npm - principles-disciple - Versions diffs - 1.99.0 → 1.101.0 - Mend

principles-disciple 1.99.0 → 1.101.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/openclaw.plugin.json +1 -1
package/package.json +1 -1
package/src/core/config-health.ts +58 -0
package/src/hooks/trajectory-collector.ts +91 -133
package/src/index.ts +32 -82
package/tests/core/surface-guard.test.ts +7 -9
package/tests/core-anti-growth.test.ts +1 -0
package/tests/evolution-worker-slimming.test.ts +1 -4
package/tests/hooks/trajectory-collector.test.ts +269 -0
package/tests/integration/mvp-surface-registry-guard.test.ts +6 -8

package/openclaw.plugin.json CHANGED Viewed

@@ -2,7 +2,7 @@
   "id": "principles-disciple",
   "name": "Principles Disciple",
   "description": "Evolutionary programming agent framework with strategic guardrails and reflection loops.",
-  "version": "1.99.0",
+  "version": "1.101.0",
   "activation": {
     "onCapabilities": [
       "hook"

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "principles-disciple",
-  "version": "1.99.0",
+  "version": "1.101.0",
   "description": "Native OpenClaw plugin for Principles Disciple",
   "type": "module",
   "main": "./dist/bundle.js",

package/src/core/config-health.ts ADDED Viewed

@@ -0,0 +1,58 @@
+/**
+ * Conversation Access Health Check (PRI-343 / PRI-346)
+ *
+ * Pure function for checking whether OpenClaw plugin config has
+ * allowConversationAccess set to true. When missing, llm_output and
+ * trajectory hooks are silently blocked by OpenClaw, causing evidence
+ * to always be empty (PRI-338 root cause).
+ *
+ * Extracted from index.ts to avoid circular imports when trajectory-collector.ts
+ * needs to check conversation access state (PRI-346).
+ */
+/** Keep in sync with @principles/core CONVERSATION_ACCESS_CONFIG_KEY */
+const CONVERSATION_ACCESS_CONFIG_KEY = 'allowConversationAccess' as const;
+export interface ConversationAccessCheckResult {
+  authorized: boolean;
+  reason?: string;
+  nextAction?: string;
+}
+const CONVERSATION_ACCESS_FIX_COMMAND =
+  'openclaw config set plugins.entries.principles-disciple.hooks.allowConversationAccess true --strict-json';
+/**
+ * PRI-343: Pure function — checks if pluginConfig has hooks.allowConversationAccess === true.
+ * Returns a structured result with reason and nextAction when not authorized (ERR-002).
+ */
+export function checkConversationAccessConfig(pluginConfig: unknown): ConversationAccessCheckResult {
+  if (pluginConfig === null || pluginConfig === undefined || typeof pluginConfig !== 'object' || Array.isArray(pluginConfig)) {
+    return {
+      authorized: false,
+      reason: 'pluginConfig is missing or invalid — conversation hooks cannot be registered',
+      nextAction: CONVERSATION_ACCESS_FIX_COMMAND,
+    };
+  }
+  const config = pluginConfig as Record<string, unknown>;
+  if (typeof config.hooks !== 'object' || config.hooks === null || Array.isArray(config.hooks)) {
+    return {
+      authorized: false,
+      reason: 'allowConversationAccess is not set to true',
+      nextAction: CONVERSATION_ACCESS_FIX_COMMAND,
+    };
+  }
+  const hooks = config.hooks as Record<string, unknown>;
+  if (hooks[CONVERSATION_ACCESS_CONFIG_KEY] !== true) {
+    return {
+      authorized: false,
+      reason: 'allowConversationAccess is not set to true',
+      nextAction: CONVERSATION_ACCESS_FIX_COMMAND,
+    };
+  }
+  return { authorized: true };
+}

package/src/hooks/trajectory-collector.ts CHANGED Viewed

@@ -1,39 +1,38 @@
 /**
- * Trajectory Collector - 行为进化引擎 Phase 0 数据收集
- *
- * 收集工具调用和 LLM 输出到 memory/trajectories/ 目录
- * 用于分析工具使用模式、识别原则应用案例、评估行为质量
+ * Trajectory Collector - message write trajectory recording
+ *
+ * Records message data to memory/trajectories/ JSONL files.
+ * PRI-347 removed tool_call and llm_output JSONL writers (no consumers).
+ * PRI-346 will repurpose handleBeforeMessageWrite for SQLite collection.
  */
 import * as fs from 'fs';
 import * as path from 'path';
 import type {
-  PluginHookAfterToolCallEvent,
-  PluginHookToolContext,
-  PluginHookLlmOutputEvent,
   PluginHookAgentContext,
   PluginHookBeforeMessageWriteEvent
 } from '../openclaw-sdk.js';
 import { MAX_STRING_LENGTH } from '../config/defaults/runtime.js';
+import { WorkspaceContext } from '../core/workspace-context.js';
+import { SystemLogger } from '../core/system-logger.js';
+import { sanitizeForEvidence } from './message-sanitize.js';
+import { checkConversationAccessConfig } from '../core/config-health.js';
 const TRAJECTORY_DIR = 'memory/trajectories/';
 // 敏感字段匹配正则
 const SENSITIVE_KEY_PATTERN = /password|token|authorization|secret|api[_-]?key|credential|cookie|session/i;
-// 最大结果长度（不同于 MAX_STRING_LENGTH）
-const MAX_RESULT_LENGTH = 500;
 /**
  * 递归脱敏处理：遍历对象/数组，移除敏感字段值
  */
 function scrubSensitive(obj: unknown, depth = 0): unknown {
   // 防止无限递归
   if (depth > 10) return '[MAX_DEPTH]';
   // 处理 null/undefined
   if (obj == null) return obj;
   // 处理基本类型
   if (typeof obj !== 'object') {
     if (typeof obj === 'string' && obj.length > MAX_STRING_LENGTH) {
@@ -41,12 +40,12 @@ function scrubSensitive(obj: unknown, depth = 0): unknown {
     }
     return obj;
   }
   // 处理数组
   if (Array.isArray(obj)) {
     return obj.map(item => scrubSensitive(item, depth + 1));
   }
   // 处理对象
   const result: Record<string, unknown> = {};
   for (const [key, value] of Object.entries(obj as Record<string, unknown>)) {
@@ -65,20 +64,20 @@ function scrubSensitive(obj: unknown, depth = 0): unknown {
 class AsyncWriteQueue {
   private readonly queue: (() => Promise<void>)[] = [];
   private processing = false;
   async enqueue(task: () => Promise<void>): Promise<void> {
     this.queue.push(task);
     if (!this.processing) {
       this.processNext();
     }
   }
   private async processNext(): Promise<void> {
     if (this.queue.length === 0) {
       this.processing = false;
       return;
     }
     this.processing = true;
     const task = this.queue.shift();
@@ -92,7 +91,7 @@ class AsyncWriteQueue {
     } catch {
       // Silently fail - trajectory collection should not block main functionality
     }
     // 处理下一个任务
     this.processNext();
   }
@@ -109,11 +108,11 @@ const dirCache = new Map<string, boolean>();
  */
 async function ensureTrajectoryDirAsync(workspaceDir: string): Promise<string> {
   const dir = path.join(workspaceDir, TRAJECTORY_DIR);
   if (dirCache.get(dir)) {
     return dir;
   }
   try {
     await fs.promises.mkdir(dir, { recursive: true });
     dirCache.set(dir, true);
@@ -121,7 +120,7 @@ async function ensureTrajectoryDirAsync(workspaceDir: string): Promise<string> {
     // 目录可能已存在，忽略错误
     dirCache.set(dir, true);
   }
   return dir;
 }
@@ -140,7 +139,7 @@ function getTodayFilename(): string {
  */
 function writeTrajectoryRecord(workspaceDir: string, record: object): void {
   const line = JSON.stringify(record) + '\n';
   writeQueue.enqueue(async () => {
     const dir = await ensureTrajectoryDirAsync(workspaceDir);
     const filepath = path.join(dir, getTodayFilename());
@@ -149,89 +148,34 @@ function writeTrajectoryRecord(workspaceDir: string, record: object): void {
 }
 /**
- * 工具调用完成后的处理
- * 记录：工具名、参数、结果、错误、执行时间
+ * PRI-346: Message write hook with SQLite fallback trajectory recording.
+ *
+ * When allowConversationAccess is NOT set (unauthorized), llm_output is silently
+ * blocked by OpenClaw and trajectory.db has no data. This hook is NOT in
+ * CONVERSATION_HOOK_NAMES, so it always fires — making it the natural fallback.
+ *
+ * De-duplication: only writes to SQLite when llm_output is blocked (unauthorized).
+ * When llm_output is working (authorized), this hook degrades to JSONL-only.
+ *
+ * ERR-002: structured observability when fallback fires.
+ * ERR-001/005: content is sanitized before persisting.
  */
-export function handleAfterToolCall(
-  event: PluginHookAfterToolCallEvent,
-  ctx: PluginHookToolContext & { workspaceDir?: string }
-): void {
-  const {workspaceDir} = ctx;
-  if (!workspaceDir) return;
-  // 递归脱敏处理所有字段
-  const sanitizedParams = scrubSensitive(event.params);
-  const sanitizedResult = event.result == null
-    ? null
-    : String(scrubSensitive(event.result)).slice(0, MAX_RESULT_LENGTH);
-  const sanitizedError = event.error == null
-    ? null
-    : String(scrubSensitive(event.error));
-  writeTrajectoryRecord(workspaceDir, {
-    type: 'tool_call',
-    timestamp: new Date().toISOString(),
-    sessionId: ctx.sessionId || 'unknown',
-    toolName: event.toolName,
-    params: sanitizedParams,
-    result: sanitizedResult,
-    error: sanitizedError,
-    durationMs: event.durationMs,
-    success: !event.error,
-    runId: event.runId || null,
-    toolCallId: event.toolCallId || null
-  });
-}
-/**
- * LLM 输出处理
- * 记录：provider、model、输出长度、token 使用量
- */
-export function handleLlmOutput(
-  event: PluginHookLlmOutputEvent,
-  ctx: PluginHookAgentContext & { workspaceDir?: string }
-): void {
-  const {workspaceDir} = ctx;
-  if (!workspaceDir) return;
-  const totalTextLength = event.assistantTexts?.reduce((sum, text) => sum + (text?.length || 0), 0) || 0;
-  writeTrajectoryRecord(workspaceDir, {
-    type: 'llm_output',
-    timestamp: new Date().toISOString(),
-    sessionId: ctx.sessionId || 'unknown',
-    provider: event.provider,
-    model: event.model,
-    textLength: totalTextLength,
-    outputCount: event.assistantTexts?.length || 0,
-    usage: event.usage ? scrubSensitive(event.usage) : null
-  });
-}
-/**
- * 消息写入前的处理
- * 记录：用户/助手消息内容
- */
 export function handleBeforeMessageWrite(
   event: PluginHookBeforeMessageWriteEvent,
-  ctx: PluginHookAgentContext & { workspaceDir?: string }
+  ctx: PluginHookAgentContext & { workspaceDir?: string; pluginConfig?: unknown }
 ): void {
-  const {workspaceDir} = ctx;
+  const { workspaceDir } = ctx;
   if (!workspaceDir) return;
   const msg = event.message;
   if (!msg || !msg.role) return;
-  // 只记录 user 和 assistant 消息
+  // Only record user and assistant messages
   if (msg.role !== 'user' && msg.role !== 'assistant') return;
-  // 提取文本内容
+  // Extract text content (consistent with existing implementation)
   let content = '';
   if (typeof msg.content === 'string') {
-    // Reason: msg.content is string | ContentPart[]; destructuring would require renaming in the else branch
     content = msg.content;
   } else if (Array.isArray(msg.content)) {
     content = msg.content
@@ -240,56 +184,70 @@ export function handleBeforeMessageWrite(
       .join('\n');
   }
-  // 脱敏处理内容预览
+  // Sanitize content preview for JSONL
   const sanitizedPreview = scrubSensitive(content.slice(0, 200));
+  // Existing JSONL write (always, for backward compatibility)
   writeTrajectoryRecord(workspaceDir, {
     type: 'message',
     timestamp: new Date().toISOString(),
-    sessionId: event.sessionKey || 'unknown',
+    sessionId: event.sessionKey || event.sessionId || 'unknown',
     role: msg.role,
     contentLength: content.length,
     contentPreview: typeof sanitizedPreview === 'string' ? sanitizedPreview : '[sanitized]',
-    agentId: event.agentId || null
+    agentId: event.agentId || null,
+    fallback: 'before_message_write',
   });
-}
-/**
- * 脱敏处理：移除敏感参数（保留旧函数签名以兼容）
- * @deprecated 使用 scrubSensitive 替代
- */
-/**
- * 轨迹汇总统计（供 cron 任务调用）
- */
-export function computeTrajectoryStats(workspaceDir: string): object {
-  const dir = path.join(workspaceDir, TRAJECTORY_DIR);
-  const todayFile = path.join(dir, getTodayFilename());
-  if (!fs.existsSync(todayFile)) {
-    return { date: getTodayFilename(), totalRecords: 0, toolCalls: 0, llmOutputs: 0, messages: 0 };
+  // ── SQLite fallback (PRI-346): only when conversation hooks are blocked ──
+  const accessCheck = checkConversationAccessConfig(ctx.pluginConfig);
+  if (accessCheck.authorized) {
+    // llm_output is working — do NOT duplicate write to SQLite (de-dup, case D)
+    return;
+  }
+  // Conversation hooks blocked — this hook is the fallback trajectory writer
+  if (msg.role === 'assistant') {
+    try {
+      const wctx = WorkspaceContext.fromHookContext({ workspaceDir, logger: ctx.logger });
+      const sanitized = sanitizeForEvidence(content.slice(0, MAX_STRING_LENGTH), workspaceDir);
+      const sessionId = (event.sessionKey as string | undefined) ?? ctx.sessionId ?? 'unknown';
+      wctx.trajectory?.recordAssistantTurn?.({
+        sessionId,
+        runId: 'before_message_write_fallback',
+        provider: 'unknown',
+        model: 'unknown',
+        rawText: content,
+        sanitizedText: sanitized,
+        usageJson: {},
+        empathySignalJson: { detected: false, severity: 'mild', confidence: 1 },
+        createdAt: new Date().toISOString(),
+      });
+    } catch (err) {
+      ctx.logger?.warn?.(`[PD:before_message_write] SQLite fallback write failed: ${String(err)}`);
+    }
+  } else if (msg.role === 'user') {
+    try {
+      const wctx = WorkspaceContext.fromHookContext({ workspaceDir, logger: ctx.logger });
+      const sessionId = (event.sessionKey as string | undefined) ?? ctx.sessionId ?? 'unknown';
+      wctx.trajectory?.recordUserTurn?.({
+        sessionId,
+        turnIndex: 0,
+        rawText: content.slice(0, MAX_STRING_LENGTH),
+        correctionDetected: false,
+        createdAt: new Date().toISOString(),
+      });
+    } catch (err) {
+      ctx.logger?.warn?.(`[PD:before_message_write] SQLite user turn fallback failed: ${String(err)}`);
+    }
   }
-  const content = fs.readFileSync(todayFile, 'utf8');
-  const lines = content.split('\n').filter(line => line.trim());
-  const toolCalls = lines.filter(line => {
-    try { return JSON.parse(line).type === 'tool_call'; } catch { return false; }
-  }).length;
-  const llmOutputs = lines.filter(line => {
-    try { return JSON.parse(line).type === 'llm_output'; } catch { return false; }
-  }).length;
-  const messages = lines.filter(line => {
-    try { return JSON.parse(line).type === 'message'; } catch { return false; }
-  }).length;
-  return {
-    date: getTodayFilename(),
-    totalRecords: lines.length,
-    toolCalls,
-    llmOutputs,
-    messages,
-    generatedAt: new Date().toISOString()
-  };
-}
+  // ERR-002: Structured observability — no silent fallback
+  SystemLogger.log(workspaceDir, 'CONVERSATION_HOOK_BLOCKED', JSON.stringify({
+    reason: accessCheck.reason,
+    nextAction: accessCheck.nextAction,
+    hook: 'llm_output',
+    fallback: 'before_message_write',
+    role: msg.role,
+  }));
+}

package/src/index.ts CHANGED Viewed

@@ -16,9 +16,13 @@ import type {
   PluginHookSubagentSpawningEvent,
   PluginHookSubagentSpawningResult,
   PluginHookSubagentContext,
+  PluginHookBeforeMessageWriteEvent,
 } from './openclaw-sdk.js';
 import * as path from 'path';
 import { loadFeatureFlagFromConfig } from './core/pd-config-loader.js';
+import { checkConversationAccessConfig } from './core/config-health.js';
+export { checkConversationAccessConfig } from './core/config-health.js';
+export type { ConversationAccessCheckResult } from './core/config-health.js';
 import { classifyTask } from './core/local-worker-routing.js';
 import { completeShadowObservation, recordShadowRouting } from './core/shadow-observation-registry.js';
 import { getCommandDescription } from './i18n/commands.js';
@@ -28,8 +32,8 @@ import { handleBeforeToolCall } from './hooks/gate.js';
 import { handleAfterToolCall } from './hooks/pain.js';
 import { handleBeforeReset, handleBeforeCompaction, handleAfterCompaction } from './hooks/lifecycle.js';
 import { handleLlmOutput } from './hooks/llm.js';
-import { handleSubagentEnded } from './hooks/subagent.js';
 import * as TrajectoryCollector from './hooks/trajectory-collector.js';
+import { handleSubagentEnded } from './hooks/subagent.js';
 import { handleInitStrategy } from './commands/strategy.js';
 import { handleBootstrapTools, handleResearchTools } from './commands/capabilities.js';
 import { handleThinkingOs } from './commands/thinking-os.js';
@@ -71,57 +75,8 @@ const startedWorkspaces = new Set<string>();
 const pendingShadowObservations = new Map<string, string>();
 // ── Conversation Access Health Check (PRI-343) ────────────────────────────
-// Pure function for checking whether OpenClaw plugin config has
-// allowConversationAccess set to true. When missing, llm_output and
-// trajectory hooks are silently blocked by OpenClaw, causing evidence
-// to always be empty (PRI-338 root cause).
-/** Keep in sync with @principles/core CONVERSATION_ACCESS_CONFIG_KEY */
-const CONVERSATION_ACCESS_CONFIG_KEY = 'allowConversationAccess' as const;
-export interface ConversationAccessCheckResult {
-  authorized: boolean;
-  reason?: string;
-  nextAction?: string;
-}
-const CONVERSATION_ACCESS_FIX_COMMAND =
-  'openclaw config set plugins.entries.principles-disciple.hooks.allowConversationAccess true --strict-json';
-/**
- * PRI-343: Pure function — checks if pluginConfig has hooks.allowConversationAccess === true.
- * Returns a structured result with reason and nextAction when not authorized (ERR-002).
- */
-export function checkConversationAccessConfig(pluginConfig: unknown): ConversationAccessCheckResult {
-  if (pluginConfig === null || pluginConfig === undefined || typeof pluginConfig !== 'object' || Array.isArray(pluginConfig)) {
-    return {
-      authorized: false,
-      reason: 'pluginConfig is missing or invalid — conversation hooks cannot be registered',
-      nextAction: CONVERSATION_ACCESS_FIX_COMMAND,
-    };
-  }
-  const config = pluginConfig as Record<string, unknown>;
-  if (typeof config.hooks !== 'object' || config.hooks === null || Array.isArray(config.hooks)) {
-    return {
-      authorized: false,
-      reason: 'allowConversationAccess is not set to true',
-      nextAction: CONVERSATION_ACCESS_FIX_COMMAND,
-    };
-  }
-  const hooks = config.hooks as Record<string, unknown>;
-  if (hooks[CONVERSATION_ACCESS_CONFIG_KEY] !== true) {
-    return {
-      authorized: false,
-      reason: 'allowConversationAccess is not set to true',
-      nextAction: CONVERSATION_ACCESS_FIX_COMMAND,
-    };
-  }
-  return { authorized: true };
-}
+// Re-exported from core/config-health.ts for backward compatibility.
+// Implementation moved to avoid circular imports with trajectory-collector.ts.
 // ── Feature Flag Loader (plugin I/O boundary) ─────────────────────────────
 // Reads workspace feature-flags.yaml and checks a specific flag.
@@ -436,36 +391,6 @@ const plugin = {
       })
     );
-    // ── Hook: Trajectory Collection (Behavior Evolution Phase 0) ──
-    // Note: after_tool_call and llm_output are safe to collect
-    api.on(
-      'after_tool_call',
-      guardHook('hook:after_tool_call.trajectory', api.logger, (event: PluginHookAfterToolCallEvent, ctx: PluginHookToolContext): void => {
-        try {
-          const workspaceDir = resolveToolHookWorkspaceDirSafe(ctx, api, 'trajectory.after_tool_call');
-          if (!workspaceDir) return;
-          TrajectoryCollector.handleAfterToolCall(event, { ...ctx, workspaceDir });
-          // eslint-disable-next-line @typescript-eslint/no-unused-vars -- Reason: catch binding intentionally unused
-        } catch (_err) {
-          // Non-critical: don't log, just skip
-        }
-      })
-    );
-    api.on(
-      'llm_output',
-      guardHook('hook:llm_output.trajectory', api.logger, (event: PluginHookLlmOutputEvent, ctx: PluginHookAgentContext): void => {
-        try {
-          const workspaceDir = resolveToolHookWorkspaceDirSafe(ctx, api, 'trajectory.llm_output');
-          if (!workspaceDir) return;
-          TrajectoryCollector.handleLlmOutput(event, { ...ctx, workspaceDir });
-          // eslint-disable-next-line @typescript-eslint/no-unused-vars -- Reason: catch binding intentionally unused
-        } catch (_err) {
-          // Non-critical: don't log, just skip
-        }
-      })
-    );
     // ── Hook: Subagent Loop Closure ──
     api.on(
       'subagent_spawning',
@@ -598,6 +523,31 @@ const plugin = {
       return handleAfterCompaction(event, { ...ctx, workspaceDir: wsResult.workspaceDir });
     }));
+    // ── Hook: Before Message Write (PRI-346) ──
+    // Fallback trajectory collection when llm_output is blocked by
+    // missing allowConversationAccess. Not in CONVERSATION_HOOK_NAMES
+    // so OpenClaw always delivers it.
+    api.on(
+      'before_message_write',
+      guardHook('hook:before_message_write', api.logger, (event: PluginHookBeforeMessageWriteEvent, ctx: PluginHookAgentContext): void => {
+        const wsResult = resolveHookWorkspaceDir(ctx, api, 'before_message_write');
+        if (!wsResult.ok) {
+          api.logger.warn(`[PD:before_message_write] workspaceDir resolution failed: ${wsResult.reason}`);
+          return;
+        }
+        try {
+          TrajectoryCollector.handleBeforeMessageWrite(event, {
+            ...ctx,
+            workspaceDir: wsResult.workspaceDir,
+            pluginConfig: api.pluginConfig,
+          });
+        } catch (err) {
+          // Non-critical: don't surface to user
+          api.logger.warn(`[PD:before_message_write] error: ${String(err)}`);
+        }
+      })
+    );
     // ── Service Registration (surface-guarded) ──
     // PRI-294: EvolutionWorker service registration removed — it starts via
     // before_prompt_build hook gate, not via api.registerService. The surface

package/tests/core/surface-guard.test.ts CHANGED Viewed

@@ -93,8 +93,8 @@ describe('surface-guard', () => {
     });
     it('allows override for quiet surface', () => {
-      const result = isSurfaceEnabled('hook:after_tool_call.trajectory', {
-        'hook:after_tool_call.trajectory': true,
+      const result = isSurfaceEnabled('hook:subagent_spawning', {
+        'hook:subagent_spawning': true,
       });
       expect(result.enabled).toBe(true);
     });
@@ -308,15 +308,13 @@ describe('surface-guard', () => {
       }
     });
-    it('trajectory hook disabledReason is opt-in and ADR-anchored (PRI-298)', () => {
-      const trajectory = PLUGIN_SURFACE_REGISTRY.find(
-        s => s.id === 'hook:after_tool_call.trajectory',
+    it('subagent hook disabledReason is opt-in and ADR-anchored (PRI-298)', () => {
+      const subagent = PLUGIN_SURFACE_REGISTRY.find(
+        s => s.id === 'hook:subagent_spawning',
       );
-      expect(trajectory?.disabledReason).toBeDefined();
-      const reason = trajectory!.disabledReason!.toLowerCase();
+      expect(subagent?.disabledReason).toBeDefined();
+      const reason = subagent!.disabledReason!.toLowerCase();
       // Quiet hook copy is opt-in / opt-out anchored on a real ADR section
-      // (no MVP-phase residue, no promise of a feature-flag override that
-      // the production guard path does not actually consume — chatgpt P2).
       expect(reason).toContain('opt-in');
       expect(reason).toContain('default off');
       expect(reason).toMatch(/adr-?0014/);

package/tests/core-anti-growth.test.ts CHANGED Viewed

@@ -125,6 +125,7 @@ describe('PRI-212 plugin core anti-growth guard', () => {
     'workspace-guidance-migrator.ts',
     'surface-guard.ts',
     'pd-config-loader.ts',
+    'config-health.ts',  // PRI-346: conversation access check extracted to avoid circular imports
   ] as const;
   // Category 6: Test files

package/tests/evolution-worker-slimming.test.ts CHANGED Viewed

@@ -139,13 +139,12 @@ describe('PRI-294: Surface registry coverage audit', () => {
     'hook:before_tool_call',
     'hook:after_tool_call',
     'hook:llm_output',
-    'hook:after_tool_call.trajectory',
-    'hook:llm_output.trajectory',
     'hook:subagent_spawning',
     'hook:subagent_ended',
     'hook:before_reset',
     'hook:before_compaction',
     'hook:after_compaction',
+    'hook:before_message_write',  // PRI-346: SQLite fallback trajectory collection
     // Services registered via guardService
     'service:correction-observer',
     'service:trajectory',
@@ -257,8 +256,6 @@ describe('PRI-294: MVP core hooks enabled, non-core disabled', () => {
   ];
   const QUIET_HOOKS = [
-    'hook:after_tool_call.trajectory',
-    'hook:llm_output.trajectory',
     'hook:subagent_spawning',
     'hook:subagent_ended',
     'hook:before_reset',

package/tests/hooks/trajectory-collector.test.ts ADDED Viewed

@@ -0,0 +1,269 @@
+/**
+ * Trajectory Collector — before_message_write hook tests (PRI-346)
+ *
+ * Cases A–F verify:
+ *  A: hook registration via api.on('before_message_write', ...)
+ *  B: assistant message → SQLite fallback when unauthorized
+ *  C: user message → user_turns; non-user/assistant → skip
+ *  D: authorized → no SQLite write (de-duplication)
+ *  E: CONVERSATION_HOOK_BLOCKED observability log
+ *  F: privacy / path redaction in sanitized text
+ */
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import type { OpenClawPluginApi, PluginHookBeforeMessageWriteEvent, PluginHookAgentContext } from '../../src/openclaw-sdk.js';
+// Mock heavy dependencies before importing the module under test
+const mockRecordAssistantTurn = vi.fn(() => 42);
+const mockRecordUserTurn = vi.fn(() => 1);
+vi.mock('../../src/core/workspace-context.js', () => {
+  return {
+    WorkspaceContext: {
+      fromHookContext: vi.fn(() => ({
+        trajectory: {
+          recordAssistantTurn: mockRecordAssistantTurn,
+          recordUserTurn: mockRecordUserTurn,
+        },
+        workspaceDir: '/mock/workspace',
+        stateDir: '/mock/workspace/.state',
+      })),
+    },
+  };
+});
+vi.mock('../../src/core/system-logger.js', () => ({
+  SystemLogger: {
+    log: vi.fn(),
+  },
+}));
+vi.mock('../../src/hooks/message-sanitize.js', () => ({
+  sanitizeForEvidence: vi.fn((text: string, _wsDir?: string) => {
+    // Simulate path redaction: replace C:\Users\... patterns
+    return text.replace(/C:\\Users\\[^\s]+/gi, '[PATH_REDACTED]');
+  }),
+}));
+// fs mock: prevent real file I/O from writeTrajectoryRecord
+vi.mock('fs', () => {
+  const memfs: Record<string, string> = {};
+  return {
+    existsSync: vi.fn(() => true),
+    mkdirSync: vi.fn(),
+    promises: {
+      mkdir: vi.fn(),
+      appendFile: vi.fn(async (filepath: string, data: string) => {
+        memfs[filepath] = (memfs[filepath] ?? '') + data;
+      }),
+    },
+    appendFile: vi.fn(),
+    __memfs: memfs,
+  };
+});
+import { handleBeforeMessageWrite } from '../../src/hooks/trajectory-collector.js';
+import { WorkspaceContext } from '../../src/core/workspace-context.js';
+import { SystemLogger } from '../../src/core/system-logger.js';
+import plugin from '../../src/index.js';
+function makeEvent(role: string, content: string | unknown[]): PluginHookBeforeMessageWriteEvent {
+  return {
+    message: { role, content },
+    sessionKey: 'sess-001',
+    sessionId: 'sess-001',
+    agentId: 'main',
+  };
+}
+const unauthorizedConfig = { hooks: { allowConversationAccess: false } };
+const authorizedConfig = { hooks: { allowConversationAccess: true } };
+function makeCtx(pluginConfig: unknown, workspaceDir: string | null = '/mock/workspace') {
+  return {
+    workspaceDir: workspaceDir === null ? undefined : workspaceDir,
+    pluginConfig,
+    sessionId: 'sess-001',
+    agentId: 'main',
+    logger: { debug: vi.fn(), info: vi.fn(), warn: vi.fn(), error: vi.fn() },
+  } as PluginHookAgentContext & { workspaceDir?: string; pluginConfig?: unknown };
+}
+describe('PRI-346: before_message_write hook', () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+  // ── Case A: hook registration ──────────────────────────────────────────────
+  describe('Case A — hook is registered', () => {
+    it('calls api.on with "before_message_write"', () => {
+      const onSpy = vi.fn();
+      const mockApi = {
+        rootDir: '/mock',
+        pluginConfig: { language: 'en' },
+        logger: { debug: vi.fn(), info: vi.fn(), warn: vi.fn(), error: vi.fn() },
+        config: {},
+        registerCommand: vi.fn(),
+        registerService: vi.fn(),
+        registerTool: vi.fn(),
+        registerHttpRoute: vi.fn(),
+        on: onSpy,
+      } as unknown as OpenClawPluginApi;
+      plugin.register(mockApi);
+      const registeredEvents = onSpy.mock.calls.map((c: unknown[]) => c[0]);
+      expect(registeredEvents).toContain('before_message_write');
+    });
+  });
+  // ── Case B: assistant message → SQLite when unauthorized ───────────────────
+  describe('Case B — assistant message writes to SQLite when unauthorized', () => {
+    it('calls recordAssistantTurn once', () => {
+      const event = makeEvent('assistant', 'Hello, how can I help?');
+      const ctx = makeCtx(unauthorizedConfig);
+      handleBeforeMessageWrite(event, ctx);
+      expect(mockRecordAssistantTurn).toHaveBeenCalledTimes(1);
+      const call = mockRecordAssistantTurn.mock.calls[0][0];
+      expect(call.sessionId).toBe('sess-001');
+      expect(call.runId).toBe('before_message_write_fallback');
+      expect(call.provider).toBe('unknown');
+      expect(call.model).toBe('unknown');
+    });
+  });
+  // ── Case C: user → user_turns; tool → skip ─────────────────────────────────
+  describe('Case C — user message and non-user/assistant', () => {
+    it('calls recordUserTurn for role=user', () => {
+      const event = makeEvent('user', 'Fix this bug please');
+      const ctx = makeCtx(unauthorizedConfig);
+      handleBeforeMessageWrite(event, ctx);
+      expect(mockRecordUserTurn).toHaveBeenCalledTimes(1);
+      expect(mockRecordAssistantTurn).not.toHaveBeenCalled();
+    });
+    it('skips writing for role=tool', () => {
+      const event = makeEvent('tool', 'tool output here');
+      const ctx = makeCtx(unauthorizedConfig);
+      handleBeforeMessageWrite(event, ctx);
+      expect(mockRecordAssistantTurn).not.toHaveBeenCalled();
+      expect(mockRecordUserTurn).not.toHaveBeenCalled();
+    });
+    it('handles array content (multipart messages)', () => {
+      const content = [
+        { type: 'text', text: 'Part one' },
+        { type: 'image_url', url: 'http://example.com/img.png' },
+        { type: 'text', text: 'Part two' },
+      ];
+      const event = makeEvent('assistant', content);
+      const ctx = makeCtx(unauthorizedConfig);
+      handleBeforeMessageWrite(event, ctx);
+      expect(mockRecordAssistantTurn).toHaveBeenCalledTimes(1);
+      const call = mockRecordAssistantTurn.mock.calls[0][0];
+      expect(call.rawText).toContain('Part one');
+      expect(call.rawText).toContain('Part two');
+    });
+  });
+  // ── Case D: de-duplication (authorized → no SQLite) ────────────────────────
+  describe('Case D — authorized config skips SQLite (de-dup)', () => {
+    it('does NOT call recordAssistantTurn when authorized', () => {
+      const event = makeEvent('assistant', 'Normal response');
+      const ctx = makeCtx(authorizedConfig);
+      handleBeforeMessageWrite(event, ctx);
+      expect(mockRecordAssistantTurn).not.toHaveBeenCalled();
+      expect(mockRecordUserTurn).not.toHaveBeenCalled();
+    });
+    it('does NOT call SystemLogger.log when authorized', () => {
+      const event = makeEvent('assistant', 'Normal response');
+      const ctx = makeCtx(authorizedConfig);
+      handleBeforeMessageWrite(event, ctx);
+      expect(SystemLogger.log).not.toHaveBeenCalled();
+    });
+  });
+  // ── Case E: CONVERSATION_HOOK_BLOCKED observability ─────────────────────────
+  describe('Case E — CONVERSATION_HOOK_BLOCKED logged when unauthorized', () => {
+    it('logs with reason + nextAction', () => {
+      const event = makeEvent('assistant', 'Some response');
+      const ctx = makeCtx(unauthorizedConfig);
+      handleBeforeMessageWrite(event, ctx);
+      expect(SystemLogger.log).toHaveBeenCalledWith(
+        '/mock/workspace',
+        'CONVERSATION_HOOK_BLOCKED',
+        expect.any(String),
+      );
+      const payload = JSON.parse(
+        (SystemLogger.log as ReturnType<typeof vi.fn>).mock.calls[0][2] as string
+      );
+      expect(payload.reason).toBeDefined();
+      expect(payload.nextAction).toBeDefined();
+      expect(payload.hook).toBe('llm_output');
+      expect(payload.fallback).toBe('before_message_write');
+      expect(payload.role).toBe('assistant');
+    });
+  });
+  // ── Case F: privacy / path redaction ────────────────────────────────────────
+  describe('Case F — sensitive path is redacted in sanitizedText', () => {
+    it('sanitizedText does not contain the raw path', () => {
+      const sensitiveContent = 'The file is at C:\\Users\\sensitive\\path\\secret.txt please check it';
+      const event = makeEvent('assistant', sensitiveContent);
+      const ctx = makeCtx(unauthorizedConfig);
+      handleBeforeMessageWrite(event, ctx);
+      expect(mockRecordAssistantTurn).toHaveBeenCalledTimes(1);
+      const call = mockRecordAssistantTurn.mock.calls[0][0];
+      expect(call.sanitizedText).not.toContain('C:\\Users\\sensitive\\path');
+    });
+  });
+  // ── Edge cases ─────────────────────────────────────────────────────────────
+  describe('Edge cases', () => {
+    it('returns early when workspaceDir is missing', () => {
+      mockRecordAssistantTurn.mockReset();
+      mockRecordUserTurn.mockReset();
+      const event = makeEvent('assistant', 'Hello');
+      const ctx = makeCtx(unauthorizedConfig, null);
+      // Should not throw
+      handleBeforeMessageWrite(event, ctx);
+      expect(mockRecordAssistantTurn).not.toHaveBeenCalled();
+    });
+    it('returns early when message is null/undefined', () => {
+      const event = { message: null as unknown as { role?: string }, sessionKey: 's' } as PluginHookBeforeMessageWriteEvent;
+      const ctx = makeCtx(unauthorizedConfig);
+      handleBeforeMessageWrite(event, ctx);
+      expect(mockRecordAssistantTurn).not.toHaveBeenCalled();
+    });
+    it('handles missing pluginConfig gracefully', () => {
+      const event = makeEvent('assistant', 'Hello');
+      const ctx = makeCtx(undefined);
+      handleBeforeMessageWrite(event, ctx);
+      // pluginConfig undefined → unauthorized → fallback fires
+      expect(mockRecordAssistantTurn).toHaveBeenCalledTimes(1);
+    });
+  });
+});

package/tests/integration/mvp-surface-registry-guard.test.ts CHANGED Viewed

@@ -186,18 +186,16 @@ describe('MVP Surface Registry Guard (PRI-289)', () => {
       }
     });
-    it('after_tool_call has two registrations: core + trajectory', () => {
+    it('after_tool_call has one registration: core only', () => {
       const afterToolCallRegs = registrations.filter(r => r.event === 'after_tool_call');
-      expect(afterToolCallRegs.length).toBe(2);
+      expect(afterToolCallRegs.length).toBe(1);
       expect(afterToolCallRegs[0].surfaceId).toBe('hook:after_tool_call');
-      expect(afterToolCallRegs[1].surfaceId).toBe('hook:after_tool_call.trajectory');
     });
-    it('llm_output has two registrations: core + trajectory', () => {
+    it('llm_output has one registration: core only', () => {
       const llmOutputRegs = registrations.filter(r => r.event === 'llm_output');
-      expect(llmOutputRegs.length).toBe(2);
+      expect(llmOutputRegs.length).toBe(1);
       expect(llmOutputRegs[0].surfaceId).toBe('hook:llm_output');
-      expect(llmOutputRegs[1].surfaceId).toBe('hook:llm_output.trajectory');
     });
     it('total api.on registrations with guardHook match registry hook count', () => {
@@ -375,14 +373,14 @@ describe('MVP Surface Registry Guard (PRI-289)', () => {
     it('isSurfaceEnabled returns false for quiet surfaces by default', async () => {
       const { isSurfaceEnabled } = await import('../../src/core/surface-guard.js');
-      const result = isSurfaceEnabled('hook:after_tool_call.trajectory');
+      const result = isSurfaceEnabled('hook:subagent_spawning');
       expect(result.enabled).toBe(false);
       expect(result.reason).toBeDefined();
     });
     it('isSurfaceEnabled allows quiet surfaces with explicit override', async () => {
       const { isSurfaceEnabled } = await import('../../src/core/surface-guard.js');
-      const result = isSurfaceEnabled('hook:after_tool_call.trajectory', { 'hook:after_tool_call.trajectory': true });
+      const result = isSurfaceEnabled('hook:subagent_spawning', { 'hook:subagent_spawning': true });
       expect(result.enabled).toBe(true);
     });