@axonflow/openclaw 1.0.0 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +29 -1
- package/README.md +26 -11
- package/dist/axonflow-client.d.ts +2 -0
- package/dist/axonflow-client.d.ts.map +1 -1
- package/dist/axonflow-client.js +21 -6
- package/dist/axonflow-client.js.map +1 -1
- package/dist/config.d.ts +6 -0
- package/dist/config.d.ts.map +1 -1
- package/dist/config.js +5 -0
- package/dist/config.js.map +1 -1
- package/dist/governance.d.ts +14 -0
- package/dist/governance.d.ts.map +1 -1
- package/dist/governance.js +48 -2
- package/dist/governance.js.map +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.js +1 -1
- package/dist/telemetry.d.ts.map +1 -1
- package/dist/telemetry.js +1 -22
- package/dist/telemetry.js.map +1 -1
- package/openclaw.plugin.json +10 -0
- package/package.json +2 -2
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,33 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## [1.2.0] - 2026-04-09
|
|
4
|
+
|
|
5
|
+
### Changed
|
|
6
|
+
|
|
7
|
+
- **Smart error classification in governance hooks (issue #1545 Direction 3).** `before_tool_call` now distinguishes network/transport errors (timeouts, DNS failures, connection refused, HTTP 5xx) from auth/config errors (HTTP 401/403, invalid credentials, invalid tokens). **Network errors always fail-open** regardless of `config.onError` — transient infrastructure issues should never block legitimate dev workflows. **Auth errors respect `config.onError`** which defaults to `block` so misconfigured credentials are caught at the first tool call. This replaces the previous all-or-nothing `onError` behavior.
|
|
8
|
+
|
|
9
|
+
### Added
|
|
10
|
+
|
|
11
|
+
- **`isAxonFlowAuthError(err)` exported helper** classifies thrown errors from the AxonFlow client. Applications can use it to implement their own fail-open / fail-closed logic outside the built-in hook.
|
|
12
|
+
- 11 new unit tests cover the auth-vs-network classification on the governance hook path and the standalone classifier.
|
|
13
|
+
|
|
14
|
+
### Security
|
|
15
|
+
|
|
16
|
+
- Pinned all GitHub Actions in test and publish workflows to immutable commit SHAs to prevent supply chain attacks.
|
|
17
|
+
- Added Dependabot configuration for weekly GitHub Actions updates.
|
|
18
|
+
|
|
19
|
+
## [1.1.0] - 2026-04-06
|
|
20
|
+
|
|
21
|
+
### Added
|
|
22
|
+
|
|
23
|
+
- `requestTimeoutMs` plugin config for tuning AxonFlow HTTP request timeouts on remote or high-latency deployments.
|
|
24
|
+
- Plugin logo for marketplace and directory listings.
|
|
25
|
+
- `SECURITY.md` with plugin-specific vulnerability reporting guidance.
|
|
26
|
+
|
|
27
|
+
### Changed
|
|
28
|
+
|
|
29
|
+
- Anonymous telemetry is enabled by default for all endpoints, including localhost/self-hosted evaluation. Opt out with `DO_NOT_TRACK=1` or `AXONFLOW_TELEMETRY=off`.
|
|
30
|
+
|
|
3
31
|
## [1.0.0] - 2026-04-05
|
|
4
32
|
|
|
5
33
|
### BREAKING CHANGES
|
|
@@ -33,7 +61,7 @@
|
|
|
33
61
|
- Fail-open/fail-closed: `onError` config controls behavior when AxonFlow is unreachable.
|
|
34
62
|
- **Startup health check**: Verifies AxonFlow connectivity on plugin initialization. Logs a warning if unreachable, indicating whether the plugin will fail-open or fail-closed.
|
|
35
63
|
- **Governance metrics**: In-process counters for tool calls (evaluated, blocked, approved, allowed), messages (scanned, cancelled, redacted), audit events, and errors. Accessible via `getMetrics()` for debugging and monitoring.
|
|
36
|
-
- **Usage telemetry**: Anonymous checkpoint ping on initialization reporting SDK version, platform info, and hook configuration. Respects `DO_NOT_TRACK=1` and `AXONFLOW_TELEMETRY=off`.
|
|
64
|
+
- **Usage telemetry**: Anonymous checkpoint ping on initialization reporting SDK version, platform info, and hook configuration. Respects `DO_NOT_TRACK=1` and `AXONFLOW_TELEMETRY=off`.
|
|
37
65
|
- Starter policy documentation with SQL setup for OpenClaw production baseline.
|
|
38
66
|
|
|
39
67
|
### Not Yet Supported
|
package/README.md
CHANGED
|
@@ -58,10 +58,22 @@ See [Getting Started](https://docs.getaxonflow.com/docs/getting-started/) for fu
|
|
|
58
58
|
|
|
59
59
|
## Install
|
|
60
60
|
|
|
61
|
+
Available on [ClawHub](https://clawhub.ai/plugins/%40axonflow%2Fopenclaw) and [npm](https://www.npmjs.com/package/@axonflow/openclaw).
|
|
62
|
+
|
|
61
63
|
```bash
|
|
62
64
|
openclaw plugins install @axonflow/openclaw
|
|
63
65
|
```
|
|
64
66
|
|
|
67
|
+
Or via the ClawHub install path:
|
|
68
|
+
|
|
69
|
+
```bash
|
|
70
|
+
openclaw plugins install clawhub:@axonflow/openclaw
|
|
71
|
+
```
|
|
72
|
+
|
|
73
|
+
Either install path works; the ClawHub form is included for users browsing plugins there.
|
|
74
|
+
|
|
75
|
+
For the full integration walkthrough (architecture, hook coverage, policy examples, troubleshooting), see the [OpenClaw Integration Guide](https://docs.getaxonflow.com/docs/integration/openclaw/).
|
|
76
|
+
|
|
65
77
|
## Configure
|
|
66
78
|
|
|
67
79
|
In your OpenClaw config:
|
|
@@ -70,10 +82,12 @@ In your OpenClaw config:
|
|
|
70
82
|
plugins:
|
|
71
83
|
@axonflow/openclaw:
|
|
72
84
|
endpoint: http://localhost:8080
|
|
73
|
-
#
|
|
74
|
-
#
|
|
75
|
-
#
|
|
76
|
-
#
|
|
85
|
+
# In community mode, clientId defaults to "community"
|
|
86
|
+
# and clientSecret can be left unset.
|
|
87
|
+
# Set both only for evaluation/enterprise credentials.
|
|
88
|
+
# clientId: your-client-id
|
|
89
|
+
# clientSecret: your-client-secret
|
|
90
|
+
# requestTimeoutMs: 8000
|
|
77
91
|
highRiskTools:
|
|
78
92
|
- web_fetch
|
|
79
93
|
- message
|
|
@@ -86,17 +100,18 @@ plugins:
|
|
|
86
100
|
| `endpoint` | Yes | — | AxonFlow agent gateway URL |
|
|
87
101
|
| `clientId` | No | `"community"` | Tenant identity for data isolation. Override for evaluation/enterprise. |
|
|
88
102
|
| `clientSecret` | No | `""` | License key for evaluation/enterprise features. Requires `clientId` to be set. |
|
|
103
|
+
| `highRiskTools` | No | `[]` | Tools that require human approval even when policy allows |
|
|
104
|
+
| `governedTools` | No | `[]` (all) | Tools to govern. Empty = all tools. |
|
|
105
|
+
| `excludedTools` | No | `[]` | Tools to exclude from governance |
|
|
106
|
+
| `defaultOperation` | No | `"execute"` | Operation type for mcp_check_input (`"execute"` or `"query"`) |
|
|
107
|
+
| `onError` | No | `"block"` | Behavior when AxonFlow is unreachable: `"block"` (fail-closed) or `"allow"` (fail-open) |
|
|
108
|
+
| `requestTimeoutMs` | No | `8000` | Timeout for policy checks, output scans, audit writes, and health checks. Increase for remote AxonFlow deployments. |
|
|
89
109
|
|
|
90
110
|
**Valid configurations:**
|
|
91
111
|
- Both omitted → community mode (`clientId` defaults to `"community"`)
|
|
92
112
|
- `clientId` only → community mode with custom tenant identity
|
|
93
113
|
- Both set → licensed mode (evaluation/enterprise)
|
|
94
114
|
- `clientSecret` only → **error** (licensed mode requires explicit tenant identity to prevent data going to the wrong tenant)
|
|
95
|
-
| `highRiskTools` | No | `[]` | Tools that require human approval even when policy allows |
|
|
96
|
-
| `governedTools` | No | `[]` (all) | Tools to govern. Empty = all tools. |
|
|
97
|
-
| `excludedTools` | No | `[]` | Tools to exclude from governance |
|
|
98
|
-
| `defaultOperation` | No | `"execute"` | Operation type for mcp_check_input (`"execute"` or `"query"`) |
|
|
99
|
-
| `onError` | No | `"block"` | Behavior when AxonFlow is unreachable: `"block"` (fail-closed) or `"allow"` (fail-open) |
|
|
100
115
|
|
|
101
116
|
## How It Works
|
|
102
117
|
|
|
@@ -151,13 +166,13 @@ Message delivered to user channel
|
|
|
151
166
|
|
|
152
167
|
## Telemetry
|
|
153
168
|
|
|
154
|
-
This plugin sends an anonymous telemetry ping on initialization to help us understand usage patterns. The ping includes: plugin version, platform info (OS, architecture, Node.js version), AxonFlow platform version, and hook configuration (count, onError mode). No PII, no tool arguments, no policy data.
|
|
169
|
+
This plugin sends an anonymous telemetry ping on initialization to help us understand usage patterns, including local and self-hosted evaluations. The ping includes: plugin version, platform info (OS, architecture, Node.js version), AxonFlow platform version, and hook configuration (count, onError mode). No PII, no tool arguments, no policy data.
|
|
155
170
|
|
|
156
171
|
Opt out:
|
|
157
172
|
- `DO_NOT_TRACK=1` (standard)
|
|
158
173
|
- `AXONFLOW_TELEMETRY=off`
|
|
159
174
|
|
|
160
|
-
|
|
175
|
+
The startup ping is enabled by default for local, self-hosted, and remote deployments. Opt-out controls always win.
|
|
161
176
|
|
|
162
177
|
## Starter Policies
|
|
163
178
|
|
|
@@ -19,8 +19,10 @@ export interface MCPCheckOutputResponse {
|
|
|
19
19
|
export declare class AxonFlowClient {
|
|
20
20
|
private readonly endpoint;
|
|
21
21
|
private readonly authHeader;
|
|
22
|
+
private readonly requestTimeoutMs;
|
|
22
23
|
constructor(config: AxonFlowPluginConfig);
|
|
23
24
|
private baseHeaders;
|
|
25
|
+
private fetchWithTimeout;
|
|
24
26
|
mcpCheckInput(connectorType: string, statement: string, operation?: string): Promise<MCPCheckInputResponse>;
|
|
25
27
|
mcpCheckOutput(connectorType: string, message: string): Promise<MCPCheckOutputResponse>;
|
|
26
28
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"axonflow-client.d.ts","sourceRoot":"","sources":["../src/axonflow-client.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAExD,MAAM,WAAW,qBAAqB;IACpC,OAAO,EAAE,OAAO,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,kBAAkB,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,sBAAsB;IACrC,OAAO,EAAE,OAAO,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,kBAAkB,EAAE,MAAM,CAAC;CAC5B;AAyBD,qBAAa,cAAc;IACzB,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;
|
|
1
|
+
{"version":3,"file":"axonflow-client.d.ts","sourceRoot":"","sources":["../src/axonflow-client.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAExD,MAAM,WAAW,qBAAqB;IACpC,OAAO,EAAE,OAAO,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,kBAAkB,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,sBAAsB;IACrC,OAAO,EAAE,OAAO,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,kBAAkB,EAAE,MAAM,CAAC;CAC5B;AAyBD,qBAAa,cAAc;IACzB,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAS;gBAC9B,MAAM,EAAE,oBAAoB;IAYxC,OAAO,CAAC,WAAW;YASL,gBAAgB;IAiBxB,aAAa,CACjB,aAAa,EAAE,MAAM,EACrB,SAAS,EAAE,MAAM,EACjB,SAAS,GAAE,MAAkB,GAC5B,OAAO,CAAC,qBAAqB,CAAC;IA2C3B,cAAc,CAClB,aAAa,EAAE,MAAM,EACrB,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,sBAAsB,CAAC;IA2ClC;;;OAGG;IACG,aAAa,CACjB,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,MAAM,CAAC,EAAE,OAAO,EAChB,KAAK,CAAC,EAAE,MAAM,EACd,UAAU,CAAC,EAAE,MAAM,GAClB,OAAO,CAAC,IAAI,CAAC;IAqBhB;;;;;;;OAOG;IACG,YAAY,CAChB,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,EACb,KAAK,EAAE,MAAM,EACb,eAAe,EAAE,MAAM,EACvB,UAAU,EAAE;QAAE,aAAa,EAAE,MAAM,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAA;KAAE,EACtF,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,IAAI,CAAC;IAoBhB;;;;;OAKG;IACG,iBAAiB,CAAC,OAAO,CAAC,EAAE;QAChC,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,GAAG,OAAO,CAAC;QAAE,OAAO,EAAE,OAAO,EAAE,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IA2B5D,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC;CAQtC"}
|
package/dist/axonflow-client.js
CHANGED
|
@@ -29,12 +29,14 @@ function extractPoliciesEvaluated(data) {
|
|
|
29
29
|
export class AxonFlowClient {
|
|
30
30
|
endpoint;
|
|
31
31
|
authHeader;
|
|
32
|
+
requestTimeoutMs;
|
|
32
33
|
constructor(config) {
|
|
33
34
|
// Strip trailing slashes without regex (avoids ReDoS on polynomial patterns)
|
|
34
35
|
let ep = config.endpoint;
|
|
35
36
|
while (ep.endsWith("/"))
|
|
36
37
|
ep = ep.slice(0, -1);
|
|
37
38
|
this.endpoint = ep;
|
|
39
|
+
this.requestTimeoutMs = config.requestTimeoutMs ?? 8000;
|
|
38
40
|
const credentials = Buffer.from(`${config.clientId}:${config.clientSecret}`).toString("base64");
|
|
39
41
|
this.authHeader = `Basic ${credentials}`;
|
|
40
42
|
}
|
|
@@ -46,9 +48,22 @@ export class AxonFlowClient {
|
|
|
46
48
|
Authorization: this.authHeader,
|
|
47
49
|
};
|
|
48
50
|
}
|
|
51
|
+
async fetchWithTimeout(url, init) {
|
|
52
|
+
const controller = new AbortController();
|
|
53
|
+
const timeoutId = setTimeout(() => controller.abort(), this.requestTimeoutMs);
|
|
54
|
+
try {
|
|
55
|
+
return await fetch(url, {
|
|
56
|
+
...init,
|
|
57
|
+
signal: controller.signal,
|
|
58
|
+
});
|
|
59
|
+
}
|
|
60
|
+
finally {
|
|
61
|
+
clearTimeout(timeoutId);
|
|
62
|
+
}
|
|
63
|
+
}
|
|
49
64
|
async mcpCheckInput(connectorType, statement, operation = "execute") {
|
|
50
65
|
const url = `${this.endpoint}/api/v1/mcp/check-input`;
|
|
51
|
-
const response = await
|
|
66
|
+
const response = await this.fetchWithTimeout(url, {
|
|
52
67
|
method: "POST",
|
|
53
68
|
headers: this.baseHeaders(),
|
|
54
69
|
body: JSON.stringify({
|
|
@@ -82,7 +97,7 @@ export class AxonFlowClient {
|
|
|
82
97
|
}
|
|
83
98
|
async mcpCheckOutput(connectorType, message) {
|
|
84
99
|
const url = `${this.endpoint}/api/v1/mcp/check-output`;
|
|
85
|
-
const response = await
|
|
100
|
+
const response = await this.fetchWithTimeout(url, {
|
|
86
101
|
method: "POST",
|
|
87
102
|
headers: this.baseHeaders(),
|
|
88
103
|
body: JSON.stringify({
|
|
@@ -121,7 +136,7 @@ export class AxonFlowClient {
|
|
|
121
136
|
async auditToolCall(toolName, params, result, error, durationMs) {
|
|
122
137
|
const url = `${this.endpoint}/api/v1/audit/tool-call`;
|
|
123
138
|
try {
|
|
124
|
-
await
|
|
139
|
+
await this.fetchWithTimeout(url, {
|
|
125
140
|
method: "POST",
|
|
126
141
|
headers: this.baseHeaders(),
|
|
127
142
|
body: JSON.stringify({
|
|
@@ -150,7 +165,7 @@ export class AxonFlowClient {
|
|
|
150
165
|
async auditLLMCall(provider, model, query, responseSummary, tokenUsage, latencyMs) {
|
|
151
166
|
const url = `${this.endpoint}/api/v1/audit/tool-call`;
|
|
152
167
|
try {
|
|
153
|
-
await
|
|
168
|
+
await this.fetchWithTimeout(url, {
|
|
154
169
|
method: "POST",
|
|
155
170
|
headers: this.baseHeaders(),
|
|
156
171
|
body: JSON.stringify({
|
|
@@ -184,7 +199,7 @@ export class AxonFlowClient {
|
|
|
184
199
|
...(options?.requestType && { request_type: options.requestType }),
|
|
185
200
|
};
|
|
186
201
|
try {
|
|
187
|
-
const response = await
|
|
202
|
+
const response = await this.fetchWithTimeout(url, {
|
|
188
203
|
method: "POST",
|
|
189
204
|
headers: this.baseHeaders(),
|
|
190
205
|
body: JSON.stringify(body),
|
|
@@ -200,7 +215,7 @@ export class AxonFlowClient {
|
|
|
200
215
|
}
|
|
201
216
|
async healthCheck() {
|
|
202
217
|
try {
|
|
203
|
-
const response = await
|
|
218
|
+
const response = await this.fetchWithTimeout(`${this.endpoint}/health`);
|
|
204
219
|
return response.ok;
|
|
205
220
|
}
|
|
206
221
|
catch {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"axonflow-client.js","sourceRoot":"","sources":["../src/axonflow-client.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAiBH;;;;;GAKG;AACH,SAAS,wBAAwB,CAAC,IAA6B;IAC7D,IAAI,OAAO,IAAI,CAAC,oBAAoB,CAAC,KAAK,QAAQ,EAAE,CAAC;QACnD,OAAO,IAAI,CAAC,oBAAoB,CAAC,CAAC;IACpC,CAAC;IACD,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,CAAC;IACvC,IAAI,OAAO,UAAU,KAAK,QAAQ,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;QAC1D,MAAM,EAAE,GAAG,UAAqC,CAAC;QACjD,IAAI,OAAO,EAAE,CAAC,oBAAoB,CAAC,KAAK,QAAQ,EAAE,CAAC;YACjD,OAAO,EAAE,CAAC,oBAAoB,CAAC,CAAC;QAClC,CAAC;QACD,IAAI,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,oBAAoB,CAAC,CAAC,EAAE,CAAC;YAC5C,OAAO,EAAE,CAAC,oBAAoB,CAAC,CAAC,MAAM,CAAC;QACzC,CAAC;IACH,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,MAAM,OAAO,cAAc;IACR,QAAQ,CAAS;IACjB,UAAU,CAAS;
|
|
1
|
+
{"version":3,"file":"axonflow-client.js","sourceRoot":"","sources":["../src/axonflow-client.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAiBH;;;;;GAKG;AACH,SAAS,wBAAwB,CAAC,IAA6B;IAC7D,IAAI,OAAO,IAAI,CAAC,oBAAoB,CAAC,KAAK,QAAQ,EAAE,CAAC;QACnD,OAAO,IAAI,CAAC,oBAAoB,CAAC,CAAC;IACpC,CAAC;IACD,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,CAAC;IACvC,IAAI,OAAO,UAAU,KAAK,QAAQ,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;QAC1D,MAAM,EAAE,GAAG,UAAqC,CAAC;QACjD,IAAI,OAAO,EAAE,CAAC,oBAAoB,CAAC,KAAK,QAAQ,EAAE,CAAC;YACjD,OAAO,EAAE,CAAC,oBAAoB,CAAC,CAAC;QAClC,CAAC;QACD,IAAI,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,oBAAoB,CAAC,CAAC,EAAE,CAAC;YAC5C,OAAO,EAAE,CAAC,oBAAoB,CAAC,CAAC,MAAM,CAAC;QACzC,CAAC;IACH,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,MAAM,OAAO,cAAc;IACR,QAAQ,CAAS;IACjB,UAAU,CAAS;IACnB,gBAAgB,CAAS;IAC1C,YAAY,MAA4B;QACtC,6EAA6E;QAC7E,IAAI,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC;QACzB,OAAO,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC;YAAE,EAAE,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC9C,IAAI,CAAC,QAAQ,GAAG,EAAE,CAAC;QACnB,IAAI,CAAC,gBAAgB,GAAG,MAAM,CAAC,gBAAgB,IAAI,IAAI,CAAC;QACxD,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAC7B,GAAG,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,YAAY,EAAE,CAC5C,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACrB,IAAI,CAAC,UAAU,GAAG,SAAS,WAAW,EAAE,CAAC;IAC3C,CAAC;IAEO,WAAW;QACjB,+EAA+E;QAC/E,wEAAwE;QACxE,OAAO;YACL,cAAc,EAAE,kBAAkB;YAClC,aAAa,EAAE,IAAI,CAAC,UAAU;SAC/B,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAC5B,GAAW,EACX,IAAkB;QAElB,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAE9E,IAAI,CAAC;YACH,OAAO,MAAM,KAAK,CAAC,GAAG,EAAE;gBACtB,GAAG,IAAI;gBACP,MAAM,EAAE,UAAU,CAAC,MAAM;aAC1B,CAAC,CAAC;QACL,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,SAAS,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,aAAqB,EACrB,SAAiB,EACjB,YAAoB,SAAS;QAE7B,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,QAAQ,yBAAyB,CAAC;QACtD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE;YAChD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,IAAI,CAAC,WAAW,EAAE;YAC3B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,cAAc,EAAE,aAAa;gBAC7B,SAAS;gBACT,SAAS;aACV,CAAC;SACH,CAAC,CAAC;QAEH,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA4B,CAAC;QAEhE,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,YAAY,EACV,OAAO,IAAI,CAAC,cAAc,CAAC,KAAK,QAAQ;oBACtC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC;oBACtB,CAAC,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,QAAQ;wBACjC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC;wBACf,CAAC,CAAC,mBAAmB;gBAC3B,kBAAkB,EAAE,wBAAwB,CAAC,IAAI,CAAC;aACnD,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CACb,gCAAgC,QAAQ,CAAC,MAAM,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAC5G,CAAC;QACJ,CAAC;QAED,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,IAAI;YACjC,YAAY,EACV,OAAO,IAAI,CAAC,cAAc,CAAC,KAAK,QAAQ;gBACtC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC;gBACtB,CAAC,CAAC,SAAS;YACf,kBAAkB,EAAE,wBAAwB,CAAC,IAAI,CAAC;SACnD,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,cAAc,CAClB,aAAqB,EACrB,OAAe;QAEf,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,QAAQ,0BAA0B,CAAC;QACvD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE;YAChD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,IAAI,CAAC,WAAW,EAAE;YAC3B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,cAAc,EAAE,aAAa;gBAC7B,OAAO;aACR,CAAC;SACH,CAAC,CAAC;QAEH,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA4B,CAAC;QAEhE,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,YAAY,EACV,OAAO,IAAI,CAAC,cAAc,CAAC,KAAK,QAAQ;oBACtC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC;oBACtB,CAAC,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,QAAQ;wBACjC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC;wBACf,CAAC,CAAC,mBAAmB;gBAC3B,kBAAkB,EAAE,wBAAwB,CAAC,IAAI,CAAC;aACnD,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CACb,iCAAiC,QAAQ,CAAC,MAAM,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAC7G,CAAC;QACJ,CAAC;QAED,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,IAAI;YACjC,YAAY,EACV,OAAO,IAAI,CAAC,cAAc,CAAC,KAAK,QAAQ;gBACtC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC;gBACtB,CAAC,CAAC,SAAS;YACf,aAAa,EAAE,IAAI,CAAC,eAAe,CAAC,IAAI,SAAS;YACjD,kBAAkB,EAAE,wBAAwB,CAAC,IAAI,CAAC;SACnD,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,aAAa,CACjB,QAAgB,EAChB,MAA+B,EAC/B,MAAgB,EAChB,KAAc,EACd,UAAmB;QAEnB,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,QAAQ,yBAAyB,CAAC;QACtD,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE;gBAC/B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,IAAI,CAAC,WAAW,EAAE;gBAC3B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,SAAS,EAAE,QAAQ;oBACnB,SAAS,EAAE,UAAU;oBACrB,KAAK,EAAE,MAAM;oBACb,MAAM,EAAE,MAAM,IAAI,IAAI,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS;oBACrF,OAAO,EAAE,KAAK,IAAI,IAAI;oBACtB,aAAa,EAAE,KAAK;oBACpB,WAAW,EAAE,UAAU;iBACxB,CAAC;aACH,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,+BAA+B;QACjC,CAAC;IACH,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,YAAY,CAChB,QAAgB,EAChB,KAAa,EACb,KAAa,EACb,eAAuB,EACvB,UAAsF,EACtF,SAAiB;QAEjB,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,QAAQ,yBAAyB,CAAC;QACtD,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE;gBAC/B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,IAAI,CAAC,WAAW,EAAE;gBAC3B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,SAAS,EAAE,GAAG,QAAQ,IAAI,KAAK,EAAE;oBACjC,SAAS,EAAE,UAAU;oBACrB,KAAK,EAAE,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;oBACrC,MAAM,EAAE,EAAE,gBAAgB,EAAE,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,WAAW,EAAE,UAAU,EAAE;oBACpF,OAAO,EAAE,IAAI;oBACb,WAAW,EAAE,SAAS;iBACvB,CAAC;aACH,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,+BAA+B;QACjC,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,iBAAiB,CAAC,OAKvB;QACC,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,QAAQ,sBAAsB,CAAC;QACnD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,UAAU,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAE5D,MAAM,IAAI,GAAG;YACX,UAAU,EAAE,OAAO,EAAE,SAAS,IAAI,UAAU,CAAC,WAAW,EAAE;YAC1D,QAAQ,EAAE,OAAO,EAAE,OAAO,IAAI,GAAG,CAAC,WAAW,EAAE;YAC/C,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,IAAI,EAAE,EAAE,GAAG,CAAC;YAC1C,GAAG,CAAC,OAAO,EAAE,WAAW,IAAI,EAAE,YAAY,EAAE,OAAO,CAAC,WAAW,EAAE,CAAC;SACnE,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE;gBAChD,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,IAAI,CAAC,WAAW,EAAE;gBAC3B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;aAC3B,CAAC,CAAC;YACH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,QAAQ,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC;YACrE,CAAC;YACD,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA0C,CAAC;QAC1E,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC;QAC5F,CAAC;IACH,CAAC;IAED,KAAK,CAAC,WAAW;QACf,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC,QAAQ,SAAS,CAAC,CAAC;YACxE,OAAO,QAAQ,CAAC,EAAE,CAAC;QACrB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF"}
|
package/dist/config.d.ts
CHANGED
|
@@ -39,6 +39,12 @@ export interface AxonFlowPluginConfig {
|
|
|
39
39
|
* Fail-closed is safer but can cascade AxonFlow failures to the agent.
|
|
40
40
|
*/
|
|
41
41
|
onError?: "block" | "allow";
|
|
42
|
+
/**
|
|
43
|
+
* Timeout for AxonFlow HTTP calls in milliseconds.
|
|
44
|
+
* Applies to policy checks, output scans, audit writes, and health checks.
|
|
45
|
+
* Defaults to 8000ms.
|
|
46
|
+
*/
|
|
47
|
+
requestTimeoutMs?: number;
|
|
42
48
|
}
|
|
43
49
|
/** Validate plugin config and return defaults. */
|
|
44
50
|
export declare function resolveConfig(raw: Record<string, unknown> | undefined): AxonFlowPluginConfig;
|
package/dist/config.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,WAAW,oBAAoB;IACnC,uEAAuE;IACvE,QAAQ,EAAE,MAAM,CAAC;IAEjB,sFAAsF;IACtF,QAAQ,EAAE,MAAM,CAAC;IAEjB,gFAAgF;IAChF,YAAY,EAAE,MAAM,CAAC;IAErB;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IAEzB;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IAEzB;;OAEG;IACH,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IAEzB;;;OAGG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAE1B;;;;;;;OAOG;IACH,OAAO,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC;
|
|
1
|
+
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,WAAW,oBAAoB;IACnC,uEAAuE;IACvE,QAAQ,EAAE,MAAM,CAAC;IAEjB,sFAAsF;IACtF,QAAQ,EAAE,MAAM,CAAC;IAEjB,gFAAgF;IAChF,YAAY,EAAE,MAAM,CAAC;IAErB;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IAEzB;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IAEzB;;OAEG;IACH,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IAEzB;;;OAGG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAE1B;;;;;;;OAOG;IACH,OAAO,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC;IAE5B;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED,kDAAkD;AAClD,wBAAgB,aAAa,CAC3B,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,SAAS,GACvC,oBAAoB,CAsDtB;AAED,0DAA0D;AAC1D,wBAAgB,gBAAgB,CAC9B,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,oBAAoB,GAC3B,OAAO,CAWT"}
|
package/dist/config.js
CHANGED
|
@@ -41,6 +41,11 @@ export function resolveConfig(raw) {
|
|
|
41
41
|
? raw["defaultOperation"]
|
|
42
42
|
: "execute",
|
|
43
43
|
onError: raw["onError"] === "allow" ? "allow" : "block",
|
|
44
|
+
requestTimeoutMs: typeof raw["requestTimeoutMs"] === "number" &&
|
|
45
|
+
Number.isFinite(raw["requestTimeoutMs"]) &&
|
|
46
|
+
raw["requestTimeoutMs"] > 0
|
|
47
|
+
? raw["requestTimeoutMs"]
|
|
48
|
+
: 8000,
|
|
44
49
|
};
|
|
45
50
|
}
|
|
46
51
|
/** Check if a tool should be governed based on config. */
|
package/dist/config.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;
|
|
1
|
+
{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAqDH,kDAAkD;AAClD,MAAM,UAAU,aAAa,CAC3B,GAAwC;IAExC,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CACb,kHAAkH,CACnH,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC;IACjC,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,CAAC,QAAQ,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CAAC,yEAAyE,CAAC,CAAC;IAC7F,CAAC;IAED,oEAAoE;IACpE,gEAAgE;IAChE,MAAM,WAAW,GAAG,OAAO,GAAG,CAAC,UAAU,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAC/E,MAAM,eAAe,GAAG,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAE3F,+EAA+E;IAC/E,IAAI,CAAC,WAAW,IAAI,eAAe,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CACb,sEAAsE;YACtE,oFAAoF,CACrF,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,WAAW,IAAI,WAAW,CAAC;IAC5C,MAAM,YAAY,GAAG,eAAe,CAAC;IAErC,OAAO;QACL,QAAQ;QACR,QAAQ;QACR,YAAY;QACZ,aAAa,EAAE,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;YAChD,CAAC,CAAE,GAAG,CAAC,eAAe,CAAc;YACpC,CAAC,CAAC,EAAE;QACN,aAAa,EAAE,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;YAChD,CAAC,CAAE,GAAG,CAAC,eAAe,CAAc;YACpC,CAAC,CAAC,EAAE;QACN,aAAa,EAAE,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;YAChD,CAAC,CAAE,GAAG,CAAC,eAAe,CAAc;YACpC,CAAC,CAAC,EAAE;QACN,gBAAgB,EACd,OAAO,GAAG,CAAC,kBAAkB,CAAC,KAAK,QAAQ;YACzC,CAAC,CAAC,GAAG,CAAC,kBAAkB,CAAC;YACzB,CAAC,CAAC,SAAS;QACf,OAAO,EACL,GAAG,CAAC,SAAS,CAAC,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO;QAChD,gBAAgB,EACd,OAAO,GAAG,CAAC,kBAAkB,CAAC,KAAK,QAAQ;YAC3C,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;YACxC,GAAG,CAAC,kBAAkB,CAAC,GAAG,CAAC;YACzB,CAAC,CAAC,GAAG,CAAC,kBAAkB,CAAC;YACzB,CAAC,CAAC,IAAI;KACX,CAAC;AACJ,CAAC;AAED,0DAA0D;AAC1D,MAAM,UAAU,gBAAgB,CAC9B,QAAgB,EAChB,MAA4B;IAE5B,iCAAiC;IACjC,IAAI,MAAM,CAAC,aAAa,IAAI,MAAM,CAAC,aAAa,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpE,OAAO,KAAK,CAAC;IACf,CAAC;IACD,yDAAyD;IACzD,IAAI,MAAM,CAAC,aAAa,IAAI,MAAM,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5D,OAAO,MAAM,CAAC,aAAa,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACjD,CAAC;IACD,4BAA4B;IAC5B,OAAO,IAAI,CAAC;AACd,CAAC"}
|
package/dist/governance.d.ts
CHANGED
|
@@ -21,6 +21,20 @@ export interface BeforeToolCallResult {
|
|
|
21
21
|
}
|
|
22
22
|
/** Derive connector_type from tool name for AxonFlow policy evaluation. */
|
|
23
23
|
export declare function deriveConnectorType(toolName: string): string;
|
|
24
|
+
/**
|
|
25
|
+
* Classify an error thrown by the AxonFlow client as an auth/config error
|
|
26
|
+
* vs a transient network / server-side error.
|
|
27
|
+
*
|
|
28
|
+
* Auth/config errors: HTTP 401, 403, or error messages containing "auth",
|
|
29
|
+
* "unauthorized", "forbidden", "credentials", or "token invalid".
|
|
30
|
+
*
|
|
31
|
+
* Network/server errors: everything else (timeouts, DNS failures, 5xx,
|
|
32
|
+
* connection refused, aborts).
|
|
33
|
+
*
|
|
34
|
+
* Used by the fail-open / fail-closed decision in the before_tool_call
|
|
35
|
+
* hook handler (issue #1545 Direction 3).
|
|
36
|
+
*/
|
|
37
|
+
export declare function isAxonFlowAuthError(err: unknown): boolean;
|
|
24
38
|
/**
|
|
25
39
|
* Create the before_tool_call hook handler.
|
|
26
40
|
*
|
package/dist/governance.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"governance.d.ts","sourceRoot":"","sources":["../src/governance.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAUxD,sEAAsE;AACtE,MAAM,WAAW,oBAAoB;IACnC,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,eAAe,CAAC,EAAE;QAChB,KAAK,EAAE,MAAM,CAAC;QACd,WAAW,EAAE,MAAM,CAAC;QACpB,QAAQ,CAAC,EAAE,MAAM,GAAG,SAAS,GAAG,UAAU,CAAC;QAC3C,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,eAAe,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC;KACpC,CAAC;CACH;AAED,2EAA2E;AAC3E,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAE5D;AAED;;;;;;;;;GASG;AACH,wBAAgB,2BAA2B,CACzC,MAAM,EAAE,cAAc,EACtB,MAAM,EAAE,oBAAoB,IAEd,OAAO;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAChC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,KAAG,OAAO,CAAC,oBAAoB,GAAG,SAAS,CAAC,
|
|
1
|
+
{"version":3,"file":"governance.d.ts","sourceRoot":"","sources":["../src/governance.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAUxD,sEAAsE;AACtE,MAAM,WAAW,oBAAoB;IACnC,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,eAAe,CAAC,EAAE;QAChB,KAAK,EAAE,MAAM,CAAC;QACd,WAAW,EAAE,MAAM,CAAC;QACpB,QAAQ,CAAC,EAAE,MAAM,GAAG,SAAS,GAAG,UAAU,CAAC;QAC3C,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,eAAe,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC;KACpC,CAAC;CACH;AAED,2EAA2E;AAC3E,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAE5D;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAuBzD;AAED;;;;;;;;;GASG;AACH,wBAAgB,2BAA2B,CACzC,MAAM,EAAE,cAAc,EACtB,MAAM,EAAE,oBAAoB,IAEd,OAAO;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAChC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,KAAG,OAAO,CAAC,oBAAoB,GAAG,SAAS,CAAC,CAwE9C"}
|
package/dist/governance.js
CHANGED
|
@@ -10,6 +10,39 @@ import { recordToolCallEvaluated, recordToolCallBlocked, recordToolCallApprovalR
|
|
|
10
10
|
export function deriveConnectorType(toolName) {
|
|
11
11
|
return `openclaw.${toolName}`;
|
|
12
12
|
}
|
|
13
|
+
/**
|
|
14
|
+
* Classify an error thrown by the AxonFlow client as an auth/config error
|
|
15
|
+
* vs a transient network / server-side error.
|
|
16
|
+
*
|
|
17
|
+
* Auth/config errors: HTTP 401, 403, or error messages containing "auth",
|
|
18
|
+
* "unauthorized", "forbidden", "credentials", or "token invalid".
|
|
19
|
+
*
|
|
20
|
+
* Network/server errors: everything else (timeouts, DNS failures, 5xx,
|
|
21
|
+
* connection refused, aborts).
|
|
22
|
+
*
|
|
23
|
+
* Used by the fail-open / fail-closed decision in the before_tool_call
|
|
24
|
+
* hook handler (issue #1545 Direction 3).
|
|
25
|
+
*/
|
|
26
|
+
export function isAxonFlowAuthError(err) {
|
|
27
|
+
if (!err || typeof err !== "object")
|
|
28
|
+
return false;
|
|
29
|
+
// Error objects with HTTP status (if the SDK exposes one)
|
|
30
|
+
const maybeStatus = err.status ??
|
|
31
|
+
err.statusCode;
|
|
32
|
+
if (maybeStatus === 401 || maybeStatus === 403)
|
|
33
|
+
return true;
|
|
34
|
+
const message = err instanceof Error
|
|
35
|
+
? err.message.toLowerCase()
|
|
36
|
+
: String(err).toLowerCase();
|
|
37
|
+
return (message.includes("401") ||
|
|
38
|
+
message.includes("403") ||
|
|
39
|
+
message.includes("unauthorized") ||
|
|
40
|
+
message.includes("forbidden") ||
|
|
41
|
+
message.includes("credentials") ||
|
|
42
|
+
(message.includes("auth") && !message.includes("auth server")) ||
|
|
43
|
+
message.includes("token invalid") ||
|
|
44
|
+
message.includes("invalid token"));
|
|
45
|
+
}
|
|
13
46
|
/**
|
|
14
47
|
* Create the before_tool_call hook handler.
|
|
15
48
|
*
|
|
@@ -34,14 +67,27 @@ export function createBeforeToolCallHandler(client, config) {
|
|
|
34
67
|
}
|
|
35
68
|
catch (err) {
|
|
36
69
|
recordGovernanceError();
|
|
70
|
+
// Issue #1545 Direction 3: classify the error to decide fail-open vs
|
|
71
|
+
// fail-closed. Network errors (timeout, DNS failure, connection
|
|
72
|
+
// refused, 5xx) always fail OPEN regardless of config.onError —
|
|
73
|
+
// transient infrastructure issues should never block legitimate dev
|
|
74
|
+
// workflows. Auth errors (401/403) respect config.onError, defaulting
|
|
75
|
+
// to fail-closed because they indicate a misconfiguration the
|
|
76
|
+
// operator can and should fix.
|
|
77
|
+
const isAuthError = isAxonFlowAuthError(err);
|
|
78
|
+
if (!isAuthError) {
|
|
79
|
+
recordToolCallAllowed();
|
|
80
|
+
return undefined; // Fail-open: transient network issue
|
|
81
|
+
}
|
|
82
|
+
// Auth error — respect config.onError (which defaults to "block").
|
|
37
83
|
if (config.onError === "allow") {
|
|
38
84
|
recordToolCallAllowed();
|
|
39
|
-
return undefined;
|
|
85
|
+
return undefined;
|
|
40
86
|
}
|
|
41
87
|
recordToolCallBlocked();
|
|
42
88
|
return {
|
|
43
89
|
block: true,
|
|
44
|
-
blockReason: `AxonFlow
|
|
90
|
+
blockReason: `AxonFlow auth error: ${err instanceof Error ? err.message : "unknown error"}. Fix configuration to restore tool access.`,
|
|
45
91
|
};
|
|
46
92
|
}
|
|
47
93
|
if (!check.allowed) {
|
package/dist/governance.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"governance.js","sourceRoot":"","sources":["../src/governance.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EACL,uBAAuB,EACvB,qBAAqB,EACrB,8BAA8B,EAC9B,qBAAqB,EACrB,qBAAqB,GACtB,MAAM,cAAc,CAAC;AAgBtB,2EAA2E;AAC3E,MAAM,UAAU,mBAAmB,CAAC,QAAgB;IAClD,OAAO,YAAY,QAAQ,EAAE,CAAC;AAChC,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,2BAA2B,CACzC,MAAsB,EACtB,MAA4B;IAE5B,OAAO,KAAK,EAAE,KAKb,EAA6C,EAAE;QAC9C,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,QAAQ,EAAE,MAAM,CAAC,EAAE,CAAC;YAC9C,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,uBAAuB,EAAE,CAAC;QAC1B,MAAM,aAAa,GAAG,mBAAmB,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QAC1D,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAE/C,IAAI,KAAK,CAAC;QACV,IAAI,CAAC;YACH,KAAK,GAAG,MAAM,MAAM,CAAC,aAAa,CAChC,aAAa,EACb,SAAS,EACT,MAAM,CAAC,gBAAgB,IAAI,SAAS,CACrC,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,qBAAqB,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"governance.js","sourceRoot":"","sources":["../src/governance.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EACL,uBAAuB,EACvB,qBAAqB,EACrB,8BAA8B,EAC9B,qBAAqB,EACrB,qBAAqB,GACtB,MAAM,cAAc,CAAC;AAgBtB,2EAA2E;AAC3E,MAAM,UAAU,mBAAmB,CAAC,QAAgB;IAClD,OAAO,YAAY,QAAQ,EAAE,CAAC;AAChC,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,mBAAmB,CAAC,GAAY;IAC9C,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAElD,0DAA0D;IAC1D,MAAM,WAAW,GACd,GAAgD,CAAC,MAAM;QACvD,GAAgD,CAAC,UAAU,CAAC;IAC/D,IAAI,WAAW,KAAK,GAAG,IAAI,WAAW,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IAE5D,MAAM,OAAO,GACX,GAAG,YAAY,KAAK;QAClB,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE;QAC3B,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;IAChC,OAAO,CACL,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC;QACvB,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC;QACvB,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC;QAChC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC;QAC7B,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC;QAC/B,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC9D,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC;QACjC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC,CAClC,CAAC;AACJ,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,2BAA2B,CACzC,MAAsB,EACtB,MAA4B;IAE5B,OAAO,KAAK,EAAE,KAKb,EAA6C,EAAE;QAC9C,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,QAAQ,EAAE,MAAM,CAAC,EAAE,CAAC;YAC9C,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,uBAAuB,EAAE,CAAC;QAC1B,MAAM,aAAa,GAAG,mBAAmB,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QAC1D,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAE/C,IAAI,KAAK,CAAC;QACV,IAAI,CAAC;YACH,KAAK,GAAG,MAAM,MAAM,CAAC,aAAa,CAChC,aAAa,EACb,SAAS,EACT,MAAM,CAAC,gBAAgB,IAAI,SAAS,CACrC,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,qBAAqB,EAAE,CAAC;YAExB,qEAAqE;YACrE,gEAAgE;YAChE,gEAAgE;YAChE,oEAAoE;YACpE,sEAAsE;YACtE,8DAA8D;YAC9D,+BAA+B;YAC/B,MAAM,WAAW,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC;YAC7C,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,qBAAqB,EAAE,CAAC;gBACxB,OAAO,SAAS,CAAC,CAAC,qCAAqC;YACzD,CAAC;YAED,mEAAmE;YACnE,IAAI,MAAM,CAAC,OAAO,KAAK,OAAO,EAAE,CAAC;gBAC/B,qBAAqB,EAAE,CAAC;gBACxB,OAAO,SAAS,CAAC;YACnB,CAAC;YACD,qBAAqB,EAAE,CAAC;YACxB,OAAO;gBACL,KAAK,EAAE,IAAI;gBACX,WAAW,EAAE,wBAAwB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,6CAA6C;aACvI,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;YACnB,qBAAqB,EAAE,CAAC;YACxB,OAAO;gBACL,KAAK,EAAE,IAAI;gBACX,WAAW,EAAE,KAAK,CAAC,YAAY,IAAI,4BAA4B;aAChE,CAAC;QACJ,CAAC;QAED,uDAAuD;QACvD,IACE,MAAM,CAAC,aAAa;YACpB,MAAM,CAAC,aAAa,CAAC,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,EAC7C,CAAC;YACD,8BAA8B,EAAE,CAAC;YACjC,OAAO;gBACL,eAAe,EAAE;oBACf,KAAK,EAAE,aAAa,KAAK,CAAC,QAAQ,oBAAoB;oBACtD,WAAW,EAAE,mCAAmC,KAAK,CAAC,kBAAkB,sBAAsB;oBAC9F,QAAQ,EAAE,SAAS;oBACnB,SAAS,EAAE,MAAM;oBACjB,eAAe,EAAE,MAAM;iBACxB;aACF,CAAC;QACJ,CAAC;QAED,qBAAqB,EAAE,CAAC;QACxB,OAAO,SAAS,CAAC;IACnB,CAAC,CAAC;AACJ,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -31,7 +31,7 @@
|
|
|
31
31
|
* for async hook support.
|
|
32
32
|
*/
|
|
33
33
|
/** Plugin version — update before each release. */
|
|
34
|
-
export declare const VERSION = "1.
|
|
34
|
+
export declare const VERSION = "1.2.0";
|
|
35
35
|
export { AxonFlowClient } from "./axonflow-client.js";
|
|
36
36
|
export type { AxonFlowPluginConfig } from "./config.js";
|
|
37
37
|
export { resolveConfig, shouldGovernTool } from "./config.js";
|
package/dist/index.js
CHANGED
|
@@ -39,7 +39,7 @@ import { createLlmInputHandler, createLlmOutputHandler } from "./llm-audit.js";
|
|
|
39
39
|
import { sendTelemetryPing } from "./telemetry.js";
|
|
40
40
|
import { resetMetrics } from "./metrics.js";
|
|
41
41
|
/** Plugin version — update before each release. */
|
|
42
|
-
export const VERSION = "1.
|
|
42
|
+
export const VERSION = "1.2.0";
|
|
43
43
|
// Re-export for external consumers
|
|
44
44
|
export { AxonFlowClient } from "./axonflow-client.js";
|
|
45
45
|
export { resolveConfig, shouldGovernTool } from "./config.js";
|
package/dist/telemetry.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"telemetry.d.ts","sourceRoot":"","sources":["../src/telemetry.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;
|
|
1
|
+
{"version":3,"file":"telemetry.d.ts","sourceRoot":"","sources":["../src/telemetry.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AA+CH,MAAM,WAAW,gBAAgB;IAC/B,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,EAAE,MAAM,CAAC;IACpB,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,eAAe,EAAE,MAAM,CAAC;IACxB,eAAe,EAAE,MAAM,CAAC;IACxB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;CACrB;AA2BD;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE;IACzC,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,OAAO,EAAE,MAAM,CAAC;CACjB,GAAG,IAAI,CA6DP"}
|
package/dist/telemetry.js
CHANGED
|
@@ -37,23 +37,6 @@ function isOptedOut() {
|
|
|
37
37
|
}
|
|
38
38
|
return false;
|
|
39
39
|
}
|
|
40
|
-
/**
|
|
41
|
-
* Check whether the endpoint is a localhost/loopback address.
|
|
42
|
-
* Suppresses telemetry for local development only.
|
|
43
|
-
*/
|
|
44
|
-
function isLocalhostEndpoint(endpoint) {
|
|
45
|
-
try {
|
|
46
|
-
const url = new URL(endpoint);
|
|
47
|
-
const host = url.hostname;
|
|
48
|
-
return (host === "localhost" ||
|
|
49
|
-
host === "127.0.0.1" ||
|
|
50
|
-
host === "[::1]" ||
|
|
51
|
-
host === "::1");
|
|
52
|
-
}
|
|
53
|
-
catch {
|
|
54
|
-
return false;
|
|
55
|
-
}
|
|
56
|
-
}
|
|
57
40
|
function resolveCheckpointUrl() {
|
|
58
41
|
if (typeof process !== "undefined" &&
|
|
59
42
|
process.env &&
|
|
@@ -96,12 +79,8 @@ export function sendTelemetryPing(options) {
|
|
|
96
79
|
if (isOptedOut()) {
|
|
97
80
|
return;
|
|
98
81
|
}
|
|
99
|
-
// Suppress telemetry for localhost endpoints by default
|
|
100
|
-
if (isLocalhostEndpoint(options.endpoint)) {
|
|
101
|
-
return;
|
|
102
|
-
}
|
|
103
82
|
if (typeof console !== "undefined") {
|
|
104
|
-
console.log("[AxonFlow] Anonymous telemetry enabled. Opt out: AXONFLOW_TELEMETRY=off | https://docs.getaxonflow.com/docs/telemetry");
|
|
83
|
+
console.log("[AxonFlow] Anonymous telemetry enabled for local and self-hosted use. Opt out: DO_NOT_TRACK=1 or AXONFLOW_TELEMETRY=off | https://docs.getaxonflow.com/docs/telemetry");
|
|
105
84
|
}
|
|
106
85
|
const checkpointUrl = resolveCheckpointUrl();
|
|
107
86
|
const payload = {
|
package/dist/telemetry.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"telemetry.js","sourceRoot":"","sources":["../src/telemetry.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,MAAM,cAAc,GAAG,4CAA4C,CAAC;AACpE,MAAM,oBAAoB,GAAG,IAAI,CAAC;AAElC,SAAS,kBAAkB;IACzB,IAAI,CAAC;QACH,IACE,OAAO,MAAM,KAAK,WAAW;YAC7B,OAAO,MAAM,CAAC,UAAU,KAAK,UAAU,EACvC,CAAC;YACD,OAAO,MAAM,CAAC,UAAU,EAAE,CAAC;QAC7B,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,2BAA2B;IAC7B,CAAC;IACD,OAAO,sCAAsC,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE;QACnE,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;QACnC,MAAM,CAAC,GAAG,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC;QAC1C,OAAO,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IACxB,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,UAAU;IACjB,IAAI,OAAO,OAAO,KAAK,WAAW,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;QACnD,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;QAC7C,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,OAAO,CAAC,GAAG,CAAC,kBAAkB,EAAE,IAAI,EAAE,CAAC,WAAW,EAAE,KAAK,KAAK,EAAE,CAAC;QACnE,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED
|
|
1
|
+
{"version":3,"file":"telemetry.js","sourceRoot":"","sources":["../src/telemetry.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,MAAM,cAAc,GAAG,4CAA4C,CAAC;AACpE,MAAM,oBAAoB,GAAG,IAAI,CAAC;AAElC,SAAS,kBAAkB;IACzB,IAAI,CAAC;QACH,IACE,OAAO,MAAM,KAAK,WAAW;YAC7B,OAAO,MAAM,CAAC,UAAU,KAAK,UAAU,EACvC,CAAC;YACD,OAAO,MAAM,CAAC,UAAU,EAAE,CAAC;QAC7B,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,2BAA2B;IAC7B,CAAC;IACD,OAAO,sCAAsC,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE;QACnE,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;QACnC,MAAM,CAAC,GAAG,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC;QAC1C,OAAO,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IACxB,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,UAAU;IACjB,IAAI,OAAO,OAAO,KAAK,WAAW,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;QACnD,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;QAC7C,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,OAAO,CAAC,GAAG,CAAC,kBAAkB,EAAE,IAAI,EAAE,CAAC,WAAW,EAAE,KAAK,KAAK,EAAE,CAAC;QACnE,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,oBAAoB;IAC3B,IACE,OAAO,OAAO,KAAK,WAAW;QAC9B,OAAO,CAAC,GAAG;QACX,OAAO,CAAC,GAAG,CAAC,uBAAuB,EACnC,CAAC;QACD,OAAO,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;IAC7C,CAAC;IACD,OAAO,cAAc,CAAC;AACxB,CAAC;AAcD;;GAEG;AACH,KAAK,UAAU,qBAAqB,CAClC,QAAgB;IAEhB,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,CAAC;IAC7D,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,GAAG,QAAQ,SAAS,EAAE;YAC7C,MAAM,EAAE,KAAK;YACb,MAAM,EAAE,UAAU,CAAC,MAAM;SAC1B,CAAC,CAAC;QACH,YAAY,CAAC,SAAS,CAAC,CAAC;QACxB,IAAI,CAAC,IAAI,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC;QAC1B,MAAM,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,EAAE,CAA4B,CAAC;QAC5D,OAAO,OAAO,IAAI,CAAC,OAAO,KAAK,QAAQ,IAAI,IAAI,CAAC,OAAO;YACrD,CAAC,CAAC,IAAI,CAAC,OAAO;YACd,CAAC,CAAC,IAAI,CAAC;IACX,CAAC;IAAC,MAAM,CAAC;QACP,YAAY,CAAC,SAAS,CAAC,CAAC;QACxB,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAMjC;IACC,IAAI,UAAU,EAAE,EAAE,CAAC;QACjB,OAAO;IACT,CAAC;IAED,IAAI,OAAO,OAAO,KAAK,WAAW,EAAE,CAAC;QACnC,OAAO,CAAC,GAAG,CACT,uKAAuK,CACxK,CAAC;IACJ,CAAC;IAED,MAAM,aAAa,GAAG,oBAAoB,EAAE,CAAC;IAE7C,MAAM,OAAO,GAAqB;QAChC,GAAG,EAAE,iBAAiB;QACtB,WAAW,EAAE,OAAO,CAAC,aAAa;QAClC,gBAAgB,EAAE,IAAI;QACtB,EAAE,EAAE,OAAO,OAAO,KAAK,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;QACjE,IAAI,EAAE,OAAO,OAAO,KAAK,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;QAC/D,eAAe,EACb,OAAO,OAAO,KAAK,WAAW;YAC5B,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;YACnC,CAAC,CAAC,SAAS;QACf,eAAe,EAAE,OAAO,CAAC,OAAO,KAAK,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,aAAa;QAC3E,QAAQ,EAAE;YACR,SAAS,OAAO,CAAC,SAAS,EAAE;YAC5B,mBAAmB,OAAO,CAAC,iBAAiB,EAAE;YAC9C,YAAY,OAAO,CAAC,OAAO,EAAE;SAC9B;QACD,WAAW,EAAE,kBAAkB,EAAE;KAClC,CAAC;IAEF,IAAI,CAAC;QACH,KAAK,CAAC,KAAK,IAAI,EAAE;YACf,IAAI,CAAC;gBACH,OAAO,CAAC,gBAAgB,GAAG,MAAM,qBAAqB,CACpD,OAAO,CAAC,QAAQ,CACjB,CAAC;YACJ,CAAC;YAAC,MAAM,CAAC;gBACP,yCAAyC;YAC3C,CAAC;YAED,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;YACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,oBAAoB,CAAC,CAAC;YAE7E,IAAI,CAAC;gBACH,MAAM,KAAK,CAAC,aAAa,EAAE;oBACzB,MAAM,EAAE,MAAM;oBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;oBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;oBAC7B,MAAM,EAAE,UAAU,CAAC,MAAM;iBAC1B,CAAC,CAAC;YACL,CAAC;oBAAS,CAAC;gBACT,YAAY,CAAC,SAAS,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE;YACd,iEAAiE;QACnE,CAAC,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,iBAAiB;IACnB,CAAC;AACH,CAAC"}
|
package/openclaw.plugin.json
CHANGED
|
@@ -39,6 +39,12 @@
|
|
|
39
39
|
"placeholder": "execute",
|
|
40
40
|
"help": "Operation type for mcp_check_input: 'execute' (default) or 'query' for read-only tools",
|
|
41
41
|
"advanced": true
|
|
42
|
+
},
|
|
43
|
+
"requestTimeoutMs": {
|
|
44
|
+
"label": "Request Timeout (ms)",
|
|
45
|
+
"placeholder": "8000",
|
|
46
|
+
"help": "Timeout for AxonFlow policy checks, output scans, audit writes, and health checks. Increase for remote deployments.",
|
|
47
|
+
"advanced": true
|
|
42
48
|
}
|
|
43
49
|
},
|
|
44
50
|
"configSchema": {
|
|
@@ -85,6 +91,10 @@
|
|
|
85
91
|
"block",
|
|
86
92
|
"allow"
|
|
87
93
|
]
|
|
94
|
+
},
|
|
95
|
+
"requestTimeoutMs": {
|
|
96
|
+
"type": "number",
|
|
97
|
+
"minimum": 1
|
|
88
98
|
}
|
|
89
99
|
},
|
|
90
100
|
"required": [
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@axonflow/openclaw",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.2.0",
|
|
4
4
|
"description": "Policy enforcement, approval gates, and audit trails for OpenClaw — govern tool inputs before execution, scan outbound messages for PII/secrets, and record agent activity for review and compliance",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/index.js",
|
|
@@ -50,7 +50,7 @@
|
|
|
50
50
|
"compliance",
|
|
51
51
|
"ssrf-protection"
|
|
52
52
|
],
|
|
53
|
-
"author": "AxonFlow Team <
|
|
53
|
+
"author": "AxonFlow Team <hello@getaxonflow.com>",
|
|
54
54
|
"license": "MIT",
|
|
55
55
|
"repository": {
|
|
56
56
|
"type": "git",
|