npm - @agenticvault/openclaw - Versions diffs - 0.1.0 - Mend

@agenticvault/openclaw 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2026 agenticvault
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.ja.md ADDED Viewed

@@ -0,0 +1,65 @@
+<!-- Source: packages/openclaw-plugin/README.md | Commit: 96a8dcc | Last synced: 2026-02-16 -->
+# @agenticvault/openclaw
+[English](README.md) | [繁體中文](README.zh-TW.md) | [简体中文](README.zh-CN.md) | 日本語 | [한국어](README.ko.md)
+[Agentic Vault](https://github.com/agenticvault/agentic-vault) の OpenClaw プラグイン -- サーバーサイド EVM 署名をデフォルト拒否のポリシーエンジン付き OpenClaw エージェントツールとして公開します。
+## インストール
+```bash
+npm install @agenticvault/openclaw @agenticvault/agentic-vault
+```
+## 設定
+OpenClaw エージェント設定にプラグインを登録します：
+```json
+{
+  "plugins": {
+    "agentic-vault": {
+      "package": "@agenticvault/openclaw",
+      "config": {
+        "keyId": "arn:aws:kms:us-east-1:123456789:key/your-key-id",
+        "region": "us-east-1",
+        "policyConfigPath": "./policy.json"
+      }
+    }
+  }
+}
+```
+## 利用可能なツール
+### セーフツール（常時登録）
+| ツール | 説明 |
+|--------|------|
+| `vault_get_address` | この Vault が管理するウォレットアドレスを取得します |
+| `vault_health_check` | Vault 署名器のヘルスステータスを確認します |
+| `vault_sign_defi_call` | calldata デコードとポリシー検証後に DeFi コントラクトインタラクションに署名します |
+| `vault_sign_permit` | ポリシー検証後に EIP-2612 permit に署名します |
+### デュアルゲートツール（`enableUnsafeRawSign: true` が必要）
+| ツール | 説明 |
+|--------|------|
+| `vault_sign_transaction` | 生の EVM トランザクションに署名します（デコーダーパイプラインをバイパス） |
+| `vault_sign_typed_data` | 生の EIP-712 型付きデータに署名します（デコーダーパイプラインをバイパス） |
+## セキュリティ
+- **デフォルト拒否** -- すべての署名操作に明示的なポリシー承認が必要です
+- **フェイルクローズ** -- 不明な calldata は常に拒否されます
+- **デュアルゲート生署名** -- `vault_sign_transaction` と `vault_sign_typed_data` はデフォルトで無効です。有効にするにはプラグイン設定で `enableUnsafeRawSign: true` を設定する必要があります
+- **監査証跡** -- すべての操作は構造化 JSON として記録されます
+## ポリシー設定
+完全な例については、メインリポジトリの[ポリシー設定ドキュメント](https://github.com/agenticvault/agentic-vault#configuration)と [`policy.example.json`](https://github.com/agenticvault/agentic-vault/blob/main/policy.example.json) をご覧ください。
+## ライセンス
+[MIT](LICENSE)

package/README.ko.md ADDED Viewed

@@ -0,0 +1,65 @@
+<!-- Source: packages/openclaw-plugin/README.md | Commit: 96a8dcc | Last synced: 2026-02-16 -->
+# @agenticvault/openclaw
+[English](README.md) | [繁體中文](README.zh-TW.md) | [简体中文](README.zh-CN.md) | [日本語](README.ja.md) | 한국어
+[Agentic Vault](https://github.com/agenticvault/agentic-vault)의 OpenClaw 플러그인 -- 서버 측 EVM 서명을 기본 거부 정책 엔진이 적용된 OpenClaw 에이전트 도구로 노출합니다.
+## 설치
+```bash
+npm install @agenticvault/openclaw @agenticvault/agentic-vault
+```
+## 설정
+OpenClaw 에이전트 설정에서 플러그인을 등록합니다:
+```json
+{
+  "plugins": {
+    "agentic-vault": {
+      "package": "@agenticvault/openclaw",
+      "config": {
+        "keyId": "arn:aws:kms:us-east-1:123456789:key/your-key-id",
+        "region": "us-east-1",
+        "policyConfigPath": "./policy.json"
+      }
+    }
+  }
+}
+```
+## 사용 가능한 도구
+### 안전 도구 (항상 등록됨)
+| 도구 | 설명 |
+|------|------|
+| `vault_get_address` | 이 Vault가 관리하는 지갑 주소를 가져옵니다 |
+| `vault_health_check` | Vault 서명기의 상태를 확인합니다 |
+| `vault_sign_defi_call` | calldata 디코딩 및 정책 검증 후 DeFi 컨트랙트 상호작용에 서명합니다 |
+| `vault_sign_permit` | 정책 검증 후 EIP-2612 permit에 서명합니다 |
+### 이중 게이트 도구 (`enableUnsafeRawSign: true` 필요)
+| 도구 | 설명 |
+|------|------|
+| `vault_sign_transaction` | 원시 EVM 트랜잭션에 서명합니다 (디코더 파이프라인 우회) |
+| `vault_sign_typed_data` | 원시 EIP-712 타입 데이터에 서명합니다 (디코더 파이프라인 우회) |
+## 보안
+- **기본 거부** -- 모든 서명 작업에 명시적인 정책 승인이 필요합니다
+- **페일 클로즈** -- 알 수 없는 calldata는 항상 거부됩니다
+- **이중 게이트 원시 서명** -- `vault_sign_transaction`과 `vault_sign_typed_data`는 기본적으로 비활성화됩니다. 활성화하려면 플러그인 설정에서 `enableUnsafeRawSign: true`를 설정해야 합니다
+- **감사 추적** -- 모든 작업은 구조화된 JSON으로 기록됩니다
+## 정책 설정
+전체 예제는 메인 저장소의 [정책 설정 문서](https://github.com/agenticvault/agentic-vault#configuration)와 [`policy.example.json`](https://github.com/agenticvault/agentic-vault/blob/main/policy.example.json)를 참조하세요.
+## 라이선스
+[MIT](LICENSE)

package/README.md ADDED Viewed

@@ -0,0 +1,63 @@
+# @agenticvault/openclaw
+English | [繁體中文](README.zh-TW.md) | [简体中文](README.zh-CN.md) | [日本語](README.ja.md) | [한국어](README.ko.md)
+OpenClaw plugin for [Agentic Vault](https://github.com/agenticvault/agentic-vault) -- expose server-side EVM signing as OpenClaw agent tools with deny-by-default policy enforcement.
+## Installation
+```bash
+npm install @agenticvault/openclaw @agenticvault/agentic-vault
+```
+## Configuration
+Register the plugin in your OpenClaw agent configuration:
+```json
+{
+  "plugins": {
+    "agentic-vault": {
+      "package": "@agenticvault/openclaw",
+      "config": {
+        "keyId": "arn:aws:kms:us-east-1:123456789:key/your-key-id",
+        "region": "us-east-1",
+        "policyConfigPath": "./policy.json"
+      }
+    }
+  }
+}
+```
+## Available Tools
+### Safe Tools (always registered)
+| Tool | Description |
+|------|-------------|
+| `vault_get_address` | Get the wallet address managed by this vault |
+| `vault_health_check` | Check the health status of the vault signer |
+| `vault_sign_defi_call` | Sign a DeFi contract interaction after calldata decoding and policy validation |
+| `vault_sign_permit` | Sign an EIP-2612 permit after policy validation |
+### Dual-Gated Tools (requires `enableUnsafeRawSign: true`)
+| Tool | Description |
+|------|-------------|
+| `vault_sign_transaction` | Sign a raw EVM transaction (bypasses decoder pipeline) |
+| `vault_sign_typed_data` | Sign raw EIP-712 typed data (bypasses decoder pipeline) |
+## Security
+- **Deny by default** -- all signing operations require explicit policy approval
+- **Fail-closed** -- unknown calldata is always rejected
+- **Dual-gated raw signing** -- `vault_sign_transaction` and `vault_sign_typed_data` are disabled by default; enabling requires `enableUnsafeRawSign: true` in the plugin config
+- **Audit trail** -- every operation is logged as structured JSON
+## Policy Configuration
+See the main repository's [policy configuration docs](https://github.com/agenticvault/agentic-vault#configuration) and [`policy.example.json`](https://github.com/agenticvault/agentic-vault/blob/main/policy.example.json) for a complete example.
+## License
+[MIT](LICENSE)

package/README.zh-CN.md ADDED Viewed

@@ -0,0 +1,65 @@
+<!-- Source: packages/openclaw-plugin/README.md | Commit: 96a8dcc | Last synced: 2026-02-16 -->
+# @agenticvault/openclaw
+[English](README.md) | [繁體中文](README.zh-TW.md) | 简体中文 | [日本語](README.ja.md) | [한국어](README.ko.md)
+[Agentic Vault](https://github.com/agenticvault/agentic-vault) 的 OpenClaw 插件 -- 将服务器端 EVM 签名暴露为 OpenClaw 代理工具，搭配默认拒绝的策略引擎。
+## 安装
+```bash
+npm install @agenticvault/openclaw @agenticvault/agentic-vault
+```
+## 配置
+在 OpenClaw 代理配置中注册插件：
+```json
+{
+  "plugins": {
+    "agentic-vault": {
+      "package": "@agenticvault/openclaw",
+      "config": {
+        "keyId": "arn:aws:kms:us-east-1:123456789:key/your-key-id",
+        "region": "us-east-1",
+        "policyConfigPath": "./policy.json"
+      }
+    }
+  }
+}
+```
+## 可用工具
+### 安全工具（默认启用）
+| 工具 | 说明 |
+|------|------|
+| `vault_get_address` | 获取此保险库管理的钱包地址 |
+| `vault_health_check` | 检查保险库签名器的健康状态 |
+| `vault_sign_defi_call` | 在 calldata 解码与策略验证后签署 DeFi 合约交互 |
+| `vault_sign_permit` | 在策略验证后签署 EIP-2612 permit |
+### 双重闸控工具（需要 `enableUnsafeRawSign: true`）
+| 工具 | 说明 |
+|------|------|
+| `vault_sign_transaction` | 签署原始 EVM 交易（绕过解码管线） |
+| `vault_sign_typed_data` | 签署原始 EIP-712 类型化数据（绕过解码管线） |
+## 安全性
+- **默认拒绝** -- 所有签名操作皆需明确的策略批准
+- **失败关闭** -- 未知 calldata 一律拒绝
+- **双重闸控原始签名** -- `vault_sign_transaction` 与 `vault_sign_typed_data` 默认禁用；启用需在插件配置中设置 `enableUnsafeRawSign: true`
+- **审计追踪** -- 每次操作皆以结构化 JSON 记录
+## 策略配置
+请参阅主项目的[策略配置文档](https://github.com/agenticvault/agentic-vault#configuration)与 [`policy.example.json`](https://github.com/agenticvault/agentic-vault/blob/main/policy.example.json) 获取完整示例。
+## 许可证
+[MIT](LICENSE)

package/README.zh-TW.md ADDED Viewed

@@ -0,0 +1,65 @@
+<!-- Source: packages/openclaw-plugin/README.md | Commit: 96a8dcc | Last synced: 2026-02-16 -->
+# @agenticvault/openclaw
+[English](README.md) | 繁體中文 | [简体中文](README.zh-CN.md) | [日本語](README.ja.md) | [한국어](README.ko.md)
+[Agentic Vault](https://github.com/agenticvault/agentic-vault) 的 OpenClaw 插件 -- 將伺服器端 EVM 簽章暴露為 OpenClaw 代理工具，搭配預設拒絕的策略引擎。
+## 安裝
+```bash
+npm install @agenticvault/openclaw @agenticvault/agentic-vault
+```
+## 設定
+在 OpenClaw 代理設定中註冊插件：
+```json
+{
+  "plugins": {
+    "agentic-vault": {
+      "package": "@agenticvault/openclaw",
+      "config": {
+        "keyId": "arn:aws:kms:us-east-1:123456789:key/your-key-id",
+        "region": "us-east-1",
+        "policyConfigPath": "./policy.json"
+      }
+    }
+  }
+}
+```
+## 可用工具
+### 安全工具（預設啟用）
+| 工具 | 說明 |
+|------|------|
+| `vault_get_address` | 取得此保險庫管理的錢包地址 |
+| `vault_health_check` | 檢查保險庫簽署器的健康狀態 |
+| `vault_sign_defi_call` | 在 calldata 解碼與策略驗證後簽署 DeFi 合約互動 |
+| `vault_sign_permit` | 在策略驗證後簽署 EIP-2612 permit |
+### 雙重閘控工具（需要 `enableUnsafeRawSign: true`）
+| 工具 | 說明 |
+|------|------|
+| `vault_sign_transaction` | 簽署原始 EVM 交易（繞過解碼管線） |
+| `vault_sign_typed_data` | 簽署原始 EIP-712 型別化資料（繞過解碼管線） |
+## 安全性
+- **預設拒絕** -- 所有簽署操作皆需明確的策略核准
+- **失敗關閉** -- 未知 calldata 一律拒絕
+- **雙重閘控原始簽署** -- `vault_sign_transaction` 與 `vault_sign_typed_data` 預設停用；啟用需在插件設定中指定 `enableUnsafeRawSign: true`
+- **稽核軌跡** -- 每次操作皆以結構化 JSON 記錄
+## 策略設定
+請參閱主專案的[策略設定文件](https://github.com/agenticvault/agentic-vault#configuration)與 [`policy.example.json`](https://github.com/agenticvault/agentic-vault/blob/main/policy.example.json) 取得完整範例。
+## 授權
+[MIT](LICENSE)

package/dist/context.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import { type WorkflowContext } from '@agenticvault/agentic-vault/protocols';
+import { type OpenClawPluginConfig } from './types.js';
+/**
+ * Build a WorkflowContext from OpenClaw plugin configuration.
+ * Returns a new instance on each call — caller manages lifecycle.
+ */
+export declare function buildContext(config: OpenClawPluginConfig): WorkflowContext;

package/dist/context.js ADDED Viewed

@@ -0,0 +1,62 @@
+import { createSigningProvider, EvmSignerAdapter, } from '@agenticvault/agentic-vault';
+import { PolicyEngine, erc20Evaluator, uniswapV3Evaluator, aaveV3Evaluator, ProtocolDispatcher, createDefaultRegistry, loadPolicyConfigFromFile, } from '@agenticvault/agentic-vault/protocols';
+const DEFAULT_POLICY = {
+    allowedChainIds: [],
+    allowedContracts: [],
+    allowedSelectors: [],
+    maxAmountWei: 0n,
+    maxDeadlineSeconds: 0,
+};
+/**
+ * Build a WorkflowContext from OpenClaw plugin configuration.
+ * Returns a new instance on each call — caller manages lifecycle.
+ */
+export function buildContext(config) {
+    if (!config.keyId) {
+        throw new Error('OpenClaw plugin config: keyId is required');
+    }
+    if (!config.region) {
+        throw new Error('OpenClaw plugin config: region is required');
+    }
+    const provider = createSigningProvider({
+        provider: 'aws-kms',
+        keyId: config.keyId,
+        region: config.region,
+    });
+    const signer = new EvmSignerAdapter(provider, {
+        expectedAddress: config.expectedAddress,
+    });
+    const policyConfig = config.policyConfigPath
+        ? loadPolicyConfigFromFile(config.policyConfigPath)
+        : DEFAULT_POLICY;
+    const policyEngine = new PolicyEngine(policyConfig, [
+        erc20Evaluator,
+        uniswapV3Evaluator,
+        aaveV3Evaluator,
+    ]);
+    const dispatcher = new ProtocolDispatcher(createDefaultRegistry());
+    const auditSink = createAuditSink();
+    return {
+        signer,
+        policyEngine,
+        auditSink,
+        dispatcher,
+        caller: 'openclaw',
+        service: 'agentic-vault-openclaw',
+    };
+}
+/** Simple AuditSink implementation — writes JSON to stderr */
+function createAuditSink() {
+    return {
+        log(entry) {
+            const full = {
+                timestamp: new Date().toISOString(),
+                traceId: crypto.randomUUID(),
+                ...entry,
+            };
+            process.stderr.write(JSON.stringify(full) + '\n');
+            return full;
+        },
+    };
+}
+//# sourceMappingURL=context.js.map

package/dist/context.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"context.js","sourceRoot":"","sources":["../src/context.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,qBAAqB,EACrB,gBAAgB,GACjB,MAAM,6BAA6B,CAAC;AACrC,OAAO,EACL,YAAY,EACZ,cAAc,EACd,kBAAkB,EAClB,eAAe,EACf,kBAAkB,EAClB,qBAAqB,EACrB,wBAAwB,GAIzB,MAAM,uCAAuC,CAAC;AAG/C,MAAM,cAAc,GAAmB;IACrC,eAAe,EAAE,EAAE;IACnB,gBAAgB,EAAE,EAAE;IACpB,gBAAgB,EAAE,EAAE;IACpB,YAAY,EAAE,EAAE;IAChB,kBAAkB,EAAE,CAAC;CACtB,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,MAA4B;IACvD,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;IAC/D,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAChE,CAAC;IAED,MAAM,QAAQ,GAAG,qBAAqB,CAAC;QACrC,QAAQ,EAAE,SAAS;QACnB,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,MAAM,EAAE,MAAM,CAAC,MAAM;KACtB,CAAC,CAAC;IACH,MAAM,MAAM,GAAG,IAAI,gBAAgB,CAAC,QAAQ,EAAE;QAC5C,eAAe,EAAE,MAAM,CAAC,eAA4C;KACrE,CAAC,CAAC;IAEH,MAAM,YAAY,GAAG,MAAM,CAAC,gBAAgB;QAC1C,CAAC,CAAC,wBAAwB,CAAC,MAAM,CAAC,gBAAgB,CAAC;QACnD,CAAC,CAAC,cAAc,CAAC;IACnB,MAAM,YAAY,GAAG,IAAI,YAAY,CAAC,YAAY,EAAE;QAClD,cAAc;QACd,kBAAkB;QAClB,eAAe;KAChB,CAAC,CAAC;IAEH,MAAM,UAAU,GAAG,IAAI,kBAAkB,CAAC,qBAAqB,EAAE,CAAC,CAAC;IACnE,MAAM,SAAS,GAAG,eAAe,EAAE,CAAC;IAEpC,OAAO;QACL,MAAM;QACN,YAAY;QACZ,SAAS;QACT,UAAU;QACV,MAAM,EAAE,UAAU;QAClB,OAAO,EAAE,wBAAwB;KAClC,CAAC;AACJ,CAAC;AAED,8DAA8D;AAC9D,SAAS,eAAe;IACtB,OAAO;QACL,GAAG,CAAC,KAAK;YACP,MAAM,IAAI,GAAG;gBACX,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACnC,OAAO,EAAE,MAAM,CAAC,UAAU,EAAE;gBAC5B,GAAG,KAAK;aACT,CAAC;YACF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC;YAClD,OAAO,IAAI,CAAC;QACd,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+export { type OpenClawPluginApi, type OpenClawToolConfig, type OpenClawParameter, type OpenClawToolHandler, type OpenClawToolResult, type OpenClawPluginConfig, } from './types.js';
+export { buildContext } from './context.js';
+export { registerTools } from './tools.js';
+import { type OpenClawPluginApi, type OpenClawPluginConfig } from './types.js';
+/**
+ * OpenClaw plugin entry point.
+ * Called by the OpenClaw host to register vault signing tools.
+ */
+export declare function register(api: OpenClawPluginApi, config: OpenClawPluginConfig): void;

package/dist/index.js ADDED Viewed

@@ -0,0 +1,13 @@
+export { buildContext } from './context.js';
+export { registerTools } from './tools.js';
+import { buildContext } from './context.js';
+import { registerTools } from './tools.js';
+/**
+ * OpenClaw plugin entry point.
+ * Called by the OpenClaw host to register vault signing tools.
+ */
+export function register(api, config) {
+    const ctx = buildContext(config);
+    registerTools(api, ctx, config);
+}
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAQA,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAG3C,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAE3C;;;GAGG;AACH,MAAM,UAAU,QAAQ,CACtB,GAAsB,EACtB,MAA4B;IAE5B,MAAM,GAAG,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IACjC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC,CAAC;AAClC,CAAC"}

package/dist/tools.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+import { type WorkflowContext } from '@agenticvault/agentic-vault/protocols';
+import { type OpenClawPluginApi, type OpenClawPluginConfig } from './types.js';
+/**
+ * Register all OpenClaw tools.
+ * 4 safe tools are always registered.
+ * 2 dual-gated tools are only registered when enableUnsafeRawSign is true.
+ */
+export declare function registerTools(api: OpenClawPluginApi, ctx: WorkflowContext, config: OpenClawPluginConfig): void;

package/dist/tools.js ADDED Viewed

@@ -0,0 +1,326 @@
+import { signDefiCall, signPermit, getAddressWorkflow, healthCheckWorkflow, } from '@agenticvault/agentic-vault/protocols';
+// ─── Result Adapter ───
+function toResult(result) {
+    switch (result.status) {
+        case 'approved':
+            return { content: [{ type: 'text', text: result.data }] };
+        case 'dry-run-approved': {
+            const replacer = (_k, v) => typeof v === 'bigint' ? v.toString() : v;
+            return {
+                content: [
+                    { type: 'text', text: JSON.stringify(result.details, replacer) },
+                ],
+            };
+        }
+        case 'denied':
+            return { content: [{ type: 'text', text: result.reason }] };
+        case 'error':
+            return { content: [{ type: 'text', text: `Error: ${result.reason}` }] };
+    }
+}
+// ─── Safe Tools (always registered) ───
+function registerGetAddress(api, ctx) {
+    api.registerTool('vault_get_address', {
+        description: 'Get the wallet address managed by this vault',
+    }, async () => {
+        const result = await getAddressWorkflow(ctx);
+        return toResult(result);
+    });
+}
+function registerHealthCheck(api, ctx) {
+    api.registerTool('vault_health_check', {
+        description: 'Check the health status of the vault signer',
+    }, async () => {
+        const result = await healthCheckWorkflow(ctx);
+        return toResult(result);
+    });
+}
+function registerSignDefiCall(api, ctx) {
+    api.registerTool('vault_sign_defi_call', {
+        description: 'Sign a DeFi contract interaction after calldata decoding and policy validation',
+        parameters: {
+            chainId: {
+                type: 'number',
+                description: 'The chain ID for the transaction',
+                required: true,
+            },
+            to: {
+                type: 'string',
+                description: 'The target contract address (0x-prefixed)',
+                required: true,
+            },
+            data: {
+                type: 'string',
+                description: 'The calldata (hex-encoded, 0x-prefixed)',
+                required: true,
+            },
+            value: {
+                type: 'string',
+                description: 'The value in wei (decimal string)',
+            },
+        },
+    }, async (args) => {
+        const result = await signDefiCall(ctx, 'vault_sign_defi_call', {
+            chainId: args.chainId,
+            to: args.to,
+            data: args.data,
+            value: args.value,
+        });
+        return toResult(result);
+    });
+}
+function registerSignPermit(api, ctx) {
+    api.registerTool('vault_sign_permit', {
+        description: 'Sign an EIP-2612 permit after policy validation',
+        parameters: {
+            chainId: {
+                type: 'number',
+                description: 'The chain ID',
+                required: true,
+            },
+            token: {
+                type: 'string',
+                description: 'The token contract address (0x-prefixed)',
+                required: true,
+            },
+            spender: {
+                type: 'string',
+                description: 'The spender address (0x-prefixed)',
+                required: true,
+            },
+            value: {
+                type: 'string',
+                description: 'The permit value in wei (decimal string)',
+                required: true,
+            },
+            deadline: {
+                type: 'number',
+                description: 'The permit deadline (unix timestamp)',
+                required: true,
+            },
+            domain: {
+                type: 'object',
+                description: 'The EIP-712 domain',
+                required: true,
+            },
+            types: {
+                type: 'object',
+                description: 'The EIP-712 types',
+                required: true,
+            },
+            message: {
+                type: 'object',
+                description: 'The EIP-712 message',
+                required: true,
+            },
+        },
+    }, async (args) => {
+        const result = await signPermit(ctx, {
+            chainId: args.chainId,
+            token: args.token,
+            spender: args.spender,
+            value: args.value,
+            deadline: args.deadline,
+            domain: args.domain,
+            types: args.types,
+            message: args.message,
+        });
+        return toResult(result);
+    });
+}
+// ─── Dual-Gated Tools (only with enableUnsafeRawSign) ───
+function registerSignTransaction(api, ctx) {
+    api.registerTool('vault_sign_transaction', {
+        description: '[UNSAFE] Sign a raw EVM transaction. Only available when enableUnsafeRawSign is configured.',
+        parameters: {
+            chainId: {
+                type: 'number',
+                description: 'The chain ID',
+                required: true,
+            },
+            to: {
+                type: 'string',
+                description: 'The target address (0x-prefixed)',
+                required: true,
+            },
+            data: {
+                type: 'string',
+                description: 'The calldata (hex-encoded)',
+            },
+            value: {
+                type: 'string',
+                description: 'The value in wei (decimal string)',
+            },
+            nonce: { type: 'number', description: 'The transaction nonce' },
+            gas: {
+                type: 'string',
+                description: 'The gas limit (decimal string)',
+            },
+            maxFeePerGas: {
+                type: 'string',
+                description: 'Max fee per gas in wei',
+            },
+            maxPriorityFeePerGas: {
+                type: 'string',
+                description: 'Max priority fee per gas in wei',
+            },
+        },
+        optional: true,
+    }, async (args) => {
+        if (!ctx.signer) {
+            ctx.auditSink.log({
+                service: ctx.service ?? 'agentic-vault-openclaw',
+                action: 'vault_sign_transaction',
+                who: ctx.caller,
+                what: 'Signer not available for raw transaction signing',
+                why: 'Configuration error: signer is required',
+                result: 'error',
+            });
+            return {
+                content: [{ type: 'text', text: 'Error: Signer is not available' }],
+            };
+        }
+        try {
+            const to = args.to.toLowerCase();
+            const tx = {
+                chainId: args.chainId,
+                to,
+                type: 'eip1559',
+            };
+            if (args.data)
+                tx.data = args.data;
+            if (args.value)
+                tx.value = BigInt(args.value);
+            if (args.nonce !== undefined)
+                tx.nonce = args.nonce;
+            if (args.gas)
+                tx.gas = BigInt(args.gas);
+            if (args.maxFeePerGas)
+                tx.maxFeePerGas = BigInt(args.maxFeePerGas);
+            if (args.maxPriorityFeePerGas)
+                tx.maxPriorityFeePerGas = BigInt(args.maxPriorityFeePerGas);
+            const signedTx = await ctx.signer.signTransaction(tx);
+            ctx.auditSink.log({
+                service: ctx.service ?? 'agentic-vault-openclaw',
+                action: 'vault_sign_transaction',
+                who: ctx.caller,
+                what: `Signed raw transaction to ${to} on chain ${args.chainId}`,
+                why: 'Raw transaction signing (enableUnsafeRawSign enabled)',
+                result: 'approved',
+                details: { chainId: args.chainId, to },
+            });
+            return { content: [{ type: 'text', text: signedTx }] };
+        }
+        catch (error) {
+            const msg = error instanceof Error ? error.message : String(error);
+            ctx.auditSink.log({
+                service: ctx.service ?? 'agentic-vault-openclaw',
+                action: 'vault_sign_transaction',
+                who: ctx.caller,
+                what: `Failed to sign raw transaction to ${args.to}`,
+                why: 'Signing error',
+                result: 'error',
+                details: { error: msg },
+            });
+            return {
+                content: [{ type: 'text', text: `Signing error: ${msg}` }],
+            };
+        }
+    });
+}
+function registerSignTypedData(api, ctx) {
+    api.registerTool('vault_sign_typed_data', {
+        description: '[UNSAFE] Sign raw EIP-712 typed data. Only available when enableUnsafeRawSign is configured.',
+        parameters: {
+            domain: {
+                type: 'object',
+                description: 'The EIP-712 domain',
+                required: true,
+            },
+            types: {
+                type: 'object',
+                description: 'The EIP-712 types',
+                required: true,
+            },
+            primaryType: {
+                type: 'string',
+                description: 'The primary type name',
+                required: true,
+            },
+            message: {
+                type: 'object',
+                description: 'The EIP-712 message',
+                required: true,
+            },
+        },
+        optional: true,
+    }, async (args) => {
+        if (!ctx.signer) {
+            ctx.auditSink.log({
+                service: ctx.service ?? 'agentic-vault-openclaw',
+                action: 'vault_sign_typed_data',
+                who: ctx.caller,
+                what: 'Signer not available for typed data signing',
+                why: 'Configuration error: signer is required',
+                result: 'error',
+            });
+            return {
+                content: [{ type: 'text', text: 'Error: Signer is not available' }],
+            };
+        }
+        try {
+            const sig = await ctx.signer.signTypedData({
+                domain: args.domain,
+                types: args.types,
+                primaryType: args.primaryType,
+                message: args.message,
+            });
+            ctx.auditSink.log({
+                service: ctx.service ?? 'agentic-vault-openclaw',
+                action: 'vault_sign_typed_data',
+                who: ctx.caller,
+                what: `Signed typed data with primaryType ${args.primaryType}`,
+                why: 'Raw typed data signing (enableUnsafeRawSign enabled)',
+                result: 'approved',
+                details: { primaryType: args.primaryType },
+            });
+            return {
+                content: [{ type: 'text', text: JSON.stringify(sig) }],
+            };
+        }
+        catch (error) {
+            const msg = error instanceof Error ? error.message : String(error);
+            ctx.auditSink.log({
+                service: ctx.service ?? 'agentic-vault-openclaw',
+                action: 'vault_sign_typed_data',
+                who: ctx.caller,
+                what: `Failed to sign typed data with primaryType ${args.primaryType}`,
+                why: 'Signing error',
+                result: 'error',
+                details: { error: msg },
+            });
+            return {
+                content: [{ type: 'text', text: `Signing error: ${msg}` }],
+            };
+        }
+    });
+}
+// ─── Public Registration ───
+/**
+ * Register all OpenClaw tools.
+ * 4 safe tools are always registered.
+ * 2 dual-gated tools are only registered when enableUnsafeRawSign is true.
+ */
+export function registerTools(api, ctx, config) {
+    // Safe tools — always registered
+    registerGetAddress(api, ctx);
+    registerHealthCheck(api, ctx);
+    registerSignDefiCall(api, ctx);
+    registerSignPermit(api, ctx);
+    // Dual-gated tools — only with enableUnsafeRawSign
+    if (config.enableUnsafeRawSign) {
+        registerSignTransaction(api, ctx);
+        registerSignTypedData(api, ctx);
+    }
+}
+//# sourceMappingURL=tools.js.map

package/dist/tools.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"tools.js","sourceRoot":"","sources":["../src/tools.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,YAAY,EACZ,UAAU,EACV,kBAAkB,EAClB,mBAAmB,GAGpB,MAAM,uCAAuC,CAAC;AAO/C,yBAAyB;AAEzB,SAAS,QAAQ,CAAC,MAAsB;IACtC,QAAQ,MAAM,CAAC,MAAM,EAAE,CAAC;QACtB,KAAK,UAAU;YACb,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;QAC5D,KAAK,kBAAkB,CAAC,CAAC,CAAC;YACxB,MAAM,QAAQ,GAAG,CAAC,EAAU,EAAE,CAAU,EAAE,EAAE,CAC1C,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;YAC3C,OAAO;gBACL,OAAO,EAAE;oBACP,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE;iBACjE;aACF,CAAC;QACJ,CAAC;QACD,KAAK,QAAQ;YACX,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,CAAC;QAC9D,KAAK,OAAO;YACV,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,MAAM,CAAC,MAAM,EAAE,EAAE,CAAC,EAAE,CAAC;IAC5E,CAAC;AACH,CAAC;AAED,yCAAyC;AAEzC,SAAS,kBAAkB,CACzB,GAAsB,EACtB,GAAoB;IAEpB,GAAG,CAAC,YAAY,CACd,mBAAmB,EACnB;QACE,WAAW,EAAE,8CAA8C;KAC5D,EACD,KAAK,IAAI,EAAE;QACT,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,GAAG,CAAC,CAAC;QAC7C,OAAO,QAAQ,CAAC,MAAM,CAAC,CAAC;IAC1B,CAAC,CACF,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAC1B,GAAsB,EACtB,GAAoB;IAEpB,GAAG,CAAC,YAAY,CACd,oBAAoB,EACpB;QACE,WAAW,EAAE,6CAA6C;KAC3D,EACD,KAAK,IAAI,EAAE;QACT,MAAM,MAAM,GAAG,MAAM,mBAAmB,CAAC,GAAG,CAAC,CAAC;QAC9C,OAAO,QAAQ,CAAC,MAAM,CAAC,CAAC;IAC1B,CAAC,CACF,CAAC;AACJ,CAAC;AAED,SAAS,oBAAoB,CAC3B,GAAsB,EACtB,GAAoB;IAEpB,GAAG,CAAC,YAAY,CACd,sBAAsB,EACtB;QACE,WAAW,EACT,gFAAgF;QAClF,UAAU,EAAE;YACV,OAAO,EAAE;gBACP,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,kCAAkC;gBAC/C,QAAQ,EAAE,IAAI;aACf;YACD,EAAE,EAAE;gBACF,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,2CAA2C;gBACxD,QAAQ,EAAE,IAAI;aACf;YACD,IAAI,EAAE;gBACJ,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,yCAAyC;gBACtD,QAAQ,EAAE,IAAI;aACf;YACD,KAAK,EAAE;gBACL,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,mCAAmC;aACjD;SACF;KACF,EACD,KAAK,EAAE,IAAI,EAAE,EAAE;QACb,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,GAAG,EAAE,sBAAsB,EAAE;YAC7D,OAAO,EAAE,IAAI,CAAC,OAAiB;YAC/B,EAAE,EAAE,IAAI,CAAC,EAAY;YACrB,IAAI,EAAE,IAAI,CAAC,IAAc;YACzB,KAAK,EAAE,IAAI,CAAC,KAA2B;SACxC,CAAC,CAAC;QACH,OAAO,QAAQ,CAAC,MAAM,CAAC,CAAC;IAC1B,CAAC,CACF,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CACzB,GAAsB,EACtB,GAAoB;IAEpB,GAAG,CAAC,YAAY,CACd,mBAAmB,EACnB;QACE,WAAW,EAAE,iDAAiD;QAC9D,UAAU,EAAE;YACV,OAAO,EAAE;gBACP,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,cAAc;gBAC3B,QAAQ,EAAE,IAAI;aACf;YACD,KAAK,EAAE;gBACL,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,0CAA0C;gBACvD,QAAQ,EAAE,IAAI;aACf;YACD,OAAO,EAAE;gBACP,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,mCAAmC;gBAChD,QAAQ,EAAE,IAAI;aACf;YACD,KAAK,EAAE;gBACL,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,0CAA0C;gBACvD,QAAQ,EAAE,IAAI;aACf;YACD,QAAQ,EAAE;gBACR,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,sCAAsC;gBACnD,QAAQ,EAAE,IAAI;aACf;YACD,MAAM,EAAE;gBACN,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,oBAAoB;gBACjC,QAAQ,EAAE,IAAI;aACf;YACD,KAAK,EAAE;gBACL,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,mBAAmB;gBAChC,QAAQ,EAAE,IAAI;aACf;YACD,OAAO,EAAE;gBACP,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,qBAAqB;gBAClC,QAAQ,EAAE,IAAI;aACf;SACF;KACF,EACD,KAAK,EAAE,IAAI,EAAE,EAAE;QACb,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,GAAG,EAAE;YACnC,OAAO,EAAE,IAAI,CAAC,OAAiB;YAC/B,KAAK,EAAE,IAAI,CAAC,KAAe;YAC3B,OAAO,EAAE,IAAI,CAAC,OAAiB;YAC/B,KAAK,EAAE,IAAI,CAAC,KAAe;YAC3B,QAAQ,EAAE,IAAI,CAAC,QAAkB;YACjC,MAAM,EAAE,IAAI,CAAC,MAAiC;YAC9C,KAAK,EAAE,IAAI,CAAC,KAAgC;YAC5C,OAAO,EAAE,IAAI,CAAC,OAAkC;SACjD,CAAC,CAAC;QACH,OAAO,QAAQ,CAAC,MAAM,CAAC,CAAC;IAC1B,CAAC,CACF,CAAC;AACJ,CAAC;AAED,2DAA2D;AAE3D,SAAS,uBAAuB,CAC9B,GAAsB,EACtB,GAAoB;IAEpB,GAAG,CAAC,YAAY,CACd,wBAAwB,EACxB;QACE,WAAW,EACT,6FAA6F;QAC/F,UAAU,EAAE;YACV,OAAO,EAAE;gBACP,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,cAAc;gBAC3B,QAAQ,EAAE,IAAI;aACf;YACD,EAAE,EAAE;gBACF,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,kCAAkC;gBAC/C,QAAQ,EAAE,IAAI;aACf;YACD,IAAI,EAAE;gBACJ,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,4BAA4B;aAC1C;YACD,KAAK,EAAE;gBACL,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,mCAAmC;aACjD;YACD,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,uBAAuB,EAAE;YAC/D,GAAG,EAAE;gBACH,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,gCAAgC;aAC9C;YACD,YAAY,EAAE;gBACZ,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,wBAAwB;aACtC;YACD,oBAAoB,EAAE;gBACpB,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,iCAAiC;aAC/C;SACF;QACD,QAAQ,EAAE,IAAI;KACf,EACD,KAAK,EAAE,IAAI,EAAE,EAAE;QACb,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC;YAChB,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC;gBAChB,OAAO,EAAE,GAAG,CAAC,OAAO,IAAI,wBAAwB;gBAChD,MAAM,EAAE,wBAAwB;gBAChC,GAAG,EAAE,GAAG,CAAC,MAAM;gBACf,IAAI,EAAE,kDAAkD;gBACxD,GAAG,EAAE,yCAAyC;gBAC9C,MAAM,EAAE,OAAO;aAChB,CAAC,CAAC;YACH,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,gCAAgC,EAAE,CAAC;aACpE,CAAC;QACJ,CAAC;QAED,IAAI,CAAC;YACH,MAAM,EAAE,GAAI,IAAI,CAAC,EAAa,CAAC,WAAW,EAAmB,CAAC;YAC9D,MAAM,EAAE,GAA4B;gBAClC,OAAO,EAAE,IAAI,CAAC,OAAiB;gBAC/B,EAAE;gBACF,IAAI,EAAE,SAAS;aAChB,CAAC;YACF,IAAI,IAAI,CAAC,IAAI;gBAAE,EAAE,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;YACnC,IAAI,IAAI,CAAC,KAAK;gBAAE,EAAE,CAAC,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,KAAe,CAAC,CAAC;YACxD,IAAI,IAAI,CAAC,KAAK,KAAK,SAAS;gBAAE,EAAE,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;YACpD,IAAI,IAAI,CAAC,GAAG;gBAAE,EAAE,CAAC,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,GAAa,CAAC,CAAC;YAClD,IAAI,IAAI,CAAC,YAAY;gBACnB,EAAE,CAAC,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,YAAsB,CAAC,CAAC;YACxD,IAAI,IAAI,CAAC,oBAAoB;gBAC3B,EAAE,CAAC,oBAAoB,GAAG,MAAM,CAC9B,IAAI,CAAC,oBAA8B,CACpC,CAAC;YAEJ,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC;YAEtD,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC;gBAChB,OAAO,EAAE,GAAG,CAAC,OAAO,IAAI,wBAAwB;gBAChD,MAAM,EAAE,wBAAwB;gBAChC,GAAG,EAAE,GAAG,CAAC,MAAM;gBACf,IAAI,EAAE,6BAA6B,EAAE,aAAa,IAAI,CAAC,OAAiB,EAAE;gBAC1E,GAAG,EAAE,uDAAuD;gBAC5D,MAAM,EAAE,UAAU;gBAClB,OAAO,EAAE,EAAE,OAAO,EAAE,IAAI,CAAC,OAAiB,EAAE,EAAE,EAAE;aACjD,CAAC,CAAC;YAEH,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;QACzD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,GAAG,GACP,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAEzD,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC;gBAChB,OAAO,EAAE,GAAG,CAAC,OAAO,IAAI,wBAAwB;gBAChD,MAAM,EAAE,wBAAwB;gBAChC,GAAG,EAAE,GAAG,CAAC,MAAM;gBACf,IAAI,EAAE,qCAAqC,IAAI,CAAC,EAAY,EAAE;gBAC9D,GAAG,EAAE,eAAe;gBACpB,MAAM,EAAE,OAAO;gBACf,OAAO,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE;aACxB,CAAC,CAAC;YAEH,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,kBAAkB,GAAG,EAAE,EAAE,CAAC;aAC3D,CAAC;QACJ,CAAC;IACH,CAAC,CACF,CAAC;AACJ,CAAC;AAED,SAAS,qBAAqB,CAC5B,GAAsB,EACtB,GAAoB;IAEpB,GAAG,CAAC,YAAY,CACd,uBAAuB,EACvB;QACE,WAAW,EACT,8FAA8F;QAChG,UAAU,EAAE;YACV,MAAM,EAAE;gBACN,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,oBAAoB;gBACjC,QAAQ,EAAE,IAAI;aACf;YACD,KAAK,EAAE;gBACL,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,mBAAmB;gBAChC,QAAQ,EAAE,IAAI;aACf;YACD,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,uBAAuB;gBACpC,QAAQ,EAAE,IAAI;aACf;YACD,OAAO,EAAE;gBACP,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,qBAAqB;gBAClC,QAAQ,EAAE,IAAI;aACf;SACF;QACD,QAAQ,EAAE,IAAI;KACf,EACD,KAAK,EAAE,IAAI,EAAE,EAAE;QACb,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC;YAChB,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC;gBAChB,OAAO,EAAE,GAAG,CAAC,OAAO,IAAI,wBAAwB;gBAChD,MAAM,EAAE,uBAAuB;gBAC/B,GAAG,EAAE,GAAG,CAAC,MAAM;gBACf,IAAI,EAAE,6CAA6C;gBACnD,GAAG,EAAE,yCAAyC;gBAC9C,MAAM,EAAE,OAAO;aAChB,CAAC,CAAC;YACH,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,gCAAgC,EAAE,CAAC;aACpE,CAAC;QACJ,CAAC;QAED,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,aAAa,CAAC;gBACzC,MAAM,EAAE,IAAI,CAAC,MAAiC;gBAC9C,KAAK,EAAE,IAAI,CAAC,KAAgC;gBAC5C,WAAW,EAAE,IAAI,CAAC,WAAqB;gBACvC,OAAO,EAAE,IAAI,CAAC,OAAkC;aACjD,CAAC,CAAC;YAEH,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC;gBAChB,OAAO,EAAE,GAAG,CAAC,OAAO,IAAI,wBAAwB;gBAChD,MAAM,EAAE,uBAAuB;gBAC/B,GAAG,EAAE,GAAG,CAAC,MAAM;gBACf,IAAI,EAAE,sCAAsC,IAAI,CAAC,WAAqB,EAAE;gBACxE,GAAG,EAAE,sDAAsD;gBAC3D,MAAM,EAAE,UAAU;gBAClB,OAAO,EAAE,EAAE,WAAW,EAAE,IAAI,CAAC,WAAqB,EAAE;aACrD,CAAC,CAAC;YAEH,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;aACvD,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,GAAG,GACP,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAEzD,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC;gBAChB,OAAO,EAAE,GAAG,CAAC,OAAO,IAAI,wBAAwB;gBAChD,MAAM,EAAE,uBAAuB;gBAC/B,GAAG,EAAE,GAAG,CAAC,MAAM;gBACf,IAAI,EAAE,8CAA8C,IAAI,CAAC,WAAqB,EAAE;gBAChF,GAAG,EAAE,eAAe;gBACpB,MAAM,EAAE,OAAO;gBACf,OAAO,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE;aACxB,CAAC,CAAC;YAEH,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,kBAAkB,GAAG,EAAE,EAAE,CAAC;aAC3D,CAAC;QACJ,CAAC;IACH,CAAC,CACF,CAAC;AACJ,CAAC;AAED,8BAA8B;AAE9B;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAC3B,GAAsB,EACtB,GAAoB,EACpB,MAA4B;IAE5B,iCAAiC;IACjC,kBAAkB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAC7B,mBAAmB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAC9B,oBAAoB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAC/B,kBAAkB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAE7B,mDAAmD;IACnD,IAAI,MAAM,CAAC,mBAAmB,EAAE,CAAC;QAC/B,uBAAuB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAClC,qBAAqB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAClC,CAAC;AACH,CAAC"}

package/dist/types.d.ts ADDED Viewed

@@ -0,0 +1,35 @@
+/** OpenClaw plugin API — structural contract for tool registration */
+export interface OpenClawPluginApi {
+    registerTool(name: string, config: OpenClawToolConfig, handler: OpenClawToolHandler): void;
+}
+/** Tool configuration for OpenClaw registration */
+export interface OpenClawToolConfig {
+    description: string;
+    parameters?: Record<string, OpenClawParameter>;
+    /** When true, the tool can be allowlisted by the agent (dual-gated) */
+    optional?: boolean;
+}
+/** JSON Schema-compatible parameter definition (TypeBox compatible) */
+export interface OpenClawParameter {
+    type: string;
+    description: string;
+    required?: boolean;
+    enum?: string[];
+}
+/** Tool handler function signature */
+export type OpenClawToolHandler = (args: Record<string, unknown>) => Promise<OpenClawToolResult>;
+/** Standard OpenClaw tool result format */
+export interface OpenClawToolResult {
+    content: {
+        type: 'text';
+        text: string;
+    }[];
+}
+/** Plugin configuration provided by the OpenClaw host */
+export interface OpenClawPluginConfig {
+    keyId: string;
+    region: string;
+    expectedAddress?: string;
+    policyConfigPath?: string;
+    enableUnsafeRawSign?: boolean;
+}

package/dist/types.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=types.js.map

package/dist/types.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}

package/openclaw.plugin.json ADDED Viewed

@@ -0,0 +1,13 @@
+{
+  "name": "agentic-vault",
+  "displayName": "Agentic Vault",
+  "description": "Server-side EVM signing with AWS KMS — sign DeFi transactions, permits, and more",
+  "version": "0.1.0",
+  "configSchema": {
+    "keyId": { "type": "string", "required": true, "description": "AWS KMS key ID or alias" },
+    "region": { "type": "string", "required": true, "description": "AWS region" },
+    "expectedAddress": { "type": "string", "required": false, "description": "Expected signer address for verification" },
+    "policyConfigPath": { "type": "string", "required": false, "description": "Path to policy configuration JSON file" },
+    "enableUnsafeRawSign": { "type": "boolean", "required": false, "default": false, "description": "Enable raw transaction and typed data signing tools (unsafe)" }
+  }
+}

package/package.json ADDED Viewed

@@ -0,0 +1,64 @@
+{
+  "name": "@agenticvault/openclaw",
+  "version": "0.1.0",
+  "description": "OpenClaw plugin for Agentic Vault — expose EVM signing as OpenClaw agent tools",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    },
+    "./openclaw.plugin.json": "./openclaw.plugin.json"
+  },
+  "files": [
+    "dist",
+    "openclaw.plugin.json"
+  ],
+  "engines": {
+    "node": ">=24"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/agenticvault/agentic-vault",
+    "directory": "packages/openclaw-plugin"
+  },
+  "license": "MIT",
+  "bugs": {
+    "url": "https://github.com/agenticvault/agentic-vault/issues"
+  },
+  "homepage": "https://github.com/agenticvault/agentic-vault/tree/main/packages/openclaw-plugin#readme",
+  "publishConfig": {
+    "access": "public",
+    "registry": "https://registry.npmjs.org"
+  },
+  "keywords": [
+    "openclaw",
+    "plugin",
+    "agentic-vault",
+    "evm",
+    "signing",
+    "aws-kms",
+    "ai-agent"
+  ],
+  "peerDependencies": {
+    "@agenticvault/agentic-vault": "~0.1.0"
+  },
+  "devDependencies": {
+    "@eslint/js": "^9.39.2",
+    "eslint": "^9.39.2",
+    "typescript": "^5.9.3",
+    "typescript-eslint": "^8.55.0",
+    "vitest": "^4.0.18",
+    "@agenticvault/agentic-vault": "0.1.0"
+  },
+  "scripts": {
+    "build": "tsc -b",
+    "typecheck": "tsc -p tsconfig.check.json",
+    "lint": "eslint src/ test/",
+    "lint:fix": "eslint src/ test/ --fix",
+    "test:unit": "vitest run test/unit/",
+    "test:integration": "vitest run test/integration/"
+  }
+}