principles-disciple 1.16.0 → 1.18.0

package/src/core/session-tracker.ts

@@ -33,6 +33,7 @@ export interface SessionState {
     lastErrorSource?: string;
     lastErrorHash: string;
     consecutiveErrors: number;
+    lastGfiDecayAt?: number;  // Timestamp of last GFI decay (for time-based decay)
     
     // Daily statistics (persisted)
     dailyToolCalls: number;
@@ -82,7 +83,7 @@ export function initPersistence(stateDir: string): void {
     }
     
     // Load all existing sessions
-    // eslint-disable-next-line @typescript-eslint/no-use-before-define -- Reason: loadAllSessions is defined later in this file, called here for organizational reasons
+     
     loadAllSessions();
 }
 
@@ -138,6 +139,14 @@ function persistSession(state: SessionState): void {
     
     try {
         fs.writeFileSync(sessionPath, JSON.stringify(state, null, 2), 'utf-8');
+        // Log successful persistence with GFI snapshot for debugging
+        if (state.currentGfi > 0) {
+            SystemLogger.log(
+                state.workspaceDir,
+                'GFI_PERSIST',
+                `Session ${state.sessionId.slice(0, 8)} persisted: GFI=${state.currentGfi.toFixed(1)}, sources=${JSON.stringify(state.gfiBySource)}`
+            );
+        }
     } catch (error) {
         logSessionTrackerWarning(`Failed to persist session ${state.sessionId}`, error);
     }
@@ -171,7 +180,7 @@ export function flushAllSessions(): void {
     }
 }
 
-// eslint-disable-next-line @typescript-eslint/max-params -- Reason: session creation requires all 4 params (sessionId, workspaceDir, sessionKey, trigger) - refactoring would break API
+ 
 function getOrCreateSession(sessionId: string, workspaceDir?: string, sessionKey?: string, trigger?: string): SessionState {
     let state = sessions.get(sessionId);
     if (!state) {
@@ -194,6 +203,7 @@ function getOrCreateSession(sessionId: string, workspaceDir?: string, sessionKey
             lastErrorSource: '',
             lastErrorHash: '',
             consecutiveErrors: 0,
+            lastGfiDecayAt: Date.now(),
             dailyToolCalls: 0,
             dailyToolFailures: 0,
             dailyPainSignals: 0,
@@ -232,7 +242,7 @@ export function trackToolRead(sessionId: string, filePath: string, workspaceDir?
     return state;
 }
 
-// eslint-disable-next-line @typescript-eslint/max-params -- Reason: LLM output tracking requires all 6 params - refactoring would break API
+ 
 export function trackLlmOutput(sessionId: string, usage: TokenUsage | undefined, config?: PainConfig, workspaceDir?: string, sessionKey?: string, trigger?: string): SessionState {
     const state = getOrCreateSession(sessionId, workspaceDir, sessionKey, trigger);
     state.llmTurns += 1;
@@ -271,7 +281,7 @@ export function trackLlmOutput(sessionId: string, usage: TokenUsage | undefined,
 /**
  * Tracks physical friction based on tool execution failures.
  */
-// eslint-disable-next-line @typescript-eslint/max-params -- Reason: friction tracking requires all 5 params - refactoring would break API
+ 
 export function trackFriction(
     sessionId: string,
     deltaF: number,
@@ -305,6 +315,8 @@ export function trackFriction(
     state.dailyGfiPeak = Math.max(state.dailyGfiPeak, state.currentGfi);
     
     // Schedule persistence
+    // Update decay anchor to prevent retroactive decay of the new friction
+    state.lastGfiDecayAt = Date.now();
     schedulePersistence(state);
     
     return state;
@@ -516,3 +528,83 @@ export function resetDailyStats(sessionId: string): void {
         schedulePersistence(state);
     }
 }
+
+/**
+ * Apply time-based decay to GFI using segmented exponential decay.
+ * 
+ * Decay rates:
+ * - GFI >= 70 (severe): 3%/min - fast recovery to avoid prolonged blocking
+ * - GFI 40-70 (moderate): 2%/min - medium decay
+ * - GFI < 40 (mild): 1%/min - slow decay to retain as warning
+ * 
+ * Formula: GFI_new = GFI * (1 - λ)^elapsedMinutes
+ * 
+ * @param sessionId - The session to decay
+ * @param elapsedMinutes - Minutes since last decay
+ * @returns Updated session state, or undefined if session not found or GFI is 0
+ */
+export function decayGfi(sessionId: string, elapsedMinutes: number): SessionState | undefined {
+    const state = sessions.get(sessionId);
+    if (!state || state.currentGfi <= 0 || elapsedMinutes <= 0) return undefined;
+    
+    // Determine decay rate based on current GFI level (segmented)
+    let decayRate: number;
+    if (state.currentGfi >= 70) {
+      decayRate = 0.03;  // 3%/min for severe friction
+    } else if (state.currentGfi >= 40) {
+      decayRate = 0.02;  // 2%/min for moderate friction
+    } else {
+      decayRate = 0.01;  // 1%/min for mild friction
+    }
+    
+    // Exponential decay: GFI_new = GFI * (1-λ)^Δt
+    const decayFactor = Math.pow(1 - decayRate, elapsedMinutes);
+    const previousGfi = state.currentGfi;
+    state.currentGfi = Math.max(0, state.currentGfi * decayFactor);
+    
+    // Apply same decay factor to all sources
+    const ledger = ensureGfiLedger(state);
+    for (const source of Object.keys(ledger)) {
+      ledger[source] = Math.max(0, ledger[source] * decayFactor);
+      // Remove sources that have decayed below 0.1
+      if (ledger[source] < 0.1) {
+        delete ledger[source];
+      }
+    }
+    
+    // Round to 1 decimal place
+    state.currentGfi = Math.round(state.currentGfi * 10) / 10;
+    
+    // Update last decay timestamp
+    state.lastGfiDecayAt = Date.now();
+    
+    // Log if significant decay
+    const decayedAmount = previousGfi - state.currentGfi;
+    if (decayedAmount >= 1) {
+      SystemLogger.log(
+        state.workspaceDir,
+        'GFI_DECAY',
+        `GFI decayed by ${decayedAmount.toFixed(1)} (${elapsedMinutes}min at ${decayRate*100}%/min). ${previousGfi.toFixed(1)} → ${state.currentGfi.toFixed(1)}`
+      );
+    }
+    
+    schedulePersistence(state);
+    return state;
+}
+
+/**
+ * Check if GFI decay should be applied and return elapsed minutes since last decay.
+ * @param sessionId - The session to check
+ * @returns Elapsed minutes since last decay, or 0 if no decay needed
+ */
+export function getGfiDecayElapsed(sessionId: string): number {
+  const state = sessions.get(sessionId);
+  if (!state || state.currentGfi <= 0) return 0;
+  
+  const now = Date.now();
+  const lastDecay = state.lastGfiDecayAt || state.lastControlActivityAt || state.lastActivityAt || now;
+  const elapsedMs = now - lastDecay;
+  
+  // Return elapsed minutes (floor to whole minutes)
+  return Math.floor(elapsedMs / 60000);
+}

package/src/core/shadow-observation-registry.ts

@@ -222,12 +222,12 @@ function writeRegistry(stateDir: string, registry: ShadowRegistry): void {
 /**
  * Execute a read-modify-write under an exclusive file lock.
  */
-/* eslint-disable no-unused-vars -- Reason: registry param name in type signature intentionally unused - actual function uses different param name */
+ 
 function withShadowRegistryLock<T>(
   stateDir: string,
   fn: (_registry: ShadowRegistry) => T
 ): T {
-/* eslint-enable no-unused-vars */
+ 
   const registryPath = getRegistryPath(stateDir);
   return withLock(registryPath, () => {
     const registry = readRegistry(stateDir);
@@ -341,7 +341,7 @@ export function completeShadowObservation(
  * @param failureSignals - Runtime failure signals
  * @returns The updated ShadowObservation, or null if not found
  */
-// eslint-disable-next-line @typescript-eslint/max-params -- Reason: shadow observation completion requires all 4 params - refactoring would break API
+ 
 export function completeShadowObservationByTask(
   stateDir: string,
   taskFingerprint: string,

package/src/core/system-logger.ts

@@ -25,10 +25,10 @@ export const SystemLogger = {
             const logEntry = `[${timestamp}] [${eventType.padEnd(15)}] ${message}\n`;
             
             // Use fire-and-forget async append to prevent blocking
-            fs.appendFile(logFile, logEntry, 'utf8', (_err) => { // eslint-disable-line @typescript-eslint/no-unused-vars, no-unused-vars -- Reason: fire-and-forget, errors silently dropped
+            fs.appendFile(logFile, logEntry, 'utf8', (_err) => {  
                 // Silently drop errors (e.g. disk full) to not crash the gateway
             });
-        } catch (e) { // eslint-disable-line @typescript-eslint/no-unused-vars, no-unused-vars -- Reason: intentionally unused - silently fail if we can't setup the log
+        } catch (e) { // eslint-disable-line @typescript-eslint/no-unused-vars -- Reason: intentionally unused - silently fail if we can't setup the log
             // Silently fail if we can't setup the log
         }
     }

package/src/core/thinking-os-parser.ts

@@ -44,7 +44,7 @@ export function parseThinkingOsMd(content: string): ThinkingOsDirective[] {
 
   // Match all <directive ...> ... </directive> blocks
   const directiveRegex = /<directive\s+([^>]*)>([\s\S]*?)<\/directive>/gi;
-  /* eslint-disable @typescript-eslint/init-declarations, @typescript-eslint/no-use-before-define, @typescript-eslint/prefer-destructuring, no-useless-assignment, @typescript-eslint/no-unused-vars */
+   
   let match: RegExpExecArray | null = null;
 
   while ((match = directiveRegex.exec(content)) !== null) {

package/src/core/training-program.ts

@@ -565,9 +565,9 @@ export function processTrainerResult(
  * ```
  */
 export class TrainingProgram {
-  /* eslint-disable no-unused-vars -- Reason: stateDir is used via this.stateDir in createExperiment method */
+   
   constructor(private readonly stateDir: string) {}
-  /* eslint-enable no-unused-vars */
+   
 
   /**
    * Create a new training experiment.

package/src/core/trajectory.ts

@@ -208,7 +208,7 @@ export class TrajectoryDatabase {
     const createdAt = input.createdAt ?? nowIso();
     // Extract filePath from paramsJson if provided and is an object with filePath
     const paramsObj = input.paramsJson as Record<string, unknown> | undefined;
-    /* eslint-disable @typescript-eslint/no-unused-vars, no-unused-vars -- Reason: _filePath extracted for potential future use but currently unused */
+    /* eslint-disable @typescript-eslint/no-unused-vars -- Reason: _filePath extracted for potential future use but currently unused */
     const _filePath = paramsObj && typeof paramsObj.filePath === 'string' ? paramsObj.filePath : null;
     const rowId = this.withWrite(() => {
       const result = this.db.prepare(`
@@ -587,7 +587,7 @@ export class TrajectoryDatabase {
     const limit = filters.limit ?? 100;
     const offset = filters.offset ?? 0;
 
-    // eslint-disable-next-line @typescript-eslint/init-declarations -- assigned in both if/else branches
+     
     let rows: Record<string, unknown>[];
     if (traceId) {
       rows = this.db.prepare(`
@@ -783,7 +783,7 @@ export class TrajectoryDatabase {
         try {
           const params = JSON.parse(row.params_json);
           if (params && typeof params.filePath === 'string') {
-            // eslint-disable-next-line @typescript-eslint/prefer-destructuring -- Reason: filePath is a reassignable outer let variable - destructuring would lose the assignment semantics
+             
             filePath = params.filePath;
           }
         } catch {
@@ -1324,7 +1324,7 @@ export class TrajectoryDatabase {
     this.importLegacyEvolution();
   }
 
-  /* eslint-disable @typescript-eslint/no-unused-vars, no-unused-vars -- Reason: _fromVersion reserved for future migration logic */
+   
   private migrateSchema(_fromVersion?: number): void {
     this.db.exec(`
       DROP VIEW IF EXISTS v_daily_metrics;
@@ -1545,7 +1545,7 @@ export class TrajectoryDatabase {
     });
   }
 
-  /* eslint-disable @typescript-eslint/max-params -- Reason: Audit record requires exportKind, mode, approvedOnly, filePath, and rowCount */
+   
   private recordExportAudit(
     exportKind: string,
     mode: CorrectionExportMode,
@@ -1610,7 +1610,7 @@ export class TrajectoryDatabase {
     for (const entry of fs.readdirSync(this.blobDir)) {
       if (referenced.has(entry)) continue;
       const fullPath = path.join(this.blobDir, entry);
-      // eslint-disable-next-line @typescript-eslint/init-declarations -- assigned in try, catch continues
+       
       let stat: fs.Stats;
       try {
         stat = fs.statSync(fullPath);
@@ -1660,9 +1660,9 @@ export class TrajectoryRegistry {
     this.instances.clear();
   }
 
-  /* eslint-disable no-unused-vars -- Reason: db parameter name in callback type signature */
+   
   static use<T>(workspaceDir: string, fn: (_db: TrajectoryDatabase) => T, opts: Omit<TrajectoryDatabaseOptions, 'workspaceDir'> = {}): T {
-  /* eslint-enable no-unused-vars */
+   
     const normalized = path.resolve(workspaceDir);
     const existing = this.instances.get(normalized);
     if (existing) {

package/src/core/workspace-context.ts

@@ -21,13 +21,13 @@ import {
 import type { Principle, PrincipleValueMetrics } from '../types/principle-tree-schema.js';
 import type { Principle as ActivePrinciple } from './evolution-types.js';
 
-/* eslint-disable no-unused-vars -- Reason: interface method param names intentionally unused - implementations provide actual names */
+ 
 interface PrincipleTreeLedgerAccessor {
     getPrincipleSubtree(_principleId: string): PrincipleSubtree | undefined;
     updatePrinciple(_principleId: string, updates: Partial<Principle>): Principle;
     updatePrincipleValueMetrics(principleId: string, _metrics: PrincipleValueMetrics): PrincipleValueMetrics;
 }
-/* eslint-enable no-unused-vars */
+ 
 
 /**
  * WorkspaceContext - Centralized management of workspace-specific paths and services.

package/src/core/workspace-dir-service.ts

@@ -0,0 +1,85 @@
+import type { OpenClawPluginApi, PluginLogger } from '../openclaw-sdk.js';
+import { validateWorkspaceDir } from './workspace-dir-validation.js';
+
+export interface WorkspaceResolutionContext {
+  workspaceDir?: string;
+  agentId?: string;
+}
+
+export interface WorkspaceResolutionOptions {
+  source?: string;
+  required?: boolean;
+  fallbackAgentId?: string;
+  logger?: PluginLogger;
+}
+
+function buildResolutionFailureMessage(source: string, attempts: string[]): string {
+  const suffix = attempts.length > 0 ? ` Attempts: ${attempts.join(' | ')}` : '';
+  return `[PD:WorkspaceDir] ${source}: unable to resolve a valid workspace directory.${suffix}`;
+}
+
+function tryResolveFromAgent(
+  api: OpenClawPluginApi,
+  agentId: string,
+  attempts: string[],
+): string | undefined {
+  try {
+    const resolved = api.runtime.agent.resolveAgentWorkspaceDir(api.config, agentId);
+    const issue = validateWorkspaceDir(resolved);
+    if (!issue) {
+      return resolved;
+    }
+    attempts.push(`agent:${agentId} invalid (${issue})`);
+  } catch (error) {
+    attempts.push(`agent:${agentId} threw (${String(error)})`);
+  }
+
+  return undefined;
+}
+
+export function resolveWorkspaceDir(
+  api: OpenClawPluginApi,
+  ctx: WorkspaceResolutionContext,
+  options: WorkspaceResolutionOptions = {},
+): string | undefined {
+  const source = options.source ?? 'unknown';
+  const logger = options.logger ?? api.logger;
+  const attempts: string[] = [];
+
+  if (ctx.workspaceDir) {
+    const issue = validateWorkspaceDir(ctx.workspaceDir);
+    if (!issue) {
+      return ctx.workspaceDir;
+    }
+    attempts.push(`ctx.workspaceDir invalid (${issue})`);
+  } else {
+    attempts.push('ctx.workspaceDir missing');
+  }
+
+  const agentCandidates = [ctx.agentId, options.fallbackAgentId]
+    .filter((value, index, all): value is string => !!value && all.indexOf(value) === index);
+
+  for (const agentId of agentCandidates) {
+    const resolved = tryResolveFromAgent(api, agentId, attempts);
+    if (resolved) {
+      return resolved;
+    }
+  }
+
+  const message = buildResolutionFailureMessage(source, attempts);
+  if (options.required) {
+    logger.error(message);
+    throw new Error(message);
+  }
+
+  logger.warn(message);
+  return undefined;
+}
+
+export function resolveRequiredWorkspaceDir(
+  api: OpenClawPluginApi,
+  ctx: WorkspaceResolutionContext,
+  options: Omit<WorkspaceResolutionOptions, 'required'> = {},
+): string {
+  return resolveWorkspaceDir(api, ctx, { ...options, required: true }) as string;
+}

package/src/core/workspace-dir-validation.ts

@@ -1,152 +1,75 @@
 /**
  * WorkspaceDir Validation Utilities
  *
- * Provides runtime validation of workspaceDir to catch OpenClaw context bugs early.
- * When a hook receives an invalid workspaceDir, we warn immediately rather than
- * silently writing to the wrong directory.
+ * This module only validates candidate workspace directories and delegates
+ * actual resolution policy to workspace-dir-service.ts.
  */
 
-/* eslint-disable no-unused-vars -- Reason: type definitions require param names that implementations may not use */
-
 import * as os from 'os';
 import type { PluginLogger } from '../openclaw-sdk.js';
+import { resolveWorkspaceDir, type WorkspaceResolutionContext } from './workspace-dir-service.js';
 
-/**
- * Check if a path looks like a home directory (not a real workspace).
- * Returns the reason if suspicious, or null if it looks valid.
- */
 export function validateWorkspaceDir(dir: string | undefined): string | null {
   if (!dir) {
     return 'workspaceDir is undefined/null';
   }
-  
+
   const homeDir = os.homedir();
-  
-  // Home directory itself is not a valid workspace
+
   if (dir === homeDir) {
     return `workspaceDir equals home directory (${homeDir}), likely missing context field`;
   }
-  
-  // Root directory is definitely not a workspace
+
   if (dir === '/' || dir === '') {
     return `workspaceDir is root or empty: "${dir}"`;
   }
-  
-  // Check if it looks like a resolved '.' that went wrong
-  // Common bad patterns:
+
+  const escapedHome = homeDir.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
   const badPatterns = [
-    // Directly under home without a workspace subdirectory
-    { pattern: new RegExp(`^${homeDir.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')}$`), desc: 'is home directory itself' },
-    { pattern: new RegExp(`^${homeDir.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')}/$`), desc: 'is home directory with trailing slash' },
+    { pattern: new RegExp(`^${escapedHome}$`), desc: 'is home directory itself' },
+    { pattern: new RegExp(`^${escapedHome}/$`), desc: 'is home directory with trailing slash' },
   ];
-  
+
   for (const { pattern, desc } of badPatterns) {
     if (pattern.test(dir)) {
       return `workspaceDir ${desc}: "${dir}"`;
     }
   }
-  
-  return null; // Looks valid
+
+  return null;
 }
 
-/**
- * Try to resolve workspaceDir from agentId.
- * Returns the resolved path if successful and valid, or null.
- */
-function tryResolveFromAgentId(
-  agentId: string,
+export function resolveValidWorkspaceDir(
+  ctx: WorkspaceResolutionContext,
   api: {
     runtime: { agent: { resolveAgentWorkspaceDir: (config: unknown, agentId: string) => string } };
     config: unknown;
+    logger: PluginLogger;
   },
-  onWarning: (msg: string) => void,
-): string | null {
-  try {
-    const resolved = api.runtime.agent.resolveAgentWorkspaceDir(api.config, agentId);
-    const issue = validateWorkspaceDir(resolved);
-    if (issue) {
-      onWarning(`agentId resolution returned invalid: "${resolved}" (${issue})`);
-      return null;
-    }
-    return resolved;
-  } catch (err) {
-    onWarning(`failed to resolve from agentId: ${String(err)}`);
-    return null;
-  }
+  options?: { source?: string; fallbackAgentId?: string },
+): string | undefined {
+  return resolveWorkspaceDir(api as never, ctx, {
+    source: options?.source,
+    fallbackAgentId: options?.fallbackAgentId,
+    logger: api.logger,
+  });
 }
 
-/**
- * Validate a fallback workspaceDir and warn if invalid.
- * Returns the path regardless (it's the last resort).
- */
-function validateFallback(path: string, onWarning: (msg: string) => void): string {
-  const issue = validateWorkspaceDir(path);
-  if (issue) {
-    onWarning(`FINAL FALLBACK "${path}" is also invalid: ${issue}. Events will be written to wrong location!`);
-  }
-  return path;
-}
-
-/**
- * Resolve workspaceDir with validation and warning.
- *
- * Usage:
- *   const workspaceDir = resolveValidWorkspaceDir(ctx, api, { source: 'after_tool_call' });
- *
- * Fallback chain:
- *   1. ctx.workspaceDir (validated)
- *   2. api.runtime.agent.resolveAgentWorkspaceDir(config, ctx.agentId)
- *   3. api.resolvePath('.') (last resort, warns loudly)
- */
-export function resolveValidWorkspaceDir(
-  ctx: { workspaceDir?: string; agentId?: string },
+export function logWorkspaceDirHealth(
+  ctx: WorkspaceResolutionContext,
+  source: string,
   api: {
     runtime: { agent: { resolveAgentWorkspaceDir: (config: unknown, agentId: string) => string } };
     config: unknown;
-    resolvePath: (input: string) => string;
     logger: PluginLogger;
   },
-  options?: { source?: string; onWarning?: (msg: string) => void },
-): string {
-  const source = options?.source || 'unknown';
-  const onWarning = options?.onWarning || ((msg: string) => api.logger.warn(`[PD:workspaceDir] ${msg}`));
-
-  // 1. Try ctx.workspaceDir
-  if (ctx.workspaceDir) {
-    const issue = validateWorkspaceDir(ctx.workspaceDir);
-    if (issue) {
-      onWarning(`${source}: ctx.workspaceDir="${ctx.workspaceDir}" is invalid: ${issue}`);
-    } else {
-      return ctx.workspaceDir;
-    }
-  }
-
-  // 2. Try agentId resolution
-  if (ctx.agentId) {
-    const fromAgent = tryResolveFromAgentId(ctx.agentId, api, onWarning);
-    if (fromAgent) return fromAgent;
-  }
-
-  // 3. Final fallback
-  return validateFallback(api.resolvePath('.'), onWarning);
-}
-
-/**
- * Log workspaceDir resolution for debugging.
- * Call this once during plugin startup to verify hook contexts.
- */
-export function logWorkspaceDirHealth(ctx: { workspaceDir?: string; agentId?: string }, source: string, api: {
-  runtime: { agent: { resolveAgentWorkspaceDir: (config: unknown, agentId: string) => string } };
-  config: unknown;
-  resolvePath: (input: string) => string;
-  logger: PluginLogger;
-}): void {
-  const resolved = resolveValidWorkspaceDir(ctx, api, { source });
+): void {
+  const resolved = resolveValidWorkspaceDir(ctx, api, { source, fallbackAgentId: 'main' });
   const issue = validateWorkspaceDir(resolved);
-  
+
   if (issue) {
     api.logger.error(`[PD:health] ${source}: workspaceDir="${resolved}" - ${issue}`);
   } else {
-    api.logger.info(`[PD:health] ${source}: workspaceDir="${resolved}" ✓`);
+    api.logger.info(`[PD:health] ${source}: workspaceDir="${resolved}" OK`);
   }
 }

package/src/hooks/bash-risk.ts

@@ -38,12 +38,12 @@ export type BashRiskLevel = 'safe' | 'dangerous' | 'normal';
  * @param logger - Optional logger for warnings about invalid patterns
  * @returns The risk level: 'safe', 'dangerous', or 'normal'
  */
-/* eslint-disable @typescript-eslint/max-params -- Reason: Bash risk analysis requires command + pattern lists - refactoring to options object would be breaking API change */
+ 
 export function analyzeBashCommand(
   command: string,
   safePatterns: string[],
   dangerousPatterns: string[],
-  logger?: { warn?: (/* eslint-disable-line no-unused-vars -- Reason: callback parameter, unused by design */_message: string) => void }
+  logger?: { warn?: ( _message: string) => void }
 ): BashRiskLevel {
   let normalizedCmd = command.trim().toLowerCase();
 
@@ -65,7 +65,7 @@ export function analyzeBashCommand(
   // - Zero-width joiner (U+200D)
   // - Word joiner (U+2060)
   // - Zero-width invisible separator (U+FEFF)
-  // eslint-disable-next-line no-misleading-character-class -- Reason: zero-width character class ranges are intentional - documented in comment above
+   
   const ZERO_WIDTH_CHARS = /[\u200B\u200C\u200D\u2060\uFEFF]/g;
   if (ZERO_WIDTH_CHARS.test(command)) {
     logger?.warn?.(`[PD_GATE] Bash command contains zero-width characters — blocking as dangerous`);

package/src/hooks/edit-verification.ts

@@ -126,7 +126,7 @@ This is enforced by P-03 (精确匹配前验证原则).`;
  * Handle edit tool verification before allowing operation
  * This enforces P-03 at the tool layer
  */
-// eslint-disable-next-line @typescript-eslint/max-params -- Reason: Hook handler signature requires event + context + config - refactoring would break plugin interface
+ 
 export function handleEditVerification(
   event: PluginHookBeforeToolCallEvent,
   wctx: WorkspaceContext,
@@ -155,11 +155,11 @@ export function handleEditVerification(
   }
 
   // 2. Resolve and read file
-  // eslint-disable-next-line @typescript-eslint/init-declarations -- assigned in try, catch has early return
+   
   let absolutePath: string;
   try {
     absolutePath = wctx.resolve(filePath);
-  } catch (_error) { // eslint-disable-line @typescript-eslint/no-unused-vars, no-unused-vars -- Reason: intentionally unused - let it fail naturally on path resolution error
+  } catch (_error) { // eslint-disable-line @typescript-eslint/no-unused-vars -- Reason: intentionally unused - let it fail naturally on path resolution error
     // Path resolution error, let it fail naturally
     return;
   }
@@ -222,7 +222,7 @@ export function handleEditVerification(
     }
 
     // 3. Read current file content with improved error handling
-    // eslint-disable-next-line @typescript-eslint/init-declarations -- assigned in try, all catch paths return early
+     
     let currentContent: string;
     try {
       currentContent = fs.readFileSync(absolutePath, 'utf-8');

package/src/hooks/gate-block-helper.ts

@@ -48,9 +48,9 @@ export interface BlockContext {
 export function recordGateBlockAndReturn(
   wctx: WorkspaceContext,
   blockCtx: BlockContext,
-  /* eslint-disable no-unused-vars -- Reason: type-only callback parameters in logger type */
+   
   logger: { warn?: (_message: string) => void; error?: (_message: string) => void; info?: (_message: string) => void }
-  /* eslint-enable no-unused-vars */
+   
 ): PluginHookBeforeToolCallResult {
   const { filePath, reason, toolName, sessionId, blockSource } = blockCtx;
 
@@ -93,7 +93,7 @@ export function recordGateBlockAndReturn(
     wctx.trajectory?.recordGateBlock?.(trajectoryPayload);
   } catch (error: unknown) {
     logWarn(`[PD_GATE] Failed to record trajectory gate block: ${String(error)}`);
-    // eslint-disable-next-line @typescript-eslint/no-use-before-define -- Reason: function is defined later but called in this helper for retry logic
+     
     scheduleTrajectoryGateBlockRetry(wctx, trajectoryPayload, 1, logWarn, logError);
   }
 
@@ -133,7 +133,7 @@ This is a mandatory security gate. The operation was blocked because the modific
  * Uses exponential backoff with max retries.
  * Failures are logged but do not affect the runtime block decision.
  */
-/* eslint-disable @typescript-eslint/max-params, no-unused-vars -- Reason: Function requires all params for retry scheduling */
+ 
 function scheduleTrajectoryGateBlockRetry(
   wctx: WorkspaceContext,
   payload: {