principles-disciple 1.41.0 → 1.42.0

package/src/hooks/message-sanitize.ts

@@ -6,6 +6,21 @@ const INTERNAL_TAG_PATTERNS = [
   /<empathy\s+[^>]*\/?>(?:<\/empathy>)?/gi,
 ];
 
+/**
+ * Type predicate: true if msg is an assistant message with content.
+ * Used for safe narrowing after spread operations on message union.
+ */
+function isAssistantMessageWithContent(
+  msg: unknown
+): msg is { role: 'assistant'; content: string } {
+  return (
+    typeof msg === 'object' &&
+    msg !== null &&
+    (msg as { role?: string }).role === 'assistant' &&
+    typeof (msg as { content?: unknown }).content === 'string'
+  );
+}
+
 export function sanitizeAssistantText(text: string): string {
   let result = text;
   for (const pattern of INTERNAL_TAG_PATTERNS) {
@@ -23,11 +38,10 @@ export function handleBeforeMessageWrite(
   const msg = event.message as { role?: string; content?: unknown } | undefined;
   if (!msg || msg.role !== 'assistant') return;
 
-  if (typeof msg.content === 'string') {
+  if (isAssistantMessageWithContent(msg)) {
     const sanitized = sanitizeAssistantText(msg.content);
     if (sanitized !== msg.content) {
-      // eslint-disable-next-line @typescript-eslint/no-explicit-any -- Reason: message content is dynamically modified, type preserved from event.message union
-      return { message: { ...msg, content: sanitized } as any };
+      return { message: { ...msg, content: sanitized } };
     }
     return;
   }
@@ -39,8 +53,7 @@ export function handleBeforeMessageWrite(
       }
       return part;
     });
-    // eslint-disable-next-line @typescript-eslint/no-explicit-any -- Reason: message content is dynamically modified, type preserved from event.message union
-    return { message: { ...msg, content: next } as any };
+    return { message: { ...msg, content: next } };
   }
 
   return;

package/src/hooks/prompt.ts

@@ -20,6 +20,17 @@ import {
 } from '../core/empathy-keyword-matcher.js';
 import { severityToPenalty, DEFAULT_EMPATHY_KEYWORD_CONFIG } from '../core/empathy-types.js';
 import { CorrectionCueLearner } from '../core/correction-cue-learner.js';
+import type { PluginRuntimeSubagent } from '../service/subagent-workflow/runtime-direct-driver.js';
+
+/**
+ * Type assertion: OpenClaw SDK subagent -> workflow manager subagent type.
+ * Both types are structurally identical but come from different import paths.
+ */
+function toWorkflowSubagent(
+  subagent: NonNullable<OpenClawPluginApi['runtime']>['subagent']
+): PluginRuntimeSubagent {
+  return subagent as unknown as PluginRuntimeSubagent;
+}
 
 // ---------------------------------------------------------------------------
 // Static file cache — avoids re-reading rarely-changing files every message
@@ -590,8 +601,8 @@ The empathy observer subagent handles pain detection independently.
           const empathyManager = new EmpathyObserverWorkflowManager({
             workspaceDir,
             logger: api.logger ?? console,
-            // eslint-disable-next-line @typescript-eslint/no-explicit-any -- Reason: runtimeSubagent has structurally compatible shape but differs from workflow manager's subagent type
-            subagent: runtimeSubagent as any,
+             
+            subagent: toWorkflowSubagent(runtimeSubagent),
           });
           empathyManager.startWorkflow(empathyObserverWorkflowSpec, {
             parentSessionId: sessionId,
@@ -626,8 +637,8 @@ The empathy observer subagent handles pain detection independently.
             const empathyManager = new EmpathyObserverWorkflowManager({
               workspaceDir,
               logger: api.logger ?? console,
-              // eslint-disable-next-line @typescript-eslint/no-explicit-any -- Reason: api.runtime.subagent has structurally compatible shape but differs from workflow manager's subagent type
-              subagent: api.runtime.subagent as any,
+               
+              subagent: toWorkflowSubagent(api.runtime.subagent),
             });
             
             empathyManager.startWorkflow(empathyObserverWorkflowSpec, {

package/src/hooks/subagent.ts

@@ -14,7 +14,7 @@ import type { WorkflowManager } from '../service/subagent-workflow/types.js';
  * Used by the subagent_ended hook to dispatch lifecycle recovery to the right manager.
  */
  
-// eslint-disable-next-line @typescript-eslint/max-params
+ 
 function createWorkflowManagerForType(
     workflowType: string,
     workspaceDir: string,
@@ -25,9 +25,8 @@ function createWorkflowManagerForType(
         info: (m: string) => logger.info(String(m)),
         warn: (m: string) => logger.warn(String(m)),
         error: (m: string) => logger.error(String(m)),
-         
         debug: () => { /* no-op */ },
-    } as unknown as PluginLogger;
+    };
 
     switch (workflowType) {
         case 'empathy-observer':

package/src/http/principles-console-route.ts

@@ -1,3 +1,4 @@
+import * as crypto from 'crypto';
 import fs from 'fs';
 import path from 'path';
 import type { IncomingMessage, ServerResponse } from 'node:http';
@@ -96,7 +97,7 @@ function createService(api: OpenClawPluginApi): ControlUiQueryService {
 }
 
  
-// eslint-disable-next-line @typescript-eslint/max-params
+ 
 function handleApiRoute(
   api: OpenClawPluginApi,
   pathname: string,
@@ -105,13 +106,13 @@ function handleApiRoute(
 ): Promise<boolean> | boolean {
   // Check authentication for API routes
    
-  // eslint-disable-next-line @typescript-eslint/no-use-before-define
+   
   if (!validateGatewayAuth(req)) {
     json(res, 401, { error: 'unauthorized', message: 'Valid Gateway token required.' });
     return true;
   }
 
-  // eslint-disable-next-line @typescript-eslint/init-declarations
+   
   let service: ControlUiQueryService;
   try {
     service = createService(api);
@@ -566,7 +567,23 @@ function validateGatewayAuth(req: IncomingMessage): boolean {
   const authHeader = (req.headers?.authorization as string) || '';
   const tokenMatch = /^Bearer\s+(.+)$/i.exec(authHeader);
   const providedToken = tokenMatch?.[1];
-  return providedToken === gatewayToken;
+
+  if (!providedToken) {
+    return false;
+  }
+
+  // Constant-time comparison to prevent timing attacks (per D-07)
+  // Use Buffer comparison — both tokens must be same length for timingSafeEqual
+  const providedBuffer = Buffer.from(providedToken, 'utf8');
+  const expectedBuffer = Buffer.from(gatewayToken, 'utf8');
+
+  if (providedBuffer.length !== expectedBuffer.length) {
+    // Length mismatch — fail fast but without timing leak
+    // Return false immediately rather than letting timingSafeEqual throw
+    return false;
+  }
+
+  return crypto.timingSafeEqual(providedBuffer, expectedBuffer);
 }
 
 /**