@axonflow/openclaw 1.3.2 → 2.0.1

package/dist/telemetry.js

@@ -1,24 +1,39 @@
 /**
- * Anonymous usage telemetry for the OpenClaw plugin.
+ * Anonymous usage telemetry — 7-day heartbeat (TypeScript).
  *
- * Sends a single fire-and-forget ping on plugin initialization to
- * checkpoint.getaxonflow.com. Collects SDK version, platform info,
- * and OpenClaw version. No PII, no tool arguments, no policy data.
+ * Sends an anonymous POST to checkpoint.getaxonflow.com on plugin
+ * initialization, at most once every 7 days per machine.
  *
- * Opt out: AXONFLOW_TELEMETRY=off (canonical)
- * Also honored for backward compatibility: DO_NOT_TRACK=1 (deprecated — removed
- * after 2026-05-05 in the next major release; a one-time warning emits when
- * it's the active opt-out so operators can migrate).
+ * Design rules (per feedback_telemetry_heartbeat_design_rules.md):
+ *   1. Stamp-on-delivery, not stamp-on-attempt. Stamp file mtime
+ *      advances ONLY after the HTTP POST returns 2xx. A transient
+ *      network failure does not silence telemetry for 7 days.
+ *   2. In-flight gate via a per-process Promise. Concurrent plugin
+ *      loads do not race to send duplicate pings.
+ *   3. Opt-out check FIRST, before any rate-limit or filesystem ops.
+ *      AXONFLOW_TELEMETRY=off is re-evaluated every call.
+ *   4. mtime as the freshness source; stamp body holds instance_id.
+ *   5. Atomic stamp write: tmp + rename.
+ *   6. Persistent instance_id across heartbeats.
+ *   7. Defensive against future-dated stamps (clock skew → treat absent).
+ *   8. Cross-platform cache dir resolution (cache-dir.ts).
  *
- * Configuration resolution (opt-out flags and checkpoint URL) lives in
- * telemetry-config.ts so this file only handles the network-sending side.
+ * Configuration resolution (opt-out flags, checkpoint URL) lives in
+ * telemetry-config.ts. Environment + filesystem reads (harness probe
+ * endpoint, stamp inspection, atomic stamp write) live in
+ * telemetry-context.ts. This module is the network-only side of the
+ * heartbeat: it imports plain values from the context modules and only
+ * issues HTTP requests.
  */
+import { axonflowCacheDir } from "./cache-dir.js";
 import { loadTelemetryConfig } from "./telemetry-config.js";
+import { captureRuntimeInfo, ensureCacheDir, readStampMetadata, resolveProbeEndpoint, stampPath, writeStampAtomic, } from "./telemetry-context.js";
 const TELEMETRY_TIMEOUT_MS = 3000;
+const HEARTBEAT_INTERVAL_MS = 7 * 24 * 60 * 60 * 1000;
+let inFlight = null;
 function generateInstanceId() {
     try {
-        if (typeof crypto !== "undefined" &&
-            typeof crypto.randomUUID === "function") {
+        if (typeof crypto !== "undefined" && typeof crypto.randomUUID === "function") {
             return crypto.randomUUID();
         }
     }
@@ -31,9 +46,6 @@ function generateInstanceId() {
         return v.toString(16);
     });
 }
-/**
- * Detect the AxonFlow platform version via /health endpoint.
- */
 async function detectPlatformVersion(endpoint) {
     const controller = new AbortController();
     const timeoutId = setTimeout(() => controller.abort(), 2000);
@@ -46,9 +58,7 @@ async function detectPlatformVersion(endpoint) {
         if (!resp.ok)
             return null;
         const body = (await resp.json());
-        return typeof body.version === "string" && body.version
-            ? body.version
-            : null;
+        return typeof body.version === "string" && body.version ? body.version : null;
     }
     catch {
         clearTimeout(timeoutId);
@@ -56,63 +66,112 @@ async function detectPlatformVersion(endpoint) {
     }
 }
 /**
- * Send an anonymous telemetry ping on plugin initialization.
+ * Send an anonymous telemetry heartbeat. Concurrent calls are de-duplicated
+ * via a per-process in-flight gate; the second concurrent caller awaits the
+ * first's promise rather than firing a duplicate.
  *
- * Fire-and-forget: errors are silently swallowed, 3-second timeout
- * prevents blocking. Never affects plugin behavior.
+ * Returns a promise that resolves when the heartbeat completes (success,
+ * skip, or failure). Production callers should treat as fire-and-forget;
+ * tests can await for assertions.
  */
 export function sendTelemetryPing(options) {
+    if (inFlight) {
+        return inFlight;
+    }
+    inFlight = sendInner(options).finally(() => {
+        inFlight = null;
+    });
+    return inFlight;
+}
+async function sendInner(options) {
+    // 1. Opt-out check FIRST.
     const config = loadTelemetryConfig();
     if (config.optedOut) {
         return;
     }
-    if (typeof console !== "undefined") {
-        console.log("[AxonFlow] Anonymous telemetry enabled for local and self-hosted use. Opt out: AXONFLOW_TELEMETRY=off | https://docs.getaxonflow.com/docs/telemetry");
+    // 2. Resolve the stamp file location and ensure the cache dir is private.
+    const cacheDir = ensureCacheDir(axonflowCacheDir());
+    const stampFile = stampPath(cacheDir);
+    const now = options.now ?? (() => new Date());
+    const nowMs = now().getTime();
+    // 3. mtime check, defensive against future-dated stamps. The stamp read
+    //    is done in telemetry-context.ts so this module stays free of fs
+    //    read calls co-located with fetch.
+    const stamp = readStampMetadata(stampFile);
+    if (stamp.exists && stamp.mtimeMs > 0 && stamp.mtimeMs <= nowMs) {
+        const age = nowMs - stamp.mtimeMs;
+        if (age < HEARTBEAT_INTERVAL_MS) {
+            return; // fresh — skip
+        }
+    }
+    const priorInstanceId = stamp.priorInstanceId;
+    const instanceId = priorInstanceId && /^[a-f0-9-]{8,64}$/i.test(priorInstanceId)
+        ? priorInstanceId
+        : generateInstanceId();
+    // 4. Detect platform version (best-effort). The harness override is
+    //    resolved in telemetry-context.ts so AXONFLOW_HARNESS env reads do
+    //    not co-locate with fetch in this file.
+    const probeEndpoint = resolveProbeEndpoint(options.endpoint);
+    let platformVersion = null;
+    try {
+        platformVersion = await detectPlatformVersion(probeEndpoint);
+    }
+    catch {
+        platformVersion = null;
     }
-    // Runtime metadata (platform, arch, runtime version) for the payload.
-    const proc = typeof process !== "undefined" ? process : null;
+    const runtime = captureRuntimeInfo();
+    // Community-SaaS users are first-class for analytics; classifying them as
+    // "production" (because plugin-generated auth is present) hides them inside
+    // the self-hosted bucket. Surface them explicitly here.
+    const deploymentMode = options.mode === "community-saas"
+        ? "community-saas"
+        : options.onError === "block"
+            ? "production"
+            : "development";
     const payload = {
         sdk: "openclaw-plugin",
         sdk_version: options.pluginVersion,
-        platform_version: null,
-        os: proc ? proc.platform : "unknown",
-        arch: proc ? proc.arch : "unknown",
-        runtime_version: proc ? proc.version.replace(/^v/, "") : "unknown",
-        deployment_mode: options.onError === "block" ? "production" : "development",
+        platform_version: platformVersion,
+        os: runtime.os,
+        arch: runtime.arch,
+        runtime_version: runtime.runtimeVersion,
+        deployment_mode: deploymentMode,
         features: [
             `hooks:${options.hookCount}`,
             `high_risk_tools:${options.highRiskToolCount}`,
             `on_error:${options.onError}`,
+            `mode:${options.mode}`,
         ],
-        instance_id: generateInstanceId(),
+        instance_id: instanceId,
     };
+    // 5. Fire the heartbeat.
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), TELEMETRY_TIMEOUT_MS);
+    let delivered = false;
     try {
-        void (async () => {
-            try {
-                payload.platform_version = await detectPlatformVersion(options.endpoint);
-            }
-            catch {
-                // Silent — platform version remains null
-            }
-            const controller = new AbortController();
-            const timeoutId = setTimeout(() => controller.abort(), TELEMETRY_TIMEOUT_MS);
-            try {
-                await fetch(config.checkpointUrl, {
-                    method: "POST",
-                    headers: { "Content-Type": "application/json" },
-                    body: JSON.stringify(payload),
-                    signal: controller.signal,
-                });
-            }
-            finally {
-                clearTimeout(timeoutId);
-            }
-        })().catch(() => {
-            // Silent failure — telemetry should never affect plugin behavior
+        const resp = await fetch(config.checkpointUrl, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify(payload),
+            signal: controller.signal,
         });
+        delivered = resp.ok;
     }
     catch {
-        // Silent failure
+        delivered = false;
+    }
+    finally {
+        clearTimeout(timeoutId);
     }
+    // 6. Stamp-on-delivery. The atomic write lives in telemetry-context.ts.
+    if (delivered) {
+        writeStampAtomic(stampFile, instanceId);
+    }
+}
+/**
+ * Test-only: clear the in-flight gate between tests.
+ */
+export function _resetTelemetryInFlightForTests() {
+    inFlight = null;
 }
 //# sourceMappingURL=telemetry.js.map

package/dist/telemetry.js.map

@@ -1 +1 @@
-{"version":3,"file":"telemetry.js","sourceRoot":"","sources":["../src/telemetry.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAE5D,MAAM,oBAAoB,GAAG,IAAI,CAAC;AAElC,SAAS,kBAAkB;IACzB,IAAI,CAAC;QACH,IACE,OAAO,MAAM,KAAK,WAAW;YAC7B,OAAO,MAAM,CAAC,UAAU,KAAK,UAAU,EACvC,CAAC;YACD,OAAO,MAAM,CAAC,UAAU,EAAE,CAAC;QAC7B,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,2BAA2B;IAC7B,CAAC;IACD,OAAO,sCAAsC,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE;QACnE,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;QACnC,MAAM,CAAC,GAAG,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC;QAC1C,OAAO,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IACxB,CAAC,CAAC,CAAC;AACL,CAAC;AAcD;;GAEG;AACH,KAAK,UAAU,qBAAqB,CAClC,QAAgB;IAEhB,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,CAAC;IAC7D,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,GAAG,QAAQ,SAAS,EAAE;YAC7C,MAAM,EAAE,KAAK;YACb,MAAM,EAAE,UAAU,CAAC,MAAM;SAC1B,CAAC,CAAC;QACH,YAAY,CAAC,SAAS,CAAC,CAAC;QACxB,IAAI,CAAC,IAAI,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC;QAC1B,MAAM,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,EAAE,CAA4B,CAAC;QAC5D,OAAO,OAAO,IAAI,CAAC,OAAO,KAAK,QAAQ,IAAI,IAAI,CAAC,OAAO;YACrD,CAAC,CAAC,IAAI,CAAC,OAAO;YACd,CAAC,CAAC,IAAI,CAAC;IACX,CAAC;IAAC,MAAM,CAAC;QACP,YAAY,CAAC,SAAS,CAAC,CAAC;QACxB,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAMjC;IACC,MAAM,MAAM,GAAG,mBAAmB,EAAE,CAAC;IACrC,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpB,OAAO;IACT,CAAC;IAED,IAAI,OAAO,OAAO,KAAK,WAAW,EAAE,CAAC;QACnC,OAAO,CAAC,GAAG,CACT,qJAAqJ,CACtJ,CAAC;IACJ,CAAC;IAED,sEAAsE;IACtE,MAAM,IAAI,GAAG,OAAO,OAAO,KAAK,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC;IAE7D,MAAM,OAAO,GAAqB;QAChC,GAAG,EAAE,iBAAiB;QACtB,WAAW,EAAE,OAAO,CAAC,aAAa;QAClC,gBAAgB,EAAE,IAAI;QACtB,EAAE,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;QACpC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;QAClC,eAAe,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS;QAClE,eAAe,EAAE,OAAO,CAAC,OAAO,KAAK,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,aAAa;QAC3E,QAAQ,EAAE;YACR,SAAS,OAAO,CAAC,SAAS,EAAE;YAC5B,mBAAmB,OAAO,CAAC,iBAAiB,EAAE;YAC9C,YAAY,OAAO,CAAC,OAAO,EAAE;SAC9B;QACD,WAAW,EAAE,kBAAkB,EAAE;KAClC,CAAC;IAEF,IAAI,CAAC;QACH,KAAK,CAAC,KAAK,IAAI,EAAE;YACf,IAAI,CAAC;gBACH,OAAO,CAAC,gBAAgB,GAAG,MAAM,qBAAqB,CACpD,OAAO,CAAC,QAAQ,CACjB,CAAC;YACJ,CAAC;YAAC,MAAM,CAAC;gBACP,yCAAyC;YAC3C,CAAC;YAED,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;YACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,oBAAoB,CAAC,CAAC;YAE7E,IAAI,CAAC;gBACH,MAAM,KAAK,CAAC,MAAM,CAAC,aAAa,EAAE;oBAChC,MAAM,EAAE,MAAM;oBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;oBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;oBAC7B,MAAM,EAAE,UAAU,CAAC,MAAM;iBAC1B,CAAC,CAAC;YACL,CAAC;oBAAS,CAAC;gBACT,YAAY,CAAC,SAAS,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE;YACd,iEAAiE;QACnE,CAAC,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,iBAAiB;IACnB,CAAC;AACH,CAAC"}
+{"version":3,"file":"telemetry.js","sourceRoot":"","sources":["../src/telemetry.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,EACL,kBAAkB,EAClB,cAAc,EACd,iBAAiB,EACjB,oBAAoB,EACpB,SAAS,EACT,gBAAgB,GACjB,MAAM,wBAAwB,CAAC;AAEhC,MAAM,oBAAoB,GAAG,IAAI,CAAC;AAClC,MAAM,qBAAqB,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AActD,IAAI,QAAQ,GAAyB,IAAI,CAAC;AAE1C,SAAS,kBAAkB;IACzB,IAAI,CAAC;QACH,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,OAAO,MAAM,CAAC,UAAU,KAAK,UAAU,EAAE,CAAC;YAC7E,OAAO,MAAM,CAAC,UAAU,EAAE,CAAC;QAC7B,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,2BAA2B;IAC7B,CAAC;IACD,OAAO,sCAAsC,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE;QACnE,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;QACnC,MAAM,CAAC,GAAG,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC;QAC1C,OAAO,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IACxB,CAAC,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,qBAAqB,CAAC,QAAgB;IACnD,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,CAAC;IAC7D,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,GAAG,QAAQ,SAAS,EAAE;YAC7C,MAAM,EAAE,KAAK;YACb,MAAM,EAAE,UAAU,CAAC,MAAM;SAC1B,CAAC,CAAC;QACH,YAAY,CAAC,SAAS,CAAC,CAAC;QACxB,IAAI,CAAC,IAAI,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC;QAC1B,MAAM,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,EAAE,CAA4B,CAAC;QAC5D,OAAO,OAAO,IAAI,CAAC,OAAO,KAAK,QAAQ,IAAI,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC;IAChF,CAAC;IAAC,MAAM,CAAC;QACP,YAAY,CAAC,SAAS,CAAC,CAAC;QACxB,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAaD;;;;;;;;GAQG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAoB;IACpD,IAAI,QAAQ,EAAE,CAAC;QACb,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD,QAAQ,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE;QACzC,QAAQ,GAAG,IAAI,CAAC;IAClB,CAAC,CAAC,CAAC;IACH,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,OAAoB;IAC3C,0BAA0B;IAC1B,MAAM,MAAM,GAAG,mBAAmB,EAAE,CAAC;IACrC,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpB,OAAO;IACT,CAAC;IAED,0EAA0E;IAC1E,MAAM,QAAQ,GAAG,cAAc,CAAC,gBAAgB,EAAE,CAAC,CAAC;IACpD,MAAM,SAAS,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;IAEtC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;IAC9C,MAAM,KAAK,GAAG,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;IAE9B,wEAAwE;IACxE,qEAAqE;IACrE,uCAAuC;IACvC,MAAM,KAAK,GAAG,iBAAiB,CAAC,SAAS,CAAC,CAAC;IAC3C,IAAI,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,OAAO,GAAG,CAAC,IAAI,KAAK,CAAC,OAAO,IAAI,KAAK,EAAE,CAAC;QAChE,MAAM,GAAG,GAAG,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC;QAClC,IAAI,GAAG,GAAG,qBAAqB,EAAE,CAAC;YAChC,OAAO,CAAC,eAAe;QACzB,CAAC;IACH,CAAC;IACD,MAAM,eAAe,GAAG,KAAK,CAAC,eAAe,CAAC;IAE9C,MAAM,UAAU,GACd,eAAe,IAAI,oBAAoB,CAAC,IAAI,CAAC,eAAe,CAAC;QAC3D,CAAC,CAAC,eAAe;QACjB,CAAC,CAAC,kBAAkB,EAAE,CAAC;IAE3B,oEAAoE;IACpE,uEAAuE;IACvE,4CAA4C;IAC5C,MAAM,aAAa,GAAG,oBAAoB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC7D,IAAI,eAAe,GAAkB,IAAI,CAAC;IAC1C,IAAI,CAAC;QACH,eAAe,GAAG,MAAM,qBAAqB,CAAC,aAAa,CAAC,CAAC;IAC/D,CAAC;IAAC,MAAM,CAAC;QACP,eAAe,GAAG,IAAI,CAAC;IACzB,CAAC;IAED,MAAM,OAAO,GAAG,kBAAkB,EAAE,CAAC;IAErC,0EAA0E;IAC1E,4EAA4E;IAC5E,wDAAwD;IACxD,MAAM,cAAc,GAClB,OAAO,CAAC,IAAI,KAAK,gBAAgB;QAC/B,CAAC,CAAC,gBAAgB;QAClB,CAAC,CAAC,OAAO,CAAC,OAAO,KAAK,OAAO;YAC7B,CAAC,CAAC,YAAY;YACd,CAAC,CAAC,aAAa,CAAC;IAEpB,MAAM,OAAO,GAAqB;QAChC,GAAG,EAAE,iBAAiB;QACtB,WAAW,EAAE,OAAO,CAAC,aAAa;QAClC,gBAAgB,EAAE,eAAe;QACjC,EAAE,EAAE,OAAO,CAAC,EAAE;QACd,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,eAAe,EAAE,OAAO,CAAC,cAAc;QACvC,eAAe,EAAE,cAAc;QAC/B,QAAQ,EAAE;YACR,SAAS,OAAO,CAAC,SAAS,EAAE;YAC5B,mBAAmB,OAAO,CAAC,iBAAiB,EAAE;YAC9C,YAAY,OAAO,CAAC,OAAO,EAAE;YAC7B,QAAQ,OAAO,CAAC,IAAI,EAAE;SACvB;QACD,WAAW,EAAE,UAAU;KACxB,CAAC;IAEF,yBAAyB;IACzB,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,oBAAoB,CAAC,CAAC;IAC7E,IAAI,SAAS,GAAG,KAAK,CAAC;IACtB,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC,aAAa,EAAE;YAC7C,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;YAC7B,MAAM,EAAE,UAAU,CAAC,MAAM;SAC1B,CAAC,CAAC;QACH,SAAS,GAAG,IAAI,CAAC,EAAE,CAAC;IACtB,CAAC;IAAC,MAAM,CAAC;QACP,SAAS,GAAG,KAAK,CAAC;IACpB,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,SAAS,CAAC,CAAC;IAC1B,CAAC;IAED,wEAAwE;IACxE,IAAI,SAAS,EAAE,CAAC;QACd,gBAAgB,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;IAC1C,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,+BAA+B;IAC7C,QAAQ,GAAG,IAAI,CAAC;AAClB,CAAC"}

package/openclaw.plugin.json

@@ -1,5 +1,62 @@
 {
   "id": "axonflow-governance",
+  "envVars": {
+    "AXONFLOW_TELEMETRY": {
+      "required": false,
+      "description": "Set to 'off', '0', 'false', or 'no' to disable the 7-day anonymous telemetry heartbeat. When unset (default), the plugin sends a lightweight ping to checkpoint.getaxonflow.com once every 7 days per machine.",
+      "values": ["off", "0", "false", "no"]
+    },
+    "AXONFLOW_COMMUNITY_SAAS": {
+      "required": false,
+      "description": "Set to '0', 'false', 'off', or 'no' to disable auto-registration with try.getaxonflow.com Community SaaS. When opted out, configure pluginConfig.endpoint to point at a self-hosted AxonFlow instance — otherwise the plugin loads but cannot enforce policy.",
+      "values": ["0", "false", "off", "no"]
+    },
+    "AXONFLOW_CACHE_DIR": {
+      "required": false,
+      "description": "Override the per-user cache directory used for telemetry stamps and rate-limit backoffs. Defaults to OS conventions: $XDG_CACHE_HOME/axonflow on Linux, ~/Library/Caches/axonflow on macOS, %LOCALAPPDATA%\\axonflow on Windows."
+    },
+    "AXONFLOW_CONFIG_DIR": {
+      "required": false,
+      "description": "Override the per-user config directory used for the Community-SaaS registration file (mode 0o600). Defaults to OS conventions: $XDG_CONFIG_HOME/axonflow on Linux, ~/Library/Application Support/axonflow on macOS, %APPDATA%\\axonflow on Windows."
+    }
+  },
+  "runtimeBehavior": {
+    "autoBootstrap": {
+      "enabled": true,
+      "description": "When pluginConfig.endpoint is unset and AXONFLOW_COMMUNITY_SAAS is not opted out, the plugin POSTs to https://try.getaxonflow.com/api/v1/register on first load to obtain Community-SaaS credentials, persists them at $AXONFLOW_CONFIG_DIR/try-registration.json (mode 0o600), and uses them for subsequent governance calls. The 7-day rotation refresh window keeps tenants from lapsing silently.",
+      "optOut": "Set AXONFLOW_COMMUNITY_SAAS=0 OR set pluginConfig.endpoint to a self-hosted AxonFlow instance.",
+      "userDisclosure": "First-load disclosure banner emitted via plugin logger (warn level), one time per machine, before the registration POST fires."
+    },
+    "outboundData": {
+      "atGovernanceTime": "Tool name + arguments (before execution) and outbound message bodies (before delivery) are sent to the configured AxonFlow endpoint for policy evaluation and audit. With Community SaaS, the endpoint is try.getaxonflow.com; with self-hosted, traffic stays on your network.",
+      "telemetry": "Anonymous 7-day heartbeat to checkpoint.getaxonflow.com containing plugin version, OS, arch, runtime version, deployment mode, hook count, and a per-machine instance_id (UUID v4). No tool inputs, no message bodies, no LLM provider keys.",
+      "neverTransmitted": ["LLM provider API keys", "OpenClaw conversation history outside governed tools", "Files outside the OpenClaw runtime"]
+    },
+    "persistence": {
+      "files": [
+        {
+          "path": "$AXONFLOW_CONFIG_DIR/try-registration.json",
+          "mode": "0o600",
+          "purpose": "Community-SaaS registration credentials (tenant_id, secret, expires_at). Refused at load time if permissions are not 0o600 on POSIX."
+        },
+        {
+          "path": "$AXONFLOW_CONFIG_DIR/openclaw-plugin-community-saas-disclosure-shown",
+          "mode": "0o600",
+          "purpose": "First-load disclosure stamp. Empty file; presence prevents re-warning on subsequent loads."
+        },
+        {
+          "path": "$AXONFLOW_CACHE_DIR/openclaw-plugin-telemetry-sent",
+          "mode": "0o600",
+          "purpose": "Heartbeat stamp file. Body is the per-machine instance_id (UUID v4); mtime drives the 7-day rate limit."
+        },
+        {
+          "path": "$AXONFLOW_CACHE_DIR/openclaw-plugin-register-backoff",
+          "mode": "0o600",
+          "purpose": "Rate-limit backoff stamp written when /api/v1/register returns 429. Body is a Unix timestamp (seconds) until which the bootstrap will not retry."
+        }
+      ]
+    }
+  },
   "uiHints": {
     "endpoint": {
       "label": "AxonFlow Endpoint",
@@ -52,16 +109,13 @@
     "additionalProperties": false,
     "properties": {
       "endpoint": {
-        "type": "string",
-        "default": "http://localhost:8080"
+        "type": "string"
       },
       "clientId": {
-        "type": "string",
-        "default": "community"
+        "type": "string"
       },
       "clientSecret": {
-        "type": "string",
-        "default": "community"
+        "type": "string"
       },
       "highRiskTools": {
         "type": "array",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@axonflow/openclaw",
-  "version": "1.3.2",
+  "version": "2.0.1",
   "description": "Policy enforcement, approval gates, and audit trails for OpenClaw — govern tool inputs before execution, scan outbound messages for PII/secrets, and record agent activity for review and compliance",
   "type": "module",
   "main": "dist/index.js",
@@ -26,6 +26,7 @@
     "lint": "eslint src/ tests/",
     "test": "jest",
     "test:coverage": "jest --coverage",
+    "scan": "node scripts/scan-tarball.mjs",
     "prepublishOnly": "npm run build"
   },
   "keywords": [
@@ -62,7 +63,10 @@
   },
   "peerDependencies": {
     "@axonflow/sdk": ">=4.3.0",
-    "openclaw": ">=1.0.0"
+    "openclaw": ">=2026.4.15"
+  },
+  "overrides": {
+    "openclaw": ">=2026.4.15"
   },
   "devDependencies": {
     "@types/jest": "^29.5.0",
@@ -71,7 +75,8 @@
     "jest": "^29.7.0",
     "ts-jest": "^29.1.0",
     "typescript": "^5.4.0",
-    "typescript-eslint": "^8.58.0"
+    "typescript-eslint": "^8.58.0",
+    "yaml": "^2.8.3"
   },
   "publishConfig": {
     "access": "public",
@@ -88,10 +93,10 @@
     ],
     "compat": {
       "pluginApi": ">=2026.3.22",
-      "minGatewayVersion": "2026.3.22"
+      "minGatewayVersion": "2026.4.15"
     },
     "build": {
-      "openclawVersion": "2026.3.22",
+      "openclawVersion": "2026.4.15",
       "pluginSdkVersion": "2026.3.22"
     }
   }