@agenshield/sandbox 0.6.2 → 0.7.0

package/index.js

@@ -50,9 +50,13 @@ export HISTFILE="$HOME/.zsh_history"
 # Suppress locale to prevent /etc/zshrc from calling locale command
 export LC_ALL=C LANG=C
 
-export PATH="$HOME/bin"
+export PATH="$HOME/bin:$HOME/homebrew/bin"
 export SHELL="/usr/local/bin/guarded-shell"
 
+# NVM initialization
+export NVM_DIR="$HOME/.nvm"
+[ -s "$NVM_DIR/nvm.sh" ] && \\. "$NVM_DIR/nvm.sh"
+
 # Clear any leftover env tricks
 unset DYLD_LIBRARY_PATH DYLD_FALLBACK_LIBRARY_PATH DYLD_INSERT_LIBRARIES
 unset PYTHONPATH NODE_PATH RUBYLIB PERL5LIB
@@ -71,8 +75,12 @@ emulate -LR zsh
 # Re-set HISTFILE (safety: ensure it points to agent's home, not ZDOTDIR)
 HISTFILE="$HOME/.zsh_history"
 
-# Re-set PATH (only ~/bin \u2014 override anything that may have been added)
-PATH="$HOME/bin"
+# Re-set PATH (~/bin + ~/homebrew/bin \u2014 override anything that may have been added)
+PATH="$HOME/bin:$HOME/homebrew/bin"
+
+# NVM re-source for interactive shell
+export NVM_DIR="$HOME/.nvm"
+[ -s "$NVM_DIR/nvm.sh" ] && \\. "$NVM_DIR/nvm.sh"
 
 # ---- Shell options ----
 # Note: NOT using setopt RESTRICTED as it disables cd entirely.
@@ -81,7 +89,7 @@ setopt NO_CASE_GLOB
 setopt NO_BEEP
 
 # ---- Lock critical variables (readonly) ----
-typeset -r PATH HOME SHELL HISTFILE
+typeset -r PATH HOME SHELL HISTFILE NVM_DIR
 
 # ---- Enforcement helpers ----
 deny() {
@@ -109,8 +117,10 @@ is_allowed_cmd() {
   local resolved
   resolved="$(whence -p -- "$cmd" 2>/dev/null)" || return 1
 
-  # Must live under HOME/bin exactly
+  # Must live under HOME/bin, HOME/homebrew/bin, or HOME/.nvm
   [[ "$resolved" == "$HOME/bin/"* ]] && return 0
+  [[ "$resolved" == "$HOME/homebrew/bin/"* ]] && return 0
+  [[ "$resolved" == "$HOME/.nvm/"* ]] && return 0
   return 1
 }
 
@@ -161,7 +171,7 @@ __export(shield_exec_exports, {
   SHIELD_EXEC_CONTENT: () => SHIELD_EXEC_CONTENT,
   SHIELD_EXEC_PATH: () => SHIELD_EXEC_PATH
 });
-import * as path4 from "node:path";
+import * as path5 from "node:path";
 import * as net from "node:net";
 function sendRequest(socketPath, request) {
   return new Promise((resolve6, reject) => {
@@ -208,7 +218,7 @@ function generateId() {
 }
 async function main() {
   const socketPath = process.env["AGENSHIELD_SOCKET"] || DEFAULT_SOCKET_PATH;
-  const invoked = path4.basename(process.argv[1] || "shield-exec");
+  const invoked = path5.basename(process.argv[1] || "shield-exec");
   const args = process.argv.slice(2);
   const commandName = invoked === "shield-exec" ? args.shift() || "" : invoked;
   if (!commandName) {
@@ -222,7 +232,8 @@ async function main() {
     params: {
       command: commandName,
       args,
-      cwd: process.cwd()
+      cwd: process.cwd(),
+      env: process.env
     }
   };
   try {
@@ -232,18 +243,7 @@ async function main() {
 `);
       process.exit(1);
     }
-    const result = response.result;
-    if (!result) {
-      process.stderr.write("Error: Empty response from broker\n");
-      process.exit(1);
-    }
-    if (!result.success) {
-      const errMsg = result.error?.message || "Unknown error";
-      process.stderr.write(`Error: ${errMsg}
-`);
-      process.exit(1);
-    }
-    const data = result.data;
+    const data = response.result;
     if (!data) {
       process.exit(0);
     }
@@ -267,6 +267,7 @@ var init_shield_exec = __esm({
     SHIELD_EXEC_PATH = "/opt/agenshield/bin/shield-exec";
     DEFAULT_SOCKET_PATH = "/var/run/agenshield/agenshield.sock";
     PROXIED_COMMANDS = [
+      "bash",
       "curl",
       "wget",
       "git",
@@ -346,7 +347,7 @@ async function main() {
     jsonrpc: '2.0',
     id: 'shield-exec-' + Date.now() + '-' + Math.random().toString(36).slice(2, 8),
     method: 'exec',
-    params: { command: commandName, args: args, cwd: process.cwd() },
+    params: { command: commandName, args: args, cwd: process.cwd(), env: process.env },
   };
 
   try {
@@ -355,13 +356,7 @@ async function main() {
       process.stderr.write('Error: ' + response.error.message + '\\n');
       process.exit(1);
     }
-    const result = response.result;
-    if (!result) { process.stderr.write('Error: Empty response\\n'); process.exit(1); }
-    if (!result.success) {
-      process.stderr.write('Error: ' + (result.error?.message || 'Unknown error') + '\\n');
-      process.exit(1);
-    }
-    const data = result.data;
+    const data = response.result;
     if (!data) process.exit(0);
     if (data.stdout) process.stdout.write(data.stdout);
     if (data.stderr) process.stderr.write(data.stderr);
@@ -389,8 +384,8 @@ __export(seatbelt_exports, {
   installSeatbeltProfiles: () => installSeatbeltProfiles,
   verifyProfile: () => verifyProfile
 });
-import * as fs8 from "node:fs/promises";
-import * as path5 from "node:path";
+import * as fs9 from "node:fs/promises";
+import * as path6 from "node:path";
 import { exec as exec3 } from "node:child_process";
 import { promisify as promisify3 } from "node:util";
 function generateAgentProfile(options) {
@@ -612,14 +607,14 @@ ${binaryPath ? `(allow process-exec (literal "${binaryPath}"))` : ""}
 async function installProfiles(options) {
   const results = [];
   try {
-    await fs8.mkdir(SEATBELT_DIR, { recursive: true });
-    await fs8.mkdir(path5.join(SEATBELT_DIR, "ops"), { recursive: true });
+    await fs9.mkdir(SEATBELT_DIR, { recursive: true });
+    await fs9.mkdir(path6.join(SEATBELT_DIR, "ops"), { recursive: true });
   } catch {
   }
   const agentProfile = generateAgentProfile(options);
-  const agentPath = path5.join(SEATBELT_DIR, "agent.sb");
+  const agentPath = path6.join(SEATBELT_DIR, "agent.sb");
   try {
-    await fs8.writeFile(agentPath, agentProfile, { mode: 420 });
+    await fs9.writeFile(agentPath, agentProfile, { mode: 420 });
     results.push({
       success: true,
       path: agentPath,
@@ -636,9 +631,9 @@ async function installProfiles(options) {
   const operations = ["file_read", "file_write", "http_request", "exec"];
   for (const op of operations) {
     const profile = generateOperationProfile(op);
-    const profilePath = path5.join(SEATBELT_DIR, "ops", `${op}.sb`);
+    const profilePath = path6.join(SEATBELT_DIR, "ops", `${op}.sb`);
     try {
-      await fs8.writeFile(profilePath, profile, { mode: 420 });
+      await fs9.writeFile(profilePath, profile, { mode: 420 });
       results.push({
         success: true,
         path: profilePath,
@@ -657,7 +652,7 @@ async function installProfiles(options) {
 }
 async function verifyProfile(profilePath) {
   try {
-    const content = await fs8.readFile(profilePath, "utf-8");
+    const content = await fs9.readFile(profilePath, "utf-8");
     if (!content.includes("(version 1)")) {
       return false;
     }
@@ -716,17 +711,17 @@ function generateAgentProfileFromConfig(config) {
 async function getInstalledProfiles() {
   const profiles = [];
   try {
-    const mainFiles = await fs8.readdir(SEATBELT_DIR);
+    const mainFiles = await fs9.readdir(SEATBELT_DIR);
     for (const file of mainFiles) {
       if (file.endsWith(".sb")) {
-        profiles.push(path5.join(SEATBELT_DIR, file));
+        profiles.push(path6.join(SEATBELT_DIR, file));
       }
     }
-    const opsDir = path5.join(SEATBELT_DIR, "ops");
-    const opsFiles = await fs8.readdir(opsDir);
+    const opsDir = path6.join(SEATBELT_DIR, "ops");
+    const opsFiles = await fs9.readdir(opsDir);
     for (const file of opsFiles) {
       if (file.endsWith(".sb")) {
-        profiles.push(path5.join(opsDir, file));
+        profiles.push(path6.join(opsDir, file));
       }
     }
   } catch {
@@ -1296,7 +1291,11 @@ function createDirectoryStructure(config) {
         // setgid + group-writable for broker
         owner: brokerUsername,
         // broker needs write access
-        group: socketGroupName
+        group: socketGroupName,
+        // ACL ensures broker retains write access even if openclaw resets ownership
+        acl: [
+          `${brokerUsername} allow read,write,append,add_subdirectory,add_file,delete_child,list,search,readattr,readextattr,writeattr,writeextattr,readsecurity,file_inherit,directory_inherit`
+        ]
       },
       [`${agentHome}/.openclaw/skills`]: {
         mode: 1533,
@@ -1304,6 +1303,7 @@ function createDirectoryStructure(config) {
         owner: brokerUsername,
         // broker needs write access
         group: socketGroupName
+        // ACL inherited from .openclaw via file_inherit,directory_inherit
       },
       [`${agentHome}/workspace`]: {
         mode: 1533,
@@ -1311,11 +1311,6 @@ function createDirectoryStructure(config) {
         owner: agentUsername,
         group: workspaceGroupName
       },
-      [`${agentHome}/.openclaw-pkg`]: {
-        mode: 493,
-        owner: agentUsername,
-        group: socketGroupName
-      },
       [`${agentHome}/.nvm`]: {
         mode: 493,
         owner: agentUsername,
@@ -1347,6 +1342,12 @@ async function createDirectory(dirPath, options, verboseOptions) {
     await execAsync2(`sudo chown ${options.owner}:${options.group} "${dirPath}"`);
     log(`Running: sudo chmod ${options.mode.toString(8)} "${dirPath}"`);
     await execAsync2(`sudo chmod ${options.mode.toString(8)} "${dirPath}"`);
+    if (options.acl && process.platform === "darwin") {
+      for (const entry of options.acl) {
+        log(`Running: sudo chmod -R +a "${entry}" "${dirPath}"`);
+        await execAsync2(`sudo chmod -R +a '${entry}' "${dirPath}"`);
+      }
+    }
     return {
       success: true,
       path: dirPath,
@@ -1552,6 +1553,9 @@ function sudoCopyDir(src, dest) {
   return sudoExec2(`cp -R "${src}/." "${dest}/"`);
 }
 function createOpenClawWrapper(user, dirs, method) {
+  if (!dirs.packageDir) {
+    return { success: false, error: "packageDir is not configured" };
+  }
   const wrapperPath = path.join(dirs.binDir, "openclaw");
   let entryPath = path.join(dirs.packageDir, "dist", "entry.js");
   try {
@@ -1590,21 +1594,14 @@ exec "\${AGENT_BIN}/node" "${entryPath}" "$@"
   return { success: true };
 }
 function migrateNpmInstall(source, user, dirs) {
+  if (!dirs.packageDir) {
+    return { success: false, error: "packageDir is not configured" };
+  }
   let result = sudoCopyDir(source.packagePath, dirs.packageDir);
   if (!result.success) {
     return { success: false, error: `Failed to copy package: ${result.error}` };
   }
-  if (source.configPath && fs3.existsSync(source.configPath)) {
-    result = sudoCopyDir(source.configPath, dirs.configDir);
-    if (!result.success) {
-      return { success: false, error: `Failed to copy config: ${result.error}` };
-    }
-    sudoExec2(`rm -f "${dirs.configDir}/secrets.json" 2>/dev/null`);
-    sudoExec2(`rm -f "${dirs.configDir}/.env" 2>/dev/null`);
-    sudoExec2(`rm -f "${dirs.configDir}/credentials.json" 2>/dev/null`);
-    sudoExec2(`rm -rf "${dirs.configDir}/skills" 2>/dev/null`);
-    injectSkillWatcherSetting(dirs.configDir);
-  }
+  copyConfigAndSanitize(source, dirs);
   result = sudoExec2(`chown -R ${user.username}:${user.gid} "${dirs.packageDir}"`);
   if (!result.success) {
     return { success: false, error: `Failed to set package ownership: ${result.error}` };
@@ -1629,22 +1626,15 @@ function migrateNpmInstall(source, user, dirs) {
   };
 }
 function migrateGitInstall(source, user, dirs) {
+  if (!dirs.packageDir) {
+    return { success: false, error: "packageDir is not configured" };
+  }
   const repoPath = source.gitRepoPath || source.packagePath;
   let result = sudoCopyDir(repoPath, dirs.packageDir);
   if (!result.success) {
     return { success: false, error: `Failed to copy repo: ${result.error}` };
   }
-  if (source.configPath && fs3.existsSync(source.configPath)) {
-    result = sudoCopyDir(source.configPath, dirs.configDir);
-    if (!result.success) {
-      return { success: false, error: `Failed to copy config: ${result.error}` };
-    }
-    sudoExec2(`rm -f "${dirs.configDir}/secrets.json" 2>/dev/null`);
-    sudoExec2(`rm -f "${dirs.configDir}/.env" 2>/dev/null`);
-    sudoExec2(`rm -f "${dirs.configDir}/credentials.json" 2>/dev/null`);
-    sudoExec2(`rm -rf "${dirs.configDir}/skills" 2>/dev/null`);
-    injectSkillWatcherSetting(dirs.configDir);
-  }
+  copyConfigAndSanitize(source, dirs);
   result = sudoExec2(`chown -R ${user.username}:${user.gid} "${dirs.packageDir}"`);
   if (!result.success) {
     return { success: false, error: `Failed to set package ownership: ${result.error}` };
@@ -1675,19 +1665,38 @@ function migrateOpenClaw(source, user, dirs) {
     return migrateGitInstall(source, user, dirs);
   }
 }
-function injectSkillWatcherSetting(configDir) {
-  const settingsPath = path.join(configDir, "settings.json");
-  let settings = {};
-  try {
-    if (fs3.existsSync(settingsPath)) {
-      settings = JSON.parse(fs3.readFileSync(settingsPath, "utf-8"));
+function sanitizeOpenClawConfig(config) {
+  const sanitized = JSON.parse(JSON.stringify(config));
+  const skills = sanitized["skills"];
+  if (skills?.entries) {
+    for (const entry of Object.values(skills.entries)) {
+      delete entry["env"];
+      delete entry["apiKey"];
     }
+  }
+  return sanitized;
+}
+function copyConfigAndSanitize(source, dirs) {
+  sudoExec2(`mkdir -p "${dirs.configDir}"`);
+  if (!source.configPath) {
+    sudoExec2(`mkdir -p "${path.join(dirs.configDir, "skills")}"`);
+    return;
+  }
+  sudoCopyDir(source.configPath, dirs.configDir);
+  const sourceConfigPath = path.join(source.configPath, "openclaw.json");
+  if (!fs3.existsSync(sourceConfigPath)) return;
+  let config;
+  try {
+    config = JSON.parse(fs3.readFileSync(sourceConfigPath, "utf-8"));
   } catch {
-    settings = {};
+    return;
   }
-  settings.skillWatcher = { enabled: true };
+  const sanitized = sanitizeOpenClawConfig(config);
+  const destConfigPath = path.join(dirs.configDir, "openclaw.json");
+  const tempPath = "/tmp/openclaw-clean-config.json";
   try {
-    fs3.writeFileSync(settingsPath, JSON.stringify(settings, null, 2));
+    fs3.writeFileSync(tempPath, JSON.stringify(sanitized, null, 2));
+    sudoExec2(`mv "${tempPath}" "${destConfigPath}"`);
   } catch {
   }
 }
@@ -1741,6 +1750,11 @@ exec "${nodePath}" "$@"
   return { success: true };
 }
 
+// libs/shield-sandbox/src/host-scanner.ts
+import * as fs5 from "node:fs";
+import * as path2 from "node:path";
+import * as os2 from "node:os";
+
 // libs/shield-sandbox/src/security.ts
 import * as os from "node:os";
 import * as fs4 from "node:fs";
@@ -1863,11 +1877,214 @@ function checkSecurityStatus(options) {
   };
 }
 
-// libs/shield-sandbox/src/detect.ts
-import * as fs5 from "node:fs";
-import * as path2 from "node:path";
-import * as os2 from "node:os";
-import { execSync as execSync4 } from "node:child_process";
+// libs/shield-sandbox/src/host-scanner.ts
+function scanOpenClawConfig(configJsonPath) {
+  const skills = [];
+  const envVars = [];
+  const warnings = [];
+  const configDir = path2.dirname(configJsonPath);
+  const skillsDir = path2.join(configDir, "skills");
+  let entries;
+  if (fs5.existsSync(configJsonPath)) {
+    try {
+      const config = JSON.parse(fs5.readFileSync(configJsonPath, "utf-8"));
+      entries = config.skills?.entries;
+    } catch (err) {
+      warnings.push(`Failed to parse config: ${err.message}`);
+    }
+  } else {
+    warnings.push(`Config file not found: ${configJsonPath}`);
+  }
+  if (entries) {
+    for (const [name, entry] of Object.entries(entries)) {
+      const skillPath = path2.join(skillsDir, name);
+      const skillExists = fs5.existsSync(skillPath);
+      const skillMdPath = path2.join(skillPath, "SKILL.md");
+      const hasSkillMd = skillExists && fs5.existsSync(skillMdPath);
+      let description;
+      if (hasSkillMd) {
+        try {
+          const content = fs5.readFileSync(skillMdPath, "utf-8");
+          const fmMatch = content.match(/^---\n([\s\S]*?)\n---/);
+          if (fmMatch) {
+            const descMatch = fmMatch[1].match(/description:\s*(.+)/);
+            if (descMatch) {
+              description = descMatch[1].trim().replace(/^["']|["']$/g, "");
+            }
+          }
+        } catch {
+        }
+      }
+      skills.push({
+        name,
+        enabled: entry.enabled !== false,
+        envVars: entry.env ?? {},
+        skillPath: skillExists ? skillPath : void 0,
+        hasSkillMd,
+        description
+      });
+      if (entry.env) {
+        for (const [envName, envValue] of Object.entries(entry.env)) {
+          envVars.push({
+            name: envName,
+            maskedValue: maskSecretValue(envValue),
+            source: "app-config",
+            isSecret: isSecretEnvVar(envName),
+            associatedSkill: name
+          });
+        }
+      }
+    }
+  }
+  if (fs5.existsSync(skillsDir)) {
+    const configSkillNames = new Set(skills.map((s) => s.name));
+    try {
+      const dirEntries = fs5.readdirSync(skillsDir, { withFileTypes: true });
+      for (const dirEntry of dirEntries) {
+        if (!dirEntry.isDirectory() || configSkillNames.has(dirEntry.name)) continue;
+        const skillPath = path2.join(skillsDir, dirEntry.name);
+        const skillMdPath = path2.join(skillPath, "SKILL.md");
+        const pkgJsonPath = path2.join(skillPath, "package.json");
+        const hasSkillMd = fs5.existsSync(skillMdPath);
+        if (!hasSkillMd && !fs5.existsSync(pkgJsonPath)) continue;
+        let description;
+        if (hasSkillMd) {
+          try {
+            const content = fs5.readFileSync(skillMdPath, "utf-8");
+            const fmMatch = content.match(/^---\n([\s\S]*?)\n---/);
+            if (fmMatch) {
+              const descMatch = fmMatch[1].match(/description:\s*(.+)/);
+              if (descMatch) {
+                description = descMatch[1].trim().replace(/^["']|["']$/g, "");
+              }
+            }
+          } catch {
+          }
+        }
+        skills.push({
+          name: dirEntry.name,
+          enabled: false,
+          envVars: {},
+          skillPath,
+          hasSkillMd,
+          description
+        });
+      }
+    } catch {
+      warnings.push(`Could not read skills directory: ${skillsDir}`);
+    }
+  }
+  return { skills, envVars, warnings };
+}
+function scanProcessEnv() {
+  const envVars = [];
+  for (const [key, value] of Object.entries(process.env)) {
+    if (!value) continue;
+    if (!isSecretEnvVar(key)) continue;
+    envVars.push({
+      name: key,
+      maskedValue: maskSecretValue(value),
+      source: "process-env",
+      isSecret: true
+    });
+  }
+  return envVars;
+}
+var SHELL_PROFILES = [
+  ".zshrc",
+  ".bashrc",
+  ".profile",
+  ".bash_profile",
+  ".zprofile"
+];
+var EXPORT_REGEX = /^\s*export\s+([A-Za-z_][A-Za-z0-9_]*)=(.+)$/;
+function scanShellProfiles(home) {
+  const envVars = [];
+  const scannedProfiles = [];
+  const warnings = [];
+  for (const profile of SHELL_PROFILES) {
+    const filePath = path2.join(home, profile);
+    if (!fs5.existsSync(filePath)) continue;
+    scannedProfiles.push(filePath);
+    let content;
+    try {
+      content = fs5.readFileSync(filePath, "utf-8");
+    } catch (err) {
+      warnings.push(`Could not read ${filePath}: ${err.message}`);
+      continue;
+    }
+    for (const line of content.split("\n")) {
+      const match = line.match(EXPORT_REGEX);
+      if (!match) continue;
+      const name = match[1];
+      let value = match[2].trim();
+      if (value.startsWith('"') && value.endsWith('"') || value.startsWith("'") && value.endsWith("'")) {
+        value = value.slice(1, -1);
+      }
+      const commentIdx = value.indexOf(" #");
+      if (commentIdx > 0) {
+        value = value.slice(0, commentIdx).trim();
+      }
+      if (value.includes("$(") || value.includes("${") || value.startsWith("$")) {
+        continue;
+      }
+      envVars.push({
+        name,
+        maskedValue: maskSecretValue(value),
+        source: "shell-profile",
+        profilePath: filePath,
+        isSecret: isSecretEnvVar(name)
+      });
+    }
+  }
+  return { envVars, scannedProfiles, warnings };
+}
+function maskSecretValue(value) {
+  if (value.length <= 8) {
+    return "****";
+  }
+  return `${value.slice(0, 3)}...${value.slice(-4)}`;
+}
+function resolveEnvVarValue(name, source, profilePath, configJsonPath) {
+  switch (source) {
+    case "process-env":
+      return process.env[name] ?? null;
+    case "shell-profile": {
+      if (!profilePath || !fs5.existsSync(profilePath)) return null;
+      try {
+        const content = fs5.readFileSync(profilePath, "utf-8");
+        for (const line of content.split("\n")) {
+          const match = line.match(EXPORT_REGEX);
+          if (!match || match[1] !== name) continue;
+          let value = match[2].trim();
+          if (value.startsWith('"') && value.endsWith('"') || value.startsWith("'") && value.endsWith("'")) {
+            value = value.slice(1, -1);
+          }
+          return value;
+        }
+      } catch {
+      }
+      return null;
+    }
+    case "app-config": {
+      if (!configJsonPath || !fs5.existsSync(configJsonPath)) return null;
+      try {
+        const config = JSON.parse(
+          fs5.readFileSync(configJsonPath, "utf-8")
+        );
+        const entries = config.skills?.entries;
+        if (!entries) return null;
+        for (const entry of Object.values(entries)) {
+          if (entry.env?.[name]) return entry.env[name];
+        }
+      } catch {
+      }
+      return null;
+    }
+    default:
+      return null;
+  }
+}
 function getHome() {
   const sudoUser = process.env["SUDO_USER"];
   if (sudoUser) {
@@ -1876,7 +2093,64 @@ function getHome() {
   }
   return os2.homedir();
 }
-var HOME = getHome();
+function scanHost(options = {}) {
+  const home = options.home ?? getHome();
+  const warnings = [];
+  let skills = [];
+  let configEnvVars = [];
+  if (options.configPath) {
+    const configResult = scanOpenClawConfig(options.configPath);
+    skills = configResult.skills;
+    configEnvVars = configResult.envVars;
+    warnings.push(...configResult.warnings);
+  }
+  const profileResult = scanShellProfiles(home);
+  warnings.push(...profileResult.warnings);
+  const processEnvVars = scanProcessEnv();
+  const seen = /* @__PURE__ */ new Set();
+  const allEnvVars = [];
+  for (const v of configEnvVars) {
+    if (!seen.has(v.name)) {
+      seen.add(v.name);
+      allEnvVars.push(v);
+    }
+  }
+  for (const v of profileResult.envVars) {
+    if (!seen.has(v.name)) {
+      seen.add(v.name);
+      allEnvVars.push(v);
+    }
+  }
+  for (const v of processEnvVars) {
+    if (!seen.has(v.name)) {
+      seen.add(v.name);
+      allEnvVars.push(v);
+    }
+  }
+  return {
+    skills,
+    envVars: allEnvVars,
+    configPath: options.configPath,
+    scannedProfiles: profileResult.scannedProfiles,
+    scannedAt: (/* @__PURE__ */ new Date()).toISOString(),
+    warnings
+  };
+}
+
+// libs/shield-sandbox/src/detect.ts
+import * as fs6 from "node:fs";
+import * as path3 from "node:path";
+import * as os3 from "node:os";
+import { execSync as execSync4 } from "node:child_process";
+function getHome2() {
+  const sudoUser = process.env["SUDO_USER"];
+  if (sudoUser) {
+    const userHome = path3.join("/Users", sudoUser);
+    if (fs6.existsSync(userHome)) return userHome;
+  }
+  return os3.homedir();
+}
+var HOME = getHome2();
 function execSafe2(cmd) {
   try {
     return execSync4(cmd, { encoding: "utf-8", stdio: ["pipe", "pipe", "pipe"] }).trim();
@@ -1886,7 +2160,7 @@ function execSafe2(cmd) {
 }
 function pathExists(p) {
   try {
-    fs5.accessSync(p);
+    fs6.accessSync(p);
     return true;
   } catch {
     return false;
@@ -1901,19 +2175,19 @@ function getNpmGlobalBin() {
 function detectNpmInstall() {
   const npmRoot = getNpmGlobalRoot();
   if (!npmRoot) return { found: false, method: "npm" };
-  const openclawPkg = path2.join(npmRoot, "openclaw");
+  const openclawPkg = path3.join(npmRoot, "openclaw");
   if (!pathExists(openclawPkg)) return { found: false, method: "npm" };
   let version;
-  const pkgJsonPath = path2.join(openclawPkg, "package.json");
+  const pkgJsonPath = path3.join(openclawPkg, "package.json");
   if (pathExists(pkgJsonPath)) {
     try {
-      const pkg = JSON.parse(fs5.readFileSync(pkgJsonPath, "utf-8"));
+      const pkg = JSON.parse(fs6.readFileSync(pkgJsonPath, "utf-8"));
       version = pkg.version;
     } catch {
     }
   }
   const npmBin = getNpmGlobalBin();
-  const binaryPath = npmBin ? path2.join(npmBin, "openclaw") : void 0;
+  const binaryPath = npmBin ? path3.join(npmBin, "openclaw") : void 0;
   return {
     found: true,
     method: "npm",
@@ -1924,20 +2198,20 @@ function detectNpmInstall() {
 }
 function detectGitInstall() {
   const possiblePaths = [
-    path2.join(HOME, "openclaw"),
-    path2.join(HOME, ".openclaw-src"),
-    path2.join(HOME, "code", "openclaw"),
-    path2.join(HOME, "src", "openclaw")
+    path3.join(HOME, "openclaw"),
+    path3.join(HOME, ".openclaw-src"),
+    path3.join(HOME, "code", "openclaw"),
+    path3.join(HOME, "src", "openclaw")
   ];
   for (const repoPath of possiblePaths) {
     if (!pathExists(repoPath)) continue;
-    const gitDir = path2.join(repoPath, ".git");
-    const pkgJson = path2.join(repoPath, "package.json");
+    const gitDir = path3.join(repoPath, ".git");
+    const pkgJson = path3.join(repoPath, "package.json");
     if (pathExists(gitDir) && pathExists(pkgJson)) {
       try {
-        const pkg = JSON.parse(fs5.readFileSync(pkgJson, "utf-8"));
+        const pkg = JSON.parse(fs6.readFileSync(pkgJson, "utf-8"));
         if (pkg.name === "openclaw" || pkg.name?.includes("openclaw")) {
-          const wrapperPath2 = path2.join(HOME, ".local", "bin", "openclaw");
+          const wrapperPath2 = path3.join(HOME, ".local", "bin", "openclaw");
           return {
             found: true,
             method: "git",
@@ -1951,19 +2225,19 @@ function detectGitInstall() {
       }
     }
   }
-  const wrapperPath = path2.join(HOME, ".local", "bin", "openclaw");
+  const wrapperPath = path3.join(HOME, ".local", "bin", "openclaw");
   if (pathExists(wrapperPath)) {
     try {
-      const content = fs5.readFileSync(wrapperPath, "utf-8");
+      const content = fs6.readFileSync(wrapperPath, "utf-8");
       const match = content.match(/exec node "([^"]+)\/dist\/entry\.js"/);
       if (match) {
         const repoPath = match[1];
         if (pathExists(repoPath)) {
-          const pkgJson = path2.join(repoPath, "package.json");
+          const pkgJson = path3.join(repoPath, "package.json");
           let version;
           if (pathExists(pkgJson)) {
             try {
-              version = JSON.parse(fs5.readFileSync(pkgJson, "utf-8")).version;
+              version = JSON.parse(fs6.readFileSync(pkgJson, "utf-8")).version;
             } catch {
             }
           }
@@ -1983,7 +2257,7 @@ function detectGitInstall() {
   return { found: false, method: "git" };
 }
 function detectConfigDir() {
-  const configPath = path2.join(HOME, ".openclaw");
+  const configPath = path3.join(HOME, ".openclaw");
   return pathExists(configPath) ? configPath : void 0;
 }
 function getVersionViaCli() {
@@ -2016,7 +2290,8 @@ function detectOpenClaw() {
   } else {
     installation = {
       found: false,
-      method: "unknown"
+      method: "unknown",
+      configPath: detectConfigDir()
     };
   }
   if (installation.found && !installation.version) {
@@ -2055,8 +2330,8 @@ function checkPrerequisites() {
 }
 
 // libs/shield-sandbox/src/backup.ts
-import * as fs6 from "node:fs";
-import * as os3 from "node:os";
+import * as fs7 from "node:fs";
+import * as os4 from "node:os";
 import { execSync as execSync5 } from "node:child_process";
 
 // libs/shield-ipc/dist/index.js
@@ -2133,13 +2408,17 @@ var DaemonConfigSchema = z.object({
   enableHostsEntry: z.boolean().default(false)
 });
 var PolicyConfigSchema = z.object({
-  id: z.string().uuid(),
+  id: z.string().min(1),
   name: z.string().min(1).max(100),
   action: z.enum(["allow", "deny", "approval"]),
   target: z.enum(["skill", "command", "url", "filesystem"]),
   patterns: z.array(z.string()),
   enabled: z.boolean().default(true),
-  operations: z.array(z.string()).optional()
+  priority: z.number().optional(),
+  operations: z.array(z.string()).optional(),
+  preset: z.string().optional(),
+  scope: z.string().optional(),
+  networkAccess: z.enum(["none", "proxy", "direct"]).optional()
 });
 var VaultConfigSchema = z.object({
   enabled: z.boolean(),
@@ -2235,7 +2514,8 @@ var PolicyRuleSchema = z3.object({
   operations: z3.array(OperationTypeSchema),
   patterns: z3.array(z3.string()),
   enabled: z3.boolean(),
-  priority: z3.number().optional()
+  priority: z3.number().optional(),
+  scope: z3.string().optional()
 });
 var FsConstraintsSchema = z3.object({
   allowedPaths: z3.array(z3.string()),
@@ -3267,22 +3547,22 @@ function saveBackup(params) {
   const backup = {
     version: "1.0",
     timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-    originalUser: os3.userInfo().username,
-    originalUserHome: os3.homedir(),
+    originalUser: os4.userInfo().username,
+    originalUserHome: os4.homedir(),
     originalInstallation,
     sandboxUser,
     migratedPaths
   };
   const tempPath = "/tmp/agenshield-backup.json";
   try {
-    fs6.writeFileSync(tempPath, JSON.stringify(backup, null, 2), { mode: 384 });
+    fs7.writeFileSync(tempPath, JSON.stringify(backup, null, 2), { mode: 384 });
   } catch (err) {
     return { success: false, error: `Failed to write temp backup: ${err}` };
   }
   let result = sudoExec3(`mv "${tempPath}" "${BACKUP_CONFIG.backupPath}"`);
   if (!result.success) {
     try {
-      fs6.unlinkSync(tempPath);
+      fs7.unlinkSync(tempPath);
     } catch {
     }
     return { success: false, error: `Failed to install backup: ${result.error}` };
@@ -3321,32 +3601,22 @@ function deleteBackup() {
   const result = sudoExec3(`rm -f "${BACKUP_CONFIG.backupPath}"`);
   return result;
 }
-function backupOriginalConfig(configPath) {
-  if (!fs6.existsSync(configPath)) {
-    return { success: true };
-  }
-  const timestamp = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
-  const backupPath = `${configPath}.backup-${timestamp}`;
-  try {
-    fs6.renameSync(configPath, backupPath);
-    return { success: true, backupPath };
-  } catch (err) {
-    return { success: false, error: `Failed to backup config: ${err}` };
-  }
+function backupOriginalConfig(_configPath) {
+  return { success: true };
 }
 function restoreOriginalConfig(backupPath, targetPath) {
-  if (!fs6.existsSync(backupPath)) {
+  if (!fs7.existsSync(backupPath)) {
     return { success: false, error: `Backup path does not exist: ${backupPath}` };
   }
-  if (fs6.existsSync(targetPath)) {
+  if (fs7.existsSync(targetPath)) {
     try {
-      fs6.rmSync(targetPath, { recursive: true });
+      fs7.rmSync(targetPath, { recursive: true });
     } catch (err) {
       return { success: false, error: `Failed to remove existing config: ${err}` };
     }
   }
   try {
-    fs6.renameSync(backupPath, targetPath);
+    fs7.renameSync(backupPath, targetPath);
     return { success: true };
   } catch (err) {
     return { success: false, error: `Failed to restore config: ${err}` };
@@ -3354,8 +3624,8 @@ function restoreOriginalConfig(backupPath, targetPath) {
 }
 
 // libs/shield-sandbox/src/restore.ts
-import * as fs7 from "node:fs";
-import * as path3 from "node:path";
+import * as fs8 from "node:fs";
+import * as path4 from "node:path";
 import { execSync as execSync6 } from "node:child_process";
 init_guarded_shell();
 function sudoExec4(cmd) {
@@ -3410,7 +3680,7 @@ function waitForProcessExit(pid, timeoutMs = 5e3) {
 }
 function stopDaemon() {
   const plistPath = "/Library/LaunchDaemons/com.agenshield.daemon.plist";
-  if (fs7.existsSync(plistPath)) {
+  if (fs8.existsSync(plistPath)) {
     sudoExec4(`rm -f "${plistPath}"`);
     sudoExec4(`launchctl unload "${plistPath}" 2>/dev/null || true`);
   }
@@ -3448,7 +3718,7 @@ function stopDaemon() {
 }
 function stopBrokerDaemon() {
   const plistPath = "/Library/LaunchDaemons/com.agenshield.broker.plist";
-  if (!fs7.existsSync(plistPath)) {
+  if (!fs8.existsSync(plistPath)) {
     return {
       step: "stop-broker",
       success: true,
@@ -3491,14 +3761,14 @@ function restoreConfig(backup) {
       message: "No config backup to restore"
     };
   }
-  if (!fs7.existsSync(configBackupPath)) {
+  if (!fs8.existsSync(configBackupPath)) {
     return {
       step: "restore-config",
       success: true,
       message: `Config backup not found at ${configBackupPath}, skipping`
     };
   }
-  const targetPath = configPath || path3.join(backup.originalUserHome, ".openclaw");
+  const targetPath = configPath || path4.join(backup.originalUserHome, ".openclaw");
   const result = restoreOriginalConfig(configBackupPath, targetPath);
   if (!result.success) {
     return {
@@ -3523,7 +3793,7 @@ function restorePackage(backup) {
       message: "npm package was not moved (still at original location)"
     };
   }
-  if (packagePath && fs7.existsSync(packagePath)) {
+  if (packagePath && fs8.existsSync(packagePath)) {
     return {
       step: "restore-package",
       success: true,
@@ -3554,7 +3824,7 @@ function deleteUser2(backup) {
   };
 }
 function removeGuardedShell() {
-  if (!fs7.existsSync(GUARDED_SHELL_PATH)) {
+  if (!fs8.existsSync(GUARDED_SHELL_PATH)) {
     return {
       step: "remove-shell",
       success: true,
@@ -3590,7 +3860,7 @@ function cleanup() {
   ];
   const errors = [];
   for (const p of cleanupPaths) {
-    if (fs7.existsSync(p)) {
+    if (fs8.existsSync(p)) {
       const result = sudoExec4(`rm -rf "${p}"`);
       if (!result.success) {
         errors.push(`Failed to remove ${p}: ${result.error}`);
@@ -3614,7 +3884,7 @@ function cleanup() {
 function verify(backup) {
   const { binaryPath, method } = backup.originalInstallation;
   let cmd;
-  if (binaryPath && fs7.existsSync(binaryPath)) {
+  if (binaryPath && fs8.existsSync(binaryPath)) {
     cmd = `"${binaryPath}" --version`;
   } else if (method === "npm") {
     cmd = "openclaw --version";
@@ -3748,12 +4018,12 @@ function discoverSocketGroups() {
   }
 }
 function isDaemonPresent() {
-  if (fs7.existsSync("/Library/LaunchDaemons/com.agenshield.daemon.plist")) return true;
+  if (fs8.existsSync("/Library/LaunchDaemons/com.agenshield.daemon.plist")) return true;
   if (findDaemonPidByPort(DEFAULT_PORT)) return true;
   return false;
 }
 function isBrokerPresent() {
-  return fs7.existsSync("/Library/LaunchDaemons/com.agenshield.broker.plist");
+  return fs8.existsSync("/Library/LaunchDaemons/com.agenshield.broker.plist");
 }
 function forceUninstall(onProgress) {
   const steps = [];
@@ -3861,9 +4131,9 @@ function forceUninstall(onProgress) {
 init_shield_exec();
 
 // libs/shield-sandbox/src/wrappers.ts
-import * as fs9 from "node:fs/promises";
-import * as path6 from "node:path";
-import { exec as exec4 } from "node:child_process";
+import * as fs10 from "node:fs/promises";
+import * as path7 from "node:path";
+import { exec as exec4, spawn as nodeSpawn } from "node:child_process";
 import { promisify as promisify4 } from "node:util";
 import { createRequire } from "node:module";
 var require2 = createRequire(import.meta.url);
@@ -3882,7 +4152,8 @@ function getDefaultWrapperConfig(userConfig) {
     pythonPath: "/usr/bin/python3",
     nodePath: "/usr/local/bin/node",
     npmPath: "/usr/local/bin/npm",
-    brewPath: "/opt/homebrew/bin/brew"
+    brewPath: "/opt/homebrew/bin/brew",
+    nvmNodeDir: `${agentHome}/.nvm/versions/node/current`
   };
 }
 var WRAPPER_DEFINITIONS = {
@@ -3995,31 +4266,19 @@ esac
 `
   },
   npm: {
-    description: "npm wrapper with Node.js interceptor",
-    usesInterceptor: true,
+    description: "npm wrapper \u2014 delegates to NVM npm (patched node loads interceptor)",
     generate: (config) => `#!/bin/bash
-# npm wrapper - routes npm network requests through AgenShield interceptor
-# Uses NODE_OPTIONS to load the interceptor module
+# npm wrapper \u2014 NVM's node is patched in-place, so the interceptor loads
+# automatically when npm (a JS script) invokes node. No NODE_OPTIONS needed here.
 
 # Ensure accessible working directory
 if ! /bin/pwd > /dev/null 2>&1; then cd ~ 2>/dev/null || cd /; fi
 
-# Set up interceptor
-export NODE_OPTIONS="${config.interceptorFlag} ${config.interceptorPath} \${NODE_OPTIONS:-}"
-
-# Set AgenShield environment
-export AGENSHIELD_SOCKET="${config.socketPath}"
-export AGENSHIELD_HTTP_PORT="${config.httpPort}"
-export AGENSHIELD_INTERCEPT_FETCH=true
-export AGENSHIELD_INTERCEPT_HTTP=true
-
-# Find npm - prefer homebrew, then system
-if [ -x "/opt/homebrew/bin/npm" ]; then
-  exec /opt/homebrew/bin/npm "$@"
-elif [ -x "${config.npmPath}" ]; then
-  exec ${config.npmPath} "$@"
+# Only use NVM npm (patched NVM node loads interceptor automatically)
+if [ -x "${config.nvmNodeDir}/bin/npm" ]; then
+  exec "${config.nvmNodeDir}/bin/npm" "$@"
 else
-  echo "npm not found" >&2
+  echo "npm not found (expected at ${config.nvmNodeDir}/bin/npm)" >&2
   exit 1
 fi
 `
@@ -4094,54 +4353,38 @@ exec ${config.agentHome}/bin/python "$@"
 # Ensure accessible working directory
 if ! /bin/pwd > /dev/null 2>&1; then cd ~ 2>/dev/null || cd /; fi
 
-# Set up interceptor
 export NODE_OPTIONS="${config.interceptorFlag} ${config.interceptorPath} \${NODE_OPTIONS:-}"
-
-# Set AgenShield environment
 export AGENSHIELD_SOCKET="${config.socketPath}"
 export AGENSHIELD_HTTP_PORT="${config.httpPort}"
-export AGENSHIELD_INTERCEPT_FETCH=true
-export AGENSHIELD_INTERCEPT_HTTP=true
 export AGENSHIELD_INTERCEPT_EXEC=true
+export AGENSHIELD_INTERCEPT_HTTP=true
+export AGENSHIELD_INTERCEPT_FETCH=true
+export AGENSHIELD_INTERCEPT_WS=true
+export AGENSHIELD_CONTEXT_TYPE=\${AGENSHIELD_CONTEXT_TYPE:-agent}
 
-# Find node - prefer copied binary, then homebrew, then system
+# Only use the NVM-installed node binary (copied to /opt/agenshield/bin/node-bin)
 if [ -x "/opt/agenshield/bin/node-bin" ]; then
   exec /opt/agenshield/bin/node-bin "$@"
-elif [ -x "/opt/homebrew/bin/node" ]; then
-  exec /opt/homebrew/bin/node "$@"
-elif [ -x "${config.nodePath}" ]; then
-  exec ${config.nodePath} "$@"
 else
-  echo "node not found" >&2
+  echo "node-bin not found at /opt/agenshield/bin/node-bin" >&2
   exit 1
 fi
 `
   },
   npx: {
-    description: "npx wrapper with Node.js interceptor",
-    usesInterceptor: true,
+    description: "npx wrapper \u2014 delegates to NVM npx (patched node loads interceptor)",
     generate: (config) => `#!/bin/bash
-# npx wrapper - runs npx with AgenShield interceptor
+# npx wrapper \u2014 NVM's node is patched in-place, so the interceptor loads
+# automatically when npx (a JS script) invokes node. No NODE_OPTIONS needed here.
 
 # Ensure accessible working directory
 if ! /bin/pwd > /dev/null 2>&1; then cd ~ 2>/dev/null || cd /; fi
 
-# Set up interceptor
-export NODE_OPTIONS="${config.interceptorFlag} ${config.interceptorPath} \${NODE_OPTIONS:-}"
-
-# Set AgenShield environment
-export AGENSHIELD_SOCKET="${config.socketPath}"
-export AGENSHIELD_HTTP_PORT="${config.httpPort}"
-export AGENSHIELD_INTERCEPT_FETCH=true
-export AGENSHIELD_INTERCEPT_HTTP=true
-
-# Find npx
-if [ -x "/opt/homebrew/bin/npx" ]; then
-  exec /opt/homebrew/bin/npx "$@"
-elif [ -x "/usr/local/bin/npx" ]; then
-  exec /usr/local/bin/npx "$@"
+# Only use NVM npx (patched NVM node loads interceptor automatically)
+if [ -x "${config.nvmNodeDir}/bin/npx" ]; then
+  exec "${config.nvmNodeDir}/bin/npx" "$@"
 else
-  echo "npx not found" >&2
+  echo "npx not found (expected at ${config.nvmNodeDir}/bin/npx)" >&2
   exit 1
 fi
 `
@@ -4241,9 +4484,9 @@ function generateWrapperContent(name, config) {
   return def.generate(config || getDefaultWrapperConfig());
 }
 async function installWrapper(name, content, targetDir) {
-  const wrapperPath = path6.join(targetDir, name);
+  const wrapperPath = path7.join(targetDir, name);
   try {
-    await fs9.writeFile(wrapperPath, content, { mode: 493 });
+    await fs10.writeFile(wrapperPath, content, { mode: 493 });
     return {
       success: true,
       name,
@@ -4261,7 +4504,7 @@ async function installWrapper(name, content, targetDir) {
   }
 }
 async function installWrapperWithSudo(name, content, targetDir, owner, group) {
-  const wrapperPath = path6.join(targetDir, name);
+  const wrapperPath = path7.join(targetDir, name);
   try {
     await execAsync4(`sudo tee "${wrapperPath}" > /dev/null << 'EOF'
 ${content}
@@ -4290,7 +4533,7 @@ async function installWrappers(targetDir = "/Users/agenshield_agent/bin", config
   const results = [];
   const wrapperConfig = config || getDefaultWrapperConfig();
   try {
-    await fs9.mkdir(targetDir, { recursive: true });
+    await fs10.mkdir(targetDir, { recursive: true });
   } catch {
     try {
       await execAsync4(`sudo mkdir -p "${targetDir}"`);
@@ -4311,7 +4554,7 @@ async function installSpecificWrappers(names, targetDir, config) {
   const results = [];
   const wrapperConfig = config || getDefaultWrapperConfig();
   try {
-    await fs9.mkdir(targetDir, { recursive: true });
+    await fs10.mkdir(targetDir, { recursive: true });
   } catch {
     try {
       await execAsync4(`sudo mkdir -p "${targetDir}"`);
@@ -4324,7 +4567,7 @@ async function installSpecificWrappers(names, targetDir, config) {
       results.push({
         success: false,
         name,
-        path: path6.join(targetDir, name),
+        path: path7.join(targetDir, name),
         message: `Unknown wrapper: ${name}`
       });
       continue;
@@ -4339,9 +4582,9 @@ async function installSpecificWrappers(names, targetDir, config) {
   return results;
 }
 async function uninstallWrapper(name, targetDir) {
-  const wrapperPath = path6.join(targetDir, name);
+  const wrapperPath = path7.join(targetDir, name);
   try {
-    await fs9.unlink(wrapperPath);
+    await fs10.unlink(wrapperPath);
     return {
       success: true,
       name,
@@ -4378,9 +4621,9 @@ async function verifyWrappers(targetDir = "/Users/agenshield_agent/bin") {
   const installed = [];
   const missing = [];
   for (const name of Object.keys(WRAPPER_DEFINITIONS)) {
-    const wrapperPath = path6.join(targetDir, name);
+    const wrapperPath = path7.join(targetDir, name);
     try {
-      await fs9.access(wrapperPath, fs9.constants.X_OK);
+      await fs10.access(wrapperPath, fs10.constants.X_OK);
       installed.push(name);
     } catch {
       missing.push(name);
@@ -4422,7 +4665,7 @@ async function installGuardedShell(userConfig, options) {
   const shellPath = GUARDED_SHELL_PATH2;
   try {
     log(`Installing guarded shell launcher to ${shellPath}`);
-    await execAsync4(`sudo mkdir -p "${path6.dirname(shellPath)}"`);
+    await execAsync4(`sudo mkdir -p "${path7.dirname(shellPath)}"`);
     await execAsync4(`sudo tee "${shellPath}" > /dev/null << 'GUARDEDEOF'
 ${GUARDED_SHELL_CONTENT2}
 GUARDEDEOF`);
@@ -4475,7 +4718,7 @@ SHIELDEXECEOF`);
     await execAsync4(`sudo chmod 755 "${SHIELD_EXEC_PATH2}"`);
     await execAsync4(`sudo chown root:wheel "${SHIELD_EXEC_PATH2}"`);
     for (const cmd of PROXIED_COMMANDS2) {
-      const symlinkPath = path6.join(binDir, cmd);
+      const symlinkPath = path7.join(binDir, cmd);
       try {
         await execAsync4(`sudo rm -f "${symlinkPath}"`);
         await execAsync4(`sudo ln -s "${SHIELD_EXEC_PATH2}" "${symlinkPath}"`);
@@ -4492,36 +4735,36 @@ if ! /bin/pwd > /dev/null 2>&1; then cd ~ 2>/dev/null || cd /; fi
 export NODE_OPTIONS="${wrapperConfig.interceptorFlag} ${wrapperConfig.interceptorPath} \${NODE_OPTIONS:-}"
 export AGENSHIELD_SOCKET="${wrapperConfig.socketPath}"
 export AGENSHIELD_HTTP_PORT="${wrapperConfig.httpPort}"
-export AGENSHIELD_INTERCEPT_FETCH=true
-export AGENSHIELD_INTERCEPT_HTTP=true
 export AGENSHIELD_INTERCEPT_EXEC=true
+export AGENSHIELD_INTERCEPT_HTTP=true
+export AGENSHIELD_INTERCEPT_FETCH=true
+export AGENSHIELD_INTERCEPT_WS=true
+export AGENSHIELD_CONTEXT_TYPE=\${AGENSHIELD_CONTEXT_TYPE:-agent}
+
+# Only use the NVM-installed node binary (copied to /opt/agenshield/bin/node-bin)
 if [ -x "/opt/agenshield/bin/node-bin" ]; then
   exec /opt/agenshield/bin/node-bin "$@"
-elif [ -x "/opt/homebrew/bin/node" ]; then
-  exec /opt/homebrew/bin/node "$@"
-elif [ -x "/usr/local/bin/node" ]; then
-  exec /usr/local/bin/node "$@"
 else
-  echo "node not found" >&2
+  echo "node-bin not found at /opt/agenshield/bin/node-bin" >&2
   exit 1
 fi
 `;
     const pythonWrapper = WRAPPER_DEFINITIONS["python"]?.generate(wrapperConfig) || "";
     const python3Wrapper = WRAPPER_DEFINITIONS["python3"]?.generate(wrapperConfig) || "";
     const pip3Wrapper = WRAPPER_DEFINITIONS["pip"]?.generate(wrapperConfig) || "";
-    const nodePath = path6.join(binDir, "node");
+    const nodePath = path7.join(binDir, "node");
     await execAsync4(`sudo tee "${nodePath}" > /dev/null << 'NODEEOF'
 ${nodeWrapper}
 NODEEOF`);
     await execAsync4(`sudo chmod 755 "${nodePath}"`);
     installed.push("node");
-    const pythonPath = path6.join(binDir, "python");
+    const pythonPath = path7.join(binDir, "python");
     await execAsync4(`sudo tee "${pythonPath}" > /dev/null << 'PYEOF'
 ${pythonWrapper}
 PYEOF`);
     await execAsync4(`sudo chmod 755 "${pythonPath}"`);
     installed.push("python");
-    const python3Path = path6.join(binDir, "python3");
+    const python3Path = path7.join(binDir, "python3");
     await execAsync4(`sudo tee "${python3Path}" > /dev/null << 'PY3EOF'
 ${python3Wrapper}
 PY3EOF`);
@@ -4560,12 +4803,12 @@ async function addDynamicWrapper(name, content, targetDir, useSudo = false, owne
   return installWrapper(name, content, targetDir);
 }
 async function removeDynamicWrapper(name, targetDir, useSudo = false) {
-  const wrapperPath = path6.join(targetDir, name);
+  const wrapperPath = path7.join(targetDir, name);
   try {
     if (useSudo) {
       await execAsync4(`sudo rm -f "${wrapperPath}"`);
     } else {
-      await fs9.unlink(wrapperPath);
+      await fs10.unlink(wrapperPath);
     }
     return {
       success: true,
@@ -4597,7 +4840,7 @@ async function updateWrapper(name, targetDir, config, useSudo = false) {
     return {
       success: false,
       name,
-      path: path6.join(targetDir, name),
+      path: path7.join(targetDir, name),
       message: `Unknown wrapper: ${name}`
     };
   }
@@ -4612,7 +4855,7 @@ async function deployInterceptor(userConfig) {
   const socketGroupName = userConfig?.groups?.socket?.name || "ash_socket";
   try {
     const srcPath = require2.resolve("@agenshield/interceptor/register");
-    await fs9.access(srcPath);
+    await fs10.access(srcPath);
     await execAsync4("sudo mkdir -p /opt/agenshield/lib/interceptor");
     await execAsync4(`sudo cp "${srcPath}" "${targetPath}"`);
     await execAsync4(`sudo chown root:${socketGroupName} "${targetPath}"`);
@@ -4638,11 +4881,11 @@ async function copyBrokerBinary(userConfig) {
   const socketGroupName = userConfig?.groups?.socket?.name || "ash_socket";
   try {
     const brokerPkgPath = require2.resolve("@agenshield/broker/package.json");
-    const brokerDir = path6.dirname(brokerPkgPath);
-    const brokerPkg = JSON.parse(await fs9.readFile(brokerPkgPath, "utf-8"));
+    const brokerDir = path7.dirname(brokerPkgPath);
+    const brokerPkg = JSON.parse(await fs10.readFile(brokerPkgPath, "utf-8"));
     const binEntry = typeof brokerPkg.bin === "string" ? brokerPkg.bin : brokerPkg.bin?.["agenshield-broker"] || "./dist/main.js";
-    const srcPath = path6.resolve(brokerDir, binEntry);
-    await fs9.access(srcPath);
+    const srcPath = path7.resolve(brokerDir, binEntry);
+    await fs10.access(srcPath);
     await execAsync4("sudo mkdir -p /opt/agenshield/bin");
     await execAsync4(`sudo cp "${srcPath}" "${targetPath}"`);
     await execAsync4(`sudo chmod 755 "${targetPath}"`);
@@ -4675,18 +4918,18 @@ async function copyShieldClient(userConfig) {
   const socketGroupName = userConfig?.groups?.socket?.name || "ash_socket";
   try {
     const brokerPkgPath = require2.resolve("@agenshield/broker/package.json");
-    const brokerDir = path6.dirname(brokerPkgPath);
-    const brokerPkg = JSON.parse(await fs9.readFile(brokerPkgPath, "utf-8"));
+    const brokerDir = path7.dirname(brokerPkgPath);
+    const brokerPkg = JSON.parse(await fs10.readFile(brokerPkgPath, "utf-8"));
     const clientEntry = typeof brokerPkg.bin === "object" ? brokerPkg.bin["shield-client"] : null;
-    const srcPath = path6.resolve(brokerDir, clientEntry || "./dist/client/shield-client.js");
-    await fs9.access(srcPath);
-    let content = await fs9.readFile(srcPath, "utf-8");
+    const srcPath = path7.resolve(brokerDir, clientEntry || "./dist/client/shield-client.js");
+    await fs10.access(srcPath);
+    let content = await fs10.readFile(srcPath, "utf-8");
     content = content.replace(
       /^#!\/usr\/bin\/env node/,
       "#!/opt/agenshield/bin/node-bin"
     );
     const tmpPath = "/tmp/shield-client-install";
-    await fs9.writeFile(tmpPath, content, { mode: 493 });
+    await fs10.writeFile(tmpPath, content, { mode: 493 });
     await execAsync4("sudo mkdir -p /opt/agenshield/bin");
     await execAsync4(`sudo mv "${tmpPath}" "${targetPath}"`);
     await execAsync4(`sudo chmod 755 "${targetPath}"`);
@@ -4723,12 +4966,12 @@ async function copyNodeDylibs(srcBinaryPath, socketGroupName) {
       const dylibName = match[3];
       let resolvedPath;
       if (prefix === "@loader_path") {
-        resolvedPath = path6.resolve(path6.dirname(srcBinaryPath) + relPath + dylibName);
+        resolvedPath = path7.resolve(path7.dirname(srcBinaryPath) + relPath + dylibName);
       } else {
-        resolvedPath = path6.resolve(path6.dirname(srcBinaryPath), "..", "lib", dylibName);
+        resolvedPath = path7.resolve(path7.dirname(srcBinaryPath), "..", "lib", dylibName);
       }
       try {
-        await fs9.access(resolvedPath);
+        await fs10.access(resolvedPath);
       } catch {
         errors.push(`dylib not found on disk: ${resolvedPath}`);
         continue;
@@ -4752,7 +4995,7 @@ async function copyNodeBinary(userConfig, sourcePath) {
   const socketGroupName = userConfig?.groups?.socket?.name || "ash_socket";
   try {
     const srcPath = sourcePath || process.execPath;
-    await fs9.access(srcPath);
+    await fs10.access(srcPath);
     await execAsync4(`sudo cp "${srcPath}" "${targetPath}"`);
     await execAsync4(`sudo chown root:${socketGroupName} "${targetPath}"`);
     await execAsync4(`sudo chmod 755 "${targetPath}"`);
@@ -4776,11 +5019,11 @@ async function copyNodeBinary(userConfig, sourcePath) {
 }
 var NVM_INSTALL_URL = "https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh";
 async function installAgentNvm(options) {
-  const { agentHome, agentUsername, socketGroupName, verbose } = options;
+  const { agentHome, agentUsername, socketGroupName, verbose, onLog } = options;
   const nodeVersion = options.nodeVersion || "24";
   const nvmDir = `${agentHome}/.nvm`;
-  const log = (msg) => verbose && process.stderr.write(`[SETUP] ${msg}
-`);
+  const log = onLog || ((msg) => verbose && process.stderr.write(`[SETUP] ${msg}
+`));
   const empty = {
     success: false,
     nvmDir,
@@ -4797,9 +5040,13 @@ async function installAgentNvm(options) {
     const installCmd = [
       `export HOME="${agentHome}"`,
       `export NVM_DIR="${nvmDir}"`,
-      `/usr/bin/curl -o- "${NVM_INSTALL_URL}" | PROFILE=/dev/null /bin/bash`
+      `/usr/bin/curl -sSo- "${NVM_INSTALL_URL}" | PROFILE=/dev/null /bin/bash`
     ].join(" && ");
-    await execAsync4(`sudo -u ${agentUsername} /bin/bash -c '${installCmd}'`, { timeout: 6e4 });
+    await execWithProgress(
+      `sudo -H -u ${agentUsername} /bin/bash --norc --noprofile -c '${installCmd}'`,
+      log,
+      { timeout: 6e4, cwd: "/" }
+    );
     log(`Installing Node.js v${nodeVersion} via NVM`);
     const nvmInstallCmd = [
       `export HOME="${agentHome}"`,
@@ -4807,7 +5054,11 @@ async function installAgentNvm(options) {
       `source "${nvmDir}/nvm.sh"`,
       `nvm install ${nodeVersion}`
     ].join(" && ");
-    await execAsync4(`sudo -u ${agentUsername} /bin/bash -c '${nvmInstallCmd}'`, { timeout: 12e4 });
+    await execWithProgress(
+      `sudo -H -u ${agentUsername} /bin/bash --norc --noprofile -c '${nvmInstallCmd}'`,
+      log,
+      { timeout: 12e4, cwd: "/" }
+    );
     log("Resolving installed node binary path");
     const whichCmd = [
       `export HOME="${agentHome}"`,
@@ -4815,14 +5066,15 @@ async function installAgentNvm(options) {
       `source "${nvmDir}/nvm.sh"`,
       `nvm which ${nodeVersion}`
     ].join(" && ");
-    const { stdout } = await execAsync4(`sudo -u ${agentUsername} /bin/bash -c '${whichCmd}'`);
+    const { stdout } = await execAsync4(`sudo -H -u ${agentUsername} /bin/bash --norc --noprofile -c '${whichCmd}'`, { cwd: "/" });
     const nodeBinaryPath = stdout.trim();
     if (!nodeBinaryPath) {
       return { ...empty, message: "NVM installed but could not resolve node binary path" };
     }
     log(`Verifying node binary at ${nodeBinaryPath}`);
     const { stdout: versionOut } = await execAsync4(
-      `sudo -u ${agentUsername} /bin/bash -c '"${nodeBinaryPath}" --version'`
+      `sudo -H -u ${agentUsername} /bin/bash --norc --noprofile -c '"${nodeBinaryPath}" --version'`,
+      { cwd: "/" }
     );
     const actualVersion = versionOut.trim();
     log(`Node.js ${actualVersion} installed successfully`);
@@ -4841,6 +5093,115 @@ async function installAgentNvm(options) {
     };
   }
 }
+function isNoiseLine(line) {
+  if (/^\s*%\s+Total/.test(line)) return true;
+  if (/^\s*Dload\s+Upload/.test(line)) return true;
+  if (/^[\d\s.kMG:\-/|]+$/.test(line)) return true;
+  if (/^=>?\s*$/.test(line)) return true;
+  return false;
+}
+async function execWithProgress(command, log, opts) {
+  return new Promise((resolve6, reject) => {
+    const child = nodeSpawn("/bin/bash", ["-c", command], {
+      cwd: opts?.cwd || "/",
+      env: { ...process.env, ...opts?.env },
+      stdio: ["ignore", "pipe", "pipe"]
+    });
+    let stdout = "";
+    let stderr = "";
+    let timer;
+    if (opts?.timeout) {
+      timer = setTimeout(() => {
+        child.kill("SIGTERM");
+        reject(new Error(`Command timed out after ${opts.timeout}ms`));
+      }, opts.timeout);
+    }
+    child.stdout?.on("data", (data) => {
+      const text = data.toString();
+      stdout += text;
+      for (const line of text.split("\n")) {
+        const trimmed = line.trim();
+        if (trimmed && !isNoiseLine(trimmed)) log(trimmed);
+      }
+    });
+    child.stderr?.on("data", (data) => {
+      const text = data.toString();
+      stderr += text;
+      for (const line of text.split("\n")) {
+        const trimmed = line.trim();
+        if (trimmed && !isNoiseLine(trimmed)) log(trimmed);
+      }
+    });
+    child.on("close", (code) => {
+      if (timer) clearTimeout(timer);
+      if (code === 0) {
+        resolve6({ stdout, stderr });
+      } else {
+        const err = new Error(`Command failed with exit code ${code}: ${stderr.slice(0, 500)}`);
+        err.stdout = stdout;
+        err.stderr = stderr;
+        reject(err);
+      }
+    });
+    child.on("error", (err) => {
+      if (timer) clearTimeout(timer);
+      reject(err);
+    });
+  });
+}
+async function patchNvmNode(options) {
+  const { nodeBinaryPath, agentUsername, socketGroupName, interceptorPath, socketPath, httpPort, verbose, onLog } = options;
+  const log = onLog || ((msg) => verbose && process.stderr.write(`[SETUP] ${msg}
+`));
+  try {
+    const nodeBinTarget = "/opt/agenshield/bin/node-bin";
+    try {
+      await fs10.access(nodeBinTarget);
+    } catch {
+      return {
+        success: false,
+        name: "patch-nvm-node",
+        path: nodeBinaryPath,
+        message: `node-bin not found at ${nodeBinTarget} \u2014 copyNodeBinary must run first`
+      };
+    }
+    log(`Removing NVM node binary at ${nodeBinaryPath}`);
+    await execAsync4(`sudo rm -f "${nodeBinaryPath}"`);
+    const wrapperContent = `#!/bin/bash
+# AgenShield-patched node \u2014 loads interceptor before executing
+export NODE_OPTIONS="--require ${interceptorPath} \${NODE_OPTIONS:-}"
+export AGENSHIELD_SOCKET="${socketPath}"
+export AGENSHIELD_HTTP_PORT="${httpPort}"
+export AGENSHIELD_INTERCEPT_EXEC=true
+export AGENSHIELD_INTERCEPT_HTTP=true
+export AGENSHIELD_INTERCEPT_FETCH=true
+export AGENSHIELD_INTERCEPT_WS=true
+export AGENSHIELD_CONTEXT_TYPE=\${AGENSHIELD_CONTEXT_TYPE:-agent}
+exec ${nodeBinTarget} "$@"
+`;
+    log(`Writing interceptor wrapper to ${nodeBinaryPath}`);
+    await execAsync4(`sudo tee "${nodeBinaryPath}" > /dev/null << 'PATCHEOF'
+${wrapperContent}
+PATCHEOF`);
+    await execAsync4(`sudo chown root:${socketGroupName} "${nodeBinaryPath}"`);
+    await execAsync4(`sudo chmod 755 "${nodeBinaryPath}"`);
+    log(`NVM node patched in-place at ${nodeBinaryPath}`);
+    return {
+      success: true,
+      name: "patch-nvm-node",
+      path: nodeBinaryPath,
+      message: `Patched NVM node at ${nodeBinaryPath} with interceptor wrapper`
+    };
+  } catch (error) {
+    return {
+      success: false,
+      name: "patch-nvm-node",
+      path: nodeBinaryPath,
+      message: `Failed to patch NVM node: ${error.message}`,
+      error
+    };
+  }
+}
 var BASIC_SYSTEM_COMMANDS = [
   "ls",
   "cat",
@@ -4897,8 +5258,8 @@ async function installBasicCommands(binDir, options) {
     let found = false;
     for (const loc of locations) {
       try {
-        await fs9.access(loc, fs9.constants.X_OK);
-        const symlinkPath = path6.join(binDir, cmd);
+        await fs10.access(loc, fs10.constants.X_OK);
+        const symlinkPath = path7.join(binDir, cmd);
         log(`Creating symlink: ${cmd} -> ${loc}`);
         await execAsync4(`sudo ln -sf "${loc}" "${symlinkPath}"`);
         installed.push(cmd);
@@ -4919,30 +5280,36 @@ async function installPresetBinaries(options) {
   const errors = [];
   const installedWrappers = [];
   let seatbeltInstalled = false;
+  let resolvedNvmResult;
   if (requiredBins.includes("node")) {
     const agentHome = userConfig.agentUser.home;
     const agentUsername = userConfig.agentUser.username;
-    log("Installing NVM + Node.js for agent user");
-    const nvmResult = await installAgentNvm({
-      agentHome,
-      agentUsername,
-      socketGroupName,
-      nodeVersion: options.nodeVersion,
-      verbose
-    });
-    if (nvmResult.success) {
-      log(`NVM installed Node.js ${nvmResult.nodeVersion} at ${nvmResult.nodeBinaryPath}`);
-      log("Copying NVM node binary to /opt/agenshield/bin/node-bin");
-      const nodeResult = await copyNodeBinary(userConfig, nvmResult.nodeBinaryPath);
-      if (!nodeResult.success) {
-        errors.push(`Node binary (from NVM): ${nodeResult.message}`);
-      }
+    if (options.nvmResult?.success) {
+      log(`Using pre-installed NVM Node.js ${options.nvmResult.nodeVersion} (node-bin already copied)`);
+      resolvedNvmResult = options.nvmResult;
     } else {
-      log(`NVM install failed: ${nvmResult.message}. Falling back to host node binary.`);
-      log("Copying node binary to /opt/agenshield/bin/node-bin");
-      const nodeResult = await copyNodeBinary(userConfig);
-      if (!nodeResult.success) {
-        errors.push(`Node binary: ${nodeResult.message}`);
+      log("Installing NVM + Node.js for agent user");
+      resolvedNvmResult = await installAgentNvm({
+        agentHome,
+        agentUsername,
+        socketGroupName,
+        nodeVersion: options.nodeVersion,
+        verbose
+      });
+      if (resolvedNvmResult.success) {
+        log(`NVM Node.js ${resolvedNvmResult.nodeVersion} at ${resolvedNvmResult.nodeBinaryPath}`);
+        log("Copying NVM node binary to /opt/agenshield/bin/node-bin");
+        const nodeResult = await copyNodeBinary(userConfig, resolvedNvmResult.nodeBinaryPath);
+        if (!nodeResult.success) {
+          errors.push(`Node binary (from NVM): ${nodeResult.message}`);
+        }
+      } else {
+        log(`NVM install failed: ${resolvedNvmResult.message}. Falling back to host node binary.`);
+        log("Copying node binary to /opt/agenshield/bin/node-bin");
+        const nodeResult = await copyNodeBinary(userConfig);
+        if (!nodeResult.success) {
+          errors.push(`Node binary: ${nodeResult.message}`);
+        }
       }
     }
   }
@@ -4957,6 +5324,9 @@ async function installPresetBinaries(options) {
     }
   }
   const wrapperConfig = getDefaultWrapperConfig(userConfig);
+  if (resolvedNvmResult?.success && resolvedNvmResult.nodeBinaryPath) {
+    wrapperConfig.nvmNodeDir = path7.dirname(path7.dirname(resolvedNvmResult.nodeBinaryPath));
+  }
   const validNames = requiredBins.filter((name) => WRAPPER_DEFINITIONS[name]);
   for (const name of validNames) {
     log(`Installing wrapper: ${name} -> ${binDir}/${name}`);
@@ -5013,7 +5383,7 @@ async function installPresetBinaries(options) {
 init_seatbelt();
 
 // libs/shield-sandbox/src/launchdaemon.ts
-import * as fs10 from "node:fs/promises";
+import * as fs11 from "node:fs/promises";
 import { exec as exec5 } from "node:child_process";
 import { promisify as promisify5 } from "node:util";
 var execAsync5 = promisify5(exec5);
@@ -5101,10 +5471,10 @@ function generateBrokerPlistLegacy(options) {
     </array>
 
     <key>UserName</key>
-    <string>clawbroker</string>
+    <string>ash_default_broker</string>
 
     <key>GroupName</key>
-    <string>clawshield</string>
+    <string>ash_default</string>
 
     <key>RunAtLoad</key>
     <true/>
@@ -5237,7 +5607,7 @@ async function getDaemonStatus() {
     running: false
   };
   try {
-    await fs10.access(PLIST_PATH);
+    await fs11.access(PLIST_PATH);
     status.installed = true;
   } catch {
     return status;
@@ -5291,7 +5661,7 @@ async function fixSocketPermissions(config) {
     let socketFound = false;
     for (let attempt = 0; attempt < 20; attempt++) {
       try {
-        await fs10.access(socketPath);
+        await fs11.access(socketPath);
         socketFound = true;
         break;
       } catch {
@@ -5320,15 +5690,19 @@ async function fixSocketPermissions(config) {
 }
 
 // libs/shield-sandbox/src/presets/openclaw.ts
+import * as path8 from "node:path";
 var openclawPreset = {
   id: "openclaw",
   name: "OpenClaw",
   description: "AI coding agent (auto-detected via npm or git)",
-  requiredBins: ["node", "npm", "npx", "git", "curl", "shieldctl"],
+  requiredBins: ["node", "npm", "npx", "git", "curl", "bash", "shieldctl"],
   optionalBins: ["wget", "ssh", "scp", "python3", "pip", "brew"],
   async detect() {
     const result = detectOpenClaw();
     if (!result.installation.found) {
+      if (result.installation.configPath) {
+        return { found: false, configPath: result.installation.configPath };
+      }
       return null;
     }
     return {
@@ -5340,6 +5714,10 @@ var openclawPreset = {
       method: result.installation.method === "unknown" ? void 0 : result.installation.method
     };
   },
+  async scan(detection) {
+    const configJsonPath = detection.configPath ? path8.join(detection.configPath, "openclaw.json") : void 0;
+    return scanHost({ configPath: configJsonPath });
+  },
   async migrate(context) {
     if (!context.detection?.packagePath) {
       return { success: false, error: "OpenClaw package path not detected" };
@@ -5348,7 +5726,8 @@ var openclawPreset = {
       method: context.detection.method || "npm",
       packagePath: context.detection.packagePath,
       binaryPath: context.detection.binaryPath,
-      configPath: context.detection.configPath
+      configPath: context.detection.configPath,
+      selection: context.selection
     };
     const user = {
       username: context.agentUser.username,
@@ -5377,9 +5756,9 @@ var openclawPreset = {
 };
 
 // libs/shield-sandbox/src/presets/dev-harness.ts
-import * as fs11 from "node:fs";
-import * as os4 from "node:os";
-import * as path7 from "node:path";
+import * as fs12 from "node:fs";
+import * as os5 from "node:os";
+import * as path9 from "node:path";
 import { execSync as execSync7 } from "node:child_process";
 function sudoExec5(cmd) {
   try {
@@ -5396,10 +5775,10 @@ function sudoCopyDir2(src, dest) {
 function getRealUserHome() {
   const sudoUser = process.env["SUDO_USER"];
   if (sudoUser) {
-    const userHome = path7.join("/Users", sudoUser);
-    if (fs11.existsSync(userHome)) return userHome;
+    const userHome = path9.join("/Users", sudoUser);
+    if (fs12.existsSync(userHome)) return userHome;
   }
-  return os4.homedir();
+  return os5.homedir();
 }
 var devHarnessPreset = {
   id: "dev-harness",
@@ -5408,14 +5787,14 @@ var devHarnessPreset = {
   requiredBins: ["node"],
   optionalBins: ["npm", "npx"],
   async detect() {
-    const dummyOpenclawPath = path7.join(process.cwd(), "tools/test-harness/bin/dummy-openclaw.js");
-    if (fs11.existsSync(dummyOpenclawPath)) {
-      const testHarnessDir2 = path7.join(process.cwd(), "tools/test-harness");
-      const pkgPath2 = path7.join(testHarnessDir2, "package.json");
-      let version = "1.0.0-dummy";
-      if (fs11.existsSync(pkgPath2)) {
+    const dummyOpenclawPath = path9.join(process.cwd(), "tools/test-harness/bin/dummy-openclaw.js");
+    if (fs12.existsSync(dummyOpenclawPath)) {
+      const testHarnessDir2 = path9.join(process.cwd(), "tools/test-harness");
+      const pkgPath2 = path9.join(testHarnessDir2, "package.json");
+      let version = "2026.2.1";
+      if (fs12.existsSync(pkgPath2)) {
         try {
-          const pkg = JSON.parse(fs11.readFileSync(pkgPath2, "utf-8"));
+          const pkg = JSON.parse(fs12.readFileSync(pkgPath2, "utf-8"));
           if (pkg.name === "dummy-openclaw") {
             version = pkg.version || version;
           }
@@ -5423,29 +5802,29 @@ var devHarnessPreset = {
         }
       }
       const HOME2 = getRealUserHome();
-      const configPath = fs11.existsSync(path7.join(HOME2, ".openclaw-dev")) ? path7.join(HOME2, ".openclaw-dev") : fs11.existsSync(path7.join(HOME2, ".openclaw")) ? path7.join(HOME2, ".openclaw") : void 0;
+      const configPath = fs12.existsSync(path9.join(HOME2, ".openclaw-dev")) ? path9.join(HOME2, ".openclaw-dev") : fs12.existsSync(path9.join(HOME2, ".openclaw")) ? path9.join(HOME2, ".openclaw") : void 0;
       return {
         found: true,
         version,
         packagePath: testHarnessDir2,
-        binaryPath: path7.resolve(dummyOpenclawPath),
+        binaryPath: path9.resolve(dummyOpenclawPath),
         configPath,
         method: "custom"
       };
     }
-    const testHarnessDir = path7.join(process.cwd(), "tools/test-harness");
-    const pkgPath = path7.join(testHarnessDir, "package.json");
-    if (fs11.existsSync(pkgPath)) {
+    const testHarnessDir = path9.join(process.cwd(), "tools/test-harness");
+    const pkgPath = path9.join(testHarnessDir, "package.json");
+    if (fs12.existsSync(pkgPath)) {
       try {
-        const pkg = JSON.parse(fs11.readFileSync(pkgPath, "utf-8"));
+        const pkg = JSON.parse(fs12.readFileSync(pkgPath, "utf-8"));
         if (pkg.name === "dummy-openclaw") {
           const HOME2 = getRealUserHome();
-          const configPath = fs11.existsSync(path7.join(HOME2, ".openclaw-dev")) ? path7.join(HOME2, ".openclaw-dev") : fs11.existsSync(path7.join(HOME2, ".openclaw")) ? path7.join(HOME2, ".openclaw") : void 0;
+          const configPath = fs12.existsSync(path9.join(HOME2, ".openclaw-dev")) ? path9.join(HOME2, ".openclaw-dev") : fs12.existsSync(path9.join(HOME2, ".openclaw")) ? path9.join(HOME2, ".openclaw") : void 0;
           return {
             found: true,
-            version: pkg.version || "1.0.0-dummy",
+            version: pkg.version || "2026.2.1",
             packagePath: testHarnessDir,
-            binaryPath: path7.join(testHarnessDir, "bin/dummy-openclaw.js"),
+            binaryPath: path9.join(testHarnessDir, "bin/dummy-openclaw.js"),
             configPath,
             method: "custom"
           };
@@ -5462,6 +5841,9 @@ var devHarnessPreset = {
     try {
       const packagePath = context.detection.packagePath;
       const packageDir = context.directories.packageDir;
+      if (!packageDir) {
+        return { success: false, error: "packageDir is not configured" };
+      }
       const copyResult = sudoCopyDir2(packagePath, packageDir);
       if (!copyResult.success) {
         return { success: false, error: `Failed to copy package: ${copyResult.error}` };
@@ -5476,8 +5858,8 @@ var devHarnessPreset = {
       if (!ownResult.success) {
         return { success: false, error: `Failed to set ownership: ${ownResult.error}` };
       }
-      const wrapperPath = path7.join(context.directories.binDir, "openclaw");
-      const entryPath = path7.join(packageDir, "bin", "dummy-openclaw.js");
+      const wrapperPath = path9.join(context.directories.binDir, "openclaw");
+      const entryPath = path9.join(packageDir, "bin", "dummy-openclaw.js");
       const wrapperContent = `#!/bin/bash
 set -euo pipefail
 cd ~ 2>/dev/null || cd /
@@ -5492,8 +5874,8 @@ WRAPEOF`);
         return { success: false, error: `Failed to create wrapper: ${writeResult.error}` };
       }
       sudoExec5(`chmod 755 "${wrapperPath}"`);
-      if (context.detection?.configPath && fs11.existsSync(context.detection.configPath)) {
-        const agentConfigDir = path7.join(context.agentUser.home, ".openclaw");
+      if (context.detection?.configPath && fs12.existsSync(context.detection.configPath)) {
+        const agentConfigDir = path9.join(context.agentUser.home, ".openclaw");
         const configResult = sudoExec5(
           `cp -R "${context.detection.configPath}/." "${agentConfigDir}/"`
         );
@@ -5512,7 +5894,7 @@ WRAPEOF`);
         newPaths: {
           packagePath: packageDir,
           binaryPath: wrapperPath,
-          configPath: path7.join(context.agentUser.home, ".openclaw")
+          configPath: path9.join(context.agentUser.home, ".openclaw")
         }
       };
     } catch (err) {
@@ -5523,13 +5905,13 @@ WRAPEOF`);
     }
   },
   getEntryCommand(context) {
-    return path7.join(context.directories.binDir, "openclaw");
+    return path9.join(context.directories.binDir, "openclaw");
   }
 };
 
 // libs/shield-sandbox/src/presets/custom.ts
-import * as fs12 from "node:fs";
-import * as path8 from "node:path";
+import * as fs13 from "node:fs";
+import * as path10 from "node:path";
 import { execSync as execSync8 } from "node:child_process";
 function sudoExec6(cmd) {
   try {
@@ -5556,12 +5938,15 @@ var customPreset = {
     if (!context.entryPoint) {
       return { success: false, error: "Entry point required for custom preset (--entry-point)" };
     }
-    const entryPath = path8.resolve(context.entryPoint);
-    if (!fs12.existsSync(entryPath)) {
+    const entryPath = path10.resolve(context.entryPoint);
+    if (!fs13.existsSync(entryPath)) {
       return { success: false, error: `Entry point not found: ${entryPath}` };
     }
-    const entryDir = path8.dirname(entryPath);
-    const entryFilename = path8.basename(entryPath);
+    const entryDir = path10.dirname(entryPath);
+    const entryFilename = path10.basename(entryPath);
+    if (!context.directories.packageDir) {
+      return { success: false, error: "packageDir is not configured" };
+    }
     const result = sudoCopyDir3(entryDir, context.directories.packageDir);
     if (!result.success) {
       return { success: false, error: `Failed to copy package: ${result.error}` };
@@ -5572,8 +5957,8 @@ var customPreset = {
     if (!ownerResult.success) {
       return { success: false, error: `Failed to set ownership: ${ownerResult.error}` };
     }
-    const wrapperPath = path8.join(context.directories.binDir, "agent");
-    const newEntryPath = path8.join(context.directories.packageDir, entryFilename);
+    const wrapperPath = path10.join(context.directories.binDir, "agent");
+    const newEntryPath = path10.join(context.directories.packageDir, entryFilename);
     const wrapperContent = `#!/bin/bash
 set -euo pipefail
 cd ~ 2>/dev/null || cd /
@@ -5583,7 +5968,7 @@ exec "\${AGENT_BIN}/node" "${newEntryPath}" "$@"
 `;
     const tempPath = "/tmp/agent-wrapper";
     try {
-      fs12.writeFileSync(tempPath, wrapperContent, { mode: 493 });
+      fs13.writeFileSync(tempPath, wrapperContent, { mode: 493 });
     } catch (err) {
       return { success: false, error: `Failed to write wrapper: ${err}` };
     }
@@ -5630,7 +6015,7 @@ function listAutoDetectablePresets() {
 async function autoDetectPreset() {
   for (const preset of listAutoDetectablePresets()) {
     const detection = await preset.detect();
-    if (detection?.found) {
+    if (detection?.found || detection?.configPath) {
       return { preset, detection };
     }
   }
@@ -5646,8 +6031,8 @@ function formatPresetList() {
 }
 
 // libs/shield-sandbox/src/discovery/binary-scanner.ts
-import * as fs13 from "node:fs";
-import * as path9 from "node:path";
+import * as fs14 from "node:fs";
+import * as path11 from "node:path";
 import { execSync as execSync9 } from "node:child_process";
 init_shield_exec();
 var SYSTEM_BIN_DIRS = [
@@ -5668,8 +6053,8 @@ var allowedCommandsCache = null;
 function loadAllowedCommands() {
   if (allowedCommandsCache) return allowedCommandsCache;
   try {
-    if (fs13.existsSync(ALLOWED_COMMANDS_PATH)) {
-      const content = fs13.readFileSync(ALLOWED_COMMANDS_PATH, "utf-8");
+    if (fs14.existsSync(ALLOWED_COMMANDS_PATH)) {
+      const content = fs14.readFileSync(ALLOWED_COMMANDS_PATH, "utf-8");
       const config = JSON.parse(content);
       allowedCommandsCache = new Set((config.commands ?? []).map((c) => c.name));
       return allowedCommandsCache;
@@ -5686,8 +6071,8 @@ function detectNpmGlobalBin() {
       timeout: 5e3
     }).trim();
     if (prefix) {
-      const bin = path9.join(prefix, "bin");
-      if (fs13.existsSync(bin)) return bin;
+      const bin = path11.join(prefix, "bin");
+      if (fs14.existsSync(bin)) return bin;
     }
   } catch {
   }
@@ -5699,22 +6084,22 @@ function detectYarnGlobalBin() {
       encoding: "utf-8",
       timeout: 5e3
     }).trim();
-    if (bin && fs13.existsSync(bin)) return bin;
+    if (bin && fs14.existsSync(bin)) return bin;
   } catch {
   }
   return null;
 }
 function classifyDirectory(dirPath, npmGlobalBin, yarnGlobalBin, options) {
-  const resolved = path9.resolve(dirPath);
+  const resolved = path11.resolve(dirPath);
   if (options.agentHome) {
-    const agentBin = path9.join(options.agentHome, "bin");
-    if (resolved === path9.resolve(agentBin)) return "agent-bin";
+    const agentBin = path11.join(options.agentHome, "bin");
+    if (resolved === path11.resolve(agentBin)) return "agent-bin";
   }
-  if (options.workspaceDir && resolved.startsWith(path9.resolve(options.workspaceDir))) {
+  if (options.workspaceDir && resolved.startsWith(path11.resolve(options.workspaceDir))) {
     return "workspace-bin";
   }
-  if (npmGlobalBin && resolved === path9.resolve(npmGlobalBin)) return "npm-global";
-  if (yarnGlobalBin && resolved === path9.resolve(yarnGlobalBin)) return "yarn-global";
+  if (npmGlobalBin && resolved === path11.resolve(npmGlobalBin)) return "npm-global";
+  if (yarnGlobalBin && resolved === path11.resolve(yarnGlobalBin)) return "yarn-global";
   if (resolved.startsWith("/opt/homebrew/") || resolved === "/usr/local/bin" || resolved === "/usr/local/sbin") {
     return "homebrew";
   }
@@ -5745,7 +6130,7 @@ function getProtection(name) {
 }
 function isShieldExecLink(filePath) {
   try {
-    const target = fs13.readlinkSync(filePath);
+    const target = fs14.readlinkSync(filePath);
     return target.endsWith("shield-exec") || target.endsWith("/shield-exec");
   } catch {
     return false;
@@ -5767,10 +6152,10 @@ function scanBinaries(options) {
   if (npmGlobalBin) candidateDirs.push(npmGlobalBin);
   if (yarnGlobalBin) candidateDirs.push(yarnGlobalBin);
   if (options.agentHome) {
-    candidateDirs.push(path9.join(options.agentHome, "bin"));
+    candidateDirs.push(path11.join(options.agentHome, "bin"));
   }
   if (options.workspaceDir) {
-    candidateDirs.push(path9.join(options.workspaceDir, "node_modules", ".bin"));
+    candidateDirs.push(path11.join(options.workspaceDir, "node_modules", ".bin"));
   }
   if (options.extraDirs) {
     candidateDirs.push(...options.extraDirs);
@@ -5778,7 +6163,7 @@ function scanBinaries(options) {
   const seenDirs = /* @__PURE__ */ new Set();
   const uniqueDirs = [];
   for (const dir of candidateDirs) {
-    const resolved = path9.resolve(dir);
+    const resolved = path11.resolve(dir);
     if (!seenDirs.has(resolved)) {
       seenDirs.add(resolved);
       uniqueDirs.push(resolved);
@@ -5788,16 +6173,16 @@ function scanBinaries(options) {
   const directories = [];
   for (const dir of uniqueDirs) {
     try {
-      if (!fs13.existsSync(dir)) continue;
+      if (!fs14.existsSync(dir)) continue;
       const sourceKind = classifyDirectory(dir, npmGlobalBin, yarnGlobalBin, options);
       const contexts = getContextsForDir(dir, sourceKind, options);
       let count = 0;
-      const entries = fs13.readdirSync(dir);
+      const entries = fs14.readdirSync(dir);
       for (const entry of entries) {
-        const fullPath = path9.join(dir, entry);
+        const fullPath = path11.join(dir, entry);
         try {
-          const stat2 = fs13.statSync(fullPath);
-          if (!stat2.isFile() && !fs13.lstatSync(fullPath).isSymbolicLink()) continue;
+          const stat2 = fs14.statSync(fullPath);
+          if (!stat2.isFile() && !fs14.lstatSync(fullPath).isSymbolicLink()) continue;
           if ((stat2.mode & 73) === 0) continue;
           count++;
           if (seenBinaries.has(entry)) {
@@ -5835,23 +6220,23 @@ function scanBinaries(options) {
 }
 
 // libs/shield-sandbox/src/discovery/skill-scanner.ts
-import * as fs15 from "node:fs";
-import * as path11 from "node:path";
+import * as fs16 from "node:fs";
+import * as path13 from "node:path";
 import { parse as parseYaml } from "yaml";
 
 // libs/shield-sandbox/src/skill-injector.ts
-import * as fs14 from "node:fs";
-import * as path10 from "node:path";
+import * as fs15 from "node:fs";
+import * as path12 from "node:path";
 import { execSync as execSync10 } from "node:child_process";
 import { createRequire as createRequire2 } from "node:module";
 var require3 = createRequire2(import.meta.url);
 function getSkillsDir(homeDir) {
   const possiblePaths = [
-    path10.join(homeDir, ".openclaw", "skills"),
-    path10.join(homeDir, ".config", "openclaw", "skills")
+    path12.join(homeDir, ".openclaw", "skills"),
+    path12.join(homeDir, ".config", "openclaw", "skills")
   ];
   for (const p of possiblePaths) {
-    if (fs14.existsSync(path10.dirname(p))) {
+    if (fs15.existsSync(path12.dirname(p))) {
       return p;
     }
   }
@@ -5861,7 +6246,7 @@ function getAgenCoSkillPath() {
   const possiblePaths = [];
   try {
     const pkgPath = require3.resolve("@agenshield/skills/package.json");
-    possiblePaths.push(path10.join(path10.dirname(pkgPath), "skills", "agenco-secure-integrations"));
+    possiblePaths.push(path12.join(path12.dirname(pkgPath), "skills", "agenco-secure-integrations"));
   } catch {
   }
   possiblePaths.push(
@@ -5869,27 +6254,27 @@ function getAgenCoSkillPath() {
     "/opt/agenshield/skills/agenco-secure-integrations"
   );
   for (const p of possiblePaths) {
-    if (fs14.existsSync(path10.join(p, "SKILL.md"))) {
+    if (fs15.existsSync(path12.join(p, "SKILL.md"))) {
       return p;
     }
   }
   throw new Error("AgenCo skill not found. Please reinstall AgenShield.");
 }
 function copyDirRecursive(src, dest) {
-  if (!fs14.existsSync(dest)) {
-    fs14.mkdirSync(dest, { recursive: true });
+  if (!fs15.existsSync(dest)) {
+    fs15.mkdirSync(dest, { recursive: true });
   }
-  const entries = fs14.readdirSync(src, { withFileTypes: true });
+  const entries = fs15.readdirSync(src, { withFileTypes: true });
   for (const entry of entries) {
-    const srcPath = path10.join(src, entry.name);
-    const destPath = path10.join(dest, entry.name);
+    const srcPath = path12.join(src, entry.name);
+    const destPath = path12.join(dest, entry.name);
     if (entry.isDirectory()) {
       if (entry.name === "node_modules" || entry.name === "dist") {
         continue;
       }
       copyDirRecursive(srcPath, destPath);
     } else {
-      fs14.copyFileSync(srcPath, destPath);
+      fs15.copyFileSync(srcPath, destPath);
     }
   }
 }
@@ -5899,23 +6284,23 @@ async function injectAgenCoSkill(config) {
   const injectedSkills = [];
   try {
     const sourcePath = getAgenCoSkillPath();
-    if (!fs14.existsSync(skillsDir)) {
-      fs14.mkdirSync(skillsDir, { recursive: true, mode: 493 });
+    if (!fs15.existsSync(skillsDir)) {
+      fs15.mkdirSync(skillsDir, { recursive: true, mode: 493 });
     }
-    const destPath = path10.join(skillsDir, "agenco-secure-integrations");
+    const destPath = path12.join(skillsDir, "agenco-secure-integrations");
     copyDirRecursive(sourcePath, destPath);
-    const packageJson = path10.join(destPath, "package.json");
-    const distDir = path10.join(destPath, "dist");
-    if (fs14.existsSync(packageJson) && !fs14.existsSync(distDir)) {
+    const packageJson = path12.join(destPath, "package.json");
+    const distDir = path12.join(destPath, "dist");
+    if (fs15.existsSync(packageJson) && !fs15.existsSync(distDir)) {
       console.log("Building AgenCo skill...");
       execSync10("npm install && npm run build", {
         cwd: destPath,
         stdio: "inherit"
       });
     }
-    const binPath = path10.join(destPath, "bin", "agenco.js");
-    if (fs14.existsSync(binPath)) {
-      fs14.chmodSync(binPath, 493);
+    const binPath = path12.join(destPath, "bin", "agenco.js");
+    if (fs15.existsSync(binPath)) {
+      fs15.chmodSync(binPath, 493);
     }
     const socketGroupName = config.groups.socket.name;
     try {
@@ -5938,21 +6323,32 @@ async function injectAgenCoSkill(config) {
     };
   }
 }
+function generateSkillWrapperScript(skillSlug, targetBinPath) {
+  return `#!/bin/bash
+# AgenShield skill wrapper for: ${skillSlug}
+# Sets execution context so the interceptor can apply skill-scoped policies
+
+export AGENSHIELD_CONTEXT_TYPE=skill
+export AGENSHIELD_SKILL_SLUG=${skillSlug}
+
+exec "${targetBinPath}" "$@"
+`;
+}
 async function createAgenCoSymlink(config, binDir) {
   try {
     const skillsDir = getSkillsDir(config.agentUser.home);
-    const agencoBin = path10.join(
+    const agencoBin = path12.join(
       skillsDir,
       "agenco-secure-integrations",
       "bin",
       "agenco.js"
     );
-    const symlinkPath = path10.join(binDir, "agenco");
-    if (fs14.existsSync(symlinkPath)) {
-      fs14.unlinkSync(symlinkPath);
+    const wrapperPath = path12.join(binDir, "agenco");
+    if (fs15.existsSync(wrapperPath)) {
+      fs15.unlinkSync(wrapperPath);
     }
-    fs14.symlinkSync(agencoBin, symlinkPath);
-    fs14.chmodSync(symlinkPath, 493);
+    const wrapperContent = generateSkillWrapperScript("agenco-secure-integrations", agencoBin);
+    fs15.writeFileSync(wrapperPath, wrapperContent, { mode: 493 });
     return { success: true };
   } catch (err) {
     return {
@@ -5964,9 +6360,9 @@ async function createAgenCoSymlink(config, binDir) {
 async function removeInjectedSkills(homeDir) {
   try {
     const skillsDir = getSkillsDir(homeDir);
-    const agencoPath = path10.join(skillsDir, "agenco-secure-integrations");
-    if (fs14.existsSync(agencoPath)) {
-      fs14.rmSync(agencoPath, { recursive: true, force: true });
+    const agencoPath = path12.join(skillsDir, "agenco-secure-integrations");
+    if (fs15.existsSync(agencoPath)) {
+      fs15.rmSync(agencoPath, { recursive: true, force: true });
     }
     return { success: true };
   } catch (err) {
@@ -5979,23 +6375,23 @@ async function removeInjectedSkills(homeDir) {
 async function updateOpenClawMcpConfig(homeDir) {
   try {
     const configPaths = [
-      path10.join(homeDir, ".openclaw", "mcp.json"),
-      path10.join(homeDir, ".config", "openclaw", "mcp.json")
+      path12.join(homeDir, ".openclaw", "mcp.json"),
+      path12.join(homeDir, ".config", "openclaw", "mcp.json")
     ];
     let configPath = configPaths[0];
     for (const p of configPaths) {
-      if (fs14.existsSync(p)) {
+      if (fs15.existsSync(p)) {
         configPath = p;
         break;
       }
     }
-    const configDir = path10.dirname(configPath);
-    if (!fs14.existsSync(configDir)) {
-      fs14.mkdirSync(configDir, { recursive: true, mode: 493 });
+    const configDir = path12.dirname(configPath);
+    if (!fs15.existsSync(configDir)) {
+      fs15.mkdirSync(configDir, { recursive: true, mode: 493 });
     }
     let config = {};
-    if (fs14.existsSync(configPath)) {
-      config = JSON.parse(fs14.readFileSync(configPath, "utf-8"));
+    if (fs15.existsSync(configPath)) {
+      config = JSON.parse(fs15.readFileSync(configPath, "utf-8"));
     }
     if (!config.mcpServers) {
       config.mcpServers = {};
@@ -6018,7 +6414,7 @@ async function updateOpenClawMcpConfig(homeDir) {
       directory: getSkillsDir(homeDir),
       pollInterval: 3e4
     };
-    fs14.writeFileSync(configPath, JSON.stringify(config, null, 2), { mode: 420 });
+    fs15.writeFileSync(configPath, JSON.stringify(config, null, 2), { mode: 420 });
     return { success: true };
   } catch (err) {
     return {
@@ -6179,8 +6575,8 @@ function extractCommands(metadata, body, binaryLookup) {
 }
 function getApprovalStatus(skillName) {
   try {
-    if (fs15.existsSync(APPROVED_SKILLS_PATH)) {
-      const content = fs15.readFileSync(APPROVED_SKILLS_PATH, "utf-8");
+    if (fs16.existsSync(APPROVED_SKILLS_PATH)) {
+      const content = fs16.readFileSync(APPROVED_SKILLS_PATH, "utf-8");
       const approved = JSON.parse(content);
       if (Array.isArray(approved) && approved.some((s) => s.name === skillName)) {
         return "approved";
@@ -6189,8 +6585,8 @@ function getApprovalStatus(skillName) {
   } catch {
   }
   try {
-    const quarantinePath = path11.join(QUARANTINE_DIR, skillName);
-    if (fs15.existsSync(quarantinePath)) {
+    const quarantinePath = path13.join(QUARANTINE_DIR, skillName);
+    if (fs16.existsSync(quarantinePath)) {
       return "quarantined";
     }
   } catch {
@@ -6201,19 +6597,19 @@ function scanSkills(options, binaryLookup) {
   if (!options.agentHome) return [];
   const skillsDir = getSkillsDir(options.agentHome);
   const results = [];
-  if (fs15.existsSync(skillsDir)) {
+  if (fs16.existsSync(skillsDir)) {
     try {
-      const entries = fs15.readdirSync(skillsDir, { withFileTypes: true });
+      const entries = fs16.readdirSync(skillsDir, { withFileTypes: true });
       for (const entry of entries) {
         if (!entry.isDirectory()) continue;
-        const skillPath = path11.join(skillsDir, entry.name);
-        const skillMdPath = path11.join(skillPath, "SKILL.md");
-        const hasSkillMd = fs15.existsSync(skillMdPath);
+        const skillPath = path13.join(skillsDir, entry.name);
+        const skillMdPath = path13.join(skillPath, "SKILL.md");
+        const hasSkillMd = fs16.existsSync(skillMdPath);
         let metadata = null;
         let body = "";
         if (hasSkillMd) {
           try {
-            const content = fs15.readFileSync(skillMdPath, "utf-8");
+            const content = fs16.readFileSync(skillMdPath, "utf-8");
             const parsed = parseSkillMd(content);
             if (parsed) {
               metadata = parsed.metadata;
@@ -6236,20 +6632,20 @@ function scanSkills(options, binaryLookup) {
     } catch {
     }
   }
-  if (fs15.existsSync(QUARANTINE_DIR)) {
+  if (fs16.existsSync(QUARANTINE_DIR)) {
     try {
-      const entries = fs15.readdirSync(QUARANTINE_DIR, { withFileTypes: true });
+      const entries = fs16.readdirSync(QUARANTINE_DIR, { withFileTypes: true });
       for (const entry of entries) {
         if (!entry.isDirectory()) continue;
         if (results.some((s) => s.name === entry.name)) continue;
-        const skillPath = path11.join(QUARANTINE_DIR, entry.name);
-        const skillMdPath = path11.join(skillPath, "SKILL.md");
-        const hasSkillMd = fs15.existsSync(skillMdPath);
+        const skillPath = path13.join(QUARANTINE_DIR, entry.name);
+        const skillMdPath = path13.join(skillPath, "SKILL.md");
+        const hasSkillMd = fs16.existsSync(skillMdPath);
         let metadata = null;
         let body = "";
         if (hasSkillMd) {
           try {
-            const content = fs15.readFileSync(skillMdPath, "utf-8");
+            const content = fs16.readFileSync(skillMdPath, "utf-8");
             const parsed = parseSkillMd(content);
             if (parsed) {
               metadata = parsed.metadata;
@@ -6375,6 +6771,7 @@ export {
   deployInterceptor,
   detectOpenClaw,
   devHarnessPreset,
+  execWithProgress,
   extractSkillInfo,
   fixSocketPermissions,
   forceUninstall,
@@ -6416,20 +6813,28 @@ export {
   listPresets,
   loadBackup,
   loadLaunchDaemon,
+  maskSecretValue,
   migrateGitInstall,
   migrateNpmInstall,
   migrateOpenClaw,
   openclawPreset,
   parseSkillMd,
+  patchNvmNode,
   removeAllDirectories,
   removeDynamicWrapper,
   removeInjectedSkills,
+  resolveEnvVarValue,
   restartDaemon,
   restoreInstallation,
   restoreOriginalConfig,
+  sanitizeOpenClawConfig,
   saveBackup,
   scanBinaries,
   scanDiscovery,
+  scanHost,
+  scanOpenClawConfig,
+  scanProcessEnv,
+  scanShellProfiles,
   scanSkills,
   seedConfigFiles,
   setupSocketDirectory,