principles-disciple 1.7.4 → 1.7.6

package/dist/hooks/gfi-gate.d.ts

@@ -0,0 +1,40 @@
+/**
+ * GFI Gate Module
+ *
+ * Handles Fatigue Index (GFI) based tool blocking with TIER 0-3 classification.
+ *
+ * **Responsibilities:**
+ * - Calculate dynamic GFI thresholds based on trust stage and line changes
+ * - Apply tier-based tool blocking:
+ *   - TIER 0: Read-only tools (never blocked)
+ *   - TIER 1: Low-risk writes (blocked when GFI >= low_risk_block threshold)
+ *   - TIER 2: High-risk operations (blocked when GFI >= high_risk_block threshold)
+ *   - TIER 3: Bash commands (content-dependent blocking)
+ * - Prevent subagent spawn at critically high GFI (>=90)
+ *
+ * **Configuration:**
+ * - GFI thresholds from config.gfi_gate
+ * - Trust stage multipliers for dynamic threshold calculation
+ * - Large change adjustments
+ *
+ * **Block Persistence:**
+ * - Uses shared `recordGateBlockAndReturn` from gate-block-helper.ts
+ * - Ensures single authoritative block persistence path
+ */
+import type { WorkspaceContext } from '../core/workspace-context.js';
+import type { PluginHookBeforeToolCallEvent, PluginHookBeforeToolCallResult } from '../openclaw-sdk.js';
+export interface GfiGateConfig {
+    enabled?: boolean;
+    thresholds?: {
+        low_risk_block?: number;
+        high_risk_block?: number;
+    };
+    large_change_lines?: number;
+    trust_stage_multipliers?: Record<string, number>;
+    bash_safe_patterns?: string[];
+    bash_dangerous_patterns?: string[];
+}
+export declare function checkGfiGate(event: PluginHookBeforeToolCallEvent, wctx: WorkspaceContext, sessionId: string | undefined, config: GfiGateConfig, logger?: {
+    info?: (message: string) => void;
+    warn?: (message: string) => void;
+}): PluginHookBeforeToolCallResult | undefined;

package/dist/hooks/gfi-gate.js

@@ -0,0 +1,112 @@
+/**
+ * GFI Gate Module
+ *
+ * Handles Fatigue Index (GFI) based tool blocking with TIER 0-3 classification.
+ *
+ * **Responsibilities:**
+ * - Calculate dynamic GFI thresholds based on trust stage and line changes
+ * - Apply tier-based tool blocking:
+ *   - TIER 0: Read-only tools (never blocked)
+ *   - TIER 1: Low-risk writes (blocked when GFI >= low_risk_block threshold)
+ *   - TIER 2: High-risk operations (blocked when GFI >= high_risk_block threshold)
+ *   - TIER 3: Bash commands (content-dependent blocking)
+ * - Prevent subagent spawn at critically high GFI (>=90)
+ *
+ * **Configuration:**
+ * - GFI thresholds from config.gfi_gate
+ * - Trust stage multipliers for dynamic threshold calculation
+ * - Large change adjustments
+ *
+ * **Block Persistence:**
+ * - Uses shared `recordGateBlockAndReturn` from gate-block-helper.ts
+ * - Ensures single authoritative block persistence path
+ */
+import { getSession } from '../core/session-tracker.js';
+import { estimateLineChanges } from '../core/risk-calculator.js';
+import { analyzeBashCommand, calculateDynamicThreshold } from './bash-risk.js';
+import { BASH_TOOLS_SET, HIGH_RISK_TOOLS, LOW_RISK_WRITE_TOOLS, AGENT_TOOLS } from '../constants/tools.js';
+import { AGENT_SPAWN_GFI_THRESHOLD } from '../config/index.js';
+import { recordGateBlockAndReturn } from './gate-block-helper.js';
+/**
+ * Internal helper to call the shared block helper with gfi-gate source tag.
+ */
+function block(wctx, filePath, reason, toolName, sessionId, logger) {
+    return recordGateBlockAndReturn(wctx, {
+        filePath,
+        reason,
+        toolName,
+        sessionId,
+        blockSource: 'gfi-gate',
+    }, logger || { warn: () => { }, error: () => { } });
+}
+export function checkGfiGate(event, wctx, sessionId, config, logger) {
+    if (!config || config.enabled === false || !sessionId) {
+        return undefined;
+    }
+    const session = getSession(sessionId);
+    const currentGfi = session?.currentGfi || 0;
+    // TIER 3: Bash commands
+    if (BASH_TOOLS_SET.has(event.toolName)) {
+        const command = String(event.params.command || event.params.args || '');
+        const bashRisk = analyzeBashCommand(command, config.bash_safe_patterns || [], config.bash_dangerous_patterns || [], logger);
+        if (bashRisk === 'dangerous') {
+            logger?.warn?.(`[PD:GFI_GATE] Dangerous bash command blocked: ${command.substring(0, 50)}...`);
+            return block(wctx, command.substring(0, 100), `危险命令被拦截。检测到危险命令模式，需要确认执行意图。`, event.toolName, sessionId, logger);
+        }
+        if (bashRisk === 'safe') {
+            return undefined;
+        }
+        // normal bash - check GFI threshold
+        const trustEngine = wctx.trust;
+        const stage = trustEngine.getStage();
+        const baseThreshold = config.thresholds?.low_risk_block || 70;
+        const dynamicThreshold = calculateDynamicThreshold(baseThreshold, stage, 0, {
+            large_change_lines: config.large_change_lines || 50,
+            trust_stage_multipliers: config.trust_stage_multipliers || { '1': 0.5, '2': 0.75, '3': 1.0, '4': 1.5 },
+        });
+        if (currentGfi >= dynamicThreshold) {
+            logger?.warn?.(`[PD:GFI_GATE] Bash blocked by GFI: ${currentGfi} >= ${dynamicThreshold}`);
+            return block(wctx, command.substring(0, 100), `疲劳指数过高 (GFI: ${currentGfi}/${dynamicThreshold})。系统进入保护模式。`, event.toolName, sessionId, logger);
+        }
+        return undefined;
+    }
+    // TIER 2: High-risk tools
+    if (HIGH_RISK_TOOLS.has(event.toolName)) {
+        const trustEngine = wctx.trust;
+        const stage = trustEngine.getStage();
+        const baseThreshold = config.thresholds?.high_risk_block || 40;
+        const dynamicThreshold = calculateDynamicThreshold(baseThreshold, stage, 0, {
+            large_change_lines: config.large_change_lines || 50,
+            trust_stage_multipliers: config.trust_stage_multipliers || { '1': 0.5, '2': 0.75, '3': 1.0, '4': 1.5 },
+        });
+        if (currentGfi >= dynamicThreshold) {
+            const filePath = event.params.file_path || event.params.path || event.params.file || event.params.target || 'unknown';
+            logger?.warn?.(`[PD:GFI_GATE] High-risk tool "${event.toolName}" blocked by GFI: ${currentGfi} >= ${dynamicThreshold}`);
+            return block(wctx, filePath, `高风险操作被拦截。GFI: ${currentGfi}/${dynamicThreshold}。高风险工具需要更低的阈值。`, event.toolName, sessionId, logger);
+        }
+    }
+    // TIER 1: Low-risk write tools
+    if (LOW_RISK_WRITE_TOOLS.has(event.toolName)) {
+        const trustEngine = wctx.trust;
+        const stage = trustEngine.getStage();
+        const lineChanges = estimateLineChanges({ toolName: event.toolName, params: event.params });
+        const baseThreshold = config.thresholds?.low_risk_block || 70;
+        const dynamicThreshold = calculateDynamicThreshold(baseThreshold, stage, lineChanges, {
+            large_change_lines: config.large_change_lines || 50,
+            trust_stage_multipliers: config.trust_stage_multipliers || { '1': 0.5, '2': 0.75, '3': 1.0, '4': 1.5 },
+        });
+        if (currentGfi >= dynamicThreshold) {
+            const filePath = event.params.file_path || event.params.path || event.params.file || event.params.target || 'unknown';
+            logger?.warn?.(`[PD:GFI_GATE] Low-risk tool "${event.toolName}" blocked by GFI: ${currentGfi} >= ${dynamicThreshold}`);
+            return block(wctx, filePath, `疲劳指数过高 (GFI: ${currentGfi}/${dynamicThreshold})。系统进入保护模式。`, event.toolName, sessionId, logger);
+        }
+    }
+    // AGENT_TOOLS: Block subagent spawn when GFI is critically high
+    if (AGENT_TOOLS.has(event.toolName)) {
+        if (currentGfi >= AGENT_SPAWN_GFI_THRESHOLD) {
+            logger?.warn?.(`[PD:GFI_GATE] Agent tool "${event.toolName}" blocked by GFI: ${currentGfi} >= ${AGENT_SPAWN_GFI_THRESHOLD}`);
+            return block(wctx, 'subagent-spawn', `疲劳指数过高，禁止派生子智能体。GFI: ${currentGfi}/${AGENT_SPAWN_GFI_THRESHOLD}`, event.toolName, sessionId, logger);
+        }
+    }
+    return undefined;
+}

package/dist/hooks/progressive-trust-gate.d.ts

@@ -0,0 +1,79 @@
+/**
+ * Progressive Trust Gate Module
+ *
+ * Handles progressive access control based on trust stages (1-4).
+ *
+ * **Responsibilities:**
+ * - Enforce trust stage-based permissions:
+ *   - Stage 1 (Bankruptcy): Block ALL writes to risk paths, medium+ changes
+ *   - Stage 2 (Editor): Block risk paths, large changes
+ *   - Stage 3 (Developer): Require READY plan for risk paths, normal limits
+ *   - Stage 4 (Architect): Full bypass with audit logging
+ * - Apply percentage-based line change limits for large files
+ * - Handle plan approval whitelist for Stage 1
+ * - Record EP simulation for comparison analysis
+ *
+ * **Configuration:**
+ * - Progressive gate settings from profile.progressive_gate
+ * - Trust limits from config.trust
+ * - Plan approval patterns and operations
+ *
+ * **Block Persistence:**
+ * - Uses shared `recordGateBlockAndReturn` from gate-block-helper.ts
+ * - Ensures single authoritative block persistence path
+ */
+import type { PluginHookBeforeToolCallEvent, PluginHookBeforeToolCallResult } from '../openclaw-sdk.js';
+import type { WorkspaceContext } from '../core/workspace-context.js';
+/**
+ * Configuration for progressive gate behavior
+ */
+export interface ProgressiveGateConfig {
+    enabled?: boolean;
+    plan_approvals?: {
+        enabled?: boolean;
+        max_lines_override?: number;
+        allowed_patterns?: string[];
+        allowed_operations?: string[];
+    };
+}
+/**
+ * Trust stage limits configuration
+ */
+export interface TrustLimits {
+    stage_2_max_lines?: number;
+    stage_3_max_lines?: number;
+    stage_2_max_percentage?: number;
+    stage_3_max_percentage?: number;
+    min_lines_fallback?: number;
+}
+/**
+ * Build line limit rejection reason
+ */
+export declare function buildLineLimitReason(lineChanges: number, effectiveLimit: number, limitType: 'percentage' | 'fixed', targetLineCount: number | null, actualPercentage: number | null, stage: number): string;
+/**
+ * Check progressive trust gate based on trust stage and operation context
+ *
+ * @param event - The tool call event
+ * @param wctx - Workspace context
+ * @param relPath - Relative path to target file
+ * @param risky - Whether the path is a risk path
+ * @param lineChanges - Estimated line changes
+ * @param logger - Logger instance
+ * @param ctx - Hook context
+ * @param profile - Gate profile containing risk_paths and progressive_gate config
+ * @returns PluginHookBeforeToolCallResult to block, or undefined to allow
+ */
+export declare function checkProgressiveTrustGate(event: PluginHookBeforeToolCallEvent, wctx: WorkspaceContext, relPath: string, risky: boolean, lineChanges: number, logger: {
+    warn?: (message: string) => void;
+    error?: (message: string) => void;
+    info?: (message: string) => void;
+}, ctx: {
+    workspaceDir?: string;
+    sessionId?: string;
+}, profile?: {
+    risk_paths: string[];
+    progressive_gate?: {
+        enabled?: boolean;
+        plan_approvals?: any;
+    };
+}): PluginHookBeforeToolCallResult | void;

package/dist/hooks/progressive-trust-gate.js

@@ -0,0 +1,242 @@
+/**
+ * Progressive Trust Gate Module
+ *
+ * Handles progressive access control based on trust stages (1-4).
+ *
+ * **Responsibilities:**
+ * - Enforce trust stage-based permissions:
+ *   - Stage 1 (Bankruptcy): Block ALL writes to risk paths, medium+ changes
+ *   - Stage 2 (Editor): Block risk paths, large changes
+ *   - Stage 3 (Developer): Require READY plan for risk paths, normal limits
+ *   - Stage 4 (Architect): Full bypass with audit logging
+ * - Apply percentage-based line change limits for large files
+ * - Handle plan approval whitelist for Stage 1
+ * - Record EP simulation for comparison analysis
+ *
+ * **Configuration:**
+ * - Progressive gate settings from profile.progressive_gate
+ * - Trust limits from config.trust
+ * - Plan approval patterns and operations
+ *
+ * **Block Persistence:**
+ * - Uses shared `recordGateBlockAndReturn` from gate-block-helper.ts
+ * - Ensures single authoritative block persistence path
+ */
+import * as fs from 'fs';
+import * as path from 'path';
+import { planStatus as getPlanStatus } from '../utils/io.js';
+import { matchesAnyPattern } from '../utils/glob-match.js';
+import { assessRiskLevel, getTargetFileLineCount, calculatePercentageThreshold } from '../core/risk-calculator.js';
+import { checkEvolutionGate } from '../core/evolution-engine.js';
+import { EventLogService } from '../core/event-log.js';
+import { recordGateBlockAndReturn } from './gate-block-helper.js';
+/**
+ * Build line limit rejection reason
+ */
+export function buildLineLimitReason(lineChanges, effectiveLimit, limitType, targetLineCount, actualPercentage, stage) {
+    if (limitType === 'percentage' && targetLineCount !== null && actualPercentage !== null) {
+        return `Modification too large: ${lineChanges} lines (${actualPercentage}% of ${targetLineCount} lines). ` +
+            `Stage ${stage} limit is ${effectiveLimit} lines (${limitType}). ` +
+            `Threshold calculation: min(${targetLineCount} × ${actualPercentage}%, ${effectiveLimit} lines).`;
+    }
+    else {
+        return `Modification too large: ${lineChanges} lines. ` +
+            `Stage ${stage} limit is ${effectiveLimit} lines (fixed threshold). ` +
+            `Note: Could not read target file to calculate percentage-based limit. Check file permissions and encoding.`;
+    }
+}
+/**
+ * Internal helper to call the shared block helper with progressive-trust-gate source tag.
+ */
+function block(filePath, reason, wctx, toolName, logger, sessionId) {
+    return recordGateBlockAndReturn(wctx, {
+        filePath,
+        reason,
+        toolName,
+        sessionId,
+        blockSource: 'progressive-trust-gate',
+    }, logger);
+}
+/**
+ * Check progressive trust gate based on trust stage and operation context
+ *
+ * @param event - The tool call event
+ * @param wctx - Workspace context
+ * @param relPath - Relative path to target file
+ * @param risky - Whether the path is a risk path
+ * @param lineChanges - Estimated line changes
+ * @param logger - Logger instance
+ * @param ctx - Hook context
+ * @param profile - Gate profile containing risk_paths and progressive_gate config
+ * @returns PluginHookBeforeToolCallResult to block, or undefined to allow
+ */
+export function checkProgressiveTrustGate(event, wctx, relPath, risky, lineChanges, logger, ctx, profile) {
+    // Check if progressive gate is disabled
+    if (profile?.progressive_gate?.enabled === false) {
+        return;
+    }
+    const trustEngine = wctx.trust;
+    const trustScore = trustEngine.getScore();
+    const stage = trustEngine.getStage();
+    const trustSettings = wctx.config.get('trust') || {
+        limits: {
+            stage_2_max_lines: 50,
+            stage_3_max_lines: 300,
+            stage_2_max_percentage: 10,
+            stage_3_max_percentage: 15,
+            min_lines_fallback: 20,
+        }
+    };
+    const riskLevel = assessRiskLevel(relPath, { toolName: event.toolName, params: event.params }, profile?.risk_paths || []);
+    const planApprovals = profile?.progressive_gate?.plan_approvals;
+    const canUsePlanApproval = Boolean(stage === 1 &&
+        planApprovals?.enabled &&
+        getPlanStatus(ctx.workspaceDir || '') === 'READY' &&
+        planApprovals.allowed_operations?.includes(event.toolName) &&
+        matchesAnyPattern(relPath, planApprovals.allowed_patterns || []) &&
+        ((planApprovals.max_lines_override ?? -1) === -1 || lineChanges <= (planApprovals.max_lines_override ?? -1)));
+    logger.info?.(`[PD_GATE] Trust: ${trustScore} (Stage ${stage}), Risk: ${riskLevel}, Path: ${relPath}`);
+    // ── EP SIMULATION MODE (M6验证) ──
+    // 记录EP系统的模拟决策，但不生效（仅用于对比分析）
+    // BUGFIX #90: 移到所有Stage检查之前，确保所有Stage都触发EP simulation记录
+    try {
+        const epDecision = checkEvolutionGate(ctx.workspaceDir, {
+            toolName: event.toolName,
+            content: event.params?.content,
+            lineCount: lineChanges,
+            isRiskPath: risky,
+        });
+        const epLogEntry = {
+            timestamp: new Date().toISOString(),
+            toolName: event.toolName,
+            filePath: relPath,
+            trustEngine: { score: trustScore, stage, decision: 'allow' },
+            epSystem: { tier: epDecision.currentTier ?? 'UNKNOWN', allowed: epDecision.allowed, reason: epDecision.reason },
+            conflict: epDecision.allowed === false, // Trust允许但EP拒绝（任何阶段）
+        };
+        const epLogPath = path.join(ctx.workspaceDir, '.state', 'ep_simulation.jsonl');
+        // 安全创建目录（如果失败则跳过日志写入，但不影响 Trust Engine 决策）
+        let canWriteEpLog = true;
+        try {
+            fs.mkdirSync(path.dirname(epLogPath), { recursive: true });
+        }
+        catch (mkdirErr) {
+            if (!mkdirErr || mkdirErr.code !== 'EEXIST') {
+                logger.warn?.(`[PD_EP_SIM] Failed to create log dir: ${mkdirErr?.message ?? String(mkdirErr)}, skipping log`);
+                canWriteEpLog = false;
+            }
+        }
+        if (canWriteEpLog) {
+            fs.appendFileSync(epLogPath, JSON.stringify(epLogEntry) + '\n');
+        }
+        logger.info?.(`[PD_EP_SIM] Tier: ${epDecision.currentTier}, Allowed: ${epDecision.allowed}, Trust: ${trustScore} (Stage ${stage})`);
+    }
+    catch (err) {
+        // EP 模拟失败不应该影响 Trust Engine 决策
+        const errMsg = err instanceof Error ? err.message : String(err);
+        logger.warn?.(`[PD_EP_SIM] Simulation failed: ${errMsg}, continuing with Trust Engine`);
+    }
+    // Stage 1 (Bankruptcy): Block ALL writes to risk paths, and all medium+ writes
+    if (stage === 1) {
+        if (canUsePlanApproval) {
+            const planStatus = 'READY';
+            wctx.eventLog.recordPlanApproval(ctx.sessionId, {
+                toolName: event.toolName,
+                filePath: relPath,
+                pattern: relPath,
+                planStatus
+            });
+            wctx.trajectory?.recordGateBlock?.({
+                sessionId: ctx.sessionId,
+                toolName: event.toolName,
+                filePath: relPath,
+                reason: 'plan_approval',
+                planStatus,
+            });
+            logger.info?.(`[PD_GATE] Stage 1 PLAN approval: ${relPath}`);
+            return;
+        }
+        if (risky || riskLevel !== 'LOW') {
+            // Block if not approved by whitelist
+            return block(relPath, `Trust score too low (${trustScore}). Stage 1 agents cannot modify risk paths or perform non-trivial edits.`, wctx, event.toolName, logger, ctx.sessionId);
+        }
+    }
+    // Stage 2 (Editor): Block writes to risk paths. Block large changes.
+    if (stage === 2) {
+        if (risky) {
+            return block(relPath, `Stage 2 agents are not authorized to modify risk paths.`, wctx, event.toolName, logger, ctx.sessionId);
+        }
+        // Percentage-based threshold calculation
+        const targetAbsolutePath = typeof event.params.file_path === 'string' && ctx.workspaceDir ? path.join(ctx.workspaceDir, event.params.file_path) : null;
+        const targetLineCount = targetAbsolutePath ? getTargetFileLineCount(targetAbsolutePath) : null;
+        const minLinesFallback = trustSettings.limits?.min_lines_fallback ?? 20;
+        const stage2MaxPercentage = trustSettings.limits?.stage_2_max_percentage ?? 10;
+        const stage2FixedLimit = trustSettings.limits?.stage_2_max_lines ?? 50;
+        let effectiveLimit;
+        let limitType;
+        let actualPercentage = null;
+        if (targetLineCount !== null && targetLineCount > 0) {
+            effectiveLimit = calculatePercentageThreshold(targetLineCount, stage2MaxPercentage, minLinesFallback);
+            actualPercentage = Math.round((lineChanges / targetLineCount) * 100);
+            limitType = 'percentage';
+        }
+        else {
+            effectiveLimit = stage2FixedLimit;
+            limitType = 'fixed';
+        }
+        if (lineChanges > effectiveLimit) {
+            return block(relPath, buildLineLimitReason(lineChanges, effectiveLimit, limitType, targetLineCount, actualPercentage, 2), wctx, event.toolName, logger, ctx.sessionId);
+        }
+    }
+    // Stage 3 (Developer): Allow normal writes. Require READY plan for risk paths.
+    if (stage === 3) {
+        if (risky) {
+            const planStatus = getPlanStatus(ctx.workspaceDir || '');
+            if (planStatus !== 'READY') {
+                return block(relPath, `No READY plan found. Stage 3 requires a plan for risk path modifications.`, wctx, event.toolName, logger, ctx.sessionId);
+            }
+        }
+        // Percentage-based threshold calculation
+        const targetAbsolutePath = typeof event.params.file_path === 'string' && ctx.workspaceDir ? path.join(ctx.workspaceDir, event.params.file_path) : null;
+        const targetLineCount = targetAbsolutePath ? getTargetFileLineCount(targetAbsolutePath) : null;
+        const minLinesFallback = trustSettings.limits?.min_lines_fallback ?? 20;
+        const stage3MaxPercentage = trustSettings.limits?.stage_3_max_percentage ?? 15;
+        const stage3FixedLimit = trustSettings.limits?.stage_3_max_lines ?? 300;
+        let effectiveLimit;
+        let limitType;
+        let actualPercentage = null;
+        if (targetLineCount !== null && targetLineCount > 0) {
+            effectiveLimit = calculatePercentageThreshold(targetLineCount, stage3MaxPercentage, minLinesFallback);
+            actualPercentage = Math.round((lineChanges / targetLineCount) * 100);
+            limitType = 'percentage';
+        }
+        else {
+            effectiveLimit = stage3FixedLimit;
+            limitType = 'fixed';
+        }
+        if (lineChanges > effectiveLimit) {
+            return block(relPath, buildLineLimitReason(lineChanges, effectiveLimit, limitType, targetLineCount, actualPercentage, 3), wctx, event.toolName, logger, ctx.sessionId);
+        }
+    }
+    // Stage 4 (Architect): Full bypass
+    if (stage === 4) {
+        logger.info?.(`[PD_GATE] Trusted Architect bypass for ${relPath}`);
+        // Audit log for Stage 4 bypass (security traceability)
+        try {
+            const stateDir = wctx.resolve('STATE_DIR');
+            const eventLog = EventLogService.get(stateDir);
+            eventLog.recordGateBypass(ctx.sessionId, {
+                toolName: event.toolName,
+                filePath: relPath,
+                bypassType: 'stage4_architect',
+                trustScore,
+                trustStage: stage,
+            });
+            logger.info?.(`[PD_GATE] Stage 4 Architect bypass recorded for ${relPath}`);
+        }
+        catch (auditErr) {
+            logger.warn?.(`[PD_GATE] Failed to record Stage 4 bypass audit: ${String(auditErr)}`);
+        }
+        return;
+    }
+}