@axonflow/openclaw 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -1
- package/README.md +15 -1
- package/dist/audit.d.ts.map +1 -1
- package/dist/audit.js +2 -0
- package/dist/audit.js.map +1 -1
- package/dist/governance.d.ts.map +1 -1
- package/dist/governance.js +8 -0
- package/dist/governance.js.map +1 -1
- package/dist/index.d.ts +6 -12
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +34 -12
- package/dist/index.js.map +1 -1
- package/dist/llm-audit.d.ts.map +1 -1
- package/dist/llm-audit.js +2 -0
- package/dist/llm-audit.js.map +1 -1
- package/dist/message-guard.d.ts.map +1 -1
- package/dist/message-guard.js +6 -1
- package/dist/message-guard.js.map +1 -1
- package/dist/metrics.d.ts +43 -0
- package/dist/metrics.d.ts.map +1 -0
- package/dist/metrics.js +58 -0
- package/dist/metrics.js.map +1 -0
- package/dist/telemetry.d.ts +34 -0
- package/dist/telemetry.d.ts.map +1 -0
- package/dist/telemetry.js +153 -0
- package/dist/telemetry.js.map +1 -0
- package/package.json +3 -2
package/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
-
## [0.
|
|
3
|
+
## [0.2.0] - 2026-04-01 (initial public release)
|
|
4
4
|
|
|
5
5
|
### Added
|
|
6
6
|
|
|
@@ -12,6 +12,9 @@
|
|
|
12
12
|
- High-risk tool approval: configurable tool list triggers OpenClaw's native approval flow even when AxonFlow allows the call.
|
|
13
13
|
- Configurable governance scope: govern all tools, specific tools only, or exclude specific tools.
|
|
14
14
|
- Fail-open/fail-closed: `onError` config controls behavior when AxonFlow is unreachable.
|
|
15
|
+
- **Startup health check**: Verifies AxonFlow connectivity on plugin initialization. Logs a warning if unreachable, indicating whether the plugin will fail-open or fail-closed.
|
|
16
|
+
- **Governance metrics**: In-process counters for tool calls (evaluated, blocked, approved, allowed), messages (scanned, cancelled, redacted), audit events, and errors. Accessible via `getMetrics()` for debugging and monitoring.
|
|
17
|
+
- **Usage telemetry**: Anonymous checkpoint ping on initialization reporting SDK version, platform info, and hook configuration. Respects `DO_NOT_TRACK=1` and `AXONFLOW_TELEMETRY=off`. Suppressed for localhost endpoints.
|
|
15
18
|
- Starter policy documentation with SQL setup for OpenClaw production baseline.
|
|
16
19
|
|
|
17
20
|
### Not Yet Supported
|
package/README.md
CHANGED
|
@@ -12,7 +12,7 @@ This plugin is useful when you want to:
|
|
|
12
12
|
|
|
13
13
|
Much of the OpenClaw ecosystem today focuses on routing, memory, integrations, and observability. This plugin focuses on governance: policy enforcement, approval gates, and reviewable audit trails.
|
|
14
14
|
|
|
15
|
-
## What
|
|
15
|
+
## What It Does
|
|
16
16
|
|
|
17
17
|
| Hook | Purpose |
|
|
18
18
|
|------|---------|
|
|
@@ -22,6 +22,10 @@ Much of the OpenClaw ecosystem today focuses on routing, memory, integrations, a
|
|
|
22
22
|
| `llm_input` | Record prompt, model, and provider for audit |
|
|
23
23
|
| `llm_output` | Record response summary, token usage, and latency for audit |
|
|
24
24
|
|
|
25
|
+
The plugin also:
|
|
26
|
+
- **Verifies AxonFlow connectivity** on startup and logs a warning if unreachable
|
|
27
|
+
- **Tracks governance metrics** in-process (tool calls blocked/allowed, messages redacted, etc.) accessible via `getMetrics()`
|
|
28
|
+
|
|
25
29
|
## Current Limitation
|
|
26
30
|
|
|
27
31
|
Tool results written into the OpenClaw session transcript are not yet scanned by this plugin. OpenClaw's `tool_result_persist` hook is synchronous today, so it cannot call AxonFlow's HTTP policy APIs.
|
|
@@ -121,6 +125,16 @@ Tool result persisted to session transcript
|
|
|
121
125
|
Message delivered to user channel
|
|
122
126
|
```
|
|
123
127
|
|
|
128
|
+
## Telemetry
|
|
129
|
+
|
|
130
|
+
This plugin sends an anonymous telemetry ping on initialization to help us understand usage patterns. The ping includes: plugin version, platform info (OS, architecture, Node.js version), AxonFlow platform version, and hook configuration (count, onError mode). No PII, no tool arguments, no policy data.
|
|
131
|
+
|
|
132
|
+
Opt out:
|
|
133
|
+
- `DO_NOT_TRACK=1` (standard)
|
|
134
|
+
- `AXONFLOW_TELEMETRY=off`
|
|
135
|
+
|
|
136
|
+
Telemetry is automatically suppressed for localhost/loopback endpoints.
|
|
137
|
+
|
|
124
138
|
## Prerequisites
|
|
125
139
|
|
|
126
140
|
- [AxonFlow](https://github.com/getaxonflow/axonflow) running (Docker or production)
|
package/dist/audit.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../src/audit.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../src/audit.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAIxD;;;;GAIG;AACH,wBAAgB,0BAA0B,CACxC,MAAM,EAAE,cAAc,EACtB,MAAM,EAAE,oBAAoB,IAEd,OAAO;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAChC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,KAAG,OAAO,CAAC,IAAI,CAAC,CAkBlB"}
|
package/dist/audit.js
CHANGED
|
@@ -5,6 +5,7 @@
|
|
|
5
5
|
* Fire-and-forget: audit failures do not block tool execution.
|
|
6
6
|
*/
|
|
7
7
|
import { shouldGovernTool } from "./config.js";
|
|
8
|
+
import { recordAuditEventSent } from "./metrics.js";
|
|
8
9
|
/**
|
|
9
10
|
* Create the after_tool_call hook handler.
|
|
10
11
|
*
|
|
@@ -17,6 +18,7 @@ export function createAfterToolCallHandler(client, config) {
|
|
|
17
18
|
}
|
|
18
19
|
try {
|
|
19
20
|
await client.auditToolCall(event.toolName, event.params, event.result, event.error, event.durationMs);
|
|
21
|
+
recordAuditEventSent();
|
|
20
22
|
}
|
|
21
23
|
catch {
|
|
22
24
|
// Fire-and-forget: audit failures must not interfere with tool pipeline
|
package/dist/audit.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"audit.js","sourceRoot":"","sources":["../src/audit.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"audit.js","sourceRoot":"","sources":["../src/audit.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AAEpD;;;;GAIG;AACH,MAAM,UAAU,0BAA0B,CACxC,MAAsB,EACtB,MAA4B;IAE5B,OAAO,KAAK,EAAE,KAQb,EAAiB,EAAE;QAClB,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,QAAQ,EAAE,MAAM,CAAC,EAAE,CAAC;YAC9C,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,aAAa,CACxB,KAAK,CAAC,QAAQ,EACd,KAAK,CAAC,MAAM,EACZ,KAAK,CAAC,MAAM,EACZ,KAAK,CAAC,KAAK,EACX,KAAK,CAAC,UAAU,CACjB,CAAC;YACF,oBAAoB,EAAE,CAAC;QACzB,CAAC;QAAC,MAAM,CAAC;YACP,wEAAwE;QAC1E,CAAC;IACH,CAAC,CAAC;AACJ,CAAC"}
|
package/dist/governance.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"governance.d.ts","sourceRoot":"","sources":["../src/governance.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"governance.d.ts","sourceRoot":"","sources":["../src/governance.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAUxD,sEAAsE;AACtE,MAAM,WAAW,oBAAoB;IACnC,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,eAAe,CAAC,EAAE;QAChB,KAAK,EAAE,MAAM,CAAC;QACd,WAAW,EAAE,MAAM,CAAC;QACpB,QAAQ,CAAC,EAAE,MAAM,GAAG,SAAS,GAAG,UAAU,CAAC;QAC3C,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,eAAe,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC;KACpC,CAAC;CACH;AAED,2EAA2E;AAC3E,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAE5D;AAED;;;;;;;;;GASG;AACH,wBAAgB,2BAA2B,CACzC,MAAM,EAAE,cAAc,EACtB,MAAM,EAAE,oBAAoB,IAEd,OAAO;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAChC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,KAAG,OAAO,CAAC,oBAAoB,GAAG,SAAS,CAAC,CAyD9C"}
|
package/dist/governance.js
CHANGED
|
@@ -5,6 +5,7 @@
|
|
|
5
5
|
* Can block the call, require human approval, or allow through.
|
|
6
6
|
*/
|
|
7
7
|
import { shouldGovernTool } from "./config.js";
|
|
8
|
+
import { recordToolCallEvaluated, recordToolCallBlocked, recordToolCallApprovalRequired, recordToolCallAllowed, recordGovernanceError, } from "./metrics.js";
|
|
8
9
|
/** Derive connector_type from tool name for AxonFlow policy evaluation. */
|
|
9
10
|
export function deriveConnectorType(toolName) {
|
|
10
11
|
return `openclaw.${toolName}`;
|
|
@@ -24,6 +25,7 @@ export function createBeforeToolCallHandler(client, config) {
|
|
|
24
25
|
if (!shouldGovernTool(event.toolName, config)) {
|
|
25
26
|
return undefined;
|
|
26
27
|
}
|
|
28
|
+
recordToolCallEvaluated();
|
|
27
29
|
const connectorType = deriveConnectorType(event.toolName);
|
|
28
30
|
const statement = JSON.stringify(event.params);
|
|
29
31
|
let check;
|
|
@@ -31,15 +33,19 @@ export function createBeforeToolCallHandler(client, config) {
|
|
|
31
33
|
check = await client.mcpCheckInput(connectorType, statement, config.defaultOperation ?? "execute");
|
|
32
34
|
}
|
|
33
35
|
catch (err) {
|
|
36
|
+
recordGovernanceError();
|
|
34
37
|
if (config.onError === "allow") {
|
|
38
|
+
recordToolCallAllowed();
|
|
35
39
|
return undefined; // Fail-open: allow tool execution
|
|
36
40
|
}
|
|
41
|
+
recordToolCallBlocked();
|
|
37
42
|
return {
|
|
38
43
|
block: true,
|
|
39
44
|
blockReason: `AxonFlow unreachable: ${err instanceof Error ? err.message : "unknown error"}`,
|
|
40
45
|
};
|
|
41
46
|
}
|
|
42
47
|
if (!check.allowed) {
|
|
48
|
+
recordToolCallBlocked();
|
|
43
49
|
return {
|
|
44
50
|
block: true,
|
|
45
51
|
blockReason: check.block_reason ?? "Blocked by AxonFlow policy",
|
|
@@ -48,6 +54,7 @@ export function createBeforeToolCallHandler(client, config) {
|
|
|
48
54
|
// High-risk tools get approval even when policy allows
|
|
49
55
|
if (config.highRiskTools &&
|
|
50
56
|
config.highRiskTools.includes(event.toolName)) {
|
|
57
|
+
recordToolCallApprovalRequired();
|
|
51
58
|
return {
|
|
52
59
|
requireApproval: {
|
|
53
60
|
title: `AxonFlow: ${event.toolName} requires approval`,
|
|
@@ -58,6 +65,7 @@ export function createBeforeToolCallHandler(client, config) {
|
|
|
58
65
|
},
|
|
59
66
|
};
|
|
60
67
|
}
|
|
68
|
+
recordToolCallAllowed();
|
|
61
69
|
return undefined;
|
|
62
70
|
};
|
|
63
71
|
}
|
package/dist/governance.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"governance.js","sourceRoot":"","sources":["../src/governance.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"governance.js","sourceRoot":"","sources":["../src/governance.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EACL,uBAAuB,EACvB,qBAAqB,EACrB,8BAA8B,EAC9B,qBAAqB,EACrB,qBAAqB,GACtB,MAAM,cAAc,CAAC;AAgBtB,2EAA2E;AAC3E,MAAM,UAAU,mBAAmB,CAAC,QAAgB;IAClD,OAAO,YAAY,QAAQ,EAAE,CAAC;AAChC,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,2BAA2B,CACzC,MAAsB,EACtB,MAA4B;IAE5B,OAAO,KAAK,EAAE,KAKb,EAA6C,EAAE;QAC9C,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,QAAQ,EAAE,MAAM,CAAC,EAAE,CAAC;YAC9C,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,uBAAuB,EAAE,CAAC;QAC1B,MAAM,aAAa,GAAG,mBAAmB,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QAC1D,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAE/C,IAAI,KAAK,CAAC;QACV,IAAI,CAAC;YACH,KAAK,GAAG,MAAM,MAAM,CAAC,aAAa,CAChC,aAAa,EACb,SAAS,EACT,MAAM,CAAC,gBAAgB,IAAI,SAAS,CACrC,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,qBAAqB,EAAE,CAAC;YACxB,IAAI,MAAM,CAAC,OAAO,KAAK,OAAO,EAAE,CAAC;gBAC/B,qBAAqB,EAAE,CAAC;gBACxB,OAAO,SAAS,CAAC,CAAC,kCAAkC;YACtD,CAAC;YACD,qBAAqB,EAAE,CAAC;YACxB,OAAO;gBACL,KAAK,EAAE,IAAI;gBACX,WAAW,EAAE,yBAAyB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE;aAC7F,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;YACnB,qBAAqB,EAAE,CAAC;YACxB,OAAO;gBACL,KAAK,EAAE,IAAI;gBACX,WAAW,EAAE,KAAK,CAAC,YAAY,IAAI,4BAA4B;aAChE,CAAC;QACJ,CAAC;QAED,uDAAuD;QACvD,IACE,MAAM,CAAC,aAAa;YACpB,MAAM,CAAC,aAAa,CAAC,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,EAC7C,CAAC;YACD,8BAA8B,EAAE,CAAC;YACjC,OAAO;gBACL,eAAe,EAAE;oBACf,KAAK,EAAE,aAAa,KAAK,CAAC,QAAQ,oBAAoB;oBACtD,WAAW,EAAE,mCAAmC,KAAK,CAAC,kBAAkB,sBAAsB;oBAC9F,QAAQ,EAAE,SAAS;oBACnB,SAAS,EAAE,MAAM;oBACjB,eAAe,EAAE,MAAM;iBACxB;aACF,CAAC;QACJ,CAAC;QAED,qBAAqB,EAAE,CAAC;QACxB,OAAO,SAAS,CAAC;IACnB,CAAC,CAAC;AACJ,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -30,32 +30,26 @@
|
|
|
30
30
|
* Outbound messages ARE scanned via message_sending. See upstream issue
|
|
31
31
|
* for async hook support.
|
|
32
32
|
*/
|
|
33
|
+
/** Plugin version — update before each release. */
|
|
34
|
+
export declare const VERSION = "0.2.0";
|
|
33
35
|
export { AxonFlowClient } from "./axonflow-client.js";
|
|
34
36
|
export type { AxonFlowPluginConfig } from "./config.js";
|
|
35
37
|
export { resolveConfig, shouldGovernTool } from "./config.js";
|
|
36
38
|
export { deriveConnectorType } from "./governance.js";
|
|
39
|
+
export { getMetrics, type GovernanceMetrics } from "./metrics.js";
|
|
37
40
|
/**
|
|
38
41
|
* Plugin registration function.
|
|
39
42
|
*
|
|
40
43
|
* Called by OpenClaw when the plugin is loaded. Reads configuration,
|
|
41
|
-
* creates the AxonFlow client,
|
|
42
|
-
*
|
|
43
|
-
* Compatible with OpenClaw's `definePluginEntry` or direct registration:
|
|
44
|
-
*
|
|
45
|
-
* // With definePluginEntry:
|
|
46
|
-
* export default definePluginEntry({
|
|
47
|
-
* id: "axonflow-governance",
|
|
48
|
-
* register: registerAxonFlowGovernance,
|
|
49
|
-
* });
|
|
50
|
-
*
|
|
51
|
-
* // Or direct:
|
|
52
|
-
* api.registerHook("before_tool_call", handler);
|
|
44
|
+
* creates the AxonFlow client, verifies connectivity, registers five
|
|
45
|
+
* governance/audit hooks, and sends a telemetry ping.
|
|
53
46
|
*/
|
|
54
47
|
export declare function registerAxonFlowGovernance(api: {
|
|
55
48
|
pluginConfig?: Record<string, unknown>;
|
|
56
49
|
logger: {
|
|
57
50
|
info: (msg: string) => void;
|
|
58
51
|
error: (msg: string) => void;
|
|
52
|
+
warn?: (msg: string) => void;
|
|
59
53
|
};
|
|
60
54
|
on: (hookName: string, handler: (...args: any[]) => any, opts?: {
|
|
61
55
|
priority?: number;
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAWH,mDAAmD;AACnD,eAAO,MAAM,OAAO,UAAU,CAAC;AAG/B,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,YAAY,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC9D,OAAO,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,EAAE,UAAU,EAAE,KAAK,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAElE;;;;;;GAMG;AACH,wBAAgB,0BAA0B,CAAC,GAAG,EAAE;IAC9C,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,MAAM,EAAE;QAAE,IAAI,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;QAAC,KAAK,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;QAAC,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;KAAE,CAAC;IACpG,EAAE,EAAE,CACF,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,GAAG,EAChC,IAAI,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,KACzB,IAAI,CAAC;CACX,GAAG,IAAI,CAwDP;AAED;;;;;;GAMG;;;;;;;AACH,wBAKE"}
|
package/dist/index.js
CHANGED
|
@@ -36,32 +36,46 @@ import { createBeforeToolCallHandler } from "./governance.js";
|
|
|
36
36
|
import { createAfterToolCallHandler } from "./audit.js";
|
|
37
37
|
import { createMessageSendingHandler } from "./message-guard.js";
|
|
38
38
|
import { createLlmInputHandler, createLlmOutputHandler } from "./llm-audit.js";
|
|
39
|
+
import { sendTelemetryPing } from "./telemetry.js";
|
|
40
|
+
import { resetMetrics } from "./metrics.js";
|
|
41
|
+
/** Plugin version — update before each release. */
|
|
42
|
+
export const VERSION = "0.2.0";
|
|
39
43
|
// Re-export for external consumers
|
|
40
44
|
export { AxonFlowClient } from "./axonflow-client.js";
|
|
41
45
|
export { resolveConfig, shouldGovernTool } from "./config.js";
|
|
42
46
|
export { deriveConnectorType } from "./governance.js";
|
|
47
|
+
export { getMetrics } from "./metrics.js";
|
|
43
48
|
/**
|
|
44
49
|
* Plugin registration function.
|
|
45
50
|
*
|
|
46
51
|
* Called by OpenClaw when the plugin is loaded. Reads configuration,
|
|
47
|
-
* creates the AxonFlow client,
|
|
48
|
-
*
|
|
49
|
-
* Compatible with OpenClaw's `definePluginEntry` or direct registration:
|
|
50
|
-
*
|
|
51
|
-
* // With definePluginEntry:
|
|
52
|
-
* export default definePluginEntry({
|
|
53
|
-
* id: "axonflow-governance",
|
|
54
|
-
* register: registerAxonFlowGovernance,
|
|
55
|
-
* });
|
|
56
|
-
*
|
|
57
|
-
* // Or direct:
|
|
58
|
-
* api.registerHook("before_tool_call", handler);
|
|
52
|
+
* creates the AxonFlow client, verifies connectivity, registers five
|
|
53
|
+
* governance/audit hooks, and sends a telemetry ping.
|
|
59
54
|
*/
|
|
60
55
|
export function registerAxonFlowGovernance(api) {
|
|
61
56
|
const config = resolveConfig(api.pluginConfig);
|
|
62
57
|
const client = new AxonFlowClient(config);
|
|
58
|
+
// Reset metrics on each registration (handles hot-reload)
|
|
59
|
+
resetMetrics();
|
|
63
60
|
api.logger.info(`AxonFlow governance active: endpoint=${config.endpoint}, ` +
|
|
64
61
|
`highRiskTools=[${(config.highRiskTools ?? []).join(",")}]`);
|
|
62
|
+
// Startup health check (fire-and-forget, non-blocking)
|
|
63
|
+
void client.healthCheck().then((healthy) => {
|
|
64
|
+
if (healthy) {
|
|
65
|
+
api.logger.info(`AxonFlow connected: ${config.endpoint}`);
|
|
66
|
+
}
|
|
67
|
+
else {
|
|
68
|
+
const msg = `AxonFlow health check failed: ${config.endpoint} is unreachable. Governance hooks will ${config.onError === "allow" ? "fail-open (allow through)" : "fail-closed (block)"}`;
|
|
69
|
+
if (api.logger.warn) {
|
|
70
|
+
api.logger.warn(msg);
|
|
71
|
+
}
|
|
72
|
+
else {
|
|
73
|
+
api.logger.error(msg);
|
|
74
|
+
}
|
|
75
|
+
}
|
|
76
|
+
}).catch(() => {
|
|
77
|
+
// Silent — health check should never prevent plugin registration
|
|
78
|
+
});
|
|
65
79
|
// Hook 1: Input governance (before tool execution)
|
|
66
80
|
const beforeToolCall = createBeforeToolCallHandler(client, config);
|
|
67
81
|
api.on("before_tool_call", beforeToolCall, { priority: 10 });
|
|
@@ -77,6 +91,14 @@ export function registerAxonFlowGovernance(api) {
|
|
|
77
91
|
api.on("llm_input", llmInput, { priority: 90 });
|
|
78
92
|
const llmOutput = createLlmOutputHandler(client, config, llmCallState);
|
|
79
93
|
api.on("llm_output", llmOutput, { priority: 90 });
|
|
94
|
+
// Telemetry (fire-and-forget, respects DO_NOT_TRACK=1)
|
|
95
|
+
sendTelemetryPing({
|
|
96
|
+
endpoint: config.endpoint,
|
|
97
|
+
pluginVersion: VERSION,
|
|
98
|
+
hookCount: 5,
|
|
99
|
+
highRiskToolCount: (config.highRiskTools ?? []).length,
|
|
100
|
+
onError: config.onError ?? "block",
|
|
101
|
+
});
|
|
80
102
|
}
|
|
81
103
|
/**
|
|
82
104
|
* Default export for OpenClaw plugin loader.
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,2BAA2B,EAAE,MAAM,iBAAiB,CAAC;AAC9D,OAAO,EAAE,0BAA0B,EAAE,MAAM,YAAY,CAAC;AACxD,OAAO,EAAE,2BAA2B,EAAE,MAAM,oBAAoB,CAAC;AACjE,OAAO,EAAE,qBAAqB,EAAE,sBAAsB,EAAE,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,2BAA2B,EAAE,MAAM,iBAAiB,CAAC;AAC9D,OAAO,EAAE,0BAA0B,EAAE,MAAM,YAAY,CAAC;AACxD,OAAO,EAAE,2BAA2B,EAAE,MAAM,oBAAoB,CAAC;AACjE,OAAO,EAAE,qBAAqB,EAAE,sBAAsB,EAAE,MAAM,gBAAgB,CAAC;AAC/E,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAE5C,mDAAmD;AACnD,MAAM,CAAC,MAAM,OAAO,GAAG,OAAO,CAAC;AAE/B,mCAAmC;AACnC,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAEtD,OAAO,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC9D,OAAO,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,EAAE,UAAU,EAA0B,MAAM,cAAc,CAAC;AAElE;;;;;;GAMG;AACH,MAAM,UAAU,0BAA0B,CAAC,GAQ1C;IACC,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAC/C,MAAM,MAAM,GAAG,IAAI,cAAc,CAAC,MAAM,CAAC,CAAC;IAE1C,0DAA0D;IAC1D,YAAY,EAAE,CAAC;IAEf,GAAG,CAAC,MAAM,CAAC,IAAI,CACb,wCAAwC,MAAM,CAAC,QAAQ,IAAI;QACzD,kBAAkB,CAAC,MAAM,CAAC,aAAa,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAC9D,CAAC;IAEF,uDAAuD;IACvD,KAAK,MAAM,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;QACzC,IAAI,OAAO,EAAE,CAAC;YACZ,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,uBAAuB,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC5D,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,GAAG,iCAAiC,MAAM,CAAC,QAAQ,0CAA0C,MAAM,CAAC,OAAO,KAAK,OAAO,CAAC,CAAC,CAAC,2BAA2B,CAAC,CAAC,CAAC,qBAAqB,EAAE,CAAC;YACzL,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;gBACpB,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACvB,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACxB,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;QACZ,iEAAiE;IACnE,CAAC,CAAC,CAAC;IAEH,mDAAmD;IACnD,MAAM,cAAc,GAAG,2BAA2B,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACnE,GAAG,CAAC,EAAE,CAAC,kBAAkB,EAAE,cAAc,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;IAE7D,+CAA+C;IAC/C,MAAM,aAAa,GAAG,0BAA0B,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjE,GAAG,CAAC,EAAE,CAAC,iBAAiB,EAAE,aAAa,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;IAE3D,oEAAoE;IACpE,MAAM,cAAc,GAAG,2BAA2B,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACnE,GAAG,CAAC,EAAE,CAAC,iBAAiB,EAAE,cAAc,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;IAE5D,+DAA+D;IAC/D,MAAM,YAAY,GAAG,IAAI,GAAG,EAAgF,CAAC;IAC7G,MAAM,QAAQ,GAAG,qBAAqB,CAAC,MAAM,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC;IACrE,GAAG,CAAC,EAAE,CAAC,WAAW,EAAE,QAAQ,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;IAEhD,MAAM,SAAS,GAAG,sBAAsB,CAAC,MAAM,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC;IACvE,GAAG,CAAC,EAAE,CAAC,YAAY,EAAE,SAAS,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;IAElD,uDAAuD;IACvD,iBAAiB,CAAC;QAChB,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,aAAa,EAAE,OAAO;QACtB,SAAS,EAAE,CAAC;QACZ,iBAAiB,EAAE,CAAC,MAAM,CAAC,aAAa,IAAI,EAAE,CAAC,CAAC,MAAM;QACtD,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,OAAO;KACnC,CAAC,CAAC;AACL,CAAC;AAED;;;;;;GAMG;AACH,eAAe;IACb,EAAE,EAAE,qBAAqB;IACzB,IAAI,EAAE,qBAAqB;IAC3B,WAAW,EAAE,sGAAsG;IACnH,QAAQ,EAAE,0BAA0B;CACrC,CAAC"}
|
package/dist/llm-audit.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"llm-audit.d.ts","sourceRoot":"","sources":["../src/llm-audit.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"llm-audit.d.ts","sourceRoot":"","sources":["../src/llm-audit.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAGxD,8DAA8D;AAC9D,UAAU,YAAY;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;;;;GAKG;AACH,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,cAAc,EACvB,OAAO,EAAE,oBAAoB,EAC7B,SAAS,EAAE,GAAG,CAAC,MAAM,EAAE,YAAY,CAAC,IAE5B,OAAO;IACb,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,EAAE,OAAO,EAAE,CAAC;IAC3B,WAAW,EAAE,MAAM,CAAC;CACrB,KAAG,IAAI,CAmBT;AAED;;;;;;GAMG;AACH,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,cAAc,EACtB,OAAO,EAAE,oBAAoB,EAC7B,SAAS,EAAE,GAAG,CAAC,MAAM,EAAE,YAAY,CAAC,IAEtB,OAAO;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,KAAK,CAAC,EAAE;QACN,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;CACH,KAAG,OAAO,CAAC,IAAI,CAAC,CAyBlB"}
|
package/dist/llm-audit.js
CHANGED
|
@@ -6,6 +6,7 @@
|
|
|
6
6
|
* observe-only (cannot block or modify), so they provide audit
|
|
7
7
|
* evidence, not governance.
|
|
8
8
|
*/
|
|
9
|
+
import { recordAuditEventSent } from "./metrics.js";
|
|
9
10
|
/**
|
|
10
11
|
* Create the llm_input hook handler.
|
|
11
12
|
*
|
|
@@ -51,6 +52,7 @@ export function createLlmOutputHandler(client, _config, callState) {
|
|
|
51
52
|
completion_tokens: event.usage?.output ?? 0,
|
|
52
53
|
total_tokens: event.usage?.total ?? 0,
|
|
53
54
|
}, latencyMs);
|
|
55
|
+
recordAuditEventSent();
|
|
54
56
|
}
|
|
55
57
|
catch {
|
|
56
58
|
// Audit failures are non-fatal
|
package/dist/llm-audit.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"llm-audit.js","sourceRoot":"","sources":["../src/llm-audit.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;
|
|
1
|
+
{"version":3,"file":"llm-audit.js","sourceRoot":"","sources":["../src/llm-audit.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AAUpD;;;;;GAKG;AACH,MAAM,UAAU,qBAAqB,CACnC,OAAuB,EACvB,OAA6B,EAC7B,SAAoC;IAEpC,OAAO,CAAC,KASP,EAAQ,EAAE;QACT,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,EAAE;YACzB,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;YAClC,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE;SACpB,CAAC,CAAC;QAEH,gEAAgE;QAChE,oEAAoE;QACpE,4CAA4C;QAC5C,MAAM,UAAU,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;QACjC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,SAAS,EAAE,CAAC;YACnC,IAAI,GAAG,GAAG,GAAG,CAAC,OAAO,GAAG,UAAU,EAAE,CAAC;gBACnC,SAAS,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACxB,CAAC;QACH,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,sBAAsB,CACpC,MAAsB,EACtB,OAA6B,EAC7B,SAAoC;IAEpC,OAAO,KAAK,EAAE,KAYb,EAAiB,EAAE;QAClB,MAAM,UAAU,GAAG,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAC9C,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAE9B,MAAM,eAAe,GAAG,KAAK,CAAC,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QACrE,MAAM,SAAS,GAAG,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;QAEnE,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,YAAY,CACvB,UAAU,EAAE,QAAQ,IAAI,KAAK,CAAC,QAAQ,EACtC,UAAU,EAAE,KAAK,IAAI,KAAK,CAAC,KAAK,EAChC,UAAU,EAAE,MAAM,IAAI,EAAE,EACxB,eAAe,EACf;gBACE,aAAa,EAAE,KAAK,CAAC,KAAK,EAAE,KAAK,IAAI,CAAC;gBACtC,iBAAiB,EAAE,KAAK,CAAC,KAAK,EAAE,MAAM,IAAI,CAAC;gBAC3C,YAAY,EAAE,KAAK,CAAC,KAAK,EAAE,KAAK,IAAI,CAAC;aACtC,EACD,SAAS,CACV,CAAC;YACF,oBAAoB,EAAE,CAAC;QACzB,CAAC;QAAC,MAAM,CAAC;YACP,+BAA+B;QACjC,CAAC;IACH,CAAC,CAAC;AACJ,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"message-guard.d.ts","sourceRoot":"","sources":["../src/message-guard.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"message-guard.d.ts","sourceRoot":"","sources":["../src/message-guard.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAQxD;;;;;;GAMG;AACH,wBAAgB,2BAA2B,CACzC,MAAM,EAAE,cAAc,EACtB,MAAM,EAAE,oBAAoB,IAEd,OAAO;IACnB,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC,KAAG,OAAO,CAAC;IAAE,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,MAAM,CAAC,EAAE,OAAO,CAAA;CAAE,GAAG,SAAS,CAAC,CAyChE"}
|
package/dist/message-guard.js
CHANGED
|
@@ -5,6 +5,7 @@
|
|
|
5
5
|
* Discord, Slack, WhatsApp). Can cancel messages containing PII/secrets
|
|
6
6
|
* or redact sensitive content.
|
|
7
7
|
*/
|
|
8
|
+
import { recordMessageScanned, recordMessageCancelled, recordMessageRedacted, recordGovernanceError, } from "./metrics.js";
|
|
8
9
|
/**
|
|
9
10
|
* Create the message_sending hook handler.
|
|
10
11
|
*
|
|
@@ -17,23 +18,27 @@ export function createMessageSendingHandler(client, config) {
|
|
|
17
18
|
if (!event.content) {
|
|
18
19
|
return undefined;
|
|
19
20
|
}
|
|
21
|
+
recordMessageScanned();
|
|
20
22
|
let check;
|
|
21
23
|
try {
|
|
22
24
|
check = await client.mcpCheckOutput("openclaw.message_sending", event.content);
|
|
23
25
|
}
|
|
24
26
|
catch {
|
|
27
|
+
recordGovernanceError();
|
|
25
28
|
if (config.onError === "allow") {
|
|
26
29
|
return undefined; // Fail-open: allow message through ungoverned
|
|
27
30
|
}
|
|
28
|
-
|
|
31
|
+
recordMessageCancelled();
|
|
29
32
|
return { cancel: true };
|
|
30
33
|
}
|
|
31
34
|
if (!check.allowed) {
|
|
35
|
+
recordMessageCancelled();
|
|
32
36
|
return {
|
|
33
37
|
cancel: true,
|
|
34
38
|
};
|
|
35
39
|
}
|
|
36
40
|
if (check.redacted_data != null) {
|
|
41
|
+
recordMessageRedacted();
|
|
37
42
|
return {
|
|
38
43
|
content: typeof check.redacted_data === "string"
|
|
39
44
|
? check.redacted_data
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"message-guard.js","sourceRoot":"","sources":["../src/message-guard.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;
|
|
1
|
+
{"version":3,"file":"message-guard.js","sourceRoot":"","sources":["../src/message-guard.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,OAAO,EACL,oBAAoB,EACpB,sBAAsB,EACtB,qBAAqB,EACrB,qBAAqB,GACtB,MAAM,cAAc,CAAC;AAEtB;;;;;;GAMG;AACH,MAAM,UAAU,2BAA2B,CACzC,MAAsB,EACtB,MAA4B;IAE5B,OAAO,KAAK,EAAE,KAIb,EAA+D,EAAE;QAChE,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;YACnB,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,oBAAoB,EAAE,CAAC;QAEvB,IAAI,KAAK,CAAC;QACV,IAAI,CAAC;YACH,KAAK,GAAG,MAAM,MAAM,CAAC,cAAc,CACjC,0BAA0B,EAC1B,KAAK,CAAC,OAAO,CACd,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,qBAAqB,EAAE,CAAC;YACxB,IAAI,MAAM,CAAC,OAAO,KAAK,OAAO,EAAE,CAAC;gBAC/B,OAAO,SAAS,CAAC,CAAC,8CAA8C;YAClE,CAAC;YACD,sBAAsB,EAAE,CAAC;YACzB,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;QAC1B,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;YACnB,sBAAsB,EAAE,CAAC;YACzB,OAAO;gBACL,MAAM,EAAE,IAAI;aACb,CAAC;QACJ,CAAC;QAED,IAAI,KAAK,CAAC,aAAa,IAAI,IAAI,EAAE,CAAC;YAChC,qBAAqB,EAAE,CAAC;YACxB,OAAO;gBACL,OAAO,EACL,OAAO,KAAK,CAAC,aAAa,KAAK,QAAQ;oBACrC,CAAC,CAAC,KAAK,CAAC,aAAa;oBACrB,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,aAAa,CAAC;aAC1C,CAAC;QACJ,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* In-process governance metrics counter.
|
|
3
|
+
*
|
|
4
|
+
* Tracks tool calls blocked, allowed, approved, messages cancelled/redacted,
|
|
5
|
+
* and audit events since plugin initialization. Not persisted — resets on
|
|
6
|
+
* process restart. Accessible via getMetrics() for debugging and monitoring.
|
|
7
|
+
*/
|
|
8
|
+
export interface GovernanceMetrics {
|
|
9
|
+
/** Total tool calls evaluated by before_tool_call */
|
|
10
|
+
toolCallsEvaluated: number;
|
|
11
|
+
/** Tool calls blocked by policy */
|
|
12
|
+
toolCallsBlocked: number;
|
|
13
|
+
/** Tool calls that required approval (highRiskTools) */
|
|
14
|
+
toolCallsApprovalRequired: number;
|
|
15
|
+
/** Tool calls allowed through */
|
|
16
|
+
toolCallsAllowed: number;
|
|
17
|
+
/** Outbound messages scanned by message_sending */
|
|
18
|
+
messagesScanned: number;
|
|
19
|
+
/** Messages cancelled (blocked or AxonFlow unreachable with onError=block) */
|
|
20
|
+
messagesCancelled: number;
|
|
21
|
+
/** Messages redacted (PII/secrets found) */
|
|
22
|
+
messagesRedacted: number;
|
|
23
|
+
/** Audit events sent (after_tool_call + llm_output) */
|
|
24
|
+
auditEventsSent: number;
|
|
25
|
+
/** Errors during governance checks (AxonFlow unreachable, etc.) */
|
|
26
|
+
governanceErrors: number;
|
|
27
|
+
/** Plugin start timestamp */
|
|
28
|
+
startedAt: string;
|
|
29
|
+
}
|
|
30
|
+
export declare function recordToolCallEvaluated(): void;
|
|
31
|
+
export declare function recordToolCallBlocked(): void;
|
|
32
|
+
export declare function recordToolCallApprovalRequired(): void;
|
|
33
|
+
export declare function recordToolCallAllowed(): void;
|
|
34
|
+
export declare function recordMessageScanned(): void;
|
|
35
|
+
export declare function recordMessageCancelled(): void;
|
|
36
|
+
export declare function recordMessageRedacted(): void;
|
|
37
|
+
export declare function recordAuditEventSent(): void;
|
|
38
|
+
export declare function recordGovernanceError(): void;
|
|
39
|
+
/** Get a snapshot of current governance metrics. */
|
|
40
|
+
export declare function getMetrics(): Readonly<GovernanceMetrics>;
|
|
41
|
+
/** Reset all counters (for testing). */
|
|
42
|
+
export declare function resetMetrics(): void;
|
|
43
|
+
//# sourceMappingURL=metrics.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"metrics.d.ts","sourceRoot":"","sources":["../src/metrics.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,MAAM,WAAW,iBAAiB;IAChC,qDAAqD;IACrD,kBAAkB,EAAE,MAAM,CAAC;IAC3B,mCAAmC;IACnC,gBAAgB,EAAE,MAAM,CAAC;IACzB,wDAAwD;IACxD,yBAAyB,EAAE,MAAM,CAAC;IAClC,iCAAiC;IACjC,gBAAgB,EAAE,MAAM,CAAC;IACzB,mDAAmD;IACnD,eAAe,EAAE,MAAM,CAAC;IACxB,8EAA8E;IAC9E,iBAAiB,EAAE,MAAM,CAAC;IAC1B,4CAA4C;IAC5C,gBAAgB,EAAE,MAAM,CAAC;IACzB,uDAAuD;IACvD,eAAe,EAAE,MAAM,CAAC;IACxB,mEAAmE;IACnE,gBAAgB,EAAE,MAAM,CAAC;IACzB,6BAA6B;IAC7B,SAAS,EAAE,MAAM,CAAC;CACnB;AAmBD,wBAAgB,uBAAuB,IAAI,IAAI,CAE9C;AAED,wBAAgB,qBAAqB,IAAI,IAAI,CAE5C;AAED,wBAAgB,8BAA8B,IAAI,IAAI,CAErD;AAED,wBAAgB,qBAAqB,IAAI,IAAI,CAE5C;AAED,wBAAgB,oBAAoB,IAAI,IAAI,CAE3C;AAED,wBAAgB,sBAAsB,IAAI,IAAI,CAE7C;AAED,wBAAgB,qBAAqB,IAAI,IAAI,CAE5C;AAED,wBAAgB,oBAAoB,IAAI,IAAI,CAE3C;AAED,wBAAgB,qBAAqB,IAAI,IAAI,CAE5C;AAED,oDAAoD;AACpD,wBAAgB,UAAU,IAAI,QAAQ,CAAC,iBAAiB,CAAC,CAExD;AAED,wCAAwC;AACxC,wBAAgB,YAAY,IAAI,IAAI,CAEnC"}
|
package/dist/metrics.js
ADDED
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* In-process governance metrics counter.
|
|
3
|
+
*
|
|
4
|
+
* Tracks tool calls blocked, allowed, approved, messages cancelled/redacted,
|
|
5
|
+
* and audit events since plugin initialization. Not persisted — resets on
|
|
6
|
+
* process restart. Accessible via getMetrics() for debugging and monitoring.
|
|
7
|
+
*/
|
|
8
|
+
let metrics = createFreshMetrics();
|
|
9
|
+
function createFreshMetrics() {
|
|
10
|
+
return {
|
|
11
|
+
toolCallsEvaluated: 0,
|
|
12
|
+
toolCallsBlocked: 0,
|
|
13
|
+
toolCallsApprovalRequired: 0,
|
|
14
|
+
toolCallsAllowed: 0,
|
|
15
|
+
messagesScanned: 0,
|
|
16
|
+
messagesCancelled: 0,
|
|
17
|
+
messagesRedacted: 0,
|
|
18
|
+
auditEventsSent: 0,
|
|
19
|
+
governanceErrors: 0,
|
|
20
|
+
startedAt: new Date().toISOString(),
|
|
21
|
+
};
|
|
22
|
+
}
|
|
23
|
+
export function recordToolCallEvaluated() {
|
|
24
|
+
metrics.toolCallsEvaluated++;
|
|
25
|
+
}
|
|
26
|
+
export function recordToolCallBlocked() {
|
|
27
|
+
metrics.toolCallsBlocked++;
|
|
28
|
+
}
|
|
29
|
+
export function recordToolCallApprovalRequired() {
|
|
30
|
+
metrics.toolCallsApprovalRequired++;
|
|
31
|
+
}
|
|
32
|
+
export function recordToolCallAllowed() {
|
|
33
|
+
metrics.toolCallsAllowed++;
|
|
34
|
+
}
|
|
35
|
+
export function recordMessageScanned() {
|
|
36
|
+
metrics.messagesScanned++;
|
|
37
|
+
}
|
|
38
|
+
export function recordMessageCancelled() {
|
|
39
|
+
metrics.messagesCancelled++;
|
|
40
|
+
}
|
|
41
|
+
export function recordMessageRedacted() {
|
|
42
|
+
metrics.messagesRedacted++;
|
|
43
|
+
}
|
|
44
|
+
export function recordAuditEventSent() {
|
|
45
|
+
metrics.auditEventsSent++;
|
|
46
|
+
}
|
|
47
|
+
export function recordGovernanceError() {
|
|
48
|
+
metrics.governanceErrors++;
|
|
49
|
+
}
|
|
50
|
+
/** Get a snapshot of current governance metrics. */
|
|
51
|
+
export function getMetrics() {
|
|
52
|
+
return { ...metrics };
|
|
53
|
+
}
|
|
54
|
+
/** Reset all counters (for testing). */
|
|
55
|
+
export function resetMetrics() {
|
|
56
|
+
metrics = createFreshMetrics();
|
|
57
|
+
}
|
|
58
|
+
//# sourceMappingURL=metrics.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"metrics.js","sourceRoot":"","sources":["../src/metrics.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAyBH,IAAI,OAAO,GAAsB,kBAAkB,EAAE,CAAC;AAEtD,SAAS,kBAAkB;IACzB,OAAO;QACL,kBAAkB,EAAE,CAAC;QACrB,gBAAgB,EAAE,CAAC;QACnB,yBAAyB,EAAE,CAAC;QAC5B,gBAAgB,EAAE,CAAC;QACnB,eAAe,EAAE,CAAC;QAClB,iBAAiB,EAAE,CAAC;QACpB,gBAAgB,EAAE,CAAC;QACnB,eAAe,EAAE,CAAC;QAClB,gBAAgB,EAAE,CAAC;QACnB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,uBAAuB;IACrC,OAAO,CAAC,kBAAkB,EAAE,CAAC;AAC/B,CAAC;AAED,MAAM,UAAU,qBAAqB;IACnC,OAAO,CAAC,gBAAgB,EAAE,CAAC;AAC7B,CAAC;AAED,MAAM,UAAU,8BAA8B;IAC5C,OAAO,CAAC,yBAAyB,EAAE,CAAC;AACtC,CAAC;AAED,MAAM,UAAU,qBAAqB;IACnC,OAAO,CAAC,gBAAgB,EAAE,CAAC;AAC7B,CAAC;AAED,MAAM,UAAU,oBAAoB;IAClC,OAAO,CAAC,eAAe,EAAE,CAAC;AAC5B,CAAC;AAED,MAAM,UAAU,sBAAsB;IACpC,OAAO,CAAC,iBAAiB,EAAE,CAAC;AAC9B,CAAC;AAED,MAAM,UAAU,qBAAqB;IACnC,OAAO,CAAC,gBAAgB,EAAE,CAAC;AAC7B,CAAC;AAED,MAAM,UAAU,oBAAoB;IAClC,OAAO,CAAC,eAAe,EAAE,CAAC;AAC5B,CAAC;AAED,MAAM,UAAU,qBAAqB;IACnC,OAAO,CAAC,gBAAgB,EAAE,CAAC;AAC7B,CAAC;AAED,oDAAoD;AACpD,MAAM,UAAU,UAAU;IACxB,OAAO,EAAE,GAAG,OAAO,EAAE,CAAC;AACxB,CAAC;AAED,wCAAwC;AACxC,MAAM,UAAU,YAAY;IAC1B,OAAO,GAAG,kBAAkB,EAAE,CAAC;AACjC,CAAC"}
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Anonymous usage telemetry for the OpenClaw plugin.
|
|
3
|
+
*
|
|
4
|
+
* Sends a single fire-and-forget ping on plugin initialization to
|
|
5
|
+
* checkpoint.getaxonflow.com. Collects SDK version, platform info,
|
|
6
|
+
* and OpenClaw version. No PII, no tool arguments, no policy data.
|
|
7
|
+
*
|
|
8
|
+
* Opt out: DO_NOT_TRACK=1 or AXONFLOW_TELEMETRY=off
|
|
9
|
+
*/
|
|
10
|
+
export interface TelemetryPayload {
|
|
11
|
+
sdk: string;
|
|
12
|
+
sdk_version: string;
|
|
13
|
+
platform_version: string | null;
|
|
14
|
+
os: string;
|
|
15
|
+
arch: string;
|
|
16
|
+
runtime_version: string;
|
|
17
|
+
deployment_mode: string;
|
|
18
|
+
features: string[];
|
|
19
|
+
instance_id: string;
|
|
20
|
+
}
|
|
21
|
+
/**
|
|
22
|
+
* Send an anonymous telemetry ping on plugin initialization.
|
|
23
|
+
*
|
|
24
|
+
* Fire-and-forget: errors are silently swallowed, 3-second timeout
|
|
25
|
+
* prevents blocking. Never affects plugin behavior.
|
|
26
|
+
*/
|
|
27
|
+
export declare function sendTelemetryPing(options: {
|
|
28
|
+
endpoint: string;
|
|
29
|
+
pluginVersion: string;
|
|
30
|
+
hookCount: number;
|
|
31
|
+
highRiskToolCount: number;
|
|
32
|
+
onError: string;
|
|
33
|
+
}): void;
|
|
34
|
+
//# sourceMappingURL=telemetry.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"telemetry.d.ts","sourceRoot":"","sources":["../src/telemetry.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAkEH,MAAM,WAAW,gBAAgB;IAC/B,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,EAAE,MAAM,CAAC;IACpB,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,eAAe,EAAE,MAAM,CAAC;IACxB,eAAe,EAAE,MAAM,CAAC;IACxB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;CACrB;AA2BD;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE;IACzC,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,OAAO,EAAE,MAAM,CAAC;CACjB,GAAG,IAAI,CAkEP"}
|
|
@@ -0,0 +1,153 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Anonymous usage telemetry for the OpenClaw plugin.
|
|
3
|
+
*
|
|
4
|
+
* Sends a single fire-and-forget ping on plugin initialization to
|
|
5
|
+
* checkpoint.getaxonflow.com. Collects SDK version, platform info,
|
|
6
|
+
* and OpenClaw version. No PII, no tool arguments, no policy data.
|
|
7
|
+
*
|
|
8
|
+
* Opt out: DO_NOT_TRACK=1 or AXONFLOW_TELEMETRY=off
|
|
9
|
+
*/
|
|
10
|
+
const CHECKPOINT_URL = "https://checkpoint.getaxonflow.com/v1/ping";
|
|
11
|
+
const TELEMETRY_TIMEOUT_MS = 3000;
|
|
12
|
+
function generateInstanceId() {
|
|
13
|
+
try {
|
|
14
|
+
if (typeof crypto !== "undefined" &&
|
|
15
|
+
typeof crypto.randomUUID === "function") {
|
|
16
|
+
return crypto.randomUUID();
|
|
17
|
+
}
|
|
18
|
+
}
|
|
19
|
+
catch {
|
|
20
|
+
// Fall through to fallback
|
|
21
|
+
}
|
|
22
|
+
return "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx".replace(/[xy]/g, (c) => {
|
|
23
|
+
const r = (Math.random() * 16) | 0;
|
|
24
|
+
const v = c === "x" ? r : (r & 0x3) | 0x8;
|
|
25
|
+
return v.toString(16);
|
|
26
|
+
});
|
|
27
|
+
}
|
|
28
|
+
function isOptedOut() {
|
|
29
|
+
if (typeof process === "undefined" || !process.env) {
|
|
30
|
+
return false;
|
|
31
|
+
}
|
|
32
|
+
if (process.env.DO_NOT_TRACK?.trim() === "1") {
|
|
33
|
+
return true;
|
|
34
|
+
}
|
|
35
|
+
if (process.env.AXONFLOW_TELEMETRY?.trim().toLowerCase() === "off") {
|
|
36
|
+
return true;
|
|
37
|
+
}
|
|
38
|
+
return false;
|
|
39
|
+
}
|
|
40
|
+
/**
|
|
41
|
+
* Check whether the endpoint is a localhost/loopback address.
|
|
42
|
+
* Suppresses telemetry for local development only.
|
|
43
|
+
*/
|
|
44
|
+
function isLocalhostEndpoint(endpoint) {
|
|
45
|
+
try {
|
|
46
|
+
const url = new URL(endpoint);
|
|
47
|
+
const host = url.hostname;
|
|
48
|
+
return (host === "localhost" ||
|
|
49
|
+
host === "127.0.0.1" ||
|
|
50
|
+
host === "[::1]" ||
|
|
51
|
+
host === "::1");
|
|
52
|
+
}
|
|
53
|
+
catch {
|
|
54
|
+
return false;
|
|
55
|
+
}
|
|
56
|
+
}
|
|
57
|
+
function resolveCheckpointUrl() {
|
|
58
|
+
if (typeof process !== "undefined" &&
|
|
59
|
+
process.env &&
|
|
60
|
+
process.env.AXONFLOW_CHECKPOINT_URL) {
|
|
61
|
+
return process.env.AXONFLOW_CHECKPOINT_URL;
|
|
62
|
+
}
|
|
63
|
+
return CHECKPOINT_URL;
|
|
64
|
+
}
|
|
65
|
+
/**
|
|
66
|
+
* Detect the AxonFlow platform version via /health endpoint.
|
|
67
|
+
*/
|
|
68
|
+
async function detectPlatformVersion(endpoint) {
|
|
69
|
+
const controller = new AbortController();
|
|
70
|
+
const timeoutId = setTimeout(() => controller.abort(), 2000);
|
|
71
|
+
try {
|
|
72
|
+
const resp = await fetch(`${endpoint}/health`, {
|
|
73
|
+
method: "GET",
|
|
74
|
+
signal: controller.signal,
|
|
75
|
+
});
|
|
76
|
+
clearTimeout(timeoutId);
|
|
77
|
+
if (!resp.ok)
|
|
78
|
+
return null;
|
|
79
|
+
const body = (await resp.json());
|
|
80
|
+
return typeof body.version === "string" && body.version
|
|
81
|
+
? body.version
|
|
82
|
+
: null;
|
|
83
|
+
}
|
|
84
|
+
catch {
|
|
85
|
+
clearTimeout(timeoutId);
|
|
86
|
+
return null;
|
|
87
|
+
}
|
|
88
|
+
}
|
|
89
|
+
/**
|
|
90
|
+
* Send an anonymous telemetry ping on plugin initialization.
|
|
91
|
+
*
|
|
92
|
+
* Fire-and-forget: errors are silently swallowed, 3-second timeout
|
|
93
|
+
* prevents blocking. Never affects plugin behavior.
|
|
94
|
+
*/
|
|
95
|
+
export function sendTelemetryPing(options) {
|
|
96
|
+
if (isOptedOut()) {
|
|
97
|
+
return;
|
|
98
|
+
}
|
|
99
|
+
// Suppress telemetry for localhost endpoints by default
|
|
100
|
+
if (isLocalhostEndpoint(options.endpoint)) {
|
|
101
|
+
return;
|
|
102
|
+
}
|
|
103
|
+
if (typeof console !== "undefined") {
|
|
104
|
+
console.log("[AxonFlow] Anonymous telemetry enabled. Opt out: AXONFLOW_TELEMETRY=off | https://docs.getaxonflow.com/docs/telemetry");
|
|
105
|
+
}
|
|
106
|
+
const checkpointUrl = resolveCheckpointUrl();
|
|
107
|
+
const payload = {
|
|
108
|
+
sdk: "openclaw-plugin",
|
|
109
|
+
sdk_version: options.pluginVersion,
|
|
110
|
+
platform_version: null,
|
|
111
|
+
os: typeof process !== "undefined" ? process.platform : "unknown",
|
|
112
|
+
arch: typeof process !== "undefined" ? process.arch : "unknown",
|
|
113
|
+
runtime_version: typeof process !== "undefined"
|
|
114
|
+
? process.version.replace(/^v/, "")
|
|
115
|
+
: "unknown",
|
|
116
|
+
deployment_mode: options.onError === "block" ? "production" : "development",
|
|
117
|
+
features: [
|
|
118
|
+
`hooks:${options.hookCount}`,
|
|
119
|
+
`high_risk_tools:${options.highRiskToolCount}`,
|
|
120
|
+
`on_error:${options.onError}`,
|
|
121
|
+
],
|
|
122
|
+
instance_id: generateInstanceId(),
|
|
123
|
+
};
|
|
124
|
+
try {
|
|
125
|
+
void (async () => {
|
|
126
|
+
try {
|
|
127
|
+
payload.platform_version = await detectPlatformVersion(options.endpoint);
|
|
128
|
+
}
|
|
129
|
+
catch {
|
|
130
|
+
// Silent — platform version remains null
|
|
131
|
+
}
|
|
132
|
+
const controller = new AbortController();
|
|
133
|
+
const timeoutId = setTimeout(() => controller.abort(), TELEMETRY_TIMEOUT_MS);
|
|
134
|
+
try {
|
|
135
|
+
await fetch(checkpointUrl, {
|
|
136
|
+
method: "POST",
|
|
137
|
+
headers: { "Content-Type": "application/json" },
|
|
138
|
+
body: JSON.stringify(payload),
|
|
139
|
+
signal: controller.signal,
|
|
140
|
+
});
|
|
141
|
+
}
|
|
142
|
+
finally {
|
|
143
|
+
clearTimeout(timeoutId);
|
|
144
|
+
}
|
|
145
|
+
})().catch(() => {
|
|
146
|
+
// Silent failure — telemetry should never affect plugin behavior
|
|
147
|
+
});
|
|
148
|
+
}
|
|
149
|
+
catch {
|
|
150
|
+
// Silent failure
|
|
151
|
+
}
|
|
152
|
+
}
|
|
153
|
+
//# sourceMappingURL=telemetry.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"telemetry.js","sourceRoot":"","sources":["../src/telemetry.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,MAAM,cAAc,GAAG,4CAA4C,CAAC;AACpE,MAAM,oBAAoB,GAAG,IAAI,CAAC;AAElC,SAAS,kBAAkB;IACzB,IAAI,CAAC;QACH,IACE,OAAO,MAAM,KAAK,WAAW;YAC7B,OAAO,MAAM,CAAC,UAAU,KAAK,UAAU,EACvC,CAAC;YACD,OAAO,MAAM,CAAC,UAAU,EAAE,CAAC;QAC7B,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,2BAA2B;IAC7B,CAAC;IACD,OAAO,sCAAsC,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE;QACnE,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;QACnC,MAAM,CAAC,GAAG,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC;QAC1C,OAAO,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IACxB,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,UAAU;IACjB,IAAI,OAAO,OAAO,KAAK,WAAW,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;QACnD,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;QAC7C,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,OAAO,CAAC,GAAG,CAAC,kBAAkB,EAAE,IAAI,EAAE,CAAC,WAAW,EAAE,KAAK,KAAK,EAAE,CAAC;QACnE,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,SAAS,mBAAmB,CAAC,QAAgB;IAC3C,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC9B,MAAM,IAAI,GAAG,GAAG,CAAC,QAAQ,CAAC;QAC1B,OAAO,CACL,IAAI,KAAK,WAAW;YACpB,IAAI,KAAK,WAAW;YACpB,IAAI,KAAK,OAAO;YAChB,IAAI,KAAK,KAAK,CACf,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB;IAC3B,IACE,OAAO,OAAO,KAAK,WAAW;QAC9B,OAAO,CAAC,GAAG;QACX,OAAO,CAAC,GAAG,CAAC,uBAAuB,EACnC,CAAC;QACD,OAAO,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;IAC7C,CAAC;IACD,OAAO,cAAc,CAAC;AACxB,CAAC;AAcD;;GAEG;AACH,KAAK,UAAU,qBAAqB,CAClC,QAAgB;IAEhB,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,CAAC;IAC7D,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,GAAG,QAAQ,SAAS,EAAE;YAC7C,MAAM,EAAE,KAAK;YACb,MAAM,EAAE,UAAU,CAAC,MAAM;SAC1B,CAAC,CAAC;QACH,YAAY,CAAC,SAAS,CAAC,CAAC;QACxB,IAAI,CAAC,IAAI,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC;QAC1B,MAAM,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,EAAE,CAA4B,CAAC;QAC5D,OAAO,OAAO,IAAI,CAAC,OAAO,KAAK,QAAQ,IAAI,IAAI,CAAC,OAAO;YACrD,CAAC,CAAC,IAAI,CAAC,OAAO;YACd,CAAC,CAAC,IAAI,CAAC;IACX,CAAC;IAAC,MAAM,CAAC;QACP,YAAY,CAAC,SAAS,CAAC,CAAC;QACxB,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAMjC;IACC,IAAI,UAAU,EAAE,EAAE,CAAC;QACjB,OAAO;IACT,CAAC;IAED,wDAAwD;IACxD,IAAI,mBAAmB,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1C,OAAO;IACT,CAAC;IAED,IAAI,OAAO,OAAO,KAAK,WAAW,EAAE,CAAC;QACnC,OAAO,CAAC,GAAG,CACT,uHAAuH,CACxH,CAAC;IACJ,CAAC;IAED,MAAM,aAAa,GAAG,oBAAoB,EAAE,CAAC;IAE7C,MAAM,OAAO,GAAqB;QAChC,GAAG,EAAE,iBAAiB;QACtB,WAAW,EAAE,OAAO,CAAC,aAAa;QAClC,gBAAgB,EAAE,IAAI;QACtB,EAAE,EAAE,OAAO,OAAO,KAAK,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;QACjE,IAAI,EAAE,OAAO,OAAO,KAAK,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;QAC/D,eAAe,EACb,OAAO,OAAO,KAAK,WAAW;YAC5B,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;YACnC,CAAC,CAAC,SAAS;QACf,eAAe,EAAE,OAAO,CAAC,OAAO,KAAK,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,aAAa;QAC3E,QAAQ,EAAE;YACR,SAAS,OAAO,CAAC,SAAS,EAAE;YAC5B,mBAAmB,OAAO,CAAC,iBAAiB,EAAE;YAC9C,YAAY,OAAO,CAAC,OAAO,EAAE;SAC9B;QACD,WAAW,EAAE,kBAAkB,EAAE;KAClC,CAAC;IAEF,IAAI,CAAC;QACH,KAAK,CAAC,KAAK,IAAI,EAAE;YACf,IAAI,CAAC;gBACH,OAAO,CAAC,gBAAgB,GAAG,MAAM,qBAAqB,CACpD,OAAO,CAAC,QAAQ,CACjB,CAAC;YACJ,CAAC;YAAC,MAAM,CAAC;gBACP,yCAAyC;YAC3C,CAAC;YAED,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;YACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,oBAAoB,CAAC,CAAC;YAE7E,IAAI,CAAC;gBACH,MAAM,KAAK,CAAC,aAAa,EAAE;oBACzB,MAAM,EAAE,MAAM;oBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;oBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;oBAC7B,MAAM,EAAE,UAAU,CAAC,MAAM;iBAC1B,CAAC,CAAC;YACL,CAAC;oBAAS,CAAC;gBACT,YAAY,CAAC,SAAS,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE;YACd,iEAAiE;QACnE,CAAC,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,iBAAiB;IACnB,CAAC;AACH,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@axonflow/openclaw",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.2.0",
|
|
4
4
|
"description": "Policy enforcement, approval gates, and audit trails for OpenClaw — govern tool inputs before execution, scan outbound messages for PII/secrets, and record agent activity for review and compliance",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/index.js",
|
|
@@ -74,7 +74,8 @@
|
|
|
74
74
|
"typescript-eslint": "^8.58.0"
|
|
75
75
|
},
|
|
76
76
|
"publishConfig": {
|
|
77
|
-
"access": "public"
|
|
77
|
+
"access": "public",
|
|
78
|
+
"provenance": true
|
|
78
79
|
},
|
|
79
80
|
"peerDependenciesMeta": {
|
|
80
81
|
"@axonflow/sdk": {
|