@1claw/openclaw-plugin 0.1.0

package/src/hooks/secret-redaction.ts

@@ -0,0 +1,90 @@
+import type { OneClawClient } from "../client.js";
+import type { PluginApi } from "../types.js";
+
+const CACHE_TTL_MS = 5 * 60 * 1000; // 5 minutes
+
+interface SecretCache {
+    values: Map<string, string>;
+    refreshedAt: number;
+}
+
+let cache: SecretCache | null = null;
+
+async function refreshCache(client: OneClawClient): Promise<Map<string, string>> {
+    if (cache && Date.now() - cache.refreshedAt < CACHE_TTL_MS) {
+        return cache.values;
+    }
+
+    const values = new Map<string, string>();
+    try {
+        const listing = await client.listSecrets();
+        for (const secret of listing.secrets) {
+            try {
+                const full = await client.getSecret(secret.path);
+                if (full.value && full.value.length >= 8) {
+                    values.set(secret.path, full.value);
+                }
+            } catch {
+                // Skip secrets we can't read (no policy, expired, etc.)
+            }
+        }
+    } catch {
+        // Can't list secrets — return empty cache
+    }
+
+    cache = { values, refreshedAt: Date.now() };
+    return values;
+}
+
+function redactSecrets(text: string, secrets: Map<string, string>): { redacted: string; count: number } {
+    let redacted = text;
+    let count = 0;
+
+    for (const [path, value] of secrets) {
+        if (redacted.includes(value)) {
+            redacted = redacted.replaceAll(value, `[REDACTED:${path}]`);
+            count++;
+        }
+    }
+
+    return { redacted, count };
+}
+
+interface PromptBuildEvent {
+    messages?: Array<{ role: string; content: string }>;
+}
+
+export function registerSecretRedaction(api: PluginApi, client: OneClawClient): void {
+    api.on(
+        "before_prompt_build",
+        async (event: unknown, _ctx: unknown) => {
+            const ev = event as PromptBuildEvent;
+            if (!ev.messages || ev.messages.length === 0) return {};
+
+            const secrets = await refreshCache(client);
+            if (secrets.size === 0) return {};
+
+            let totalRedacted = 0;
+
+            for (const msg of ev.messages) {
+                if (!msg.content) continue;
+                const { redacted, count } = redactSecrets(msg.content, secrets);
+                if (count > 0) {
+                    msg.content = redacted;
+                    totalRedacted += count;
+                }
+            }
+
+            if (totalRedacted > 0) {
+                api.logger.warn(
+                    `[1claw/redaction] Redacted ${totalRedacted} leaked secret value(s) from conversation`,
+                );
+            }
+
+            return {};
+        },
+        { priority: 100 },
+    );
+
+    api.logger.info("[1claw] Secret redaction hook registered");
+}

package/src/hooks/shroud-routing.ts

@@ -0,0 +1,45 @@
+import type { OneClawClient } from "../client.js";
+import type { PluginApi, AgentProfile } from "../types.js";
+
+let cachedProfile: AgentProfile | null = null;
+let profileFetchedAt = 0;
+const PROFILE_CACHE_TTL_MS = 10 * 60 * 1000; // 10 minutes
+
+async function getAgentProfile(client: OneClawClient): Promise<AgentProfile | null> {
+    if (cachedProfile && Date.now() - profileFetchedAt < PROFILE_CACHE_TTL_MS) {
+        return cachedProfile;
+    }
+
+    try {
+        cachedProfile = await client.getAgentProfile();
+        profileFetchedAt = Date.now();
+        return cachedProfile;
+    } catch {
+        return null;
+    }
+}
+
+export function registerShroudRouting(
+    api: PluginApi,
+    client: OneClawClient,
+    shroudUrl: string,
+): void {
+    api.on(
+        "before_model_resolve",
+        async (_event: unknown, _ctx: unknown) => {
+            const profile = await getAgentProfile(client);
+            if (!profile?.shroud_enabled) return {};
+
+            api.logger.info(
+                `[1claw/shroud] Routing LLM traffic through Shroud at ${shroudUrl}`,
+            );
+
+            return {
+                providerOverride: shroudUrl,
+            };
+        },
+        { priority: 50 },
+    );
+
+    api.logger.info("[1claw] Shroud routing hook registered");
+}

package/src/index.ts

@@ -0,0 +1,83 @@
+import { OneClawClient } from "./client.js";
+import { resolveConfig } from "./config.js";
+import { registerAllTools } from "./tools/index.js";
+import { registerAllHooks } from "./hooks/index.js";
+import { registerAllServices } from "./services/index.js";
+import { registerAllCommands } from "./commands/index.js";
+import type { PluginApi } from "./types.js";
+
+interface FullConfig {
+    plugins?: {
+        entries?: Record<string, { enabled?: boolean; config?: Record<string, unknown> }>;
+    };
+}
+
+function extractPluginConfig(api: PluginApi): Record<string, unknown> | undefined {
+    const full = api.config as FullConfig;
+    return full?.plugins?.entries?.["1claw"]?.config;
+}
+
+function register(api: PluginApi): void {
+    const rawConfig = extractPluginConfig(api);
+    const config = resolveConfig(rawConfig as Parameters<typeof resolveConfig>[0]);
+
+    if (!config.apiKey) {
+        api.logger.warn(
+            "[1claw] No API key configured. Set plugins.entries.1claw.config.apiKey or ONECLAW_AGENT_API_KEY env var.",
+        );
+        return;
+    }
+
+    const client = new OneClawClient({
+        baseUrl: config.baseUrl,
+        apiKey: config.apiKey,
+        agentId: config.agentId,
+        vaultId: config.vaultId,
+    });
+
+    api.logger.info(
+        `[1claw] Initializing plugin (base: ${config.baseUrl}, agent: ${config.agentId ?? "auto-resolve"})`,
+    );
+
+    if (config.features.tools) {
+        registerAllTools(api, client, config);
+    }
+
+    registerAllHooks(api, client, config);
+    registerAllServices(api, client, config);
+
+    if (config.features.slashCommands) {
+        registerAllCommands(api, client, config);
+    }
+
+    api.registerGatewayMethod("1claw.status", async ({ respond }: { respond: (ok: boolean, data: unknown) => void }) => {
+        try {
+            const vaults = await client.listVaults();
+            respond(true, {
+                authenticated: client.isAuthenticated,
+                agentId: client.agentId ?? null,
+                vaultId: client.vaultId || null,
+                tokenTtlMs: client.tokenTtlMs,
+                vaultCount: vaults.vaults.length,
+                features: config.features,
+                securityMode: config.securityMode,
+            });
+        } catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            respond(false, { error: msg });
+        }
+    });
+
+    api.logger.info("[1claw] Plugin initialized successfully");
+}
+
+export default {
+    id: "1claw",
+    name: "1Claw Secrets Manager",
+    register,
+};
+
+export { OneClawClient } from "./client.js";
+export { resolveConfig } from "./config.js";
+export type { ResolvedConfig, ResolvedFeatures } from "./config.js";
+export type { PluginApi, PluginTool, ToolResult, CommandContext } from "./types.js";

package/src/security/index.ts

@@ -0,0 +1,153 @@
+export interface ThreatDetection {
+    type: string;
+    pattern: string;
+    location?: string;
+    severity: "low" | "medium" | "high" | "critical";
+}
+
+export interface InspectionResult {
+    passed: boolean;
+    threats: ThreatDetection[];
+    sanitized?: string;
+}
+
+const COMMAND_INJECTION_PATTERNS = [
+    { name: "shell_chain", pattern: /(?:;|\||&&|\|\|)\s*(?:curl|wget|bash|sh|nc|python|perl|ruby|php|node)\b/i, severity: "critical" as const },
+    { name: "command_substitution", pattern: /\$\([^)]+\)|`[^`]+`/, severity: "critical" as const },
+    { name: "reverse_shell", pattern: /(?:bash\s+-i|nc\s+-[elp]|python\s+-c\s+['"]import\s+(?:socket|os))/i, severity: "critical" as const },
+    { name: "path_traversal", pattern: /(?:\.\.\/){2,}/, severity: "high" as const },
+    { name: "sensitive_paths", pattern: /(?:\/etc\/(?:passwd|shadow|sudoers)|\/proc\/self|~\/.ssh\/|\.env\b)/i, severity: "high" as const },
+];
+
+const ENCODING_PATTERNS = [
+    { name: "base64_long", pattern: /(?:[A-Za-z0-9+/]{4}){8,}(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?/, severity: "medium" as const },
+    { name: "hex_escape", pattern: /(?:\\\\x[0-9a-fA-F]{2}){3,}/, severity: "medium" as const },
+    { name: "unicode_escape", pattern: /(?:\\\\u[0-9a-fA-F]{4}){2,}/, severity: "medium" as const },
+];
+
+const SOCIAL_ENGINEERING_PATTERNS = [
+    { name: "urgency", pattern: /\b(?:urgent(?:ly)?|immediately|right\s+now|asap|emergency)\b/i, severity: "medium" as const },
+    { name: "authority", pattern: /\b(?:i\s+am\s+(?:an?\s+)?(?:admin|administrator|manager|root|superuser))/i, severity: "high" as const },
+    { name: "secrecy", pattern: /\b(?:don't\s+tell\s+(?:anyone|anybody)|keep\s+(?:this\s+)?secret)\b/i, severity: "high" as const },
+    { name: "bypass", pattern: /\b(?:skip\s+(?:the\s+)?(?:verification|authentication|security)|bypass\s+(?:the\s+)?(?:check|security))\b/i, severity: "critical" as const },
+    { name: "credential_request", pattern: /\b(?:(?:what\s+is|tell\s+me|give\s+me)\s+(?:your|the)\s+(?:password|api\s+key|secret|credentials?|token))\b/i, severity: "critical" as const },
+];
+
+const NETWORK_PATTERNS = [
+    { name: "ngrok", pattern: /(?:ngrok\.io|ngrok\.app)/i, severity: "high" as const },
+    { name: "pastebin", pattern: /pastebin\.com/i, severity: "high" as const },
+    { name: "ip_url", pattern: /https?:\/\/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/, severity: "medium" as const },
+    { name: "data_exfil", pattern: /(?:curl|wget|nc)\s+(?:-[a-zA-Z]*\s+)*https?:\/\//i, severity: "critical" as const },
+];
+
+const ZERO_WIDTH_CHARS = /[\u200B\u200C\u200D\u200E\u200F\u202A-\u202E\u2060-\u2064\u2066-\u2069\uFEFF]/g;
+
+const CONFUSABLES: Record<string, string> = {
+    "а": "a", "А": "A", "с": "c", "С": "C", "е": "e", "Е": "E",
+    "о": "o", "О": "O", "р": "p", "Р": "P", "х": "x", "Х": "X",
+    "у": "y", "У": "Y", "і": "i", "І": "I", "Α": "A", "Β": "B",
+    "Ε": "E", "Η": "H", "Ι": "I", "Κ": "K", "Μ": "M", "Ν": "N",
+    "Ο": "O", "Ρ": "P", "Τ": "T", "Υ": "Y", "Χ": "X", "Ζ": "Z",
+};
+
+const CONFUSABLE_REGEX = new RegExp(
+    `[${Object.keys(CONFUSABLES).join("")}]`,
+    "g",
+);
+
+export function normalizeUnicode(text: string): {
+    normalized: string;
+    modified: boolean;
+} {
+    let modified = false;
+
+    let normalized = text.replace(ZERO_WIDTH_CHARS, () => {
+        modified = true;
+        return "";
+    });
+
+    normalized = normalized.replace(CONFUSABLE_REGEX, (char) => {
+        modified = true;
+        return CONFUSABLES[char] || char;
+    });
+
+    return { normalized, modified };
+}
+
+function detectThreats(text: string): ThreatDetection[] {
+    const threats: ThreatDetection[] = [];
+
+    for (const { name, pattern, severity } of COMMAND_INJECTION_PATTERNS) {
+        const match = text.match(pattern);
+        if (match) {
+            threats.push({ type: "command_injection", pattern: name, location: match[0], severity });
+        }
+    }
+
+    for (const { name, pattern, severity } of ENCODING_PATTERNS) {
+        const match = text.match(pattern);
+        if (match) {
+            threats.push({ type: "encoding_obfuscation", pattern: name, location: match[0].slice(0, 50), severity });
+        }
+    }
+
+    for (const { name, pattern, severity } of SOCIAL_ENGINEERING_PATTERNS) {
+        const match = text.match(pattern);
+        if (match) {
+            threats.push({ type: "social_engineering", pattern: name, location: match[0], severity });
+        }
+    }
+
+    for (const { name, pattern, severity } of NETWORK_PATTERNS) {
+        const match = text.match(pattern);
+        if (match) {
+            threats.push({ type: "network_threat", pattern: name, location: match[0], severity });
+        }
+    }
+
+    return threats;
+}
+
+export function inspectInput(
+    _toolName: string,
+    args: unknown,
+    mode: "block" | "surgical" | "log_only",
+): InspectionResult {
+    const text = JSON.stringify(args);
+    const { normalized, modified } = normalizeUnicode(text);
+    const threats = detectThreats(normalized);
+
+    if (modified) {
+        threats.push({
+            type: "unicode_obfuscation",
+            pattern: "confusables_or_zero_width",
+            severity: "medium",
+        });
+    }
+
+    const hasCritical = threats.some((t) => t.severity === "critical");
+    const hasHigh = threats.some((t) => t.severity === "high");
+
+    if (mode === "block" && (hasCritical || hasHigh)) {
+        return { passed: false, threats };
+    }
+
+    if (mode === "surgical" && modified) {
+        try {
+            const sanitizedArgs = JSON.parse(normalized);
+            return { passed: true, threats, sanitized: JSON.stringify(sanitizedArgs) };
+        } catch {
+            return { passed: true, threats };
+        }
+    }
+
+    return { passed: true, threats };
+}
+
+export function inspectOutput(
+    _toolName: string,
+    result: string,
+): InspectionResult {
+    const threats = detectThreats(result);
+    return { passed: true, threats };
+}

package/src/services/index.ts

@@ -0,0 +1,17 @@
+import type { OneClawClient } from "../client.js";
+import type { PluginApi } from "../types.js";
+import type { ResolvedConfig } from "../config.js";
+import { createTokenRefreshService } from "./token-refresh.js";
+import { createKeyRotationService } from "./key-rotation.js";
+
+export function registerAllServices(
+    api: PluginApi,
+    client: OneClawClient,
+    config: ResolvedConfig,
+): void {
+    api.registerService(createTokenRefreshService(api, client));
+
+    if (config.features.keyRotationMonitor) {
+        api.registerService(createKeyRotationService(api, client));
+    }
+}

package/src/services/key-rotation.ts

@@ -0,0 +1,52 @@
+import type { OneClawClient } from "../client.js";
+import type { PluginApi } from "../types.js";
+
+const POLL_INTERVAL_MS = 60 * 60 * 1000; // 1 hour
+const WARNING_THRESHOLD_MS = 7 * 24 * 60 * 60 * 1000; // 7 days
+
+export function createKeyRotationService(api: PluginApi, client: OneClawClient) {
+    let interval: ReturnType<typeof setInterval> | null = null;
+
+    async function checkExpiring(): Promise<void> {
+        try {
+            const data = await client.listSecrets();
+            const now = Date.now();
+            const expiring: string[] = [];
+
+            for (const secret of data.secrets) {
+                if (!secret.expires_at) continue;
+                const expiresAt = new Date(secret.expires_at).getTime();
+                if (expiresAt - now < WARNING_THRESHOLD_MS && expiresAt > now) {
+                    const daysLeft = Math.ceil((expiresAt - now) / (24 * 60 * 60 * 1000));
+                    expiring.push(`${secret.path} (expires in ${daysLeft}d)`);
+                }
+            }
+
+            if (expiring.length > 0) {
+                api.logger.warn(
+                    `[1claw/rotation] ${expiring.length} secret(s) expiring within 7 days:\n  ${expiring.join("\n  ")}`,
+                );
+            }
+        } catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            api.logger.error(`[1claw/rotation] Check failed: ${msg}`);
+        }
+    }
+
+    return {
+        id: "1claw-key-rotation-monitor",
+        start: async () => {
+            await checkExpiring();
+
+            interval = setInterval(checkExpiring, POLL_INTERVAL_MS);
+            api.logger.info("[1claw] Key rotation monitor started");
+        },
+        stop: () => {
+            if (interval) {
+                clearInterval(interval);
+                interval = null;
+            }
+            api.logger.info("[1claw] Key rotation monitor stopped");
+        },
+    };
+}

package/src/services/token-refresh.ts

@@ -0,0 +1,33 @@
+import type { OneClawClient } from "../client.js";
+import type { PluginApi } from "../types.js";
+
+const REFRESH_INTERVAL_MS = 30 * 60 * 1000; // 30 minutes
+
+export function createTokenRefreshService(api: PluginApi, client: OneClawClient) {
+    let interval: ReturnType<typeof setInterval> | null = null;
+
+    return {
+        id: "1claw-token-refresh",
+        start: () => {
+            interval = setInterval(async () => {
+                try {
+                    await client.ensureToken();
+                    const ttlMin = Math.round(client.tokenTtlMs / 60_000);
+                    api.logger.info(`[1claw/token] Token refreshed, TTL: ${ttlMin}min`);
+                } catch (err) {
+                    const msg = err instanceof Error ? err.message : String(err);
+                    api.logger.error(`[1claw/token] Refresh failed: ${msg}`);
+                }
+            }, REFRESH_INTERVAL_MS);
+
+            api.logger.info("[1claw] Token refresh service started");
+        },
+        stop: () => {
+            if (interval) {
+                clearInterval(interval);
+                interval = null;
+            }
+            api.logger.info("[1claw] Token refresh service stopped");
+        },
+    };
+}

package/src/tools/create-vault.ts

@@ -0,0 +1,28 @@
+import { Type } from "@sinclair/typebox";
+import type { OneClawClient } from "../client.js";
+import type { PluginTool, ToolResult } from "../types.js";
+
+export function createVaultTool(client: OneClawClient): PluginTool {
+    return {
+        name: "oneclaw_create_vault",
+        description:
+            "Create a new vault for organising secrets. The vault is owned by this agent and automatically shared with the human who registered you.",
+        parameters: Type.Object({
+            name: Type.String({ minLength: 1, maxLength: 255, description: "Vault name" }),
+            description: Type.Optional(Type.String({ description: "Short description" })),
+        }),
+        optional: true,
+        execute: async (_id: unknown, params: Record<string, unknown>): Promise<ToolResult> => {
+            const vault = await client.createVault(
+                params.name as string,
+                params.description as string | undefined,
+            );
+            return {
+                content: [{
+                    type: "text",
+                    text: `Vault created successfully.\n  ID: ${vault.id}\n  Name: ${vault.name}\n  Owner: ${vault.created_by_type}:${vault.created_by}\n\nThe vault has been automatically shared with your creator.`,
+                }],
+            };
+        },
+    };
+}

package/src/tools/delete-secret.ts

@@ -0,0 +1,28 @@
+import { Type } from "@sinclair/typebox";
+import type { OneClawClient } from "../client.js";
+import { OneClawApiError } from "../client.js";
+import type { PluginTool, ToolResult } from "../types.js";
+
+export function deleteSecretTool(client: OneClawClient): PluginTool {
+    return {
+        name: "oneclaw_delete_secret",
+        description:
+            "Soft-delete a secret at the given path. All versions are marked deleted. This is reversible by an admin.",
+        parameters: Type.Object({
+            path: Type.String({ minLength: 1, description: "Secret path to delete" }),
+        }),
+        optional: true,
+        execute: async (_id: unknown, params: Record<string, unknown>): Promise<ToolResult> => {
+            const path = params.path as string;
+            try {
+                await client.deleteSecret(path);
+                return { content: [{ type: "text", text: `Secret at '${path}' has been soft-deleted.` }] };
+            } catch (err) {
+                if (err instanceof OneClawApiError && err.status === 404) {
+                    return { content: [{ type: "text", text: `Error: No secret found at path '${path}'.` }] };
+                }
+                throw err;
+            }
+        },
+    };
+}

package/src/tools/describe-secret.ts

@@ -0,0 +1,64 @@
+import { Type } from "@sinclair/typebox";
+import type { OneClawClient } from "../client.js";
+import { OneClawApiError } from "../client.js";
+import type { PluginTool, ToolResult } from "../types.js";
+
+export function describeSecretTool(client: OneClawClient): PluginTool {
+    return {
+        name: "oneclaw_describe_secret",
+        description:
+            "Get metadata for a secret (type, version, expiry) without fetching its value. Use this to check if a secret exists or is still valid before fetching it.",
+        parameters: Type.Object({
+            path: Type.String({ minLength: 1, description: "Secret path to describe" }),
+        }),
+        optional: true,
+        execute: async (_id: unknown, params: Record<string, unknown>): Promise<ToolResult> => {
+            const path = params.path as string;
+            const data = await client.listSecrets();
+            const match = data.secrets.find((s) => s.path === path);
+
+            if (!match) {
+                try {
+                    const secret = await client.getSecret(path);
+                    return {
+                        content: [{
+                            type: "text",
+                            text: JSON.stringify({
+                                path: secret.path,
+                                type: secret.type,
+                                version: secret.version,
+                                metadata: secret.metadata,
+                                created_at: secret.created_at,
+                                expires_at: secret.expires_at,
+                            }, null, 2),
+                        }],
+                    };
+                } catch (err) {
+                    if (err instanceof OneClawApiError) {
+                        if (err.status === 404) {
+                            return { content: [{ type: "text", text: `Error: No secret found at path '${path}'.` }] };
+                        }
+                        if (err.status === 410) {
+                            return { content: [{ type: "text", text: `Error: Secret at path '${path}' is expired or has exceeded its maximum access count.` }] };
+                        }
+                    }
+                    throw err;
+                }
+            }
+
+            return {
+                content: [{
+                    type: "text",
+                    text: JSON.stringify({
+                        path: match.path,
+                        type: match.type,
+                        version: match.version,
+                        metadata: match.metadata,
+                        created_at: match.created_at,
+                        expires_at: match.expires_at,
+                    }, null, 2),
+                }],
+            };
+        },
+    };
+}

package/src/tools/get-env-bundle.ts

@@ -0,0 +1,49 @@
+import { Type } from "@sinclair/typebox";
+import type { OneClawClient } from "../client.js";
+import { OneClawApiError } from "../client.js";
+import type { PluginTool, ToolResult } from "../types.js";
+
+export function getEnvBundleTool(client: OneClawClient): PluginTool {
+    return {
+        name: "oneclaw_get_env_bundle",
+        description:
+            "Fetch a secret of type env_bundle, parse its KEY=VALUE lines, and return a structured JSON object. Useful for injecting environment variables into subprocesses.",
+        parameters: Type.Object({
+            path: Type.String({ minLength: 1, description: "Path to an env_bundle secret" }),
+        }),
+        optional: true,
+        execute: async (_id: unknown, params: Record<string, unknown>): Promise<ToolResult> => {
+            const path = params.path as string;
+            try {
+                const secret = await client.getSecret(path);
+
+                if (secret.type !== "env_bundle") {
+                    return {
+                        content: [{ type: "text", text: `Error: Secret at '${path}' is type '${secret.type}', not 'env_bundle'.` }],
+                    };
+                }
+
+                const env: Record<string, string> = {};
+                for (const line of secret.value.split("\n")) {
+                    const trimmed = line.trim();
+                    if (!trimmed || trimmed.startsWith("#")) continue;
+                    const eqIdx = trimmed.indexOf("=");
+                    if (eqIdx === -1) continue;
+                    env[trimmed.slice(0, eqIdx)] = trimmed.slice(eqIdx + 1);
+                }
+
+                return { content: [{ type: "text", text: JSON.stringify(env, null, 2) }] };
+            } catch (err) {
+                if (err instanceof OneClawApiError) {
+                    if (err.status === 410) {
+                        return { content: [{ type: "text", text: `Error: Secret at path '${path}' is expired or has exceeded its maximum access count.` }] };
+                    }
+                    if (err.status === 404) {
+                        return { content: [{ type: "text", text: `Error: No secret found at path '${path}'.` }] };
+                    }
+                }
+                throw err;
+            }
+        },
+    };
+}