@aerostack/openclaw-bridge 0.11.1 → 0.12.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +66 -2
- package/dist/index.js +3 -3
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -14,6 +14,7 @@ Instead of configuring 50 separate MCP servers in OpenClaw, point at one Aerosta
|
|
|
14
14
|
- **All tools in one place** — composed from multiple MCP servers
|
|
15
15
|
- **Centralized OAuth** — 27+ providers managed by Aerostack, not your agent
|
|
16
16
|
- **Human approval gates** — sensitive tools require workspace owner approval before executing
|
|
17
|
+
- **Local Guardian** — approval gates for local operations (file delete, shell, git push, deploy)
|
|
17
18
|
- **Per-tool permissions** — workspace tokens scope exactly which tools are accessible
|
|
18
19
|
- **Usage tracking & audit** — every tool call logged and metered
|
|
19
20
|
- **Rate limiting** — per-token, plan-tiered
|
|
@@ -94,13 +95,74 @@ When a workspace owner configures approval requirements on sensitive tools, the
|
|
|
94
95
|
OpenClaw calls dangerous_tool
|
|
95
96
|
→ Bridge forwards to workspace
|
|
96
97
|
→ Workspace returns "needs approval" (-32050)
|
|
97
|
-
→ Bridge
|
|
98
|
-
→ Workspace owner approves/rejects in
|
|
98
|
+
→ Bridge waits via WebSocket (instant) or polls as fallback
|
|
99
|
+
→ Workspace owner approves/rejects in dashboard or mobile
|
|
99
100
|
→ Bridge retries on approval, returns error on rejection
|
|
100
101
|
```
|
|
101
102
|
|
|
102
103
|
Your OpenClaw agent sees either a successful result or a clear error — no special handling needed.
|
|
103
104
|
|
|
105
|
+
## Local Guardian
|
|
106
|
+
|
|
107
|
+
Approval gates for **local operations** — file deletion, destructive shell commands, git push, deploys, and more. The agent asks for approval before acting on your machine.
|
|
108
|
+
|
|
109
|
+
### How it works
|
|
110
|
+
|
|
111
|
+
The bridge injects an `aerostack__local_guardian` tool alongside your workspace tools. When the LLM is about to perform a risky local operation, it calls this tool first. The bridge sends an approval request to your workspace — you get a push notification and can approve or reject from the dashboard or your phone.
|
|
112
|
+
|
|
113
|
+
```
|
|
114
|
+
Agent wants to: rm -rf ./old-config/
|
|
115
|
+
→ Agent calls aerostack__local_guardian (action: "delete old-config directory")
|
|
116
|
+
→ Bridge sends approval request to workspace
|
|
117
|
+
→ You get push notification: "[LOCAL] delete old-config directory"
|
|
118
|
+
→ You tap Approve or Reject
|
|
119
|
+
→ Agent proceeds or stops
|
|
120
|
+
```
|
|
121
|
+
|
|
122
|
+
### Default rules
|
|
123
|
+
|
|
124
|
+
The guardian covers these categories out of the box:
|
|
125
|
+
|
|
126
|
+
| Category | What it covers |
|
|
127
|
+
|----------|---------------|
|
|
128
|
+
| `file_delete` | Deleting, removing, or overwriting files |
|
|
129
|
+
| `shell_destructive` | `rm -rf`, `DROP TABLE`, `TRUNCATE`, etc. |
|
|
130
|
+
| `git_push` | `git push`, force push, `git reset --hard` |
|
|
131
|
+
| `config_modify` | `.env`, credentials, secrets, production configs |
|
|
132
|
+
| `deploy` | Deploy, publish, release to any environment |
|
|
133
|
+
| `database` | Direct database mutations outside of migrations |
|
|
134
|
+
|
|
135
|
+
### Custom rules (from your dashboard)
|
|
136
|
+
|
|
137
|
+
Configure custom rules in your workspace settings via the Aerostack Admin Dashboard or API:
|
|
138
|
+
|
|
139
|
+
```bash
|
|
140
|
+
# Example: add a custom "email" rule via API
|
|
141
|
+
curl -X PATCH "https://api.aerostack.dev/api/community/workspaces/{id}" \
|
|
142
|
+
-H "Authorization: Bearer YOUR_JWT" \
|
|
143
|
+
-d '{
|
|
144
|
+
"settings": {
|
|
145
|
+
"local_guardian_rules": [
|
|
146
|
+
{ "category": "email", "description": "Sending any email", "examples": ["send email", "compose", "reply"] },
|
|
147
|
+
{ "category": "payments", "description": "Any payment or billing operation", "examples": ["charge", "refund", "invoice"] },
|
|
148
|
+
{ "category": "file_delete", "description": "Deleting files", "examples": ["rm", "unlink"] }
|
|
149
|
+
]
|
|
150
|
+
}
|
|
151
|
+
}'
|
|
152
|
+
```
|
|
153
|
+
|
|
154
|
+
When workspace rules are configured, they **replace** the defaults. The bridge fetches rules automatically during initialization — no env vars needed.
|
|
155
|
+
|
|
156
|
+
### Disable Local Guardian
|
|
157
|
+
|
|
158
|
+
**From the dashboard:** Set `local_guardian_enabled: false` in workspace settings.
|
|
159
|
+
|
|
160
|
+
**From the agent side:** Set `AEROSTACK_LOCAL_GUARDIAN=false` in env to force-disable regardless of workspace config.
|
|
161
|
+
|
|
162
|
+
### Requires workspace approval rules
|
|
163
|
+
|
|
164
|
+
Local Guardian uses your workspace's approval system. You need at least one approval rule configured in your workspace settings. If no rules are configured, the guardian allows all actions with a warning.
|
|
165
|
+
|
|
104
166
|
## Configuration
|
|
105
167
|
|
|
106
168
|
All configuration is via environment variables:
|
|
@@ -112,6 +174,8 @@ All configuration is via environment variables:
|
|
|
112
174
|
| `AEROSTACK_APPROVAL_POLL_MS` | No | `3000` | Approval polling interval (ms) |
|
|
113
175
|
| `AEROSTACK_APPROVAL_TIMEOUT_MS` | No | `300000` | Max approval wait time (5 min) |
|
|
114
176
|
| `AEROSTACK_REQUEST_TIMEOUT_MS` | No | `30000` | HTTP request timeout (30s) |
|
|
177
|
+
| `AEROSTACK_LOCAL_GUARDIAN` | No | `true` | Force-disable Local Guardian (`false` to disable) |
|
|
178
|
+
| `AEROSTACK_LOG_LEVEL` | No | `info` | Log level (debug, info, warn, error) |
|
|
115
179
|
|
|
116
180
|
## Supported MCP Methods
|
|
117
181
|
|
package/dist/index.js
CHANGED
|
@@ -75,7 +75,7 @@ async function rpcCall(method, params) {
|
|
|
75
75
|
headers: {
|
|
76
76
|
'Content-Type': 'application/json',
|
|
77
77
|
'Authorization': `Bearer ${TOKEN}`,
|
|
78
|
-
'User-Agent': 'aerostack-openclaw-bridge/0.
|
|
78
|
+
'User-Agent': 'aerostack-openclaw-bridge/0.12.0',
|
|
79
79
|
'X-Agent-Id': 'openclaw',
|
|
80
80
|
},
|
|
81
81
|
body: JSON.stringify(body),
|
|
@@ -193,7 +193,7 @@ async function ensureInitialized() {
|
|
|
193
193
|
const res = await rpcCall('initialize', {
|
|
194
194
|
protocolVersion: '2024-11-05',
|
|
195
195
|
capabilities: {},
|
|
196
|
-
clientInfo: { name: 'aerostack-openclaw-bridge', version: '0.
|
|
196
|
+
clientInfo: { name: 'aerostack-openclaw-bridge', version: '0.12.0' },
|
|
197
197
|
});
|
|
198
198
|
if (res.result) {
|
|
199
199
|
const r = res.result;
|
|
@@ -203,7 +203,7 @@ async function ensureInitialized() {
|
|
|
203
203
|
};
|
|
204
204
|
}
|
|
205
205
|
}
|
|
206
|
-
const server = new Server({ name: 'aerostack-openclaw-bridge', version: '0.
|
|
206
|
+
const server = new Server({ name: 'aerostack-openclaw-bridge', version: '0.12.0' }, { capabilities: { tools: {}, resources: {}, prompts: {} } });
|
|
207
207
|
// ── tools/list ─────────────────────────────────────────────────────
|
|
208
208
|
server.setRequestHandler(ListToolsRequestSchema, async () => {
|
|
209
209
|
await ensureInitialized();
|