principles-disciple 1.91.0 → 1.92.0

package/openclaw.plugin.json

@@ -2,7 +2,7 @@
   "id": "principles-disciple",
   "name": "Principles Disciple",
   "description": "Evolutionary programming agent framework with strategic guardrails and reflection loops.",
-  "version": "1.91.0",
+  "version": "1.92.0",
   "activation": {
     "onCapabilities": [
       "hook"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "principles-disciple",
-  "version": "1.91.0",
+  "version": "1.92.0",
   "description": "Native OpenClaw plugin for Principles Disciple",
   "type": "module",
   "main": "./dist/bundle.js",

package/src/hooks/message-sanitize.ts

@@ -1,4 +1,11 @@
 import type { PluginHookBeforeMessageWriteEvent, PluginHookBeforeMessageWriteResult } from '../openclaw-sdk.js';
+import {
+  sanitizeString as coreSanitizeString,
+  sanitizeValue as coreSanitizeValue,
+  sanitizeToolParams as coreSanitizeToolParams,
+  convergePath,
+  MAX_EVIDENCE_VALUE_CHARS,
+} from '@principles/core/runtime-v2';
 
 const INTERNAL_TAG_PATTERNS = [
   /\[EMOTIONAL_DAMAGE_DETECTED(?::(?:mild|moderate|severe))?\]/gi,
@@ -21,6 +28,41 @@ function isAssistantMessageWithContent(
   );
 }
 
+// Re-export core constants and functions for backward compatibility
+export { MAX_EVIDENCE_VALUE_CHARS, convergePath };
+
+/**
+ * Sanitize a single string value for evidence storage.
+ * Delegates to core sanitizer with optional workspaceDir for path convergence.
+ */
+export function sanitizeForEvidence(value: unknown, workspaceDir?: string): string {
+  if (value === null || value === undefined) return '';
+  return coreSanitizeString(String(value), workspaceDir);
+}
+
+/**
+ * Recursively sanitize any value for evidence storage.
+ * Delegates to core sanitizer.
+ */
+export function sanitizeValueForEvidence(value: unknown, workspaceDir?: string): unknown {
+  return coreSanitizeValue(value, 0, workspaceDir);
+}
+
+/**
+ * Sanitize tool-call params for evidence/trajectory storage.
+ * Delegates to core sanitizer — accepts unknown, runtime-validates.
+ *
+ * ERR-001: no `as` casts on input
+ * ERR-055: ANY-segment sensitive field matching
+ * ERR-056: token redaction on ALL strings via recursive sanitizeValue
+ */
+export function sanitizeToolParamsForEvidence(
+  params: unknown,
+  workspaceDir?: string,
+): Record<string, unknown> {
+  return coreSanitizeToolParams(params, workspaceDir);
+}
+
 export function sanitizeAssistantText(text: string): string {
   let result = text;
   for (const pattern of INTERNAL_TAG_PATTERNS) {

package/src/hooks/pain.ts

@@ -13,7 +13,7 @@ import type { PluginHookAfterToolCallEvent, PluginHookToolContext, OpenClawPlugi
 import { resolveWorkspaceDirForRuntimeV2 } from '../utils/workspace-resolver.js';
 import { PainToPrincipleService, PrincipleTreeLedgerAdapter, type PainDetectedData, type PainEvidenceEntry, MAX_EVIDENCE_ENTRIES, MAX_EVIDENCE_NOTE_CHARS } from '@principles/core/runtime-v2';
 import { evaluatePainDiagnosticGate } from '../core/pain-diagnostic-gate.js';
-import { sanitizeAssistantText } from './message-sanitize.js';
+import { sanitizeAssistantText, sanitizeForEvidence, sanitizeToolParamsForEvidence } from './message-sanitize.js';
 import { loadPdConfigForPlugin } from '../core/pd-config-loader.js';
 
 /**
@@ -348,7 +348,7 @@ export function handleAfterToolCall(
       errorMessage: event.error ? String(event.error) : undefined,
       gfiBefore,
       gfiAfter: updatedState.currentGfi,
-      paramsJson: event.params,
+      paramsJson: sanitizeToolParamsForEvidence(event.params, effectiveWorkspaceDir),
     });
 
     const injectedProbationIds = getInjectedProbationIds(sessionId, effectiveWorkspaceDir);
@@ -409,7 +409,7 @@ export function handleAfterToolCall(
       exitCode,
       gfiBefore,
       gfiAfter: resetState.currentGfi,
-      paramsJson: event.params,
+      paramsJson: sanitizeToolParamsForEvidence(event.params, effectiveWorkspaceDir),
     });
     
     const filePath = params.file_path || params.path || params.file;
@@ -512,7 +512,7 @@ export function handleAfterToolCall(
     reason: `Tool ${event.toolName} failed on ${relPath}`,
     severity: painScore >= 70 ? 'severe' : painScore >= 40 ? 'moderate' : 'mild',
     origin: 'system_infer',
-    text: params.text ?? params.content ?? undefined,
+    text: sanitizeForEvidence(params.text ?? params.content, effectiveWorkspaceDir) || undefined,
   });
 
   // Pain signal emitted via emitPainDetectedEvent below — no .pain_flag file written (M8: single-path chain)

package/src/hooks/prompt.ts

@@ -30,6 +30,7 @@ import {
   extractMessageContent,
   isMinimalTrigger,
 } from '@principles/core/prompt-builder';
+import { sanitizeForEvidence } from './message-sanitize.js';
 
 // ---------------------------------------------------------------------------
 // Static file cache — avoids re-reading rarely-changing files every message
@@ -574,7 +575,7 @@ The empathy observer subagent handles pain detection independently.
                     confidence: result.confidence,
                     detection_mode: 'structured',
                     deduped: false,
-                    trigger_text_excerpt: latestUserMessage.substring(0, 120),
+                    trigger_text_excerpt: sanitizeForEvidence(latestUserMessage, workspaceDir).substring(0, 120),
                     raw_score: painScore,
                     calibrated_score: painScore,
                     eventId,
@@ -589,7 +590,7 @@ The empathy observer subagent handles pain detection independently.
                       severity: result.severity,
                       origin: 'system_infer',
                       confidence: result.confidence,
-                      text: latestUserMessage,
+                      text: sanitizeForEvidence(latestUserMessage, workspaceDir),
                     });
                   } catch (error) {
                     logger?.warn?.(`[PD:Empathy] Failed to persist trajectory: ${String(error)}`);

package/tests/hooks/message-sanitize.test.ts

@@ -1,5 +1,12 @@
 import { describe, it, expect } from 'vitest';
-import { handleBeforeMessageWrite, sanitizeAssistantText } from '../../src/hooks/message-sanitize';
+import {
+  handleBeforeMessageWrite,
+  sanitizeAssistantText,
+  sanitizeForEvidence,
+  sanitizeToolParamsForEvidence,
+  sanitizeValueForEvidence,
+  MAX_EVIDENCE_VALUE_CHARS,
+} from '../../src/hooks/message-sanitize';
 
 describe('message-sanitize hook', () => {
   it('removes empathy control tags from assistant text', () => {
@@ -9,28 +16,229 @@ describe('message-sanitize hook', () => {
 
   it('returns modified message for assistant role', () => {
     const result = handleBeforeMessageWrite({
-      message: {
-        role: 'assistant',
-        content: 'hello [EMOTIONAL_DAMAGE_DETECTED] world'
-      }
+      message: { role: 'assistant', content: 'hello [EMOTIONAL_DAMAGE_DETECTED] world' }
     } as any);
-
     expect(result).toEqual({
-      message: {
-        role: 'assistant',
-        content: 'hello  world'
-      }
+      message: { role: 'assistant', content: 'hello  world' }
     });
   });
 
   it('ignores non-assistant messages', () => {
     const result = handleBeforeMessageWrite({
-      message: {
-        role: 'user',
-        content: '[EMOTIONAL_DAMAGE_DETECTED]'
-      }
+      message: { role: 'user', content: '[EMOTIONAL_DAMAGE_DETECTED]' }
     } as any);
-
     expect(result).toBeUndefined();
   });
+
+  // ── sanitizeForEvidence ──
+
+  it('binds long string values to MAX_EVIDENCE_VALUE_CHARS', () => {
+    const segment = ' data ';
+    const long = segment.repeat(100);
+    const result = sanitizeForEvidence(long);
+    expect(result).toMatch(/___TRUNCATED___$/);
+    expect(result.length).toBeLessThanOrEqual(MAX_EVIDENCE_VALUE_CHARS + 20);
+  });
+
+  it('redacts OpenAI-style secret keys (sk-*)', () => {
+    const token = 'sk-proj-' + 'a'.repeat(30);
+    const result = sanitizeForEvidence(`token is ${token}`);
+    expect(result).toContain('___REDACTED___');
+    expect(result).not.toContain(token);
+  });
+
+  it('redacts JWT-like patterns (eyJ*)', () => {
+    const jwt = 'eyJ' + 'a'.repeat(30) + '.bc';
+    const result = sanitizeForEvidence(`Bearer ${jwt}`);
+    expect(result).toContain('___REDACTED___');
+    expect(result).not.toContain(jwt);
+  });
+
+  it('redacts long base64-like strings', () => {
+    const token = 'A'.repeat(50);
+    const result = sanitizeForEvidence(`hash: ${token}`);
+    expect(result).toContain('___REDACTED___');
+    expect(result).not.toContain(token);
+  });
+
+  it('redacts GitHub PATs (ghp_*)', () => {
+    const token = 'ghp_' + 'a'.repeat(40);
+    const result = sanitizeForEvidence(token);
+    expect(result).toContain('___REDACTED___');
+  });
+
+  it('strips internal PD tags from evidence', () => {
+    const result = sanitizeForEvidence('[EMOTIONAL_DAMAGE_DETECTED:severe] something went wrong');
+    expect(result).not.toContain('EMOTIONAL_DAMAGE_DETECTED');
+    expect(result).toContain('something went wrong');
+  });
+
+  it('returns safe string for non-string values', () => {
+    expect(sanitizeForEvidence(42)).toBe('42');
+    expect(sanitizeForEvidence(null)).toBe('');
+    expect(sanitizeForEvidence(undefined)).toBe('');
+  });
+
+  it('converges absolute paths to basename when no workspaceDir', () => {
+    const result = sanitizeForEvidence('/home/user/secrets/token.json');
+    expect(result).toBe('<path:token.json>');
+  });
+
+  it('converges absolute paths to repo-relative when workspaceDir matches', () => {
+    const result = sanitizeForEvidence('/workspace/my-repo/src/index.ts', '/workspace/my-repo');
+    expect(result).toBe('src/index.ts');
+  });
+
+  // ── Path substring sanitization ──
+
+  it('replaces Windows absolute path in command with basename', () => {
+    const result = sanitizeForEvidence('cd D:\\Code\\principles && git status');
+    expect(result).not.toContain('D:\\Code\\principles');
+    expect(result).toContain('principles');
+  });
+
+  it('replaces Windows absolute path in reason with basename', () => {
+    const result = sanitizeForEvidence('error in C:\\Users\\Administrator\\secret.txt');
+    expect(result).not.toContain('C:\\Users\\Administrator');
+    expect(result).not.toContain('Administrator');
+    expect(result).toContain('secret.txt');
+  });
+
+  it('replaces POSIX absolute path in string', () => {
+    const result = sanitizeForEvidence('failed to read /home/user/project/src/config.ts');
+    expect(result).not.toContain('/home/user/project');
+    expect(result).toContain('config.ts');
+  });
+
+  it('converges workspace-internal path in string to repo-relative', () => {
+    const result = sanitizeForEvidence(
+      'edit failed on D:\\Code\\principles\\src\\index.ts',
+      'D:\\Code\\principles',
+    );
+    expect(result).not.toContain('D:\\Code\\principles');
+    expect(result).toContain('src\\index.ts');
+  });
+
+  // ── sanitizeToolParamsForEvidence ──
+
+  it('redacts long content/text/input/new_string fields', () => {
+    const params = {
+      file_path: 'src/file.ts',
+      content: ' data chunk '.repeat(60),
+      text: ' report line '.repeat(60),
+    };
+    const result = sanitizeToolParamsForEvidence(params);
+    expect(result.file_path).toBe('src/file.ts');
+    expect(result.content).toMatch(/___TRUNCATED___$/);
+    expect(result.text).toMatch(/___TRUNCATED___$/);
+    expect(result.content.length).toBeLessThan(500);
+  });
+
+  it('keeps short normal fields intact', () => {
+    const params = { file_path: 'src/index.ts', content: 'short-content', query: 'SELECT * FROM users' };
+    const result = sanitizeToolParamsForEvidence(params);
+    expect(result.file_path).toBe('src/index.ts');
+    expect(result.content).toBe('short-content');
+    expect(result.query).toBe('SELECT * FROM users');
+  });
+
+  it('redacts token-like strings inside content/text fields', () => {
+    const token = 'sk-proj-' + 'a'.repeat(30);
+    const params = { content: `key is ${token}` };
+    const result = sanitizeToolParamsForEvidence(params);
+    expect(result.content).toContain('___REDACTED___');
+    expect(result.content).not.toContain(token);
+  });
+
+  // ── edit params: nested edits array ──
+
+  it('sanitizes edit params with nested edits[].oldText/newText', () => {
+    const secretToken = 'sk-proj-' + 'a'.repeat(30);
+    const params = {
+      file_path: '/repo/src/config.ts',
+      edits: [
+        { oldText: secretToken, newText: 'safe-value' },
+        { oldText: 'const x = 1;', newText: ' data '.repeat(200) },
+      ],
+    };
+    const result = sanitizeToolParamsForEvidence(params, '/repo') as Record<string, unknown>;
+    const edits = result.edits as Array<Record<string, unknown>>;
+    // Token in oldText redacted
+    expect(edits[0].oldText).toContain('___REDACTED___');
+    expect(edits[0].oldText).not.toContain(secretToken);
+    // Short value preserved
+    expect(edits[0].newText).toBe('safe-value');
+    // Long newText truncated
+    expect(edits[1].newText).toMatch(/___TRUNCATED___$/);
+    // file_path converged to relative (workspaceDir provided)
+    expect(result.file_path).toBe('src/config.ts');
+  });
+
+  // ── command/query: token redaction ──
+
+  it('redacts tokens in command and query fields', () => {
+    const jwt = 'eyJ' + 'a'.repeat(30) + '.bc';
+    const skToken = 'sk-proj-' + 'a'.repeat(30);
+    const params = {
+      command: `curl -H "Authorization: Bearer ${jwt}" https://api.example.com`,
+      query: `SELECT * FROM users WHERE api_key = "${skToken}"`,
+    };
+    const result = sanitizeToolParamsForEvidence(params);
+    expect(result.command).toContain('___REDACTED___');
+    expect(result.command).not.toContain(jwt);
+    expect(result.query).toContain('___REDACTED___');
+    expect(result.query).not.toContain(skToken);
+  });
+
+  // ── null/array/string input: no throw ──
+
+  it('handles null input without throwing', () => {
+    expect(() => sanitizeToolParamsForEvidence(null)).not.toThrow();
+    expect(sanitizeToolParamsForEvidence(null)).toEqual({});
+  });
+
+  it('handles array input without throwing', () => {
+    const result = sanitizeToolParamsForEvidence(['a', 'b', 'c']);
+    expect(result['<array-input>']).toBeDefined();
+  });
+
+  it('handles string input without throwing', () => {
+    const result = sanitizeToolParamsForEvidence('raw string input');
+    expect(result['<string-input>']).toBeDefined();
+  });
+
+  it('handles undefined input without throwing', () => {
+    expect(sanitizeToolParamsForEvidence(undefined)).toEqual({});
+  });
+
+  it('handles number input without throwing', () => {
+    expect(sanitizeToolParamsForEvidence(42)).toEqual({});
+  });
+
+  // ── sanitizeValueForEvidence: recursive ──
+
+  it('recursively sanitizes nested objects', () => {
+    const token = 'sk-proj-' + 'a'.repeat(30);
+    const input = { a: { b: { c: token } } };
+    const result = sanitizeValueForEvidence(input) as Record<string, unknown>;
+    const nested = (result.a as Record<string, unknown>).b as Record<string, unknown>;
+    expect(nested.c).toContain('___REDACTED___');
+  });
+
+  it('respects max array items limit', () => {
+    const input = { items: Array.from({ length: 100 }, (_, i) => `item-${i}`) };
+    const result = sanitizeValueForEvidence(input) as Record<string, unknown>;
+    const items = result.items as unknown[];
+    expect(items.length).toBeLessThanOrEqual(22);
+  });
+
+  it('respects max depth limit', () => {
+    const deep: any = { a: { b: { c: { d: { e: 'too deep' } } } } };
+    const result = sanitizeValueForEvidence(deep, 0) as Record<string, unknown>;
+    const a = result.a as Record<string, unknown>;
+    const b = a.b as Record<string, unknown>;
+    const c = b.c as Record<string, unknown>;
+    const d = c.d as Record<string, unknown>;
+    expect(d.e).toBe('<max-depth>');
+  });
 });