principles-disciple 1.62.0 → 1.63.0

package/src/hooks/progressive-trust-gate.ts

@@ -1,183 +0,0 @@
-/**
- * Progressive Gate Module (EP-Only Version)
- *
- * EP (Evolution Points) 是唯一的门控机制。
- *
- * **EP 门控逻辑:**
- * - Seed (0分): 只读 + 基础文档
- * - Sprout (50分): 单文件编辑
- * - Sapling (200分): 多文件 + 测试 + 子智能体
- * - Tree (500分): 重构 + 风险路径
- * - Forest (1000分): 完全自主
- *
- * **风险路径控制:**
- * - 低等级不能修改风险路径
- * - 高等级解锁风险路径权限
- *
- * **不再有:**
- * - Trust Score (30-100) 系统
- * - Stage 1-4 分级
- * - Plan Approval 白名单机制
- * - 基于行数的限制
- */
-
-import type { PluginHookBeforeToolCallEvent, PluginHookBeforeToolCallResult } from '../openclaw-sdk.js';
-import type { WorkspaceContext } from '../core/workspace-context.js';
-import { checkEvolutionGate } from '../core/evolution-engine.js';
-import { recordGateBlockAndReturn } from './gate-block-helper.js';
-
-// ═══ P-16: Core Governance Files — Exempt from all Blocking ═══
-// 这些文件是团队协作的基础，必须始终放行，不受 GFI 和 Risk Path 限制
-// 可通过 PROFILE.core_governance_files 扩展（merge 而非覆盖）
-const DEFAULT_CORE_GOVERNANCE_PATTERNS = [
-  'PLAN.md',
-  'AGENTS.md',
-  'VERSION.md',
-  '.team/',
-  'MEMORY.md',
-  'SOUL.md',
-  'IDENTITY.md',
-  'USER.md',
-  'HEARTBEAT.md',
-  'BOOTSTRAP.md',
-  'PRINCIPLES.md',
-  'TEAM_ROLE.md',
-  'REPAIR_OPERATING_PROMPT.md',
-];
-
-/**
- * Get effective core governance patterns from PROFILE config, merged with defaults.
- * PROFILE.core_governance_files extends (not replaces) the default list.
- */
-function getCoreGovernancePatterns(profile?: { core_governance_files?: string[] }): string[] {
-  const base = DEFAULT_CORE_GOVERNANCE_PATTERNS;
-  const extra = profile?.core_governance_files ?? [];
-  return Array.from(new Set([...base, ...extra]));
-}
-
-/**
- * Check if a file path matches a core governance pattern.
- * Core governance files are exempt from all gate blocking (P-16).
- */
-function isCoreGovernanceFile(filePath?: string, corePatterns?: string[]): boolean {
-  if (!filePath) return false;
-  const patterns = corePatterns ?? DEFAULT_CORE_GOVERNANCE_PATTERNS;
-  const normalized = filePath.replace(/\\/g, '/');
-  return patterns.some(pattern =>
-    pattern.endsWith('/')
-      ? normalized.includes(pattern)
-      : normalized.endsWith(pattern) || normalized.includes(`/${pattern}`)
-  );
-}
-
-
-
-/**
- * Build EP gate rejection reason
- */
-export function buildEvolutionGateReason(
-  tier: number,
-  tierName: string,
-  reason: string
-): string {
-  return `[EP Gate] Tier ${tier} (${tierName}): ${reason}`;
-}
-
-/**
- * Internal helper to call the shared block helper with progressive-trust-gate source tag.
- */
- 
- 
-function block(
-  filePath: string,
-  reason: string,
-  wctx: WorkspaceContext,
-  toolName: string,
-   
-  logger: { warn?: (message: string) => void; error?: (message: string) => void },
-   
-  sessionId?: string
-): PluginHookBeforeToolCallResult {
-  return recordGateBlockAndReturn(wctx, {
-    filePath,
-    reason,
-    toolName,
-    sessionId,
-    blockSource: 'progressive-trust-gate',
-  }, logger);
-}
-
-/**
- * Check EP-based gate
- *
- * @param event - The tool call event
- * @param wctx - Workspace context
- * @param relPath - Relative path to target file
- * @param risky - Whether the path is a risk path
- * @param lineChanges - Estimated line changes (kept for interface compatibility, not used for gating)
- * @param logger - Logger instance
- * @param ctx - Hook context
- * @param profile - Gate profile containing risk_paths config
- * @returns PluginHookBeforeToolCallResult to block, or undefined to allow
- */
- 
- 
-export function checkProgressiveTrustGate(
-  event: PluginHookBeforeToolCallEvent,
-  wctx: WorkspaceContext,
-  relPath: string,
-  risky: boolean,
-  lineChanges: number,
-   
-  logger: { warn?: (message: string) => void; error?: (message: string) => void; info?: (message: string) => void },
-   
-  ctx: { workspaceDir?: string; sessionId?: string },
-  profile?: { risk_paths: string[]; core_governance_files?: string[] }
-): PluginHookBeforeToolCallResult | void {
-  // P-16: Core governance files are exempt from all gate blocking
-  if (isCoreGovernanceFile(relPath, getCoreGovernancePatterns(profile))) {
-    logger.info?.(`[PD_GATE:P-16] Core governance file exempt — bypass all gates: ${relPath}`);
-    return;
-  }
-
-  // EP is the only gate now - use actual gate decision
-  if (!ctx.workspaceDir) {
-    logger.warn?.('[PD_GATE] No workspaceDir, skipping EP gate check');
-    return;
-  }
-
-  // Call EP gate - this is the actual gate, not simulation
-  const epDecision = checkEvolutionGate(ctx.workspaceDir, {
-    toolName: event.toolName,
-    isRiskPath: risky,
-  });
-
-  const currentTier = epDecision.currentTier ?? 1;
-   
-   
-  const tierName = getTierName(currentTier);
-
-  logger.info?.(`[PD_GATE] EP Gate: Tier ${currentTier} (${tierName}), Tool: ${event.toolName}, Risk: ${risky}, Allowed: ${epDecision.allowed}`);
-
-  if (!epDecision.allowed) {
-    const reason = buildEvolutionGateReason(currentTier, tierName, epDecision.reason ?? 'Unknown restriction');
-    return block(relPath, reason, wctx, event.toolName, logger, ctx.sessionId);
-  }
-
-  // Gate passed - allow
-  return;
-}
-
-/**
- * Get tier name from tier number
- */
-function getTierName(tier: number): string {
-  const names: Record<number, string> = {
-    1: 'Seed',
-    2: 'Sprout',
-    3: 'Sapling',
-    4: 'Tree',
-    5: 'Forest',
-  };
-  return names[tier] ?? 'Unknown';
-}

package/src/hooks/thinking-checkpoint.ts

@@ -1,76 +0,0 @@
-/**
- * Thinking Checkpoint Module
- *
- * Enforces P-10 deep reflection requirement for high-risk tool operations.
- *
- * **Responsibilities:**
- * - Check if high-risk tools have recent deep thinking (T-01 through T-10)
- * - Block high-risk operations without preceding deep reflection
- * - Configurable time window for thinking validity (default 5 minutes)
- * - Provide clear guidance on required action (deep_reflect tool usage)
- *
- * **Configuration:**
- * - Thinking checkpoint settings from profile.thinking_checkpoint
- * - Window duration for thinking validity
- * - High-risk tool list
- */
-
-import { hasRecentThinking } from '../core/session-tracker.js';
-import type { PluginHookBeforeToolCallEvent, PluginHookBeforeToolCallResult } from '../openclaw-sdk.js';
-import { 
-  THINKING_CHECKPOINT_WINDOW_MS,
-  THINKING_CHECKPOINT_DEFAULT_HIGH_RISK_TOOLS 
-} from '../config/index.js';
-
-export interface ThinkingCheckpointConfig {
-  enabled?: boolean;
-  window_ms?: number;
-  high_risk_tools?: string[];
-}
-
-/**
- * Checks if a tool call requires a recent deep thinking checkpoint.
- *
- * This enforces P-10 (Thinking OS Checkpoint) - high-risk operations must
- * be preceded by deep reflection within the configured time window.
- *
- * @param event - The before_tool_call event
- * @param config - Thinking checkpoint configuration from profile
- * @param sessionId - Current session ID
- * @param logger - Optional logger for info messages
- * @returns Block result if thinking required, undefined otherwise
- */
- 
- 
-export function checkThinkingCheckpoint(
-  event: PluginHookBeforeToolCallEvent,
-  config: ThinkingCheckpointConfig,
-  sessionId: string | undefined,
-   
-  logger?: { info?: (message: string) => void }
-): PluginHookBeforeToolCallResult | undefined {
-  const enabled = config.enabled ?? false;
-  const windowMs = config.window_ms ?? THINKING_CHECKPOINT_WINDOW_MS;
-  const highRiskTools = config.high_risk_tools ?? [...THINKING_CHECKPOINT_DEFAULT_HIGH_RISK_TOOLS];
-
-  if (!enabled || !sessionId) {
-    return undefined;
-  }
-
-  const isHighRisk = highRiskTools.includes(event.toolName);
-  if (!isHighRisk) {
-    return undefined;
-  }
-
-  const hasThinking = hasRecentThinking(sessionId, windowMs);
-  if (!hasThinking) {
-    logger?.info?.(`[PD:THINKING_GATE] High-risk tool "${event.toolName}" called without recent deep thinking`);
-
-    return {
-      block: true,
-      blockReason: `[Thinking OS Checkpoint] 高风险操作 "${event.toolName}" 需要先进行深度思考。\n\n请先使用 deep_reflect 工具分析当前情况，然后再尝试此操作。\n\n这是强制性检查点，目的是确保决策质量。\n\n提示：调用 deep_reflect 后，${Math.round(windowMs/60000)}分钟内的操作将自动放行。\n\n可在PROFILE.json中设置 thinking_checkpoint.enabled: false 来禁用此检查。`,
-    };
-  }
-
-  return undefined;
-}

package/tests/hooks/bash-risk-integration.test.ts

@@ -1,137 +0,0 @@
-import { describe, it, expect, vi, beforeEach } from 'vitest';
-import { analyzeBashCommand } from '../../src/hooks/bash-risk.js';
-
-/**
- * Integration tests for bash-risk module
- * Tests zero-width character detection and command chain analysis
- */
-describe('Bash Risk Analysis - Integration', () => {
-  describe('Zero-width character detection', () => {
-    it('should block commands with zero-width space (U+200B)', () => {
-      // Zero-width space injected between characters
-      const maliciousCmd = 'rm\u200B -rf /';
-      const result = analyzeBashCommand(maliciousCmd, [], [], { warn: vi.fn() });
-      expect(result).toBe('dangerous');
-    });
-
-    it('should block commands with zero-width non-joiner (U+200C)', () => {
-      const maliciousCmd = 'rm\u200C -rf /';
-      const result = analyzeBashCommand(maliciousCmd, [], [], { warn: vi.fn() });
-      expect(result).toBe('dangerous');
-    });
-
-    it('should block commands with zero-width joiner (U+200D)', () => {
-      const maliciousCmd = 'rm\u200D -rf /';
-      const result = analyzeBashCommand(maliciousCmd, [], [], { warn: vi.fn() });
-      expect(result).toBe('dangerous');
-    });
-
-    it('should block commands with word joiner (U+2060)', () => {
-      const maliciousCmd = 'rm\u2060 -rf /';
-      const result = analyzeBashCommand(maliciousCmd, [], [], { warn: vi.fn() });
-      expect(result).toBe('dangerous');
-    });
-
-    it('should block commands with zero-width invisible separator (U+FEFF)', () => {
-      const maliciousCmd = 'rm\uFEFF -rf /';
-      const result = analyzeBashCommand(maliciousCmd, [], [], { warn: vi.fn() });
-      expect(result).toBe('dangerous');
-    });
-
-    it('should block commands with multiple zero-width characters', () => {
-      const maliciousCmd = 'rm\u200B\u200C\u200D -rf /';
-      const result = analyzeBashCommand(maliciousCmd, [], [], { warn: vi.fn() });
-      expect(result).toBe('dangerous');
-    });
-
-    it('should allow normal commands without zero-width characters', () => {
-      const normalCmd = 'rm -rf /tmp/test';
-      const result = analyzeBashCommand(normalCmd, ['^rm\\s'], [], { warn: vi.fn() });
-      expect(result).toBe('safe');
-    });
-
-    it('should detect zero-width characters hidden in normal-looking commands', () => {
-      // Command looks like 'git status' but contains hidden chars
-      const hiddenCmd = 'git\u200B status';
-      const result = analyzeBashCommand(hiddenCmd, [], [], { warn: vi.fn() });
-      expect(result).toBe('dangerous');
-    });
-  });
-
-  describe('Cyrillic homograph attack detection', () => {
-    it('should de-obfuscate Cyrillic characters and match dangerous patterns', () => {
-      // Cyrillic 'р' (U+0440) looks like Latin 'p' - 'g\u0440ush' → 'gpush' then 'push'
-      // After toLowerCase + deobfuscation: 'gpush' won't match dangerous, but 'push' alone might
-      // Actually: '\u0440' maps to 'p' so 'g\u0440ush' → 'gp' + 'ush' = 'gpush' 
-      // Let's use Cyrillic 'е' which maps to 'e': '\u0435' → 'e'
-      const cyrillicCmd = 'r\u0435m -rf /tmp';
-      const result = analyzeBashCommand(cyrillicCmd, [], ['^rem'], { warn: vi.fn() });
-      expect(result).toBe('dangerous');
-    });
-
-    it('should handle Cyrillic а being converted to Latin a', () => {
-      // Cyrillic 'а' (U+0430) maps to Latin 'a' - 's\u0430do' → 'sado'
-      // After de-obfuscation: 'sado' - doesn't match dangerous patterns
-      const mixedCmd = 's\u0430do apt update';
-      const result = analyzeBashCommand(mixedCmd, [], ['^sudo'], { warn: vi.fn() });
-      expect(result).toBe('normal');
-    });
-  });
-
-  describe('Command chain tokenization', () => {
-    it('should detect dangerous commands in chains using &&', () => {
-      const chainCmd = 'echo "hello" && rm -rf /tmp/test';
-      const result = analyzeBashCommand(chainCmd, [], ['rm\\s+-rf'], { warn: vi.fn() });
-      expect(result).toBe('dangerous');
-    });
-
-    it('should detect dangerous commands in chains using ||', () => {
-      const chainCmd = 'ls || rm -rf /tmp/test';
-      const result = analyzeBashCommand(chainCmd, [], ['rm\\s+-rf'], { warn: vi.fn() });
-      expect(result).toBe('dangerous');
-    });
-
-    it('should detect dangerous commands in chains using ;', () => {
-      const chainCmd = 'ls ; rm -rf /tmp/test';
-      const result = analyzeBashCommand(chainCmd, [], ['rm\\s+-rf'], { warn: vi.fn() });
-      expect(result).toBe('dangerous');
-    });
-
-    it('should return safe if no segment matches dangerous patterns', () => {
-      const safeChain = 'echo "hello" && echo "world"';
-      const result = analyzeBashCommand(safeChain, [], ['rm\\s+-rf'], { warn: vi.fn() });
-      expect(result).toBe('normal');
-    });
-  });
-
-  describe('Fail-closed behavior', () => {
-    it('should return dangerous for invalid regex in dangerousPatterns', () => {
-      const cmd = 'ls';
-      const result = analyzeBashCommand(cmd, [], ['[invalid'], { warn: vi.fn() });
-      expect(result).toBe('dangerous'); // Fail-closed
-    });
-
-    it('should ignore invalid regex in safePatterns', () => {
-      const cmd = 'echo hello';
-      const warnFn = vi.fn();
-      const result = analyzeBashCommand(cmd, ['[invalid'], [], { warn: warnFn });
-      // Should not crash, should return normal (not all segments safe)
-      expect(result).toBe('normal');
-      expect(warnFn).toHaveBeenCalled();
-    });
-  });
-
-  describe('Safe pattern override', () => {
-    it('should return safe when all segments match safe patterns', () => {
-      const safeCmd = 'git status';
-      const result = analyzeBashCommand(safeCmd, ['^git\\s+status', '^ls'], []);
-      expect(result).toBe('safe');
-    });
-
-    it('should return normal when not all segments are safe', () => {
-      const mixedCmd = 'git status && rm -rf /tmp';
-      const result = analyzeBashCommand(mixedCmd, ['^git\\s+status'], ['rm\\s+-rf']);
-      expect(result).toBe('dangerous');
-    });
-  });
-});

package/tests/hooks/bash-risk.test.ts

@@ -1,81 +0,0 @@
-import { describe, it, expect, vi } from 'vitest';
-import { analyzeBashCommand } from '../../src/hooks/bash-risk.js';
-
-describe('analyzeBashCommand', () => {
-  it('should return safe for commands matching safe patterns', () => {
-    const result = analyzeBashCommand('npm install lodash', ['^npm\\s+install'], []);
-    expect(result).toBe('safe');
-  });
-
-  it('should return dangerous for commands matching dangerous patterns', () => {
-    const result = analyzeBashCommand('rm -rf /', [], ['rm\\s+.*-rf']);
-    expect(result).toBe('dangerous');
-  });
-
-  it('should return normal for commands not in safe/dangerous lists', () => {
-    const result = analyzeBashCommand('npm install lodash', [], []);
-    expect(result).toBe('normal');
-  });
-
-  it('should de-obfuscate Cyrillic lookalikes', () => {
-    // Using Cyrillic 'rеset' (with Cyrillic 'е' U+0435) instead of 'reset'
-    // This should de-obfuscate to 'git reset --hard' and match the dangerous pattern
-    const result = analyzeBashCommand('git rеset --hard', [], ['git\\s+(push\\s+.*--force|reset\\s+--hard|clean\\s+-fd)']);
-    expect(result).toBe('dangerous');
-  });
-
-  it('should tokenize command chains', () => {
-    const result = analyzeBashCommand('npm install && npm test', ['^npm\\s+install'], ['npm\\s+publish']);
-    expect(result).toBe('normal');
-  });
-
-  it('should fail-closed on invalid dangerous regex', () => {
-    const mockLogger = { warn: vi.fn() };
-    const result = analyzeBashCommand('echo test', ['^echo'], ['invalid('], mockLogger);
-    expect(result).toBe('dangerous'); // Fail-closed behavior
-    expect(mockLogger.warn).toHaveBeenCalledWith(
-      expect.stringContaining('Invalid dangerous bash regex')
-    );
-  });
-
-  it('should ignore safe pattern on invalid safe regex', () => {
-    const mockLogger = { warn: vi.fn() };
-    const result = analyzeBashCommand('echo test', ['invalid('], [], mockLogger);
-    expect(result).toBe('normal'); // Not safe because safe pattern is invalid and ignored
-    expect(mockLogger.warn).toHaveBeenCalledWith(
-      expect.stringContaining('Invalid safe bash regex')
-    );
-  });
-
-  it('should strip $() from commands before pattern matching', () => {
-    const result = analyzeBashCommand('$(npm install)', ['^npm\\s+install'], []);
-    expect(result).toBe('safe');
-  });
-
-  it('should strip backticks from commands before pattern matching', () => {
-    const result = analyzeBashCommand('`npm install`', ['^npm\\s+install'], []);
-    expect(result).toBe('safe');
-  });
-
-  it('should handle command chains with semicolon separator', () => {
-    const result = analyzeBashCommand('npm install ; npm test', ['^npm\\s+install'], ['rm\\s+']);
-    expect(result).toBe('normal'); // Second command not safe
-  });
-
-  it('should handle command chains with OR separator', () => {
-    const result = analyzeBashCommand('npm install || npm test', ['^npm\\s+install'], ['rm\\s+']);
-    expect(result).toBe('normal');
-  });
-
-  it('should convert uppercase Cyrillic to lowercase Latin', () => {
-    // Using uppercase Cyrillic 'Е' (U+0415) which should convert to 'e'
-    // 'git REsET --hard' should become 'git reset --hard' and match the dangerous pattern
-    const result = analyzeBashCommand('git rEsET --hard', [], ['git\\s+(push\\s+.*--force|reset\\s+--hard|clean\\s+-fd)']);
-    expect(result).toBe('dangerous');
-  });
-
-  it('should handle additional confusable Unicode characters', () => {
-    const result = analyzeBashCommand('del node_modules', [], ['rm\\s+']);
-    expect(result).toBe('normal'); // 'del' is not in dangerous patterns
-  });
-});