@axonflow/openclaw 2.1.0 → 2.2.0

package/dist/status.js

@@ -0,0 +1,377 @@
+/**
+ * Plugin status surface — read-only introspection for users.
+ *
+ * Solves the W4 paid-Pro launch UX gap: a user installs the plugin, then
+ * needs to know their `tenant_id` to paste into the Stripe Payment Link
+ * custom field before they can buy Pro. There was no way to surface that
+ * value from the user's installed plugin without poking at on-disk
+ * `try-registration.json` themselves. This module reads that same file
+ * and reports the values back in a stable text shape the user can copy.
+ *
+ * Also reports tier state (Free vs Pro vs Pro-expired) and a redacted
+ * preview of the configured Pro license token, so a user mid-rollout
+ * can confirm whether `AXONFLOW_LICENSE_TOKEN` is wired through to
+ * this process AND when their license expires.
+ *
+ * V1 SaaS Plugin Pro tier-line surface parity (codex / cursor / claude /
+ * openclaw): the `tier` line includes the JWT `exp` claim from the
+ * configured license token in three shapes:
+ *   - Pro (expires YYYY-MM-DD, N days remaining)             exp future
+ *   - Free (Pro expired YYYY-MM-DD — visit <url> to renew)   exp past
+ *   - Free (no Pro license configured)                       no token
+ * Plus a fallback "Pro (expires UNKNOWN — could not parse token)" for
+ * tokens whose JWT body does not parse. Signature is NEVER validated
+ * here — display only; the platform is the source of truth on validity.
+ *
+ * Security note (codex-plugin#41): we redact the license token to its
+ * last 4 chars and never print the full value. The `cmd_status` handler
+ * in the Codex plugin printed the raw token in human-readable status
+ * output, which made it trivially leakable via screen-share / copy-paste.
+ * Same surface here, same defensive redaction.
+ *
+ * Pure data + stdlib only — no network, no fs writes, no env mutations.
+ * Safe to call from any context (CLI, agent tool, library consumer).
+ */
+import * as fs from "fs";
+import * as path from "path";
+import { axonflowConfigDir } from "./cache-dir.js";
+/** Filename used by Community-SaaS bootstrap and recovery to persist credentials. */
+const REGISTRATION_FILE_NAME = "try-registration.json";
+/** Default agent endpoint the plugin talks to when no override is set. */
+export const STATUS_DEFAULT_ENDPOINT = "https://try.getaxonflow.com";
+/** Default upgrade URL surfaced in status output for free-tier users. */
+export const STATUS_DEFAULT_UPGRADE_URL = "https://getaxonflow.com/pricing/";
+/**
+ * Redact a license token to a fixed-shape preview suitable for printing
+ * in status output. Returns null for empty / whitespace-only / undefined
+ * inputs so callers can branch on tier presence.
+ *
+ * Output is always at most `…XXXX` (5 chars: ellipsis + last 4 chars of
+ * the input). Tokens shorter than 4 chars print as `…<token>` so we
+ * never print a token whose preview is longer than the token itself
+ * (which would be misleading) but we also never print MORE chars than
+ * the last 4. The full token is never reconstructible from the preview.
+ */
+export function redactLicenseToken(token) {
+    if (typeof token !== "string")
+        return null;
+    const trimmed = token.trim();
+    if (trimmed.length === 0)
+        return null;
+    // Take last 4 chars (or fewer if the token is shorter). Always prefix
+    // with an ellipsis so the user can tell the value was truncated.
+    const tailLen = Math.min(4, trimmed.length);
+    const tail = trimmed.slice(trimmed.length - tailLen);
+    return `…${tail}`;
+}
+/**
+ * Read the persisted Community-SaaS registration file and extract the
+ * tenant_id. Returns null when the file is missing, unreadable, or has
+ * no usable tenant_id field. Never throws — status output should
+ * degrade gracefully when state is partial.
+ *
+ * Mode/permission checks are intentionally NOT enforced here: status is
+ * a read-only surface and we want to report a tenant_id even from a
+ * file with surprising permissions, so the user can see "yes you have
+ * a tenant, but the file is unsafe — re-register" rather than silently
+ * showing "no tenant_id found".
+ */
+export function readPersistedTenantId(file) {
+    let raw;
+    try {
+        raw = fs.readFileSync(file, "utf8");
+    }
+    catch {
+        return null;
+    }
+    let parsed;
+    try {
+        parsed = JSON.parse(raw);
+    }
+    catch {
+        return null;
+    }
+    const tenantId = parsed["tenant_id"];
+    if (typeof tenantId !== "string" || tenantId.length === 0) {
+        return null;
+    }
+    return tenantId;
+}
+/**
+ * Parse the JWT `exp` claim out of an `AXON-`-prefixed license token.
+ * Returns the unix-epoch second value as an integer, or null on any
+ * parse failure (missing prefix, malformed segments, undecodable
+ * base64url, missing/non-numeric exp claim).
+ *
+ * Signature is NEVER validated here — we only extract `exp` for display.
+ * The platform is the source of truth on whether the token is actually
+ * valid (it re-validates the Ed25519 signature + DB row on every
+ * governed request).
+ *
+ * `Buffer.from(..., "base64url")` is supported on Node 16+; the openclaw
+ * plugin's package.json pins `>=18`, so this is safe.
+ */
+export function parseLicenseTokenExpiry(token) {
+    if (typeof token !== "string")
+        return null;
+    const trimmed = token.trim();
+    if (trimmed.length === 0)
+        return null;
+    // Strip the AXON- prefix; rest is JWT (header.payload.signature).
+    const jwt = trimmed.startsWith("AXON-") ? trimmed.slice(5) : trimmed;
+    const parts = jwt.split(".");
+    if (parts.length < 2)
+        return null;
+    const payloadSegment = parts[1];
+    if (typeof payloadSegment !== "string" || payloadSegment.length === 0)
+        return null;
+    let decoded;
+    try {
+        decoded = Buffer.from(payloadSegment, "base64url").toString("utf8");
+    }
+    catch {
+        return null;
+    }
+    if (decoded.length === 0)
+        return null;
+    let payload;
+    try {
+        payload = JSON.parse(decoded);
+    }
+    catch {
+        return null;
+    }
+    const exp = payload["exp"];
+    if (typeof exp !== "number" || !Number.isFinite(exp) || !Number.isInteger(exp)) {
+        return null;
+    }
+    // Unix epoch seconds are positive integers; reject obvious garbage.
+    if (exp <= 0)
+        return null;
+    return exp;
+}
+/**
+ * Format a unix epoch second value as `YYYY-MM-DD` in UTC. Returns null
+ * on any toISOString failure (Date constructor rejects truly enormous
+ * values). `Date` accepts ms so we multiply by 1000.
+ */
+export function formatExpiryDate(epochSeconds) {
+    if (epochSeconds === null || !Number.isFinite(epochSeconds))
+        return null;
+    try {
+        const iso = new Date(epochSeconds * 1000).toISOString();
+        return iso.slice(0, 10);
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Compute days remaining until `epochSeconds`, given a "now". Forward-
+ * rounded (23h59m left → 1 day). Negative when `epochSeconds < now` —
+ * encoded as days SINCE expiry so consumers can sort / threshold.
+ *
+ * Returns null when either input is non-finite.
+ */
+export function daysUntil(epochSeconds, nowEpochSeconds) {
+    if (epochSeconds === null || !Number.isFinite(epochSeconds) || !Number.isFinite(nowEpochSeconds)) {
+        return null;
+    }
+    const secondsDiff = epochSeconds - nowEpochSeconds;
+    if (secondsDiff >= 0) {
+        // Forward-round: 23h59m future → 1 day.
+        return Math.ceil(secondsDiff / 86400);
+    }
+    // Past: forward-round magnitude, return as negative.
+    return -Math.ceil((-secondsDiff) / 86400);
+}
+/**
+ * Build a fully-resolved status report from `StatusInputs`. Pure
+ * (modulo the single fs read for try-registration.json) and
+ * deterministic given the same inputs + on-disk state.
+ */
+export function buildStatusReport(inputs = {}) {
+    const endpoint = (inputs.endpoint ?? "").trim() || STATUS_DEFAULT_ENDPOINT;
+    const upgradeUrl = (inputs.upgradeUrl ?? "").trim() || STATUS_DEFAULT_UPGRADE_URL;
+    const configDir = inputs.configDirOverride ?? axonflowConfigDir();
+    // axonflowConfigDir() can legitimately return "" on locked-down hosts.
+    // Use a stable string so the report still tells the user where we
+    // looked (or would have looked) — never show "" / undefined to users.
+    const registrationFile = configDir
+        ? path.join(configDir, REGISTRATION_FILE_NAME)
+        : "(unresolved — set AXONFLOW_CONFIG_DIR)";
+    const tenantId = configDir ? readPersistedTenantId(registrationFile) : null;
+    const licensePreview = redactLicenseToken(inputs.licenseToken);
+    // Compute tier + expiry. Three branches:
+    //   1. No token → "free", expires_at null.
+    //   2. Token + exp parsed:
+    //      2a. exp future → "pro", expires_at = YYYY-MM-DD, days_left positive.
+    //      2b. exp past   → "pro_expired", expires_at = YYYY-MM-DD, days_left negative.
+    //   3. Token + exp NOT parsed → "pro", expires_at null (formatter
+    //      surfaces "could not parse token").
+    let tier = "free";
+    let expiresAt = null;
+    let expiresInDays = null;
+    if (licensePreview !== null) {
+        // A token was supplied (any non-whitespace string) — start from "pro"
+        // and downgrade to "pro_expired" only if exp is parseable AND past.
+        tier = "pro";
+        const expEpoch = parseLicenseTokenExpiry(inputs.licenseToken);
+        if (expEpoch !== null) {
+            expiresAt = formatExpiryDate(expEpoch);
+            const now = inputs.nowEpochSeconds ?? Math.floor(Date.now() / 1000);
+            expiresInDays = daysUntil(expEpoch, now);
+            if (expEpoch <= now) {
+                tier = "pro_expired";
+            }
+        }
+    }
+    return {
+        tenant_id: tenantId,
+        endpoint,
+        tier,
+        license_token_preview: licensePreview,
+        expires_at: expiresAt,
+        expires_in_days: expiresInDays,
+        upgrade_url: upgradeUrl,
+        registration_file: registrationFile,
+        registration_present: tenantId !== null,
+    };
+}
+/**
+ * Resolve `StatusInputs` from process.env + an optional pluginConfig
+ * blob (mirrors `resolveConfig` semantics for the licenseToken /
+ * endpoint fields). Pulled out as its own function so tests can drive
+ * the env-resolution branches without the fs read.
+ *
+ * Resolution order:
+ *   - licenseToken: env AXONFLOW_LICENSE_TOKEN > pluginConfig.licenseToken > undefined
+ *   - endpoint:     env AXONFLOW_ENDPOINT > pluginConfig.endpoint > STATUS_DEFAULT_ENDPOINT
+ *   - upgradeUrl:   env AXONFLOW_UPGRADE_URL > STATUS_DEFAULT_UPGRADE_URL
+ *
+ * `configDirOverride` is honoured for tests; production callers leave
+ * it undefined and rely on `axonflowConfigDir()` (which itself honours
+ * AXONFLOW_CONFIG_DIR).
+ */
+export function resolveStatusInputs(pluginConfig, configDirOverride) {
+    const cfg = pluginConfig ?? {};
+    const envToken = typeof process.env["AXONFLOW_LICENSE_TOKEN"] === "string"
+        ? process.env["AXONFLOW_LICENSE_TOKEN"].trim()
+        : "";
+    const cfgToken = typeof cfg["licenseToken"] === "string"
+        ? cfg["licenseToken"].trim()
+        : "";
+    const licenseToken = envToken || cfgToken || undefined;
+    const envEndpoint = typeof process.env["AXONFLOW_ENDPOINT"] === "string"
+        ? process.env["AXONFLOW_ENDPOINT"].trim()
+        : "";
+    const cfgEndpoint = typeof cfg["endpoint"] === "string"
+        ? cfg["endpoint"].trim()
+        : "";
+    const endpoint = envEndpoint || cfgEndpoint || undefined;
+    const envUpgrade = typeof process.env["AXONFLOW_UPGRADE_URL"] === "string"
+        ? process.env["AXONFLOW_UPGRADE_URL"].trim()
+        : "";
+    const upgradeUrl = envUpgrade || undefined;
+    const inputs = {};
+    if (licenseToken !== undefined)
+        inputs.licenseToken = licenseToken;
+    if (endpoint !== undefined)
+        inputs.endpoint = endpoint;
+    if (upgradeUrl !== undefined)
+        inputs.upgradeUrl = upgradeUrl;
+    if (configDirOverride !== undefined)
+        inputs.configDirOverride = configDirOverride;
+    return inputs;
+}
+/**
+ * Format a status report as the human-readable text the CLI prints to
+ * stdout. Stable line shape so users can grep / pipe it.
+ *
+ * The report is intentionally chatty for first-time users: we explain
+ * what tenant_id is for (Stripe checkout custom field), and where to
+ * recover lost credentials. Power users who want a stable structured
+ * surface should consume `buildStatusReport()` directly.
+ */
+export function formatStatusReport(report) {
+    const lines = [];
+    lines.push("AxonFlow OpenClaw plugin status");
+    lines.push("");
+    if (report.tenant_id) {
+        lines.push(`  tenant_id:  ${report.tenant_id}`);
+        lines.push("              (paste this into the Stripe checkout custom field when buying Pro)");
+    }
+    else {
+        lines.push("  tenant_id:  (not registered)");
+        lines.push(`              No registration file at ${report.registration_file}`);
+        lines.push("              The plugin auto-registers with Community SaaS on first init.");
+        lines.push("              Lost your registration? Run `axonflow-openclaw-recover <email>`");
+    }
+    lines.push(`  endpoint:   ${report.endpoint}`);
+    // V1 SaaS Plugin Pro tier-line surface parity (codex / cursor / claude /
+    // openclaw): four shapes, see StatusTier doc + parseLicenseTokenExpiry.
+    if (report.tier === "pro") {
+        if (report.expires_at !== null && report.expires_in_days !== null) {
+            lines.push(`  tier:       Pro (expires ${report.expires_at}, ${report.expires_in_days} days remaining)`);
+        }
+        else {
+            // Token loaded but JWT body did not parse. Treat as Pro for
+            // display; platform is the source of truth on validity.
+            lines.push("  tier:       Pro (expires UNKNOWN — could not parse token)");
+        }
+        lines.push(`  license:    ${report.license_token_preview} (redacted — last 4 chars only)`);
+    }
+    else if (report.tier === "pro_expired") {
+        // Token still on disk but its exp is past — surface the renew CTA in
+        // the tier line itself so users notice it even if they only scan the
+        // first column. Don't print a generic "upgrade:" line on top — that
+        // would be redundant with the renew URL embedded in the tier line.
+        const expiresLabel = report.expires_at ?? "UNKNOWN";
+        lines.push(`  tier:       Free (Pro expired ${expiresLabel} — visit ${report.upgrade_url} to renew)`);
+        lines.push(`  license:    ${report.license_token_preview} (redacted — last 4 chars only)`);
+        lines.push("              The plugin will not forward an expired token.");
+        lines.push("              After buying a renewal, set AXONFLOW_LICENSE_TOKEN=<new> or restart with");
+        lines.push("              the new token in pluginConfig.licenseToken.");
+    }
+    else {
+        lines.push("  tier:       Free (no Pro license configured)");
+        lines.push(`  upgrade:    ${report.upgrade_url}`);
+    }
+    lines.push("");
+    return lines.join("\n");
+}
+/**
+ * Build the one-line init log canary for the OpenClaw plugin's
+ * `registerAxonFlowGovernance` registration path. Three shapes:
+ *   - Pro active   → "[AxonFlow] Pro tier — expires YYYY-MM-DD (N days remaining); X-License-Token forwarded on every governed request"
+ *   - Pro expired  → "[AxonFlow] Free tier — Pro expired YYYY-MM-DD; visit <url> to renew"
+ *   - Pro (could not parse) → "[AxonFlow] Pro tier active — license token configured, X-License-Token will be forwarded on every governed request" (preserves the legacy line for unparseable tokens — a noisy regression of the canary on every malformed token would be worse than silent fallback).
+ *
+ * Returns `null` when `licenseToken` is empty / null — Free-tier installs
+ * see no extra log line (matches the existing convention; only Pro state
+ * gets a canary).
+ */
+export function buildProTierInitLogLine(licenseToken, upgradeUrl = STATUS_DEFAULT_UPGRADE_URL, nowEpochSeconds) {
+    if (typeof licenseToken !== "string" || licenseToken.trim().length === 0) {
+        return null;
+    }
+    const expEpoch = parseLicenseTokenExpiry(licenseToken);
+    if (expEpoch === null) {
+        // Legacy fallback — preserves byte-exact compat with the v2.1.x line
+        // for unparseable tokens. Mode-clarity test (tests/mode-clarity.test.ts)
+        // and any external grep on this string keep working.
+        return "[AxonFlow] Pro tier active — license token configured, X-License-Token will be forwarded on every governed request";
+    }
+    const now = nowEpochSeconds ?? Math.floor(Date.now() / 1000);
+    const expDate = formatExpiryDate(expEpoch);
+    const daysLeft = daysUntil(expEpoch, now);
+    if (expEpoch > now && expDate !== null && daysLeft !== null) {
+        return `[AxonFlow] Pro tier — expires ${expDate} (${daysLeft} days remaining); X-License-Token forwarded on every governed request`;
+    }
+    // exp is past — surface the renew CTA on init even though the token is
+    // still in config. Users notice this on the next plugin reload rather
+    // than discovering it on a 401 from a governed call.
+    const expLabel = expDate ?? "UNKNOWN";
+    return `[AxonFlow] Free tier — Pro expired ${expLabel}; visit ${upgradeUrl} to renew`;
+}
+//# sourceMappingURL=status.js.map

package/dist/status.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"status.js","sourceRoot":"","sources":["../src/status.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AAEH,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AAEnD,qFAAqF;AACrF,MAAM,sBAAsB,GAAG,uBAAuB,CAAC;AAEvD,0EAA0E;AAC1E,MAAM,CAAC,MAAM,uBAAuB,GAAG,6BAA6B,CAAC;AAErE,yEAAyE;AACzE,MAAM,CAAC,MAAM,0BAA0B,GAAG,kCAAkC,CAAC;AAuF7E;;;;;;;;;;GAUG;AACH,MAAM,UAAU,kBAAkB,CAAC,KAAgC;IACjE,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC3C,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAC7B,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACtC,sEAAsE;IACtE,iEAAiE;IACjE,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;IAC5C,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,GAAG,OAAO,CAAC,CAAC;IACrD,OAAO,IAAI,IAAI,EAAE,CAAC;AACpB,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,qBAAqB,CAAC,IAAY;IAChD,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACtC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,MAA+B,CAAC;IACpC,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAA4B,CAAC;IACtD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,QAAQ,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC;IACrC,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1D,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,uBAAuB,CAAC,KAAgC;IACtE,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC3C,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAC7B,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACtC,kEAAkE;IAClE,MAAM,GAAG,GAAG,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;IACrE,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC7B,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAClC,MAAM,cAAc,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IAChC,IAAI,OAAO,cAAc,KAAK,QAAQ,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACnF,IAAI,OAAe,CAAC;IACpB,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACtE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACtC,IAAI,OAAgC,CAAC;IACrC,IAAI,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAA4B,CAAC;IAC3D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC;IAC3B,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/E,OAAO,IAAI,CAAC;IACd,CAAC;IACD,oEAAoE;IACpE,IAAI,GAAG,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IAC1B,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,gBAAgB,CAAC,YAA2B;IAC1D,IAAI,YAAY,KAAK,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC;QAAE,OAAO,IAAI,CAAC;IACzE,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;QACxD,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC1B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,SAAS,CAAC,YAA2B,EAAE,eAAuB;IAC5E,IAAI,YAAY,KAAK,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;QACjG,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,WAAW,GAAG,YAAY,GAAG,eAAe,CAAC;IACnD,IAAI,WAAW,IAAI,CAAC,EAAE,CAAC;QACrB,wCAAwC;QACxC,OAAO,IAAI,CAAC,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC,CAAC;IACxC,CAAC;IACD,qDAAqD;IACrD,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC;AAC5C,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAAC,SAAuB,EAAE;IACzD,MAAM,QAAQ,GAAG,CAAC,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,uBAAuB,CAAC;IAC3E,MAAM,UAAU,GAAG,CAAC,MAAM,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,0BAA0B,CAAC;IAElF,MAAM,SAAS,GAAG,MAAM,CAAC,iBAAiB,IAAI,iBAAiB,EAAE,CAAC;IAClE,uEAAuE;IACvE,kEAAkE;IAClE,sEAAsE;IACtE,MAAM,gBAAgB,GAAG,SAAS;QAChC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,sBAAsB,CAAC;QAC9C,CAAC,CAAC,wCAAwC,CAAC;IAC7C,MAAM,QAAQ,GAAG,SAAS,CAAC,CAAC,CAAC,qBAAqB,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAE5E,MAAM,cAAc,GAAG,kBAAkB,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IAE/D,yCAAyC;IACzC,2CAA2C;IAC3C,2BAA2B;IAC3B,4EAA4E;IAC5E,oFAAoF;IACpF,kEAAkE;IAClE,0CAA0C;IAC1C,IAAI,IAAI,GAAe,MAAM,CAAC;IAC9B,IAAI,SAAS,GAAkB,IAAI,CAAC;IACpC,IAAI,aAAa,GAAkB,IAAI,CAAC;IACxC,IAAI,cAAc,KAAK,IAAI,EAAE,CAAC;QAC5B,sEAAsE;QACtE,oEAAoE;QACpE,IAAI,GAAG,KAAK,CAAC;QACb,MAAM,QAAQ,GAAG,uBAAuB,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QAC9D,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;YACtB,SAAS,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;YACvC,MAAM,GAAG,GAAG,MAAM,CAAC,eAAe,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YACpE,aAAa,GAAG,SAAS,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;YACzC,IAAI,QAAQ,IAAI,GAAG,EAAE,CAAC;gBACpB,IAAI,GAAG,aAAa,CAAC;YACvB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,SAAS,EAAE,QAAQ;QACnB,QAAQ;QACR,IAAI;QACJ,qBAAqB,EAAE,cAAc;QACrC,UAAU,EAAE,SAAS;QACrB,eAAe,EAAE,aAAa;QAC9B,WAAW,EAAE,UAAU;QACvB,iBAAiB,EAAE,gBAAgB;QACnC,oBAAoB,EAAE,QAAQ,KAAK,IAAI;KACxC,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,mBAAmB,CACjC,YAAsC,EACtC,iBAA0B;IAE1B,MAAM,GAAG,GAAG,YAAY,IAAI,EAAE,CAAC;IAE/B,MAAM,QAAQ,GAAG,OAAO,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,KAAK,QAAQ;QACxE,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAE,CAAC,IAAI,EAAE;QAC/C,CAAC,CAAC,EAAE,CAAC;IACP,MAAM,QAAQ,GAAG,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,QAAQ;QACtD,CAAC,CAAE,GAAG,CAAC,cAAc,CAAY,CAAC,IAAI,EAAE;QACxC,CAAC,CAAC,EAAE,CAAC;IACP,MAAM,YAAY,GAAG,QAAQ,IAAI,QAAQ,IAAI,SAAS,CAAC;IAEvD,MAAM,WAAW,GAAG,OAAO,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,KAAK,QAAQ;QACtE,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAE,CAAC,IAAI,EAAE;QAC1C,CAAC,CAAC,EAAE,CAAC;IACP,MAAM,WAAW,GAAG,OAAO,GAAG,CAAC,UAAU,CAAC,KAAK,QAAQ;QACrD,CAAC,CAAE,GAAG,CAAC,UAAU,CAAY,CAAC,IAAI,EAAE;QACpC,CAAC,CAAC,EAAE,CAAC;IACP,MAAM,QAAQ,GAAG,WAAW,IAAI,WAAW,IAAI,SAAS,CAAC;IAEzD,MAAM,UAAU,GAAG,OAAO,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,KAAK,QAAQ;QACxE,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAE,CAAC,IAAI,EAAE;QAC7C,CAAC,CAAC,EAAE,CAAC;IACP,MAAM,UAAU,GAAG,UAAU,IAAI,SAAS,CAAC;IAE3C,MAAM,MAAM,GAAiB,EAAE,CAAC;IAChC,IAAI,YAAY,KAAK,SAAS;QAAE,MAAM,CAAC,YAAY,GAAG,YAAY,CAAC;IACnE,IAAI,QAAQ,KAAK,SAAS;QAAE,MAAM,CAAC,QAAQ,GAAG,QAAQ,CAAC;IACvD,IAAI,UAAU,KAAK,SAAS;QAAE,MAAM,CAAC,UAAU,GAAG,UAAU,CAAC;IAC7D,IAAI,iBAAiB,KAAK,SAAS;QAAE,MAAM,CAAC,iBAAiB,GAAG,iBAAiB,CAAC;IAClF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,kBAAkB,CAAC,MAAoB;IACrD,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;IAC9C,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACrB,KAAK,CAAC,IAAI,CAAC,iBAAiB,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,kFAAkF,CAAC,CAAC;IACjG,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;QAC7C,KAAK,CAAC,IAAI,CAAC,yCAAyC,MAAM,CAAC,iBAAiB,EAAE,CAAC,CAAC;QAChF,KAAK,CAAC,IAAI,CAAC,4EAA4E,CAAC,CAAC;QACzF,KAAK,CAAC,IAAI,CAAC,+EAA+E,CAAC,CAAC;IAC9F,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,iBAAiB,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;IAE/C,yEAAyE;IACzE,wEAAwE;IACxE,IAAI,MAAM,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;QAC1B,IAAI,MAAM,CAAC,UAAU,KAAK,IAAI,IAAI,MAAM,CAAC,eAAe,KAAK,IAAI,EAAE,CAAC;YAClE,KAAK,CAAC,IAAI,CAAC,8BAA8B,MAAM,CAAC,UAAU,KAAK,MAAM,CAAC,eAAe,kBAAkB,CAAC,CAAC;QAC3G,CAAC;aAAM,CAAC;YACN,4DAA4D;YAC5D,wDAAwD;YACxD,KAAK,CAAC,IAAI,CAAC,6DAA6D,CAAC,CAAC;QAC5E,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,iBAAiB,MAAM,CAAC,qBAAqB,iCAAiC,CAAC,CAAC;IAC7F,CAAC;SAAM,IAAI,MAAM,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;QACzC,qEAAqE;QACrE,qEAAqE;QACrE,oEAAoE;QACpE,mEAAmE;QACnE,MAAM,YAAY,GAAG,MAAM,CAAC,UAAU,IAAI,SAAS,CAAC;QACpD,KAAK,CAAC,IAAI,CAAC,mCAAmC,YAAY,YAAY,MAAM,CAAC,WAAW,YAAY,CAAC,CAAC;QACtG,KAAK,CAAC,IAAI,CAAC,iBAAiB,MAAM,CAAC,qBAAqB,iCAAiC,CAAC,CAAC;QAC3F,KAAK,CAAC,IAAI,CAAC,6DAA6D,CAAC,CAAC;QAC1E,KAAK,CAAC,IAAI,CAAC,wFAAwF,CAAC,CAAC;QACrG,KAAK,CAAC,IAAI,CAAC,2DAA2D,CAAC,CAAC;IAC1E,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC;QAC7D,KAAK,CAAC,IAAI,CAAC,iBAAiB,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;IACpD,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,uBAAuB,CACrC,YAAuC,EACvC,aAAqB,0BAA0B,EAC/C,eAAwB;IAExB,IAAI,OAAO,YAAY,KAAK,QAAQ,IAAI,YAAY,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzE,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,QAAQ,GAAG,uBAAuB,CAAC,YAAY,CAAC,CAAC;IACvD,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QACtB,qEAAqE;QACrE,yEAAyE;QACzE,qDAAqD;QACrD,OAAO,oHAAoH,CAAC;IAC9H,CAAC;IACD,MAAM,GAAG,GAAG,eAAe,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC7D,MAAM,OAAO,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAC3C,MAAM,QAAQ,GAAG,SAAS,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IAC1C,IAAI,QAAQ,GAAG,GAAG,IAAI,OAAO,KAAK,IAAI,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QAC5D,OAAO,iCAAiC,OAAO,KAAK,QAAQ,uEAAuE,CAAC;IACtI,CAAC;IACD,uEAAuE;IACvE,sEAAsE;IACtE,qDAAqD;IACrD,MAAM,QAAQ,GAAG,OAAO,IAAI,SAAS,CAAC;IACtC,OAAO,sCAAsC,QAAQ,WAAW,UAAU,WAAW,CAAC;AACxF,CAAC"}

package/dist/version.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Plugin version — single source of truth.
+ *
+ * Kept in its own module so non-index consumers (axonflow-client.ts, etc.)
+ * can import it without creating a circular dependency through index.ts.
+ *
+ * Update this string before each release; CI release pipeline asserts it
+ * matches the package.json version on tag.
+ */
+export declare const VERSION = "2.2.0";
+//# sourceMappingURL=version.d.ts.map

package/dist/version.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"version.d.ts","sourceRoot":"","sources":["../src/version.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,eAAO,MAAM,OAAO,UAAU,CAAC"}

package/dist/version.js

@@ -0,0 +1,11 @@
+/**
+ * Plugin version — single source of truth.
+ *
+ * Kept in its own module so non-index consumers (axonflow-client.ts, etc.)
+ * can import it without creating a circular dependency through index.ts.
+ *
+ * Update this string before each release; CI release pipeline asserts it
+ * matches the package.json version on tag.
+ */
+export const VERSION = "2.2.0";
+//# sourceMappingURL=version.js.map

package/dist/version.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"version.js","sourceRoot":"","sources":["../src/version.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,MAAM,CAAC,MAAM,OAAO,GAAG,OAAO,CAAC"}

package/openclaw.plugin.json

@@ -20,6 +20,10 @@
     "AXONFLOW_CONFIG_DIR": {
       "required": false,
       "description": "Override the per-user config directory used for the Community-SaaS registration file (mode 0o600). Defaults to OS conventions: $XDG_CONFIG_HOME/axonflow on Linux, ~/Library/Application Support/axonflow on macOS, %APPDATA%\\axonflow on Windows."
+    },
+    "AXONFLOW_LICENSE_TOKEN": {
+      "required": false,
+      "description": "AxonFlow Pro plugin-claim license token (begins with 'AXON-'). When set, the plugin forwards this token on every governed request via the X-License-Token header so the agent applies Pro-tier entitlements (extended audit retention, higher quotas, license-gated capabilities). Wins over pluginConfig.licenseToken when both are set. Get one from getaxonflow.com/plugins/pro — the token is emailed to the address used at Stripe Checkout."
     }
   },
   "runtimeBehavior": {
@@ -81,6 +85,12 @@
       "placeholder": "alice@example.com",
       "help": "Per-user identity forwarded as the X-User-Email header. Required for the override lifecycle endpoints (createOverride, revokeOverride, listOverrides) and for correct per-user scoping on explainDecision. Block-path features still work without it."
     },
+    "licenseToken": {
+      "label": "Pro License Token",
+      "sensitive": true,
+      "placeholder": "AXON-...",
+      "help": "AxonFlow Pro plugin-claim license token. When set, the plugin forwards this on every governed request via X-License-Token so the agent applies Pro-tier entitlements (longer audit retention, higher quotas, license-gated capabilities). AXONFLOW_LICENSE_TOKEN env var wins over this value."
+    },
     "highRiskTools": {
       "label": "High-Risk Tools",
       "placeholder": "web_fetch, message",
@@ -127,6 +137,9 @@
       "userEmail": {
         "type": "string"
       },
+      "licenseToken": {
+        "type": "string"
+      },
       "highRiskTools": {
         "type": "array",
         "items": {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@axonflow/openclaw",
-  "version": "2.1.0",
+  "version": "2.2.0",
   "description": "Policy enforcement, approval gates, and audit trails for OpenClaw — govern tool inputs before execution, scan outbound messages for PII/secrets, and record agent activity for review and compliance",
   "type": "module",
   "main": "dist/index.js",
@@ -11,8 +11,13 @@
       "types": "./dist/index.d.ts"
     }
   },
+  "bin": {
+    "axonflow-openclaw-recover": "./bin/axonflow-openclaw-recover.mjs",
+    "axonflow-openclaw-status": "./bin/axonflow-openclaw-status.mjs"
+  },
   "files": [
     "dist",
+    "bin",
     "policies",
     "README.md",
     "CHANGELOG.md",