principles-disciple 1.7.4 → 1.7.6

package/dist/hooks/prompt.js

@@ -3,7 +3,7 @@ import * as path from 'path';
 import { clearInjectedProbationIds, getSession, resetFriction, setInjectedProbationIds } from '../core/session-tracker.js';
 import { WorkspaceContext } from '../core/workspace-context.js';
 import { defaultContextConfig } from '../types.js';
-import { extractSummary, getHistoryVersions, parseWorkingMemorySection, workingMemoryToInjection } from '../core/focus-history.js';
+import { extractSummary, getHistoryVersions, parseWorkingMemorySection, workingMemoryToInjection, autoCompressFocus, safeReadCurrentFocus } from '../core/focus-history.js';
 import { empathyObserverManager } from '../service/empathy-observer-manager.js';
 import { PathResolver } from '../core/path-resolver.js';
 /**
@@ -130,6 +130,8 @@ function resolveEvolutionTask(inProgressTask, messages, maxContextMessages = 4,
     const preview = typeof inProgressTask.trigger_text_preview === 'string' && inProgressTask.trigger_text_preview.trim()
         ? inProgressTask.trigger_text_preview.trim()
         : 'N/A';
+    const sessionId = typeof inProgressTask.session_id === 'string' ? inProgressTask.session_id.trim() : '';
+    const agentId = typeof inProgressTask.agent_id === 'string' ? inProgressTask.agent_id.trim() : '';
     const conversationContext = includeConversationContext
         ? extractRecentConversationContext(messages, maxContextMessages, maxCharsPerMsg)
         : '';
@@ -142,11 +144,27 @@ function resolveEvolutionTask(inProgressTask, messages, maxContextMessages = 4,
 `;
     taskDescription += `**Trigger Text**: "${preview}"
 `;
+    if (sessionId) {
+        taskDescription += `**Session ID**: ${sessionId}
+`;
+    }
+    if (agentId) {
+        taskDescription += `**Agent ID**: ${agentId}
+`;
+    }
     if (conversationContext) {
         taskDescription += `
 ---
 **Recent Conversation Context**:
 ${conversationContext}`;
+    }
+    else if (!sessionId) {
+        taskDescription += `
+---
+**Note**: 对话上下文不可用。请主动收集证据：
+1. 从 Reason 字段提取关键词，搜索相关代码
+2. 读取 .state/logs/events.jsonl 最近日志
+3. 基于 Reason 中的文件路径定位问题`;
     }
     taskDescription += `
 
@@ -227,7 +245,6 @@ export function resolveModelFromConfig(modelConfig, logger) {
     }
     // 闁哄秶鍘х槐?3: 闁轰焦澹嗙划宥夊冀閻撳海纭€闁挎稑鐗呯粭澶愬绩椤栨稑鐦柨娑樿嫰瑜板倿宕欐ウ娆惧妳闁告稑顭槐?
     if (Array.isArray(modelConfig)) {
-        console.warn(`[PD:Prompt] Array model config not supported. Expected "provider/model" string or { primary: "..." } object.`);
         logger?.warn(`[PD:Prompt] Array model config not supported. Expected "provider/model" string or { primary: "..." } object.`);
         return null;
     }
@@ -388,8 +405,7 @@ You are a **self-evolving AI agent** powered by Principles Disciple.
 - Use the current session for the normal user reply.
 - Use sessions_send for cross-session messaging.
 - Use agents_list / sessions_list / sessions_spawn for peer-agent or peer-session orchestration.
-- Use subagents to inspect already-dispatched internal workers such as diagnostician/explorer.
-- Use pd_run_worker only for Principles Disciple internal workers such as diagnostician/explorer.
+- Use sessions_spawn with pd-diagnostician/pd-explorer/etc skills for internal worker tasks.
 
 ## 妫ｅ啯鎯?INTERNAL SYSTEM LAYOUT
 - Your core plugin logic is rooted at: ${PathResolver.getExtensionRoot() || 'EXTENSION_ROOT (unresolved)'}
@@ -407,7 +423,7 @@ You are a **self-evolving AI agent** powered by Principles Disciple.
         trustContext += `Hygiene: ${hygiene.persistenceCount} persists today\n`;
         // Stage-based restrictions
         if (safeStage === 1) {
-            trustContext += `ACTION CONSTRAINT: You are in READ-ONLY MODE. You MUST use the internal pd_run_worker diagnostician worker to recover trust before writing files. Do not use it for peer-session messaging.\n`;
+            trustContext += `ACTION CONSTRAINT: You are in READ-ONLY MODE. You MUST use sessions_spawn with the pd-diagnostician skill to recover trust before writing files.\n`;
         }
         else if (safeStage === 2) {
             trustContext += `ACTION CONSTRAINT: LIMITED MODE. You are restricted to a maximum of 50 lines per edit.\n`;
@@ -421,7 +437,11 @@ You are a **self-evolving AI agent** powered by Principles Disciple.
         prependContext += `<system_override:runtime_constraints>\n${trustContext.trim()}\n</system_override:runtime_constraints>\n`;
     }
     // 闁崇儤鍔忛弲鏌ュ煛?3. Evolution Directive (always on, highest priority) - stays in prependContext 闁崇儤鍔忛弲鏌ュ煛?
-    let evolutionDirective = '';
+    // NOTE: active evolution task prompt is injected from EVOLUTION_QUEUE for active tasks
+    // NOT used for Phase 3 eligibility decisions
+    // EVOLUTION_DIRECTIVE.json is a compatibility-only display artifact
+    // Phase 3 eligibility uses only queue and trust (see phase3-input-filter.ts)
+    let activeEvolutionTaskPrompt = '';
     const queuePath = wctx.resolve('EVOLUTION_QUEUE');
     if (fs.existsSync(queuePath)) {
         try {
@@ -441,32 +461,48 @@ You are a **self-evolving AI agent** powered by Principles Disciple.
                 const escapedTask = JSON.stringify(resolvedTask);
                 logger?.info(`[PD:Prompt] Injecting EVOLUTION TASK for: ${inProgressTask.id}`);
                 if (trigger === 'user') {
-                    evolutionDirective = `<evolution_task priority="high">
+                    activeEvolutionTaskPrompt = `<evolution_task priority="high">
 TASK: ${escapedTask}
 
-REQUIRED ACTION:
-- First respond to the user's current request normally.
-- After finishing the user-facing response, call:
-  pd_run_worker agentType="diagnostician" task=${escapedTask} runInBackground=true
-- Treat pd_run_worker as an internal Principles Disciple worker, not a peer-session messaging tool.
+REQUIRED ACTION (两阶段回复):
+
+**阶段 1 - 立即回复用户:**
+简要告知用户你检测到的问题，例如：
+"我注意到刚才的操作遇到了一些问题（简述问题），我已安排诊断代理在后台分析根因。分析完成后会继续告诉你结果。"
+
+然后调用：
+  sessions_spawn(task="使用 pd-diagnostician skill 执行诊断任务。\n\n任务: ${escapedTask}")
+
+**阶段 2 - 收到子代理结果后:**
+当收到诊断代理的完成消息后，用以下格式回复用户：
+
+"**诊断完成** 🔍
+
+基于后台分析结果：
+- **根因**: [一句话总结]
+- **分类**: [People/Design/Assumption/Tooling]
+- **建议**: [可执行的改进建议]
+
+相关原则已记录到 PRINCIPLES.md。"
+
+IMPORTANT:
 - Do NOT reply with "[EVOLUTION_ACK]".
-- Do NOT let this task interrupt the current user interaction.
+- 子代理结果会作为新消息到达，届时再进行阶段2的回复。
 </evolution_task>\n`;
                 }
                 else {
-                    evolutionDirective = `<evolution_task priority="critical">
+                    activeEvolutionTaskPrompt = `<evolution_task priority="critical">
 TASK: ${escapedTask}
 
 REQUIRED ACTION:
 - Start diagnostics immediately by calling:
-  pd_run_worker agentType="diagnostician" task=${escapedTask} runInBackground=true
-- Treat pd_run_worker as an internal Principles Disciple worker, not a peer-session messaging tool.
+  sessions_spawn(task="使用 pd-diagnostician skill 执行诊断任务。\n\n任务: ${escapedTask}")
 - Do NOT reply with "[EVOLUTION_ACK]".
 </evolution_task>\n`;
                 }
                 break;
             }
-            if (!evolutionDirective && inProgressTasks.length > 0) {
+            if (!activeEvolutionTaskPrompt && inProgressTasks.length > 0) {
                 logger?.warn('[PD:Prompt] Skipping evolution task injection because task payload is invalid.');
             }
         }
@@ -475,8 +511,8 @@ REQUIRED ACTION:
         }
     }
     // Inject queue-derived evolution task at the front of prependContext
-    if (evolutionDirective) {
-        prependContext = evolutionDirective + prependContext;
+    if (activeEvolutionTaskPrompt) {
+        prependContext = activeEvolutionTaskPrompt + prependContext;
     }
     // 鈺愨晲鈺?4. Empathy Observer Spawn (async sidecar) 鈺愨晲鈺?
     // Skip if this is a subagent session or if the message indicates agent-to-agent communication
@@ -581,34 +617,53 @@ ACTION: Run self-audit. If stable, reply ONLY with "HEARTBEAT_OK".
     let workingMemoryContent = '';
     if (!isMinimalMode && contextConfig.projectFocus !== 'off') {
         const focusPath = wctx.resolve('CURRENT_FOCUS');
-        if (fs.existsSync(focusPath)) {
+        const extensionRoot = PathResolver.getExtensionRoot();
+        // 🔒 安全读取：自动验证格式，损坏时从模板恢复
+        const { content: currentFocus, recovered, validationErrors } = safeReadCurrentFocus(focusPath, extensionRoot || '', logger);
+        if (recovered) {
+            logger?.info?.(`[PD:Prompt] CURRENT_FOCUS.md was recovered from template`);
+        }
+        if (validationErrors.length > 0) {
+            logger?.warn?.(`[PD:Prompt] CURRENT_FOCUS validation errors: ${validationErrors.join(', ')}`);
+        }
+        if (currentFocus.trim()) {
             try {
-                const currentFocus = fs.readFileSync(focusPath, 'utf8').trim();
-                if (currentFocus) {
+                // 🚀 自动压缩门禁：检查文件大小，超过阈值自动压缩
+                const stateDir = wctx.stateDir;
+                const compressResult = autoCompressFocus(focusPath, workspaceDir, stateDir);
+                if (compressResult.compressed) {
+                    logger?.info?.(`[PD:Prompt] Auto-compressed CURRENT_FOCUS: ${compressResult.oldLines} → ${compressResult.newLines} lines. Milestones archived: ${compressResult.milestonesArchived}`);
+                }
+                else if (compressResult.reason === 'Rate limited (24h interval)') {
+                    logger?.debug?.(`[PD:Prompt] Auto-compress skipped: ${compressResult.reason}`);
+                }
+                // 重新读取（可能被压缩更新了）
+                const finalContent = fs.readFileSync(focusPath, 'utf8').trim();
+                if (finalContent) {
                     // 解析工作记忆部分（用于独立注入）
-                    const workingMemorySnapshot = parseWorkingMemorySection(currentFocus);
+                    const workingMemorySnapshot = parseWorkingMemorySection(finalContent);
                     if (workingMemorySnapshot) {
                         workingMemoryContent = workingMemoryToInjection(workingMemorySnapshot);
                     }
                     if (contextConfig.projectFocus === 'summary') {
                         // Summary mode: intelligent extraction prioritizing key sections
-                        projectContextContent = extractSummary(currentFocus, 30);
+                        projectContextContent = extractSummary(finalContent, 30);
                     }
                     else {
                         // Full mode: current version + recent history (3 versions)
                         const historyVersions = getHistoryVersions(focusPath, 3);
                         if (historyVersions.length > 0) {
-                            const historySections = historyVersions.map((v, i) => `\n---\n\n**闁告ê妫楄ぐ鍫曟偋閸喐鎷?v${historyVersions.length - i}**\n\n${v}`).join('');
-                            projectContextContent = `${currentFocus}${historySections}`;
+                            const historySections = historyVersions.map((v, i) => `\n---\n\n**历史版本 v${historyVersions.length - i}**\n\n${v}`).join('');
+                            projectContextContent = `${finalContent}${historySections}`;
                         }
                         else {
-                            projectContextContent = currentFocus;
+                            projectContextContent = finalContent;
                         }
                     }
                 }
             }
             catch (e) {
-                logger?.error(`[PD:Prompt] Failed to read CURRENT_FOCUS: ${String(e)}`);
+                logger?.error(`[PD:Prompt] Failed to process CURRENT_FOCUS: ${String(e)}`);
             }
         }
     }

package/dist/hooks/subagent.js

@@ -3,7 +3,6 @@ import { writePainFlag } from '../core/pain.js';
 import { WorkspaceContext } from '../core/workspace-context.js';
 import { empathyObserverManager } from '../service/empathy-observer-manager.js';
 import { acquireQueueLock } from '../service/evolution-worker.js';
-import { isSubagentRuntimeAvailable } from '../utils/subagent-probe.js';
 const COMPLETION_RETRY_DELAY_MS = 250;
 const COMPLETION_MAX_RETRIES = 3;
 const COMPLETION_RETRY_TTL_MS = 60 * 60 * 1000; // 1 hour TTL for retry entries
@@ -252,7 +251,7 @@ export async function handleSubagentEnded(event, ctx) {
             }
         }
         // Read diagnostician output and create principle with generalized pattern
-        if (completedTaskId && isSubagentRuntimeAvailable(ctx.api?.runtime?.subagent)) {
+        if (completedTaskId && ctx.api?.runtime?.subagent) {
             try {
                 const messages = await ctx.api?.runtime?.subagent?.getSessionMessages?.({
                     sessionKey: targetSessionKey,

package/dist/hooks/thinking-checkpoint.d.ts

@@ -0,0 +1,37 @@
+/**
+ * Thinking Checkpoint Module
+ *
+ * Enforces P-10 deep reflection requirement for high-risk tool operations.
+ *
+ * **Responsibilities:**
+ * - Check if high-risk tools have recent deep thinking (T-01 through T-10)
+ * - Block high-risk operations without preceding deep reflection
+ * - Configurable time window for thinking validity (default 5 minutes)
+ * - Provide clear guidance on required action (deep_reflect tool usage)
+ *
+ * **Configuration:**
+ * - Thinking checkpoint settings from profile.thinking_checkpoint
+ * - Window duration for thinking validity
+ * - High-risk tool list
+ */
+import type { PluginHookBeforeToolCallEvent, PluginHookBeforeToolCallResult } from '../openclaw-sdk.js';
+export interface ThinkingCheckpointConfig {
+    enabled?: boolean;
+    window_ms?: number;
+    high_risk_tools?: string[];
+}
+/**
+ * Checks if a tool call requires a recent deep thinking checkpoint.
+ *
+ * This enforces P-10 (Thinking OS Checkpoint) - high-risk operations must
+ * be preceded by deep reflection within the configured time window.
+ *
+ * @param event - The before_tool_call event
+ * @param config - Thinking checkpoint configuration from profile
+ * @param sessionId - Current session ID
+ * @param logger - Optional logger for info messages
+ * @returns Block result if thinking required, undefined otherwise
+ */
+export declare function checkThinkingCheckpoint(event: PluginHookBeforeToolCallEvent, config: ThinkingCheckpointConfig, sessionId: string | undefined, logger?: {
+    info?: (message: string) => void;
+}): PluginHookBeforeToolCallResult | undefined;

package/dist/hooks/thinking-checkpoint.js

@@ -0,0 +1,51 @@
+/**
+ * Thinking Checkpoint Module
+ *
+ * Enforces P-10 deep reflection requirement for high-risk tool operations.
+ *
+ * **Responsibilities:**
+ * - Check if high-risk tools have recent deep thinking (T-01 through T-10)
+ * - Block high-risk operations without preceding deep reflection
+ * - Configurable time window for thinking validity (default 5 minutes)
+ * - Provide clear guidance on required action (deep_reflect tool usage)
+ *
+ * **Configuration:**
+ * - Thinking checkpoint settings from profile.thinking_checkpoint
+ * - Window duration for thinking validity
+ * - High-risk tool list
+ */
+import { hasRecentThinking } from '../core/session-tracker.js';
+import { THINKING_CHECKPOINT_WINDOW_MS, THINKING_CHECKPOINT_DEFAULT_HIGH_RISK_TOOLS } from '../config/index.js';
+/**
+ * Checks if a tool call requires a recent deep thinking checkpoint.
+ *
+ * This enforces P-10 (Thinking OS Checkpoint) - high-risk operations must
+ * be preceded by deep reflection within the configured time window.
+ *
+ * @param event - The before_tool_call event
+ * @param config - Thinking checkpoint configuration from profile
+ * @param sessionId - Current session ID
+ * @param logger - Optional logger for info messages
+ * @returns Block result if thinking required, undefined otherwise
+ */
+export function checkThinkingCheckpoint(event, config, sessionId, logger) {
+    const enabled = config.enabled ?? false;
+    const windowMs = config.window_ms ?? THINKING_CHECKPOINT_WINDOW_MS;
+    const highRiskTools = config.high_risk_tools ?? [...THINKING_CHECKPOINT_DEFAULT_HIGH_RISK_TOOLS];
+    if (!enabled || !sessionId) {
+        return undefined;
+    }
+    const isHighRisk = highRiskTools.includes(event.toolName);
+    if (!isHighRisk) {
+        return undefined;
+    }
+    const hasThinking = hasRecentThinking(sessionId, windowMs);
+    if (!hasThinking) {
+        logger?.info?.(`[PD:THINKING_GATE] High-risk tool "${event.toolName}" called without recent deep thinking`);
+        return {
+            block: true,
+            blockReason: `[Thinking OS Checkpoint] 高风险操作 "${event.toolName}" 需要先进行深度思考。\n\n请先使用 deep_reflect 工具分析当前情况，然后再尝试此操作。\n\n这是强制性检查点，目的是确保决策质量。\n\n提示：调用 deep_reflect 后，${Math.round(windowMs / 60000)}分钟内的操作将自动放行。\n\n可在PROFILE.json中设置 thinking_checkpoint.enabled: false 来禁用此检查。`,
+        };
+    }
+    return undefined;
+}

package/dist/http/principles-console-route.d.ts

@@ -1,2 +1,9 @@
 import type { OpenClawPluginApi, OpenClawPluginHttpRouteParams } from '../openclaw-sdk.js';
+/**
+ * Create routes for Principles Console.
+ * Returns an array of routes:
+ * 1. Static files route (no auth required for HTML/CSS/JS)
+ * 2. API route (gateway auth required)
+ */
+export declare function createPrinciplesConsoleRoutes(api: OpenClawPluginApi): OpenClawPluginHttpRouteParams[];
 export declare function createPrinciplesConsoleRoute(api: OpenClawPluginApi): OpenClawPluginHttpRouteParams;

package/dist/http/principles-console-route.js

@@ -3,6 +3,7 @@ import path from 'path';
 import { ControlUiQueryService } from '../service/control-ui-query-service.js';
 import { getEvolutionQueryService } from '../service/evolution-query-service.js';
 import { TrajectoryRegistry } from '../core/trajectory.js';
+import { getCentralDatabase } from '../service/central-database.js';
 const ROUTE_PREFIX = '/plugins/principles';
 const API_PREFIX = `${ROUTE_PREFIX}/api`;
 const ASSETS_PREFIX = `${ROUTE_PREFIX}/assets`;
@@ -82,6 +83,11 @@ function createService(api) {
     return new ControlUiQueryService(workspaceDir);
 }
 function handleApiRoute(api, pathname, req, res) {
+    // Check authentication for API routes
+    if (!validateGatewayAuth(req)) {
+        json(res, 401, { error: 'unauthorized', message: 'Valid Gateway token required.' });
+        return true;
+    }
     const service = createService(api);
     const url = new URL(req.url || pathname, 'http://127.0.0.1');
     const method = (req.method || 'GET').toUpperCase();
@@ -100,8 +106,164 @@ function handleApiRoute(api, pathname, req, res) {
             service.dispose();
         }
     };
+    // Helper to parse and clamp days parameter
+    const parseDays = (param) => {
+        const value = param ? Number(param) : 30;
+        if (!Number.isFinite(value) || value < 1)
+            return 30;
+        return Math.min(365, Math.max(1, Math.floor(value)));
+    };
     if (pathname === `${API_PREFIX}/overview` && method === 'GET') {
-        return done(() => service.getOverview());
+        const days = parseDays(url.searchParams.get('days'));
+        return done(() => service.getOverview(days));
+    }
+    if (pathname === `${API_PREFIX}/central/overview` && method === 'GET') {
+        const days = parseDays(url.searchParams.get('days'));
+        return done(() => {
+            const centralDb = getCentralDatabase();
+            const stats = centralDb.getOverviewStats();
+            const trend = centralDb.getDailyTrend(days);
+            const regressions = centralDb.getTopRegressions(5);
+            const thinkingStats = centralDb.getThinkingModelStats();
+            const workspaces = centralDb.getWorkspaces();
+            return {
+                workspaceDir: 'central',
+                generatedAt: new Date().toISOString(),
+                dataFreshness: workspaces.length > 0 ? (workspaces[0].lastSync ?? null) : null,
+                dataSource: 'central_aggregated_db',
+                runtimeControlPlaneSource: 'all_workspaces',
+                summary: {
+                    repeatErrorRate: stats.totalToolCalls > 0
+                        ? stats.totalFailures / stats.totalToolCalls
+                        : 0,
+                    userCorrectionRate: stats.totalToolCalls > 0
+                        ? stats.totalCorrections / stats.totalToolCalls
+                        : 0,
+                    pendingSamples: stats.pendingSamples,
+                    approvedSamples: stats.approvedSamples,
+                    thinkingCoverageRate: stats.totalToolCalls > 0
+                        ? stats.totalThinkingEvents / stats.totalToolCalls
+                        : 0,
+                    painEvents: stats.totalPainEvents,
+                    principleEventCount: 0,
+                    gateBlocks: 0,
+                    taskOutcomes: 0,
+                },
+                dailyTrend: trend,
+                topRegressions: regressions,
+                sampleQueue: {
+                    counters: {
+                        pending: stats.pendingSamples,
+                        approved: stats.approvedSamples,
+                        rejected: stats.rejectedSamples,
+                    },
+                    preview: [],
+                },
+                thinkingSummary: {
+                    activeModels: thinkingStats.activeModels,
+                    dormantModels: thinkingStats.totalModels - thinkingStats.activeModels,
+                    effectiveModels: thinkingStats.models.filter(m => m.coverageRate > 0.1).length,
+                    coverageRate: stats.totalToolCalls > 0
+                        ? stats.totalThinkingEvents / stats.totalToolCalls
+                        : 0,
+                },
+                centralInfo: {
+                    workspaceCount: stats.workspaceCount,
+                    enabledWorkspaceCount: stats.enabledWorkspaceCount,
+                    workspaces: stats.workspaceNames,
+                    enabledWorkspaces: stats.enabledWorkspaceNames,
+                },
+            };
+        });
+    }
+    if (pathname === `${API_PREFIX}/central/sync` && method === 'POST') {
+        return done(() => {
+            const centralDb = getCentralDatabase();
+            const results = centralDb.syncEnabled();
+            const summary = {};
+            results.forEach((count, name) => {
+                summary[name] = count;
+            });
+            return { synced: summary, timestamp: new Date().toISOString() };
+        });
+    }
+    if (pathname === `${API_PREFIX}/central/workspaces` && method === 'GET') {
+        return done(() => {
+            const centralDb = getCentralDatabase();
+            const configs = centralDb.getWorkspaceConfigs();
+            const workspaces = centralDb.getWorkspaces();
+            return {
+                configs,
+                workspaces: workspaces.map(ws => ({
+                    name: ws.name,
+                    path: ws.path,
+                    lastSync: ws.lastSync,
+                    config: configs.find(c => c.workspaceName === ws.name) ?? null,
+                })),
+            };
+        });
+    }
+    const workspaceConfigMatch = pathname.match(/^\/plugins\/principles\/api\/central\/workspaces\/([^/]+)$/);
+    if (workspaceConfigMatch && method === 'GET') {
+        return done(() => {
+            const centralDb = getCentralDatabase();
+            const workspaceName = decodeURIComponent(workspaceConfigMatch[1]);
+            const configs = centralDb.getWorkspaceConfigs();
+            const config = configs.find(c => c.workspaceName === workspaceName);
+            return config ?? { workspaceName, enabled: true, displayName: workspaceName, syncEnabled: true };
+        });
+    }
+    if (workspaceConfigMatch && method === 'PATCH') {
+        return (async () => {
+            try {
+                const body = await readJsonBody(req);
+                const centralDb = getCentralDatabase();
+                const workspaceName = decodeURIComponent(workspaceConfigMatch[1]);
+                centralDb.updateWorkspaceConfig(workspaceName, {
+                    enabled: body.enabled,
+                    displayName: body.displayName,
+                    syncEnabled: body.syncEnabled,
+                });
+                const configs = centralDb.getWorkspaceConfigs();
+                json(res, 200, configs.find(c => c.workspaceName === workspaceName));
+                return true;
+            }
+            catch (error) {
+                if (error instanceof Error && error.message === 'invalid_json') {
+                    json(res, 400, { error: 'bad_request', message: 'Request body must be valid JSON.' });
+                    return true;
+                }
+                api.logger.warn(`[PD:ControlUI] Workspace config update failed: ${String(error)}`);
+                json(res, 500, { error: 'internal_error', message: String(error) });
+                return true;
+            }
+        })();
+    }
+    if (pathname === `${API_PREFIX}/central/workspaces` && method === 'POST') {
+        return (async () => {
+            try {
+                const body = await readJsonBody(req);
+                const name = typeof body.name === 'string' ? body.name : '';
+                const workspacePath = typeof body.path === 'string' ? body.path : '';
+                if (!name || !workspacePath) {
+                    json(res, 400, { error: 'bad_request', message: 'name and path are required.' });
+                    return true;
+                }
+                const centralDb = getCentralDatabase();
+                centralDb.addCustomWorkspace(name, workspacePath);
+                json(res, 201, { success: true, workspace: name });
+                return true;
+            }
+            catch (error) {
+                if (error instanceof Error && error.message === 'invalid_json') {
+                    json(res, 400, { error: 'bad_request', message: 'Request body must be valid JSON.' });
+                    return true;
+                }
+                api.logger.warn(`[PD:ControlUI] Add workspace failed: ${String(error)}`);
+                json(res, 500, { error: 'internal_error', message: String(error) });
+                return true;
+            }
+        })();
     }
     if (pathname === `${API_PREFIX}/samples` && method === 'GET') {
         return done(() => service.listSamples({
@@ -217,9 +379,10 @@ function handleApiRoute(api, pathname, req, res) {
         });
     }
     if (pathname === `${API_PREFIX}/evolution/stats` && method === 'GET') {
+        const days = parseDays(url.searchParams.get('days'));
         return done(() => {
             const evoService = evolutionService();
-            return evoService.getStats();
+            return evoService.getStats(days);
         });
     }
     const evolutionTraceMatch = pathname.match(/^\/plugins\/principles\/api\/evolution\/trace\/([^/]+)$/);
@@ -275,10 +438,93 @@ function handleApiRoute(api, pathname, req, res) {
     json(res, 404, { error: 'not_found', message: 'Unknown Principles Console API route.' });
     return true;
 }
+function getGatewayToken() {
+    try {
+        const configPath = path.join(process.env.HOME || '', '.openclaw', 'openclaw.json');
+        if (!fs.existsSync(configPath))
+            return null;
+        const config = JSON.parse(fs.readFileSync(configPath, 'utf-8'));
+        return config?.gateway?.auth?.token || null;
+    }
+    catch {
+        return null;
+    }
+}
+function validateGatewayAuth(req) {
+    const gatewayToken = getGatewayToken();
+    if (!gatewayToken) {
+        // No token configured, allow all requests
+        return true;
+    }
+    const authHeader = req.headers?.['authorization'] || '';
+    const tokenMatch = authHeader.match(/^Bearer\s+(.+)$/i);
+    const providedToken = tokenMatch?.[1];
+    return providedToken === gatewayToken;
+}
+/**
+ * Create routes for Principles Console.
+ * Returns an array of routes:
+ * 1. Static files route (no auth required for HTML/CSS/JS)
+ * 2. API route (gateway auth required)
+ */
+export function createPrinciplesConsoleRoutes(api) {
+    // Route 1: Static files (HTML, CSS, JS) - no auth check
+    const staticRoute = {
+        path: ROUTE_PREFIX,
+        auth: 'plugin',
+        match: 'prefix',
+        async handler(req, res) {
+            const url = new URL(req.url || ROUTE_PREFIX, 'http://127.0.0.1');
+            const pathname = url.pathname;
+            const method = (req.method || 'GET').toUpperCase();
+            // Skip API routes - they'll be handled by the API route
+            if (pathname.startsWith(API_PREFIX)) {
+                return false; // Let the API route handle this
+            }
+            // Serve assets
+            if (pathname.startsWith(ASSETS_PREFIX)) {
+                if (method !== 'GET' && method !== 'HEAD') {
+                    text(res, 405, 'Method Not Allowed');
+                    return true;
+                }
+                const assetPath = safeStaticPath(api.rootDir, pathname);
+                if (!assetPath || !serveFile(res, assetPath)) {
+                    text(res, 404, 'Asset Not Found');
+                }
+                return true;
+            }
+            // Serve index.html for the main route
+            if (method !== 'GET' && method !== 'HEAD') {
+                text(res, 405, 'Method Not Allowed');
+                return true;
+            }
+            const indexPath = path.join(api.rootDir, 'dist', 'web', 'index.html');
+            if (!serveFile(res, indexPath)) {
+                text(res, 503, 'Principles Console UI is not built yet.');
+            }
+            return true;
+        },
+    };
+    // Route 2: API endpoints - gateway auth required
+    const apiRoute = {
+        path: API_PREFIX,
+        auth: 'gateway',
+        match: 'prefix',
+        async handler(req, res) {
+            const url = new URL(req.url || API_PREFIX, 'http://127.0.0.1');
+            const pathname = url.pathname;
+            return handleApiRoute(api, pathname, req, res);
+        },
+    };
+    return [staticRoute, apiRoute];
+}
+// Legacy export for backwards compatibility
 export function createPrinciplesConsoleRoute(api) {
+    const routes = createPrinciplesConsoleRoutes(api);
+    // Return the combined behavior - this will be called from index.ts
     return {
         path: ROUTE_PREFIX,
-        auth: 'gateway',
+        auth: 'plugin',
         match: 'prefix',
         async handler(req, res) {
             const url = new URL(req.url || ROUTE_PREFIX, 'http://127.0.0.1');
@@ -287,9 +533,15 @@ export function createPrinciplesConsoleRoute(api) {
             if (!pathname.startsWith(ROUTE_PREFIX)) {
                 return false;
             }
+            // For API routes, check auth manually
             if (pathname.startsWith(API_PREFIX)) {
+                if (!validateGatewayAuth(req)) {
+                    json(res, 401, { error: 'unauthorized', message: 'Valid Gateway token required.' });
+                    return true;
+                }
                 return handleApiRoute(api, pathname, req, res);
             }
+            // Static files - no auth required
             if (pathname.startsWith(ASSETS_PREFIX)) {
                 if (method !== 'GET' && method !== 'HEAD') {
                     text(res, 405, 'Method Not Allowed');

package/dist/index.js

@@ -26,7 +26,6 @@ import { ensureWorkspaceTemplates } from './core/init.js';
 import { migrateDirectoryStructure } from './core/migration.js';
 import { SystemLogger } from './core/system-logger.js';
 import { createDeepReflectTool } from './tools/deep-reflect.js';
-import { createAgentSpawnTool } from './tools/agent-spawn.js';
 import { PathResolver } from './core/path-resolver.js';
 import { createPrinciplesConsoleRoute } from './http/principles-console-route.js';
 // Track initialization to avoid repeated calls
@@ -476,7 +475,6 @@ const plugin = {
             }
         });
         api.registerTool(createDeepReflectTool(api));
-        api.registerTool(createAgentSpawnTool(api));
     }
 };
 export default plugin;