@agentvault/agentvault 0.19.58 → 0.19.60

package/dist/mcp-handlers.d.ts

@@ -0,0 +1,26 @@
+/**
+ * MCP HTTP request handlers — routes /mcp requests to AgentVaultMcpServer.
+ *
+ * Supports both self-managed HTTP and OpenClaw managed routes.
+ */
+import type { IncomingMessage, ServerResponse } from "node:http";
+import type { AgentVaultMcpServer } from "./mcp-server.js";
+/**
+ * Create an HTTP request handler for MCP routes.
+ *
+ * Routes:
+ *   POST /mcp  — MCP Streamable HTTP messages
+ *   GET  /mcp  — MCP SSE stream (for server-initiated messages)
+ *   DELETE /mcp — Close MCP session
+ *
+ * All other paths are passed through to the next handler.
+ */
+export declare function createMcpHandler(mcpServer: AgentVaultMcpServer | null, basePath?: string): (req: IncomingMessage, res: ServerResponse, next?: () => void) => void;
+/**
+ * Build a status object with MCP info for the /status endpoint.
+ */
+export declare function getMcpStatus(mcpServer: AgentVaultMcpServer | null): {
+    mcp_enabled: boolean;
+    mcp_skills_count: number;
+};
+//# sourceMappingURL=mcp-handlers.d.ts.map

package/dist/mcp-handlers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-handlers.d.ts","sourceRoot":"","sources":["../src/mcp-handlers.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AACjE,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AAE3D;;;;;;;;;GASG;AACH,wBAAgB,gBAAgB,CAC9B,SAAS,EAAE,mBAAmB,GAAG,IAAI,EACrC,QAAQ,GAAE,MAAe,GACxB,CAAC,GAAG,EAAE,eAAe,EAAE,GAAG,EAAE,cAAc,EAAE,IAAI,CAAC,EAAE,MAAM,IAAI,KAAK,IAAI,CA0BxE;AAED;;GAEG;AACH,wBAAgB,YAAY,CAC1B,SAAS,EAAE,mBAAmB,GAAG,IAAI,GACpC;IAAE,WAAW,EAAE,OAAO,CAAC;IAAC,gBAAgB,EAAE,MAAM,CAAA;CAAE,CAQpD"}

package/dist/mcp-proxy-helpers.d.ts

@@ -0,0 +1,9 @@
+import type { AgentVaultMcpServer } from "./mcp-server.js";
+/**
+ * Forward a JSON-RPC payload to the MCP server by creating synthetic
+ * HTTP request/response objects that the Streamable HTTP transport expects.
+ *
+ * Returns the MCP server's JSON-RPC response.
+ */
+export declare function createMcpProxyRequest(mcpServer: AgentVaultMcpServer, payload: unknown): Promise<unknown>;
+//# sourceMappingURL=mcp-proxy-helpers.d.ts.map

package/dist/mcp-proxy-helpers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-proxy-helpers.d.ts","sourceRoot":"","sources":["../src/mcp-proxy-helpers.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AAE3D;;;;;GAKG;AACH,wBAAsB,qBAAqB,CACzC,SAAS,EAAE,mBAAmB,EAC9B,OAAO,EAAE,OAAO,GACf,OAAO,CAAC,OAAO,CAAC,CAqDlB"}

package/dist/mcp-server.d.ts

@@ -0,0 +1,91 @@
+import type { IncomingMessage, ServerResponse } from "node:http";
+export interface SkillDefinition {
+    name: string;
+    version?: string;
+    description?: string;
+    /** JSON Schema for the tool input (not Zod — raw JSON Schema object). */
+    inputSchema?: Record<string, unknown>;
+    /** Freeform instructions that are surfaced as an MCP prompt. */
+    instructions?: string;
+    /** SLA definition blob attached to the skill registry resource. */
+    slaDefinition?: Record<string, unknown>;
+    /** Tags for categorisation. */
+    tags?: string[];
+    /** Tools/capabilities explicitly allowed for this skill. */
+    toolsAllowed?: string[];
+    /** Tools/capabilities explicitly denied for this skill. */
+    toolsDenied?: string[];
+    /** JSON Schema for skill output validation. */
+    outputSchema?: Record<string, unknown>;
+    /** Model routing strategy: "auto" | "round-robin" | "least-latency". */
+    modelRouting?: string;
+    /** Allowed LLM models for this skill. */
+    allowedModels?: string[];
+    /** Default LLM model for this skill. */
+    defaultModel?: string;
+    /** AgentVault certification tier: "verified" | "certified" | "enterprise". */
+    certificationTier?: string;
+    /** Integrity configuration (algorithm, hashChain). */
+    integrity?: Record<string, unknown>;
+    /** Required policy presets (e.g., ["network: agentvault"]). */
+    requiredPolicies?: string[];
+}
+export interface McpServerOpts {
+    agentName: string;
+    apiUrl: string;
+    apiKey?: string;
+    /**
+     * Called when an MCP client invokes a registered skill tool.
+     * Receives skill name, args, and the full skill definition (including instructions).
+     * Return value is serialised as JSON and sent back as tool output.
+     */
+    onInvoke?: (skillName: string, args: Record<string, unknown>, skill: SkillDefinition) => Promise<unknown>;
+}
+export declare class AgentVaultMcpServer {
+    private server;
+    private skills;
+    private opts;
+    private initialized;
+    constructor(opts: McpServerOpts);
+    /**
+     * Register a skill that will be exposed as an MCP tool.
+     * Must be called *before* `initialize()`.
+     */
+    registerSkill(skill: SkillDefinition): void;
+    /**
+     * Register all skills as MCP tools / resources / prompts.
+     * Called lazily on first request if not called explicitly.
+     */
+    initialize(): void;
+    /**
+     * Handle an incoming HTTP request to the /mcp endpoint.
+     *
+     * Supports the Streamable HTTP transport protocol:
+     * - POST for JSON-RPC messages
+     * - GET  for SSE notification stream
+     * - DELETE for session close
+     *
+     * Each request gets a fresh stateless transport; after the response is
+     * flushed the transport + underlying protocol connection are torn down
+     * so the single McpServer instance is ready for the next caller.
+     *
+     * Local requests from 127.0.0.1/::1 bypass SPT validation (owner access).
+     */
+    handleRequest(req: IncomingMessage, res: ServerResponse): Promise<void>;
+    /**
+     * Register a single skill as an MCP tool.
+     *
+     * The MCP SDK's `tool()` overloads that accept a schema expect Zod types.
+     * Since our skill definitions use raw JSON Schema we register without
+     * schema validation (name + description + handler) and let the handler
+     * receive the raw args object.
+     */
+    private registerToolForSkill;
+    /**
+     * Validate a Service Provider Token against the AgentVault backend.
+     */
+    private validateSpt;
+    get skillCount(): number;
+    get isInitialized(): boolean;
+}
+//# sourceMappingURL=mcp-server.d.ts.map

package/dist/mcp-server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-server.d.ts","sourceRoot":"","sources":["../src/mcp-server.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAMjE,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,yEAAyE;IACzE,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACtC,gEAAgE;IAChE,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,mEAAmE;IACnE,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACxC,+BAA+B;IAC/B,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAIhB,4DAA4D;IAC5D,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,2DAA2D;IAC3D,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,+CAA+C;IAC/C,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,wEAAwE;IACxE,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,yCAAyC;IACzC,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,wCAAwC;IACxC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,8EAA8E;IAC9E,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,sDAAsD;IACtD,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACpC,+DAA+D;IAC/D,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC7B;AAED,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;;;OAIG;IACH,QAAQ,CAAC,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,KAAK,EAAE,eAAe,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;CAC3G;AAMD,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,MAAM,CAAY;IAC1B,OAAO,CAAC,MAAM,CAA2C;IACzD,OAAO,CAAC,IAAI,CAAgB;IAC5B,OAAO,CAAC,WAAW,CAAS;gBAEhB,IAAI,EAAE,aAAa;IAU/B;;;OAGG;IACH,aAAa,CAAC,KAAK,EAAE,eAAe,GAAG,IAAI;IAI3C;;;OAGG;IACH,UAAU,IAAI,IAAI;IA2DlB;;;;;;;;;;;;;OAaG;IACG,aAAa,CAAC,GAAG,EAAE,eAAe,EAAE,GAAG,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC;IA4C7E;;;;;;;OAOG;IACH,OAAO,CAAC,oBAAoB;IA6B5B;;OAEG;YACW,WAAW;IAwBzB,IAAI,UAAU,IAAI,MAAM,CAEvB;IAED,IAAI,aAAa,IAAI,OAAO,CAE3B;CACF"}

package/dist/mls-state.d.ts

@@ -0,0 +1,16 @@
+/**
+ * Save MLS group state to a per-group file.
+ * State is an opaque serialized string from MLSGroupManager.exportState().
+ */
+export declare function saveMlsState(dataDir: string, groupId: string, state: string): Promise<void>;
+/**
+ * Load MLS group state from a per-group file.
+ * Returns null if the file doesn't exist (first join or after re-join cleanup).
+ */
+export declare function loadMlsState(dataDir: string, groupId: string): Promise<string | null>;
+/**
+ * Delete MLS group state file.
+ * Used when re-joining a group (old state is invalid after re-join).
+ */
+export declare function deleteMlsState(dataDir: string, groupId: string): Promise<void>;
+//# sourceMappingURL=mls-state.d.ts.map

package/dist/mls-state.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mls-state.d.ts","sourceRoot":"","sources":["../src/mls-state.ts"],"names":[],"mappings":"AAYA;;;GAGG;AACH,wBAAsB,YAAY,CAChC,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,IAAI,CAAC,CAIf;AAED;;;GAGG;AACH,wBAAsB,YAAY,CAChC,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAOxB;AAED;;;GAGG;AACH,wBAAsB,cAAc,CAClC,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,IAAI,CAAC,CAOf"}

package/dist/openclaw-compat.d.ts

@@ -0,0 +1,33 @@
+/**
+ * OpenClaw SDK compatibility layer — dynamic import wrappers with caching.
+ *
+ * Each wrapper attempts to import a deep SDK module at runtime. If the import
+ * fails (older gateway, missing SDK), the function returns a no-op result.
+ * Results are cached after the first attempt.
+ *
+ * IMPORTANT: All imports are guarded by try/catch — the plugin degrades
+ * gracefully on older OpenClaw versions.
+ */
+import type { AgentEventPayload, TranscriptUpdatePayload } from "./openclaw-types.js";
+/**
+ * Request an immediate heartbeat wake from the OpenClaw gateway.
+ * Returns true if the heartbeat API was available and called, false otherwise.
+ * Never throws.
+ */
+export declare function requestHeartbeatNow(opts?: {
+    reason?: string;
+}): Promise<boolean>;
+type AgentEventCallback = (event: AgentEventPayload) => void;
+/**
+ * Subscribe to agent-level events (tool_use, reasoning_complete, error, etc.).
+ * Returns an unsubscribe function, or a no-op if the API is unavailable.
+ */
+export declare function onAgentEvent(callback: AgentEventCallback): Promise<() => void>;
+type TranscriptCallback = (update: TranscriptUpdatePayload) => void;
+/**
+ * Subscribe to session transcript updates for behavioral analysis.
+ * Returns an unsubscribe function, or a no-op if the API is unavailable.
+ */
+export declare function onSessionTranscriptUpdate(callback: TranscriptCallback): Promise<() => void>;
+export {};
+//# sourceMappingURL=openclaw-compat.d.ts.map

package/dist/openclaw-compat.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"openclaw-compat.d.ts","sourceRoot":"","sources":["../src/openclaw-compat.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,uBAAuB,EAAE,MAAM,qBAAqB,CAAC;AAQtF;;;;GAIG;AACH,wBAAsB,mBAAmB,CAAC,IAAI,CAAC,EAAE;IAAE,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,OAAO,CAAC,CAmBtF;AAMD,KAAK,kBAAkB,GAAG,CAAC,KAAK,EAAE,iBAAiB,KAAK,IAAI,CAAC;AAG7D;;;GAGG;AACH,wBAAsB,YAAY,CAAC,QAAQ,EAAE,kBAAkB,GAAG,OAAO,CAAC,MAAM,IAAI,CAAC,CAkBpF;AAMD,KAAK,kBAAkB,GAAG,CAAC,MAAM,EAAE,uBAAuB,KAAK,IAAI,CAAC;AAGpE;;;GAGG;AACH,wBAAsB,yBAAyB,CAAC,QAAQ,EAAE,kBAAkB,GAAG,OAAO,CAAC,MAAM,IAAI,CAAC,CAkBjG"}

package/dist/openclaw-entry.d.ts

@@ -0,0 +1,32 @@
+/**
+ * OpenClaw channel plugin entry point.
+ *
+ * Intentionally thin — no heavy imports (libsodium etc.) at module load time.
+ * SecureChannel is dynamically imported inside gateway.startAccount (already async)
+ * so libsodium's top-level await never runs during plugin registration.
+ *
+ * Loaded by OpenClaw via the `openclaw.extensions` field in package.json.
+ */
+import type { OpenClawPluginApi } from "./openclaw-types.js";
+/** Whether OpenClaw managed HTTP routes are active (vs self-managed server). */
+export declare let isUsingManagedRoutes: boolean;
+/** Extract @mention names from plaintext. Returns lowercased names. */
+declare function _parseMentions(text: string): string[];
+/** Determine whether this agent should process a room message based on @mentions and sender type.
+ *
+ * Loop prevention is handled by the rate limiter (_roomCanReply: 4 replies/60s
+ * with 2min cooldown), so we no longer gate on senderIsAgent. All messages
+ * are processed unless they @mention a *different* agent specifically.
+ */
+declare function _shouldProcessRoomMessage(plaintext: string, agentName: string, accountId: string, _senderIsAgent?: boolean): boolean;
+/** Strip the matching @mention prefix from plaintext so the agent sees clean text. */
+declare function _stripMentions(text: string, agentName: string, accountId: string): string;
+export { _parseMentions, _shouldProcessRoomMessage, _stripMentions };
+declare const _default: {
+    id: string;
+    name: string;
+    description: string;
+    register(api: OpenClawPluginApi): void;
+};
+export default _default;
+//# sourceMappingURL=openclaw-entry.d.ts.map

package/dist/openclaw-entry.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"openclaw-entry.d.ts","sourceRoot":"","sources":["../src/openclaw-entry.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAYH,OAAO,KAAK,EACV,iBAAiB,EASlB,MAAM,qBAAqB,CAAC;AA4D7B,gFAAgF;AAChF,eAAO,IAAI,oBAAoB,SAAQ,CAAC;AA+CxC,uEAAuE;AACvE,iBAAS,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,EAAE,CAS9C;AAED;;;;;GAKG;AACH,iBAAS,yBAAyB,CAChC,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,EACjB,cAAc,CAAC,EAAE,OAAO,GACvB,OAAO,CAgBT;AAED,sFAAsF;AACtF,iBAAS,cAAc,CACrB,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,GAChB,MAAM,CAiBR;AAokCD,OAAO,EAAE,cAAc,EAAE,yBAAyB,EAAE,cAAc,EAAE,CAAC;;;;;kBAQrD,iBAAiB;;AAJjC,wBA+WE"}

package/dist/openclaw-plugin.d.ts

@@ -0,0 +1,102 @@
+/**
+ * AgentVault OpenClaw Channel Plugin
+ *
+ * Registers AgentVault as a first-class OpenClaw messaging channel.
+ * Messages from the AgentVault UI are decrypted and routed into the
+ * OpenClaw agent loop; agent replies are encrypted and sent back.
+ *
+ * Installation (one-time):
+ *   npx @agentvault/agentvault setup --token=av_tok_...
+ *
+ * After setup, restart OpenClaw — no further configuration needed.
+ */
+import { SecureChannel } from "./channel.js";
+import { listAccountIds, resolveAccount, type ResolvedAccount } from "./account-config.js";
+import type { PluginRuntime, ChannelGatewayContext, ChannelOutboundPayloadContext } from "./openclaw-types.js";
+export declare function setOcRuntime(runtime: PluginRuntime): void;
+export declare function getActiveChannel(accountId?: string): SecureChannel | undefined;
+export declare const agentVaultPlugin: {
+    id: string;
+    meta: {
+        id: string;
+        label: string;
+        selectionLabel: string;
+        docsPath: string;
+        blurb: string;
+        aliases: string[];
+    };
+    capabilities: {
+        chatTypes: string[];
+    };
+    config: {
+        listAccountIds: typeof listAccountIds;
+        resolveAccount: typeof resolveAccount;
+    };
+    gateway: {
+        /** Health probe for `openclaw channels status --probe` */
+        probe: (ctx: any) => Promise<{
+            ok: boolean;
+            status: string;
+            error: string;
+            deviceId?: undefined;
+            sessions?: undefined;
+        } | {
+            ok: boolean;
+            status: import("./types.js").ChannelState;
+            deviceId: string | undefined;
+            sessions: number;
+            error?: undefined;
+        }>;
+        /** Status for `openclaw health --json` per-channel summary */
+        status: (ctx: any) => {
+            connected: boolean;
+            status: string;
+            deviceId?: undefined;
+            sessions?: undefined;
+            encrypted?: undefined;
+        } | {
+            connected: boolean;
+            status: import("./types.js").ChannelState;
+            deviceId: string | undefined;
+            sessions: number;
+            encrypted: boolean;
+        };
+        startAccount: (ctx: ChannelGatewayContext<ResolvedAccount>) => Promise<{
+            stop: () => Promise<void>;
+        }>;
+    };
+    outbound: {
+        deliveryMode: "direct";
+        targets: {
+            id: string;
+            label: string;
+            accountId: string;
+        }[];
+        sendText: ({ text, accountId, targetId, }: {
+            text: string;
+            accountId?: string;
+            targetId?: string;
+        }) => Promise<{
+            ok: boolean;
+            error?: string;
+        }>;
+        sendMedia: ({ text, mediaUrl, accountId, }: {
+            to: string;
+            text?: string;
+            mediaUrl: string;
+            accountId?: string;
+        }) => Promise<{
+            ok: boolean;
+            error?: string;
+        }>;
+        /** Rich payload delivery — OpenClaw v2026.3.2+ */
+        sendPayload: (ctx: ChannelOutboundPayloadContext) => Promise<{
+            ok: boolean;
+            error: string;
+        } | {
+            ok: boolean;
+            error?: undefined;
+        }>;
+    };
+};
+//# sourceMappingURL=openclaw-plugin.d.ts.map

package/dist/openclaw-plugin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"openclaw-plugin.d.ts","sourceRoot":"","sources":["../src/openclaw-plugin.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,KAAK,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAI3F,OAAO,KAAK,EACV,aAAa,EACb,qBAAqB,EACrB,6BAA6B,EAC9B,MAAM,qBAAqB,CAAC;AAS7B,wBAAgB,YAAY,CAAC,OAAO,EAAE,aAAa,GAAG,IAAI,CAEzD;AAED,wBAAgB,gBAAgB,CAAC,SAAS,SAAY,GAAG,aAAa,GAAG,SAAS,CAEjF;AAMD,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;QAkBzB,0DAA0D;qBACvC,GAAG;;;;;;;;;;;;;QAatB,8DAA8D;sBAChD,GAAG;;;;;;;;;;;;;4BAaS,qBAAqB,CAAC,eAAe,CAAC;;;;;;;;;;;mDA0F7D;YACD,IAAI,EAAE,MAAM,CAAC;YACb,SAAS,CAAC,EAAE,MAAM,CAAC;YACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;SACnB,KAAG,OAAO,CAAC;YAAE,EAAE,EAAE,OAAO,CAAC;YAAC,KAAK,CAAC,EAAE,MAAM,CAAA;SAAE,CAAC;oDAkBzC;YACD,EAAE,EAAE,MAAM,CAAC;YACX,IAAI,CAAC,EAAE,MAAM,CAAC;YACd,QAAQ,EAAE,MAAM,CAAC;YACjB,SAAS,CAAC,EAAE,MAAM,CAAC;SACpB,KAAG,OAAO,CAAC;YAAE,EAAE,EAAE,OAAO,CAAC;YAAC,KAAK,CAAC,EAAE,MAAM,CAAA;SAAE,CAAC;QAe5C,kDAAkD;2BACzB,6BAA6B;;;;;;;;CA8BzD,CAAC"}

package/dist/openclaw-types.d.ts

@@ -0,0 +1,186 @@
+/**
+ * OpenClaw SDK type re-exports with inline fallback declarations.
+ *
+ * If `openclaw` is installed, we re-export the actual SDK types for full
+ * type-safety. Otherwise, we declare compatible fallback types so the
+ * plugin compiles standalone (e.g., during npm publish or in older envs).
+ *
+ * IMPORTANT: All runtime usage of OpenClaw APIs must still use feature
+ * detection (typeof checks, try/catch dynamic imports) — these types
+ * are purely for compile-time correctness.
+ */
+/** OpenClaw plugin API passed to register(). */
+export interface OpenClawPluginApi {
+    runtime: PluginRuntime;
+    registerChannel(opts: {
+        plugin: unknown;
+    }): void;
+    registerTool?(opts: unknown, flags?: {
+        optional?: boolean;
+    }): void;
+    registerCommand?(opts: unknown): void;
+    registerHttpRoute?(opts: HttpRouteRegistration): void;
+    on?(event: string, handler: (...args: any[]) => void | Promise<void>): void;
+}
+/** OpenClaw runtime object — exposes channel, error, and other subsystems. */
+export interface PluginRuntime {
+    channel: {
+        routing: {
+            resolveAgentRoute(opts: unknown): {
+                agentId: string;
+                sessionKey: string;
+            };
+        };
+        session: {
+            resolveStorePath(store: unknown, opts: {
+                agentId: string;
+            }): string;
+            readSessionUpdatedAt(opts: {
+                storePath: string;
+                sessionKey: string;
+            }): number | undefined;
+            recordInboundSession(opts: unknown): Promise<void>;
+        };
+        reply: {
+            resolveEnvelopeFormatOptions(cfg: unknown): unknown;
+            formatAgentEnvelope(opts: unknown): string;
+            finalizeInboundContext(payload: Record<string, unknown>): Record<string, unknown>;
+            dispatchReplyWithBufferedBlockDispatcher(opts: unknown): Promise<void>;
+        };
+    };
+    error?(...args: unknown[]): void;
+}
+/** Context passed to gateway.startAccount(). */
+export interface ChannelGatewayContext<TAccount = ResolvedAccountBase> {
+    account: TAccount;
+    cfg: unknown;
+    log?: {
+        info(msg: string): void;
+        warn?(msg: string): void;
+        error?(msg: string): void;
+    } | ((msg: string) => void);
+    abortSignal?: AbortSignal;
+}
+/** Minimal resolved account shape from OpenClaw config resolution. */
+export interface ResolvedAccountBase {
+    accountId: string;
+    configured: boolean;
+    dataDir: string;
+    apiUrl: string;
+    agentName: string;
+    httpPort: number;
+}
+/** Context passed to outbound.sendPayload(). */
+export interface ChannelOutboundPayloadContext {
+    payload: ReplyPayload;
+    sessionKey: string;
+    accountId?: string;
+    targetId?: string;
+}
+/** Structured reply payload from OpenClaw v2026.3.2+. */
+export interface ReplyPayload {
+    text?: string;
+    mediaUrls?: string[];
+    isReasoning?: boolean;
+    suggestedActions?: SuggestedAction[];
+    metadata?: Record<string, unknown>;
+}
+/** Suggested action attached to a reply payload. */
+export interface SuggestedAction {
+    label: string;
+    action: string;
+    payload?: Record<string, unknown>;
+}
+/** Registration options for registerHttpRoute(). */
+export interface HttpRouteRegistration {
+    path: string;
+    method?: "GET" | "POST" | "PUT" | "DELETE";
+    handler: (req: HttpRouteRequest) => Promise<HttpRouteResponse> | HttpRouteResponse;
+}
+/** Simplified request object from OpenClaw managed HTTP routes. */
+export interface HttpRouteRequest {
+    method: string;
+    path: string;
+    headers: Record<string, string>;
+    body?: unknown;
+    remoteAddress?: string;
+}
+/** Response object for OpenClaw managed HTTP routes. */
+export interface HttpRouteResponse {
+    status: number;
+    headers?: Record<string, string>;
+    body: unknown;
+}
+/** Hook event for message_sent. */
+export interface MessageSentEvent {
+    messageId: string;
+    channelId: string;
+    sessionKey: string;
+    timestamp: number;
+    deliveryStatus: "delivered" | "failed" | "pending";
+}
+/** Hook event for session_start. */
+export interface SessionStartEvent {
+    sessionKey: string;
+    agentId: string;
+    timestamp: number;
+}
+/** Hook event for session_end. */
+export interface SessionEndEvent {
+    sessionKey: string;
+    agentId: string;
+    timestamp: number;
+    reason?: string;
+}
+/** Agent event payload from openclaw/dist/plugin-sdk/infra/agent-events.js. */
+export interface AgentEventPayload {
+    type: string;
+    agentId: string;
+    timestamp: number;
+    data?: Record<string, unknown>;
+}
+/** Transcript update payload from openclaw/dist/plugin-sdk/sessions/transcript-events.js. */
+export interface TranscriptUpdatePayload {
+    sessionKey: string;
+    delta: string;
+    timestamp: number;
+    role?: "assistant" | "user" | "system";
+}
+/** Hook event for before_tool_call (OpenClaw v2026.3.28+). */
+export interface BeforeToolCallEvent {
+    toolName: string;
+    args: Record<string, unknown>;
+    agentId: string;
+    sessionKey: string;
+}
+/** Result returned from before_tool_call hook. */
+export interface BeforeToolCallResult {
+    /** If true, pause execution and ask owner for approval */
+    requireApproval?: boolean;
+    /** Reason shown in the approval overlay */
+    approvalReason?: string;
+    /** If true, block the tool call entirely */
+    blocked?: boolean;
+    /** Reason for blocking */
+    blockedReason?: string;
+}
+/** Hook event for before_dispatch (OpenClaw v2026.3.28+). */
+export interface BeforeDispatchEvent {
+    channelId: string;
+    agentId: string;
+    sessionKey: string;
+    inbound: {
+        text: string;
+        sender?: string;
+        metadata?: Record<string, unknown>;
+    };
+}
+/** Hook handler map type. */
+export type PluginHookHandlerMap = {
+    message_sent?: (event: MessageSentEvent) => void | Promise<void>;
+    session_start?: (event: SessionStartEvent) => void | Promise<void>;
+    session_end?: (event: SessionEndEvent) => void | Promise<void>;
+    before_tool_call?: (event: BeforeToolCallEvent) => BeforeToolCallResult | Promise<BeforeToolCallResult>;
+    before_dispatch?: (event: BeforeDispatchEvent) => void | Promise<void>;
+};
+//# sourceMappingURL=openclaw-types.d.ts.map

package/dist/openclaw-types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"openclaw-types.d.ts","sourceRoot":"","sources":["../src/openclaw-types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AASH,gDAAgD;AAChD,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,aAAa,CAAC;IACvB,eAAe,CAAC,IAAI,EAAE;QAAE,MAAM,EAAE,OAAO,CAAA;KAAE,GAAG,IAAI,CAAC;IACjD,YAAY,CAAC,CAAC,IAAI,EAAE,OAAO,EAAE,KAAK,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,OAAO,CAAA;KAAE,GAAG,IAAI,CAAC;IACnE,eAAe,CAAC,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI,CAAC;IACtC,iBAAiB,CAAC,CAAC,IAAI,EAAE,qBAAqB,GAAG,IAAI,CAAC;IACtD,EAAE,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;CAC7E;AAED,8EAA8E;AAC9E,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE;QACP,OAAO,EAAE;YAAE,iBAAiB,CAAC,IAAI,EAAE,OAAO,GAAG;gBAAE,OAAO,EAAE,MAAM,CAAC;gBAAC,UAAU,EAAE,MAAM,CAAA;aAAE,CAAA;SAAE,CAAC;QACvF,OAAO,EAAE;YACP,gBAAgB,CAAC,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE;gBAAE,OAAO,EAAE,MAAM,CAAA;aAAE,GAAG,MAAM,CAAC;YACpE,oBAAoB,CAAC,IAAI,EAAE;gBAAE,SAAS,EAAE,MAAM,CAAC;gBAAC,UAAU,EAAE,MAAM,CAAA;aAAE,GAAG,MAAM,GAAG,SAAS,CAAC;YAC1F,oBAAoB,CAAC,IAAI,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;SACpD,CAAC;QACF,KAAK,EAAE;YACL,4BAA4B,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC;YACpD,mBAAmB,CAAC,IAAI,EAAE,OAAO,GAAG,MAAM,CAAC;YAC3C,sBAAsB,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YAClF,wCAAwC,CAAC,IAAI,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;SACxE,CAAC;KACH,CAAC;IACF,KAAK,CAAC,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;CAClC;AAED,gDAAgD;AAChD,MAAM,WAAW,qBAAqB,CAAC,QAAQ,GAAG,mBAAmB;IACnE,OAAO,EAAE,QAAQ,CAAC;IAClB,GAAG,EAAE,OAAO,CAAC;IACb,GAAG,CAAC,EAAE;QAAE,IAAI,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,IAAI,CAAC,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,KAAK,CAAC,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,GAAG,CAAC,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC,CAAC;IACjH,WAAW,CAAC,EAAE,WAAW,CAAC;CAC3B;AAED,sEAAsE;AACtE,MAAM,WAAW,mBAAmB;IAClC,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,OAAO,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,gDAAgD;AAChD,MAAM,WAAW,6BAA6B;IAC5C,OAAO,EAAE,YAAY,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,yDAAyD;AACzD,MAAM,WAAW,YAAY;IAC3B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,gBAAgB,CAAC,EAAE,eAAe,EAAE,CAAC;IACrC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED,oDAAoD;AACpD,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED,oDAAoD;AACpD,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,KAAK,GAAG,MAAM,GAAG,KAAK,GAAG,QAAQ,CAAC;IAC3C,OAAO,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,OAAO,CAAC,iBAAiB,CAAC,GAAG,iBAAiB,CAAC;CACpF;AAED,mEAAmE;AACnE,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,wDAAwD;AACxD,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,IAAI,EAAE,OAAO,CAAC;CACf;AAED,mCAAmC;AACnC,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,WAAW,GAAG,QAAQ,GAAG,SAAS,CAAC;CACpD;AAED,oCAAoC;AACpC,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,kCAAkC;AAClC,MAAM,WAAW,eAAe;IAC9B,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,+EAA+E;AAC/E,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAChC;AAED,6FAA6F;AAC7F,MAAM,WAAW,uBAAuB;IACtC,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,EAAE,WAAW,GAAG,MAAM,GAAG,QAAQ,CAAC;CACxC;AAED,8DAA8D;AAC9D,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,kDAAkD;AAClD,MAAM,WAAW,oBAAoB;IACnC,0DAA0D;IAC1D,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,2CAA2C;IAC3C,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,4CAA4C;IAC5C,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,0BAA0B;IAC1B,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,6DAA6D;AAC7D,MAAM,WAAW,mBAAmB;IAClC,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE;QACP,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KACpC,CAAC;CACH;AAED,6BAA6B;AAC7B,MAAM,MAAM,oBAAoB,GAAG;IACjC,YAAY,CAAC,EAAE,CAAC,KAAK,EAAE,gBAAgB,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACjE,aAAa,CAAC,EAAE,CAAC,KAAK,EAAE,iBAAiB,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACnE,WAAW,CAAC,EAAE,CAAC,KAAK,EAAE,eAAe,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/D,gBAAgB,CAAC,EAAE,CAAC,KAAK,EAAE,mBAAmB,KAAK,oBAAoB,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAC;IACxG,eAAe,CAAC,EAAE,CAAC,KAAK,EAAE,mBAAmB,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACxE,CAAC"}

package/dist/policy-enforcer.d.ts

@@ -0,0 +1,78 @@
+/**
+ * Policy Enforcer — validates skill invocations against the 5-stage policy pipeline.
+ *
+ * Pipeline stages:
+ *   1. Parse    — extract action intent from request
+ *   2. Validate — schema validation of policy rules
+ *   3. Enforce  — apply tool, model, and rate policies
+ *   4. Log      — emit av.policy.evaluate telemetry span
+ *   5. Report   — aggregate policy metrics
+ *
+ * Integration points:
+ *   - AgentVaultMcpServer wraps tool handlers with enforce()
+ *   - Channel.deliver() checks before forwarding sensitive messages
+ *   - agentvault_check_policy MCP tool calls evaluate()
+ */
+import type { SkillDefinition } from "./mcp-server.js";
+import { type TelemetrySpan } from "@agentvault/crypto";
+export interface PolicyContext {
+    skillName: string;
+    toolName?: string;
+    model?: string;
+    args?: Record<string, unknown>;
+    agentId?: string;
+}
+export interface PolicyResult {
+    allowed: boolean;
+    violations: PolicyViolation[];
+    stage: "parse" | "validate" | "enforce" | "log" | "report";
+}
+export interface PolicyViolation {
+    ruleId: string;
+    scope: "tool" | "model" | "rate" | "network" | "custom";
+    action: "block" | "warn" | "log";
+    type: string;
+    message: string;
+    details?: Record<string, unknown>;
+}
+export interface PolicyMetrics {
+    totalEvaluations: number;
+    totalBlocks: number;
+    totalWarnings: number;
+    bySkill: Record<string, {
+        evaluations: number;
+        blocks: number;
+    }>;
+    byRule: Record<string, number>;
+}
+export declare class PolicyEnforcer {
+    private skills;
+    private metrics;
+    private spanBuffer;
+    /**
+     * Register a skill definition for policy evaluation.
+     */
+    registerSkill(skill: SkillDefinition): void;
+    /**
+     * Full 5-stage policy pipeline evaluation.
+     */
+    evaluate(ctx: PolicyContext): PolicyResult;
+    /**
+     * Wrap an MCP tool handler with policy enforcement.
+     * Returns a function that checks policy before calling the original handler.
+     */
+    wrapHandler(skillName: string, handler: (args: Record<string, unknown>) => Promise<unknown>): (args: Record<string, unknown>) => Promise<unknown>;
+    /**
+     * Get accumulated policy metrics.
+     */
+    getMetrics(): PolicyMetrics;
+    /**
+     * Drain buffered telemetry spans.
+     */
+    drainSpans(): TelemetrySpan[];
+    /**
+     * Reset all metrics (for testing).
+     */
+    resetMetrics(): void;
+}
+//# sourceMappingURL=policy-enforcer.d.ts.map

package/dist/policy-enforcer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-enforcer.d.ts","sourceRoot":"","sources":["../src/policy-enforcer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AACH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AACvD,OAAO,EAEL,KAAK,aAAa,EACnB,MAAM,oBAAoB,CAAC;AAM5B,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/B,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,EAAE,eAAe,EAAE,CAAC;IAC9B,KAAK,EAAE,OAAO,GAAG,UAAU,GAAG,SAAS,GAAG,KAAK,GAAG,QAAQ,CAAC;CAC5D;AAED,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,GAAG,OAAO,GAAG,MAAM,GAAG,SAAS,GAAG,QAAQ,CAAC;IACxD,MAAM,EAAE,OAAO,GAAG,MAAM,GAAG,KAAK,CAAC;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED,MAAM,WAAW,aAAa;IAC5B,gBAAgB,EAAE,MAAM,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE;QAAE,WAAW,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACjE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAChC;AAMD,qBAAa,cAAc;IACzB,OAAO,CAAC,MAAM,CAA2C;IACzD,OAAO,CAAC,OAAO,CAMb;IACF,OAAO,CAAC,UAAU,CAAuB;IAEzC;;OAEG;IACH,aAAa,CAAC,KAAK,EAAE,eAAe,GAAG,IAAI;IAI3C;;OAEG;IACH,QAAQ,CAAC,GAAG,EAAE,aAAa,GAAG,YAAY;IAyF1C;;;OAGG;IACH,WAAW,CACT,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,OAAO,CAAC,GAC3D,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,OAAO,CAAC;IAsBtD;;OAEG;IACH,UAAU,IAAI,aAAa;IAI3B;;OAEG;IACH,UAAU,IAAI,aAAa,EAAE;IAM7B;;OAEG;IACH,YAAY,IAAI,IAAI;CASrB"}

package/dist/setup.d.ts

@@ -0,0 +1,27 @@
+/**
+ * AgentVault one-time setup command.
+ *
+ * Runs enrollment + waits for owner approval + persists state,
+ * then auto-registers the agentvault channel in openclaw config.
+ *
+ * Usage: npx @agentvault/agentvault setup --token=av_tok_...
+ */
+export declare function runSetupCommand(options: {
+    token: string;
+    name: string;
+    apiUrl: string;
+    dataDir: string;
+    accountId?: string;
+    force?: boolean;
+}): Promise<void>;
+/**
+ * Install/update the plugin in OpenClaw's extensions directory.
+ * Returns true if the plugin is installed (or was already up-to-date).
+ */
+export declare function installPlugin(env: NodeJS.ProcessEnv): boolean;
+/**
+ * Configure pm2 to manage the OpenClaw gateway process.
+ * Returns true if pm2 was configured (or already configured).
+ */
+export declare function configurePm2(env: NodeJS.ProcessEnv): boolean;
+//# sourceMappingURL=setup.d.ts.map

package/dist/setup.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"setup.d.ts","sourceRoot":"","sources":["../src/setup.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AASH,wBAAsB,eAAe,CAAC,OAAO,EAAE;IAC7C,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB,GAAG,OAAO,CAAC,IAAI,CAAC,CA0ShB;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,CAAC,UAAU,GAAG,OAAO,CAqC7D;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,GAAG,EAAE,MAAM,CAAC,UAAU,GAAG,OAAO,CA4D5D"}