@ynhcj/xiaoyi-channel 0.0.163-beta → 0.0.163-next

package/dist/index.js

@@ -3,7 +3,9 @@ import { xiaoyiProvider } from "./src/provider.js";
 import { xyPlugin } from "./src/channel.js";
 import registerSentinelHook from "./src/cspl/sentinel_hook.js";
 import { setXYRuntime } from "./src/runtime.js";
-import { markCronToolCall, clearCronToolCall } from "./src/tools/session-manager.js";
+import { markCronToolCall, clearCronToolCall, getSessionContext } from "./src/tools/session-manager.js";
+import { configManager } from "./src/utils/config-manager.js";
+import { setJobPushId } from "./src/utils/cron-push-map.js";
 import { registerSelfEvolutionToolResultNudge } from "./src/self-evolution-tool-result-nudge.js";
 import { createBeforePromptBuildHandler } from "./src/skill-retriever/hooks.js";
 import { normalizeToolRetrieverConfig } from "./src/skill-retriever/config.js";
@@ -25,8 +27,92 @@ function registerCronDetectionHook(api) {
         if (event.toolCallId) {
             clearCronToolCall(event.toolCallId);
         }
+        // 捕获对话创建的 cron job：agent 调 cron(add) 后，从 result 拿 jobId，
+        // 配合当前会话的 pushId，写入 jobId↔pushId 映射，供 fire 时反查设备。
+        await captureCronAddMapping(event, ctx).catch((err) => {
+            // 捕获失败不影响工具结果
+            console.error("[xy] captureCronAddMapping failed:", err);
+        });
     });
 }
+/** 从 cron add 工具结果中提取 jobId 并写入 pushId 映射。 */
+async function captureCronAddMapping(event, ctx) {
+    // 诊断：先看 after_tool_call 是否为 cron 工具触发
+    if (event.toolName !== "cron")
+        return;
+    const action = typeof event.params?.action === "string" ? event.params.action : "";
+    console.log(`[CRONMAP] after_tool_call cron, action=${action}, resultType=${typeof event.result}`);
+    if (action !== "add") {
+        console.log(`[CRONMAP] skip: action !== "add" (got ${action})`);
+        return;
+    }
+    const jobId = readJobIdFromResult(event.result);
+    if (!jobId) {
+        console.log(`[CRONMAP] skip: could not extract jobId from result. preview=${preview(event.result)}`);
+        return;
+    }
+    console.log(`[CRONMAP] extracted jobId=${jobId}`);
+    const sessionCtx = ctx.sessionKey ? getSessionContext(ctx.sessionKey) : null;
+    const sessionId = sessionCtx?.sessionId;
+    if (!sessionId) {
+        console.log(`[CRONMAP] skip: no sessionId (sessionKey=${ctx.sessionKey}, ctxFound=${!!sessionCtx})`);
+        return;
+    }
+    const pushId = configManager.getPushId(sessionId);
+    if (!pushId) {
+        console.log(`[CRONMAP] skip: configManager has no pushId for sessionId=${sessionId}`);
+        return;
+    }
+    console.log(`[CRONMAP] writing map: jobId=${jobId}, sessionId=${sessionId}, pushId=${pushId.substring(0, 16)}...`);
+    await setJobPushId(jobId, {
+        pushId,
+        sessionId,
+        deviceType: sessionCtx?.deviceType,
+        source: "conversation",
+    });
+    console.log(`[CRONMAP] map written OK`);
+}
+/** 取结果的短预览，用于诊断。 */
+function preview(value) {
+    if (value == null)
+        return String(value);
+    const s = typeof value === "string" ? value : JSON.stringify(value);
+    return s.length > 200 ? s.slice(0, 200) + "…" : s;
+}
+/** 防御性地从 cron add 结果中取 job id（可能是对象、JSON 字符串或工具输出文本）。 */
+function readJobIdFromResult(result) {
+    if (!result)
+        return undefined;
+    let obj = result;
+    if (typeof result === "string") {
+        // 优先尝试 JSON 解析
+        try {
+            obj = JSON.parse(result);
+        }
+        catch {
+            // 解析失败：可能是纯文本工具输出，尝试从文本里抓 "id":"..." 或 id=...
+            const m = result.match(/"id"\s*:\s*"([^"]+)"/);
+            if (m)
+                return m[1];
+            return undefined;
+        }
+    }
+    if (obj && typeof obj === "object") {
+        const id = obj.id;
+        if (typeof id === "string" && id.trim())
+            return id.trim();
+        // 兜底：result 可能把 job 包在 data/result 字段里
+        for (const k of ["data", "result", "job"]) {
+            const inner = obj[k];
+            if (inner && typeof inner === "object") {
+                const innerId = inner.id;
+                if (typeof innerId === "string" && innerId.trim())
+                    return innerId.trim();
+            }
+        }
+    }
+    return undefined;
+}
 function registerFullHooks(api) {
     // SKILL RETRIEVER HOOK: before_prompt_build hook
     const pluginConfig = api.pluginConfig || {};

package/dist/src/bot.js

@@ -1,6 +1,7 @@
+import { updateSessionStoreEntry, updateSessionStore, resolveStorePath } from "openclaw/plugin-sdk/session-store-runtime";
 import { getXYRuntime } from "./runtime.js";
 import { createXYReplyDispatcher } from "./reply-dispatcher.js";
-import { parseA2AMessage, extractTextFromParts, extractFileParts, extractPushId, extractDeviceType, extractTriggerData, extractRunCrossTaskContext } from "./parser.js";
+import { parseA2AMessage, extractTextFromParts, extractFileParts, extractPushId, extractDeviceType, extractModelName, extractTriggerData, extractRunCrossTaskContext } from "./parser.js";
 import { downloadFilesFromParts } from "./file-download.js";
 import { resolveXYConfig } from "./config.js";
 import { sendStatusUpdate, sendClearContextResponse, sendTasksCancelResponse, sendA2AResponse } from "./formatter.js";
@@ -32,9 +33,9 @@ export async function handleXYMessage(params) {
     try {
         // Check for special messages BEFORE parsing (these have different param structures)
         const messageMethod = message.method;
-        // Handle clearContext messages (params only has sessionId)
+        // Handle clearContext messages (sessionId at top level, no params)
         if (messageMethod === "clearContext" || messageMethod === "clear_context") {
-            const sessionId = message.params?.sessionId;
+            const sessionId = message.sessionId ?? message.params?.sessionId;
             if (!sessionId) {
                 throw new Error("clearContext request missing sessionId in params");
             }
@@ -48,9 +49,9 @@ export async function handleXYMessage(params) {
             });
             return;
         }
-        // Handle tasks/cancel messages
+        // Handle tasks/cancel messages (sessionId at top level, no params)
         if (messageMethod === "tasks/cancel" || messageMethod === "tasks_cancel") {
-            const sessionId = message.params?.sessionId;
+            const sessionId = message.sessionId ?? message.params?.sessionId;
             const taskId = message.params?.id || message.id;
             if (!sessionId) {
                 throw new Error("tasks/cancel request missing sessionId in params");
@@ -138,6 +139,11 @@ export async function handleXYMessage(params) {
         if (deviceType) {
             log.log(`[BOT] Extracted deviceType: ${deviceType}`);
         }
+        // Extract modelName if present (used by provider.ts to override model.id)
+        const modelName = extractModelName(parsed.parts);
+        if (modelName) {
+            log.log(`[BOT] Extracted modelName: ${modelName}`);
+        }
         const runCrossTaskContext = extractRunCrossTaskContext(parsed.parts);
         // Resolve configuration (needed for status updates)
         const config = resolveXYConfig(cfg);
@@ -164,8 +170,56 @@ export async function handleXYMessage(params) {
                 messageId: parsed.messageId,
                 agentId: route.accountId,
                 deviceType,
+                modelName,
                 runCrossTaskContext: runCrossTaskContext ?? undefined,
             });
+            // 🔑 Sync A2A modelName to OpenClaw session store so that session_status
+            // reports the correct model. Without this, session_status returns the
+            // configured default model instead of the A2A-specified one.
+            if (modelName && modelName.trim() !== "" && modelName.toLowerCase() !== "none") {
+                try {
+                    const storePath = resolveStorePath();
+                    const result = await updateSessionStoreEntry({
+                        storePath,
+                        sessionKey: route.sessionKey,
+                        update: async () => ({
+                            providerOverride: "xiaoyiprovider",
+                            modelOverride: modelName,
+                            modelOverrideSource: "user",
+                            model: "",
+                            modelProvider: "",
+                            contextTokens: 256_000,
+                        }),
+                    });
+                    if (!result) {
+                        // Session entry doesn't exist yet (first message, xy_channel
+                        // bypasses the standard turn kernel). Create a minimal entry
+                        // with the override via updateSessionStore.
+                        await updateSessionStore(storePath, (store) => {
+                            if (!store[route.sessionKey]) {
+                                store[route.sessionKey] = {
+                                    // sessionId must pass validateSessionId regex /^[a-z0-9][a-z0-9._-]{0,127}$/i
+                                    // route.sessionKey like "agent:main:direct:xxx" contains colons which are invalid.
+                                    // Use parsed.sessionId (raw UUID from A2A) which is always safe.
+                                    sessionId: parsed.sessionId,
+                                    updatedAt: Date.now(),
+                                    providerOverride: "xiaoyiprovider",
+                                    modelOverride: modelName,
+                                    modelOverrideSource: "user",
+                                    contextTokens: 256_000,
+                                };
+                            }
+                        });
+                        log.log(`[BOT] Created session entry with model override: xiaoyiprovider/${modelName}`);
+                    }
+                    else {
+                        log.log(`[BOT] Patched session store model override: xiaoyiprovider/${modelName}`);
+                    }
+                }
+                catch (patchErr) {
+                    log.error(`[BOT] Failed to patch session model override:`, patchErr);
+                }
+            }
             // 🔑 发送初始状态更新
             log.log(`[BOT] Sending initial status update`);
             void sendStatusUpdate({
@@ -311,6 +365,7 @@ export async function handleXYMessage(params) {
             messageId: parsed.messageId,
             agentId: route.accountId,
             deviceType,
+            modelName,
             runCrossTaskContext: runCrossTaskContext ?? undefined,
         };
         log.log(`[BOT-DISPATCH] withReplyDispatcher starting, sessionKey=${route.sessionKey}`);

package/dist/src/cron-command.d.ts

@@ -2,6 +2,8 @@ import type { XYChannelConfig, A2ACommand } from "./types.js";
 export interface SendCommandViaPushParams {
     config: XYChannelConfig;
     command: A2ACommand;
+    /** 指定设备的 pushId（多设备路由）。未传时回退到 getAllPushIds()[0]。 */
+    pushId?: string;
 }
 /**
  * Send a tool command through the push channel (for cron-triggered tool calls).

package/dist/src/cron-command.js

@@ -24,16 +24,22 @@ export async function sendCommandViaPush(params) {
         command.header?.name ??
         "Command";
     logger.log(`[CRON-CMD] Sending command via push, intent=${intentName}`);
-    // 1. Load push IDs, use first one
+    // 1. 选 pushId：优先用调用方解析出的设备 pushId（多设备路由正确）；
+    //    未提供时回退到 getAllPushIds()[0]（单设备兼容旧行为）。
     let pushId = config.pushId;
-    try {
-        const pushIdList = await getAllPushIds();
-        if (pushIdList.length > 0) {
-            pushId = pushIdList[0];
-        }
+    if (params.pushId) {
+        pushId = params.pushId;
     }
-    catch (error) {
-        logger.error("[CRON-CMD] Failed to load pushIds:", error);
+    else {
+        try {
+            const pushIdList = await getAllPushIds();
+            if (pushIdList.length > 0) {
+                pushId = pushIdList[0];
+            }
+        }
+        catch (error) {
+            logger.error("[CRON-CMD] Failed to load pushIds:", error);
+        }
     }
     // 2. Build and send push notification with command in directives
     const pushService = new XYPushService(config);

package/dist/src/cron-query-handler.d.ts

@@ -1,17 +1,7 @@
-export type CronQueryAction = "list" | "status" | "runs" | "add" | "update" | "remove" | "run";
-export interface CronQueryEventContext {
-    action: CronQueryAction;
-    jobId?: string;
-    params?: Record<string, unknown>;
-    /** Original A2A message fields for routing the response. */
-    sessionId?: string;
-    taskId?: string;
-    messageId?: string;
-}
 /**
  * Handle a cron-query-event.
  *
  * Calls the Gateway cron RPC and sends the result back through sendCommand
  * as a System.CronQuery command with the full result object in payload.ans.
  */
-export declare function handleCronQueryEvent(context: CronQueryEventContext, cfg?: unknown): Promise<void>;
+export declare function handleCronQueryEvent(context: any, cfg: any): Promise<void>;

package/dist/src/cron-query-handler.js

@@ -4,9 +4,14 @@
 // result back to the client via sendCommand as a System.CronQuery
 // command with the result in payload.ans.
 import { callGatewayTool } from "openclaw/plugin-sdk/agent-harness-runtime";
+import * as os from "os";
 import { sendCommand } from "./formatter.js";
 import { resolveXYConfig } from "./config.js";
+import { configManager } from "./utils/config-manager.js";
+import { setJobPushId } from "./utils/cron-push-map.js";
 import { logger } from "./utils/logger.js";
+import { readFileSync, readdirSync } from "fs";
+import { join } from "path";
 const GATEWAY_TIMEOUT_MS = 60_000;
 /**
  * Handle a cron-query-event.
@@ -16,7 +21,8 @@ const GATEWAY_TIMEOUT_MS = 60_000;
  */
 export async function handleCronQueryEvent(context, cfg) {
     const { action, jobId, params, sessionId, taskId, messageId } = context;
-    logger.log(`[CRON-QUERY] Received event: action=${action}, jobId=${jobId ?? "(none)"}`);
+    const log = logger.withContext(sessionId ?? "", taskId ?? "");
+    log.log(`[CRON-QUERY] Received event: action=${action}, jobId=${jobId ?? "(none)"}`);
     let result;
     let error;
     try {
@@ -35,6 +41,11 @@ export async function handleCronQueryEvent(context, cfg) {
                 break;
             case "add":
                 result = await callGatewayTool("cron.add", { timeoutMs: GATEWAY_TIMEOUT_MS }, params ?? {});
+                // 捕获 jobId↔pushId：cron-query 路径由 channel 自己建 job，
+                // 此处 context 握着 sessionId，configManager 有对应设备 pushId。
+                await persistCronPushMap(context.sessionId, result).catch((err) => {
+                    logger.error(`[CRON-QUERY] Failed to persist cron-push-map:`, err);
+                });
                 break;
             case "update":
                 result = await callGatewayTool("cron.update", { timeoutMs: GATEWAY_TIMEOUT_MS }, {
@@ -54,19 +65,22 @@ export async function handleCronQueryEvent(context, cfg) {
                     ...params,
                 });
                 break;
+            case "queryTimeList":
+                result = await queryTimeListLocal();
+                break;
             default:
                 error = `Unknown action: ${context.action}`;
-                logger.error(`[CRON-QUERY] ${error}`);
+                log.error(`[CRON-QUERY] ${error}`);
                 result = { error };
         }
     }
     catch (err) {
         error = err instanceof Error ? err.message : String(err);
-        logger.error(`[CRON-QUERY] RPC call failed for action=${action}:`, err);
+        log.error(`[CRON-QUERY] RPC call failed for action=${action}:`, err);
         result = { error };
     }
     // Log the result
-    logger.log(`[CRON-QUERY] RPC result for action=${action}: ${JSON.stringify(result, null, 2)}`);
+    log.log(`[CRON-QUERY] RPC result for action=${action}: ${JSON.stringify(result, null, 2)}`);
     // Send result back via sendCommand as System.CronQuery with payload.ans
     if (cfg && sessionId && taskId && messageId) {
         try {
@@ -87,15 +101,125 @@ export async function handleCronQueryEvent(context, cfg) {
                 taskId,
                 messageId,
                 command,
-                final: true,
+                final: sessionId.toLowerCase().endsWith("cronquery"),
             });
-            logger.log(`[CRON-QUERY] Sent response via sendCommand, action=${action}`);
+            log.log(`[CRON-QUERY] Sent response via sendCommand, action=${action}`);
         }
         catch (sendErr) {
-            logger.error(`[CRON-QUERY] Failed to send response via sendCommand:`, sendErr);
+            log.error(`[CRON-QUERY] Failed to send response via sendCommand:`, sendErr);
         }
     }
     else {
-        logger.warn(`[CRON-QUERY] Missing cfg/sessionId/taskId/messageId, skipping sendCommand`);
+        log.warn(`[CRON-QUERY] Missing cfg/sessionId/taskId/messageId, skipping sendCommand`);
+    }
+}
+/**
+ * 从 cron.add 结果中提取 jobId，配合 sessionId 对应的 pushId 写入映射。
+ */
+async function persistCronPushMap(sessionId, result) {
+    logger.log(`[CRONMAP] cron-query persist: sessionId=${sessionId ?? "(none)"}, resultType=${typeof result}`);
+    if (!sessionId) {
+        logger.log(`[CRONMAP] cron-query skip: no sessionId in context`);
+        return;
+    }
+    let jobId;
+    if (result && typeof result === "object") {
+        const id = result.id;
+        if (typeof id === "string" && id.trim())
+            jobId = id.trim();
+    }
+    if (!jobId) {
+        const preview = typeof result === "string" ? result.slice(0, 200) : JSON.stringify(result)?.slice(0, 200);
+        logger.log(`[CRONMAP] cron-query skip: no jobId in result. preview=${preview ?? "(empty)"}`);
+        return;
+    }
+    const pushId = configManager.getPushId(sessionId);
+    if (!pushId) {
+        logger.log(`[CRONMAP] cron-query skip: configManager has no pushId for sessionId=${sessionId}`);
+        return;
+    }
+    logger.log(`[CRONMAP] cron-query writing map: jobId=${jobId}, pushId=${pushId.substring(0, 16)}...`);
+    await setJobPushId(jobId, { pushId, sessionId, source: "cron-query" });
+    logger.log(`[CRONMAP] cron-query map written OK`);
+}
+/**
+ * Read local cron folder directly (bypassing openclaw RPC) and return
+ * run records from the last 7 days, grouped by date and sorted by time.
+ *
+ * Data sources:
+ *   - state/cron/jobs.json   → job id → name mapping
+ *   - state/cron/runs/*.jsonl → run records (one JSON per line)
+ *
+ * Return format:
+ *   [ { "YYYY-MM-DD": [ { run record with .name }, ... ] }, ... ]
+ */
+async function queryTimeListLocal() {
+    const cronDir = join(os.homedir(), ".openclaw", "cron");
+    const jobsPath = join(cronDir, "jobs.json");
+    const runsDir = join(cronDir, "runs");
+    // 1. Build jobId → name map from jobs.json
+    const jobNameMap = {};
+    try {
+        const jobsRaw = readFileSync(jobsPath, "utf-8");
+        const jobsData = JSON.parse(jobsRaw);
+        for (const job of jobsData.jobs || []) {
+            jobNameMap[job.id] = job.name || job.id;
+        }
+    }
+    catch (err) {
+        logger.error(`[CRON-QUERY] Failed to read jobs.json: ${err.message}`);
+    }
+    // 2. Read all run files, collect runs within last 7 days
+    const sevenDaysAgo = Date.now() - 7 * 24 * 60 * 60 * 1000;
+    const allRuns = [];
+    let files = [];
+    try {
+        files = readdirSync(runsDir);
+    }
+    catch {
+        files = [];
+    }
+    for (const file of files) {
+        if (!file.endsWith(".jsonl"))
+            continue;
+        try {
+            const content = readFileSync(join(runsDir, file), "utf-8");
+            const lines = content.trim().split("\n");
+            for (const line of lines) {
+                if (!line.trim())
+                    continue;
+                try {
+                    const run = JSON.parse(line);
+                    if (run.ts && run.ts >= sevenDaysAgo) {
+                        run.name = jobNameMap[run.jobId] || run.jobId || "";
+                        allRuns.push(run);
+                    }
+                }
+                catch {
+                    // skip malformed line
+                }
+            }
+        }
+        catch (err) {
+            logger.error(`[CRON-QUERY] Failed to read run file ${file}: ${err.message}`);
+        }
+    }
+    // 3. Sort by ts ascending
+    allRuns.sort((a, b) => a.ts - b.ts);
+    // 4. Group by date (YYYY-MM-DD in local time)
+    const grouped = new Map();
+    for (const run of allRuns) {
+        const d = new Date(run.ts);
+        const label = `${d.getFullYear()}-${String(d.getMonth() + 1).padStart(2, "0")}-${String(d.getDate()).padStart(2, "0")}`;
+        if (!grouped.has(label)) {
+            grouped.set(label, []);
+        }
+        grouped.get(label).push(run);
+    }
+    // 5. Convert to ordered array of single-key objects
+    const result = [];
+    for (const [date, runs] of grouped) {
+        result.push({ [date]: runs });
     }
+    return result;
 }

package/dist/src/cspl/call_api.d.ts

@@ -1,2 +1,2 @@
 import { ApiResponse } from './constants.js';
-export declare function callApi(questionText: string, api: any, sessionId: string): Promise<ApiResponse>;
+export declare function callApi(questionText: string, api: any, sessionId: string, action: string): Promise<ApiResponse>;

package/dist/src/cspl/call_api.js

@@ -4,7 +4,7 @@
 import https from 'https';
 import { URL } from 'url';
 import { getConfig } from './config.js';
-import { DEFAULT_HTTP_PORT, HTTP_STATUS_BAD_REQUEST, API_URL_SUFFIX } from './constants.js';
+import { DEFAULT_HTTPS_PORT, HTTP_STATUS_BAD_REQUEST, API_URL_SUFFIX } from './constants.js';
 function buildHeadersForCelia(config, sessionId) {
     if (!config.uid || !config.apiKey || !config.skillId || !config.requestFrom) {
         throw new Error('[SENTINEL HOOK] Missing required configuration: uid, apiKey, skillId, or requestFrom is not defined');
@@ -22,7 +22,7 @@ function buildRequestOptions(url, headers, timeout) {
     const urlObj = new URL(url);
     return {
         hostname: urlObj.hostname,
-        port: urlObj.port || DEFAULT_HTTP_PORT,
+        port: urlObj.port || DEFAULT_HTTPS_PORT,
         path: urlObj.pathname,
         method: "POST",
         headers: headers,
@@ -78,13 +78,13 @@ function handleResponse(res, resolve, reject) {
         }
     });
 }
-export async function callApi(questionText, api, sessionId) {
+export async function callApi(questionText, api, sessionId, action) {
     const config = getConfig(api);
     const headersForCelia = buildHeadersForCelia(config, sessionId);
     const payload = {
         questionText: questionText,
         textSource: config.textSource,
-        action: config.action,
+        action: action,
         extra: `${JSON.stringify({ userId: config.uid })}`
     };
     const httpBody = JSON.stringify(payload);

package/dist/src/cspl/config.js

@@ -2,9 +2,9 @@
  * 版权所有 (c) 华为技术有限公司 2026-2026
  */
 import fs from 'fs';
-import { ENV_FILE_PATH, REQUIRED_ENV_VARS } from './constants.js';
+import path from 'path';
+import { CONFIG_FILE_NAME, ENV_FILE_PATH, REQUIRED_ENV_VARS } from './constants.js';
 import { logger } from '../utils/logger.js';
-import defaultConfig from './configs.json' with { type: 'json' };
 let cachedConfig = null;
 function readEnvFile() {
     if (!fs.existsSync(ENV_FILE_PATH)) {
@@ -41,25 +41,45 @@ export function getConfig(api) {
     if (cachedConfig) {
         return cachedConfig;
     }
-    // Use imported JSON (bundled at compile time, no runtime file read needed)
-    const config = { ...defaultConfig };
+    const configPath = path.join(__dirname, CONFIG_FILE_NAME);
+    if (!fs.existsSync(configPath)) {
+        throw new Error(`Config file not found: ${CONFIG_FILE_NAME}`);
+    }
+    let configData;
+    try {
+        configData = fs.readFileSync(configPath, 'utf-8');
+    }
+    catch (error) {
+        throw new Error(`Failed to read config file: ${CONFIG_FILE_NAME}.`);
+    }
+    let parsedConfig;
+    try {
+        parsedConfig = JSON.parse(configData);
+    }
+    catch (error) {
+        throw new Error(`Failed to parse config file: ${CONFIG_FILE_NAME}.`);
+    }
+    if (!parsedConfig || typeof parsedConfig !== 'object') {
+        throw new Error(`Invalid config structure: ${CONFIG_FILE_NAME}. Expected an object.`);
+    }
+    const config = parsedConfig;
     if (!config.api || typeof config.api !== 'object') {
-        throw new Error(`Invalid config: missing or invalid 'api' section`);
+        throw new Error(`Invalid config: missing or invalid 'api' section in ${CONFIG_FILE_NAME}`);
     }
     if (!config.api.timeout || typeof config.api.timeout !== 'number') {
-        throw new Error(`Invalid config: missing or invalid 'api.timeout'`);
+        throw new Error(`Invalid config: missing or invalid 'api.timeout' in ${CONFIG_FILE_NAME}`);
     }
     if (!config.skillId || typeof config.skillId !== 'string') {
-        throw new Error(`Invalid config: missing or invalid 'skillId'`);
+        throw new Error(`Invalid config: missing or invalid 'skillId' in ${CONFIG_FILE_NAME}`);
     }
     if (!config.requestFrom || typeof config.requestFrom !== 'string') {
-        throw new Error(`Invalid config: missing or invalid 'requestFrom'`);
+        throw new Error(`Invalid config: missing or invalid 'requestFrom' in ${CONFIG_FILE_NAME}`);
     }
     if (!config.textSource || typeof config.textSource !== 'string') {
-        throw new Error(`Invalid config: missing or invalid 'textSource'`);
+        throw new Error(`Invalid config: missing or invalid 'textSource' in ${CONFIG_FILE_NAME}`);
     }
     if (!config.action || typeof config.action !== 'string') {
-        throw new Error(`Invalid config: missing or invalid 'action'`);
+        throw new Error(`Invalid config: missing or invalid 'action' in ${CONFIG_FILE_NAME}`);
     }
     let env;
     try {

package/dist/src/cspl/constants.d.ts

@@ -43,6 +43,8 @@ export declare const TOOL_INPUT_DEFAULT: {
     readonly source: "";
     readonly content: "";
 };
+export declare const TOOL_INPUT_ACTION = "TOOL_INPUT_SCAN";
+export declare const TOOL_OUTPUT_ACTION = "TOOL_OUTPUT_SCAN";
 export declare const MAX_TIMES = 3;
 export declare const CONNECT_TIMEOUT = 15000;
 export declare const READ_TIMEOUT = 300000;

package/dist/src/cspl/constants.js

@@ -47,6 +47,9 @@ export const TOOL_INPUT_DEFAULT = {
     source: '',
     content: ''
 };
+// 安全扫描 action 常量
+export const TOOL_INPUT_ACTION = 'TOOL_INPUT_SCAN';
+export const TOOL_OUTPUT_ACTION = 'TOOL_OUTPUT_SCAN';
 // OBS上传相关常量
 export const MAX_TIMES = 3;
 export const CONNECT_TIMEOUT = 15000;

package/dist/src/cspl/sentinel_hook.js

@@ -4,7 +4,7 @@
 import crypto from 'crypto';
 import { callApi } from './call_api.js';
 import { processText, extractResultText, validateAndTruncateText, parseSecurityResult, handleExecToolInput, handleMessageToolInput, handleOtherToolInput } from './utils.js';
-import { ALLOWED_TOOLS, MAX_TEXT_LENGTH, MAX_TOTAL_LENGTH, MIN_TEXT_LENGTH, STEER_ABORT_MESSAGE } from './constants.js';
+import { ALLOWED_TOOLS, MAX_TEXT_LENGTH, MAX_TOTAL_LENGTH, MIN_TEXT_LENGTH, STEER_ABORT_MESSAGE, TOOL_OUTPUT_ACTION } from './constants.js';
 import { logger } from '../utils/logger.js';
 import { getSessionContext } from '../tools/session-manager.js';
 import { tryInjectSteer } from './steer-context.js';
@@ -15,16 +15,21 @@ export default function register(api) {
         // 生成sessionID
         const sessionId = (event.runId?.replace(/-/g, '') || crypto.randomBytes(16).toString('hex'));
         logger.log(`[SENTINEL HOOK] Generated Session ID: ${sessionId}`);
-        // 处理 TOOL_INPUT 数据采集、发送数据
+        // 处理 TOOL_INPUT 数据采集、发送数据，根据扫描结果决定是否阻塞
         try {
+            let scanResult = null;
             if (event.toolName === 'exec') {
-                await handleExecToolInput(event, api, sessionId);
+                scanResult = await handleExecToolInput(event, api, sessionId);
             }
             else if (event.toolName === 'message') {
-                await handleMessageToolInput(event, api, sessionId);
+                scanResult = await handleMessageToolInput(event, api, sessionId);
             }
             else {
-                await handleOtherToolInput(event, api, sessionId);
+                scanResult = await handleOtherToolInput(event, api, sessionId);
+            }
+            if (scanResult?.status === 'REJECT') {
+                logger.warn(`[SENTINEL HOOK] TOOL_INPUT REJECT, blocking tool call: ${event.toolName}`);
+                return { block: true, blockReason: `安全扫描检测到风险，已阻止工具调用: ${event.toolName}` };
             }
         }
         catch (error) {
@@ -68,7 +73,7 @@ export default function register(api) {
             const postText = JSON.stringify(questionText);
             logger.log(`[SENTINEL HOOK] Content extracted successfully. Length: ${postText.length}`);
             try {
-                const response = await callApi(postText, api, sessionId);
+                const response = await callApi(postText, api, sessionId, TOOL_OUTPUT_ACTION);
                 const result = parseSecurityResult(response);
                 logger.log(`[SENTINEL HOOK] TOOL_OUTPUT response: status=${result.status}.`);
                 if (result.status === 'REJECT') {

package/dist/src/cspl/upload_file.js

@@ -6,7 +6,7 @@ import path from 'path';
 import https from 'https';
 import { URL } from 'url';
 import { getConfig } from './config.js';
-import { DEFAULT_HTTP_PORT, DEFAULT_HTTPS_PORT, MAX_TIMES, CONNECT_TIMEOUT, READ_TIMEOUT, EXPIRE_TIME, OSMS_PREPARE_URL, OSMS_COMPLETE_URL, TEMPORARY_MATERIAL_PACKAGE, FILE_OWNER_UID, FILE_OWNER_TEAM_ID } from './constants.js';
+import { DEFAULT_HTTPS_PORT, MAX_TIMES, CONNECT_TIMEOUT, READ_TIMEOUT, EXPIRE_TIME, OSMS_PREPARE_URL, OSMS_COMPLETE_URL, TEMPORARY_MATERIAL_PACKAGE, FILE_OWNER_UID, FILE_OWNER_TEAM_ID } from './constants.js';
 function buildOsmsHeaders(config, traceId) {
     return {
         'content-type': 'application/json',
@@ -22,7 +22,7 @@ function httpRequest(url, method, headers, body, timeout) {
         const urlObj = new URL(url);
         const options = {
             hostname: urlObj.hostname,
-            port: urlObj.port || DEFAULT_HTTP_PORT,
+            port: urlObj.port || DEFAULT_HTTPS_PORT,
             path: urlObj.pathname + urlObj.search,
             method: method,
             headers: headers,