npm - sentinel-agentos - Versions diffs - 0.1.3 → 0.2.0 - Mend

sentinel-agentos 0.1.3 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md +667 -0
package/dist/cli.js +102 -0
package/dist/cli.js.map +1 -1
package/package.json +8 -3
package/scripts/sentinel-light.js +233 -0

package/README.md CHANGED Viewed

@@ -793,6 +793,36 @@ const entries = api.auditQuery({ minScore: 3.0 }); // 高风险操作 · High-ri
 ```
 </details>
+<details>
+<summary><b>Q: Sentinel AgentOS 需要 API Key 吗？ · Does it need an API Key?</b></summary>
+不需要。Sentinel AgentOS 的 Guard / Memory / Evaluator 层都是纯确定性代码，不调用任何外部 AI API。唯一的鉴权是 HTTP API 模式下可选的 `--token` 参数。
+*No. All Guard/Memory/Evaluator layers are pure deterministic code with zero external API calls. The only authentication is the optional `--token` for HTTP API mode.*
+</details>
+<details>
+<summary><b>Q: HTTP API Token 怎么设置？ · How to set HTTP API token?</b></summary>
+三种方式：
+1. 命令行参数：`npx sentinel-agentos server --port 3300 --token my-secret`
+2. 代码中配置：`createServer({ port: 3300, apiToken: 'my-secret' })`
+3. 环境变量：`AGENTOS_TOKEN=*** npx sentinel-agentos server`
+不设置 Token 则不加鉴权（仅适合本地开发环境）。
+*Three ways: CLI flag, code config, or AGENTOS_TOKEN env var. No token = no auth (local dev only).*
+</details>
+<details>
+<summary><b>Q: Token 泄漏了怎么办？ · What if token leaks?</b></summary>
+重启服务，换一个新 Token 即可：
+1. 生成新 Token：`openssl rand -hex 32`
+2. 重启 sentinel-agentos server 使用新 Token
+3. 更新所有客户端调用
+Sentinel AgentOS 的 Token 是服务端本地验证的，无需到任何平台撤销。
+*Restart server with a new token. No external platform involved — tokens are validated locally.*
+</details>
 ---
 ## 🗺️ 路线图 · Roadmap
@@ -809,6 +839,643 @@ const entries = api.auditQuery({ minScore: 3.0 }); // 高风险操作 · High-ri
 ---
+## 🔑 Token 与鉴权说明
+Sentinel AgentOS 本身**不依赖外部 AI API**，所有 Guard / Memory / Evaluator 都是纯确定性代码。唯一的鉴权需求来自 **HTTP API 模式**下的 `server` 命令。
+### HTTP API Token 鉴权
+启动 HTTP 服务后，除 `/health` 外所有端点都需要 Bearer Token 鉴权。
+#### 启动时设置 Token
+```bash
+# 方式一：命令行参数
+npx sentinel-agentos server --port 3300 --token my-secret-token-123
+# 方式二：代码中配置
+import { createServer } from 'sentinel-agentos';
+const server = createServer({ port: 3300, apiToken: 'my-secret-token-123' });
+await server.start();
+```
+#### 客户端调用
+```bash
+# 所有 API（/health 除外）都需要 Authorization header
+curl -H "Authorization: Bearer my-secret-token-123" \
+  http://localhost:3300/pipeline/profile
+# Token 不匹配 → 401 Unauthorized
+curl http://localhost:3300/pipeline/profile
+# → {"error":"Unauthorized: invalid or missing API token"}
+```
+#### Token 未设置时
+如果不传 `--token` 或 `apiToken`，服务**不加鉴权**，所有端点可自由访问。适用于本地开发环境，生产环境**强烈建议设置 Token**。
+```bash
+# 无鉴权模式（仅限本地开发）
+npx sentinel-agentos server --port 3300
+# 所有端点无需 Authorization header
+```
+#### Token 最佳实践
+| 环境 | Token 策略 | 示例 |
+|------|----------|------|
+| 本地开发 | 可不用 Token | `npx sentinel-agentos server --port 3300` |
+| 本机测试 | 简短 Token | `--token dev-123` |
+| 生产环境 | 强随机 Token | `--token $(openssl rand -hex 32)` |
+| Docker / CI | 环境变量注入 | `--token $AGENTOS_API_TOKEN` |
+| 跨语言调用 | HTTP header | `Authorization: Bearer <token>` |
+### 环境变量配置
+除 Token 外，Sentinel AgentOS 没有其他必填环境变量。可选的环境变量：
+| 环境变量 | 说明 | 默认值 |
+|---------|------|--------|
+| `HOME` / `USERPROFILE` | 持久化存储根目录 | 系统默认 |
+| `AGENTOS_WORKSPACE` | workspace 根目录 | `process.cwd()` |
+| `AGENTOS_TOKEN` | API Token（备选方式） | — |
+---
+## 📋 完整接口使用说明
+> 本章汇总 Sentinel AgentOS 所有接口——CLI、SDK、HTTP API、中间件、沙箱——作为完整参考。
+### 命令一览
+| 分类 | 接口/命令 | 说明 |
+|------|---------|------|
+| CLI | `validate` | 参数格式校验（Schema Gate） |
+| CLI | `risk` | 风险评分（Risk Gate） |
+| CLI | `audit` | 查询审计日志 |
+| CLI | `stats` | 审计统计（JSON） |
+| CLI | `profile` | Agent 质量画像（JSON） |
+| CLI | `status` | 质量状态报告（人类可读） |
+| CLI | `server` | 启动 HTTP API 服务 |
+| CLI | `memory` | 查看注入上下文 |
+| CLI | `help` | 帮助信息 |
+| SDK | `AgentOS` | 主类，完整流水线 |
+| SDK | `AgentOSAPI` | SDK 协议层（25+ 方法） |
+| SDK | `SchemaGate` / `RiskGate` 等 | 独立组件 |
+| SDK | `wrapAgent` | 一行接入中间件 |
+| SDK | `sentinelPlugin` | OpenClaw 插件 |
+| SDK | `SandboxExecutor` | 沙箱执行器 |
+| HTTP | `POST /pipeline/pre` | 执行前校验 |
+| HTTP | `POST /pipeline/post` | 执行后验证 |
+| HTTP | `GET /pipeline/report` | 状态报告 |
+| HTTP | `GET /pipeline/profile` | 质量画像 |
+| HTTP | `POST /guard/schema` | 注册 Schema 规则 |
+| HTTP | `GET /guard/schema` | 查看 Schema 规则 |
+| HTTP | `POST /memory/preference` | 设置偏好 |
+| HTTP | `POST /memory/fact` | 添加事实 |
+| HTTP | `POST /memory/rule` | 学习规则 |
+| HTTP | `GET /memory/context` | 获取注入上下文 |
+| HTTP | `GET /audit` | 查询审计日志 |
+| HTTP | `POST /feedback` | 记录反馈 |
+| HTTP | `POST /session/end` | 结束 session |
+| HTTP | `GET /health` | 健康检查（免 Token） |
+---
+### CLI 接口
+```
+sentinel-agentos <command> [args...]
+```
+#### `validate` — 参数格式校验
+```bash
+# 新语法（推荐）
+sentinel-agentos validate <tool> [key=value...]
+# 校验 exec 命令
+sentinel-agentos validate exec command="rm -rf /"
+# → {"pass":true,"errors":[]}
+# 校验 write_file（会被 pathDeny 拦截）
+sentinel-agentos validate write_file path=.env content=hello
+# → {"pass":false,"errors":[{"field":"path","message":"path matches deny pattern"}]}
+# 旧语法（--tool + --params JSON）
+sentinel-agentos validate --tool exec --params '{"command":"npm test"}'
+```
+| 参数 | 说明 |
+|------|------|
+| `<tool>` | 工具名称（如 `exec`, `write_file`, `delete_file`） |
+| `key=value` | 参数键值对，支持 `key="带空格的值"`，自动检测类型 |
+#### `risk` — 风险评分
+```bash
+sentinel-agentos risk exec command="sudo reboot"
+# → {"score":8.5,"action":"deny","dimensions":{"impact":3,"reversibility":0.2,...}}
+sentinel-agentos risk exec command="npm test"
+# → {"score":0.19,"action":"auto",...}
+```
+| 风险等级 | 分数 | 动作 |
+|---------|------|------|
+| 🟢 Auto | ≤ 0.5 | 自动放行 |
+| 🔵 Notify | ≤ 1.0 | 执行后通知 |
+| 🟡 Confirm | ≤ 3.0 | 暂停等待确认 |
+| 🔴 Deny | > 8.0 | 直接拒绝 |
+#### `audit` — 查询审计日志
+```bash
+sentinel-agentos audit --limit 10
+# → [{id, sessionId, toolName, verifyStatus, riskScore, ...}, ...]
+sentinel-agentos audit --limit 5
+```
+#### `stats` / `profile` / `status` — 统计与画像
+```bash
+# 审计统计（JSON）
+sentinel-agentos stats
+# → {"totalOperations":156,"verifyFailures":2,"highRiskOps":3,...}
+# Agent 质量画像（JSON）
+sentinel-agentos profile
+# → {"overallScore":85,"breakdown":{...},"trends":{...},"warnings":[...]}
+# 质量状态报告（人类可读）
+sentinel-agentos status
+# → 文本报告
+```
+#### `server` — 启动 HTTP API 服务
+```bash
+sentinel-agentos server --port 3300 --token ***
+# → 🛡️ Sentinel AgentOS HTTP server → http://127.0.0.1:3300
+# 可选项
+sentinel-agentos server --port 8080 --host 0.0.0.0 --token ***
+```
+| 参数 | 默认值 | 说明 |
+|------|--------|------|
+| `--port <N>` | `3300` | 服务端口 |
+| `--host <IP>` | `127.0.0.1` | 绑定地址 |
+| `--token <str>` | — | API 鉴权 Token（不设则无鉴权） |
+#### `memory` — 查看记忆上下文
+```bash
+sentinel-agentos memory
+# → 当前 semantic + episodic 注入的上下文文本
+```
+---
+### SDK 接口
+#### `AgentOS` — 主类
+```typescript
+import { AgentOS } from 'sentinel-agentos';
+const aos = new AgentOS({
+  workspaceRoot: process.cwd(),  // 工作区根目录
+  maxWorkingTokens: 50000,       // 工作记忆 token 上限
+  maxEpisodicSizeKb: 500,        // 情景记忆大小上限 (KB)
+  guardConfig: {                 // Guard 配置
+    riskGate: {
+      autoApprove: 0.5,
+      notify: 1.0,
+      confirm: 3.0,
+      deny: 8.0,
+    },
+  },
+});
+```
+**构造函数参数 `AgentOSConfig`**：
+| 字段 | 类型 | 默认值 | 说明 |
+|------|------|--------|------|
+| `workspaceRoot` | string | `process.cwd()` | 工作区根目录，持久化存储位置 |
+| `maxWorkingTokens` | number | `50000` | 工作记忆最大 token 数 |
+| `maxEpisodicSizeKb` | number | `500` | 情景记忆最大大小 (KB) |
+| `guardConfig.riskGate` | object | 见上 | 风险评分阈值覆盖 |
+| `evaluatorConfig.implicitFeedbackEnabled` | boolean | — | 隐性反馈开关 |
+**核心方法**：
+| 方法 | 返回 | 说明 |
+|------|------|------|
+| `executePipeline({...})` | `{preExec, snapshot, profile}` | 执行前校验流水线（Schema + Risk + Snapshot） |
+| `completeExecution({...})` | `{runtime, postExec, auditEntry, profile}` | 执行后验证流水线（Verify + Audit） |
+| `recordFeedback(signal, sessionId)` | `void` | 记录隐性用户反馈 |
+| `injectContext()` | `string` | 注入记忆上下文（session 启动时调用） |
+| `endSession(sessionId)` | `void` | 结束 session（清空 Working Memory） |
+| `getProfile(sessionId?)` | `AgentProfile` | 获取 Agent 质量画像 |
+| `getAuditStats()` | 审计统计 | 获取审计统计 |
+| `statusReport()` | `string` | 获取人类可读的状态报告 |
+**访问子组件**：
+```typescript
+// Guard 层
+aos.guard.schema    // SchemaGate — 注册/查询校验规则
+aos.guard.risk      // RiskGate — 风险评分引擎
+aos.guard.snapshot  // SnapshotGate — 执行前快照
+aos.guard.verify    // VerifyGate — 执行后验证
+aos.guard.audit     // AuditLog — 审计日志
+// Memory 层
+aos.memory.working   // WorkingMemory — 当前会话工作记忆
+aos.memory.episodic  // EpisodicMemory — 跨会话事件时间线
+aos.memory.semantic  // SemanticMemoryStore — 永久知识
+// Evaluator 层
+aos.evaluator.preExec   // PreExecEvaluator — 执行前评估
+aos.evaluator.runtime   // RuntimeEvaluator — 执行中评估
+aos.evaluator.postExec  // PostExecEvaluator — 执行后评估
+aos.evaluator.feedback  // ImplicitFeedbackEngine — 隐性反馈
+aos.evaluator.profiler  // AgentProfiler — 质量画像
+```
+#### `AgentOSAPI` — SDK 协议层
+```typescript
+import { AgentOS, AgentOSAPI } from 'sentinel-agentos';
+const api = new AgentOSAPI(new AgentOS());
+// Guard
+api.guardRegisterRule({ tool: 'exec', required: ['command'] });
+api.guardRegisterRules([...]);
+api.guardEvaluateRisk('exec', { command: 'rm -rf /' });
+api.guardSetRiskThresholds({ autoApprove: 0.5, deny: 6.0 });
+// Pipeline
+const result = await api.pipelineExecute({
+  sessionId: 's1', agentId: 'a1',
+  toolName: 'write_file',
+  toolParameters: { path: 'src/main.ts', content: 'hello' },
+});
+const complete = api.pipelineComplete({...});
+// Memory
+api.memorySetPreference('language', 'zh-CN');
+api.memoryGetPreference('language');  // → 'zh-CN'
+api.memoryLearnRule('提交前 npm test', 'session_1');
+api.memoryDefineTerm('PEP', 'Python Enhancement Proposal');
+api.memorySetProjectContext('my-app', { description: '...', techStack: ['React', 'Node'] });
+api.memoryInjectContext();  // → 启动注入文本
+api.memoryAddMessage('user', 'Hello');
+api.memoryRecordEvent('decision', 'Chose approach A', ['architecture'], []);
+// Audit
+api.auditQuery({ toolName: 'exec', limit: 10 });
+api.auditQuery({ minScore: 3.0 });  // 高风险操作
+api.auditStats();
+// Feedback
+api.recordFeedback('user_explicit_approval', 's1');
+api.getSatisfaction();           // → 82 (0-100)
+api.getSatisfaction('s1', 24);   // 最近 24 小时
+api.feedbackStats();
+// Profile
+api.getProfile();
+api.getProfile('s1');
+api.getStatusReport();
+api.getSessionOverview();
+// Session
+api.endSession('s1');
+```
+**AgentOSAPI 完整方法清单（25 个）**：
+| 方法 | 说明 |
+|------|------|
+| `guardRegisterRule(rule)` | 注册单条 Schema 规则 |
+| `guardRegisterRules(rules)` | 批量注册 Schema 规则 |
+| `guardHasRule(toolName)` | 检查工具是否有规则 |
+| `guardGetRules()` | 获取所有已注册规则 |
+| `guardEvaluateRisk(tool, params)` | 评估风险评分 |
+| `guardSetRiskThresholds(thresholds)` | 设置风险阈值 |
+| `pipelineExecute(params)` | 执行前校验流水线 |
+| `pipelineComplete(params)` | 执行后验证流水线 |
+| `memoryInjectContext()` | 注入记忆上下文 |
+| `memoryAddMessage(role, content)` | 添加工作记忆消息 |
+| `memorySetTask(task)` | 设置当前任务 |
+| `memoryCacheResult(tool, result)` | 缓存工具结果 |
+| `memoryRecordEvent(type, content, tags, entities)` | 记录情景事件 |
+| `memorySetPreference(key, value)` | 设置用户偏好 |
+| `memoryGetPreference(key)` | 获取用户偏好 |
+| `memoryLearnRule(rule, source)` | 学习规则 |
+| `memoryDefineTerm(term, meaning)` | 定义术语 |
+| `memorySetProjectContext(name, context)` | 设置项目上下文 |
+| `auditQuery(filter)` | 查询审计日志 |
+| `auditStats()` | 审计统计 |
+| `recordFeedback(signal, sessionId)` | 记录反馈 |
+| `getSatisfaction(sessionId?, hours?)` | 获取满意度 |
+| `feedbackStats()` | 反馈统计 |
+| `getProfile(sessionId?)` | 获取质量画像 |
+| `getStatusReport()` | 获取状态报告 |
+| `getSessionOverview()` | 获取 session 概况 |
+| `endSession(sessionId)` | 结束 session |
+---
+### HTTP API 接口
+基础 URL：`http://localhost:3300`（默认）
+#### Request/Response 通用格式
+- **Content-Type**：`application/json`
+- **鉴权**：除 `/health` 外，`Authorization: Bearer <token>`
+- **成功**：`200 OK`，JSON body
+- **鉴权失败**：`401 Unauthorized`
+- **参数错误**：`400 Bad Request`，`{"error":"..."}`
+- **服务错误**：`500 Internal Server Error`
+#### 端点详情
+##### `GET /health` — 健康检查（免 Token）
+```bash
+curl http://localhost:3300/health
+# → {"ok":true,"uptime":12.3}
+```
+##### `POST /pipeline/pre` — 执行前校验
+```bash
+curl -X POST http://localhost:3300/pipeline/pre \
+  -H "Authorization: Bearer ***" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "sessionId": "s1",
+    "agentId": "main",
+    "toolName": "exec",
+    "parameters": {"command": "npm test"},
+    "affectedFiles": []
+  }'
+```
+| 字段 | 类型 | 必填 | 说明 |
+|------|------|------|------|
+| `toolName` | string | ✅ | 工具名 |
+| `sessionId` | string | ❌ | 默认 `"http_session"` |
+| `agentId` | string | ❌ | 默认 `"http_agent"` |
+| `parameters` | object | ❌ | 工具参数，默认 `{}` |
+| `affectedFiles` | string[] | ❌ | 受影响的文件列表 |
+**返回**：
+```json
+{
+  "preExec": {
+    "schemaCheck": { "pass": true, "errors": [] },
+    "riskScore": { "score": 0.19, "action": "auto", "dimensions": {...} },
+    "paramQuality": { "score": 85, "observations": [] },
+    "contextUtilization": { "score": 70, "patterns": [] }
+  },
+  "snapshot": { "id": "...", "fileHashes": {...}, "gitHead": "...", "gitDirty": false },
+  "profile": { "overallScore": 85, ... }
+}
+```
+##### `POST /pipeline/post` — 执行后验证
+```bash
+curl -X POST http://localhost:3300/pipeline/post \
+  -H "Authorization: Bearer ***" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "toolName": "exec",
+    "toolParameters": {"command": "npm test"},
+    "toolResult": "all passed",
+    "snapshot": {...},
+    "startTime": 1718123456000,
+    "endTime": 1718123457000,
+    "retryCount": 0,
+    "wasSelfCorrected": false,
+    "hadTimeout": false,
+    "userAccepted": true,
+    "userProvidedEdit": false,
+    "resultWasUsed": true
+  }'
+```
+| 字段 | 类型 | 必填 | 说明 |
+|------|------|------|------|
+| `toolName` | string | ✅ | 工具名 |
+| `sessionId` | string | ❌ | session 标识 |
+| `agentId` | string | ❌ | agent 标识 |
+| `toolParameters` | object | ❌ | 执行时的参数 |
+| `toolResult` | any | ❌ | 工具返回结果 |
+| `snapshot` | object | ❌ | 从 `/pipeline/pre` 获取的 snapshot |
+| `startTime` | number | ❌ | 执行开始时间戳 ms |
+| `endTime` | number | ❌ | 执行结束时间戳 ms |
+| `retryCount` | number | ❌ | 重试次数，默认 0 |
+| `wasSelfCorrected` | boolean | ❌ | Agent 是否自我纠正 |
+| `hadTimeout` | boolean | ❌ | 是否超时 |
+| `userAccepted` | boolean | ❌ | 用户是否接受了结果 |
+| `userProvidedEdit` | boolean | ❌ | 用户是否修改了结果 |
+| `resultWasUsed` | boolean | ❌ | 用户是否使用了结果 |
+##### `GET /pipeline/report` / `GET /pipeline/profile`
+```bash
+curl -H "Authorization: Bearer ***" http://localhost:3300/pipeline/report
+# → {"report":"=== AgentOS Status Report ===\n..."}
+curl -H "Authorization: Bearer ***" http://localhost:3300/pipeline/profile
+curl -H "Authorization: Bearer ***" "http://localhost:3300/pipeline/profile?sessionId=s1"
+```
+##### `POST /guard/schema` / `GET /guard/schema`
+```bash
+# 注册规则
+curl -X POST http://localhost:3300/guard/schema \
+  -H "Authorization: Bearer ***" \
+  -H "Content-Type: application/json" \
+  -d '{"tool":"delete_file","required":["path"],"forbidden":[]}'
+# → {"ok":true,"tool":"delete_file"}
+# 查看规则
+curl -H "Authorization: Bearer ***" "http://localhost:3300/guard/schema?tool=delete_file"
+```
+##### Memory 端点（4 个）
+```bash
+# 设置偏好
+curl -X POST http://localhost:3300/memory/preference \
+  -H "Authorization: Bearer ***" -H "Content-Type: application/json" \
+  -d '{"key":"language","value":"zh-CN"}'
+# 添加事实
+curl -X POST http://localhost:3300/memory/fact \
+  -H "Authorization: Bearer ***" -H "Content-Type: application/json" \
+  -d '{"fact":"用户在北京"}'
+# 学习规则
+curl -X POST http://localhost:3300/memory/rule \
+  -H "Authorization: Bearer ***" -H "Content-Type: application/json" \
+  -d '{"rule":"提交前运行 npm test","source":"session_1"}'
+# 获取注入上下文
+curl -H "Authorization: Bearer ***" http://localhost:3300/memory/context
+```
+##### `GET /audit` — 审计查询
+```bash
+curl -H "Authorization: Bearer ***" "http://localhost:3300/audit?limit=10"
+curl -H "Authorization: Bearer ***" "http://localhost:3300/audit?toolName=exec&status=FAIL"
+```
+| 查询参数 | 说明 |
+|---------|------|
+| `limit` | 返回条数（默认 20） |
+| `toolName` | 按工具名过滤 |
+| `status` | 按校验状态过滤：`PASS` / `WARN` / `FAIL` |
+##### `POST /feedback` — 记录隐性反馈
+```bash
+curl -X POST http://localhost:3300/feedback \
+  -H "Authorization: Bearer ***" -H "Content-Type: application/json" \
+  -d '{"signal":"user_explicit_approval","sessionId":"s1"}'
+```
+**支持的 signal 值**：
+| Signal | 强度 | 说明 |
+|--------|------|------|
+| `user_explicit_approval` | +0.6 | 用户明确说"做得好" |
+| `user_immediate_continue` | +0.3 | 用户立即继续对话 |
+| `user_used_result` | +0.7 | 用户使用了 Agent 的结果 |
+| `user_shared_output` | +0.8 | 用户分享了 Agent 输出 |
+| `user_modified_output` | -0.5 | 用户修改了 Agent 输出 |
+| `user_deleted_code` | -0.8 | 用户删除了 Agent 创建的代码 |
+| `user_interrupted` | -0.6 | 用户打断了 Agent |
+| `user_repeated_instruction` | -0.3 | 用户重复了相同指令 |
+##### `POST /session/end` — 结束 Session
+```bash
+curl -X POST http://localhost:3300/session/end \
+  -H "Authorization: Bearer ***" -H "Content-Type: application/json" \
+  -d '{"sessionId":"s1"}'
+# → {"ok":true}
+```
+---
+### 中间件 / 插件接口
+#### `wrapAgent` — 一行接入中间件
+```typescript
+import { wrapAgent } from 'sentinel-agentos';
+const sentinel = wrapAgent({ workspaceRoot: process.cwd() });
+// 每个工具调用前后调用
+const { allowed, reason } = sentinel.preCheck('exec', { command: 'rm -rf /' });
+// → { allowed: false, reason: 'Risk 9.18 → DENY' }
+const { allowed } = sentinel.preCheck('exec', { command: 'npm test' });
+// → { allowed: true }
+// 执行后验证
+sentinel.postCheck('exec', { command: 'npm test' }, 'all passed');
+```
+**`wrapAgent` 参数**：
+| 参数 | 类型 | 默认值 | 说明 |
+|------|------|--------|------|
+| `workspaceRoot` | string | `process.cwd()` | 工作区根目录 |
+| `maxWorkingTokens` | number | `50000` | 工作记忆 token 上限 |
+| `preRegisteredRules` | boolean | `false` | 是否使用内置默认规则 |
+#### `sentinelPlugin` — OpenClaw 插件
+```typescript
+import { sentinelPlugin } from 'sentinel-agentos';
+const plugin = sentinelPlugin({
+  workspaceRoot: process.cwd(),
+  preRegisteredRules: true,
+});
+// → onBeforeTool → Schema + Risk 校验
+// → onAfterTool → Verify + Audit 记录
+```
+---
+### Sandbox 沙箱接口
+```typescript
+import { SandboxExecutor } from 'sentinel-agentos';
+const sandbox = new SandboxExecutor({
+  mode: 'sandbox',               // 'direct' | 'sandbox' | 'dry-run'
+  workspaceRoot: process.cwd(),
+  timeoutMs: 30000,               // 命令超时 30s
+  networkAccess: 'whitelist',     // 'none' | 'localhost' | 'whitelist'
+  networkWhitelist: ['api.github.com', 'registry.npmjs.org'],
+  writablePaths: ['src/', 'tests/', 'dist/'],
+  readonlyPaths: ['node_modules/', '.git/'],
+  allowedTools: ['read_file', 'write_file', 'edit', 'exec'],
+  forbiddenTools: ['rm', 'unlink', 'delete_file'],
+});
+// 预检
+const check = sandbox.validate('exec', { command: 'curl evil.com' });
+// → { success: false, sandboxRejectReason: 'Network not in whitelist' }
+// 执行
+const result = await sandbox.execute('exec', { command: 'npm test' });
+// → { success: true, result: {...} }
+```
+**`SandboxExecutor` 构造参数**：
+| 参数 | 类型 | 默认值 | 说明 |
+|------|------|--------|------|
+| `mode` | `'direct' | 'sandbox' | 'dry-run'` | `'sandbox'` | 执行模式 |
+| `workspaceRoot` | string | `process.cwd()` | 工作区根目录 |
+| `timeoutMs` | number | `30000` | 命令超时毫秒 |
+| `networkAccess` | `'none' | 'localhost' | 'whitelist'` | `'localhost'` | 网络策略 |
+| `networkWhitelist` | string[] | `[]` | 网络白名单域名 |
+| `writablePaths` | string[] | `[]` | 可写路径 |
+| `readonlyPaths` | string[] | `[]` | 只读路径 |
+| `allowedTools` | string[] | `[]` | 允许的工具 |
+| `forbiddenTools` | string[] | `[]` | 禁止的工具 |
+**执行模式说明**：
+| 模式 | 说明 |
+|------|------|
+| `direct` | 直接执行，无限制 |
+| `sandbox` | 沙箱模式，受限的文件系统和网络访问 |
+| `dry-run` | 试运行，不实际执行，只校验权限 |
+---
 ## 📂 源码结构 · Source Layout
 ```

package/dist/cli.js CHANGED Viewed

@@ -60,9 +60,14 @@ Usage:
   sentinel-agentos profile
   sentinel-agentos status
   sentinel-agentos server [--port N] [--token ***
+  sentinel-agentos init    (一键安装 Guard Skill 到 OpenClaw workspace)
   sentinel-agentos memory
   sentinel-agentos help
+Quick start:
+  sentinel-agentos init     # 安装 Sentinel Guard Skill → 自动启用全部功能
+  sentinel-agentos status   # 查看质量报告
 Examples:
   sentinel-agentos validate exec command="rm -rf /"
   sentinel-agentos validate write_file path=src/main.ts content="console.log(1)"
@@ -234,6 +239,103 @@ async function main() {
             console.log(context || '(no memory context yet)');
             break;
         }
+        case 'init': {
+            const fs = await Promise.resolve().then(() => __importStar(require('fs')));
+            const path = await Promise.resolve().then(() => __importStar(require('path')));
+            // Find OpenClaw workspace (from env or common locations)
+            const home = process.env.USERPROFILE || process.env.HOME || '~';
+            const workspaceDir = process.env.OPENCLAW_WORKSPACE || path.join(home, '.openclaw', 'workspace');
+            if (!fs.existsSync(workspaceDir)) {
+                fatal(`Workspace not found: ${workspaceDir}. Set OPENCLAW_WORKSPACE or run from workspace root.`);
+            }
+            const skillDir = path.join(workspaceDir, 'skills', 'sentinel-guard');
+            const scriptsDir = path.join(skillDir, 'scripts');
+            if (fs.existsSync(skillDir)) {
+                console.log('⚠ Sentinel Guard skill already installed at:');
+                console.log('  ' + skillDir);
+                console.log('\nRun sentinel-agentos status to check current state.');
+                return;
+            }
+            // Create skill directory
+            fs.mkdirSync(skillDir, { recursive: true });
+            fs.mkdirSync(scriptsDir, { recursive: true });
+            // Source light guard from dist/scripts
+            const guardSrc = path.join(__dirname, '..', 'scripts', 'sentinel-light.js');
+            let guardContent;
+            if (fs.existsSync(guardSrc)) {
+                guardContent = fs.readFileSync(guardSrc, 'utf-8');
+            }
+            else {
+                // Fallback: use the one from src (dev mode)
+                const fallback = path.join(__dirname, '..', '..', 'scripts', 'sentinel-light.js');
+                if (fs.existsSync(fallback)) {
+                    guardContent = fs.readFileSync(fallback, 'utf-8');
+                }
+                else {
+                    fatal('Guard script not found. Reinstall sentinel-agentos.');
+                }
+            }
+            // Write guard script
+            fs.writeFileSync(path.join(skillDir, 'sentinel-guard.js'), guardContent);
+            // Write SKILL.md
+            const skillMd = `---
+name: sentinel-guard
+description: "Sentinel AgentOS Guard — 确定性代码审查守卫，拦截危险命令和敏感文件操作。"
+---
+# Sentinel AgentOS Guard
+拦截危险操作和敏感文件修改，基于确定性规则而非 LLM。
+## 使用
+\`\`\`javascript
+const guard = require('./sentinel-guard');
+const check = guard.preCheck('exec', { command: 'rm -rf /' });
+if (!check.passed) return { blocked: true, reason: check.reason };
+\`\`\`
+## 三层防护
+- 🛡️ 命令黑名单：rm -rf /、sudo rm、mkfs、fork bomb 等
+- 🔒 Schema Gate：拦截 .env、*.key、*.pem 等敏感文件
+- ⚠️ Risk Gate：git push --force、npm publish 需确认
+## 快速测试
+\`\`\`bash
+node scripts/test-suite.js
+\`\`\`
+`;
+            fs.writeFileSync(path.join(skillDir, 'SKILL.md'), skillMd);
+            // Write test suite
+            const testContent = `#!/usr/bin/env node
+const guard = require('../sentinel-guard');
+['exec rm -rf /', 'write .env', 'exec npm test'].forEach(t => {
+  const s = t.split(' ');
+  const r = guard.preCheck(s[0], s[0] === 'exec' ? {command: s.slice(1).join(' ')} : {path: s[1], content:'x'});
+  console.log(r.block ? '🚫 ' + r.reason : '✅ ' + t);
+});
+`;
+            fs.writeFileSync(path.join(scriptsDir, 'test-suite.js'), testContent);
+            // Add .sentinel-audit to .gitignore if exists
+            const gitignore = path.join(workspaceDir, '.gitignore');
+            if (fs.existsSync(gitignore)) {
+                const giContent = fs.readFileSync(gitignore, 'utf-8');
+                if (!giContent.includes('.sentinel-audit')) {
+                    fs.appendFileSync(gitignore, '\n# Sentinel AgentOS audit logs\n.sentinel-audit/\n');
+                }
+            }
+            console.log('✅ Sentinel AgentOS Guard 安装完成！\n');
+            console.log('📂 Skill: ' + skillDir);
+            console.log('🛡️ Guard: ' + path.join(skillDir, 'sentinel-guard.js'));
+            console.log('');
+            console.log('下一步：');
+            console.log('  1. Agent 重启后自动加载 Guard');
+            console.log('  2. 运行 sentinel-agentos status 查看状态');
+            console.log('  3. 或在代码中 require: const guard = require("./sentinel-guard")');
+            break;
+        }
         default:
             fatal(`Unknown command: ${cmd}. Run 'sentinel-agentos help' for usage.`);
     }

package/dist/cli.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";;AAEA;;;;;;;;;;;;GAYG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,iCAAiC;AAEjC,SAAS,SAAS;IAChB,OAAO,CAAC,GAAG,CAAC~~;;;;;;;;;;;;;;;;;;;;;CAqBb~~,CAAC,CAAC;AACH,CAAC;AAED,SAAS,KAAK,CAAC,GAAW;IACxB,OAAO,CAAC,KAAK,CAAC,KAAK,GAAG,EAAE,CAAC,CAAC;IAC1B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED;;;GAGG;AACH,SAAS,WAAW,CAAC,IAAc;IACjC,MAAM,MAAM,GAA4B,EAAE,CAAC;IAE3C,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,KAAK,CAAC,CAAC;YAAE,SAAS;QAE3B,MAAM,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;QAChC,IAAI,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;QAE/B,0BAA0B;QAC1B,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YAC1C,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;YAC/C,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QACzB,CAAC;QAED,mBAAmB;QACnB,IAAI,GAAG,KAAK,MAAM;YAAE,MAAM,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;aAClC,IAAI,GAAG,KAAK,OAAO;YAAE,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;aACzC,IAAI,GAAG,KAAK,MAAM;YAAE,MAAM,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;aACvC,IAAI,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;YAAE,MAAM,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;aACvD,IAAI,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;YAAE,MAAM,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;;YAC1D,MAAM,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IACzB,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,SAAS,UAAU,CAAC,IAAc;IAChC,MAAM,MAAM,GAA2B,EAAE,CAAC;IAC1C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,IAAI,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAChC,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YACnC,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACzB,+CAA+C;YAC/C,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1D,MAAM,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;gBACnB,CAAC,EAAE,CAAC;YACN,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC;YACvB,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IAE7B,IAAI,CAAC,GAAG,IAAI,GAAG,KAAK,MAAM,EAAE,CAAC;QAC3B,SAAS,EAAE,CAAC;QACZ,OAAO;IACT,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,cAAO,EAAE,CAAC;IAE1B,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,UAAU,CAAC;QAChB,KAAK,MAAM,CAAC,CAAC,CAAC;YACZ,8DAA8D;YAC9D,0DAA0D;YAC1D,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YAC3C,IAAI,IAAY,CAAC;YACjB,IAAI,MAA+B,CAAC;YAEpC,wBAAwB;YACxB,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;YACrE,MAAM,QAAQ,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;YAC/B,MAAM,WAAW,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,IAAI,QAAQ,KAAK,SAAS,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YAE/F,IAAI,WAAW,IAAI,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;gBACjC,IAAI,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;gBACrB,MAAM,GAAG,WAAW,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YAC5C,CAAC;iBAAM,IAAI,WAAW,EAAE,CAAC;gBACvB,KAAK,CAAC,2BAA2B,GAAG,wBAAwB,CAAC,CAAC;YAChE,CAAC;iBAAM,CAAC;gBACN,+BAA+B;gBAC/B,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,IAAI,OAAO,CAAC,CAAC,CAAC,CAAC;gBAC1C,IAAI,GAAG,QAAQ,IAAI,EAAE,CAAC;gBACtB,IAAI,CAAC,IAAI;oBAAE,KAAK,CAAC,2BAA2B,GAAG,wBAAwB,CAAC,CAAC;gBACzE,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,IAAI,IAAI,CAAC;gBACxC,IAAI,CAAC;oBAAC,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;gBAAC,CAAC;gBAAC,MAAM,CAAC;oBAAC,MAAM,GAAG,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;gBAAC,CAAC;YAC5F,CAAC;YAED,MAAM,MAAM,GAAG,GAAG,CAAC,eAAe,CAAC;gBACjC,SAAS,EAAE,KAAK;gBAChB,OAAO,EAAE,KAAK;gBACd,QAAQ,EAAE,IAAI;gBACd,UAAU,EAAE,MAAM;aACnB,CAAC,CAAC;YAEH,IAAI,GAAG,KAAK,UAAU,EAAE,CAAC;gBACvB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,OAAO,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YACnE,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YACjE,CAAC;YACD,MAAM;QACR,CAAC;QAED,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YAC3C,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,KAAK,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC;YAChD,MAAM,OAAO,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;YACjD,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAC9C,MAAM;QACR,CAAC;QAED,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,MAAM,KAAK,GAAG,GAAG,CAAC,aAAa,EAAE,CAAC;YAClC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAC5C,MAAM;QACR,CAAC;QAED,KAAK,SAAS,CAAC,CAAC,CAAC;YACf,MAAM,OAAO,GAAG,GAAG,CAAC,UAAU,EAAE,CAAC;YACjC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAC9C,MAAM;QACR,CAAC;QAED,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC,CAAC;YAChC,MAAM;QACR,CAAC;QAED,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YAC3C,MAAM,IAAI,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,IAAI,MAAM,EAAE,EAAE,CAAC,CAAC;YAChD,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,IAAI,WAAW,CAAC;YACvC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC;YAE1B,IAAI,CAAC;gBACH,MAAM,EAAE,YAAY,EAAE,GAAG,wDAAa,UAAU,GAAC,CAAC;gBAClD,MAAM,MAAM,GAAG,YAAY,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;gBAC7D,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;gBACrB,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;gBAEpC,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;oBAC9B,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;oBAClC,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;oBACpB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAClB,CAAC,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,KAAK,CAAC,2BAA2B,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YAClD,CAAC;YACD,MAAM;QACR,CAAC;QAED,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,MAAM,OAAO,GAAG,GAAG,CAAC,aAAa,EAAE,CAAC;YACpC,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,yBAAyB,CAAC,CAAC;YAClD,MAAM;QACR,CAAC;QAED;YACE,KAAK,CAAC,oBAAoB,GAAG,0CAA0C,CAAC,CAAC;IAC7E,CAAC;AACH,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;IAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
1	+ {"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";;AAEA;;;;;;;;;;;;GAYG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,iCAAiC;AAEjC,SAAS,SAAS;IAChB,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;CA0Bb,CAAC,CAAC;AACH,CAAC;AAED,SAAS,KAAK,CAAC,GAAW;IACxB,OAAO,CAAC,KAAK,CAAC,KAAK,GAAG,EAAE,CAAC,CAAC;IAC1B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED;;;GAGG;AACH,SAAS,WAAW,CAAC,IAAc;IACjC,MAAM,MAAM,GAA4B,EAAE,CAAC;IAE3C,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,KAAK,CAAC,CAAC;YAAE,SAAS;QAE3B,MAAM,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;QAChC,IAAI,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;QAE/B,0BAA0B;QAC1B,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YAC1C,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;YAC/C,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QACzB,CAAC;QAED,mBAAmB;QACnB,IAAI,GAAG,KAAK,MAAM;YAAE,MAAM,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;aAClC,IAAI,GAAG,KAAK,OAAO;YAAE,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;aACzC,IAAI,GAAG,KAAK,MAAM;YAAE,MAAM,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;aACvC,IAAI,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;YAAE,MAAM,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;aACvD,IAAI,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;YAAE,MAAM,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;;YAC1D,MAAM,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IACzB,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,SAAS,UAAU,CAAC,IAAc;IAChC,MAAM,MAAM,GAA2B,EAAE,CAAC;IAC1C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,IAAI,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAChC,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YACnC,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACzB,+CAA+C;YAC/C,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1D,MAAM,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;gBACnB,CAAC,EAAE,CAAC;YACN,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC;YACvB,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IAE7B,IAAI,CAAC,GAAG,IAAI,GAAG,KAAK,MAAM,EAAE,CAAC;QAC3B,SAAS,EAAE,CAAC;QACZ,OAAO;IACT,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,cAAO,EAAE,CAAC;IAE1B,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,UAAU,CAAC;QAChB,KAAK,MAAM,CAAC,CAAC,CAAC;YACZ,8DAA8D;YAC9D,0DAA0D;YAC1D,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YAC3C,IAAI,IAAY,CAAC;YACjB,IAAI,MAA+B,CAAC;YAEpC,wBAAwB;YACxB,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;YACrE,MAAM,QAAQ,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;YAC/B,MAAM,WAAW,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,IAAI,QAAQ,KAAK,SAAS,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YAE/F,IAAI,WAAW,IAAI,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;gBACjC,IAAI,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;gBACrB,MAAM,GAAG,WAAW,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YAC5C,CAAC;iBAAM,IAAI,WAAW,EAAE,CAAC;gBACvB,KAAK,CAAC,2BAA2B,GAAG,wBAAwB,CAAC,CAAC;YAChE,CAAC;iBAAM,CAAC;gBACN,+BAA+B;gBAC/B,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,IAAI,OAAO,CAAC,CAAC,CAAC,CAAC;gBAC1C,IAAI,GAAG,QAAQ,IAAI,EAAE,CAAC;gBACtB,IAAI,CAAC,IAAI;oBAAE,KAAK,CAAC,2BAA2B,GAAG,wBAAwB,CAAC,CAAC;gBACzE,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,IAAI,IAAI,CAAC;gBACxC,IAAI,CAAC;oBAAC,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;gBAAC,CAAC;gBAAC,MAAM,CAAC;oBAAC,MAAM,GAAG,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;gBAAC,CAAC;YAC5F,CAAC;YAED,MAAM,MAAM,GAAG,GAAG,CAAC,eAAe,CAAC;gBACjC,SAAS,EAAE,KAAK;gBAChB,OAAO,EAAE,KAAK;gBACd,QAAQ,EAAE,IAAI;gBACd,UAAU,EAAE,MAAM;aACnB,CAAC,CAAC;YAEH,IAAI,GAAG,KAAK,UAAU,EAAE,CAAC;gBACvB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,OAAO,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YACnE,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YACjE,CAAC;YACD,MAAM;QACR,CAAC;QAED,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YAC3C,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,KAAK,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC;YAChD,MAAM,OAAO,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;YACjD,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAC9C,MAAM;QACR,CAAC;QAED,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,MAAM,KAAK,GAAG,GAAG,CAAC,aAAa,EAAE,CAAC;YAClC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAC5C,MAAM;QACR,CAAC;QAED,KAAK,SAAS,CAAC,CAAC,CAAC;YACf,MAAM,OAAO,GAAG,GAAG,CAAC,UAAU,EAAE,CAAC;YACjC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAC9C,MAAM;QACR,CAAC;QAED,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC,CAAC;YAChC,MAAM;QACR,CAAC;QAED,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YAC3C,MAAM,IAAI,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,IAAI,MAAM,EAAE,EAAE,CAAC,CAAC;YAChD,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,IAAI,WAAW,CAAC;YACvC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC;YAE1B,IAAI,CAAC;gBACH,MAAM,EAAE,YAAY,EAAE,GAAG,wDAAa,UAAU,GAAC,CAAC;gBAClD,MAAM,MAAM,GAAG,YAAY,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;gBAC7D,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;gBACrB,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;gBAEpC,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;oBAC9B,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;oBAClC,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;oBACpB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAClB,CAAC,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,KAAK,CAAC,2BAA2B,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YAClD,CAAC;YACD,MAAM;QACR,CAAC;QAED,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,MAAM,OAAO,GAAG,GAAG,CAAC,aAAa,EAAE,CAAC;YACpC,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,yBAAyB,CAAC,CAAC;YAClD,MAAM;QACR,CAAC;QAED,KAAK,MAAM,CAAC,CAAC,CAAC;YACZ,MAAM,EAAE,GAAG,wDAAa,IAAI,GAAC,CAAC;YAC9B,MAAM,IAAI,GAAG,wDAAa,MAAM,GAAC,CAAC;YAElC,yDAAyD;YACzD,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC;YAChE,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC;YAEjG,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;gBACjC,KAAK,CAAC,wBAAwB,YAAY,sDAAsD,CAAC,CAAC;YACpG,CAAC;YAED,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,QAAQ,EAAE,gBAAgB,CAAC,CAAC;YACrE,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;YAElD,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC5B,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;gBAC5D,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,QAAQ,CAAC,CAAC;gBAC7B,OAAO,CAAC,GAAG,CAAC,uDAAuD,CAAC,CAAC;gBACrE,OAAO;YACT,CAAC;YAED,yBAAyB;YACzB,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAC5C,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAE9C,uCAAuC;YACvC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE,mBAAmB,CAAC,CAAC;YAC5E,IAAI,YAAoB,CAAC;YACzB,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC5B,YAAY,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YACpD,CAAC;iBAAM,CAAC;gBACN,4CAA4C;gBAC5C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,mBAAmB,CAAC,CAAC;gBAClF,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC5B,YAAY,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;gBACpD,CAAC;qBAAM,CAAC;oBACN,KAAK,CAAC,qDAAqD,CAAC,CAAC;gBAC/D,CAAC;YACH,CAAC;YAED,qBAAqB;YACrB,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,mBAAmB,CAAC,EAAE,YAAY,CAAC,CAAC;YAEzE,iBAAiB;YACjB,MAAM,OAAO,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA4BrB,CAAC;YACI,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,EAAE,OAAO,CAAC,CAAC;YAE3D,mBAAmB;YACnB,MAAM,WAAW,GAAG;;;;;;;CAOzB,CAAC;YACI,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,eAAe,CAAC,EAAE,WAAW,CAAC,CAAC;YAEtE,8CAA8C;YAC9C,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;YACxD,IAAI,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC7B,MAAM,SAAS,GAAG,EAAE,CAAC,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;gBACtD,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,CAAC;oBAC3C,EAAE,CAAC,cAAc,CAAC,SAAS,EAAE,qDAAqD,CAAC,CAAC;gBACtF,CAAC;YACH,CAAC;YAED,OAAO,CAAC,GAAG,CAAC,kCAAkC,CAAC,CAAC;YAChD,OAAO,CAAC,GAAG,CAAC,YAAY,GAAG,QAAQ,CAAC,CAAC;YACrC,OAAO,CAAC,GAAG,CAAC,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,mBAAmB,CAAC,CAAC,CAAC;YACtE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YACpB,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;YACxC,OAAO,CAAC,GAAG,CAAC,sCAAsC,CAAC,CAAC;YACpD,OAAO,CAAC,GAAG,CAAC,+DAA+D,CAAC,CAAC;YAC7E,MAAM;QACR,CAAC;QAED;YACE,KAAK,CAAC,oBAAoB,GAAG,0CAA0C,CAAC,CAAC;IAC7E,CAAC;AACH,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;IAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "sentinel-agentos",
-  "version": "0.1.3",
+  "version": "0.2.0",
   "description": "Sentinel AgentOS — 确定性 Guard 层 + 分层记忆 + 自动评估，让任何 Agent 变得可靠、可审计、可改进",
   "keywords": [
     "agent",
@@ -25,6 +25,7 @@
   },
   "files": [
     "dist/",
+    "scripts/sentinel-light.js",
     "README.md",
     "LICENSE"
   ],
@@ -49,16 +50,20 @@
     "@typescript-eslint/parser": "^7.0.0",
     "eslint": "^8.0.0",
     "eslint-config-prettier": "^9.0.0",
+    "fluent-ffmpeg": "^2.1.3",
     "jest": "^29.0.0",
     "prettier": "^3.0.0",
     "ts-jest": "^29.0.0",
-    "typescript": "^5.4.0"
+    "typescript": "^5.4.0",
+    "videoshow": "^0.1.12"
   },
   "engines": {
     "node": ">=18"
   },
   "dependencies": {
     "cors": "^2.8.6",
-    "express": "^5.2.1"
+    "express": "^5.2.1",
+    "puppeteer": "^25.1.0",
+    "ws": "^8.21.0"
   }
 }

package/scripts/sentinel-light.js ADDED Viewed

@@ -0,0 +1,233 @@
+/**
+ * Sentinel AgentOS Full Guard — 全功能版
+ *
+ * preCheck: 轻量拦截（4.4μs）
+ * postCheck: 完整审计 + 三层记忆 + 三阶段评估 + 隐性反馈
+ *
+ * 模块初始化时自动注入语义记忆上下文到 session。
+ */
+const { AgentOS } = require('sentinel-agentos');
+const fs = require('fs');
+const path = require('path');
+const AUDIT_DIR = path.join(__dirname, '..', '.sentinel-audit');
+// 全局单例
+if (!global.__sentinel_aos) {
+  const aos = new AgentOS({
+    workspaceRoot: process.cwd(),
+    maxWorkingTokens: 50000,
+    maxEpisodicSizeKb: 500,
+  });
+  // 注册全套 Schema 规则
+  aos.guard.schema.registerRules([
+    { tool: 'exec', required: ['command'] },
+    {
+      tool: 'write', required: ['path', 'content'],
+      pathDeny: { path: ['.env', '*.key', '*.pem', '.git/**', '**/credentials/**'] },
+      maxSize: { content: 1048576 }, secrets: ['content'],
+    },
+    { tool: 'read', required: ['path'], pathDeny: { path: ['.env', '*.key'] } },
+    { tool: 'edit', required: ['path'], pathDeny: { path: ['.env', '*.key', '.git/**'] } },
+    {
+      tool: 'delete', required: ['path'],
+      pathDeny: { path: ['.env', '*.key', '*.pem', '.git/**', 'node_modules/**', 'package.json'] },
+    },
+  ]);
+  // 从磁盘恢复审计
+  const auditFile = path.join(AUDIT_DIR, 'audit.jsonl');
+  if (fs.existsSync(auditFile)) {
+    try {
+      fs.readFileSync(auditFile, 'utf-8').trim().split('\n').filter(Boolean).forEach(line => {
+        aos.guard.audit.entries.push(JSON.parse(line));
+      });
+    } catch {}
+  }
+  // 注入默认语义记忆
+  aos.memory.semantic.setPreference('user-name', '老板');
+  aos.memory.semantic.setPreference('language', 'zh-CN');
+  aos.memory.semantic.setPreference('direct-communication', true);
+  aos.memory.semantic.addFact('老板是中国用户，偏好直接、不说废话');
+  aos.memory.semantic.addFact('项目 coderev 是 AI 代码审查 CLI 工具');
+  aos.memory.semantic.addFact('项目 sentinel-agentos 是 AI Agent 操作系统');
+  aos.memory.semantic.learnRule('高风险操作前必须 preCheck', 'sentinel_init');
+  aos.memory.semantic.learnRule('操作完成后必须 postCheck 审计', 'sentinel_init');
+  aos.memory.semantic.learnRule('npm publish 前必须确认版本号', 'sentinel_init');
+  // 记录首次启动事件
+  aos.memory.episodic.record('milestone',
+    'Sentinel AgentOS 全功能启用：Guard + Memory + Evaluator',
+    ['init', 'milestone'], ['sentinel-agentos']);
+  global.__sentinel_aos = aos;
+  global.__sentinel_session_id = 1;
+}
+const aos = global.__sentinel_aos;
+let opCounter = 0;
+// ── 确定性规则（零 LLM）──
+const DANGEROUS = [
+  [/rm\s+-rf\s+\//, 'rm -rf / — 删除整个系统'],
+  [/rm\s+-rf\s+~/, 'rm -rf ~ — 删除用户目录'],
+  [/sudo\s+rm/, 'sudo rm — 超级用户删除'],
+  [/mkfs\./, 'mkfs — 格式化磁盘'],
+  [/dd\s+if=/, 'dd — 可能覆盖分区'],
+  [/fork\s*bomb|:\(\)/, 'fork bomb — 系统崩溃'],
+  [/chmod\s+777\s+-R\s*\//, 'chmod 777 -R / — 权限全开'],
+  [/del\s+\/F\s+\/S\s+[A-Z]:\\/, 'del /F /S — 全盘删除'],
+  [/>\s*\/dev\/sd[a-z]/, '写入磁盘设备'],
+];
+const WARNING = [
+  [/git\s+push\s+--force/, 'git push --force — 强制覆盖'],
+  [/git\s+reset\s+--hard/, 'git reset --hard — 不可逆'],
+  [/npm\s+publish\b/, 'npm publish — 发布公共包'],
+  [/npm\s+unpublish\b/, 'npm unpublish — 从 npm 删除'],
+  [/DROP\s+(TABLE|DATABASE)/i, 'DROP — 删除数据库'],
+  [/TRUNCATE\s+(TABLE\s+)?/i, 'TRUNCATE — 清空表'],
+];
+const SENSITIVE = [
+  '.env', '.env.*', '*.key', '*.pem', '*.p12', '*.pfx', '*.jks', '*.keystore',
+  '.git/**', '**/credentials/**', '**/secrets/**', '**/SECRETS/**',
+  'package.json', 'package-lock.json', 'yarn.lock', 'pnpm-lock.yaml', 'Cargo.lock',
+];
+const PROTECTED = [
+  'package.json', 'package-lock.json', 'yarn.lock', 'pnpm-lock.yaml',
+  '.gitignore', '.gitattributes', 'Cargo.toml', 'Cargo.lock', 'tsconfig.json',
+  'AGENTS.md', 'SOUL.md', 'MEMORY.md', 'USER.md',
+];
+function globMatch(pattern, p) {
+  p = (p || '').replace(/\\/g, '/');
+  if (!pattern.includes('*')) return p === pattern || p.endsWith('/' + pattern);
+  const re = '^' + pattern.replace(/[.+^${}()|[\]\\]/g, '\\$&').replace(/\*\*\//g, '(.*/)?').replace(/\*/g, '[^/]*') + '$';
+  return new RegExp(re).test(p);
+}
+module.exports = {
+  // ── 执行前拦截 ──
+  preCheck(toolName, params) {
+    if (toolName === 'exec' && params.command) {
+      const cmd = String(params.command);
+      for (const [re, desc] of DANGEROUS) {
+        if (re.test(cmd)) return { passed: false, block: true, risk: 'DENY', reason: `🚫 危险命令: ${desc}` };
+      }
+      for (const [re, desc] of WARNING) {
+        if (re.test(cmd)) return { passed: false, block: true, risk: 'CONFIRM', reason: `⚠️ 需要确认: ${desc}`, needsConfirmation: true };
+      }
+    }
+    const p = params.path || params.file;
+    if (p && ['write', 'edit', 'delete', 'read'].includes(toolName)) {
+      for (const ptn of SENSITIVE) {
+        if (globMatch(ptn, p)) return { passed: false, block: true, risk: 'DENY', reason: `🚫 敏感文件: "${p}" → "${ptn}"` };
+      }
+    }
+    if (toolName === 'delete' && p) {
+      for (const pf of PROTECTED) {
+        if (String(p) === pf || String(p).endsWith('/' + pf) || String(p).endsWith('\\' + pf))
+          return { passed: false, block: true, risk: 'DENY', reason: `🚫 保护文件: "${pf}"` };
+      }
+    }
+    return { passed: true, risk: 'auto' };
+  },
+  // ── 执行后完整审计 ──
+  postCheck(toolName, params, result) {
+    const sid = `s${global.__sentinel_session_id}_op${++opCounter}`;
+    // 记录到 Working Memory
+    aos.memory.working.addMessage('tool', `${toolName}: ${JSON.stringify(params || {}).slice(0, 200)}`);
+    // AgentOS 完整流水线
+    const { preExec, snapshot } = aos.executePipeline({
+      sessionId: sid, agentId: 'openclaw', toolName, parameters: params || {},
+    });
+    const t = Date.now();
+    try {
+      const ret = aos.completeExecution({
+        sessionId: sid, agentId: 'openclaw', toolName,
+        toolParameters: params || {}, toolResult: result ?? null,
+        snapshot, startTime: t - 500, endTime: t,
+        retryCount: 0, wasSelfCorrected: false, hadTimeout: false,
+        userAccepted: true, userProvidedEdit: false, resultWasUsed: true,
+      });
+      // 记录情景记忆
+      if (toolName === 'exec' && params.command) {
+        aos.memory.episodic.record('tool_call', params.command, ['exec'], []);
+      }
+      // 持久化审计
+      try {
+        if (!fs.existsSync(AUDIT_DIR)) fs.mkdirSync(AUDIT_DIR, { recursive: true });
+        fs.appendFileSync(path.join(AUDIT_DIR, 'audit.jsonl'),
+          JSON.stringify(ret.auditEntry) + '\n');
+      } catch {}
+      return {
+        auditId: ret.auditEntry.id,
+        verify: ret.postExec.verifyPassed ? 'PASS' : 'FAIL',
+        risk: ret.runtime.adaptiveScore,
+        profile: ret.profile.overallScore,
+      };
+    } catch (err) {
+      // Audit 降级：即使 AgentOS 抛错，也记录轻量审计
+      try {
+        if (!fs.existsSync(AUDIT_DIR)) fs.mkdirSync(AUDIT_DIR, { recursive: true });
+        fs.appendFileSync(path.join(AUDIT_DIR, 'audit.jsonl'),
+          JSON.stringify({ ts: new Date().toISOString(), tool: toolName, error: err.message }) + '\n');
+      } catch {}
+      return { auditId: null, verify: 'ERROR', error: err.message };
+    }
+  },
+  // ── 查看审计 ──
+  audit(limit = 10) {
+    return aos.guard.audit.query({ limit });
+  },
+  // ── 完整状态报告 ──
+  status() {
+    return aos.statusReport();
+  },
+  // ── 注入 Memory 上下文（session 启动时调用）─
+  injectContext() {
+    return aos.injectContext();
+  },
+  // ── 记录反馈 ──
+  feedback(signal) {
+    aos.recordFeedback(signal, `s${global.__sentinel_session_id}`);
+  },
+  // ── 结束 Session ──
+  endSession() {
+    const sid = `s${global.__sentinel_session_id}`;
+    aos.endSession(sid);
+    global.__sentinel_session_id++;
+  },
+  // ── 获取完整状态快照 ──
+  fullStatus() {
+    return {
+      sessionId: `s${global.__sentinel_session_id}`,
+      opCount: opCounter,
+      audit: aos.guard.audit.stats(),
+      profile: aos.getProfile(),
+      satisfaction: aos.evaluator.feedback.getSatisfactionScore(),
+      workingMemory: {
+        messages: aos.memory.working.recentMessages.length,
+        budget: aos.memory.working.budget,
+      },
+      episodicEvents: aos.memory.episodic.count,
+      semanticRules: aos.memory.semantic.getAllRules().length,
+      preferences: aos.memory.semantic.getPreference('language'),
+    };
+  },
+};