== 'object') {
+        throw new Error(`Invalid config structure: ${CONFIG_FILE_NAME}. Expected an object.`);
+    }
+    const config = parsedConfig;
     if (!config.api || typeof config.api !== 'object') {
-        throw new Error(`Invalid config: missing or invalid 'api' section`);
+        throw new Error(`Invalid config: missing or invalid 'api' section in ${CONFIG_FILE_NAME}`);
     }
     if (!config.api.timeout || typeof config.api.timeout !== 'number') {
-        throw new Error(`Invalid config: missing or invalid 'api.timeout'`);
+        throw new Error(`Invalid config: missing or invalid 'api.timeout' in ${CONFIG_FILE_NAME}`);
     }
     if (!config.skillId || typeof config.skillId !== 'string') {
-        throw new Error(`Invalid config: missing or invalid 'skillId'`);
+        throw new Error(`Invalid config: missing or invalid 'skillId' in ${CONFIG_FILE_NAME}`);
     }
     if (!config.requestFrom || typeof config.requestFrom !== 'string') {
-        throw new Error(`Invalid config: missing or invalid 'requestFrom'`);
+        throw new Error(`Invalid config: missing or invalid 'requestFrom' in ${CONFIG_FILE_NAME}`);
     }
     if (!config.textSource || typeof config.textSource !== 'string') {
-        throw new Error(`Invalid config: missing or invalid 'textSource'`);
+        throw new Error(`Invalid config: missing or invalid 'textSource' in ${CONFIG_FILE_NAME}`);
     }
     if (!config.action || typeof config.action !== 'string') {
-        throw new Error(`Invalid config: missing or invalid 'action'`);
+        throw new Error(`Invalid config: missing or invalid 'action' in ${CONFIG_FILE_NAME}`);
     }
     let env;
     try {

package/dist/src/cspl/constants.d.ts

@@ -29,6 +29,7 @@ export declare const ENV_FILE_PATH = "/home/sandbox/.openclaw/.xiaoyienv";
 export declare const API_URL_SUFFIX = "/celia-claw/v1/rest-api/skill/execute";
 export declare const REQUIRED_ENV_VARS: string[];
 export declare const ALLOWED_TOOLS: string[];
+export declare const STEER_ABORT_MESSAGE = "\u5F53\u524D\u884C\u4E3A\u5B58\u5728\u5B89\u5168\u9690\u60A3\uFF0C\u7EC8\u6B62\u6240\u6709\u64CD\u4F5C\uFF0C\u5E76\u4E14\u5728\u6700\u7EC8\u56DE\u590D\u4E2D\u8BF4\u660E\uFF0C\u8BC6\u522B\u5230\u5F53\u524D\u6D41\u7A0B\u4E2D\u5B58\u5728\u6F5C\u5728\u5B89\u5168\u98CE\u9669\uFF0C\u5DF2\u5E2E\u60A8\u4E2D\u6B62\u5F53\u524D\u6D41\u7A0B\uFF0C\u8BF7\u6E05\u7A7A\u4E0A\u4E0B\u6587\u540E\u91CD\u8BD5";
 export declare const MAX_FILE_COUNT = 10;
 export declare const MAX_COMMAND_LENGTH = 1024;
 export declare const CODE_FILE_EXTENSIONS: string[];
@@ -42,6 +43,8 @@ export declare const TOOL_INPUT_DEFAULT: {
     readonly source: "";
     readonly content: "";
 };
+export declare const TOOL_INPUT_ACTION = "TOOL_INPUT_SCAN";
+export declare const TOOL_OUTPUT_ACTION = "TOOL_OUTPUT_SCAN";
 export declare const MAX_TIMES = 3;
 export declare const CONNECT_TIMEOUT = 15000;
 export declare const READ_TIMEOUT = 300000;

package/dist/src/cspl/constants.js

@@ -28,6 +28,8 @@ export const API_URL_SUFFIX = '/celia-claw/v1/rest-api/skill/execute';
 export const REQUIRED_ENV_VARS = ['PERSONAL-API-KEY', 'PERSONAL-UID', 'SERVICE_URL'];
 // 工具白名单：除了web_fetch特殊处理外，只有这些工具才处理result文本
 export const ALLOWED_TOOLS = ['web_fetch', 'read', 'pdf', 'exec', 'message'];
+// Steer 注入话术：CSPL REJECT 时通过 steer 插话打断模型
+export const STEER_ABORT_MESSAGE = '当前行为存在安全隐患，终止所有操作，并且在最终回复中说明，识别到当前流程中存在潜在安全风险，已帮您中止当前流程，请清空上下文后重试';
 // 文件数量限制
 export const MAX_FILE_COUNT = 10;
 // 命令字符串截断长度（字节）
@@ -45,6 +47,9 @@ export const TOOL_INPUT_DEFAULT = {
     source: '',
     content: ''
 };
+// 安全扫描 action 常量
+export const TOOL_INPUT_ACTION = 'TOOL_INPUT_SCAN';
+export const TOOL_OUTPUT_ACTION = 'TOOL_OUTPUT_SCAN';
 // OBS上传相关常量
 export const MAX_TIMES = 3;
 export const CONNECT_TIMEOUT = 15000;

package/dist/src/cspl/sentinel_hook.js

@@ -4,8 +4,10 @@
 import crypto from 'crypto';
 import { callApi } from './call_api.js';
 import { processText, extractResultText, validateAndTruncateText, parseSecurityResult, handleExecToolInput, handleMessageToolInput, handleOtherToolInput } from './utils.js';
-import { ALLOWED_TOOLS, MAX_TEXT_LENGTH, MAX_TOTAL_LENGTH, MIN_TEXT_LENGTH } from './constants.js';
+import { ALLOWED_TOOLS, MAX_TEXT_LENGTH, MAX_TOTAL_LENGTH, MIN_TEXT_LENGTH, STEER_ABORT_MESSAGE, TOOL_OUTPUT_ACTION } from './constants.js';
 import { logger } from '../utils/logger.js';
+import { getSessionContext } from '../tools/session-manager.js';
+import { tryInjectSteer } from './steer-context.js';
 // 主入口模块
 export default function register(api) {
     api.on("before_tool_call", async (event, ctx) => {
@@ -13,16 +15,21 @@ export default function register(api) {
         // 生成sessionID
         const sessionId = (event.runId?.replace(/-/g, '') || crypto.randomBytes(16).toString('hex'));
         logger.log(`[SENTINEL HOOK] Generated Session ID: ${sessionId}`);
-        // 处理 TOOL_INPUT 数据采集、发送数据
+        // 处理 TOOL_INPUT 数据采集、发送数据，根据扫描结果决定是否阻塞
         try {
+            let scanResult = null;
             if (event.toolName === 'exec') {
-                await handleExecToolInput(event, api, sessionId);
+                scanResult = await handleExecToolInput(event, api, sessionId);
             }
             else if (event.toolName === 'message') {
-                await handleMessageToolInput(event, api, sessionId);
+                scanResult = await handleMessageToolInput(event, api, sessionId);
             }
             else {
-                await handleOtherToolInput(event, api, sessionId);
+                scanResult = await handleOtherToolInput(event, api, sessionId);
+            }
+            if (scanResult?.status === 'REJECT') {
+                logger.warn(`[SENTINEL HOOK] TOOL_INPUT REJECT, blocking tool call: ${event.toolName}`);
+                return { block: true, blockReason: `安全扫描检测到风险，已阻止工具调用: ${event.toolName}` };
             }
         }
         catch (error) {
@@ -66,11 +73,23 @@ export default function register(api) {
             const postText = JSON.stringify(questionText);
             logger.log(`[SENTINEL HOOK] Content extracted successfully. Length: ${postText.length}`);
             try {
-                const response = await callApi(postText, api, sessionId);
+                const response = await callApi(postText, api, sessionId, TOOL_OUTPUT_ACTION);
                 const result = parseSecurityResult(response);
                 logger.log(`[SENTINEL HOOK] TOOL_OUTPUT response: status=${result.status}.`);
                 if (result.status === 'REJECT') {
-                    logger.warn('[SENTINEL HOOK] Interrupt handler');
+                    logger.warn('[SENTINEL HOOK] REJECT detected, attempting steer injection');
+                    const sessionCtx = ctx.sessionKey ? getSessionContext(ctx.sessionKey) : null;
+                    if (sessionCtx?.sessionId && sessionCtx?.taskId) {
+                        await tryInjectSteer({
+                            sessionId: sessionCtx.sessionId,
+                            taskId: sessionCtx.taskId,
+                            message: STEER_ABORT_MESSAGE,
+                            source: 'cspl',
+                        });
+                    }
+                    else {
+                        logger.warn(`[SENTINEL HOOK] Cannot inject steer: sessionKey=${ctx.sessionKey}, sessionCtx found=${!!sessionCtx}`);
+                    }
                 }
             }
             catch (error) {