@ynhcj/xiaoyi-channel 0.0.166-beta → 0.0.166-next

package/dist/index.js

@@ -3,7 +3,10 @@ import { xiaoyiProvider } from "./src/provider.js";
 import { xyPlugin } from "./src/channel.js";
 import registerSentinelHook from "./src/cspl/sentinel_hook.js";
 import { setXYRuntime } from "./src/runtime.js";
-import { markCronToolCall, clearCronToolCall } from "./src/tools/session-manager.js";
+import { markCronToolCall, clearCronToolCall, getSessionContext } from "./src/tools/session-manager.js";
+import { configManager } from "./src/utils/config-manager.js";
+import { setJobPushId } from "./src/utils/cron-push-map.js";
+import { getAllPushIds } from "./src/utils/pushid-manager.js";
 import { registerSelfEvolutionToolResultNudge } from "./src/self-evolution-tool-result-nudge.js";
 import { createBeforePromptBuildHandler } from "./src/skill-retriever/hooks.js";
 import { normalizeToolRetrieverConfig } from "./src/skill-retriever/config.js";
@@ -25,8 +28,145 @@ function registerCronDetectionHook(api) {
         if (event.toolCallId) {
             clearCronToolCall(event.toolCallId);
         }
+        // 捕获对话创建的 cron job：agent 调 cron(add) 后，从 result 拿 jobId，
+        // 配合当前会话的 pushId，写入 jobId↔pushId 映射，供 fire 时反查设备。
+        await captureCronAddMapping(event, ctx).catch((err) => {
+            // 捕获失败不影响工具结果
+            console.error("[xy] captureCronAddMapping failed:", err);
+        });
     });
 }
+/** 从 cron add 工具结果中提取 jobId 并写入 pushId 映射。 */
+async function captureCronAddMapping(event, ctx) {
+    // 两条创建路径都要捕获：
+    //   1) cron agent 工具：toolName==="cron", params.action==="add"
+    //   2) exec 跑 CLI：toolName==="exec", params.command 含 "cron add"
+    //      （agent 实际用的是这条：openclaw cron add --name ... --cron ... --message ...）
+    const isCronAddTool = event.toolName === "cron" &&
+        (event.params?.action === "add" || event.params?.action === "create");
+    const isExecCronAdd = event.toolName === "exec" && isExecCronAddCommand(event.params?.command);
+    if (!isCronAddTool && !isExecCronAdd)
+        return;
+    console.log(`[CRONMAP] after_tool_call path=${event.toolName}, resultType=${typeof event.result}`);
+    const jobId = readJobIdFromResult(event.result);
+    if (!jobId) {
+        console.log(`[CRONMAP] skip: could not extract jobId. preview=${preview(event.result)}`);
+        return;
+    }
+    console.log(`[CRONMAP] extracted jobId=${jobId}`);
+    const sessionCtx = ctx.sessionKey ? getSessionContext(ctx.sessionKey) : null;
+    const sessionId = sessionCtx?.sessionId;
+    if (!sessionId) {
+        console.log(`[CRONMAP] skip: no sessionId (sessionKey=${ctx.sessionKey}, ctxFound=${!!sessionCtx})`);
+        return;
+    }
+    const pushId = await resolvePushId(sessionId);
+    if (!pushId) {
+        console.log(`[CRONMAP] skip: no pushId available for sessionId=${sessionId} (no session match, no global, no file)`);
+        return;
+    }
+    console.log(`[CRONMAP] writing map: jobId=${jobId}, sessionId=${sessionId}, pushId=${pushId.substring(0, 16)}...`);
+    await setJobPushId(jobId, {
+        pushId,
+        sessionId,
+        deviceType: sessionCtx?.deviceType,
+        source: event.toolName === "exec" ? "exec-cli" : "conversation",
+    });
+    console.log(`[CRONMAP] map written OK`);
+}
+/** 回退链取 pushId：当前会话 → 全局兜底 → 本地文件首个（保底）。 */
+async function resolvePushId(sessionId) {
+    // 1. 同会话
+    const session = configManager.getPushId(sessionId);
+    if (session)
+        return session;
+    // 2. 全局（任何会话注册过的）
+    const global = configManager.getPushId();
+    if (global)
+        return global;
+    // 3. 文件兜底
+    try {
+        const all = await getAllPushIds();
+        if (all.length > 0)
+            return all[0];
+    }
+    catch {
+        // ignore
+    }
+    return null;
+}
+/** 判断 exec 命令是否为 cron add（匹配 "openclaw cron add" 或裸 "cron add"，排除 list/remove 等）。 */
+function isExecCronAddCommand(command) {
+    if (typeof command !== "string")
+        return false;
+    return /\bcron\s+add\b/.test(command);
+}
+/** 取结果的短预览，用于诊断。 */
+function preview(value) {
+    if (value == null)
+        return String(value);
+    const s = typeof value === "string" ? value : JSON.stringify(value);
+    return s.length > 200 ? s.slice(0, 200) + "…" : s;
+}
+/** 防御性地从 cron add 结果中取 job id。
+ *  覆盖：裸 job 对象、JSON 字符串、exec 输出文本、
+ *  {content:[{text}]} / {stdout} / data/result/job 嵌套。 */
+function readJobIdFromResult(result) {
+    if (!result)
+        return undefined;
+    // {content: [{type:"text", text: "..."}]} — exec 工具的输出信封
+    if (result && typeof result === "object") {
+        const contentArr = result.content;
+        if (Array.isArray(contentArr)) {
+            for (const item of contentArr) {
+                if (item && typeof item === "object") {
+                    const text = item.text;
+                    if (typeof text === "string" && text.trim()) {
+                        const fromContent = readJobIdFromResult(text);
+                        if (fromContent)
+                            return fromContent;
+                    }
+                }
+            }
+        }
+    }
+    // {stdout} — 备选 exec 输出信封
+    if (result && typeof result === "object") {
+        const stdout = result.stdout;
+        if (typeof stdout === "string" && stdout.trim()) {
+            const fromStdout = readJobIdFromResult(stdout);
+            if (fromStdout)
+                return fromStdout;
+        }
+    }
+    let obj = result;
+    if (typeof result === "string") {
+        try {
+            obj = JSON.parse(result);
+        }
+        catch {
+            // 纯文本：可能含 stderr 前缀行 + JSON。用正则抓 "id":"..."。
+            const m = result.match(/"id"\s*:\s*"([^"]+)"/);
+            if (m)
+                return m[1];
+            return undefined;
+        }
+    }
+    if (obj && typeof obj === "object") {
+        const id = obj.id;
+        if (typeof id === "string" && id.trim())
+            return id.trim();
+        for (const k of ["data", "result", "job"]) {
+            const inner = obj[k];
+            if (inner && typeof inner === "object") {
+                const innerId = inner.id;
+                if (typeof innerId === "string" && innerId.trim())
+                    return innerId.trim();
+            }
+        }
+    }
+    return undefined;
+}
 function registerFullHooks(api) {
     // SKILL RETRIEVER HOOK: before_prompt_build hook
     const pluginConfig = api.pluginConfig || {};

package/dist/src/bot.js

@@ -1,6 +1,7 @@
+import { updateSessionStoreEntry, updateSessionStore, resolveStorePath } from "openclaw/plugin-sdk/session-store-runtime";
 import { getXYRuntime } from "./runtime.js";
 import { createXYReplyDispatcher } from "./reply-dispatcher.js";
-import { parseA2AMessage, extractTextFromParts, extractFileParts, extractPushId, extractDeviceType, extractTriggerData, extractRunCrossTaskContext } from "./parser.js";
+import { parseA2AMessage, extractTextFromParts, extractFileParts, extractPushId, extractDeviceType, extractModelName, extractTriggerData, extractRunCrossTaskContext } from "./parser.js";
 import { downloadFilesFromParts } from "./file-download.js";
 import { resolveXYConfig } from "./config.js";
 import { sendStatusUpdate, sendClearContextResponse, sendTasksCancelResponse, sendA2AResponse } from "./formatter.js";
@@ -32,9 +33,9 @@ export async function handleXYMessage(params) {
     try {
         // Check for special messages BEFORE parsing (these have different param structures)
         const messageMethod = message.method;
-        // Handle clearContext messages (params only has sessionId)
+        // Handle clearContext messages (sessionId at top level, no params)
         if (messageMethod === "clearContext" || messageMethod === "clear_context") {
-            const sessionId = message.params?.sessionId;
+            const sessionId = message.sessionId ?? message.params?.sessionId;
             if (!sessionId) {
                 throw new Error("clearContext request missing sessionId in params");
             }
@@ -48,9 +49,9 @@ export async function handleXYMessage(params) {
             });
             return;
         }
-        // Handle tasks/cancel messages
+        // Handle tasks/cancel messages (sessionId at top level, no params)
         if (messageMethod === "tasks/cancel" || messageMethod === "tasks_cancel") {
-            const sessionId = message.params?.sessionId;
+            const sessionId = message.sessionId ?? message.params?.sessionId;
             const taskId = message.params?.id || message.id;
             if (!sessionId) {
                 throw new Error("tasks/cancel request missing sessionId in params");
@@ -138,6 +139,11 @@ export async function handleXYMessage(params) {
         if (deviceType) {
             log.log(`[BOT] Extracted deviceType: ${deviceType}`);
         }
+        // Extract modelName if present (used by provider.ts to override model.id)
+        const modelName = extractModelName(parsed.parts);
+        if (modelName) {
+            log.log(`[BOT] Extracted modelName: ${modelName}`);
+        }
         const runCrossTaskContext = extractRunCrossTaskContext(parsed.parts);
         // Resolve configuration (needed for status updates)
         const config = resolveXYConfig(cfg);
@@ -164,8 +170,56 @@ export async function handleXYMessage(params) {
                 messageId: parsed.messageId,
                 agentId: route.accountId,
                 deviceType,
+                modelName,
                 runCrossTaskContext: runCrossTaskContext ?? undefined,
             });
+            // 🔑 Sync A2A modelName to OpenClaw session store so that session_status
+            // reports the correct model. Without this, session_status returns the
+            // configured default model instead of the A2A-specified one.
+            if (modelName && modelName.trim() !== "" && modelName.toLowerCase() !== "none") {
+                try {
+                    const storePath = resolveStorePath();
+                    const result = await updateSessionStoreEntry({
+                        storePath,
+                        sessionKey: route.sessionKey,
+                        update: async () => ({
+                            providerOverride: "xiaoyiprovider",
+                            modelOverride: modelName,
+                            modelOverrideSource: "user",
+                            model: "",
+                            modelProvider: "",
+                            contextTokens: 256_000,
+                        }),
+                    });
+                    if (!result) {
+                        // Session entry doesn't exist yet (first message, xy_channel
+                        // bypasses the standard turn kernel). Create a minimal entry
+                        // with the override via updateSessionStore.
+                        await updateSessionStore(storePath, (store) => {
+                            if (!store[route.sessionKey]) {
+                                store[route.sessionKey] = {
+                                    // sessionId must pass validateSessionId regex /^[a-z0-9][a-z0-9._-]{0,127}$/i
+                                    // route.sessionKey like "agent:main:direct:xxx" contains colons which are invalid.
+                                    // Use parsed.sessionId (raw UUID from A2A) which is always safe.
+                                    sessionId: parsed.sessionId,
+                                    updatedAt: Date.now(),
+                                    providerOverride: "xiaoyiprovider",
+                                    modelOverride: modelName,
+                                    modelOverrideSource: "user",
+                                    contextTokens: 256_000,
+                                };
+                            }
+                        });
+                        log.log(`[BOT] Created session entry with model override: xiaoyiprovider/${modelName}`);
+                    }
+                    else {
+                        log.log(`[BOT] Patched session store model override: xiaoyiprovider/${modelName}`);
+                    }
+                }
+                catch (patchErr) {
+                    log.error(`[BOT] Failed to patch session model override:`, patchErr);
+                }
+            }
             // 🔑 发送初始状态更新
             log.log(`[BOT] Sending initial status update`);
             void sendStatusUpdate({
@@ -311,6 +365,7 @@ export async function handleXYMessage(params) {
             messageId: parsed.messageId,
             agentId: route.accountId,
             deviceType,
+            modelName,
             runCrossTaskContext: runCrossTaskContext ?? undefined,
         };
         log.log(`[BOT-DISPATCH] withReplyDispatcher starting, sessionKey=${route.sessionKey}`);

package/dist/src/cron-command.d.ts

@@ -2,6 +2,8 @@ import type { XYChannelConfig, A2ACommand } from "./types.js";
 export interface SendCommandViaPushParams {
     config: XYChannelConfig;
     command: A2ACommand;
+    /** 指定设备的 pushId（多设备路由）。未传时回退到 getAllPushIds()[0]。 */
+    pushId?: string;
 }
 /**
  * Send a tool command through the push channel (for cron-triggered tool calls).

package/dist/src/cron-command.js

@@ -24,16 +24,22 @@ export async function sendCommandViaPush(params) {
         command.header?.name ??
         "Command";
     logger.log(`[CRON-CMD] Sending command via push, intent=${intentName}`);
-    // 1. Load push IDs, use first one
+    // 1. 选 pushId：优先用调用方解析出的设备 pushId（多设备路由正确）；
+    //    未提供时回退到 getAllPushIds()[0]（单设备兼容旧行为）。
     let pushId = config.pushId;
-    try {
-        const pushIdList = await getAllPushIds();
-        if (pushIdList.length > 0) {
-            pushId = pushIdList[0];
-        }
+    if (params.pushId) {
+        pushId = params.pushId;
     }
-    catch (error) {
-        logger.error("[CRON-CMD] Failed to load pushIds:", error);
+    else {
+        try {
+            const pushIdList = await getAllPushIds();
+            if (pushIdList.length > 0) {
+                pushId = pushIdList[0];
+            }
+        }
+        catch (error) {
+            logger.error("[CRON-CMD] Failed to load pushIds:", error);
+        }
     }
     // 2. Build and send push notification with command in directives
     const pushService = new XYPushService(config);

package/dist/src/cron-query-handler.js

@@ -7,6 +7,8 @@ import { callGatewayTool } from "openclaw/plugin-sdk/agent-harness-runtime";
 import * as os from "os";
 import { sendCommand } from "./formatter.js";
 import { resolveXYConfig } from "./config.js";
+import { configManager } from "./utils/config-manager.js";
+import { setJobPushId } from "./utils/cron-push-map.js";
 import { logger } from "./utils/logger.js";
 import { readFileSync, readdirSync } from "fs";
 import { join } from "path";
@@ -19,7 +21,8 @@ const GATEWAY_TIMEOUT_MS = 60_000;
  */
 export async function handleCronQueryEvent(context, cfg) {
     const { action, jobId, params, sessionId, taskId, messageId } = context;
-    logger.log(`[CRON-QUERY] Received event: action=${action}, jobId=${jobId ?? "(none)"}`);
+    const log = logger.withContext(sessionId ?? "", taskId ?? "");
+    log.log(`[CRON-QUERY] Received event: action=${action}, jobId=${jobId ?? "(none)"}`);
     let result;
     let error;
     try {
@@ -38,6 +41,11 @@ export async function handleCronQueryEvent(context, cfg) {
                 break;
             case "add":
                 result = await callGatewayTool("cron.add", { timeoutMs: GATEWAY_TIMEOUT_MS }, params ?? {});
+                // 捕获 jobId↔pushId：cron-query 路径由 channel 自己建 job，
+                // 此处 context 握着 sessionId，configManager 有对应设备 pushId。
+                await persistCronPushMap(context.sessionId, result).catch((err) => {
+                    logger.error(`[CRON-QUERY] Failed to persist cron-push-map:`, err);
+                });
                 break;
             case "update":
                 result = await callGatewayTool("cron.update", { timeoutMs: GATEWAY_TIMEOUT_MS }, {
@@ -62,17 +70,17 @@ export async function handleCronQueryEvent(context, cfg) {
                 break;
             default:
                 error = `Unknown action: ${context.action}`;
-                logger.error(`[CRON-QUERY] ${error}`);
+                log.error(`[CRON-QUERY] ${error}`);
                 result = { error };
         }
     }
     catch (err) {
         error = err instanceof Error ? err.message : String(err);
-        logger.error(`[CRON-QUERY] RPC call failed for action=${action}:`, err);
+        log.error(`[CRON-QUERY] RPC call failed for action=${action}:`, err);
         result = { error };
     }
     // Log the result
-    logger.log(`[CRON-QUERY] RPC result for action=${action}: ${JSON.stringify(result, null, 2)}`);
+    log.log(`[CRON-QUERY] RPC result for action=${action}: ${JSON.stringify(result, null, 2)}`);
     // Send result back via sendCommand as System.CronQuery with payload.ans
     if (cfg && sessionId && taskId && messageId) {
         try {
@@ -93,17 +101,46 @@ export async function handleCronQueryEvent(context, cfg) {
                 taskId,
                 messageId,
                 command,
-                final: true,
+                final: sessionId.toLowerCase().endsWith("cronquery"),
             });
-            logger.log(`[CRON-QUERY] Sent response via sendCommand, action=${action}`);
+            log.log(`[CRON-QUERY] Sent response via sendCommand, action=${action}`);
         }
         catch (sendErr) {
-            logger.error(`[CRON-QUERY] Failed to send response via sendCommand:`, sendErr);
+            log.error(`[CRON-QUERY] Failed to send response via sendCommand:`, sendErr);
         }
     }
     else {
-        logger.warn(`[CRON-QUERY] Missing cfg/sessionId/taskId/messageId, skipping sendCommand`);
+        log.warn(`[CRON-QUERY] Missing cfg/sessionId/taskId/messageId, skipping sendCommand`);
+    }
+}
+/**
+ * 从 cron.add 结果中提取 jobId，配合 sessionId 对应的 pushId 写入映射。
+ */
+async function persistCronPushMap(sessionId, result) {
+    logger.log(`[CRONMAP] cron-query persist: sessionId=${sessionId ?? "(none)"}, resultType=${typeof result}`);
+    if (!sessionId) {
+        logger.log(`[CRONMAP] cron-query skip: no sessionId in context`);
+        return;
+    }
+    let jobId;
+    if (result && typeof result === "object") {
+        const id = result.id;
+        if (typeof id === "string" && id.trim())
+            jobId = id.trim();
+    }
+    if (!jobId) {
+        const preview = typeof result === "string" ? result.slice(0, 200) : JSON.stringify(result)?.slice(0, 200);
+        logger.log(`[CRONMAP] cron-query skip: no jobId in result. preview=${preview ?? "(empty)"}`);
+        return;
+    }
+    const pushId = configManager.getPushId(sessionId);
+    if (!pushId) {
+        logger.log(`[CRONMAP] cron-query skip: configManager has no pushId for sessionId=${sessionId}`);
+        return;
     }
+    logger.log(`[CRONMAP] cron-query writing map: jobId=${jobId}, pushId=${pushId.substring(0, 16)}...`);
+    await setJobPushId(jobId, { pushId, sessionId, source: "cron-query" });
+    logger.log(`[CRONMAP] cron-query map written OK`);
 }
 /**
  * Read local cron folder directly (bypassing openclaw RPC) and return

package/dist/src/cspl/call_api.js

@@ -4,7 +4,7 @@
 import https from 'https';
 import { URL } from 'url';
 import { getConfig } from './config.js';
-import { DEFAULT_HTTP_PORT, HTTP_STATUS_BAD_REQUEST, API_URL_SUFFIX } from './constants.js';
+import { DEFAULT_HTTPS_PORT, HTTP_STATUS_BAD_REQUEST, API_URL_SUFFIX } from './constants.js';
 function buildHeadersForCelia(config, sessionId) {
     if (!config.uid || !config.apiKey || !config.skillId || !config.requestFrom) {
         throw new Error('[SENTINEL HOOK] Missing required configuration: uid, apiKey, skillId, or requestFrom is not defined');
@@ -22,7 +22,7 @@ function buildRequestOptions(url, headers, timeout) {
     const urlObj = new URL(url);
     return {
         hostname: urlObj.hostname,
-        port: urlObj.port || DEFAULT_HTTP_PORT,
+        port: urlObj.port || DEFAULT_HTTPS_PORT,
         path: urlObj.pathname,
         method: "POST",
         headers: headers,

package/dist/src/cspl/sentinel_hook.js

@@ -15,16 +15,21 @@ export default function register(api) {
         // 生成sessionID
         const sessionId = (event.runId?.replace(/-/g, '') || crypto.randomBytes(16).toString('hex'));
         logger.log(`[SENTINEL HOOK] Generated Session ID: ${sessionId}`);
-        // 处理 TOOL_INPUT 数据采集、发送数据
+        // 处理 TOOL_INPUT 数据采集、发送数据，根据扫描结果决定是否阻塞
         try {
+            let scanResult = null;
             if (event.toolName === 'exec') {
-                await handleExecToolInput(event, api, sessionId);
+                scanResult = await handleExecToolInput(event, api, sessionId);
             }
             else if (event.toolName === 'message') {
-                await handleMessageToolInput(event, api, sessionId);
+                scanResult = await handleMessageToolInput(event, api, sessionId);
             }
             else {
-                await handleOtherToolInput(event, api, sessionId);
+                scanResult = await handleOtherToolInput(event, api, sessionId);
+            }
+            if (scanResult?.status === 'REJECT') {
+                logger.warn(`[SENTINEL HOOK] TOOL_INPUT REJECT, blocking tool call: ${event.toolName}`);
+                return { block: true, blockReason: `安全扫描检测到风险，已阻止工具调用: ${event.toolName}` };
             }
         }
         catch (error) {

package/dist/src/cspl/upload_file.js

@@ -6,7 +6,7 @@ import path from 'path';
 import https from 'https';
 import { URL } from 'url';
 import { getConfig } from './config.js';
-import { DEFAULT_HTTP_PORT, DEFAULT_HTTPS_PORT, MAX_TIMES, CONNECT_TIMEOUT, READ_TIMEOUT, EXPIRE_TIME, OSMS_PREPARE_URL, OSMS_COMPLETE_URL, TEMPORARY_MATERIAL_PACKAGE, FILE_OWNER_UID, FILE_OWNER_TEAM_ID } from './constants.js';
+import { DEFAULT_HTTPS_PORT, MAX_TIMES, CONNECT_TIMEOUT, READ_TIMEOUT, EXPIRE_TIME, OSMS_PREPARE_URL, OSMS_COMPLETE_URL, TEMPORARY_MATERIAL_PACKAGE, FILE_OWNER_UID, FILE_OWNER_TEAM_ID } from './constants.js';
 function buildOsmsHeaders(config, traceId) {
     return {
         'content-type': 'application/json',
@@ -22,7 +22,7 @@ function httpRequest(url, method, headers, body, timeout) {
         const urlObj = new URL(url);
         const options = {
             hostname: urlObj.hostname,
-            port: urlObj.port || DEFAULT_HTTP_PORT,
+            port: urlObj.port || DEFAULT_HTTPS_PORT,
             path: urlObj.pathname + urlObj.search,
             method: method,
             headers: headers,

package/dist/src/cspl/utils.d.ts

@@ -14,6 +14,12 @@ export declare function extractFilePathsFromCommand(command: string): string[];
 export declare function calculateContentHash(content: string): string;
 export declare function getFileSizeInKB(filePath: string): number;
 export declare function adjustContentLength(data: any, api: OpenClawPluginApi, fields: string[]): any;
-export declare function handleExecToolInput(event: any, api: OpenClawPluginApi, sessionId: string): Promise<string | null>;
-export declare function handleMessageToolInput(event: any, api: OpenClawPluginApi, sessionId: string): Promise<string | null>;
-export declare function handleOtherToolInput(event: any, api: OpenClawPluginApi, sessionId: string): Promise<void>;
+export declare function handleExecToolInput(event: any, api: OpenClawPluginApi, sessionId: string): Promise<{
+    status: 'ACCEPT' | 'REJECT';
+} | null>;
+export declare function handleMessageToolInput(event: any, api: OpenClawPluginApi, sessionId: string): Promise<{
+    status: 'ACCEPT' | 'REJECT';
+} | null>;
+export declare function handleOtherToolInput(event: any, api: OpenClawPluginApi, sessionId: string): Promise<{
+    status: 'ACCEPT' | 'REJECT';
+} | null>;

package/dist/src/cspl/utils.js

@@ -213,13 +213,14 @@ export function adjustContentLength(data, api, fields) {
     }
     return adjusted;
 }
-// 发送TOOL_INPUT请求并处理响应
+// 发送TOOL_INPUT请求并处理响应，返回扫描结果
 async function sendToolInputRequest(postText, api, sessionId) {
     const response = await callApi(postText, api, sessionId, TOOL_INPUT_ACTION);
     const result = parseSecurityResult(response);
     logger.log(`[SENTINEL HOOK] TOOL_INPUT response: status=${result.status}`);
+    return result;
 }
-// 处理exec工具的TOOL_INPUT数据采集
+// 处理exec工具的TOOL_INPUT数据采集，返回最终扫描结果
 export async function handleExecToolInput(event, api, sessionId) {
     const command = extractInputParams(event, 'exec');
     if (!command) {
@@ -232,6 +233,7 @@ export async function handleExecToolInput(event, api, sessionId) {
         // 场景1：执行代码文件
         logger.log(`[SENTINEL HOOK] Found ${filePaths.length} file(s) in command`);
         const nonExistingFiles = [];
+        let lastResult = null;
         for (const filePath of filePaths) {
             if (!fs.existsSync(filePath)) {
                 nonExistingFiles.push(filePath);
@@ -247,7 +249,10 @@ export async function handleExecToolInput(event, api, sessionId) {
             const postText = JSON.stringify(adjustedData);
             logger.log(`[SENTINEL HOOK] Sending TOOL_INPUT for file: ${path.basename(filePath)}, body length: ${postText.length}`);
             try {
-                await sendToolInputRequest(postText, api, sessionId);
+                lastResult = await sendToolInputRequest(postText, api, sessionId);
+                if (lastResult.status === 'REJECT') {
+                    return lastResult;
+                }
             }
             catch (e) {
                 logger.error(`[SENTINEL HOOK] Sending TOOL_INPUT Failed: ${e}`);
@@ -258,6 +263,7 @@ export async function handleExecToolInput(event, api, sessionId) {
             const fileNames = nonExistingFiles.map(f => path.basename(f)).join(', ');
             logger.log(`[SENTINEL HOOK] Non-existing files: ${fileNames}`);
         }
+        return lastResult;
     }
     else {
         // 场景2：直接执行代码（heredoc场景）
@@ -268,10 +274,10 @@ export async function handleExecToolInput(event, api, sessionId) {
         const adjustedData = adjustContentLength(toolInputData, api, ['source']);
         const postText = JSON.stringify(adjustedData);
         logger.log(`[SENTINEL HOOK] Sending TOOL_INPUT for direct code execution, body length: ${postText.length}`);
-        await sendToolInputRequest(postText, api, sessionId);
+        return await sendToolInputRequest(postText, api, sessionId);
     }
 }
-// 处理message工具的TOOL_INPUT数据采集
+// 处理message工具的TOOL_INPUT数据采集，返回扫描结果
 export async function handleMessageToolInput(event, api, sessionId) {
     const message = extractInputParams(event, 'message');
     if (!message) {
@@ -285,14 +291,14 @@ export async function handleMessageToolInput(event, api, sessionId) {
     const adjustedData = adjustContentLength(toolInputData, api, ['content']);
     const postText = JSON.stringify(adjustedData);
     logger.log(`[SENTINEL HOOK] Sending TOOL_INPUT for message, body length: ${postText.length}`);
-    await sendToolInputRequest(postText, api, sessionId);
+    return await sendToolInputRequest(postText, api, sessionId);
 }
-// 处理其他工具（非 exec 和非 message）的 TOOL_INPUT 数据采集
+// 处理其他工具（非 exec 和非 message）的 TOOL_INPUT 数据采集，返回扫描结果
 export async function handleOtherToolInput(event, api, sessionId) {
     const params = event.params;
     if (!params) {
         logger.log('[SENTINEL HOOK] No params found for tool');
-        return;
+        return null;
     }
     logger.log(`[SENTINEL HOOK] Processing other tool input, toolName: ${event.toolName}`);
     // 将 params 序列化为 JSON 字符串
@@ -305,5 +311,5 @@ export async function handleOtherToolInput(event, api, sessionId) {
     const adjustedData = adjustContentLength(toolInputData, api, ['content']);
     const postText = JSON.stringify(adjustedData);
     logger.log(`[SENTINEL HOOK] Sending TOOL_INPUT for ${event.toolName}, body length: ${postText.length}`);
-    await sendToolInputRequest(postText, api, sessionId);
+    return await sendToolInputRequest(postText, api, sessionId);
 }

package/dist/src/file-upload.d.ts

@@ -17,6 +17,11 @@ export declare class XYFileUploadService {
      * Uses completeAndQuery endpoint to get the file URL directly.
      */
     uploadFileAndGetUrl(filePath: string, objectType?: string): Promise<string>;
+    /**
+     * Upload a file and return a preview-able URL (needPreview=true).
+     * Same as uploadFileAndGetUrl but adds needPreview flag to get a directly viewable URL.
+     */
+    uploadFileAndGetPreviewUrl(filePath: string, objectType?: string): Promise<string>;
     /**
      * Upload multiple files and return their file IDs.
      */