@ynhcj/xiaoyi-channel 1.1.26 → 1.1.27

package/dist/src/cspl/call_api.js

@@ -0,0 +1,107 @@
+/*
+ * 版权所有 (c) 华为技术有限公司 2026-2026
+ */
+import https from 'https';
+import { URL } from 'url';
+import { getConfig } from './config.js';
+import { DEFAULT_HTTP_PORT, HTTP_STATUS_BAD_REQUEST, API_URL_SUFFIX } from './constants.js';
+function buildHeadersForCelia(config, sessionId) {
+    if (!config.uid || !config.apiKey || !config.skillId || !config.requestFrom) {
+        throw new Error('[SENTINEL HOOK] Missing required configuration: uid, apiKey, skillId, or requestFrom is not defined');
+    }
+    return {
+        'x-hag-trace-id': sessionId,
+        'x-uid': config.uid,
+        'x-api-key': config.apiKey,
+        'x-request-from': config.requestFrom,
+        'x-skill-id': config.skillId,
+        'content-type': 'application/json'
+    };
+}
+function buildRequestOptions(url, headers, timeout) {
+    const urlObj = new URL(url);
+    return {
+        hostname: urlObj.hostname,
+        port: urlObj.port || DEFAULT_HTTP_PORT,
+        path: urlObj.pathname,
+        method: "POST",
+        headers: headers,
+        timeout: timeout
+    };
+}
+function checkHttpStatus(res) {
+    if (res.statusCode && res.statusCode >= HTTP_STATUS_BAD_REQUEST) {
+        throw new Error(`HTTP error! status: ${res.statusCode}`);
+    }
+}
+function parseResponseData(data) {
+    try {
+        if (data === undefined || data === null || data.trim() === '') {
+            throw new Error('API response data is empty or invalid');
+        }
+        const jsonData = JSON.parse(data);
+        if (jsonData.retCode && jsonData.retCode !== "0") {
+            const errorMsg = jsonData.retMsg || 'Unknown API error';
+            throw new Error(`API error: ${errorMsg}`);
+        }
+        if (!jsonData.retCode && jsonData.code) {
+            const errorMsg = jsonData.desc || 'Unknown backend error';
+            throw new Error(`Backend error: ${errorMsg}`);
+        }
+        return jsonData;
+    }
+    catch (e) {
+        if (e instanceof Error) {
+            throw new Error(`[SENTINEL HOOK] Failed to parse response：${e.message}`);
+        }
+        return data;
+    }
+}
+function handleResponse(res, resolve, reject) {
+    let data = '';
+    try {
+        checkHttpStatus(res);
+    }
+    catch (e) {
+        reject(e);
+    }
+    res.on('data', (chunk) => {
+        data += chunk;
+    });
+    res.on('end', () => {
+        try {
+            const result = parseResponseData(data);
+            resolve(result);
+        }
+        catch (e) {
+            reject(e);
+        }
+    });
+}
+export async function callApi(questionText, api, sessionId) {
+    const config = getConfig(api);
+    const headersForCelia = buildHeadersForCelia(config, sessionId);
+    const payload = {
+        questionText: questionText,
+        textSource: config.textSource,
+        action: config.action,
+        extra: `${JSON.stringify({ userId: config.uid })}`
+    };
+    const httpBody = JSON.stringify(payload);
+    const apiUrl = `${config.api.url}${API_URL_SUFFIX}`;
+    return new Promise((resolve, reject) => {
+        const options = buildRequestOptions(apiUrl, headersForCelia, config.api.timeout);
+        const req = https.request(options, (res) => {
+            handleResponse(res, resolve, reject);
+        });
+        req.on('error', (error) => {
+            reject(error);
+        });
+        req.on('timeout', () => {
+            req.destroy();
+            reject(new Error('[SENTINEL HOOK] Request timeout'));
+        });
+        req.write(httpBody);
+        req.end();
+    });
+}

package/dist/src/cspl/configs.json

@@ -0,0 +1,10 @@
+{
+    "api": {
+        "timeout": 5000
+    },
+    "headers": {},
+    "skillId": "skill-scope",
+    "requestFrom": "openclaw",
+    "textSource": "question",
+    "action": "TOOL_OUTPUT_SCAN"
+}

package/dist/src/cspl/sentinel_hook.d.ts

@@ -0,0 +1,2 @@
+import type { OpenClawPluginApi } from "openclaw/plugin-sdk";
+export default function register(api: OpenClawPluginApi): void;

package/dist/src/cspl/sentinel_hook.js

@@ -0,0 +1,98 @@
+/*
+ * 版权所有 (c) 华为技术有限公司 2026-2026
+ */
+import crypto from 'crypto';
+import { callApi } from './call_api.js';
+import { processText, extractResultText, validateAndTruncateText, parseSecurityResult, handleExecToolInput, handleMessageToolInput, handleOtherToolInput } from './utils.js';
+import { ALLOWED_TOOLS, MAX_TEXT_LENGTH, MAX_TOTAL_LENGTH, MIN_TEXT_LENGTH, STEER_ABORT_MESSAGE } from './constants.js';
+import { logger } from '../utils/logger.js';
+import { getSessionContext } from '../tools/session-manager.js';
+import { tryInjectSteer } from './steer-context.js';
+// 主入口模块
+export default function register(api) {
+    api.on("before_tool_call", async (event, ctx) => {
+        logger.log(`[SENTINEL HOOK] before_tool_call_event toolName: ${event.toolName}`);
+        // 生成sessionID
+        const sessionId = (event.runId?.replace(/-/g, '') || crypto.randomBytes(16).toString('hex'));
+        logger.log(`[SENTINEL HOOK] Generated Session ID: ${sessionId}`);
+        // 处理 TOOL_INPUT 数据采集、发送数据
+        try {
+            if (event.toolName === 'exec') {
+                await handleExecToolInput(event, api, sessionId);
+            }
+            else if (event.toolName === 'message') {
+                await handleMessageToolInput(event, api, sessionId);
+            }
+            else {
+                await handleOtherToolInput(event, api, sessionId);
+            }
+        }
+        catch (error) {
+            logger.error(`[SENTINEL HOOK] Extracted TOOL_INPUT data processing exception: ${error}`);
+        }
+    });
+    api.on("after_tool_call", async (event, ctx) => {
+        // 检查是否在输出白名单中
+        if (!ALLOWED_TOOLS.includes(event.toolName)) {
+            return;
+        }
+        try {
+            logger.log(`[SENTINEL HOOK] after_tool_call_event toolName: ${event.toolName}`);
+            // 生成sessionID
+            const sessionId = (event.runId?.replace(/-/g, '') || crypto.randomBytes(16).toString('hex'));
+            logger.log(`[SENTINEL HOOK] Generated Session ID: ${sessionId}`);
+            // 处理TOOL_OUTPUT数据采集（保持现有逻辑）
+            const resultText = extractResultText(event, event.toolName);
+            const resultTextLength = resultText.length;
+            if (resultTextLength > MAX_TOTAL_LENGTH) {
+                logger.warn(`[SENTINEL HOOK] Text exceeds ${MAX_TOTAL_LENGTH} character limit. Actual length: ${resultTextLength}`);
+                return;
+            }
+            if (resultTextLength <= MIN_TEXT_LENGTH) {
+                logger.log("[SENTINEL HOOK] No valid information at collection point");
+                return;
+            }
+            // 处理和验证文本
+            const questionText = { subSceneID: 'TOOL_OUTPUT', tool: `${event.toolName}`, output: [{ content: "" }] };
+            const originText = processText(resultText, api);
+            questionText.output[0].content = `${originText}`;
+            const finalText = JSON.stringify(questionText);
+            if (finalText.length > MAX_TEXT_LENGTH) {
+                const diff_length = finalText.length - MAX_TEXT_LENGTH;
+                const { text: filterText, truncated } = validateAndTruncateText(originText, MAX_TEXT_LENGTH - diff_length);
+                if (truncated) {
+                    questionText.output[0].content = `${filterText}`;
+                    logger.warn(`[SENTINEL HOOK] postText exceeds ${MAX_TEXT_LENGTH}.`);
+                }
+            }
+            const postText = JSON.stringify(questionText);
+            logger.log(`[SENTINEL HOOK] Content extracted successfully. Length: ${postText.length}`);
+            try {
+                const response = await callApi(postText, api, sessionId);
+                const result = parseSecurityResult(response);
+                logger.log(`[SENTINEL HOOK] TOOL_OUTPUT response: status=${result.status}.`);
+                if (result.status === 'REJECT') {
+                    logger.warn('[SENTINEL HOOK] REJECT detected, attempting steer injection');
+                    const sessionCtx = ctx.sessionKey ? getSessionContext(ctx.sessionKey) : null;
+                    if (sessionCtx?.sessionId && sessionCtx?.taskId) {
+                        await tryInjectSteer({
+                            sessionId: sessionCtx.sessionId,
+                            taskId: sessionCtx.taskId,
+                            message: STEER_ABORT_MESSAGE,
+                            source: 'cspl',
+                        });
+                    }
+                    else {
+                        logger.warn(`[SENTINEL HOOK] Cannot inject steer: sessionKey=${ctx.sessionKey}, sessionCtx found=${!!sessionCtx}`);
+                    }
+                }
+            }
+            catch (error) {
+                throw new Error(`[SENTINEL HOOK] API call failed: ${error}`);
+            }
+        }
+        catch (error) {
+            logger.error(`[SENTINEL HOOK] Extracted TOOL_OUTPUT data processing exception: ${error}`);
+        }
+    });
+}

package/dist/src/cspl/upload_file.d.ts

@@ -0,0 +1 @@
+export declare function uploadFileToObsMain(filePath: string, api: any, fileHash: string, sessionId: string): Promise<string>;

package/dist/src/cspl/upload_file.js

@@ -0,0 +1,211 @@
+/*
+ * 版权所有 (c) 华为技术有限公司 2026-2026
+ */
+import fs from 'fs';
+import path from 'path';
+import https from 'https';
+import { URL } from 'url';
+import { getConfig } from './config.js';
+import { DEFAULT_HTTP_PORT, DEFAULT_HTTPS_PORT, MAX_TIMES, CONNECT_TIMEOUT, READ_TIMEOUT, EXPIRE_TIME, OSMS_PREPARE_URL, OSMS_COMPLETE_URL, TEMPORARY_MATERIAL_PACKAGE, FILE_OWNER_UID, FILE_OWNER_TEAM_ID } from './constants.js';
+function buildOsmsHeaders(config, traceId) {
+    return {
+        'content-type': 'application/json',
+        'x-request-from': 'openclaw',
+        'x-uid': config.uid,
+        'x-api-key': config.apiKey,
+        'x-hag-trace-id': traceId,
+        'x-skill-id': ''
+    };
+}
+function httpRequest(url, method, headers, body, timeout) {
+    return new Promise((resolve, reject) => {
+        const urlObj = new URL(url);
+        const options = {
+            hostname: urlObj.hostname,
+            port: urlObj.port || DEFAULT_HTTP_PORT,
+            path: urlObj.pathname + urlObj.search,
+            method: method,
+            headers: headers,
+            timeout: timeout,
+            rejectUnauthorized: false
+        };
+        const req = https.request(options, (res) => {
+            let data = '';
+            res.on('data', (chunk) => {
+                data += chunk;
+            });
+            res.on('end', () => {
+                if (res.statusCode && res.statusCode >= 400) {
+                    reject(new Error(`HTTP error! status: ${res.statusCode}, body: ${data}`));
+                }
+                else {
+                    resolve(data);
+                }
+            });
+        });
+        req.on('error', (error) => {
+            reject(error);
+        });
+        req.on('timeout', () => {
+            req.destroy();
+            reject(new Error('Request timeout'));
+        });
+        if (body) {
+            req.write(body);
+        }
+        req.end();
+    });
+}
+async function invokingOsmsPrepare(filePath, config, fileSha256, fileSize, sessionId) {
+    const headers = buildOsmsHeaders(config, sessionId);
+    const fileName = path.basename(filePath);
+    const body = JSON.stringify({
+        useEdge: false,
+        objectType: TEMPORARY_MATERIAL_PACKAGE,
+        fileName: fileName,
+        fileSha256: fileSha256,
+        fileSize: fileSize,
+        fileOwnerInfo: {
+            uid: FILE_OWNER_UID,
+            teamId: FILE_OWNER_TEAM_ID
+        }
+    });
+    const prepareUrl = `${config.serviceUrl}${OSMS_PREPARE_URL}`;
+    for (let times = 0; times < MAX_TIMES; times++) {
+        try {
+            const responseData = await httpRequest(prepareUrl, 'POST', headers, body, CONNECT_TIMEOUT);
+            const resp = JSON.parse(responseData);
+            if (!resp.objectId || !resp.draftId || !resp.uploadInfos) {
+                throw new Error('The hag osms prepare interface returns an exception');
+            }
+            if (!resp.uploadInfos || resp.uploadInfos.length === 0) {
+                throw new Error('The hag osms prepare interface uploadInfos returns is empty');
+            }
+            const uploadInfo = resp.uploadInfos[0];
+            if (!uploadInfo.url || !uploadInfo.headers) {
+                throw new Error('The hag osms prepare interface url and headers for uploadInfos map returns is empty');
+            }
+            return resp;
+        }
+        catch (e) {
+            if (times === MAX_TIMES - 1) {
+                throw e;
+            }
+        }
+    }
+    throw new Error('Failed to invoke OSMS prepare interface after max retries');
+}
+function readFileAsBytes(filePath) {
+    try {
+        return fs.readFileSync(filePath);
+    }
+    catch (error) {
+        const err = error;
+        throw new Error(`Failed to read file: ${filePath}. Error: ${err.message}`);
+    }
+}
+async function uploadFileToObs(uploadInfo, fileBytes) {
+    let retryDelay = 1;
+    let retryTime = 1;
+    while (true) {
+        try {
+            const urlObj = new URL(uploadInfo.url);
+            const options = {
+                hostname: urlObj.hostname,
+                port: urlObj.port || DEFAULT_HTTPS_PORT,
+                path: urlObj.pathname + urlObj.search,
+                method: 'PUT',
+                headers: {
+                    ...uploadInfo.headers,
+                    'content-length': fileBytes.length.toString(),
+                },
+                timeout: READ_TIMEOUT,
+                rejectUnauthorized: false
+            };
+            await new Promise((resolve, reject) => {
+                const req = https.request(options, (res) => {
+                    let data = '';
+                    res.on('data', (chunk) => {
+                        data += chunk;
+                    });
+                    res.on('end', () => {
+                        if (res.statusCode && res.statusCode >= 400) {
+                            reject(new Error(`Upload failed with status: ${res.statusCode}, body: ${data}`));
+                        }
+                        else {
+                            resolve();
+                        }
+                    });
+                });
+                req.on('error', (error) => {
+                    reject(error);
+                });
+                req.on('timeout', () => {
+                    req.destroy();
+                    reject(new Error('Upload timeout'));
+                });
+                req.write(fileBytes);
+                req.end();
+            });
+            return true;
+        }
+        catch (e) {
+            retryTime++;
+            if (retryTime > MAX_TIMES) {
+                throw new Error(`Upload file to obs failed: ${e.message}`);
+            }
+            await new Promise(resolve => setTimeout(resolve, retryDelay * Math.pow(2, retryTime)));
+        }
+    }
+}
+async function invokingOsmsComplete(objectId, draftId, config, sessionId) {
+    const headers = buildOsmsHeaders(config, sessionId);
+    const body = JSON.stringify({
+        objectId: objectId,
+        draftId: draftId,
+        expireTime: EXPIRE_TIME
+    });
+    const completeUrl = `${config.serviceUrl}${OSMS_COMPLETE_URL}`;
+    for (let times = 0; times < MAX_TIMES; times++) {
+        try {
+            const responseData = await httpRequest(completeUrl, 'POST', headers, body, CONNECT_TIMEOUT);
+            const resp = JSON.parse(responseData);
+            return resp;
+        }
+        catch (e) {
+            if (times === MAX_TIMES - 1) {
+                throw e;
+            }
+        }
+    }
+    throw new Error('Failed to invoke OSMS complete interface after max retries');
+}
+export async function uploadFileToObsMain(filePath, api, fileHash, sessionId) {
+    const config = getConfig(api);
+    const serviceUrl = config.api.url;
+    const obsConfig = {
+        uid: config.uid,
+        apiKey: config.apiKey,
+        serviceUrl: serviceUrl
+    };
+    const fileSize = fs.statSync(filePath).size;
+    const prepareResponse = await invokingOsmsPrepare(filePath, obsConfig, fileHash, fileSize, sessionId);
+    let fileBytes;
+    try {
+        fileBytes = readFileAsBytes(filePath);
+    }
+    catch (error) {
+        const err = error;
+        throw new Error(`Failed to read file for upload: ${filePath}. Error: ${err.message}`);
+    }
+    const uploadInfo = {
+        url: prepareResponse.uploadInfos[0].url,
+        headers: prepareResponse.uploadInfos[0].headers
+    };
+    await uploadFileToObs(uploadInfo, fileBytes);
+    const completeResponse = await invokingOsmsComplete(prepareResponse.objectId, prepareResponse.draftId, obsConfig, sessionId);
+    if (!completeResponse.fileDetailInfo || !completeResponse.fileDetailInfo.url) {
+        throw new Error('Failed to get download URL from complete response');
+    }
+    return completeResponse.fileDetailInfo.url;
+}

package/dist/src/sensitive-redactor.d.ts

@@ -0,0 +1,4 @@
+export declare function refreshSensitivePatterns(): void;
+export declare function redactSensitiveText(text: any): any;
+export declare function redactSensitiveObject(obj: any): any;
+export declare function containsSensitiveInfo(text: any): boolean;