sentinel-agentos 0.3.8 → 0.3.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +1797 -0
- package/dist/adapters/evaluation-bridge.d.ts +78 -0
- package/dist/adapters/evaluation-bridge.d.ts.map +1 -0
- package/dist/adapters/evaluation-bridge.js +273 -0
- package/dist/adapters/evaluation-bridge.js.map +1 -0
- package/dist/adapters/memory-bridge.d.ts +110 -0
- package/dist/adapters/memory-bridge.d.ts.map +1 -0
- package/dist/adapters/memory-bridge.js +316 -0
- package/dist/adapters/memory-bridge.js.map +1 -0
- package/dist/adapters/migrate.d.ts +2 -0
- package/dist/adapters/migrate.d.ts.map +1 -0
- package/dist/adapters/migrate.js +63 -0
- package/dist/adapters/migrate.js.map +1 -0
- package/dist/api.d.ts +151 -0
- package/dist/api.d.ts.map +1 -0
- package/dist/api.js +179 -0
- package/dist/api.js.map +1 -0
- package/dist/cli.d.ts +16 -0
- package/dist/cli.d.ts.map +1 -0
- package/dist/cli.js +350 -0
- package/dist/cli.js.map +1 -0
- package/dist/core.d.ts +156 -0
- package/dist/core.d.ts.map +1 -0
- package/dist/core.js +400 -0
- package/dist/core.js.map +1 -0
- package/dist/evaluator/exec-evaluator.d.ts +102 -0
- package/dist/evaluator/exec-evaluator.d.ts.map +1 -0
- package/dist/evaluator/exec-evaluator.js +266 -0
- package/dist/evaluator/exec-evaluator.js.map +1 -0
- package/dist/evaluator/feedback.d.ts +102 -0
- package/dist/evaluator/feedback.d.ts.map +1 -0
- package/dist/evaluator/feedback.js +478 -0
- package/dist/evaluator/feedback.js.map +1 -0
- package/dist/evaluator/profiler.d.ts +56 -0
- package/dist/evaluator/profiler.d.ts.map +1 -0
- package/dist/evaluator/profiler.js +140 -0
- package/dist/evaluator/profiler.js.map +1 -0
- package/dist/guard/audit-log.d.ts +48 -0
- package/dist/guard/audit-log.d.ts.map +1 -0
- package/dist/guard/audit-log.js +213 -0
- package/dist/guard/audit-log.js.map +1 -0
- package/dist/guard/container-sandbox.d.ts +25 -0
- package/dist/guard/container-sandbox.d.ts.map +1 -0
- package/dist/guard/container-sandbox.js +145 -0
- package/dist/guard/container-sandbox.js.map +1 -0
- package/dist/guard/risk-gate.d.ts +101 -0
- package/dist/guard/risk-gate.d.ts.map +1 -0
- package/dist/guard/risk-gate.js +200 -0
- package/dist/guard/risk-gate.js.map +1 -0
- package/dist/guard/sandbox.d.ts +112 -0
- package/dist/guard/sandbox.d.ts.map +1 -0
- package/dist/guard/sandbox.js +379 -0
- package/dist/guard/sandbox.js.map +1 -0
- package/dist/guard/schema-gate.d.ts +90 -0
- package/dist/guard/schema-gate.d.ts.map +1 -0
- package/dist/guard/schema-gate.js +452 -0
- package/dist/guard/schema-gate.js.map +1 -0
- package/dist/guard/snapshot-verify.d.ts +111 -0
- package/dist/guard/snapshot-verify.d.ts.map +1 -0
- package/dist/guard/snapshot-verify.js +571 -0
- package/dist/guard/snapshot-verify.js.map +1 -0
- package/dist/index.d.ts +28 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +59 -0
- package/dist/index.js.map +1 -0
- package/dist/memory/episodic.d.ts +80 -0
- package/dist/memory/episodic.d.ts.map +1 -0
- package/dist/memory/episodic.js +305 -0
- package/dist/memory/episodic.js.map +1 -0
- package/dist/memory/semantic.d.ts +68 -0
- package/dist/memory/semantic.d.ts.map +1 -0
- package/dist/memory/semantic.js +299 -0
- package/dist/memory/semantic.js.map +1 -0
- package/dist/memory/working.d.ts +53 -0
- package/dist/memory/working.d.ts.map +1 -0
- package/dist/memory/working.js +166 -0
- package/dist/memory/working.js.map +1 -0
- package/dist/middleware/openclaw.d.ts +45 -0
- package/dist/middleware/openclaw.d.ts.map +1 -0
- package/dist/middleware/openclaw.js +95 -0
- package/dist/middleware/openclaw.js.map +1 -0
- package/dist/middleware/wrapper.d.ts +54 -0
- package/dist/middleware/wrapper.d.ts.map +1 -0
- package/dist/middleware/wrapper.js +155 -0
- package/dist/middleware/wrapper.js.map +1 -0
- package/dist/server.d.ts +45 -0
- package/dist/server.d.ts.map +1 -0
- package/dist/server.js +256 -0
- package/dist/server.js.map +1 -0
- package/dist/src/dashboard.html +9 -7
- package/dist/types/index.d.ts +228 -0
- package/dist/types/index.d.ts.map +1 -0
- package/dist/types/index.js +23 -0
- package/dist/types/index.js.map +1 -0
- package/package.json +1 -1
- package/scripts/sentinel-light.js +234 -0
package/dist/src/dashboard.html
CHANGED
|
@@ -126,7 +126,7 @@ let items=[],P=20,cur=0;
|
|
|
126
126
|
|
|
127
127
|
async function R(){
|
|
128
128
|
try{
|
|
129
|
-
const d=await(await fetch('/pipeline/report')).json();
|
|
129
|
+
const d=await(await fetch('http://localhost:3456/pipeline/report')).json();
|
|
130
130
|
document.getElementById('st').textContent='已连接';document.querySelector('.r b').style.background='var(--green)';
|
|
131
131
|
const t=d.audit?.totalOperations||0,f=d.audit?.verifyFailures||0,p=t-f,r=t?Math.round(p/t*100):100,q=d.quality?.overallScore||50;
|
|
132
132
|
document.getElementById('t1').textContent=t;
|
|
@@ -142,7 +142,8 @@ async function R(){
|
|
|
142
142
|
document.getElementById('bp').style.width=r+'%';document.getElementById('bf').style.width=(100-r)+'%';
|
|
143
143
|
|
|
144
144
|
items=d.timeline||[];document.getElementById('rc').textContent='共 '+items.length+' 条';G(0);
|
|
145
|
-
}catch{
|
|
145
|
+
}catch(e){
|
|
146
|
+
console.error('Dashboard fetch error:',e);
|
|
146
147
|
document.getElementById('st').textContent='断开';document.querySelector('.r b').style.background='var(--red)';
|
|
147
148
|
}
|
|
148
149
|
}
|
|
@@ -153,14 +154,15 @@ function G(p){cur=p;
|
|
|
153
154
|
if(!rows.length){b.innerHTML='<tr><td colspan="6"><div class="emp">暂无记录</div></td></tr>';return;}
|
|
154
155
|
const icons={exec:'⚙️',write:'✏️',edit:'🔧',read:'📖'},cls={exec:'e',write:'w',edit:'d',read:'g'};
|
|
155
156
|
b.innerHTML=rows.map(e=>{
|
|
156
|
-
const t=e.tool||'—',ok=e.verify!=='FAIL',
|
|
157
|
-
const rc=
|
|
158
|
-
const
|
|
157
|
+
const t=e.tool||'—',ok=e.verify!=='FAIL',riskScore=Number(e.risk)||Number(e.score)||0,rs=Math.round(riskScore*10),rp=Math.min(rs,100);
|
|
158
|
+
const rc=riskScore>3?'var(--red)':riskScore>1?'var(--amber)':'var(--green)';
|
|
159
|
+
const d=(typeof e.ts==='number'?new Date(e.ts):new Date(0));const tsVal=d.getFullYear()+'-'+String(d.getMonth()+1).padStart(2,'0')+'-'+String(d.getDate()).padStart(2,'0')+' '+String(d.getHours()).padStart(2,'0')+':'+String(d.getMinutes()).padStart(2,'0')+':'+String(d.getSeconds()).padStart(2,'0');
|
|
160
|
+
const pr=(e.params||'').slice(0,140)||'—';
|
|
159
161
|
return `<tr class="${ok?'':'fail'}">
|
|
160
162
|
<td>${icons[t]||'🔹'}</td><td><span class="tag ${cls[t]||''}">${t}</span></td>
|
|
161
|
-
<td><span class="pm" title="${pr}">${pr}</span></td><td><span class="tm">${
|
|
163
|
+
<td><span class="pm" title="${pr}">${pr}</span></td><td><span class="tm">${tsVal}</span></td>
|
|
162
164
|
<td><span class="pill ${ok?'ok':'ko'}">${ok?'● 通过':'● 拦截'}</span></td>
|
|
163
|
-
<td><div class="rw"><div class="bar"><div class="fll" style="width:${rp}%;background:${rc}"></div></div><span class="n" style="color:${rc}">${
|
|
165
|
+
<td><div class="rw"><div class="bar"><div class="fll" style="width:${rp}%;background:${rc}"></div></div><span class="n" style="color:${rc}">${riskScore.toFixed(1)}</span></div></td>
|
|
164
166
|
</tr>`;
|
|
165
167
|
}).join('');
|
|
166
168
|
|
|
@@ -0,0 +1,228 @@
|
|
|
1
|
+
export interface SchemaCheck {
|
|
2
|
+
pass: boolean;
|
|
3
|
+
errors?: SchemaError[];
|
|
4
|
+
}
|
|
5
|
+
export interface SchemaError {
|
|
6
|
+
field: string;
|
|
7
|
+
actual: unknown;
|
|
8
|
+
expected: string;
|
|
9
|
+
message: string;
|
|
10
|
+
}
|
|
11
|
+
export type RiskAction = 'auto' | 'notify' | 'confirm' | 'deny';
|
|
12
|
+
export interface RiskScore {
|
|
13
|
+
score: number;
|
|
14
|
+
action: RiskAction;
|
|
15
|
+
dimensions: {
|
|
16
|
+
impact: number;
|
|
17
|
+
reversibility: number;
|
|
18
|
+
sensitivity: number;
|
|
19
|
+
errorRate: number;
|
|
20
|
+
};
|
|
21
|
+
}
|
|
22
|
+
export interface GuardConfig {
|
|
23
|
+
schema?: {
|
|
24
|
+
rules: SchemaRule[];
|
|
25
|
+
};
|
|
26
|
+
riskGate?: {
|
|
27
|
+
autoApprove: number;
|
|
28
|
+
notify: number;
|
|
29
|
+
confirm: number;
|
|
30
|
+
deny: number;
|
|
31
|
+
};
|
|
32
|
+
}
|
|
33
|
+
export interface SchemaRule {
|
|
34
|
+
tool: string;
|
|
35
|
+
required: string[];
|
|
36
|
+
forbidden?: string[];
|
|
37
|
+
}
|
|
38
|
+
export interface WorkingMemory {
|
|
39
|
+
sessionId: string;
|
|
40
|
+
recentMessages: Message[];
|
|
41
|
+
currentTask?: Task;
|
|
42
|
+
recentToolResults: Map<string, ToolResult>;
|
|
43
|
+
openFiles: string[];
|
|
44
|
+
budget: TokenBudget;
|
|
45
|
+
}
|
|
46
|
+
export interface Message {
|
|
47
|
+
role: 'user' | 'agent' | 'tool';
|
|
48
|
+
content: string;
|
|
49
|
+
timestamp: number;
|
|
50
|
+
}
|
|
51
|
+
export interface Task {
|
|
52
|
+
description: string;
|
|
53
|
+
steps: Array<{
|
|
54
|
+
step: string;
|
|
55
|
+
status: 'pending' | 'in_progress' | 'done';
|
|
56
|
+
}>;
|
|
57
|
+
}
|
|
58
|
+
export interface ToolResult {
|
|
59
|
+
toolName: string;
|
|
60
|
+
result: unknown;
|
|
61
|
+
timestamp: number;
|
|
62
|
+
}
|
|
63
|
+
export interface TokenBudget {
|
|
64
|
+
used: number;
|
|
65
|
+
limit: number;
|
|
66
|
+
}
|
|
67
|
+
export type EventType = 'tool_call' | 'tool_failure' | 'decision' | 'correction' | 'publish' | 'error' | 'milestone' | 'note' | 'user_feedback';
|
|
68
|
+
export type CompressionLevel = 'full' | 'summary' | 'one-liner' | 'forgotten';
|
|
69
|
+
export interface EpisodicEvent {
|
|
70
|
+
id: string;
|
|
71
|
+
timestamp: number;
|
|
72
|
+
type: EventType;
|
|
73
|
+
importance: number;
|
|
74
|
+
compression: CompressionLevel;
|
|
75
|
+
content: string;
|
|
76
|
+
tags: string[];
|
|
77
|
+
relatedEntities: string[];
|
|
78
|
+
}
|
|
79
|
+
export interface UserFact {
|
|
80
|
+
fact: string;
|
|
81
|
+
timestamp: number;
|
|
82
|
+
lastReferenced: number;
|
|
83
|
+
}
|
|
84
|
+
export interface SemanticMemory {
|
|
85
|
+
userPreferences: Record<string, unknown>;
|
|
86
|
+
userFacts: UserFact[];
|
|
87
|
+
projectContext: Record<string, Partial<{
|
|
88
|
+
description: string;
|
|
89
|
+
techStack: string[];
|
|
90
|
+
conventions: string[];
|
|
91
|
+
architecture: string;
|
|
92
|
+
knownIssues: string[];
|
|
93
|
+
}> & Record<string, unknown>>;
|
|
94
|
+
learnedRules: LearnedRule[];
|
|
95
|
+
glossary: Record<string, string>;
|
|
96
|
+
}
|
|
97
|
+
export interface LearnedRule {
|
|
98
|
+
rule: string;
|
|
99
|
+
confidence: number;
|
|
100
|
+
source: string[];
|
|
101
|
+
lastReferenced: number;
|
|
102
|
+
}
|
|
103
|
+
export type SignalType = 'user_deleted_code' | 'user_interrupted' | 'user_provided_correction' | 'user_modified_output' | 'user_repeated_instruction' | 'user_ignored_result' | 'user_silence_then_praise' | 'user_immediate_continue' | 'agent_self_corrected' | 'user_explicit_approval' | 'user_used_result' | 'user_shared_output';
|
|
104
|
+
export interface ImplicitFeedback {
|
|
105
|
+
id: string;
|
|
106
|
+
timestamp: number;
|
|
107
|
+
signal: SignalType;
|
|
108
|
+
strength: number;
|
|
109
|
+
confidence: number;
|
|
110
|
+
sessionId: string;
|
|
111
|
+
operationId?: string;
|
|
112
|
+
source: string;
|
|
113
|
+
}
|
|
114
|
+
export interface PreExecMetrics {
|
|
115
|
+
timestamp: number;
|
|
116
|
+
toolName: string;
|
|
117
|
+
schemaCheck: SchemaCheck;
|
|
118
|
+
riskScore: RiskScore;
|
|
119
|
+
paramQuality: {
|
|
120
|
+
score: number;
|
|
121
|
+
observations: string[];
|
|
122
|
+
};
|
|
123
|
+
contextUtilization: {
|
|
124
|
+
score: number;
|
|
125
|
+
patterns: string[];
|
|
126
|
+
};
|
|
127
|
+
}
|
|
128
|
+
export interface RuntimeMetrics {
|
|
129
|
+
retryCount: number;
|
|
130
|
+
selfCorrected: boolean;
|
|
131
|
+
hadTimeout: boolean;
|
|
132
|
+
toolSuccess: boolean;
|
|
133
|
+
toolSelectionMatch?: boolean;
|
|
134
|
+
adaptiveScore: number;
|
|
135
|
+
durationMs: number;
|
|
136
|
+
}
|
|
137
|
+
export interface PostExecMetrics {
|
|
138
|
+
timestamp?: number;
|
|
139
|
+
verifyPassed: boolean;
|
|
140
|
+
verifyScore: number;
|
|
141
|
+
userAccepted: boolean;
|
|
142
|
+
userEditRate: number;
|
|
143
|
+
resultUtilized: boolean;
|
|
144
|
+
outcomeScore: number;
|
|
145
|
+
healthy: boolean;
|
|
146
|
+
diffLinesChanged?: number;
|
|
147
|
+
}
|
|
148
|
+
export interface Snapshot {
|
|
149
|
+
id: string;
|
|
150
|
+
toolCallId: string;
|
|
151
|
+
timestamp: number;
|
|
152
|
+
scope: 'file' | 'workspace' | 'full';
|
|
153
|
+
fileHashes: Record<string, string>;
|
|
154
|
+
envVars: Record<string, string>;
|
|
155
|
+
gitHead: string;
|
|
156
|
+
gitDirty: boolean;
|
|
157
|
+
}
|
|
158
|
+
export type VerifyStatus = 'PASS' | 'WARN' | 'FAIL';
|
|
159
|
+
export interface VerifyCheck {
|
|
160
|
+
name: string;
|
|
161
|
+
status: VerifyStatus;
|
|
162
|
+
detail?: string;
|
|
163
|
+
}
|
|
164
|
+
export interface AuditEntry {
|
|
165
|
+
id: string;
|
|
166
|
+
sessionId: string;
|
|
167
|
+
agentId: string;
|
|
168
|
+
startedAt: number;
|
|
169
|
+
completedAt: number;
|
|
170
|
+
durationMs: number;
|
|
171
|
+
toolName: string;
|
|
172
|
+
toolParameters: Record<string, unknown>;
|
|
173
|
+
toolResult: unknown;
|
|
174
|
+
schemaGate: SchemaCheck;
|
|
175
|
+
riskGate: {
|
|
176
|
+
score: number;
|
|
177
|
+
action: RiskAction;
|
|
178
|
+
};
|
|
179
|
+
snapshot: Snapshot | null;
|
|
180
|
+
verifyGate: {
|
|
181
|
+
status: VerifyStatus;
|
|
182
|
+
checks: VerifyCheck[];
|
|
183
|
+
};
|
|
184
|
+
diff: DiffInfo | null;
|
|
185
|
+
rollback?: RollbackInfo;
|
|
186
|
+
}
|
|
187
|
+
export interface DiffInfo {
|
|
188
|
+
filesChanged: string[];
|
|
189
|
+
linesAdded: number;
|
|
190
|
+
linesRemoved: number;
|
|
191
|
+
hashBefore: Record<string, string>;
|
|
192
|
+
hashAfter: Record<string, string>;
|
|
193
|
+
}
|
|
194
|
+
export interface RollbackInfo {
|
|
195
|
+
rolledBack: boolean;
|
|
196
|
+
rollbackSnapshotId: string;
|
|
197
|
+
success: boolean;
|
|
198
|
+
}
|
|
199
|
+
export interface AgentOSConfig {
|
|
200
|
+
workspaceRoot?: string;
|
|
201
|
+
maxWorkingTokens?: number;
|
|
202
|
+
maxEpisodicSizeKb?: number;
|
|
203
|
+
guardConfig?: GuardConfig;
|
|
204
|
+
evaluatorConfig?: {
|
|
205
|
+
implicitFeedbackEnabled?: boolean;
|
|
206
|
+
};
|
|
207
|
+
}
|
|
208
|
+
export declare enum ErrorCode {
|
|
209
|
+
/** Schema validation failure */
|
|
210
|
+
E_SCHEMA = "E_SCHEMA",
|
|
211
|
+
/** Risk gate blocked */
|
|
212
|
+
E_RISK = "E_RISK",
|
|
213
|
+
/** Snapshot failed (IO/permissions) */
|
|
214
|
+
E_SNAPSHOT = "E_SNAPSHOT",
|
|
215
|
+
/** Verify gate failed */
|
|
216
|
+
E_VERIFY = "E_VERIFY",
|
|
217
|
+
/** Audit log write failed */
|
|
218
|
+
E_AUDIT_IO = "E_AUDIT_IO",
|
|
219
|
+
/** Tool execution error */
|
|
220
|
+
E_EXEC = "E_EXEC",
|
|
221
|
+
/** Unknown/internal error */
|
|
222
|
+
E_INTERNAL = "E_INTERNAL"
|
|
223
|
+
}
|
|
224
|
+
export interface SentinelError extends Error {
|
|
225
|
+
code: ErrorCode;
|
|
226
|
+
details?: unknown;
|
|
227
|
+
}
|
|
228
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,OAAO,CAAC;IACd,MAAM,CAAC,EAAE,WAAW,EAAE,CAAC;CACxB;AAED,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,OAAO,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,MAAM,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,SAAS,GAAG,MAAM,CAAC;AAEhE,MAAM,WAAW,SAAS;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,UAAU,CAAC;IACnB,UAAU,EAAE;QACV,MAAM,EAAE,MAAM,CAAC;QACf,aAAa,EAAE,MAAM,CAAC;QACtB,WAAW,EAAE,MAAM,CAAC;QACpB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;CACH;AAED,MAAM,WAAW,WAAW;IAC1B,MAAM,CAAC,EAAE;QAAE,KAAK,EAAE,UAAU,EAAE,CAAA;KAAE,CAAC;IACjC,QAAQ,CAAC,EAAE;QACT,WAAW,EAAE,MAAM,CAAC;QACpB,MAAM,EAAE,MAAM,CAAC;QACf,OAAO,EAAE,MAAM,CAAC;QAChB,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;CACH;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB;AAID,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,OAAO,EAAE,CAAC;IAC1B,WAAW,CAAC,EAAE,IAAI,CAAC;IACnB,iBAAiB,EAAE,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IAC3C,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,MAAM,EAAE,WAAW,CAAC;CACrB;AAED,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,MAAM,GAAG,OAAO,GAAG,MAAM,CAAC;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,IAAI;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,SAAS,GAAG,aAAa,GAAG,MAAM,CAAA;KAAE,CAAC,CAAC;CAC5E;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,OAAO,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,MAAM,SAAS,GACjB,WAAW,GACX,cAAc,GACd,UAAU,GACV,YAAY,GACZ,SAAS,GACT,OAAO,GACP,WAAW,GACX,MAAM,GACN,eAAe,CAAC;AAEpB,MAAM,MAAM,gBAAgB,GAAG,MAAM,GAAG,SAAS,GAAG,WAAW,GAAG,WAAW,CAAC;AAE9E,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,SAAS,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,gBAAgB,CAAC;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,cAAc;IAC7B,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACzC,SAAS,EAAE,QAAQ,EAAE,CAAC;IACtB,cAAc,EAAE,MAAM,CACpB,MAAM,EACN,OAAO,CAAC;QACN,WAAW,EAAE,MAAM,CAAC;QACpB,SAAS,EAAE,MAAM,EAAE,CAAC;QACpB,WAAW,EAAE,MAAM,EAAE,CAAC;QACtB,YAAY,EAAE,MAAM,CAAC;QACrB,WAAW,EAAE,MAAM,EAAE,CAAC;KACvB,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAC7B,CAAC;IACF,YAAY,EAAE,WAAW,EAAE,CAAC;IAC5B,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClC;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,cAAc,EAAE,MAAM,CAAC;CACxB;AAID,MAAM,MAAM,UAAU,GAClB,mBAAmB,GACnB,kBAAkB,GAClB,0BAA0B,GAC1B,sBAAsB,GACtB,2BAA2B,GAC3B,qBAAqB,GACrB,0BAA0B,GAC1B,yBAAyB,GACzB,sBAAsB,GACtB,wBAAwB,GACxB,kBAAkB,GAClB,oBAAoB,CAAC;AAEzB,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,UAAU,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,cAAc;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,WAAW,CAAC;IACzB,SAAS,EAAE,SAAS,CAAC;IACrB,YAAY,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;IACxD,kBAAkB,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;CAC3D;AAED,MAAM,WAAW,cAAc;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,OAAO,CAAC;IACvB,UAAU,EAAE,OAAO,CAAC;IACpB,WAAW,EAAE,OAAO,CAAC;IACrB,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,eAAe;IAC9B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,OAAO,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,OAAO,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,OAAO,CAAC;IACxB,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,OAAO,CAAC;IACjB,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAID,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,GAAG,WAAW,GAAG,MAAM,CAAC;IACrC,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACnC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,MAAM,YAAY,GAAG,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;AAEpD,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,YAAY,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACxC,UAAU,EAAE,OAAO,CAAC;IACpB,UAAU,EAAE,WAAW,CAAC;IACxB,QAAQ,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,UAAU,CAAA;KAAE,CAAC;IAChD,QAAQ,EAAE,QAAQ,GAAG,IAAI,CAAC;IAC1B,UAAU,EAAE;QAAE,MAAM,EAAE,YAAY,CAAC;QAAC,MAAM,EAAE,WAAW,EAAE,CAAA;KAAE,CAAC;IAC5D,IAAI,EAAE,QAAQ,GAAG,IAAI,CAAC;IACtB,QAAQ,CAAC,EAAE,YAAY,CAAC;CACzB;AAED,MAAM,WAAW,QAAQ;IACvB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACnC,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACnC;AAED,MAAM,WAAW,YAAY;IAC3B,UAAU,EAAE,OAAO,CAAC;IACpB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,OAAO,EAAE,OAAO,CAAC;CAClB;AAID,MAAM,WAAW,aAAa;IAC5B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,eAAe,CAAC,EAAE;QAChB,uBAAuB,CAAC,EAAE,OAAO,CAAC;KACnC,CAAC;CACH;AAID,oBAAY,SAAS;IACnB,gCAAgC;IAChC,QAAQ,aAAa;IACrB,wBAAwB;IACxB,MAAM,WAAW;IACjB,uCAAuC;IACvC,UAAU,eAAe;IACzB,yBAAyB;IACzB,QAAQ,aAAa;IACrB,6BAA6B;IAC7B,UAAU,eAAe;IACzB,2BAA2B;IAC3B,MAAM,WAAW;IACjB,6BAA6B;IAC7B,UAAU,eAAe;CAC1B;AAED,MAAM,WAAW,aAAc,SAAQ,KAAK;IAC1C,IAAI,EAAE,SAAS,CAAC;IAChB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB"}
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
// === Guard Layer Types ===
|
|
3
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
4
|
+
exports.ErrorCode = void 0;
|
|
5
|
+
// === Error Codes ===
|
|
6
|
+
var ErrorCode;
|
|
7
|
+
(function (ErrorCode) {
|
|
8
|
+
/** Schema validation failure */
|
|
9
|
+
ErrorCode["E_SCHEMA"] = "E_SCHEMA";
|
|
10
|
+
/** Risk gate blocked */
|
|
11
|
+
ErrorCode["E_RISK"] = "E_RISK";
|
|
12
|
+
/** Snapshot failed (IO/permissions) */
|
|
13
|
+
ErrorCode["E_SNAPSHOT"] = "E_SNAPSHOT";
|
|
14
|
+
/** Verify gate failed */
|
|
15
|
+
ErrorCode["E_VERIFY"] = "E_VERIFY";
|
|
16
|
+
/** Audit log write failed */
|
|
17
|
+
ErrorCode["E_AUDIT_IO"] = "E_AUDIT_IO";
|
|
18
|
+
/** Tool execution error */
|
|
19
|
+
ErrorCode["E_EXEC"] = "E_EXEC";
|
|
20
|
+
/** Unknown/internal error */
|
|
21
|
+
ErrorCode["E_INTERNAL"] = "E_INTERNAL";
|
|
22
|
+
})(ErrorCode || (exports.ErrorCode = ErrorCode = {}));
|
|
23
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":";AAAA,4BAA4B;;;AA6P5B,sBAAsB;AAEtB,IAAY,SAeX;AAfD,WAAY,SAAS;IACnB,gCAAgC;IAChC,kCAAqB,CAAA;IACrB,wBAAwB;IACxB,8BAAiB,CAAA;IACjB,uCAAuC;IACvC,sCAAyB,CAAA;IACzB,yBAAyB;IACzB,kCAAqB,CAAA;IACrB,6BAA6B;IAC7B,sCAAyB,CAAA;IACzB,2BAA2B;IAC3B,8BAAiB,CAAA;IACjB,6BAA6B;IAC7B,sCAAyB,CAAA;AAC3B,CAAC,EAfW,SAAS,yBAAT,SAAS,QAepB"}
|
package/package.json
CHANGED
|
@@ -0,0 +1,234 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Sentinel AgentOS Full Guard — 全功能版
|
|
3
|
+
*
|
|
4
|
+
* preCheck: 轻量拦截(4.4μs)
|
|
5
|
+
* postCheck: 完整审计 + 三层记忆 + 三阶段评估 + 隐性反馈
|
|
6
|
+
*
|
|
7
|
+
* 模块初始化时自动注入语义记忆上下文到 session。
|
|
8
|
+
*/
|
|
9
|
+
|
|
10
|
+
const { AgentOS } = require('sentinel-agentos');
|
|
11
|
+
const fs = require('fs');
|
|
12
|
+
const path = require('path');
|
|
13
|
+
|
|
14
|
+
const AUDIT_DIR = path.join(__dirname, '..', '.sentinel-audit');
|
|
15
|
+
|
|
16
|
+
// 全局单例
|
|
17
|
+
if (!global.__sentinel_aos) {
|
|
18
|
+
const aos = new AgentOS({
|
|
19
|
+
workspaceRoot: process.cwd(),
|
|
20
|
+
maxWorkingTokens: 50000,
|
|
21
|
+
maxEpisodicSizeKb: 500,
|
|
22
|
+
});
|
|
23
|
+
|
|
24
|
+
// 注册全套 Schema 规则
|
|
25
|
+
aos.guard.schema.registerRules([
|
|
26
|
+
{ tool: 'exec', required: ['command'] },
|
|
27
|
+
{
|
|
28
|
+
tool: 'write', required: ['path', 'content'],
|
|
29
|
+
pathDeny: { path: ['.env', '*.key', '*.pem', '.git/**', '**/credentials/**'] },
|
|
30
|
+
maxSize: { content: 1048576 }, secrets: ['content'],
|
|
31
|
+
},
|
|
32
|
+
{ tool: 'read', required: ['path'], pathDeny: { path: ['.env', '*.key'] } },
|
|
33
|
+
{ tool: 'edit', required: ['path'], pathDeny: { path: ['.env', '*.key', '.git/**'] } },
|
|
34
|
+
{
|
|
35
|
+
tool: 'delete', required: ['path'],
|
|
36
|
+
pathDeny: { path: ['.env', '*.key', '*.pem', '.git/**', 'node_modules/**', 'package.json'] },
|
|
37
|
+
},
|
|
38
|
+
]);
|
|
39
|
+
|
|
40
|
+
// 从磁盘恢复审计
|
|
41
|
+
const auditFile = path.join(AUDIT_DIR, 'audit.jsonl');
|
|
42
|
+
if (fs.existsSync(auditFile)) {
|
|
43
|
+
try {
|
|
44
|
+
fs.readFileSync(auditFile, 'utf-8').trim().split('\n').filter(Boolean).forEach(line => {
|
|
45
|
+
aos.guard.audit.entries.push(JSON.parse(line));
|
|
46
|
+
});
|
|
47
|
+
} catch {}
|
|
48
|
+
}
|
|
49
|
+
|
|
50
|
+
// 注入默认语义记忆
|
|
51
|
+
aos.memory.semantic.setPreference('user-name', '老板');
|
|
52
|
+
aos.memory.semantic.setPreference('language', 'zh-CN');
|
|
53
|
+
aos.memory.semantic.setPreference('direct-communication', true);
|
|
54
|
+
aos.memory.semantic.addFact('老板是中国用户,偏好直接、不说废话');
|
|
55
|
+
aos.memory.semantic.addFact('项目 coderev 是 AI 代码审查 CLI 工具');
|
|
56
|
+
aos.memory.semantic.addFact('项目 sentinel-agentos 是 AI Agent 操作系统');
|
|
57
|
+
aos.memory.semantic.learnRule('高风险操作前必须 preCheck', 'sentinel_init');
|
|
58
|
+
aos.memory.semantic.learnRule('操作完成后必须 postCheck 审计', 'sentinel_init');
|
|
59
|
+
aos.memory.semantic.learnRule('npm publish 前必须确认版本号', 'sentinel_init');
|
|
60
|
+
|
|
61
|
+
// 记录首次启动事件
|
|
62
|
+
aos.memory.episodic.record('milestone',
|
|
63
|
+
'Sentinel AgentOS 全功能启用:Guard + Memory + Evaluator',
|
|
64
|
+
['init', 'milestone'], ['sentinel-agentos']);
|
|
65
|
+
|
|
66
|
+
global.__sentinel_aos = aos;
|
|
67
|
+
global.__sentinel_session_id = 1;
|
|
68
|
+
}
|
|
69
|
+
|
|
70
|
+
const aos = global.__sentinel_aos;
|
|
71
|
+
let opCounter = 0;
|
|
72
|
+
|
|
73
|
+
// ── 确定性规则(零 LLM)──
|
|
74
|
+
const DANGEROUS = [
|
|
75
|
+
[/rm\s+-rf\s+\//, 'rm -rf / — 删除整个系统'],
|
|
76
|
+
[/rm\s+-rf\s+~/, 'rm -rf ~ — 删除用户目录'],
|
|
77
|
+
[/sudo\s+rm/, 'sudo rm — 超级用户删除'],
|
|
78
|
+
[/mkfs\./, 'mkfs — 格式化磁盘'],
|
|
79
|
+
[/dd\s+if=/, 'dd — 可能覆盖分区'],
|
|
80
|
+
[/fork\s*bomb|:\(\)/, 'fork bomb — 系统崩溃'],
|
|
81
|
+
[/chmod\s+777\s+-R\s*\//, 'chmod 777 -R / — 权限全开'],
|
|
82
|
+
[/del\s+\/F\s+\/S\s+[A-Z]:\\/, 'del /F /S — 全盘删除'],
|
|
83
|
+
[/>\s*\/dev\/sd[a-z]/, '写入磁盘设备'],
|
|
84
|
+
];
|
|
85
|
+
const WARNING = [
|
|
86
|
+
[/git\s+push\s+--force/, 'git push --force — 强制覆盖'],
|
|
87
|
+
[/git\s+reset\s+--hard/, 'git reset --hard — 不可逆'],
|
|
88
|
+
[/npm\s+publish\b/, 'npm publish — 发布公共包'],
|
|
89
|
+
[/npm\s+unpublish\b/, 'npm unpublish — 从 npm 删除'],
|
|
90
|
+
[/DROP\s+(TABLE|DATABASE)/i, 'DROP — 删除数据库'],
|
|
91
|
+
[/TRUNCATE\s+(TABLE\s+)?/i, 'TRUNCATE — 清空表'],
|
|
92
|
+
];
|
|
93
|
+
const SENSITIVE = [
|
|
94
|
+
'.env', '.env.*', '*.key', '*.pem', '*.p12', '*.pfx', '*.jks', '*.keystore',
|
|
95
|
+
'.git/**', '**/credentials/**', '**/secrets/**', '**/SECRETS/**',
|
|
96
|
+
'package.json', 'package-lock.json', 'yarn.lock', 'pnpm-lock.yaml', 'Cargo.lock',
|
|
97
|
+
];
|
|
98
|
+
const PROTECTED = [
|
|
99
|
+
'package.json', 'package-lock.json', 'yarn.lock', 'pnpm-lock.yaml',
|
|
100
|
+
'.gitignore', '.gitattributes', 'Cargo.toml', 'Cargo.lock', 'tsconfig.json',
|
|
101
|
+
'AGENTS.md', 'SOUL.md', 'MEMORY.md', 'USER.md',
|
|
102
|
+
];
|
|
103
|
+
|
|
104
|
+
function globMatch(pattern, p) {
|
|
105
|
+
p = (p || '').replace(/\\/g, '/');
|
|
106
|
+
if (!pattern.includes('*')) return p === pattern || p.endsWith('/' + pattern);
|
|
107
|
+
const re = '^' + pattern.replace(/[.+^${}()|[\]\\]/g, '\\$&').replace(/\*\*\//g, '(.*/)?').replace(/\*/g, '[^/]*') + '$';
|
|
108
|
+
return new RegExp(re).test(p);
|
|
109
|
+
}
|
|
110
|
+
|
|
111
|
+
module.exports = {
|
|
112
|
+
// ── 执行前拦截 ──
|
|
113
|
+
preCheck(toolName, params) {
|
|
114
|
+
if (toolName === 'exec' && params.command) {
|
|
115
|
+
const cmd = String(params.command);
|
|
116
|
+
for (const [re, desc] of DANGEROUS) {
|
|
117
|
+
if (re.test(cmd)) return { passed: false, block: true, risk: 'DENY', reason: `🚫 危险命令: ${desc}` };
|
|
118
|
+
}
|
|
119
|
+
for (const [re, desc] of WARNING) {
|
|
120
|
+
if (re.test(cmd)) return { passed: false, block: true, risk: 'CONFIRM', reason: `⚠️ 需要确认: ${desc}`, needsConfirmation: true };
|
|
121
|
+
}
|
|
122
|
+
}
|
|
123
|
+
const p = params.path || params.file;
|
|
124
|
+
if (p && ['write', 'edit', 'delete', 'read'].includes(toolName)) {
|
|
125
|
+
for (const ptn of SENSITIVE) {
|
|
126
|
+
if (globMatch(ptn, p)) return { passed: false, block: true, risk: 'DENY', reason: `🚫 敏感文件: "${p}" → "${ptn}"` };
|
|
127
|
+
}
|
|
128
|
+
}
|
|
129
|
+
if (toolName === 'delete' && p) {
|
|
130
|
+
for (const pf of PROTECTED) {
|
|
131
|
+
if (String(p) === pf || String(p).endsWith('/' + pf) || String(p).endsWith('\\' + pf))
|
|
132
|
+
return { passed: false, block: true, risk: 'DENY', reason: `🚫 保护文件: "${pf}"` };
|
|
133
|
+
}
|
|
134
|
+
}
|
|
135
|
+
return { passed: true, risk: 'auto' };
|
|
136
|
+
},
|
|
137
|
+
|
|
138
|
+
// ── 执行后审计(异步 AgentOS,不阻塞回复)──
|
|
139
|
+
postCheck(toolName, params, result) {
|
|
140
|
+
// 轻量审计(纯内存 + 5ms I/O,不调 git)
|
|
141
|
+
const entry = {
|
|
142
|
+
id: `${++opCounter}`,
|
|
143
|
+
ts: new Date().toISOString(),
|
|
144
|
+
sessionId: `s${global.__sentinel_session_id}`,
|
|
145
|
+
tool: toolName,
|
|
146
|
+
params: typeof params === 'string' ? params.slice(0, 200) : JSON.stringify(params || {}).slice(0, 200),
|
|
147
|
+
result: String(result || '').slice(0, 100),
|
|
148
|
+
};
|
|
149
|
+
aos.memory.working.addMessage('tool', `${toolName}: ${entry.params}`);
|
|
150
|
+
try {
|
|
151
|
+
if (!fs.existsSync(AUDIT_DIR)) fs.mkdirSync(AUDIT_DIR, { recursive: true });
|
|
152
|
+
fs.appendFileSync(path.join(AUDIT_DIR, 'audit.jsonl'), JSON.stringify(entry) + '\n');
|
|
153
|
+
} catch {}
|
|
154
|
+
|
|
155
|
+
// AgentOS 完整审计放到 next tick,不阻塞回复
|
|
156
|
+
setImmediate(() => {
|
|
157
|
+
try {
|
|
158
|
+
const sid = `s${global.__sentinel_session_id}_op${opCounter}`;
|
|
159
|
+
const { preExec, snapshot } = aos.executePipeline({
|
|
160
|
+
sessionId: sid, agentId: 'openclaw', toolName, parameters: params || {},
|
|
161
|
+
});
|
|
162
|
+
|
|
163
|
+
// 根据工具类型推断 claimedResult,让 Verify Gate 正常工作
|
|
164
|
+
const claimed = {};
|
|
165
|
+
if (['write', 'edit', 'delete'].includes(toolName) && params?.path) {
|
|
166
|
+
claimed.files = [String(params.path)];
|
|
167
|
+
}
|
|
168
|
+
if (result) claimed.result = result;
|
|
169
|
+
|
|
170
|
+
aos.completeExecution({
|
|
171
|
+
sessionId: sid, agentId: 'openclaw', toolName,
|
|
172
|
+
toolParameters: params || {}, toolResult: result ?? null,
|
|
173
|
+
snapshot, startTime: Date.now() - 500, endTime: Date.now(),
|
|
174
|
+
retryCount: 0, wasSelfCorrected: false, hadTimeout: false,
|
|
175
|
+
userAccepted: true, userProvidedEdit: false, resultWasUsed: true,
|
|
176
|
+
});
|
|
177
|
+
|
|
178
|
+
// 记录反馈:结果被使用 = 正面信号
|
|
179
|
+
aos.recordFeedback('user_used_result', `s${global.__sentinel_session_id}`);
|
|
180
|
+
|
|
181
|
+
if (toolName === 'exec' && params?.command) {
|
|
182
|
+
aos.memory.episodic.record('tool_call', String(params.command), ['exec'], []);
|
|
183
|
+
}
|
|
184
|
+
} catch {}
|
|
185
|
+
});
|
|
186
|
+
|
|
187
|
+
return { auditId: entry.id, verify: 'QUEUED' };
|
|
188
|
+
},
|
|
189
|
+
|
|
190
|
+
// ── 查看审计 ──
|
|
191
|
+
audit(limit = 10) {
|
|
192
|
+
return aos.guard.audit.query({ limit });
|
|
193
|
+
},
|
|
194
|
+
|
|
195
|
+
// ── 完整状态报告 ──
|
|
196
|
+
status() {
|
|
197
|
+
return aos.statusReport();
|
|
198
|
+
},
|
|
199
|
+
|
|
200
|
+
// ── 注入 Memory 上下文(session 启动时调用)─
|
|
201
|
+
injectContext() {
|
|
202
|
+
return aos.injectContext();
|
|
203
|
+
},
|
|
204
|
+
|
|
205
|
+
// ── 记录反馈 ──
|
|
206
|
+
feedback(signal) {
|
|
207
|
+
aos.recordFeedback(signal, `s${global.__sentinel_session_id}`);
|
|
208
|
+
},
|
|
209
|
+
|
|
210
|
+
// ── 结束 Session ──
|
|
211
|
+
endSession() {
|
|
212
|
+
const sid = `s${global.__sentinel_session_id}`;
|
|
213
|
+
aos.endSession(sid);
|
|
214
|
+
global.__sentinel_session_id++;
|
|
215
|
+
},
|
|
216
|
+
|
|
217
|
+
// ── 获取完整状态快照 ──
|
|
218
|
+
fullStatus() {
|
|
219
|
+
return {
|
|
220
|
+
sessionId: `s${global.__sentinel_session_id}`,
|
|
221
|
+
opCount: opCounter,
|
|
222
|
+
audit: aos.guard.audit.stats(),
|
|
223
|
+
profile: aos.getProfile(),
|
|
224
|
+
satisfaction: aos.evaluator.feedback.getSatisfactionScore(),
|
|
225
|
+
workingMemory: {
|
|
226
|
+
messages: aos.memory.working.recentMessages.length,
|
|
227
|
+
budget: aos.memory.working.budget,
|
|
228
|
+
},
|
|
229
|
+
episodicEvents: aos.memory.episodic.count,
|
|
230
|
+
semanticRules: aos.memory.semantic.getAllRules().length,
|
|
231
|
+
preferences: aos.memory.semantic.getPreference('language'),
|
|
232
|
+
};
|
|
233
|
+
},
|
|
234
|
+
};
|