@1claw/openclaw-plugin 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 1claw (https://1claw.xyz)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,112 @@
+# 1claw OpenClaw Plugin
+
+OpenClaw gateway plugin for [1claw](https://1claw.xyz) — HSM-backed secret management, transaction signing, and Shroud LLM proxy integration for AI agents.
+
+**Repository:** [github.com/1clawAI/1claw-openclaw-plugin](https://github.com/1clawAI/1claw-openclaw-plugin)  
+**npm:** [@1claw/openclaw-plugin](https://www.npmjs.com/package/@1claw/openclaw-plugin)  
+**Docs:** [OpenClaw Plugins](https://docs.openclaw.ai/tools/plugin) · [1claw](https://docs.1claw.xyz)
+
+---
+
+## Features
+
+- **Native agent tools** — 13 tools for secrets, vaults, policies, sharing, and EVM transactions (optional, configurable)
+- **Secret redaction** — Scan outbound messages and redact leaked secret values (default on)
+- **Secret injection** — Replace `{{1claw:path/to/secret}}` placeholders at prompt time (opt-in)
+- **Shroud routing** — Route LLM traffic through [Shroud](https://shroud.1claw.xyz) TEE when the agent has `shroud_enabled` (opt-in)
+- **Key rotation monitor** — Background warnings for secrets expiring within 7 days (opt-in)
+- **Slash commands** — `/oneclaw`, `/oneclaw-list`, `/oneclaw-rotate` (optional)
+- **Gateway RPC** — `1claw.status` for programmatic health/status
+- **Bundled skill** — 1claw skill (`skills/1claw/SKILL.md`) auto-discovered by OpenClaw
+
+All features are toggled via `plugins.entries.1claw.config.features`. Auth uses config or env vars.
+
+---
+
+## Install
+
+```bash
+openclaw plugins install @1claw/openclaw-plugin
+```
+
+Or from the repo (e.g. when developing or using as a submodule):
+
+```bash
+openclaw plugins install -l ./path/to/1claw-openclaw-plugin
+```
+
+---
+
+## Config
+
+Minimal config (config file or env):
+
+```json5
+{
+  plugins: {
+    entries: {
+      "1claw": {
+        enabled: true,
+        config: {
+          apiKey: "ocv_..."
+          // agentId, vaultId, baseUrl, shroudUrl optional
+          // features: { tools: true, secretRedaction: true, ... }
+        }
+      }
+    }
+  }
+}
+```
+
+**Env fallback:** `ONECLAW_AGENT_API_KEY`, `ONECLAW_AGENT_ID`, `ONECLAW_VAULT_ID`, `ONECLAW_BASE_URL`, `ONECLAW_SHROUD_URL`.
+
+Restart the OpenClaw Gateway after changing config.
+
+---
+
+## Tool names
+
+When enabled, tools are registered with a `oneclaw_` prefix (e.g. `oneclaw_list_secrets`, `oneclaw_get_secret`). Add them to your agent’s `tools.allow` (e.g. `"1claw"` or specific names).
+
+---
+
+## Slash commands
+
+| Command           | Description                                      |
+|-------------------|--------------------------------------------------|
+| `/oneclaw`        | Connection status, vault info, token TTL, features |
+| `/oneclaw-list`   | List secret paths (optional prefix arg)          |
+| `/oneclaw-rotate` | Rotate a secret: `/oneclaw-rotate <path> <new-value>` |
+
+---
+
+## Development
+
+```bash
+npm install
+npm run typecheck
+```
+
+- **TypeScript** only (no build step required for OpenClaw; jiti loads `.ts` at runtime).
+- Optional: `npm run build` to emit `dist/` (not required for `openclaw plugins install` when using source).
+
+### As a submodule in 1claw
+
+From the [1claw](https://github.com/1clawAI/1claw) repo root:
+
+```bash
+git submodule add https://github.com/1clawAI/1claw-openclaw-plugin.git packages/openclaw-plugin
+git submodule update --init --recursive
+```
+
+Clone 1claw with the submodule:
+
+```bash
+git clone --recurse-submodules https://github.com/1clawAI/1claw.git
+```
+
+---
+
+## License
+
+MIT © [1claw](https://1claw.xyz)

package/openclaw.plugin.json

@@ -0,0 +1,103 @@
+{
+    "id": "1claw",
+    "name": "1Claw Secrets Manager",
+    "version": "0.1.0",
+    "description": "HSM-backed secret management, transaction signing, and Shroud LLM proxy for AI agents",
+    "configSchema": {
+        "type": "object",
+        "additionalProperties": false,
+        "properties": {
+            "apiKey": {
+                "type": "string",
+                "description": "Agent API key (ocv_... prefix)"
+            },
+            "agentId": {
+                "type": "string",
+                "description": "Agent UUID (optional — auto-resolved from API key)"
+            },
+            "vaultId": {
+                "type": "string",
+                "description": "Default vault UUID (optional — auto-discovered)"
+            },
+            "baseUrl": {
+                "type": "string",
+                "default": "https://api.1claw.xyz",
+                "description": "1claw API base URL"
+            },
+            "shroudUrl": {
+                "type": "string",
+                "default": "https://shroud.1claw.xyz",
+                "description": "Shroud TEE proxy URL"
+            },
+            "features": {
+                "type": "object",
+                "additionalProperties": false,
+                "properties": {
+                    "tools": {
+                        "type": "boolean",
+                        "default": true,
+                        "description": "Register native agent tools for secrets, vaults, policies, sharing, and transactions"
+                    },
+                    "secretInjection": {
+                        "type": "boolean",
+                        "default": false,
+                        "description": "Inject {{1claw:path}} placeholders with real secret values at prompt time"
+                    },
+                    "secretRedaction": {
+                        "type": "boolean",
+                        "default": true,
+                        "description": "Scan outbound messages and redact leaked secret values"
+                    },
+                    "shroudRouting": {
+                        "type": "boolean",
+                        "default": false,
+                        "description": "Route LLM traffic through Shroud TEE proxy when agent has shroud_enabled"
+                    },
+                    "keyRotationMonitor": {
+                        "type": "boolean",
+                        "default": false,
+                        "description": "Background service that warns about expiring secrets"
+                    },
+                    "slashCommands": {
+                        "type": "boolean",
+                        "default": true,
+                        "description": "Register /oneclaw, /oneclaw-list, /oneclaw-rotate slash commands"
+                    }
+                }
+            },
+            "securityMode": {
+                "type": "string",
+                "enum": ["block", "surgical", "log_only"],
+                "default": "block",
+                "description": "How to handle detected threats in tool inputs"
+            }
+        }
+    },
+    "uiHints": {
+        "apiKey": {
+            "label": "Agent API Key",
+            "sensitive": true,
+            "placeholder": "ocv_..."
+        },
+        "agentId": {
+            "label": "Agent ID",
+            "placeholder": "auto-resolved from API key"
+        },
+        "vaultId": {
+            "label": "Vault ID",
+            "placeholder": "auto-discovered"
+        },
+        "baseUrl": {
+            "label": "API Base URL",
+            "placeholder": "https://api.1claw.xyz"
+        },
+        "shroudUrl": {
+            "label": "Shroud Proxy URL",
+            "placeholder": "https://shroud.1claw.xyz"
+        },
+        "securityMode": {
+            "label": "Security Mode"
+        }
+    },
+    "skills": ["skills/1claw"]
+}

package/package.json

@@ -0,0 +1,57 @@
+{
+    "name": "@1claw/openclaw-plugin",
+    "version": "0.1.0",
+    "description": "OpenClaw plugin for 1claw — HSM-backed secret management, transaction signing, and Shroud LLM proxy integration for AI agents",
+    "type": "module",
+    "main": "src/index.ts",
+    "files": [
+        "src",
+        "skills",
+        "openclaw.plugin.json",
+        "README.md",
+        "LICENSE"
+    ],
+    "openclaw": {
+        "extensions": [
+            "./src/index.ts"
+        ]
+    },
+    "scripts": {
+        "build": "tsc",
+        "typecheck": "tsc --noEmit"
+    },
+    "keywords": [
+        "1claw",
+        "openclaw",
+        "plugin",
+        "secrets",
+        "vault",
+        "hsm",
+        "ai-agents",
+        "shroud",
+        "tee",
+        "intents-api"
+    ],
+    "publishConfig": {
+        "access": "public"
+    },
+    "repository": {
+        "type": "git",
+        "url": "https://github.com/1clawAI/1claw-openclaw-plugin.git"
+    },
+    "homepage": "https://github.com/1clawAI/1claw-openclaw-plugin#readme",
+    "bugs": {
+        "url": "https://github.com/1clawAI/1claw-openclaw-plugin/issues"
+    },
+    "license": "MIT",
+    "dependencies": {
+        "@sinclair/typebox": "^0.34.0"
+    },
+    "devDependencies": {
+        "@types/node": "^20.19.33",
+        "typescript": "^5.5.0"
+    },
+    "engines": {
+        "node": ">=20.0.0"
+    }
+}