duclaw-cli 1.9.4 → 1.9.5

package/dist/bundle.js

@@ -30242,7 +30242,7 @@ function printHelp() {
 `);
 }
 function printVersion() {
-  console.log(`duclaw-cli v${true ? "1.9.4" : "unknown"}`);
+  console.log(`duclaw-cli v${true ? "1.9.5" : "unknown"}`);
 }
 function getDuclawTemplate() {
   return {
@@ -33273,7 +33273,7 @@ var chokidar_default = { watch, FSWatcher };
 var import_node_cron = __toESM(require_node_cron());
 
 // src/agent/createAgent.ts
-var import_node_crypto14 = require("node:crypto");
+var import_node_crypto15 = require("node:crypto");
 var import_node_fs7 = require("node:fs");
 
 // src/background/BackgroundManager.ts
@@ -38895,35 +38895,69 @@ var clearMessages = async (storage, userId, date, cronTitle) => {
   await storage.del(key);
 };
 
-// src/runtime/activity.ts
-async function reportRuntimeActivity(input) {
-  const baseUrl = process.env.DUCLAW_CONTROL_PLANE_BASE_URL?.replace(/\/$/, "");
-  const token = process.env.DUCLAW_CONTROL_PLANE_METERING_TOKEN;
-  const tenantId = process.env.DUCLAW_TENANT_ID;
-  if (!baseUrl || !token || !tenantId) return;
-  try {
-    const response = await fetch(`${baseUrl}/internal/runtime/activity`, {
-      method: "POST",
-      signal: AbortSignal.timeout(2500),
-      headers: {
-        authorization: `Bearer ${token}`,
-        "content-type": "application/json"
-      },
-      body: JSON.stringify({
-        tenantId,
-        kind: input.kind,
-        status: input.status,
-        toolName: input.toolName,
-        toolCallId: input.toolCallId ?? null,
-        occurredAt: (/* @__PURE__ */ new Date()).toISOString(),
-        metadata: input.metadata ?? {}
-      })
-    });
-    if (!response.ok) {
-      console.warn(`[runtime-activity] \u4E0A\u62A5\u5931\u8D25: tool=${input.toolName} status=${input.status} http=${response.status}`);
+// src/tools/ToolExecutor.ts
+var import_node_crypto2 = require("node:crypto");
+
+// src/runtime/events.ts
+var createRuntimeEventBus = () => {
+  const handlers = /* @__PURE__ */ new Map();
+  return {
+    async emit(event) {
+      const subscribers = Array.from(handlers.get(event.type) ?? []);
+      for (const handler of subscribers) {
+        try {
+          await handler(event);
+        } catch (error) {
+          console.warn(`[runtime-event-bus] handler failed: type=${event.type} error=${error.message}`);
+        }
+      }
+    },
+    subscribe(type, handler) {
+      const current = handlers.get(type) ?? /* @__PURE__ */ new Set();
+      current.add(handler);
+      handlers.set(type, current);
+      return () => {
+        current.delete(handler);
+        if (current.size === 0) handlers.delete(type);
+      };
     }
-  } catch (err) {
-    console.warn(`[runtime-activity] \u4E0A\u62A5\u5F02\u5E38: tool=${input.toolName} status=${input.status} error=${err.message}`);
+  };
+};
+
+// src/runtime/toolHooks.ts
+function sortToolHookPlugins(plugins = []) {
+  return [...plugins].sort((a, b) => (b.priority ?? 0) - (a.priority ?? 0));
+}
+async function runPreToolUseHooks(plugins, ctx) {
+  for (const plugin of plugins) {
+    if (!plugin.preToolUse) continue;
+    const decision = await plugin.preToolUse(ctx);
+    if (decision?.metadataPatch) {
+      ctx.metadata = {
+        ...ctx.metadata,
+        ...decision.metadataPatch
+      };
+    }
+    if (decision?.deny || decision?.allow === false) {
+      return {
+        allow: false,
+        deny: true,
+        reason: decision.reason ?? `blocked_by_${plugin.id}`,
+        userMessage: decision.userMessage,
+        metadataPatch: decision.metadataPatch
+      };
+    }
+  }
+  return { allow: true };
+}
+async function runAfterToolUseHooks(plugins, ctx) {
+  for (const plugin of plugins) {
+    if (plugin.afterToolUse) await plugin.afterToolUse(ctx);
+  }
+}
+async function runToolUseErrorHooks(plugins, ctx) {
+  for (const plugin of plugins) {
+    if (plugin.onToolUseError) await plugin.onToolUseError(ctx);
   }
 }
 
@@ -38941,7 +38975,9 @@ var UserRecoverableToolError = class extends Error {
 var isUserRecoverableToolError = (error) => error instanceof UserRecoverableToolError || typeof error === "object" && error !== null && error.name === "UserRecoverableToolError" && typeof error.userMessage === "string";
 
 // src/tools/ToolExecutor.ts
-var createToolExecutor = (registry2) => {
+var createToolExecutor = (registry2, options = {}) => {
+  const hookPlugins = sortToolHookPlugins(options.hookPlugins ?? []);
+  const eventBus = options.eventBus ?? createRuntimeEventBus();
   return {
     async execute(name, input, userRequest) {
       const tool = registry2.get(name);
@@ -38953,42 +38989,78 @@ var createToolExecutor = (registry2) => {
         }
       }
       const toolCallId = typeof userRequest?.metadata?.toolCallId === "string" ? userRequest.metadata.toolCallId : null;
-      await reportRuntimeActivity({
-        kind: "tool_use",
+      const startedAt = /* @__PURE__ */ new Date();
+      const ctx = {
         toolName: name,
-        status: "started",
         toolCallId,
-        metadata: {
-          platform: userRequest?.platform,
-          requestId: userRequest?.requestId,
-          departmentAgentId: userRequest?.departmentAgentId
-        }
+        input: input ?? {},
+        userRequest,
+        startedAt,
+        metadata: requestContext(userRequest)
+      };
+      await eventBus.emit({
+        eventId: runtimeEventId("toolUse.started", name, toolCallId, startedAt),
+        type: "toolUse.started",
+        occurredAt: startedAt.toISOString(),
+        toolName: name,
+        toolCallId,
+        inputSummary: summarizeJson(ctx.input),
+        requestContext: ctx.metadata
       });
+      const preDecision = await runPreToolUseHooks(hookPlugins, ctx);
+      if (preDecision.deny || preDecision.allow === false) {
+        ctx.durationMs = Date.now() - startedAt.getTime();
+        const reason = preDecision.reason ?? "tool_use_blocked";
+        await eventBus.emit({
+          eventId: runtimeEventId("toolUse.blocked", name, toolCallId, startedAt),
+          type: "toolUse.blocked",
+          occurredAt: (/* @__PURE__ */ new Date()).toISOString(),
+          toolName: name,
+          toolCallId,
+          inputSummary: summarizeJson(ctx.input),
+          durationMs: ctx.durationMs,
+          errorSummary: reason,
+          requestContext: ctx.metadata
+        });
+        throw new UserRecoverableToolError(
+          "tool_use_blocked",
+          preDecision.userMessage ?? "\u5F53\u524D\u5DE5\u5177\u8C03\u7528\u5DF2\u88AB\u7CFB\u7EDF\u7B56\u7565\u963B\u6B62\u3002",
+          reason
+        );
+      }
       try {
         const result = await tool.execute(input ?? {}, userRequest);
-        await reportRuntimeActivity({
-          kind: "tool_use",
+        ctx.resultText = result;
+        ctx.durationMs = Date.now() - startedAt.getTime();
+        await runAfterToolUseHooks(hookPlugins, ctx);
+        await eventBus.emit({
+          eventId: runtimeEventId("toolUse.completed", name, toolCallId, startedAt),
+          type: "toolUse.completed",
+          occurredAt: (/* @__PURE__ */ new Date()).toISOString(),
           toolName: name,
-          status: "completed",
           toolCallId,
-          metadata: {
-            platform: userRequest?.platform,
-            requestId: userRequest?.requestId,
-            departmentAgentId: userRequest?.departmentAgentId
-          }
+          inputSummary: summarizeJson(ctx.input),
+          durationMs: ctx.durationMs,
+          resultSummary: summarizeText(result),
+          requestContext: ctx.metadata
         });
         return result;
       } catch (error) {
         const err = error;
-        await reportRuntimeActivity({
-          kind: "tool_use",
+        ctx.error = err;
+        ctx.durationMs = Date.now() - startedAt.getTime();
+        await runToolUseErrorHooks(hookPlugins, ctx);
+        await eventBus.emit({
+          eventId: runtimeEventId("toolUse.failed", name, toolCallId, startedAt),
+          type: "toolUse.failed",
+          occurredAt: (/* @__PURE__ */ new Date()).toISOString(),
           toolName: name,
-          status: "failed",
           toolCallId,
-          metadata: {
-            platform: userRequest?.platform,
-            requestId: userRequest?.requestId,
-            departmentAgentId: userRequest?.departmentAgentId,
+          inputSummary: summarizeJson(ctx.input),
+          durationMs: ctx.durationMs,
+          errorSummary: summarizeText(err.message),
+          requestContext: {
+            ...ctx.metadata,
             error: err.message
           }
         });
@@ -39005,6 +39077,23 @@ var createToolExecutor = (registry2) => {
     }
   };
 };
+function requestContext(userRequest) {
+  return {
+    platform: userRequest?.platform,
+    requestId: userRequest?.requestId,
+    departmentAgentId: userRequest?.departmentAgentId
+  };
+}
+function summarizeJson(value, maxChars = 1e3) {
+  return summarizeText(JSON.stringify(value ?? null), maxChars);
+}
+function summarizeText(value, maxChars = 1e3) {
+  return value.length <= maxChars ? value : `${value.slice(0, maxChars)}...`;
+}
+function runtimeEventId(type, toolName, toolCallId, startedAt) {
+  if (typeof import_node_crypto2.randomUUID === "function") return (0, import_node_crypto2.randomUUID)();
+  return (0, import_node_crypto2.createHash)("sha256").update(type).update("\0").update(toolName).update("\0").update(toolCallId ?? "").update("\0").update(startedAt.toISOString()).digest("hex");
+}
 
 // src/tools/ToolRegistry.ts
 var createToolRegistry = () => {
@@ -41409,7 +41498,7 @@ var isToolUseBlock = (block) => block.type === "tool_use";
 var extractText = (blocks) => blocks.filter(isTextBlock).map((b) => b.text).join("\n");
 
 // src/tools/tools/ImageUnderstandMetering.ts
-var import_node_crypto2 = require("node:crypto");
+var import_node_crypto3 = require("node:crypto");
 var ImageUnderstandMeteringError = class extends Error {
   constructor(message, statusCode, meteringStatus) {
     super(message);
@@ -41499,7 +41588,7 @@ function inferImageProvider(baseUrl) {
   }
 }
 function fingerprintImageSource(imageSource) {
-  return (0, import_node_crypto2.createHash)("sha256").update(imageSource).digest("hex");
+  return (0, import_node_crypto3.createHash)("sha256").update(imageSource).digest("hex");
 }
 function imageSourceKind(imageSource) {
   if (imageSource.startsWith("http://") || imageSource.startsWith("https://")) return "url";
@@ -42109,10 +42198,10 @@ var goalDelete = {
 };
 
 // src/tools/tools/department/DepartmentCreate.ts
-var import_node_crypto7 = require("node:crypto");
+var import_node_crypto8 = require("node:crypto");
 
 // src/department/mailbox/mailbox.ts
-var import_node_crypto6 = require("node:crypto");
+var import_node_crypto7 = require("node:crypto");
 
 // src/agent/interruptRegistry.ts
 var registry = /* @__PURE__ */ new Map();
@@ -42163,7 +42252,7 @@ var drainInterrupts = (userId) => {
 };
 
 // src/agent/events.ts
-var import_node_crypto3 = require("node:crypto");
+var import_node_crypto4 = require("node:crypto");
 var rowToEvent = (row) => ({
   id: row.id,
   userId: row.userId,
@@ -42180,7 +42269,7 @@ var rowToEvent = (row) => ({
 var recordAgentEvent = (input) => {
   const db3 = createSqliteDB();
   const now = Date.now();
-  const id = `evt_${(0, import_node_crypto3.randomUUID)().slice(0, 12)}`;
+  const id = `evt_${(0, import_node_crypto4.randomUUID)().slice(0, 12)}`;
   const payloadJson = JSON.stringify(input.payload);
   db3.prepare(`
         INSERT INTO agent_events (
@@ -42311,7 +42400,7 @@ ${ceoFollowupInstruction}
 };
 
 // src/department/mailbox/events.ts
-var import_node_crypto4 = require("node:crypto");
+var import_node_crypto5 = require("node:crypto");
 var parseDetail = (detailJson) => {
   if (!detailJson) return void 0;
   try {
@@ -42352,7 +42441,7 @@ var mapMailboxEventRow = (row) => {
 var recordMailboxEvent = (input) => {
   const db3 = createSqliteDB();
   const event = {
-    id: (0, import_node_crypto4.randomUUID)().slice(0, 12),
+    id: (0, import_node_crypto5.randomUUID)().slice(0, 12),
     messageId: input.messageId,
     mailboxId: input.mailboxId,
     actorMailboxId: input.actorMailboxId,
@@ -42636,7 +42725,7 @@ var deleteDepartmentMemberById = (departmentName, memberId) => {
 };
 
 // src/department/mailbox/ceoFollowup.ts
-var import_node_crypto5 = require("node:crypto");
+var import_node_crypto6 = require("node:crypto");
 var rowToFollowup = (row) => ({
   id: row.id,
   sourceMessageId: row.sourceMessageId,
@@ -42683,7 +42772,7 @@ var enqueueCeoFollowupFromMailbox = (message) => {
   if (!message.originUserId || !message.originPlatform) return null;
   const db3 = createSqliteDB();
   const now = Date.now();
-  const id = `cfu_${(0, import_node_crypto5.randomUUID)().slice(0, 12)}`;
+  const id = `cfu_${(0, import_node_crypto6.randomUUID)().slice(0, 12)}`;
   db3.prepare(`
         INSERT INTO ceo_followups (
             id,
@@ -43013,7 +43102,7 @@ var recordMailboxReceivedAgentEvent = (msg) => {
 };
 var sendMessage2 = (fromMailboxId, toMailboxId, content, options) => {
   const db3 = createSqliteDB();
-  const id = (0, import_node_crypto6.randomUUID)().slice(0, 8);
+  const id = (0, import_node_crypto7.randomUUID)().slice(0, 8);
   const threadId = options?.threadId || id;
   const workItemContext = resolveWorkItemContext(fromMailboxId, toMailboxId, id, options);
   const stmt = db3.prepare(`insert into mailbox (
@@ -43156,7 +43245,7 @@ var departmentCreate = {
       return `[departmentCreate] \u4E0D\u5B58\u5728 id=${sourceGoalId} \u7684\u76EE\u6807`;
     }
     let departmentDefinition = {
-      id: (0, import_node_crypto7.randomUUID)().slice(0, 8),
+      id: (0, import_node_crypto8.randomUUID)().slice(0, 8),
       name,
       charter,
       sourceGoalId,
@@ -43423,7 +43512,7 @@ var departmentList = {
 };
 
 // src/tools/tools/department/DepartmentMemberCreate.ts
-var import_node_crypto8 = require("node:crypto");
+var import_node_crypto9 = require("node:crypto");
 var DESCRIPTION24 = `
 \u521B\u5EFA\u90E8\u95E8\u6210\u5458\u3002
 
@@ -43489,7 +43578,7 @@ var departmentMemberCreate = {
       }
     }
     let departmentMember = {
-      id: (0, import_node_crypto8.randomUUID)().slice(0, 8),
+      id: (0, import_node_crypto9.randomUUID)().slice(0, 8),
       name,
       departmentId: department.id,
       mailBoxId: getMailBoxId(department.name, name),
@@ -43680,7 +43769,7 @@ ${replies}`;
 // src/department/learning.ts
 var import_node_fs4 = require("node:fs");
 var import_node_path13 = __toESM(require("node:path"));
-var import_node_crypto9 = require("node:crypto");
+var import_node_crypto10 = require("node:crypto");
 
 // src/skill/SkillValidator.ts
 var import_node_fs3 = require("node:fs");
@@ -43918,7 +44007,7 @@ var listDepartmentMemories = (departmentName) => {
 var createDepartmentMemory = (departmentName, input) => {
   const now = Date.now();
   const memory = {
-    id: (0, import_node_crypto9.randomUUID)().slice(0, 8),
+    id: (0, import_node_crypto10.randomUUID)().slice(0, 8),
     departmentName,
     title: input.title,
     content: input.content,
@@ -43969,7 +44058,7 @@ ${formatSkillValidationIssues(validation)}`);
   }
   const now = Date.now();
   const skill = {
-    id: (0, import_node_crypto9.randomUUID)().slice(0, 8),
+    id: (0, import_node_crypto10.randomUUID)().slice(0, 8),
     departmentName,
     skillName: input.skillName,
     description: input.description,
@@ -44021,7 +44110,7 @@ var createDepartmentProposal = (input) => {
   const records = readJsonArray(proposalsPath());
   const proposal = {
     ...input,
-    id: (0, import_node_crypto9.randomUUID)().slice(0, 8),
+    id: (0, import_node_crypto10.randomUUID)().slice(0, 8),
     status: "pending",
     createdAt: Date.now()
   };
@@ -44356,7 +44445,7 @@ var mailboxFollowup = {
 
 // src/tools/tools/Bash.ts
 var import_node_child_process = require("node:child_process");
-var import_node_crypto10 = require("node:crypto");
+var import_node_crypto11 = require("node:crypto");
 var import_node_fs5 = require("node:fs");
 var DESCRIPTION29 = `\u5728\u7CFB\u7EDF shell \u4E2D\u6267\u884C\u547D\u4EE4\u3002
 
@@ -44560,7 +44649,7 @@ var bashTool = {
         ...options,
         stdio: ["pipe", "pipe", "pipe"]
       });
-      const id = (0, import_node_crypto10.randomUUID)().slice(0, 8);
+      const id = (0, import_node_crypto11.randomUUID)().slice(0, 8);
       const session = {
         id,
         command,
@@ -44658,10 +44747,183 @@ var sendFile = {
   }
 };
 
+// src/runtime/activity.ts
+async function reportRuntimeActivity(input) {
+  const baseUrl = process.env.DUCLAW_CONTROL_PLANE_BASE_URL?.replace(/\/$/, "");
+  const token = process.env.DUCLAW_CONTROL_PLANE_METERING_TOKEN;
+  const tenantId = process.env.DUCLAW_TENANT_ID;
+  if (!baseUrl || !token || !tenantId) return;
+  try {
+    const response = await fetch(`${baseUrl}/internal/runtime/activity`, {
+      method: "POST",
+      signal: AbortSignal.timeout(2500),
+      headers: {
+        authorization: `Bearer ${token}`,
+        "content-type": "application/json"
+      },
+      body: JSON.stringify({
+        tenantId,
+        kind: input.kind,
+        status: input.status,
+        toolName: input.toolName,
+        toolCallId: input.toolCallId ?? null,
+        occurredAt: (/* @__PURE__ */ new Date()).toISOString(),
+        metadata: input.metadata ?? {}
+      })
+    });
+    if (!response.ok) {
+      console.warn(`[runtime-activity] \u4E0A\u62A5\u5931\u8D25: tool=${input.toolName} status=${input.status} http=${response.status}`);
+    }
+  } catch (err) {
+    console.warn(`[runtime-activity] \u4E0A\u62A5\u5F02\u5E38: tool=${input.toolName} status=${input.status} error=${err.message}`);
+  }
+}
+
+// src/runtime/plugins/activityToolHook.ts
+var createRuntimeActivityToolHookPlugin = () => ({
+  id: "runtime-activity",
+  priority: 0,
+  async preToolUse(ctx) {
+    await reportRuntimeActivity({
+      kind: "tool_use",
+      toolName: ctx.toolName,
+      status: "started",
+      toolCallId: ctx.toolCallId,
+      metadata: activityMetadata(ctx)
+    });
+  },
+  async afterToolUse(ctx) {
+    await reportRuntimeActivity({
+      kind: "tool_use",
+      toolName: ctx.toolName,
+      status: "completed",
+      toolCallId: ctx.toolCallId,
+      metadata: activityMetadata(ctx)
+    });
+  },
+  async onToolUseError(ctx) {
+    await reportRuntimeActivity({
+      kind: "tool_use",
+      toolName: ctx.toolName,
+      status: "failed",
+      toolCallId: ctx.toolCallId,
+      metadata: {
+        ...activityMetadata(ctx),
+        error: ctx.error?.message
+      }
+    });
+  }
+});
+function activityMetadata(ctx) {
+  return {
+    platform: ctx.userRequest?.platform,
+    requestId: ctx.userRequest?.requestId,
+    departmentAgentId: ctx.userRequest?.departmentAgentId
+  };
+}
+
+// src/runtime/plugins/saasCreditToolHook.ts
+var DEFAULT_WEB_SEARCH_NUM_RESULTS = 8;
+var createSaasCreditToolHookPlugin = () => ({
+  id: "saas-credit",
+  priority: 100,
+  async afterToolUse(ctx) {
+    const usage = meteredToolUsage(ctx);
+    if (!usage) return;
+    const baseUrl = process.env.DUCLAW_CONTROL_PLANE_BASE_URL?.replace(/\/$/, "");
+    const token = process.env.DUCLAW_CONTROL_PLANE_METERING_TOKEN;
+    const tenantId = process.env.DUCLAW_TENANT_ID;
+    if (!baseUrl || !token || !tenantId) {
+      if (process.env.NODE_ENV === "production" || process.env.DUCLAW_RUNTIME_PROVIDER) {
+        throw new Error("[saas-credit] runtime metering is not configured");
+      }
+      return;
+    }
+    const response = await fetch(`${baseUrl}/internal/metering/tool-usage`, {
+      method: "POST",
+      signal: AbortSignal.timeout(5e3),
+      headers: {
+        authorization: `Bearer ${token}`,
+        "content-type": "application/json"
+      },
+      body: JSON.stringify({
+        tenantId,
+        toolName: ctx.toolName,
+        toolCallId: ctx.toolCallId,
+        requestId: ctx.userRequest?.requestId ?? null,
+        occurredAt: (/* @__PURE__ */ new Date()).toISOString(),
+        ...usage,
+        metadata: {
+          platform: ctx.userRequest?.platform ?? null,
+          departmentAgentId: ctx.userRequest?.departmentAgentId ?? null,
+          input: sanitizedWebSearchInput(ctx.input)
+        }
+      })
+    });
+    const body = await parseJson2(response);
+    const status = body?.result?.status;
+    if (response.status === 402 || status === "credit_exhausted") {
+      throw new UserRecoverableToolError(
+        "credit_exhausted",
+        "Credit \u4F59\u989D\u4E0D\u8DB3\uFF0C\u65E0\u6CD5\u5B8C\u6210\u672C\u6B21\u7F51\u9875\u641C\u7D22\u3002\u8BF7\u5148\u5145\u503C\u6216\u4F7F\u7528\u6FC0\u6D3B\u7801\u589E\u52A0 Credit\u3002",
+        `[saas-credit] ${ctx.toolName} credit exhausted`
+      );
+    }
+    if (!response.ok || status === "failed") {
+      throw new Error(`[saas-credit] tool metering failed: ${body?.error ?? body?.message ?? status ?? response.status}`);
+    }
+  }
+});
+function meteredToolUsage(ctx) {
+  if (ctx.toolName !== "websearch") return null;
+  if (isWebSearchErrorResult(ctx.resultText)) return null;
+  return {
+    meterType: "web.content_retrieval",
+    provider: "exa",
+    unit: "content",
+    quantity: normalizeNumResults(ctx.input.numResults)
+  };
+}
+function normalizeNumResults(value) {
+  if (typeof value !== "number" || !Number.isFinite(value)) return DEFAULT_WEB_SEARCH_NUM_RESULTS;
+  return Math.max(1, Math.floor(value));
+}
+function isWebSearchErrorResult(result) {
+  if (!result) return true;
+  return /Web search (请求失败|请求超时|执行失败)|未找到搜索结果/.test(result);
+}
+function sanitizedWebSearchInput(input) {
+  return {
+    query: typeof input.query === "string" ? input.query.slice(0, 500) : null,
+    numResults: normalizeNumResults(input.numResults),
+    livecrawl: typeof input.livecrawl === "string" ? input.livecrawl : null,
+    type: typeof input.type === "string" ? input.type : null,
+    contextMaxCharacters: typeof input.contextMaxCharacters === "number" ? input.contextMaxCharacters : null
+  };
+}
+async function parseJson2(response) {
+  try {
+    return await response.json();
+  } catch {
+    return null;
+  }
+}
+
+// src/runtime/plugins/index.ts
+function createDefaultToolHookPlugins(extra = []) {
+  return [
+    createSaasCreditToolHookPlugin(),
+    createRuntimeActivityToolHookPlugin(),
+    ...extra
+  ];
+}
+
 // src/tools/index.ts
-var createDefaultTools = (bg) => {
+var createDefaultTools = (bg, hookPlugins = []) => {
   const registry2 = createToolRegistry();
-  const executor = createToolExecutor(registry2);
+  const executor = createToolExecutor(registry2, {
+    hookPlugins: createDefaultToolHookPlugins(hookPlugins)
+  });
   registerTool(registry2, dateTool);
   registerTool(registry2, bashTool);
   registerTool(registry2, globTool);
@@ -45141,7 +45403,7 @@ var readDreamHistoryLimit = () => {
 var import_node_fs6 = require("node:fs");
 var import_node_os2 = require("node:os");
 var import_node_path14 = require("node:path");
-var import_node_crypto11 = require("node:crypto");
+var import_node_crypto12 = require("node:crypto");
 var SkillForgeEngine = class {
   proposalStorage;
   draftRoot;
@@ -45175,7 +45437,7 @@ ${formatSkillValidationIssues(validation)}`);
     if (pending.some((p) => p.skillName === skillName)) {
       return null;
     }
-    const id = (0, import_node_crypto11.randomBytes)(4).toString("hex");
+    const id = (0, import_node_crypto12.randomBytes)(4).toString("hex");
     const draftDir = (0, import_node_path14.join)(this.draftRoot, userId, id);
     (0, import_node_fs6.mkdirSync)(draftDir, { recursive: true });
     (0, import_node_fs6.writeFileSync)((0, import_node_path14.join)(draftDir, "SKILL.md"), skillMd, "utf-8");
@@ -45457,7 +45719,7 @@ var skillForgeDrop = (engine) => ({
 });
 
 // src/memory/MemoryEngine.ts
-var import_node_crypto12 = require("node:crypto");
+var import_node_crypto13 = require("node:crypto");
 var MemoryEngine = class {
   storage;
   recallIndexStorage;
@@ -45485,7 +45747,7 @@ var MemoryEngine = class {
     }
     const now = Date.now();
     const memory = {
-      id: (0, import_node_crypto12.randomBytes)(4).toString("hex"),
+      id: (0, import_node_crypto13.randomBytes)(4).toString("hex"),
       userId,
       title,
       content,
@@ -46137,13 +46399,13 @@ var COMPANY_VALUES_PROMPT = `<\u516C\u53F8\u5171\u540C\u4FE1\u5FF5>
 </\u516C\u53F8\u5171\u540C\u4FE1\u5FF5>`;
 
 // src/agent/outboundDedup.ts
-var import_node_crypto13 = require("node:crypto");
+var import_node_crypto14 = require("node:crypto");
 var DEFAULT_WINDOW_MS = 15e3;
 var recentSends = /* @__PURE__ */ new Map();
 var lastSweepAt = 0;
 var normalize3 = (text2) => text2.replace(/\s+/g, " ").trim();
 var keyFor = (userId, normalized) => {
-  const hash = (0, import_node_crypto13.createHash)("sha1").update(normalized).digest("hex");
+  const hash = (0, import_node_crypto14.createHash)("sha1").update(normalized).digest("hex");
   return `${userId}::${hash}`;
 };
 var sweep = (now, windowMs) => {
@@ -46181,7 +46443,7 @@ var isAbortError2 = (error) => {
   return error.name === "AbortError" || error.message.includes("aborted") || error.message.includes("AbortError");
 };
 var llmRequestIdForTurn = (request, messages, system, tools) => {
-  const hash = (0, import_node_crypto14.createHash)("sha256").update(request.requestId).update("\0").update(system).update("\0").update(JSON.stringify(messages)).update("\0").update(JSON.stringify(tools.map((tool) => tool.name).sort())).digest("hex").slice(0, 40);
+  const hash = (0, import_node_crypto15.createHash)("sha256").update(request.requestId).update("\0").update(system).update("\0").update(JSON.stringify(messages)).update("\0").update(JSON.stringify(tools.map((tool) => tool.name).sort())).digest("hex").slice(0, 40);
   return `dreq_${hash}`;
 };
 var getDefaultAgentConfig = (tools, systemPrompt) => {
@@ -46376,7 +46638,9 @@ ${getSkillMeta()}
   } else {
     finalTools = tools;
     const toolRegistry = createToolRegistry();
-    const executor = createToolExecutor(toolRegistry);
+    const executor = createToolExecutor(toolRegistry, {
+      hookPlugins: createDefaultToolHookPlugins()
+    });
     for (let tool of finalTools) {
       registerTool(toolRegistry, tool);
     }
@@ -47070,7 +47334,9 @@ var updateJobLastRunTime = (jobId) => {
 };
 var getCronTools = () => {
   const registry2 = createToolRegistry();
-  const executor = createToolExecutor(registry2);
+  const executor = createToolExecutor(registry2, {
+    hookPlugins: createDefaultToolHookPlugins()
+  });
   registerTool(registry2, dateTool);
   registerTool(registry2, globTool);
   registerTool(registry2, grepTool);
@@ -48117,7 +48383,9 @@ var startMailboxPoller = (intervalMs = 3e3) => {
 };
 var createDepartmentAgentTools = () => {
   const registry2 = createToolRegistry();
-  const executor = createToolExecutor(registry2);
+  const executor = createToolExecutor(registry2, {
+    hookPlugins: createDefaultToolHookPlugins()
+  });
   registerTool(registry2, dateTool);
   registerTool(registry2, bashTool);
   registerTool(registry2, globTool);
@@ -48255,7 +48523,9 @@ ${workspacePath ? `
   } else {
     finalTools = tools;
     const toolRegistry = createToolRegistry();
-    const executor = createToolExecutor(toolRegistry);
+    const executor = createToolExecutor(toolRegistry, {
+      hookPlugins: createDefaultToolHookPlugins()
+    });
     for (let tool of finalTools) {
       registerTool(toolRegistry, tool);
     }
@@ -53173,7 +53443,7 @@ var systemRoutes = new Hono2();
 var startTime = Date.now();
 systemRoutes.get("/system/info", (c) => {
   return c.json({
-    version: true ? "1.9.4" : "unknown",
+    version: true ? "1.9.5" : "unknown",
     uptime: Math.floor((Date.now() - startTime) / 1e3),
     env: process.env.NODE_ENV || "development",
     nodeVersion: process.version
@@ -53181,7 +53451,7 @@ systemRoutes.get("/system/info", (c) => {
 });
 
 // src/server/routes/mobile.ts
-var import_node_crypto15 = require("node:crypto");
+var import_node_crypto16 = require("node:crypto");
 var import_promises12 = require("node:fs/promises");
 var import_node_path16 = __toESM(require("node:path"));
 var mobileRoutes = new Hono2();
@@ -53285,7 +53555,7 @@ mobileRoutes.post("/mobile/attachments", async (c) => {
   const fileName = sanitizeFileName(body.fileName || `attachment-${Date.now()}`);
   const mimeType = body.mimeType || "application/octet-stream";
   const type = inferAttachmentType2(mimeType, fileName);
-  const attachmentId = (0, import_node_crypto15.randomUUID)();
+  const attachmentId = (0, import_node_crypto16.randomUUID)();
   const buffer = Buffer.from(dataBase64, "base64");
   const dir = import_node_path16.default.join(getDuclawWorkspaceDir(), mobileUserId, "mobile", type === "image" ? "images" : "files");
   await (0, import_promises12.mkdir)(dir, { recursive: true });
@@ -53317,7 +53587,7 @@ mobileRoutes.post("/mobile/messages", async (c) => {
   }
   const mobileUserId = resolveMobileUserId(body, c.req.header("x-user-id"));
   const threadId = resolveThreadId(body.goalId, mobileUserId);
-  const requestId = body.clientMessageId?.trim() || (0, import_node_crypto15.randomUUID)();
+  const requestId = body.clientMessageId?.trim() || (0, import_node_crypto16.randomUUID)();
   const agentText = body.contextText?.trim() || text2;
   const attachmentContent = buildContentWithAttachments(agentText, attachments);
   const content = buildGoalPrompt(body.goalId, attachmentContent.content);